diff options
Diffstat (limited to 'arch/mips/kernel/sysirix.c')
-rw-r--r-- | arch/mips/kernel/sysirix.c | 539 |
1 files changed, 262 insertions, 277 deletions
diff --git a/arch/mips/kernel/sysirix.c b/arch/mips/kernel/sysirix.c index 7ae4af476974..52924f8ce23c 100644 --- a/arch/mips/kernel/sysirix.c +++ b/arch/mips/kernel/sysirix.c | |||
@@ -73,32 +73,30 @@ asmlinkage int irix_sysmp(struct pt_regs *regs) | |||
73 | } | 73 | } |
74 | 74 | ||
75 | /* The prctl commands. */ | 75 | /* The prctl commands. */ |
76 | #define PR_MAXPROCS 1 /* Tasks/user. */ | 76 | #define PR_MAXPROCS 1 /* Tasks/user. */ |
77 | #define PR_ISBLOCKED 2 /* If blocked, return 1. */ | 77 | #define PR_ISBLOCKED 2 /* If blocked, return 1. */ |
78 | #define PR_SETSTACKSIZE 3 /* Set largest task stack size. */ | 78 | #define PR_SETSTACKSIZE 3 /* Set largest task stack size. */ |
79 | #define PR_GETSTACKSIZE 4 /* Get largest task stack size. */ | 79 | #define PR_GETSTACKSIZE 4 /* Get largest task stack size. */ |
80 | #define PR_MAXPPROCS 5 /* Num parallel tasks. */ | 80 | #define PR_MAXPPROCS 5 /* Num parallel tasks. */ |
81 | #define PR_UNBLKONEXEC 6 /* When task exec/exit's, unblock. */ | 81 | #define PR_UNBLKONEXEC 6 /* When task exec/exit's, unblock. */ |
82 | #define PR_SETEXITSIG 8 /* When task exit's, set signal. */ | 82 | #define PR_SETEXITSIG 8 /* When task exit's, set signal. */ |
83 | #define PR_RESIDENT 9 /* Make task unswappable. */ | 83 | #define PR_RESIDENT 9 /* Make task unswappable. */ |
84 | #define PR_ATTACHADDR 10 /* (Re-)Connect a vma to a task. */ | 84 | #define PR_ATTACHADDR 10 /* (Re-)Connect a vma to a task. */ |
85 | #define PR_DETACHADDR 11 /* Disconnect a vma from a task. */ | 85 | #define PR_DETACHADDR 11 /* Disconnect a vma from a task. */ |
86 | #define PR_TERMCHILD 12 /* When parent sleeps with fishes, kill child. */ | 86 | #define PR_TERMCHILD 12 /* Kill child if the parent dies. */ |
87 | #define PR_GETSHMASK 13 /* Get the sproc() share mask. */ | 87 | #define PR_GETSHMASK 13 /* Get the sproc() share mask. */ |
88 | #define PR_GETNSHARE 14 /* Number of share group members. */ | 88 | #define PR_GETNSHARE 14 /* Number of share group members. */ |
89 | #define PR_COREPID 15 /* Add task pid to name when it core. */ | 89 | #define PR_COREPID 15 /* Add task pid to name when it core. */ |
90 | #define PR_ATTACHADDRPERM 16 /* (Re-)Connect vma, with specified prot. */ | 90 | #define PR_ATTACHADDRPERM 16 /* (Re-)Connect vma, with specified prot. */ |
91 | #define PR_PTHREADEXIT 17 /* Kill a pthread without prejudice. */ | 91 | #define PR_PTHREADEXIT 17 /* Kill a pthread, only for IRIX 6.[234] */ |
92 | 92 | ||
93 | asmlinkage int irix_prctl(struct pt_regs *regs) | 93 | asmlinkage int irix_prctl(unsigned option, ...) |
94 | { | 94 | { |
95 | unsigned long cmd; | 95 | va_list args; |
96 | int error = 0, base = 0; | 96 | int error = 0; |
97 | 97 | ||
98 | if (regs->regs[2] == 1000) | 98 | va_start(args, option); |
99 | base = 1; | 99 | switch (option) { |
100 | cmd = regs->regs[base + 4]; | ||
101 | switch (cmd) { | ||
102 | case PR_MAXPROCS: | 100 | case PR_MAXPROCS: |
103 | printk("irix_prctl[%s:%d]: Wants PR_MAXPROCS\n", | 101 | printk("irix_prctl[%s:%d]: Wants PR_MAXPROCS\n", |
104 | current->comm, current->pid); | 102 | current->comm, current->pid); |
@@ -111,7 +109,7 @@ asmlinkage int irix_prctl(struct pt_regs *regs) | |||
111 | printk("irix_prctl[%s:%d]: Wants PR_ISBLOCKED\n", | 109 | printk("irix_prctl[%s:%d]: Wants PR_ISBLOCKED\n", |
112 | current->comm, current->pid); | 110 | current->comm, current->pid); |
113 | read_lock(&tasklist_lock); | 111 | read_lock(&tasklist_lock); |
114 | task = find_task_by_pid(regs->regs[base + 5]); | 112 | task = find_task_by_pid(va_arg(args, pid_t)); |
115 | error = -ESRCH; | 113 | error = -ESRCH; |
116 | if (error) | 114 | if (error) |
117 | error = (task->run_list.next != NULL); | 115 | error = (task->run_list.next != NULL); |
@@ -121,7 +119,7 @@ asmlinkage int irix_prctl(struct pt_regs *regs) | |||
121 | } | 119 | } |
122 | 120 | ||
123 | case PR_SETSTACKSIZE: { | 121 | case PR_SETSTACKSIZE: { |
124 | long value = regs->regs[base + 5]; | 122 | long value = va_arg(args, long); |
125 | 123 | ||
126 | printk("irix_prctl[%s:%d]: Wants PR_SETSTACKSIZE<%08lx>\n", | 124 | printk("irix_prctl[%s:%d]: Wants PR_SETSTACKSIZE<%08lx>\n", |
127 | current->comm, current->pid, (unsigned long) value); | 125 | current->comm, current->pid, (unsigned long) value); |
@@ -222,24 +220,20 @@ asmlinkage int irix_prctl(struct pt_regs *regs) | |||
222 | error = -EINVAL; | 220 | error = -EINVAL; |
223 | break; | 221 | break; |
224 | 222 | ||
225 | case PR_PTHREADEXIT: | ||
226 | printk("irix_prctl[%s:%d]: Wants PR_PTHREADEXIT\n", | ||
227 | current->comm, current->pid); | ||
228 | do_exit(regs->regs[base + 5]); | ||
229 | |||
230 | default: | 223 | default: |
231 | printk("irix_prctl[%s:%d]: Non-existant opcode %d\n", | 224 | printk("irix_prctl[%s:%d]: Non-existant opcode %d\n", |
232 | current->comm, current->pid, (int)cmd); | 225 | current->comm, current->pid, option); |
233 | error = -EINVAL; | 226 | error = -EINVAL; |
234 | break; | 227 | break; |
235 | } | 228 | } |
229 | va_end(args); | ||
236 | 230 | ||
237 | return error; | 231 | return error; |
238 | } | 232 | } |
239 | 233 | ||
240 | #undef DEBUG_PROCGRPS | 234 | #undef DEBUG_PROCGRPS |
241 | 235 | ||
242 | extern unsigned long irix_mapelf(int fd, struct elf_phdr *user_phdrp, int cnt); | 236 | extern unsigned long irix_mapelf(int fd, struct elf_phdr __user *user_phdrp, int cnt); |
243 | extern int getrusage(struct task_struct *p, int who, struct rusage __user *ru); | 237 | extern int getrusage(struct task_struct *p, int who, struct rusage __user *ru); |
244 | extern char *prom_getenv(char *name); | 238 | extern char *prom_getenv(char *name); |
245 | extern long prom_setenv(char *name, char *value); | 239 | extern long prom_setenv(char *name, char *value); |
@@ -276,23 +270,19 @@ asmlinkage int irix_syssgi(struct pt_regs *regs) | |||
276 | cmd = regs->regs[base + 4]; | 270 | cmd = regs->regs[base + 4]; |
277 | switch(cmd) { | 271 | switch(cmd) { |
278 | case SGI_SYSID: { | 272 | case SGI_SYSID: { |
279 | char *buf = (char *) regs->regs[base + 5]; | 273 | char __user *buf = (char __user *) regs->regs[base + 5]; |
280 | 274 | ||
281 | /* XXX Use ethernet addr.... */ | 275 | /* XXX Use ethernet addr.... */ |
282 | retval = clear_user(buf, 64); | 276 | retval = clear_user(buf, 64) ? -EFAULT : 0; |
283 | break; | 277 | break; |
284 | } | 278 | } |
285 | #if 0 | 279 | #if 0 |
286 | case SGI_RDNAME: { | 280 | case SGI_RDNAME: { |
287 | int pid = (int) regs->regs[base + 5]; | 281 | int pid = (int) regs->regs[base + 5]; |
288 | char *buf = (char *) regs->regs[base + 6]; | 282 | char __user *buf = (char __user *) regs->regs[base + 6]; |
289 | struct task_struct *p; | 283 | struct task_struct *p; |
290 | char tcomm[sizeof(current->comm)]; | 284 | char tcomm[sizeof(current->comm)]; |
291 | 285 | ||
292 | if (!access_ok(VERIFY_WRITE, buf, sizeof(tcomm))) { | ||
293 | retval = -EFAULT; | ||
294 | break; | ||
295 | } | ||
296 | read_lock(&tasklist_lock); | 286 | read_lock(&tasklist_lock); |
297 | p = find_task_by_pid(pid); | 287 | p = find_task_by_pid(pid); |
298 | if (!p) { | 288 | if (!p) { |
@@ -304,34 +294,28 @@ asmlinkage int irix_syssgi(struct pt_regs *regs) | |||
304 | read_unlock(&tasklist_lock); | 294 | read_unlock(&tasklist_lock); |
305 | 295 | ||
306 | /* XXX Need to check sizes. */ | 296 | /* XXX Need to check sizes. */ |
307 | copy_to_user(buf, tcomm, sizeof(tcomm)); | 297 | retval = copy_to_user(buf, tcomm, sizeof(tcomm)) ? -EFAULT : 0; |
308 | retval = 0; | ||
309 | break; | 298 | break; |
310 | } | 299 | } |
311 | 300 | ||
312 | case SGI_GETNVRAM: { | 301 | case SGI_GETNVRAM: { |
313 | char *name = (char *) regs->regs[base+5]; | 302 | char __user *name = (char __user *) regs->regs[base+5]; |
314 | char *buf = (char *) regs->regs[base+6]; | 303 | char __user *buf = (char __user *) regs->regs[base+6]; |
315 | char *value; | 304 | char *value; |
316 | return -EINVAL; /* til I fix it */ | 305 | return -EINVAL; /* til I fix it */ |
317 | if (!access_ok(VERIFY_WRITE, buf, 128)) { | ||
318 | retval = -EFAULT; | ||
319 | break; | ||
320 | } | ||
321 | value = prom_getenv(name); /* PROM lock? */ | 306 | value = prom_getenv(name); /* PROM lock? */ |
322 | if (!value) { | 307 | if (!value) { |
323 | retval = -EINVAL; | 308 | retval = -EINVAL; |
324 | break; | 309 | break; |
325 | } | 310 | } |
326 | /* Do I strlen() for the length? */ | 311 | /* Do I strlen() for the length? */ |
327 | copy_to_user(buf, value, 128); | 312 | retval = copy_to_user(buf, value, 128) ? -EFAULT : 0; |
328 | retval = 0; | ||
329 | break; | 313 | break; |
330 | } | 314 | } |
331 | 315 | ||
332 | case SGI_SETNVRAM: { | 316 | case SGI_SETNVRAM: { |
333 | char *name = (char *) regs->regs[base+5]; | 317 | char __user *name = (char __user *) regs->regs[base+5]; |
334 | char *value = (char *) regs->regs[base+6]; | 318 | char __user *value = (char __user *) regs->regs[base+6]; |
335 | return -EINVAL; /* til I fix it */ | 319 | return -EINVAL; /* til I fix it */ |
336 | retval = prom_setenv(name, value); | 320 | retval = prom_setenv(name, value); |
337 | /* XXX make sure retval conforms to syssgi(2) */ | 321 | /* XXX make sure retval conforms to syssgi(2) */ |
@@ -407,16 +391,16 @@ asmlinkage int irix_syssgi(struct pt_regs *regs) | |||
407 | 391 | ||
408 | case SGI_SETGROUPS: | 392 | case SGI_SETGROUPS: |
409 | retval = sys_setgroups((int) regs->regs[base + 5], | 393 | retval = sys_setgroups((int) regs->regs[base + 5], |
410 | (gid_t *) regs->regs[base + 6]); | 394 | (gid_t __user *) regs->regs[base + 6]); |
411 | break; | 395 | break; |
412 | 396 | ||
413 | case SGI_GETGROUPS: | 397 | case SGI_GETGROUPS: |
414 | retval = sys_getgroups((int) regs->regs[base + 5], | 398 | retval = sys_getgroups((int) regs->regs[base + 5], |
415 | (gid_t *) regs->regs[base + 6]); | 399 | (gid_t __user *) regs->regs[base + 6]); |
416 | break; | 400 | break; |
417 | 401 | ||
418 | case SGI_RUSAGE: { | 402 | case SGI_RUSAGE: { |
419 | struct rusage *ru = (struct rusage *) regs->regs[base + 6]; | 403 | struct rusage __user *ru = (struct rusage __user *) regs->regs[base + 6]; |
420 | 404 | ||
421 | switch((int) regs->regs[base + 5]) { | 405 | switch((int) regs->regs[base + 5]) { |
422 | case 0: | 406 | case 0: |
@@ -453,7 +437,7 @@ asmlinkage int irix_syssgi(struct pt_regs *regs) | |||
453 | 437 | ||
454 | case SGI_ELFMAP: | 438 | case SGI_ELFMAP: |
455 | retval = irix_mapelf((int) regs->regs[base + 5], | 439 | retval = irix_mapelf((int) regs->regs[base + 5], |
456 | (struct elf_phdr *) regs->regs[base + 6], | 440 | (struct elf_phdr __user *) regs->regs[base + 6], |
457 | (int) regs->regs[base + 7]); | 441 | (int) regs->regs[base + 7]); |
458 | break; | 442 | break; |
459 | 443 | ||
@@ -468,24 +452,24 @@ asmlinkage int irix_syssgi(struct pt_regs *regs) | |||
468 | 452 | ||
469 | case SGI_PHYSP: { | 453 | case SGI_PHYSP: { |
470 | unsigned long addr = regs->regs[base + 5]; | 454 | unsigned long addr = regs->regs[base + 5]; |
471 | int *pageno = (int *) (regs->regs[base + 6]); | 455 | int __user *pageno = (int __user *) (regs->regs[base + 6]); |
472 | struct mm_struct *mm = current->mm; | 456 | struct mm_struct *mm = current->mm; |
473 | pgd_t *pgdp; | 457 | pgd_t *pgdp; |
458 | pud_t *pudp; | ||
474 | pmd_t *pmdp; | 459 | pmd_t *pmdp; |
475 | pte_t *ptep; | 460 | pte_t *ptep; |
476 | 461 | ||
477 | if (!access_ok(VERIFY_WRITE, pageno, sizeof(int))) | ||
478 | return -EFAULT; | ||
479 | |||
480 | down_read(&mm->mmap_sem); | 462 | down_read(&mm->mmap_sem); |
481 | pgdp = pgd_offset(mm, addr); | 463 | pgdp = pgd_offset(mm, addr); |
482 | pmdp = pmd_offset(pgdp, addr); | 464 | pudp = pud_offset(pgdp, addr); |
465 | pmdp = pmd_offset(pudp, addr); | ||
483 | ptep = pte_offset(pmdp, addr); | 466 | ptep = pte_offset(pmdp, addr); |
484 | retval = -EINVAL; | 467 | retval = -EINVAL; |
485 | if (ptep) { | 468 | if (ptep) { |
486 | pte_t pte = *ptep; | 469 | pte_t pte = *ptep; |
487 | 470 | ||
488 | if (pte_val(pte) & (_PAGE_VALID | _PAGE_PRESENT)) { | 471 | if (pte_val(pte) & (_PAGE_VALID | _PAGE_PRESENT)) { |
472 | /* b0rked on 64-bit */ | ||
489 | retval = put_user((pte_val(pte) & PAGE_MASK) >> | 473 | retval = put_user((pte_val(pte) & PAGE_MASK) >> |
490 | PAGE_SHIFT, pageno); | 474 | PAGE_SHIFT, pageno); |
491 | } | 475 | } |
@@ -496,7 +480,7 @@ asmlinkage int irix_syssgi(struct pt_regs *regs) | |||
496 | 480 | ||
497 | case SGI_INVENT: { | 481 | case SGI_INVENT: { |
498 | int arg1 = (int) regs->regs [base + 5]; | 482 | int arg1 = (int) regs->regs [base + 5]; |
499 | void *buffer = (void *) regs->regs [base + 6]; | 483 | void __user *buffer = (void __user *) regs->regs [base + 6]; |
500 | int count = (int) regs->regs [base + 7]; | 484 | int count = (int) regs->regs [base + 7]; |
501 | 485 | ||
502 | switch (arg1) { | 486 | switch (arg1) { |
@@ -692,8 +676,8 @@ asmlinkage int irix_pause(void) | |||
692 | } | 676 | } |
693 | 677 | ||
694 | /* XXX need more than this... */ | 678 | /* XXX need more than this... */ |
695 | asmlinkage int irix_mount(char *dev_name, char *dir_name, unsigned long flags, | 679 | asmlinkage int irix_mount(char __user *dev_name, char __user *dir_name, |
696 | char *type, void *data, int datalen) | 680 | unsigned long flags, char __user *type, void __user *data, int datalen) |
697 | { | 681 | { |
698 | printk("[%s:%d] irix_mount(%p,%p,%08lx,%p,%p,%d)\n", | 682 | printk("[%s:%d] irix_mount(%p,%p,%08lx,%p,%p,%d)\n", |
699 | current->comm, current->pid, | 683 | current->comm, current->pid, |
@@ -708,8 +692,8 @@ struct irix_statfs { | |||
708 | char f_fname[6], f_fpack[6]; | 692 | char f_fname[6], f_fpack[6]; |
709 | }; | 693 | }; |
710 | 694 | ||
711 | asmlinkage int irix_statfs(const char *path, struct irix_statfs *buf, | 695 | asmlinkage int irix_statfs(const char __user *path, |
712 | int len, int fs_type) | 696 | struct irix_statfs __user *buf, int len, int fs_type) |
713 | { | 697 | { |
714 | struct nameidata nd; | 698 | struct nameidata nd; |
715 | struct kstatfs kbuf; | 699 | struct kstatfs kbuf; |
@@ -724,6 +708,7 @@ asmlinkage int irix_statfs(const char *path, struct irix_statfs *buf, | |||
724 | error = -EFAULT; | 708 | error = -EFAULT; |
725 | goto out; | 709 | goto out; |
726 | } | 710 | } |
711 | |||
727 | error = user_path_walk(path, &nd); | 712 | error = user_path_walk(path, &nd); |
728 | if (error) | 713 | if (error) |
729 | goto out; | 714 | goto out; |
@@ -732,18 +717,17 @@ asmlinkage int irix_statfs(const char *path, struct irix_statfs *buf, | |||
732 | if (error) | 717 | if (error) |
733 | goto dput_and_out; | 718 | goto dput_and_out; |
734 | 719 | ||
735 | __put_user(kbuf.f_type, &buf->f_type); | 720 | error = __put_user(kbuf.f_type, &buf->f_type); |
736 | __put_user(kbuf.f_bsize, &buf->f_bsize); | 721 | error |= __put_user(kbuf.f_bsize, &buf->f_bsize); |
737 | __put_user(kbuf.f_frsize, &buf->f_frsize); | 722 | error |= __put_user(kbuf.f_frsize, &buf->f_frsize); |
738 | __put_user(kbuf.f_blocks, &buf->f_blocks); | 723 | error |= __put_user(kbuf.f_blocks, &buf->f_blocks); |
739 | __put_user(kbuf.f_bfree, &buf->f_bfree); | 724 | error |= __put_user(kbuf.f_bfree, &buf->f_bfree); |
740 | __put_user(kbuf.f_files, &buf->f_files); | 725 | error |= __put_user(kbuf.f_files, &buf->f_files); |
741 | __put_user(kbuf.f_ffree, &buf->f_ffree); | 726 | error |= __put_user(kbuf.f_ffree, &buf->f_ffree); |
742 | for (i = 0; i < 6; i++) { | 727 | for (i = 0; i < 6; i++) { |
743 | __put_user(0, &buf->f_fname[i]); | 728 | error |= __put_user(0, &buf->f_fname[i]); |
744 | __put_user(0, &buf->f_fpack[i]); | 729 | error |= __put_user(0, &buf->f_fpack[i]); |
745 | } | 730 | } |
746 | error = 0; | ||
747 | 731 | ||
748 | dput_and_out: | 732 | dput_and_out: |
749 | path_release(&nd); | 733 | path_release(&nd); |
@@ -751,7 +735,7 @@ out: | |||
751 | return error; | 735 | return error; |
752 | } | 736 | } |
753 | 737 | ||
754 | asmlinkage int irix_fstatfs(unsigned int fd, struct irix_statfs *buf) | 738 | asmlinkage int irix_fstatfs(unsigned int fd, struct irix_statfs __user *buf) |
755 | { | 739 | { |
756 | struct kstatfs kbuf; | 740 | struct kstatfs kbuf; |
757 | struct file *file; | 741 | struct file *file; |
@@ -761,6 +745,7 @@ asmlinkage int irix_fstatfs(unsigned int fd, struct irix_statfs *buf) | |||
761 | error = -EFAULT; | 745 | error = -EFAULT; |
762 | goto out; | 746 | goto out; |
763 | } | 747 | } |
748 | |||
764 | if (!(file = fget(fd))) { | 749 | if (!(file = fget(fd))) { |
765 | error = -EBADF; | 750 | error = -EBADF; |
766 | goto out; | 751 | goto out; |
@@ -770,16 +755,17 @@ asmlinkage int irix_fstatfs(unsigned int fd, struct irix_statfs *buf) | |||
770 | if (error) | 755 | if (error) |
771 | goto out_f; | 756 | goto out_f; |
772 | 757 | ||
773 | __put_user(kbuf.f_type, &buf->f_type); | 758 | error = __put_user(kbuf.f_type, &buf->f_type); |
774 | __put_user(kbuf.f_bsize, &buf->f_bsize); | 759 | error |= __put_user(kbuf.f_bsize, &buf->f_bsize); |
775 | __put_user(kbuf.f_frsize, &buf->f_frsize); | 760 | error |= __put_user(kbuf.f_frsize, &buf->f_frsize); |
776 | __put_user(kbuf.f_blocks, &buf->f_blocks); | 761 | error |= __put_user(kbuf.f_blocks, &buf->f_blocks); |
777 | __put_user(kbuf.f_bfree, &buf->f_bfree); | 762 | error |= __put_user(kbuf.f_bfree, &buf->f_bfree); |
778 | __put_user(kbuf.f_files, &buf->f_files); | 763 | error |= __put_user(kbuf.f_files, &buf->f_files); |
779 | __put_user(kbuf.f_ffree, &buf->f_ffree); | 764 | error |= __put_user(kbuf.f_ffree, &buf->f_ffree); |
780 | for(i = 0; i < 6; i++) { | 765 | |
781 | __put_user(0, &buf->f_fname[i]); | 766 | for (i = 0; i < 6; i++) { |
782 | __put_user(0, &buf->f_fpack[i]); | 767 | error |= __put_user(0, &buf->f_fname[i]); |
768 | error |= __put_user(0, &buf->f_fpack[i]); | ||
783 | } | 769 | } |
784 | 770 | ||
785 | out_f: | 771 | out_f: |
@@ -806,14 +792,15 @@ asmlinkage int irix_setpgrp(int flags) | |||
806 | return error; | 792 | return error; |
807 | } | 793 | } |
808 | 794 | ||
809 | asmlinkage int irix_times(struct tms * tbuf) | 795 | asmlinkage int irix_times(struct tms __user *tbuf) |
810 | { | 796 | { |
811 | int err = 0; | 797 | int err = 0; |
812 | 798 | ||
813 | if (tbuf) { | 799 | if (tbuf) { |
814 | if (!access_ok(VERIFY_WRITE,tbuf,sizeof *tbuf)) | 800 | if (!access_ok(VERIFY_WRITE,tbuf,sizeof *tbuf)) |
815 | return -EFAULT; | 801 | return -EFAULT; |
816 | err |= __put_user(current->utime, &tbuf->tms_utime); | 802 | |
803 | err = __put_user(current->utime, &tbuf->tms_utime); | ||
817 | err |= __put_user(current->stime, &tbuf->tms_stime); | 804 | err |= __put_user(current->stime, &tbuf->tms_stime); |
818 | err |= __put_user(current->signal->cutime, &tbuf->tms_cutime); | 805 | err |= __put_user(current->signal->cutime, &tbuf->tms_cutime); |
819 | err |= __put_user(current->signal->cstime, &tbuf->tms_cstime); | 806 | err |= __put_user(current->signal->cstime, &tbuf->tms_cstime); |
@@ -829,13 +816,13 @@ asmlinkage int irix_exec(struct pt_regs *regs) | |||
829 | 816 | ||
830 | if(regs->regs[2] == 1000) | 817 | if(regs->regs[2] == 1000) |
831 | base = 1; | 818 | base = 1; |
832 | filename = getname((char *) (long)regs->regs[base + 4]); | 819 | filename = getname((char __user *) (long)regs->regs[base + 4]); |
833 | error = PTR_ERR(filename); | 820 | error = PTR_ERR(filename); |
834 | if (IS_ERR(filename)) | 821 | if (IS_ERR(filename)) |
835 | return error; | 822 | return error; |
836 | 823 | ||
837 | error = do_execve(filename, (char **) (long)regs->regs[base + 5], | 824 | error = do_execve(filename, (char __user * __user *) (long)regs->regs[base + 5], |
838 | (char **) 0, regs); | 825 | NULL, regs); |
839 | putname(filename); | 826 | putname(filename); |
840 | 827 | ||
841 | return error; | 828 | return error; |
@@ -848,12 +835,12 @@ asmlinkage int irix_exece(struct pt_regs *regs) | |||
848 | 835 | ||
849 | if (regs->regs[2] == 1000) | 836 | if (regs->regs[2] == 1000) |
850 | base = 1; | 837 | base = 1; |
851 | filename = getname((char *) (long)regs->regs[base + 4]); | 838 | filename = getname((char __user *) (long)regs->regs[base + 4]); |
852 | error = PTR_ERR(filename); | 839 | error = PTR_ERR(filename); |
853 | if (IS_ERR(filename)) | 840 | if (IS_ERR(filename)) |
854 | return error; | 841 | return error; |
855 | error = do_execve(filename, (char **) (long)regs->regs[base + 5], | 842 | error = do_execve(filename, (char __user * __user *) (long)regs->regs[base + 5], |
856 | (char **) (long)regs->regs[base + 6], regs); | 843 | (char __user * __user *) (long)regs->regs[base + 6], regs); |
857 | putname(filename); | 844 | putname(filename); |
858 | 845 | ||
859 | return error; | 846 | return error; |
@@ -909,22 +896,17 @@ asmlinkage int irix_socket(int family, int type, int protocol) | |||
909 | return sys_socket(family, type, protocol); | 896 | return sys_socket(family, type, protocol); |
910 | } | 897 | } |
911 | 898 | ||
912 | asmlinkage int irix_getdomainname(char *name, int len) | 899 | asmlinkage int irix_getdomainname(char __user *name, int len) |
913 | { | 900 | { |
914 | int error; | 901 | int err; |
915 | |||
916 | if (!access_ok(VERIFY_WRITE, name, len)) | ||
917 | return -EFAULT; | ||
918 | 902 | ||
919 | down_read(&uts_sem); | 903 | down_read(&uts_sem); |
920 | if (len > __NEW_UTS_LEN) | 904 | if (len > __NEW_UTS_LEN) |
921 | len = __NEW_UTS_LEN; | 905 | len = __NEW_UTS_LEN; |
922 | error = 0; | 906 | err = copy_to_user(name, system_utsname.domainname, len) ? -EFAULT : 0; |
923 | if (copy_to_user(name, system_utsname.domainname, len)) | ||
924 | error = -EFAULT; | ||
925 | up_read(&uts_sem); | 907 | up_read(&uts_sem); |
926 | 908 | ||
927 | return error; | 909 | return err; |
928 | } | 910 | } |
929 | 911 | ||
930 | asmlinkage unsigned long irix_getpagesize(void) | 912 | asmlinkage unsigned long irix_getpagesize(void) |
@@ -940,12 +922,13 @@ asmlinkage int irix_msgsys(int opcode, unsigned long arg0, unsigned long arg1, | |||
940 | case 0: | 922 | case 0: |
941 | return sys_msgget((key_t) arg0, (int) arg1); | 923 | return sys_msgget((key_t) arg0, (int) arg1); |
942 | case 1: | 924 | case 1: |
943 | return sys_msgctl((int) arg0, (int) arg1, (struct msqid_ds *)arg2); | 925 | return sys_msgctl((int) arg0, (int) arg1, |
926 | (struct msqid_ds __user *)arg2); | ||
944 | case 2: | 927 | case 2: |
945 | return sys_msgrcv((int) arg0, (struct msgbuf *) arg1, | 928 | return sys_msgrcv((int) arg0, (struct msgbuf __user *) arg1, |
946 | (size_t) arg2, (long) arg3, (int) arg4); | 929 | (size_t) arg2, (long) arg3, (int) arg4); |
947 | case 3: | 930 | case 3: |
948 | return sys_msgsnd((int) arg0, (struct msgbuf *) arg1, | 931 | return sys_msgsnd((int) arg0, (struct msgbuf __user *) arg1, |
949 | (size_t) arg2, (int) arg3); | 932 | (size_t) arg2, (int) arg3); |
950 | default: | 933 | default: |
951 | return -EINVAL; | 934 | return -EINVAL; |
@@ -957,12 +940,13 @@ asmlinkage int irix_shmsys(int opcode, unsigned long arg0, unsigned long arg1, | |||
957 | { | 940 | { |
958 | switch (opcode) { | 941 | switch (opcode) { |
959 | case 0: | 942 | case 0: |
960 | return do_shmat((int) arg0, (char *)arg1, (int) arg2, | 943 | return do_shmat((int) arg0, (char __user *) arg1, (int) arg2, |
961 | (unsigned long *) arg3); | 944 | (unsigned long *) arg3); |
962 | case 1: | 945 | case 1: |
963 | return sys_shmctl((int)arg0, (int)arg1, (struct shmid_ds *)arg2); | 946 | return sys_shmctl((int)arg0, (int)arg1, |
947 | (struct shmid_ds __user *)arg2); | ||
964 | case 2: | 948 | case 2: |
965 | return sys_shmdt((char *)arg0); | 949 | return sys_shmdt((char __user *)arg0); |
966 | case 3: | 950 | case 3: |
967 | return sys_shmget((key_t) arg0, (int) arg1, (int) arg2); | 951 | return sys_shmget((key_t) arg0, (int) arg1, (int) arg2); |
968 | default: | 952 | default: |
@@ -980,7 +964,7 @@ asmlinkage int irix_semsys(int opcode, unsigned long arg0, unsigned long arg1, | |||
980 | case 1: | 964 | case 1: |
981 | return sys_semget((key_t) arg0, (int) arg1, (int) arg2); | 965 | return sys_semget((key_t) arg0, (int) arg1, (int) arg2); |
982 | case 2: | 966 | case 2: |
983 | return sys_semop((int) arg0, (struct sembuf *)arg1, | 967 | return sys_semop((int) arg0, (struct sembuf __user *)arg1, |
984 | (unsigned int) arg2); | 968 | (unsigned int) arg2); |
985 | default: | 969 | default: |
986 | return -EINVAL; | 970 | return -EINVAL; |
@@ -998,15 +982,16 @@ static inline loff_t llseek(struct file *file, loff_t offset, int origin) | |||
998 | lock_kernel(); | 982 | lock_kernel(); |
999 | retval = fn(file, offset, origin); | 983 | retval = fn(file, offset, origin); |
1000 | unlock_kernel(); | 984 | unlock_kernel(); |
985 | |||
1001 | return retval; | 986 | return retval; |
1002 | } | 987 | } |
1003 | 988 | ||
1004 | asmlinkage int irix_lseek64(int fd, int _unused, int offhi, int offlow, | 989 | asmlinkage int irix_lseek64(int fd, int _unused, int offhi, int offlow, |
1005 | int origin) | 990 | int origin) |
1006 | { | 991 | { |
1007 | int retval; | ||
1008 | struct file * file; | 992 | struct file * file; |
1009 | loff_t offset; | 993 | loff_t offset; |
994 | int retval; | ||
1010 | 995 | ||
1011 | retval = -EBADF; | 996 | retval = -EBADF; |
1012 | file = fget(fd); | 997 | file = fget(fd); |
@@ -1031,12 +1016,12 @@ asmlinkage int irix_sginap(int ticks) | |||
1031 | return 0; | 1016 | return 0; |
1032 | } | 1017 | } |
1033 | 1018 | ||
1034 | asmlinkage int irix_sgikopt(char *istring, char *ostring, int len) | 1019 | asmlinkage int irix_sgikopt(char __user *istring, char __user *ostring, int len) |
1035 | { | 1020 | { |
1036 | return -EINVAL; | 1021 | return -EINVAL; |
1037 | } | 1022 | } |
1038 | 1023 | ||
1039 | asmlinkage int irix_gettimeofday(struct timeval *tv) | 1024 | asmlinkage int irix_gettimeofday(struct timeval __user *tv) |
1040 | { | 1025 | { |
1041 | time_t sec; | 1026 | time_t sec; |
1042 | long nsec, seq; | 1027 | long nsec, seq; |
@@ -1077,7 +1062,7 @@ asmlinkage unsigned long irix_mmap32(unsigned long addr, size_t len, int prot, | |||
1077 | 1062 | ||
1078 | if (max_size > file->f_dentry->d_inode->i_size) { | 1063 | if (max_size > file->f_dentry->d_inode->i_size) { |
1079 | old_pos = sys_lseek (fd, max_size - 1, 0); | 1064 | old_pos = sys_lseek (fd, max_size - 1, 0); |
1080 | sys_write (fd, "", 1); | 1065 | sys_write (fd, (void __user *) "", 1); |
1081 | sys_lseek (fd, old_pos, 0); | 1066 | sys_lseek (fd, old_pos, 0); |
1082 | } | 1067 | } |
1083 | } | 1068 | } |
@@ -1102,7 +1087,7 @@ asmlinkage int irix_madvise(unsigned long addr, int len, int behavior) | |||
1102 | return -EINVAL; | 1087 | return -EINVAL; |
1103 | } | 1088 | } |
1104 | 1089 | ||
1105 | asmlinkage int irix_pagelock(char *addr, int len, int op) | 1090 | asmlinkage int irix_pagelock(char __user *addr, int len, int op) |
1106 | { | 1091 | { |
1107 | printk("[%s:%d] Wheee.. irix_pagelock(%p,%d,%d)\n", | 1092 | printk("[%s:%d] Wheee.. irix_pagelock(%p,%d,%d)\n", |
1108 | current->comm, current->pid, addr, len, op); | 1093 | current->comm, current->pid, addr, len, op); |
@@ -1142,7 +1127,7 @@ asmlinkage int irix_BSDsetpgrp(int pid, int pgrp) | |||
1142 | return error; | 1127 | return error; |
1143 | } | 1128 | } |
1144 | 1129 | ||
1145 | asmlinkage int irix_systeminfo(int cmd, char *buf, int cnt) | 1130 | asmlinkage int irix_systeminfo(int cmd, char __user *buf, int cnt) |
1146 | { | 1131 | { |
1147 | printk("[%s:%d] Wheee.. irix_systeminfo(%d,%p,%d)\n", | 1132 | printk("[%s:%d] Wheee.. irix_systeminfo(%d,%p,%d)\n", |
1148 | current->comm, current->pid, cmd, buf, cnt); | 1133 | current->comm, current->pid, cmd, buf, cnt); |
@@ -1158,14 +1143,14 @@ struct iuname { | |||
1158 | char _unused3[257], _unused4[257], _unused5[257]; | 1143 | char _unused3[257], _unused4[257], _unused5[257]; |
1159 | }; | 1144 | }; |
1160 | 1145 | ||
1161 | asmlinkage int irix_uname(struct iuname *buf) | 1146 | asmlinkage int irix_uname(struct iuname __user *buf) |
1162 | { | 1147 | { |
1163 | down_read(&uts_sem); | 1148 | down_read(&uts_sem); |
1164 | if (copy_to_user(system_utsname.sysname, buf->sysname, 65) | 1149 | if (copy_from_user(system_utsname.sysname, buf->sysname, 65) |
1165 | || copy_to_user(system_utsname.nodename, buf->nodename, 65) | 1150 | || copy_from_user(system_utsname.nodename, buf->nodename, 65) |
1166 | || copy_to_user(system_utsname.release, buf->release, 65) | 1151 | || copy_from_user(system_utsname.release, buf->release, 65) |
1167 | || copy_to_user(system_utsname.version, buf->version, 65) | 1152 | || copy_from_user(system_utsname.version, buf->version, 65) |
1168 | || copy_to_user(system_utsname.machine, buf->machine, 65)) { | 1153 | || copy_from_user(system_utsname.machine, buf->machine, 65)) { |
1169 | return -EFAULT; | 1154 | return -EFAULT; |
1170 | } | 1155 | } |
1171 | up_read(&uts_sem); | 1156 | up_read(&uts_sem); |
@@ -1175,7 +1160,7 @@ asmlinkage int irix_uname(struct iuname *buf) | |||
1175 | 1160 | ||
1176 | #undef DEBUG_XSTAT | 1161 | #undef DEBUG_XSTAT |
1177 | 1162 | ||
1178 | static int irix_xstat32_xlate(struct kstat *stat, void *ubuf) | 1163 | static int irix_xstat32_xlate(struct kstat *stat, void __user *ubuf) |
1179 | { | 1164 | { |
1180 | struct xstat32 { | 1165 | struct xstat32 { |
1181 | u32 st_dev, st_pad1[3], st_ino, st_mode, st_nlink, st_uid, st_gid; | 1166 | u32 st_dev, st_pad1[3], st_ino, st_mode, st_nlink, st_uid, st_gid; |
@@ -1215,7 +1200,7 @@ static int irix_xstat32_xlate(struct kstat *stat, void *ubuf) | |||
1215 | return copy_to_user(ubuf, &ub, sizeof(ub)) ? -EFAULT : 0; | 1200 | return copy_to_user(ubuf, &ub, sizeof(ub)) ? -EFAULT : 0; |
1216 | } | 1201 | } |
1217 | 1202 | ||
1218 | static int irix_xstat64_xlate(struct kstat *stat, void *ubuf) | 1203 | static int irix_xstat64_xlate(struct kstat *stat, void __user *ubuf) |
1219 | { | 1204 | { |
1220 | struct xstat64 { | 1205 | struct xstat64 { |
1221 | u32 st_dev; s32 st_pad1[3]; | 1206 | u32 st_dev; s32 st_pad1[3]; |
@@ -1265,7 +1250,7 @@ static int irix_xstat64_xlate(struct kstat *stat, void *ubuf) | |||
1265 | return copy_to_user(ubuf, &ks, sizeof(ks)) ? -EFAULT : 0; | 1250 | return copy_to_user(ubuf, &ks, sizeof(ks)) ? -EFAULT : 0; |
1266 | } | 1251 | } |
1267 | 1252 | ||
1268 | asmlinkage int irix_xstat(int version, char *filename, struct stat *statbuf) | 1253 | asmlinkage int irix_xstat(int version, char __user *filename, struct stat __user *statbuf) |
1269 | { | 1254 | { |
1270 | int retval; | 1255 | int retval; |
1271 | struct kstat stat; | 1256 | struct kstat stat; |
@@ -1291,7 +1276,7 @@ asmlinkage int irix_xstat(int version, char *filename, struct stat *statbuf) | |||
1291 | return retval; | 1276 | return retval; |
1292 | } | 1277 | } |
1293 | 1278 | ||
1294 | asmlinkage int irix_lxstat(int version, char *filename, struct stat *statbuf) | 1279 | asmlinkage int irix_lxstat(int version, char __user *filename, struct stat __user *statbuf) |
1295 | { | 1280 | { |
1296 | int error; | 1281 | int error; |
1297 | struct kstat stat; | 1282 | struct kstat stat; |
@@ -1318,7 +1303,7 @@ asmlinkage int irix_lxstat(int version, char *filename, struct stat *statbuf) | |||
1318 | return error; | 1303 | return error; |
1319 | } | 1304 | } |
1320 | 1305 | ||
1321 | asmlinkage int irix_fxstat(int version, int fd, struct stat *statbuf) | 1306 | asmlinkage int irix_fxstat(int version, int fd, struct stat __user *statbuf) |
1322 | { | 1307 | { |
1323 | int error; | 1308 | int error; |
1324 | struct kstat stat; | 1309 | struct kstat stat; |
@@ -1344,7 +1329,7 @@ asmlinkage int irix_fxstat(int version, int fd, struct stat *statbuf) | |||
1344 | return error; | 1329 | return error; |
1345 | } | 1330 | } |
1346 | 1331 | ||
1347 | asmlinkage int irix_xmknod(int ver, char *filename, int mode, unsigned dev) | 1332 | asmlinkage int irix_xmknod(int ver, char __user *filename, int mode, unsigned dev) |
1348 | { | 1333 | { |
1349 | int retval; | 1334 | int retval; |
1350 | printk("[%s:%d] Wheee.. irix_xmknod(%d,%s,%x,%x)\n", | 1335 | printk("[%s:%d] Wheee.. irix_xmknod(%d,%s,%x,%x)\n", |
@@ -1364,7 +1349,7 @@ asmlinkage int irix_xmknod(int ver, char *filename, int mode, unsigned dev) | |||
1364 | return retval; | 1349 | return retval; |
1365 | } | 1350 | } |
1366 | 1351 | ||
1367 | asmlinkage int irix_swapctl(int cmd, char *arg) | 1352 | asmlinkage int irix_swapctl(int cmd, char __user *arg) |
1368 | { | 1353 | { |
1369 | printk("[%s:%d] Wheee.. irix_swapctl(%d,%p)\n", | 1354 | printk("[%s:%d] Wheee.. irix_swapctl(%d,%p)\n", |
1370 | current->comm, current->pid, cmd, arg); | 1355 | current->comm, current->pid, cmd, arg); |
@@ -1380,7 +1365,7 @@ struct irix_statvfs { | |||
1380 | char f_fstr[32]; u32 f_filler[16]; | 1365 | char f_fstr[32]; u32 f_filler[16]; |
1381 | }; | 1366 | }; |
1382 | 1367 | ||
1383 | asmlinkage int irix_statvfs(char *fname, struct irix_statvfs *buf) | 1368 | asmlinkage int irix_statvfs(char __user *fname, struct irix_statvfs __user *buf) |
1384 | { | 1369 | { |
1385 | struct nameidata nd; | 1370 | struct nameidata nd; |
1386 | struct kstatfs kbuf; | 1371 | struct kstatfs kbuf; |
@@ -1388,10 +1373,9 @@ asmlinkage int irix_statvfs(char *fname, struct irix_statvfs *buf) | |||
1388 | 1373 | ||
1389 | printk("[%s:%d] Wheee.. irix_statvfs(%s,%p)\n", | 1374 | printk("[%s:%d] Wheee.. irix_statvfs(%s,%p)\n", |
1390 | current->comm, current->pid, fname, buf); | 1375 | current->comm, current->pid, fname, buf); |
1391 | if (!access_ok(VERIFY_WRITE, buf, sizeof(struct irix_statvfs))) { | 1376 | if (!access_ok(VERIFY_WRITE, buf, sizeof(struct irix_statvfs))) |
1392 | error = -EFAULT; | 1377 | return -EFAULT; |
1393 | goto out; | 1378 | |
1394 | } | ||
1395 | error = user_path_walk(fname, &nd); | 1379 | error = user_path_walk(fname, &nd); |
1396 | if (error) | 1380 | if (error) |
1397 | goto out; | 1381 | goto out; |
@@ -1399,27 +1383,25 @@ asmlinkage int irix_statvfs(char *fname, struct irix_statvfs *buf) | |||
1399 | if (error) | 1383 | if (error) |
1400 | goto dput_and_out; | 1384 | goto dput_and_out; |
1401 | 1385 | ||
1402 | __put_user(kbuf.f_bsize, &buf->f_bsize); | 1386 | error |= __put_user(kbuf.f_bsize, &buf->f_bsize); |
1403 | __put_user(kbuf.f_frsize, &buf->f_frsize); | 1387 | error |= __put_user(kbuf.f_frsize, &buf->f_frsize); |
1404 | __put_user(kbuf.f_blocks, &buf->f_blocks); | 1388 | error |= __put_user(kbuf.f_blocks, &buf->f_blocks); |
1405 | __put_user(kbuf.f_bfree, &buf->f_bfree); | 1389 | error |= __put_user(kbuf.f_bfree, &buf->f_bfree); |
1406 | __put_user(kbuf.f_bfree, &buf->f_bavail); /* XXX hackety hack... */ | 1390 | error |= __put_user(kbuf.f_bfree, &buf->f_bavail); /* XXX hackety hack... */ |
1407 | __put_user(kbuf.f_files, &buf->f_files); | 1391 | error |= __put_user(kbuf.f_files, &buf->f_files); |
1408 | __put_user(kbuf.f_ffree, &buf->f_ffree); | 1392 | error |= __put_user(kbuf.f_ffree, &buf->f_ffree); |
1409 | __put_user(kbuf.f_ffree, &buf->f_favail); /* XXX hackety hack... */ | 1393 | error |= __put_user(kbuf.f_ffree, &buf->f_favail); /* XXX hackety hack... */ |
1410 | #ifdef __MIPSEB__ | 1394 | #ifdef __MIPSEB__ |
1411 | __put_user(kbuf.f_fsid.val[1], &buf->f_fsid); | 1395 | error |= __put_user(kbuf.f_fsid.val[1], &buf->f_fsid); |
1412 | #else | 1396 | #else |
1413 | __put_user(kbuf.f_fsid.val[0], &buf->f_fsid); | 1397 | error |= __put_user(kbuf.f_fsid.val[0], &buf->f_fsid); |
1414 | #endif | 1398 | #endif |
1415 | for (i = 0; i < 16; i++) | 1399 | for (i = 0; i < 16; i++) |
1416 | __put_user(0, &buf->f_basetype[i]); | 1400 | error |= __put_user(0, &buf->f_basetype[i]); |
1417 | __put_user(0, &buf->f_flag); | 1401 | error |= __put_user(0, &buf->f_flag); |
1418 | __put_user(kbuf.f_namelen, &buf->f_namemax); | 1402 | error |= __put_user(kbuf.f_namelen, &buf->f_namemax); |
1419 | for (i = 0; i < 32; i++) | 1403 | for (i = 0; i < 32; i++) |
1420 | __put_user(0, &buf->f_fstr[i]); | 1404 | error |= __put_user(0, &buf->f_fstr[i]); |
1421 | |||
1422 | error = 0; | ||
1423 | 1405 | ||
1424 | dput_and_out: | 1406 | dput_and_out: |
1425 | path_release(&nd); | 1407 | path_release(&nd); |
@@ -1427,7 +1409,7 @@ out: | |||
1427 | return error; | 1409 | return error; |
1428 | } | 1410 | } |
1429 | 1411 | ||
1430 | asmlinkage int irix_fstatvfs(int fd, struct irix_statvfs *buf) | 1412 | asmlinkage int irix_fstatvfs(int fd, struct irix_statvfs __user *buf) |
1431 | { | 1413 | { |
1432 | struct kstatfs kbuf; | 1414 | struct kstatfs kbuf; |
1433 | struct file *file; | 1415 | struct file *file; |
@@ -1436,10 +1418,9 @@ asmlinkage int irix_fstatvfs(int fd, struct irix_statvfs *buf) | |||
1436 | printk("[%s:%d] Wheee.. irix_fstatvfs(%d,%p)\n", | 1418 | printk("[%s:%d] Wheee.. irix_fstatvfs(%d,%p)\n", |
1437 | current->comm, current->pid, fd, buf); | 1419 | current->comm, current->pid, fd, buf); |
1438 | 1420 | ||
1439 | if (!access_ok(VERIFY_WRITE, buf, sizeof(struct irix_statvfs))) { | 1421 | if (!access_ok(VERIFY_WRITE, buf, sizeof(struct irix_statvfs))) |
1440 | error = -EFAULT; | 1422 | return -EFAULT; |
1441 | goto out; | 1423 | |
1442 | } | ||
1443 | if (!(file = fget(fd))) { | 1424 | if (!(file = fget(fd))) { |
1444 | error = -EBADF; | 1425 | error = -EBADF; |
1445 | goto out; | 1426 | goto out; |
@@ -1448,24 +1429,24 @@ asmlinkage int irix_fstatvfs(int fd, struct irix_statvfs *buf) | |||
1448 | if (error) | 1429 | if (error) |
1449 | goto out_f; | 1430 | goto out_f; |
1450 | 1431 | ||
1451 | __put_user(kbuf.f_bsize, &buf->f_bsize); | 1432 | error = __put_user(kbuf.f_bsize, &buf->f_bsize); |
1452 | __put_user(kbuf.f_frsize, &buf->f_frsize); | 1433 | error |= __put_user(kbuf.f_frsize, &buf->f_frsize); |
1453 | __put_user(kbuf.f_blocks, &buf->f_blocks); | 1434 | error |= __put_user(kbuf.f_blocks, &buf->f_blocks); |
1454 | __put_user(kbuf.f_bfree, &buf->f_bfree); | 1435 | error |= __put_user(kbuf.f_bfree, &buf->f_bfree); |
1455 | __put_user(kbuf.f_bfree, &buf->f_bavail); /* XXX hackety hack... */ | 1436 | error |= __put_user(kbuf.f_bfree, &buf->f_bavail); /* XXX hackety hack... */ |
1456 | __put_user(kbuf.f_files, &buf->f_files); | 1437 | error |= __put_user(kbuf.f_files, &buf->f_files); |
1457 | __put_user(kbuf.f_ffree, &buf->f_ffree); | 1438 | error |= __put_user(kbuf.f_ffree, &buf->f_ffree); |
1458 | __put_user(kbuf.f_ffree, &buf->f_favail); /* XXX hackety hack... */ | 1439 | error |= __put_user(kbuf.f_ffree, &buf->f_favail); /* XXX hackety hack... */ |
1459 | #ifdef __MIPSEB__ | 1440 | #ifdef __MIPSEB__ |
1460 | __put_user(kbuf.f_fsid.val[1], &buf->f_fsid); | 1441 | error |= __put_user(kbuf.f_fsid.val[1], &buf->f_fsid); |
1461 | #else | 1442 | #else |
1462 | __put_user(kbuf.f_fsid.val[0], &buf->f_fsid); | 1443 | error |= __put_user(kbuf.f_fsid.val[0], &buf->f_fsid); |
1463 | #endif | 1444 | #endif |
1464 | for(i = 0; i < 16; i++) | 1445 | for(i = 0; i < 16; i++) |
1465 | __put_user(0, &buf->f_basetype[i]); | 1446 | error |= __put_user(0, &buf->f_basetype[i]); |
1466 | __put_user(0, &buf->f_flag); | 1447 | error |= __put_user(0, &buf->f_flag); |
1467 | __put_user(kbuf.f_namelen, &buf->f_namemax); | 1448 | error |= __put_user(kbuf.f_namelen, &buf->f_namemax); |
1468 | __clear_user(&buf->f_fstr, sizeof(buf->f_fstr)); | 1449 | error |= __clear_user(&buf->f_fstr, sizeof(buf->f_fstr)) ? -EFAULT : 0; |
1469 | 1450 | ||
1470 | out_f: | 1451 | out_f: |
1471 | fput(file); | 1452 | fput(file); |
@@ -1489,7 +1470,7 @@ asmlinkage int irix_sigqueue(int pid, int sig, int code, int val) | |||
1489 | return -EINVAL; | 1470 | return -EINVAL; |
1490 | } | 1471 | } |
1491 | 1472 | ||
1492 | asmlinkage int irix_truncate64(char *name, int pad, int size1, int size2) | 1473 | asmlinkage int irix_truncate64(char __user *name, int pad, int size1, int size2) |
1493 | { | 1474 | { |
1494 | int retval; | 1475 | int retval; |
1495 | 1476 | ||
@@ -1522,6 +1503,7 @@ asmlinkage int irix_mmap64(struct pt_regs *regs) | |||
1522 | int len, prot, flags, fd, off1, off2, error, base = 0; | 1503 | int len, prot, flags, fd, off1, off2, error, base = 0; |
1523 | unsigned long addr, pgoff, *sp; | 1504 | unsigned long addr, pgoff, *sp; |
1524 | struct file *file = NULL; | 1505 | struct file *file = NULL; |
1506 | int err; | ||
1525 | 1507 | ||
1526 | if (regs->regs[2] == 1000) | 1508 | if (regs->regs[2] == 1000) |
1527 | base = 1; | 1509 | base = 1; |
@@ -1531,36 +1513,31 @@ asmlinkage int irix_mmap64(struct pt_regs *regs) | |||
1531 | prot = regs->regs[base + 6]; | 1513 | prot = regs->regs[base + 6]; |
1532 | if (!base) { | 1514 | if (!base) { |
1533 | flags = regs->regs[base + 7]; | 1515 | flags = regs->regs[base + 7]; |
1534 | if (!access_ok(VERIFY_READ, sp, (4 * sizeof(unsigned long)))) { | 1516 | if (!access_ok(VERIFY_READ, sp, (4 * sizeof(unsigned long)))) |
1535 | error = -EFAULT; | 1517 | return -EFAULT; |
1536 | goto out; | ||
1537 | } | ||
1538 | fd = sp[0]; | 1518 | fd = sp[0]; |
1539 | __get_user(off1, &sp[1]); | 1519 | err = __get_user(off1, &sp[1]); |
1540 | __get_user(off2, &sp[2]); | 1520 | err |= __get_user(off2, &sp[2]); |
1541 | } else { | 1521 | } else { |
1542 | if (!access_ok(VERIFY_READ, sp, (5 * sizeof(unsigned long)))) { | 1522 | if (!access_ok(VERIFY_READ, sp, (5 * sizeof(unsigned long)))) |
1543 | error = -EFAULT; | 1523 | return -EFAULT; |
1544 | goto out; | 1524 | err = __get_user(flags, &sp[0]); |
1545 | } | 1525 | err |= __get_user(fd, &sp[1]); |
1546 | __get_user(flags, &sp[0]); | 1526 | err |= __get_user(off1, &sp[2]); |
1547 | __get_user(fd, &sp[1]); | 1527 | err |= __get_user(off2, &sp[3]); |
1548 | __get_user(off1, &sp[2]); | ||
1549 | __get_user(off2, &sp[3]); | ||
1550 | } | 1528 | } |
1551 | 1529 | ||
1552 | if (off1 & PAGE_MASK) { | 1530 | if (err) |
1553 | error = -EOVERFLOW; | 1531 | return err; |
1554 | goto out; | 1532 | |
1555 | } | 1533 | if (off1 & PAGE_MASK) |
1534 | return -EOVERFLOW; | ||
1556 | 1535 | ||
1557 | pgoff = (off1 << (32 - PAGE_SHIFT)) | (off2 >> PAGE_SHIFT); | 1536 | pgoff = (off1 << (32 - PAGE_SHIFT)) | (off2 >> PAGE_SHIFT); |
1558 | 1537 | ||
1559 | if (!(flags & MAP_ANONYMOUS)) { | 1538 | if (!(flags & MAP_ANONYMOUS)) { |
1560 | if (!(file = fget(fd))) { | 1539 | if (!(file = fget(fd))) |
1561 | error = -EBADF; | 1540 | return -EBADF; |
1562 | goto out; | ||
1563 | } | ||
1564 | 1541 | ||
1565 | /* Ok, bad taste hack follows, try to think in something else | 1542 | /* Ok, bad taste hack follows, try to think in something else |
1566 | when reading this */ | 1543 | when reading this */ |
@@ -1570,7 +1547,7 @@ asmlinkage int irix_mmap64(struct pt_regs *regs) | |||
1570 | 1547 | ||
1571 | if (max_size > file->f_dentry->d_inode->i_size) { | 1548 | if (max_size > file->f_dentry->d_inode->i_size) { |
1572 | old_pos = sys_lseek (fd, max_size - 1, 0); | 1549 | old_pos = sys_lseek (fd, max_size - 1, 0); |
1573 | sys_write (fd, "", 1); | 1550 | sys_write (fd, (void __user *) "", 1); |
1574 | sys_lseek (fd, old_pos, 0); | 1551 | sys_lseek (fd, old_pos, 0); |
1575 | } | 1552 | } |
1576 | } | 1553 | } |
@@ -1585,7 +1562,6 @@ asmlinkage int irix_mmap64(struct pt_regs *regs) | |||
1585 | if (file) | 1562 | if (file) |
1586 | fput(file); | 1563 | fput(file); |
1587 | 1564 | ||
1588 | out: | ||
1589 | return error; | 1565 | return error; |
1590 | } | 1566 | } |
1591 | 1567 | ||
@@ -1597,7 +1573,7 @@ asmlinkage int irix_dmi(struct pt_regs *regs) | |||
1597 | return -EINVAL; | 1573 | return -EINVAL; |
1598 | } | 1574 | } |
1599 | 1575 | ||
1600 | asmlinkage int irix_pread(int fd, char *buf, int cnt, int off64, | 1576 | asmlinkage int irix_pread(int fd, char __user *buf, int cnt, int off64, |
1601 | int off1, int off2) | 1577 | int off1, int off2) |
1602 | { | 1578 | { |
1603 | printk("[%s:%d] Wheee.. irix_pread(%d,%p,%d,%d,%d,%d)\n", | 1579 | printk("[%s:%d] Wheee.. irix_pread(%d,%p,%d,%d,%d,%d)\n", |
@@ -1606,7 +1582,7 @@ asmlinkage int irix_pread(int fd, char *buf, int cnt, int off64, | |||
1606 | return -EINVAL; | 1582 | return -EINVAL; |
1607 | } | 1583 | } |
1608 | 1584 | ||
1609 | asmlinkage int irix_pwrite(int fd, char *buf, int cnt, int off64, | 1585 | asmlinkage int irix_pwrite(int fd, char __user *buf, int cnt, int off64, |
1610 | int off1, int off2) | 1586 | int off1, int off2) |
1611 | { | 1587 | { |
1612 | printk("[%s:%d] Wheee.. irix_pwrite(%d,%p,%d,%d,%d,%d)\n", | 1588 | printk("[%s:%d] Wheee.. irix_pwrite(%d,%p,%d,%d,%d,%d)\n", |
@@ -1638,7 +1614,7 @@ struct irix_statvfs64 { | |||
1638 | u32 f_filler[16]; | 1614 | u32 f_filler[16]; |
1639 | }; | 1615 | }; |
1640 | 1616 | ||
1641 | asmlinkage int irix_statvfs64(char *fname, struct irix_statvfs64 *buf) | 1617 | asmlinkage int irix_statvfs64(char __user *fname, struct irix_statvfs64 __user *buf) |
1642 | { | 1618 | { |
1643 | struct nameidata nd; | 1619 | struct nameidata nd; |
1644 | struct kstatfs kbuf; | 1620 | struct kstatfs kbuf; |
@@ -1650,6 +1626,7 @@ asmlinkage int irix_statvfs64(char *fname, struct irix_statvfs64 *buf) | |||
1650 | error = -EFAULT; | 1626 | error = -EFAULT; |
1651 | goto out; | 1627 | goto out; |
1652 | } | 1628 | } |
1629 | |||
1653 | error = user_path_walk(fname, &nd); | 1630 | error = user_path_walk(fname, &nd); |
1654 | if (error) | 1631 | if (error) |
1655 | goto out; | 1632 | goto out; |
@@ -1657,27 +1634,25 @@ asmlinkage int irix_statvfs64(char *fname, struct irix_statvfs64 *buf) | |||
1657 | if (error) | 1634 | if (error) |
1658 | goto dput_and_out; | 1635 | goto dput_and_out; |
1659 | 1636 | ||
1660 | __put_user(kbuf.f_bsize, &buf->f_bsize); | 1637 | error = __put_user(kbuf.f_bsize, &buf->f_bsize); |
1661 | __put_user(kbuf.f_frsize, &buf->f_frsize); | 1638 | error |= __put_user(kbuf.f_frsize, &buf->f_frsize); |
1662 | __put_user(kbuf.f_blocks, &buf->f_blocks); | 1639 | error |= __put_user(kbuf.f_blocks, &buf->f_blocks); |
1663 | __put_user(kbuf.f_bfree, &buf->f_bfree); | 1640 | error |= __put_user(kbuf.f_bfree, &buf->f_bfree); |
1664 | __put_user(kbuf.f_bfree, &buf->f_bavail); /* XXX hackety hack... */ | 1641 | error |= __put_user(kbuf.f_bfree, &buf->f_bavail); /* XXX hackety hack... */ |
1665 | __put_user(kbuf.f_files, &buf->f_files); | 1642 | error |= __put_user(kbuf.f_files, &buf->f_files); |
1666 | __put_user(kbuf.f_ffree, &buf->f_ffree); | 1643 | error |= __put_user(kbuf.f_ffree, &buf->f_ffree); |
1667 | __put_user(kbuf.f_ffree, &buf->f_favail); /* XXX hackety hack... */ | 1644 | error |= __put_user(kbuf.f_ffree, &buf->f_favail); /* XXX hackety hack... */ |
1668 | #ifdef __MIPSEB__ | 1645 | #ifdef __MIPSEB__ |
1669 | __put_user(kbuf.f_fsid.val[1], &buf->f_fsid); | 1646 | error |= __put_user(kbuf.f_fsid.val[1], &buf->f_fsid); |
1670 | #else | 1647 | #else |
1671 | __put_user(kbuf.f_fsid.val[0], &buf->f_fsid); | 1648 | error |= __put_user(kbuf.f_fsid.val[0], &buf->f_fsid); |
1672 | #endif | 1649 | #endif |
1673 | for(i = 0; i < 16; i++) | 1650 | for(i = 0; i < 16; i++) |
1674 | __put_user(0, &buf->f_basetype[i]); | 1651 | error |= __put_user(0, &buf->f_basetype[i]); |
1675 | __put_user(0, &buf->f_flag); | 1652 | error |= __put_user(0, &buf->f_flag); |
1676 | __put_user(kbuf.f_namelen, &buf->f_namemax); | 1653 | error |= __put_user(kbuf.f_namelen, &buf->f_namemax); |
1677 | for(i = 0; i < 32; i++) | 1654 | for(i = 0; i < 32; i++) |
1678 | __put_user(0, &buf->f_fstr[i]); | 1655 | error |= __put_user(0, &buf->f_fstr[i]); |
1679 | |||
1680 | error = 0; | ||
1681 | 1656 | ||
1682 | dput_and_out: | 1657 | dput_and_out: |
1683 | path_release(&nd); | 1658 | path_release(&nd); |
@@ -1685,7 +1660,7 @@ out: | |||
1685 | return error; | 1660 | return error; |
1686 | } | 1661 | } |
1687 | 1662 | ||
1688 | asmlinkage int irix_fstatvfs64(int fd, struct irix_statvfs *buf) | 1663 | asmlinkage int irix_fstatvfs64(int fd, struct irix_statvfs __user *buf) |
1689 | { | 1664 | { |
1690 | struct kstatfs kbuf; | 1665 | struct kstatfs kbuf; |
1691 | struct file *file; | 1666 | struct file *file; |
@@ -1706,24 +1681,24 @@ asmlinkage int irix_fstatvfs64(int fd, struct irix_statvfs *buf) | |||
1706 | if (error) | 1681 | if (error) |
1707 | goto out_f; | 1682 | goto out_f; |
1708 | 1683 | ||
1709 | __put_user(kbuf.f_bsize, &buf->f_bsize); | 1684 | error = __put_user(kbuf.f_bsize, &buf->f_bsize); |
1710 | __put_user(kbuf.f_frsize, &buf->f_frsize); | 1685 | error |= __put_user(kbuf.f_frsize, &buf->f_frsize); |
1711 | __put_user(kbuf.f_blocks, &buf->f_blocks); | 1686 | error |= __put_user(kbuf.f_blocks, &buf->f_blocks); |
1712 | __put_user(kbuf.f_bfree, &buf->f_bfree); | 1687 | error |= __put_user(kbuf.f_bfree, &buf->f_bfree); |
1713 | __put_user(kbuf.f_bfree, &buf->f_bavail); /* XXX hackety hack... */ | 1688 | error |= __put_user(kbuf.f_bfree, &buf->f_bavail); /* XXX hackety hack... */ |
1714 | __put_user(kbuf.f_files, &buf->f_files); | 1689 | error |= __put_user(kbuf.f_files, &buf->f_files); |
1715 | __put_user(kbuf.f_ffree, &buf->f_ffree); | 1690 | error |= __put_user(kbuf.f_ffree, &buf->f_ffree); |
1716 | __put_user(kbuf.f_ffree, &buf->f_favail); /* XXX hackety hack... */ | 1691 | error |= __put_user(kbuf.f_ffree, &buf->f_favail); /* XXX hackety hack... */ |
1717 | #ifdef __MIPSEB__ | 1692 | #ifdef __MIPSEB__ |
1718 | __put_user(kbuf.f_fsid.val[1], &buf->f_fsid); | 1693 | error |= __put_user(kbuf.f_fsid.val[1], &buf->f_fsid); |
1719 | #else | 1694 | #else |
1720 | __put_user(kbuf.f_fsid.val[0], &buf->f_fsid); | 1695 | error |= __put_user(kbuf.f_fsid.val[0], &buf->f_fsid); |
1721 | #endif | 1696 | #endif |
1722 | for(i = 0; i < 16; i++) | 1697 | for(i = 0; i < 16; i++) |
1723 | __put_user(0, &buf->f_basetype[i]); | 1698 | error |= __put_user(0, &buf->f_basetype[i]); |
1724 | __put_user(0, &buf->f_flag); | 1699 | error |= __put_user(0, &buf->f_flag); |
1725 | __put_user(kbuf.f_namelen, &buf->f_namemax); | 1700 | error |= __put_user(kbuf.f_namelen, &buf->f_namemax); |
1726 | __clear_user(buf->f_fstr, sizeof(buf->f_fstr[i])); | 1701 | error |= __clear_user(buf->f_fstr, sizeof(buf->f_fstr[i])) ? -EFAULT : 0; |
1727 | 1702 | ||
1728 | out_f: | 1703 | out_f: |
1729 | fput(file); | 1704 | fput(file); |
@@ -1731,9 +1706,9 @@ out: | |||
1731 | return error; | 1706 | return error; |
1732 | } | 1707 | } |
1733 | 1708 | ||
1734 | asmlinkage int irix_getmountid(char *fname, unsigned long *midbuf) | 1709 | asmlinkage int irix_getmountid(char __user *fname, unsigned long __user *midbuf) |
1735 | { | 1710 | { |
1736 | int err = 0; | 1711 | int err; |
1737 | 1712 | ||
1738 | printk("[%s:%d] irix_getmountid(%s, %p)\n", | 1713 | printk("[%s:%d] irix_getmountid(%s, %p)\n", |
1739 | current->comm, current->pid, fname, midbuf); | 1714 | current->comm, current->pid, fname, midbuf); |
@@ -1746,7 +1721,7 @@ asmlinkage int irix_getmountid(char *fname, unsigned long *midbuf) | |||
1746 | * fsid of the filesystem to try and make the right decision, but | 1721 | * fsid of the filesystem to try and make the right decision, but |
1747 | * we don't have this so for now. XXX | 1722 | * we don't have this so for now. XXX |
1748 | */ | 1723 | */ |
1749 | err |= __put_user(0, &midbuf[0]); | 1724 | err = __put_user(0, &midbuf[0]); |
1750 | err |= __put_user(0, &midbuf[1]); | 1725 | err |= __put_user(0, &midbuf[1]); |
1751 | err |= __put_user(0, &midbuf[2]); | 1726 | err |= __put_user(0, &midbuf[2]); |
1752 | err |= __put_user(0, &midbuf[3]); | 1727 | err |= __put_user(0, &midbuf[3]); |
@@ -1773,8 +1748,8 @@ struct irix_dirent32 { | |||
1773 | }; | 1748 | }; |
1774 | 1749 | ||
1775 | struct irix_dirent32_callback { | 1750 | struct irix_dirent32_callback { |
1776 | struct irix_dirent32 *current_dir; | 1751 | struct irix_dirent32 __user *current_dir; |
1777 | struct irix_dirent32 *previous; | 1752 | struct irix_dirent32 __user *previous; |
1778 | int count; | 1753 | int count; |
1779 | int error; | 1754 | int error; |
1780 | }; | 1755 | }; |
@@ -1782,13 +1757,13 @@ struct irix_dirent32_callback { | |||
1782 | #define NAME_OFFSET32(de) ((int) ((de)->d_name - (char *) (de))) | 1757 | #define NAME_OFFSET32(de) ((int) ((de)->d_name - (char *) (de))) |
1783 | #define ROUND_UP32(x) (((x)+sizeof(u32)-1) & ~(sizeof(u32)-1)) | 1758 | #define ROUND_UP32(x) (((x)+sizeof(u32)-1) & ~(sizeof(u32)-1)) |
1784 | 1759 | ||
1785 | static int irix_filldir32(void *__buf, const char *name, int namlen, | 1760 | static int irix_filldir32(void *__buf, const char *name, |
1786 | loff_t offset, ino_t ino, unsigned int d_type) | 1761 | int namlen, loff_t offset, ino_t ino, unsigned int d_type) |
1787 | { | 1762 | { |
1788 | struct irix_dirent32 *dirent; | 1763 | struct irix_dirent32 __user *dirent; |
1789 | struct irix_dirent32_callback *buf = | 1764 | struct irix_dirent32_callback *buf = __buf; |
1790 | (struct irix_dirent32_callback *)__buf; | ||
1791 | unsigned short reclen = ROUND_UP32(NAME_OFFSET32(dirent) + namlen + 1); | 1765 | unsigned short reclen = ROUND_UP32(NAME_OFFSET32(dirent) + namlen + 1); |
1766 | int err = 0; | ||
1792 | 1767 | ||
1793 | #ifdef DEBUG_GETDENTS | 1768 | #ifdef DEBUG_GETDENTS |
1794 | printk("\nirix_filldir32[reclen<%d>namlen<%d>count<%d>]", | 1769 | printk("\nirix_filldir32[reclen<%d>namlen<%d>count<%d>]", |
@@ -1799,25 +1774,26 @@ static int irix_filldir32(void *__buf, const char *name, int namlen, | |||
1799 | return -EINVAL; | 1774 | return -EINVAL; |
1800 | dirent = buf->previous; | 1775 | dirent = buf->previous; |
1801 | if (dirent) | 1776 | if (dirent) |
1802 | __put_user(offset, &dirent->d_off); | 1777 | err = __put_user(offset, &dirent->d_off); |
1803 | dirent = buf->current_dir; | 1778 | dirent = buf->current_dir; |
1804 | buf->previous = dirent; | 1779 | err |= __put_user(dirent, &buf->previous); |
1805 | __put_user(ino, &dirent->d_ino); | 1780 | err |= __put_user(ino, &dirent->d_ino); |
1806 | __put_user(reclen, &dirent->d_reclen); | 1781 | err |= __put_user(reclen, &dirent->d_reclen); |
1807 | copy_to_user(dirent->d_name, name, namlen); | 1782 | err |= copy_to_user((char __user *)dirent->d_name, name, namlen) ? -EFAULT : 0; |
1808 | __put_user(0, &dirent->d_name[namlen]); | 1783 | err |= __put_user(0, &dirent->d_name[namlen]); |
1809 | ((char *) dirent) += reclen; | 1784 | dirent = (struct irix_dirent32 __user *) ((char __user *) dirent + reclen); |
1785 | |||
1810 | buf->current_dir = dirent; | 1786 | buf->current_dir = dirent; |
1811 | buf->count -= reclen; | 1787 | buf->count -= reclen; |
1812 | 1788 | ||
1813 | return 0; | 1789 | return err; |
1814 | } | 1790 | } |
1815 | 1791 | ||
1816 | asmlinkage int irix_ngetdents(unsigned int fd, void * dirent, | 1792 | asmlinkage int irix_ngetdents(unsigned int fd, void __user * dirent, |
1817 | unsigned int count, int *eob) | 1793 | unsigned int count, int __user *eob) |
1818 | { | 1794 | { |
1819 | struct file *file; | 1795 | struct file *file; |
1820 | struct irix_dirent32 *lastdirent; | 1796 | struct irix_dirent32 __user *lastdirent; |
1821 | struct irix_dirent32_callback buf; | 1797 | struct irix_dirent32_callback buf; |
1822 | int error; | 1798 | int error; |
1823 | 1799 | ||
@@ -1830,7 +1806,7 @@ asmlinkage int irix_ngetdents(unsigned int fd, void * dirent, | |||
1830 | if (!file) | 1806 | if (!file) |
1831 | goto out; | 1807 | goto out; |
1832 | 1808 | ||
1833 | buf.current_dir = (struct irix_dirent32 *) dirent; | 1809 | buf.current_dir = (struct irix_dirent32 __user *) dirent; |
1834 | buf.previous = NULL; | 1810 | buf.previous = NULL; |
1835 | buf.count = count; | 1811 | buf.count = count; |
1836 | buf.error = 0; | 1812 | buf.error = 0; |
@@ -1870,8 +1846,8 @@ struct irix_dirent64 { | |||
1870 | }; | 1846 | }; |
1871 | 1847 | ||
1872 | struct irix_dirent64_callback { | 1848 | struct irix_dirent64_callback { |
1873 | struct irix_dirent64 *curr; | 1849 | struct irix_dirent64 __user *curr; |
1874 | struct irix_dirent64 *previous; | 1850 | struct irix_dirent64 __user *previous; |
1875 | int count; | 1851 | int count; |
1876 | int error; | 1852 | int error; |
1877 | }; | 1853 | }; |
@@ -1879,37 +1855,44 @@ struct irix_dirent64_callback { | |||
1879 | #define NAME_OFFSET64(de) ((int) ((de)->d_name - (char *) (de))) | 1855 | #define NAME_OFFSET64(de) ((int) ((de)->d_name - (char *) (de))) |
1880 | #define ROUND_UP64(x) (((x)+sizeof(u64)-1) & ~(sizeof(u64)-1)) | 1856 | #define ROUND_UP64(x) (((x)+sizeof(u64)-1) & ~(sizeof(u64)-1)) |
1881 | 1857 | ||
1882 | static int irix_filldir64(void * __buf, const char * name, int namlen, | 1858 | static int irix_filldir64(void *__buf, const char *name, |
1883 | loff_t offset, ino_t ino, unsigned int d_type) | 1859 | int namlen, loff_t offset, ino_t ino, unsigned int d_type) |
1884 | { | 1860 | { |
1885 | struct irix_dirent64 *dirent; | 1861 | struct irix_dirent64 __user *dirent; |
1886 | struct irix_dirent64_callback * buf = | 1862 | struct irix_dirent64_callback * buf = __buf; |
1887 | (struct irix_dirent64_callback *) __buf; | ||
1888 | unsigned short reclen = ROUND_UP64(NAME_OFFSET64(dirent) + namlen + 1); | 1863 | unsigned short reclen = ROUND_UP64(NAME_OFFSET64(dirent) + namlen + 1); |
1864 | int err = 0; | ||
1889 | 1865 | ||
1890 | buf->error = -EINVAL; /* only used if we fail.. */ | 1866 | if (!access_ok(VERIFY_WRITE, buf, sizeof(*buf))) |
1867 | return -EFAULT; | ||
1868 | |||
1869 | if (__put_user(-EINVAL, &buf->error)) /* only used if we fail.. */ | ||
1870 | return -EFAULT; | ||
1891 | if (reclen > buf->count) | 1871 | if (reclen > buf->count) |
1892 | return -EINVAL; | 1872 | return -EINVAL; |
1893 | dirent = buf->previous; | 1873 | dirent = buf->previous; |
1894 | if (dirent) | 1874 | if (dirent) |
1895 | __put_user(offset, &dirent->d_off); | 1875 | err = __put_user(offset, &dirent->d_off); |
1896 | dirent = buf->curr; | 1876 | dirent = buf->curr; |
1897 | buf->previous = dirent; | 1877 | buf->previous = dirent; |
1898 | __put_user(ino, &dirent->d_ino); | 1878 | err |= __put_user(ino, &dirent->d_ino); |
1899 | __put_user(reclen, &dirent->d_reclen); | 1879 | err |= __put_user(reclen, &dirent->d_reclen); |
1900 | __copy_to_user(dirent->d_name, name, namlen); | 1880 | err |= __copy_to_user((char __user *)dirent->d_name, name, namlen) |
1901 | __put_user(0, &dirent->d_name[namlen]); | 1881 | ? -EFAULT : 0; |
1902 | ((char *) dirent) += reclen; | 1882 | err |= __put_user(0, &dirent->d_name[namlen]); |
1883 | |||
1884 | dirent = (struct irix_dirent64 __user *) ((char __user *) dirent + reclen); | ||
1885 | |||
1903 | buf->curr = dirent; | 1886 | buf->curr = dirent; |
1904 | buf->count -= reclen; | 1887 | buf->count -= reclen; |
1905 | 1888 | ||
1906 | return 0; | 1889 | return err; |
1907 | } | 1890 | } |
1908 | 1891 | ||
1909 | asmlinkage int irix_getdents64(int fd, void *dirent, int cnt) | 1892 | asmlinkage int irix_getdents64(int fd, void __user *dirent, int cnt) |
1910 | { | 1893 | { |
1911 | struct file *file; | 1894 | struct file *file; |
1912 | struct irix_dirent64 *lastdirent; | 1895 | struct irix_dirent64 __user *lastdirent; |
1913 | struct irix_dirent64_callback buf; | 1896 | struct irix_dirent64_callback buf; |
1914 | int error; | 1897 | int error; |
1915 | 1898 | ||
@@ -1929,7 +1912,7 @@ asmlinkage int irix_getdents64(int fd, void *dirent, int cnt) | |||
1929 | if (cnt < (sizeof(struct irix_dirent64) + 255)) | 1912 | if (cnt < (sizeof(struct irix_dirent64) + 255)) |
1930 | goto out_f; | 1913 | goto out_f; |
1931 | 1914 | ||
1932 | buf.curr = (struct irix_dirent64 *) dirent; | 1915 | buf.curr = (struct irix_dirent64 __user *) dirent; |
1933 | buf.previous = NULL; | 1916 | buf.previous = NULL; |
1934 | buf.count = cnt; | 1917 | buf.count = cnt; |
1935 | buf.error = 0; | 1918 | buf.error = 0; |
@@ -1941,7 +1924,8 @@ asmlinkage int irix_getdents64(int fd, void *dirent, int cnt) | |||
1941 | error = buf.error; | 1924 | error = buf.error; |
1942 | goto out_f; | 1925 | goto out_f; |
1943 | } | 1926 | } |
1944 | lastdirent->d_off = (u64) file->f_pos; | 1927 | if (put_user(file->f_pos, &lastdirent->d_off)) |
1928 | return -EFAULT; | ||
1945 | #ifdef DEBUG_GETDENTS | 1929 | #ifdef DEBUG_GETDENTS |
1946 | printk("returning %d\n", cnt - buf.count); | 1930 | printk("returning %d\n", cnt - buf.count); |
1947 | #endif | 1931 | #endif |
@@ -1953,10 +1937,10 @@ out: | |||
1953 | return error; | 1937 | return error; |
1954 | } | 1938 | } |
1955 | 1939 | ||
1956 | asmlinkage int irix_ngetdents64(int fd, void *dirent, int cnt, int *eob) | 1940 | asmlinkage int irix_ngetdents64(int fd, void __user *dirent, int cnt, int *eob) |
1957 | { | 1941 | { |
1958 | struct file *file; | 1942 | struct file *file; |
1959 | struct irix_dirent64 *lastdirent; | 1943 | struct irix_dirent64 __user *lastdirent; |
1960 | struct irix_dirent64_callback buf; | 1944 | struct irix_dirent64_callback buf; |
1961 | int error; | 1945 | int error; |
1962 | 1946 | ||
@@ -1978,7 +1962,7 @@ asmlinkage int irix_ngetdents64(int fd, void *dirent, int cnt, int *eob) | |||
1978 | goto out_f; | 1962 | goto out_f; |
1979 | 1963 | ||
1980 | *eob = 0; | 1964 | *eob = 0; |
1981 | buf.curr = (struct irix_dirent64 *) dirent; | 1965 | buf.curr = (struct irix_dirent64 __user *) dirent; |
1982 | buf.previous = NULL; | 1966 | buf.previous = NULL; |
1983 | buf.count = cnt; | 1967 | buf.count = cnt; |
1984 | buf.error = 0; | 1968 | buf.error = 0; |
@@ -1990,7 +1974,8 @@ asmlinkage int irix_ngetdents64(int fd, void *dirent, int cnt, int *eob) | |||
1990 | error = buf.error; | 1974 | error = buf.error; |
1991 | goto out_f; | 1975 | goto out_f; |
1992 | } | 1976 | } |
1993 | lastdirent->d_off = (u64) file->f_pos; | 1977 | if (put_user(file->f_pos, &lastdirent->d_off)) |
1978 | return -EFAULT; | ||
1994 | #ifdef DEBUG_GETDENTS | 1979 | #ifdef DEBUG_GETDENTS |
1995 | printk("eob=%d returning %d\n", *eob, cnt - buf.count); | 1980 | printk("eob=%d returning %d\n", *eob, cnt - buf.count); |
1996 | #endif | 1981 | #endif |
@@ -2053,14 +2038,14 @@ out: | |||
2053 | return retval; | 2038 | return retval; |
2054 | } | 2039 | } |
2055 | 2040 | ||
2056 | asmlinkage int irix_utssys(char *inbuf, int arg, int type, char *outbuf) | 2041 | asmlinkage int irix_utssys(char __user *inbuf, int arg, int type, char __user *outbuf) |
2057 | { | 2042 | { |
2058 | int retval; | 2043 | int retval; |
2059 | 2044 | ||
2060 | switch(type) { | 2045 | switch(type) { |
2061 | case 0: | 2046 | case 0: |
2062 | /* uname() */ | 2047 | /* uname() */ |
2063 | retval = irix_uname((struct iuname *)inbuf); | 2048 | retval = irix_uname((struct iuname __user *)inbuf); |
2064 | goto out; | 2049 | goto out; |
2065 | 2050 | ||
2066 | case 2: | 2051 | case 2: |