[openib-general] [PATCH] Check copy_from_user in user_mad.c
Roland Dreier
roland at topspin.com
Thu Jun 16 15:52:57 PDT 2005
We should be checking the return value of copy_from_user(), right?
--- infiniband/core/user_mad.c (revision 2641)
+++ infiniband/core/user_mad.c (working copy)
@@ -355,18 +355,26 @@ static ssize_t ib_umad_write(struct file
if (!rmpp_active) {
/* Copy message from user into send buffer */
- copy_from_user(packet->msg->mad,
- buf + sizeof(struct ib_user_mad), length);
+ if (copy_from_user(packet->msg->mad,
+ buf + sizeof(struct ib_user_mad), length)) {
+ ret = -EFAULT;
+ goto err_msg;
+ }
} else {
rmpp_hdr_size = sizeof(struct ib_mad_hdr) +
sizeof(struct ib_rmpp_hdr);
+
/* Only copy MAD headers (RMPP header in place) */
memcpy(packet->msg->mad, packet->mad.data,
sizeof(struct ib_mad_hdr));
+
/* Now, copy rest of message from user into send buffer */
- copy_from_user(((struct ib_rmpp_mad *)packet->msg->mad)->data,
- buf + sizeof(struct ib_user_mad) + rmpp_hdr_size,
- length - rmpp_hdr_size);
+ if (copy_from_user(((struct ib_rmpp_mad *) packet->msg->mad)->data,
+ buf + sizeof (struct ib_user_mad) + rmpp_hdr_size,
+ length - rmpp_hdr_size)) {
+ ret = -EFAULT;
+ goto err_msg;
+ }
}
/*
More information about the general
mailing list