Re: [PATCH][2/2] ide-tape: small cleanups - handle copy_to|from_user()failures
From: Jesper Juhl
Date: Sun Nov 28 2004 - 16:08:37 EST
On Sun, 28 Nov 2004, Jesper Juhl wrote:
> On Sun, 28 Nov 2004, Alan Cox wrote:
>
> > On Sul, 2004-11-28 at 16:32, Jesper Juhl wrote:
> > > #endif /* IDETAPE_DEBUG_BUGS */
> > > count = min((unsigned int)(bh->b_size - atomic_read(&bh->b_count)), (unsigned int)n);
> > > - copy_from_user(bh->b_data + atomic_read(&bh->b_count), buf, count);
> > > + if (copy_from_user(bh->b_data + atomic_read(&bh->b_count), buf, count))
> > > + return -EFAULT;
> > > n -= count;
> > > atomic_add(count, &bh->b_count);
> > > buf += count;
> >
> > If you do this then you don't fix up tape->bh for further operations.
>
> True, if copy_from_user fails it just bails out, I didn't see anything
> really bad that could happen from that, but I'm an idiot, looking at it
> again I guess it could probably mess up tape->bh pretty bad.
> Guess I need to go back and look at this in greater detail.
Does this really matter though? if copy_from_user fails here the function
bails out, and with the other changes I made the caller will bail out as
well with the effect that the entire IO operation will fail. and once a
new read or write is submitted we get a brand new tape->bh
Am I completely brain-dead or is it not in fact OK as I wrote it the first
time?
--
Jesper Juhl
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/