[PATCH] AUDIT 2.5.19: Continuing copy_to/from_user & clear_user

arch/ppc/kernel/syscalls.c

@@ -117,7 +117,7 @@ sys_ipc (uint call, int first, int second, int third, void *ptr, long fifth)
 			if ((ret = verify_area (VERIFY_READ, ptr, sizeof(tmp)))
 			    || (ret = copy_from_user(&tmp,
 						(struct ipc_kludge *) ptr,
-						sizeof (tmp))))
+						sizeof (tmp)) ? -EFAULT : 0)
 				break;
 			ret = sys_msgrcv (first, tmp.msgp, second, tmp.msgtyp,
 					  third);

arch/s390/kernel/debug.c

@@ -424,7 +424,6 @@ static ssize_t debug_output(struct file *file,	/* file descriptor */
 {
 	size_t count = 0;
 	size_t entry_offset, size = 0;
-	int rc;
 	file_private_info_t *p_info;
 
 	p_info = ((file_private_info_t *) file->private_data);
@@ -440,9 +439,9 @@ static ssize_t debug_output(struct file *file,	/* file descriptor */
 		size = MIN((len - count), (size - entry_offset));
 
 		if(size){
-			if ((rc = copy_to_user(user_buf + count, 
-					p_info->temp_buf + entry_offset, size)))
-			return rc;
+			if (copy_to_user(user_buf + count, 
+					p_info->temp_buf + entry_offset, size))
+			return -EFAULT;
 		}
 		count += size;
 		entry_offset = 0;

arch/s390/kernel/ptrace.c

@@ -116,14 +116,14 @@ int ptrace_usercopy(addr_t realuseraddr,addr_t copyaddr,int len,int tofromuser,i
 	{
 		if(writeuser)
 		{
-			retval=copy_from_user((void *)realuseraddr,(void *)copyaddr,len);
+			retval=copy_from_user((void *)realuseraddr,(void *)copyaddr,len) ? -EFAULT : 0;
 		}
 		else
 		{
 			if(realuseraddr==(addr_t)NULL)
-				retval=(clear_user((void *)copyaddr,len)==-EFAULT ? -EIO:0);
+				retval=(clear_user((void *)copyaddr,len) ? -EIO:0);
 			else
-				retval=(copy_to_user((void *)copyaddr,(void *)realuseraddr,len)==-EFAULT ? -EIO:0);
+				retval=(copy_to_user((void *)copyaddr,(void *)realuseraddr,len) ? -EIO:0);
 		}      
 	}
 	else

arch/s390/kernel/signal.c

@@ -141,7 +141,7 @@ sys_sigaltstack(const stack_t *uss, stack_t *uoss, struct pt_regs *regs)
 
 
 
-
+/* Returns non-zero on fault. */
 static int save_sigregs(struct pt_regs *regs,_sigregs *sregs)
 {
 	int err;
@@ -157,6 +157,7 @@ static int save_sigregs(struct pt_regs *regs,_sigregs *sregs)
 	
 }
 
+/* Returns positive number on error */
 static int restore_sigregs(struct pt_regs *regs,_sigregs *sregs)
 {
 	int err;

arch/s390/math-emu/math.c

@@ -86,13 +86,13 @@ int sysctl_ieee_emulation_warnings=1;
 
 #define mathemu_copy_from_user(d, s, n)\
         do { \
-                if (copy_from_user((d),(s),(n)) == -EFAULT) \
+                if (copy_from_user((d),(s),(n)) != 0) \
                         return SIGSEGV; \
         } while (0)
 
 #define mathemu_copy_to_user(d, s, n) \
         do { \
-                if (copy_to_user((d),(s),(n)) == -EFAULT) \
+                if (copy_to_user((d),(s),(n)) != 0) \
                         return SIGSEGV; \
         } while (0)
 

arch/s390x/kernel/debug.c

@@ -427,7 +427,6 @@ static ssize_t debug_output(struct file *file,	/* file descriptor */
 {
 	size_t count = 0;
 	size_t entry_offset, size = 0;
-	int rc;
 	file_private_info_t *p_info;
 
 	p_info = ((file_private_info_t *) file->private_data);
@@ -443,9 +442,9 @@ static ssize_t debug_output(struct file *file,	/* file descriptor */
 		size = MIN((len - count), (size - entry_offset));
 
 		if(size){
-			if ((rc = copy_to_user(user_buf + count, 
-					p_info->temp_buf + entry_offset, size)))
-			return rc;
+			if (copy_to_user(user_buf + count, 
+					p_info->temp_buf + entry_offset, size))
+			return -EFAULT;
 		}
 		count += size;
 		entry_offset = 0;

arch/s390x/kernel/ptrace.c

@@ -122,7 +122,7 @@ int ptrace_usercopy(addr_t realuseraddr, addr_t copyaddr, int len,
 				retval = clear_user(copyptr, len);
 			else
 				retval = copy_to_user(copyptr,realuserptr,len);
-                        retval = (retval == -EFAULT) ? -EIO : 0;
+                        retval = retval ? -EIO : 0;
 		}      
 	} else {
 		if (writeuser)

arch/s390x/kernel/signal.c

@@ -141,7 +141,7 @@ sys_sigaltstack(const stack_t *uss, stack_t *uoss, struct pt_regs *regs)
 
 
 
-
+/* Returns non-zero on fault */
 static int save_sigregs(struct pt_regs *regs,_sigregs *sregs)
 {
 	int err;
@@ -157,6 +157,7 @@ static int save_sigregs(struct pt_regs *regs,_sigregs *sregs)
 	
 }
 
+/* Returns positive number on error */
 static int restore_sigregs(struct pt_regs *regs,_sigregs *sregs)
 {
 	int err;

arch/sparc/kernel/sys_sunos.c

@@ -487,7 +487,7 @@ asmlinkage int sunos_uname(struct sunos_utsname *name)
 		ret |= __copy_to_user(&name->mach[0], &system_utsname.machine[0], sizeof(name->mach) - 1);
 	}
 	up_read(&uts_sem);
-	return ret;
+	return ret ? -EFAULT : 0;
 }
 
 asmlinkage int sunos_nosys(void)

arch/sparc64/kernel/sys_sparc.c

@@ -252,7 +252,7 @@ asmlinkage int sparc64_newuname(struct new_utsname * name)
 	int ret = sys_newuname(name);
 	
 	if (current->personality == PER_LINUX32 && !ret) {
-		ret = copy_to_user(name->machine, "sparc\0\0", 8);
+		ret = copy_to_user(name->machine, "sparc\0\0", 8) ? -EFAULT : 0;
 	}
 	return ret;
 }

drivers/char/rio/rioctrl.c

@@ -139,7 +139,7 @@ int copyin (int arg, caddr_t dp, int siz)
 
   rio_dprintk (RIO_DEBUG_CTRL, "Copying %d bytes from user %p to %p.\n", siz, (void *)arg, dp);
   rv = copy_from_user (dp, (void *)arg, siz);
-  if (rv < 0) return COPYFAIL;
+  if (rv) return COPYFAIL;
   else return rv;
 }
 
@@ -150,7 +150,7 @@ int copyout (caddr_t dp, int arg, int siz)
 
   rio_dprintk (RIO_DEBUG_CTRL, "Copying %d bytes to user %p from %p.\n", siz, (void *)arg, dp);
   rv = copy_to_user ((void *)arg, dp, siz);
-  if (rv < 0) return COPYFAIL;
+  if (rv) return COPYFAIL;
   else return rv;
 }
 

drivers/ieee1394/pcilynx.c

@@ -880,7 +880,7 @@ static ssize_t mem_read(struct file *file, char *buffer, size_t count,
         retval = copy_to_user(buffer, md->lynx->mem_dma_buffer, count);
         up(&md->lynx->mem_dma_mutex);
 
-        if (retval < 0) return retval;
+        if (retval) return -EFAULT;
         *offset += count;
         return count;
 }

drivers/s390/misc/chandev.c

@@ -3151,7 +3151,7 @@ static int chandev_write_proc(struct file *file, const char *buffer,
 	buff=vmalloc(count+1);
 	if(buff)
 	{
-		rc = copy_from_user(buff,buffer,count);
+		rc = copy_from_user(buff,buffer,count) ? -EFAULT : 0;
 		if (rc)
 			goto chandev_write_exit;
 		chandev_do_setup(FALSE,buff,count);

drivers/sbus/char/openprom.c

@@ -408,9 +408,9 @@ static int openprom_bsd_ioctl(struct inode * inode, struct file * file,
 
 		tmp[len] = '\0';
 
-		error = __copy_to_user((void *)arg, &op, sizeof(op));
-		if (!error)
-			error = copy_to_user(op.op_buf, tmp, len);
+		if (__copy_to_user((void *)arg, &op, sizeof(op)) != 0
+		    || copy_to_user(op.op_buf, tmp, len) != 0)
+			error = -EFAULT;
 
 		kfree(tmp);
 		kfree(str);

sound/isa/sb/sb16_csp.c

@@ -215,7 +215,7 @@ static int snd_sb_csp_ioctl(snd_hwdep_t * hw, struct file *file, unsigned int cm
 		info.run_width = p->run_width;
 		info.version = p->version;
 		info.state = p->running;
-		err = copy_to_user((void *) arg, &info, sizeof(info));
+		err = copy_to_user((void *) arg, &info, sizeof(info)) ? -EFAULT : 0;
 		break;
 
 		/* load CSP microcode */