On Thu, Jun 26, 2014 at 01:58:26PM -0700, Andrew Morton wrote:
[..]
> > + while (pos < stat.size) {
> > + bytes = kernel_read(f.file, pos, (char *)(*buf) + pos,
> > + stat.size - pos);
> > + if (bytes < 0) {
> > + vfree(*buf);
> > + ret = bytes;
> > + goto out;
> > + }
> > +
> > + if (bytes == 0)
> > + break;
>
> Here we can get a short read: (pos < stat.size). Seems to me that it
> is risky to return this result to the caller as if all is well.
Hi Andrew,
That's a good point. Please find attached the patch which fixes both
the issues.
Thanks
Vivek
Subject: kexec: Return error if file bytes are less then file size
If number of bytes read from file are not same as file size, return error.
Signed-off-by: Vivek Goyal <vgoyal at redhat.com>
---
kernel/kexec.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
Index: linux-2.6/kernel/kexec.c
===================================================================
--- linux-2.6.orig/kernel/kexec.c 2014-06-27 09:55:41.826755422 -0400
+++ linux-2.6/kernel/kexec.c 2014-06-27 10:04:23.409024171 -0400
@@ -343,7 +343,7 @@ out_free_image:
static int copy_file_from_fd(int fd, void **buf, unsigned long *buf_len)
{
struct fd f = fdget(fd);
- int ret = 0;
+ int ret;
struct kstat stat;
loff_t pos;
ssize_t bytes = 0;
@@ -387,6 +387,12 @@ static int copy_file_from_fd(int fd, voi
pos += bytes;
}
+ if (pos != stat.size) {
+ ret = -EBADF;
+ vfree(*buf);
+ goto out;
+ }
+
*buf_len = pos;
out:
fdput(f);
