waitid(): Avoid unbalanced user_access_end() on access_ok() error

As pointed out by Linus and David, the earlier waitid() fix resulted in
a (currently harmless) unbalanced user_access_end() call.  This fixes it
to just directly return EFAULT on access_ok() failure.

Fixes: 96ca579a1ecc ("waitid(): Add missing access_ok() checks")
Acked-by: David Daney <david.daney@cavium.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/kernel/exit.c b/kernel/exit.c
index cf28528..f6cad39 100644 (file)
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -1611,7 +1611,7 @@ SYSCALL_DEFINE5(waitid, int, which, pid_t, upid, struct siginfo __user *,
                return err;
 
        if (!access_ok(VERIFY_WRITE, infop, sizeof(*infop)))
-               goto Efault;
+               return -EFAULT;
 
        user_access_begin();
        unsafe_put_user(signo, &infop->si_signo, Efault);
@@ -1739,7 +1739,7 @@ COMPAT_SYSCALL_DEFINE5(waitid,
                return err;
 
        if (!access_ok(VERIFY_WRITE, infop, sizeof(*infop)))
-               goto Efault;
+               return -EFAULT;
 
        user_access_begin();
        unsafe_put_user(signo, &infop->si_signo, Efault);