[PATCH 2/4] xfs: use kvalloc for the parent pointer info buffer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Darrick J. Wong <djwong@xxxxxxxxxx>

It's possible that userspace could call us with large(ish) 64k buffer.
Use kvalloc for this, so that the kernel doesn't have to find a
contiguous physical region.  Zero the realloc buffer so that we don't
leak kernel contents to userspace.

Signed-off-by: Darrick J. Wong <djwong@xxxxxxxxxx>
---
 fs/xfs/xfs_ioctl.c |    8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)


diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c
index a1929b08c539..19f71d6eb561 100644
--- a/fs/xfs/xfs_ioctl.c
+++ b/fs/xfs/xfs_ioctl.c
@@ -1702,7 +1702,7 @@ xfs_ioc_get_parent_pointer(
 		return -EPERM;
 
 	/* Allocate an xfs_pptr_info to put the user data */
-	ppi = kmalloc(sizeof(struct xfs_pptr_info), 0);
+	ppi = kvmalloc(sizeof(struct xfs_pptr_info), GFP_KERNEL);
 	if (!ppi)
 		return -ENOMEM;
 
@@ -1729,7 +1729,9 @@ xfs_ioc_get_parent_pointer(
 	 * Now that we know how big the trailing buffer is, expand
 	 * our kernel xfs_pptr_info to be the same size
 	 */
-	ppi = krealloc(ppi, xfs_pptr_info_sizeof(ppi->pi_ptrs_size), 0);
+	ppi = kvrealloc(ppi, sizeof(struct xfs_pptr_info),
+			xfs_pptr_info_sizeof(ppi->pi_ptrs_size),
+			GFP_KERNEL | __GFP_ZERO);
 	if (!ppi)
 		return -ENOMEM;
 
@@ -1774,7 +1776,7 @@ xfs_ioc_get_parent_pointer(
 out:
 	if (call_ip != file_ip)
 		xfs_irele(call_ip);
-	kmem_free(ppi);
+	kvfree(ppi);
 	return error;
 }
 




[Index of Archives]     [XFS Filesystem Development (older mail)]     [Linux Filesystem Development]     [Linux Audio Users]     [Yosemite Trails]     [Linux Kernel]     [Linux RAID]     [Linux SCSI]


  Powered by Linux