-
Andrew Morton authored
From: Hollis Blanchard <hollisb@us.ibm.com> As pointed out by the Stanford checker, 'v' is not tainted. The driver shouldn't be using copy_to_user() in cadet_do_ioctl() at all: cadet_do_ioctl() is being called by drivers/media/video/videodev.c: video_usercopy(), which has already copied the buffer 'arg' (aka 'v') into kernel space, and will copy it back after cadet_do_ioctl() returns. So all the direct 'v' accesses are correct.
2cb28602