1 files changed, 30 insertions, 28 deletions
diff --git a/fs/statfs.c b/fs/statfs.c
index 4e4623c7a126..41a6a82da5e2 100644
--- a/fs/statfs.c
+++ b/fs/statfs.c
@@ -244,6 +244,7 @@ SYSCALL_DEFINE2(ustat, unsigned, dev, struct ustat __user *, ubuf)
 #ifdef CONFIG_COMPAT
 static int put_compat_statfs(struct compat_statfs __user *ubuf, struct kstatfs *kbuf)
 {
+        struct compat_statfs buf;
        if (sizeof ubuf->f_blocks == 4) {
                if ((kbuf->f_blocks | kbuf->f_bfree | kbuf->f_bavail |
                     kbuf->f_bsize | kbuf->f_frsize) & 0xffffffff00000000ULL)
@@ -257,20 +258,20 @@ static int put_compat_statfs(struct compat_statfs __user *ubuf, struct kstatfs *
                 && (kbuf->f_ffree & 0xffffffff00000000ULL))
                        return -EOVERFLOW;
        }
-        if (!access_ok(VERIFY_WRITE, ubuf, sizeof(*ubuf)) ||
+        memset(&buf, 0, sizeof(struct compat_statfs));
-            __put_user(kbuf->f_type, &ubuf->f_type) ||
+        buf.f_type = kbuf->f_type;
-            __put_user(kbuf->f_bsize, &ubuf->f_bsize) ||
+        buf.f_bsize = kbuf->f_bsize;
-            __put_user(kbuf->f_blocks, &ubuf->f_blocks) ||
+        buf.f_blocks = kbuf->f_blocks;
-            __put_user(kbuf->f_bfree, &ubuf->f_bfree) ||
+        buf.f_bfree = kbuf->f_bfree;
-            __put_user(kbuf->f_bavail, &ubuf->f_bavail) ||
+        buf.f_bavail = kbuf->f_bavail;
-            __put_user(kbuf->f_files, &ubuf->f_files) ||
+        buf.f_files = kbuf->f_files;
-            __put_user(kbuf->f_ffree, &ubuf->f_ffree) ||
+        buf.f_ffree = kbuf->f_ffree;
-            __put_user(kbuf->f_namelen, &ubuf->f_namelen) ||
+        buf.f_namelen = kbuf->f_namelen;
-            __put_user(kbuf->f_fsid.val[0], &ubuf->f_fsid.val[0]) ||
+        buf.f_fsid.val[0] = kbuf->f_fsid.val[0];
-            __put_user(kbuf->f_fsid.val[1], &ubuf->f_fsid.val[1]) ||
+        buf.f_fsid.val[1] = kbuf->f_fsid.val[1];
-            __put_user(kbuf->f_frsize, &ubuf->f_frsize) ||
+        buf.f_frsize = kbuf->f_frsize;
-            __put_user(kbuf->f_flags, &ubuf->f_flags) ||
+        buf.f_flags = kbuf->f_flags;
-            __clear_user(ubuf->f_spare, sizeof(ubuf->f_spare)))
+        if (copy_to_user(ubuf, &buf, sizeof(struct compat_statfs)))
                return -EFAULT;
        return 0;
 }
@@ -299,6 +300,7 @@ COMPAT_SYSCALL_DEFINE2(fstatfs, unsigned int, fd, struct compat_statfs __user *,
 static int put_compat_statfs64(struct compat_statfs64 __user *ubuf, struct kstatfs *kbuf)
 {
+        struct compat_statfs64 buf;
        if (sizeof(ubuf->f_bsize) == 4) {
                if ((kbuf->f_type | kbuf->f_bsize | kbuf->f_namelen |
                     kbuf->f_frsize | kbuf->f_flags) & 0xffffffff00000000ULL)
@@ -312,20 +314,20 @@ static int put_compat_statfs64(struct compat_statfs64 __user *ubuf, struct kstat
                 && (kbuf->f_ffree & 0xffffffff00000000ULL))
                        return -EOVERFLOW;
        }
-        if (!access_ok(VERIFY_WRITE, ubuf, sizeof(*ubuf)) ||
+        memset(&buf, 0, sizeof(struct compat_statfs64));
