aboutsummaryrefslogtreecommitdiffstats
path: root/arch/mips/kernel
diff options
context:
space:
mode:
Diffstat (limited to 'arch/mips/kernel')
-rw-r--r--arch/mips/kernel/i8259.c2
-rw-r--r--arch/mips/kernel/irixelf.c14
-rw-r--r--arch/mips/kernel/irixinv.c7
-rw-r--r--arch/mips/kernel/irixsig.c408
-rw-r--r--arch/mips/kernel/process.c8
-rw-r--r--arch/mips/kernel/ptrace.c4
-rw-r--r--arch/mips/kernel/signal.c14
-rw-r--r--arch/mips/kernel/sysirix.c479
-rw-r--r--arch/mips/kernel/traps.c21
-rw-r--r--arch/mips/kernel/unaligned.c10
10 files changed, 489 insertions, 478 deletions
diff --git a/arch/mips/kernel/i8259.c b/arch/mips/kernel/i8259.c
index bb31370cd390..a7d2aac46eea 100644
--- a/arch/mips/kernel/i8259.c
+++ b/arch/mips/kernel/i8259.c
@@ -321,7 +321,7 @@ void __init init_i8259_irqs (void)
321 321
322 for (i = 0; i < 16; i++) { 322 for (i = 0; i < 16; i++) {
323 irq_desc[i].status = IRQ_DISABLED; 323 irq_desc[i].status = IRQ_DISABLED;
324 irq_desc[i].action = 0; 324 irq_desc[i].action = NULL;
325 irq_desc[i].depth = 1; 325 irq_desc[i].depth = 1;
326 irq_desc[i].handler = &i8259A_irq_type; 326 irq_desc[i].handler = &i8259A_irq_type;
327 } 327 }
diff --git a/arch/mips/kernel/irixelf.c b/arch/mips/kernel/irixelf.c
index 881f125eecb4..5aeacc1ffb24 100644
--- a/arch/mips/kernel/irixelf.c
+++ b/arch/mips/kernel/irixelf.c
@@ -147,7 +147,7 @@ static void padzero(unsigned long elf_bss)
147 nbyte = elf_bss & (PAGE_SIZE-1); 147 nbyte = elf_bss & (PAGE_SIZE-1);
148 if (nbyte) { 148 if (nbyte) {
149 nbyte = PAGE_SIZE - nbyte; 149 nbyte = PAGE_SIZE - nbyte;
150 clear_user((void *) elf_bss, nbyte); 150 clear_user((void __user *) elf_bss, nbyte);
151 } 151 }
152} 152}
153 153
@@ -878,10 +878,10 @@ static int load_irix_library(struct file *file)
878 * phdrs there are in the USER_PHDRP array. We return the vaddr the 878 * phdrs there are in the USER_PHDRP array. We return the vaddr the
879 * first phdr was successfully mapped to. 879 * first phdr was successfully mapped to.
880 */ 880 */
881unsigned long irix_mapelf(int fd, struct elf_phdr *user_phdrp, int cnt) 881unsigned long irix_mapelf(int fd, struct elf_phdr __user *user_phdrp, int cnt)
882{ 882{
883 unsigned long type, vaddr, filesz, offset, flags; 883 unsigned long type, vaddr, filesz, offset, flags;
884 struct elf_phdr *hp; 884 struct elf_phdr __user *hp;
885 struct file *filp; 885 struct file *filp;
886 int i, retval; 886 int i, retval;
887 887
@@ -968,9 +968,9 @@ unsigned long irix_mapelf(int fd, struct elf_phdr *user_phdrp, int cnt)
968/* These are the only things you should do on a core-file: use only these 968/* These are the only things you should do on a core-file: use only these
969 * functions to write out all the necessary info. 969 * functions to write out all the necessary info.
970 */ 970 */
971static int dump_write(struct file *file, const void *addr, int nr) 971static int dump_write(struct file *file, const void __user *addr, int nr)
972{ 972{
973 return file->f_op->write(file, (const char *) addr, nr, &file->f_pos) == nr; 973 return file->f_op->write(file, (const char __user *) addr, nr, &file->f_pos) == nr;
974} 974}
975 975
976static int dump_seek(struct file *file, off_t off) 976static int dump_seek(struct file *file, off_t off)
@@ -1204,7 +1204,7 @@ static int irix_core_dump(long signr, struct pt_regs * regs, struct file *file)
1204 len = current->mm->arg_end - current->mm->arg_start; 1204 len = current->mm->arg_end - current->mm->arg_start;
1205 len = len >= ELF_PRARGSZ ? ELF_PRARGSZ : len; 1205 len = len >= ELF_PRARGSZ ? ELF_PRARGSZ : len;
1206 (void *) copy_from_user(&psinfo.pr_psargs, 1206 (void *) copy_from_user(&psinfo.pr_psargs,
1207 (const char *)current->mm->arg_start, len); 1207 (const char __user *)current->mm->arg_start, len);
1208 for (i = 0; i < len; i++) 1208 for (i = 0; i < len; i++)
1209 if (psinfo.pr_psargs[i] == 0) 1209 if (psinfo.pr_psargs[i] == 0)
1210 psinfo.pr_psargs[i] = ' '; 1210 psinfo.pr_psargs[i] = ' ';
@@ -1301,7 +1301,7 @@ static int irix_core_dump(long signr, struct pt_regs * regs, struct file *file)
1301#ifdef DEBUG 1301#ifdef DEBUG
1302 printk("elf_core_dump: writing %08lx %lx\n", addr, len); 1302 printk("elf_core_dump: writing %08lx %lx\n", addr, len);
1303#endif 1303#endif
1304 DUMP_WRITE((void *)addr, len); 1304 DUMP_WRITE((void __user *)addr, len);
1305 } 1305 }
1306 1306
1307 if ((off_t) file->f_pos != offset) { 1307 if ((off_t) file->f_pos != offset) {
diff --git a/arch/mips/kernel/irixinv.c b/arch/mips/kernel/irixinv.c
index 60aa98cd1791..de8584f62311 100644
--- a/arch/mips/kernel/irixinv.c
+++ b/arch/mips/kernel/irixinv.c
@@ -30,10 +30,10 @@ void add_to_inventory (int class, int type, int controller, int unit, int state)
30 inventory_items++; 30 inventory_items++;
31} 31}
32 32
33int dump_inventory_to_user (void *userbuf, int size) 33int dump_inventory_to_user (void __user *userbuf, int size)
34{ 34{
35 inventory_t *inv = &inventory [0]; 35 inventory_t *inv = &inventory [0];
36 inventory_t *user = userbuf; 36 inventory_t __user *user = userbuf;
37 int v; 37 int v;
38 38
39 if (!access_ok(VERIFY_WRITE, userbuf, size)) 39 if (!access_ok(VERIFY_WRITE, userbuf, size))
@@ -41,7 +41,8 @@ int dump_inventory_to_user (void *userbuf, int size)
41 41
42 for (v = 0; v < inventory_items; v++){ 42 for (v = 0; v < inventory_items; v++){
43 inv = &inventory [v]; 43 inv = &inventory [v];
44 copy_to_user (user, inv, sizeof (inventory_t)); 44 if (copy_to_user (user, inv, sizeof (inventory_t)))
45 return -EFAULT;
45 user++; 46 user++;
46 } 47 }
47 return inventory_items * sizeof (inventory_t); 48 return inventory_items * sizeof (inventory_t);
diff --git a/arch/mips/kernel/irixsig.c b/arch/mips/kernel/irixsig.c
index eff89322ba50..908e63684208 100644
--- a/arch/mips/kernel/irixsig.c
+++ b/arch/mips/kernel/irixsig.c
@@ -76,36 +76,39 @@ static inline void dump_irix5_sigctx(struct sigctx_irix5 *c)
76} 76}
77#endif 77#endif
78 78
79static void setup_irix_frame(struct k_sigaction *ka, struct pt_regs *regs, 79static int setup_irix_frame(struct k_sigaction *ka, struct pt_regs *regs,
80 int signr, sigset_t *oldmask) 80 int signr, sigset_t *oldmask)
81{ 81{
82 struct sigctx_irix5 __user *ctx;
82 unsigned long sp; 83 unsigned long sp;
83 struct sigctx_irix5 *ctx; 84 int error, i;
84 int i;
85 85
86 sp = regs->regs[29]; 86 sp = regs->regs[29];
87 sp -= sizeof(struct sigctx_irix5); 87 sp -= sizeof(struct sigctx_irix5);
