diff options
| -rw-r--r-- | drivers/block/nvme-core.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/drivers/block/nvme-core.c b/drivers/block/nvme-core.c index 85b8036deaa3..683dff272562 100644 --- a/drivers/block/nvme-core.c +++ b/drivers/block/nvme-core.c | |||
| @@ -1750,6 +1750,7 @@ static int nvme_submit_io(struct nvme_ns *ns, struct nvme_user_io __user *uio) | |||
| 1750 | struct nvme_iod *iod; | 1750 | struct nvme_iod *iod; |
| 1751 | dma_addr_t meta_dma = 0; | 1751 | dma_addr_t meta_dma = 0; |
| 1752 | void *meta = NULL; | 1752 | void *meta = NULL; |
| 1753 | void __user *metadata; | ||
| 1753 | 1754 | ||
| 1754 | if (copy_from_user(&io, uio, sizeof(io))) | 1755 | if (copy_from_user(&io, uio, sizeof(io))) |
| 1755 | return -EFAULT; | 1756 | return -EFAULT; |
| @@ -1763,6 +1764,8 @@ static int nvme_submit_io(struct nvme_ns *ns, struct nvme_user_io __user *uio) | |||
| 1763 | meta_len = 0; | 1764 | meta_len = 0; |
| 1764 | } | 1765 | } |
| 1765 | 1766 | ||
| 1767 | metadata = (void __user *)(unsigned long)io.metadata; | ||
| 1768 | |||
| 1766 | write = io.opcode & 1; | 1769 | write = io.opcode & 1; |
| 1767 | 1770 | ||
| 1768 | switch (io.opcode) { | 1771 | switch (io.opcode) { |
| @@ -1786,13 +1789,13 @@ static int nvme_submit_io(struct nvme_ns *ns, struct nvme_user_io __user *uio) | |||
| 1786 | if (meta_len) { | 1789 | if (meta_len) { |
| 1787 | meta = dma_alloc_coherent(&dev->pci_dev->dev, meta_len, | 1790 | meta = dma_alloc_coherent(&dev->pci_dev->dev, meta_len, |
| 1788 | &meta_dma, GFP_KERNEL); | 1791 | &meta_dma, GFP_KERNEL); |
| 1792 | |||
| 1789 | if (!meta) { | 1793 | if (!meta) { |
| 1790 | status = -ENOMEM; | 1794 | status = -ENOMEM; |
| 1791 | goto unmap; | 1795 | goto unmap; |
| 1792 | } | 1796 | } |
| 1793 | if (write) { | 1797 | if (write) { |
| 1794 | if (copy_from_user(meta, (void __user *)io.metadata, | 1798 | if (copy_from_user(meta, metadata, meta_len)) { |
| 1795 | meta_len)) { | ||
| 1796 | status = -EFAULT; | 1799 | status = -EFAULT; |
| 1797 | goto unmap; | 1800 | goto unmap; |
| 1798 | } | 1801 | } |
| @@ -1819,8 +1822,7 @@ static int nvme_submit_io(struct nvme_ns *ns, struct nvme_user_io __user *uio) | |||
| 1819 | nvme_free_iod(dev, iod); | 1822 | nvme_free_iod(dev, iod); |
| 1820 | if (meta) { | 1823 | if (meta) { |
| 1821 | if (status == NVME_SC_SUCCESS && !write) { | 1824 | if (status == NVME_SC_SUCCESS && !write) { |
| 1822 | if (copy_to_user((void __user *)io.metadata, meta, | 1825 | if (copy_to_user(metadata, meta, meta_len)) |
| 1823 | meta_len)) | ||
| 1824 | status = -EFAULT; | 1826 | status = -EFAULT; |
| 1825 | } | 1827 | } |
| 1826 | dma_free_coherent(&dev->pci_dev->dev, meta_len, meta, meta_dma); | 1828 | dma_free_coherent(&dev->pci_dev->dev, meta_len, meta, meta_dma); |