scsi: pmcraid: use normal copy_from_user
authorArnd Bergmann <arnd@arndb.de>
Fri, 21 Apr 2017 22:02:31 +0000 (00:02 +0200)
committerMartin K. Petersen <martin.petersen@oracle.com>
Mon, 24 Apr 2017 22:11:22 +0000 (18:11 -0400)
As pointed out by Al Viro for my previous series, the driver has no need
to call access_ok() and __copy_from_user()/__copy_to_user(). Changing
it to regular copy_from_user()/copy_to_user() simplifies the code without
any real downsides, making it less error-prone at best.

This patch by itself also addresses the warning about the access_ok()
macro on MIPS, but both fixes improve the code, so ideally we apply
them both.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
drivers/scsi/pmcraid.c

index 94f71aef196f4de7c890503929e1e8ca07ba9b70..a4aadf5f4dc61e9d80a5f1382fd63f11d169dd0d 100644 (file)
@@ -3342,9 +3342,9 @@ static int pmcraid_copy_sglist(
 
                kaddr = kmap(page);
                if (direction == DMA_TO_DEVICE)
-                       rc = __copy_from_user(kaddr, buffer, bsize_elem);
+                       rc = copy_from_user(kaddr, buffer, bsize_elem);
                else
-                       rc = __copy_to_user(buffer, kaddr, bsize_elem);
+                       rc = copy_to_user(buffer, kaddr, bsize_elem);
 
                kunmap(page);
 
@@ -3362,9 +3362,9 @@ static int pmcraid_copy_sglist(
                kaddr = kmap(page);
 
                if (direction == DMA_TO_DEVICE)
-                       rc = __copy_from_user(kaddr, buffer, len % bsize_elem);
+                       rc = copy_from_user(kaddr, buffer, len % bsize_elem);
                else
-                       rc = __copy_to_user(buffer, kaddr, len % bsize_elem);
+                       rc = copy_to_user(buffer, kaddr, len % bsize_elem);
 
                kunmap(page);
 
@@ -3691,7 +3691,7 @@ static long pmcraid_ioctl_passthrough(
 
        request_buffer = arg + request_offset;
 
-       rc = __copy_from_user(buffer, arg,
+       rc = copy_from_user(buffer, arg,
                             sizeof(struct pmcraid_passthrough_ioctl_buffer));
 
        ioasa = arg + offsetof(struct pmcraid_passthrough_ioctl_buffer, ioasa);
@@ -3712,14 +3712,7 @@ static long pmcraid_ioctl_passthrough(
                direction = DMA_FROM_DEVICE;
        }
 
-       if (request_size > 0) {
-               rc = access_ok(access, arg, request_offset + request_size);
-
-               if (!rc) {
-                       rc = -EFAULT;
-                       goto out_free_buffer;
-               }
-       } else if (request_size < 0) {
+       if (request_size < 0) {
                rc = -EINVAL;
                goto out_free_buffer;
        }
@@ -3929,11 +3922,6 @@ static long pmcraid_ioctl_driver(
 {
        int rc = -ENOSYS;
 
-       if (!access_ok(VERIFY_READ, user_buffer, _IOC_SIZE(cmd))) {
-               pmcraid_err("ioctl_driver: access fault in request buffer\n");
-               return -EFAULT;
-       }
-
        switch (cmd) {
        case PMCRAID_IOCTL_RESET_ADAPTER:
                pmcraid_reset_bringup(pinstance);
@@ -3965,8 +3953,7 @@ static int pmcraid_check_ioctl_buffer(
        struct pmcraid_ioctl_header *hdr
 )
 {
-       int rc = 0;
-       int access = VERIFY_READ;
+       int rc;
 
        if (copy_from_user(hdr, arg, sizeof(struct pmcraid_ioctl_header))) {
                pmcraid_err("couldn't copy ioctl header from user buffer\n");
@@ -3982,19 +3969,6 @@ static int pmcraid_check_ioctl_buffer(
                return -EINVAL;
        }
 
-       /* check for appropriate buffer access */
-       if ((_IOC_DIR(cmd) & _IOC_READ) == _IOC_READ)
-               access = VERIFY_WRITE;
-
-       rc = access_ok(access,
-                      (arg + sizeof(struct pmcraid_ioctl_header)),
-                      hdr->buffer_length);
-       if (!rc) {
-               pmcraid_err("access failed for user buffer of size %d\n",
-                            hdr->buffer_length);
-               return -EFAULT;
-       }
-
        return 0;
 }