From: KAMEZAWA Hiroyuki Date: Wed, 14 Sep 2011 23:21:02 +0000 (-0700) Subject: mm/mempolicy.c: make copy_from_user() provably correct X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=2bbff6c761e31b4642d297513cd3e0e89bc68ff7;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git mm/mempolicy.c: make copy_from_user() provably correct When compiling mm/mempolicy.c with struct user copy checks the following warning is shown: In file included from arch/x86/include/asm/uaccess.h:572, from include/linux/uaccess.h:5, from include/linux/highmem.h:7, from include/linux/pagemap.h:10, from include/linux/mempolicy.h:70, from mm/mempolicy.c:68: In function `copy_from_user', inlined from `compat_sys_get_mempolicy' at mm/mempolicy.c:1415: arch/x86/include/asm/uaccess_64.h:64: warning: call to `copy_from_user_overflow' declared with attribute warning: copy_from_user() buffer size is not provably correct LD mm/built-in.o Fix this by passing correct buffer size value. Signed-off-by: KAMEZAWA Hiroyuki Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/mm/mempolicy.c b/mm/mempolicy.c index b1f70d6eec35..9c51f9f58cac 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -1411,7 +1411,9 @@ asmlinkage long compat_sys_get_mempolicy(int __user *policy, err = sys_get_mempolicy(policy, nm, nr_bits+1, addr, flags); if (!err && nmask) { - err = copy_from_user(bm, nm, alloc_size); + unsigned long copy_size; + copy_size = min_t(unsigned long, sizeof(bm), alloc_size); + err = copy_from_user(bm, nm, copy_size); /* ensure entire bitmap is zeroed */ err |= clear_user(nmask, ALIGN(maxnode-1, 8) / 8); err |= compat_put_bitmap(nmask, bm, nr_bits);