[PATCH 02/11] checkpoint: check actual array size before dereferencing

Matt Helsley matthltc at us.ibm.com
Thu Oct 21 17:28:20 PDT 2010


On Wed, Oct 20, 2010 at 01:56:37PM -0500, Nathan Lynch wrote:
> The restore_vma_ops table is indexed by vma type (enum vma_type in
> checkpoint_hdr.h).  We check the incoming VMA's type against
> CKPT_VMA_MAX (which happens to be the size of the table), but it seems
> more to-the-point to compare the type against the actual size of the
> array.

I don't know about "more to-the-point" but I think it's a clear
improvement from a code maintenance perspective.

Reviewed-by: Matt Helsley <matthltc at us.ibm.com>

> 
> Signed-off-by: Nathan Lynch <ntl at pobox.com>
> ---
>  mm/checkpoint.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/mm/checkpoint.c b/mm/checkpoint.c
> index 00cbadd..c30a195 100644
> --- a/mm/checkpoint.c
> +++ b/mm/checkpoint.c
> @@ -1207,7 +1207,7 @@ static int restore_vma(struct ckpt_ctx *ctx, struct mm_struct *mm)
>  		goto out;
>  	if (h->vma_objref < 0 || h->ino_objref < 0)
>  		goto out;
> -	if (h->vma_type >= CKPT_VMA_MAX)
> +	if (h->vma_type >= ARRAY_SIZE(restore_vma_ops))
>  		goto out;

Perhaps we should also add:

BUILD_BUG_ON(CKPT_VMA_MAX != ARRAY_SIZE(restore_vma_ops));

somewhere? Though I don't think that addition should delay
applying this series.

>  	ret = -ENOSYS;
>  	if (h->vm_flags & CKPT_VMA_NOT_SUPPORTED)
> -- 
> 1.7.2.2
> 
> _______________________________________________
> Containers mailing list
> Containers at lists.linux-foundation.org
> https://lists.linux-foundation.org/mailman/listinfo/containers


More information about the Containers mailing list