Commit 97514241 authored by Oleg Drokin's avatar Oleg Drokin Committed by Greg Kroah-Hartman

staging/lustre/llite: Fix improper userspace access in ll_fiemap

Cannot use memcpy, but use copy_to/from_user instead
Signed-off-by: default avatarOleg Drokin <green@linuxhacker.ru>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 4c6243ec
...@@ -3033,19 +3033,26 @@ static int ll_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, ...@@ -3033,19 +3033,26 @@ static int ll_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo,
fiemap->fm_extent_count = fieinfo->fi_extents_max; fiemap->fm_extent_count = fieinfo->fi_extents_max;
fiemap->fm_start = start; fiemap->fm_start = start;
fiemap->fm_length = len; fiemap->fm_length = len;
if (extent_count > 0) if (extent_count > 0 &&
memcpy(&fiemap->fm_extents[0], fieinfo->fi_extents_start, copy_from_user(&fiemap->fm_extents[0], fieinfo->fi_extents_start,
sizeof(struct ll_fiemap_extent)); sizeof(struct ll_fiemap_extent)) != 0) {
rc = -EFAULT;
goto out;
}
rc = ll_do_fiemap(inode, fiemap, num_bytes); rc = ll_do_fiemap(inode, fiemap, num_bytes);
fieinfo->fi_flags = fiemap->fm_flags; fieinfo->fi_flags = fiemap->fm_flags;
fieinfo->fi_extents_mapped = fiemap->fm_mapped_extents; fieinfo->fi_extents_mapped = fiemap->fm_mapped_extents;
if (extent_count > 0) if (extent_count > 0 &&
memcpy(fieinfo->fi_extents_start, &fiemap->fm_extents[0], copy_to_user(fieinfo->fi_extents_start, &fiemap->fm_extents[0],
fiemap->fm_mapped_extents * fiemap->fm_mapped_extents *
sizeof(struct ll_fiemap_extent)); sizeof(struct ll_fiemap_extent)) != 0) {
rc = -EFAULT;
goto out;
}
out:
kvfree(fiemap); kvfree(fiemap);
return rc; return rc;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment