On Mon, Jul 30, 2012 at 3:15 AM, Tiejun Chen <tiejun.c...@windriver.com> wrote: > We miss that correct WDIOC_GETSUPPORT return path when perform > copy_to_user() properly.
Thanks for catching this. I'm amazed that this driver still has bugs like this. > diff --git a/drivers/watchdog/booke_wdt.c b/drivers/watchdog/booke_wdt.c > index 3fe82d0..2be7f29 100644 > --- a/drivers/watchdog/booke_wdt.c > +++ b/drivers/watchdog/booke_wdt.c > @@ -162,12 +162,13 @@ static long booke_wdt_ioctl(struct file *file, > unsigned int cmd, unsigned long arg) > { > u32 tmp = 0; > - u32 __user *p = (u32 __user *)arg; > + void __user *argp = (u32 __user *)arg; > + u32 __user *p = argp; You don't need to create 'argp'. The existing 'p' variable will work in the copy_to_user() call. > + return copy_to_user(argp, &ident, > + sizeof(ident)) ? -EFAULT : 0; This can fit in one line, especially if you use 'p' instead of 'argp'. -- Timur Tabi Linux kernel developer at Freescale _______________________________________________ Linuxppc-dev mailing list Linuxppc-dev@lists.ozlabs.org https://lists.ozlabs.org/listinfo/linuxppc-dev