Re: [PATCH] binfmt_elf_fdpic: fix clear_user() error handling

[Mike Frysinger]

On Fri, May 28, 2010 at 03:56, Takuya Yoshikawa wrote:
> Hi, I found some places in bin_elf_fdpic at which clear_user() is
> incorrectly handled, by chance, when I was trying to check how to
> use clear_user().
>
> IIUC, the following commit was not correct.
>
> Âcommit ab4ad55512e95b68ca3e25516068e18874f89252
> Âbin_elf_fdpic: check the return value of clear_user
>
> Although I don't have an appropriate test box for this, I wrote a
> simple patch to fix this. So if this is worth fixing, please pick
> this up.

the intention was that these functions return 0 only on success, and
non-zero otherwise.  along those lines, the patch does what was
intended.  unfortunately, the logic calling these funcs only checks
for negative values.

> clear_user() returns the number of bytes, unsigned long, that could not
> be copied. So we should return -EFAULT rather than directly return the results.
>
> Without this patch, positive values may be passed to elf_fdpic_map_file() and
> the following error handlings do not function as expected.

on nommu systems, this is generally not an issue because clear_user()
is basically a memset().  but it's good to handle every case.

Acked-by: Mike Frysinger <vapier@xxxxxxxxxx>
-mike
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/