diff options
| author | James Hogan <james.hogan@imgtec.com> | 2017-03-31 11:14:02 +0100 |
|---|---|---|
| committer | Mister Oyster <oysterized@gmail.com> | 2017-07-04 12:11:19 +0200 |
| commit | ae2c12cd7763aab943fd39e6bc07c29e9dd15cc0 (patch) | |
| tree | cc197ad3c582472564232cd2ff359ae47024601c /arch/powerpc/kernel/align.c | |
| parent | 38f24625d9665854d6dbd79fbe67b5960534f6ad (diff) | |
metag/usercopy: Zero rest of buffer from copy_from_user
commit 563ddc1076109f2b3f88e6d355eab7b6fd4662cb upstream.
Currently we try to zero the destination for a failed read from userland
in fixup code in the usercopy.c macros. The rest of the destination
buffer is then zeroed from __copy_user_zeroing(), which is used for both
copy_from_user() and __copy_from_user().
Unfortunately we fail to zero in the fixup code as D1Ar1 is set to 0
before the fixup code entry labels, and __copy_from_user() shouldn't even
be zeroing the rest of the buffer.
Move the zeroing out into copy_from_user() and rename
__copy_user_zeroing() to raw_copy_from_user() since it no longer does
any zeroing. This also conveniently matches the name needed for
RAW_COPY_USER support in a later patch.
Fixes: 373cd784d0fc ("metag: Memory handling")
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: linux-metag@vger.kernel.org
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Diffstat (limited to 'arch/powerpc/kernel/align.c')
0 files changed, 0 insertions, 0 deletions