switch readdir(2) to unsafe_copy_dirent_name() (391b7461) · Commits · 戴 / test

fs/readdir.c

+16 −14

Original line number	Diff line number	Diff line
		@@ -157,17 +157,18 @@ static int fillonedir(struct dir_context ctx, const char name, int namlen,
		}
		buf->result++;
		dirent = buf->dirent;
		if (!access_ok(dirent,
		if (!user_write_access_begin(dirent,
		(unsigned long)(dirent->d_name + namlen + 1) -
		(unsigned long)dirent))
		goto efault;
		if ( __put_user(d_ino, &dirent->d_ino) \|\|
		__put_user(offset, &dirent->d_offset) \|\|
		__put_user(namlen, &dirent->d_namlen) \|\|
		__copy_to_user(dirent->d_name, name, namlen) \|\|
		__put_user(0, dirent->d_name + namlen))
		goto efault;
		unsafe_put_user(d_ino, &dirent->d_ino, efault_end);
		unsafe_put_user(offset, &dirent->d_offset, efault_end);
		unsafe_put_user(namlen, &dirent->d_namlen, efault_end);
		unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end);
		user_write_access_end();
		return 0;
		efault_end:
		user_write_access_end();
		efault:
		buf->result = -EFAULT;
		return -EFAULT;
		@@ -424,17 +425,18 @@ static int compat_fillonedir(struct dir_context ctx, const char name,
		}
		buf->result++;
		dirent = buf->dirent;
		if (!access_ok(dirent,
		if (!user_write_access_begin(dirent,
		(unsigned long)(dirent->d_name + namlen + 1) -
		(unsigned long)dirent))
		goto efault;
		if ( __put_user(d_ino, &dirent->d_ino) \|\|
		__put_user(offset, &dirent->d_offset) \|\|
		__put_user(namlen, &dirent->d_namlen) \|\|
		__copy_to_user(dirent->d_name, name, namlen) \|\|
		__put_user(0, dirent->d_name + namlen))
		goto efault;
		unsafe_put_user(d_ino, &dirent->d_ino, efault_end);
		unsafe_put_user(offset, &dirent->d_offset, efault_end);
		unsafe_put_user(namlen, &dirent->d_namlen, efault_end);
		unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end);
		user_write_access_end();
		return 0;
		efault_end:
		user_write_access_end();
		efault:
		buf->result = -EFAULT;
		return -EFAULT;

Admin message