X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=kernel%2Farch%2Farm%2Fkernel%2Fsys_oabi-compat.c;fp=kernel%2Farch%2Farm%2Fkernel%2Fsys_oabi-compat.c;h=5f221acd21aebb3ca1c2ee560fb68241bc1e02c9;hb=52f993b8e89487ec9ee15a7fb4979e0f09a45b27;hp=087acb569b63a4bd90982e0c9b15fc2313636c53;hpb=c189ccac5702322ed843fe17057035b7222a59b6;p=kvmfornfv.git

diff --git a/kernel/arch/arm/kernel/sys_oabi-compat.c b/kernel/arch/arm/kernel/sys_oabi-compat.c
index 087acb569..5f221acd2 100644
--- a/kernel/arch/arm/kernel/sys_oabi-compat.c
+++ b/kernel/arch/arm/kernel/sys_oabi-compat.c
@@ -279,8 +279,12 @@ asmlinkage long sys_oabi_epoll_wait(int epfd,
 	mm_segment_t fs;
 	long ret, err, i;
 
-	if (maxevents <= 0 || maxevents > (INT_MAX/sizeof(struct epoll_event)))
+	if (maxevents <= 0 ||
+			maxevents > (INT_MAX/sizeof(*kbuf)) ||
+			maxevents > (INT_MAX/sizeof(*events)))
 		return -EINVAL;
+	if (!access_ok(VERIFY_WRITE, events, sizeof(*events) * maxevents))
+		return -EFAULT;
 	kbuf = kmalloc(sizeof(*kbuf) * maxevents, GFP_KERNEL);
 	if (!kbuf)
 		return -ENOMEM;
@@ -317,6 +321,8 @@ asmlinkage long sys_oabi_semtimedop(int semid,
 
 	if (nsops < 1 || nsops > SEMOPM)
 		return -EINVAL;
+	if (!access_ok(VERIFY_READ, tsops, sizeof(*tsops) * nsops))
+		return -EFAULT;
 	sops = kmalloc(sizeof(*sops) * nsops, GFP_KERNEL);
 	if (!sops)
 		return -ENOMEM;