Commit 863abad4 authored by Jesper Juhl's avatar Jesper Juhl Committed by Ralf Baechle

MIPS: VPE loader: Check vmalloc return value in vpe_open

The return value of the vmalloc() call in arch/mips/kernel/vpe.c::vpe_open()
is not checked, so we potentially store a null pointer in v->pbuffer.  Add
a check for a null return and then return -ENOMEM in that case.

[Ralf: The check added by Jesper's original patch is where it logically
should be.  Adding it eleminated the need for the checks in a few other
places, so I removed them.  There still is a zillion of other things that
need to be fixed in this file / API.]
Signed-off-by: default avatarJesper Juhl <jj@chaosbits.net>
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/1747/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
parent d62c9ced
...@@ -1092,6 +1092,10 @@ static int vpe_open(struct inode *inode, struct file *filp) ...@@ -1092,6 +1092,10 @@ static int vpe_open(struct inode *inode, struct file *filp)
/* this of-course trashes what was there before... */ /* this of-course trashes what was there before... */
v->pbuffer = vmalloc(P_SIZE); v->pbuffer = vmalloc(P_SIZE);
if (!v->pbuffer) {
pr_warning("VPE loader: unable to allocate memory\n");
return -ENOMEM;
}
v->plen = P_SIZE; v->plen = P_SIZE;
v->load_addr = NULL; v->load_addr = NULL;
v->len = 0; v->len = 0;
...@@ -1149,10 +1153,9 @@ static int vpe_release(struct inode *inode, struct file *filp) ...@@ -1149,10 +1153,9 @@ static int vpe_release(struct inode *inode, struct file *filp)
if (ret < 0) if (ret < 0)
v->shared_ptr = NULL; v->shared_ptr = NULL;
// cleanup any temp buffers vfree(v->pbuffer);
if (v->pbuffer)
vfree(v->pbuffer);
v->plen = 0; v->plen = 0;
return ret; return ret;
} }
...@@ -1169,11 +1172,6 @@ static ssize_t vpe_write(struct file *file, const char __user * buffer, ...@@ -1169,11 +1172,6 @@ static ssize_t vpe_write(struct file *file, const char __user * buffer,
if (v == NULL) if (v == NULL)
return -ENODEV; return -ENODEV;
if (v->pbuffer == NULL) {
printk(KERN_ERR "VPE loader: no buffer for program\n");
return -ENOMEM;
}
if ((count + v->len) > v->plen) { if ((count + v->len) > v->plen) {
printk(KERN_WARNING printk(KERN_WARNING
"VPE loader: elf size too big. Perhaps strip uneeded symbols\n"); "VPE loader: elf size too big. Perhaps strip uneeded symbols\n");
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment