evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

s390/uaccess: remove copy_from_user_real()

Browse source 
There is no user left, so remove it.
It was also potentially broken, since the function didn't clear destination
memory if copy_from_user() failed. Which would allow for information leaks.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
This commit is contained in:
Heiko Carstens 2014-02-24 16:18:55 +01:00 committed by Martin Schwidefsky
parent 9499934f70
commit 823002023d
2 changed files with 0 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
arch/s390/include/asm/uaccess.h
View file

@ -344,6 +344,5 @@ static inline unsigned long __must_check clear_user(void __user *to, unsigned lo
} }
int copy_to_user_real(void __user *dest, void *src, unsigned long count); int copy_to_user_real(void __user *dest, void *src, unsigned long count);
int copy_from_user_real(void *dest, void __user *src, unsigned long count);
#endif /* __S390_UACCESS_H */ #endif /* __S390_UACCESS_H */

26
arch/s390/mm/maccess.c
View file

@ -151,32 +151,6 @@ out:
return rc; return rc;
} }
/*
* Copy memory from user (virtual) to kernel (real)
*/
int copy_from_user_real(void *dest, void __user *src, unsigned long count)
{
int offs = 0, size, rc;
char *buf;
buf = (char *) __get_free_page(GFP_KERNEL);
if (!buf)
return -ENOMEM;
rc = -EFAULT;
while (offs < count) {
size = min(PAGE_SIZE, count - offs);
if (copy_from_user(buf, src + offs, size))
goto out;
if (memcpy_real(dest + offs, buf, size))
goto out;
offs += size;
}
rc = 0;
out:
free_page((unsigned long) buf);
return rc;
}
/* /*
* Check if physical address is within prefix or zero page * Check if physical address is within prefix or zero page
*/ */