From: Martin K. Petersen <martin.petersen@oracle.com>
Date: Fri, 11 Aug 2017 04:19:43 +0000 (-0400)
Subject: oracleasm: Copy the integrity descriptor
X-Git-Tag: v4.1.12-111.0.20170918_2215^0
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=902f8f14e1b50e37340251947856d22d1e2a6fc4;p=users%2Fjedix%2Flinux-maple.git

oracleasm: Copy the integrity descriptor

Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Divya Indi <divya.indi@oracle.com>

The original code made assumptions about the oracleasm integrity
descriptor hanging off of check_asm_ioc being mapped. Make sure we
properly copy and validate the descriptor before use.

Orabug: 26559128
---

diff --git a/drivers/block/oracleasm/driver.c b/drivers/block/oracleasm/driver.c
index d6610f2711de..5632ee0f1a51 100644
--- a/drivers/block/oracleasm/driver.c
+++ b/drivers/block/oracleasm/driver.c
@@ -1110,9 +1110,10 @@ static int asm_submit_io(struct file *file,
 	struct asm_disk_info *d;
 	struct inode *disk_inode;
 	struct block_device *bdev;
-	struct oracleasm_integrity_v2 *it;
+	struct oracleasm_integrity_v2 it;
 	struct iov_iter iter;
 	struct iovec iov;
+	bool integrity = false;
 
 	if (!ioc || ioc->status_asm_ioc)
 		return -EINVAL;
@@ -1181,10 +1182,22 @@ static int asm_submit_io(struct file *file,
 		goto out_error;
 	}
 
-	if (bdev_get_integrity(bdev))
-		it = (struct oracleasm_integrity_v2 *)ioc->check_asm_ioc;
-	else
-		it = NULL;
+	if (bdev_get_integrity(bdev) && ioc->check_asm_ioc) {
+
+		if (copy_from_user(&it, (struct oracleasm_integrity_v2 *)ioc->check_asm_ioc, sizeof(it))) {
+			pr_err("%s: Failed to copy integrity descriptor\n",
+			       __func__);
+			ret = -EFAULT;
+			goto out_error;
+		}
+
+		if (asm_integrity_check(&it, bdev) < 0) {
+			ret = -EINVAL;
+			goto out_error;
+		}
+
+		integrity = true;
+	}
 
 	switch (ioc->operation_asm_ioc) {
 		default:
@@ -1193,22 +1206,10 @@ static int asm_submit_io(struct file *file,
 
 		case ASM_READ:
 			rw = READ;
-
-			if (it && asm_integrity_check(it, bdev) < 0) {
-				ret = -ENOMEM;
-				goto out_error;
-			}
-
 			break;
 
 		case ASM_WRITE:
 			rw = WRITE;
-
-			if (it && asm_integrity_check(it, bdev) < 0) {
-				ret = -ENOMEM;
-				goto out_error;
-			}
-
 			break;
 
 		case ASM_NOOP:
@@ -1245,8 +1246,8 @@ static int asm_submit_io(struct file *file,
 	r->r_bio->bi_iter.bi_sector =
 		ioc->first_asm_ioc * (asm_block_size(bdev) >> 9);
 
-	if (it) {
-		ret = asm_integrity_map(it, r, rw == READ);
+	if (integrity) {
+		ret = asm_integrity_map(&it, r, rw == READ);
 
 		if (ret < 0) {
 			pr_err("%s: Could not attach integrity payload\n",