aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMasakazu Mokuno <mokuno@sm.sony.co.jp>2007-09-14 14:35:38 -0400
committerJohn W. Linville <linville@tuxdriver.com>2007-09-14 14:35:38 -0400
commit53c5725581cce8a29925afd4eae71fa8c7ce551f (patch)
treee4e966b5e9dc225f740ae183951b226e8a3dbf42
parent3f7086978fc0193eff24a77d8b57ac4debc088fa (diff)
As struct iw_point is bi-directional payload, we should copy back the content
on return from ioctl calls Signed-off-by: Masakazu Mokuno <mokuno@sm.sony.co.jp> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-rw-r--r--fs/compat_ioctl.c22
1 files changed, 18 insertions, 4 deletions
diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c
index a6c9078af124..5a5b7116cefb 100644
--- a/fs/compat_ioctl.c
+++ b/fs/compat_ioctl.c
@@ -2311,8 +2311,10 @@ static int do_wireless_ioctl(unsigned int fd, unsigned int cmd, unsigned long ar
2311 struct iwreq __user *iwr_u; 2311 struct iwreq __user *iwr_u;
2312 struct iw_point __user *iwp; 2312 struct iw_point __user *iwp;
2313 struct compat_iw_point __user *iwp_u; 2313 struct compat_iw_point __user *iwp_u;
2314 compat_caddr_t pointer; 2314 compat_caddr_t pointer_u;
2315 void __user *pointer;
2315 __u16 length, flags; 2316 __u16 length, flags;
2317 int ret;
2316 2318
2317 iwr_u = compat_ptr(arg); 2319 iwr_u = compat_ptr(arg);
2318 iwp_u = (struct compat_iw_point __user *) &iwr_u->u.data; 2320 iwp_u = (struct compat_iw_point __user *) &iwr_u->u.data;
@@ -2330,17 +2332,29 @@ static int do_wireless_ioctl(unsigned int fd, unsigned int cmd, unsigned long ar
2330 sizeof(iwr->ifr_ifrn.ifrn_name))) 2332 sizeof(iwr->ifr_ifrn.ifrn_name)))
2331 return -EFAULT; 2333 return -EFAULT;
2332 2334
2333 if (__get_user(pointer, &iwp_u->pointer) || 2335 if (__get_user(pointer_u, &iwp_u->pointer) ||
2334 __get_user(length, &iwp_u->length) || 2336 __get_user(length, &iwp_u->length) ||
2335 __get_user(flags, &iwp_u->flags)) 2337 __get_user(flags, &iwp_u->flags))
2336 return -EFAULT; 2338 return -EFAULT;
2337 2339
2338 if (__put_user(compat_ptr(pointer), &iwp->pointer) || 2340 if (__put_user(compat_ptr(pointer_u), &iwp->pointer) ||
2339 __put_user(length, &iwp->length) || 2341 __put_user(length, &iwp->length) ||
2340 __put_user(flags, &iwp->flags)) 2342 __put_user(flags, &iwp->flags))
2341 return -EFAULT; 2343 return -EFAULT;
2342 2344
2343 return sys_ioctl(fd, cmd, (unsigned long) iwr); 2345 ret = sys_ioctl(fd, cmd, (unsigned long) iwr);
2346
2347 if (__get_user(pointer, &iwp->pointer) ||
2348 __get_user(length, &iwp->length) ||
2349 __get_user(flags, &iwp->flags))
2350 return -EFAULT;
2351
2352 if (__put_user(ptr_to_compat(pointer), &iwp_u->pointer) ||
2353 __put_user(length, &iwp_u->length) ||
2354 __put_user(flags, &iwp_u->flags))
2355 return -EFAULT;
2356
2357 return ret;
2344} 2358}
2345 2359
2346/* Since old style bridge ioctl's endup using SIOCDEVPRIVATE 2360/* Since old style bridge ioctl's endup using SIOCDEVPRIVATE