Skip to content

Commit

Permalink
splice: fix user pointer access in get_iovec_page_array()
Browse files Browse the repository at this point in the history 
Commit 8811930 ("splice: missing user
pointer access verification") added the proper access_ok() calls to
copy_from_user_mmap_sem() which ensures we can copy the struct iovecs
from userspace to the kernel.

But we also must check whether we can access the actual memory region
pointed to by the struct iovec to fix the access checks properly.

Signed-off-by: Bastian Blank <waldi@debian.org>
Acked-by: Oliver Pinter <oliver.pntr@gmail.com>
Cc: Jens Axboe <jens.axboe@oracle.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  • Loading branch information
Bastian Blank authored and Linus Torvalds committed Feb 10, 2008
1 parent 25f6663 commit 712a30e
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion fs/splice.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1234,7 +1234,7 @@ static int get_iovec_page_array(const struct iovec __user *iov,
if (unlikely(!len))
break;
error = -EFAULT;
if (unlikely(!base))
if (!access_ok(VERIFY_READ, base, len))
break;

/*
Expand Down

0 comments on commit 712a30e

Please sign in to comment.