tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge branch 'misc.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull compat and uaccess updates from Al Viro:
- {get,put}_compat_sigset() series
- assorted compat ioctl stuff
- more set_fs() elimination
- a few more timespec64 conversions
- several removals of pointless access_ok() in places where it was
followed only by non-__ variants of primitives
* 'misc.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (24 commits)
coredump: call do_unlinkat directly instead of sys_unlink
fs: expose do_unlinkat for built-in callers
ext4: take handling of EXT4_IOC_GROUP_ADD into a helper, get rid of set_fs()
ipmi: get rid of pointless access_ok()
pi433: sanitize ioctl
cxlflash: get rid of pointless access_ok()
mtdchar: get rid of pointless access_ok()
r128: switch compat ioctls to drm_ioctl_kernel()
selection: get rid of field-by-field copyin
VT_RESIZEX: get rid of field-by-field copyin
i2c compat ioctls: move to ->compat_ioctl()
sched_rr_get_interval(): move compat to native, get rid of set_fs()
mips: switch to {get,put}_compat_sigset()
sparc: switch to {get,put}_compat_sigset()
s390: switch to {get,put}_compat_sigset()
ppc: switch to {get,put}_compat_sigset()
parisc: switch to {get,put}_compat_sigset()
get_compat_sigset()
get rid of {get,put}_compat_itimerspec()
io_getevents: Use timespec64 to represent timeouts
...
+506
-819
+4
-33
arch/mips/include/asm/compat-signal.h
+4
-33
arch/mips/include/asm/compat-signal.h
···
14
14
static inline int __copy_conv_sigset_to_user(compat_sigset_t __user *d,
15
15
const sigset_t *s)
16
16
{
17
-
int err;
17
+
BUILD_BUG_ON(sizeof(*d) != sizeof(*s));
18
+
BUILD_BUG_ON(_NSIG_WORDS != 2);
18
19
19
-
BUG_ON(sizeof(*d) != sizeof(*s));
20
-
BUG_ON(_NSIG_WORDS != 2);
21
-
22
-
err = __put_user(s->sig[0], &d->sig[0]);
23
-
err |= __put_user(s->sig[0] >> 32, &d->sig[1]);
24
-
err |= __put_user(s->sig[1], &d->sig[2]);
25
-
err |= __put_user(s->sig[1] >> 32, &d->sig[3]);
26
-
27
-
return err;
20
+
return put_compat_sigset(d, s, sizeof(*d));
28
21
}
29
22
30
23
static inline int __copy_conv_sigset_from_user(sigset_t *d,
31
24
const compat_sigset_t __user *s)
32
25
{
33
-
int err;
34
-
union sigset_u {
35
-
sigset_t s;
36
-
compat_sigset_t c;
37
-
} *u = (union sigset_u *) d;
38
-
39
-
BUG_ON(sizeof(*d) != sizeof(*s));
40
-
BUG_ON(_NSIG_WORDS != 2);
41
-
42
-
#ifdef CONFIG_CPU_BIG_ENDIAN
43
-
err = __get_user(u->c.sig[1], &s->sig[0]);
44
-
err |= __get_user(u->c.sig[0], &s->sig[1]);
45
-
err |= __get_user(u->c.sig[3], &s->sig[2]);
46
-
err |= __get_user(u->c.sig[2], &s->sig[3]);
47
-
#endif
48
-
#ifdef CONFIG_CPU_LITTLE_ENDIAN
49
-
err = __get_user(u->c.sig[0], &s->sig[0]);
50
-
err |= __get_user(u->c.sig[1], &s->sig[1]);
51
-
err |= __get_user(u->c.sig[2], &s->sig[2]);
52
-
err |= __get_user(u->c.sig[3], &s->sig[3]);
53
-
#endif
54
-
55
-
return err;
26
+
return get_compat_sigset(d, s);
56
27
}
57
28
58
29
#endif /* __ASM_COMPAT_SIGNAL_H */
+3
-6
arch/parisc/kernel/signal.c
+3
-6
arch/parisc/kernel/signal.c
···
93
93
unsigned long usp = (regs->gr[30] & ~(0x01UL));
94
94
unsigned long sigframe_size = PARISC_RT_SIGFRAME_SIZE;
95
95
#ifdef CONFIG_64BIT
96
-
compat_sigset_t compat_set;
97
96
struct compat_rt_sigframe __user * compat_frame;
98
97
99
98
if (is_compat_task())
···
113
114
114
115
if (is_compat_task()) {
115
116
DBG(2,"sys_rt_sigreturn: ELF32 process.\n");
116
-
if (__copy_from_user(&compat_set, &compat_frame->uc.uc_sigmask, sizeof(compat_set)))
117
+
if (get_compat_sigset(&set, &compat_frame->uc.uc_sigmask))
117
118
goto give_sigsegv;
118
-
sigset_32to64(&set,&compat_set);
119
119
} else
120
120
#endif
121
121
{
···
236
238
int err = 0;
237
239
#ifdef CONFIG_64BIT
238
240
struct compat_rt_sigframe __user * compat_frame;
239
-
compat_sigset_t compat_set;
240
241
#endif
241
242
242
243
usp = (regs->gr[30] & ~(0x01UL));
···
258
261
DBG(1,"setup_rt_frame: frame->uc.uc_mcontext = 0x%p\n", &compat_frame->uc.uc_mcontext);
259
262
err |= setup_sigcontext32(&compat_frame->uc.uc_mcontext,
260
263
&compat_frame->regs, regs, in_syscall);
261
-
sigset_64to32(&compat_set,set);
262
-
err |= __copy_to_user(&compat_frame->uc.uc_sigmask, &compat_set, sizeof(compat_set));
264
+
err |= put_compat_sigset(&compat_frame->uc.uc_sigmask, set,
265
+
sizeof(compat_sigset_t));
263
266
} else
264
267
#endif
265
268
{
-13
arch/parisc/kernel/signal32.c
-13
arch/parisc/kernel/signal32.c
···
46
46
#define DBG(LEVEL, ...)
47
47
#endif
48
48
49
-
inline void
50
-
sigset_32to64(sigset_t *s64, compat_sigset_t *s32)
51
-
{
52
-
s64->sig[0] = s32->sig[0] | ((unsigned long)s32->sig[1] << 32);
53
-
}
54
-
55
-
inline void
56
-
sigset_64to32(compat_sigset_t *s32, sigset_t *s64)
57
-
{
58
-
s32->sig[0] = s64->sig[0] & 0xffffffffUL;
59
-
s32->sig[1] = (s64->sig[0] >> 32) & 0xffffffffUL;
60
-
}
61
-
62
49
long
63
50
restore_sigcontext32(struct compat_sigcontext __user *sc, struct compat_regfile __user * rf,
64
51
struct pt_regs *regs)
-2
arch/parisc/kernel/signal32.h
-2
arch/parisc/kernel/signal32.h
···
79
79
#define FUNCTIONCALLFRAME32 48
80
80
#define PARISC_RT_SIGFRAME_SIZE32 (((sizeof(struct compat_rt_sigframe) + FUNCTIONCALLFRAME32) + SIGFRAME32) & -SIGFRAME32)
81
81
82
-
void sigset_32to64(sigset_t *s64, compat_sigset_t *s32);
83
-
void sigset_64to32(compat_sigset_t *s32, sigset_t *s64);
84
82
long restore_sigcontext32(struct compat_sigcontext __user *sc,
85
83
struct compat_regfile __user *rf,
86
84
struct pt_regs *regs);
+2
-29
arch/powerpc/kernel/signal_32.c
+2
-29
arch/powerpc/kernel/signal_32.c
···
94
94
*/
95
95
static inline int put_sigset_t(compat_sigset_t __user *uset, sigset_t *set)
96
96
{
97
-
compat_sigset_t cset;
98
-
99
-
switch (_NSIG_WORDS) {
100
-
case 4: cset.sig[6] = set->sig[3] & 0xffffffffull;
101
-
cset.sig[7] = set->sig[3] >> 32;
102
-
case 3: cset.sig[4] = set->sig[2] & 0xffffffffull;
103
-
cset.sig[5] = set->sig[2] >> 32;
104
-
case 2: cset.sig[2] = set->sig[1] & 0xffffffffull;
105
-
cset.sig[3] = set->sig[1] >> 32;
106
-
case 1: cset.sig[0] = set->sig[0] & 0xffffffffull;
107
-
cset.sig[1] = set->sig[0] >> 32;
108
-
}
109
-
return copy_to_user(uset, &cset, sizeof(*uset));
97
+
return put_compat_sigset(uset, set, sizeof(*uset));
110
98
}
111
99
112
100
static inline int get_sigset_t(sigset_t *set,
113
101
const compat_sigset_t __user *uset)
114
102
{
115
-
compat_sigset_t s32;
116
-
117
-
if (copy_from_user(&s32, uset, sizeof(*uset)))
118
-
return -EFAULT;
119
-
120
-
/*
121
-
* Swap the 2 words of the 64-bit sigset_t (they are stored
122
-
* in the "wrong" endian in 32-bit user storage).
123
-
*/
124
-
switch (_NSIG_WORDS) {
125
-
case 4: set->sig[3] = s32.sig[6] | (((long)s32.sig[7]) << 32);
126
-
case 3: set->sig[2] = s32.sig[4] | (((long)s32.sig[5]) << 32);
127
-
case 2: set->sig[1] = s32.sig[2] | (((long)s32.sig[3]) << 32);
128
-
case 1: set->sig[0] = s32.sig[0] | (((long)s32.sig[1]) << 32);
129
-
}
130
-
return 0;
103
+
return get_compat_sigset(set, uset);
131
104
}
132
105
133
106
#define to_user_ptr(p) ptr_to_compat(p)
+7
-26
arch/s390/kernel/compat_signal.c
+7
-26
arch/s390/kernel/compat_signal.c
···
50
50
struct ucontext32 uc;
51
51
} rt_sigframe32;
52
52
53
-
static inline void sigset_to_sigset32(unsigned long *set64,
54
-
compat_sigset_word *set32)
55
-
{
56
-
set32[0] = (compat_sigset_word) set64[0];
57
-
set32[1] = (compat_sigset_word)(set64[0] >> 32);
58
-
}
59
-
60
-
static inline void sigset32_to_sigset(compat_sigset_word *set32,
61
-
unsigned long *set64)
62
-
{
63
-
set64[0] = (unsigned long) set32[0] | ((unsigned long) set32[1] << 32);
64
-
}
65
-
66
53
int copy_siginfo_to_user32(compat_siginfo_t __user *to, const siginfo_t *from)
67
54
{
68
55
int err;
···
281
294
{
282
295
struct pt_regs *regs = task_pt_regs(current);
283
296
sigframe32 __user *frame = (sigframe32 __user *)regs->gprs[15];
284
-
compat_sigset_t cset;
285
297
sigset_t set;
286
298
287
-
if (__copy_from_user(&cset.sig, &frame->sc.oldmask, _SIGMASK_COPY_SIZE32))
299
+
if (get_compat_sigset(&set, (compat_sigset_t __user *)frame->sc.oldmask))
288
300
goto badframe;
289
-
sigset32_to_sigset(cset.sig, set.sig);
290
301
set_current_blocked(&set);
291
302
save_fpu_regs();
292
303
if (restore_sigregs32(regs, &frame->sregs))
···
302
317
{
303
318
struct pt_regs *regs = task_pt_regs(current);
304
319
rt_sigframe32 __user *frame = (rt_sigframe32 __user *)regs->gprs[15];
305
-
compat_sigset_t cset;
306
320
sigset_t set;
307
321
308
-
if (__copy_from_user(&cset, &frame->uc.uc_sigmask, sizeof(cset)))
322
+
if (get_compat_sigset(&set, &frame->uc.uc_sigmask))
309
323
goto badframe;
310
-
sigset32_to_sigset(cset.sig, set.sig);
311
324
set_current_blocked(&set);
312
325
if (compat_restore_altstack(&frame->uc.uc_stack))
313
326
goto badframe;
···
355
372
{
356
373
int sig = ksig->sig;
357
374
sigframe32 __user *frame;
358
-
struct sigcontext32 sc;
359
375
unsigned long restorer;
360
376
size_t frame_size;
361
377
···
376
394
return -EFAULT;
377
395
378
396
/* Create struct sigcontext32 on the signal stack */
379
-
sigset_to_sigset32(set->sig, sc.oldmask);
380
-
sc.sregs = (__u32)(unsigned long __force) &frame->sregs;
381
-
if (__copy_to_user(&frame->sc, &sc, sizeof(frame->sc)))
397
+
if (put_compat_sigset((compat_sigset_t __user *)frame->sc.oldmask,
398
+
set, sizeof(compat_sigset_t)))
399
+
return -EFAULT;
400
+
if (__put_user(ptr_to_compat(&frame->sc), &frame->sc.sregs))
382
401
return -EFAULT;
383
402
384
403
/* Store registers needed to create the signal frame */
···
438
455
static int setup_rt_frame32(struct ksignal *ksig, sigset_t *set,
439
456
struct pt_regs *regs)
440
457
{
441
-
compat_sigset_t cset;
442
458
rt_sigframe32 __user *frame;
443
459
unsigned long restorer;
444
460
size_t frame_size;
···
484
502
store_sigregs();
485
503
486
504
/* Create ucontext on the signal stack. */
487
-
sigset_to_sigset32(set->sig, cset.sig);
488
505
if (__put_user(uc_flags, &frame->uc.uc_flags) ||
489
506
__put_user(0, &frame->uc.uc_link) ||
490
507
__compat_save_altstack(&frame->uc.uc_stack, regs->gprs[15]) ||
491
508
save_sigregs32(regs, &frame->uc.uc_mcontext) ||
492
-
__copy_to_user(&frame->uc.uc_sigmask, &cset, sizeof(cset)) ||
509
+
put_compat_sigset(&frame->uc.uc_sigmask, set, sizeof(compat_sigset_t)) ||
493
510
save_sigregs_ext32(regs, &frame->uc.uc_mcontext_ext))
494
511
return -EFAULT;
495
512
+2
-7
arch/sparc/kernel/signal32.c
+2
-7
arch/sparc/kernel/signal32.c
···
249
249
compat_uptr_t fpu_save;
250
250
compat_uptr_t rwin_save;
251
251
sigset_t set;
252
-
compat_sigset_t seta;
253
252
int err, i;
254
253
255
254
/* Always make any pending restarted system calls return -EINTR */
···
311
312
err |= __get_user(fpu_save, &sf->fpu_save);
312
313
if (!err && fpu_save)
313
314
err |= restore_fpu_state(regs, compat_ptr(fpu_save));
314
-
err |= copy_from_user(&seta, &sf->mask, sizeof(compat_sigset_t));
315
+
err |= get_compat_sigset(&set, &sf->mask);
315
316
err |= compat_restore_altstack(&sf->stack);
316
317
if (err)
317
318
goto segv;
···
322
323
goto segv;
323
324
}
324
325
325
-
set.sig[0] = seta.sig[0] + (((long)seta.sig[1]) << 32);
326
326
set_current_blocked(&set);
327
327
return;
328
328
segv:
···
553
555
void __user *tail;
554
556
int sigframe_size;
555
557
u32 psr;
556
-
compat_sigset_t seta;
557
558
558
559
/* 1. Make sure everything is clean */
559
560
synchronize_user_stack();
···
622
625
/* Setup sigaltstack */
623
626
err |= __compat_save_altstack(&sf->stack, regs->u_regs[UREG_FP]);
624
627
625
-
seta.sig[1] = (oldset->sig[0] >> 32);
626
-
seta.sig[0] = oldset->sig[0];
627
-
err |= __copy_to_user(&sf->mask, &seta, sizeof(compat_sigset_t));
628
+
err |= put_compat_sigset(&sf->mask, oldset, sizeof(compat_sigset_t));
628
629
629
630
if (!wsaved) {
630
631
err |= copy_in_user((u32 __user *)sf,
+3
-5
arch/sparc/kernel/sys_sparc32.c
+3
-5
arch/sparc/kernel/sys_sparc32.c
···
160
160
{
161
161
struct k_sigaction new_ka, old_ka;
162
162
int ret;
163
-
compat_sigset_t set32;
164
163
165
164
/* XXX: Don't preclude handling different sized sigset_t's. */
166
165
if (sigsetsize != sizeof(compat_sigset_t))
···
171
172
new_ka.ka_restorer = restorer;
172
173
ret = get_user(u_handler, &act->sa_handler);
173
174
new_ka.sa.sa_handler = compat_ptr(u_handler);
174
-
ret |= copy_from_user(&set32, &act->sa_mask, sizeof(compat_sigset_t));
175
-
sigset_from_compat(&new_ka.sa.sa_mask, &set32);
175
+
ret |= get_compat_sigset(&new_ka.sa.sa_mask, &act->sa_mask);
176
176
ret |= get_user(new_ka.sa.sa_flags, &act->sa_flags);
177
177
ret |= get_user(u_restorer, &act->sa_restorer);
178
178
new_ka.sa.sa_restorer = compat_ptr(u_restorer);
···
182
184
ret = do_sigaction(sig, act ? &new_ka : NULL, oact ? &old_ka : NULL);
183
185
184
186
if (!ret && oact) {
185
-
sigset_to_compat(&set32, &old_ka.sa.sa_mask);
186
187
ret = put_user(ptr_to_compat(old_ka.sa.sa_handler), &oact->sa_handler);
187
-
ret |= copy_to_user(&oact->sa_mask, &set32, sizeof(compat_sigset_t));
188
+
ret |= put_compat_sigset(&oact->sa_mask, &old_ka.sa.sa_mask,
189
+
sizeof(oact->sa_mask));
188
190
ret |= put_user(old_ka.sa.sa_flags, &oact->sa_flags);
189
191
ret |= put_user(ptr_to_compat(old_ka.sa.sa_restorer), &oact->sa_restorer);
190
192
if (ret)
-6
drivers/char/ipmi/bt-bmc.c
-6
drivers/char/ipmi/bt-bmc.c
···
204
204
ssize_t ret = 0;
205
205
ssize_t nread;
206
206
207
-
if (!access_ok(VERIFY_WRITE, buf, count))
208
-
return -EFAULT;
209
-
210
207
WARN_ON(*ppos);
211
208
212
209
if (wait_event_interruptible(bt_bmc->queue,
···
273
276
*/
274
277
if (count < 5)
275
278
return -EINVAL;
276
-
277
-
if (!access_ok(VERIFY_READ, buf, count))
278
-
return -EFAULT;
279
279
280
280
WARN_ON(*ppos);
281
281
+4
drivers/gpu/drm/r128/r128_drv.h
+4
drivers/gpu/drm/r128/r128_drv.h
···
147
147
extern int r128_fullscreen(struct drm_device *dev, void *data, struct drm_file *file_priv);
148
148
extern int r128_cce_buffers(struct drm_device *dev, void *data, struct drm_file *file_priv);
149
149
150
+
extern int r128_cce_stipple(struct drm_device *dev, void *data, struct drm_file *file_priv);
151
+
extern int r128_cce_depth(struct drm_device *dev, void *data, struct drm_file *file_priv);
152
+
extern int r128_getparam(struct drm_device *dev, void *data, struct drm_file *file_priv);
153
+
150
154
extern void r128_freelist_reset(struct drm_device *dev);
151
155
152
156
extern int r128_wait_ring(drm_r128_private_t *dev_priv, int n);
+40
-57
drivers/gpu/drm/r128/r128_ioc32.c
+40
-57
drivers/gpu/drm/r128/r128_ioc32.c
···
63
63
unsigned long arg)
64
64
{
65
65
drm_r128_init32_t init32;
66
-
drm_r128_init_t __user *init;
66
+
drm_r128_init_t init;
67
67
68
68
if (copy_from_user(&init32, (void __user *)arg, sizeof(init32)))
69
69
return -EFAULT;
70
70
71
-
init = compat_alloc_user_space(sizeof(*init));
72
-
if (!access_ok(VERIFY_WRITE, init, sizeof(*init))
73
-
|| __put_user(init32.func, &init->func)
74
-
|| __put_user(init32.sarea_priv_offset, &init->sarea_priv_offset)
75
-
|| __put_user(init32.is_pci, &init->is_pci)
76
-
|| __put_user(init32.cce_mode, &init->cce_mode)
77
-
|| __put_user(init32.cce_secure, &init->cce_secure)
78
-
|| __put_user(init32.ring_size, &init->ring_size)
79
-
|| __put_user(init32.usec_timeout, &init->usec_timeout)
80
-
|| __put_user(init32.fb_bpp, &init->fb_bpp)
81
-
|| __put_user(init32.front_offset, &init->front_offset)
82
-
|| __put_user(init32.front_pitch, &init->front_pitch)
83
-
|| __put_user(init32.back_offset, &init->back_offset)
84
-
|| __put_user(init32.back_pitch, &init->back_pitch)
85
-
|| __put_user(init32.depth_bpp, &init->depth_bpp)
86
-
|| __put_user(init32.depth_offset, &init->depth_offset)
87
-
|| __put_user(init32.depth_pitch, &init->depth_pitch)
88
-
|| __put_user(init32.span_offset, &init->span_offset)
89
-
|| __put_user(init32.fb_offset, &init->fb_offset)
90
-
|| __put_user(init32.mmio_offset, &init->mmio_offset)
91
-
|| __put_user(init32.ring_offset, &init->ring_offset)
92
-
|| __put_user(init32.ring_rptr_offset, &init->ring_rptr_offset)
93
-
|| __put_user(init32.buffers_offset, &init->buffers_offset)
94
-
|| __put_user(init32.agp_textures_offset,
95
-
&init->agp_textures_offset))
96
-
return -EFAULT;
71
+
init.func = init32.func;
72
+
init.sarea_priv_offset = init32.sarea_priv_offset;
73
+
init.is_pci = init32.is_pci;
74
+
init.cce_mode = init32.cce_mode;
75
+
init.cce_secure = init32.cce_secure;
76
+
init.ring_size = init32.ring_size;
77
+
init.usec_timeout = init32.usec_timeout;
78
+
init.fb_bpp = init32.fb_bpp;
79
+
init.front_offset = init32.front_offset;
80
+
init.front_pitch = init32.front_pitch;
81
+
init.back_offset = init32.back_offset;
82
+
init.back_pitch = init32.back_pitch;
83
+
init.depth_bpp = init32.depth_bpp;
84
+
init.depth_offset = init32.depth_offset;
85
+
init.depth_pitch = init32.depth_pitch;
86
+
init.span_offset = init32.span_offset;
87
+
init.fb_offset = init32.fb_offset;
88
+
init.mmio_offset = init32.mmio_offset;
89
+
init.ring_offset = init32.ring_offset;
90
+
init.ring_rptr_offset = init32.ring_rptr_offset;
91
+
init.buffers_offset = init32.buffers_offset;
92
+
init.agp_textures_offset = init32.agp_textures_offset;
97
93
98
-
return drm_ioctl(file, DRM_IOCTL_R128_INIT, (unsigned long)init);
94
+
return drm_ioctl_kernel(file, r128_cce_init, &init,
95
+
DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY);
99
96
}
100
97
101
98
typedef struct drm_r128_depth32 {
···
108
111
unsigned long arg)
109
112
{
110
113
drm_r128_depth32_t depth32;
111
-
drm_r128_depth_t __user *depth;
114
+
drm_r128_depth_t depth;
112
115
113
116
if (copy_from_user(&depth32, (void __user *)arg, sizeof(depth32)))
114
117
return -EFAULT;
115
118
116
-
depth = compat_alloc_user_space(sizeof(*depth));
117
-
if (!access_ok(VERIFY_WRITE, depth, sizeof(*depth))
118
-
|| __put_user(depth32.func, &depth->func)
119
-
|| __put_user(depth32.n, &depth->n)
120
-
|| __put_user((int __user *)(unsigned long)depth32.x, &depth->x)
121
-
|| __put_user((int __user *)(unsigned long)depth32.y, &depth->y)
122
-
|| __put_user((unsigned int __user *)(unsigned long)depth32.buffer,
123
-
&depth->buffer)
124
-
|| __put_user((unsigned char __user *)(unsigned long)depth32.mask,
125
-
&depth->mask))
126
-
return -EFAULT;
119
+
depth.func = depth32.func;
120
+
