Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

Pull waitid fix from Al Viro: "Fix infoleak in waitid()" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: fix infoleak in waitid(2)

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull waitid fix from Al Viro: "Fix infoleak in waitid()" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: fix infoleak in waitid(2)
99637e42 · Linus Torvalds · 5ba88cd6 · 6c85501f · 99637e42
Commit 99637e42 authored Sep 29, 2017 by Linus Torvalds
Show whitespace changes
Inline Side-by-side

Showing with 10 additions and 13 deletions

kernel/exit.c kernel/exit.c +10 -13

No files found.
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -1600,12 +1600,10 @@ SYSCALL_DEFINE5(waitid, int, which, pid_t, upid, struct siginfo __user *,
 	struct waitid_info info = {.status = 0};
 	long err = kernel_waitid(which, upid, &info, options, ru ? &r : NULL);
 	int signo = 0;
 	if (err > 0) {
 		signo = SIGCHLD;
 		err = 0;
-	}
-	if (!err) {
 		if (ru && copy_to_user(ru, &r, sizeof(struct rusage)))
 			return -EFAULT;
 	}
@@ -1723,9 +1721,7 @@ COMPAT_SYSCALL_DEFINE5(waitid,
 	if (err > 0) {
 		signo = SIGCHLD;
 		err = 0;
-	}
+		if (uru) {
-	if (!err && uru) {
 			/* kernel_waitid() overwrites everything in ru */
 			if (COMPAT_USE_64BIT_TIME)
 				err = copy_to_user(uru, &ru, sizeof(ru));
@@ -1734,6 +1730,7 @@ COMPAT_SYSCALL_DEFINE5(waitid,
 			if (err)
 				return -EFAULT;
 		}
+	}
 	if (!infop)
 		return err;