On Tue, Apr 21, 2020 at 05:41:58PM +0200, Christoph Hellwig wrote:
> static ssize_t spufs_proxydma_info_read(struct file *file, char __user *buf,
> size_t len, loff_t *pos)
> {
> struct spu_context *ctx = file->private_data;
> + struct spu_proxydma_info info;
> int ret;
>
> + if (len < sizeof(info))
> + return -EINVAL;
> + if (!access_ok(buf, len))
> + return -EFAULT;
> +
> ret = spu_acquire_saved(ctx);
> if (ret)
> return ret;
> spin_lock(&ctx->csa.register_lock);
> - ret = __spufs_proxydma_info_read(ctx, buf, len, pos);
> + __spufs_proxydma_info_read(ctx, &info);
> + ret = simple_read_from_buffer(buf, len, pos, &info, sizeof(info));
IDGI... What's that access_ok() for? If you are using
simple_read_from_buffer(),
the damn thing goes through copy_to_user(). Why bother with separate
access_ok()
here?
