From bb646cdb12e75d82258c2f2e7746d5952d3e321a Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 24 Dec 2015 00:16:30 -0500 Subject: [PATCH] proc_pid_attr_write(): switch to memdup_user() Signed-off-by: Al Viro --- fs/proc/base.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index 4bd5d3118acd..1b0f470a3e35 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2359,7 +2359,7 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf, size_t count, loff_t *ppos) { struct inode * inode = file_inode(file); - char *page; + void *page; ssize_t length; struct task_struct *task = get_proc_task(inode); @@ -2374,14 +2374,11 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf, if (*ppos != 0) goto out; - length = -ENOMEM; - page = (char*)__get_free_page(GFP_TEMPORARY); - if (!page) + page = memdup_user(buf, count); + if (IS_ERR(page)) { + length = PTR_ERR(page); goto out; - - length = -EFAULT; - if (copy_from_user(page, buf, count)) - goto out_free; + } /* Guard against adverse ptrace interaction */ length = mutex_lock_interruptible(&task->signal->cred_guard_mutex); @@ -2390,10 +2387,10 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf, length = security_setprocattr(task, (char*)file->f_path.dentry->d_name.name, - (void*)page, count); + page, count); mutex_unlock(&task->signal->cred_guard_mutex); out_free: - free_page((unsigned long) page); + kfree(page); out: put_task_struct(task); out_no_task: