Add user pointer annotations to core filesystem routines.

162132e0 · Linus Torvalds · 567cf042 · 162132e0 · 162132e0 · 162132e0
Commit 162132e0 authored May 12, 2003 by Linus Torvalds
14 changed files
--- a/arch/i386/kernel/process.c
+++ b/arch/i386/kernel/process.c
@@ -529,12 +529,12 @@ asmlinkage int sys_clone(struct pt_regs regs)
 	struct task_struct *p;
 	unsigned long clone_flags;
 	unsigned long newsp;
-	int *parent_tidptr, *child_tidptr;
+	int __user *parent_tidptr, *child_tidptr;
 	clone_flags = regs.ebx;
 	newsp = regs.ecx;
-	parent_tidptr = (int *)regs.edx;
+	parent_tidptr = (int __user *)regs.edx;
-	child_tidptr = (int *)regs.edi;
+	child_tidptr = (int __user *)regs.edi;
 	if (!newsp)
 		newsp = regs.esp;
 	p = do_fork(clone_flags & ~CLONE_IDLETASK, newsp, &regs, 0, parent_tidptr, child_tidptr);

--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -681,18 +681,18 @@ int blkdev_close(struct inode * inode, struct file * filp)
 	return blkdev_put(inode->i_bdev, BDEV_FILE);
 }
-static ssize_t blkdev_file_write(struct file *file, const char *buf,
+static ssize_t blkdev_file_write(struct file *file, const char __user *buf,
 				   size_t count, loff_t *ppos)
 {
-	struct iovec local_iov = { .iov_base = (void *)buf, .iov_len = count };
+	struct iovec local_iov = { .iov_base = (void __user *)buf, .iov_len = count };
 	return generic_file_write_nolock(file, &local_iov, 1, ppos);
 }
-static ssize_t blkdev_file_aio_write(struct kiocb *iocb, const char *buf,
+static ssize_t blkdev_file_aio_write(struct kiocb *iocb, const char __user *buf,
 				   size_t count, loff_t pos)
 {
-	struct iovec local_iov = { .iov_base = (void *)buf, .iov_len = count };
+	struct iovec local_iov = { .iov_base = (void __user *)buf, .iov_len = count };
 	return generic_file_aio_write_nolock(iocb, &local_iov, 1, &iocb->ki_pos);
 }

--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -305,11 +305,11 @@ static long do_fcntl(unsigned int fd, unsigned int cmd,
 			err = setfl(fd, filp, arg);
 			break;
 		case F_GETLK:
-			err = fcntl_getlk(filp, (struct flock *) arg);
+			err = fcntl_getlk(filp, (struct flock __user *) arg);
 			break;
 		case F_SETLK:
 		case F_SETLKW:
-			err = fcntl_setlk(filp, cmd, (struct flock *) arg);
+			err = fcntl_setlk(filp, cmd, (struct flock __user *) arg);
 			break;
 		case F_GETOWN:
 			/*
@@ -393,11 +393,11 @@ asmlinkage long sys_fcntl64(unsigned int fd, unsigned int cmd, unsigned long arg
 	switch (cmd) {
 		case F_GETLK64:
-			err = fcntl_getlk64(filp, (struct flock64 *) arg);
+			err = fcntl_getlk64(filp, (struct flock64 __user *) arg);
 			break;
 		case F_SETLK64:
 		case F_SETLKW64:
-			err = fcntl_setlk64(filp, cmd, (struct flock64 *) arg);
+			err = fcntl_setlk64(filp, cmd, (struct flock64 __user *) arg);
 			break;
 		default:
 			err = do_fcntl(fd, cmd, arg, filp);

--- a/fs/filesystems.c
+++ b/fs/filesystems.c
@@ -174,7 +174,7 @@ void __init fs_subsys_init(void)
 		register_fs_subsys(*p);
 }
-static int fs_index(const char * __name)
+static int fs_index(const char __user * __name)
 {
 	struct file_system_type * tmp;
 	char * name;
@@ -198,7 +198,7 @@ static int fs_index(const char * __name)
 	return err;
 }
-static int fs_name(unsigned int index, char * buf)
+static int fs_name(unsigned int index, char __user * buf)
 {
 	struct file_system_type * tmp;
 	int len, res;
@@ -239,11 +239,11 @@ asmlinkage long sys_sysfs(int option, unsigned long arg1, unsigned long arg2)
 	switch (option) {
 		case 1:
-			retval = fs_index((const char *) arg1);
+			retval = fs_index((const char __user *) arg1);
 			break;
 		case 2:
-			retval = fs_name(arg1, (char *) arg2);
+			retval = fs_name(arg1, (char __user *) arg2);
 			break;
 		case 3:

--- a/fs/ioctl.c
+++ b/fs/ioctl.c
@@ -75,7 +75,7 @@ asmlinkage long sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg)
 			break;
 		case FIONBIO:
-			if ((error = get_user(on, (int *)arg)) != 0)
+			if ((error = get_user(on, (int __user *)arg)) != 0)
 				break;
 			flag = O_NONBLOCK;
 #ifdef __sparc__
@@ -90,7 +90,7 @@ asmlinkage long sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg)
 			break;
 		case FIOASYNC:
-			if ((error = get_user(on, (int *)arg)) != 0)
+			if ((error = get_user(on, (int __user *)arg)) != 0)
 				break;
 			flag = on ? FASYNC : 0;
@@ -114,7 +114,7 @@ asmlinkage long sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg)
 			    S_ISREG(filp->f_dentry->d_inode->i_mode) ||
 			    S_ISLNK(filp->f_dentry->d_inode->i_mode)) {
 				loff_t res = inode_get_bytes(filp->f_dentry->d_inode);
-				error = copy_to_user((loff_t *)arg, &res, sizeof(res)) ? -EFAULT : 0;
+				error = copy_to_user((loff_t __user *)arg, &res, sizeof(res)) ? -EFAULT : 0;
 			}
 			else
 				error = -ENOTTY;

--- a/fs/libfs.c
+++ b/fs/libfs.c
@@ -157,7 +157,7 @@ int dcache_readdir(struct file * filp, void * dirent, filldir_t filldir)
 	return 0;
 }
-ssize_t generic_read_dir(struct file *filp, char *buf, size_t siz, loff_t *ppos)
+ssize_t generic_read_dir(struct file *filp, char __user *buf, size_t siz, loff_t *ppos)
 {
 	return -EISDIR;
 }

--- a/fs/locks.c
+++ b/fs/locks.c
@@ -1342,7 +1342,7 @@ asmlinkage long sys_flock(unsigned int fd, unsigned int cmd)
 /* Report the first existing lock that would conflict with l.
 * This implements the F_GETLK command of fcntl().
 */
-int fcntl_getlk(struct file *filp, struct flock *l)
+int fcntl_getlk(struct file *filp, struct flock __user *l)
 {
 	struct file_lock *fl, file_lock;
 	struct flock flock;
@@ -1404,7 +1404,7 @@ int fcntl_getlk(struct file *filp, struct flock *l)
 /* Apply the lock described by l to an open file descriptor.
 * This implements both the F_SETLK and F_SETLKW commands of fcntl().
 */
-int fcntl_setlk(struct file *filp, unsigned int cmd, struct flock *l)
+int fcntl_setlk(struct file *filp, unsigned int cmd, struct flock __user *l)
 {
 	struct file_lock *file_lock = locks_alloc_lock();
 	struct flock flock;
@@ -1492,7 +1492,7 @@ int fcntl_setlk(struct file *filp, unsigned int cmd, struct flock *l)
 /* Report the first existing lock that would conflict with l.
 * This implements the F_GETLK command of fcntl().
 */
-int fcntl_getlk64(struct file *filp, struct flock64 *l)
+int fcntl_getlk64(struct file *filp, struct flock64 __user *l)
 {
 	struct file_lock *fl, file_lock;
 	struct flock64 flock;
@@ -1542,7 +1542,7 @@ int fcntl_getlk64(struct file *filp, struct flock64 *l)
 /* Apply the lock described by l to an open file descriptor.
 * This implements both the F_SETLK and F_SETLKW commands of fcntl().
 */
-int fcntl_setlk64(struct file *filp, unsigned int cmd, struct flock64 *l)
+int fcntl_setlk64(struct file *filp, unsigned int cmd, struct flock64 __user *l)
 {
 	struct file_lock *file_lock = locks_alloc_lock();
 	struct flock64 flock;

--- a/fs/nfs/symlink.c
+++ b/fs/nfs/symlink.c
@@ -75,7 +75,7 @@ static char *nfs_getlink(struct inode *inode, struct page **ppage)
 	return (char*)page;
 }
-static int nfs_readlink(struct dentry *dentry, char *buffer, int buflen)
+static int nfs_readlink(struct dentry *dentry, char __user *buffer, int buflen)
 {
 	struct inode *inode = dentry->d_inode;
 	struct page *page = NULL;

--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -44,7 +44,7 @@ void pipe_wait(struct inode * inode)
 }
 static ssize_t
-pipe_read(struct file *filp, char *buf, size_t count, loff_t *ppos)
+pipe_read(struct file *filp, char __user *buf, size_t count, loff_t *ppos)
 {
 	struct inode *inode = filp->f_dentry->d_inode;
 	int do_wakeup;
@@ -126,7 +126,7 @@ pipe_read(struct file *filp, char *buf, size_t count, loff_t *ppos)
 }
 static ssize_t
-pipe_write(struct file *filp, const char *buf, size_t count, loff_t *ppos)
+pipe_write(struct file *filp, const char __user *buf, size_t count, loff_t *ppos)
 {
 	struct inode *inode = filp->f_dentry->d_inode;
 	ssize_t ret;
@@ -216,13 +216,13 @@ pipe_write(struct file *filp, const char *buf, size_t count, loff_t *ppos)
 }
 static ssize_t
-bad_pipe_r(struct file *filp, char *buf, size_t count, loff_t *ppos)
+bad_pipe_r(struct file *filp, char __user *buf, size_t count, loff_t *ppos)
 {
 	return -EBADF;
 }
 static ssize_t
-bad_pipe_w(struct file *filp, const char *buf, size_t count, loff_t *ppos)
+bad_pipe_w(struct file *filp, const char __user *buf, size_t count, loff_t *ppos)
 {
 	return -EBADF;
 }
@@ -233,7 +233,7 @@ pipe_ioctl(struct inode *pino, struct file *filp,
 {
 	switch (cmd) {
 		case FIONREAD:
-			return put_user(PIPE_LEN(*pino), (int *)arg);
+			return put_user(PIPE_LEN(*pino), (int __user *)arg);
 		default:
 			return -EINVAL;
 	}

--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -521,12 +521,12 @@ extern struct list_head file_lock_list;
 #include <linux/fcntl.h>
-extern int fcntl_getlk(struct file *, struct flock *);
+extern int fcntl_getlk(struct file *, struct flock __user *);
-extern int fcntl_setlk(struct file *, unsigned int, struct flock *);
+extern int fcntl_setlk(struct file *, unsigned int, struct flock __user *);
 #if BITS_PER_LONG == 32
-extern int fcntl_getlk64(struct file *, struct flock64 *);
+extern int fcntl_getlk64(struct file *, struct flock64 __user *);
-extern int fcntl_setlk64(struct file *, unsigned int, struct flock64 *);
+extern int fcntl_setlk64(struct file *, unsigned int, struct flock64 __user *);
 #endif
 /* fs/locks.c */
@@ -1263,8 +1263,8 @@ void inode_set_bytes(struct inode *inode, loff_t bytes);
 extern int vfs_readdir(struct file *, filldir_t, void *);
-extern int vfs_stat(char *, struct kstat *);
+extern int vfs_stat(char __user *, struct kstat *);
-extern int vfs_lstat(char *, struct kstat *);
+extern int vfs_lstat(char __user *, struct kstat *);
 extern int vfs_fstat(unsigned int, struct kstat *);
 extern struct file_system_type *get_fs_type(const char *name);
@@ -1291,7 +1291,7 @@ extern int simple_commit_write(struct file *file, struct page *page,
 				unsigned offset, unsigned to);
 extern struct dentry *simple_lookup(struct inode *, struct dentry *);
-extern ssize_t generic_read_dir(struct file *, char *, size_t, loff_t *);
+extern ssize_t generic_read_dir(struct file *, char __user *, size_t, loff_t *);
 extern struct file_operations simple_dir_operations;
 extern struct inode_operations simple_dir_inode_operations;
 struct tree_descr { char *name; struct file_operations *ops; int mode; };

