[PATCH] read_ldt() neglects to check clear_user() return value

akpm: It's a bit debatable. The user passed in a buffer of a particular size, and we successfully sopied the LDT info into it, but we got a fault when clearing out the rest of the user's buffer. Is that worth a -EFAULT? I suppose so... Signed-off-by: Jesper Juhl <juhl-lkml@dif.dk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] read_ldt() neglects to check clear_user() return value
akpm: It's a bit debatable. The user passed in a buffer of a particular size, and we successfully sopied the LDT info into it, but we got a fault when clearing out the rest of the user's buffer. Is that worth a -EFAULT? I suppose so... Signed-off-by: Jesper Juhl <juhl-lkml@dif.dk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
702e1a9b · Jesper Juhl · Linus Torvalds · 8bb9ab25 · 702e1a9b
Commit 702e1a9b authored Sep 02, 2004 by Jesper Juhl Committed by Linus Torvalds Sep 02, 2004
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 2 deletions

arch/i386/kernel/ldt.c arch/i386/kernel/ldt.c +7 -2

No files found.
--- a/arch/i386/kernel/ldt.c
+++ b/arch/i386/kernel/ldt.c
@@ -142,12 +142,17 @@ static int read_ldt(void __user * ptr, unsigned long bytecount)
 		err = -EFAULT;
 	up(&mm->context.sem);
 	if (err < 0)
-		return err;
+		goto error_return;
 	if (size != bytecount) {
 		/* zero-fill the rest */
-		clear_user(ptr+size, bytecount-size);
+		if (clear_user(ptr+size, bytecount-size) != 0) {
+			err = -EFAULT;
+			goto error_return;
+		}
 	}
 	return bytecount;
+error_return:
+	return err;
 }

 static int read_default_ldt(void __user * ptr, unsigned long bytecount)