On Fri, May 28, 2010 at 03:56, Takuya Yoshikawa wrote: > Hi, I found some places in bin_elf_fdpic at which clear_user() is > incorrectly handled, by chance, when I was trying to check how to > use clear_user(). > > IIUC, the following commit was not correct. > > commit ab4ad55512e95b68ca3e25516068e18874f89252 > bin_elf_fdpic: check the return value of clear_user > > Although I don't have an appropriate test box for this, I wrote a > simple patch to fix this. So if this is worth fixing, please pick > this up. the intention was that these functions return 0 only on success, and non-zero otherwise. along those lines, the patch does what was intended. unfortunately, the logic calling these funcs only checks for negative values. > clear_user() returns the number of bytes, unsigned long, that could not > be copied. So we should return -EFAULT rather than directly return the results. > > Without this patch, positive values may be passed to elf_fdpic_map_file() and > the following error handlings do not function as expected. on nommu systems, this is generally not an issue because clear_user() is basically a memset(). but it's good to handle every case. Acked-by: Mike Frysinger <vapier@xxxxxxxxxx> -mike -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
