review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Heiko Carstens <heiko.carstens@de.ibm.com>
	Mon, 25 Feb 2013 06:24:20 +0000 (07:24 +0100)
committer	Martin Schwidefsky <schwidefsky@de.ibm.com>
	Thu, 28 Feb 2013 08:37:11 +0000 (09:37 +0100)
commit	225cf8d69c768f4472d2fd9f54bba2b69a588193
tree	72bb482ba7c226991712e0cf466e6155b85a7821	tree \| snapshot
parent	832a998190400563a69677b30d5f306e45cc3aff	commit \| diff

s390/uaccess: fix strncpy_from_user string length check

The "standard" and page table walk variants of strncpy_from_user() first
check the length of the to be copied string in userspace.
The string is then copied to kernel space and the length returned to the
caller.
However userspace can modify the string at any time while the kernel
checks for the length of the string or copies the string. In result the
returned length of the string is not necessarily correct.
Fix this by copying in a loop which mimics the mvcos variant of
strncpy_from_user(), which handles this correctly.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>

arch/s390/lib/uaccess_pt.c		diff \| blob \| history
arch/s390/lib/uaccess_std.c		diff \| blob \| history