From 30800d9977ec271a7836d777848dba6773d12a3b Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 7 Mar 2017 13:57:11 -0800 Subject: [PATCH] pstore: simplify write_user_compat() Nothing actually uses write_user_compat() currently, but there is no reason to reuse the dmesg buffer. Instead, just allocate a new record buffer, copy in from userspace, and pass it to write() as normal. Signed-off-by: Kees Cook --- fs/pstore/platform.c | 46 +++++++++++++++++++------------------------- 1 file changed, 20 insertions(+), 26 deletions(-) diff --git a/fs/pstore/platform.c b/fs/pstore/platform.c index e79f170fa79b..43b3ca5e045f 100644 --- a/fs/pstore/platform.c +++ b/fs/pstore/platform.c @@ -635,33 +635,27 @@ static void pstore_unregister_console(void) {} static int pstore_write_user_compat(struct pstore_record *record, const char __user *buf) { - unsigned long flags = 0; - size_t i, bufsize, total_size = record->size; - long ret = 0; - - if (unlikely(!access_ok(VERIFY_READ, buf, total_size))) - return -EFAULT; - bufsize = total_size; - if (bufsize > psinfo->bufsize) - bufsize = psinfo->bufsize; - record->buf = psinfo->buf; - spin_lock_irqsave(&psinfo->buf_lock, flags); - for (i = 0; i < total_size; ) { - size_t c = min(total_size - i, bufsize); - - ret = __copy_from_user(record->buf, buf + i, c); - if (unlikely(ret != 0)) { - ret = -EFAULT; - break; - } - record->size = c; - ret = record->psi->write(record); - if (unlikely(ret < 0)) - break; - i += c; + int ret = 0; + + if (record->buf) + return -EINVAL; + + record->buf = kmalloc(record->size, GFP_KERNEL); + if (!record->buf) + return -ENOMEM; + + if (unlikely(copy_from_user(record->buf, buf, record->size))) { + ret = -EFAULT; + goto out; } - spin_unlock_irqrestore(&psinfo->buf_lock, flags); - return unlikely(ret < 0) ? ret : total_size; + + ret = record->psi->write(record); + +out: + kfree(record->buf); + record->buf = NULL; + + return unlikely(ret < 0) ? ret : record->size; } /* -- 2.20.1