Fix kernel DoS via sigreturn from non-signal context (!211) · Merge requests · redox-os / kernel

uuuvn requested to merge uuuvn/kernel:fix-sigreturn-dos into master May 04, 2023

Previously, the kernel simply sets context.ksig_return to true and triggered context switching when calling sigreturn. This causes the kernel to panic if a user process calls sigreturn outside of signal handler because after a context switch, the update_runnable function expects the context.ksig field to be Some(...), which is None.

PoC:

fn main() {
  syscall::sigreturn().unwrap();
}

My patch checks context.ksig before setting a context.ksig_return to true and returns EINVAL if it is None.

Fix kernel DoS via sigreturn from non-signal context

Merge request reports