From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
"BIG" in the name refers to the amount of data being transferred,
_not_ the size of structure itself; it's 140 or 144 bytes (for
32bit and 64bit hosts resp.). IOCTL_Command_struct is 136 or
144 bytes large...
No point whatsoever turning that into dynamic allocation, let
alone vmalloc one. Just keep it as local variable...
Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
---
drivers/scsi/hpsa.c | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
index 3344a06c938e..64fd97272109 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
@@ -6619,21 +6619,17 @@ static int hpsa_ioctl(struct scsi_device *dev, unsigned int cmd,
return rc;
}
case CCISS_BIG_PASSTHRU: {
- BIG_IOCTL_Command_struct *ioc;
+ BIG_IOCTL_Command_struct ioc;
if (!argp)
return -EINVAL;
+ if (copy_from_user(&ioc, argp, sizeof(ioc)))
+ return -EFAULT;
if (atomic_dec_if_positive(&h->passthru_cmds_avail) < 0)
return -EAGAIN;
- ioc = vmemdup_user(argp, sizeof(*ioc));
- if (IS_ERR(ioc)) {
- atomic_inc(&h->passthru_cmds_avail);
- return PTR_ERR(ioc);
- }
- rc = hpsa_big_passthru_ioctl(h, ioc);
+ rc = hpsa_big_passthru_ioctl(h, &ioc);
atomic_inc(&h->passthru_cmds_avail);
- if (!rc && copy_to_user(argp, ioc, sizeof(*ioc)))
+ if (!rc && copy_to_user(argp, &ioc, sizeof(ioc)))
rc = -EFAULT;
- kvfree(ioc);
return rc;
}
default:
--
2.11.0
