Skip to content

Commit 5da028a

Browse files
author
Al Viro
committed
get_compat_msghdr(): get rid of field-by-field copyin
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
1 parent ffb0755 commit 5da028a

File tree

1 file changed

+14
-17
lines changed

1 file changed

+14
-17
lines changed

net/compat.c

Lines changed: 14 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -37,36 +37,33 @@ int get_compat_msghdr(struct msghdr *kmsg,
3737
struct sockaddr __user **save_addr,
3838
struct iovec **iov)
3939
{
40-
compat_uptr_t uaddr, uiov, tmp3;
41-
compat_size_t nr_segs;
40+
struct compat_msghdr msg;
4241
ssize_t err;
4342

44-
if (!access_ok(VERIFY_READ, umsg, sizeof(*umsg)) ||
45-
__get_user(uaddr, &umsg->msg_name) ||
46-
__get_user(kmsg->msg_namelen, &umsg->msg_namelen) ||
47-
__get_user(uiov, &umsg->msg_iov) ||
48-
__get_user(nr_segs, &umsg->msg_iovlen) ||
49-
__get_user(tmp3, &umsg->msg_control) ||
50-
__get_user(kmsg->msg_controllen, &umsg->msg_controllen) ||
51-
__get_user(kmsg->msg_flags, &umsg->msg_flags))
43+
if (copy_from_user(&msg, umsg, sizeof(*umsg)))
5244
return -EFAULT;
5345

54-
if (!uaddr)
46+
kmsg->msg_flags = msg.msg_flags;
47+
kmsg->msg_namelen = msg.msg_namelen;
48+
49+
if (!msg.msg_name)
5550
kmsg->msg_namelen = 0;
5651

5752
if (kmsg->msg_namelen < 0)
5853
return -EINVAL;
5954

6055
if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
6156
kmsg->msg_namelen = sizeof(struct sockaddr_storage);
62-
kmsg->msg_control = compat_ptr(tmp3);
57+
58+
kmsg->msg_control = compat_ptr(msg.msg_control);
59+
kmsg->msg_controllen = msg.msg_controllen;
6360

6461
if (save_addr)
65-
*save_addr = compat_ptr(uaddr);
62+
*save_addr = compat_ptr(msg.msg_name);
6663

67-
if (uaddr && kmsg->msg_namelen) {
64+
if (msg.msg_name && kmsg->msg_namelen) {
6865
if (!save_addr) {
69-
err = move_addr_to_kernel(compat_ptr(uaddr),
66+
err = move_addr_to_kernel(compat_ptr(msg.msg_name),
7067
kmsg->msg_namelen,
7168
kmsg->msg_name);
7269
if (err < 0)
@@ -77,13 +74,13 @@ int get_compat_msghdr(struct msghdr *kmsg,
7774
kmsg->msg_namelen = 0;
7875
}
7976

80-
if (nr_segs > UIO_MAXIOV)
77+
if (msg.msg_iovlen > UIO_MAXIOV)
8178
return -EMSGSIZE;
8279

8380
kmsg->msg_iocb = NULL;
8481

8582
return compat_import_iovec(save_addr ? READ : WRITE,
86-
compat_ptr(uiov), nr_segs,
83+
compat_ptr(msg.msg_iov), msg.msg_iovlen,
8784
UIO_FASTIOV, iov, &kmsg->msg_iter);
8885
}
8986

0 commit comments

Comments
 (0)