fs/readdir.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/fs/readdir.c b/fs/readdir.c index 9d0212c374d6..03324f54c0e9 100644 --- a/fs/readdir.c +++ b/fs/readdir.c @@ -184,25 +184,27 @@ static int filldir(struct dir_context *ctx, const char *name, int namlen, if (dirent) { if (signal_pending(current)) return -EINTR; - if (__put_user(offset, &dirent->d_off)) - goto efault; } + + user_access_begin(); + if (dirent) + unsafe_put_user(offset, &dirent->d_off, efault_end); dirent = buf->current_dir; - if (__put_user(d_ino, &dirent->d_ino)) - goto efault; - if (__put_user(reclen, &dirent->d_reclen)) - goto efault; + unsafe_put_user(d_ino, &dirent->d_ino, efault_end); + unsafe_put_user(reclen, &dirent->d_reclen, efault_end); + unsafe_put_user(0, dirent->d_name + namlen, efault_end); + unsafe_put_user(d_type, (char __user *) dirent + reclen - 1, efault_end); + user_access_end(); + if (copy_to_user(dirent->d_name, name, namlen)) goto efault; - if (__put_user(0, dirent->d_name + namlen)) - goto efault; - if (__put_user(d_type, (char __user *) dirent + reclen - 1)) - goto efault; buf->previous = dirent; dirent = (void __user *)dirent + reclen; buf->current_dir = dirent; buf->count -= reclen; return 0; +efault_end: + user_access_end(); efault: buf->error = -EFAULT; return -EFAULT;