[PATCH] net/9p: Validate current->sighand in client.c
From: Alexander Kapshuk
Date: Sun Jun 21 2020 - 09:53:26 EST
Fix rcu not being dereferenced cleanly by using the task
helpers (un)lock_task_sighand instead of spin_lock_irqsave and
spin_unlock_irqrestore to ensure current->sighand is a valid pointer as
suggested in the email referenced below.
Signed-off-by: Alexander Kapshuk <alexander.kapshuk@xxxxxxxxx>
Link: 20200618190807.GA20699@nautica/">https://lore.kernel.org/lkml/20200618190807.GA20699@nautica/
---
net/9p/client.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/net/9p/client.c b/net/9p/client.c
index fc1f3635e5dd..15f16f2baa8f 100644
--- a/net/9p/client.c
+++ b/net/9p/client.c
@@ -787,9 +787,14 @@ p9_client_rpc(struct p9_client *c, int8_t type, const char *fmt, ...)
}
recalc_sigpending:
if (sigpending) {
- spin_lock_irqsave(¤t->sighand->siglock, flags);
+ if (!lock_task_sighand(current, &flags)) {
+ pr_warn("%s (%d): current->sighand==NULL in recalc_sigpending\n",
+ __func__, task_pid_nr(current));
+ err = -ESRCH;
+ goto reterr;
+ }
recalc_sigpending();
- spin_unlock_irqrestore(¤t->sighand->siglock, flags);
+ unlock_task_sighand(current, &flags);
}
if (err < 0)
goto reterr;
@@ -869,9 +874,14 @@ static struct p9_req_t *p9_client_zc_rpc(struct p9_client *c, int8_t type,
}
recalc_sigpending:
if (sigpending) {
- spin_lock_irqsave(¤t->sighand->siglock, flags);
+ if (!lock_task_sighand(current, &flags)) {
+ pr_warn("%s (%d): current->sighand==NULL in recalc_sigpending\n",
+ __func__, task_pid_nr(current));
+ err = -ESRCH;
+ goto reterr;
+ }
recalc_sigpending();
- spin_unlock_irqrestore(¤t->sighand->siglock, flags);
+ unlock_task_sighand(current, &flags);
}
if (err < 0)
goto reterr;
--
2.27.0