lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20180221193009.GA28678@avx2>
Date:   Wed, 21 Feb 2018 22:30:09 +0300
From:   Alexey Dobriyan <adobriyan@...il.com>
To:     akpm@...ux-foundation.org
Cc:     linux-kernel@...r.kernel.org
Subject: [PATCH 4/5] proc: simpler iterations for /proc/*/cmdline

"rv" variable is used both as a counter of bytes transferred and
an error value holder but it can be reduced solely to error values
if original start of userspace buffer is stashed and used at the very
end.

Signed-off-by: Alexey Dobriyan <adobriyan@...il.com>
---

 fs/proc/base.c |   36 +++++++++++++++++-------------------
 1 file changed, 17 insertions(+), 19 deletions(-)

--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -241,8 +241,9 @@ static ssize_t proc_pid_cmdline_read(struct file *file, char __user *buf,
 	unsigned long arg_start, arg_end, env_start, env_end;
 	unsigned long len1, len2, len;
 	unsigned long p;
+	char __user *buf0 = buf;
 	char c;
-	ssize_t rv;
+	int rv;
 
 	BUG_ON(*pos < 0);
 
@@ -272,25 +273,20 @@ static ssize_t proc_pid_cmdline_read(struct file *file, char __user *buf,
 	len2 = env_end - env_start;
 
 	/* Empty ARGV. */
-	if (len1 == 0) {
-		rv = 0;
-		goto out_free_page;
-	}
+	if (len1 == 0)
+		goto end;
+
 	/*
 	 * Inherently racy -- command line shares address space
 	 * with code and data.
 	 */
-	if (access_remote_vm(mm, arg_end - 1, &c, 1, 0) != 1) {
-		rv = 0;
-		goto out_free_page;
-	}
-
-	rv = 0;
+	if (access_remote_vm(mm, arg_end - 1, &c, 1, 0) != 1)
+		goto end;
 
 	if (c == '\0') {
 		/* Command line (set of strings) occupies whole ARGV. */
 		if (len1 <= *pos)
-			goto out_free_page;
+			goto end;
 
 		p = arg_start + *pos;
 		len = len1 - *pos;
@@ -300,7 +296,7 @@ static ssize_t proc_pid_cmdline_read(struct file *file, char __user *buf,
 			nr_read = min3(count, len, PAGE_SIZE);
 			nr_read = access_remote_vm(mm, p, page, nr_read, 0);
 			if (nr_read == 0)
-				goto out_free_page;
+				goto end;
 
 			if (copy_to_user(buf, page, nr_read)) {
 				rv = -EFAULT;
@@ -311,7 +307,6 @@ static ssize_t proc_pid_cmdline_read(struct file *file, char __user *buf,
 			len	-= nr_read;
 			buf	+= nr_read;
 			count	-= nr_read;
-			rv	+= nr_read;
 		}
 	} else {
 		/*
@@ -342,7 +337,7 @@ static ssize_t proc_pid_cmdline_read(struct file *file, char __user *buf,
 				nr_read = min3(count, len, PAGE_SIZE);
 				nr_read = access_remote_vm(mm, p, page, nr_read, 0);
 				if (nr_read == 0)
-					goto out_free_page;
+					goto end;
 
 				/*
 				 * Command line can be shorter than whole ARGV
@@ -359,10 +354,9 @@ static ssize_t proc_pid_cmdline_read(struct file *file, char __user *buf,
 				len	-= nr_write;
 				buf	+= nr_write;
 				count	-= nr_write;
-				rv	+= nr_write;
 
 				if (nr_write < nr_read)
-					goto out_free_page;
+					goto end;
 			}
 
 			/* Only first chunk can be read partially. */
@@ -371,12 +365,16 @@ static ssize_t proc_pid_cmdline_read(struct file *file, char __user *buf,
 		}
 	}
 
+end:
+	free_page((unsigned long)page);
+	mmput(mm);
+	*pos += buf - buf0;
+	return buf - buf0;
+
 out_free_page:
 	free_page((unsigned long)page);
 out_mmput:
 	mmput(mm);
-	if (rv > 0)
-		*pos += rv;
 	return rv;
 }

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