From: Arnaldo Carvalho de Melo <acme@conectiva.com.br>
To: Linus Torvalds <torvalds@transmeta.com>,
Greg Kroah-Hartman <greg@kroah.com>
Cc: Rusty Russell <rusty@rustcorp.com.au>,
linux-kernel@vger.kernel.org,
kernel-janitor-discuss@lists.sourceforge.net
Subject: [BKPATCH] USB: Re: AUDIT of 2.5.15 copy_to/from_user
Date: Sat, 18 May 2002 22:38:08 -0300 [thread overview]
Message-ID: <20020519013808.GF4279@conectiva.com.br> (raw)
In-Reply-To: <E179IA6-0002eQ-00@wagner.rustcorp.com.au> <20020518225535.GA4101@conectiva.com.br> <20020518235418.GB4164@conectiva.com.br> <20020519001915.GA4279@conectiva.com.br> <20020519011601.GD4279@conectiva.com.br>
Em Sat, May 18, 2002 at 10:16:01PM -0300, Arnaldo C. Melo escreveu:
> 4th heads up:
>
> USB will be on its way to Linus in some minutes, I already talked with Greg :)
Linus, Greg,
Please consider pulling from:
http://kernel-acme.bkbits.net:8080/usb-copy_tofrom_user-2.5
- Arnaldo
# This is a BitKeeper generated patch for the following project:
# Project Name: Linux kernel tree
# This patch format is intended for GNU patch command version 2.5 or higher.
# This patch includes the following deltas:
# ChangeSet 1.545 -> 1.546
# drivers/usb/class/cdc-acm.c 1.16 -> 1.17
# drivers/usb/host/uhci-debug.c 1.1 -> 1.2
# drivers/usb/class/bluetty.c 1.21 -> 1.22
# drivers/usb/serial/safe_serial.c 1.1 -> 1.2
# drivers/usb/serial/ipaq.c 1.8 -> 1.9
# drivers/usb/misc/auerswald.c 1.13 -> 1.14
# drivers/usb/input/hiddev.c 1.12 -> 1.13
# drivers/usb/class/audio.c 1.18 -> 1.19
# drivers/usb/media/dabusb.c 1.16 -> 1.17
#
# The following is the BitKeeper ChangeSet Log
# --------------------------------------------
# 02/05/19 acme@conectiva.com.br 1.546
# drivers/usr/*.c
#
# - fix copy_{to,from}_user error handling (thanks to Rusty for pointing this out)
# --------------------------------------------
#
diff -Nru a/drivers/usb/class/audio.c b/drivers/usb/class/audio.c
--- a/drivers/usb/class/audio.c Sun May 19 04:33:19 2002
+++ b/drivers/usb/class/audio.c Sun May 19 04:33:19 2002
@@ -2542,7 +2542,9 @@
if (as->usbin.dma.mapped)
as->usbin.dma.count &= as->usbin.dma.fragsize-1;
spin_unlock_irqrestore(&as->lock, flags);
- return copy_to_user((void *)arg, &cinfo, sizeof(cinfo));
+ if (copy_to_user((void *)arg, &cinfo, sizeof(cinfo)))
+ return -EFAULT;
+ return 0;
case SNDCTL_DSP_GETOPTR:
if (!(file->f_mode & FMODE_WRITE))
@@ -2554,7 +2556,9 @@
if (as->usbout.dma.mapped)
as->usbout.dma.count &= as->usbout.dma.fragsize-1;
spin_unlock_irqrestore(&as->lock, flags);
- return copy_to_user((void *)arg, &cinfo, sizeof(cinfo));
+ if (copy_to_user((void *)arg, &cinfo, sizeof(cinfo)))
+ return -EFAULT;
+ return 0;
case SNDCTL_DSP_GETBLKSIZE:
if (file->f_mode & FMODE_WRITE) {
diff -Nru a/drivers/usb/class/bluetty.c b/drivers/usb/class/bluetty.c
--- a/drivers/usb/class/bluetty.c Sun May 19 04:33:19 2002
+++ b/drivers/usb/class/bluetty.c Sun May 19 04:33:19 2002
@@ -490,7 +490,10 @@
retval = -ENOMEM;
goto exit;
}
- copy_from_user (temp_buffer, buf, count);
+ if (copy_from_user (temp_buffer, buf, count)) {
+ retval = -EFAULT;
+ goto exit;
+ }
current_buffer = temp_buffer;
} else {
current_buffer = buf;
diff -Nru a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
--- a/drivers/usb/class/cdc-acm.c Sun May 19 04:33:19 2002
+++ b/drivers/usb/class/cdc-acm.c Sun May 19 04:33:19 2002
@@ -367,9 +367,10 @@
count = (count > acm->writesize) ? acm->writesize : count;
- if (from_user)
- copy_from_user(acm->writeurb->transfer_buffer, buf, count);
- else
+ if (from_user) {
+ if (copy_from_user(acm->writeurb->transfer_buffer, buf, count))
+ return -EFAULT;
+ } else
memcpy(acm->writeurb->transfer_buffer, buf, count);
acm->writeurb->transfer_buffer_length = count;
diff -Nru a/drivers/usb/host/uhci-debug.c b/drivers/usb/host/uhci-debug.c
--- a/drivers/usb/host/uhci-debug.c Sun May 19 04:33:19 2002
+++ b/drivers/usb/host/uhci-debug.c Sun May 19 04:33:19 2002
@@ -552,7 +552,8 @@
if (!access_ok(VERIFY_WRITE, buf, nbytes))
return -EINVAL;
- copy_to_user(buf, up->data + pos, nbytes);
+ if (copy_to_user(buf, up->data + pos, nbytes))
+ return -EFAULT;
*ppos += nbytes;
diff -Nru a/drivers/usb/input/hiddev.c b/drivers/usb/input/hiddev.c
--- a/drivers/usb/input/hiddev.c Sun May 19 04:33:19 2002
+++ b/drivers/usb/input/hiddev.c Sun May 19 04:33:19 2002
@@ -389,7 +389,9 @@
dinfo.product = dev->descriptor.idProduct;
dinfo.version = dev->descriptor.bcdDevice;
dinfo.num_applications = hid->maxapplication;
- return copy_to_user((void *) arg, &dinfo, sizeof(dinfo));
+ if (copy_to_user((void *) arg, &dinfo, sizeof(dinfo)))
+ return -EFAULT;
+ return 0;
}
case HIDIOCGFLAG:
@@ -480,7 +482,9 @@
rinfo.num_fields = report->maxfield;
- return copy_to_user((void *) arg, &rinfo, sizeof(rinfo));
+ if (copy_to_user((void *) arg, &rinfo, sizeof(rinfo)))
+ return -EFAULT;
+ return 0;
case HIDIOCGFIELDINFO:
{
@@ -512,7 +516,9 @@
finfo.unit_exponent = field->unit_exponent;
finfo.unit = field->unit;
- return copy_to_user((void *) arg, &finfo, sizeof(finfo));
+ if (copy_to_user((void *) arg, &finfo, sizeof(finfo)))
+ return -EFAULT;
+ return 0;
}
case HIDIOCGUCODE:
@@ -533,7 +539,9 @@
uref.usage_code = field->usage[uref.usage_index].hid;
- return copy_to_user((void *) arg, &uref, sizeof(uref));
+ if (copy_to_user((void *) arg, &uref, sizeof(uref)))
+ return -EFAULT;
+ return 0;
case HIDIOCGUSAGE:
case HIDIOCSUSAGE:
@@ -564,7 +572,9 @@
if (cmd == HIDIOCGUSAGE) {
uref.value = field->value[uref.usage_index];
- return copy_to_user((void *) arg, &uref, sizeof(uref));
+ if (copy_to_user((void *) arg, &uref, sizeof(uref)))
+ return -EFAULT;
+ return 0;
} else {
field->value[uref.usage_index] = uref.value;
}
diff -Nru a/drivers/usb/media/dabusb.c b/drivers/usb/media/dabusb.c
--- a/drivers/usb/media/dabusb.c Sun May 19 04:33:19 2002
+++ b/drivers/usb/media/dabusb.c Sun May 19 04:33:19 2002
@@ -680,7 +680,9 @@
ret=dabusb_bulk (s, pbulk);
if(ret==0)
- ret = copy_to_user ((void *) arg, pbulk, sizeof (bulk_transfer_t));
+ if (copy_to_user((void *)arg, pbulk,
+ sizeof(bulk_transfer_t)))
+ ret = -EFAULT;
kfree (pbulk);
break;
diff -Nru a/drivers/usb/misc/auerswald.c b/drivers/usb/misc/auerswald.c
--- a/drivers/usb/misc/auerswald.c Sun May 19 04:33:19 2002
+++ b/drivers/usb/misc/auerswald.c Sun May 19 04:33:19 2002
@@ -1553,7 +1553,7 @@
if (u > devinfo.bsize) {
u = devinfo.bsize;
}
- ret = copy_to_user(devinfo.buf, cp->dev_desc, u);
+ ret = copy_to_user(devinfo.buf, cp->dev_desc, u) ? -EFAULT : 0;
break;
/* get the max. string descriptor length */
@@ -1803,7 +1803,7 @@
wake_up (&cp->bufferwait);
up (&cp->mutex);
up (&ccp->mutex);
- return -EIO;
+ return -EFAULT;
}
/* set the header byte */
diff -Nru a/drivers/usb/serial/ipaq.c b/drivers/usb/serial/ipaq.c
--- a/drivers/usb/serial/ipaq.c Sun May 19 04:33:19 2002
+++ b/drivers/usb/serial/ipaq.c Sun May 19 04:33:19 2002
@@ -353,7 +353,8 @@
}
if (from_user) {
- copy_from_user(pkt->data, buf, count);
+ if (copy_from_user(pkt->data, buf, count))
+ return -EFAULT;
} else {
memcpy(pkt->data, buf, count);
}
diff -Nru a/drivers/usb/serial/safe_serial.c b/drivers/usb/serial/safe_serial.c
--- a/drivers/usb/serial/safe_serial.c Sun May 19 04:33:19 2002
+++ b/drivers/usb/serial/safe_serial.c Sun May 19 04:33:19 2002
@@ -319,7 +319,8 @@
memset (data, '0', packet_length);
if (from_user) {
- copy_from_user (data, buf, count);
+ if (copy_from_user (data, buf, count))
+ return -EFAULT;
} else {
memcpy (data, buf, count);
}
next prev parent reply other threads:[~2002-05-19 7:39 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-05-19 4:18 AUDIT of 2.5.15 copy_to/from_user Rusty Russell
2002-05-18 22:55 ` Arnaldo Carvalho de Melo
2002-05-18 23:12 ` [BKPATCH] " Arnaldo Carvalho de Melo
2002-05-18 23:54 ` Arnaldo Carvalho de Melo
2002-05-19 0:14 ` [BKPATCH] OSS: " Arnaldo Carvalho de Melo
2002-05-19 0:19 ` Arnaldo Carvalho de Melo
2002-05-19 1:16 ` Arnaldo Carvalho de Melo
2002-05-19 1:38 ` Arnaldo Carvalho de Melo [this message]
2002-05-20 6:07 ` [BKPATCH] USB: " Greg KH
2002-05-19 6:30 ` Kai Germaschewski
2002-05-19 0:45 ` Arnaldo Carvalho de Melo
2002-05-19 1:07 ` [BKPATCH] ISDN: " Arnaldo Carvalho de Melo
2002-05-19 11:44 ` Alan Cox
2002-05-19 12:10 ` Stephen Rothwell
2002-05-19 12:15 ` Rui Sousa
2002-05-19 12:46 ` Alan Cox
2002-05-19 12:58 ` Rui Sousa
2002-05-19 13:43 ` Alan Cox
2002-05-19 17:01 ` Hugh Dickins
2002-05-19 17:36 ` Alan Cox
2002-05-19 17:52 ` David Woodhouse
2002-05-19 18:20 ` Alan Cox
2002-05-19 18:02 ` David Woodhouse
2002-05-19 22:54 ` Alan Cox
2002-05-20 1:38 ` Rusty Russell
2002-05-20 11:47 ` Alan Cox
2002-05-19 12:13 ` Alan Cox
2002-06-07 8:54 ` David S. Miller
2002-05-19 12:48 ` Arnaldo Carvalho de Melo
2002-05-19 17:28 ` Arnaldo Carvalho de Melo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020519013808.GF4279@conectiva.com.br \
--to=acme@conectiva.com.br \
--cc=greg@kroah.com \
--cc=kernel-janitor-discuss@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=rusty@rustcorp.com.au \
--cc=torvalds@transmeta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox