git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit

author	James Hogan <james.hogan@imgtec.com>
	Fri, 31 Mar 2017 10:14:02 +0000 (11:14 +0100)
committer	Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
	Thu, 27 Apr 2017 13:04:01 +0000 (10:04 -0300)
commit	4c9919c45fd0cea6cb5a6ae6647185097919254a
tree	a4c3c480814a655f9c3264824bd727841341ec18	tree
parent	1e7e6133e4bbb31c587d686bea099db66a31a51a	commit \| diff

metag/usercopy: Zero rest of buffer from copy_from_user

BugLink: http://bugs.launchpad.net/bugs/1682140
commit 563ddc1076109f2b3f88e6d355eab7b6fd4662cb upstream.

Currently we try to zero the destination for a failed read from userland
in fixup code in the usercopy.c macros. The rest of the destination
buffer is then zeroed from __copy_user_zeroing(), which is used for both
copy_from_user() and __copy_from_user().

Unfortunately we fail to zero in the fixup code as D1Ar1 is set to 0
before the fixup code entry labels, and __copy_from_user() shouldn't even
be zeroing the rest of the buffer.

Move the zeroing out into copy_from_user() and rename
__copy_user_zeroing() to raw_copy_from_user() since it no longer does
any zeroing. This also conveniently matches the name needed for
RAW_COPY_USER support in a later patch.

Fixes: 373cd784d0fc ("metag: Memory handling")
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: linux-metag@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

arch/metag/include/asm/uaccess.h		diff \| blob \| blame \| history
arch/metag/lib/usercopy.c		diff \| blob \| blame \| history