-            __put_user(kbuf->f_type, &ubuf->f_type) ||
+        buf.f_type = kbuf->f_type;
-            __put_user(kbuf->f_bsize, &ubuf->f_bsize) ||
+        buf.f_bsize = kbuf->f_bsize;
-            __put_user(kbuf->f_blocks, &ubuf->f_blocks) ||
+        buf.f_blocks = kbuf->f_blocks;
-            __put_user(kbuf->f_bfree, &ubuf->f_bfree) ||
+        buf.f_bfree = kbuf->f_bfree;
-            __put_user(kbuf->f_bavail, &ubuf->f_bavail) ||
+        buf.f_bavail = kbuf->f_bavail;
-            __put_user(kbuf->f_files, &ubuf->f_files) ||
+        buf.f_files = kbuf->f_files;
-            __put_user(kbuf->f_ffree, &ubuf->f_ffree) ||
+        buf.f_ffree = kbuf->f_ffree;
-            __put_user(kbuf->f_namelen, &ubuf->f_namelen) ||
+        buf.f_namelen = kbuf->f_namelen;
-            __put_user(kbuf->f_fsid.val[0], &ubuf->f_fsid.val[0]) ||
+        buf.f_fsid.val[0] = kbuf->f_fsid.val[0];
-            __put_user(kbuf->f_fsid.val[1], &ubuf->f_fsid.val[1]) ||
+        buf.f_fsid.val[1] = kbuf->f_fsid.val[1];
-            __put_user(kbuf->f_frsize, &ubuf->f_frsize) ||
+        buf.f_frsize = kbuf->f_frsize;
-            __put_user(kbuf->f_flags, &ubuf->f_flags) ||
+        buf.f_flags = kbuf->f_flags;
-            __clear_user(ubuf->f_spare, sizeof(ubuf->f_spare)))
+        if (copy_to_user(ubuf, &buf, sizeof(struct compat_statfs64)))
                return -EFAULT;
        return 0;
 }

diff --git a/fs/statfs.c b/fs/statfs.c index 4e4623c7a126..41a6a82da5e2 100644 --- a/fs/statfs.c +++ b/fs/statfs.c
@@ -244,6 +244,7 @@ SYSCALL_DEFINE2(ustat, unsigned, dev, struct ustat __user *, ubuf)
244	#ifdef CONFIG_COMPAT	244	#ifdef CONFIG_COMPAT
245	static int put_compat_statfs(struct compat_statfs __user ubuf, struct kstatfs kbuf)	245	static int put_compat_statfs(struct compat_statfs __user ubuf, struct kstatfs kbuf)
246	{	246	{
		247	struct compat_statfs buf;
247	if (sizeof ubuf->f_blocks == 4) {	248	if (sizeof ubuf->f_blocks == 4) {
248	if ((kbuf->f_blocks \| kbuf->f_bfree \| kbuf->f_bavail \|	249	if ((kbuf->f_blocks \| kbuf->f_bfree \| kbuf->f_bavail \|
249	kbuf->f_bsize \| kbuf->f_frsize) & 0xffffffff00000000ULL)	250	kbuf->f_bsize \| kbuf->f_frsize) & 0xffffffff00000000ULL)
@@ -257,20 +258,20 @@ static int put_compat_statfs(struct compat_statfs __user ubuf, struct kstatfs
257	&& (kbuf->f_ffree & 0xffffffff00000000ULL))	258	&& (kbuf->f_ffree & 0xffffffff00000000ULL))
258	return -EOVERFLOW;	259	return -EOVERFLOW;
259	}	260	}
260	if (!access_ok(VERIFY_WRITE, ubuf, sizeof(*ubuf)) \|\|	261	memset(&buf, 0, sizeof(struct compat_statfs));
261	__put_user(kbuf->f_type, &ubuf->f_type) \|\|	262	buf.f_type = kbuf->f_type;
262	__put_user(kbuf->f_bsize, &ubuf->f_bsize) \|\|	263	buf.f_bsize = kbuf->f_bsize;
263	__put_user(kbuf->f_blocks, &ubuf->f_blocks) \|\|	264	buf.f_blocks = kbuf->f_blocks;
264	__put_user(kbuf->f_bfree, &ubuf->f_bfree) \|\|	265	buf.f_bfree = kbuf->f_bfree;
265	__put_user(kbuf->f_bavail, &ubuf->f_bavail) \|\|	266	buf.f_bavail = kbuf->f_bavail;
266	__put_user(kbuf->f_files, &ubuf->f_files) \|\|	267	buf.f_files = kbuf->f_files;
