rt2x00: use simple_read_from_buffer()

Message ID	20180822104126.2logh4tqxkmiomqy@kili.mountain (mailing list archive)
State	Accepted
Commit	f483039cf51acf30494cd754194562c22cf98764
Delegated to:	Kalle Valo
Headers	show Return-Path: <linux-wireless-owner@kernel.org> Date: Wed, 22 Aug 2018 13:41:26 +0300 From: Dan Carpenter <dan.carpenter@oracle.com> To: Stanislaw Gruszka <sgruszka@redhat.com> Cc: Helmut Schaa <helmut.schaa@googlemail.com>, Kalle Valo <kvalo@codeaurora.org>, "David S. Miller" <davem@davemloft.net>, linux-wireless@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: [PATCH] rt2x00: use simple_read_from_buffer() Message-ID: <20180822104126.2logh4tqxkmiomqy@kili.mountain> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk
Series	rt2x00: use simple_read_from_buffer() \| expand rt2x00: use simple_read_from_buffer()

Message ID

20180822104126.2logh4tqxkmiomqy@kili.mountain (mailing list archive)

State

Accepted

Commit

f483039cf51acf30494cd754194562c22cf98764

Delegated to:

Kalle Valo

Headers

show

Return-Path: <linux-wireless-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 884EF920
	for <patchwork-linux-wireless@patchwork.kernel.org>;
 Wed, 22 Aug 2018 10:41:49 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 76F9D2B008
	for <patchwork-linux-wireless@patchwork.kernel.org>;
 Wed, 22 Aug 2018 10:41:49 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 6A3A62B00B; Wed, 22 Aug 2018 10:41:49 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI,
	UNPARSEABLE_RELAY autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 12EB42B008
	for <patchwork-linux-wireless@patchwork.kernel.org>;
 Wed, 22 Aug 2018 10:41:49 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728525AbeHVOGE (ORCPT
        <rfc822;patchwork-linux-wireless@patchwork.kernel.org>);
        Wed, 22 Aug 2018 10:06:04 -0400
Received: from aserp2120.oracle.com ([141.146.126.78]:55092 "EHLO
        aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726849AbeHVOGE (ORCPT
        <rfc822;linux-wireless@vger.kernel.org>);
        Wed, 22 Aug 2018 10:06:04 -0400
Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1])
        by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id
 w7MAcvlk046047;
        Wed, 22 Aug 2018 10:41:36 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com;
 h=date : from : to : cc
 : subject : message-id : mime-version : content-type; s=corp-2018-07-02;
 bh=A5c40/uvDvttwKzB3R0PW5toCQ8i8VU3FJwIe4luCNE=;
 b=YNUXNF13NLZzXHubAkfZ4Br+SBvTuReMCiJ5bu6mIEs2CU1C4+qL94KxsQ1FZPc1nECj
 ZZN1aT0iHwpEqBAMp1XGQ5sVH+FynWyQ/jRbHqwWXoBSZQ0sVy8CMdah+/ktuZIBvTyP
 Y+Nosp3HKEP7Esk+Zvbgb3O4gZuwqoH6xZiWDfIVlJb10kJ9KppTkxt4t87UdBK30GPQ
 3Rmvy6fp3OMhoDz/2zY6mMrzcn15f9tDLvm5W66/7JVNX6iQZ+n/n0DR9LJwnTXLz5Ep
 OUeKtFDGfXFNYO5mZIdIJyqzzQGc6+XxF2FwSy6L3MjPQYoJkGHO0uCS1nfLKC+tyYFl og==
Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234])
        by aserp2120.oracle.com with ESMTP id 2kxbdq1ewb-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
 verify=OK);
        Wed, 22 Aug 2018 10:41:35 +0000
Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236])
        by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w7MAfZg4032674
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
 verify=OK);
        Wed, 22 Aug 2018 10:41:35 GMT
Received: from abhmp0003.oracle.com (abhmp0003.oracle.com [141.146.116.9])
        by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w7MAfYJB022519;
        Wed, 22 Aug 2018 10:41:34 GMT
Received: from kili.mountain (/197.232.248.111)
        by default (Oracle Beehive Gateway v4.0)
        with ESMTP ; Wed, 22 Aug 2018 03:41:33 -0700
Date: Wed, 22 Aug 2018 13:41:26 +0300
From: Dan Carpenter <dan.carpenter@oracle.com>
To: Stanislaw Gruszka <sgruszka@redhat.com>
Cc: Helmut Schaa <helmut.schaa@googlemail.com>,
        Kalle Valo <kvalo@codeaurora.org>,
        "David S. Miller" <davem@davemloft.net>,
        linux-wireless@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: [PATCH] rt2x00: use simple_read_from_buffer()
Message-ID: <20180822104126.2logh4tqxkmiomqy@kili.mountain>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Mailer: git-send-email haha only kidding
User-Agent: NeoMutt/20170113 (1.7.2)
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8992
 signatures=668707
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0
 malwarescore=0
 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=787
 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.0.1-1807170000 definitions=main-1808220109
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Series

rt2x00: use simple_read_from_buffer() | expand

Commit Message

Dan Carpenter Aug. 22, 2018, 10:41 a.m. UTC

The problem with this copy_to_user() calls is that they don't ensure
that "size" is less than the "length" which the user provided.

Obviously, this is debugfs and "size" is normally going to be very small
so it probably doesn't matter, but this is the correct thing to do.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
From static analysis.  Not tested.

Comments

Stanislaw Gruszka Aug. 22, 2018, 1:32 p.m. UTC | #1

On Wed, Aug 22, 2018 at 01:41:26PM +0300, Dan Carpenter wrote:
> The problem with this copy_to_user() calls is that they don't ensure
> that "size" is less than the "length" which the user provided.
> 
> Obviously, this is debugfs and "size" is normally going to be very small
> so it probably doesn't matter, but this is the correct thing to do.
> 
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

Acked-by: Stanislaw Gruszka <sgruszka@redhat.com>

Kalle Valo Aug. 31, 2018, 3:47 p.m. UTC | #2

Dan Carpenter <dan.carpenter@oracle.com> wrote:

> The problem with this copy_to_user() calls is that they don't ensure
> that "size" is less than the "length" which the user provided.
> 
> Obviously, this is debugfs and "size" is normally going to be very small
> so it probably doesn't matter, but this is the correct thing to do.
> 
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> Acked-by: Stanislaw Gruszka <sgruszka@redhat.com>

Patch applied to wireless-drivers-next.git, thanks.

f483039cf51a rt2x00: use simple_read_from_buffer()

diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00debug.c b/drivers/net/wireless/ralink/rt2x00/rt2x00debug.c
index acc399b5574e..61ba573e8bf1 100644
--- a/drivers/net/wireless/ralink/rt2x00/rt2x00debug.c
+++ b/drivers/net/wireless/ralink/rt2x00/rt2x00debug.c
@@ -464,11 +464,7 @@  static ssize_t rt2x00debug_read_##__name(struct file *file,	\
 								\
 	size = sprintf(line, __format, value);			\
 								\
-	if (copy_to_user(buf, line, size))			\
-		return -EFAULT;					\
-								\
-	*offset += size;					\
-	return size;						\
+	return simple_read_from_buffer(buf, length, offset, line, size); \
 }
 
 #define RT2X00DEBUGFS_OPS_WRITE(__name, __type)			\
@@ -545,11 +541,7 @@  static ssize_t rt2x00debug_read_dev_flags(struct file *file,
 
 	size = sprintf(line, "0x%.8x\n", (unsigned int)intf->rt2x00dev->flags);
 
-	if (copy_to_user(buf, line, size))
-		return -EFAULT;
-
-	*offset += size;
-	return size;
+	return simple_read_from_buffer(buf, length, offset, line, size);
 }
 
 static const struct file_operations rt2x00debug_fop_dev_flags = {
@@ -574,11 +566,7 @@  static ssize_t rt2x00debug_read_cap_flags(struct file *file,
 
 	size = sprintf(line, "0x%.8x\n", (unsigned int)intf->rt2x00dev->cap_flags);
 
-	if (copy_to_user(buf, line, size))
-		return -EFAULT;
-
-	*offset += size;
-	return size;
+	return simple_read_from_buffer(buf, length, offset, line, size);
 }
 
 static const struct file_operations rt2x00debug_fop_cap_flags = {