Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / dacbde0963d62a4962d5e8a5cc38dfd1f016124b^! / .
commitdacbde0963d62a4962d5e8a5cc38dfd1f016124b[log] [tgz]
authorChen Gang <gang.chen@asianux.com>Wed Jul 03 15:02:35 2013 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>Wed Jul 03 16:07:31 2013 -0700
treed1ce35d0d3fc2307c1fbb6b35c17afc007d85afd
parentc53954a092d07c5684d31ea1fc813d262cff08a5 [diff]
mm/page_alloc.c: add additional checking and return value for the 'table->data'

- check the length of the procfs data before copying it into a fixed
  size array.

- when __parse_numa_zonelist_order() fails, save the error code for
  return.

- 'char*' --> 'char *' coding style fix

Signed-off-by: Chen Gang <gang.chen@asianux.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index fab9506..a662c74 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c

@@ -3256,18 +3256,25 @@
 	static DEFINE_MUTEX(zl_order_mutex);
 
 	mutex_lock(&zl_order_mutex);
-	if (write)
-		strcpy(saved_string, (char*)table->data);
+	if (write) {
+		if (strlen((char *)table->data) >= NUMA_ZONELIST_ORDER_LEN) {
+			ret = -EINVAL;
+			goto out;
+		}
+		strcpy(saved_string, (char *)table->data);
+	}
 	ret = proc_dostring(table, write, buffer, length, ppos);
 	if (ret)
 		goto out;
 	if (write) {
 		int oldval = user_zonelist_order;
-		if (__parse_numa_zonelist_order((char*)table->data)) {
+
+		ret = __parse_numa_zonelist_order((char *)table->data);
+		if (ret) {
 			/*
 			 * bogus value.  restore saved string
 			 */
-			strncpy((char*)table->data, saved_string,
+			strncpy((char *)table->data, saved_string,
 				NUMA_ZONELIST_ORDER_LEN);
 			user_zonelist_order = oldval;
 		} else if (oldval != user_zonelist_order) {