ANDROID: Incremental fs: Fix mislabeled __user ptrs (23f5b7c5) · Commits · e / devices / android_kernel_oneplus_sm7250

fs/incfs/data_mgmt.c

+3 −2

Original line number	Diff line number	Diff line
		@@ -396,7 +396,8 @@ static int copy_one_range(struct incfs_filled_range range, void __user buffer,
		if (error)
		return error;

		if (copy_to_user(((char )buffer) + size_out, range, sizeof(*range)))
		if (copy_to_user(((char __user )buffer) + size_out, range,
		sizeof(*range)))
		return -EFAULT;

		size_out += sizeof(range);
		@@ -437,7 +438,7 @@ int incfs_get_filled_blocks(struct data_file *df,
		int error = 0;
		bool in_range = false;
		struct incfs_filled_range range;
		void *buffer = u64_to_user_ptr(arg->range_buffer);
		void __user *buffer = u64_to_user_ptr(arg->range_buffer);
		u32 size = arg->range_buffer_size;
		u32 end_index =
		arg->end_index ? arg->end_index : df->df_total_block_count;

+1 −1

Original line number	Diff line number	Diff line
		@@ -62,7 +62,7 @@ static bool read_u32(u8 *p, u8 top, u32 *result)
		if (*p + sizeof(u32) > top)
		return false;

		result = le32_to_cpu((u32 )p);
		result = le32_to_cpu((__le32 )p);
		*p += sizeof(u32);
		return true;
		}

+2 −2

Original line number	Diff line number	Diff line
		@@ -1274,7 +1274,7 @@ static long ioctl_fill_blocks(struct file f, void __user arg)
		{
		struct incfs_fill_blocks __user *usr_fill_blocks = arg;
		struct incfs_fill_blocks fill_blocks;
		struct incfs_fill_block *usr_fill_block_array;
		struct incfs_fill_block __user *usr_fill_block_array;
		struct data_file *df = get_incfs_data_file(f);
		const ssize_t data_buf_size = 2 * INCFS_DATA_FILE_BLOCK_SIZE;
		u8 *data_buf = NULL;
		@@ -1344,7 +1344,7 @@ static long ioctl_permit_fill(struct file f, void __user arg)
		struct incfs_permit_fill __user *usr_permit_fill = arg;
		struct incfs_permit_fill permit_fill;
		long error = 0;
		struct file *file = 0;
		struct file *file = NULL;

		if (f->f_op != &incfs_pending_read_file_ops)
		return -EPERM;