Zou,
> diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c
> index ffe41bc..1ce1620 100644
> --- a/drivers/scsi/aacraid/commctrl.c
> +++ b/drivers/scsi/aacraid/commctrl.c
> @@ -513,17 +513,9 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
> goto cleanup;
> }
>
> - user_srbcmd = kmalloc(fibsize, GFP_KERNEL);
> - if (!user_srbcmd) {
> - dprintk((KERN_DEBUG"aacraid: Could not make a copy of the srb\n"));
> - rcode = -ENOMEM;
> - goto cleanup;
> - }
> - if(copy_from_user(user_srbcmd, user_srb,fibsize)){
> - dprintk((KERN_DEBUG"aacraid: Could not copy srb from user\n"));
> - rcode = -EFAULT;
> - goto cleanup;
> - }
> + user_srbcmd = memdup_user(user_srb, fibsize);
> + if (IS_ERR(user_srbcmd))
> + return PTR_ERR(user_srbcmd);
>
> flags = user_srbcmd->flags; /* from user in cpu order */
> switch (flags & (SRB_DataIn | SRB_DataOut)) {
This is not equivalent, is it? The original code does a goto cleanup;
whereas your patch returns on error.
--
Martin K. Petersen Oracle Linux Engineering
