Commit 7e39b725 authored by Jesper Juhl's avatar Jesper Juhl Committed by Linus Torvalds

[PATCH] verify_area cleanup : drivers part 2

This patch converts the second half of drivers from verify_area to
access_ok.
Signed-off-by: default avatarJesper Juhl <juhl-lkml@dif.dk>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 446b3543
...@@ -285,12 +285,12 @@ static int mtd_ioctl(struct inode *inode, struct file *file, ...@@ -285,12 +285,12 @@ static int mtd_ioctl(struct inode *inode, struct file *file,
size = (cmd & IOCSIZE_MASK) >> IOCSIZE_SHIFT; size = (cmd & IOCSIZE_MASK) >> IOCSIZE_SHIFT;
if (cmd & IOC_IN) { if (cmd & IOC_IN) {
ret = verify_area(VERIFY_READ, argp, size); if (!access_ok(VERIFY_READ, argp, size))
if (ret) return ret; return -EFAULT;
} }
if (cmd & IOC_OUT) { if (cmd & IOC_OUT) {
ret = verify_area(VERIFY_WRITE, argp, size); if (!access_ok(VERIFY_WRITE, argp, size))
if (ret) return ret; return -EFAULT;
} }
switch (cmd) { switch (cmd) {
...@@ -389,7 +389,8 @@ static int mtd_ioctl(struct inode *inode, struct file *file, ...@@ -389,7 +389,8 @@ static int mtd_ioctl(struct inode *inode, struct file *file,
if (!mtd->write_oob) if (!mtd->write_oob)
ret = -EOPNOTSUPP; ret = -EOPNOTSUPP;
else else
ret = verify_area(VERIFY_READ, buf.ptr, buf.length); ret = access_ok(VERIFY_READ, buf.ptr,
buf.length) ? 0 : EFAULT;
if (ret) if (ret)
return ret; return ret;
...@@ -428,7 +429,8 @@ static int mtd_ioctl(struct inode *inode, struct file *file, ...@@ -428,7 +429,8 @@ static int mtd_ioctl(struct inode *inode, struct file *file,
if (!mtd->read_oob) if (!mtd->read_oob)
ret = -EOPNOTSUPP; ret = -EOPNOTSUPP;
else else
ret = verify_area(VERIFY_WRITE, buf.ptr, buf.length); ret = access_ok(VERIFY_WRITE, buf.ptr,
buf.length) ? 0 : -EFAULT;
if (ret) if (ret)
return ret; return ret;
......
...@@ -2649,9 +2649,8 @@ static int orinoco_ioctl_getiwrange(struct net_device *dev, struct iw_point *rrq ...@@ -2649,9 +2649,8 @@ static int orinoco_ioctl_getiwrange(struct net_device *dev, struct iw_point *rrq
TRACE_ENTER(dev->name); TRACE_ENTER(dev->name);
err = verify_area(VERIFY_WRITE, rrq->pointer, sizeof(range)); if (!access_ok(VERIFY_WRITE, rrq->pointer, sizeof(range)))
if (err) return -EFAULT;
return err;
rrq->length = sizeof(range); rrq->length = sizeof(range);
......
...@@ -1351,17 +1351,15 @@ static int ds_ioctl(struct inode * inode, struct file * file, ...@@ -1351,17 +1351,15 @@ static int ds_ioctl(struct inode * inode, struct file * file,
return -EPERM; return -EPERM;
if (cmd & IOC_IN) { if (cmd & IOC_IN) {
err = verify_area(VERIFY_READ, uarg, size); if (!access_ok(VERIFY_READ, uarg, size)) {
if (err) { ds_dbg(3, "ds_ioctl(): verify_read = %d\n", -EFAULT);
ds_dbg(3, "ds_ioctl(): verify_read = %d\n", err); return -EFAULT;
return err;
} }
} }
if (cmd & IOC_OUT) { if (cmd & IOC_OUT) {
err = verify_area(VERIFY_WRITE, uarg, size); if (!access_ok(VERIFY_WRITE, uarg, size)) {
if (err) { ds_dbg(3, "ds_ioctl(): verify_write = %d\n", -EFAULT);
ds_dbg(3, "ds_ioctl(): verify_write = %d\n", err); return -EFAULT;
return err;
} }
} }
buf = kmalloc(sizeof(ds_ioctl_arg_t), GFP_KERNEL); buf = kmalloc(sizeof(ds_ioctl_arg_t), GFP_KERNEL);
......
...@@ -778,11 +778,10 @@ ctc_tty_ioctl(struct tty_struct *tty, struct file *file, ...@@ -778,11 +778,10 @@ ctc_tty_ioctl(struct tty_struct *tty, struct file *file,
printk(KERN_DEBUG "%s%d ioctl TIOCSERGETLSR\n", CTC_TTY_NAME, printk(KERN_DEBUG "%s%d ioctl TIOCSERGETLSR\n", CTC_TTY_NAME,
info->line); info->line);
#endif #endif
error = verify_area(VERIFY_WRITE, (void __user *) arg, sizeof(uint)); if (access_ok(VERIFY_WRITE, (void __user *) arg, sizeof(uint)))
if (error)
return error;
else
return ctc_tty_get_lsr_info(info, (uint __user *) arg); return ctc_tty_get_lsr_info(info, (uint __user *) arg);
else
return -EFAULT;
default: default:
#ifdef CTC_DEBUG_MODEM_IOCTL #ifdef CTC_DEBUG_MODEM_IOCTL
printk(KERN_DEBUG "UNKNOWN ioctl 0x%08x on %s%d\n", cmd, printk(KERN_DEBUG "UNKNOWN ioctl 0x%08x on %s%d\n", cmd,
......
...@@ -1887,14 +1887,12 @@ extern int aurora_get_serial_info(struct Aurora_port * port, ...@@ -1887,14 +1887,12 @@ extern int aurora_get_serial_info(struct Aurora_port * port,
{ {
struct serial_struct tmp; struct serial_struct tmp;
struct Aurora_board *bp = port_Board(port); struct Aurora_board *bp = port_Board(port);
int error;
#ifdef AURORA_DEBUG #ifdef AURORA_DEBUG
printk("aurora_get_serial_info: start\n"); printk("aurora_get_serial_info: start\n");
#endif #endif
error = verify_area(VERIFY_WRITE, (void *) retinfo, sizeof(tmp)); if (!access_ok(VERIFY_WRITE, (void *) retinfo, sizeof(tmp)))
if (error) return -EFAULT;
return error;
memset(&tmp, 0, sizeof(tmp)); memset(&tmp, 0, sizeof(tmp));
tmp.type = PORT_CIRRUS; tmp.type = PORT_CIRRUS;
......
...@@ -427,16 +427,14 @@ static int openprom_bsd_ioctl(struct inode * inode, struct file * file, ...@@ -427,16 +427,14 @@ static int openprom_bsd_ioctl(struct inode * inode, struct file * file,
len = op.op_buflen = 0; len = op.op_buflen = 0;
} }
error = verify_area(VERIFY_WRITE, argp, sizeof(op)); if (!access_ok(VERIFY_WRITE, argp, sizeof(op))) {
if (error) {
kfree(str); kfree(str);
return error; return -EFAULT;
} }
error = verify_area(VERIFY_WRITE, op.op_buf, len); if (!access_ok(VERIFY_WRITE, op.op_buf, len)) {
if (error) {
kfree(str); kfree(str);
return error; return -EFAULT;
} }
error = __copy_to_user(argp, &op, sizeof(op)); error = __copy_to_user(argp, &op, sizeof(op));
......
...@@ -752,7 +752,7 @@ int cpqfcTS_ioctl( struct scsi_device *ScsiDev, int Cmnd, void *arg) ...@@ -752,7 +752,7 @@ int cpqfcTS_ioctl( struct scsi_device *ScsiDev, int Cmnd, void *arg)
result = -ENXIO; result = -ENXIO;
break; break;
} }
result = verify_area(VERIFY_WRITE, arg, sizeof(Scsi_FCTargAddress)); result = access_ok(VERIFY_WRITE, arg, sizeof(Scsi_FCTargAddress)) ? 0 : -EFAULT;
if (result) break; if (result) break;
put_user(pLoggedInPort->port_id, put_user(pLoggedInPort->port_id,
......
...@@ -230,7 +230,7 @@ int scsi_ioctl_send_command(struct scsi_device *sdev, ...@@ -230,7 +230,7 @@ int scsi_ioctl_send_command(struct scsi_device *sdev,
/* /*
* Verify that we can read at least this much. * Verify that we can read at least this much.
*/ */
if (verify_area(VERIFY_READ, sic, sizeof(Scsi_Ioctl_Command))) if (!access_ok(VERIFY_READ, sic, sizeof(Scsi_Ioctl_Command)))
return -EFAULT; return -EFAULT;
if(__get_user(inlen, &sic->inlen)) if(__get_user(inlen, &sic->inlen))
...@@ -285,7 +285,7 @@ int scsi_ioctl_send_command(struct scsi_device *sdev, ...@@ -285,7 +285,7 @@ int scsi_ioctl_send_command(struct scsi_device *sdev,
result = -EFAULT; result = -EFAULT;
if (verify_area(VERIFY_READ, cmd_in, cmdlen + inlen)) if (!access_ok(VERIFY_READ, cmd_in, cmdlen + inlen))
goto error; goto error;
if(__copy_from_user(cmd, cmd_in, cmdlen)) if(__copy_from_user(cmd, cmd_in, cmdlen))
...@@ -417,7 +417,7 @@ int scsi_ioctl(struct scsi_device *sdev, int cmd, void __user *arg) ...@@ -417,7 +417,7 @@ int scsi_ioctl(struct scsi_device *sdev, int cmd, void __user *arg)
switch (cmd) { switch (cmd) {
case SCSI_IOCTL_GET_IDLUN: case SCSI_IOCTL_GET_IDLUN:
if (verify_area(VERIFY_WRITE, arg, sizeof(struct scsi_idlun))) if (!access_ok(VERIFY_WRITE, arg, sizeof(struct scsi_idlun)))
return -EFAULT; return -EFAULT;
__put_user((sdev->id & 0xff) __put_user((sdev->id & 0xff)
......
...@@ -330,7 +330,7 @@ sg_release(struct inode *inode, struct file *filp) ...@@ -330,7 +330,7 @@ sg_release(struct inode *inode, struct file *filp)
static ssize_t static ssize_t
sg_read(struct file *filp, char __user *buf, size_t count, loff_t * ppos) sg_read(struct file *filp, char __user *buf, size_t count, loff_t * ppos)
{ {
int k, res; int res;
Sg_device *sdp; Sg_device *sdp;
Sg_fd *sfp; Sg_fd *sfp;
Sg_request *srp; Sg_request *srp;
...@@ -343,8 +343,8 @@ sg_read(struct file *filp, char __user *buf, size_t count, loff_t * ppos) ...@@ -343,8 +343,8 @@ sg_read(struct file *filp, char __user *buf, size_t count, loff_t * ppos)
return -ENXIO; return -ENXIO;
SCSI_LOG_TIMEOUT(3, printk("sg_read: %s, count=%d\n", SCSI_LOG_TIMEOUT(3, printk("sg_read: %s, count=%d\n",
sdp->disk->disk_name, (int) count)); sdp->disk->disk_name, (int) count));
if ((k = verify_area(VERIFY_WRITE, buf, count))) if (!access_ok(VERIFY_WRITE, buf, count))
return k; return -EFAULT;
if (sfp->force_packid && (count >= SZ_SG_HEADER)) { if (sfp->force_packid && (count >= SZ_SG_HEADER)) {
if (__copy_from_user(&old_hdr, buf, SZ_SG_HEADER)) if (__copy_from_user(&old_hdr, buf, SZ_SG_HEADER))
return -EFAULT; return -EFAULT;
...@@ -501,8 +501,8 @@ sg_write(struct file *filp, const char __user *buf, size_t count, loff_t * ppos) ...@@ -501,8 +501,8 @@ sg_write(struct file *filp, const char __user *buf, size_t count, loff_t * ppos)
scsi_block_when_processing_errors(sdp->device))) scsi_block_when_processing_errors(sdp->device)))
return -ENXIO; return -ENXIO;
if ((k = verify_area(VERIFY_READ, buf, count))) if (!access_ok(VERIFY_READ, buf, count))
return k; /* protects following copy_from_user()s + get_user()s */ return -EFAULT; /* protects following copy_from_user()s + get_user()s */
if (count < SZ_SG_HEADER) if (count < SZ_SG_HEADER)
return -EIO; return -EIO;
if (__copy_from_user(&old_hdr, buf, SZ_SG_HEADER)) if (__copy_from_user(&old_hdr, buf, SZ_SG_HEADER))
...@@ -594,8 +594,8 @@ sg_new_write(Sg_fd * sfp, const char __user *buf, size_t count, ...@@ -594,8 +594,8 @@ sg_new_write(Sg_fd * sfp, const char __user *buf, size_t count,
if (count < SZ_SG_IO_HDR) if (count < SZ_SG_IO_HDR)
return -EINVAL; return -EINVAL;
if ((k = verify_area(VERIFY_READ, buf, count))) if (!access_ok(VERIFY_READ, buf, count))
return k; /* protects following copy_from_user()s + get_user()s */ return -EFAULT; /* protects following copy_from_user()s + get_user()s */
sfp->cmd_q = 1; /* when sg_io_hdr seen, set command queuing on */ sfp->cmd_q = 1; /* when sg_io_hdr seen, set command queuing on */
if (!(srp = sg_add_request(sfp))) { if (!(srp = sg_add_request(sfp))) {
...@@ -631,9 +631,9 @@ sg_new_write(Sg_fd * sfp, const char __user *buf, size_t count, ...@@ -631,9 +631,9 @@ sg_new_write(Sg_fd * sfp, const char __user *buf, size_t count,
sg_remove_request(sfp, srp); sg_remove_request(sfp, srp);
return -EMSGSIZE; return -EMSGSIZE;
} }
if ((k = verify_area(VERIFY_READ, hp->cmdp, hp->cmd_len))) { if (!access_ok(VERIFY_READ, hp->cmdp, hp->cmd_len)) {
sg_remove_request(sfp, srp); sg_remove_request(sfp, srp);
return k; /* protects following copy_from_user()s + get_user()s */ return -EFAULT; /* protects following copy_from_user()s + get_user()s */
} }
if (__copy_from_user(cmnd, hp->cmdp, hp->cmd_len)) { if (__copy_from_user(cmnd, hp->cmdp, hp->cmd_len)) {
sg_remove_request(sfp, srp); sg_remove_request(sfp, srp);
...@@ -773,9 +773,8 @@ sg_ioctl(struct inode *inode, struct file *filp, ...@@ -773,9 +773,8 @@ sg_ioctl(struct inode *inode, struct file *filp,
return -ENODEV; return -ENODEV;
if (!scsi_block_when_processing_errors(sdp->device)) if (!scsi_block_when_processing_errors(sdp->device))
return -ENXIO; return -ENXIO;
result = verify_area(VERIFY_WRITE, p, SZ_SG_IO_HDR); if (!access_ok(VERIFY_WRITE, p, SZ_SG_IO_HDR))
if (result) return -EFAULT;
return result;
result = result =
sg_new_write(sfp, p, SZ_SG_IO_HDR, sg_new_write(sfp, p, SZ_SG_IO_HDR,
blocking, read_only, &srp); blocking, read_only, &srp);
...@@ -837,10 +836,8 @@ sg_ioctl(struct inode *inode, struct file *filp, ...@@ -837,10 +836,8 @@ sg_ioctl(struct inode *inode, struct file *filp,
case SG_GET_LOW_DMA: case SG_GET_LOW_DMA:
return put_user((int) sfp->low_dma, ip); return put_user((int) sfp->low_dma, ip);
case SG_GET_SCSI_ID: case SG_GET_SCSI_ID:
result = if (!access_ok(VERIFY_WRITE, p, sizeof (sg_scsi_id_t)))
verify_area(VERIFY_WRITE, p, sizeof (sg_scsi_id_t)); return -EFAULT;
if (result)
return result;
else { else {
sg_scsi_id_t __user *sg_idp = p; sg_scsi_id_t __user *sg_idp = p;
...@@ -868,9 +865,8 @@ sg_ioctl(struct inode *inode, struct file *filp, ...@@ -868,9 +865,8 @@ sg_ioctl(struct inode *inode, struct file *filp,
sfp->force_packid = val ? 1 : 0; sfp->force_packid = val ? 1 : 0;
