kernel: watch_queue: copy user-array safely (!4302) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Steve Best requested to merge sfbest/centos-stream-9:38238 into main May 23, 2024

JIRA: https://issues.redhat.com/browse/RHEL-38238
CVE: CVE-2023-52824

Build Info: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=61430154

Tested: Did sanity boot testing Intel (intel-arrowlake-s-02) system.

commit ca0776571d3163bd03b3e8c9e3da936abfaecbf6
Author: Philipp Stanner pstanner@redhat.com
Date: Wed Sep 20 14:36:11 2023 +0200

kernel: watch_queue: copy user-array safely  

Currently, there is no overflow-check with memdup_user().  

Use the new function memdup_array_user() instead of memdup_user() for  
duplicating the user-space array safely.  

Suggested-by: David Airlie <airlied@redhat.com>  
Signed-off-by: Philipp Stanner <pstanner@redhat.com>  
Reviewed-by: Kees Cook <keescook@chromium.org>  
Reviewed-by: Zack Rusin <zackr@vmware.com>  
Signed-off-by: Dave Airlie <airlied@redhat.com>  
Link: https://patchwork.freedesktop.org/patch/msgid/20230920123612.16914-5-pstanner@redhat.com

Signed-off-by: Steve Best sbest@redhat.com

kernel: watch_queue: copy user-array safely

Merge request reports