From: Liu ShuoX <shuox.liu@xxxxxxxxx>
3.12-stable review patch. If anyone has any objections, please let me know.
===============
commit aa9a4a1edfbd3d223af01db833da2f07850bc655 upstream.
In ramoops_pstore_read, a valid prz pointer with zero size buffer will
break traverse of all persistent ram buffers. The latter buffer might be
lost.
Signed-off-by: Liu ShuoX <shuox.liu@xxxxxxxxx>
Cc: "Zhang, Yanmin" <yanmin_zhang@xxxxxxxxxxxxxxx>
Cc: Colin Cross <ccross@xxxxxxxxxxx>
Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Tony Luck <tony.luck@xxxxxxxxx>
Cc: HuKeping <hukeping@xxxxxxxxxx>
Signed-off-by: Jiri Slaby <jslaby@xxxxxxx>
---
fs/pstore/ram.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/fs/pstore/ram.c b/fs/pstore/ram.c
index 36ffe55b579d..808435a9e2e1 100644
--- a/fs/pstore/ram.c
+++ b/fs/pstore/ram.c
@@ -126,12 +126,12 @@ ramoops_get_next_prz(struct persistent_ram_zone *przs[], uint *c, uint max,
prz = przs[i];
- if (update) {
- /* Update old/shadowed buffer. */
+ /* Update old/shadowed buffer. */
+ if (update)
persistent_ram_save_old(prz);
- if (!persistent_ram_old_size(prz))
- return NULL;
- }
+
+ if (!persistent_ram_old_size(prz))
+ return NULL;
*typep = type;
*id = i;
--
2.2.2
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html