diff options
author | David S. Miller <davem@davemloft.net> | 2015-06-08 20:06:56 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2015-06-08 20:06:56 -0700 |
commit | 941742f49762ba4c908510f036b09a46c1b14513 (patch) | |
tree | aafb7a72c2072f98889406668003234bed56df02 /lib | |
parent | ac7ba51c215db5739eb640f2f26025ced8668285 (diff) | |
parent | 5879ae5fd052a63d5ac0684320cb7df3e83da7de (diff) | |
download | linux-stable-941742f49762ba4c908510f036b09a46c1b14513.tar.gz linux-stable-941742f49762ba4c908510f036b09a46c1b14513.tar.bz2 linux-stable-941742f49762ba4c908510f036b09a46c1b14513.zip |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Diffstat (limited to 'lib')
-rw-r--r-- | lib/rhashtable.c | 1 | ||||
-rw-r--r-- | lib/strnlen_user.c | 12 | ||||
-rw-r--r-- | lib/swiotlb.c | 5 |
3 files changed, 14 insertions, 4 deletions
diff --git a/lib/rhashtable.c b/lib/rhashtable.c index ca66a0e32c8e..a60a6d335a91 100644 --- a/lib/rhashtable.c +++ b/lib/rhashtable.c @@ -26,6 +26,7 @@ #include <linux/random.h> #include <linux/rhashtable.h> #include <linux/err.h> +#include <linux/export.h> #define HASH_DEFAULT_SIZE 64UL #define HASH_MIN_SIZE 4U diff --git a/lib/strnlen_user.c b/lib/strnlen_user.c index a28df5206d95..fe9a32591c24 100644 --- a/lib/strnlen_user.c +++ b/lib/strnlen_user.c @@ -57,7 +57,8 @@ static inline long do_strnlen_user(const char __user *src, unsigned long count, return res + find_zero(data) + 1 - align; } res += sizeof(unsigned long); - if (unlikely(max < sizeof(unsigned long))) + /* We already handled 'unsigned long' bytes. Did we do it all ? */ + if (unlikely(max <= sizeof(unsigned long))) break; max -= sizeof(unsigned long); if (unlikely(__get_user(c,(unsigned long __user *)(src+res)))) @@ -89,8 +90,15 @@ static inline long do_strnlen_user(const char __user *src, unsigned long count, * Get the size of a NUL-terminated string in user space. * * Returns the size of the string INCLUDING the terminating NUL. - * If the string is too long, returns 'count+1'. + * If the string is too long, returns a number larger than @count. User + * has to check the return value against "> count". * On exception (or invalid count), returns 0. + * + * NOTE! You should basically never use this function. There is + * almost never any valid case for using the length of a user space + * string, since the string can be changed at any time by other + * threads. Use "strncpy_from_user()" instead to get a stable copy + * of the string. */ long strnlen_user(const char __user *str, long count) { diff --git a/lib/swiotlb.c b/lib/swiotlb.c index 4abda074ea45..3c365ab6cf5f 100644 --- a/lib/swiotlb.c +++ b/lib/swiotlb.c @@ -537,8 +537,9 @@ EXPORT_SYMBOL_GPL(swiotlb_tbl_map_single); * Allocates bounce buffer and returns its kernel virtual address. */ -phys_addr_t map_single(struct device *hwdev, phys_addr_t phys, size_t size, - enum dma_data_direction dir) +static phys_addr_t +map_single(struct device *hwdev, phys_addr_t phys, size_t size, + enum dma_data_direction dir) { dma_addr_t start_dma_addr = phys_to_dma(hwdev, io_tlb_start); |