Skip to content

Commit ffb0755

Browse files
author
Al Viro
committed
copy_msghdr_from_user(): get rid of field-by-field copyin
Signed-off-by: Al Viro <[email protected]>
1 parent 0d06060 commit ffb0755

File tree

1 file changed

+14
-17
lines changed

1 file changed

+14
-17
lines changed

net/socket.c

Lines changed: 14 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1870,22 +1870,18 @@ static int copy_msghdr_from_user(struct msghdr *kmsg,
18701870
struct sockaddr __user **save_addr,
18711871
struct iovec **iov)
18721872
{
1873-
struct sockaddr __user *uaddr;
1874-
struct iovec __user *uiov;
1875-
size_t nr_segs;
1873+
struct user_msghdr msg;
18761874
ssize_t err;
18771875

1878-
if (!access_ok(VERIFY_READ, umsg, sizeof(*umsg)) ||
1879-
__get_user(uaddr, &umsg->msg_name) ||
1880-
__get_user(kmsg->msg_namelen, &umsg->msg_namelen) ||
1881-
__get_user(uiov, &umsg->msg_iov) ||
1882-
__get_user(nr_segs, &umsg->msg_iovlen) ||
1883-
__get_user(kmsg->msg_control, &umsg->msg_control) ||
1884-
__get_user(kmsg->msg_controllen, &umsg->msg_controllen) ||
1885-
__get_user(kmsg->msg_flags, &umsg->msg_flags))
1876+
if (copy_from_user(&msg, umsg, sizeof(*umsg)))
18861877
return -EFAULT;
18871878

1888-
if (!uaddr)
1879+
kmsg->msg_control = msg.msg_control;
1880+
kmsg->msg_controllen = msg.msg_controllen;
1881+
kmsg->msg_flags = msg.msg_flags;
1882+
1883+
kmsg->msg_namelen = msg.msg_namelen;
1884+
if (!msg.msg_name)
18891885
kmsg->msg_namelen = 0;
18901886

18911887
if (kmsg->msg_namelen < 0)
@@ -1895,11 +1891,11 @@ static int copy_msghdr_from_user(struct msghdr *kmsg,
18951891
kmsg->msg_namelen = sizeof(struct sockaddr_storage);
18961892

18971893
if (save_addr)
1898-
*save_addr = uaddr;
1894+
*save_addr = msg.msg_name;
18991895

1900-
if (uaddr && kmsg->msg_namelen) {
1896+
if (msg.msg_name && kmsg->msg_namelen) {
19011897
if (!save_addr) {
1902-
err = move_addr_to_kernel(uaddr, kmsg->msg_namelen,
1898+
err = move_addr_to_kernel(msg.msg_name, kmsg->msg_namelen,
19031899
kmsg->msg_name);
19041900
if (err < 0)
19051901
return err;
@@ -1909,12 +1905,13 @@ static int copy_msghdr_from_user(struct msghdr *kmsg,
19091905
kmsg->msg_namelen = 0;
19101906
}
19111907

1912-
if (nr_segs > UIO_MAXIOV)
1908+
if (msg.msg_iovlen > UIO_MAXIOV)
19131909
return -EMSGSIZE;
19141910

19151911
kmsg->msg_iocb = NULL;
19161912

1917-
return import_iovec(save_addr ? READ : WRITE, uiov, nr_segs,
1913+
return import_iovec(save_addr ? READ : WRITE,
1914+
msg.msg_iov, msg.msg_iovlen,
19181915
UIO_FASTIOV, iov, &kmsg->msg_iter);
19191916
}
19201917

0 commit comments

Comments
 (0)