As pointed out by Linus and David, the earlier waitid() fix resulted in
a (currently harmless) unbalanced user_access_end() call. This fixes it
to just directly return EFAULT on access_ok() failure.
Fixes:
96ca579a1ecc ("waitid(): Add missing access_ok() checks")
Acked-by: David Daney <david.daney@cavium.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
return err;
if (!access_ok(VERIFY_WRITE, infop, sizeof(*infop)))
- goto Efault;
+ return -EFAULT;
user_access_begin();
unsafe_put_user(signo, &infop->si_signo, Efault);
return err;
if (!access_ok(VERIFY_WRITE, infop, sizeof(*infop)))
- goto Efault;
+ return -EFAULT;
user_access_begin();
unsafe_put_user(signo, &infop->si_signo, Efault);