[PATCH][2.6] rtas error-inject support
Hollis Blanchard
hollisb at us.ibm.com
Sat Jan 31 06:47:34 EST 2004
On Jan 30, 2004, at 12:56 PM, Jake Moilanen wrote:
>> +static ssize_t ppc_rtas_errinjct_read(struct file *file, char *buf,
>> + size_t count, loff_t *ppos)
>> ...
>> + memcpy(buf, buffer + *ppos, n);
>>
>> That should be copy_to_user(), right? (ppc_rtas_errinjct_write() does
>> use copy_from_user().)
>
> Whoops, your right. Good catch. This was leftover from the port from
> 2.4.
That statement was alarming... :) I only found one memcpy left in that
file in 2.4, but I guess we're supposed to check for EFAULT:
===== arch/ppc64/kernel/rtas-proc.c 1.13 vs edited =====
--- 1.13/arch/ppc64/kernel/rtas-proc.c Mon Jan 26 23:11:12 2004
+++ edited/arch/ppc64/kernel/rtas-proc.c Fri Jan 30 13:55:18 2004
@@ -492,7 +492,10 @@
else
*eof = 1;
- memcpy(buf, buffer + off, n);
+ if (copy_to_user(buf, buffer + off, n)) {
+ kfree(buffer);
+ return -EFAULT;
+ }
*start = buf;
kfree(buffer);
return n;
(Mike do you want to check that in to the 2.4 tree?)
--
Hollis Blanchard
IBM Linux Technology Center
** Sent via the linuxppc64-dev mail list. See http://lists.linuxppc.org/
More information about the Linuxppc64-dev
mailing list