88 sp &= ~(0xf); 88 sp &= ~(0xf);
89 ctx = (struct sigctx_irix5 *) sp; 89 ctx = (struct sigctx_irix5 __user *) sp;
90 if (!access_ok(VERIFY_WRITE, ctx, sizeof(*ctx))) 90 if (!access_ok(VERIFY_WRITE, ctx, sizeof(*ctx)))
91 goto segv_and_exit; 91 goto segv_and_exit;
92 92
93 __put_user(0, &ctx->weird_fpu_thing); 93 error = __put_user(0, &ctx->weird_fpu_thing);
94 __put_user(~(0x00000001), &ctx->rmask); 94 error |= __put_user(~(0x00000001), &ctx->rmask);
95 __put_user(0, &ctx->regs[0]); 95 error |= __put_user(0, &ctx->regs[0]);
96 for(i = 1; i < 32; i++) 96 for(i = 1; i < 32; i++)
97 __put_user((u64) regs->regs[i], &ctx->regs[i]); 97 error |= __put_user((u64) regs->regs[i], &ctx->regs[i]);
98
99 error |= __put_user((u64) regs->hi, &ctx->hi);
100 error |= __put_user((u64) regs->lo, &ctx->lo);
101 error |= __put_user((u64) regs->cp0_epc, &ctx->pc);
102 error |= __put_user(!!used_math(), &ctx->usedfp);
103 error |= __put_user((u64) regs->cp0_cause, &ctx->cp0_cause);
104 error |= __put_user((u64) regs->cp0_badvaddr, &ctx->cp0_badvaddr);
98 105
99 __put_user((u64) regs->hi, &ctx->hi); 106 error |= __put_user(0, &ctx->sstk_flags); /* XXX sigstack unimp... todo... */
100 __put_user((u64) regs->lo, &ctx->lo);
101 __put_user((u64) regs->cp0_epc, &ctx->pc);
102 __put_user(!!used_math(), &ctx->usedfp);
103 __put_user((u64) regs->cp0_cause, &ctx->cp0_cause);
104 __put_user((u64) regs->cp0_badvaddr, &ctx->cp0_badvaddr);
105 107
106 __put_user(0, &ctx->sstk_flags); /* XXX sigstack unimp... todo... */ 108 error |= __copy_to_user(&ctx->sigset, oldmask, sizeof(irix_sigset_t)) ? -EFAULT : 0;
107 109
108 __copy_to_user(&ctx->sigset, oldmask, sizeof(irix_sigset_t)); 110 if (error)
111 goto segv_and_exit;
109 112
110#ifdef DEBUG_SIG 113#ifdef DEBUG_SIG
111 dump_irix5_sigctx(ctx); 114 dump_irix5_sigctx(ctx);
@@ -117,13 +120,14 @@ static void setup_irix_frame(struct k_sigaction *ka, struct pt_regs *regs,
117 regs->regs[7] = (unsigned long) ka->sa.sa_handler; 120 regs->regs[7] = (unsigned long) ka->sa.sa_handler;
118 regs->regs[25] = regs->cp0_epc = (unsigned long) ka->sa_restorer; 121 regs->regs[25] = regs->cp0_epc = (unsigned long) ka->sa_restorer;
119 122
120 return; 123 return 1;
121 124
122segv_and_exit: 125segv_and_exit:
123 force_sigsegv(signr, current); 126 force_sigsegv(signr, current);
127 return 0;
124} 128}
125 129
126static void inline 130static int inline
127setup_irix_rt_frame(struct k_sigaction * ka, struct pt_regs *regs, 131setup_irix_rt_frame(struct k_sigaction * ka, struct pt_regs *regs,
128 int signr, sigset_t *oldmask, siginfo_t *info) 132 int signr, sigset_t *oldmask, siginfo_t *info)
129{ 133{
@@ -131,9 +135,11 @@ setup_irix_rt_frame(struct k_sigaction * ka, struct pt_regs *regs,
131 do_exit(SIGSEGV); 135 do_exit(SIGSEGV);
132} 136}
133 137
134static inline void handle_signal(unsigned long sig, siginfo_t *info, 138static inline int handle_signal(unsigned long sig, siginfo_t *info,
135 struct k_sigaction *ka, sigset_t *oldset, struct pt_regs * regs) 139 struct k_sigaction *ka, sigset_t *oldset, struct pt_regs * regs)
136{ 140{
141 int ret;
142
137 switch(regs->regs[0]) { 143 switch(regs->regs[0]) {
138 case ERESTARTNOHAND: 144 case ERESTARTNOHAND:
139 regs->regs[2] = EINTR; 145 regs->regs[2] = EINTR;
@@ -151,9 +157,9 @@ static inline void handle_signal(unsigned long sig, siginfo_t *info,
151 regs->regs[0] = 0; /* Don't deal with this again. */ 157 regs->regs[0] = 0; /* Don't deal with this again. */
152 158
153 if (ka->sa.sa_flags & SA_SIGINFO) 159 if (ka->sa.sa_flags & SA_SIGINFO)
154 setup_irix_rt_frame(ka, regs, sig, oldset, info); 160 ret = setup_irix_rt_frame(ka, regs, sig, oldset, info);
155 else 161 else
156 setup_irix_frame(ka, regs, sig, oldset); 162 ret = setup_irix_frame(ka, regs, sig, oldset);
157 163
158 spin_lock_irq(&current->sighand->siglock); 164 spin_lock_irq(&current->sighand->siglock);
159 sigorsets(&current->blocked,&current->blocked,&ka->sa.sa_mask); 165 sigorsets(&current->blocked,&current->blocked,&ka->sa.sa_mask);
@@ -161,6 +167,8 @@ static inline void handle_signal(unsigned long sig, siginfo_t *info,
161 sigaddset(&current->blocked,sig); 167 sigaddset(&current->blocked,sig);
162 recalc_sigpending(); 168 recalc_sigpending();
163 spin_unlock_irq(&current->sighand->siglock); 169 spin_unlock_irq(&current->sighand->siglock);
170
171 return ret;
164} 172}
165 173
166asmlinkage int do_irix_signal(sigset_t *oldset, struct pt_regs *regs) 174asmlinkage int do_irix_signal(sigset_t *oldset, struct pt_regs *regs)
@@ -184,10 +192,8 @@ asmlinkage int do_irix_signal(sigset_t *oldset, struct pt_regs *regs)
184 oldset = &current->blocked; 192 oldset = &current->blocked;
185 193
186 signr = get_signal_to_deliver(&info, &ka, regs, NULL); 194 signr = get_signal_to_deliver(&info, &ka, regs, NULL);
187 if (signr > 0) { 195 if (signr > 0)
188 handle_signal(signr, &info, &ka, oldset, regs); 196 return handle_signal(signr, &info, &ka, oldset, regs);
189 return 1;
190 }
191 197
192no_signal: 198no_signal:
193 /* 199 /*
@@ -208,10 +214,11 @@ no_signal:
208asmlinkage void 214asmlinkage void
209irix_sigreturn(struct pt_regs *regs) 215irix_sigreturn(struct pt_regs *regs)
210{ 216{
211 struct sigctx_irix5 *context, *magic; 217 struct sigctx_irix5 __user *context, *magic;
212 unsigned long umask, mask; 218 unsigned long umask, mask;
213 u64 *fregs; 219 u64 *fregs;
214 int sig, i, base = 0; 220 u32 usedfp;
221 int error, sig, i, base = 0;
215 sigset_t blocked; 222 sigset_t blocked;
216 223
217 /* Always make any pending restarted system calls return -EINTR */ 224 /* Always make any pending restarted system calls return -EINTR */
@@ -220,8 +227,8 @@ irix_sigreturn(struct pt_regs *regs)
220 if (regs->regs[2] == 1000) 227 if (regs->regs[2] == 1000)
221 base = 1; 228 base = 1;
222 229
223 context = (struct sigctx_irix5 *) regs->regs[base + 4]; 230 context = (struct sigctx_irix5 __user *) regs->regs[base + 4];
224 magic = (struct sigctx_irix5 *) regs->regs[base + 5]; 231 magic = (struct sigctx_irix5 __user *) regs->regs[base + 5];
225 sig = (int) regs->regs[base + 6]; 232 sig = (int) regs->regs[base + 6];
226#ifdef DEBUG_SIG 233#ifdef DEBUG_SIG
227 printk("[%s:%d] IRIX sigreturn(scp[%p],ucp[%p],sig[%d])\n", 234 printk("[%s:%d] IRIX sigreturn(scp[%p],ucp[%p],sig[%d])\n",
@@ -236,25 +243,31 @@ irix_sigreturn(struct pt_regs *regs)
