aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--arch/alpha/lib/csum_partial_copy.c5
-rw-r--r--arch/sparc/kernel/sys_sparc32.c12
-rw-r--r--block/compat_ioctl.c2
-rw-r--r--kernel/signal.c4
-rw-r--r--net/socket.c50
5 files changed, 39 insertions, 34 deletions
diff --git a/arch/alpha/lib/csum_partial_copy.c b/arch/alpha/lib/csum_partial_copy.c
index 40736da9bea8..ffb19b7da999 100644
--- a/arch/alpha/lib/csum_partial_copy.c
+++ b/arch/alpha/lib/csum_partial_copy.c
@@ -338,6 +338,11 @@ csum_partial_copy_from_user(const void __user *src, void *dst, int len,
338 unsigned long doff = 7 & (unsigned long) dst; 338 unsigned long doff = 7 & (unsigned long) dst;
339 339
340 if (len) { 340 if (len) {
341 if (!access_ok(VERIFY_READ, src, len)) {
342 *errp = -EFAULT;
343 memset(dst, 0, len);
344 return sum;
345 }
341 if (!doff) { 346 if (!doff) {
342 if (!soff) 347 if (!soff)
343 checksum = csum_partial_cfu_aligned( 348 checksum = csum_partial_cfu_aligned(
diff --git a/arch/sparc/kernel/sys_sparc32.c b/arch/sparc/kernel/sys_sparc32.c
index 3d0ddbc005fe..71368850dfc0 100644
--- a/arch/sparc/kernel/sys_sparc32.c
+++ b/arch/sparc/kernel/sys_sparc32.c
@@ -169,10 +169,10 @@ COMPAT_SYSCALL_DEFINE5(rt_sigaction, int, sig,
169 new_ka.ka_restorer = restorer; 169 new_ka.ka_restorer = restorer;
170 ret = get_user(u_handler, &act->sa_handler); 170 ret = get_user(u_handler, &act->sa_handler);
171 new_ka.sa.sa_handler = compat_ptr(u_handler); 171 new_ka.sa.sa_handler = compat_ptr(u_handler);
172 ret |= __copy_from_user(&set32, &act->sa_mask, sizeof(compat_sigset_t)); 172 ret |= copy_from_user(&set32, &act->sa_mask, sizeof(compat_sigset_t));
173 sigset_from_compat(&new_ka.sa.sa_mask, &set32); 173 sigset_from_compat(&new_ka.sa.sa_mask, &set32);
174 ret |= __get_user(new_ka.sa.sa_flags, &act->sa_flags); 174 ret |= get_user(new_ka.sa.sa_flags, &act->sa_flags);
175 ret |= __get_user(u_restorer, &act->sa_restorer); 175 ret |= get_user(u_restorer, &act->sa_restorer);
176 new_ka.sa.sa_restorer = compat_ptr(u_restorer); 176 new_ka.sa.sa_restorer = compat_ptr(u_restorer);
177 if (ret) 177 if (ret)
178 return -EFAULT; 178 return -EFAULT;
@@ -183,9 +183,9 @@ COMPAT_SYSCALL_DEFINE5(rt_sigaction, int, sig,
183 if (!ret && oact) { 183 if (!ret && oact) {
184 sigset_to_compat(&set32, &old_ka.sa.sa_mask); 184 sigset_to_compat(&set32, &old_ka.sa.sa_mask);
185 ret = put_user(ptr_to_compat(old_ka.sa.sa_handler), &oact->sa_handler); 185 ret = put_user(ptr_to_compat(old_ka.sa.sa_handler), &oact->sa_handler);
186 ret |= __copy_to_user(&oact->sa_mask, &set32, sizeof(compat_sigset_t)); 186 ret |= copy_to_user(&oact->sa_mask, &set32, sizeof(compat_sigset_t));
187 ret |= __put_user(old_ka.sa.sa_flags, &oact->sa_flags); 187 ret |= put_user(old_ka.sa.sa_flags, &oact->sa_flags);
188 ret |= __put_user(ptr_to_compat(old_ka.sa.sa_restorer), &oact->sa_restorer); 188 ret |= put_user(ptr_to_compat(old_ka.sa.sa_restorer), &oact->sa_restorer);
189 if (ret) 189 if (ret)
190 ret = -EFAULT; 190 ret = -EFAULT;
191 } 191 }
diff --git a/block/compat_ioctl.c b/block/compat_ioctl.c
index 7e5d474dc6ba..fbd5a67cb773 100644
--- a/block/compat_ioctl.c
+++ b/block/compat_ioctl.c
@@ -70,7 +70,7 @@ static int compat_hdio_getgeo(struct gendisk *disk, struct block_device *bdev,
70 return ret; 70 return ret;
71 71
72 ret = copy_to_user(ugeo, &geo, 4); 72 ret = copy_to_user(ugeo, &geo, 4);
73 ret |= __put_user(geo.start, &ugeo->start); 73 ret |= put_user(geo.start, &ugeo->start);
74 if (ret) 74 if (ret)
75 ret = -EFAULT; 75 ret = -EFAULT;
76 76
diff --git a/kernel/signal.c b/kernel/signal.c
index 50e41075ac77..ded28b91fa53 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -3394,7 +3394,7 @@ COMPAT_SYSCALL_DEFINE4(rt_sigaction, int, sig,
3394 new_ka.sa.sa_restorer = compat_ptr(restorer); 3394 new_ka.sa.sa_restorer = compat_ptr(restorer);
3395#endif 3395#endif
3396 ret |= copy_from_user(&mask, &act->sa_mask, sizeof(mask)); 3396 ret |= copy_from_user(&mask, &act->sa_mask, sizeof(mask));
3397 ret |= __get_user(new_ka.sa.sa_flags, &act->sa_flags); 3397 ret |= get_user(new_ka.sa.sa_flags, &act->sa_flags);
3398 if (ret) 3398 if (ret)
3399 return -EFAULT; 3399 return -EFAULT;
3400 sigset_from_compat(&new_ka.sa.sa_mask, &mask); 3400 sigset_from_compat(&new_ka.sa.sa_mask, &mask);
@@ -3406,7 +3406,7 @@ COMPAT_SYSCALL_DEFINE4(rt_sigaction, int, sig,
3406 ret = put_user(ptr_to_compat(old_ka.sa.sa_handler), 3406 ret = put_user(ptr_to_compat(old_ka.sa.sa_handler),
3407 &oact->sa_handler); 3407 &oact->sa_handler);
3408 ret |= copy_to_user(&oact->sa_mask, &mask, sizeof(mask)); 3408 ret |= copy_to_user(&oact->sa_mask, &mask, sizeof(mask));
3409 ret |= __put_user(old_ka.sa.sa_flags, &oact->sa_flags); 3409 ret |= put_user(old_ka.sa.sa_flags, &oact->sa_flags);
3410#ifdef __ARCH_HAS_SA_RESTORER 3410#ifdef __ARCH_HAS_SA_RESTORER
3411 ret |= put_user(ptr_to_compat(old_ka.sa.sa_restorer), 3411 ret |= put_user(ptr_to_compat(old_ka.sa.sa_restorer),
3412 &oact->sa_restorer); 3412 &oact->sa_restorer);
diff --git a/net/socket.c b/net/socket.c
index b2d7c629eeb9..0ceaa5cb9ead 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -3072,12 +3072,12 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
3072 3072
3073 uifmap32 = &uifr32->ifr_ifru.ifru_map; 3073 uifmap32 = &uifr32->ifr_ifru.ifru_map;
3074 err = copy_from_user(&ifr, uifr32, sizeof(ifr.ifr_name)); 3074 err = copy_from_user(&ifr, uifr32, sizeof(ifr.ifr_name));
3075 err |= __get_user(ifr.ifr_map.mem_start, &uifmap32->mem_start); 3075 err |= get_user(ifr.ifr_map.mem_start, &uifmap32->mem_start);
3076 err |= __get_user(ifr.ifr_map.mem_end, &uifmap32->mem_end); 3076 err |= get_user(ifr.ifr_map.mem_end, &uifmap32->mem_end);
3077 err |= __get_user(ifr.ifr_map.base_addr, &uifmap32->base_addr); 3077 err |= get_user(ifr.ifr_map.base_addr, &uifmap32->base_addr);
3078 err |= __get_user(ifr.ifr_map.irq, &uifmap32->irq); 3078 err |= get_user(ifr.ifr_map.irq, &uifmap32->irq);
3079 err |= __get_user(ifr.ifr_map.dma, &uifmap32->dma); 3079 err |= get_user(ifr.ifr_map.dma, &uifmap32->dma);
3080 err |= __get_user(ifr.ifr_map.port, &uifmap32->port); 3080 err |= get_user(ifr.ifr_map.port, &uifmap32->port);
3081 if (err) 3081 if (err)
3082 return -EFAULT; 3082 return -EFAULT;
3083 3083
@@ -3088,12 +3088,12 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
3088 3088
3089 if (cmd == SIOCGIFMAP && !err) { 3089 if (cmd == SIOCGIFMAP && !err) {
3090 err = copy_to_user(uifr32, &ifr, sizeof(ifr.ifr_name)); 3090 err = copy_to_user(uifr32, &ifr, sizeof(ifr.ifr_name));
3091 err |= __put_user(ifr.ifr_map.mem_start, &uifmap32->mem_start); 3091 err |= put_user(ifr.ifr_map.mem_start, &uifmap32->mem_start);
3092 err |= __put_user(ifr.ifr_map.mem_end, &uifmap32->mem_end); 3092 err |= put_user(ifr.ifr_map.mem_end, &uifmap32->mem_end);
3093 err |= __put_user(ifr.ifr_map.base_addr, &uifmap32->base_addr); 3093 err |= put_user(ifr.ifr_map.base_addr, &uifmap32->base_addr);
3094 err |= __put_user(ifr.ifr_map.irq, &uifmap32->irq); 3094 err |= put_user(ifr.ifr_map.irq, &uifmap32->irq);
3095 err |= __put_user(ifr.ifr_map.dma, &uifmap32->dma); 3095 err |= put_user(ifr.ifr_map.dma, &uifmap32->dma);
3096 err |= __put_user(ifr.ifr_map.port, &uifmap32->port); 3096 err |= put_user(ifr.ifr_map.port, &uifmap32->port);
3097 if (err) 3097 if (err)
3098 err = -EFAULT; 3098 err = -EFAULT;
3099 } 3099 }
@@ -3167,25 +3167,25 @@ static int routing_ioctl(struct net *net, struct socket *sock,
3167 struct in6_rtmsg32 __user *ur6 = argp; 3167 struct in6_rtmsg32 __user *ur6 = argp;
3168 ret = copy_from_user(&r6.rtmsg_dst, &(ur6->rtmsg_dst), 3168 ret = copy_from_user(&r6.rtmsg_dst, &(ur6->rtmsg_dst),
3169 3 * sizeof(struct in6_addr)); 3169 3 * sizeof(struct in6_addr));
3170 ret |= __get_user(r6.rtmsg_type, &(ur6->rtmsg_type)); 3170 ret |= get_user(r6.rtmsg_type, &(ur6->rtmsg_type));
3171 ret |= __get_user(r6.rtmsg_dst_len, &(ur6->rtmsg_dst_len)); 3171 ret |= get_user(r6.rtmsg_dst_len, &(ur6->rtmsg_dst_len));
3172 ret |= __get_user(r6.rtmsg_src_len, &(ur6->rtmsg_src_len)); 3172 ret |= get_user(r6.rtmsg_src_len, &(ur6->rtmsg_src_len));
3173 ret |= __get_user(r6.rtmsg_metric, &(ur6->rtmsg_metric)); 3173 ret |= get_user(r6.rtmsg_metric, &(ur6->rtmsg_metric));
3174 ret |= __get_user(r6.rtmsg_info, &(ur6->rtmsg_info)); 3174 ret |= get_user(r6.rtmsg_info, &(ur6->rtmsg_info));
3175 ret |= __get_user(r6.rtmsg_flags, &(ur6->rtmsg_flags)); 3175 ret |= get_user(r6.rtmsg_flags, &(ur6->rtmsg_flags));
3176 ret |= __get_user(r6.rtmsg_ifindex, &(ur6->rtmsg_ifindex)); 3176 ret |= get_user(r6.rtmsg_ifindex, &(ur6->rtmsg_ifindex));
3177 3177
3178 r = (void *) &r6; 3178 r = (void *) &r6;
3179 } else { /* ipv4 */ 3179 } else { /* ipv4 */
3180 struct rtentry32 __user *ur4 = argp; 3180 struct rtentry32 __user *ur4 = argp;
3181 ret = copy_from_user(&r4.rt_dst, &(ur4->rt_dst), 3181 ret = copy_from_user(&r4.rt_dst, &(ur4->rt_dst),
3182 3 * sizeof(struct sockaddr)); 3182 3 * sizeof(struct sockaddr));
3183 ret |= __get_user(r4.rt_flags, &(ur4->rt_flags)); 3183 ret |= get_user(r4.rt_flags, &(ur4->rt_flags));
3184 ret |= __get_user(r4.rt_metric, &(ur4->rt_metric)); 3184 ret |= get_user(r4.rt_metric, &(ur4->rt_metric));
3185 ret |= __get_user(r4.rt_mtu, &(ur4->rt_mtu)); 3185 ret |= get_user(r4.rt_mtu, &(ur4->rt_mtu));
3186 ret |= __get_user(r4.rt_window, &(ur4->rt_window)); 3186 ret |= get_user(r4.rt_window, &(ur4->rt_window));
3187 ret |= __get_user(r4.rt_irtt, &(ur4->rt_irtt)); 3187 ret |= get_user(r4.rt_irtt, &(ur4->rt_irtt));
3188 ret |= __get_user(rtdev, &(ur4->rt_dev)); 3188 ret |= get_user(rtdev, &(ur4->rt_dev));
3189 if (rtdev) { 3189 if (rtdev) {
3190 ret |= copy_from_user(devname, compat_ptr(rtdev), 15); 3190 ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
3191 r4.rt_dev = (char __user __force *)devname; 3191 r4.rt_dev = (char __user __force *)devname;
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-17 00:27:29 -0500