Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
- kernel/user_namespace.c | 22 ++++++++++------------
- 1 file changed, 10 insertions(+), 12 deletions(-)
+ kernel/user_namespace.c | 39 +++++++++++++++++++--------------------
+ 1 file changed, 19 insertions(+), 20 deletions(-)
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
-@@ -604,7 +604,16 @@ static ssize_t map_write(struct file *fi
+@@ -602,9 +602,26 @@ static ssize_t map_write(struct file *fi
+ struct uid_gid_map new_map;
+ unsigned idx;
struct uid_gid_extent *extent = NULL;
- unsigned long page = 0;
+- unsigned long page = 0;
++ unsigned long page;
char *kbuf, *pos, *next_line;
- ssize_t ret = -EINVAL;
+ ssize_t ret;
+ if ((*ppos != 0) || (count >= PAGE_SIZE))
+ return -EINVAL;
+
++ /* Get a buffer */
++ page = __get_free_page(GFP_TEMPORARY);
++ kbuf = (char *) page;
++ if (!page)
++ return -ENOMEM;
++
+ /* Slurp in the user data */
-+ if (copy_from_user(kbuf, buf, count))
++ if (copy_from_user(kbuf, buf, count)) {
++ free_page(page);
+ return -EFAULT;
++ }
+ kbuf[count] = '\0';
/*
* The userns_state_mutex serializes all writes to any given map.
-@@ -645,17 +654,6 @@ static ssize_t map_write(struct file *fi
- if (!page)
+@@ -638,24 +655,6 @@ static ssize_t map_write(struct file *fi
+ if (cap_valid(cap_setid) && !file_ns_capable(file, ns, CAP_SYS_ADMIN))
goto out;
+- /* Get a buffer */
+- ret = -ENOMEM;
+- page = __get_free_page(GFP_TEMPORARY);
+- kbuf = (char *) page;
+- if (!page)
+- goto out;
+-
- /* Only allow < page size writes at the beginning of the file */
- ret = -EINVAL;
- if ((*ppos != 0) || (count >= PAGE_SIZE))
projects / thirdparty / kernel / stable-queue.git / commitdiff
