Commit 712a30e6 authored by Bastian Blank's avatar Bastian Blank Committed by Linus Torvalds

splice: fix user pointer access in get_iovec_page_array()

Commit 8811930d ("splice: missing user
pointer access verification") added the proper access_ok() calls to
copy_from_user_mmap_sem() which ensures we can copy the struct iovecs
from userspace to the kernel.

But we also must check whether we can access the actual memory region
pointed to by the struct iovec to fix the access checks properly.
Signed-off-by: default avatarBastian Blank <waldi@debian.org>
Acked-by: default avatarOliver Pinter <oliver.pntr@gmail.com>
Cc: Jens Axboe <jens.axboe@oracle.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarPekka Enberg <penberg@cs.helsinki.fi>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 25f66630
......@@ -1234,7 +1234,7 @@ static int get_iovec_page_array(const struct iovec __user *iov,
if (unlikely(!len))
break;
error = -EFAULT;
if (unlikely(!base))
if (!access_ok(VERIFY_READ, base, len))
break;
/*
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment