futex: Prevent overflow by strengthen input validation

author Li Jinyue <lijinyue@huawei.com>

Thu, 14 Dec 2017 09:04:54 +0000 (17:04 +0800)

committer Ben Hutchings <ben@decadent.org.uk>

Sat, 3 Mar 2018 15:50:58 +0000 (15:50 +0000)
author Li Jinyue <lijinyue@huawei.com>
Thu, 14 Dec 2017 09:04:54 +0000 (17:04 +0800)
committer Ben Hutchings <ben@decadent.org.uk>
Sat, 3 Mar 2018 15:50:58 +0000 (15:50 +0000)
diff --git a/kernel/futex.c b/kernel/futex.c

index 3854e75..5e48378 100644 (file)
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -1376,6 +1376,9 @@ static int futex_requeue(u32 __user *uaddr1, unsigned int flags,
         struct plist_head *head1;
         struct futex_q *this, *next;
  
         struct plist_head *head1;
         struct futex_q *this, *next;
  
+       if (nr_wake < 0 || nr_requeue < 0)
+               return -EINVAL;
+
         if (requeue_pi) {
                 /*
                  * Requeue PI only works on two distinct uaddrs. This
         if (requeue_pi) {
                 /*
                  * Requeue PI only works on two distinct uaddrs. This
author	Li Jinyue <lijinyue@huawei.com>
	Thu, 14 Dec 2017 09:04:54 +0000 (17:04 +0800)
committer	Ben Hutchings <ben@decadent.org.uk>
	Sat, 3 Mar 2018 15:50:58 +0000 (15:50 +0000)