return 0; return 0;
case SG_GET_PACK_ID: case SG_GET_PACK_ID:
result = verify_area(VERIFY_WRITE, ip, sizeof (int)); if (!access_ok(VERIFY_WRITE, ip, sizeof (int)))
if (result) return -EFAULT;
return result;
read_lock_irqsave(&sfp->rq_list_lock, iflags); read_lock_irqsave(&sfp->rq_list_lock, iflags);
for (srp = sfp->headrp; srp; srp = srp->nextrp) { for (srp = sfp->headrp; srp; srp = srp->nextrp) {
if ((1 == srp->done) && (!srp->sg_io_owned)) { if ((1 == srp->done) && (!srp->sg_io_owned)) {
...@@ -938,10 +934,8 @@ sg_ioctl(struct inode *inode, struct file *filp, ...@@ -938,10 +934,8 @@ sg_ioctl(struct inode *inode, struct file *filp,
val = (sdp->device ? 1 : 0); val = (sdp->device ? 1 : 0);
return put_user(val, ip); return put_user(val, ip);
case SG_GET_REQUEST_TABLE: case SG_GET_REQUEST_TABLE:
result = verify_area(VERIFY_WRITE, p, if (!access_ok(VERIFY_WRITE, p, SZ_SG_REQ_INFO * SG_MAX_QUEUE))
SZ_SG_REQ_INFO * SG_MAX_QUEUE); return -EFAULT;
if (result)
return result;
else { else {
sg_req_info_t rinfo[SG_MAX_QUEUE]; sg_req_info_t rinfo[SG_MAX_QUEUE];
Sg_request *srp; Sg_request *srp;
...@@ -1959,9 +1953,8 @@ sg_write_xfer(Sg_request * srp) ...@@ -1959,9 +1953,8 @@ sg_write_xfer(Sg_request * srp)
num_xfer, iovec_count, schp->k_use_sg)); num_xfer, iovec_count, schp->k_use_sg));
if (iovec_count) { if (iovec_count) {
onum = iovec_count; onum = iovec_count;
if ((k = verify_area(VERIFY_READ, hp->dxferp, if (!access_ok(VERIFY_READ, hp->dxferp, SZ_SG_IOVEC * onum))
SZ_SG_IOVEC * onum))) return -EFAULT;
return k;
} else } else
onum = 1; onum = 1;
...@@ -2031,7 +2024,7 @@ sg_u_iovec(sg_io_hdr_t * hp, int sg_num, int ind, ...@@ -2031,7 +2024,7 @@ sg_u_iovec(sg_io_hdr_t * hp, int sg_num, int ind,
{ {
int num_xfer = (int) hp->dxfer_len; int num_xfer = (int) hp->dxfer_len;
unsigned char __user *p = hp->dxferp; unsigned char __user *p = hp->dxferp;
int count, k; int count;
if (0 == sg_num) { if (0 == sg_num) {
if (wr_xf && ('\0' == hp->interface_id)) if (wr_xf && ('\0' == hp->interface_id))
...@@ -2045,8 +2038,8 @@ sg_u_iovec(sg_io_hdr_t * hp, int sg_num, int ind, ...@@ -2045,8 +2038,8 @@ sg_u_iovec(sg_io_hdr_t * hp, int sg_num, int ind,
p = iovec.iov_base; p = iovec.iov_base;
count = (int) iovec.iov_len; count = (int) iovec.iov_len;
} }
if ((k = verify_area(wr_xf ? VERIFY_READ : VERIFY_WRITE, p, count))) if (!access_ok(wr_xf ? VERIFY_READ : VERIFY_WRITE, p, count))
return k; return -EFAULT;
if (up) if (up)
*up = p; *up = p;
if (countp) if (countp)
...@@ -2113,9 +2106,8 @@ sg_read_xfer(Sg_request * srp) ...@@ -2113,9 +2106,8 @@ sg_read_xfer(Sg_request * srp)
num_xfer, iovec_count, schp->k_use_sg)); num_xfer, iovec_count, schp->k_use_sg));
if (iovec_count) { if (iovec_count) {
onum = iovec_count; onum = iovec_count;
if ((k = verify_area(VERIFY_READ, hp->dxferp, if (!access_ok(VERIFY_READ, hp->dxferp, SZ_SG_IOVEC * onum))
SZ_SG_IOVEC * onum))) return -EFAULT;
return k;
} else } else
onum = 1; onum = 1;
......
...@@ -1055,28 +1055,23 @@ static int rs_ioctl(struct tty_struct *tty, struct file * file, ...@@ -1055,28 +1055,23 @@ static int rs_ioctl(struct tty_struct *tty, struct file * file,
(arg ? CLOCAL : 0)); (arg ? CLOCAL : 0));
return 0; return 0;
case TIOCGSERIAL: case TIOCGSERIAL:
error = verify_area(VERIFY_WRITE, (void *) arg, if (access_ok(VERIFY_WRITE, (void *) arg,
sizeof(struct serial_struct)); sizeof(struct serial_struct)))
if (error)
return error;
return get_serial_info(info, return get_serial_info(info,
(struct serial_struct *) arg); (struct serial_struct *) arg);
return -EFAULT;
case TIOCSSERIAL: case TIOCSSERIAL:
return set_serial_info(info, return set_serial_info(info,
(struct serial_struct *) arg); (struct serial_struct *) arg);
case TIOCSERGETLSR: /* Get line status register */ case TIOCSERGETLSR: /* Get line status register */
error = verify_area(VERIFY_WRITE, (void *) arg, if (access_ok(VERIFY_WRITE, (void *) arg,
sizeof(unsigned int)); sizeof(unsigned int));
if (error)
return error;
else
return get_lsr_info(info, (unsigned int *) arg); return get_lsr_info(info, (unsigned int *) arg);
return -EFAULT;
case TIOCSERGSTRUCT: case TIOCSERGSTRUCT:
error = verify_area(VERIFY_WRITE, (void *) arg, if (!access_ok(VERIFY_WRITE, (void *) arg,
sizeof(struct m68k_serial)); sizeof(struct m68k_serial)))
if (error) return -EFAULT;
return error;
copy_to_user((struct m68k_serial *) arg, copy_to_user((struct m68k_serial *) arg,
info, sizeof(struct m68k_serial)); info, sizeof(struct m68k_serial));
return 0; return 0;
......
...@@ -1092,23 +1092,19 @@ static int mcfrs_ioctl(struct tty_struct *tty, struct file * file, ...@@ -1092,23 +1092,19 @@ static int mcfrs_ioctl(struct tty_struct *tty, struct file * file,
(arg ? CLOCAL : 0)); (arg ? CLOCAL : 0));
return 0; return 0;
case TIOCGSERIAL: case TIOCGSERIAL:
error = verify_area(VERIFY_WRITE, (void *) arg, if (access_ok(VERIFY_WRITE, (void *) arg,
sizeof(struct serial_struct)); sizeof(struct serial_struct)))
if (error)
return error;
return get_serial_info(info, return get_serial_info(info,
(struct serial_struct *) arg); (struct serial_struct *) arg);
return -EFAULT;
case TIOCSSERIAL: case TIOCSSERIAL:
return set_serial_info(info, return set_serial_info(info,
(struct serial_struct *) arg); (struct serial_struct *) arg);
case TIOCSERGETLSR: /* Get line status register */ case TIOCSERGETLSR: /* Get line status register */
error = verify_area(VERIFY_WRITE, (void *) arg, if (access_ok(VERIFY_WRITE, (void *) arg,
sizeof(unsigned int)); sizeof(unsigned int)))
if (error)
return error;
else
return get_lsr_info(info, (unsigned int *) arg); return get_lsr_info(info, (unsigned int *) arg);
return -EFAULT;
case TIOCSERGSTRUCT: case TIOCSERGSTRUCT:
error = copy_to_user((struct mcf_serial *) arg, error = copy_to_user((struct mcf_serial *) arg,
info, sizeof(struct mcf_serial)); info, sizeof(struct mcf_serial));
......
