From: Chen Gong <gong.chen@linux.intel.com>
Date: Mon, 16 May 2011 18:01:39 +0000 (-0700)
Subject: pstore: fix potential logic issue in pstore read interface
X-Git-Tag: v3.0-rc1~378^2~2^2~1
X-Git-Url: https://openfabrics.org/gitweb/?a=commitdiff_plain;h=f5ec25deb2471bd49e907ab2f9ef6f860eb7cf95;p=~emulex%2Finfiniband.git

pstore: fix potential logic issue in pstore read interface

1) in the calling of erst_read, the parameter of buffer size
maybe overflows and cause crash

2) the return value of erst_read should be checked more strictly

Signed-off-by: Chen Gong <gong.chen@linux.intel.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
---

diff --git a/drivers/acpi/apei/erst.c b/drivers/acpi/apei/erst.c
index ddb68c4f8d3..e6cef8e1b53 100644
--- a/drivers/acpi/apei/erst.c
+++ b/drivers/acpi/apei/erst.c
@@ -1006,7 +1006,14 @@ skip:
 	}
 
 	len = erst_read(record_id, &rcd->hdr, sizeof(*rcd) +
-			  erst_erange.size);
+			erst_info.bufsize);
+	/* The record may be cleared by others, try read next record */
+	if (len == -ENOENT)
+		goto skip;
+	else if (len < 0) {
+		rc = -1;
+		goto out;
+	}
 	if (uuid_le_cmp(rcd->hdr.creator_id, CPER_CREATOR_PSTORE) != 0)
 		goto skip;