In sched_copy_attr(), attr->size was fetched twice in get_user()
and copy_from_user().
If change it between two fetches may cause security problems
or unexpected behaivor.
We can apply the same pattern used in perf_copy_attr(). That
is, use value fetched first time to overwrite it after second fetch.
Signed-off-by: JingYi Hou <houjingyi...@gmail.com>
---
kernel/sched/core.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index 2b037f195473..60088b907ef4 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -4945,6 +4945,8 @@ static int sched_copy_attr(struct sched_attr __user
*uattr, struct sched_attr *a
ret = copy_from_user(attr, uattr, size);
if (ret)
return -EFAULT;
+
+ attr->size = size;
if ((attr->sched_flags & SCHED_FLAG_UTIL_CLAMP) &&
size < SCHED_ATTR_SIZE_VER1)
--
2.20.1
