diff options
| author | Jesper Juhl <jj@chaosbits.net> | 2010-10-30 12:37:16 -0400 |
|---|---|---|
| committer | Ralf Baechle <ralf@linux-mips.org> | 2010-12-16 13:10:54 -0500 |
| commit | 863abad4f644b6c12bc8176206b35fa7e7cfe1a9 (patch) | |
| tree | cf6aacba2461f8d59b81bb03ca345f0d2270db39 | |
| parent | d62c9ced7ca783e64ff4d9d3d1340cfe2284d47b (diff) | |
MIPS: VPE loader: Check vmalloc return value in vpe_open
The return value of the vmalloc() call in arch/mips/kernel/vpe.c::vpe_open()
is not checked, so we potentially store a null pointer in v->pbuffer. Add
a check for a null return and then return -ENOMEM in that case.
[Ralf: The check added by Jesper's original patch is where it logically
should be. Adding it eleminated the need for the checks in a few other
places, so I removed them. There still is a zillion of other things that
need to be fixed in this file / API.]
Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/1747/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
| -rw-r--r-- | arch/mips/kernel/vpe.c | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/arch/mips/kernel/vpe.c b/arch/mips/kernel/vpe.c index 3eb3cde2f661..6a1fdfef8fde 100644 --- a/arch/mips/kernel/vpe.c +++ b/arch/mips/kernel/vpe.c | |||
| @@ -1092,6 +1092,10 @@ static int vpe_open(struct inode *inode, struct file *filp) | |||
| 1092 | 1092 | ||
| 1093 | /* this of-course trashes what was there before... */ | 1093 | /* this of-course trashes what was there before... */ |
| 1094 | v->pbuffer = vmalloc(P_SIZE); | 1094 | v->pbuffer = vmalloc(P_SIZE); |
| 1095 | if (!v->pbuffer) { | ||
| 1096 | pr_warning("VPE loader: unable to allocate memory\n"); | ||
| 1097 | return -ENOMEM; | ||
| 1098 | } | ||
| 1095 | v->plen = P_SIZE; | 1099 | v->plen = P_SIZE; |
| 1096 | v->load_addr = NULL; | 1100 | v->load_addr = NULL; |
| 1097 | v->len = 0; | 1101 | v->len = 0; |
| @@ -1149,10 +1153,9 @@ static int vpe_release(struct inode *inode, struct file *filp) | |||
| 1149 | if (ret < 0) | 1153 | if (ret < 0) |
| 1150 | v->shared_ptr = NULL; | 1154 | v->shared_ptr = NULL; |
| 1151 | 1155 | ||
| 1152 | // cleanup any temp buffers | 1156 | vfree(v->pbuffer); |
| 1153 | if (v->pbuffer) | ||
| 1154 | vfree(v->pbuffer); | ||
| 1155 | v->plen = 0; | 1157 | v->plen = 0; |
| 1158 | |||
| 1156 | return ret; | 1159 | return ret; |
| 1157 | } | 1160 | } |
| 1158 | 1161 | ||
| @@ -1169,11 +1172,6 @@ static ssize_t vpe_write(struct file *file, const char __user * buffer, | |||
| 1169 | if (v == NULL) | 1172 | if (v == NULL) |
| 1170 | return -ENODEV; | 1173 | return -ENODEV; |
| 1171 | 1174 | ||
| 1172 | if (v->pbuffer == NULL) { | ||
| 1173 | printk(KERN_ERR "VPE loader: no buffer for program\n"); | ||
| 1174 | return -ENOMEM; | ||
| 1175 | } | ||
| 1176 | |||
| 1177 | if ((count + v->len) > v->plen) { | 1175 | if ((count + v->len) > v->plen) { |
| 1178 | printk(KERN_WARNING | 1176 | printk(KERN_WARNING |
| 1179 | "VPE loader: elf size too big. Perhaps strip uneeded symbols\n"); | 1177 | "VPE loader: elf size too big. Perhaps strip uneeded symbols\n"); |