diff options
Diffstat (limited to 'package/kernel/mac80211/patches/rt2x00/001-rt2x00-use-simple_read_from_buffer.patch')
-rw-r--r-- | package/kernel/mac80211/patches/rt2x00/001-rt2x00-use-simple_read_from_buffer.patch | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/package/kernel/mac80211/patches/rt2x00/001-rt2x00-use-simple_read_from_buffer.patch b/package/kernel/mac80211/patches/rt2x00/001-rt2x00-use-simple_read_from_buffer.patch new file mode 100644 index 0000000000..1319cc244c --- /dev/null +++ b/package/kernel/mac80211/patches/rt2x00/001-rt2x00-use-simple_read_from_buffer.patch @@ -0,0 +1,59 @@ +From f483039cf51acf30494cd754194562c22cf98764 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter <dan.carpenter@oracle.com> +Date: Wed, 22 Aug 2018 13:41:26 +0300 +Subject: [PATCH 01/28] rt2x00: use simple_read_from_buffer() + +The problem with this copy_to_user() calls is that they don't ensure +that "size" is less than the "length" which the user provided. + +Obviously, this is debugfs and "size" is normally going to be very small +so it probably doesn't matter, but this is the correct thing to do. + +Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> +Acked-by: Stanislaw Gruszka <sgruszka@redhat.com> +Signed-off-by: Kalle Valo <kvalo@codeaurora.org> +--- + .../net/wireless/ralink/rt2x00/rt2x00debug.c | 18 +++--------------- + 1 file changed, 3 insertions(+), 15 deletions(-) + +--- a/drivers/net/wireless/ralink/rt2x00/rt2x00debug.c ++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00debug.c +@@ -464,11 +464,7 @@ static ssize_t rt2x00debug_read_##__name + \ + size = sprintf(line, __format, value); \ + \ +- if (copy_to_user(buf, line, size)) \ +- return -EFAULT; \ +- \ +- *offset += size; \ +- return size; \ ++ return simple_read_from_buffer(buf, length, offset, line, size); \ + } + + #define RT2X00DEBUGFS_OPS_WRITE(__name, __type) \ +@@ -545,11 +541,7 @@ static ssize_t rt2x00debug_read_dev_flag + + size = sprintf(line, "0x%.8x\n", (unsigned int)intf->rt2x00dev->flags); + +- if (copy_to_user(buf, line, size)) +- return -EFAULT; +- +- *offset += size; +- return size; ++ return simple_read_from_buffer(buf, length, offset, line, size); + } + + static const struct file_operations rt2x00debug_fop_dev_flags = { +@@ -574,11 +566,7 @@ static ssize_t rt2x00debug_read_cap_flag + + size = sprintf(line, "0x%.8x\n", (unsigned int)intf->rt2x00dev->cap_flags); + +- if (copy_to_user(buf, line, size)) +- return -EFAULT; +- +- *offset += size; +- return size; ++ return simple_read_from_buffer(buf, length, offset, line, size); + } + + static const struct file_operations rt2x00debug_fop_cap_flags = { |