kaiser: fix unlikely error in alloc_ldt_struct()

An error from kaiser_add_mapping() here is not at all likely, but
Eric Biggers rightly points out that __free_ldt_struct() relies on
new_ldt->size being initialized: move that up.

Signed-off-by: Hugh Dickins <hughd@google.com>
Acked-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 500943e57db8d3e298e98f595f835c5b613e843b)
Orabug: 27333760
CVE: CVE-2017-5754
Signed-off-by: Pavel Tatashin <pasha.tatashin@oracle.com>
Signed-off-by: Kirtikar Kashyap <kirtikar.kashyap@oracle.com>

diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
index c388247e03533c9fe64875ba5688e35a6b7b687e..5797d437710db7eba995bae6f0cdb432f697ef80 100644 (file)
--- a/arch/x86/kernel/ldt.c
+++ b/arch/x86/kernel/ldt.c
@@ -78,11 +78,11 @@ static struct ldt_struct *alloc_ldt_struct(int size)
 
        ret = kaiser_add_mapping((unsigned long)new_ldt->entries, alloc_size,
                                 __PAGE_KERNEL);
+       new_ldt->size = size;
        if (ret) {
                __free_ldt_struct(new_ldt);
                return NULL;
        }
-       new_ldt->size = size;
        return new_ldt;
 }