On Wed, Nov 11, 2020 at 1:31 AM Masami Hiramatsu <mhira...@kernel.org> wrote:
>
> Hi Luo,
>
> On Tue, 10 Nov 2020 16:42:45 +0800
> Luo Meng <luomen...@huawei.com> wrote:
>
> > Fix a mutex_unlock() issue where before copy_from_user() is
> > not called mutex_locked.
>
> Oops, thank you for the fix.
>
> Acked-by: Masami Hiramatsu <mhira...@kernel.org>
Did anyone pick this up?
If not, please resend cc-ing bpf@vger so it can get into patchwork and
be processed by bpf maintainers.
Thanks!
> >
> > Fixes: 4b1a29a7f542 ("error-injection: Support fault injection framework")
> > Reported-by: Hulk Robot <hul...@huawei.com>
> > Signed-off-by: Luo Meng <luomen...@huawei.com>
> > ---
> > kernel/fail_function.c | 5 +++--
> > 1 file changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/kernel/fail_function.c b/kernel/fail_function.c
> > index 63b349168da7..b0b1ad93fa95 100644
> > --- a/kernel/fail_function.c
> > +++ b/kernel/fail_function.c
> > @@ -253,7 +253,7 @@ static ssize_t fei_write(struct file *file, const char
> > __user *buffer,
> >
> > if (copy_from_user(buf, buffer, count)) {
> > ret = -EFAULT;
> > - goto out;
> > + goto out_free;
> > }
> > buf[count] = '\0';
> > sym = strstrip(buf);
> > @@ -307,8 +307,9 @@ static ssize_t fei_write(struct file *file, const char
> > __user *buffer,
> > ret = count;
> > }
> > out:
> > - kfree(buf);
> > mutex_unlock(&fei_lock);
> > +out_free:
> > + kfree(buf);
> > return ret;
> > }
> >
> > --
> > 2.25.4
> >
>
>
> --
> Masami Hiramatsu <mhira...@kernel.org>
