Use sizeof(connect_data))) instead of sizeof(struct mei_connect_client_data) when copying data between user space and kernel.
There is a possibility of bug when variable type has changed but corresponding struct passed to the sizeof has not. Cc: Gustavo A. R. Silva <[email protected]> Signed-off-by: Tomas Winkler <[email protected]> --- drivers/misc/mei/main.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/misc/mei/main.c b/drivers/misc/mei/main.c index f17297f2943d..05e6ad6d4d54 100644 --- a/drivers/misc/mei/main.c +++ b/drivers/misc/mei/main.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0 /* - * Copyright (c) 2003-2018, Intel Corporation. All rights reserved. + * Copyright (c) 2003-2020, Intel Corporation. All rights reserved. * Intel Management Engine Interface (Intel MEI) Linux driver */ @@ -476,7 +476,7 @@ static long mei_ioctl(struct file *file, unsigned int cmd, unsigned long data) case IOCTL_MEI_CONNECT_CLIENT: dev_dbg(dev->dev, ": IOCTL_MEI_CONNECT_CLIENT.\n"); if (copy_from_user(&connect_data, (char __user *)data, - sizeof(struct mei_connect_client_data))) { + sizeof(connect_data))) { dev_dbg(dev->dev, "failed to copy data from userland\n"); rets = -EFAULT; goto out; @@ -488,7 +488,7 @@ static long mei_ioctl(struct file *file, unsigned int cmd, unsigned long data) /* if all is ok, copying the data back to user. */ if (copy_to_user((char __user *)data, &connect_data, - sizeof(struct mei_connect_client_data))) { + sizeof(connect_data))) { dev_dbg(dev->dev, "failed to copy data to userland\n"); rets = -EFAULT; goto out; -- 2.25.4
