On Sun, 2016-09-18 at 17:05 +0200, Jann Horn wrote: > This ensures that self_privunit_id ("privilege unit ID") is only shared by > processes that share the mm_struct and the signal_struct; not just > spatially, but also temporally. In other words, if you do execve() or > clone() without CLONE_THREAD, you get a new privunit_id that has never been > used before. [...] > +void increment_privunit_counter(void) > +{ > + BUILD_BUG_ON(NR_CPUS > (1 << 16)); > + current->self_privunit_id = this_cpu_add_return(exec_counter, NR_CPUS); > +} [...] This will wrap incorrectly if NR_CPUS is not a power of 2 (which is unusual but allowed). Ben. -- Ben Hutchings Klipstein's 4th Law of Prototyping and Production: A fail-safe circuit will destroy others.
Attachment:
signature.asc
Description: This is a digitally signed message part