proc_pid_attr_write(): switch to memdup_user()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

proc_pid_attr_write(): switch to memdup_user()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
bb646cdb · Al Viro · 70f6cbb6 · bb646cdb
Commit bb646cdb authored Dec 24, 2015 by Al Viro
Show whitespace changes
Inline Side-by-side

Showing with 7 additions and 10 deletions

fs/proc/base.c fs/proc/base.c +7 -10

No files found.
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -2359,7 +2359,7 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf,
 				   size_t count, loff_t *ppos)
 {
 	struct inode * inode = file_inode(file);
-	char *page;
+	void *page;
 	ssize_t length;
 	struct task_struct *task = get_proc_task(inode);
@@ -2374,14 +2374,11 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf,
 	if (*ppos != 0)
 		goto out;
-	length = -ENOMEM;
+	page = memdup_user(buf, count);
-	page = (char*)__get_free_page(GFP_TEMPORARY);
+	if (IS_ERR(page)) {
-	if (!page)
+		length = PTR_ERR(page);
 		goto out;
+	}
-	length = -EFAULT;
-	if (copy_from_user(page, buf, count))
-		goto out_free;
 	/* Guard against adverse ptrace interaction */
 	length = mutex_lock_interruptible(&task->signal->cred_guard_mutex);
@@ -2390,10 +2387,10 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf,
 	length = security_setprocattr(task,
 				      (char*)file->f_path.dentry->d_name.name,
-				      (void*)page, count);
+				      page, count);
 	mutex_unlock(&task->signal->cred_guard_mutex);
 out_free:
-	free_page((unsigned long) page);
+	kfree(page);
 out:
 	put_task_struct(task);
 out_no_task: