On 09/11, Eugene Syromiatnikov wrote:
>
> @@ -2562,6 +2564,15 @@ noinline static int copy_clone_args_from_user(struct
> kernel_clone_args *kargs,
> if (copy_from_user(&args, uargs, size))
> return -EFAULT;
>
> + /*
> + * Two separate checks are needed, as valid_signal() takes unsigned long
> + * as an argument, and struct kernel_clone_args uses int type
> + * for the exit_signal field.
> + */
> + if (unlikely((args.exit_signal > UINT_MAX) ||
> + !valid_signal(args.exit_signal)))
> + return -EINVAL;
OK, I equally agree with this version. Although I'd simply do
if (args.exit_signal > _NSIG)
return -EINVAL;
but this is cosmetic.
Acked-by: Oleg Nesterov <o...@redhat.com>
