diff options
author | Kees Cook <keescook@chromium.org> | 2017-03-07 13:57:11 -0800 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2017-03-07 14:01:03 -0800 |
commit | 30800d9977ec271a7836d777848dba6773d12a3b (patch) | |
tree | d3a93e024d5c3a22b1555b2f4b5b329f8c64feac | |
parent | 4c9ec219766a217468fb94a281c416455a884dda (diff) |
pstore: simplify write_user_compat()
Nothing actually uses write_user_compat() currently, but there is no
reason to reuse the dmesg buffer. Instead, just allocate a new record
buffer, copy in from userspace, and pass it to write() as normal.
Signed-off-by: Kees Cook <keescook@chromium.org>
-rw-r--r-- | fs/pstore/platform.c | 46 |
1 files changed, 20 insertions, 26 deletions
diff --git a/fs/pstore/platform.c b/fs/pstore/platform.c index e79f170fa79b..43b3ca5e045f 100644 --- a/fs/pstore/platform.c +++ b/fs/pstore/platform.c @@ -635,33 +635,27 @@ static void pstore_unregister_console(void) {} static int pstore_write_user_compat(struct pstore_record *record, const char __user *buf) { - unsigned long flags = 0; - size_t i, bufsize, total_size = record->size; - long ret = 0; - - if (unlikely(!access_ok(VERIFY_READ, buf, total_size))) - return -EFAULT; - bufsize = total_size; - if (bufsize > psinfo->bufsize) - bufsize = psinfo->bufsize; - record->buf = psinfo->buf; - spin_lock_irqsave(&psinfo->buf_lock, flags); - for (i = 0; i < total_size; ) { - size_t c = min(total_size - i, bufsize); - - ret = __copy_from_user(record->buf, buf + i, c); - if (unlikely(ret != 0)) { - ret = -EFAULT; - break; - } - record->size = c; - ret = record->psi->write(record); - if (unlikely(ret < 0)) - break; - i += c; + int ret = 0; + + if (record->buf) + return -EINVAL; + + record->buf = kmalloc(record->size, GFP_KERNEL); + if (!record->buf) + return -ENOMEM; + + if (unlikely(copy_from_user(record->buf, buf, record->size))) { + ret = -EFAULT; + goto out; } - spin_unlock_irqrestore(&psinfo->buf_lock, flags); - return unlikely(ret < 0) ? ret : total_size; + + ret = record->psi->write(record); + +out: + kfree(record->buf); + record->buf = NULL; + + return unlikely(ret < 0) ? ret : record->size; } /* |