236 dump_irix5_sigctx(context); 243 dump_irix5_sigctx(context);
237#endif 244#endif
238 245
239 __get_user(regs->cp0_epc, &context->pc); 246 error = __get_user(regs->cp0_epc, &context->pc);
240 umask = context->rmask; mask = 2; 247 error |= __get_user(umask, &context->rmask);
248
249 mask = 2;
241 for (i = 1; i < 32; i++, mask <<= 1) { 250 for (i = 1; i < 32; i++, mask <<= 1) {
242 if(umask & mask) 251 if (umask & mask)
243 __get_user(regs->regs[i], &context->regs[i]); 252 error |= __get_user(regs->regs[i], &context->regs[i]);
244 } 253 }
245 __get_user(regs->hi, &context->hi); 254 error |= __get_user(regs->hi, &context->hi);
246 __get_user(regs->lo, &context->lo); 255 error |= __get_user(regs->lo, &context->lo);
247 256
248 if ((umask & 1) && context->usedfp) { 257 error |= __get_user(usedfp, &context->usedfp);
258 if ((umask & 1) && usedfp) {
249 fregs = (u64 *) &current->thread.fpu; 259 fregs = (u64 *) &current->thread.fpu;
260
250 for(i = 0; i < 32; i++) 261 for(i = 0; i < 32; i++)
251 fregs[i] = (u64) context->fpregs[i]; 262 error |= __get_user(fregs[i], &context->fpregs[i]);
252 __get_user(current->thread.fpu.hard.fcr31, &context->fpcsr); 263 error |= __get_user(current->thread.fpu.hard.fcr31, &context->fpcsr);
253 } 264 }
254 265
255 /* XXX do sigstack crapola here... XXX */ 266 /* XXX do sigstack crapola here... XXX */
256 267
257 if (__copy_from_user(&blocked, &context->sigset, sizeof(blocked))) 268 error |= __copy_from_user(&blocked, &context->sigset, sizeof(blocked)) ? -EFAULT : 0;
269
270 if (error)
258 goto badframe; 271 goto badframe;
259 272
260 sigdelsetmask(&blocked, ~_BLOCKABLE); 273 sigdelsetmask(&blocked, ~_BLOCKABLE);
@@ -296,8 +309,8 @@ static inline void dump_sigact_irix5(struct sigact_irix5 *p)
296#endif 309#endif
297 310
298asmlinkage int 311asmlinkage int
299irix_sigaction(int sig, const struct sigaction *act, 312irix_sigaction(int sig, const struct sigaction __user *act,
300 struct sigaction *oact, void *trampoline) 313 struct sigaction __user *oact, void __user *trampoline)
301{ 314{
302 struct k_sigaction new_ka, old_ka; 315 struct k_sigaction new_ka, old_ka;
303 int ret; 316 int ret;
@@ -311,12 +324,16 @@ irix_sigaction(int sig, const struct sigaction *act,
311#endif 324#endif
312 if (act) { 325 if (act) {
313 sigset_t mask; 326 sigset_t mask;
314 if (!access_ok(VERIFY_READ, act, sizeof(*act)) || 327 int err;
315 __get_user(new_ka.sa.sa_handler, &act->sa_handler) || 328
316 __get_user(new_ka.sa.sa_flags, &act->sa_flags)) 329 if (!access_ok(VERIFY_READ, act, sizeof(*act)))
317 return -EFAULT; 330 return -EFAULT;
331 err = __get_user(new_ka.sa.sa_handler, &act->sa_handler);
332 err |= __get_user(new_ka.sa.sa_flags, &act->sa_flags);
318 333
319 __copy_from_user(&mask, &act->sa_mask, sizeof(sigset_t)); 334 err |= __copy_from_user(&mask, &act->sa_mask, sizeof(sigset_t)) ? -EFAULT : 0;
335 if (err)
336 return err;
320 337
321 /* 338 /*
322 * Hmmm... methinks IRIX libc always passes a valid trampoline 339 * Hmmm... methinks IRIX libc always passes a valid trampoline
@@ -330,30 +347,37 @@ irix_sigaction(int sig, const struct sigaction *act,
330 ret = do_sigaction(sig, act ? &new_ka : NULL, oact ? &old_ka : NULL); 347 ret = do_sigaction(sig, act ? &new_ka : NULL, oact ? &old_ka : NULL);
331 348
332 if (!ret && oact) { 349 if (!ret && oact) {
333 if (!access_ok(VERIFY_WRITE, oact, sizeof(*oact)) || 350 int err;
334 __put_user(old_ka.sa.sa_handler, &oact->sa_handler) || 351
335 __put_user(old_ka.sa.sa_flags, &oact->sa_flags)) 352 if (!access_ok(VERIFY_WRITE, oact, sizeof(*oact)))
353 return -EFAULT;
354
355 err = __put_user(old_ka.sa.sa_handler, &oact->sa_handler);
356 err |= __put_user(old_ka.sa.sa_flags, &oact->sa_flags);
357 err |= __copy_to_user(&oact->sa_mask, &old_ka.sa.sa_mask,
358 sizeof(sigset_t)) ? -EFAULT : 0;
359 if (err)
336 return -EFAULT; 360 return -EFAULT;
337 __copy_to_user(&old_ka.sa.sa_mask, &oact->sa_mask,
338 sizeof(sigset_t));
339 } 361 }
340 362
341 return ret; 363 return ret;
342} 364}
343 365
344asmlinkage int irix_sigpending(irix_sigset_t *set) 366asmlinkage int irix_sigpending(irix_sigset_t __user *set)
345{ 367{
346 return do_sigpending(set, sizeof(*set)); 368 return do_sigpending(set, sizeof(*set));
347} 369}
348 370
349asmlinkage int irix_sigprocmask(int how, irix_sigset_t *new, irix_sigset_t *old) 371asmlinkage int irix_sigprocmask(int how, irix_sigset_t __user *new,
372 irix_sigset_t __user *old)
350{ 373{
351 sigset_t oldbits, newbits; 374 sigset_t oldbits, newbits;
352 375
353 if (new) { 376 if (new) {
354 if (!access_ok(VERIFY_READ, new, sizeof(*new))) 377 if (!access_ok(VERIFY_READ, new, sizeof(*new)))
355 return -EFAULT; 378 return -EFAULT;
356 __copy_from_user(&newbits, new, sizeof(unsigned long)*4); 379 if (__copy_from_user(&newbits, new, sizeof(unsigned long)*4))
380 return -EFAULT;
357 sigdelsetmask(&newbits, ~_BLOCKABLE); 381 sigdelsetmask(&newbits, ~_BLOCKABLE);
358 382
359 spin_lock_irq(&current->sighand->siglock); 383 spin_lock_irq(&current->sighand->siglock);
@@ -381,20 +405,19 @@ asmlinkage int irix_sigprocmask(int how, irix_sigset_t *new, irix_sigset_t *old)
381 recalc_sigpending(); 405 recalc_sigpending();
382 spin_unlock_irq(&current->sighand->siglock); 406 spin_unlock_irq(&current->sighand->siglock);
383 } 407 }
384 if(old) { 408 if (old)
385 if (!access_ok(VERIFY_WRITE, old, sizeof(*old))) 409 return copy_to_user(old, &current->blocked,
386 return -EFAULT; 410 sizeof(unsigned long)*4) ? -EFAULT : 0;
387 __copy_to_user(old, &current->blocked, sizeof(unsigned long)*4);
388 }
389 411
390 return 0; 412 return 0;
391} 413}
392 414
393asmlinkage int irix_sigsuspend(struct pt_regs *regs) 415asmlinkage int irix_sigsuspend(struct pt_regs *regs)
394{ 416{
395 sigset_t *uset, saveset, newset; 417 sigset_t saveset, newset;
418 sigset_t __user *uset;
396 419
397 uset = (sigset_t *) regs->regs[4]; 420 uset = (sigset_t __user *) regs->regs[4];
398 if (copy_from_user(&newset, uset, sizeof(sigset_t))) 421 if (copy_from_user(&newset, uset, sizeof(sigset_t)))
399 return -EFAULT; 422 return -EFAULT;
400 sigdelsetmask(&newset, ~_BLOCKABLE); 423 sigdelsetmask(&newset, ~_BLOCKABLE);
@@ -440,12 +463,13 @@ struct irix5_siginfo {
440 } stuff; 463 } stuff;
441}; 464};
442 465
443asmlinkage int irix_sigpoll_sys(unsigned long *set, struct irix5_siginfo *info, 466asmlinkage int irix_sigpoll_sys(unsigned long __user *set,
444 struct timespec *tp) 467 struct irix5_siginfo __user *info, struct timespec __user *tp)
445{ 468{
446 long expire = MAX_SCHEDULE_TIMEOUT; 469 long expire = MAX_SCHEDULE_TIMEOUT;
447 sigset_t kset; 470 sigset_t kset;
448 int i, sig, error, timeo = 0; 471 int i, sig, error, timeo = 0;
472 struct timespec ktp;
449 473
450#ifdef DEBUG_SIG 474#ifdef DEBUG_SIG
451 printk("[%s:%d] irix_sigpoll_sys(%p,%p,%p)\n", 475 printk("[%s:%d] irix_sigpoll_sys(%p,%p,%p)\n",
@@ -456,14 +480,8 @@ asmlinkage int irix_sigpoll_sys(unsigned long *set, struct irix5_siginfo *info,
456 if (!set) 480 if (!set)
457 return -EINVAL; 481 return -EINVAL;
458 482
459 if (!access_ok(VERIFY_READ, set, sizeof(kset))) { 483 if (copy_from_user(&kset, set, sizeof(set)))
460 error = -EFAULT; 484 return -EFAULT;
461 goto out;
462 }
463
464 __copy_from_user(&kset, set, sizeof(set));
465 if (error)
466 goto out;
467 485
468 if (info && clear_user(info, sizeof(*info))) { 486 if (info && clear_user(info, sizeof(*info))) {
469 error = -EFAULT; 487 error = -EFAULT;
@@ -471,19 +489,21 @@ asmlinkage int irix_sigpoll_sys(unsigned long *set, struct irix5_siginfo *info,
471 } 489 }
472 490
473 if (tp) { 491 if (tp) {
474 if (!access_ok(VERIFY_READ, tp, sizeof(*tp))) 492 if (copy_from_user(&ktp, tp, sizeof(*tp)))
475 return -EFAULT; 493 return -EFAULT;
476 if (!tp->tv_sec && !tp->tv_nsec) { 494
477 error = -EINVAL; 495 if (!ktp.tv_sec && !ktp.tv_nsec)
478 goto out; 496 return -EINVAL;
479 } 497
480 expire = timespec_to_jiffies(tp) + (tp->tv_sec||tp->tv_nsec); 498 expire = timespec_to_jiffies(&ktp) +
499 (ktp.tv_sec || ktp.tv_nsec);
481 } 500 }
482 501
483 while(1) { 502 while(1) {
484 long tmp = 0; 503 long tmp = 0;
485 504
486 expire = schedule_timeout_interruptible(expire); 505 current->state = TASK_INTERRUPTIBLE;
506 expire = schedule_timeout(expire);
487 507
488 for (i=0; i<=4; i++) 508 for (i=0; i<=4; i++)
489 tmp |= (current->pending.signal.sig[i] & kset.sig[i]); 509 tmp |= (current->pending.signal.sig[i] & kset.sig[i]);
@@ -500,15 +520,14 @@ asmlinkage int irix_sigpoll_sys(unsigned long *set, struct irix5_siginfo *info,
500 if (timeo) 520 if (timeo)
501 return -EAGAIN; 521 return -EAGAIN;
502 522
503 for(sig = 1; i <= 65 /* IRIX_NSIG */; sig++) { 523 for (sig = 1; i <= 65 /* IRIX_NSIG */; sig++) {
504 if (sigismember (&kset, sig)) 524 if (sigismember (&kset, sig))
505 continue; 525 continue;
506 if (sigismember (&current->pending.signal, sig)) { 526 if (sigismember (&current->pending.signal, sig)) {
507 /* XXX need more than this... */ 527 /* XXX need more than this... */
508 if (info) 528 if (info)
509 info->sig = sig; 529 return copy_to_user(&info->sig, &sig, sizeof(sig));
510 error = 0; 530 return 0;
511 goto out;
512 } 531 }
513 } 532 }
514 533
@@ -534,8 +553,9 @@ extern int getrusage(struct task_struct *, int, struct rusage __user *);
534 553
535#define W_MASK (W_EXITED | W_TRAPPED | W_STOPPED | W_CONT | W_NOHANG) 554#define W_MASK (W_EXITED | W_TRAPPED | W_STOPPED | W_CONT | W_NOHANG)
536 555
537asmlinkage int irix_waitsys(int type, int pid, struct irix5_siginfo *info, 556asmlinkage int irix_waitsys(int type, int pid,
538 int options, struct rusage *ru) 557 struct irix5_siginfo __user *info, int options,
558 struct rusage __user *ru)
539{ 559{
540 int flag, retval; 560 int flag, retval;
541 DECLARE_WAITQUEUE(wait, current); 561 DECLARE_WAITQUEUE(wait, current);
@@ -543,28 +563,22 @@ asmlinkage int irix_waitsys(int type, int pid, struct irix5_siginfo *info,
543 struct task_struct *p; 563 struct task_struct *p;
544 struct list_head *_p; 564 struct list_head *_p;
545 565
546 if (!info) { 566 if (!info)
547 retval = -EINVAL; 567 return -EINVAL;
548 goto out; 568
549 } 569 if (!access_ok(VERIFY_WRITE, info, sizeof(*info)))
550 if (!access_ok(VERIFY_WRITE, info, sizeof(*info))) { 570 return -EFAULT;
551 retval = -EFAULT; 571
552 goto out; 572 if (ru)
553 } 573 if (!access_ok(VERIFY_WRITE, ru, sizeof(*ru)))
554 if (ru) { 574 return -EFAULT;
555 if (!access_ok(VERIFY_WRITE, ru, sizeof(*ru))) { 575
556 retval = -EFAULT; 576 if (options & ~W_MASK)
557 goto out; 577 return -EINVAL;
558 } 578
559 } 579 if (type != IRIX_P_PID && type != IRIX_P_PGID && type != IRIX_P_ALL)
560 if (options & ~(W_MASK)) { 580 return -EINVAL;
561 retval = -EINVAL; 581
562 goto out;
563 }
564 if (type != IRIX_P_PID && type != IRIX_P_PGID && type != IRIX_P_ALL) {
565 retval = -EINVAL;
566 goto out;
567 }
568 add_wait_queue(&current->signal->wait_chldexit, &wait); 582 add_wait_queue(&current->signal->wait_chldexit, &wait);
569repeat: 583repeat:
570 flag = 0; 584 flag = 0;
@@ -595,18 +609,20 @@ repeat:
595 add_parent(p, p->parent); 609 add_parent(p, p->parent);
596 write_unlock_irq(&tasklist_lock); 610 write_unlock_irq(&tasklist_lock);
597 retval = ru ? getrusage(p, RUSAGE_BOTH, ru) : 0; 611 retval = ru ? getrusage(p, RUSAGE_BOTH, ru) : 0;
598 if (!retval && ru) { 612 if (retval)
599 retval |= __put_user(SIGCHLD, &info->sig); 613 goto end_waitsys;
600 retval |= __put_user(0, &info->code); 614
601 retval |= __put_user(p->pid, &info->stuff.procinfo.pid); 615 retval = __put_user(SIGCHLD, &info->sig);
602 retval |= __put_user((p->exit_code >> 8) & 0xff, 616 retval |= __put_user(0, &info->code);
603 &info->stuff.procinfo.procdata.child.status); 617 retval |= __put_user(p->pid, &info->stuff.procinfo.pid);
604 retval |= __put_user(p->utime, &info->stuff.procinfo.procdata.child.utime); 618 retval |= __put_user((p->exit_code >> 8) & 0xff,
605 retval |= __put_user(p->stime, &info->stuff.procinfo.procdata.child.stime); 619 &info->stuff.procinfo.procdata.child.status);
606 } 620 retval |= __put_user(p->utime, &info->stuff.procinfo.procdata.child.utime);
607 if (!retval) { 621 retval |= __put_user(p->stime, &info->stuff.procinfo.procdata.child.stime);
608 p->exit_code = 0; 622 if (retval)
609 } 623 goto end_waitsys;
624
625 p->exit_code = 0;
610 goto end_waitsys; 626 goto end_waitsys;
611 627
612 case EXIT_ZOMBIE: 628 case EXIT_ZOMBIE:
@@ -614,16 +630,18 @@ repeat:
614 current->signal->cstime += p->stime + p->signal->cstime; 630 current->signal->cstime += p->stime + p->signal->cstime;
615 if (ru != NULL) 631 if (ru != NULL)
616 getrusage(p, RUSAGE_BOTH, ru); 632 getrusage(p, RUSAGE_BOTH, ru);
617 __put_user(SIGCHLD, &info->sig); 633 retval = __put_user(SIGCHLD, &info->sig);
618 __put_user(1, &info->code); /* CLD_EXITED */ 634 retval |= __put_user(1, &info->code); /* CLD_EXITED */
619 __put_user(p->pid, &info->stuff.procinfo.pid); 635 retval |= __put_user(p->pid, &info->stuff.procinfo.pid);
620 __put_user((p->exit_code >> 8) & 0xff, 636 retval |= __put_user((p->exit_code >> 8) & 0xff,
621 &info->stuff.procinfo.procdata.child.status); 637 &info->stuff.procinfo.procdata.child.status);
622 __put_user(p->utime, 638 retval |= __put_user(p->utime,
623 &info->stuff.procinfo.procdata.child.utime); 639 &info->stuff.procinfo.procdata.child.utime);
624 __put_user(p->stime, 640 retval |= __put_user(p->stime,
625 &info->stuff.procinfo.procdata.child.stime); 641 &info->stuff.procinfo.procdata.child.stime);
626 retval = 0; 642 if (retval)
643 return retval;
644
627 if (p->real_parent != p->parent) { 645 if (p->real_parent != p->parent) {
628 write_lock_irq(&tasklist_lock); 646 write_lock_irq(&tasklist_lock);
629 remove_parent(p); 647 remove_parent(p);
@@ -656,7 +674,6 @@ end_waitsys:
656 current->state = TASK_RUNNING; 674 current->state = TASK_RUNNING;
657 remove_wait_queue(&current->signal->wait_chldexit, &wait); 675 remove_wait_queue(&current->signal->wait_chldexit, &wait);
658 676
659out:
660 return retval; 677 return retval;
661} 678}
662 679
@@ -675,39 +692,39 @@ struct irix5_context {
675 692
676asmlinkage int irix_getcontext(struct pt_regs *regs) 693asmlinkage int irix_getcontext(struct pt_regs *regs)
677{ 694{
678 int i, base = 0; 695 int error, i, base = 0;
679 struct irix5_context *ctx; 696 struct irix5_context __user *ctx;
680 unsigned long flags; 697 unsigned long flags;
681 698
682 if (regs->regs[2] == 1000) 699 if (regs->regs[2] == 1000)
683 base = 1; 700 base = 1;
684 ctx = (struct irix5_context *) regs->regs[base + 4]; 701 ctx = (struct irix5_context __user *) regs->regs[base + 4];
685 702
686#ifdef DEBUG_SIG 703#ifdef DEBUG_SIG
687 printk("[%s:%d] irix_getcontext(%p)\n", 704 printk("[%s:%d] irix_getcontext(%p)\n",
688 current->comm, current->pid, ctx); 705 current->comm, current->pid, ctx);
689#endif 706#endif
690 707
691 if (!access_ok(VERIFY_WRITE, ctx, sizeof(*ctx))) 708 if (!access_ok(VERIFY_WRITE, ctx, sizeof(*ctx)));
692 return -EFAULT; 709 return -EFAULT;
693 710
694 __put_user(current->thread.irix_oldctx, &ctx->link); 711 error = __put_user(current->thread.irix_oldctx, &ctx->link);
695 712
696 __copy_to_user(&ctx->sigmask, &current->blocked, sizeof(irix_sigset_t)); 713 error |= __copy_to_user(&ctx->sigmask, &current->blocked, sizeof(irix_sigset_t)) ? -EFAULT : 0;
697 714
698 /* XXX Do sigstack stuff someday... */ 715 /* XXX Do sigstack stuff someday... */
699 __put_user(0, &ctx->stack.sp); 716 error |= __put_user(0, &ctx->stack.sp);
700 __put_user(0, &ctx->stack.size); 717 error |= __put_user(0, &ctx->stack.size);
701 __put_user(0, &ctx->stack.flags); 718 error |= __put_user(0, &ctx->stack.flags);
702 719
703 __put_user(0, &ctx->weird_graphics_thing); 720 error |= __put_user(0, &ctx->weird_graphics_thing);
704 __put_user(0, &ctx->regs[0]); 721 error |= __put_user(0, &ctx->regs[0]);
705 for (i = 1; i < 32; i++) 722 for (i = 1; i < 32; i++)
706 __put_user(regs->regs[i], &ctx->regs[i]); 723 error |= __put_user(regs->regs[i], &ctx->regs[i]);
707 __put_user(regs->lo, &ctx->regs[32]); 724 error |= __put_user(regs->lo, &ctx->regs[32]);
708 __put_user(regs->hi, &ctx->regs[33]); 725 error |= __put_user(regs->hi, &ctx->regs[33]);
709 __put_user(regs->cp0_cause, &ctx->regs[34]); 726 error |= __put_user(regs->cp0_cause, &ctx->regs[34]);
710 __put_user(regs->cp0_epc, &ctx->regs[35]); 727 error |= __put_user(regs->cp0_epc, &ctx->regs[35]);
711 728
712 flags = 0x0f; 729 flags = 0x0f;
713 if (!used_math()) { 730 if (!used_math()) {
@@ -716,119 +733,124 @@ asmlinkage int irix_getcontext(struct pt_regs *regs)
716 /* XXX wheee... */ 733 /* XXX wheee... */
717 printk("Wheee, no code for saving IRIX FPU context yet.\n"); 734 printk("Wheee, no code for saving IRIX FPU context yet.\n");
718 } 735 }
719 __put_user(flags, &ctx->flags); 736 error |= __put_user(flags, &ctx->flags);
720 737
721 return 0; 738 return error;
722} 739}
723 740
724asmlinkage unsigned long irix_setcontext(struct pt_regs *regs) 741asmlinkage void irix_setcontext(struct pt_regs *regs)
725{ 742{
726 int error, base = 0; 743 struct irix5_context __user *ctx;
727 struct irix5_context *ctx; 744 int err, base = 0;
745 u32 flags;
728 746
729 if(regs->regs[2] == 1000) 747 if (regs->regs[2] == 1000)
730 base = 1; 748 base = 1;
731 ctx = (struct irix5_context *) regs->regs[base + 4]; 749 ctx = (struct irix5_context __user *) regs->regs[base + 4];
732 750
733#ifdef DEBUG_SIG 751#ifdef DEBUG_SIG
734 printk("[%s:%d] irix_setcontext(%p)\n", 752 printk("[%s:%d] irix_setcontext(%p)\n",
735 current->comm, current->pid, ctx); 753 current->comm, current->pid, ctx);
736#endif 754#endif
737 755
738 if (!access_ok(VERIFY_READ, ctx, sizeof(*ctx))) { 756 if (!access_ok(VERIFY_READ, ctx, sizeof(*ctx)))
739 error = -EFAULT; 757 goto segv_and_exit;
740 goto out;
741 }
742 758
743 if (ctx->flags & 0x02) { 759 err = __get_user(flags, &ctx->flags);
760 if (flags & 0x02) {
744 /* XXX sigstack garbage, todo... */ 761 /* XXX sigstack garbage, todo... */
745 printk("Wheee, cannot do sigstack stuff in setcontext\n"); 762 printk("Wheee, cannot do sigstack stuff in setcontext\n");
746 } 763 }
747 764
748 if (ctx->flags & 0x04) { 765 if (flags & 0x04) {
749 int i; 766 int i;
750 767
751 /* XXX extra control block stuff... todo... */ 768 /* XXX extra control block stuff... todo... */
752 for(i = 1; i < 32; i++) 769 for (i = 1; i < 32; i++)
753 regs->regs[i] = ctx->regs[i]; 770 err |= __get_user(regs->regs[i], &ctx->regs[i]);
754 regs->lo = ctx->regs[32]; 771 err |= __get_user(regs->lo, &ctx->regs[32]);
755 regs->hi = ctx->regs[33]; 772 err |= __get_user(regs->hi, &ctx->regs[33]);
756 regs->cp0_epc = ctx->regs[35]; 773 err |= __get_user(regs->cp0_epc, &ctx->regs[35]);
757 } 774 }
758 775
759 if (ctx->flags & 0x08) { 776 if (flags & 0x08)
760 /* XXX fpu context, blah... */ 777 /* XXX fpu context, blah... */
761 printk("Wheee, cannot restore FPU context yet...\n"); 778 printk(KERN_ERR "Wheee, cannot restore FPU context yet...\n");
762 }
763 current->thread.irix_oldctx = ctx->link;
764 error = regs->regs[2];
765 779
766out: 780 err |= __get_user(current->thread.irix_oldctx, &ctx->link);
767 return error; 781 if (err)
782 goto segv_and_exit;
783
784 /*
785 * Don't let your children do this ...
786 */
787 if (current_thread_info()->flags & TIF_SYSCALL_TRACE)
788 do_syscall_trace(regs, 1);
789 __asm__ __volatile__(
790 "move\t$29,%0\n\t"
791 "j\tsyscall_exit"
792 :/* no outputs */
793 :"r" (&regs));
794 /* Unreached */
795
796segv_and_exit:
797 force_sigsegv(SIGSEGV, current);
768} 798}
769 799
770struct irix_sigstack { unsigned long sp; int status; }; 800struct irix_sigstack {
801 unsigned long sp;
802 int status;
803};
771 804
772asmlinkage int irix_sigstack(struct irix_sigstack *new, struct irix_sigstack *old) 805asmlinkage int irix_sigstack(struct irix_sigstack __user *new,
806 struct irix_sigstack __user *old)
773{ 807{
774 int error = -EFAULT;
775
776#ifdef DEBUG_SIG 808#ifdef DEBUG_SIG
777 printk("[%s:%d] irix_sigstack(%p,%p)\n", 809 printk("[%s:%d] irix_sigstack(%p,%p)\n",
778 current->comm, current->pid, new, old); 810 current->comm, current->pid, new, old);
779#endif 811#endif
780 if(new) { 812 if (new) {
781 if (!access_ok(VERIFY_READ, new, sizeof(*new))) 813 if (!access_ok(VERIFY_READ, new, sizeof(*new)))
782 goto out; 814 return -EFAULT;
783 } 815 }
784 816
785 if(old) { 817 if (old) {
786 if (!access_ok(VERIFY_WRITE, old, sizeof(*old))) 818 if (!access_ok(VERIFY_WRITE, old, sizeof(*old)))
787 goto out; 819 return -EFAULT;
788 } 820 }
789 error = 0;
790 821
791out: 822 return 0;
792 return error;
793} 823}
794 824
795struct irix_sigaltstack { unsigned long sp; int size; int status; }; 825struct irix_sigaltstack { unsigned long sp; int size; int status; };
796 826
797asmlinkage int irix_sigaltstack(struct irix_sigaltstack *new, 827asmlinkage int irix_sigaltstack(struct irix_sigaltstack __user *new,
798 struct irix_sigaltstack *old) 828 struct irix_sigaltstack __user *old)
799{ 829{
800 int error = -EFAULT;
801
802#ifdef DEBUG_SIG 830#ifdef DEBUG_SIG
803 printk("[%s:%d] irix_sigaltstack(%p,%p)\n", 831 printk("[%s:%d] irix_sigaltstack(%p,%p)\n",
804 current->comm, current->pid, new, old); 832 current->comm, current->pid, new, old);
805#endif 833#endif
806 if (new) { 834 if (new)
807 if (!access_ok(VERIFY_READ, new, sizeof(*new))) 835 if (!access_ok(VERIFY_READ, new, sizeof(*new)))
808 goto out; 836 return -EFAULT;
809 }
810 837
811 if (old) { 838 if (old) {
812 if (!access_ok(VERIFY_WRITE, old, sizeof(*old))) 839 if (!access_ok(VERIFY_WRITE, old, sizeof(*old)))
813 goto out; 840 return -EFAULT;
814 } 841 }
815 error = 0;
816
817out:
818 error = 0;
819 842
820 return error; 843 return 0;
821} 844}
822 845
823struct irix_procset { 846struct irix_procset {
824 int cmd, ltype, lid, rtype, rid; 847 int cmd, ltype, lid, rtype, rid;
825}; 848};
826 849
827asmlinkage int irix_sigsendset(struct irix_procset *pset, int sig) 850asmlinkage int irix_sigsendset(struct irix_procset __user *pset, int sig)
828{ 851{
829 if (!access_ok(VERIFY_READ, pset, sizeof(*pset))) 852 if (!access_ok(VERIFY_READ, pset, sizeof(*pset)))
830 return -EFAULT; 853 return -EFAULT;
831
832#ifdef DEBUG_SIG 854#ifdef DEBUG_SIG
833 printk("[%s:%d] irix_sigsendset([%d,%d,%d,%d,%d],%d)\n", 855 printk("[%s:%d] irix_sigsendset([%d,%d,%d,%d,%d],%d)\n",
834 current->comm, current->pid, 856 current->comm, current->pid,
diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c
index f99efce556ea..5223c4450e4c 100644
--- a/arch/mips/kernel/process.c
+++ b/arch/mips/kernel/process.c
@@ -39,14 +39,6 @@
39#include <asm/inst.h> 39#include <asm/inst.h>
40 40
41/* 41/*
42 * We use this if we don't have any better idle routine..
43 * (This to kill: kernel/platform.c.
