Re: [PATCH] Check copy_*_user return value indrivers/block/scsi_ioctl.c

[Paulo Andre' (fscked@iol.pt)]

On Sun, 25 May 2003 18:28:44 +0200
Jens Axboe <axboe@xxxxxxx> wrote:

> 
> See above, we've already done access_ok() on the buffer so the
> "unchecked" copy_to/from_user are done that way on purpose. I suppose
> it could be made more explicit with __copy_to/from_user().

Ok, makes sense indeed. Please consider the following patch then.


		Paulo
--- scsi_ioctl.c.orig	2003-05-25 16:42:22.000000000 +0100
+++ scsi_ioctl.c	2003-05-25 17:54:21.000000000 +0100
@@ -213,7 +213,7 @@
 
 			nr_sectors = bytes >> 9;
 			if (writing)
-				copy_from_user(buffer,hdr.dxferp,hdr.dxfer_len);
+				__copy_from_user(buffer,hdr.dxferp,hdr.dxfer_len);
 			else
 				memset(buffer, 0, hdr.dxfer_len);
 		}
@@ -225,7 +225,7 @@
 	 * fill in request structure
 	 */
 	rq->cmd_len = hdr.cmd_len;
-	copy_from_user(rq->cmd, hdr.cmdp, hdr.cmd_len);
+	__copy_from_user(rq->cmd, hdr.cmdp, hdr.cmd_len);
 	if (sizeof(rq->cmd) != hdr.cmd_len)
 		memset(rq->cmd + hdr.cmd_len, 0, sizeof(rq->cmd) - hdr.cmd_len);
 
@@ -286,11 +286,11 @@
 
 	blk_put_request(rq);
 
-	copy_to_user(uptr, &hdr, sizeof(*uptr));
+	__copy_to_user(uptr, &hdr, sizeof(*uptr));
 
 	if (buffer) {
 		if (reading)
-			copy_to_user(hdr.dxferp, buffer, hdr.dxfer_len);
+			__copy_to_user(hdr.dxferp, buffer, hdr.dxfer_len);
 
 		kfree(buffer);
 	}