diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-05-23 17:34:09 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-05-23 17:34:09 -0700 |
commit | fb827ec68446c83e9e8754fa9b55aed27ecc4661 (patch) | |
tree | e953aedce01fa1c90a8e7b591e40310c3c1e7447 | |
parent | d5b4bb4d103cd601d8009f2d3a7e44586c9ae7cc (diff) | |
parent | ef26a5a6eadb7cd0637e1e9e246cd42505b8ec8c (diff) | |
download | op-kernel-dev-fb827ec68446c83e9e8754fa9b55aed27ecc4661.zip op-kernel-dev-fb827ec68446c83e9e8754fa9b55aed27ecc4661.tar.gz |
Merge tag 'module-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus
Pull module patches from Rusty Russell, who really sells them:
"Three trivial patches of no real utility. Modules are boring."
But to make things slightly more exciting, he adds:
"Fortunately David Howells is looking to change this, with his module
signing patchset. But that's for next merge window...
Cheers,
Rusty."
* tag 'module-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus:
Guard check in module loader against integer overflow
modpost: use proper kernel style for autogenerated files
modpost: Stop grab_file() from leaking filedescriptors if fstat() fails
-rw-r--r-- | kernel/module.c | 3 | ||||
-rw-r--r-- | scripts/mod/modpost.c | 17 |
2 files changed, 12 insertions, 8 deletions
diff --git a/kernel/module.c b/kernel/module.c index a4e6097..4edbd9c 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -2429,7 +2429,8 @@ static int copy_and_check(struct load_info *info, goto free_hdr; } - if (len < hdr->e_shoff + hdr->e_shnum * sizeof(Elf_Shdr)) { + if (hdr->e_shoff >= len || + hdr->e_shnum * sizeof(Elf_Shdr) > len - hdr->e_shoff) { err = -ENOEXEC; goto free_hdr; } diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c index c4e7d15..0f84bb3 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c @@ -337,17 +337,20 @@ static void sym_update_crc(const char *name, struct module *mod, void *grab_file(const char *filename, unsigned long *size) { struct stat st; - void *map; + void *map = MAP_FAILED; int fd; fd = open(filename, O_RDONLY); - if (fd < 0 || fstat(fd, &st) != 0) + if (fd < 0) return NULL; + if (fstat(fd, &st)) + goto failed; *size = st.st_size; map = mmap(NULL, *size, PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0); - close(fd); +failed: + close(fd); if (map == MAP_FAILED) return NULL; return map; @@ -1850,14 +1853,14 @@ static void add_header(struct buffer *b, struct module *mod) buf_printf(b, "\n"); buf_printf(b, "struct module __this_module\n"); buf_printf(b, "__attribute__((section(\".gnu.linkonce.this_module\"))) = {\n"); - buf_printf(b, " .name = KBUILD_MODNAME,\n"); + buf_printf(b, "\t.name = KBUILD_MODNAME,\n"); if (mod->has_init) - buf_printf(b, " .init = init_module,\n"); + buf_printf(b, "\t.init = init_module,\n"); if (mod->has_cleanup) buf_printf(b, "#ifdef CONFIG_MODULE_UNLOAD\n" - " .exit = cleanup_module,\n" + "\t.exit = cleanup_module,\n" "#endif\n"); - buf_printf(b, " .arch = MODULE_ARCH_INIT,\n"); + buf_printf(b, "\t.arch = MODULE_ARCH_INIT,\n"); buf_printf(b, "};\n"); } |