kni: fix copy_from_user failure handling

[ upstream commit 21dde05 ] The correct thing to return if user gives a bad data is to return -EFAULT. Logging is also discouraged because it could be used as a DoS attack. Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
kevintraynor · Aug 26, 2019 · 7597357 · 7597357
1 parent f4a9b27
commit 7597357
Showing 1 changed file with 5 additions and 11 deletions.
diff --git a/kernel/linux/kni/kni_misc.c b/kernel/linux/kni/kni_misc.c
@@ -318,11 +318,8 @@ kni_ioctl_create(struct net *net, uint32_t ioctl_num,
 		return -EINVAL;
 
 	/* Copy kni info from user space */
-	ret = copy_from_user(&dev_info, (void *)ioctl_param, sizeof(dev_info));
-	if (ret) {
-		pr_err("copy_from_user in kni_ioctl_create");
-		return -EIO;
-	}
+	if (copy_from_user(&dev_info, (void *)ioctl_param, sizeof(dev_info)))
+		return -EFAULT;
 
 	/* Check if name is zero-ended */
 	if (strnlen(dev_info.name, sizeof(dev_info.name)) == sizeof(dev_info.name)) {
@@ -495,15 +492,12 @@ kni_ioctl_release(struct net *net, uint32_t ioctl_num,
 	if (_IOC_SIZE(ioctl_num) > sizeof(dev_info))
 		return -EINVAL;
 
-	ret = copy_from_user(&dev_info, (void *)ioctl_param, sizeof(dev_info));
-	if (ret) {
-		pr_err("copy_from_user in kni_ioctl_release");
-		return -EIO;
-	}
+	if (copy_from_user(&dev_info, (void *)ioctl_param, sizeof(dev_info)))
+		return -EFAULT;
 
 	/* Release the network device according to its name */
 	if (strlen(dev_info.name) == 0)
-		return ret;
+		return -EINVAL;
 
 	down_write(&knet->kni_list_lock);
 	list_for_each_entry_safe(dev, n, &knet->kni_list_head, list) {