267	__put_user(kbuf->f_ffree, &ubuf->f_ffree) \|\|	268	buf.f_ffree = kbuf->f_ffree;
268	__put_user(kbuf->f_namelen, &ubuf->f_namelen) \|\|	269	buf.f_namelen = kbuf->f_namelen;
269	__put_user(kbuf->f_fsid.val[0], &ubuf->f_fsid.val[0]) \|\|	270	buf.f_fsid.val[0] = kbuf->f_fsid.val[0];
270	__put_user(kbuf->f_fsid.val[1], &ubuf->f_fsid.val[1]) \|\|	271	buf.f_fsid.val[1] = kbuf->f_fsid.val[1];
271	__put_user(kbuf->f_frsize, &ubuf->f_frsize) \|\|	272	buf.f_frsize = kbuf->f_frsize;
272	__put_user(kbuf->f_flags, &ubuf->f_flags) \|\|	273	buf.f_flags = kbuf->f_flags;
273	__clear_user(ubuf->f_spare, sizeof(ubuf->f_spare)))	274	if (copy_to_user(ubuf, &buf, sizeof(struct compat_statfs)))
274	return -EFAULT;	275	return -EFAULT;
275	return 0;	276	return 0;
276	}	277	}
@@ -299,6 +300,7 @@ COMPAT_SYSCALL_DEFINE2(fstatfs, unsigned int, fd, struct compat_statfs __user *,
299		300
300	static int put_compat_statfs64(struct compat_statfs64 __user ubuf, struct kstatfs kbuf)	301	static int put_compat_statfs64(struct compat_statfs64 __user ubuf, struct kstatfs kbuf)
301	{	302	{
		303	struct compat_statfs64 buf;
302	if (sizeof(ubuf->f_bsize) == 4) {	304	if (sizeof(ubuf->f_bsize) == 4) {
303	if ((kbuf->f_type \| kbuf->f_bsize \| kbuf->f_namelen \|	305	if ((kbuf->f_type \| kbuf->f_bsize \| kbuf->f_namelen \|
304	kbuf->f_frsize \| kbuf->f_flags) & 0xffffffff00000000ULL)	306	kbuf->f_frsize \| kbuf->f_flags) & 0xffffffff00000000ULL)
@@ -312,20 +314,20 @@ static int put_compat_statfs64(struct compat_statfs64 __user *ubuf, struct kstat
312	&& (kbuf->f_ffree & 0xffffffff00000000ULL))	314	&& (kbuf->f_ffree & 0xffffffff00000000ULL))
313	return -EOVERFLOW;	315	return -EOVERFLOW;
314	}	316	}
315	if (!access_ok(VERIFY_WRITE, ubuf, sizeof(*ubuf)) \|\|	317	memset(&buf, 0, sizeof(struct compat_statfs64));
316	__put_user(kbuf->f_type, &ubuf->f_type) \|\|	318	buf.f_type = kbuf->f_type;
317	__put_user(kbuf->f_bsize, &ubuf->f_bsize) \|\|	319	buf.f_bsize = kbuf->f_bsize;
318	__put_user(kbuf->f_blocks, &ubuf->f_blocks) \|\|	320	buf.f_blocks = kbuf->f_blocks;
319	__put_user(kbuf->f_bfree, &ubuf->f_bfree) \|\|	321	buf.f_bfree = kbuf->f_bfree;
320	__put_user(kbuf->f_bavail, &ubuf->f_bavail) \|\|	322	buf.f_bavail = kbuf->f_bavail;
321	__put_user(kbuf->f_files, &ubuf->f_files) \|\|	323	buf.f_files = kbuf->f_files;
322	__put_user(kbuf->f_ffree, &ubuf->f_ffree) \|\|	324	buf.f_ffree = kbuf->f_ffree;
323	__put_user(kbuf->f_namelen, &ubuf->f_namelen) \|\|	325	buf.f_namelen = kbuf->f_namelen;
324	__put_user(kbuf->f_fsid.val[0], &ubuf->f_fsid.val[0]) \|\|	326	buf.f_fsid.val[0] = kbuf->f_fsid.val[0];
325	__put_user(kbuf->f_fsid.val[1], &ubuf->f_fsid.val[1]) \|\|	327	buf.f_fsid.val[1] = kbuf->f_fsid.val[1];
326	__put_user(kbuf->f_frsize, &ubuf->f_frsize) \|\|	328	buf.f_frsize = kbuf->f_frsize;
327	__put_user(kbuf->f_flags, &ubuf->f_flags) \|\|	329	buf.f_flags = kbuf->f_flags;
328	__clear_user(ubuf->f_spare, sizeof(ubuf->f_spare)))	330	if (copy_to_user(ubuf, &buf, sizeof(struct compat_statfs64)))
329	return -EFAULT;	331	return -EFAULT;
330	return 0;	332	return 0;
331	}	333	}