From edb88cef0570914375d461107759cf0d6d677ed5 Mon Sep 17 00:00:00 2001 From: Arnd Bergmann Date: Sat, 22 Apr 2017 00:02:31 +0200 Subject: [PATCH] scsi: pmcraid: use normal copy_from_user As pointed out by Al Viro for my previous series, the driver has no need to call access_ok() and __copy_from_user()/__copy_to_user(). Changing it to regular copy_from_user()/copy_to_user() simplifies the code without any real downsides, making it less error-prone at best. This patch by itself also addresses the warning about the access_ok() macro on MIPS, but both fixes improve the code, so ideally we apply them both. Signed-off-by: Arnd Bergmann Reviewed-by: Christoph Hellwig Signed-off-by: Martin K. Petersen --- drivers/scsi/pmcraid.c | 40 +++++++--------------------------------- 1 file changed, 7 insertions(+), 33 deletions(-) diff --git a/drivers/scsi/pmcraid.c b/drivers/scsi/pmcraid.c index 94f71aef196f..a4aadf5f4dc6 100644 --- a/drivers/scsi/pmcraid.c +++ b/drivers/scsi/pmcraid.c @@ -3342,9 +3342,9 @@ static int pmcraid_copy_sglist( kaddr = kmap(page); if (direction == DMA_TO_DEVICE) - rc = __copy_from_user(kaddr, buffer, bsize_elem); + rc = copy_from_user(kaddr, buffer, bsize_elem); else - rc = __copy_to_user(buffer, kaddr, bsize_elem); + rc = copy_to_user(buffer, kaddr, bsize_elem); kunmap(page); @@ -3362,9 +3362,9 @@ static int pmcraid_copy_sglist( kaddr = kmap(page); if (direction == DMA_TO_DEVICE) - rc = __copy_from_user(kaddr, buffer, len % bsize_elem); + rc = copy_from_user(kaddr, buffer, len % bsize_elem); else - rc = __copy_to_user(buffer, kaddr, len % bsize_elem); + rc = copy_to_user(buffer, kaddr, len % bsize_elem); kunmap(page); @@ -3691,7 +3691,7 @@ static long pmcraid_ioctl_passthrough( request_buffer = arg + request_offset; - rc = __copy_from_user(buffer, arg, + rc = copy_from_user(buffer, arg, sizeof(struct pmcraid_passthrough_ioctl_buffer)); ioasa = arg + offsetof(struct pmcraid_passthrough_ioctl_buffer, ioasa); @@ -3712,14 +3712,7 @@ static long pmcraid_ioctl_passthrough( direction = DMA_FROM_DEVICE; } - if (request_size > 0) { - rc = access_ok(access, arg, request_offset + request_size); - - if (!rc) { - rc = -EFAULT; - goto out_free_buffer; - } - } else if (request_size < 0) { + if (request_size < 0) { rc = -EINVAL; goto out_free_buffer; } @@ -3929,11 +3922,6 @@ static long pmcraid_ioctl_driver( { int rc = -ENOSYS; - if (!access_ok(VERIFY_READ, user_buffer, _IOC_SIZE(cmd))) { - pmcraid_err("ioctl_driver: access fault in request buffer\n"); - return -EFAULT; - } - switch (cmd) { case PMCRAID_IOCTL_RESET_ADAPTER: pmcraid_reset_bringup(pinstance); @@ -3965,8 +3953,7 @@ static int pmcraid_check_ioctl_buffer( struct pmcraid_ioctl_header *hdr ) { - int rc = 0; - int access = VERIFY_READ; + int rc; if (copy_from_user(hdr, arg, sizeof(struct pmcraid_ioctl_header))) { pmcraid_err("couldn't copy ioctl header from user buffer\n"); @@ -3982,19 +3969,6 @@ static int pmcraid_check_ioctl_buffer( return -EINVAL; } - /* check for appropriate buffer access */ - if ((_IOC_DIR(cmd) & _IOC_READ) == _IOC_READ) - access = VERIFY_WRITE; - - rc = access_ok(access, - (arg + sizeof(struct pmcraid_ioctl_header)), - hdr->buffer_length); - if (!rc) { - pmcraid_err("access failed for user buffer of size %d\n", - hdr->buffer_length); - return -EFAULT; - } - return 0; } -- 2.20.1