kpriv/linux-hardened
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
linux-hardened/fs/pstore
History
Sebastian Andrzej Siewior 4407de74df pstore/ramoops: fixup driver removal 
A basic rmmod ramoops segfaults. Let's see why.

Since commit 34f0ec82e0 ("pstore: Correct the max_dump_cnt clearing of
ramoops") sets ->max_dump_cnt to zero before looping over ->przs but we
didn't use it before that either.

And since commit ee1d267423 ("pstore: add pstore unregister") we free
that memory on rmmod.

But even then, we looped until a NULL pointer or ERR. I don't see where
it is ensured that the last member is NULL. Let's try this instead:
simply error recovery and free. Clean up in error case where resources
were allocated. And then, in the free path, rely on ->max_dump_cnt in
the free path.

Cc: Anton Vorontsov <anton@enomsg.org>
Cc: Colin Cross <ccross@android.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Acked-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org # 4.4.x-
2016-09-08 14:58:00 -07:00
..
ftrace.c pstore: add pstore unregister 2015-10-22 08:59:18 -07:00
inode.c pstore: drop file opened reference count 2016-06-02 11:24:52 -07:00
internal.h pstore: Fix return type of pstore_is_mounted() 2015-10-22 10:57:33 -07:00
Kconfig pstore: add lzo/lz4 compression support 2016-06-02 10:59:31 -07:00
Makefile pstore: add pstore unregister 2015-10-22 08:59:18 -07:00
platform.c pstore: add lzo/lz4 compression support 2016-06-02 10:59:31 -07:00
pmsg.c pstore: add pstore unregister 2015-10-22 08:59:18 -07:00
ram.c pstore/ramoops: fixup driver removal 2016-09-08 14:58:00 -07:00
ram_core.c pstore-ram: Allow optional mapping with pgprot_noncached 2014-12-11 13:38:31 -08:00