projects
/
~madcoder
/
pwqr.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
check the `addr` argument for PWQ_WAIT is aligned to an integer.
[~madcoder/pwqr.git]
/
kernel
/
pwqr.c
diff --git
a/kernel/pwqr.c
b/kernel/pwqr.c
index
8171596
..
7ce0700
100644
(file)
--- a/
kernel/pwqr.c
+++ b/
kernel/pwqr.c
@@
-368,9
+368,15
@@
do_pwqr_wait(struct pwqr_sb *sb, struct pwqr_task *pwqt,
preempt_notifier_unregister(&pwqt->notifier);
preempt_notifier_unregister(&pwqt->notifier);
- if (is_wait && copy_from_user(&wait, arg, sizeof(wait))) {
- rc = -EFAULT;
- goto out;
+ if (is_wait) {
+ if (copy_from_user(&wait, arg, sizeof(wait))) {
+ rc = -EFAULT;
+ goto out;
+ }
+ if (unlikely((long)wait.pwqr_uaddr % sizeof(int) != 0)) {
+ rc = -EINVAL;
+ goto out;
+ }
}
pwqr_sb_lock_irqsave(sb, flags);
}
pwqr_sb_lock_irqsave(sb, flags);