This series drop invalid user-pointer checks from ioctl handlers (which
tend to get replicated in new drivers).
Note that only the rocket driver has been compile tested.
Johan
Johan Hovold (3):
tty: amiserial: fix invalid user-pointer check
tty: rocket: fix invalid user-pointer checks
serial: crisv10: fix invalid user-pointer check
drivers/tty/amiserial.c | 2 --
drivers/tty/rocket.c | 4 ----
drivers/tty/serial/crisv10.c | 2 --
3 files changed, 8 deletions(-)
--
2.7.3
Drop invalid user-pointer checks from custom ioctl handlers.
A NULL-pointer can be valid in user space and copy_to_user() takes care
of sanity checking.
Signed-off-by: Johan Hovold <[email protected]>
---
drivers/tty/rocket.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/drivers/tty/rocket.c b/drivers/tty/rocket.c
index b0cc47c77b40..d66c1edd9892 100644
--- a/drivers/tty/rocket.c
+++ b/drivers/tty/rocket.c
@@ -1189,8 +1189,6 @@ static int get_config(struct r_port *info, struct rocket_config __user *retinfo)
{
struct rocket_config tmp;
- if (!retinfo)
- return -EFAULT;
memset(&tmp, 0, sizeof (tmp));
mutex_lock(&info->port.mutex);
tmp.line = info->line;
@@ -1255,8 +1253,6 @@ static int get_ports(struct r_port *info, struct rocket_ports __user *retports)
struct rocket_ports tmp;
int board;
- if (!retports)
- return -EFAULT;
memset(&tmp, 0, sizeof (tmp));
tmp.tty_major = rocket_driver->major;
--
2.7.3
Drop invalid user-pointer check from TIOCGSERIAL handler.
A NULL-pointer can be valid in user space and copy_to_user() takes care
of sanity checking.
Signed-off-by: Johan Hovold <[email protected]>
---
drivers/tty/amiserial.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/tty/amiserial.c b/drivers/tty/amiserial.c
index 208f573495dc..dfbb974927f2 100644
--- a/drivers/tty/amiserial.c
+++ b/drivers/tty/amiserial.c
@@ -1012,8 +1012,6 @@ static int get_serial_info(struct tty_struct *tty, struct serial_state *state,
{
struct serial_struct tmp;
- if (!retinfo)
- return -EFAULT;
memset(&tmp, 0, sizeof(tmp));
tty_lock(tty);
tmp.line = tty->index;
--
2.7.3
Drop invalid user-pointer check from TIOCGSERIAL handler.
A NULL-pointer can be valid in user space and copy_to_user() takes care
of sanity checking.
Cc: Mikael Starvik <[email protected]>
Cc: Jesper Nilsson <[email protected]>
Cc: [email protected]
Signed-off-by: Johan Hovold <[email protected]>
---
drivers/tty/serial/crisv10.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/tty/serial/crisv10.c b/drivers/tty/serial/crisv10.c
index 315c84979b18..d4cb6ff52e7a 100644
--- a/drivers/tty/serial/crisv10.c
+++ b/drivers/tty/serial/crisv10.c
@@ -3214,8 +3214,6 @@ get_serial_info(struct e100_serial * info,
* should set them to something else than 0.
*/
- if (!retinfo)
- return -EFAULT;
memset(&tmp, 0, sizeof(tmp));
tmp.type = info->type;
tmp.line = info->line;
--
2.7.3
On Tue, Nov 08, 2016 at 01:24:55PM +0100, Johan Hovold wrote:
> Drop invalid user-pointer check from TIOCGSERIAL handler.
>
> A NULL-pointer can be valid in user space and copy_to_user() takes care
> of sanity checking.
>
> Cc: Mikael Starvik <[email protected]>
Acked-by: Jesper Nilsson <[email protected]>
> Cc: [email protected]
> Signed-off-by: Johan Hovold <[email protected]>
/^JN - Jesper Nilsson
--
Jesper Nilsson -- [email protected]