[PATCH] dm ioctl: bugfix for kvfree() in free_params()

From: Geliang Tang
Date: Thu Oct 08 2015 - 07:47:17 EST

Next message: FAST PAY LOANS: "October 4% Special Loan Offer"
Previous message: Nikolay Borisov: "Hard lockup in ext4_finish_bio"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The ioctl parameter block consists of two parts, a dm_ioctl struct
followed by a data buffer. Don't free the parameter block when the
data buffer is empty.

Fixes: 30c2a1f('dm ioctl: use kvfree() in free_params()')
Signed-off-by: Geliang Tang <geliangtang@xxxxxxx>
---
drivers/md/dm-ioctl.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c
index dbb5588..3f93787 100644
--- a/drivers/md/dm-ioctl.c
+++ b/drivers/md/dm-ioctl.c
@@ -1673,10 +1673,13 @@ static int check_version(unsigned int cmd, struct dm_ioctl __user *user)

static void free_params(struct dm_ioctl *param, size_t param_size, int param_flags)
{
+ const size_t minimum_data_size = sizeof(*param) - sizeof(param->data);
+
if (param_flags & DM_WIPE_BUFFER)
memset(param, 0, param_size);

- kvfree(param);
+ if (param_size > minimum_data_size)
+ kvfree(param);
}

static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl *param_kernel,
--
1.9.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: FAST PAY LOANS: "October 4% Special Loan Offer"
Previous message: Nikolay Borisov: "Hard lockup in ext4_finish_bio"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]