Re: [PATCH] add missing checks of __copy_to_user return value ini2o_config.c
From: Jesper Juhl
Date: Tue Oct 05 2004 - 17:29:39 EST
On Tue, 5 Oct 2004, Andrew Morton wrote:
> Jesper Juhl <juhl-lkml@xxxxxx> wrote:
> >
> > - __copy_to_user(kxfer.buf, buffer.virt, fragsize);
> > + if (__copy_to_user(kxfer.buf, buffer.virt, fragsize))
> > + return -EFAULT;
> > +
> > i2o_dma_free(&c->pdev->dev, &buffer);
> >
>
> Obvious leak.
>
Whoops, so sorry about that, I must be sleeping. Thank you for your
vigilance :)
Here's a better patch.
Signed-off-by: Jesper Juhl <juhl-lkml@xxxxxx>
diff -up linux-2.6.9-rc3-bk5-orig/drivers/message/i2o/i2o_config.c linux-2.6.9-rc3-bk5/drivers/message/i2o/i2o_config.c
--- linux-2.6.9-rc3-bk5-orig/drivers/message/i2o/i2o_config.c 2004-09-30 05:05:40.000000000 +0200
+++ linux-2.6.9-rc3-bk5/drivers/message/i2o/i2o_config.c 2004-10-06 00:29:30.000000000 +0200
@@ -187,7 +187,8 @@ static int i2o_cfg_getiops(unsigned long
list_for_each_entry(c, &i2o_controllers, list)
tmp[c->unit] = 1;
- __copy_to_user(user_iop_table, tmp, MAX_I2O_CONTROLLERS);
+ if (__copy_to_user(user_iop_table, tmp, MAX_I2O_CONTROLLERS))
+ return -EFAULT;
return 0;
};
@@ -474,7 +475,11 @@ static int i2o_cfg_swul(unsigned long ar
return status;
}
- __copy_to_user(kxfer.buf, buffer.virt, fragsize);
+ if (__copy_to_user(kxfer.buf, buffer.virt, fragsize)) {
+ i2o_dma_free(&c->pdev->dev, &buffer);
+ return -EFAULT;
+ }
+
i2o_dma_free(&c->pdev->dev, &buffer);
return 0;
Could probably be done a little nicer for the entire function with a
"retval" variable and some goto's here and there, but I opted for the
simple solution.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/