Merge branch 'fixes-v4.14-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull key handling fixes from James Morris: "Fixes for the Keys subsystem by Eric Biggers" * 'fixes-v4.14-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: KEYS: fix out-of-bounds read during ASN.1 parsing KEYS: trusted: fix writing past end of buffer in trusted_read() KEYS: return full count in keyring_read() if buffer is too small

commit: 6965f1aa7142a2989733c6ec53cc42ae97fd7f9d [log] [tgz]
author: Linus Torvalds <torvalds@linux-foundation.org> Thu Nov 02 07:43:40 2017 -0700
committer: Linus Torvalds <torvalds@linux-foundation.org> Thu Nov 02 07:43:40 2017 -0700
tree: fbd13ab1bc848d3f44b821df307c8538ab965972
parent: e78c38f6bdd900b2ad9ac9df8eff58b745dc5b3c [diff]
parent: 2eb9eabf1e868fda15808954fb29b0f105ed65f1 [diff]
diff --git a/kernel/futex.c b/kernel/futex.c
index 0518a0b..0d638f0 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c

@@ -1570,8 +1570,16 @@
 	int oldval, ret;
 
 	if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) {
-		if (oparg < 0 || oparg > 31)
-			return -EINVAL;
+		if (oparg < 0 || oparg > 31) {
+			char comm[sizeof(current->comm)];
+			/*
+			 * kill this print and return -EINVAL when userspace
+			 * is sane again
+			 */
+			pr_info_ratelimited("futex_wake_op: %s tries to shift op by %d; fix this program\n",
+					get_task_comm(comm, current), oparg);
+			oparg &= 31;
+		}
 		oparg = 1 << oparg;
 	}
commit	6965f1aa7142a2989733c6ec53cc42ae97fd7f9d	[log] [tgz]
author	Linus Torvalds <torvalds@linux-foundation.org>	Thu Nov 02 07:43:40 2017 -0700
committer	Linus Torvalds <torvalds@linux-foundation.org>	Thu Nov 02 07:43:40 2017 -0700
tree	fbd13ab1bc848d3f44b821df307c8538ab965972
parent	e78c38f6bdd900b2ad9ac9df8eff58b745dc5b3c [diff]
parent	2eb9eabf1e868fda15808954fb29b0f105ed65f1 [diff]