ia64: validate user arguments in csum_partial_copy_from_user csum_partial_copy_from_user needs to validate that the argument points to userspace and not kernelspace (see for example commit 3ddc5b46a8e90f3c9251338b60191d0a804b0d92). Consequently, we need to use copy_from_user instead of __copy_from_user. We also need to change csum_partial_copy_nocheck - this function is called with src pointing to kernel space, so we call set_fs(KERNEL_DS) to prevent copy_from_user from failing. Signed-off-by: Mikulas Patocka <mpatocka@xxxxxxxxxx> Cc: stable@xxxxxxxxxxxxxxx --- arch/ia64/lib/csum_partial_copy.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) Index: linux-2.6-ia64/arch/ia64/lib/csum_partial_copy.c =================================================================== --- linux-2.6-ia64.orig/arch/ia64/lib/csum_partial_copy.c 2014-01-24 02:40:10.000000000 +0100 +++ linux-2.6-ia64/arch/ia64/lib/csum_partial_copy.c 2014-01-24 03:05:26.000000000 +0100 @@ -116,8 +116,12 @@ csum_partial_copy_from_user(const void _ * scared. */ - if (__copy_from_user(dst, src, len) != 0 && errp) - *errp = -EFAULT; + if (copy_from_user(dst, src, len) != 0) { + if (*errp) + *errp = -EFAULT; + memset(dst, 0, len); + return psum; + } result = do_csum(dst, len); @@ -133,8 +137,13 @@ EXPORT_SYMBOL(csum_partial_copy_from_use __wsum csum_partial_copy_nocheck(const void *src, void *dst, int len, __wsum sum) { - return csum_partial_copy_from_user((__force const void __user *)src, - dst, len, sum, NULL); + __wsum checksum; + mm_segment_t oldfs = get_fs(); + set_fs(KERNEL_DS); + checksum = csum_partial_copy_from_user((__force const void __user *)src, + dst, len, sum, NULL); + set_fs(oldfs); + return checksum; } EXPORT_SYMBOL(csum_partial_copy_nocheck); -- To unsubscribe from this list: send the line "unsubscribe linux-ia64" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html