diff options
| author | Mauro Carvalho Chehab <m.chehab@samsung.com> | 2014-03-11 06:55:49 -0300 |
|---|---|---|
| committer | Mauro Carvalho Chehab <m.chehab@samsung.com> | 2014-03-11 06:55:49 -0300 |
| commit | c897df0e2dbc81bcc09c11425658d69830825364 (patch) | |
| tree | 04c268e4951f2b75acb6873307673e45d05a635e /fs/proc | |
| parent | 1e9c4d49020996a645a535cbb8f1ff78b9b120f3 (diff) | |
| parent | 0414855fdc4a40da05221fc6062cccbc0c30f169 (diff) | |
| download | linux-c897df0e2dbc81bcc09c11425658d69830825364.tar.gz linux-c897df0e2dbc81bcc09c11425658d69830825364.tar.bz2 linux-c897df0e2dbc81bcc09c11425658d69830825364.zip | |
Merge tag 'v3.14-rc5' into patchwork
Linux 3.14-rc5
* tag 'v3.14-rc5': (1117 commits)
Linux 3.14-rc5
drm/vmwgfx: avoid null pointer dereference at failure paths
drm/vmwgfx: Make sure backing mobs are cleared when allocated. Update driver date.
drm/vmwgfx: Remove some unused surface formats
MAINTAINERS: add maintainer entry for Armada DRM driver
arm64: Fix !CONFIG_SMP kernel build
arm64: mm: Add double logical invert to pte accessors
dm cache: fix truncation bug when mapping I/O to >2TB fast device
perf tools: Fix strict alias issue for find_first_bit
powerpc/powernv: Fix indirect XSCOM unmangling
powerpc/powernv: Fix opal_xscom_{read,write} prototype
powerpc/powernv: Refactor PHB diag-data dump
powerpc/powernv: Dump PHB diag-data immediately
powerpc: Increase stack redzone for 64-bit userspace to 512 bytes
powerpc/ftrace: bugfix for test_24bit_addr
powerpc/crashdump : Fix page frame number check in copy_oldmem_page
powerpc/le: Ensure that the 'stop-self' RTAS token is handled correctly
kvm, vmx: Really fix lazy FPU on nested guest
perf tools: fix BFD detection on opensuse
drm/radeon: enable speaker allocation setup on dce3.2
...
Diffstat (limited to 'fs/proc')
| -rw-r--r-- | fs/proc/vmcore.c | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/fs/proc/vmcore.c b/fs/proc/vmcore.c index 2ca7ba047f04..88d4585b30f1 100644 --- a/fs/proc/vmcore.c +++ b/fs/proc/vmcore.c @@ -468,17 +468,24 @@ static int __init update_note_header_size_elf64(const Elf64_Ehdr *ehdr_ptr) return rc; } nhdr_ptr = notes_section; - while (real_sz < max_sz) { - if (nhdr_ptr->n_namesz == 0) - break; + while (nhdr_ptr->n_namesz != 0) { sz = sizeof(Elf64_Nhdr) + ((nhdr_ptr->n_namesz + 3) & ~3) + ((nhdr_ptr->n_descsz + 3) & ~3); + if ((real_sz + sz) > max_sz) { + pr_warn("Warning: Exceeded p_memsz, dropping PT_NOTE entry n_namesz=0x%x, n_descsz=0x%x\n", + nhdr_ptr->n_namesz, nhdr_ptr->n_descsz); + break; + } real_sz += sz; nhdr_ptr = (Elf64_Nhdr*)((char*)nhdr_ptr + sz); } kfree(notes_section); phdr_ptr->p_memsz = real_sz; + if (real_sz == 0) { + pr_warn("Warning: Zero PT_NOTE entries found\n"); + return -EINVAL; + } } return 0; @@ -648,17 +655,24 @@ static int __init update_note_header_size_elf32(const Elf32_Ehdr *ehdr_ptr) return rc; } nhdr_ptr = notes_section; - while (real_sz < max_sz) { - if (nhdr_ptr->n_namesz == 0) - break; + while (nhdr_ptr->n_namesz != 0) { sz = sizeof(Elf32_Nhdr) + ((nhdr_ptr->n_namesz + 3) & ~3) + ((nhdr_ptr->n_descsz + 3) & ~3); + if ((real_sz + sz) > max_sz) { + pr_warn("Warning: Exceeded p_memsz, dropping PT_NOTE entry n_namesz=0x%x, n_descsz=0x%x\n", + nhdr_ptr->n_namesz, nhdr_ptr->n_descsz); + break; + } real_sz += sz; nhdr_ptr = (Elf32_Nhdr*)((char*)nhdr_ptr + sz); } kfree(notes_section); phdr_ptr->p_memsz = real_sz; + if (real_sz == 0) { + pr_warn("Warning: Zero PT_NOTE entries found\n"); + return -EINVAL; + } } return 0; |