On Tue, 2014-06-17 at 00:28 +0200, Thomas Gleixner wrote:
> On Tue, 17 Jun 2014, Thomas Gleixner wrote:
> > On Mon, 16 Jun 2014, Darren Hart wrote:
> > > On Wed, 2014-06-11 at 20:45 +, Thomas Gleixner wrote:
> > > In wake_futex_pi we verify ownership by matching pi_state->owner ==
> > >
On Tue, 2014-06-17 at 00:15 +0200, Thomas Gleixner wrote:
> On Mon, 16 Jun 2014, Darren Hart wrote:
> > On Wed, 2014-06-11 at 20:45 +, Thomas Gleixner wrote:
> > > static int futex_unlock_pi(u32 __user *uaddr, unsigned int flags)
> > > @@ -2417,57 +2401,47 @@ retry:
> > >
On Tue, 17 Jun 2014, Thomas Gleixner wrote:
> On Mon, 16 Jun 2014, Darren Hart wrote:
> > On Wed, 2014-06-11 at 20:45 +, Thomas Gleixner wrote:
> > In wake_futex_pi we verify ownership by matching pi_state->owner ==
> > current, but here the only test is the TID value, which is set by
> >
On Mon, 16 Jun 2014, Darren Hart wrote:
> On Wed, 2014-06-11 at 20:45 +, Thomas Gleixner wrote:
> > static int futex_unlock_pi(u32 __user *uaddr, unsigned int flags)
> > @@ -2417,57 +2401,47 @@ retry:
> > return -EPERM;
> >
> > ret = get_futex_key(uaddr, flags &
On Wed, 2014-06-11 at 20:45 +, Thomas Gleixner wrote:
> The kernel tries to atomically unlock the futex without checking
> whether there is kernel state associated to the futex.
>
> So if user space manipulated the user space value, this will leave
> kernel internal state around associated to
On Wed, 2014-06-11 at 20:45 +, Thomas Gleixner wrote:
The kernel tries to atomically unlock the futex without checking
whether there is kernel state associated to the futex.
So if user space manipulated the user space value, this will leave
kernel internal state around associated to the
On Mon, 16 Jun 2014, Darren Hart wrote:
On Wed, 2014-06-11 at 20:45 +, Thomas Gleixner wrote:
static int futex_unlock_pi(u32 __user *uaddr, unsigned int flags)
@@ -2417,57 +2401,47 @@ retry:
return -EPERM;
ret = get_futex_key(uaddr, flags FLAGS_SHARED,
On Tue, 17 Jun 2014, Thomas Gleixner wrote:
On Mon, 16 Jun 2014, Darren Hart wrote:
On Wed, 2014-06-11 at 20:45 +, Thomas Gleixner wrote:
In wake_futex_pi we verify ownership by matching pi_state-owner ==
current, but here the only test is the TID value, which is set by
userspace -
On Tue, 2014-06-17 at 00:15 +0200, Thomas Gleixner wrote:
On Mon, 16 Jun 2014, Darren Hart wrote:
On Wed, 2014-06-11 at 20:45 +, Thomas Gleixner wrote:
static int futex_unlock_pi(u32 __user *uaddr, unsigned int flags)
@@ -2417,57 +2401,47 @@ retry:
return -EPERM;
On Tue, 2014-06-17 at 00:28 +0200, Thomas Gleixner wrote:
On Tue, 17 Jun 2014, Thomas Gleixner wrote:
On Mon, 16 Jun 2014, Darren Hart wrote:
On Wed, 2014-06-11 at 20:45 +, Thomas Gleixner wrote:
In wake_futex_pi we verify ownership by matching pi_state-owner ==
current, but here
10 matches
Mail list logo