Commit 702e1a9b authored by Jesper Juhl's avatar Jesper Juhl Committed by Linus Torvalds

[PATCH] read_ldt() neglects to check clear_user() return value

akpm: It's a bit debatable.  The user passed in a buffer of a particular size,
and we successfully sopied the LDT info into it, but we got a fault when
clearing out the rest of the user's buffer.   Is that worth a -EFAULT?

I suppose so...
Signed-off-by: default avatarJesper Juhl <juhl-lkml@dif.dk>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 8bb9ab25
...@@ -142,12 +142,17 @@ static int read_ldt(void __user * ptr, unsigned long bytecount) ...@@ -142,12 +142,17 @@ static int read_ldt(void __user * ptr, unsigned long bytecount)
err = -EFAULT; err = -EFAULT;
up(&mm->context.sem); up(&mm->context.sem);
if (err < 0) if (err < 0)
return err; goto error_return;
if (size != bytecount) { if (size != bytecount) {
/* zero-fill the rest */ /* zero-fill the rest */
clear_user(ptr+size, bytecount-size); if (clear_user(ptr+size, bytecount-size) != 0) {
err = -EFAULT;
goto error_return;
}
} }
return bytecount; return bytecount;
error_return:
return err;
} }
static int read_default_ldt(void __user * ptr, unsigned long bytecount) static int read_default_ldt(void __user * ptr, unsigned long bytecount)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment