[ALSA] Update user-space access from sscape driver

Sound Scape driver I see that the copy_to/from_user() functions have been updated across Linux 2.4 and 2.6, and that verify_read/write() has been replaced by access_ok(). I have patched the SoundScape driver accordingly. Signed-off-by: Chris Rankin <rankincj@yahoo.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>

[ALSA] Update user-space access from sscape driver
Sound Scape driver I see that the copy_to/from_user() functions have been updated across Linux 2.4 and 2.6, and that verify_read/write() has been replaced by access_ok(). I have patched the SoundScape driver accordingly. Signed-off-by: Chris Rankin <rankincj@yahoo.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
16e0c7be · Jaroslav Kysela · c8992923 · 16e0c7be
Commit 16e0c7be authored Jan 03, 2005 by Jaroslav Kysela
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 14 deletions

sound/isa/sscape.c sound/isa/sscape.c +13 -14

No files found.
--- a/sound/isa/sscape.c
+++ b/sound/isa/sscape.c
@@ -487,7 +487,7 @@ static int upload_dma_data(struct soundscape *s,
 		 * the userspace pointer ...
 		 */
 		len = min(size, dma.bytes);
-		__copy_from_user(dma.area, data, len);
+		len -= __copy_from_user(dma.area, data, len);
 		data += len;
 		size -= len;
@@ -571,9 +571,9 @@ static int sscape_upload_bootblock(struct soundscape *sscape, struct sscape_boot
 		if (data < 0) {
 			snd_printk(KERN_ERR "sscape: timeout reading firmware version\n");
 			ret = -EAGAIN;
-		} else {
+		}
-			if (__copy_to_user(&bb->version, &data, sizeof(bb->version)))
+		else if (__copy_to_user(&bb->version, &data, sizeof(bb->version))) {
-				ret = -EFAULT;
+			ret = -EFAULT;
 		}
 	}
@@ -592,7 +592,7 @@ static int sscape_upload_microcode(struct soundscape *sscape,
 {
 	unsigned long flags;
 	char __user *code;
-	int err, ret;
+	int err;
 	/*
 	 * We are going to have to copy this data into a special
@@ -602,12 +602,11 @@ static int sscape_upload_microcode(struct soundscape *sscape,
 	 * NOTE: This buffer is 64K long! That's WAY too big to
 	 *       copy into a stack-temporary anyway.
 	 */
-	if (get_user(code, &mc->code))
+	if ( get_user(code, &mc->code) ||
+	     !access_ok(VERIFY_READ, code, SSCAPE_MICROCODE_SIZE) )
 		return -EFAULT;
-	if ((err = verify_area(VERIFY_READ, code, SSCAPE_MICROCODE_SIZE)) != 0)
-		return err;
-	if ((ret = upload_dma_data(sscape, code, SSCAPE_MICROCODE_SIZE)) == 0) {
+	if ((err = upload_dma_data(sscape, code, SSCAPE_MICROCODE_SIZE)) == 0) {
 		snd_printk(KERN_INFO "sscape: MIDI firmware loaded\n");
 	}
@@ -617,7 +616,7 @@ static int sscape_upload_microcode(struct soundscape *sscape,
 	initialise_mpu401(sscape->mpu);
-	return ret;
+	return err;
 }
 /*
@@ -674,14 +673,14 @@ static int sscape_hw_ioctl(snd_hwdep_t * hw, struct file *file,
 			 * DMA-able buffer before we can upload it. We shall therefore
 			 * just check that the data pointer is valid for now ...
 			 */
-			if ((err = verify_area(VERIFY_READ, bb->code, sizeof(bb->code))) != 0)
+			if ( !access_ok(VERIFY_READ, bb->code, sizeof(bb->code)) )
-				return err;
+				return -EFAULT;
 			/*
 			 * Now check that we can write the firmware version number too...
 			 */
-			if ((err = verify_area(VERIFY_WRITE, &bb->version, sizeof(bb->version))) != 0)
+			if ( !access_ok(VERIFY_WRITE, &bb->version, sizeof(bb->version)) )
-				return err;
+				return -EFAULT;
 			err = sscape_upload_bootblock(sscape, bb);
 		}