diff options
Diffstat (limited to 'arch/mips/kernel/sysirix.c')
-rw-r--r-- | arch/mips/kernel/sysirix.c | 479 |
1 files changed, 235 insertions, 244 deletions
diff --git a/arch/mips/kernel/sysirix.c b/arch/mips/kernel/sysirix.c index ed7c0e3c2f85..52924f8ce23c 100644 --- a/arch/mips/kernel/sysirix.c +++ b/arch/mips/kernel/sysirix.c | |||
@@ -233,7 +233,7 @@ asmlinkage int irix_prctl(unsigned option, ...) | |||
233 | 233 | ||
234 | #undef DEBUG_PROCGRPS | 234 | #undef DEBUG_PROCGRPS |
235 | 235 | ||
236 | extern unsigned long irix_mapelf(int fd, struct elf_phdr *user_phdrp, int cnt); | 236 | extern unsigned long irix_mapelf(int fd, struct elf_phdr __user *user_phdrp, int cnt); |
237 | extern int getrusage(struct task_struct *p, int who, struct rusage __user *ru); | 237 | extern int getrusage(struct task_struct *p, int who, struct rusage __user *ru); |
238 | extern char *prom_getenv(char *name); | 238 | extern char *prom_getenv(char *name); |
239 | extern long prom_setenv(char *name, char *value); | 239 | extern long prom_setenv(char *name, char *value); |
@@ -270,23 +270,19 @@ asmlinkage int irix_syssgi(struct pt_regs *regs) | |||
270 | cmd = regs->regs[base + 4]; | 270 | cmd = regs->regs[base + 4]; |
271 | switch(cmd) { | 271 | switch(cmd) { |
272 | case SGI_SYSID: { | 272 | case SGI_SYSID: { |
273 | char *buf = (char *) regs->regs[base + 5]; | 273 | char __user *buf = (char __user *) regs->regs[base + 5]; |
274 | 274 | ||
275 | /* XXX Use ethernet addr.... */ | 275 | /* XXX Use ethernet addr.... */ |
276 | retval = clear_user(buf, 64); | 276 | retval = clear_user(buf, 64) ? -EFAULT : 0; |
277 | break; | 277 | break; |
278 | } | 278 | } |
279 | #if 0 | 279 | #if 0 |
280 | case SGI_RDNAME: { | 280 | case SGI_RDNAME: { |
281 | int pid = (int) regs->regs[base + 5]; | 281 | int pid = (int) regs->regs[base + 5]; |
282 | char *buf = (char *) regs->regs[base + 6]; | 282 | char __user *buf = (char __user *) regs->regs[base + 6]; |
283 | struct task_struct *p; | 283 | struct task_struct *p; |
284 | char tcomm[sizeof(current->comm)]; | 284 | char tcomm[sizeof(current->comm)]; |
285 | 285 | ||
286 | if (!access_ok(VERIFY_WRITE, buf, sizeof(tcomm))) { | ||
287 | retval = -EFAULT; | ||
288 | break; | ||
289 | } | ||
290 | read_lock(&tasklist_lock); | 286 | read_lock(&tasklist_lock); |
291 | p = find_task_by_pid(pid); | 287 | p = find_task_by_pid(pid); |
292 | if (!p) { | 288 | if (!p) { |
@@ -298,34 +294,28 @@ asmlinkage int irix_syssgi(struct pt_regs *regs) | |||
298 | read_unlock(&tasklist_lock); | 294 | read_unlock(&tasklist_lock); |
299 | 295 | ||
300 | /* XXX Need to check sizes. */ | 296 | /* XXX Need to check sizes. */ |
301 | copy_to_user(buf, tcomm, sizeof(tcomm)); | 297 | retval = copy_to_user(buf, tcomm, sizeof(tcomm)) ? -EFAULT : 0; |
302 | retval = 0; | ||
303 | break; | 298 | break; |
304 | } | 299 | } |
305 | 300 | ||
306 | case SGI_GETNVRAM: { | 301 | case SGI_GETNVRAM: { |
307 | char *name = (char *) regs->regs[base+5]; | 302 | char __user *name = (char __user *) regs->regs[base+5]; |
308 | char *buf = (char *) regs->regs[base+6]; | 303 | char __user *buf = (char __user *) regs->regs[base+6]; |
309 | char *value; | 304 | char *value; |
310 | return -EINVAL; /* til I fix it */ | 305 | return -EINVAL; /* til I fix it */ |
311 | if (!access_ok(VERIFY_WRITE, buf, 128)) { | ||
312 | retval = -EFAULT; | ||
313 | break; | ||
314 | } | ||
315 | value = prom_getenv(name); /* PROM lock? */ | 306 | value = prom_getenv(name); /* PROM lock? */ |
316 | if (!value) { | 307 | if (!value) { |
317 | retval = -EINVAL; | 308 | retval = -EINVAL; |
318 | break; | 309 | break; |
319 | } | 310 | } |
320 | /* Do I strlen() for the length? */ | 311 | /* Do I strlen() for the length? */ |
321 | copy_to_user(buf, value, 128); | 312 | retval = copy_to_user(buf, value, 128) ? -EFAULT : 0; |
322 | retval = 0; | ||
323 | break; | 313 | break; |
324 | } | 314 | } |
325 | 315 | ||
326 | case SGI_SETNVRAM: { | 316 | case SGI_SETNVRAM: { |
327 | char *name = (char *) regs->regs[base+5]; | 317 | char __user *name = (char __user *) regs->regs[base+5]; |
328 | char *value = (char *) regs->regs[base+6]; | 318 | char __user *value = (char __user *) regs->regs[base+6]; |
329 | return -EINVAL; /* til I fix it */ | 319 | return -EINVAL; /* til I fix it */ |
330 | retval = prom_setenv(name, value); | 320 | retval = prom_setenv(name, value); |
331 | /* XXX make sure retval conforms to syssgi(2) */ | 321 | /* XXX make sure retval conforms to syssgi(2) */ |
@@ -401,16 +391,16 @@ asmlinkage int irix_syssgi(struct pt_regs *regs) | |||
401 | 391 | ||
402 | case SGI_SETGROUPS: | 392 | case SGI_SETGROUPS: |
403 | retval = sys_setgroups((int) regs->regs[base + 5], | 393 | retval = sys_setgroups((int) regs->regs[base + 5], |
404 | (gid_t *) regs->regs[base + 6]); | 394 | (gid_t __user *) regs->regs[base + 6]); |
405 | break; | 395 | break; |
406 | 396 | ||
407 | case SGI_GETGROUPS: | 397 | case SGI_GETGROUPS: |
408 | retval = sys_getgroups((int) regs->regs[base + 5], | 398 | retval = sys_getgroups((int) regs->regs[base + 5], |
409 | (gid_t *) regs->regs[base + 6]); | 399 | (gid_t __user *) regs->regs[base + 6]); |
410 | break; | 400 | break; |
411 | 401 | ||
412 | case SGI_RUSAGE: { | 402 | case SGI_RUSAGE: { |
413 | struct rusage *ru = (struct rusage *) regs->regs[base + 6]; | 403 | struct rusage __user *ru = (struct rusage __user *) regs->regs[base + 6]; |
414 | 404 | ||
415 | switch((int) regs->regs[base + 5]) { | 405 | switch((int) regs->regs[base + 5]) { |
416 | case 0: | 406 | case 0: |
@@ -447,7 +437,7 @@ asmlinkage int irix_syssgi(struct pt_regs *regs) | |||
447 | 437 | ||
448 | case SGI_ELFMAP: | 438 | case SGI_ELFMAP: |
449 | retval = irix_mapelf((int) regs->regs[base + 5], | 439 | retval = irix_mapelf((int) regs->regs[base + 5], |
450 | (struct elf_phdr *) regs->regs[base + 6], | 440 | (struct elf_phdr __user *) regs->regs[base + 6], |
451 | (int) regs->regs[base + 7]); | 441 | (int) regs->regs[base + 7]); |
452 | break; | 442 | break; |
453 | 443 | ||
@@ -462,24 +452,24 @@ asmlinkage int irix_syssgi(struct pt_regs *regs) | |||
462 | 452 | ||
463 | case SGI_PHYSP: { | 453 | case SGI_PHYSP: { |
464 | unsigned long addr = regs->regs[base + 5]; | 454 | unsigned long addr = regs->regs[base + 5]; |
465 | int *pageno = (int *) (regs->regs[base + 6]); | 455 | int __user *pageno = (int __user *) (regs->regs[base + 6]); |
466 | struct mm_struct *mm = current->mm; | 456 | struct mm_struct *mm = current->mm; |
467 | pgd_t *pgdp; | 457 | pgd_t *pgdp; |
458 | pud_t *pudp; | ||
468 | pmd_t *pmdp; | 459 | pmd_t *pmdp; |
469 | pte_t *ptep; | 460 | pte_t *ptep; |
470 | 461 | ||
471 | if (!access_ok(VERIFY_WRITE, pageno, sizeof(int))) | ||
472 | return -EFAULT; | ||
473 | |||
474 | down_read(&mm->mmap_sem); | 462 | down_read(&mm->mmap_sem); |
475 | pgdp = pgd_offset(mm, addr); | 463 | pgdp = pgd_offset(mm, addr); |
476 | pmdp = pmd_offset(pgdp, addr); | 464 | pudp = pud_offset(pgdp, addr); |
465 | pmdp = pmd_offset(pudp, addr); | ||
477 | ptep = pte_offset(pmdp, addr); | 466 | ptep = pte_offset(pmdp, addr); |
478 | retval = -EINVAL; | 467 | retval = -EINVAL; |
479 | if (ptep) { | 468 | if (ptep) { |
480 | pte_t pte = *ptep; | 469 | pte_t pte = *ptep; |
481 | 470 | ||
482 | if (pte_val(pte) & (_PAGE_VALID | _PAGE_PRESENT)) { | 471 | if (pte_val(pte) & (_PAGE_VALID | _PAGE_PRESENT)) { |
472 | /* b0rked on 64-bit */ | ||
483 | retval = put_user((pte_val(pte) & PAGE_MASK) >> | 473 | retval = put_user((pte_val(pte) & PAGE_MASK) >> |
484 | PAGE_SHIFT, pageno); | 474 | PAGE_SHIFT, pageno); |
485 | } | 475 | } |
@@ -490,7 +480,7 @@ asmlinkage int irix_syssgi(struct pt_regs *regs) | |||
490 | 480 | ||
491 | case SGI_INVENT: { | 481 | case SGI_INVENT: { |
492 | int arg1 = (int) regs->regs [base + 5]; | 482 | int arg1 = (int) regs->regs [base + 5]; |
493 | void *buffer = (void *) regs->regs [base + 6]; | 483 | void __user *buffer = (void __user *) regs->regs [base + 6]; |
494 | int count = (int) regs->regs [base + 7]; | 484 | int count = (int) regs->regs [base + 7]; |
495 | 485 | ||
496 | switch (arg1) { | 486 | switch (arg1) { |
@@ -686,8 +676,8 @@ asmlinkage int irix_pause(void) | |||
686 | } | 676 | } |
687 | 677 | ||
688 | /* XXX need more than this... */ | 678 | /* XXX need more than this... */ |
689 | asmlinkage int irix_mount(char *dev_name, char *dir_name, unsigned long flags, | 679 | asmlinkage int irix_mount(char __user *dev_name, char __user *dir_name, |
690 | char *type, void *data, int datalen) | 680 | unsigned long flags, char __user *type, void __user *data, int datalen) |
691 | { | 681 | { |
692 | printk("[%s:%d] irix_mount(%p,%p,%08lx,%p,%p,%d)\n", | 682 | printk("[%s:%d] irix_mount(%p,%p,%08lx,%p,%p,%d)\n", |
693 | current->comm, current->pid, | 683 | current->comm, current->pid, |
@@ -702,8 +692,8 @@ struct irix_statfs { | |||
702 | char f_fname[6], f_fpack[6]; | 692 | char f_fname[6], f_fpack[6]; |
703 | }; | 693 | }; |
704 | 694 | ||
705 | asmlinkage int irix_statfs(const char *path, struct irix_statfs *buf, | 695 | asmlinkage int irix_statfs(const char __user *path, |
706 | int len, int fs_type) | 696 | struct irix_statfs __user *buf, int len, int fs_type) |
707 | { | 697 | { |
708 | struct nameidata nd; | 698 | struct nameidata nd; |
709 | struct kstatfs kbuf; | 699 | struct kstatfs kbuf; |
@@ -718,6 +708,7 @@ asmlinkage int irix_statfs(const char *path, struct irix_statfs *buf, | |||
718 | error = -EFAULT; | 708 | error = -EFAULT; |
719 | goto out; | 709 | goto out; |
720 | } | 710 | } |
711 | |||
721 | error = user_path_walk(path, &nd); | 712 | error = user_path_walk(path, &nd); |
722 | if (error) | 713 | if (error) |
723 | goto out; | 714 | goto out; |
@@ -726,18 +717,17 @@ asmlinkage int irix_statfs(const char *path, struct irix_statfs *buf, | |||
726 | if (error) | 717 | if (error) |
727 | goto dput_and_out; | 718 | goto dput_and_out; |
728 | 719 | ||
729 | __put_user(kbuf.f_type, &buf->f_type); | 720 | error = __put_user(kbuf.f_type, &buf->f_type); |
730 | __put_user(kbuf.f_bsize, &buf->f_bsize); | 721 | error |= __put_user(kbuf.f_bsize, &buf->f_bsize); |
731 | __put_user(kbuf.f_frsize, &buf->f_frsize); | 722 | error |= __put_user(kbuf.f_frsize, &buf->f_frsize); |
732 | __put_user(kbuf.f_blocks, &buf->f_blocks); | 723 | error |= __put_user(kbuf.f_blocks, &buf->f_blocks); |
733 | __put_user(kbuf.f_bfree, &buf->f_bfree); | 724 | error |= __put_user(kbuf.f_bfree, &buf->f_bfree); |
734 | __put_user(kbuf.f_files, &buf->f_files); | 725 | error |= __put_user(kbuf.f_files, &buf->f_files); |
735 | __put_user(kbuf.f_ffree, &buf->f_ffree); | 726 | error |= __put_user(kbuf.f_ffree, &buf->f_ffree); |
736 | for (i = 0; i < 6; i++) { | 727 | for (i = 0; i < 6; i++) { |
737 | __put_user(0, &buf->f_fname[i]); | 728 | error |= __put_user(0, &buf->f_fname[i]); |
738 | __put_user(0, &buf->f_fpack[i]); | 729 | error |= __put_user(0, &buf->f_fpack[i]); |
739 | } | 730 | } |
740 | error = 0; | ||
741 | 731 | ||
742 | dput_and_out: | 732 | dput_and_out: |
743 | path_release(&nd); | 733 | path_release(&nd); |
@@ -745,7 +735,7 @@ out: | |||
745 | return error; | 735 | return error; |
746 | } | 736 | } |
747 | 737 | ||
748 | asmlinkage int irix_fstatfs(unsigned int fd, struct irix_statfs *buf) | 738 | asmlinkage int irix_fstatfs(unsigned int fd, struct irix_statfs __user *buf) |
749 | { | 739 | { |
750 | struct kstatfs kbuf; | 740 | struct kstatfs kbuf; |
751 | struct file *file; | 741 | struct file *file; |
@@ -755,6 +745,7 @@ asmlinkage int irix_fstatfs(unsigned int fd, struct irix_statfs *buf) | |||
755 | error = -EFAULT; | 745 | error = -EFAULT; |
756 | goto out; | 746 | goto out; |
757 | } | 747 | } |
748 | |||
758 | if (!(file = fget(fd))) { | 749 | if (!(file = fget(fd))) { |
759 | error = -EBADF; | 750 | error = -EBADF; |
760 | goto out; | 751 | goto out; |
@@ -764,16 +755,17 @@ asmlinkage int irix_fstatfs(unsigned int fd, struct irix_statfs *buf) | |||
764 | if (error) | 755 | if (error) |
765 | goto out_f; | 756 | goto out_f; |
766 | 757 | ||
767 | __put_user(kbuf.f_type, &buf->f_type); | 758 | error = __put_user(kbuf.f_type, &buf->f_type); |
768 | __put_user(kbuf.f_bsize, &buf->f_bsize); | 759 | error |= __put_user(kbuf.f_bsize, &buf->f_bsize); |
769 | __put_user(kbuf.f_frsize, &buf->f_frsize); | 760 | error |= __put_user(kbuf.f_frsize, &buf->f_frsize); |
770 | __put_user(kbuf.f_blocks, &buf->f_blocks); | 761 | error |= __put_user(kbuf.f_blocks, &buf->f_blocks); |
771 | __put_user(kbuf.f_bfree, &buf->f_bfree); | 762 | error |= __put_user(kbuf.f_bfree, &buf->f_bfree); |
772 | __put_user(kbuf.f_files, &buf->f_files); | 763 | error |= __put_user(kbuf.f_files, &buf->f_files); |
773 | __put_user(kbuf.f_ffree, &buf->f_ffree); | 764 | error |= __put_user(kbuf.f_ffree, &buf->f_ffree); |
774 | for(i = 0; i < 6; i++) { | 765 | |
775 | __put_user(0, &buf->f_fname[i]); | 766 | for (i = 0; i < 6; i++) { |
776 | __put_user(0, &buf->f_fpack[i]); | 767 | error |= __put_user(0, &buf->f_fname[i]); |
768 | error |= __put_user(0, &buf->f_fpack[i]); | ||
777 | } | 769 | } |
778 | 770 | ||
779 | out_f: | 771 | out_f: |
@@ -800,14 +792,15 @@ asmlinkage int irix_setpgrp(int flags) | |||
800 | return error; | 792 | return error; |
801 | } | 793 | } |
802 | 794 | ||
803 | asmlinkage int irix_times(struct tms * tbuf) | 795 | asmlinkage int irix_times(struct tms __user *tbuf) |
804 | { | 796 | { |
805 | int err = 0; | 797 | int err = 0; |
806 | 798 | ||
807 | if (tbuf) { | 799 | if (tbuf) { |
808 | if (!access_ok(VERIFY_WRITE,tbuf,sizeof *tbuf)) | 800 | if (!access_ok(VERIFY_WRITE,tbuf,sizeof *tbuf)) |
809 | return -EFAULT; | 801 | return -EFAULT; |
810 | err |= __put_user(current->utime, &tbuf->tms_utime); | 802 | |
803 | err = __put_user(current->utime, &tbuf->tms_utime); | ||
811 | err |= __put_user(current->stime, &tbuf->tms_stime); | 804 | err |= __put_user(current->stime, &tbuf->tms_stime); |
812 | err |= __put_user(current->signal->cutime, &tbuf->tms_cutime); | 805 | err |= __put_user(current->signal->cutime, &tbuf->tms_cutime); |
813 | err |= __put_user(current->signal->cstime, &tbuf->tms_cstime); | 806 | err |= __put_user(current->signal->cstime, &tbuf->tms_cstime); |
@@ -823,13 +816,13 @@ asmlinkage int irix_exec(struct pt_regs *regs) | |||
823 | 816 | ||
824 | if(regs->regs[2] == 1000) | 817 | if(regs->regs[2] == 1000) |
825 | base = 1; | 818 | base = 1; |
826 | filename = getname((char *) (long)regs->regs[base + 4]); | 819 | filename = getname((char __user *) (long)regs->regs[base + 4]); |
827 | error = PTR_ERR(filename); | 820 | error = PTR_ERR(filename); |
828 | if (IS_ERR(filename)) | 821 | if (IS_ERR(filename)) |
829 | return error; | 822 | return error; |
830 | 823 | ||
831 | error = do_execve(filename, (char **) (long)regs->regs[base + 5], | 824 | error = do_execve(filename, (char __user * __user *) (long)regs->regs[base + 5], |
832 | (char **) 0, regs); | 825 | NULL, regs); |
833 | putname(filename); | 826 | putname(filename); |
834 | 827 | ||
835 | return error; | 828 | return error; |
@@ -842,12 +835,12 @@ asmlinkage int irix_exece(struct pt_regs *regs) | |||
842 | 835 | ||
843 | if (regs->regs[2] == 1000) | 836 | if (regs->regs[2] == 1000) |
844 | base = 1; | 837 | base = 1; |
845 | filename = getname((char *) (long)regs->regs[base + 4]); | 838 | filename = getname((char __user *) (long)regs->regs[base + 4]); |
846 | error = PTR_ERR(filename); | 839 | error = PTR_ERR(filename); |
847 | if (IS_ERR(filename)) | 840 | if (IS_ERR(filename)) |
848 | return error; | 841 | return error; |
849 | error = do_execve(filename, (char **) (long)regs->regs[base + 5], | 842 | error = do_execve(filename, (char __user * __user *) (long)regs->regs[base + 5], |
850 | (char **) (long)regs->regs[base + 6], regs); | 843 | (char __user * __user *) (long)regs->regs[base + 6], regs); |
851 | putname(filename); | 844 | putname(filename); |
852 | 845 | ||
853 | return error; | 846 | return error; |
@@ -903,22 +896,17 @@ asmlinkage int irix_socket(int family, int type, int protocol) | |||
903 | return sys_socket(family, type, protocol); | 896 | return sys_socket(family, type, protocol); |
904 | } | 897 | } |
905 | 898 | ||
906 | asmlinkage int irix_getdomainname(char *name, int len) | 899 | asmlinkage int irix_getdomainname(char __user *name, int len) |
907 | { | 900 | { |
908 | int error; | 901 | int err; |
909 | |||
910 | if (!access_ok(VERIFY_WRITE, name, len)) | ||
911 | return -EFAULT; | ||
912 | 902 | ||
913 | down_read(&uts_sem); | 903 | down_read(&uts_sem); |
914 | if (len > __NEW_UTS_LEN) | 904 | if (len > __NEW_UTS_LEN) |
915 | len = __NEW_UTS_LEN; | 905 | len = __NEW_UTS_LEN; |
916 | error = 0; | 906 | err = copy_to_user(name, system_utsname.domainname, len) ? -EFAULT : 0; |
917 | if (copy_to_user(name, system_utsname.domainname, len)) | ||
918 | error = -EFAULT; | ||
919 | up_read(&uts_sem); | 907 | up_read(&uts_sem); |
920 | 908 | ||
921 | return error; | 909 | return err; |
922 | } | 910 | } |
923 | 911 | ||
924 | asmlinkage unsigned long irix_getpagesize(void) | 912 | asmlinkage unsigned long irix_getpagesize(void) |
@@ -934,12 +922,13 @@ asmlinkage int irix_msgsys(int opcode, unsigned long arg0, unsigned long arg1, | |||
934 | case 0: | 922 | case 0: |
935 | return sys_msgget((key_t) arg0, (int) arg1); | 923 | return sys_msgget((key_t) arg0, (int) arg1); |
936 | case 1: | 924 | case 1: |
937 | return sys_msgctl((int) arg0, (int) arg1, (struct msqid_ds *)arg2); | 925 | return sys_msgctl((int) arg0, (int) arg1, |
926 | (struct msqid_ds __user *)arg2); | ||
938 | case 2: | 927 | case 2: |
939 | return sys_msgrcv((int) arg0, (struct msgbuf *) arg1, | 928 | return sys_msgrcv((int) arg0, (struct msgbuf __user *) arg1, |
940 | (size_t) arg2, (long) arg3, (int) arg4); | 929 | (size_t) arg2, (long) arg3, (int) arg4); |
941 | case 3: | 930 | case 3: |
942 | return sys_msgsnd((int) arg0, (struct msgbuf *) arg1, | 931 | return sys_msgsnd((int) arg0, (struct msgbuf __user *) arg1, |
943 | (size_t) arg2, (int) arg3); | 932 | (size_t) arg2, (int) arg3); |
944 | default: | 933 | default: |
945 | return -EINVAL; | 934 | return -EINVAL; |
@@ -951,12 +940,13 @@ asmlinkage int irix_shmsys(int opcode, unsigned long arg0, unsigned long arg1, | |||
951 | { | 940 | { |
952 | switch (opcode) { | 941 | switch (opcode) { |
953 | case 0: | 942 | case 0: |
954 | return do_shmat((int) arg0, (char *)arg1, (int) arg2, | 943 | return do_shmat((int) arg0, (char __user *) arg1, (int) arg2, |
955 | (unsigned long *) arg3); | 944 | (unsigned long *) arg3); |
956 | case 1: | 945 | case 1: |
957 | return sys_shmctl((int)arg0, (int)arg1, (struct shmid_ds *)arg2); | 946 | return sys_shmctl((int)arg0, (int)arg1, |
947 | (struct shmid_ds __user *)arg2); | ||
958 | case 2: | 948 | case 2: |
959 | return sys_shmdt((char *)arg0); | 949 | return sys_shmdt((char __user *)arg0); |
960 | case 3: | 950 | case 3: |
961 | return sys_shmget((key_t) arg0, (int) arg1, (int) arg2); | 951 | return sys_shmget((key_t) arg0, (int) arg1, (int) arg2); |
962 | default: | 952 | default: |
@@ -974,7 +964,7 @@ asmlinkage int irix_semsys(int opcode, unsigned long arg0, unsigned long arg1, | |||
974 | case 1: | 964 | case 1: |
975 | return sys_semget((key_t) arg0, (int) arg1, (int) arg2); | 965 | return sys_semget((key_t) arg0, (int) arg1, (int) arg2); |
976 | case 2: | 966 | case 2: |
977 | return sys_semop((int) arg0, (struct sembuf *)arg1, | 967 | return sys_semop((int) arg0, (struct sembuf __user *)arg1, |
978 | (unsigned int) arg2); | 968 | (unsigned int) arg2); |
979 | default: | 969 | default: |
980 | return -EINVAL; | 970 | return -EINVAL; |
@@ -992,15 +982,16 @@ static inline loff_t llseek(struct file *file, loff_t offset, int origin) | |||
992 | lock_kernel(); | 982 | lock_kernel(); |
993 | retval = fn(file, offset, origin); | 983 | retval = fn(file, offset, origin); |
994 | unlock_kernel(); | 984 | unlock_kernel(); |
985 | |||
995 | return retval; | 986 | return retval; |
996 | } | 987 | } |
997 | 988 | ||
998 | asmlinkage int irix_lseek64(int fd, int _unused, int offhi, int offlow, | 989 | asmlinkage int irix_lseek64(int fd, int _unused, int offhi, int offlow, |
999 | int origin) | 990 | int origin) |
1000 | { | 991 | { |
1001 | int retval; | ||
1002 | struct file * file; | 992 | struct file * file; |
1003 | loff_t offset; | 993 | loff_t offset; |
994 | int retval; | ||
1004 | 995 | ||
1005 | retval = -EBADF; | 996 | retval = -EBADF; |
1006 | file = fget(fd); | 997 | file = fget(fd); |
@@ -1025,12 +1016,12 @@ asmlinkage int irix_sginap(int ticks) | |||
1025 | return 0; | 1016 | return 0; |
1026 | } | 1017 | } |
1027 | 1018 | ||
1028 | asmlinkage int irix_sgikopt(char *istring, char *ostring, int len) | 1019 | asmlinkage int irix_sgikopt(char __user *istring, char __user *ostring, int len) |
1029 | { | 1020 | { |
1030 | return -EINVAL; | 1021 | return -EINVAL; |
1031 | } | 1022 | } |
1032 | 1023 | ||
1033 | asmlinkage int irix_gettimeofday(struct timeval *tv) | 1024 | asmlinkage int irix_gettimeofday(struct timeval __user *tv) |
1034 | { | 1025 | { |
1035 | time_t sec; | 1026 | time_t sec; |
1036 | long nsec, seq; | 1027 | long nsec, seq; |
@@ -1071,7 +1062,7 @@ asmlinkage unsigned long irix_mmap32(unsigned long addr, size_t len, int prot, | |||
1071 | 1062 | ||
1072 | if (max_size > file->f_dentry->d_inode->i_size) { | 1063 | if (max_size > file->f_dentry->d_inode->i_size) { |
1073 | old_pos = sys_lseek (fd, max_size - 1, 0); | 1064 | old_pos = sys_lseek (fd, max_size - 1, 0); |
1074 | sys_write (fd, "", 1); | 1065 | sys_write (fd, (void __user *) "", 1); |
