[patch] clone-fix-2.5.34-A0, BK-curr

Ingo Molnar (mingo@elte.hu)
Sun, 15 Sep 2002 10:10:29 +0200 (CEST)

this patch fixes a clone-flags bug noticed by Roland McGrath. The current
CLONE_DETACHED & CLONE_THREAD forcing code did things in the wrong order,
which makes it possible to force an oops the following way:

main () { syscall(120, 0x00400000); }

instead of changing the order of CLONE_SIGHAND and CLONE_THREAD flag
forcing (which would fix the bug), the proper approach is to fail with
-EINVAL if invalid combinations of clone flags are detected. This change
does not affect existing applications.

Ingo

--- linux/kernel/fork.c.orig Sun Sep 15 10:06:52 2002
+++ linux/kernel/fork.c Sun Sep 15 10:06:54 2002
@@ -672,16 +672,13 @@
return ERR_PTR(-EINVAL);

/*
- * Thread groups must share signals as well:
+ * Thread groups must share signals as well, and detached threads
+ * can only be started up within the thread group.
*/
- if (clone_flags & CLONE_THREAD)
- clone_flags |= CLONE_SIGHAND;
- /*
- * Detached threads can only be started up within the thread
- * group.
- */
- if (clone_flags & CLONE_DETACHED)
- clone_flags |= CLONE_THREAD;
+ if ((clone_flags & CLONE_THREAD) && !(clone_flags & CLONE_SIGHAND))
+ return ERR_PTR(-EINVAL);
+ if ((clone_flags & CLONE_DETACHED) && !(clone_flags & CLONE_THREAD))
+ return ERR_PTR(-EINVAL);

retval = security_ops->task_create(clone_flags);
if (retval)

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/