binfmt_flat: flat_{get,put}_addr_from_rp() should be able to fail

on MMU targets EFAULT is possible here.  Make both return 0 or error,
passing what used to be the return value of flat_get_addr_from_rp()
by reference.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

1 files changed, 22 insertions, 17 deletions

diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c
index 2edcefc0a294..69ec23daa25e 100644
--- a/fs/binfmt_flat.c
+++ b/fs/binfmt_flat.c
@@ -422,9 +422,9 @@ static int load_flat_file(struct linux_binprm *bprm,
 {
         struct flat_hdr *hdr;
         unsigned long textpos, datapos, realdatastart;
-        unsigned long text_len, data_len, bss_len, stack_len, full_data, flags;
+        u32 text_len, data_len, bss_len, stack_len, full_data, flags;
         unsigned long len, memp, memp_size, extra, rlim;
-        unsigned long __user *reloc, *rp;
+        u32 __user *reloc, *rp;
         struct inode *inode;
         int i, rev, relocs;
         loff_t fpos;
@@ -596,13 +596,13 @@ static int load_flat_file(struct linux_binprm *bprm,
                         goto err;
                 }
 
-                reloc = (unsigned long __user *)
+                reloc = (u32 __user *)
                         (datapos + (ntohl(hdr->reloc_start) - text_len));
                 memp = realdatastart;
                 memp_size = len;
         } else {
 
-                len = text_len + data_len + extra + MAX_SHARED_LIBS * sizeof(unsigned long);
+                len = text_len + data_len + extra + MAX_SHARED_LIBS * sizeof(u32);
                 len = PAGE_ALIGN(len);
                 textpos = vm_mmap(NULL, 0, len,
                         PROT_READ | PROT_EXEC | PROT_WRITE, MAP_PRIVATE, 0);
@@ -618,10 +618,10 @@ static int load_flat_file(struct linux_binprm *bprm,
 
                 realdatastart = textpos + ntohl(hdr->data_start);
                 datapos = ALIGN(realdatastart +
-                                MAX_SHARED_LIBS * sizeof(unsigned long),
+                                MAX_SHARED_LIBS * sizeof(u32),
                                 FLAT_DATA_ALIGN);
 
-                reloc = (unsigned long __user *)
+                reloc = (u32 __user *)
                         (datapos + (ntohl(hdr->reloc_start) - text_len));
                 memp = textpos;
                 memp_size = len;
@@ -694,7 +694,7 @@ static int load_flat_file(struct linux_binprm *bprm,
                         ret = result;
                         pr_err("Unable to read code+data+bss, errno %d\n", ret);
                         vm_munmap(textpos, text_len + data_len + extra +
-                                MAX_SHARED_LIBS * sizeof(unsigned long));
+                                MAX_SHARED_LIBS * sizeof(u32));
                         goto err;
                 }
         }
@@ -754,8 +754,8 @@ static int load_flat_file(struct linux_binprm *bprm,
          * image.
          */
         if (flags & FLAT_FLAG_GOTPIC) {
-                for (rp = (unsigned long __user *)datapos; ; rp++) {
-                        unsigned long addr, rp_val;
+                for (rp = (u32 __user *)datapos; ; rp++) {
+                        u32 addr, rp_val;
                         if (get_user(rp_val, rp))
                                 return -EFAULT;
                         if (rp_val == 0xffffffff)
@@ -784,9 +784,9 @@ static int load_flat_file(struct linux_binprm *bprm,
          * __start to address 4 so that is okay).
          */
         if (rev > OLD_FLAT_VERSION) {
-                unsigned long __maybe_unused persistent = 0;
+                u32 __maybe_unused persistent = 0;
                 for (i = 0; i < relocs; i++) {
-                        unsigned long addr, relval;
+                        u32 addr, relval;
 
                         /*
                          * Get the address of the pointer to be
@@ -799,15 +799,18 @@ static int load_flat_file(struct linux_binprm *bprm,
                         if (flat_set_persistent(relval, &persistent))
                                 continue;
                         addr = flat_get_relocate_addr(relval);
-                        rp = (unsigned long __user *)calc_reloc(addr, libinfo, id, 1);
-                        if (rp == (unsigned long __user *)RELOC_FAILED) {
+                        rp = (u32 __user *)calc_reloc(addr, libinfo, id, 1);
+                        if (rp == (u32 __user *)RELOC_FAILED) {
                                 ret = -ENOEXEC;
                                 goto err;
                         }
 
                         /* Get the pointer's value.  */
-                        addr = flat_get_addr_from_rp(rp, relval, flags,
-                                                        &persistent);
+                        ret = flat_get_addr_from_rp(rp, relval, flags,
+                                                        &addr, &persistent);
+                        if (unlikely(ret))
+                                goto err;
+
                         if (addr != 0) {
                                 /*
                                  * Do the relocation.  PIC relocs in the data section are
@@ -822,12 +825,14 @@ static int load_flat_file(struct linux_binprm *bprm,
                                 }
 
                                 /* Write back the relocated pointer.  */
-                                flat_put_addr_at_rp(rp, addr, relval);
+                                ret = flat_put_addr_at_rp(rp, addr, relval);
+                                if (unlikely(ret))
+                                        goto err;
                         }
                 }
         } else {
                 for (i = 0; i < relocs; i++) {
-                        unsigned long relval;
+                        u32 relval;
                         if (get_user(relval, reloc + i))
                                 return -EFAULT;
                         relval = ntohl(relval);