Gitweb:     http://git.kernel.org/linus/e30c7c3b306312c157d67eedd6a01920518b756c
Commit:     e30c7c3b306312c157d67eedd6a01920518b756c
Parent:     293a7cfeedc2b2380a7c7274902323c3cf5f7575
Author:     Takuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
AuthorDate: Tue Jun 1 14:10:47 2010 +0100
Committer:  Linus Torvalds <torvalds@linux-foundation.org>
CommitDate: Tue Jun 1 08:11:06 2010 -0700

    binfmt_elf_fdpic: Fix clear_user() error handling
    
    clear_user() returns the number of bytes that could not be copied rather than
    an error code.  So we should return -EFAULT rather than directly returning the
    results.
    
    Without this patch, positive values may be returned to elf_fdpic_map_file()
    and the following error handlings do not function as expected.
    
    1.
    	ret = elf_fdpic_map_file_constdisp_on_uclinux(params, file, mm);
    	if (ret < 0)
    		return ret;
    2.
    	ret = elf_fdpic_map_file_by_direct_mmap(params, file, mm);
    	if (ret < 0)
    		return ret;
    
    Signed-off-by: Takuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
    Signed-off-by: David Howells <dhowells@redhat.com>
    Acked-by: Mike Frysinger <vapier@gentoo.org>
    CC: Alexander Viro <viro@zeniv.linux.org.uk>
    CC: Andrew Morton <akpm@linux-foundation.org>
    CC: Daisuke HATAYAMA <d.hatayama@jp.fujitsu.com>
    CC: Paul Mundt <lethal@linux-sh.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---
 fs/binfmt_elf_fdpic.c |   26 +++++++++++---------------
 1 files changed, 11 insertions(+), 15 deletions(-)

diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c
index 2c5f9a0..63039ed 100644
--- a/fs/binfmt_elf_fdpic.c
+++ b/fs/binfmt_elf_fdpic.c
@@ -990,10 +990,9 @@ static int elf_fdpic_map_file_constdisp_on_uclinux(
 
 		/* clear any space allocated but not loaded */
 		if (phdr->p_filesz < phdr->p_memsz) {
-			ret = clear_user((void *) (seg->addr + phdr->p_filesz),
-					 phdr->p_memsz - phdr->p_filesz);
-			if (ret)
-				return ret;
+			if (clear_user((void *) (seg->addr + phdr->p_filesz),
+				       phdr->p_memsz - phdr->p_filesz))
+				return -EFAULT;
 		}
 
 		if (mm) {
@@ -1027,7 +1026,7 @@ static int elf_fdpic_map_file_by_direct_mmap(struct elf_fdpic_params *params,
 	struct elf32_fdpic_loadseg *seg;
 	struct elf32_phdr *phdr;
 	unsigned long load_addr, delta_vaddr;
-	int loop, dvset, ret;
+	int loop, dvset;
 
 	load_addr = params->load_addr;
 	delta_vaddr = 0;
@@ -1127,9 +1126,8 @@ static int elf_fdpic_map_file_by_direct_mmap(struct elf_fdpic_params *params,
 		 * PT_LOAD */
 		if (prot & PROT_WRITE && disp > 0) {
 			kdebug("clear[%d] ad=%lx sz=%lx", loop, maddr, disp);
-			ret = clear_user((void __user *) maddr, disp);
-			if (ret)
-				return ret;
+			if (clear_user((void __user *) maddr, disp))
+				return -EFAULT;
 			maddr += disp;
 		}
 
@@ -1164,19 +1162,17 @@ static int elf_fdpic_map_file_by_direct_mmap(struct elf_fdpic_params *params,
 		if (prot & PROT_WRITE && excess1 > 0) {
 			kdebug("clear[%d] ad=%lx sz=%lx",
 			       loop, maddr + phdr->p_filesz, excess1);
-			ret = clear_user((void __user *) maddr + phdr->p_filesz,
-					 excess1);
-			if (ret)
-				return ret;
+			if (clear_user((void __user *) maddr + phdr->p_filesz,
+				       excess1))
+				return -EFAULT;
 		}
 
 #else
 		if (excess > 0) {
 			kdebug("clear[%d] ad=%lx sz=%lx",
 			       loop, maddr + phdr->p_filesz, excess);
-			ret = clear_user((void *) maddr + phdr->p_filesz, excess);
-			if (ret)
-				return ret;
+			if (clear_user((void *) maddr + phdr->p_filesz, excess))
+				return -EFAULT;
 		}
 #endif
 
--
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html