diff options
author | James Hogan <james.hogan@imgtec.com> | 2017-03-31 10:14:02 (GMT) |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2017-04-12 10:41:13 (GMT) |
commit | 3dc0fe517a9fb44f6c45cbb787cc4bdf5e9a3d0f (patch) | |
tree | 413d815492f89686b72b5a5628fa6aa9f8fd833c /crypto/async_tx | |
parent | 4a93ac814ddcc8d2841f224d9157ab241feab1ac (diff) | |
download | linux-3dc0fe517a9fb44f6c45cbb787cc4bdf5e9a3d0f.tar.xz |
metag/usercopy: Zero rest of buffer from copy_from_user
commit 563ddc1076109f2b3f88e6d355eab7b6fd4662cb upstream.
Currently we try to zero the destination for a failed read from userland
in fixup code in the usercopy.c macros. The rest of the destination
buffer is then zeroed from __copy_user_zeroing(), which is used for both
copy_from_user() and __copy_from_user().
Unfortunately we fail to zero in the fixup code as D1Ar1 is set to 0
before the fixup code entry labels, and __copy_from_user() shouldn't even
be zeroing the rest of the buffer.
Move the zeroing out into copy_from_user() and rename
__copy_user_zeroing() to raw_copy_from_user() since it no longer does
any zeroing. This also conveniently matches the name needed for
RAW_COPY_USER support in a later patch.
Fixes: 373cd784d0fc ("metag: Memory handling")
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: linux-metag@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'crypto/async_tx')
0 files changed, 0 insertions, 0 deletions