diff options
author | Paul Jackson <pj@sgi.com> | 2005-09-28 06:42:24 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2005-09-28 07:58:51 -0700 |
commit | 5134fc15b643dc36eb9aa77e4318b886844a9ac5 (patch) | |
tree | 170339651303da0bb530c407300f09d3cd39caa2 /kernel/cpuset.c | |
parent | 2dd3c1df95fb29e9227f16ccd7d786d129e2b34d (diff) | |
download | linux-5134fc15b643dc36eb9aa77e4318b886844a9ac5.tar.bz2 |
[PATCH] cpuset read past eof memory leak fix
Don't leak a page of memory if user reads a cpuset file past eof.
Signed-off-by: KUROSAWA Takahiro <kurosawa@valinux.co.jp>
Signed-off-by: Paul Jackson <pj@sgi.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'kernel/cpuset.c')
-rw-r--r-- | kernel/cpuset.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/kernel/cpuset.c b/kernel/cpuset.c index 79866bc6b3a1..6a6e87b2f2fd 100644 --- a/kernel/cpuset.c +++ b/kernel/cpuset.c @@ -969,7 +969,7 @@ static ssize_t cpuset_common_file_read(struct file *file, char __user *buf, ssize_t retval = 0; char *s; char *start; - size_t n; + ssize_t n; if (!(page = (char *)__get_free_page(GFP_KERNEL))) return -ENOMEM; @@ -999,12 +999,13 @@ static ssize_t cpuset_common_file_read(struct file *file, char __user *buf, *s++ = '\n'; *s = '\0'; - /* Do nothing if *ppos is at the eof or beyond the eof. */ - if (s - page <= *ppos) - return 0; - start = page + *ppos; n = s - start; + + /* Do nothing if *ppos is at the eof or beyond the eof. */ + if (n <= 0) + goto out; + retval = n - copy_to_user(buf, start, min(n, nbytes)); *ppos += retval; out: |