sys: don't hold uts_sem while accessing userspace memory
commit 42a0cc34 upstream. Holding uts_sem as a writer while accessing userspace memory allows a namespace admin to stall all processes that attempt to take uts_sem. Instead, move data through stack buffers and don't access userspace memory while uts_sem is held. Cc: stable@vger.kernel.org Fixes: 1da177e4 ("Linux-2.6.12-rc2") Signed-off-by:Jann Horn <jannh@google.com> Signed-off-by:
Eric W. Biederman <ebiederm@xmission.com> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Showing
- arch/alpha/kernel/osf_sys.c 24 additions, 27 deletionsarch/alpha/kernel/osf_sys.c
- arch/sparc/kernel/sys_sparc_32.c 13 additions, 9 deletionsarch/sparc/kernel/sys_sparc_32.c
- arch/sparc/kernel/sys_sparc_64.c 12 additions, 8 deletionsarch/sparc/kernel/sys_sparc_64.c
- kernel/sys.c 45 additions, 50 deletionskernel/sys.c
- kernel/utsname_sysctl.c 25 additions, 16 deletionskernel/utsname_sysctl.c
Loading
Please register or sign in to comment