1 files changed, 16 insertions, 13 deletions
diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c
index 952699a86ec3..112da491d75d 100644
--- a/fs/binfmt_elf_fdpic.c
+++ b/fs/binfmt_elf_fdpic.c
@@ -1600,6 +1600,7 @@ static int elf_fdpic_core_dump(struct coredump_params *cprm)
        int thread_status_size = 0;
        elf_addr_t *auxv;
        unsigned long mm_flags;
+        struct elf_phdr *phdr4note = NULL;
        /*
         * We no longer stop all VM operations.
@@ -1706,18 +1707,12 @@ static int elf_fdpic_core_dump(struct coredump_params *cprm)
        fs = get_fs();
        set_fs(KERNEL_DS);
-        size += sizeof(*elf);
-        if (size > cprm->limit
-            || !dump_write(cprm->file, elf, sizeof(*elf)))
-                goto end_coredump;
        offset += sizeof(*elf);                         /* Elf header */
        offset += (segs+1) * sizeof(struct elf_phdr);   /* Program headers */
        foffset = offset;
        /* Write notes phdr entry */
        {
-                struct elf_phdr phdr;
                int sz = 0;
                for (i = 0; i < numnote; i++)
@@ -1725,13 +1720,12 @@ static int elf_fdpic_core_dump(struct coredump_params *cprm)
                sz += thread_status_size;
-                fill_elf_note_phdr(&phdr, sz, offset);
+                phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
-                offset += sz;
+                if (!phdr4note)
-                size += sizeof(phdr);
-                if (size > cprm->limit
-                    || !dump_write(cprm->file, &phdr, sizeof(phdr)))
                        goto end_coredump;
+                fill_elf_note_phdr(phdr4note, sz, offset);
+                offset += sz;
        }
        /* Page-align dumped data */
@@ -1744,6 +1738,15 @@ static int elf_fdpic_core_dump(struct coredump_params *cprm)
         */
        mm_flags = current->mm->flags;
+        size += sizeof(*elf);
+        if (size > cprm->limit || !dump_write(cprm->file, elf, sizeof(*elf)))
+                goto end_coredump;
+        size += sizeof(*phdr4note);
+        if (size > cprm->limit
+            || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
+                goto end_coredump;
        /* write program headers for segments dump */
        for (vma = current->mm->mmap; vma; vma = vma->vm_next) {
                struct elf_phdr phdr;
@@ -1815,7 +1818,7 @@ cleanup:
                list_del(tmp);
                kfree(list_entry(tmp, struct elf_thread_status, list));
        }
+        kfree(phdr4note);
        kfree(elf);
        kfree(prstatus);
        kfree(psinfo);

diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c index 952699a86ec3..112da491d75d 100644 --- a/fs/binfmt_elf_fdpic.c +++ b/fs/binfmt_elf_fdpic.c
@@ -1600,6 +1600,7 @@ static int elf_fdpic_core_dump(struct coredump_params *cprm)
1600	int thread_status_size = 0;	1600	int thread_status_size = 0;
1601	elf_addr_t *auxv;	1601	elf_addr_t *auxv;
1602	unsigned long mm_flags;	1602	unsigned long mm_flags;
		1603	struct elf_phdr *phdr4note = NULL;
1603		1604
1604	/*	1605	/*
1605	* We no longer stop all VM operations.	1606	* We no longer stop all VM operations.
@@ -1706,18 +1707,12 @@ static int elf_fdpic_core_dump(struct coredump_params *cprm)
1706	fs = get_fs();	1707	fs = get_fs();
1707	set_fs(KERNEL_DS);	1708	set_fs(KERNEL_DS);
1708		1709
1709	size += sizeof(*elf);
1710	if (size > cprm->limit
1711	\|\| !dump_write(cprm->file, elf, sizeof(*elf)))
1712	goto end_coredump;
1713
1714	offset += sizeof(elf); / Elf header */	1710	offset += sizeof(elf); / Elf header */
1715	offset += (segs+1) * sizeof(struct elf_phdr); /* Program headers */	1711	offset += (segs+1) * sizeof(struct elf_phdr); /* Program headers */
1716	foffset = offset;	1712	foffset = offset;
1717		1713
1718	/* Write notes phdr entry */	1714	/* Write notes phdr entry */
1719	{	1715	{
1720	struct elf_phdr phdr;
1721	int sz = 0;	1716	int sz = 0;
1722		1717
1723	for (i = 0; i < numnote; i++)	1718	for (i = 0; i < numnote; i++)
@@ -1725,13 +1720,12 @@ static int elf_fdpic_core_dump(struct coredump_params *cprm)
1725		1720
1726	sz += thread_status_size;	1721	sz += thread_status_size;
1727		1722
1728	fill_elf_note_phdr(&phdr, sz, offset);	1723	phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
1729	offset += sz;	1724	if (!phdr4note)
1730
1731	size += sizeof(phdr);
1732	if (size > cprm->limit
1733	\|\| !dump_write(cprm->file, &phdr, sizeof(phdr)))
1734	goto end_coredump;	1725	goto end_coredump;
		1726
		1727	fill_elf_note_phdr(phdr4note, sz, offset);
		1728	offset += sz;
1735	}	1729	}
1736		1730
1737	/* Page-align dumped data */	1731	/* Page-align dumped data */
@@ -1744,6 +1738,15 @@ static int elf_fdpic_core_dump(struct coredump_params *cprm)
1744	*/	1738	*/
1745	mm_flags = current->mm->flags;	1739	mm_flags = current->mm->flags;
1746		1740
		1741	size += sizeof(*elf);
		1742	if (size > cprm->limit \|\| !dump_write(cprm->file, elf, sizeof(*elf)))
		1743	goto end_coredump;
		1744
		1745	size += sizeof(*phdr4note);
		1746	if (size > cprm->limit
		1747	\|\| !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
		1748	goto end_coredump;
		1749
1747	/* write program headers for segments dump */	1750	/* write program headers for segments dump */
1748	for (vma = current->mm->mmap; vma; vma = vma->vm_next) {	1751	for (vma = current->mm->mmap; vma; vma = vma->vm_next) {
1749	struct elf_phdr phdr;	1752	struct elf_phdr phdr;
@@ -1815,7 +1818,7 @@ cleanup:
1815	list_del(tmp);	1818	list_del(tmp);
1816	kfree(list_entry(tmp, struct elf_thread_status, list));	1819	kfree(list_entry(tmp, struct elf_thread_status, list));
1817	}	1820	}
1818		1821	kfree(phdr4note);
1819	kfree(elf);	1822	kfree(elf);
1820	kfree(prstatus);	1823	kfree(prstatus);
1821	kfree(psinfo);	1824	kfree(psinfo);