...@@ -1240,28 +1240,24 @@ static int rs_ioctl(struct tty_struct *tty, struct file * file, ...@@ -1240,28 +1240,24 @@ static int rs_ioctl(struct tty_struct *tty, struct file * file,
switch (cmd) { switch (cmd) {
case TIOCGSERIAL: case TIOCGSERIAL:
error = verify_area(VERIFY_WRITE, (void *)arg, if (!access_ok(VERIFY_WRITE, (void *)arg,
sizeof(struct serial_struct)); sizeof(struct serial_struct)))
if (error) return -EFAULT;
return error;
return get_serial_info(info, (struct serial_struct *)arg); return get_serial_info(info, (struct serial_struct *)arg);
case TIOCSSERIAL: case TIOCSSERIAL:
return set_serial_info(info, (struct serial_struct *)arg); return set_serial_info(info, (struct serial_struct *)arg);
case TIOCSERGETLSR: /* Get line status register */ case TIOCSERGETLSR: /* Get line status register */
error = verify_area(VERIFY_WRITE, (void *)arg, if (!access_ok(VERIFY_WRITE, (void *)arg,
sizeof(unsigned int)); sizeof(unsigned int)))
if (error) return -EFAULT;
return error;
else
return get_lsr_info(info, (unsigned int *)arg); return get_lsr_info(info, (unsigned int *)arg);
case TIOCSERGSTRUCT: case TIOCSERGSTRUCT:
error = verify_area(VERIFY_WRITE, (void *)arg, if (!access_ok(VERIFY_WRITE, (void *)arg,
sizeof(struct dec_serial)); sizeof(struct dec_serial)))
if (error) return -EFAULT;
return error;
copy_from_user((struct dec_serial *)arg, info, copy_from_user((struct dec_serial *)arg, info,
sizeof(struct dec_serial)); sizeof(struct dec_serial));
return 0; return 0;
......
...@@ -925,45 +925,34 @@ static int klsi_105_ioctl (struct usb_serial_port *port, struct file * file, ...@@ -925,45 +925,34 @@ static int klsi_105_ioctl (struct usb_serial_port *port, struct file * file,
/* TODO */ /* TODO */
dbg("%s - TIOCMIWAIT not handled", __FUNCTION__); dbg("%s - TIOCMIWAIT not handled", __FUNCTION__);
return -ENOIOCTLCMD; return -ENOIOCTLCMD;
case TIOCGICOUNT: case TIOCGICOUNT:
/* return count of modemline transitions */ /* return count of modemline transitions */
/* TODO */ /* TODO */
dbg("%s - TIOCGICOUNT not handled", __FUNCTION__); dbg("%s - TIOCGICOUNT not handled", __FUNCTION__);
return -ENOIOCTLCMD; return -ENOIOCTLCMD;
case TCGETS: { case TCGETS:
/* return current info to caller */ /* return current info to caller */
int retval;
dbg("%s - TCGETS data faked/incomplete", __FUNCTION__); dbg("%s - TCGETS data faked/incomplete", __FUNCTION__);
retval = verify_area(VERIFY_WRITE, user_arg, if (!access_ok(VERIFY_WRITE, user_arg, sizeof(struct termios)))
sizeof(struct termios)); return -EFAULT;
if (retval)
return retval;
if (kernel_termios_to_user_termios((struct termios __user *)arg, if (kernel_termios_to_user_termios((struct termios __user *)arg,
&priv->termios)) &priv->termios))
return -EFAULT; return -EFAULT;
return(0); return 0;
} case TCSETS:
case TCSETS: {
/* set port termios to the one given by the user */ /* set port termios to the one given by the user */
int retval;
dbg("%s - TCSETS not handled", __FUNCTION__); dbg("%s - TCSETS not handled", __FUNCTION__);
retval = verify_area(VERIFY_READ, user_arg, if (!access_ok(VERIFY_READ, user_arg, sizeof(struct termios)))
sizeof(struct termios)); return -EFAULT;
if (retval)
return retval;
if (user_termios_to_kernel_termios(&priv->termios, if (user_termios_to_kernel_termios(&priv->termios,
(struct termios __user *)arg)) (struct termios __user *)arg))
return -EFAULT; return -EFAULT;
klsi_105_set_termios(port, &priv->termios); klsi_105_set_termios(port, &priv->termios);
return(0); return 0;
}
case TCSETSW: { case TCSETSW: {
/* set port termios and try to wait for completion of last /* set port termios and try to wait for completion of last
* write operation */ * write operation */
......
