From: Mike Christie <michaelc@xxxxxxxxxxx>
sg.c does a access_ok test on the user buffer when doing
indirect IO. bsg and scsi_ioctl.c did not, but it seems
like it would be ok to be common. This patch moves that
test to the block layer helpers.
Signed-off-by: Mike Christie <michaelc@xxxxxxxxxxx>
---
block/ll_rw_blk.c | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/block/ll_rw_blk.c b/block/ll_rw_blk.c
index 35b66ed..4327e23 100644
--- a/block/ll_rw_blk.c
+++ b/block/ll_rw_blk.c
@@ -2527,6 +2527,7 @@ static int copy_user_iov(struct bio *hea
{
unsigned int iov_len = 0;
int ret, i = 0, iov_index = 0;
+ int read = bio_data_dir(head) == READ;
struct bio *bio;
struct bio_vec *bvec;
char __user *p = NULL;
@@ -2560,10 +2561,15 @@ continue_from_bvec:
*/
goto continue_from_bvec;
}
+
+ if (!access_ok(read ?
+ VERIFY_WRITE : VERIFY_READ,
+ p, iov_len))
+ return -EFAULT;
}
copy_bytes = min(iov_len, bvec->bv_len - bvec_offset);
- if (bio_data_dir(head) == READ)
+ if (read)
ret = copy_to_user(p, addr, copy_bytes);
else
ret = copy_from_user(addr, p, copy_bytes);
--
1.4.1.1
-
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
