summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--drivers/staging/android/logger.c16
-rw-r--r--drivers/staging/android/logger.h10
2 files changed, 19 insertions, 7 deletions
diff --git a/drivers/staging/android/logger.c b/drivers/staging/android/logger.c
index 0d21142..14fb7f7 100644
--- a/drivers/staging/android/logger.c
+++ b/drivers/staging/android/logger.c
@@ -872,28 +872,30 @@ static long logger_set_prio(struct logger_writer *writer, void __user *arg)
static long logger_set_tag(struct logger_writer *writer, void __user *arg)
{
+ struct logger_set_tag tag;
int len;
char *p, *q;
- if (copy_from_user(&len, arg, sizeof(int)))
+ if (copy_from_user(&tag, arg, sizeof(struct logger_set_tag)))
return -EFAULT;
- arg += sizeof(int);
-
+ if (tag.len > LOGGER_ENTRY_MAX_PAYLOAD)
+ return -EINVAL;
- p = kzalloc(len, GFP_KERNEL);
+ p = kzalloc(tag.len, GFP_KERNEL);
if (!p)
return -ENOMEM;
- if (copy_from_user(p, arg, len)) {
+ if (copy_from_user(p, (void*)(uintptr_t)tag.ptr, tag.len)) {
kfree(p);
return -EFAULT;
}
- p[len-1] = '\0';
+ p[tag.len - 1] = '\0';
+ len = strlen(p);
q = writer->tag;
writer->tag = p;
- writer->tag_len = len - 1; /* without NULL */
+ writer->tag_len = len;
kfree(q);
return 0;
diff --git a/drivers/staging/android/logger.h b/drivers/staging/android/logger.h
index a02ac11..8054a3e 100644
--- a/drivers/staging/android/logger.h
+++ b/drivers/staging/android/logger.h
@@ -74,6 +74,16 @@ struct logger_entry {
char msg[0];
};
+/**
+ * struct logger_set_tag
+ * @len: Length of a NULL-terminated tag including '\0'
+ * @ptr: Pointer to a user buffer containing the tag
+ */
+struct logger_set_tag {
+ __u64 len;
+ __u64 ptr;
+};
+
#define LOGGER_LOG_RADIO "log_radio" /* radio-related messages */
#define LOGGER_LOG_EVENTS "log_events" /* system/hardware events */
#define LOGGER_LOG_SYSTEM "log_system" /* system/framework messages */
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-27 11:12:33 +0000