aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>2009-09-21 20:03:16 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2009-09-22 10:17:39 -0400
commit5d863b89688e5811cd9e5bd0082cb38abe03adf3 (patch)
tree6041584a854fc70cd497843f134e2cf983741230
parent8c5cd6f3a1721085652da204d454af4f8b92eda2 (diff)
oom: fix oom_adjust_write() input sanity check
Andrew Morton pointed out oom_adjust_write() has very strange EIO and new line handling. this patch fixes it. Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Cc: Paul Menage <menage@google.com> Cc: David Rientjes <rientjes@google.com> Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--fs/proc/base.c18
1 files changed, 10 insertions, 8 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 71a34253dcbb..55c4c805a756 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1021,21 +1021,24 @@ static ssize_t oom_adjust_write(struct file *file, const char __user *buf,
1021 size_t count, loff_t *ppos) 1021 size_t count, loff_t *ppos)
1022{ 1022{
1023 struct task_struct *task; 1023 struct task_struct *task;
1024 char buffer[PROC_NUMBUF], *end; 1024 char buffer[PROC_NUMBUF];
1025 int oom_adjust; 1025 long oom_adjust;
1026 unsigned long flags; 1026 unsigned long flags;
1027 int err;
1027 1028
1028 memset(buffer, 0, sizeof(buffer)); 1029 memset(buffer, 0, sizeof(buffer));
1029 if (count > sizeof(buffer) - 1) 1030 if (count > sizeof(buffer) - 1)
1030 count = sizeof(buffer) - 1; 1031 count = sizeof(buffer) - 1;
1031 if (copy_from_user(buffer, buf, count)) 1032 if (copy_from_user(buffer, buf, count))
1032 return -EFAULT; 1033 return -EFAULT;
1033 oom_adjust = simple_strtol(buffer, &end, 0); 1034
1035 err = strict_strtol(strstrip(buffer), 0, &oom_adjust);
1036 if (err)
1037 return -EINVAL;
1034 if ((oom_adjust < OOM_ADJUST_MIN || oom_adjust > OOM_ADJUST_MAX) && 1038 if ((oom_adjust < OOM_ADJUST_MIN || oom_adjust > OOM_ADJUST_MAX) &&
1035 oom_adjust != OOM_DISABLE) 1039 oom_adjust != OOM_DISABLE)
1036 return -EINVAL; 1040 return -EINVAL;
1037 if (*end == '\n') 1041
1038 end++;
1039 task = get_proc_task(file->f_path.dentry->d_inode); 1042 task = get_proc_task(file->f_path.dentry->d_inode);
1040 if (!task) 1043 if (!task)
1041 return -ESRCH; 1044 return -ESRCH;
@@ -1054,9 +1057,8 @@ static ssize_t oom_adjust_write(struct file *file, const char __user *buf,
1054 1057
1055 unlock_task_sighand(task, &flags); 1058 unlock_task_sighand(task, &flags);
1056 put_task_struct(task); 1059 put_task_struct(task);
1057 if (end - buffer == 0) 1060
1058 return -EIO; 1061 return count;
1059 return end - buffer;
1060} 1062}
1061 1063
1062static const struct file_operations proc_oom_adjust_operations = { 1064static const struct file_operations proc_oom_adjust_operations = {