Skip to content

Fix kernel DoS via sigreturn from non-signal context

uuuvn requested to merge uuuvn/kernel:fix-sigreturn-dos into master

Previously, the kernel simply sets context.ksig_return to true and triggered context switching when calling sigreturn. This causes the kernel to panic if a user process calls sigreturn outside of signal handler because after a context switch, the update_runnable function expects the context.ksig field to be Some(...), which is None.

image

PoC:

fn main() {
  syscall::sigreturn().unwrap();
}

My patch checks context.ksig before setting a context.ksig_return to true and returns EINVAL if it is None.

image

Merge request reports