From eb3d5cc67a525df5115c1dc1c0ff8a111bda70e4 Mon Sep 17 00:00:00 2001 From: Jesper Juhl Date: Wed, 23 May 2012 22:28:49 +0930 Subject: modpost: Stop grab_file() from leaking filedescriptors if fstat() fails In case the open() call succeeds but the subsequent fstat() call fails, then we'll return without close()'ing the filedescriptor. Signed-off-by: Jesper Juhl Signed-off-by: Rusty Russell diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c index c4e7d15..ea0eaca 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c @@ -337,17 +337,20 @@ static void sym_update_crc(const char *name, struct module *mod, void *grab_file(const char *filename, unsigned long *size) { struct stat st; - void *map; + void *map = MAP_FAILED; int fd; fd = open(filename, O_RDONLY); - if (fd < 0 || fstat(fd, &st) != 0) + if (fd < 0) return NULL; + if (fstat(fd, &st)) + goto failed; *size = st.st_size; map = mmap(NULL, *size, PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0); - close(fd); +failed: + close(fd); if (map == MAP_FAILED) return NULL; return map; -- cgit v0.10.2 From 3c7ec94d2c4a67d9663a080aa5080134308261c4 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Wed, 25 Apr 2012 11:10:15 -0700 Subject: modpost: use proper kernel style for autogenerated files If the kernel build process is creating files automatically, the least it can do is create them in a properly formatted manner. Sure, it's a minor issue, but being consistent is nice. Cc: Rusty Russell Cc: Alessio Igor Bogani Cc: Tony Lindgren Cc: Ben Hutchings Cc: Russell King Signed-off-by: Greg Kroah-Hartman Signed-off-by: Rusty Russell diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c index ea0eaca..0f84bb3 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c @@ -1853,14 +1853,14 @@ static void add_header(struct buffer *b, struct module *mod) buf_printf(b, "\n"); buf_printf(b, "struct module __this_module\n"); buf_printf(b, "__attribute__((section(\".gnu.linkonce.this_module\"))) = {\n"); - buf_printf(b, " .name = KBUILD_MODNAME,\n"); + buf_printf(b, "\t.name = KBUILD_MODNAME,\n"); if (mod->has_init) - buf_printf(b, " .init = init_module,\n"); + buf_printf(b, "\t.init = init_module,\n"); if (mod->has_cleanup) buf_printf(b, "#ifdef CONFIG_MODULE_UNLOAD\n" - " .exit = cleanup_module,\n" + "\t.exit = cleanup_module,\n" "#endif\n"); - buf_printf(b, " .arch = MODULE_ARCH_INIT,\n"); + buf_printf(b, "\t.arch = MODULE_ARCH_INIT,\n"); buf_printf(b, "};\n"); } -- cgit v0.10.2 From ef26a5a6eadb7cd0637e1e9e246cd42505b8ec8c Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 22 May 2012 15:56:13 +0100 Subject: Guard check in module loader against integer overflow The check: if (len < hdr->e_shoff + hdr->e_shnum * sizeof(Elf_Shdr)) may not work if there's an overflow in the right-hand side of the condition. Signed-off-by: David Howells Signed-off-by: Rusty Russell diff --git a/kernel/module.c b/kernel/module.c index a4e6097..4edbd9c 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -2429,7 +2429,8 @@ static int copy_and_check(struct load_info *info, goto free_hdr; } - if (len < hdr->e_shoff + hdr->e_shnum * sizeof(Elf_Shdr)) { + if (hdr->e_shoff >= len || + hdr->e_shnum * sizeof(Elf_Shdr) > len - hdr->e_shoff) { err = -ENOEXEC; goto free_hdr; } -- cgit v0.10.2