depth.n = depth32.n;
121
+
depth.x = compat_ptr(depth32.x);
122
+
depth.y = compat_ptr(depth32.y);
123
+
depth.buffer = compat_ptr(depth32.buffer);
124
+
depth.mask = compat_ptr(depth32.mask);
127
125
128
-
return drm_ioctl(file, DRM_IOCTL_R128_DEPTH, (unsigned long)depth);
129
-
126
+
return drm_ioctl_kernel(file, r128_cce_depth, &depth, DRM_AUTH);
130
127
}
131
128
132
129
typedef struct drm_r128_stipple32 {
···
131
140
unsigned long arg)
132
141
{
133
142
drm_r128_stipple32_t stipple32;
134
-
drm_r128_stipple_t __user *stipple;
143
+
drm_r128_stipple_t stipple;
135
144
136
145
if (copy_from_user(&stipple32, (void __user *)arg, sizeof(stipple32)))
137
146
return -EFAULT;
138
147
139
-
stipple = compat_alloc_user_space(sizeof(*stipple));
140
-
if (!access_ok(VERIFY_WRITE, stipple, sizeof(*stipple))
141
-
|| __put_user((unsigned int __user *)(unsigned long)stipple32.mask,
142
-
&stipple->mask))
143
-
return -EFAULT;
148
+
stipple.mask = compat_ptr(stipple32.mask);
144
149
145
-
return drm_ioctl(file, DRM_IOCTL_R128_STIPPLE, (unsigned long)stipple);
150
+
return drm_ioctl_kernel(file, r128_cce_stipple, &stipple, DRM_AUTH);
146
151
}
147
152
148
153
typedef struct drm_r128_getparam32 {
···
150
163
unsigned long arg)
151
164
{
152
165
drm_r128_getparam32_t getparam32;
153
-
drm_r128_getparam_t __user *getparam;
166
+
drm_r128_getparam_t getparam;
154
167
155
168
if (copy_from_user(&getparam32, (void __user *)arg, sizeof(getparam32)))
156
169
return -EFAULT;
157
170
158
-
getparam = compat_alloc_user_space(sizeof(*getparam));
159
-
if (!access_ok(VERIFY_WRITE, getparam, sizeof(*getparam))
160
-
|| __put_user(getparam32.param, &getparam->param)
161
-
|| __put_user((void __user *)(unsigned long)getparam32.value,
162
-
&getparam->value))
163
-
return -EFAULT;
171
+
getparam.param = getparam32.param;
172
+
getparam.value = compat_ptr(getparam32.value);
164
173
165
-
return drm_ioctl(file, DRM_IOCTL_R128_GETPARAM, (unsigned long)getparam);
174
+
return drm_ioctl_kernel(file, r128_getparam, &getparam, DRM_AUTH);
166
175
}
167
176
168
177
drm_ioctl_compat_t *r128_compat_ioctls[] = {
+3
-3
drivers/gpu/drm/r128/r128_state.c
+3
-3
drivers/gpu/drm/r128/r128_state.c
···
1460
1460
return ret;
1461
1461
}
1462
1462
1463
-
static int r128_cce_depth(struct drm_device *dev, void *data, struct drm_file *file_priv)
1463
+
int r128_cce_depth(struct drm_device *dev, void *data, struct drm_file *file_priv)
1464
1464
{
1465
1465
drm_r128_private_t *dev_priv = dev->dev_private;
1466
1466
drm_r128_depth_t *depth = data;
···
1492
1492
return ret;
1493
1493
}
1494
1494
1495
-
static int r128_cce_stipple(struct drm_device *dev, void *data, struct drm_file *file_priv)
1495
+
int r128_cce_stipple(struct drm_device *dev, void *data, struct drm_file *file_priv)
1496
1496
{
1497
1497
drm_r128_private_t *dev_priv = dev->dev_private;
1498
1498
drm_r128_stipple_t *stipple = data;
···
1582
1582
return 0;
1583
1583
}
1584
1584
1585
-
static int r128_getparam(struct drm_device *dev, void *data, struct drm_file *file_priv)
1585
+
int r128_getparam(struct drm_device *dev, void *data, struct drm_file *file_priv)
1586
1586
{
1587
1587
drm_r128_private_t *dev_priv = dev->dev_private;
1588
1588
drm_r128_getparam_t *param = data;
+180
-88
drivers/i2c/i2c-dev.c
+180
-88
drivers/i2c/i2c-dev.c
···
35
35
#include <linux/notifier.h>
36
36
#include <linux/slab.h>
37
37
#include <linux/uaccess.h>
38
+
#include <linux/compat.h>
38
39
39
40
/*
40
41
* An i2c_dev represents an i2c_adapter ... an I2C or SMBus master, not a
···
239
238
}
240
239
241
240
static noinline int i2cdev_ioctl_rdwr(struct i2c_client *client,
242
-
unsigned long arg)
241
+
unsigned nmsgs, struct i2c_msg *msgs)
243
242
{
244
-
struct i2c_rdwr_ioctl_data rdwr_arg;
245
-
struct i2c_msg *rdwr_pa;
246
243
u8 __user **data_ptrs;
247
244
int i, res;
248
245
249
-
if (copy_from_user(&rdwr_arg,
250
-
(struct i2c_rdwr_ioctl_data __user *)arg,
251
-
sizeof(rdwr_arg)))
252
-
return -EFAULT;
253
-
254
-
/* Put an arbitrary limit on the number of messages that can
255
-
* be sent at once */
256
-
if (rdwr_arg.nmsgs > I2C_RDWR_IOCTL_MAX_MSGS)
257
-
return -EINVAL;
258
-
259
-
rdwr_pa = memdup_user(rdwr_arg.msgs,
260
-
rdwr_arg.nmsgs * sizeof(struct i2c_msg));
261
-
if (IS_ERR(rdwr_pa))
262
-
return PTR_ERR(rdwr_pa);
263
-
264
-
data_ptrs = kmalloc(rdwr_arg.nmsgs * sizeof(u8 __user *), GFP_KERNEL);
246
+
data_ptrs = kmalloc(nmsgs * sizeof(u8 __user *), GFP_KERNEL);
265
247
if (data_ptrs == NULL) {
266
-
kfree(rdwr_pa);
248
+
kfree(msgs);
267
249
return -ENOMEM;
268
250
}
269
251
270
252
res = 0;
271
-
for (i = 0; i < rdwr_arg.nmsgs; i++) {
253
+
for (i = 0; i < nmsgs; i++) {
272
254
/* Limit the size of the message to a sane amount */
273
-
if (rdwr_pa[i].len > 8192) {
255
+
if (msgs[i].len > 8192) {
274
256
res = -EINVAL;
275
257
break;
276
258
}
277
259
278
-
data_ptrs[i] = (u8 __user *)rdwr_pa[i].buf;
279
-
rdwr_pa[i].buf = memdup_user(data_ptrs[i], rdwr_pa[i].len);
280
-
if (IS_ERR(rdwr_pa[i].buf)) {
281
-
res = PTR_ERR(rdwr_pa[i].buf);
260
+
data_ptrs[i] = (u8 __user *)msgs[i].buf;
261
+
msgs[i].buf = memdup_user(data_ptrs[i], msgs[i].len);
262
+
if (IS_ERR(msgs[i].buf)) {
263
+
res = PTR_ERR(msgs[i].buf);
282
264
break;
283
265
}
284
266
···
276
292
* greater (for example to account for a checksum byte at
277
293
* the end of the message.)
278
294
*/
279
-
if (rdwr_pa[i].flags & I2C_M_RECV_LEN) {
280
-
if (!(rdwr_pa[i].flags & I2C_M_RD) ||
281
-
rdwr_pa[i].buf[0] < 1 ||
282
-
rdwr_pa[i].len < rdwr_pa[i].buf[0] +
295
+
if (msgs[i].flags & I2C_M_RECV_LEN) {
296
+
if (!(msgs[i].flags & I2C_M_RD) ||
297
+
msgs[i].buf[0] < 1 ||
298
+
msgs[i].len < msgs[i].buf[0] +
283
299
I2C_SMBUS_BLOCK_MAX) {
284
300
res = -EINVAL;
285
301
break;
286
302
}
287
303
288
-
rdwr_pa[i].len = rdwr_pa[i].buf[0];
304
+
msgs[i].len = msgs[i].buf[0];
289
305
}
290
306
}
291
307
if (res < 0) {
292
308
int j;
293
309
for (j = 0; j < i; ++j)
294
-
kfree(rdwr_pa[j].buf);
310
+
kfree(msgs[j].buf);
295
311
kfree(data_ptrs);
296
-
kfree(rdwr_pa);
312
+
kfree(msgs);
297
313
return res;
298
314
}
299
315
300
-
res = i2c_transfer(client->adapter, rdwr_pa, rdwr_arg.nmsgs);
316
+
res = i2c_transfer(client->adapter, msgs, nmsgs);
301
317
while (i-- > 0) {
302
-
if (res >= 0 && (rdwr_pa[i].flags & I2C_M_RD)) {
303
-
if (copy_to_user(data_ptrs[i], rdwr_pa[i].buf,
304
-
rdwr_pa[i].len))
318
+
if (res >= 0 && (msgs[i].flags & I2C_M_RD)) {
319
+
if (copy_to_user(data_ptrs[i], msgs[i].buf,
320
+
msgs[i].len))
305
321
res = -EFAULT;
306
322
}
307
-
kfree(rdwr_pa[i].buf);
323
+
kfree(msgs[i].buf);
308
324
}
309
325
kfree(data_ptrs);
310
-
kfree(rdwr_pa);
326
+
kfree(msgs);
311
327
return res;
312
328
}
313
329
314
330
static noinline int i2cdev_ioctl_smbus(struct i2c_client *client,
315
-
unsigned long arg)
331
+
u8 read_write, u8 command, u32 size,
332
+
union i2c_smbus_data __user *data)
316
333
{
317
-
struct i2c_smbus_ioctl_data data_arg;
318
334
union i2c_smbus_data temp = {};
319
335
int datasize, res;
320
336
321
-
if (copy_from_user(&data_arg,
322
-
(struct i2c_smbus_ioctl_data __user *) arg,
323
-
sizeof(struct i2c_smbus_ioctl_data)))
324
-
return -EFAULT;
325
-
if ((data_arg.size != I2C_SMBUS_BYTE) &&
326
-
(data_arg.size != I2C_SMBUS_QUICK) &&
327
-
(data_arg.size != I2C_SMBUS_BYTE_DATA) &&
328
-
(data_arg.size != I2C_SMBUS_WORD_DATA) &&
329
-
(data_arg.size != I2C_SMBUS_PROC_CALL) &&
330
-
(data_arg.size != I2C_SMBUS_BLOCK_DATA) &&
331
-
(data_arg.size != I2C_SMBUS_I2C_BLOCK_BROKEN) &&
332
-
(data_arg.size != I2C_SMBUS_I2C_BLOCK_DATA) &&
333
-
(data_arg.size != I2C_SMBUS_BLOCK_PROC_CALL)) {
337
+
if ((size != I2C_SMBUS_BYTE) &&
338
+
(size != I2C_SMBUS_QUICK) &&
339
+
(size != I2C_SMBUS_BYTE_DATA) &&
340
+
(size != I2C_SMBUS_WORD_DATA) &&
341
+
(size != I2C_SMBUS_PROC_CALL) &&
342
+
(size != I2C_SMBUS_BLOCK_DATA) &&
343
+
(size != I2C_SMBUS_I2C_BLOCK_BROKEN) &&
344
+
(size != I2C_SMBUS_I2C_BLOCK_DATA) &&
345
+
(size != I2C_SMBUS_BLOCK_PROC_CALL)) {
334
346
dev_dbg(&client->adapter->dev,
335
347
"size out of range (%x) in ioctl I2C_SMBUS.\n",
336
-
data_arg.size);
348
+
size);
337
349
return -EINVAL;
338
350
}
339
351
/* Note that I2C_SMBUS_READ and I2C_SMBUS_WRITE are 0 and 1,
340
352
so the check is valid if size==I2C_SMBUS_QUICK too. */
341
-
if ((data_arg.read_write != I2C_SMBUS_READ) &&
342
-
(data_arg.read_write != I2C_SMBUS_WRITE)) {
353
+
if ((read_write != I2C_SMBUS_READ) &&
354
+
(read_write != I2C_SMBUS_WRITE)) {
343
355
dev_dbg(&client->adapter->dev,
344
356
"read_write out of range (%x) in ioctl I2C_SMBUS.\n",
345
-
data_arg.read_write);
357
+
read_write);
346
358
return -EINVAL;
347
359
}
348
360
349
361
/* Note that command values are always valid! */
350
362
351
-
if ((data_arg.size == I2C_SMBUS_QUICK) ||
352
-
((data_arg.size == I2C_SMBUS_BYTE) &&
353
-
(data_arg.read_write == I2C_SMBUS_WRITE)))
363
+
if ((size == I2C_SMBUS_QUICK) ||
364
+
((size == I2C_SMBUS_BYTE) &&
365
+
(read_write == I2C_SMBUS_WRITE)))
354
366
/* These are special: we do not use data */
355
367
return i2c_smbus_xfer(client->adapter, client->addr,
356
-
client->flags, data_arg.read_write,
357
-
data_arg.command, data_arg.size, NULL);
368
+
client->flags, read_write,
369
+
command, size, NULL);
358
370
359
-
if (data_arg.data == NULL) {
371
+
if (data == NULL) {
360
372
dev_dbg(&client->adapter->dev,
361
373
"data is NULL pointer in ioctl I2C_SMBUS.\n");
362
374
return -EINVAL;
363
375
}
364
376
365
-
if ((data_arg.size == I2C_SMBUS_BYTE_DATA) ||
366
-
(data_arg.size == I2C_SMBUS_BYTE))
367
-
datasize = sizeof(data_arg.data->byte);
368
-
else if ((data_arg.size == I2C_SMBUS_WORD_DATA) ||
369
-
(data_arg.size == I2C_SMBUS_PROC_CALL))
370
-
datasize = sizeof(data_arg.data->word);
377
+
if ((size == I2C_SMBUS_BYTE_DATA) ||
378
+
(size == I2C_SMBUS_BYTE))
379
+
datasize = sizeof(data->byte);
380
+
else if ((size == I2C_SMBUS_WORD_DATA) ||
381
+
(size == I2C_SMBUS_PROC_CALL))
382
+
datasize = sizeof(data->word);
371
383
else /* size == smbus block, i2c block, or block proc. call */
372
-
datasize = sizeof(data_arg.data->block);
384
+
datasize = sizeof(data->block);
373
385
374
-
if ((data_arg.size == I2C_SMBUS_PROC_CALL) ||
375
-
(data_arg.size == I2C_SMBUS_BLOCK_PROC_CALL) ||
376
-
(data_arg.size == I2C_SMBUS_I2C_BLOCK_DATA) ||
377
-
(data_arg.read_write == I2C_SMBUS_WRITE)) {
378
-
if (copy_from_user(&temp, data_arg.data, datasize))
386
+
if ((size == I2C_SMBUS_PROC_CALL) ||
387
+
(size == I2C_SMBUS_BLOCK_PROC_CALL) ||
388
+
(size == I2C_SMBUS_I2C_BLOCK_DATA) ||
389
+
(read_write == I2C_SMBUS_WRITE)) {
390
+
if (copy_from_user(&temp, data, datasize))
379
391
return -EFAULT;
380
392
}
381
-
if (data_arg.size == I2C_SMBUS_I2C_BLOCK_BROKEN) {
393
+
if (size == I2C_SMBUS_I2C_BLOCK_BROKEN) {
382
394
/* Convert old I2C block commands to the new
383
395
convention. This preserves binary compatibility. */
384
-
data_arg.size = I2C_SMBUS_I2C_BLOCK_DATA;
385
-
if (data_arg.read_write == I2C_SMBUS_READ)
396
+
size = I2C_SMBUS_I2C_BLOCK_DATA;
397
+
if (read_write == I2C_SMBUS_READ)
386
398
temp.block[0] = I2C_SMBUS_BLOCK_MAX;
387
399
}
388
400
res = i2c_smbus_xfer(client->adapter, client->addr, client->flags,
389
-
data_arg.read_write, data_arg.command, data_arg.size, &temp);
390
-
if (!res && ((data_arg.size == I2C_SMBUS_PROC_CALL) ||
391
-
(data_arg.size == I2C_SMBUS_BLOCK_PROC_CALL) ||
392
-
(data_arg.read_write == I2C_SMBUS_READ))) {
393
-
if (copy_to_user(data_arg.data, &temp, datasize))
401
+
read_write, command, size, &temp);
402
+
if (!res && ((size == I2C_SMBUS_PROC_CALL) ||
403
+
(size == I2C_SMBUS_BLOCK_PROC_CALL) ||
404
+
(read_write == I2C_SMBUS_READ))) {
405
+
if (copy_to_user(data, &temp, datasize))
394
406
return -EFAULT;
395
407
}
396
408
return res;
···
434
454
funcs = i2c_get_functionality(client->adapter);
435
455
return put_user(funcs, (unsigned long __user *)arg);
436
456
437
-
case I2C_RDWR:
438
-
return i2cdev_ioctl_rdwr(client, arg);
457
+
case I2C_RDWR: {
458
+
struct i2c_rdwr_ioctl_data rdwr_arg;
459
+
struct i2c_msg *rdwr_pa;
439
460
440
-
case I2C_SMBUS:
441
-
return i2cdev_ioctl_smbus(client, arg);
461
+
if (copy_from_user(&rdwr_arg,
462
+
(struct i2c_rdwr_ioctl_data __user *)arg,
463
+
sizeof(rdwr_arg)))
464
+
return -EFAULT;
442
465
466
+
/* Put an arbitrary limit on the number of messages that can
467
+
* be sent at once */
468
+
if (rdwr_arg.nmsgs > I2C_RDWR_IOCTL_MAX_MSGS)
469
+
return -EINVAL;
470
+
471
+
rdwr_pa = memdup_user(rdwr_arg.msgs,
472
+
rdwr_arg.nmsgs * sizeof(struct i2c_msg));
473
+
if (IS_ERR(rdwr_pa))
474
+
return PTR_ERR(rdwr_pa);
475
+
476
+
return i2cdev_ioctl_rdwr(client, rdwr_arg.nmsgs, rdwr_pa);
477
+
}
478
+
479
+
case I2C_SMBUS: {
480
+
struct i2c_smbus_ioctl_data data_arg;
481
+
if (copy_from_user(&data_arg,
482
+
(struct i2c_smbus_ioctl_data __user *) arg,
483
+
sizeof(struct i2c_smbus_ioctl_data)))
484
+
return -EFAULT;
485
+
return i2cdev_ioctl_smbus(client, data_arg.read_write,
486
+
data_arg.command,
487
+
data_arg.size,
488
+
data_arg.data);
489
+
}
443
490
case I2C_RETRIES:
444
491
client->adapter->retries = arg;
445
492
break;
···
486
479
}
487
480
return 0;
488
481
}
482
+
483
+
#ifdef CONFIG_COMPAT
484
+
485
+
struct i2c_smbus_ioctl_data32 {
486
+
u8 read_write;
487
+
u8 command;
488
+
u32 size;
489
+
compat_caddr_t data; /* union i2c_smbus_data *data */
490
+
};
491
+
492
+
struct i2c_msg32 {
493
+
u16 addr;
494
+
u16 flags;
495
+
u16 len;
496
+
compat_caddr_t buf;
497
+
};
498
+
499
+
struct i2c_rdwr_ioctl_data32 {
500
+
compat_caddr_t msgs; /* struct i2c_msg __user *msgs */
501
+
u32 nmsgs;
502
+
};
503
+
504
+
static long compat_i2cdev_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
505
+
{
506
+
struct i2c_client *client = file->private_data;
507
+
unsigned long funcs;
508
+
switch (cmd) {
509
+
case I2C_FUNCS:
510
+
funcs = i2c_get_functionality(client->adapter);
511
+
return put_user(funcs, (compat_ulong_t __user *)arg);
512
+
case I2C_RDWR: {
513
+
struct i2c_rdwr_ioctl_data32 rdwr_arg;
514
+
struct i2c_msg32 *p;
515
+
struct i2c_msg *rdwr_pa;
516
+
int i;
517
+
518
+
if (copy_from_user(&rdwr_arg,
519
+
(struct i2c_rdwr_ioctl_data32 __user *)arg,
520
+
sizeof(rdwr_arg)))
521
+
return -EFAULT;
522
+
523
+
if (rdwr_arg.nmsgs > I2C_RDWR_IOCTL_MAX_MSGS)
524
+
return -EINVAL;
525
+
526
+
rdwr_pa = kmalloc_array(rdwr_arg.nmsgs, sizeof(struct i2c_msg),
527
+
GFP_KERNEL);
528
+
if (!rdwr_pa)
529
+
return -ENOMEM;
530
+
531
+
p = compat_ptr(rdwr_arg.msgs);
532
+
for (i = 0; i < rdwr_arg.nmsgs; i++) {
533
+
struct i2c_msg32 umsg;
534
+
if (copy_from_user(&umsg, p + i, sizeof(umsg))) {
535
+
kfree(rdwr_pa);
536
+
return -EFAULT;
537
+
}
538
+
rdwr_pa[i] = (struct i2c_msg) {
539
+
.addr = umsg.addr,
540
+
.flags = umsg.flags,
541
+
.len = umsg.len,
542
+
.buf = compat_ptr(umsg.buf)
543
+
};
544
+
}
545
+
546
+
return i2cdev_ioctl_rdwr(client, rdwr_arg.nmsgs, rdwr_pa);
547
+
}
548
+
case I2C_SMBUS: {
549
+
struct i2c_smbus_ioctl_data32 data32;
550
+
if (copy_from_user(&data32,
551
+
(void __user *) arg,
552
+
sizeof(data32)))
553
+
return -EFAULT;
554
+
return i2cdev_ioctl_smbus(client, data32.read_write,
555
+
data32.command,
556
+
data32.size,
557
+
compat_ptr(data32.data));
558
+
}
559
+
default:
560
+
return i2cdev_ioctl(file, cmd, arg);
561
+
}
562
+
}
563
+
#else
564
+
#define compat_i2cdev_ioctl NULL
565
+
#endif
489
566
490
567
static int i2cdev_open(struct inode *inode, struct file *file)
491
568
{
···
618
527
.read = i2cdev_read,
619
528
.write = i2cdev_write,
620
529
.unlocked_ioctl = i2cdev_ioctl,
530
+
.compat_ioctl = compat_i2cdev_ioctl,
621
531
.open = i2cdev_open,
622
532
.release = i2cdev_release,
623
533
};
+1
-23
drivers/mtd/mtdchar.c
+1
-23
drivers/mtd/mtdchar.c
···
375
375
return -EINVAL;
376
376
377
377
if (!mtd->_write_oob)
378
-
ret = -EOPNOTSUPP;
379
-
else
380
-
ret = access_ok(VERIFY_READ, ptr, length) ? 0 : -EFAULT;
381
-
382
-
if (ret)
383
-
return ret;
378
+
return -EOPNOTSUPP;
384
379
385
380
ops.ooblen = length;
386
381
ops.ooboffs = start & (mtd->writesize - 1);
···
413
418
414
419
if (length > 4096)
415
420
return -EINVAL;
416
-
417
-
if (!access_ok(VERIFY_WRITE, ptr, length))
418
-
return -EFAULT;
419
421
420
422
ops.ooblen = length;
421
423
ops.ooboffs = start & (mtd->writesize - 1);
···
610
618
611
619
usr_data = (const void __user *)(uintptr_t)req.usr_data;
612
620
usr_oob = (const void __user *)(uintptr_t)req.usr_oob;
613
-
if (!access_ok(VERIFY_READ, usr_data, req.len) ||
614
-
!access_ok(VERIFY_READ, usr_oob, req.ooblen))
615
-
return -EFAULT;
616
621
617
622
if (!mtd->_write_oob)
618
623
return -EOPNOTSUPP;
···
651
662
struct mtd_info *mtd = mfi->mtd;
652
663
void __user *argp = (void __user *)arg;
653
664
int ret = 0;
654
-
u_long size;
655
665
struct mtd_info_user info;
656
666
657
667
pr_debug("MTD_ioctl\n");
658
-
659
-
size = (cmd & IOCSIZE_MASK) >> IOCSIZE_SHIFT;
660
-
if (cmd & IOC_IN) {
661
-
if (!access_ok(VERIFY_READ, argp, size))
662
-
return -EFAULT;
663
-
}
664
-
if (cmd & IOC_OUT) {
665
-
if (!access_ok(VERIFY_WRITE, argp, size))
666
-
return -EFAULT;
667
-
}
668
668
669
669
switch (cmd) {
670
670
case MEMGETREGIONCOUNT:
-6
drivers/scsi/cxlflash/main.c
-6
drivers/scsi/cxlflash/main.c
···
3393
3393
goto out;
3394
3394
}
3395
3395
3396
-
if (unlikely(!access_ok(is_write ? VERIFY_READ : VERIFY_WRITE,
3397
-
ubuf, ulen))) {
3398
-
rc = -EFAULT;
3399
-
goto out;
3400
-
}
3401
-
3402
3396
buf = kmalloc(ulen + cache_line_size() - 1, GFP_KERNEL);
3403
3397
if (unlikely(!buf)) {
3404
3398
rc = -ENOMEM;
+14
-76
drivers/staging/pi433/pi433_if.c
+14
-76
drivers/staging/pi433/pi433_if.c
···
762
762
static long
763
763
pi433_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
764
764
{
765
-
int err = 0;
766
765
int retval = 0;
767
766
struct pi433_instance *instance;
768
767
struct pi433_device *device;
769
-
u32 tmp;
768
+
void __user *argp = (void __user *)arg;
770
769
771
770
/* Check type and command number */
772
771
if (_IOC_TYPE(cmd) != PI433_IOC_MAGIC)
773
772
return -ENOTTY;
774
-
775
-
/* Check access direction once here; don't repeat below.
776
-
* IOC_DIR is from the user perspective, while access_ok is
777
-
* from the kernel perspective; so they look reversed.
778
-
*/
779
-
if (_IOC_DIR(cmd) & _IOC_READ)
780
-
err = !access_ok(VERIFY_WRITE,
781
-
(void __user *)arg,
782
-
_IOC_SIZE(cmd));
783
-
784
-
if (err == 0 && _IOC_DIR(cmd) & _IOC_WRITE)
785
-
err = !access_ok(VERIFY_READ,
786
-
(void __user *)arg,
787
-
_IOC_SIZE(cmd));
788
-
if (err)
789
-
return -EFAULT;
790
773
791
774
/* TODO? guard against device removal before, or while,
792
775
* we issue this ioctl. --> device_get()
···
782
799
783
800
switch (cmd) {
784
801
case PI433_IOC_RD_TX_CFG:
785
-
tmp = _IOC_SIZE(cmd);
786
-
if ((tmp == 0) || ((tmp % sizeof(struct pi433_tx_cfg)) != 0)) {
787
-
retval = -EINVAL;
788
-
break;
789
-
}
790
-
791
-
if (__copy_to_user((void __user *)arg,
792
-
&instance->tx_cfg,
793
-
tmp))
794
-
{
795
-
retval = -EFAULT;
796
-
break;
797
-
}
798
-
802
+
if (copy_to_user(argp, &instance->tx_cfg,
803
+
sizeof(struct pi433_tx_cfg)))
804
+
return -EFAULT;
799
805
break;
800
806
case PI433_IOC_WR_TX_CFG:
801
-
tmp = _IOC_SIZE(cmd);
802
-
if ((tmp == 0) || ((tmp % sizeof(struct pi433_tx_cfg)) != 0)) {
803
-
retval = -EINVAL;
804
-
break;
805
-
}
806
-
807
-
if (__copy_from_user(&instance->tx_cfg,
808
-
(void __user *)arg,
809
-
tmp))
810
-
{
811
-
retval = -EFAULT;
812
-
break;
813
-
}
814
-
807
+
if (copy_from_user(&instance->tx_cfg, argp,
808
+
sizeof(struct pi433_tx_cfg)))
809
+
return -EFAULT;
815
810
break;
816
-
817
811
case PI433_IOC_RD_RX_CFG:
818
-
tmp = _IOC_SIZE(cmd);
819
-
if ( (tmp == 0) || ((tmp % sizeof(struct pi433_rx_cfg)) != 0) ) {
820
-
retval = -EINVAL;
821
-
break;
822
-
}
823
-
824
-
if (__copy_to_user((void __user *)arg,
825
-
&device->rx_cfg,
826
-
tmp))
827
-
{
828
-
retval = -EFAULT;
829
-
break;
830
-
}
831
-
812
+
if (copy_to_user(argp, &device->rx_cfg,
813
+
sizeof(struct pi433_rx_cfg)))
814
+
return -EFAULT;
832
815
break;
833
816
case PI433_IOC_WR_RX_CFG:
834
-
tmp = _IOC_SIZE(cmd);
835
817
mutex_lock(&device->rx_lock);
836
818
837
819
/* during pendig read request, change of config not allowed */
838
820
if (device->rx_active) {
839
-
retval = -EAGAIN;
840
821
mutex_unlock(&device->rx_lock);
841
-
break;
822
+
return -EAGAIN;
842
823
}
843
824
844
-
if ( (tmp == 0) || ((tmp % sizeof(struct pi433_rx_cfg)) != 0) ) {
845
-
retval = -EINVAL;
825
+
if (copy_from_user(&device->rx_cfg, argp,
826
+
sizeof(struct pi433_rx_cfg))) {
846
827
mutex_unlock(&device->rx_lock);
847
-
break;
848
-
}
849
-
850
-
if (__copy_from_user(&device->rx_cfg,
851
-
(void __user *)arg,
852
-
tmp))
853
-
{
854
-
retval = -EFAULT;
855
-
mutex_unlock(&device->rx_lock);
856
-
break;
828
+
return -EFAULT;
857
829
}
858
830
859
831
mutex_unlock(&device->rx_lock);
+20
-28
drivers/tty/vt/selection.c
+20
-28
drivers/tty/vt/selection.c
···
156
156
int set_selection(const struct tiocl_selection __user *sel, struct tty_struct *tty)
157
157
{
158
158
struct vc_data *vc = vc_cons[fg_console].d;
159
-
int sel_mode, new_sel_start, new_sel_end, spc;
159
+
int new_sel_start, new_sel_end, spc;
160
+
struct tiocl_selection v;
160
161
char *bp, *obp;
161
162
int i, ps, pe, multiplier;
162
163
u16 c;
163
164
int mode;
164
165
165
166
poke_blanked_console();
166
-
167
-
{ unsigned short xs, ys, xe, ye;
168
-
169
-
if (!access_ok(VERIFY_READ, sel, sizeof(*sel)))
167
+
if (copy_from_user(&v, sel, sizeof(*sel)))
170
168
return -EFAULT;
171
-
__get_user(xs, &sel->xs);
172
-
__get_user(ys, &sel->ys);
173
-
__get_user(xe, &sel->xe);
174
-
__get_user(ye, &sel->ye);
175
-
__get_user(sel_mode, &sel->sel_mode);
176
-
xs--; ys--; xe--; ye--;
177
-
xs = limit(xs, vc->vc_cols - 1);
178
-
ys = limit(ys, vc->vc_rows - 1);
179
-
xe = limit(xe, vc->vc_cols - 1);
180
-
ye = limit(ye, vc->vc_rows - 1);
181
-
ps = ys * vc->vc_size_row + (xs << 1);
182
-
pe = ye * vc->vc_size_row + (xe << 1);
183
169
184
-
if (sel_mode == TIOCL_SELCLEAR) {
185
-
/* useful for screendump without selection highlights */
186
-
clear_selection();
187
-
return 0;
188
-
}
170
+
v.xs = limit(v.xs - 1, vc->vc_cols - 1);
171
+
v.ys = limit(v.ys - 1, vc->vc_rows - 1);
172
+
v.xe = limit(v.xe - 1, vc->vc_cols - 1);
173
+
v.ye = limit(v.ye - 1, vc->vc_rows - 1);
174
+
ps = v.ys * vc->vc_size_row + (v.xs << 1);
175
+
pe = v.ye * vc->vc_size_row + (v.xe << 1);
189
176
190
-
if (mouse_reporting() && (sel_mode & TIOCL_SELMOUSEREPORT)) {
191
-
mouse_report(tty, sel_mode & TIOCL_SELBUTTONMASK, xs, ys);
192
-
return 0;
193
-
}
194
-
}
177
+
if (v.sel_mode == TIOCL_SELCLEAR) {
178
+
/* useful for screendump without selection highlights */
179
+
clear_selection();
180
+
return 0;
181
+
}
182
+
183
+
if (mouse_reporting() && (v.sel_mode & TIOCL_SELMOUSEREPORT)) {
184
+
mouse_report(tty, v.sel_mode & TIOCL_SELBUTTONMASK, v.xs, v.ys);
185
+
return 0;
186
+
}
195
187
196
188
if (ps > pe) /* make sel_start <= sel_end */
197
189
{
···
202
210
else
203
211
use_unicode = 0;
204
212
205
-
switch (sel_mode)
213
+
switch (v.sel_mode)
206
214
{
207
215
case TIOCL_SELCHAR: /* character-by-character selection */
208
216
new_sel_start = ps;
+27
-41
drivers/tty/vt/vt_ioctl.c
+27
-41
drivers/tty/vt/vt_ioctl.c
···
843
843
844
844
case VT_RESIZEX:
845
845
{
846
-
struct vt_consize __user *vtconsize = up;
847
-
ushort ll,cc,vlin,clin,vcol,ccol;
846
+
struct vt_consize v;
848
847
if (!perm)
849
848
return -EPERM;
850
-
if (!access_ok(VERIFY_READ, vtconsize,
851
-
sizeof(struct vt_consize))) {
852
-
ret = -EFAULT;
853
-
break;
854
-
}
849
+
if (copy_from_user(&v, up, sizeof(struct vt_consize)))
850
+
return -EFAULT;
855
851
/* FIXME: Should check the copies properly */
856
-
__get_user(ll, &vtconsize->v_rows);
857
-
__get_user(cc, &vtconsize->v_cols);
858
-
__get_user(vlin, &vtconsize->v_vlin);
859
-
__get_user(clin, &vtconsize->v_clin);
860
-
__get_user(vcol, &vtconsize->v_vcol);
861
-
__get_user(ccol, &vtconsize->v_ccol);
862
-
vlin = vlin ? vlin : vc->vc_scan_lines;
863
-
if (clin) {
864
-
if (ll) {
865
-
if (ll != vlin/clin) {
866
-
/* Parameters don't add up */
867
-
ret = -EINVAL;
868
-
break;
869
-
}
870
-
} else
871
-
ll = vlin/clin;
852
+
if (!v.v_vlin)
853
+
v.v_vlin = vc->vc_scan_lines;
854
+
if (v.v_clin) {
855
+
int rows = v.v_vlin/v.v_clin;
856
+
if (v.v_rows != rows) {
857
+
if (v.v_rows) /* Parameters don't add up */
858
+
return -EINVAL;
859
+
v.v_rows = rows;
860
+
}
872
861
}
873
-
if (vcol && ccol) {
874
-
if (cc) {
875
-
if (cc != vcol/ccol) {
876
-
ret = -EINVAL;
877
-
break;
878
-
}
879
-
} else
880
-
cc = vcol/ccol;
862
+
if (v.v_vcol && v.v_ccol) {
863
+
int cols = v.v_vcol/v.v_ccol;
864
+
if (v.v_cols != cols) {
865
+
if (v.v_cols)
866
+
return -EINVAL;
867
+
v.v_cols = cols;
868
+
}
881
869
}
882
870
883
-
if (clin > 32) {
884
-
ret = -EINVAL;
885
-
break;
886
-
}
887
-
871
+
if (v.v_clin > 32)
872
+
return -EINVAL;
873
+
888
874
for (i = 0; i < MAX_NR_CONSOLES; i++) {
889
875
if (!vc_cons[i].d)
890
876
continue;
891
877
console_lock();
892
-
if (vlin)
893
-
vc_cons[i].d->vc_scan_lines = vlin;
894
-
if (clin)
895
-
vc_cons[i].d->vc_font.height = clin;
878
+
if (v.v_vlin)
879
+
vc_cons[i].d->vc_scan_lines = v.v_vlin;
880
+
if (v.v_clin)
881
+
vc_cons[i].d->vc_font.height = v.v_clin;
896
882
vc_cons[i].d->vc_resize_user = 1;
897
-
vc_resize(vc_cons[i].d, cc, ll);
883
+
vc_resize(vc_cons[i].d, v.v_cols, v.v_rows);
898
884
console_unlock();
899
885
}
900
886
break;
+30
-25
fs/aio.c
+30
-25
fs/aio.c
···
1297
1297
1298
1298
static long read_events(struct kioctx *ctx, long min_nr, long nr,
1299
1299
struct io_event __user *event,
1300
-
struct timespec __user *timeout)
1300
+
ktime_t until)
1301
1301
{
1302
-
ktime_t until = KTIME_MAX;
1303
1302
long ret = 0;
1304
-
1305
-
if (timeout) {
1306
-
struct timespec ts;
1307
-
1308
-
if (unlikely(copy_from_user(&ts, timeout, sizeof(ts))))
1309
-
return -EFAULT;
1310
-
1311
-
until = timespec_to_ktime(ts);
1312
-
}
1313
1303
1314
1304
/*
1315
1305
* Note that aio_read_events() is being called as the conditional - i.e.
···
1816
1826
return ret;
1817
1827
}
1818
1828
1829
+
static long do_io_getevents(aio_context_t ctx_id,
1830
+
long min_nr,
1831
+
long nr,
1832
+
struct io_event __user *events,
1833
+
struct timespec64 *ts)
1834
+
{
1835
+
ktime_t until = ts ? timespec64_to_ktime(*ts) : KTIME_MAX;
1836
+
struct kioctx *ioctx = lookup_ioctx(ctx_id);
1837
+
long ret = -EINVAL;
1838
+
1839
+
if (likely(ioctx)) {
1840
+
if (likely(min_nr <= nr && min_nr >= 0))
1841
+
ret = read_events(ioctx, min_nr, nr, events, until);
1842
+
percpu_ref_put(&ioctx->users);
1843
+
}
1844
+
1845
+
return ret;
1846
+
}
1847
+
1819
1848
/* io_getevents:
1820
1849
* Attempts to read at least min_nr events and up to nr events from
1821
1850
* the completion queue for the aio_context specified by ctx_id. If
···
1853
1844
struct io_event __user *, events,
1854
1845
struct timespec __user *, timeout)
1855
1846
{
1856
-
struct kioctx *ioctx = lookup_ioctx(ctx_id);
1857
-
long ret = -EINVAL;
1847
+
struct timespec64 ts;
1858
1848
1859
-
if (likely(ioctx)) {
1860
-
if (likely(min_nr <= nr && min_nr >= 0))
1861
-
ret = read_events(ioctx, min_nr, nr, events, timeout);
1862
-
percpu_ref_put(&ioctx->users);
1849
+
if (timeout) {
1850
+
if (unlikely(get_timespec64(&ts, timeout)))
1851
+
return -EFAULT;
1863
1852
}
1864
-
return ret;
1853
+
1854
+
return do_io_getevents(ctx_id, min_nr, nr, events, timeout ? &ts : NULL);
1865
1855
}
1866
1856
1867
1857
#ifdef CONFIG_COMPAT
···
1870
1862
struct io_event __user *, events,
1871
1863
struct compat_timespec __user *, timeout)
1872
1864
{
1873
-
struct timespec t;
1874
-
struct timespec __user *ut = NULL;
1865
+
struct timespec64 t;
1875
1866
1876
1867
if (timeout) {
1877
-
if (compat_get_timespec(&t, timeout))
1868
+
if (compat_get_timespec64(&t, timeout))
1878
1869
return -EFAULT;
1879
1870
1880
-
ut = compat_alloc_user_space(sizeof(*ut));
1881
-
if (copy_to_user(ut, &t, sizeof(t)))
1882
-
return -EFAULT;
1883
1871
}
1884
-
return sys_io_getevents(ctx_id, min_nr, nr, events, ut);
1872
+
1873
+
return do_io_getevents(ctx_id, min_nr, nr, events, timeout ? &t : NULL);
1885
1874
}
1886
1875
#endif
-122
fs/compat_ioctl.c
-122
fs/compat_ioctl.c
···
54
54
#include <linux/if_tun.h>
55
55
#include <linux/ctype.h>
56
56
#include <linux/syscalls.h>
57
-
#include <linux/i2c.h>
58
-
#include <linux/i2c-dev.h>
59
57
#include <linux/atalk.h>
60
58
#include <linux/gfp.h>
61
59
#include <linux/cec.h>
···
133
135
return err;
134
136
135
137
return vfs_ioctl(file, cmd, arg);
136
-
}
137
-
138
-
static int w_long(struct file *file,
139
-
unsigned int cmd, compat_ulong_t __user *argp)
140
-
{
141
-
int err;
142
-
unsigned long __user *valp = compat_alloc_user_space(sizeof(*valp));
143
-
144
-
if (valp == NULL)
145
-
return -EFAULT;
146
-
err = do_ioctl(file, cmd, (unsigned long)valp);
147
-
if (err)
148
-
return err;
149
-
if (convert_in_user(valp, argp))
150
-
return -EFAULT;
151
-
return 0;
152
138
}
153
139
154
140
struct compat_video_event {
···
651
669
return -EFAULT;
652
670
}
653
671
return err;
654
-
}
655
-
656
-
/*
657
-
* I2C layer ioctls
658
-
*/
659
-
660
-
struct i2c_msg32 {
661
-
u16 addr;
662
-
u16 flags;
663
-
u16 len;
664
-
compat_caddr_t buf;
665
-
};
666
-
667
-
struct i2c_rdwr_ioctl_data32 {
668
-
compat_caddr_t msgs; /* struct i2c_msg __user *msgs */
669
-
u32 nmsgs;
670
-
};
671
-
672
-
struct i2c_smbus_ioctl_data32 {
673
-
u8 read_write;
674
-
u8 command;
675
-
u32 size;
676
-
compat_caddr_t data; /* union i2c_smbus_data *data */
677
-
};
678
-
679
-
struct i2c_rdwr_aligned {
680
-
struct i2c_rdwr_ioctl_data cmd;
681
-
struct i2c_msg msgs[0];
682
-
};
683
-
684
-
static int do_i2c_rdwr_ioctl(struct file *file,
685
-
unsigned int cmd, struct i2c_rdwr_ioctl_data32 __user *udata)
686
-
{
687
-
struct i2c_rdwr_aligned __user *tdata;
688
-
struct i2c_msg __user *tmsgs;
689
-
struct i2c_msg32 __user *umsgs;
690
-
compat_caddr_t datap;
691
-
u32 nmsgs;
692
-
int i;
693
-
694
-
if (get_user(nmsgs, &udata->nmsgs))
695
-
return -EFAULT;
696
-
if (nmsgs > I2C_RDWR_IOCTL_MAX_MSGS)
697
-
return -EINVAL;
698
-
699
-
if (get_user(datap, &udata->msgs))
700
-
return -EFAULT;
701
-
umsgs = compat_ptr(datap);
702
-
703
-
tdata = compat_alloc_user_space(sizeof(*tdata) +
704
-
nmsgs * sizeof(struct i2c_msg));
705
-
tmsgs = &tdata->msgs[0];
706
-
707
-
if (put_user(nmsgs, &tdata->cmd.nmsgs) ||
708
-
put_user(tmsgs, &tdata->cmd.msgs))
709
-
return -EFAULT;
710
-
711
-
for (i = 0; i < nmsgs; i++) {
712
-
if (copy_in_user(&tmsgs[i].addr, &umsgs[i].addr, 3*sizeof(u16)))
713
-
return -EFAULT;
714
-
if (get_user(datap, &umsgs[i].buf) ||
715
-
put_user(compat_ptr(datap), &tmsgs[i].buf))
716
-
return -EFAULT;
717
-
}
718
-
return do_ioctl(file, cmd, (unsigned long)tdata);
719
-
}
720
-
721
-
static int do_i2c_smbus_ioctl(struct file *file,
722
-
unsigned int cmd, struct i2c_smbus_ioctl_data32 __user *udata)
723
-
{
724
-
struct i2c_smbus_ioctl_data __user *tdata;
725
-
union {
726
-
/* beginnings of those have identical layouts */
727
-
struct i2c_smbus_ioctl_data32 data32;
728
-
struct i2c_smbus_ioctl_data data;
729
-
} v;
730
-
731
-
tdata = compat_alloc_user_space(sizeof(*tdata));
732
-
if (tdata == NULL)
733
-
return -ENOMEM;
734
-
735
-
memset(&v, 0, sizeof(v));
736
-
if (copy_from_user(&v.data32, udata, sizeof(v.data32)))
737
-
return -EFAULT;
738
-
v.data.data = compat_ptr(v.data32.data);
739
-
740
-
if (copy_to_user(tdata, &v.data, sizeof(v.data)))
741
-
return -EFAULT;
742
-
743
-
return do_ioctl(file, cmd, (unsigned long)tdata);
744
672
}
745
673
746
674
#define RTC_IRQP_READ32 _IOR('p', 0x0b, compat_ulong_t)
···
1175
1283
COMPATIBLE_IOCTL(PCIIOC_MMAP_IS_IO)
1176
1284
COMPATIBLE_IOCTL(PCIIOC_MMAP_IS_MEM)
1177
1285
COMPATIBLE_IOCTL(PCIIOC_WRITE_COMBINE)
1178
-
/* i2c */
1179
-
COMPATIBLE_IOCTL(I2C_SLAVE)
1180
-
COMPATIBLE_IOCTL(I2C_SLAVE_FORCE)
1181
-
COMPATIBLE_IOCTL(I2C_TENBIT)
1182
-
COMPATIBLE_IOCTL(I2C_PEC)
1183
-
COMPATIBLE_IOCTL(I2C_RETRIES)
1184
-
COMPATIBLE_IOCTL(I2C_TIMEOUT)
1185
1286
/* hiddev */
1186
1287
COMPATIBLE_IOCTL(HIDIOCGVERSION)
1187
1288
COMPATIBLE_IOCTL(HIDIOCAPPLICATION)
···
1349
1464
case TIOCGSERIAL:
1350
1465
case TIOCSSERIAL:
1351
1466
return serial_struct_ioctl(file, cmd, argp);
1352
-
/* i2c */
1353
-
case I2C_FUNCS:
1354
-
return w_long(file, cmd, argp);
1355
-
case I2C_RDWR:
1356
-
return do_i2c_rdwr_ioctl(file, cmd, argp);
1357
-
case I2C_SMBUS:
1358
-
return do_i2c_smbus_ioctl(file, cmd, argp);
1359
1467
/* Not implemented in the native kernel */
1360
1468
case RTC_IRQP_READ32:
1361
1469
case RTC_IRQP_SET32:
+1
-6
fs/coredump.c
+1
-6
fs/coredump.c
···
680
680
* privs and don't want to unlink another user's coredump.
681
681
*/
682
682
if (!need_suid_safe) {
683
-
mm_segment_t old_fs;
684
-
685
-
old_fs = get_fs();
686
-
set_fs(KERNEL_DS);
687
683
/*
688
684
* If it doesn't exist, that's fine. If there's some
689
685
* other problem, we'll catch it at the filp_open().
690
686
*/
691
-
(void) sys_unlink((const char __user *)cn.corename);
692
-
set_fs(old_fs);
687
+
do_unlinkat(AT_FDCWD, getname_kernel(cn.corename));
693
688
}
694
689
695
690
/*
+1
-3
fs/eventpoll.c
+1
-3
fs/eventpoll.c
···
2259
2259
compat_size_t, sigsetsize)
2260
2260
{
2261
2261
long err;
2262
-
compat_sigset_t csigmask;
2263
2262
sigset_t ksigmask, sigsaved;
2264
2263
2265
2264
/*
···
2268
2269
if (sigmask) {
2269
2270
if (sigsetsize != sizeof(compat_sigset_t))
2270
2271
return -EINVAL;
2271
-
if (copy_from_user(&csigmask, sigmask, sizeof(csigmask)))
2272
+
if (get_compat_sigset(&ksigmask, sigmask))
2272
2273
return -EFAULT;
2273
-
sigset_from_compat(&ksigmask, &csigmask);
2274
2274
sigsaved = current->blocked;
2275
2275
set_current_blocked(&ksigmask);
2276
2276
}
+43
-43
fs/ext4/ioctl.c
+43
-43
fs/ext4/ioctl.c
···
592
592
return 0;
593
593
}
594
594
595
+
static long ext4_ioctl_group_add(struct file *file,
596
+
struct ext4_new_group_data *input)
597
+
{
598
+
struct super_block *sb = file_inode(file)->i_sb;
599
+
int err, err2=0;
600
+
601
+
err = ext4_resize_begin(sb);
602
+
if (err)
603
+
return err;
604
+
605
+
if (ext4_has_feature_bigalloc(sb)) {
606
+
ext4_msg(sb, KERN_ERR,
607
+
"Online resizing not supported with bigalloc");
608
+
err = -EOPNOTSUPP;
609
+
goto group_add_out;
610
+
}
611
+
612
+
err = mnt_want_write_file(file);
613
+
if (err)
614
+
goto group_add_out;
615
+
616
+
err = ext4_group_add(sb, input);
617
+
if (EXT4_SB(sb)->s_journal) {
618
+
jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
619
+
err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
620
+
jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
621
+
}
622
+
if (err == 0)
623
+
err = err2;
624
+
mnt_drop_write_file(file);
625
+
if (!err && ext4_has_group_desc_csum(sb) &&
626
+
test_opt(sb, INIT_INODE_TABLE))
627
+
err = ext4_register_li_request(sb, input->group);
628
+
group_add_out:
629
+
ext4_resize_end(sb);
630
+
return err;
631
+
}
632
+
595
633
long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
596
634
{
597
635
struct inode *inode = file_inode(filp);
···
814
776
815
777
case EXT4_IOC_GROUP_ADD: {
816
778
struct ext4_new_group_data input;
817
-
int err, err2=0;
818
-
819
-
err = ext4_resize_begin(sb);
820
-
if (err)
821
-
return err;
822
779
823
780
if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
824
-
sizeof(input))) {
825
-
err = -EFAULT;
826
-
goto group_add_out;
827
-
}
781
+
sizeof(input)))
782
+
return -EFAULT;
828
783
829
-
if (ext4_has_feature_bigalloc(sb)) {
830
-
ext4_msg(sb, KERN_ERR,
831
-
"Online resizing not supported with bigalloc");
832
-
err = -EOPNOTSUPP;
833
-
goto group_add_out;
834
-
}
835
-
836
-
err = mnt_want_write_file(filp);
837
-
if (err)
838
-
goto group_add_out;
839
-
840
-
err = ext4_group_add(sb, &input);
841
-
if (EXT4_SB(sb)->s_journal) {
842
-
jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
843
-
err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
844
-
jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
845
-
}
846
-
if (err == 0)
847
-
err = err2;
848
-
mnt_drop_write_file(filp);
849
-
if (!err && ext4_has_group_desc_csum(sb) &&
850
-
test_opt(sb, INIT_INODE_TABLE))
851
-
err = ext4_register_li_request(sb, input.group);
852
-
group_add_out:
853
-
ext4_resize_end(sb);
854
-
return err;
784
+
return ext4_ioctl_group_add(filp, &input);
855
785
}
856
786
857
787
case EXT4_IOC_MIGRATE:
···
1084
1078
break;
1085
1079
case EXT4_IOC32_GROUP_ADD: {
1086
1080
struct compat_ext4_new_group_input __user *uinput;
1087
-
struct ext4_new_group_input input;
1088
-
mm_segment_t old_fs;
1081
+
struct ext4_new_group_data input;
1089
1082
int err;
1090
1083
1091
1084
uinput = compat_ptr(arg);
···
1097
1092
&uinput->reserved_blocks);
1098
1093
if (err)
1099
1094
return -EFAULT;
1100
-
old_fs = get_fs();
1101
-
set_fs(KERNEL_DS);
1102
-
err = ext4_ioctl(file, EXT4_IOC_GROUP_ADD,
1103
-
(unsigned long) &input);
1104
-
set_fs(old_fs);
1105
-
return err;
1095
+
return ext4_ioctl_group_add(file, &input);
1106
1096
}
1107
1097
case EXT4_IOC_MOVE_EXT:
1108
1098
case EXT4_IOC_RESIZE_FS:
+1
fs/internal.h
+1
fs/internal.h
···
55
55
extern int user_path_mountpoint_at(int, const char __user *, unsigned int, struct path *);
56
56
extern int vfs_path_lookup(struct dentry *, struct vfsmount *,
57
57
const char *, unsigned int, struct path *);
58
+
long do_unlinkat(int dfd, struct filename *name);
58
59
59
60
/*
60
61
* namespace.c
+5
-7
fs/namei.c
+5
-7
fs/namei.c
···
4010
4010
* writeout happening, and we don't want to prevent access to the directory
4011
4011
* while waiting on the I/O.
