Re: [PATCH 1/2] strndup_user, convert (module)
From: Sergey Vlasov
Date: Thu Feb 16 2006 - 14:07:35 EST
On Wed, 15 Feb 2006 18:23:06 -0300 Davi Arnaut wrote:
> Convert kernel/module.c string duplication to strdup_user()
>
> Signed-off-by: Davi Arnaut <davi.arnaut@xxxxxxxxx>
> --
>
> diff --git a/kernel/module.c b/kernel/module.c
> index 5aad477..d7d428d 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -1538,7 +1538,6 @@ static struct module *load_module(void _
> unsigned int i, symindex = 0, strindex = 0, setupindex, exindex,
> exportindex, modindex, obsparmindex, infoindex, gplindex,
> crcindex, gplcrcindex, versindex, pcpuindex;
> - long arglen;
> struct module *mod;
> long err = 0;
> void *percpu = NULL, *ptr = NULL; /* Stops spurious gcc warning */
> @@ -1655,23 +1654,11 @@ static struct module *load_module(void _
> }
>
> /* Now copy in args */
> - arglen = strlen_user(uargs);
> - if (!arglen) {
> - err = -EFAULT;
> - goto free_hdr;
> - }
> - args = kmalloc(arglen, GFP_KERNEL);
> - if (!args) {
> - err = -ENOMEM;
> + args = strdup_user(uargs);
Before your changes the args string was limited by the maximum size
supported by kmalloc(); you have changed the limit to 4096 hardcoded
inside strdup_user(), which is much lower.
> + if (IS_ERR(args)) {
> + err = PTR_ERR(args);
> goto free_hdr;
> }
> - if (copy_from_user(args, uargs, arglen) != 0) {
> - err = -EFAULT;
> - goto free_mod;
> - }
> -
> - /* Userspace could have altered the string after the strlen_user() */
> - args[arglen - 1] = '\0';
>
> if (find_module(mod->name)) {
> err = -EEXIST;
Attachment:
pgp00000.pgp
Description: PGP signature