Commit 055a54db authored by Andrew Morton's avatar Andrew Morton Committed by Linus Torvalds

[PATCH] do_write_mem() return value check

From: BlaisorBlade <blaisorblade_spam@yahoo.it>, and me

- remove unused `file *' arg from do_write_mem()

- Add checking for copy_from_user() failures in do_write_mem()

- Return correct value from kmem writes() when a fault is encountered.  A
  write()-style syscall's return values are:

   0 when nothing was written and there was no error (someone tried to
   write zero bytes)

   >0: the number of bytes copied, whether or not there was an error.
   Userspace detects errors by noting that the write() return value is less
   than was requested.

   <0: there was an error and no bytes were copied
parent f581e4e5
...@@ -102,10 +102,11 @@ static inline int valid_phys_addr_range(unsigned long addr, size_t *count) ...@@ -102,10 +102,11 @@ static inline int valid_phys_addr_range(unsigned long addr, size_t *count)
} }
#endif #endif
static ssize_t do_write_mem(struct file * file, void *p, unsigned long realp, static ssize_t do_write_mem(void *p, unsigned long realp,
const char * buf, size_t count, loff_t *ppos) const char * buf, size_t count, loff_t *ppos)
{ {
ssize_t written; ssize_t written;
unsigned long copied;
written = 0; written = 0;
#if defined(__sparc__) || (defined(__mc68000__) && defined(CONFIG_MMU)) #if defined(__sparc__) || (defined(__mc68000__) && defined(CONFIG_MMU))
...@@ -120,8 +121,14 @@ static ssize_t do_write_mem(struct file * file, void *p, unsigned long realp, ...@@ -120,8 +121,14 @@ static ssize_t do_write_mem(struct file * file, void *p, unsigned long realp,
written+=sz; written+=sz;
} }
#endif #endif
if (copy_from_user(p, buf, count)) copied = copy_from_user(p, buf, count);
if (copied) {
ssize_t ret = written + (count - copied);
if (ret)
return ret;
return -EFAULT; return -EFAULT;
}
written += count; written += count;
*ppos += written; *ppos += written;
return written; return written;
...@@ -171,7 +178,7 @@ static ssize_t write_mem(struct file * file, const char * buf, ...@@ -171,7 +178,7 @@ static ssize_t write_mem(struct file * file, const char * buf,
if (!valid_phys_addr_range(p, &count)) if (!valid_phys_addr_range(p, &count))
return -EFAULT; return -EFAULT;
return do_write_mem(file, __va(p), p, buf, count, ppos); return do_write_mem(__va(p), p, buf, count, ppos);
} }
static int mmap_mem(struct file * file, struct vm_area_struct * vma) static int mmap_mem(struct file * file, struct vm_area_struct * vma)
...@@ -275,15 +282,19 @@ static ssize_t write_kmem(struct file * file, const char * buf, ...@@ -275,15 +282,19 @@ static ssize_t write_kmem(struct file * file, const char * buf,
unsigned long p = *ppos; unsigned long p = *ppos;
ssize_t wrote = 0; ssize_t wrote = 0;
ssize_t virtr = 0; ssize_t virtr = 0;
ssize_t written;
char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */ char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
if (p < (unsigned long) high_memory) { if (p < (unsigned long) high_memory) {
wrote = count; wrote = count;
if (count > (unsigned long) high_memory - p) if (count > (unsigned long) high_memory - p)
wrote = (unsigned long) high_memory - p; wrote = (unsigned long) high_memory - p;
wrote = do_write_mem(file, (void*)p, p, buf, wrote, ppos); written = do_write_mem((void*)p, p, buf, wrote, ppos);
if (written != wrote)
return written;
wrote = written;
p += wrote; p += wrote;
buf += wrote; buf += wrote;
count -= wrote; count -= wrote;
...@@ -292,15 +303,21 @@ static ssize_t write_kmem(struct file * file, const char * buf, ...@@ -292,15 +303,21 @@ static ssize_t write_kmem(struct file * file, const char * buf,
if (count > 0) { if (count > 0) {
kbuf = (char *)__get_free_page(GFP_KERNEL); kbuf = (char *)__get_free_page(GFP_KERNEL);
if (!kbuf) if (!kbuf)
return -ENOMEM; return wrote ? wrote : -ENOMEM;
while (count > 0) { while (count > 0) {
int len = count; int len = count;
if (len > PAGE_SIZE) if (len > PAGE_SIZE)
len = PAGE_SIZE; len = PAGE_SIZE;
if (len && copy_from_user(kbuf, buf, len)) { if (len) {
free_page((unsigned long)kbuf); written = copy_from_user(kbuf, buf, len);
return -EFAULT; if (written != len) {
ssize_t ret;
free_page((unsigned long)kbuf);
ret = wrote + virtr + (len - written);
return ret ? ret : -EFAULT;
}
} }
len = vwrite(kbuf, (char *)p, len); len = vwrite(kbuf, (char *)p, len);
count -= len; count -= len;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment