copy_{to,from}_user() do not return an error code, but rather the number
of uncopied bytes (0 if all bytes were copied). Storing this return value
into "rc" is misleading because it then seems this should be returned to
the caller of the function.
Code was audited to remote storing of the return value into "rc" and
several incorrect uses were found.
LASSERT(sizeof(lum) == sizeof(*lump));
LASSERT(sizeof(lum.lmm_objects[0]) ==
sizeof(lump->lmm_objects[0]));
LASSERT(sizeof(lum) == sizeof(*lump));
LASSERT(sizeof(lum.lmm_objects[0]) ==
sizeof(lump->lmm_objects[0]));
- rc = copy_from_user(&lum, lump, sizeof(lum));
- if (rc)
+ if (copy_from_user(&lum, lump, sizeof(lum)))
return(-EFAULT);
switch (lum.lmm_magic) {
return(-EFAULT);
switch (lum.lmm_magic) {
LASSERT(sizeof(lum) == sizeof(*lump));
LASSERT(sizeof(lum.lmm_objects[0]) == sizeof(lump->lmm_objects[0]));
LASSERT(sizeof(lum) == sizeof(*lump));
LASSERT(sizeof(lum.lmm_objects[0]) == sizeof(lump->lmm_objects[0]));
- rc = copy_from_user(&lum, lump, sizeof(lum));
- if (rc)
+ if (copy_from_user(&lum, lump, sizeof(lum)))
RETURN(-EFAULT);
rc = llu_lov_setstripe_ea_info(ino, flags, &lum, sizeof(lum));
RETURN(-EFAULT);
rc = llu_lov_setstripe_ea_info(ino, flags, &lum, sizeof(lum));
goto end;
/* Set root stripecount */
goto end;
/* Set root stripecount */
- sprintf(param, "%s-MDT0000.lov.stripecount=%u", fsname,
+ sprintf(param, "%s-MDT0000.lov.stripecount=%hd", fsname,
lump->lmm_stripe_count);
rc = ll_send_mgc_param(mgc->u.cli.cl_mgc_mgsexp, param);
if (rc)
goto end;
/* Set root stripeoffset */
lump->lmm_stripe_count);
rc = ll_send_mgc_param(mgc->u.cli.cl_mgc_mgsexp, param);
if (rc)
goto end;
/* Set root stripeoffset */
- sprintf(param, "%s-MDT0000.lov.stripeoffset=%u", fsname,
+ sprintf(param, "%s-MDT0000.lov.stripeoffset=%hd", fsname,
lump->lmm_stripe_offset);
rc = ll_send_mgc_param(mgc->u.cli.cl_mgc_mgsexp, param);
if (rc)
lump->lmm_stripe_offset);
rc = ll_send_mgc_param(mgc->u.cli.cl_mgc_mgsexp, param);
if (rc)
LASSERT(sizeof(lumv3.lmm_objects[0]) ==
sizeof(lumv3p->lmm_objects[0]));
/* first try with v1 which is smaller than v3 */
LASSERT(sizeof(lumv3.lmm_objects[0]) ==
sizeof(lumv3p->lmm_objects[0]));
/* first try with v1 which is smaller than v3 */
- rc = copy_from_user(lumv1, lumv1p, sizeof(*lumv1));
- if (rc)
+ if (copy_from_user(lumv1, lumv1p, sizeof(*lumv1)))
RETURN(-EFAULT);
if (lumv1->lmm_magic == LOV_USER_MAGIC_V3) {
RETURN(-EFAULT);
if (lumv1->lmm_magic == LOV_USER_MAGIC_V3) {
- rc = copy_from_user(&lumv3, lumv3p, sizeof(lumv3));
- if (rc)
+ if (copy_from_user(&lumv3, lumv3p, sizeof(lumv3)))
lmdp = (struct lov_user_mds_data *)arg;
lump = &lmdp->lmd_lmm;
}
lmdp = (struct lov_user_mds_data *)arg;
lump = &lmdp->lmd_lmm;
}
- rc = copy_to_user(lump, lmm, lmmsize);
- if (rc)
+ if (copy_to_user(lump, lmm, lmmsize))
GOTO(out_lmm, rc = -EFAULT);
skip_lmm:
if (cmd == IOC_MDC_GETFILEINFO || cmd == LL_IOC_MDC_GETINFO) {
GOTO(out_lmm, rc = -EFAULT);
skip_lmm:
if (cmd == IOC_MDC_GETFILEINFO || cmd == LL_IOC_MDC_GETINFO) {
st.st_ino = inode->i_ino;
lmdp = (struct lov_user_mds_data *)arg;
st.st_ino = inode->i_ino;
lmdp = (struct lov_user_mds_data *)arg;
- rc = copy_to_user(&lmdp->lmd_st, &st, sizeof(st));
- if (rc)
+ if (copy_to_user(&lmdp->lmd_st, &st, sizeof(st)))
GOTO(out_lmm, rc = -EFAULT);
}
GOTO(out_lmm, rc = -EFAULT);
}
RETURN(rc);
OBD_ALLOC(lmm, lmmsize);
RETURN(rc);
OBD_ALLOC(lmm, lmmsize);
- rc = copy_from_user(lmm, lum, lmmsize);
- if (rc)
+ if (copy_from_user(lmm, lum, lmmsize))
GOTO(free_lmm, rc = -EFAULT);
switch (lmm->lmm_magic) {
GOTO(free_lmm, rc = -EFAULT);
switch (lmm->lmm_magic) {
if (rc)
GOTO(free_lsm, rc);
if (rc)
GOTO(free_lsm, rc);
- rc = copy_to_user(&lumd->lmd_st, &st, sizeof(st));
- if (rc)
+ if (copy_to_user(&lumd->lmd_st, &st, sizeof(st)))
GOTO(free_lsm, rc = -EFAULT);
EXIT;
GOTO(free_lsm, rc = -EFAULT);
EXIT;
if (!rc) {
str = req_capsule_server_get(&req->rq_pill,
&RMF_STRING);
if (!rc) {
str = req_capsule_server_get(&req->rq_pill,
&RMF_STRING);
- rc = copy_to_user(data->ioc_pbuf1, str, data->ioc_plen1);
+ if (copy_to_user(data->ioc_pbuf1, str, data->ioc_plen1))
+ rc = -EFAULT;
}
ptlrpc_req_finished(req);
out_catinfo:
}
ptlrpc_req_finished(req);
out_catinfo:
if (!cfs_capable(CFS_CAP_SYS_ADMIN))
RETURN(-EPERM);
if (!cfs_capable(CFS_CAP_SYS_ADMIN))
RETURN(-EPERM);
- rc = copy_from_user(&ucreatp, (struct ll_recreate_obj *)arg,
- sizeof(struct ll_recreate_obj));
- if (rc) {
+ if (copy_from_user(&ucreatp, (struct ll_recreate_obj *)arg,
+ sizeof(struct ll_recreate_obj)))
OBDO_ALLOC(oa);
if (oa == NULL)
RETURN(-ENOMEM);
OBDO_ALLOC(oa);
if (oa == NULL)
RETURN(-ENOMEM);
if (lump == NULL) {
RETURN(-ENOMEM);
}
if (lump == NULL) {
RETURN(-ENOMEM);
}
- rc = copy_from_user(lump, (struct lov_user_md *)arg, lum_size);
- if (rc) {
+ if (copy_from_user(lump, (struct lov_user_md *)arg, lum_size)) {
OBD_FREE(lump, lum_size);
RETURN(-EFAULT);
}
OBD_FREE(lump, lum_size);
RETURN(-EFAULT);
}
/* first try with v1 which is smaller than v3 */
lum_size = sizeof(struct lov_user_md_v1);
/* first try with v1 which is smaller than v3 */
lum_size = sizeof(struct lov_user_md_v1);
- rc = copy_from_user(lumv1, lumv1p, lum_size);
- if (rc)
+ if (copy_from_user(lumv1, lumv1p, lum_size))
RETURN(-EFAULT);
if (lumv1->lmm_magic == LOV_USER_MAGIC_V3) {
lum_size = sizeof(struct lov_user_md_v3);
RETURN(-EFAULT);
if (lumv1->lmm_magic == LOV_USER_MAGIC_V3) {
lum_size = sizeof(struct lov_user_md_v3);
- rc = copy_from_user(&lumv3, lumv3p, lum_size);
- if (rc)
+ if (copy_from_user(&lumv3, lumv3p, lum_size))
if (rc)
RETURN(rc);
if (copy_to_user(data->ioc_pbuf1, &stat_buf, data->ioc_plen1))
if (rc)
RETURN(rc);
if (copy_to_user(data->ioc_pbuf1, &stat_buf, data->ioc_plen1))
- RETURN(rc);
- rc = copy_to_user(data->ioc_pbuf2, obd2cli_tgt(mdc_obd),
- data->ioc_plen2);
+ RETURN(-EFAULT);
+ if (copy_to_user(data->ioc_pbuf2, obd2cli_tgt(mdc_obd),
+ data->ioc_plen2))
+ RETURN(-EFAULT);
/* Let's hold another reference so lov_del_obd doesn't spin through
putref every time */
lov_getref(obd);
/* Let's hold another reference so lov_del_obd doesn't spin through
putref every time */
lov_getref(obd);
for (i = 0; i < lov->desc.ld_tgt_count; i++) {
if (lov->lov_tgts[i] && lov->lov_tgts[i]->ltd_exp) {
/* Disconnection is the last we know about an obd */
for (i = 0; i < lov->desc.ld_tgt_count; i++) {
if (lov->lov_tgts[i] && lov->lov_tgts[i]->ltd_exp) {
/* Disconnection is the last we know about an obd */
{
struct obd_device *obddev = class_exp2obd(exp);
struct lov_obd *lov = &obddev->u.lov;
{
struct obd_device *obddev = class_exp2obd(exp);
struct lov_obd *lov = &obddev->u.lov;
- int i, rc, count = lov->desc.ld_tgt_count;
+ int i, rc = 0, count = lov->desc.ld_tgt_count;
struct obd_uuid *uuidp;
ENTRY;
struct obd_uuid *uuidp;
ENTRY;
if (rc)
RETURN(rc);
if (copy_to_user(data->ioc_pbuf1, &stat_buf, data->ioc_plen1))
if (rc)
RETURN(rc);
if (copy_to_user(data->ioc_pbuf1, &stat_buf, data->ioc_plen1))
- rc = copy_to_user(data->ioc_pbuf2, obd2cli_tgt(osc_obd),
- data->ioc_plen2);
+ if (copy_to_user(data->ioc_pbuf2, obd2cli_tgt(osc_obd),
+ data->ioc_plen2))
+ RETURN(-EFAULT);
break;
}
case OBD_IOC_LOV_GET_CONFIG: {
break;
}
case OBD_IOC_LOV_GET_CONFIG: {
*genp = lov->lov_tgts[i]->ltd_gen;
}
*genp = lov->lov_tgts[i]->ltd_gen;
}
- rc = copy_to_user((void *)uarg, buf, len);
- if (rc)
+ if (copy_to_user((void *)uarg, buf, len))
rc = -EFAULT;
obd_ioctl_freedata(buf, len);
break;
rc = -EFAULT;
obd_ioctl_freedata(buf, len);
break;
if (count == 0)
RETURN(-ENOTTY);
if (count == 0)
RETURN(-ENOTTY);
for (i = 0; i < count; i++) {
int err;
for (i = 0; i < count; i++) {
int err;
- rc = copy_from_user(&lumv3, lump, sizeof(struct lov_user_md_v1));
- if (rc)
+ if (copy_from_user(&lumv3, lump, sizeof(struct lov_user_md_v1)))
RETURN(-EFAULT);
lmm_magic = lumv1->lmm_magic;
RETURN(-EFAULT);
lmm_magic = lumv1->lmm_magic;
lustre_swab_lov_user_md_v1(lumv1);
lmm_magic = LOV_USER_MAGIC_V1;
} else if (lmm_magic == LOV_USER_MAGIC_V3) {
lustre_swab_lov_user_md_v1(lumv1);
lmm_magic = LOV_USER_MAGIC_V1;
} else if (lmm_magic == LOV_USER_MAGIC_V3) {
- rc = copy_from_user(&lumv3, lump, sizeof(lumv3));
- if (rc)
+ if (copy_from_user(&lumv3, lump, sizeof(lumv3)))
RETURN(-EFAULT);
} else if (lmm_magic == __swab32(LOV_USER_MAGIC_V3)) {
RETURN(-EFAULT);
} else if (lmm_magic == __swab32(LOV_USER_MAGIC_V3)) {
- rc = copy_from_user(&lumv3, lump, sizeof(lumv3));
- if (rc)
+ if (copy_from_user(&lumv3, lump, sizeof(lumv3)))
RETURN(-EFAULT);
lustre_swab_lov_user_md_v3(&lumv3);
lmm_magic = LOV_USER_MAGIC_V3;
RETURN(-EFAULT);
lustre_swab_lov_user_md_v3(&lumv3);
lmm_magic = LOV_USER_MAGIC_V3;
/* we only need the header part from user space to get lmm_magic and
* lmm_stripe_count, (the header part is common to v1 and v3) */
lum_size = sizeof(struct lov_user_md_v1);
/* we only need the header part from user space to get lmm_magic and
* lmm_stripe_count, (the header part is common to v1 and v3) */
lum_size = sizeof(struct lov_user_md_v1);
- rc = copy_from_user(&lum, lump, lum_size);
-
- if (rc)
+ if (copy_from_user(&lum, lump, lum_size))
rc = -EFAULT;
else if ((lum.lmm_magic != LOV_USER_MAGIC) &&
(lum.lmm_magic != LOV_USER_MAGIC_V3))
rc = -EFAULT;
else if ((lum.lmm_magic != LOV_USER_MAGIC) &&
(lum.lmm_magic != LOV_USER_MAGIC_V3))
}
OBD_ALLOC(lcfg, data->ioc_plen1);
}
OBD_ALLOC(lcfg, data->ioc_plen1);
- if (lcfg == NULL) {
- rc = -ENOMEM;
- GOTO(out_pool, rc);
- }
- rc = copy_from_user(lcfg, data->ioc_pbuf1, data->ioc_plen1);
- if (rc)
- GOTO(out_pool, rc);
+ if (lcfg == NULL)
+ GOTO(out_pool, rc = -ENOMEM);
+
+ if (copy_from_user(lcfg, data->ioc_pbuf1, data->ioc_plen1))
+ GOTO(out_pool, rc = -EFAULT);
if (lcfg->lcfg_bufcount < 2) {
if (lcfg->lcfg_bufcount < 2) {
- rc = -EINVAL;
- GOTO(out_pool, rc);
+ GOTO(out_pool, rc = -EFAULT);
}
/* first arg is always <fsname>.<poolname> */
}
/* first arg is always <fsname>.<poolname> */
OBD_ALLOC(lcfg, data->ioc_plen1);
if (lcfg == NULL)
RETURN(-ENOMEM);
OBD_ALLOC(lcfg, data->ioc_plen1);
if (lcfg == NULL)
RETURN(-ENOMEM);
- rc = copy_from_user(lcfg, data->ioc_pbuf1, data->ioc_plen1);
- if (rc)
- GOTO(out_free, rc);
+ if (copy_from_user(lcfg, data->ioc_pbuf1, data->ioc_plen1))
+ GOTO(out_free, rc = -EFAULT);
if (lcfg->lcfg_bufcount < 1)
GOTO(out_free, rc = -EINVAL);
if (lcfg->lcfg_bufcount < 1)
GOTO(out_free, rc = -EINVAL);