Caught by smatch: kernel/module.c:2450 copy_module_from_user() warn: maybe return -EFAULT instead of the bytes remaining? Fix the check of copy_from_user() to report -EFAULT as was done before. Reported-by: Fengguang Wu <fengguang.wu@xxxxxxxxx> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> --- Should be applied on top of the finit_module syscall patches. v2: - copy_from_user never returns negative, thanks to Dan Carpenter. --- kernel/module.c | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) diff --git a/kernel/module.c b/kernel/module.c index 0ad03c4..461e7d4 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -2440,9 +2440,10 @@ int copy_module_from_user(const void __user *umod, unsigned long len, if (!info->hdr) return -ENOMEM; - err = copy_from_user(info->hdr, umod, info->len); - if (err) + if (copy_from_user(info->hdr, umod, info->len) != 0) { + err = -EFAULT; goto free_hdr; + } err = check_info(info); if (err) -- 1.7.0.4 -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html