...@@ -637,10 +637,9 @@ static int kobil_ioctl(struct usb_serial_port *port, struct file *file, ...@@ -637,10 +637,9 @@ static int kobil_ioctl(struct usb_serial_port *port, struct file *file,
switch (cmd) { switch (cmd) {
case TCGETS: // 0x5401 case TCGETS: // 0x5401
result = verify_area(VERIFY_WRITE, user_arg, sizeof(struct termios)); if (!access_ok(VERIFY_WRITE, user_arg, sizeof(struct termios))) {
if (result) { dbg("%s - port %d Error in access_ok", __FUNCTION__, port->number);
dbg("%s - port %d Error in verify_area", __FUNCTION__, port->number); return -EFAULT;
return(result);
} }
if (kernel_termios_to_user_termios((struct termios __user *)arg, if (kernel_termios_to_user_termios((struct termios __user *)arg,
&priv->internal_termios)) &priv->internal_termios))
...@@ -652,10 +651,9 @@ static int kobil_ioctl(struct usb_serial_port *port, struct file *file, ...@@ -652,10 +651,9 @@ static int kobil_ioctl(struct usb_serial_port *port, struct file *file,
dbg("%s - port %d Error: port->tty->termios is NULL", __FUNCTION__, port->number); dbg("%s - port %d Error: port->tty->termios is NULL", __FUNCTION__, port->number);
return -ENOTTY; return -ENOTTY;
} }
result = verify_area(VERIFY_READ, user_arg, sizeof(struct termios)); if (!access_ok(VERIFY_READ, user_arg, sizeof(struct termios))) {
if (result) { dbg("%s - port %d Error in access_ok", __FUNCTION__, port->number);
dbg("%s - port %d Error in verify_area", __FUNCTION__, port->number); return -EFAULT;
return result;
} }
if (user_termios_to_kernel_termios(&priv->internal_termios, if (user_termios_to_kernel_termios(&priv->internal_termios,
(struct termios __user *)arg)) (struct termios __user *)arg))
......
...@@ -3338,7 +3338,7 @@ static int ami_get_var_cursorinfo(struct fb_var_cursorinfo *var, u_char *data) ...@@ -3338,7 +3338,7 @@ static int ami_get_var_cursorinfo(struct fb_var_cursorinfo *var, u_char *data)
register short delta; register short delta;
register u_char color; register u_char color;
short height, width, bits, words; short height, width, bits, words;
int i, size, alloc; int size, alloc;
size = par->crsr.height*par->crsr.width; size = par->crsr.height*par->crsr.width;
alloc = var->height*var->width; alloc = var->height*var->width;
...@@ -3348,8 +3348,8 @@ static int ami_get_var_cursorinfo(struct fb_var_cursorinfo *var, u_char *data) ...@@ -3348,8 +3348,8 @@ static int ami_get_var_cursorinfo(struct fb_var_cursorinfo *var, u_char *data)
var->yspot = par->crsr.spot_y; var->yspot = par->crsr.spot_y;
if (size > var->height*var->width) if (size > var->height*var->width)
return -ENAMETOOLONG; return -ENAMETOOLONG;
if ((i = verify_area(VERIFY_WRITE, (void *)data, size))) if (!access_ok(VERIFY_WRITE, (void *)data, size))
return i; return -EFAULT;
delta = 1<<par->crsr.fmode; delta = 1<<par->crsr.fmode;
lspr = lofsprite + (delta<<1); lspr = lofsprite + (delta<<1);
if (par->bplcon0 & BPC0_LACE) if (par->bplcon0 & BPC0_LACE)
...@@ -3413,7 +3413,6 @@ static int ami_set_var_cursorinfo(struct fb_var_cursorinfo *var, u_char *data) ...@@ -3413,7 +3413,6 @@ static int ami_set_var_cursorinfo(struct fb_var_cursorinfo *var, u_char *data)
register short delta; register short delta;
u_short fmode; u_short fmode;
short height, width, bits, words; short height, width, bits, words;
int i;
if (!var->width) if (!var->width)
return -EINVAL; return -EINVAL;
...@@ -3429,8 +3428,8 @@ static int ami_set_var_cursorinfo(struct fb_var_cursorinfo *var, u_char *data) ...@@ -3429,8 +3428,8 @@ static int ami_set_var_cursorinfo(struct fb_var_cursorinfo *var, u_char *data)
return -EINVAL; return -EINVAL;
if (!var->height) if (!var->height)
return -EINVAL; return -EINVAL;
if ((i = verify_area(VERIFY_READ, (void *)data, var->width*var->height))) if (!access_ok(VERIFY_READ, (void *)data, var->width*var->height))
return i; return -EFAULT;
delta = 1<<fmode; delta = 1<<fmode;
lofsprite = shfsprite = (u_short *)spritememory; lofsprite = shfsprite = (u_short *)spritememory;
lspr = lofsprite + (delta<<1); lspr = lofsprite + (delta<<1);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment