Commit 640f7dcf authored by Dan Carpenter's avatar Dan Carpenter Committed by Greg Kroah-Hartman

Staging: sep: return -EFAULT on copy_to_user errors

copy_to_user() returns the number of bytes remaining but we want to
return a negative error code here.  These functions are used in the
ioctl handler and the error code gets returned to userspace.
Signed-off-by: default avatarDan Carpenter <error27@gmail.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent 2d98bb22
...@@ -594,8 +594,10 @@ static int sep_allocate_data_pool_memory_handler(struct sep_device *sep, ...@@ -594,8 +594,10 @@ static int sep_allocate_data_pool_memory_handler(struct sep_device *sep,
dbg("SEP Driver:--------> sep_allocate_data_pool_memory_handler start\n"); dbg("SEP Driver:--------> sep_allocate_data_pool_memory_handler start\n");
error = copy_from_user(&command_args, (void *) arg, sizeof(struct sep_driver_alloc_t)); error = copy_from_user(&command_args, (void *) arg, sizeof(struct sep_driver_alloc_t));
if (error) if (error) {
error = -EFAULT;
goto end_function; goto end_function;
}
/* allocate memory */ /* allocate memory */
if ((sep->data_pool_bytes_allocated + command_args.num_bytes) > SEP_DRIVER_DATA_POOL_SHARED_AREA_SIZE_IN_BYTES) { if ((sep->data_pool_bytes_allocated + command_args.num_bytes) > SEP_DRIVER_DATA_POOL_SHARED_AREA_SIZE_IN_BYTES) {
...@@ -609,8 +611,10 @@ static int sep_allocate_data_pool_memory_handler(struct sep_device *sep, ...@@ -609,8 +611,10 @@ static int sep_allocate_data_pool_memory_handler(struct sep_device *sep,
/* write the memory back to the user space */ /* write the memory back to the user space */
error = copy_to_user((void *) arg, (void *) &command_args, sizeof(struct sep_driver_alloc_t)); error = copy_to_user((void *) arg, (void *) &command_args, sizeof(struct sep_driver_alloc_t));
if (error) if (error) {
error = -EFAULT;
goto end_function; goto end_function;
}
/* set the allocation */ /* set the allocation */
sep->data_pool_bytes_allocated += command_args.num_bytes; sep->data_pool_bytes_allocated += command_args.num_bytes;
...@@ -661,6 +665,8 @@ static int sep_write_into_data_pool_handler(struct sep_device *sep, unsigned lon ...@@ -661,6 +665,8 @@ static int sep_write_into_data_pool_handler(struct sep_device *sep, unsigned lon
} }
/* copy the application data */ /* copy the application data */
error = copy_from_user(virt_address, (void *) app_in_address, num_bytes); error = copy_from_user(virt_address, (void *) app_in_address, num_bytes);
if (error)
error = -EFAULT;
end_function: end_function:
dbg("SEP Driver:<-------- sep_write_into_data_pool_handler end\n"); dbg("SEP Driver:<-------- sep_write_into_data_pool_handler end\n");
return error; return error;
...@@ -711,6 +717,8 @@ static int sep_read_from_data_pool_handler(struct sep_device *sep, unsigned long ...@@ -711,6 +717,8 @@ static int sep_read_from_data_pool_handler(struct sep_device *sep, unsigned long
/* copy the application data */ /* copy the application data */
error = copy_to_user((void *) app_out_address, virt_address, num_bytes); error = copy_to_user((void *) app_out_address, virt_address, num_bytes);
if (error)
error = -EFAULT;
end_function: end_function:
dbg("SEP Driver:<-------- sep_read_from_data_pool_handler end\n"); dbg("SEP Driver:<-------- sep_read_from_data_pool_handler end\n");
return error; return error;
...@@ -1448,8 +1456,10 @@ static int sep_create_sync_dma_tables_handler(struct sep_device *sep, ...@@ -1448,8 +1456,10 @@ static int sep_create_sync_dma_tables_handler(struct sep_device *sep,
dbg("SEP Driver:--------> sep_create_sync_dma_tables_handler start\n"); dbg("SEP Driver:--------> sep_create_sync_dma_tables_handler start\n");
error = copy_from_user(&command_args, (void *) arg, sizeof(struct sep_driver_build_sync_table_t)); error = copy_from_user(&command_args, (void *) arg, sizeof(struct sep_driver_build_sync_table_t));
if (error) if (error) {
error = -EFAULT;
goto end_function; goto end_function;
}
edbg("app_in_address is %08lx\n", command_args.app_in_address); edbg("app_in_address is %08lx\n", command_args.app_in_address);
edbg("app_out_address is %08lx\n", command_args.app_out_address); edbg("app_out_address is %08lx\n", command_args.app_out_address);
...@@ -1799,8 +1809,10 @@ static int sep_create_flow_dma_tables_handler(struct sep_device *sep, ...@@ -1799,8 +1809,10 @@ static int sep_create_flow_dma_tables_handler(struct sep_device *sep,
goto end_function; goto end_function;
error = copy_from_user(&command_args, (void *) arg, sizeof(struct sep_driver_build_flow_table_t)); error = copy_from_user(&command_args, (void *) arg, sizeof(struct sep_driver_build_flow_table_t));
if (error) if (error) {
error = -EFAULT;
goto end_function; goto end_function;
}
/* create flow tables */ /* create flow tables */
error = sep_prepare_flow_dma_tables(sep, command_args.num_virtual_buffers, command_args.virt_buff_data_addr, flow_context_ptr, &first_table_data, &last_table_data, command_args.isKernelVirtualAddress); error = sep_prepare_flow_dma_tables(sep, command_args.num_virtual_buffers, command_args.virt_buff_data_addr, flow_context_ptr, &first_table_data, &last_table_data, command_args.isKernelVirtualAddress);
...@@ -1819,8 +1831,10 @@ static int sep_create_flow_dma_tables_handler(struct sep_device *sep, ...@@ -1819,8 +1831,10 @@ static int sep_create_flow_dma_tables_handler(struct sep_device *sep,
/* send the parameters to user application */ /* send the parameters to user application */
error = copy_to_user((void *) arg, &command_args, sizeof(struct sep_driver_build_flow_table_t)); error = copy_to_user((void *) arg, &command_args, sizeof(struct sep_driver_build_flow_table_t));
if (error) if (error) {
error = -EFAULT;
goto end_function_with_error; goto end_function_with_error;
}
/* all the flow created - update the flow entry with temp id */ /* all the flow created - update the flow entry with temp id */
flow_context_ptr->flow_id = SEP_TEMP_FLOW_ID; flow_context_ptr->flow_id = SEP_TEMP_FLOW_ID;
...@@ -1861,8 +1875,10 @@ static int sep_add_flow_tables_handler(struct sep_device *sep, unsigned long arg ...@@ -1861,8 +1875,10 @@ static int sep_add_flow_tables_handler(struct sep_device *sep, unsigned long arg
/* get input parameters */ /* get input parameters */
error = copy_from_user(&command_args, (void *) arg, sizeof(struct sep_driver_add_flow_table_t)); error = copy_from_user(&command_args, (void *) arg, sizeof(struct sep_driver_add_flow_table_t));
if (error) if (error) {
error = -EFAULT;
goto end_function; goto end_function;
}
/* find the flow structure for the flow id */ /* find the flow structure for the flow id */
flow_context_ptr = sep_find_flow_context(sep, command_args.flow_id); flow_context_ptr = sep_find_flow_context(sep, command_args.flow_id);
...@@ -1933,6 +1949,8 @@ static int sep_add_flow_tables_handler(struct sep_device *sep, unsigned long arg ...@@ -1933,6 +1949,8 @@ static int sep_add_flow_tables_handler(struct sep_device *sep, unsigned long arg
/* send the parameters to user application */ /* send the parameters to user application */
error = copy_to_user((void *) arg, &command_args, sizeof(struct sep_driver_add_flow_table_t)); error = copy_to_user((void *) arg, &command_args, sizeof(struct sep_driver_add_flow_table_t));
if (error)
error = -EFAULT;
end_function_with_error: end_function_with_error:
/* free the allocated tables */ /* free the allocated tables */
sep_deallocated_flow_tables(&first_table_data); sep_deallocated_flow_tables(&first_table_data);
...@@ -1953,8 +1971,10 @@ static int sep_add_flow_tables_message_handler(struct sep_device *sep, unsigned ...@@ -1953,8 +1971,10 @@ static int sep_add_flow_tables_message_handler(struct sep_device *sep, unsigned
dbg("SEP Driver:--------> sep_add_flow_tables_message_handler start\n"); dbg("SEP Driver:--------> sep_add_flow_tables_message_handler start\n");
error = copy_from_user(&command_args, (void *) arg, sizeof(struct sep_driver_add_message_t)); error = copy_from_user(&command_args, (void *) arg, sizeof(struct sep_driver_add_message_t));
if (error) if (error) {
error = -EFAULT;
goto end_function; goto end_function;
}
/* check input */ /* check input */
if (command_args.message_size_in_bytes > SEP_MAX_ADD_MESSAGE_LENGTH_IN_BYTES) { if (command_args.message_size_in_bytes > SEP_MAX_ADD_MESSAGE_LENGTH_IN_BYTES) {
...@@ -1970,6 +1990,8 @@ static int sep_add_flow_tables_message_handler(struct sep_device *sep, unsigned ...@@ -1970,6 +1990,8 @@ static int sep_add_flow_tables_message_handler(struct sep_device *sep, unsigned
/* copy the message into context */ /* copy the message into context */
flow_context_ptr->message_size_in_bytes = command_args.message_size_in_bytes; flow_context_ptr->message_size_in_bytes = command_args.message_size_in_bytes;
error = copy_from_user(flow_context_ptr->message, (void *) command_args.message_address, command_args.message_size_in_bytes); error = copy_from_user(flow_context_ptr->message, (void *) command_args.message_address, command_args.message_size_in_bytes);
if (error)
error = -EFAULT;
end_function: end_function:
dbg("SEP Driver:<-------- sep_add_flow_tables_message_handler end\n"); dbg("SEP Driver:<-------- sep_add_flow_tables_message_handler end\n");
return error; return error;
...@@ -1994,6 +2016,8 @@ static int sep_get_static_pool_addr_handler(struct sep_device *sep, unsigned lon ...@@ -1994,6 +2016,8 @@ static int sep_get_static_pool_addr_handler(struct sep_device *sep, unsigned lon
/* send the parameters to user application */ /* send the parameters to user application */
error = copy_to_user((void *) arg, &command_args, sizeof(struct sep_driver_static_pool_addr_t)); error = copy_to_user((void *) arg, &command_args, sizeof(struct sep_driver_static_pool_addr_t));
if (error)
error = -EFAULT;
dbg("SEP Driver:<-------- sep_get_static_pool_addr_handler end\n"); dbg("SEP Driver:<-------- sep_get_static_pool_addr_handler end\n");
return error; return error;
} }
...@@ -2010,8 +2034,10 @@ static int sep_get_physical_mapped_offset_handler(struct sep_device *sep, unsign ...@@ -2010,8 +2034,10 @@ static int sep_get_physical_mapped_offset_handler(struct sep_device *sep, unsign
dbg("SEP Driver:--------> sep_get_physical_mapped_offset_handler start\n"); dbg("SEP Driver:--------> sep_get_physical_mapped_offset_handler start\n");
error = copy_from_user(&command_args, (void *) arg, sizeof(struct sep_driver_get_mapped_offset_t)); error = copy_from_user(&command_args, (void *) arg, sizeof(struct sep_driver_get_mapped_offset_t));
if (error) if (error) {
error = -EFAULT;
goto end_function; goto end_function;
}
if (command_args.physical_address < sep->shared_bus) { if (command_args.physical_address < sep->shared_bus) {
error = -EINVAL; error = -EINVAL;
...@@ -2025,6 +2051,8 @@ static int sep_get_physical_mapped_offset_handler(struct sep_device *sep, unsign ...@@ -2025,6 +2051,8 @@ static int sep_get_physical_mapped_offset_handler(struct sep_device *sep, unsign
/* send the parameters to user application */ /* send the parameters to user application */
error = copy_to_user((void *) arg, &command_args, sizeof(struct sep_driver_get_mapped_offset_t)); error = copy_to_user((void *) arg, &command_args, sizeof(struct sep_driver_get_mapped_offset_t));
if (error)
error = -EFAULT;
end_function: end_function:
dbg("SEP Driver:<-------- sep_get_physical_mapped_offset_handler end\n"); dbg("SEP Driver:<-------- sep_get_physical_mapped_offset_handler end\n");
return error; return error;
...@@ -2070,11 +2098,11 @@ static int sep_init_handler(struct sep_device *sep, unsigned long arg) ...@@ -2070,11 +2098,11 @@ static int sep_init_handler(struct sep_device *sep, unsigned long arg)
error = 0; error = 0;
error = copy_from_user(&command_args, (void *) arg, sizeof(struct sep_driver_init_t)); error = copy_from_user(&command_args, (void *) arg, sizeof(struct sep_driver_init_t));
if (error) {
dbg("SEP Driver:--------> sep_init_handler - finished copy_from_user \n"); error = -EFAULT;
if (error)
goto end_function; goto end_function;
}
dbg("SEP Driver:--------> sep_init_handler - finished copy_from_user\n");
/* PATCH - configure the DMA to single -burst instead of multi-burst */ /* PATCH - configure the DMA to single -burst instead of multi-burst */
/*sep_configure_dma_burst(); */ /*sep_configure_dma_burst(); */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment