On Mon, Jul 30, 2012 at 3:15 AM, Tiejun Chen <tiejun.chen@xxxxxxxxxxxxx> wrote:
> We miss that correct WDIOC_GETSUPPORT return path when perform
> copy_to_user() properly.
Thanks for catching this. I'm amazed that this driver still has bugs like this.
> diff --git a/drivers/watchdog/booke_wdt.c b/drivers/watchdog/booke_wdt.c
> index 3fe82d0..2be7f29 100644
> --- a/drivers/watchdog/booke_wdt.c
> +++ b/drivers/watchdog/booke_wdt.c
> @@ -162,12 +162,13 @@ static long booke_wdt_ioctl(struct file *file,
> unsigned int cmd, unsigned long arg)
> {
> u32 tmp = 0;
> - u32 __user *p = (u32 __user *)arg;
> + void __user *argp = (u32 __user *)arg;
> + u32 __user *p = argp;
You don't need to create 'argp'. The existing 'p' variable will work
in the copy_to_user() call.
> + return copy_to_user(argp, &ident,
> + sizeof(ident)) ? -EFAULT : 0;
This can fit in one line, especially if you use 'p' instead of 'argp'.
--
Timur Tabi
Linux kernel developer at Freescale
--
To unsubscribe from this list: send the line "unsubscribe linux-watchdog" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
