Commit f9286bcf authored by Linus Torvalds's avatar Linus Torvalds

Clean up open_exec()/kmalloc() error case handling.

It's a purely theoretical bug, since the kmalloc() failure that
might "leak" file descriptors cannot actually happen (we do not
ever fail small GFP_KERNEL allocations), but it's good to do
things properly.

Noted by Brad Spender.
parent ea75ccda
...@@ -1387,25 +1387,25 @@ int compat_do_execve(char * filename, ...@@ -1387,25 +1387,25 @@ int compat_do_execve(char * filename,
int retval; int retval;
int i; int i;
file = open_exec(filename);
retval = PTR_ERR(file);
if (IS_ERR(file))
return retval;
sched_exec();
retval = -ENOMEM; retval = -ENOMEM;
bprm = kmalloc(sizeof(*bprm), GFP_KERNEL); bprm = kmalloc(sizeof(*bprm), GFP_KERNEL);
if (!bprm) if (!bprm)
goto out_ret; goto out_ret;
memset(bprm, 0, sizeof(*bprm)); memset(bprm, 0, sizeof(*bprm));
file = open_exec(filename);
retval = PTR_ERR(file);
if (IS_ERR(file))
goto out_kfree;
sched_exec();
bprm->p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *); bprm->p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);
bprm->file = file; bprm->file = file;
bprm->filename = filename; bprm->filename = filename;
bprm->interp = filename; bprm->interp = filename;
bprm->mm = mm_alloc(); bprm->mm = mm_alloc();
retval = -ENOMEM;
if (!bprm->mm) if (!bprm->mm)
goto out_file; goto out_file;
...@@ -1472,6 +1472,8 @@ int compat_do_execve(char * filename, ...@@ -1472,6 +1472,8 @@ int compat_do_execve(char * filename,
allow_write_access(bprm->file); allow_write_access(bprm->file);
fput(bprm->file); fput(bprm->file);
} }
out_kfree:
kfree(bprm); kfree(bprm);
out_ret: out_ret:
......
...@@ -1094,26 +1094,26 @@ int do_execve(char * filename, ...@@ -1094,26 +1094,26 @@ int do_execve(char * filename,
int retval; int retval;
int i; int i;
file = open_exec(filename);
retval = PTR_ERR(file);
if (IS_ERR(file))
return retval;
sched_exec();
retval = -ENOMEM; retval = -ENOMEM;
bprm = kmalloc(sizeof(*bprm), GFP_KERNEL); bprm = kmalloc(sizeof(*bprm), GFP_KERNEL);
if (!bprm) if (!bprm)
goto out_ret; goto out_ret;
memset(bprm, 0, sizeof(*bprm)); memset(bprm, 0, sizeof(*bprm));
file = open_exec(filename);
retval = PTR_ERR(file);
if (IS_ERR(file))
goto out_kfree;
sched_exec();
bprm->p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *); bprm->p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);
bprm->file = file; bprm->file = file;
bprm->filename = filename; bprm->filename = filename;
bprm->interp = filename; bprm->interp = filename;
bprm->mm = mm_alloc(); bprm->mm = mm_alloc();
retval = -ENOMEM;
if (!bprm->mm) if (!bprm->mm)
goto out_file; goto out_file;
...@@ -1180,6 +1180,8 @@ int do_execve(char * filename, ...@@ -1180,6 +1180,8 @@ int do_execve(char * filename,
allow_write_access(bprm->file); allow_write_access(bprm->file);
fput(bprm->file); fput(bprm->file);
} }
out_kfree:
kfree(bprm); kfree(bprm);
out_ret: out_ret:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment