diff options
Diffstat (limited to 'queue-2.6.32/cdrom-use-copy_to_user-without-the-underscores.patch')
| -rw-r--r-- | queue-2.6.32/cdrom-use-copy_to_user-without-the-underscores.patch | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/queue-2.6.32/cdrom-use-copy_to_user-without-the-underscores.patch b/queue-2.6.32/cdrom-use-copy_to_user-without-the-underscores.patch new file mode 100644 index 0000000..eba6a33 --- /dev/null +++ b/queue-2.6.32/cdrom-use-copy_to_user-without-the-underscores.patch @@ -0,0 +1,54 @@ +From 822bfa51ce44f2c63c300fdb76dc99c4d5a5ca9f Mon Sep 17 00:00:00 2001 +From: Dan Carpenter <dan.carpenter@oracle.com> +Date: Mon, 6 Feb 2012 10:20:45 +0100 +Subject: cdrom: use copy_to_user() without the underscores + +From: Dan Carpenter <dan.carpenter@oracle.com> + +commit 822bfa51ce44f2c63c300fdb76dc99c4d5a5ca9f upstream. + +"nframes" comes from the user and "nframes * CD_FRAMESIZE_RAW" can wrap +on 32 bit systems. That would have been ok if we used the same wrapped +value for the copy, but we use a shifted value. We should just use the +checked version of copy_to_user() because it's not going to make a +difference to the speed. + +Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> +Signed-off-by: Jens Axboe <axboe@kernel.dk> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> + +--- + drivers/cdrom/cdrom.c | 8 +------- + 1 file changed, 1 insertion(+), 7 deletions(-) + +--- a/drivers/cdrom/cdrom.c ++++ b/drivers/cdrom/cdrom.c +@@ -2057,11 +2057,6 @@ static int cdrom_read_cdda_old(struct cd + if (!nr) + return -ENOMEM; + +- if (!access_ok(VERIFY_WRITE, ubuf, nframes * CD_FRAMESIZE_RAW)) { +- ret = -EFAULT; +- goto out; +- } +- + cgc.data_direction = CGC_DATA_READ; + while (nframes > 0) { + if (nr > nframes) +@@ -2070,7 +2065,7 @@ static int cdrom_read_cdda_old(struct cd + ret = cdrom_read_block(cdi, &cgc, lba, nr, 1, CD_FRAMESIZE_RAW); + if (ret) + break; +- if (__copy_to_user(ubuf, cgc.buffer, CD_FRAMESIZE_RAW * nr)) { ++ if (copy_to_user(ubuf, cgc.buffer, CD_FRAMESIZE_RAW * nr)) { + ret = -EFAULT; + break; + } +@@ -2078,7 +2073,6 @@ static int cdrom_read_cdda_old(struct cd + nframes -= nr; + lba += nr; + } +-out: + kfree(cgc.buffer); + return ret; + } |