Eric Lee / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit 5d56356a2c9f5e96efe7a095cbf9b6fee8265d22

Authored by Kulikov Vasiliy
Committed by Greg Kroah-Hartman
1 parent 80d04f22b0
Exists in master and in 39 other branches 8mp-imx_5.4.70_2.3.0, 8qm-imx_5.4.70_2.3.0, emb_imx_lf-5.15.y, emb_lf-6.1.y, imx_3.0.35_4.1.0, imx_3.10.17_1.0.1_ga, imx_3.10.53_1.1.0_ga, imx_3.14.28_1.0.0_ga, imx_4.1.15_1.0.0_ga, pitx_8mp_lf-5.10.y, rt-smarc-imx_4.1.15_1.0.0_ga, rt_linux_5.15.71, smarc-8m-android-11.0.0_2.0.0, smarc-imx6_4.14.98_2.0.0_ga, smarc-imx6_4.9.88_2.0.0_ga, smarc-imx7_4.14.98_2.0.0_ga, smarc-imx7_4.9.11_1.0.0_ga, smarc-imx7_4.9.88_2.0.0_ga, smarc-imx_3.10.53_1.1.0_ga, smarc-imx_3.14.28_1.0.0_ga, smarc-imx_4.1.15_1.0.0_ga, smarc-imx_4.9.11_1.0.0_ga, smarc-imx_4.9.51_imx8m_ga, smarc-imx_4.9.88_2.0.0_ga, smarc-m6.0.1_2.1.0-ga, smarc-n7.1.2_2.0.0-ga, smarc-rel_imx_4.1.15_1.2.0_ga, smarc_8m_00d0_imx_4.14.98_2.0.0_ga, smarc_8m_imx_4.14.78_1.0.0_ga, smarc_8m_imx_4.14.98_2.0.0_ga, smarc_8m_imx_4.19.35_1.1.0, smarc_8mm_imx_4.14.78_1.0.0_ga, smarc_8mm_imx_4.14.98_2.0.0_ga, smarc_8mm_imx_4.19.35_1.1.0, smarc_8mm_imx_5.4.24_2.1.0, smarc_8mp_lf-5.10.y, smarc_8mq_imx_5.4.24_2.1.0, smarc_8mq_lf-5.10.y, smarc_imx_lf-5.15.y

68328serial: check return value of copy_*_user() instead of access_ok() 

As copy_*_user() calls access_ok() it should not be called explicitly.

Signed-off-by: Kulikov Vasiliy <segooon@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

Showing 1 changed file with 11 additions and 18 deletions Side-by-side Diff

drivers/serial/68328serial.c
Diff comments   View file @ 5d56356
... ... @@ -869,7 +869,9 @@
869 869 tmp.close_delay = info->close_delay;
870 870 tmp.closing_wait = info->closing_wait;
871 871 tmp.custom_divisor = info->custom_divisor;
872   - copy_to_user(retinfo,&tmp,sizeof(*retinfo));
  872 + if (copy_to_user(retinfo, &tmp, sizeof(*retinfo)))
  873 + return -EFAULT;
  874 +
873 875 return 0;
874 876 }
875 877  
... ... @@ -882,7 +884,8 @@
882 884  
883 885 if (!new_info)
884 886 return -EFAULT;
885   - copy_from_user(&new_serial,new_info,sizeof(new_serial));
  887 + if (copy_from_user(&new_serial, new_info, sizeof(new_serial)))
  888 + return -EFAULT;
886 889 old_info = *info;
887 890  
888 891 if (!capable(CAP_SYS_ADMIN)) {
... ... @@ -943,8 +946,7 @@
943 946 status = 0;
944 947 #endif
945 948 local_irq_restore(flags);
946   - put_user(status,value);
947   - return 0;
  949 + return put_user(status, value);
948 950 }
949 951  
950 952 /*
951 953  
952 954  
953 955  
954 956  
... ... @@ -999,27 +1001,18 @@
999 1001 send_break(info, arg ? arg*(100) : 250);
1000 1002 return 0;
1001 1003 case TIOCGSERIAL:
1002   - if (access_ok(VERIFY_WRITE, (void *) arg,
1003   - sizeof(struct serial_struct)))
1004   - return get_serial_info(info,
1005   - (struct serial_struct *) arg);
1006   - return -EFAULT;
  1004 + return get_serial_info(info,
  1005 + (struct serial_struct *) arg);
1007 1006 case TIOCSSERIAL:
1008 1007 return set_serial_info(info,
1009 1008 (struct serial_struct *) arg);
1010 1009 case TIOCSERGETLSR: /* Get line status register */
1011   - if (access_ok(VERIFY_WRITE, (void *) arg,
1012   - sizeof(unsigned int)))
1013   - return get_lsr_info(info, (unsigned int *) arg);
1014   - return -EFAULT;
  1010 + return get_lsr_info(info, (unsigned int *) arg);
1015 1011 case TIOCSERGSTRUCT:
1016   - if (!access_ok(VERIFY_WRITE, (void *) arg,
1017   - sizeof(struct m68k_serial)))
  1012 + if (copy_to_user((struct m68k_serial *) arg,
  1013 + info, sizeof(struct m68k_serial)))
1018 1014 return -EFAULT;
1019   - copy_to_user((struct m68k_serial *) arg,
1020   - info, sizeof(struct m68k_serial));
1021 1015 return 0;
1022   -
1023 1016 default:
1024 1017 return -ENOIOCTLCMD;
1025 1018 }