44 */
45void default_idle (void)
46{
47}
48
49/*
50 * The idle thread. There's no useful work to be done, so just try to conserve 42 * The idle thread. There's no useful work to be done, so just try to conserve
51 * power and have a low exit latency (ie sit in a loop waiting for somebody to 43 * power and have a low exit latency (ie sit in a loop waiting for somebody to
52 * say that they'd like to reschedule) 44 * say that they'd like to reschedule)
diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c
index 0b571a5b4b83..2c7fc7472fb2 100644
--- a/arch/mips/kernel/ptrace.c
+++ b/arch/mips/kernel/ptrace.c
@@ -103,7 +103,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
103 ret = -EIO; 103 ret = -EIO;
104 if (copied != sizeof(tmp)) 104 if (copied != sizeof(tmp))
105 break; 105 break;
106 ret = put_user(tmp,(unsigned long *) data); 106 ret = put_user(tmp,(unsigned long __user *) data);
107 break; 107 break;
108 } 108 }
109 109
@@ -180,7 +180,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
180 ret = -EIO; 180 ret = -EIO;
181 goto out_tsk; 181 goto out_tsk;
182 } 182 }
183 ret = put_user(tmp, (unsigned long *) data); 183 ret = put_user(tmp, (unsigned long __user *) data);
184 break; 184 break;
185 } 185 }
186 186
diff --git a/arch/mips/kernel/signal.c b/arch/mips/kernel/signal.c
index 0209c1dd1429..eb127230cc9a 100644
--- a/arch/mips/kernel/signal.c
+++ b/arch/mips/kernel/signal.c
@@ -47,9 +47,10 @@ save_static_function(sys_sigsuspend);
47__attribute_used__ noinline static int 47__attribute_used__ noinline static int
48_sys_sigsuspend(nabi_no_regargs struct pt_regs regs) 48_sys_sigsuspend(nabi_no_regargs struct pt_regs regs)
49{ 49{
50 sigset_t *uset, saveset, newset; 50 sigset_t saveset, newset;
51 sigset_t __user *uset;
51 52
52 uset = (sigset_t *) regs.regs[4]; 53 uset = (sigset_t __user *) regs.regs[4];
53 if (copy_from_user(&newset, uset, sizeof(sigset_t))) 54 if (copy_from_user(&newset, uset, sizeof(sigset_t)))
54 return -EFAULT; 55 return -EFAULT;
55 sigdelsetmask(&newset, ~_BLOCKABLE); 56 sigdelsetmask(&newset, ~_BLOCKABLE);
@@ -75,7 +76,8 @@ save_static_function(sys_rt_sigsuspend);
75__attribute_used__ noinline static int 76__attribute_used__ noinline static int
76_sys_rt_sigsuspend(nabi_no_regargs struct pt_regs regs) 77_sys_rt_sigsuspend(nabi_no_regargs struct pt_regs regs)
77{ 78{
78 sigset_t *unewset, saveset, newset; 79 sigset_t saveset, newset;
80 sigset_t __user *unewset;
79 size_t sigsetsize; 81 size_t sigsetsize;
80 82
81 /* XXX Don't preclude handling different sized sigset_t's. */ 83 /* XXX Don't preclude handling different sized sigset_t's. */
@@ -83,7 +85,7 @@ _sys_rt_sigsuspend(nabi_no_regargs struct pt_regs regs)
83 if (sigsetsize != sizeof(sigset_t)) 85 if (sigsetsize != sizeof(sigset_t))
84 return -EINVAL; 86 return -EINVAL;
85 87
86 unewset = (sigset_t *) regs.regs[4]; 88 unewset = (sigset_t __user *) regs.regs[4];
87 if (copy_from_user(&newset, unewset, sizeof(newset))) 89 if (copy_from_user(&newset, unewset, sizeof(newset)))
88 return -EFAULT; 90 return -EFAULT;
89 sigdelsetmask(&newset, ~_BLOCKABLE); 91 sigdelsetmask(&newset, ~_BLOCKABLE);
@@ -147,8 +149,8 @@ asmlinkage int sys_sigaction(int sig, const struct sigaction *act,
147 149
148asmlinkage int sys_sigaltstack(nabi_no_regargs struct pt_regs regs) 150asmlinkage int sys_sigaltstack(nabi_no_regargs struct pt_regs regs)
149{ 151{
150 const stack_t *uss = (const stack_t *) regs.regs[4]; 152 const stack_t __user *uss = (const stack_t __user *) regs.regs[4];
151 stack_t *uoss = (stack_t *) regs.regs[5]; 153 stack_t __user *uoss = (stack_t __user *) regs.regs[5];
152 unsigned long usp = regs.regs[29]; 154 unsigned long usp = regs.regs[29];
153 155
154 return do_sigaltstack(uss, uoss, usp); 156 return do_sigaltstack(uss, uoss, usp);
diff --git a/arch/mips/kernel/sysirix.c b/arch/mips/kernel/sysirix.c
index ed7c0e3c2f85..52924f8ce23c 100644
--- a/arch/mips/kernel/sysirix.c
+++ b/arch/mips/kernel/sysirix.c
@@ -233,7 +233,7 @@ asmlinkage int irix_prctl(unsigned option, ...)
233 233
234#undef DEBUG_PROCGRPS 234#undef DEBUG_PROCGRPS
235 235
236extern unsigned long irix_mapelf(int fd, struct elf_phdr *user_phdrp, int cnt); 236extern unsigned long irix_mapelf(int fd, struct elf_phdr __user *user_phdrp, int cnt);
237extern int getrusage(struct task_struct *p, int who, struct rusage __user *ru); 237extern int getrusage(struct task_struct *p, int who, struct rusage __user *ru);
238extern char *prom_getenv(char *name); 238extern char *prom_getenv(char *name);
239extern long prom_setenv(char *name, char *value); 239extern long prom_setenv(char *name, char *value);
@@ -270,23 +270,19 @@ asmlinkage int irix_syssgi(struct pt_regs *regs)
270 cmd = regs->regs[base + 4]; 270 cmd = regs->regs[base + 4];
271 switch(cmd) { 271 switch(cmd) {
272 case SGI_SYSID: { 272 case SGI_SYSID: {
273 char *buf = (char *) regs->regs[base + 5]; 273 char __user *buf = (char __user *) regs->regs[base + 5];
274 274
275 /* XXX Use ethernet addr.... */ 275 /* XXX Use ethernet addr.... */
276 retval = clear_user(buf, 64); 276 retval = clear_user(buf, 64) ? -EFAULT : 0;
277 break; 277 break;
278 } 278 }
279#if 0 279#if 0
280 case SGI_RDNAME: { 280 case SGI_RDNAME: {
281 int pid = (int) regs->regs[base + 5]; 281 int pid = (int) regs->regs[base + 5];
282 char *buf = (char *) regs->regs[base + 6]; 282 char __user *buf = (char __user *) regs->regs[base + 6];
283 struct task_struct *p; 283 struct task_struct *p;
284 char tcomm[sizeof(current->comm)]; 284 char tcomm[sizeof(current->comm)];
285 285
286 if (!access_ok(VERIFY_WRITE, buf, sizeof(tcomm))) {
287 retval = -EFAULT;
288 break;
289 }
290 read_lock(&tasklist_lock); 286 read_lock(&tasklist_lock);
291 p = find_task_by_pid(pid); 287 p = find_task_by_pid(pid);
292 if (!p) { 288 if (!p) {
@@ -298,34 +294,28 @@ asmlinkage int irix_syssgi(struct pt_regs *regs)
298 read_unlock(&tasklist_lock); 294 read_unlock(&tasklist_lock);
299 295
300 /* XXX Need to check sizes. */ 296 /* XXX Need to check sizes. */
301 copy_to_user(buf, tcomm, sizeof(tcomm)); 297 retval = copy_to_user(buf, tcomm, sizeof(tcomm)) ? -EFAULT : 0;
302 retval = 0;
303 break; 298 break;
304 } 299 }
305 300
306 case SGI_GETNVRAM: { 301 case SGI_GETNVRAM: {
307 char *name = (char *) regs->regs[base+5]; 302 char __user *name = (char __user *) regs->regs[base+5];
308 char *buf = (char *) regs->regs[base+6]; 303 char __user *buf = (char __user *) regs->regs[base+6];
309 char *value; 304 char *value;
310 return -EINVAL; /* til I fix it */ 305 return -EINVAL; /* til I fix it */
311 if (!access_ok(VERIFY_WRITE, buf, 128)) {
312 retval = -EFAULT;