4012
4012
*/
4013
-
static long do_unlinkat(int dfd, const char __user *pathname)
4013
+
long do_unlinkat(int dfd, struct filename *name)
4014
4014
{
4015
4015
int error;
4016
-
struct filename *name;
4017
4016
struct dentry *dentry;
4018
4017
struct path path;
4019
4018
struct qstr last;
···
4021
4022
struct inode *delegated_inode = NULL;
4022
4023
unsigned int lookup_flags = 0;
4023
4024
retry:
4024
-
name = filename_parentat(dfd, getname(pathname), lookup_flags,
4025
-
&path, &last, &type);
4025
+
name = filename_parentat(dfd, name, lookup_flags, &path, &last, &type);
4026
4026
if (IS_ERR(name))
4027
4027
return PTR_ERR(name);
4028
4028
···
4063
4065
mnt_drop_write(path.mnt);
4064
4066
exit1:
4065
4067
path_put(&path);
4066
-
putname(name);
4067
4068
if (retry_estale(error, lookup_flags)) {
4068
4069
lookup_flags |= LOOKUP_REVAL;
4069
4070
inode = NULL;
4070
4071
goto retry;
4071
4072
}
4073
+
putname(name);
4072
4074
return error;
4073
4075
4074
4076
slashes:
···
4089
4091
if (flag & AT_REMOVEDIR)
4090
4092
return do_rmdir(dfd, pathname);
4091
4093
4092
-
return do_unlinkat(dfd, pathname);
4094
+
return do_unlinkat(dfd, getname(pathname));
4093
4095
}
4094
4096
4095
4097
SYSCALL_DEFINE1(unlink, const char __user *, pathname)
4096
4098
{
4097
-
return do_unlinkat(AT_FDCWD, pathname);
4099
+
return do_unlinkat(AT_FDCWD, getname(pathname));
4098
4100
}
4099
4101
4100
4102
int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname)
+26
-42
fs/select.c
+26
-42
fs/select.c
···
292
292
void __user *p,
293
293
int timeval, int ret)
294
294
{
295
-
struct timespec64 rts64;
296
-
struct timespec rts;
295
+
struct timespec64 rts;
297
296
struct timeval rtv;
298
297
299
298
if (!p)
···
305
306
if (!end_time->tv_sec && !end_time->tv_nsec)
306
307
return ret;
307
308
308
-
ktime_get_ts64(&rts64);
309
-
rts64 = timespec64_sub(*end_time, rts64);
310
-
if (rts64.tv_sec < 0)
311
-
rts64.tv_sec = rts64.tv_nsec = 0;
309
+
ktime_get_ts64(&rts);
310
+
rts = timespec64_sub(*end_time, rts);
311
+
if (rts.tv_sec < 0)
312
+
rts.tv_sec = rts.tv_nsec = 0;
312
313
313
-
rts = timespec64_to_timespec(rts64);
314
314
315
315
if (timeval) {
316
316
if (sizeof(rtv) > sizeof(rtv.tv_sec) + sizeof(rtv.tv_usec))
317
317
memset(&rtv, 0, sizeof(rtv));
318
-
rtv.tv_sec = rts64.tv_sec;
319
-
rtv.tv_usec = rts64.tv_nsec / NSEC_PER_USEC;
318
+
rtv.tv_sec = rts.tv_sec;
319
+
rtv.tv_usec = rts.tv_nsec / NSEC_PER_USEC;
320
320
321
321
if (!copy_to_user(p, &rtv, sizeof(rtv)))
322
322
return ret;
323
323
324
-
} else if (!copy_to_user(p, &rts, sizeof(rts)))
324
+
} else if (!put_timespec64(&rts, p))
325
325
return ret;
326
326
327
327
/*
···
703
705
const sigset_t __user *sigmask, size_t sigsetsize)
704
706
{
705
707
sigset_t ksigmask, sigsaved;
706
-
struct timespec ts;
707
-
struct timespec64 ts64, end_time, *to = NULL;
708
+
struct timespec64 ts, end_time, *to = NULL;
708
709
int ret;
709
710
710
711
if (tsp) {
711
-
if (copy_from_user(&ts, tsp, sizeof(ts)))
712
+
if (get_timespec64(&ts, tsp))
712
713
return -EFAULT;
713
-
ts64 = timespec_to_timespec64(ts);
714
714
715
715
to = &end_time;
716
-
if (poll_select_set_timeout(to, ts64.tv_sec, ts64.tv_nsec))
716
+
if (poll_select_set_timeout(to, ts.tv_sec, ts.tv_nsec))
717
717
return -EINVAL;
718
718
}
719
719
···
1048
1052
size_t, sigsetsize)
1049
1053
{
1050
1054
sigset_t ksigmask, sigsaved;
1051
-
struct timespec ts;
1052
-
struct timespec64 end_time, *to = NULL;
1055
+
struct timespec64 ts, end_time, *to = NULL;
1053
1056
int ret;
1054
1057
1055
1058
if (tsp) {
1056
-
if (copy_from_user(&ts, tsp, sizeof(ts)))
1059
+
if (get_timespec64(&ts, tsp))
1057
1060
return -EFAULT;
1058
1061
1059
1062
to = &end_time;
···
1098
1103
#define __COMPAT_NFDBITS (8 * sizeof(compat_ulong_t))
1099
1104
1100
1105
static
1101
-
int compat_poll_select_copy_remaining(struct timespec *end_time, void __user *p,
1106
+
int compat_poll_select_copy_remaining(struct timespec64 *end_time, void __user *p,
1102
1107
int timeval, int ret)
1103
1108
{
1104
-
struct timespec ts;
1109
+
struct timespec64 ts;
1105
1110
1106
1111
if (!p)
1107
1112
return ret;
···
1113
1118
if (!end_time->tv_sec && !end_time->tv_nsec)
1114
1119
return ret;
1115
1120
1116
-
ktime_get_ts(&ts);
1117
-
ts = timespec_sub(*end_time, ts);
1121
+
ktime_get_ts64(&ts);
1122
+
ts = timespec64_sub(*end_time, ts);
1118
1123
if (ts.tv_sec < 0)
1119
1124
ts.tv_sec = ts.tv_nsec = 0;
1120
1125
···
1127
1132
if (!copy_to_user(p, &rtv, sizeof(rtv)))
1128
1133
return ret;
1129
1134
} else {
1130
-
struct compat_timespec rts;
1131
-
1132
-
rts.tv_sec = ts.tv_sec;
1133
-
rts.tv_nsec = ts.tv_nsec;
1134
-
1135
-
if (!copy_to_user(p, &rts, sizeof(rts)))
1135
+
if (!compat_put_timespec64(&ts, p))
1136
1136
return ret;
1137
1137
}
1138
1138
/*
···
1185
1195
*/
1186
1196
static int compat_core_sys_select(int n, compat_ulong_t __user *inp,
1187
1197
compat_ulong_t __user *outp, compat_ulong_t __user *exp,
1188
-
struct timespec *end_time)
1198
+
struct timespec64 *end_time)
1189
1199
{
1190
1200
fd_set_bits fds;
1191
1201
void *bits;
···
1258
1268
compat_ulong_t __user *, outp, compat_ulong_t __user *, exp,
1259
1269
struct compat_timeval __user *, tvp)
1260
1270
{
1261
-
struct timespec end_time, *to = NULL;
1271
+
struct timespec64 end_time, *to = NULL;
1262
1272
struct compat_timeval tv;
1263
1273
int ret;
1264
1274
···
1302
1312
struct compat_timespec __user *tsp, compat_sigset_t __user *sigmask,
1303
1313
compat_size_t sigsetsize)
1304
1314
{
1305
-
compat_sigset_t ss32;
1306
1315
sigset_t ksigmask, sigsaved;
1307
-
struct compat_timespec ts;
1308
-
struct timespec end_time, *to = NULL;
1316
+
struct timespec64 ts, end_time, *to = NULL;
1309
1317
int ret;
1310
1318
1311
1319
if (tsp) {
1312
-
if (copy_from_user(&ts, tsp, sizeof(ts)))
1320
+
if (compat_get_timespec64(&ts, tsp))
1313
1321
return -EFAULT;
1314
1322
1315
1323
to = &end_time;
···
1318
1330
if (sigmask) {
1319
1331
if (sigsetsize != sizeof(compat_sigset_t))
1320
1332
return -EINVAL;
1321
-
if (copy_from_user(&ss32, sigmask, sizeof(ss32)))
1333
+
if (get_compat_sigset(&ksigmask, sigmask))
1322
1334
return -EFAULT;
1323
-
sigset_from_compat(&ksigmask, &ss32);
1324
1335
1325
1336
sigdelsetmask(&ksigmask, sigmask(SIGKILL)|sigmask(SIGSTOP));
1326
1337
sigprocmask(SIG_SETMASK, &ksigmask, &sigsaved);
···
1368
1381
unsigned int, nfds, struct compat_timespec __user *, tsp,
1369
1382
const compat_sigset_t __user *, sigmask, compat_size_t, sigsetsize)
1370
1383
{
1371
-
compat_sigset_t ss32;
1372
1384
sigset_t ksigmask, sigsaved;
1373
-
struct compat_timespec ts;
1374
-
struct timespec end_time, *to = NULL;
1385
+
struct timespec64 ts, end_time, *to = NULL;
1375
1386
int ret;
1376
1387
1377
1388
if (tsp) {
1378
-
if (copy_from_user(&ts, tsp, sizeof(ts)))
1389
+
if (compat_get_timespec64(&ts, tsp))
1379
1390
return -EFAULT;
1380
1391
1381
1392
to = &end_time;
···
1384
1399
if (sigmask) {
1385
1400
if (sigsetsize != sizeof(compat_sigset_t))
1386
1401
return -EINVAL;
1387
-
if (copy_from_user(&ss32, sigmask, sizeof(ss32)))
1402
+
if (get_compat_sigset(&ksigmask, sigmask))
1388
1403
return -EFAULT;
1389
-
sigset_from_compat(&ksigmask, &ss32);
1390
1404
1391
1405
sigdelsetmask(&ksigmask, sigmask(SIGKILL)|sigmask(SIGSTOP));
1392
1406
sigprocmask(SIG_SETMASK, &ksigmask, &sigsaved);
+1
-3
fs/signalfd.c
+1
-3
fs/signalfd.c
···
313
313
compat_size_t, sigsetsize,
314
314
int, flags)
315
315
{
316
-
compat_sigset_t ss32;
317
316
sigset_t tmp;
318
317
sigset_t __user *ksigmask;
319
318
320
319
if (sigsetsize != sizeof(compat_sigset_t))
321
320
return -EINVAL;
322
-
if (copy_from_user(&ss32, sigmask, sizeof(ss32)))
321
+
if (get_compat_sigset(&tmp, sigmask))
323
322
return -EFAULT;
324
-
sigset_from_compat(&tmp, &ss32);
325
323
ksigmask = compat_alloc_user_space(sizeof(sigset_t));
326
324
if (copy_to_user(ksigmask, &tmp, sizeof(sigset_t)))
327
325
return -EFAULT;
+3
-7
include/linux/compat.h
+3
-7
include/linux/compat.h
···
444
444
return lhs->tv_nsec - rhs->tv_nsec;
445
445
}
446
446
447
-
extern int get_compat_itimerspec(struct itimerspec *dst,
448
-
const struct compat_itimerspec __user *src);
449
-
extern int put_compat_itimerspec(struct compat_itimerspec __user *dst,
450
-
const struct itimerspec *src);
451
-
452
447
asmlinkage long compat_sys_gettimeofday(struct compat_timeval __user *tv,
453
448
struct timezone __user *tz);
454
449
asmlinkage long compat_sys_settimeofday(struct compat_timeval __user *tv,
···
451
456
452
457
asmlinkage long compat_sys_adjtimex(struct compat_timex __user *utp);
453
458
454
-
extern void sigset_from_compat(sigset_t *set, const compat_sigset_t *compat);
455
-
extern void sigset_to_compat(compat_sigset_t *compat, const sigset_t *set);
459
+
extern int get_compat_sigset(sigset_t *set, const compat_sigset_t __user *compat);
460
+
extern int put_compat_sigset(compat_sigset_t __user *compat,
461
+
const sigset_t *set, unsigned int size);
456
462
457
463
asmlinkage long compat_sys_migrate_pages(compat_pid_t pid,
458
464
compat_ulong_t maxnode, const compat_ulong_t __user *old_nodes,
+30
-47
kernel/compat.c
+30
-47
kernel/compat.c
···
367
367
return ret;
368
368
}
369
369
370
-
int get_compat_itimerspec(struct itimerspec *dst,
371
-
const struct compat_itimerspec __user *src)
372
-
{
373
-
if (__compat_get_timespec(&dst->it_interval, &src->it_interval) ||
374
-
__compat_get_timespec(&dst->it_value, &src->it_value))
375
-
return -EFAULT;
376
-
return 0;
377
-
}
378
-
379
-
int put_compat_itimerspec(struct compat_itimerspec __user *dst,
380
-
const struct itimerspec *src)
381
-
{
382
-
if (__compat_put_timespec(&src->it_interval, &dst->it_interval) ||
383
-
__compat_put_timespec(&src->it_value, &dst->it_value))
384
-
return -EFAULT;
385
-
return 0;
386
-
}
387
-
388
370
int get_compat_itimerspec64(struct itimerspec64 *its,
389
371
const struct compat_itimerspec __user *uits)
390
372
{
···
467
485
return -EFAULT;
468
486
}
469
487
470
-
void
471
-
sigset_from_compat(sigset_t *set, const compat_sigset_t *compat)
488
+
int
489
+
get_compat_sigset(sigset_t *set, const compat_sigset_t __user *compat)
472
490
{
491
+
#ifdef __BIG_ENDIAN
492
+
compat_sigset_t v;
493
+
if (copy_from_user(&v, compat, sizeof(compat_sigset_t)))
494
+
return -EFAULT;
473
495
switch (_NSIG_WORDS) {
474
-
case 4: set->sig[3] = compat->sig[6] | (((long)compat->sig[7]) << 32 );
475
-
case 3: set->sig[2] = compat->sig[4] | (((long)compat->sig[5]) << 32 );
476
-
case 2: set->sig[1] = compat->sig[2] | (((long)compat->sig[3]) << 32 );
477
-
case 1: set->sig[0] = compat->sig[0] | (((long)compat->sig[1]) << 32 );
496
+
case 4: set->sig[3] = v.sig[6] | (((long)v.sig[7]) << 32 );
497
+
case 3: set->sig[2] = v.sig[4] | (((long)v.sig[5]) << 32 );
498
+
case 2: set->sig[1] = v.sig[2] | (((long)v.sig[3]) << 32 );
499
+
case 1: set->sig[0] = v.sig[0] | (((long)v.sig[1]) << 32 );
478
500
}
501
+
#else
502
+
if (copy_from_user(set, compat, sizeof(compat_sigset_t)))
503
+
return -EFAULT;
504
+
#endif
505
+
return 0;
479
506
}
480
-
EXPORT_SYMBOL_GPL(sigset_from_compat);
507
+
EXPORT_SYMBOL_GPL(get_compat_sigset);
481
508
482
-
void
483
-
sigset_to_compat(compat_sigset_t *compat, const sigset_t *set)
509
+
int
510
+
put_compat_sigset(compat_sigset_t __user *compat, const sigset_t *set,
511
+
unsigned int size)
484
512
{
513
+
/* size <= sizeof(compat_sigset_t) <= sizeof(sigset_t) */
514
+
#ifdef __BIG_ENDIAN
515
+
compat_sigset_t v;
485
516
switch (_NSIG_WORDS) {
486
-
case 4: compat->sig[7] = (set->sig[3] >> 32); compat->sig[6] = set->sig[3];
487
-
case 3: compat->sig[5] = (set->sig[2] >> 32); compat->sig[4] = set->sig[2];
488
-
case 2: compat->sig[3] = (set->sig[1] >> 32); compat->sig[2] = set->sig[1];
489
-
case 1: compat->sig[1] = (set->sig[0] >> 32); compat->sig[0] = set->sig[0];
517
+
case 4: v.sig[7] = (set->sig[3] >> 32); v.sig[6] = set->sig[3];
518
+
case 3: v.sig[5] = (set->sig[2] >> 32); v.sig[4] = set->sig[2];
519
+
case 2: v.sig[3] = (set->sig[1] >> 32); v.sig[2] = set->sig[1];
520
+
case 1: v.sig[1] = (set->sig[0] >> 32); v.sig[0] = set->sig[0];
490
521
}
522
+
return copy_to_user(compat, &v, size) ? -EFAULT : 0;
523
+
#else
524
+
return copy_to_user(compat, set, size) ? -EFAULT : 0;
525
+
#endif
491
526
}
492
527
493
528
#ifdef CONFIG_NUMA
···
561
562
return sys_migrate_pages(pid, nr_bits + 1, old, new);
562
563
}
563
564
#endif
564
-
565
-
COMPAT_SYSCALL_DEFINE2(sched_rr_get_interval,
566
-
compat_pid_t, pid,
567
-
struct compat_timespec __user *, interval)
568
-
{
569
-
struct timespec t;
570
-
int ret;
571
-
mm_segment_t old_fs = get_fs();
572
-
573
-
set_fs(KERNEL_DS);
574
-
ret = sys_sched_rr_get_interval(pid, (struct timespec __user *)&t);
575
-
set_fs(old_fs);
576
-
if (compat_put_timespec(&t, interval))
577
-
return -EFAULT;
578
-
return ret;
579
-
}
580
565
581
566
/*
582
567
* Allocate user-space memory for the duration of a single system call,
+30
-6
kernel/sched/core.c
+30
-6
kernel/sched/core.c
···
16
16
#include <linux/init_task.h>
17
17
#include <linux/context_tracking.h>
18
18
#include <linux/rcupdate_wait.h>
19
+
#include <linux/compat.h>
19
20
20
21
#include <linux/blkdev.h>
21
22
#include <linux/kprobes.h>
···
5108
5107
* Return: On success, 0 and the timeslice is in @interval. Otherwise,
5109
5108
* an error code.
