| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 30 May 2020 00:40:26 +0100
From: Al Viro <viro@...IV.linux.org.uk>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
Don Brace <don.brace@...rosemi.com>, linux-scsi@...r.kernel.org
Subject: [PATCH 2/4] hpsa: don't bother with vmalloc for BIG_IOCTL_Command_struct
From: Al Viro <viro@...iv.linux.org.uk>
"BIG" in the name refers to the amount of data being transferred,
_not_ the size of structure itself; it's 140 or 144 bytes (for
32bit and 64bit hosts resp.). IOCTL_Command_struct is 136 or
144 bytes large...
No point whatsoever turning that into dynamic allocation, let
alone vmalloc one. Just keep it as local variable...
Signed-off-by: Al Viro <viro@...iv.linux.org.uk>
---
drivers/scsi/hpsa.c | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
index 3344a06c938e..64fd97272109 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
@@ -6619,21 +6619,17 @@ static int hpsa_ioctl(struct scsi_device *dev, unsigned int cmd,
return rc;
}
case CCISS_BIG_PASSTHRU: {
- BIG_IOCTL_Command_struct *ioc;
+ BIG_IOCTL_Command_struct ioc;
if (!argp)
return -EINVAL;
+ if (copy_from_user(&ioc, argp, sizeof(ioc)))
+ return -EFAULT;
if (atomic_dec_if_positive(&h->passthru_cmds_avail) < 0)
return -EAGAIN;
- ioc = vmemdup_user(argp, sizeof(*ioc));
- if (IS_ERR(ioc)) {
- atomic_inc(&h->passthru_cmds_avail);
- return PTR_ERR(ioc);
- }
- rc = hpsa_big_passthru_ioctl(h, ioc);
+ rc = hpsa_big_passthru_ioctl(h, &ioc);
atomic_inc(&h->passthru_cmds_avail);
- if (!rc && copy_to_user(argp, ioc, sizeof(*ioc)))
+ if (!rc && copy_to_user(argp, &ioc, sizeof(ioc)))
rc = -EFAULT;
- kvfree(ioc);
return rc;
}
default:
--
2.11.0
Powered by blists - more mailing lists