On Thu, Feb 27, 2014 at 10:38 PM, <shuox....@intel.com> wrote:
> From: Liu ShuoX <shuox....@intel.com>
>
> In ramoops_pstore_read, a valid prz pointer with zero size buffer will
> break traverse of all persistent ram buffers. The latter buffer might
> be lost.
>
> Signed-off-by: Liu ShuoX <shuox....@intel.com>
> ---
> fs/pstore/ram.c | 10 +++++-----
> 1 file changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/fs/pstore/ram.c b/fs/pstore/ram.c
> index a5d0cab..929ea55 100644
> --- a/fs/pstore/ram.c
> +++ b/fs/pstore/ram.c
> @@ -119,12 +119,12 @@ ramoops_get_next_prz(struct persistent_ram_zone
> *przs[], uint *c, uint max,
>
> prz = przs[i];
>
> - if (update) {
> - /* Update old/shadowed buffer. */
> + /* Update old/shadowed buffer. */
> + if (update)
> persistent_ram_save_old(prz);
> - if (!persistent_ram_old_size(prz))
> - return NULL;
> - }
> +
> + if (!persistent_ram_old_size(prz))
> + return NULL;
>
> *typep = type;
> *id = i;
Good catch; this change makes sense to me.
Reviewed-by: Kees Cook <keesc...@chromium.org>
-Kees
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
