[GIT PULL] clone3 exit signal fix

From: Christian Brauner
Date: Thu Sep 12 2019 - 09:43:04 EST

Hi Linus,

This is a rather urgent last-minute bugfix for clone3() that should go in
before we release 5.3 with clone3().

clone3() did not verify that the exit_signal argument was set to a valid
signal. This can be used to cause a crash by specifying a signal greater
than NSIG. e.g. -1.

The commit from Eugene adds a check to copy_clone_args_from_user() to
verify that the exit signal is limited by CSIGNAL as with legacy clone()
and that the signal is valid. With this we don't get the legacy clone
behavior were an invalid signal could be handed down and would only be
detected and then ignored in do_notify_parent(). Users of clone3() will now
get a proper error right when they pass an invalid exit signal. Note, that
this is not a change in user-visible behavior since no kernel with clone3()
has been released yet.

The following changes since commit f74c2bb98776e2de508f4d607cd519873065118e:

Linux 5.3-rc8 (2019-09-08 13:33:15 -0700)

are available in the Git repository at:

git@xxxxxxxxxxxxxxxxxxx:pub/scm/linux/kernel/git/brauner/linux tags/for-linus-20190912

for you to fetch changes up to a0eb9abd8af92d1aa34bc1e24dfbd1ba0bd6a56c:

fork: block invalid exit signals with clone3() (2019-09-12 14:56:33 +0200)

Please consider pulling these changes from the signed for-linus-20190912 tag.



Eugene Syromiatnikov (1):
fork: block invalid exit signals with clone3()

kernel/fork.c | 10 ++++++++++
1 file changed, 10 insertions(+)