Commit edb88cef authored by Arnd Bergmann's avatar Arnd Bergmann Committed by Martin K. Petersen

scsi: pmcraid: use normal copy_from_user

As pointed out by Al Viro for my previous series, the driver has no need
to call access_ok() and __copy_from_user()/__copy_to_user(). Changing
it to regular copy_from_user()/copy_to_user() simplifies the code without
any real downsides, making it less error-prone at best.

This patch by itself also addresses the warning about the access_ok()
macro on MIPS, but both fixes improve the code, so ideally we apply
them both.
Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
parent 144b139c
...@@ -3342,9 +3342,9 @@ static int pmcraid_copy_sglist( ...@@ -3342,9 +3342,9 @@ static int pmcraid_copy_sglist(
kaddr = kmap(page); kaddr = kmap(page);
if (direction == DMA_TO_DEVICE) if (direction == DMA_TO_DEVICE)
rc = __copy_from_user(kaddr, buffer, bsize_elem); rc = copy_from_user(kaddr, buffer, bsize_elem);
else else
rc = __copy_to_user(buffer, kaddr, bsize_elem); rc = copy_to_user(buffer, kaddr, bsize_elem);
kunmap(page); kunmap(page);
...@@ -3362,9 +3362,9 @@ static int pmcraid_copy_sglist( ...@@ -3362,9 +3362,9 @@ static int pmcraid_copy_sglist(
kaddr = kmap(page); kaddr = kmap(page);
if (direction == DMA_TO_DEVICE) if (direction == DMA_TO_DEVICE)
rc = __copy_from_user(kaddr, buffer, len % bsize_elem); rc = copy_from_user(kaddr, buffer, len % bsize_elem);
else else
rc = __copy_to_user(buffer, kaddr, len % bsize_elem); rc = copy_to_user(buffer, kaddr, len % bsize_elem);
kunmap(page); kunmap(page);
...@@ -3691,7 +3691,7 @@ static long pmcraid_ioctl_passthrough( ...@@ -3691,7 +3691,7 @@ static long pmcraid_ioctl_passthrough(
request_buffer = arg + request_offset; request_buffer = arg + request_offset;
rc = __copy_from_user(buffer, arg, rc = copy_from_user(buffer, arg,
sizeof(struct pmcraid_passthrough_ioctl_buffer)); sizeof(struct pmcraid_passthrough_ioctl_buffer));
ioasa = arg + offsetof(struct pmcraid_passthrough_ioctl_buffer, ioasa); ioasa = arg + offsetof(struct pmcraid_passthrough_ioctl_buffer, ioasa);
...@@ -3712,14 +3712,7 @@ static long pmcraid_ioctl_passthrough( ...@@ -3712,14 +3712,7 @@ static long pmcraid_ioctl_passthrough(
direction = DMA_FROM_DEVICE; direction = DMA_FROM_DEVICE;
} }
if (request_size > 0) { if (request_size < 0) {
rc = access_ok(access, arg, request_offset + request_size);
if (!rc) {
rc = -EFAULT;
goto out_free_buffer;
}
} else if (request_size < 0) {
rc = -EINVAL; rc = -EINVAL;
goto out_free_buffer; goto out_free_buffer;
} }
...@@ -3929,11 +3922,6 @@ static long pmcraid_ioctl_driver( ...@@ -3929,11 +3922,6 @@ static long pmcraid_ioctl_driver(
{ {
int rc = -ENOSYS; int rc = -ENOSYS;
if (!access_ok(VERIFY_READ, user_buffer, _IOC_SIZE(cmd))) {
pmcraid_err("ioctl_driver: access fault in request buffer\n");
return -EFAULT;
}
switch (cmd) { switch (cmd) {
case PMCRAID_IOCTL_RESET_ADAPTER: case PMCRAID_IOCTL_RESET_ADAPTER:
pmcraid_reset_bringup(pinstance); pmcraid_reset_bringup(pinstance);
...@@ -3965,8 +3953,7 @@ static int pmcraid_check_ioctl_buffer( ...@@ -3965,8 +3953,7 @@ static int pmcraid_check_ioctl_buffer(
struct pmcraid_ioctl_header *hdr struct pmcraid_ioctl_header *hdr
) )
{ {
int rc = 0; int rc;
int access = VERIFY_READ;
if (copy_from_user(hdr, arg, sizeof(struct pmcraid_ioctl_header))) { if (copy_from_user(hdr, arg, sizeof(struct pmcraid_ioctl_header))) {
pmcraid_err("couldn't copy ioctl header from user buffer\n"); pmcraid_err("couldn't copy ioctl header from user buffer\n");
...@@ -3982,19 +3969,6 @@ static int pmcraid_check_ioctl_buffer( ...@@ -3982,19 +3969,6 @@ static int pmcraid_check_ioctl_buffer(
return -EINVAL; return -EINVAL;
} }
/* check for appropriate buffer access */
if ((_IOC_DIR(cmd) & _IOC_READ) == _IOC_READ)
access = VERIFY_WRITE;
rc = access_ok(access,
(arg + sizeof(struct pmcraid_ioctl_header)),
hdr->buffer_length);
if (!rc) {
pmcraid_err("access failed for user buffer of size %d\n",
hdr->buffer_length);
return -EFAULT;
}
return 0; return 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment