ipmi: get rid of field-by-field __get_user()

+37 -50

1 changed file

expand all

drivers

char

ipmi

ipmi_devintf.c

+37 -50

drivers/char/ipmi/ipmi_devintf.c

··· 704 704 /* 705 705 * Define some helper functions for copying IPMI data 706 706 */ 707 - static long get_compat_ipmi_msg(struct ipmi_msg *p64, 708 - struct compat_ipmi_msg __user *p32) 707 + static void get_compat_ipmi_msg(struct ipmi_msg *p64, 708 + struct compat_ipmi_msg *p32) 709 709 { 710 - compat_uptr_t tmp; 711 - 712 - if (!access_ok(VERIFY_READ, p32, sizeof(*p32)) || 713 - __get_user(p64->netfn, &p32->netfn) || 714 - __get_user(p64->cmd, &p32->cmd) || 715 - __get_user(p64->data_len, &p32->data_len) || 716 - __get_user(tmp, &p32->data)) 717 - return -EFAULT; 718 - p64->data = compat_ptr(tmp); 719 - return 0; 710 + p64->netfn = p32->netfn; 711 + p64->cmd = p32->cmd; 712 + p64->data_len = p32->data_len; 713 + p64->data = compat_ptr(p32->data); 720 714 } 721 715 722 - static long get_compat_ipmi_req(struct ipmi_req *p64, 723 - struct compat_ipmi_req __user *p32) 716 + static void get_compat_ipmi_req(struct ipmi_req *p64, 717 + struct compat_ipmi_req *p32) 724 718 { 725 - 726 - compat_uptr_t tmp; 727 - 728 - if (!access_ok(VERIFY_READ, p32, sizeof(*p32)) || 729 - __get_user(tmp, &p32->addr) || 730 - __get_user(p64->addr_len, &p32->addr_len) || 731 - __get_user(p64->msgid, &p32->msgid) || 732 - get_compat_ipmi_msg(&p64->msg, &p32->msg)) 733 - return -EFAULT; 734 - p64->addr = compat_ptr(tmp); 735 - return 0; 719 + p64->addr = compat_ptr(p32->addr); 720 + p64->addr_len = p32->addr_len; 721 + p64->msgid = p32->msgid; 722 + get_compat_ipmi_msg(&p64->msg, &p32->msg); 736 723 } 737 724 738 - static long get_compat_ipmi_req_settime(struct ipmi_req_settime *p64, 739 - struct compat_ipmi_req_settime __user *p32) 725 + static void get_compat_ipmi_req_settime(struct ipmi_req_settime *p64, 726 + struct compat_ipmi_req_settime *p32) 740 727 { 741 - if (!access_ok(VERIFY_READ, p32, sizeof(*p32)) || 742 - get_compat_ipmi_req(&p64->req, &p32->req) || 743 - __get_user(p64->retries, &p32->retries) || 744 - __get_user(p64->retry_time_ms, &p32->retry_time_ms)) 745 - return -EFAULT; 746 - return 0; 728 + get_compat_ipmi_req(&p64->req, &p32->req); 729 + p64->retries = p32->retries; 730 + p64->retry_time_ms = p32->retry_time_ms; 747 731 } 748 732 749 - static long get_compat_ipmi_recv(struct ipmi_recv *p64, 750 - struct compat_ipmi_recv __user *p32) 733 + static void get_compat_ipmi_recv(struct ipmi_recv *p64, 734 + struct compat_ipmi_recv *p32) 751 735 { 752 - compat_uptr_t tmp; 753 - 754 - if (!access_ok(VERIFY_READ, p32, sizeof(*p32)) || 755 - __get_user(p64->recv_type, &p32->recv_type) || 756 - __get_user(tmp, &p32->addr) || 757 - __get_user(p64->addr_len, &p32->addr_len) || 758 - __get_user(p64->msgid, &p32->msgid) || 759 - get_compat_ipmi_msg(&p64->msg, &p32->msg)) 760 - return -EFAULT; 761 - p64->addr = compat_ptr(tmp); 762 - return 0; 736 + memset(p64, 0, sizeof(struct ipmi_recv)); 737 + p64->recv_type = p32->recv_type; 738 + p64->addr = compat_ptr(p32->addr); 739 + p64->addr_len = p32->addr_len; 740 + p64->msgid = p32->msgid; 741 + get_compat_ipmi_msg(&p64->msg, &p32->msg); 763 742 } 764 743 765 744 static int copyout_recv32(struct ipmi_recv *p64, void __user *to) ··· 768 789 case COMPAT_IPMICTL_SEND_COMMAND: 769 790 { 770 791 struct ipmi_req rp; 792 + struct compat_ipmi_req r32; 771 793 772 - if (get_compat_ipmi_req(&rp, compat_ptr(arg))) 794 + if (copy_from_user(&r32, compat_ptr(arg), sizeof(r32))) 773 795 return -EFAULT; 796 + 797 + get_compat_ipmi_req(&rp, &r32); 774 798 775 799 return handle_send_req(priv->user, &rp, 776 800 priv->default_retries, ··· 782 800 case COMPAT_IPMICTL_SEND_COMMAND_SETTIME: 783 801 { 784 802 struct ipmi_req_settime sp; 803 + struct compat_ipmi_req_settime sp32; 785 804 786 - if (get_compat_ipmi_req_settime(&sp, compat_ptr(arg))) 805 + if (copy_from_user(&sp32, compat_ptr(arg), sizeof(sp32))) 787 806 return -EFAULT; 807 + 808 + get_compat_ipmi_req_settime(&sp, &sp32); 788 809 789 810 return handle_send_req(priv->user, &sp.req, 790 811 sp.retries, sp.retry_time_ms); ··· 796 811 case COMPAT_IPMICTL_RECEIVE_MSG_TRUNC: 797 812 { 798 813 struct ipmi_recv recv64; 814 + struct compat_ipmi_recv recv32; 799 815 800 - memset(&recv64, 0, sizeof(recv64)); 801 - if (get_compat_ipmi_recv(&recv64, compat_ptr(arg))) 816 + if (copy_from_user(&recv32, compat_ptr(arg), sizeof(recv32))) 802 817 return -EFAULT; 818 + 819 + get_compat_ipmi_recv(&recv64, &recv32); 803 820 804 821 return handle_recv(priv, 805 822 cmd == COMPAT_IPMICTL_RECEIVE_MSG_TRUNC,

Configure Feed

Configure Feed