Commit ab1b2b63 authored by Jens Axboe's avatar Jens Axboe

[PATCH] fix CDROM_SEND_PACKET 32 -> 64-bit translation

Here's a much better version.  The real bug was of course that the
get_user/put_user for data_direction were transposed.

This patch also fixes the translation of "quiet" and "timeout" to be
safer and clearer (instead of memcpying them as two ints and knowing
that "quiet" is first and assuming that "compat_int_t" is always the
same as the native "int", the code now handles them explicitly).

We should use "access_ok()" and __get_user/__put_user to generate better
code for this, but it's not performance-critical, so we don't care.
Some other day, perhaps.
parent 0672b0ba
...@@ -1458,6 +1458,7 @@ static int cdrom_do_generic_command(unsigned int fd, unsigned int cmd, unsigned ...@@ -1458,6 +1458,7 @@ static int cdrom_do_generic_command(unsigned int fd, unsigned int cmd, unsigned
struct cdrom_generic_command *cgc; struct cdrom_generic_command *cgc;
struct cdrom_generic_command32 *cgc32; struct cdrom_generic_command32 *cgc32;
unsigned char dir; unsigned char dir;
int itmp;
cgc = compat_alloc_user_space(sizeof(*cgc)); cgc = compat_alloc_user_space(sizeof(*cgc));
cgc32 = compat_ptr(arg); cgc32 = compat_ptr(arg);
...@@ -1469,12 +1470,16 @@ static int cdrom_do_generic_command(unsigned int fd, unsigned int cmd, unsigned ...@@ -1469,12 +1470,16 @@ static int cdrom_do_generic_command(unsigned int fd, unsigned int cmd, unsigned
__cgc_do_ptr((void **) &cgc->sense, &cgc32->sense)) __cgc_do_ptr((void **) &cgc->sense, &cgc32->sense))
return -EFAULT; return -EFAULT;
if (get_user(dir, &cgc->data_direction) || if (get_user(dir, &cgc32->data_direction) ||
put_user(dir, &cgc32->data_direction)) put_user(dir, &cgc->data_direction))
return -EFAULT; return -EFAULT;
if (copy_in_user(&cgc->quiet, &cgc32->quiet, if (get_user(itmp, &cgc32->quiet) ||
2 * sizeof(int))) put_user(itmp, &cgc->quiet))
return -EFAULT;
if (get_user(itmp, &cgc32->timeout) ||
put_user(itmp, &cgc->timeout))
return -EFAULT; return -EFAULT;
if (__cgc_do_ptr(&cgc->reserved[0], &cgc32->reserved[0])) if (__cgc_do_ptr(&cgc->reserved[0], &cgc32->reserved[0]))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment