提交 b59eea55 编写于 作者: L Linus Torvalds

vfs: fix flock compat thinko

Michael Ellerman reported that commit 8c6657cb ("Switch flock
copyin/copyout primitives to copy_{from,to}_user()") broke his
networking on a bunch of PPC machines (64-bit kernel, 32-bit userspace).

The reason is a brown-paper bug by that commit, which had the arguments
to "copy_flock_fields()" in the wrong order, breaking the compat
handling for file locking.  Apparently very few people run 32-bit user
space on x86 any more, so the PPC people got the honor of noticing this
"feature".

Michael also sent a minimal diff that just changed the order of the
arguments in that macro.

This is not that minimal diff.

This not only changes the order of the arguments in the macro, it also
changes them to be pointers (to be consistent with all the other uses of
those pointers), and makes the functions that do all of this also have
the proper "const" attribution on the source pointers in order to make
issues like that (using the source as a destination) be really obvious.
Reported-by: NMichael Ellerman <mpe@ellerman.id.au>
Acked-by: NAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
上级 64813520
...@@ -520,50 +520,50 @@ SYSCALL_DEFINE3(fcntl64, unsigned int, fd, unsigned int, cmd, ...@@ -520,50 +520,50 @@ SYSCALL_DEFINE3(fcntl64, unsigned int, fd, unsigned int, cmd,
#ifdef CONFIG_COMPAT #ifdef CONFIG_COMPAT
/* careful - don't use anywhere else */ /* careful - don't use anywhere else */
#define copy_flock_fields(from, to) \ #define copy_flock_fields(dst, src) \
(to).l_type = (from).l_type; \ (dst)->l_type = (src)->l_type; \
(to).l_whence = (from).l_whence; \ (dst)->l_whence = (src)->l_whence; \
(to).l_start = (from).l_start; \ (dst)->l_start = (src)->l_start; \
(to).l_len = (from).l_len; \ (dst)->l_len = (src)->l_len; \
(to).l_pid = (from).l_pid; (dst)->l_pid = (src)->l_pid;
static int get_compat_flock(struct flock *kfl, struct compat_flock __user *ufl) static int get_compat_flock(struct flock *kfl, const struct compat_flock __user *ufl)
{ {
struct compat_flock fl; struct compat_flock fl;
if (copy_from_user(&fl, ufl, sizeof(struct compat_flock))) if (copy_from_user(&fl, ufl, sizeof(struct compat_flock)))
return -EFAULT; return -EFAULT;
copy_flock_fields(*kfl, fl); copy_flock_fields(kfl, &fl);
return 0; return 0;
} }
static int get_compat_flock64(struct flock *kfl, struct compat_flock64 __user *ufl) static int get_compat_flock64(struct flock *kfl, const struct compat_flock64 __user *ufl)
{ {
struct compat_flock64 fl; struct compat_flock64 fl;
if (copy_from_user(&fl, ufl, sizeof(struct compat_flock64))) if (copy_from_user(&fl, ufl, sizeof(struct compat_flock64)))
return -EFAULT; return -EFAULT;
copy_flock_fields(*kfl, fl); copy_flock_fields(kfl, &fl);
return 0; return 0;
} }
static int put_compat_flock(struct flock *kfl, struct compat_flock __user *ufl) static int put_compat_flock(const struct flock *kfl, struct compat_flock __user *ufl)
{ {
struct compat_flock fl; struct compat_flock fl;
memset(&fl, 0, sizeof(struct compat_flock)); memset(&fl, 0, sizeof(struct compat_flock));
copy_flock_fields(fl, *kfl); copy_flock_fields(&fl, kfl);
if (copy_to_user(ufl, &fl, sizeof(struct compat_flock))) if (copy_to_user(ufl, &fl, sizeof(struct compat_flock)))
return -EFAULT; return -EFAULT;
return 0; return 0;
} }
static int put_compat_flock64(struct flock *kfl, struct compat_flock64 __user *ufl) static int put_compat_flock64(const struct flock *kfl, struct compat_flock64 __user *ufl)
{ {
struct compat_flock64 fl; struct compat_flock64 fl;
memset(&fl, 0, sizeof(struct compat_flock64)); memset(&fl, 0, sizeof(struct compat_flock64));
copy_flock_fields(fl, *kfl); copy_flock_fields(&fl, kfl);
if (copy_to_user(ufl, &fl, sizeof(struct compat_flock64))) if (copy_to_user(ufl, &fl, sizeof(struct compat_flock64)))
return -EFAULT; return -EFAULT;
return 0; return 0;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册