diff options
author | Chen Gong <gong.chen@linux.intel.com> | 2011-05-16 11:01:39 -0700 |
---|---|---|
committer | Tony Luck <tony.luck@intel.com> | 2011-05-16 11:05:08 -0700 |
commit | f5ec25deb2471bd49e907ab2f9ef6f860eb7cf95 (patch) | |
tree | c94504da49380911bef27f492e876ff19eb8a4b7 /drivers/acpi/apei | |
parent | 06cf91b4b4aafa50ee0a94c81d2c6922a18af242 (diff) | |
download | op-kernel-dev-f5ec25deb2471bd49e907ab2f9ef6f860eb7cf95.zip op-kernel-dev-f5ec25deb2471bd49e907ab2f9ef6f860eb7cf95.tar.gz |
pstore: fix potential logic issue in pstore read interface
1) in the calling of erst_read, the parameter of buffer size
maybe overflows and cause crash
2) the return value of erst_read should be checked more strictly
Signed-off-by: Chen Gong <gong.chen@linux.intel.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Diffstat (limited to 'drivers/acpi/apei')
-rw-r--r-- | drivers/acpi/apei/erst.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/drivers/acpi/apei/erst.c b/drivers/acpi/apei/erst.c index ddb68c4..e6cef8e 100644 --- a/drivers/acpi/apei/erst.c +++ b/drivers/acpi/apei/erst.c @@ -1006,7 +1006,14 @@ skip: } len = erst_read(record_id, &rcd->hdr, sizeof(*rcd) + - erst_erange.size); + erst_info.bufsize); + /* The record may be cleared by others, try read next record */ + if (len == -ENOENT) + goto skip; + else if (len < 0) { + rc = -1; + goto out; + } if (uuid_le_cmp(rcd->hdr.creator_id, CPER_CREATOR_PSTORE) != 0) goto skip; |