cdrom: use copy_to_user() without the underscores

"nframes" comes from the user and "nframes * CD_FRAMESIZE_RAW" can wrap
on 32 bit systems.  That would have been ok if we used the same wrapped
value for the copy, but we use a shifted value.  We should just use the
checked version of copy_to_user() because it's not going to make a
difference to the speed.

Cc: stable@vger.kernel.com
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
index 55eaf474d32c3afa18aab0433552edc4dc193f6f..8fefe59f52a78b06f6f1a4d6bb468af0cf75e84a 100644 (file)
--- a/drivers/cdrom/cdrom.c
+++ b/drivers/cdrom/cdrom.c
@@ -2119,11 +2119,6 @@ static int cdrom_read_cdda_old(struct cdrom_device_info *cdi, __u8 __user *ubuf,
        if (!nr)
                return -ENOMEM;
 
-       if (!access_ok(VERIFY_WRITE, ubuf, nframes * CD_FRAMESIZE_RAW)) {
-               ret = -EFAULT;
-               goto out;
-       }
-
        cgc.data_direction = CGC_DATA_READ;
        while (nframes > 0) {
                if (nr > nframes)
@@ -2132,7 +2127,7 @@ static int cdrom_read_cdda_old(struct cdrom_device_info *cdi, __u8 __user *ubuf,
                ret = cdrom_read_block(cdi, &cgc, lba, nr, 1, CD_FRAMESIZE_RAW);
                if (ret)
                        break;
-               if (__copy_to_user(ubuf, cgc.buffer, CD_FRAMESIZE_RAW * nr)) {
+               if (copy_to_user(ubuf, cgc.buffer, CD_FRAMESIZE_RAW * nr)) {
                        ret = -EFAULT;
                        break;
                }
@@ -2140,7 +2135,6 @@ static int cdrom_read_cdda_old(struct cdrom_device_info *cdi, __u8 __user *ubuf,
                nframes -= nr;
                lba += nr;
        }
-out:
        kfree(cgc.buffer);
        return ret;
 }