lnet_ipif_enumerate was assigning a pointer from kernel space to user
space. This patch uses copy_to_user to properly do that assignment.
Signed-off-by: Quentin Lambert <lambert.quentin@xxxxxxxxx>
---
shouldn't we be using ifc_req instead of ifc_buf?
drivers/staging/lustre/lnet/lnet/lib-socket.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/drivers/staging/lustre/lnet/lnet/lib-socket.c
+++ b/drivers/staging/lustre/lnet/lnet/lib-socket.c
@@ -181,7 +181,13 @@ lnet_ipif_enumerate(char ***namesp)
goto out0;
}
- ifc.ifc_buf = (char *)ifr;
+ rc = copy_to_user(ifc.ifc_buf, (char *)ifr,
+ nalloc * sizeof(*ifr));
+ if (rc) {
+ rc = -ENOMEM;
+ goto out1;
+ }
+
ifc.ifc_len = nalloc * sizeof(*ifr);
rc = lnet_sock_ioctl(SIOCGIFCONF, (unsigned long)&ifc);
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
