Commit 00ddae0e authored by Hugh Dickins's avatar Hugh Dickins Committed by Kleber Sacilotto de Souza

kaiser: fix unlikely error in alloc_ldt_struct()

An error from kaiser_add_mapping() here is not at all likely, but
Eric Biggers rightly points out that __free_ldt_struct() relies on
new_ldt->size being initialized: move that up.
Acked-by: default avatarJiri Kosina <jkosina@suse.cz>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>

CVE-2017-5754
Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
parent a7d683bd
...@@ -78,11 +78,11 @@ static struct ldt_struct *alloc_ldt_struct(int size) ...@@ -78,11 +78,11 @@ static struct ldt_struct *alloc_ldt_struct(int size)
ret = kaiser_add_mapping((unsigned long)new_ldt->entries, alloc_size, ret = kaiser_add_mapping((unsigned long)new_ldt->entries, alloc_size,
__PAGE_KERNEL); __PAGE_KERNEL);
new_ldt->size = size;
if (ret) { if (ret) {
__free_ldt_struct(new_ldt); __free_ldt_struct(new_ldt);
return NULL; return NULL;
} }
new_ldt->size = size;
return new_ldt; return new_ldt;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment