diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-02-07 01:15:42 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-02-07 01:15:42 -0500 |
| commit | a2e5790d841658485d642196dbb0927303d6c22f (patch) | |
| tree | b3d28c9bcb7da6880806146fd22a88a7ee7f733e /fs/proc/kcore.c | |
| parent | ab2d92ad881da11331280aedf612d82e61cb6d41 (diff) | |
| parent | 60c3e026d73ccabb075fb70ba02f8512ab40cf2c (diff) | |
Merge branch 'akpm' (patches from Andrew)
Merge misc updates from Andrew Morton:
- kasan updates
- procfs
- lib/bitmap updates
- other lib/ updates
- checkpatch tweaks
- rapidio
- ubsan
- pipe fixes and cleanups
- lots of other misc bits
* emailed patches from Andrew Morton <akpm@linux-foundation.org>: (114 commits)
Documentation/sysctl/user.txt: fix typo
MAINTAINERS: update ARM/QUALCOMM SUPPORT patterns
MAINTAINERS: update various PALM patterns
MAINTAINERS: update "ARM/OXNAS platform support" patterns
MAINTAINERS: update Cortina/Gemini patterns
MAINTAINERS: remove ARM/CLKDEV SUPPORT file pattern
MAINTAINERS: remove ANDROID ION pattern
mm: docs: add blank lines to silence sphinx "Unexpected indentation" errors
mm: docs: fix parameter names mismatch
mm: docs: fixup punctuation
pipe: read buffer limits atomically
pipe: simplify round_pipe_size()
pipe: reject F_SETPIPE_SZ with size over UINT_MAX
pipe: fix off-by-one error when checking buffer limits
pipe: actually allow root to exceed the pipe buffer limits
pipe, sysctl: remove pipe_proc_fn()
pipe, sysctl: drop 'min' parameter from pipe-max-size converter
kasan: rework Kconfig settings
crash_dump: is_kdump_kernel can be boolean
kernel/mutex: mutex_is_locked can be boolean
...
Diffstat (limited to 'fs/proc/kcore.c')
| -rw-r--r-- | fs/proc/kcore.c | 18 |
1 files changed, 5 insertions, 13 deletions
diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c index 4bc85cb8be6a..e8a93bc8285d 100644 --- a/fs/proc/kcore.c +++ b/fs/proc/kcore.c | |||
| @@ -512,23 +512,15 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos) | |||
| 512 | return -EFAULT; | 512 | return -EFAULT; |
| 513 | } else { | 513 | } else { |
| 514 | if (kern_addr_valid(start)) { | 514 | if (kern_addr_valid(start)) { |
| 515 | unsigned long n; | ||
| 516 | |||
| 517 | /* | 515 | /* |
| 518 | * Using bounce buffer to bypass the | 516 | * Using bounce buffer to bypass the |
| 519 | * hardened user copy kernel text checks. | 517 | * hardened user copy kernel text checks. |
| 520 | */ | 518 | */ |
| 521 | memcpy(buf, (char *) start, tsz); | 519 | if (probe_kernel_read(buf, (void *) start, tsz)) { |
| 522 | n = copy_to_user(buffer, buf, tsz); | 520 | if (clear_user(buffer, tsz)) |
| 523 | /* | 521 | return -EFAULT; |
| 524 | * We cannot distinguish between fault on source | 522 | } else { |
| 525 | * and fault on destination. When this happens | 523 | if (copy_to_user(buffer, buf, tsz)) |
| 526 | * we clear too and hope it will trigger the | ||
| 527 | * EFAULT again. | ||
| 528 | */ | ||
| 529 | if (n) { | ||
| 530 | if (clear_user(buffer + tsz - n, | ||
| 531 | n)) | ||
| 532 | return -EFAULT; | 524 | return -EFAULT; |
| 533 | } | 525 | } |
| 534 | } else { | 526 | } else { |