aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/block/floppy.c
diff options
context:
space:
mode:
authorArjan van de Ven <arjan@infradead.org>2009-12-14 21:00:11 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2009-12-15 11:53:25 -0500
commit2886a8bdfa007053b414ab01741a98c18c376a85 (patch)
tree6b3d10c16393da65f271fe7865feb4bae97e7674 /drivers/block/floppy.c
parentfaa7b7ddca14887ac037f585d2fac7ca6c57037e (diff)
floppy: Add an extra bound check on ioctl arguments
gcc is not convinced that the floppy.c ioctl has sufficient bound checks: In function `copy_from_user', inlined from `fd_copyin' at drivers/block/floppy.c:3080, inlined from `fd_ioctl' at drivers/block/floppy.c:3503: arch/x86/include/asm/uaccess_32.h:211: warning: call to `copy_from_user_overflow' declared with attribute warning: copy_from_user buffer size is not provably correct And frankly, as a human I have a hard time proving the same more or less (the size comes from the ioctl argument. humpf. maybe. the code isn't very nice) This patch adds an explicit check to make 100% sure it's safe, better than finding out later that there indeed was a gap. [akpm@linux-foundation.org: add WARN_ON()] Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Acked-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'drivers/block/floppy.c')
-rw-r--r--drivers/block/floppy.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c
index d41d7f018549..3266b4f65daa 100644
--- a/drivers/block/floppy.c
+++ b/drivers/block/floppy.c
@@ -3497,6 +3497,9 @@ static int fd_ioctl(struct block_device *bdev, fmode_t mode, unsigned int cmd,
3497 ((cmd & 0x80) && !capable(CAP_SYS_ADMIN))) 3497 ((cmd & 0x80) && !capable(CAP_SYS_ADMIN)))
3498 return -EPERM; 3498 return -EPERM;
3499 3499
3500 if (WARN_ON(size < 0 || size > sizeof(inparam)))
3501 return -EINVAL;
3502
3500 /* copyin */ 3503 /* copyin */
3501 CLEARSTRUCT(&inparam); 3504 CLEARSTRUCT(&inparam);
3502 if (_IOC_DIR(cmd) & _IOC_WRITE) 3505 if (_IOC_DIR(cmd) & _IOC_WRITE)