mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-30 01:46:30 -05:00
94 lines
3.9 KiB
Diff
94 lines
3.9 KiB
Diff
From d5481967f73c5448b9b2ae528a75faa0b040bc42 Mon Sep 17 00:00:00 2001
|
|
From: mohamed sunfeer <msunfeer@codeaurora.org>
|
|
Date: Wed, 21 Jun 2017 15:21:58 +0530
|
|
Subject: [PATCH] compat_qcedev: Fix accessing userspace memory in kernel space
|
|
|
|
Use put_user API to write the data to userspace from kernel
|
|
space to avoid accessing userspace memory directly in
|
|
kernel space.
|
|
|
|
Bug: 37893116
|
|
Change-Id: I3f0b0f13e720c052c8c23dfb36ffaccc484369ec
|
|
Signed-off-by: mohamed sunfeer <msunfeer@codeaurora.org>
|
|
---
|
|
drivers/crypto/msm/compat_qcedev.c | 10 +---------
|
|
1 file changed, 1 insertion(+), 9 deletions(-)
|
|
|
|
diff --git a/drivers/crypto/msm/compat_qcedev.c b/drivers/crypto/msm/compat_qcedev.c
|
|
index 97ae990b5378b..4b36e7343aff6 100644
|
|
--- a/drivers/crypto/msm/compat_qcedev.c
|
|
+++ b/drivers/crypto/msm/compat_qcedev.c
|
|
@@ -1,7 +1,7 @@
|
|
/*
|
|
* QTI CE 32-bit compatibility syscall for 64-bit systems
|
|
*
|
|
- * Copyright (c) 2014, The Linux Foundation. All rights reserved.
|
|
+ * Copyright (c) 2014-2015, 2017, The Linux Foundation. All rights reserved.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License version 2 and
|
|
@@ -97,7 +97,6 @@ static int compat_get_qcedev_vbuf_info(
|
|
|
|
for (i = 0; i < QCEDEV_MAX_BUFFERS; i++) {
|
|
err |= get_user(vaddr, &vbuf32->src[i].vaddr);
|
|
- vbuf->src[i].vaddr = NULL;
|
|
err |= put_user(vaddr, (compat_uptr_t *)&vbuf->src[i].vaddr);
|
|
err |= get_user(len, &vbuf32->src[i].len);
|
|
err |= put_user(len, &vbuf->src[i].len);
|
|
@@ -105,7 +104,6 @@ static int compat_get_qcedev_vbuf_info(
|
|
|
|
for (i = 0; i < QCEDEV_MAX_BUFFERS; i++) {
|
|
err |= get_user(vaddr, &vbuf32->dst[i].vaddr);
|
|
- vbuf->dst[i].vaddr = NULL;
|
|
err |= put_user(vaddr, (compat_uptr_t *)&vbuf->dst[i].vaddr);
|
|
err |= get_user(len, &vbuf32->dst[i].len);
|
|
err |= put_user(len, &vbuf->dst[i].len);
|
|
@@ -123,7 +121,6 @@ static int compat_put_qcedev_vbuf_info(
|
|
|
|
for (i = 0; i < QCEDEV_MAX_BUFFERS; i++) {
|
|
err |= get_user(vaddr, (compat_uptr_t *)&vbuf->src[i].vaddr);
|
|
- vbuf32->src[i].vaddr = 0;
|
|
err |= put_user(vaddr, &vbuf32->src[i].vaddr);
|
|
err |= get_user(len, &vbuf->src[i].len);
|
|
err |= put_user(len, &vbuf32->src[i].len);
|
|
@@ -131,7 +128,6 @@ static int compat_put_qcedev_vbuf_info(
|
|
|
|
for (i = 0; i < QCEDEV_MAX_BUFFERS; i++) {
|
|
err |= get_user(vaddr, (compat_uptr_t *)&vbuf->dst[i].vaddr);
|
|
- vbuf32->dst[i].vaddr = 0;
|
|
err |= put_user(vaddr, &vbuf32->dst[i].vaddr);
|
|
err |= get_user(len, &vbuf->dst[i].len);
|
|
err |= put_user(len, &vbuf32->dst[i].len);
|
|
@@ -276,7 +272,6 @@ static int compat_get_qcedev_sha_op_req(
|
|
|
|
for (i = 0; i < QCEDEV_MAX_BUFFERS; i++) {
|
|
err |= get_user(vaddr, &data32->data[i].vaddr);
|
|
- data->data[i].vaddr = 0;
|
|
err |= put_user(vaddr, (compat_uptr_t *)&data->data[i].vaddr);
|
|
err |= get_user(len, &data32->data[i].len);
|
|
err |= put_user(len, &data->data[i].len);
|
|
@@ -295,7 +290,6 @@ static int compat_get_qcedev_sha_op_req(
|
|
err |= get_user(diglen, &data32->diglen);
|
|
err |= put_user(diglen, &data->diglen);
|
|
err |= get_user(authkey, &data32->authkey);
|
|
- data->authkey = NULL;
|
|
err |= put_user(authkey, (compat_uptr_t *)&data->authkey);
|
|
err |= get_user(authklen, &data32->authklen);
|
|
err |= put_user(authklen, &data->authklen);
|
|
@@ -322,7 +316,6 @@ static int compat_put_qcedev_sha_op_req(
|
|
|
|
for (i = 0; i < QCEDEV_MAX_BUFFERS; i++) {
|
|
err |= get_user(vaddr, (compat_uptr_t *)&data->data[i].vaddr);
|
|
- data32->data[i].vaddr = 0;
|
|
err |= put_user(vaddr, &data32->data[i].vaddr);
|
|
err |= get_user(len, &data->data[i].len);
|
|
err |= put_user(len, &data32->data[i].len);
|
|
@@ -341,7 +334,6 @@ static int compat_put_qcedev_sha_op_req(
|
|
err |= get_user(diglen, &data->diglen);
|
|
err |= put_user(diglen, &data32->diglen);
|
|
err |= get_user(authkey, (compat_uptr_t *)&data->authkey);
|
|
- data32->authkey = 0;
|
|
err |= put_user(authkey, &data32->authkey);
|
|
err |= get_user(authklen, &data->authklen);
|
|
err |= put_user(authklen, &data32->authklen);
|