[PATCH 2/2] net/9p: Return error on read with NULL buffer

From: Aneesh Kumar K.V
Date: Mon Oct 18 2010 - 10:41:10 EST


From: Sanchit Garg <sancgarg@xxxxxxxxxxxxxxxxxx>

This patch ensures that a read(fd, NULL, 0 ) returns EFAULT on a 9p file.

Signed-off-by: Sanchit Garg <sancgarg@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@xxxxxxxxxxxxxxxxxx>
---
net/9p/client.c | 10 ++++++----
1 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/net/9p/client.c b/net/9p/client.c
index e141e46..d5344d8 100644
--- a/net/9p/client.c
+++ b/net/9p/client.c
@@ -1313,6 +1313,11 @@ p9_client_read(struct p9_fid *fid, char *data, char __user *udata, u64 offset,
rsize = fid->iounit;
if (!rsize || rsize > clnt->msize-P9_IOHDRSZ)
rsize = clnt->msize - P9_IOHDRSZ;
+ /*
+ * A read with NULL user buffer cause EFAULT error
+ */
+ if (!data && !udata)
+ return -EFAULT;

if (count < rsize)
rsize = count;
@@ -1333,16 +1338,13 @@ p9_client_read(struct p9_fid *fid, char *data, char __user *udata, u64 offset,

if (data) {
memmove(data, dataptr, count);
- }
-
- if (udata) {
+ } else {
err = copy_to_user(udata, dataptr, count);
if (err) {
err = -EFAULT;
goto free_and_error;
}
}
-
p9_free_req(clnt, req);
return count;

--
1.7.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/