lnet_ipif_enumerate was assigning a pointer from kernel space to user
space. This patch uses copy_to_user to properly do that assignment.

Signed-off-by: Quentin Lambert <lambert.quen...@gmail.com>
---
 shouldn't we be using ifc_req instead of ifc_buf?

 drivers/staging/lustre/lnet/lnet/lib-socket.c |    8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

--- a/drivers/staging/lustre/lnet/lnet/lib-socket.c
+++ b/drivers/staging/lustre/lnet/lnet/lib-socket.c
@@ -181,7 +181,13 @@ lnet_ipif_enumerate(char ***namesp)
                        goto out0;
                }
 
-               ifc.ifc_buf = (char *)ifr;
+               rc = copy_to_user(ifc.ifc_buf, (char *)ifr,
+                                 nalloc * sizeof(*ifr));
+               if (rc) {
+                       rc = -ENOMEM;
+                       goto out1;
+               }
+
                ifc.ifc_len = nalloc * sizeof(*ifr);
 
                rc = lnet_sock_ioctl(SIOCGIFCONF, (unsigned long)&ifc);
_______________________________________________
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel

Reply via email to