• Heiko Carstens's avatar
    s390/uaccess: fix strncpy_from_user string length check · 225cf8d6
    Heiko Carstens authored
    The "standard" and page table walk variants of strncpy_from_user() first
    check the length of the to be copied string in userspace.
    The string is then copied to kernel space and the length returned to the
    caller.
    However userspace can modify the string at any time while the kernel
    checks for the length of the string or copies the string. In result the
    returned length of the string is not necessarily correct.
    Fix this by copying in a loop which mimics the mvcos variant of
    strncpy_from_user(), which handles this correctly.
    Signed-off-by: default avatarHeiko Carstens <heiko.carstens@de.ibm.com>
    Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
    225cf8d6
uaccess_pt.c 9.75 KB