5110
5109
*/
5111
-
SYSCALL_DEFINE2(sched_rr_get_interval, pid_t, pid,
5112
-
struct timespec __user *, interval)
5110
+
static int sched_rr_get_interval(pid_t pid, struct timespec64 *t)
5113
5111
{
5114
5112
struct task_struct *p;
5115
5113
unsigned int time_slice;
5116
5114
struct rq_flags rf;
5117
-
struct timespec t;
5118
5115
struct rq *rq;
5119
5116
int retval;
5120
5117
···
5136
5137
task_rq_unlock(rq, p, &rf);
5137
5138
5138
5139
rcu_read_unlock();
5139
-
jiffies_to_timespec(time_slice, &t);
5140
-
retval = copy_to_user(interval, &t, sizeof(t)) ? -EFAULT : 0;
5141
-
return retval;
5140
+
jiffies_to_timespec64(time_slice, t);
5141
+
return 0;
5142
5142
5143
5143
out_unlock:
5144
5144
rcu_read_unlock();
5145
5145
return retval;
5146
5146
}
5147
+
5148
+
SYSCALL_DEFINE2(sched_rr_get_interval, pid_t, pid,
5149
+
struct timespec __user *, interval)
5150
+
{
5151
+
struct timespec64 t;
5152
+
int retval = sched_rr_get_interval(pid, &t);
5153
+
5154
+
if (retval == 0)
5155
+
retval = put_timespec64(&t, interval);
5156
+
5157
+
return retval;
5158
+
}
5159
+
5160
+
#ifdef CONFIG_COMPAT
5161
+
COMPAT_SYSCALL_DEFINE2(sched_rr_get_interval,
5162
+
compat_pid_t, pid,
5163
+
struct compat_timespec __user *, interval)
5164
+
{
5165
+
struct timespec64 t;
5166
+
int retval = sched_rr_get_interval(pid, &t);
5167
+
5168
+
if (retval == 0)
5169
+
retval = compat_put_timespec64(&t, interval);
5170
+
return retval;
5171
+
}
5172
+
#endif
5147
5173
5148
5174
void sched_show_task(struct task_struct *p)
5149
5175
{
+23
-54
kernel/signal.c
+23
-54
kernel/signal.c
···
2599
2599
COMPAT_SYSCALL_DEFINE4(rt_sigprocmask, int, how, compat_sigset_t __user *, nset,
2600
2600
compat_sigset_t __user *, oset, compat_size_t, sigsetsize)
2601
2601
{
2602
-
#ifdef __BIG_ENDIAN
2603
2602
sigset_t old_set = current->blocked;
2604
2603
2605
2604
/* XXX: Don't preclude handling different sized sigset_t's. */
···
2606
2607
return -EINVAL;
2607
2608
2608
2609
if (nset) {
2609
-
compat_sigset_t new32;
2610
2610
sigset_t new_set;
2611
2611
int error;
2612
-
if (copy_from_user(&new32, nset, sizeof(compat_sigset_t)))
2612
+
if (get_compat_sigset(&new_set, nset))
2613
2613
return -EFAULT;
2614
-
2615
-
sigset_from_compat(&new_set, &new32);
2616
2614
sigdelsetmask(&new_set, sigmask(SIGKILL)|sigmask(SIGSTOP));
2617
2615
2618
2616
error = sigprocmask(how, &new_set, NULL);
2619
2617
if (error)
2620
2618
return error;
2621
2619
}
2622
-
if (oset) {
2623
-
compat_sigset_t old32;
2624
-
sigset_to_compat(&old32, &old_set);
2625
-
if (copy_to_user(oset, &old32, sizeof(compat_sigset_t)))
2626
-
return -EFAULT;
2627
-
}
2628
-
return 0;
2629
-
#else
2630
-
return sys_rt_sigprocmask(how, (sigset_t __user *)nset,
2631
-
(sigset_t __user *)oset, sigsetsize);
2632
-
#endif
2620
+
return oset ? put_compat_sigset(oset, &old_set, sizeof(*oset)) : 0;
2633
2621
}
2634
2622
#endif
2635
2623
2636
-
static int do_sigpending(void *set, unsigned long sigsetsize)
2624
+
static int do_sigpending(sigset_t *set)
2637
2625
{
2638
-
if (sigsetsize > sizeof(sigset_t))
2639
-
return -EINVAL;
2640
-
2641
2626
spin_lock_irq(¤t->sighand->siglock);
2642
2627
sigorsets(set, ¤t->pending.signal,
2643
2628
¤t->signal->shared_pending.signal);
···
2641
2658
SYSCALL_DEFINE2(rt_sigpending, sigset_t __user *, uset, size_t, sigsetsize)
2642
2659
{
2643
2660
sigset_t set;
2644
-
int err = do_sigpending(&set, sigsetsize);
2661
+
int err;
2662
+
2663
+
if (sigsetsize > sizeof(*uset))
2664
+
return -EINVAL;
2665
+
2666
+
err = do_sigpending(&set);
2645
2667
if (!err && copy_to_user(uset, &set, sigsetsize))
2646
2668
err = -EFAULT;
2647
2669
return err;
···
2656
2668
COMPAT_SYSCALL_DEFINE2(rt_sigpending, compat_sigset_t __user *, uset,
2657
2669
compat_size_t, sigsetsize)
2658
2670
{
2659
-
#ifdef __BIG_ENDIAN
2660
2671
sigset_t set;
2661
-
int err = do_sigpending(&set, sigsetsize);
2662
-
if (!err) {
2663
-
compat_sigset_t set32;
2664
-
sigset_to_compat(&set32, &set);
2665
-
/* we can get here only if sigsetsize <= sizeof(set) */
2666
-
if (copy_to_user(uset, &set32, sigsetsize))
2667
-
err = -EFAULT;
2668
-
}
2672
+
int err;
2673
+
2674
+
if (sigsetsize > sizeof(*uset))
2675
+
return -EINVAL;
2676
+
2677
+
err = do_sigpending(&set);
2678
+
if (!err)
2679
+
err = put_compat_sigset(uset, &set, sigsetsize);
2669
2680
return err;
2670
-
#else
2671
-
return sys_rt_sigpending((sigset_t __user *)uset, sigsetsize);
2672
-
#endif
2673
2681
}
2674
2682
#endif
2675
2683
···
2899
2915
struct compat_siginfo __user *, uinfo,
2900
2916
struct compat_timespec __user *, uts, compat_size_t, sigsetsize)
2901
2917
{
2902
-
compat_sigset_t s32;
2903
2918
sigset_t s;
2904
2919
struct timespec t;
2905
2920
siginfo_t info;
···
2907
2924
if (sigsetsize != sizeof(sigset_t))
2908
2925
return -EINVAL;
2909
2926
2910
-
if (copy_from_user(&s32, uthese, sizeof(compat_sigset_t)))
2927
+
if (get_compat_sigset(&s, uthese))
2911
2928
return -EFAULT;
2912
-
sigset_from_compat(&s, &s32);
2913
2929
2914
2930
if (uts) {
2915
2931
if (compat_get_timespec(&t, uts))
···
3326
3344
#ifdef CONFIG_COMPAT
3327
3345
COMPAT_SYSCALL_DEFINE1(sigpending, compat_old_sigset_t __user *, set32)
3328
3346
{
3329
-
#ifdef __BIG_ENDIAN
3330
3347
sigset_t set;
3331
-
int err = do_sigpending(&set, sizeof(set.sig[0]));
3348
+
int err = do_sigpending(&set);
3332
3349
if (!err)
3333
3350
err = put_user(set.sig[0], set32);
3334
3351
return err;
3335
-
#else
3336
-
return sys_rt_sigpending((sigset_t __user *)set32, sizeof(*set32));
3337
-
#endif
3338
3352
}
3339
3353
#endif
3340
3354
···
3428
3450
compat_size_t, sigsetsize)
3429
3451
{
3430
3452
struct k_sigaction new_ka, old_ka;
3431
-
compat_sigset_t mask;
3432
3453
#ifdef __ARCH_HAS_SA_RESTORER
3433
3454
compat_uptr_t restorer;
3434
3455
#endif
···
3445
3468
ret |= get_user(restorer, &act->sa_restorer);
3446
3469
new_ka.sa.sa_restorer = compat_ptr(restorer);
3447
3470
#endif
3448
-
ret |= copy_from_user(&mask, &act->sa_mask, sizeof(mask));
3471
+
ret |= get_compat_sigset(&new_ka.sa.sa_mask, &act->sa_mask);
3449
3472
ret |= get_user(new_ka.sa.sa_flags, &act->sa_flags);
3450
3473
if (ret)
3451
3474
return -EFAULT;
3452
-
sigset_from_compat(&new_ka.sa.sa_mask, &mask);
3453
3475
}
3454
3476
3455
3477
ret = do_sigaction(sig, act ? &new_ka : NULL, oact ? &old_ka : NULL);
3456
3478
if (!ret && oact) {
3457
-
sigset_to_compat(&mask, &old_ka.sa.sa_mask);
3458
3479
ret = put_user(ptr_to_compat(old_ka.sa.sa_handler),
3459
3480
&oact->sa_handler);
3460
-
ret |= copy_to_user(&oact->sa_mask, &mask, sizeof(mask));
3481
+
ret |= put_compat_sigset(&oact->sa_mask, &old_ka.sa.sa_mask,
3482
+
sizeof(oact->sa_mask));
3461
3483
ret |= put_user(old_ka.sa.sa_flags, &oact->sa_flags);
3462
3484
#ifdef __ARCH_HAS_SA_RESTORER
3463
3485
ret |= put_user(ptr_to_compat(old_ka.sa.sa_restorer),
···
3636
3660
#ifdef CONFIG_COMPAT
3637
3661
COMPAT_SYSCALL_DEFINE2(rt_sigsuspend, compat_sigset_t __user *, unewset, compat_size_t, sigsetsize)
3638
3662
{
3639
-
#ifdef __BIG_ENDIAN
3640
3663
sigset_t newset;
3641
-
compat_sigset_t newset32;
3642
3664
3643
3665
/* XXX: Don't preclude handling different sized sigset_t's. */
3644
3666
if (sigsetsize != sizeof(sigset_t))
3645
3667
return -EINVAL;
3646
3668
3647
-
if (copy_from_user(&newset32, unewset, sizeof(compat_sigset_t)))
3669
+
if (get_compat_sigset(&newset, unewset))
3648
3670
return -EFAULT;
3649
-
sigset_from_compat(&newset, &newset32);
3650
3671
return sigsuspend(&newset);
3651
-
#else
3652
-
/* on little-endian bitmaps don't care about granularity */
3653
-
return sys_rt_sigsuspend((sigset_t __user *)unewset, sigsetsize);
3654
-
#endif
3655
3672
}
3656
3673
#endif
3657
3674
+2
-5
virt/kvm/kvm_main.c
+2
-5
virt/kvm/kvm_main.c
···
2724
2724
case KVM_SET_SIGNAL_MASK: {
2725
2725
struct kvm_signal_mask __user *sigmask_arg = argp;
2726
2726
struct kvm_signal_mask kvm_sigmask;
2727
-
compat_sigset_t csigset;
2728
2727
sigset_t sigset;
2729
2728
2730
2729
if (argp) {
···
2732
2733
sizeof(kvm_sigmask)))
2733
2734
goto out;
2734
2735
r = -EINVAL;
2735
-
if (kvm_sigmask.len != sizeof(csigset))
2736
+
if (kvm_sigmask.len != sizeof(compat_sigset_t))
2736
2737
goto out;
2737
2738
r = -EFAULT;
2738
-
if (copy_from_user(&csigset, sigmask_arg->sigset,
2739
-
sizeof(csigset)))
2739
+
if (get_compat_sigset(&sigset, (void *)sigmask_arg->sigset))
2740
2740
goto out;
2741
-
sigset_from_compat(&sigset, &csigset);
2742
2741
r = kvm_vcpu_ioctl_set_sigmask(vcpu, &sigset);
2743
2742
} else
2744
2743
r = kvm_vcpu_ioctl_set_sigmask(vcpu, NULL);