tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

proc_pid_attr_write(): switch to memdup_user()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Al Viro bb646cdb 70f6cbb6

+7 -10
+7 -10
fs/proc/base.c
··· 2359 2359 size_t count, loff_t *ppos) 2360 2360 { 2361 2361 struct inode * inode = file_inode(file); 2362 - char *page; 2362 + void *page; 2363 2363 ssize_t length; 2364 2364 struct task_struct *task = get_proc_task(inode); 2365 2365 ··· 2374 2374 if (*ppos != 0) 2375 2375 goto out; 2376 2376 2377 - length = -ENOMEM; 2378 - page = (char*)__get_free_page(GFP_TEMPORARY); 2379 - if (!page) 2377 + page = memdup_user(buf, count); 2378 + if (IS_ERR(page)) { 2379 + length = PTR_ERR(page); 2380 2380 goto out; 2381 - 2382 - length = -EFAULT; 2383 - if (copy_from_user(page, buf, count)) 2384 - goto out_free; 2381 + } 2385 2382 2386 2383 /* Guard against adverse ptrace interaction */ 2387 2384 length = mutex_lock_interruptible(&task->signal->cred_guard_mutex); ··· 2387 2390 2388 2391 length = security_setprocattr(task, 2389 2392 (char*)file->f_path.dentry->d_name.name, 2390 - (void*)page, count); 2393 + page, count); 2391 2394 mutex_unlock(&task->signal->cred_guard_mutex); 2392 2395 out_free: 2393 - free_page((unsigned long) page); 2396 + kfree(page); 2394 2397 out: 2395 2398 put_task_struct(task); 2396 2399 out_no_task: