probe_kernel_address can return -EFAULT on error, which leads to use of an uninitialized or partially initialized sighand variable.
There is ongoing discussion on removing task_rcu_dereference altogether, which seems like a nice way forward. This patch is submitted as a fix aiming to be backported to prior stable kernel releases. Signed-off-by: Mathieu Desnoyers <[email protected]> Cc: Peter Zijlstra <[email protected]> Cc: Oleg Nesterov <[email protected]> Cc: "Eric W. Biederman" <[email protected]> Cc: Linus Torvalds <[email protected]> Cc: Russell King - ARM Linux admin <[email protected]> Cc: Chris Metcalf <[email protected]> Cc: Christoph Lameter <[email protected]> Cc: Kirill Tkhai <[email protected]> Cc: Mike Galbraith <[email protected]> Cc: Thomas Gleixner <[email protected]> Cc: Ingo Molnar <[email protected]> --- kernel/exit.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/exit.c b/kernel/exit.c index 5b4a5dcce8f8..b1c3e1ba501c 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -249,7 +249,8 @@ struct task_struct *task_rcu_dereference(struct task_struct **ptask) if (!task) return NULL; - probe_kernel_address(&task->sighand, sighand); + if (probe_kernel_address(&task->sighand, sighand)) + sighand = NULL; /* * Pairs with atomic_dec_and_test() in put_task_struct(). If this task -- 2.17.1
