| Message ID | 1470649228-15522-3-git-send-email-ivan.hu@canonical.com |
|---|---|
| State | Accepted |
| Headers | show |
On 2016-08-08 05:40 PM, Ivan Hu wrote: > Signed-off-by: Ivan Hu <ivan.hu@canonical.com> > --- > efi_runtime/efi_runtime.c | 42 ++++++++++++++++++++++++++++++------------ > 1 file changed, 30 insertions(+), 12 deletions(-) > > diff --git a/efi_runtime/efi_runtime.c b/efi_runtime/efi_runtime.c > index 8c77c77..57d4350 100644 > --- a/efi_runtime/efi_runtime.c > +++ b/efi_runtime/efi_runtime.c > @@ -579,6 +579,7 @@ static long efi_runtime_query_capsulecaps(unsigned long arg) > efi_status_t status; > uint64_t max_size; > int i, reset_type; > + int rv; > > u_caps = (struct efi_querycapsulecapabilities __user *)arg; > > @@ -597,11 +598,15 @@ static long efi_runtime_query_capsulecaps(unsigned long arg) > * obtain the address of the capsule as it resides in the > * user space > */ > - if (get_user(c, caps.capsule_header_array + i)) > - return -EFAULT; > + if (get_user(c, caps.capsule_header_array + i)) { > + rv = -EFAULT; > + goto err_exit; > + } > if (copy_from_user(&capsules[i], c, > - sizeof(efi_capsule_header_t))) > - return -EFAULT; > + sizeof(efi_capsule_header_t))) { > + rv = -EFAULT; > + goto err_exit; > + } > } > > caps.capsule_header_array = &capsules; > @@ -611,19 +616,32 @@ static long efi_runtime_query_capsulecaps(unsigned long arg) > caps.capsule_count, > &max_size, &reset_type); > > - if (put_user(status, caps.status)) > - return -EFAULT; > + if (put_user(status, caps.status)) { > + rv = -EFAULT; > + goto err_exit; > + } > > - if (put_user(max_size, caps.maximum_capsule_size)) > - return -EFAULT; > + if (put_user(max_size, caps.maximum_capsule_size)) { > + rv = -EFAULT; > + goto err_exit; > + } > > - if (put_user(reset_type, caps.reset_type)) > - return -EFAULT; > + if (put_user(reset_type, caps.reset_type)) { > + rv = -EFAULT; > + goto err_exit; > + } > > - if (status != EFI_SUCCESS) > - return -EINVAL; > + if (status != EFI_SUCCESS) { > + rv = -EINVAL; > + goto err_exit; > + } > > + kfree(capsules); > return 0; > + > +err_exit: > + kfree(capsules); > + return rv; > } > #endif > > Acked-by: Alex Hung <alex.hung@canonical.com>
On 08/08/16 10:40, Ivan Hu wrote: > Signed-off-by: Ivan Hu <ivan.hu@canonical.com> > --- > efi_runtime/efi_runtime.c | 42 ++++++++++++++++++++++++++++++------------ > 1 file changed, 30 insertions(+), 12 deletions(-) > > diff --git a/efi_runtime/efi_runtime.c b/efi_runtime/efi_runtime.c > index 8c77c77..57d4350 100644 > --- a/efi_runtime/efi_runtime.c > +++ b/efi_runtime/efi_runtime.c > @@ -579,6 +579,7 @@ static long efi_runtime_query_capsulecaps(unsigned long arg) > efi_status_t status; > uint64_t max_size; > int i, reset_type; > + int rv; > > u_caps = (struct efi_querycapsulecapabilities __user *)arg; > > @@ -597,11 +598,15 @@ static long efi_runtime_query_capsulecaps(unsigned long arg) > * obtain the address of the capsule as it resides in the > * user space > */ > - if (get_user(c, caps.capsule_header_array + i)) > - return -EFAULT; > + if (get_user(c, caps.capsule_header_array + i)) { > + rv = -EFAULT; > + goto err_exit; > + } > if (copy_from_user(&capsules[i], c, > - sizeof(efi_capsule_header_t))) > - return -EFAULT; > + sizeof(efi_capsule_header_t))) { > + rv = -EFAULT; > + goto err_exit; > + } > } > > caps.capsule_header_array = &capsules; > @@ -611,19 +616,32 @@ static long efi_runtime_query_capsulecaps(unsigned long arg) > caps.capsule_count, > &max_size, &reset_type); > > - if (put_user(status, caps.status)) > - return -EFAULT; > + if (put_user(status, caps.status)) { > + rv = -EFAULT; > + goto err_exit; > + } > > - if (put_user(max_size, caps.maximum_capsule_size)) > - return -EFAULT; > + if (put_user(max_size, caps.maximum_capsule_size)) { > + rv = -EFAULT; > + goto err_exit; > + } > > - if (put_user(reset_type, caps.reset_type)) > - return -EFAULT; > + if (put_user(reset_type, caps.reset_type)) { > + rv = -EFAULT; > + goto err_exit; > + } > > - if (status != EFI_SUCCESS) > - return -EINVAL; > + if (status != EFI_SUCCESS) { > + rv = -EINVAL; > + goto err_exit; > + } > > + kfree(capsules); > return 0; > + > +err_exit: > + kfree(capsules); > + return rv; > } > #endif > > Acked-by: Colin Ian King <colin.king@canonical.com>
diff --git a/efi_runtime/efi_runtime.c b/efi_runtime/efi_runtime.c index 8c77c77..57d4350 100644 --- a/efi_runtime/efi_runtime.c +++ b/efi_runtime/efi_runtime.c @@ -579,6 +579,7 @@ static long efi_runtime_query_capsulecaps(unsigned long arg) efi_status_t status; uint64_t max_size; int i, reset_type; + int rv; u_caps = (struct efi_querycapsulecapabilities __user *)arg; @@ -597,11 +598,15 @@ static long efi_runtime_query_capsulecaps(unsigned long arg) * obtain the address of the capsule as it resides in the * user space */ - if (get_user(c, caps.capsule_header_array + i)) - return -EFAULT; + if (get_user(c, caps.capsule_header_array + i)) { + rv = -EFAULT; + goto err_exit; + } if (copy_from_user(&capsules[i], c, - sizeof(efi_capsule_header_t))) - return -EFAULT; + sizeof(efi_capsule_header_t))) { + rv = -EFAULT; + goto err_exit; + } } caps.capsule_header_array = &capsules; @@ -611,19 +616,32 @@ static long efi_runtime_query_capsulecaps(unsigned long arg) caps.capsule_count, &max_size, &reset_type); - if (put_user(status, caps.status)) - return -EFAULT; + if (put_user(status, caps.status)) { + rv = -EFAULT; + goto err_exit; + } - if (put_user(max_size, caps.maximum_capsule_size)) - return -EFAULT; + if (put_user(max_size, caps.maximum_capsule_size)) { + rv = -EFAULT; + goto err_exit; + } - if (put_user(reset_type, caps.reset_type)) - return -EFAULT; + if (put_user(reset_type, caps.reset_type)) { + rv = -EFAULT; + goto err_exit; + } - if (status != EFI_SUCCESS) - return -EINVAL; + if (status != EFI_SUCCESS) { + rv = -EINVAL; + goto err_exit; + } + kfree(capsules); return 0; + +err_exit: + kfree(capsules); + return rv; } #endif
Signed-off-by: Ivan Hu <ivan.hu@canonical.com> --- efi_runtime/efi_runtime.c | 42 ++++++++++++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 12 deletions(-)