* [PATCH] rt2x00: use simple_read_from_buffer()
@ 2018-08-22 10:41 ` Dan Carpenter
0 siblings, 0 replies; 6+ messages in thread
From: Dan Carpenter @ 2018-08-22 10:41 UTC (permalink / raw)
To: Stanislaw Gruszka
Cc: Helmut Schaa, Kalle Valo, David S. Miller, linux-wireless,
kernel-janitors
The problem with this copy_to_user() calls is that they don't ensure
that "size" is less than the "length" which the user provided.
Obviously, this is debugfs and "size" is normally going to be very small
so it probably doesn't matter, but this is the correct thing to do.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
>From static analysis. Not tested.
diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00debug.c b/drivers/net/wireless/ralink/rt2x00/rt2x00debug.c
index acc399b5574e..61ba573e8bf1 100644
--- a/drivers/net/wireless/ralink/rt2x00/rt2x00debug.c
+++ b/drivers/net/wireless/ralink/rt2x00/rt2x00debug.c
@@ -464,11 +464,7 @@ static ssize_t rt2x00debug_read_##__name(struct file *file, \
\
size = sprintf(line, __format, value); \
\
- if (copy_to_user(buf, line, size)) \
- return -EFAULT; \
- \
- *offset += size; \
- return size; \
+ return simple_read_from_buffer(buf, length, offset, line, size); \
}
#define RT2X00DEBUGFS_OPS_WRITE(__name, __type) \
@@ -545,11 +541,7 @@ static ssize_t rt2x00debug_read_dev_flags(struct file *file,
size = sprintf(line, "0x%.8x\n", (unsigned int)intf->rt2x00dev->flags);
- if (copy_to_user(buf, line, size))
- return -EFAULT;
-
- *offset += size;
- return size;
+ return simple_read_from_buffer(buf, length, offset, line, size);
}
static const struct file_operations rt2x00debug_fop_dev_flags = {
@@ -574,11 +566,7 @@ static ssize_t rt2x00debug_read_cap_flags(struct file *file,
size = sprintf(line, "0x%.8x\n", (unsigned int)intf->rt2x00dev->cap_flags);
- if (copy_to_user(buf, line, size))
- return -EFAULT;
-
- *offset += size;
- return size;
+ return simple_read_from_buffer(buf, length, offset, line, size);
}
static const struct file_operations rt2x00debug_fop_cap_flags = {
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH] rt2x00: use simple_read_from_buffer()
@ 2018-08-22 10:41 ` Dan Carpenter
0 siblings, 0 replies; 6+ messages in thread
From: Dan Carpenter @ 2018-08-22 10:41 UTC (permalink / raw)
To: Stanislaw Gruszka
Cc: Helmut Schaa, Kalle Valo, David S. Miller, linux-wireless,
kernel-janitors
The problem with this copy_to_user() calls is that they don't ensure
that "size" is less than the "length" which the user provided.
Obviously, this is debugfs and "size" is normally going to be very small
so it probably doesn't matter, but this is the correct thing to do.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
From static analysis. Not tested.
diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00debug.c b/drivers/net/wireless/ralink/rt2x00/rt2x00debug.c
index acc399b5574e..61ba573e8bf1 100644
--- a/drivers/net/wireless/ralink/rt2x00/rt2x00debug.c
+++ b/drivers/net/wireless/ralink/rt2x00/rt2x00debug.c
@@ -464,11 +464,7 @@ static ssize_t rt2x00debug_read_##__name(struct file *file, \
\
size = sprintf(line, __format, value); \
\
- if (copy_to_user(buf, line, size)) \
- return -EFAULT; \
- \
- *offset += size; \
- return size; \
+ return simple_read_from_buffer(buf, length, offset, line, size); \
}
#define RT2X00DEBUGFS_OPS_WRITE(__name, __type) \
@@ -545,11 +541,7 @@ static ssize_t rt2x00debug_read_dev_flags(struct file *file,
size = sprintf(line, "0x%.8x\n", (unsigned int)intf->rt2x00dev->flags);
- if (copy_to_user(buf, line, size))
- return -EFAULT;
-
- *offset += size;
- return size;
+ return simple_read_from_buffer(buf, length, offset, line, size);
}
static const struct file_operations rt2x00debug_fop_dev_flags = {
@@ -574,11 +566,7 @@ static ssize_t rt2x00debug_read_cap_flags(struct file *file,
size = sprintf(line, "0x%.8x\n", (unsigned int)intf->rt2x00dev->cap_flags);
- if (copy_to_user(buf, line, size))
- return -EFAULT;
-
- *offset += size;
- return size;
+ return simple_read_from_buffer(buf, length, offset, line, size);
}
static const struct file_operations rt2x00debug_fop_cap_flags = {
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] rt2x00: use simple_read_from_buffer()
2018-08-22 10:41 ` Dan Carpenter
@ 2018-08-22 13:32 ` Stanislaw Gruszka
-1 siblings, 0 replies; 6+ messages in thread
From: Stanislaw Gruszka @ 2018-08-22 13:32 UTC (permalink / raw)
To: Dan Carpenter
Cc: Helmut Schaa, Kalle Valo, David S. Miller, linux-wireless,
kernel-janitors
On Wed, Aug 22, 2018 at 01:41:26PM +0300, Dan Carpenter wrote:
> The problem with this copy_to_user() calls is that they don't ensure
> that "size" is less than the "length" which the user provided.
>
> Obviously, this is debugfs and "size" is normally going to be very small
> so it probably doesn't matter, but this is the correct thing to do.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Stanislaw Gruszka <sgruszka@redhat.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] rt2x00: use simple_read_from_buffer()
@ 2018-08-22 13:32 ` Stanislaw Gruszka
0 siblings, 0 replies; 6+ messages in thread
From: Stanislaw Gruszka @ 2018-08-22 13:32 UTC (permalink / raw)
To: Dan Carpenter
Cc: Helmut Schaa, Kalle Valo, David S. Miller, linux-wireless,
kernel-janitors
On Wed, Aug 22, 2018 at 01:41:26PM +0300, Dan Carpenter wrote:
> The problem with this copy_to_user() calls is that they don't ensure
> that "size" is less than the "length" which the user provided.
>
> Obviously, this is debugfs and "size" is normally going to be very small
> so it probably doesn't matter, but this is the correct thing to do.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Stanislaw Gruszka <sgruszka@redhat.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] rt2x00: use simple_read_from_buffer()
2018-08-22 10:41 ` Dan Carpenter
@ 2018-08-31 15:47 ` Kalle Valo
-1 siblings, 0 replies; 6+ messages in thread
From: Kalle Valo @ 2018-08-31 15:47 UTC (permalink / raw)
To: Dan Carpenter
Cc: Stanislaw Gruszka, Helmut Schaa, David S. Miller, linux-wireless,
kernel-janitors
Dan Carpenter <dan.carpenter@oracle.com> wrote:
> The problem with this copy_to_user() calls is that they don't ensure
> that "size" is less than the "length" which the user provided.
>
> Obviously, this is debugfs and "size" is normally going to be very small
> so it probably doesn't matter, but this is the correct thing to do.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> Acked-by: Stanislaw Gruszka <sgruszka@redhat.com>
Patch applied to wireless-drivers-next.git, thanks.
f483039cf51a rt2x00: use simple_read_from_buffer()
--
https://patchwork.kernel.org/patch/10572845/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] rt2x00: use simple_read_from_buffer()
@ 2018-08-31 15:47 ` Kalle Valo
0 siblings, 0 replies; 6+ messages in thread
From: Kalle Valo @ 2018-08-31 15:47 UTC (permalink / raw)
To: Dan Carpenter
Cc: Stanislaw Gruszka, Helmut Schaa, David S. Miller, linux-wireless,
kernel-janitors
Dan Carpenter <dan.carpenter@oracle.com> wrote:
> The problem with this copy_to_user() calls is that they don't ensure
> that "size" is less than the "length" which the user provided.
>
> Obviously, this is debugfs and "size" is normally going to be very small
> so it probably doesn't matter, but this is the correct thing to do.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> Acked-by: Stanislaw Gruszka <sgruszka@redhat.com>
Patch applied to wireless-drivers-next.git, thanks.
f483039cf51a rt2x00: use simple_read_from_buffer()
--
https://patchwork.kernel.org/patch/10572845/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2018-08-31 19:55 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-08-22 10:41 [PATCH] rt2x00: use simple_read_from_buffer() Dan Carpenter
2018-08-22 10:41 ` Dan Carpenter
2018-08-22 13:32 ` Stanislaw Gruszka
2018-08-22 13:32 ` Stanislaw Gruszka
2018-08-31 15:47 ` Kalle Valo
2018-08-31 15:47 ` Kalle Valo
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.