From: Al Viro Date: Thu, 24 Dec 2015 05:16:30 +0000 (-0500) Subject: proc_pid_attr_write(): switch to memdup_user() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=bb646cdb12e75d82258c2f2e7746d5952d3e321a;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git proc_pid_attr_write(): switch to memdup_user() Signed-off-by: Al Viro --- diff --git a/fs/proc/base.c b/fs/proc/base.c index 4bd5d3118acd..1b0f470a3e35 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2359,7 +2359,7 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf, size_t count, loff_t *ppos) { struct inode * inode = file_inode(file); - char *page; + void *page; ssize_t length; struct task_struct *task = get_proc_task(inode); @@ -2374,14 +2374,11 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf, if (*ppos != 0) goto out; - length = -ENOMEM; - page = (char*)__get_free_page(GFP_TEMPORARY); - if (!page) + page = memdup_user(buf, count); + if (IS_ERR(page)) { + length = PTR_ERR(page); goto out; - - length = -EFAULT; - if (copy_from_user(page, buf, count)) - goto out_free; + } /* Guard against adverse ptrace interaction */ length = mutex_lock_interruptible(&task->signal->cred_guard_mutex); @@ -2390,10 +2387,10 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf, length = security_setprocattr(task, (char*)file->f_path.dentry->d_name.name, - (void*)page, count); + page, count); mutex_unlock(&task->signal->cred_guard_mutex); out_free: - free_page((unsigned long) page); + kfree(page); out: put_task_struct(task); out_no_task: