[RHEL8,COMMIT] ms/prctl: Fix false positive in validate_prctl_map

Submitted by Konstantin Khorenko on March 10, 2020, 3:01 p.m.


Message ID 202003101501.02AF1DO0024404@finist_co8.work.ct
State New
Series "fixes to VZ8 required for criu"
Headers show

Commit Message

Konstantin Khorenko March 10, 2020, 3:01 p.m.
The commit is pushed to "branch-rh8-4.18.0-80.1.2.vz8.3.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-80.1.2.vz8.3.2
commit 81152305a063ed0e3dec511ded9775c34b0f902c
Author: Kirill Gorkunov <gorcunov@virtuozzo.com>
Date:   Tue Mar 10 18:01:12 2020 +0300

    ms/prctl: Fix false positive in validate_prctl_map
      While validating new map we require the @start_data to be strictly less
      than @end_data, which is fine for regular applications (this is why this
      nit didn't trigger for that long). These members are set from executable
      loaders such as elf halders, still it is pretty valid to have a loadable
      data section with zero size in file, in such case the start_data is equal
      to end_data once kernel loader finishes.
      In result when we'are trying to restore such program the procedure fails
      and kernel returns -EINVAL. From the image dump of a program:
       | "mm_start_code": "0x400000",
       | "mm_end_code": "0x8f5fb4",
       | "mm_start_data": "0xf1bfb0",
       | "mm_end_data": "0xf1bfb0",
      Thus we need to change validate_prctl_map from strictly less to less or
      equal operator use.
      Fixes: f606b77f1a9e ("prctl: PR_SET_MM -- introduce PR_SET_MM_MAP operation")
      Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
    ms commit a9e73998f9d7 ("kernel/sys.c: prctl: fix false positive in
    Same commit in vz7 kernel tree:
    60c1a68128464 ("prctl: Fix false positive in validate_prctl_map")
    Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
 kernel/sys.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/kernel/sys.c b/kernel/sys.c
index 20894e3332a9..2ff3db4f6543 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -1953,7 +1953,7 @@  static int validate_prctl_map(struct prctl_mm_map *prctl_map)
 	((unsigned long)prctl_map->__m1 __op				\
 	 (unsigned long)prctl_map->__m2) ? 0 : -EINVAL
 	error  = __prctl_check_order(start_code, <, end_code);
-	error |= __prctl_check_order(start_data, <, end_data);
+	error |= __prctl_check_order(start_data,<=, end_data);
 	error |= __prctl_check_order(start_brk, <=, brk);
 	error |= __prctl_check_order(arg_start, <=, arg_end);
 	error |= __prctl_check_order(env_start, <=, env_end);