提交 46ace66b 编写于 作者: L Linus Torvalds

Merge branch 'work.__copy_in_user' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

Pull __copy_in_user removal from Al Viro:
 "There used to be 6 places in the entire tree calling __copy_in_user(),
  all of them bogus.

  Four got killed off in work.drm branch, this takes care of the
  remaining ones and kills the definition of that sucker"

* 'work.__copy_in_user' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  kill __copy_in_user()
  sanitize do_i2c_smbus_ioctl()
...@@ -739,23 +739,22 @@ static int do_i2c_smbus_ioctl(struct file *file, ...@@ -739,23 +739,22 @@ static int do_i2c_smbus_ioctl(struct file *file,
unsigned int cmd, struct i2c_smbus_ioctl_data32 __user *udata) unsigned int cmd, struct i2c_smbus_ioctl_data32 __user *udata)
{ {
struct i2c_smbus_ioctl_data __user *tdata; struct i2c_smbus_ioctl_data __user *tdata;
compat_caddr_t datap; union {
/* beginnings of those have identical layouts */
struct i2c_smbus_ioctl_data32 data32;
struct i2c_smbus_ioctl_data data;
} v;
tdata = compat_alloc_user_space(sizeof(*tdata)); tdata = compat_alloc_user_space(sizeof(*tdata));
if (tdata == NULL) if (tdata == NULL)
return -ENOMEM; return -ENOMEM;
if (!access_ok(VERIFY_WRITE, tdata, sizeof(*tdata)))
return -EFAULT;
if (!access_ok(VERIFY_READ, udata, sizeof(*udata))) memset(&v, 0, sizeof(v));
if (copy_from_user(&v.data32, udata, sizeof(v.data32)))
return -EFAULT; return -EFAULT;
v.data.data = compat_ptr(v.data32.data);
if (__copy_in_user(&tdata->read_write, &udata->read_write, 2 * sizeof(u8))) if (copy_to_user(tdata, &v.data, sizeof(v.data)))
return -EFAULT;
if (__copy_in_user(&tdata->size, &udata->size, 2 * sizeof(u32)))
return -EFAULT;
if (__get_user(datap, &udata->data) ||
__put_user(compat_ptr(datap), &tdata->data))
return -EFAULT; return -EFAULT;
return do_ioctl(file, cmd, (unsigned long)tdata); return do_ioctl(file, cmd, (unsigned long)tdata);
......
...@@ -156,12 +156,6 @@ copy_to_user(void __user *to, const void *from, unsigned long n) ...@@ -156,12 +156,6 @@ copy_to_user(void __user *to, const void *from, unsigned long n)
} }
#ifdef CONFIG_COMPAT #ifdef CONFIG_COMPAT
static __always_inline unsigned long __must_check static __always_inline unsigned long __must_check
__copy_in_user(void __user *to, const void *from, unsigned long n)
{
might_fault();
return raw_copy_in_user(to, from, n);
}
static __always_inline unsigned long __must_check
copy_in_user(void __user *to, const void *from, unsigned long n) copy_in_user(void __user *to, const void *from, unsigned long n)
{ {
might_fault(); might_fault();
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册