Patchwork [Oneiric,CVE,3/3] wake_up_process() should be never used to wakeup a TASK_STOPPED/TRACED task

login
register
mail settings
Submitter Luis Henriques
Date Feb. 19, 2013, 2:18 p.m.
Message ID <1361283503-26362-4-git-send-email-luis.henriques@canonical.com>
Download mbox | patch
Permalink /patch/221707/
State New
Headers show

Comments

Luis Henriques - Feb. 19, 2013, 2:18 p.m.
From: Oleg Nesterov <oleg@redhat.com>

CVE-2013-0871

wake_up_process() should never wakeup a TASK_STOPPED/TRACED task.
Change it to use TASK_NORMAL and add the WARN_ON().

TASK_ALL has no other users, probably can be killed.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(backported from commit 9067ac85d533651b98c2ff903182a20cbb361fcb)

Conflicts:
	kernel/sched/core.c

Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
---
 kernel/sched.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
Colin King - Feb. 19, 2013, 4:28 p.m.
On 19/02/13 14:18, Luis Henriques wrote:
> From: Oleg Nesterov <oleg@redhat.com>
>
> CVE-2013-0871
>
> wake_up_process() should never wakeup a TASK_STOPPED/TRACED task.
> Change it to use TASK_NORMAL and add the WARN_ON().
>
> TASK_ALL has no other users, probably can be killed.
>
> Signed-off-by: Oleg Nesterov <oleg@redhat.com>
> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
> (backported from commit 9067ac85d533651b98c2ff903182a20cbb361fcb)
>
> Conflicts:
> 	kernel/sched/core.c
>
> Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
> ---
>   kernel/sched.c | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/sched.c b/kernel/sched.c
> index a46fabe..3ca4a92 100644
> --- a/kernel/sched.c
> +++ b/kernel/sched.c
> @@ -2778,7 +2778,8 @@ out:
>    */
>   int wake_up_process(struct task_struct *p)
>   {
> -	return try_to_wake_up(p, TASK_ALL, 0);
> +	WARN_ON(task_is_stopped_or_traced(p));
> +	return try_to_wake_up(p, TASK_NORMAL, 0);
>   }
>   EXPORT_SYMBOL(wake_up_process);
>
>
Acked-by: Colin Ian King <colin.king@canonical.com>

Patch

diff --git a/kernel/sched.c b/kernel/sched.c
index a46fabe..3ca4a92 100644
--- a/kernel/sched.c
+++ b/kernel/sched.c
@@ -2778,7 +2778,8 @@  out:
  */
 int wake_up_process(struct task_struct *p)
 {
-	return try_to_wake_up(p, TASK_ALL, 0);
+	WARN_ON(task_is_stopped_or_traced(p));
+	return try_to_wake_up(p, TASK_NORMAL, 0);
 }
 EXPORT_SYMBOL(wake_up_process);