s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl

commit f7e80983 upstream. reqcnt is an u32 pointer but we do copy sizeof(reqcnt) which is the size of the pointer. This means we only copy 8 byte. Let us copy the full monty. Signed-off-by: N Christian Borntraeger <borntraeger@de.ibm.com> Cc: Harald Freudenberger <freude@linux.ibm.com> Cc: stable@vger.kernel.org Fixes: af4a7227 ("s390/zcrypt: Support up to 256 crypto adapters.") Reviewed-by: N Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: N Vasily Gorbik <gor@linux.ibm.com> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>

s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl
commit f7e80983 upstream. reqcnt is an u32 pointer but we do copy sizeof(reqcnt) which is the size of the pointer. This means we only copy 8 byte. Let us copy the full monty. Signed-off-by: N Christian Borntraeger <borntraeger@de.ibm.com> Cc: Harald Freudenberger <freude@linux.ibm.com> Cc: stable@vger.kernel.org Fixes: af4a7227 ("s390/zcrypt: Support up to 256 crypto adapters.") Reviewed-by: N Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: N Vasily Gorbik <gor@linux.ibm.com> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>
406996eb · Christian Borntraeger · Yang Yingliang · 63d61819 · 406996eb
显示空白变更内容
内联并排

Showing with 2 addition and 1 deletion

drivers/s390/crypto/zcrypt_api.c drivers/s390/crypto/zcrypt_api.c +2 -1

未找到文件。
--- a/drivers/s390/crypto/zcrypt_api.c
+++ b/drivers/s390/crypto/zcrypt_api.c
@@ -915,7 +915,8 @@ static long zcrypt_unlocked_ioctl(struct file *filp, unsigned int cmd,
 		if (!reqcnt)
 			return -ENOMEM;
 		zcrypt_perdev_reqcnt(reqcnt, AP_DEVICES);
-		if (copy_to_user((int __user *) arg, reqcnt, sizeof(reqcnt)))
+		if (copy_to_user((int __user *) arg, reqcnt,
+				 sizeof(u32) * AP_DEVICES))
 			rc = -EFAULT;
 		kfree(reqcnt);
 		return rc;