diff options
author | David Miller <davem@davemloft.net> | 2007-09-11 18:23:50 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-09-11 20:21:20 -0400 |
commit | f629307c857c030d5a3dd777fee37c8bb395e171 (patch) | |
tree | 872077db1924672104f8e1267f53bfa70f79b13c /drivers | |
parent | 179c85ea53bef807621f335767e41e23f86f01df (diff) |
tty: termios locking functions break with new termios type
I ran into a few problems.
n_tty_ioctl() for instance:
drivers/char/tty_ioctl.c:799: error: $,1rxstruct termios$,1ry has no
member named $,1rxc_ispeed$,1ry
This is calling the copy interface that is supposed to be using
a termios2 when the new interfaces are defined, however:
case TIOCGLCKTRMIOS:
if (kernel_termios_to_user_termios((struct termios __user *)arg, real_tty->termios_locked))
return -EFAULT;
return 0;
This is going to write over the end of the userspace
structure by a few bytes, and wasn't caught by you yet
because the i386 implementation is simply copy_to_user()
which does zero type checking.
Signed-off-by: Alan Cox <alan@redhat.com>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'drivers')
-rw-r--r-- | drivers/char/tty_ioctl.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/char/tty_ioctl.c b/drivers/char/tty_ioctl.c index 3423e9ee6481..4a8969cef315 100644 --- a/drivers/char/tty_ioctl.c +++ b/drivers/char/tty_ioctl.c | |||
@@ -796,14 +796,14 @@ int n_tty_ioctl(struct tty_struct * tty, struct file * file, | |||
796 | retval = inq_canon(tty); | 796 | retval = inq_canon(tty); |
797 | return put_user(retval, (unsigned int __user *) arg); | 797 | return put_user(retval, (unsigned int __user *) arg); |
798 | case TIOCGLCKTRMIOS: | 798 | case TIOCGLCKTRMIOS: |
799 | if (kernel_termios_to_user_termios((struct termios __user *)arg, real_tty->termios_locked)) | 799 | if (kernel_termios_to_user_termios_1((struct termios __user *)arg, real_tty->termios_locked)) |
800 | return -EFAULT; | 800 | return -EFAULT; |
801 | return 0; | 801 | return 0; |
802 | 802 | ||
803 | case TIOCSLCKTRMIOS: | 803 | case TIOCSLCKTRMIOS: |
804 | if (!capable(CAP_SYS_ADMIN)) | 804 | if (!capable(CAP_SYS_ADMIN)) |
805 | return -EPERM; | 805 | return -EPERM; |
806 | if (user_termios_to_kernel_termios(real_tty->termios_locked, (struct termios __user *) arg)) | 806 | if (user_termios_to_kernel_termios_1(real_tty->termios_locked, (struct termios __user *) arg)) |
807 | return -EFAULT; | 807 | return -EFAULT; |
808 | return 0; | 808 | return 0; |
809 | 809 | ||