fs/dirty_pages: fix wrong 'buff_num' after invalid input

euler inclusion category: bugfix bugzilla: 46858 CVE: NA --------------------------- In 'write_proc', if input from userspace is invlid, the 'buff_num' will be set to 0 with unfreed buffer. Fix it by setting 'buff_num' to 'old_buff_num'. Reported-by: N song jian <songjian15@huawei.com> Signed-off-by: N yu kuai <yukuai3@huawei.com> Reviewed-by: N zhangyi (F) <yi.zhang@huawei.com> Signed-off-by: N zhangyi (F) <yi.zhang@huawei.com> Signed-off-by: N Dianfang Zhang <zhangdianfang@huawei.com> Acked-by: N Xie XiuQi <xiexiuqi@huawei.com> Signed-off-by: N Chen Jun <chenjun102@huawei.com>

fs/dirty_pages: fix wrong 'buff_num' after invalid input
euler inclusion category: bugfix bugzilla: 46858 CVE: NA --------------------------- In 'write_proc', if input from userspace is invlid, the 'buff_num' will be set to 0 with unfreed buffer. Fix it by setting 'buff_num' to 'old_buff_num'. Reported-by: N song jian <songjian15@huawei.com> Signed-off-by: N yu kuai <yukuai3@huawei.com> Reviewed-by: N zhangyi (F) <yi.zhang@huawei.com> Signed-off-by: N zhangyi (F) <yi.zhang@huawei.com> Signed-off-by: N Dianfang Zhang <zhangdianfang@huawei.com> Acked-by: N Xie XiuQi <xiexiuqi@huawei.com> Signed-off-by: N Chen Jun <chenjun102@huawei.com>
ebc8230c · yu kuai · Chen Jun · 4f0c1985 · ebc8230c
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

fs/dirty_pages.c fs/dirty_pages.c +1 -1

未找到文件。
--- a/fs/dirty_pages.c
+++ b/fs/dirty_pages.c
@@ -259,7 +259,7 @@ static ssize_t write_proc(
 	old_buff_num = buff_num;
 	ret = kstrtol(msg, 10, &buff_num);
 	if (ret != 0 || buff_num < 0 || buff_num > MAX_BUFF_SIZE) {
-		buff_num = 0;
+		buff_num = old_buff_num;
 		ret = -EINVAL;
 		goto free;
 	}