1075 | sys_lseek (fd, old_pos, 0); | 1066 | sys_lseek (fd, old_pos, 0); |
1076 | } | 1067 | } |
1077 | } | 1068 | } |
@@ -1096,7 +1087,7 @@ asmlinkage int irix_madvise(unsigned long addr, int len, int behavior) | |||
1096 | return -EINVAL; | 1087 | return -EINVAL; |
1097 | } | 1088 | } |
1098 | 1089 | ||
1099 | asmlinkage int irix_pagelock(char *addr, int len, int op) | 1090 | asmlinkage int irix_pagelock(char __user *addr, int len, int op) |
1100 | { | 1091 | { |
1101 | printk("[%s:%d] Wheee.. irix_pagelock(%p,%d,%d)\n", | 1092 | printk("[%s:%d] Wheee.. irix_pagelock(%p,%d,%d)\n", |
1102 | current->comm, current->pid, addr, len, op); | 1093 | current->comm, current->pid, addr, len, op); |
@@ -1136,7 +1127,7 @@ asmlinkage int irix_BSDsetpgrp(int pid, int pgrp) | |||
1136 | return error; | 1127 | return error; |
1137 | } | 1128 | } |
1138 | 1129 | ||
1139 | asmlinkage int irix_systeminfo(int cmd, char *buf, int cnt) | 1130 | asmlinkage int irix_systeminfo(int cmd, char __user *buf, int cnt) |
1140 | { | 1131 | { |
1141 | printk("[%s:%d] Wheee.. irix_systeminfo(%d,%p,%d)\n", | 1132 | printk("[%s:%d] Wheee.. irix_systeminfo(%d,%p,%d)\n", |
1142 | current->comm, current->pid, cmd, buf, cnt); | 1133 | current->comm, current->pid, cmd, buf, cnt); |
@@ -1152,14 +1143,14 @@ struct iuname { | |||
1152 | char _unused3[257], _unused4[257], _unused5[257]; | 1143 | char _unused3[257], _unused4[257], _unused5[257]; |
1153 | }; | 1144 | }; |
1154 | 1145 | ||
1155 | asmlinkage int irix_uname(struct iuname *buf) | 1146 | asmlinkage int irix_uname(struct iuname __user *buf) |
1156 | { | 1147 | { |
1157 | down_read(&uts_sem); | 1148 | down_read(&uts_sem); |
1158 | if (copy_to_user(system_utsname.sysname, buf->sysname, 65) | 1149 | if (copy_from_user(system_utsname.sysname, buf->sysname, 65) |
1159 | || copy_to_user(system_utsname.nodename, buf->nodename, 65) | 1150 | || copy_from_user(system_utsname.nodename, buf->nodename, 65) |
1160 | || copy_to_user(system_utsname.release, buf->release, 65) | 1151 | || copy_from_user(system_utsname.release, buf->release, 65) |
1161 | || copy_to_user(system_utsname.version, buf->version, 65) | 1152 | || copy_from_user(system_utsname.version, buf->version, 65) |
1162 | || copy_to_user(system_utsname.machine, buf->machine, 65)) { | 1153 | || copy_from_user(system_utsname.machine, buf->machine, 65)) { |
1163 | return -EFAULT; | 1154 | return -EFAULT; |
1164 | } | 1155 | } |
1165 | up_read(&uts_sem); | 1156 | up_read(&uts_sem); |
@@ -1169,7 +1160,7 @@ asmlinkage int irix_uname(struct iuname *buf) | |||
1169 | 1160 | ||
1170 | #undef DEBUG_XSTAT | 1161 | #undef DEBUG_XSTAT |
1171 | 1162 | ||
1172 | static int irix_xstat32_xlate(struct kstat *stat, void *ubuf) | 1163 | static int irix_xstat32_xlate(struct kstat *stat, void __user *ubuf) |
1173 | { | 1164 | { |
1174 | struct xstat32 { | 1165 | struct xstat32 { |
1175 | u32 st_dev, st_pad1[3], st_ino, st_mode, st_nlink, st_uid, st_gid; | 1166 | u32 st_dev, st_pad1[3], st_ino, st_mode, st_nlink, st_uid, st_gid; |
@@ -1209,7 +1200,7 @@ static int irix_xstat32_xlate(struct kstat *stat, void *ubuf) | |||
1209 | return copy_to_user(ubuf, &ub, sizeof(ub)) ? -EFAULT : 0; | 1200 | return copy_to_user(ubuf, &ub, sizeof(ub)) ? -EFAULT : 0; |
1210 | } | 1201 | } |
1211 | 1202 | ||
1212 | static int irix_xstat64_xlate(struct kstat *stat, void *ubuf) | 1203 | static int irix_xstat64_xlate(struct kstat *stat, void __user *ubuf) |
1213 | { | 1204 | { |
1214 | struct xstat64 { | 1205 | struct xstat64 { |
1215 | u32 st_dev; s32 st_pad1[3]; | 1206 | u32 st_dev; s32 st_pad1[3]; |
@@ -1259,7 +1250,7 @@ static int irix_xstat64_xlate(struct kstat *stat, void *ubuf) | |||
1259 | return copy_to_user(ubuf, &ks, sizeof(ks)) ? -EFAULT : 0; | 1250 | return copy_to_user(ubuf, &ks, sizeof(ks)) ? -EFAULT : 0; |
1260 | } | 1251 | } |
1261 | 1252 | ||
1262 | asmlinkage int irix_xstat(int version, char *filename, struct stat *statbuf) | 1253 | asmlinkage int irix_xstat(int version, char __user *filename, struct stat __user *statbuf) |
1263 | { | 1254 | { |
1264 | int retval; | 1255 | int retval; |
1265 | struct kstat stat; | 1256 | struct kstat stat; |
@@ -1285,7 +1276,7 @@ asmlinkage int irix_xstat(int version, char *filename, struct stat *statbuf) | |||
1285 | return retval; | 1276 | return retval; |
1286 | } | 1277 | } |
1287 | 1278 | ||
1288 | asmlinkage int irix_lxstat(int version, char *filename, struct stat *statbuf) | 1279 | asmlinkage int irix_lxstat(int version, char __user *filename, struct stat __user *statbuf) |
1289 | { | 1280 | { |
1290 | int error; | 1281 | int error; |
1291 | struct kstat stat; | 1282 | struct kstat stat; |
@@ -1312,7 +1303,7 @@ asmlinkage int irix_lxstat(int version, char *filename, struct stat *statbuf) | |||
1312 | return error; | 1303 | return error; |
1313 | } | 1304 | } |
1314 | 1305 | ||
1315 | asmlinkage int irix_fxstat(int version, int fd, struct stat *statbuf) | 1306 | asmlinkage int irix_fxstat(int version, int fd, struct stat __user *statbuf) |
1316 | { | 1307 | { |
1317 | int error; | 1308 | int error; |
1318 | struct kstat stat; | 1309 | struct kstat stat; |
@@ -1338,7 +1329,7 @@ asmlinkage int irix_fxstat(int version, int fd, struct stat *statbuf) | |||
1338 | return error; | 1329 | return error; |
1339 | } | 1330 | } |
1340 | 1331 | ||
1341 | asmlinkage int irix_xmknod(int ver, char *filename, int mode, unsigned dev) | 1332 | asmlinkage int irix_xmknod(int ver, char __user *filename, int mode, unsigned dev) |
1342 | { | 1333 | { |
1343 | int retval; | 1334 | int retval; |
1344 | printk("[%s:%d] Wheee.. irix_xmknod(%d,%s,%x,%x)\n", | 1335 | printk("[%s:%d] Wheee.. irix_xmknod(%d,%s,%x,%x)\n", |
@@ -1358,7 +1349,7 @@ asmlinkage int irix_xmknod(int ver, char *filename, int mode, unsigned dev) | |||
1358 | return retval; | 1349 | return retval; |
1359 | } | 1350 | } |
1360 | 1351 | ||
1361 | asmlinkage int irix_swapctl(int cmd, char *arg) | 1352 | asmlinkage int irix_swapctl(int cmd, char __user *arg) |
1362 | { | 1353 | { |
1363 | printk("[%s:%d] Wheee.. irix_swapctl(%d,%p)\n", | 1354 | printk("[%s:%d] Wheee.. irix_swapctl(%d,%p)\n", |
1364 | current->comm, current->pid, cmd, arg); | 1355 | current->comm, current->pid, cmd, arg); |
@@ -1374,7 +1365,7 @@ struct irix_statvfs { | |||
1374 | char f_fstr[32]; u32 f_filler[16]; | 1365 | char f_fstr[32]; u32 f_filler[16]; |
1375 | }; | 1366 | }; |
1376 | 1367 | ||
1377 | asmlinkage int irix_statvfs(char *fname, struct irix_statvfs *buf) | 1368 | asmlinkage int irix_statvfs(char __user *fname, struct irix_statvfs __user *buf) |
1378 | { | 1369 | { |
1379 | struct nameidata nd; | 1370 | struct nameidata nd; |
1380 | struct kstatfs kbuf; | 1371 | struct kstatfs kbuf; |
@@ -1382,10 +1373,9 @@ asmlinkage int irix_statvfs(char *fname, struct irix_statvfs *buf) | |||
1382 | 1373 | ||
1383 | printk("[%s:%d] Wheee.. irix_statvfs(%s,%p)\n", | 1374 | printk("[%s:%d] Wheee.. irix_statvfs(%s,%p)\n", |
1384 | current->comm, current->pid, fname, buf); | 1375 | current->comm, current->pid, fname, buf); |
1385 | if (!access_ok(VERIFY_WRITE, buf, sizeof(struct irix_statvfs))) { | 1376 | if (!access_ok(VERIFY_WRITE, buf, sizeof(struct irix_statvfs))) |
1386 | error = -EFAULT; | 1377 | return -EFAULT; |
1387 | goto out; | 1378 | |
1388 | } | ||
1389 | error = user_path_walk(fname, &nd); | 1379 | error = user_path_walk(fname, &nd); |
1390 | if (error) | 1380 | if (error) |
1391 | goto out; | 1381 | goto out; |
@@ -1393,27 +1383,25 @@ asmlinkage int irix_statvfs(char *fname, struct irix_statvfs *buf) | |||
1393 | if (error) | 1383 | if (error) |
1394 | goto dput_and_out; | 1384 | goto dput_and_out; |
1395 | 1385 | ||
1396 | __put_user(kbuf.f_bsize, &buf->f_bsize); | 1386 | error |= __put_user(kbuf.f_bsize, &buf->f_bsize); |
1397 | __put_user(kbuf.f_frsize, &buf->f_frsize); | 1387 | error |= __put_user(kbuf.f_frsize, &buf->f_frsize); |
1398 | __put_user(kbuf.f_blocks, &buf->f_blocks); | 1388 | error |= __put_user(kbuf.f_blocks, &buf->f_blocks); |
1399 | __put_user(kbuf.f_bfree, &buf->f_bfree); | 1389 | error |= __put_user(kbuf.f_bfree, &buf->f_bfree); |
1400 | __put_user(kbuf.f_bfree, &buf->f_bavail); /* XXX hackety hack... */ | 1390 | error |= __put_user(kbuf.f_bfree, &buf->f_bavail); /* XXX hackety hack... */ |
1401 | __put_user(kbuf.f_files, &buf->f_files); | 1391 | error |= __put_user(kbuf.f_files, &buf->f_files); |
1402 | __put_user(kbuf.f_ffree, &buf->f_ffree); | 1392 | error |= __put_user(kbuf.f_ffree, &buf->f_ffree); |
1403 | __put_user(kbuf.f_ffree, &buf->f_favail); /* XXX hackety hack... */ | 1393 | error |= __put_user(kbuf.f_ffree, &buf->f_favail); /* XXX hackety hack... */ |
1404 | #ifdef __MIPSEB__ | 1394 | #ifdef __MIPSEB__ |
1405 | __put_user(kbuf.f_fsid.val[1], &buf->f_fsid); | 1395 | error |= __put_user(kbuf.f_fsid.val[1], &buf->f_fsid); |
1406 | #else | 1396 | #else |
1407 | __put_user(kbuf.f_fsid.val[0], &buf->f_fsid); | 1397 | error |= __put_user(kbuf.f_fsid.val[0], &buf->f_fsid); |
1408 | #endif | 1398 | #endif |
1409 | for (i = 0; i < 16; i++) | 1399 | for (i = 0; i < 16; i++) |
1410 | __put_user(0, &buf->f_basetype[i]); | 1400 | error |= __put_user(0, &buf->f_basetype[i]); |
1411 | __put_user(0, &buf->f_flag); | 1401 | error |= __put_user(0, &buf->f_flag); |
1412 | __put_user(kbuf.f_namelen, &buf->f_namemax); | 1402 | error |= __put_user(kbuf.f_namelen, &buf->f_namemax); |
1413 | for (i = 0; i < 32; i++) | 1403 | for (i = 0; i < 32; i++) |
1414 | __put_user(0, &buf->f_fstr[i]); | 1404 | error |= __put_user(0, &buf->f_fstr[i]); |
1415 | |||
1416 | error = 0; | ||
1417 | 1405 | ||
1418 | dput_and_out: | 1406 | dput_and_out: |
1419 | path_release(&nd); | 1407 | path_release(&nd); |
@@ -1421,7 +1409,7 @@ out: | |||
1421 | return error; | 1409 | return error; |
1422 | } | 1410 | } |
1423 | 1411 | ||
1424 | asmlinkage int irix_fstatvfs(int fd, struct irix_statvfs *buf) | 1412 | asmlinkage int irix_fstatvfs(int fd, struct irix_statvfs __user *buf) |
1425 | { | 1413 | { |
1426 | struct kstatfs kbuf; | 1414 | struct kstatfs kbuf; |
1427 | struct file *file; | 1415 | struct file *file; |
@@ -1430,10 +1418,9 @@ asmlinkage int irix_fstatvfs(int fd, struct irix_statvfs *buf) | |||
1430 | printk("[%s:%d] Wheee.. irix_fstatvfs(%d,%p)\n", | 1418 | printk("[%s:%d] Wheee.. irix_fstatvfs(%d,%p)\n", |
1431 | current->comm, current->pid, fd, buf); | 1419 | current->comm, current->pid, fd, buf); |
1432 | 1420 | ||
1433 | if (!access_ok(VERIFY_WRITE, buf, sizeof(struct irix_statvfs))) { | 1421 | if (!access_ok(VERIFY_WRITE, buf, sizeof(struct irix_statvfs))) |
1434 | error = -EFAULT; | 1422 | return -EFAULT; |
1435 | goto out; | 1423 | |
1436 | } | ||
1437 | if (!(file = fget(fd))) { | 1424 | if (!(file = fget(fd))) { |
1438 | error = -EBADF; | 1425 | error = -EBADF; |
1439 | goto out; | 1426 | goto out; |
@@ -1442,24 +1429,24 @@ asmlinkage int irix_fstatvfs(int fd, struct irix_statvfs *buf) | |||
1442 | if (error) | 1429 | if (error) |
1443 | goto out_f; | 1430 | goto out_f; |
1444 | 1431 | ||
1445 | __put_user(kbuf.f_bsize, &buf->f_bsize); | 1432 | error = __put_user(kbuf.f_bsize, &buf->f_bsize); |
1446 | __put_user(kbuf.f_frsize, &buf->f_frsize); | 1433 | error |= __put_user(kbuf.f_frsize, &buf->f_frsize); |
1447 | __put_user(kbuf.f_blocks, &buf->f_blocks); | 1434 | error |= __put_user(kbuf.f_blocks, &buf->f_blocks); |
1448 | __put_user(kbuf.f_bfree, &buf->f_bfree); | 1435 | error |= __put_user(kbuf.f_bfree, &buf->f_bfree); |
1449 | __put_user(kbuf.f_bfree, &buf->f_bavail); /* XXX hackety hack... */ | 1436 | error |= __put_user(kbuf.f_bfree, &buf->f_bavail); /* XXX hackety hack... */ |
1450 | __put_user(kbuf.f_files, &buf->f_files); | 1437 | error |= __put_user(kbuf.f_files, &buf->f_files); |
1451 | __put_user(kbuf.f_ffree, &buf->f_ffree); | 1438 | error |= __put_user(kbuf.f_ffree, &buf->f_ffree); |
1452 | __put_user(kbuf.f_ffree, &buf->f_favail); /* XXX hackety hack... */ | 1439 | error |= __put_user(kbuf.f_ffree, &buf->f_favail); /* XXX hackety hack... */ |
1453 | #ifdef __MIPSEB__ | 1440 | #ifdef __MIPSEB__ |
1454 | __put_user(kbuf.f_fsid.val[1], &buf->f_fsid); | 1441 | error |= __put_user(kbuf.f_fsid.val[1], &buf->f_fsid); |
1455 | #else | 1442 | #else |
1456 | __put_user(kbuf.f_fsid.val[0], &buf->f_fsid); | 1443 | error |= __put_user(kbuf.f_fsid.val[0], &buf->f_fsid); |
1457 | #endif | 1444 | #endif |
1458 | for(i = 0; i < 16; i++) | 1445 | for(i = 0; i < 16; i++) |
1459 | __put_user(0, &buf->f_basetype[i]); | 1446 | error |= __put_user(0, &buf->f_basetype[i]); |
1460 | __put_user(0, &buf->f_flag); | 1447 | error |= __put_user(0, &buf->f_flag); |
1461 | __put_user(kbuf.f_namelen, &buf->f_namemax); | 1448 | error |= __put_user(kbuf.f_namelen, &buf->f_namemax); |
1462 | __clear_user(&buf->f_fstr, sizeof(buf->f_fstr)); | 1449 | error |= __clear_user(&buf->f_fstr, sizeof(buf->f_fstr)) ? -EFAULT : 0; |
1463 | 1450 | ||
1464 | out_f: | 1451 | out_f: |
1465 | fput(file); | 1452 | fput(file); |
@@ -1483,7 +1470,7 @@ asmlinkage int irix_sigqueue(int pid, int sig, int code, int val) | |||
1483 | return -EINVAL; | 1470 | return -EINVAL; |
1484 | } | 1471 | } |
1485 | 1472 | ||
1486 | asmlinkage int irix_truncate64(char *name, int pad, int size1, int size2) | 1473 | asmlinkage int irix_truncate64(char __user *name, int pad, int size1, int size2) |
1487 | { | 1474 | { |
1488 | int retval; | 1475 | int retval; |
1489 | 1476 | ||
@@ -1516,6 +1503,7 @@ asmlinkage int irix_mmap64(struct pt_regs *regs) | |||
1516 | int len, prot, flags, fd, off1, off2, error, base = 0; | 1503 | int len, prot, flags, fd, off1, off2, error, base = 0; |
1517 | unsigned long addr, pgoff, *sp; | 1504 | unsigned long addr, pgoff, *sp; |
1518 | struct file *file = NULL; | 1505 | struct file *file = NULL; |
1506 | int err; | ||
1519 | 1507 | ||
1520 | if (regs->regs[2] == 1000) | 1508 | if (regs->regs[2] == 1000) |
1521 | base = 1; | 1509 | base = 1; |
@@ -1525,36 +1513,31 @@ asmlinkage int irix_mmap64(struct pt_regs *regs) | |||
1525 | prot = regs->regs[base + 6]; | 1513 | prot = regs->regs[base + 6]; |
1526 | if (!base) { | 1514 | if (!base) { |
1527 | flags = regs->regs[base + 7]; | 1515 | flags = regs->regs[base + 7]; |
1528 | if (!access_ok(VERIFY_READ, sp, (4 * sizeof(unsigned long)))) { | 1516 | if (!access_ok(VERIFY_READ, sp, (4 * sizeof(unsigned long)))) |
1529 | error = -EFAULT; | 1517 | return -EFAULT; |
1530 | goto out; | ||
1531 | } | ||
1532 | fd = sp[0]; | 1518 | fd = sp[0]; |
1533 | __get_user(off1, &sp[1]); | 1519 | err = __get_user(off1, &sp[1]); |
1534 | __get_user(off2, &sp[2]); | 1520 | err |= __get_user(off2, &sp[2]); |
1535 | } else { | 1521 | } else { |
1536 | if (!access_ok(VERIFY_READ, sp, (5 * sizeof(unsigned long)))) { | 1522 | if (!access_ok(VERIFY_READ, sp, (5 * sizeof(unsigned long)))) |
1537 | error = -EFAULT; | 1523 | return -EFAULT; |
1538 | goto out; | 1524 | err = __get_user(flags, &sp[0]); |
1539 | } | 1525 | err |= __get_user(fd, &sp[1]); |
1540 | __get_user(flags, &sp[0]); | 1526 | err |= __get_user(off1, &sp[2]); |
1541 | __get_user(fd, &sp[1]); | 1527 | err |= __get_user(off2, &sp[3]); |
1542 | __get_user(off1, &sp[2]); | ||
1543 | __get_user(off2, &sp[3]); | ||
1544 | } | 1528 | } |
1545 | 1529 | ||
1546 | if (off1 & PAGE_MASK) { | 1530 | if (err) |
1547 | error = -EOVERFLOW; | 1531 | return err; |
1548 | goto out; | 1532 | |
1549 | } | 1533 | if (off1 & PAGE_MASK) |
1534 | return -EOVERFLOW; | ||
1550 | 1535 | ||
1551 | pgoff = (off1 << (32 - PAGE_SHIFT)) | (off2 >> PAGE_SHIFT); | 1536 | pgoff = (off1 << (32 - PAGE_SHIFT)) | (off2 >> PAGE_SHIFT); |
1552 | 1537 | ||
1553 | if (!(flags & MAP_ANONYMOUS)) { | 1538 | if (!(flags & MAP_ANONYMOUS)) { |
1554 | if (!(file = fget(fd))) { | 1539 | if (!(file = fget(fd))) |
1555 | error = -EBADF; | 1540 | return -EBADF; |
1556 | goto out; | ||
1557 | } | ||
1558 | 1541 | ||
1559 | /* Ok, bad taste hack follows, try to think in something else | 1542 | /* Ok, bad taste hack follows, try to think in something else |
1560 | when reading this */ | 1543 | when reading this */ |
@@ -1564,7 +1547,7 @@ asmlinkage int irix_mmap64(struct pt_regs *regs) | |||
1564 | 1547 | ||
1565 | if (max_size > file->f_dentry->d_inode->i_size) { | 1548 | if (max_size > file->f_dentry->d_inode->i_size) { |
1566 | old_pos = sys_lseek (fd, max_size - 1, 0); | 1549 | old_pos = sys_lseek (fd, max_size - 1, 0); |
1567 | sys_write (fd, "", 1); | 1550 | sys_write (fd, (void __user *) "", 1); |
1568 | sys_lseek (fd, old_pos, 0); | 1551 | sys_lseek (fd, old_pos, 0); |
1569 | } | 1552 | } |
1570 | } | 1553 | } |
@@ -1579,7 +1562,6 @@ asmlinkage int irix_mmap64(struct pt_regs *regs) | |||
1579 | if (file) | 1562 | if (file) |
1580 | fput(file); | 1563 | fput(file); |
1581 | 1564 | ||
1582 | out: | ||
1583 | return error; | 1565 | return error; |
1584 | } | 1566 | } |
1585 | 1567 | ||
@@ -1591,7 +1573,7 @@ asmlinkage int irix_dmi(struct pt_regs *regs) | |||
1591 | return -EINVAL; | 1573 | return -EINVAL; |
1592 | } | 1574 | } |
1593 | 1575 | ||
1594 | asmlinkage int irix_pread(int fd, char *buf, int cnt, int off64, | 1576 | asmlinkage int irix_pread(int fd, char __user *buf, int cnt, int off64, |
1595 | int off1, int off2) | 1577 | int off1, int off2) |
1596 | { | 1578 | { |
1597 | printk("[%s:%d] Wheee.. irix_pread(%d,%p,%d,%d,%d,%d)\n", | 1579 | printk("[%s:%d] Wheee.. irix_pread(%d,%p,%d,%d,%d,%d)\n", |
@@ -1600,7 +1582,7 @@ asmlinkage int irix_pread(int fd, char *buf, int cnt, int off64, | |||
1600 | return -EINVAL; | 1582 | return -EINVAL; |
1601 | } | 1583 | } |
1602 | 1584 | ||
1603 | asmlinkage int irix_pwrite(int fd, char *buf, int cnt, int off64, | 1585 | asmlinkage int irix_pwrite(int fd, char __user *buf, int cnt, int off64, |
1604 | int off1, int off2) | 1586 | int off1, int off2) |
1605 | { | 1587 | { |
1606 | printk("[%s:%d] Wheee.. irix_pwrite(%d,%p,%d,%d,%d,%d)\n", | 1588 | printk("[%s:%d] Wheee.. irix_pwrite(%d,%p,%d,%d,%d,%d)\n", |
@@ -1632,7 +1614,7 @@ struct irix_statvfs64 { | |||
1632 | u32 f_filler[16]; | 1614 | u32 f_filler[16]; |
1633 | }; | 1615 | }; |
1634 | 1616 | ||
1635 | asmlinkage int irix_statvfs64(char *fname, struct irix_statvfs64 *buf) | 1617 | asmlinkage int irix_statvfs64(char __user *fname, struct irix_statvfs64 __user *buf) |
1636 | { | 1618 | { |
1637 | struct nameidata nd; | 1619 | struct nameidata nd; |
1638 | struct kstatfs kbuf; | 1620 | struct kstatfs kbuf; |
@@ -1644,6 +1626,7 @@ asmlinkage int irix_statvfs64(char *fname, struct irix_statvfs64 *buf) | |||
1644 | error = -EFAULT; | 1626 | error = -EFAULT; |
1645 | goto out; | 1627 | goto out; |
1646 | } | 1628 | } |
1629 | |||
1647 | error = user_path_walk(fname, &nd); | 1630 | error = user_path_walk(fname, &nd); |
1648 | if (error) | 1631 | if (error) |
1649 | goto out; | 1632 | goto out; |
@@ -1651,27 +1634,25 @@ asmlinkage int irix_statvfs64(char *fname, struct irix_statvfs64 *buf) | |||
1651 | if (error) | 1634 | if (error) |
1652 | goto dput_and_out; | 1635 | goto dput_and_out; |
1653 | 1636 | ||
1654 | __put_user(kbuf.f_bsize, &buf->f_bsize); | 1637 | error = __put_user(kbuf.f_bsize, &buf->f_bsize); |
1655 | __put_user(kbuf.f_frsize, &buf->f_frsize); | 1638 | error |= __put_user(kbuf.f_frsize, &buf->f_frsize); |
1656 | __put_user(kbuf.f_blocks, &buf->f_blocks); | 1639 | error |= __put_user(kbuf.f_blocks, &buf->f_blocks); |
1657 | __put_user(kbuf.f_bfree, &buf->f_bfree); | 1640 | error |= __put_user(kbuf.f_bfree, &buf->f_bfree); |
1658 | __put_user(kbuf.f_bfree, &buf->f_bavail); /* XXX hackety hack... */ | 1641 | error |= __put_user(kbuf.f_bfree, &buf->f_bavail); /* XXX hackety hack... */ |
1659 | __put_user(kbuf.f_files, &buf->f_files); | 1642 | error |= __put_user(kbuf.f_files, &buf->f_files); |
1660 | __put_user(kbuf.f_ffree, &buf->f_ffree); | 1643 | error |= __put_user(kbuf.f_ffree, &buf->f_ffree); |
1661 | __put_user(kbuf.f_ffree, &buf->f_favail); /* XXX hackety hack... */ | 1644 | error |= __put_user(kbuf.f_ffree, &buf->f_favail); /* XXX hackety hack... */ |
1662 | #ifdef __MIPSEB__ | 1645 | #ifdef __MIPSEB__ |
1663 | __put_user(kbuf.f_fsid.val[1], &buf->f_fsid); | 1646 | error |= __put_user(kbuf.f_fsid.val[1], &buf->f_fsid); |
1664 | #else | 1647 | #else |
1665 | __put_user(kbuf.f_fsid.val[0], &buf->f_fsid); | 1648 | error |= __put_user(kbuf.f_fsid.val[0], &buf->f_fsid); |
1666 | #endif | 1649 | #endif |
1667 | for(i = 0; i < 16; i++) | 1650 | for(i = 0; i < 16; i++) |
1668 | __put_user(0, &buf->f_basetype[i]); | 1651 | error |= __put_user(0, &buf->f_basetype[i]); |
1669 | __put_user(0, &buf->f_flag); | 1652 | error |= __put_user(0, &buf->f_flag); |
1670 | __put_user(kbuf.f_namelen, &buf->f_namemax); | 1653 | error |= __put_user(kbuf.f_namelen, &buf->f_namemax); |
1671 | for(i = 0; i < 32; i++) | 1654 | for(i = 0; i < 32; i++) |
1672 | __put_user(0, &buf->f_fstr[i]); | 1655 | error |= __put_user(0, &buf->f_fstr[i]); |
1673 | |||
1674 | error = 0; | ||
1675 | 1656 | ||
1676 | dput_and_out: | 1657 | dput_and_out: |
1677 | path_release(&nd); | 1658 | path_release(&nd); |
@@ -1679,7 +1660,7 @@ out: | |||
1679 | return error; | 1660 | return error; |
1680 | } | 1661 | } |
1681 | 1662 | ||
1682 | asmlinkage int irix_fstatvfs64(int fd, struct irix_statvfs *buf) | 1663 | asmlinkage int irix_fstatvfs64(int fd, struct irix_statvfs __user *buf) |
1683 | { | 1664 | { |
1684 | struct kstatfs kbuf; | 1665 | struct kstatfs kbuf; |
1685 | struct file *file; | 1666 | struct file *file; |
@@ -1700,24 +1681,24 @@ asmlinkage int irix_fstatvfs64(int fd, struct irix_statvfs *buf) | |||
1700 | if (error) | 1681 | if (error) |
1701 | goto out_f; | 1682 | goto out_f; |
1702 | 1683 | ||
1703 | __put_user(kbuf.f_bsize, &buf->f_bsize); | 1684 | error = __put_user(kbuf.f_bsize, &buf->f_bsize); |
1704 | __put_user(kbuf.f_frsize, &buf->f_frsize); | 1685 | error |= __put_user(kbuf.f_frsize, &buf->f_frsize); |
1705 | __put_user(kbuf.f_blocks, &buf->f_blocks); | 1686 | error |= __put_user(kbuf.f_blocks, &buf->f_blocks); |
1706 | __put_user(kbuf.f_bfree, &buf->f_bfree); | 1687 | error |= __put_user(kbuf.f_bfree, &buf->f_bfree); |
1707 | __put_user(kbuf.f_bfree, &buf->f_bavail); /* XXX hackety hack... */ | 1688 | error |= __put_user(kbuf.f_bfree, &buf->f_bavail); /* XXX hackety hack... */ |
1708 | __put_user(kbuf.f_files, &buf->f_files); | 1689 | error |= __put_user(kbuf.f_files, &buf->f_files); |
1709 | __put_user(kbuf.f_ffree, &buf->f_ffree); | 1690 | error |= __put_user(kbuf.f_ffree, &buf->f_ffree); |
1710 | __put_user(kbuf.f_ffree, &buf->f_favail); /* XXX hackety hack... */ | 1691 | error |= __put_user(kbuf.f_ffree, &buf->f_favail); /* XXX hackety hack... */ |
1711 | #ifdef __MIPSEB__ | 1692 | #ifdef __MIPSEB__ |
1712 | __put_user(kbuf.f_fsid.val[1], &buf->f_fsid); | 1693 | error |= __put_user(kbuf.f_fsid.val[1], &buf->f_fsid); |
1713 | #else | 1694 | #else |
1714 | __put_user(kbuf.f_fsid.val[0], &buf->f_fsid); | 1695 | error |= __put_user(kbuf.f_fsid.val[0], &buf->f_fsid); |
1715 | #endif | 1696 | #endif |
1716 | for(i = 0; i < 16; i++) | 1697 | for(i = 0; i < 16; i++) |
1717 | __put_user(0, &buf->f_basetype[i]); | 1698 | error |= __put_user(0, &buf->f_basetype[i]); |
1718 | __put_user(0, &buf->f_flag); | 1699 | error |= __put_user(0, &buf->f_flag); |
1719 | __put_user(kbuf.f_namelen, &buf->f_namemax); | 1700 | error |= __put_user(kbuf.f_namelen, &buf->f_namemax); |
1720 | __clear_user(buf->f_fstr, sizeof(buf->f_fstr[i])); | 1701 | error |= __clear_user(buf->f_fstr, sizeof(buf->f_fstr[i])) ? -EFAULT : 0; |
1721 | 1702 | ||
1722 | out_f: | 1703 | out_f: |
1723 | fput(file); | 1704 | fput(file); |
@@ -1725,9 +1706,9 @@ out: | |||
1725 | return error; | 1706 | return error; |
1726 | } | 1707 | } |
1727 | 1708 | ||
1728 | asmlinkage int irix_getmountid(char *fname, unsigned long *midbuf) | 1709 | asmlinkage int irix_getmountid(char __user *fname, unsigned long __user *midbuf) |
1729 | { | 1710 | { |
1730 | int err = 0; | 1711 | int err; |
1731 | 1712 | ||
1732 | printk("[%s:%d] irix_getmountid(%s, %p)\n", | 1713 | printk("[%s:%d] irix_getmountid(%s, %p)\n", |
1733 | current->comm, current->pid, fname, midbuf); | 1714 | current->comm, current->pid, fname, midbuf); |
@@ -1740,7 +1721,7 @@ asmlinkage int irix_getmountid(char *fname, unsigned long *midbuf) | |||
1740 | * fsid of the filesystem to try and make the right decision, but | 1721 | * fsid of the filesystem to try and make the right decision, but |
1741 | * we don't have this so for now. XXX | 1722 | * we don't have this so for now. XXX |
1742 | */ | 1723 | */ |
1743 | err |= __put_user(0, &midbuf[0]); | 1724 | err = __put_user(0, &midbuf[0]); |
1744 | err |= __put_user(0, &midbuf[1]); | 1725 | err |= __put_user(0, &midbuf[1]); |
1745 | err |= __put_user(0, &midbuf[2]); | 1726 | err |= __put_user(0, &midbuf[2]); |
1746 | err |= __put_user(0, &midbuf[3]); | 1727 | err |= __put_user(0, &midbuf[3]); |
@@ -1767,8 +1748,8 @@ struct irix_dirent32 { | |||
1767 | }; | 1748 | }; |
1768 | 1749 | ||
1769 | struct irix_dirent32_callback { | 1750 | struct irix_dirent32_callback { |
1770 | struct irix_dirent32 *current_dir; | 1751 | struct irix_dirent32 __user *current_dir; |
1771 | struct irix_dirent32 *previous; | 1752 | struct irix_dirent32 __user *previous; |
1772 | int count; | 1753 | int count; |
1773 | int error; | 1754 | int error; |
1774 | }; | 1755 | }; |
@@ -1776,13 +1757,13 @@ struct irix_dirent32_callback { | |||
1776 | #define NAME_OFFSET32(de) ((int) ((de)->d_name - (char *) (de))) | 1757 | #define NAME_OFFSET32(de) ((int) ((de)->d_name - (char *) (de))) |
1777 | #define ROUND_UP32(x) (((x)+sizeof(u32)-1) & ~(sizeof(u32)-1)) | 1758 | #define ROUND_UP32(x) (((x)+sizeof(u32)-1) & ~(sizeof(u32)-1)) |
1778 | 1759 | ||
1779 | static int irix_filldir32(void *__buf, const char *name, int namlen, | 1760 | static int irix_filldir32(void *__buf, const char *name, |
1780 | loff_t offset, ino_t ino, unsigned int d_type) | 1761 | int namlen, loff_t offset, ino_t ino, unsigned int d_type) |
1781 | { | 1762 | { |
1782 | struct irix_dirent32 *dirent; | 1763 | struct irix_dirent32 __user *dirent; |
1783 | struct irix_dirent32_callback *buf = | 1764 | struct irix_dirent32_callback *buf = __buf; |
1784 | (struct irix_dirent32_callback *)__buf; | ||
1785 | unsigned short reclen = ROUND_UP32(NAME_OFFSET32(dirent) + namlen + 1); | 1765 | unsigned short reclen = ROUND_UP32(NAME_OFFSET32(dirent) + namlen + 1); |
1766 | int err = 0; | ||
1786 | 1767 | ||
1787 | #ifdef DEBUG_GETDENTS | 1768 | #ifdef DEBUG_GETDENTS |
1788 | printk("\nirix_filldir32[reclen<%d>namlen<%d>count<%d>]", | 1769 | printk("\nirix_filldir32[reclen<%d>namlen<%d>count<%d>]", |
@@ -1793,25 +1774,26 @@ static int irix_filldir32(void *__buf, const char *name, int namlen, | |||
1793 | return -EINVAL; | 1774 | return -EINVAL; |
1794 | dirent = buf->previous; | 1775 | dirent = buf->previous; |
1795 | if (dirent) | 1776 | if (dirent) |
1796 | __put_user(offset, &dirent->d_off); | 1777 | err = __put_user(offset, &dirent->d_off); |
1797 | dirent = buf->current_dir; | 1778 | dirent = buf->current_dir; |
1798 | buf->previous = dirent; | 1779 | err |= __put_user(dirent, &buf->previous); |
1799 | __put_user(ino, &dirent->d_ino); | 1780 | err |= __put_user(ino, &dirent->d_ino); |
1800 | __put_user(reclen, &dirent->d_reclen); | 1781 | err |= __put_user(reclen, &dirent->d_reclen); |
1801 | copy_to_user(dirent->d_name, name, namlen); | 1782 | err |= copy_to_user((char __user *)dirent->d_name, name, namlen) ? -EFAULT : 0; |
1802 | __put_user(0, &dirent->d_name[namlen]); | 1783 | err |= __put_user(0, &dirent->d_name[namlen]); |
1803 | ((char *) dirent) += reclen; | 1784 | dirent = (struct irix_dirent32 __user *) ((char __user *) dirent + reclen); |
1785 | |||
1804 | buf->current_dir = dirent; | 1786 | buf->current_dir = dirent; |
1805 | buf->count -= reclen; | 1787 | buf->count -= reclen; |
1806 | 1788 | ||
1807 | return 0; | 1789 | return err; |
1808 | } | 1790 | } |
1809 | 1791 | ||
1810 | asmlinkage int irix_ngetdents(unsigned int fd, void * dirent, | 1792 | asmlinkage int irix_ngetdents(unsigned int fd, void __user * dirent, |
1811 | unsigned int count, int *eob) | 1793 | unsigned int count, int __user *eob) |
1812 | { | 1794 | { |
1813 | struct file *file; | 1795 | struct file *file; |
1814 | struct irix_dirent32 *lastdirent; | 1796 | struct irix_dirent32 __user *lastdirent; |
1815 | struct irix_dirent32_callback buf; | 1797 | struct irix_dirent32_callback buf; |
1816 | int error; | 1798 | int error; |
1817 | 1799 | ||
@@ -1824,7 +1806,7 @@ asmlinkage int irix_ngetdents(unsigned int fd, void * dirent, | |||
1824 | if (!file) | 1806 | if (!file) |
1825 | goto out; | 1807 | goto out; |
1826 | 1808 | ||
1827 | buf.current_dir = (struct irix_dirent32 *) dirent; | 1809 | buf.current_dir = (struct irix_dirent32 __user *) dirent; |
1828 | buf.previous = NULL; | 1810 | buf.previous = NULL; |
1829 | buf.count = count; | 1811 | buf.count = count; |
1830 | buf.error = 0; | 1812 | buf.error = 0; |
@@ -1864,8 +1846,8 @@ struct irix_dirent64 { | |||
1864 | }; | 1846 | }; |
1865 | 1847 | ||
1866 | struct irix_dirent64_callback { | 1848 | struct irix_dirent64_callback { |
1867 | struct irix_dirent64 *curr; | 1849 | struct irix_dirent64 __user *curr; |
1868 | struct irix_dirent64 *previous; | 1850 | struct irix_dirent64 __user *previous; |
1869 | int count; | 1851 | int count; |
1870 | int error; | 1852 | int error; |
1871 | }; | 1853 | }; |
@@ -1873,37 +1855,44 @@ struct irix_dirent64_callback { | |||
1873 | #define NAME_OFFSET64(de) ((int) ((de)->d_name - (char *) (de))) | 1855 | #define NAME_OFFSET64(de) ((int) ((de)->d_name - (char *) (de))) |
1874 | #define ROUND_UP64(x) (((x)+sizeof(u64)-1) & ~(sizeof(u64)-1)) | 1856 | #define ROUND_UP64(x) (((x)+sizeof(u64)-1) & ~(sizeof(u64)-1)) |
1875 | 1857 | ||
1876 | static int irix_filldir64(void * __buf, const char * name, int namlen, | 1858 | static int irix_filldir64(void *__buf, const char *name, |
1877 | loff_t offset, ino_t ino, unsigned int d_type) | 1859 | int namlen, loff_t offset, ino_t ino, unsigned int d_type) |
1878 | { | 1860 | { |
1879 | struct irix_dirent64 *dirent; | 1861 | struct irix_dirent64 __user *dirent; |
1880 | struct irix_dirent64_callback * buf = | 1862 | struct irix_dirent64_callback * buf = __buf; |
1881 | (struct irix_dirent64_callback *) __buf; | ||
1882 | unsigned short reclen = ROUND_UP64(NAME_OFFSET64(dirent) + namlen + 1); | 1863 | unsigned short reclen = ROUND_UP64(NAME_OFFSET64(dirent) + namlen + 1); |
1864 | int err = 0; | ||
1883 | 1865 | ||
1884 | buf->error = -EINVAL; /* only used if we fail.. */ | 1866 | if (!access_ok(VERIFY_WRITE, buf, sizeof(*buf))) |
1867 | return -EFAULT; | ||
1868 | |||
1869 | if (__put_user(-EINVAL, &buf->error)) /* only used if we fail.. */ | ||
1870 | return -EFAULT; | ||
1885 | if (reclen > buf->count) | 1871 | if (reclen > buf->count) |
1886 | return -EINVAL; | 1872 | return -EINVAL; |
1887 | dirent = buf->previous; | 1873 | dirent = buf->previous; |
1888 | if (dirent) | 1874 | if (dirent) |
1889 | __put_user(offset, &dirent->d_off); | 1875 | err = __put_user(offset, &dirent->d_off); |
1890 | dirent = buf->curr; | 1876 | dirent = buf->curr; |
1891 | buf->previous = dirent; | 1877 | buf->previous = dirent; |
1892 | __put_user(ino, &dirent->d_ino); | 1878 | err |= __put_user(ino, &dirent->d_ino); |
1893 | __put_user(reclen, &dirent->d_reclen); | 1879 | err |= __put_user(reclen, &dirent->d_reclen); |
1894 | __copy_to_user(dirent->d_name, name, namlen); | 1880 | err |= __copy_to_user((char __user *)dirent->d_name, name, namlen) |
1895 | __put_user(0, &dirent->d_name[namlen]); | 1881 | ? -EFAULT : 0; |
1896 | ((char *) dirent) += reclen; | 1882 | err |= __put_user(0, &dirent->d_name[namlen]); |
1883 | |||
1884 | dirent = (struct irix_dirent64 __user *) ((char __user *) dirent + reclen); | ||
1885 | |||
1897 | buf->curr = dirent; | 1886 | buf->curr = dirent; |
1898 | buf->count -= reclen; | 1887 | buf->count -= reclen; |
1899 | 1888 | ||
1900 | return 0; | 1889 | return err; |
1901 | } | 1890 | } |
1902 | 1891 | ||
1903 | asmlinkage int irix_getdents64(int fd, void *dirent, int cnt) | 1892 | asmlinkage int irix_getdents64(int fd, void __user *dirent, int cnt) |
1904 | { | 1893 | { |
1905 | struct file *file; | 1894 | struct file *file; |
1906 | struct irix_dirent64 *lastdirent; | 1895 | struct irix_dirent64 __user *lastdirent; |
1907 | struct irix_dirent64_callback buf; | 1896 | struct irix_dirent64_callback buf; |
1908 | int error; | 1897 | int error; |
1909 | 1898 | ||
@@ -1923,7 +1912,7 @@ asmlinkage int irix_getdents64(int fd, void *dirent, int cnt) | |||
1923 | if (cnt < (sizeof(struct irix_dirent64) + 255)) | 1912 | if (cnt < (sizeof(struct irix_dirent64) + 255)) |
1924 | goto out_f; | 1913 | goto out_f; |
1925 | 1914 | ||
1926 | buf.curr = (struct irix_dirent64 *) dirent; | 1915 | buf.curr = (struct irix_dirent64 __user *) dirent; |
1927 | buf.previous = NULL; | 1916 | buf.previous = NULL; |
1928 | buf.count = cnt; | 1917 | buf.count = cnt; |
1929 | buf.error = 0; | 1918 | buf.error = 0; |
@@ -1935,7 +1924,8 @@ asmlinkage int irix_getdents64(int fd, void *dirent, int cnt) | |||
1935 | error = buf.error; | 1924 | error = buf.error; |
1936 | goto out_f; | 1925 | goto out_f; |
1937 | } | 1926 | } |
1938 | lastdirent->d_off = (u64) file->f_pos; | 1927 | if (put_user(file->f_pos, &lastdirent->d_off)) |
1928 | return -EFAULT; | ||
1939 | #ifdef DEBUG_GETDENTS | 1929 | #ifdef DEBUG_GETDENTS |
1940 | printk("returning %d\n", cnt - buf.count); | 1930 | printk("returning %d\n", cnt - buf.count); |
1941 | #endif | 1931 | #endif |
@@ -1947,10 +1937,10 @@ out: | |||
1947 | return error; | 1937 | return error; |
1948 | } | 1938 | } |
1949 | 1939 | ||
1950 | asmlinkage int irix_ngetdents64(int fd, void *dirent, int cnt, int *eob) | 1940 | asmlinkage int irix_ngetdents64(int fd, void __user *dirent, int cnt, int *eob) |
1951 | { | 1941 | { |
1952 | struct file *file; | 1942 | struct file *file; |
1953 | struct irix_dirent64 *lastdirent; | 1943 | struct irix_dirent64 __user *lastdirent; |
1954 | struct irix_dirent64_callback buf; | 1944 | struct irix_dirent64_callback buf; |
1955 | int error; | 1945 | int error; |
1956 | 1946 | ||
@@ -1972,7 +1962,7 @@ asmlinkage int irix_ngetdents64(int fd, void *dirent, int cnt, int *eob) | |||
1972 | goto out_f; | 1962 | goto out_f; |
1973 | 1963 | ||
1974 | *eob = 0; | 1964 | *eob = 0; |
1975 | buf.curr = (struct irix_dirent64 *) dirent; | 1965 | buf.curr = (struct irix_dirent64 __user *) dirent; |
1976 | buf.previous = NULL; | 1966 | buf.previous = NULL; |
1977 | buf.count = cnt; | 1967 | buf.count = cnt; |
1978 | buf.error = 0; | 1968 | buf.error = 0; |
@@ -1984,7 +1974,8 @@ asmlinkage int irix_ngetdents64(int fd, void *dirent, int cnt, int *eob) | |||
1984 | error = buf.error; | 1974 | error = buf.error; |
1985 | goto out_f; | 1975 | goto out_f; |
1986 | } | 1976 | } |
1987 | lastdirent->d_off = (u64) file->f_pos; | 1977 | if (put_user(file->f_pos, &lastdirent->d_off)) |
1978 | return -EFAULT; | ||
1988 | #ifdef DEBUG_GETDENTS | 1979 | #ifdef DEBUG_GETDENTS |
1989 | printk("eob=%d returning %d\n", *eob, cnt - buf.count); | 1980 | printk("eob=%d returning %d\n", *eob, cnt - buf.count); |
1990 | #endif | 1981 | #endif |
@@ -2047,14 +2038,14 @@ out: | |||
2047 | return retval; | 2038 | return retval; |
2048 | } | 2039 | } |
2049 | 2040 | ||
2050 | asmlinkage int irix_utssys(char *inbuf, int arg, int type, char *outbuf) | 2041 | asmlinkage int irix_utssys(char __user *inbuf, int arg, int type, char __user *outbuf) |
2051 | { | 2042 | { |
2052 | int retval; | 2043 | int retval; |
2053 | 2044 | ||
2054 | switch(type) { | 2045 | switch(type) { |
2055 | case 0: | 2046 | case 0: |
2056 | /* uname() */ | 2047 | /* uname() */ |
2057 | retval = irix_uname((struct iuname *)inbuf); | 2048 | retval = irix_uname((struct iuname __user *)inbuf); |
2058 | goto out; | 2049 | goto out; |
2059 | 2050 | ||
2060 | case 2: | 2051 | case 2: |