MLK-14642 imx: sim: fix segment fault caused by user address access
Kernel space cannot access user space memory directly. In fact, the issue always exited. Since 4.4, the kernel handle the action as page abort. Signed-off-by: Gao Pan <pandy.gao@nxp.com> Signed-off-by: Fugang Duan <fugang.duan@nxp.com>5.4-rM2-2.2.x-imx-squashed
parent
34a04d8706
commit
3135b8110b
|
@ -1300,6 +1300,9 @@ static long sim_ioctl(struct file *file,
|
|||
u32 delay;
|
||||
u32 copy_cnt, val;
|
||||
unsigned long flags;
|
||||
unsigned char __user *atr_buffer;
|
||||
unsigned char __user *xmt_buffer;
|
||||
unsigned char __user *rcv_buffer;
|
||||
|
||||
struct sim_t *sim = (struct sim_t *) file->private_data;
|
||||
|
||||
|
@ -1342,8 +1345,8 @@ static long sim_ioctl(struct file *file,
|
|||
break;
|
||||
}
|
||||
|
||||
ret = copy_to_user(((sim_atr_t *)arg)->atr_buffer, sim->rcv_buffer,
|
||||
sim->rcv_count);
|
||||
__get_user(atr_buffer, &((sim_atr_t __user *)arg)->atr_buffer);
|
||||
ret = copy_to_user(atr_buffer, sim->rcv_buffer, sim->rcv_count);
|
||||
if (ret) {
|
||||
pr_err("ATR ACCESS buffer Error %d %d\n", sim->rcv_count, ret);
|
||||
errval = -SIM_E_ACCESS;
|
||||
|
@ -1390,8 +1393,9 @@ static long sim_ioctl(struct file *file,
|
|||
errval = -EINVAL;
|
||||
break;
|
||||
}
|
||||
ret = copy_from_user(sim->xmt_buffer, (((sim_xmt_t *)arg)->xmt_buffer),
|
||||
sim->xmt_remaining);
|
||||
|
||||
__get_user(xmt_buffer, &((sim_xmt_t *)arg)->xmt_buffer);
|
||||
ret = copy_from_user(sim->xmt_buffer, xmt_buffer, sim->xmt_remaining);
|
||||
|
||||
if (ret) {
|
||||
pr_err("Copy Error\n");
|
||||
|
@ -1527,8 +1531,8 @@ copy_data:
|
|||
break;
|
||||
}
|
||||
|
||||
ret = copy_to_user(((sim_rcv_t *)arg)->rcv_buffer, &sim->rcv_buffer[sim->rcv_head],
|
||||
copy_cnt);
|
||||
__get_user(rcv_buffer, &((sim_rcv_t *)arg)->rcv_buffer);
|
||||
ret = copy_to_user(rcv_buffer, &sim->rcv_buffer[sim->rcv_head], copy_cnt);
|
||||
if (ret) {
|
||||
pr_err("ATR ACCESS Error\n");
|
||||
errval = -SIM_E_ACCESS;
|
||||
|
|
Loading…
Reference in New Issue