Merge branch 'work.misc-set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

Pull misc user access cleanups from Al Viro: "The first pile is assorted getting rid of cargo-culted access_ok(), cargo-culted set_fs() and field-by-field copyouts. The same description applies to a lot of stuff in other branches - this is just the stuff that didn't fit into a more specific topical branch" * 'work.misc-set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: Switch flock copyin/copyout primitives to copy_{from,to}_user() fs/fcntl: return -ESRCH in f_setown when pid/pgid can't be found fs/fcntl: f_setown, avoid undefined behaviour fs/fcntl: f_setown, allow returning error lpfc debugfs: get rid of pointless access_ok() adb: get rid of pointless access_ok() isdn: get rid of pointless access_ok() compat statfs: switch to copy_to_user() fs/locks: don't mess with the address limit in compat_fcntl64 nfsd_readlink(): switch to vfs_get_link() drbd: ->sendpage() never needed set_fs() fs/locks: pass kernel struct flock to fcntl_getlk/setlk fs: locks: Fix some troubles at kernel-doc comments
author: Linus Torvalds <torvalds@linux-foundation.org> 2017-07-05 23:13:32 +0300
committer: Linus Torvalds <torvalds@linux-foundation.org> 2017-07-05 23:13:32 +0300
commit: 3bad2f1c676581d01e7645eb03e9b27e28b0a92e (patch)
tree: 7e946eb2c7dab8c08e473ee1249be9a814728158 /fs/statfs.c
parent: b4b8cbf679c4866a523a35d1454884a31bd5d8dc (diff)
parent: 8c6657cb50cb037ff58b3f6a547c6569568f3527 (diff)
download: linux-3bad2f1c676581d01e7645eb03e9b27e28b0a92e.tar.xz
1 files changed, 30 insertions, 28 deletions
diff --git a/fs/statfs.c b/fs/statfs.c
index 4e4623c7a126..41a6a82da5e2 100644
--- a/fs/statfs.c
+++ b/fs/statfs.c
@@ -244,6 +244,7 @@ SYSCALL_DEFINE2(ustat, unsigned, dev, struct ustat __user *, ubuf)
 #ifdef CONFIG_COMPAT
 static int put_compat_statfs(struct compat_statfs __user *ubuf, struct kstatfs *kbuf)
 {
+	struct compat_statfs buf;
 	if (sizeof ubuf->f_blocks == 4) {
 		if ((kbuf->f_blocks | kbuf->f_bfree | kbuf->f_bavail |
 		     kbuf->f_bsize | kbuf->f_frsize) & 0xffffffff00000000ULL)
@@ -257,20 +258,20 @@ static int put_compat_statfs(struct compat_statfs __user *ubuf, struct kstatfs *
 		 && (kbuf->f_ffree & 0xffffffff00000000ULL))
 			return -EOVERFLOW;
 	}
-	if (!access_ok(VERIFY_WRITE, ubuf, sizeof(*ubuf)) ||
-	    __put_user(kbuf->f_type, &ubuf->f_type) ||
-	    __put_user(kbuf->f_bsize, &ubuf->f_bsize) ||
-	    __put_user(kbuf->f_blocks, &ubuf->f_blocks) ||
-	    __put_user(kbuf->f_bfree, &ubuf->f_bfree) ||
-	    __put_user(kbuf->f_bavail, &ubuf->f_bavail) ||
-	    __put_user(kbuf->f_files, &ubuf->f_files) ||
-	    __put_user(kbuf->f_ffree, &ubuf->f_ffree) ||
-	    __put_user(kbuf->f_namelen, &ubuf->f_namelen) ||
-	    __put_user(kbuf->f_fsid.val[0], &ubuf->f_fsid.val[0]) ||
-	    __put_user(kbuf->f_fsid.val[1], &ubuf->f_fsid.val[1]) ||
-	    __put_user(kbuf->f_frsize, &ubuf->f_frsize) ||
-	    __put_user(kbuf->f_flags, &ubuf->f_flags) ||
-	    __clear_user(ubuf->f_spare, sizeof(ubuf->f_spare)))
+	memset(&buf, 0, sizeof(struct compat_statfs));
+	buf.f_type = kbuf->f_type;
+	buf.f_bsize = kbuf->f_bsize;
+	buf.f_blocks = kbuf->f_blocks;
+	buf.f_bfree = kbuf->f_bfree;
+	buf.f_bavail = kbuf->f_bavail;
+	buf.f_files = kbuf->f_files;
+	buf.f_ffree = kbuf->f_ffree;
+	buf.f_namelen = kbuf->f_namelen;
+	buf.f_fsid.val[0] = kbuf->f_fsid.val[0];
+	buf.f_fsid.val[1] = kbuf->f_fsid.val[1];
+	buf.f_frsize = kbuf->f_frsize;
+	buf.f_flags = kbuf->f_flags;
+	if (copy_to_user(ubuf, &buf, sizeof(struct compat_statfs)))
 		return -EFAULT;
 	return 0;
 }
@@ -299,6 +300,7 @@ COMPAT_SYSCALL_DEFINE2(fstatfs, unsigned int, fd, struct compat_statfs __user *,
 
 static int put_compat_statfs64(struct compat_statfs64 __user *ubuf, struct kstatfs *kbuf)
 {
+	struct compat_statfs64 buf;
 	if (sizeof(ubuf->f_bsize) == 4) {
 		if ((kbuf->f_type | kbuf->f_bsize | kbuf->f_namelen |
 		     kbuf->f_frsize | kbuf->f_flags) & 0xffffffff00000000ULL)
@@ -312,20 +314,20 @@ static int put_compat_statfs64(struct compat_statfs64 __user *ubuf, struct kstat
 		 && (kbuf->f_ffree & 0xffffffff00000000ULL))
 			return -EOVERFLOW;
 	}
-	if (!access_ok(VERIFY_WRITE, ubuf, sizeof(*ubuf)) ||
-	    __put_user(kbuf->f_type, &ubuf->f_type) ||
-	    __put_user(kbuf->f_bsize, &ubuf->f_bsize) ||
-	    __put_user(kbuf->f_blocks, &ubuf->f_blocks) ||
-	    __put_user(kbuf->f_bfree, &ubuf->f_bfree) ||
-	    __put_user(kbuf->f_bavail, &ubuf->f_bavail) ||
-	    __put_user(kbuf->f_files, &ubuf->f_files) ||
-	    __put_user(kbuf->f_ffree, &ubuf->f_ffree) ||
-	    __put_user(kbuf->f_namelen, &ubuf->f_namelen) ||
-	    __put_user(kbuf->f_fsid.val[0], &ubuf->f_fsid.val[0]) ||
-	    __put_user(kbuf->f_fsid.val[1], &ubuf->f_fsid.val[1]) ||
-	    __put_user(kbuf->f_frsize, &ubuf->f_frsize) ||
-	    __put_user(kbuf->f_flags, &ubuf->f_flags) ||
-	    __clear_user(ubuf->f_spare, sizeof(ubuf->f_spare)))
+	memset(&buf, 0, sizeof(struct compat_statfs64));
+	buf.f_type = kbuf->f_type;
+	buf.f_bsize = kbuf->f_bsize;
+	buf.f_blocks = kbuf->f_blocks;
+	buf.f_bfree = kbuf->f_bfree;
+	buf.f_bavail = kbuf->f_bavail;
+	buf.f_files = kbuf->f_files;
+	buf.f_ffree = kbuf->f_ffree;
+	buf.f_namelen = kbuf->f_namelen;
+	buf.f_fsid.val[0] = kbuf->f_fsid.val[0];
+	buf.f_fsid.val[1] = kbuf->f_fsid.val[1];
+	buf.f_frsize = kbuf->f_frsize;
+	buf.f_flags = kbuf->f_flags;
+	if (copy_to_user(ubuf, &buf, sizeof(struct compat_statfs64)))
 		return -EFAULT;
 	return 0;
 }
author	Linus Torvalds <torvalds@linux-foundation.org>	2017-07-05 23:13:32 +0300
committer	Linus Torvalds <torvalds@linux-foundation.org>	2017-07-05 23:13:32 +0300
commit	3bad2f1c676581d01e7645eb03e9b27e28b0a92e (patch)
tree	7e946eb2c7dab8c08e473ee1249be9a814728158 /fs/statfs.c
parent	b4b8cbf679c4866a523a35d1454884a31bd5d8dc (diff)
parent	8c6657cb50cb037ff58b3f6a547c6569568f3527 (diff)
download	linux-3bad2f1c676581d01e7645eb03e9b27e28b0a92e.tar.xz