While doing a ktest.pl I used a MIN_CONFIG that had STAGING enabled, and
a randconfig with CONFIG_DEBUG_STRICT_USER_COPY_CHECKS enabled caught
the following bug:
In file included from /home/rostedt/work/autotest/nobackup/linux-test.git/arch/x86/include/asm/uaccess.h:571:0,
from /home/rostedt/work/autotest/nobackup/linux-test.git/include/linux/poll.h:14,
from /home/rostedt/work/autotest/nobackup/linux-test.git/drivers/staging/ft1000/ft1000-usb/ft1000_chdev.c:32:
In function 'copy_from_user',
inlined from 'ft1000_ChIoctl' at /home/rostedt/work/autotest/nobackup/linux-test.git/drivers/staging/ft1000/ft1000-usb/ft1000_chdev.c:702:36:
/home/rostedt/work/autotest/nobackup/linux-test.git/arch/x86/include/asm/uaccess_32.h:212:26: error: call to 'copy_from_user_overflow' declared with attribute error: copy_from_user() buffer size is not provably correct
Looking at the code it was obvious what the problem was. The pointer
dpram_data was being allocated but the address was being written to.
Looking at the comment above the code shows that it use to write into an
element of that pointer where the '&' is appropriate. But now that it
writes to the pointer itself, we need to remove the '&' otherwise we
write over the pointer and not into the data it points to.
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Cc: Marek Belisko <marek.belisko@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
break;
//if ( copy_from_user(&(dpram_command.dpram_blk), (PIOCTL_DPRAM_BLK)Argument, msgsz+2) ) {
- if ( copy_from_user(&dpram_data, argp, msgsz+2) ) {
+ if ( copy_from_user(dpram_data, argp, msgsz+2) ) {
DEBUG("FT1000:ft1000_ChIoctl: copy fault occurred\n");
result = -EFAULT;
}
projects / platform / kernel / linux-amlogic.git / commitdiff