[PATCH] copy_{to|from}_user checks in ide-tape
From: Felipe W Damasio
Date: Mon Oct 06 2003 - 09:25:14 EST
Hi Gadi,
(unchecked values found by smatch).
Patch against 2.6-test6.
idetape_copy_stage_{from|to}_user assume that copy_{from|to}_user
will always return 0, which seems wrong.
*But* I'm not sure if the copy fails we should "return" or "continue"
to try again. This patch follows the former approach.
In either case, if we fail and give up at some point, there's no way
to return the error code, since these functions return void. I don't
know squad about this driver, but I think this kind of "assumes
everything will turn out OK" API is wrong.
Please consider applying and let me know if you want to re-implement
the copy_stage functions to return a OK/Non-OK value.
Cheers,
Felipe
--- linux-2.6.0-test6/drivers/ide/ide-tape.c.orig 2003-10-06 11:13:00.000000000 -0300
+++ linux-2.6.0-test6/drivers/ide/ide-tape.c 2003-10-06 11:17:42.000000000 -0300
@@ -3026,7 +3026,8 @@
}
#endif /* IDETAPE_DEBUG_BUGS */
count = min((unsigned int)(bh->b_size - atomic_read(&bh->b_count)), (unsigned int)n);
- copy_from_user(bh->b_data + atomic_read(&bh->b_count), buf, count);
+ if (copy_from_user(bh->b_data + atomic_read(&bh->b_count), buf, count))
+ return;
n -= count;
atomic_add(count, &bh->b_count);
buf += count;
@@ -3053,7 +3054,8 @@
}
#endif /* IDETAPE_DEBUG_BUGS */
count = min(tape->b_count, n);
- copy_to_user(buf, tape->b_data, count);
+ if (copy_to_user(buf, tape->b_data, count))
+ return;
n -= count;
tape->b_data += count;
tape->b_count -= count;