summaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2017-03-07 13:57:11 -0800
committerKees Cook <keescook@chromium.org>2017-03-07 14:01:03 -0800
commit30800d9977ec271a7836d777848dba6773d12a3b (patch)
treed3a93e024d5c3a22b1555b2f4b5b329f8c64feac /fs
parent4c9ec219766a217468fb94a281c416455a884dda (diff)
downloadlinux-stable-30800d9977ec271a7836d777848dba6773d12a3b.tar.gz
linux-stable-30800d9977ec271a7836d777848dba6773d12a3b.tar.bz2
linux-stable-30800d9977ec271a7836d777848dba6773d12a3b.zip
pstore: simplify write_user_compat()
Nothing actually uses write_user_compat() currently, but there is no reason to reuse the dmesg buffer. Instead, just allocate a new record buffer, copy in from userspace, and pass it to write() as normal. Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/pstore/platform.c46
1 files changed, 20 insertions, 26 deletions
diff --git a/fs/pstore/platform.c b/fs/pstore/platform.c
index e79f170fa79b..43b3ca5e045f 100644
--- a/fs/pstore/platform.c
+++ b/fs/pstore/platform.c
@@ -635,33 +635,27 @@ static void pstore_unregister_console(void) {}
static int pstore_write_user_compat(struct pstore_record *record,
const char __user *buf)
{
- unsigned long flags = 0;
- size_t i, bufsize, total_size = record->size;
- long ret = 0;
-
- if (unlikely(!access_ok(VERIFY_READ, buf, total_size)))
- return -EFAULT;
- bufsize = total_size;
- if (bufsize > psinfo->bufsize)
- bufsize = psinfo->bufsize;
- record->buf = psinfo->buf;
- spin_lock_irqsave(&psinfo->buf_lock, flags);
- for (i = 0; i < total_size; ) {
- size_t c = min(total_size - i, bufsize);
-
- ret = __copy_from_user(record->buf, buf + i, c);
- if (unlikely(ret != 0)) {
- ret = -EFAULT;
- break;
- }
- record->size = c;
- ret = record->psi->write(record);
- if (unlikely(ret < 0))
- break;
- i += c;
+ int ret = 0;
+
+ if (record->buf)
+ return -EINVAL;
+
+ record->buf = kmalloc(record->size, GFP_KERNEL);
+ if (!record->buf)
+ return -ENOMEM;
+
+ if (unlikely(copy_from_user(record->buf, buf, record->size))) {
+ ret = -EFAULT;
+ goto out;
}
- spin_unlock_irqrestore(&psinfo->buf_lock, flags);
- return unlikely(ret < 0) ? ret : total_size;
+
+ ret = record->psi->write(record);
+
+out:
+ kfree(record->buf);
+ record->buf = NULL;
+
+ return unlikely(ret < 0) ? ret : record->size;
}
/*