git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	Jann Horn <jannh@google.com>
	Mon, 25 Jun 2018 16:34:10 +0000 (18:34 +0200)
committer	Juerg Haefliger <juergh@canonical.com>
	Wed, 24 Jul 2019 01:45:58 +0000 (19:45 -0600)
commit	ef0c833868868b34c50e9163cc9f950cdb9f6415
tree	b15598ba0cf1f3bec9ecb2a4628d04c68956a5dd	tree
parent	1aedcb02ea0c680fc5b3f6f29f39125fee5e9d51	commit \| diff

sys: don't hold uts_sem while accessing userspace memory

BugLink: https://bugs.launchpad.net/bugs/1835972
commit 42a0cc3478584d4d63f68f2f5af021ddbea771fa upstream.

Holding uts_sem as a writer while accessing userspace memory allows a
namespace admin to stall all processes that attempt to take uts_sem.
Instead, move data through stack buffers and don't access userspace memory
while uts_sem is held.

Cc: stable@vger.kernel.org
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

arch/alpha/kernel/osf_sys.c		diff \| blob \| blame \| history
arch/sparc/kernel/sys_sparc_32.c		diff \| blob \| blame \| history
arch/sparc/kernel/sys_sparc_64.c		diff \| blob \| blame \| history
kernel/sys.c		diff \| blob \| blame \| history
kernel/utsname_sysctl.c		diff \| blob \| blame \| history