--- a/include/linux/sunrpc/rpc_pipe_fs.h
+++ b/include/linux/sunrpc/rpc_pipe_fs.h
@@ -12,8 +12,8 @@ struct rpc_pipe_msg {
 };
 struct rpc_pipe_ops {
-	ssize_t (*upcall)(struct file *, struct rpc_pipe_msg *, char *, size_t);
+	ssize_t (*upcall)(struct file *, struct rpc_pipe_msg *, char __user *, size_t);
-	ssize_t (*downcall)(struct file *, const char *, size_t);
+	ssize_t (*downcall)(struct file *, const char __user *, size_t);
 	void (*destroy_msg)(struct rpc_pipe_msg *);
 };

--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -405,12 +405,12 @@ extern void			sock_wfree(struct sk_buff *skb);
 extern void			sock_rfree(struct sk_buff *skb);
 extern int			sock_setsockopt(struct socket *sock, int level,
-						int op, char *optval,
+						int op, char __user *optval,
 						int optlen);
 extern int			sock_getsockopt(struct socket *sock, int level,
-						int op, char *optval, 
+						int op, char __user *optval, 
-						int *optlen);
+						int __user *optlen);
 extern struct sk_buff 		*sock_alloc_send_skb(struct sock *sk,
 						     unsigned long size,
 						     int noblock,

--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -134,7 +134,7 @@ __u32 sysctl_rmem_default = SK_RMEM_MAX;
 /* Maximal space eaten by iovec or ancilliary data plus some space */
 int sysctl_optmem_max = sizeof(unsigned long)*(2*UIO_MAXIOV + 512);
-static int sock_set_timeout(long *timeo_p, char *optval, int optlen)
+static int sock_set_timeout(long *timeo_p, char __user *optval, int optlen)
 {
 	struct timeval tv;
@@ -163,7 +163,7 @@ static void sock_warn_obsolete_bsdism(const char *name)
 */
 int sock_setsockopt(struct socket *sock, int level, int optname,
-		    char *optval, int optlen)
+		    char __user *optval, int optlen)
 {
 	struct sock *sk=sock->sk;
 	struct sk_filter *filter;
@@ -188,7 +188,7 @@ int sock_setsockopt(struct socket *sock, int level, int optname,
  	if(optlen<sizeof(int))
  		return(-EINVAL);
-	if (get_user(val, (int *)optval))
+	if (get_user(val, (int __user *)optval))
 		return -EFAULT;
  	valbool = val?1:0;
@@ -415,7 +415,7 @@ int sock_setsockopt(struct socket *sock, int level, int optname,
 int sock_getsockopt(struct socket *sock, int level, int optname,
-		    char *optval, int *optlen)
+		    char __user *optval, int __user *optlen)
 {
 	struct sock *sk = sock->sk;
@@ -548,7 +548,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
 				return -ENOTCONN;
 			if (lv < len)
 				return -EINVAL;
-			if(copy_to_user((void*)optval, address, len))
+			if (copy_to_user(optval, address, len))
 				return -EFAULT;
 			goto lenout;
 		}
@@ -996,7 +996,8 @@ ssize_t sock_no_sendpage(struct socket *sock, struct page *page, int offset, siz
 	msg.msg_controllen = 0;
 	msg.msg_flags = flags;
-	iov.iov_base = kaddr + offset;
+	/* This cast is ok because of the "set_fs(KERNEL_DS)" */
+	iov.iov_base = (void __user *) (kaddr + offset);
 	iov.iov_len = size;
 	old_fs = get_fs();

--- a/net/sunrpc/rpc_pipe.c
+++ b/net/sunrpc/rpc_pipe.c
@@ -156,7 +156,7 @@ rpc_pipe_release(struct inode *inode, struct file *filp)
 }
 static ssize_t
-rpc_pipe_read(struct file *filp, char *buf, size_t len, loff_t *offset)
+rpc_pipe_read(struct file *filp, char __user *buf, size_t len, loff_t *offset)
 {
 	struct inode *inode = filp->f_dentry->d_inode;
 	struct rpc_inode *rpci = RPC_I(inode);
@@ -193,7 +193,7 @@ rpc_pipe_read(struct file *filp, char *buf, size_t len, loff_t *offset)
 }
 static ssize_t
-rpc_pipe_write(struct file *filp, const char *buf, size_t len, loff_t *offset)
+rpc_pipe_write(struct file *filp, const char __user *buf, size_t len, loff_t *offset)
 {
 	struct inode *inode = filp->f_dentry->d_inode;
 	struct rpc_inode *rpci = RPC_I(inode);