On Sat, Sep 19, 2020 at 7:26 AM Christoph Hellwig <hch@xxxxxxxxxxxxx> wrote:
> On Fri, Sep 18, 2020 at 02:15:43PM +0200, Arnd Bergmann wrote:
> > @@ -8279,16 +8279,18 @@ megasas_mgmt_fw_ioctl(struct megasas_instance *instance,
> > * copy out the sense
> > */
> > if (ioc->sense_len) {
> > + void __user *uptr;
> > /*
> > * sense_ptr points to the location that has the user
> > * sense buffer address
> > */
> > + sense_ptr = (void *)ioc->frame.raw + ioc->sense_off;
> > + if (in_compat_syscall())
> > + uptr = compat_ptr(get_unaligned((u32 *)sense_ptr));
>
> should the u32 * here by a compat_uptr *? Not tat it would make a
> difference, just better document what we are doing.
Ok, changed now. The longer type name leads to a slightly ugly
line break, but you are right that is is the correct thing to do.
> > + for (i = 0; i < MAX_IOCTL_SGE; i++) {
> > + compat_uptr_t iov_base;
> > + if (get_user(iov_base, &cioc->sgl[i].iov_base) ||
> > + get_user(ioc->sgl[i].iov_len, &cioc->sgl[i].iov_len)) {
> > + goto out;
> > + }
>
> I don't think we need the braces here.
ok.
> > + return ioc;
> > +out:
> > + kfree(ioc);
> > +
> > + return ERR_PTR(err);
>
> spurious empty line.
ok
Arnd