313 break;
314 }
315 value = prom_getenv(name); /* PROM lock? */ 306 value = prom_getenv(name); /* PROM lock? */
316 if (!value) { 307 if (!value) {
317 retval = -EINVAL; 308 retval = -EINVAL;
318 break; 309 break;
319 } 310 }
320 /* Do I strlen() for the length? */ 311 /* Do I strlen() for the length? */
321 copy_to_user(buf, value, 128); 312 retval = copy_to_user(buf, value, 128) ? -EFAULT : 0;
322 retval = 0;
323 break; 313 break;
324 } 314 }
325 315
326 case SGI_SETNVRAM: { 316 case SGI_SETNVRAM: {
327 char *name = (char *) regs->regs[base+5]; 317 char __user *name = (char __user *) regs->regs[base+5];
328 char *value = (char *) regs->regs[base+6]; 318 char __user *value = (char __user *) regs->regs[base+6];
329 return -EINVAL; /* til I fix it */ 319 return -EINVAL; /* til I fix it */
330 retval = prom_setenv(name, value); 320 retval = prom_setenv(name, value);
331 /* XXX make sure retval conforms to syssgi(2) */ 321 /* XXX make sure retval conforms to syssgi(2) */
@@ -401,16 +391,16 @@ asmlinkage int irix_syssgi(struct pt_regs *regs)
401 391
402 case SGI_SETGROUPS: 392 case SGI_SETGROUPS:
403 retval = sys_setgroups((int) regs->regs[base + 5], 393 retval = sys_setgroups((int) regs->regs[base + 5],
404 (gid_t *) regs->regs[base + 6]); 394 (gid_t __user *) regs->regs[base + 6]);
405 break; 395 break;
406 396
407 case SGI_GETGROUPS: 397 case SGI_GETGROUPS:
408 retval = sys_getgroups((int) regs->regs[base + 5], 398 retval = sys_getgroups((int) regs->regs[base + 5],
409 (gid_t *) regs->regs[base + 6]); 399 (gid_t __user *) regs->regs[base + 6]);
410 break; 400 break;
411 401
412 case SGI_RUSAGE: { 402 case SGI_RUSAGE: {
413 struct rusage *ru = (struct rusage *) regs->regs[base + 6]; 403 struct rusage __user *ru = (struct rusage __user *) regs->regs[base + 6];
414 404
415 switch((int) regs->regs[base + 5]) { 405 switch((int) regs->regs[base + 5]) {
416 case 0: 406 case 0:
@@ -447,7 +437,7 @@ asmlinkage int irix_syssgi(struct pt_regs *regs)
447 437
448 case SGI_ELFMAP: 438 case SGI_ELFMAP:
449 retval = irix_mapelf((int) regs->regs[base + 5], 439 retval = irix_mapelf((int) regs->regs[base + 5],
450 (struct elf_phdr *) regs->regs[base + 6], 440 (struct elf_phdr __user *) regs->regs[base + 6],
451 (int) regs->regs[base + 7]); 441 (int) regs->regs[base + 7]);
452 break; 442 break;
453 443
@@ -462,24 +452,24 @@ asmlinkage int irix_syssgi(struct pt_regs *regs)
462 452
463 case SGI_PHYSP: { 453 case SGI_PHYSP: {
464 unsigned long addr = regs->regs[base + 5]; 454 unsigned long addr = regs->regs[base + 5];
465 int *pageno = (int *) (regs->regs[base + 6]); 455 int __user *pageno = (int __user *) (regs->regs[base + 6]);
466 struct mm_struct *mm = current->mm; 456 struct mm_struct *mm = current->mm;
467 pgd_t *pgdp; 457 pgd_t *pgdp;
458 pud_t *pudp;
468 pmd_t *pmdp; 459 pmd_t *pmdp;
469 pte_t *ptep; 460 pte_t *ptep;
470 461
471 if (!access_ok(VERIFY_WRITE, pageno, sizeof(int)))
472 return -EFAULT;
473
474 down_read(&mm->mmap_sem); 462 down_read(&mm->mmap_sem);
475 pgdp = pgd_offset(mm, addr); 463 pgdp = pgd_offset(mm, addr);
476 pmdp = pmd_offset(pgdp, addr); 464 pudp = pud_offset(pgdp, addr);
465 pmdp = pmd_offset(pudp, addr);
477 ptep = pte_offset(pmdp, addr); 466 ptep = pte_offset(pmdp, addr);
478 retval = -EINVAL; 467 retval = -EINVAL;
479 if (ptep) { 468 if (ptep) {
480 pte_t pte = *ptep; 469 pte_t pte = *ptep;
481 470
482 if (pte_val(pte) & (_PAGE_VALID | _PAGE_PRESENT)) { 471 if (pte_val(pte) & (_PAGE_VALID | _PAGE_PRESENT)) {
472 /* b0rked on 64-bit */
483 retval = put_user((pte_val(pte) & PAGE_MASK) >> 473 retval = put_user((pte_val(pte) & PAGE_MASK) >>
484 PAGE_SHIFT, pageno); 474 PAGE_SHIFT, pageno);
485 } 475 }
@@ -490,7 +480,7 @@ asmlinkage int irix_syssgi(struct pt_regs *regs)
490 480
491 case SGI_INVENT: { 481 case SGI_INVENT: {
492 int arg1 = (int) regs->regs [base + 5]; 482 int arg1 = (int) regs->regs [base + 5];
493 void *buffer = (void *) regs->regs [base + 6]; 483 void __user *buffer = (void __user *) regs->regs [base + 6];
494 int count = (int) regs->regs [base + 7]; 484 int count = (int) regs->regs [base + 7];
495 485
496 switch (arg1) { 486 switch (arg1) {
@@ -686,8 +676,8 @@ asmlinkage int irix_pause(void)
686} 676}
687 677
688/* XXX need more than this... */ 678/* XXX need more than this... */
689asmlinkage int irix_mount(char *dev_name, char *dir_name, unsigned long flags, 679asmlinkage int irix_mount(char __user *dev_name, char __user *dir_name,
690 char *type, void *data, int datalen) 680 unsigned long flags, char __user *type, void __user *data, int datalen)
691{ 681{
692 printk("[%s:%d] irix_mount(%p,%p,%08lx,%p,%p,%d)\n", 682 printk("[%s:%d] irix_mount(%p,%p,%08lx,%p,%p,%d)\n",
693 current->comm, current->pid, 683 current->comm, current->pid,
@@ -702,8 +692,8 @@ struct irix_statfs {
702 char f_fname[6], f_fpack[6]; 692 char f_fname[6], f_fpack[6];
703}; 693};
704 694
705asmlinkage int irix_statfs(const char *path, struct irix_statfs *buf, 695asmlinkage int irix_statfs(const char __user *path,
706 int len, int fs_type) 696 struct irix_statfs __user *buf, int len, int fs_type)
707{ 697{
708 struct nameidata nd; 698 struct nameidata nd;
709 struct kstatfs kbuf; 699 struct kstatfs kbuf;
@@ -718,6 +708,7 @@ asmlinkage int irix_statfs(const char *path, struct irix_statfs *buf,
718 error = -EFAULT; 708 error = -EFAULT;
719 goto out; 709 goto out;
720 } 710 }
711
721 error = user_path_walk(path, &nd); 712 error = user_path_walk(path, &nd);
722 if (error) 713 if (error)
723 goto out; 714 goto out;
@@ -726,18 +717,17 @@ asmlinkage int irix_statfs(const char *path, struct irix_statfs *buf,
726 if (error) 717 if (error)
727 goto dput_and_out; 718 goto dput_and_out;
728 719
729 __put_user(kbuf.f_type, &buf->f_type); 720 error = __put_user(kbuf.f_type, &buf->f_type);
730 __put_user(kbuf.f_bsize, &buf->f_bsize); 721 error |= __put_user(kbuf.f_bsize, &buf->f_bsize);
731 __put_user(kbuf.f_frsize, &buf->f_frsize); 722 error |= __put_user(kbuf.f_frsize, &buf->f_frsize);
732 __put_user(kbuf.f_blocks, &buf->f_blocks); 723 error |= __put_user(kbuf.f_blocks, &buf->f_blocks);
733 __put_user(kbuf.f_bfree, &buf->f_bfree); 724 error |= __put_user(kbuf.f_bfree, &buf->f_bfree);
734 __put_user(kbuf.f_files, &buf->f_files); 725 error |= __put_user(kbuf.f_files, &buf->f_files);
735 __put_user(kbuf.f_ffree, &buf->f_ffree); 726 error |= __put_user(kbuf.f_ffree, &buf->f_ffree);
736 for (i = 0; i < 6; i++) { 727 for (i = 0; i < 6; i++) {
737 __put_user(0, &buf->f_fname[i]); 728 error |= __put_user(0, &buf->f_fname[i]);
738 __put_user(0, &buf->f_fpack[i]); 729 error |= __put_user(0, &buf->f_fpack[i]);
739 } 730 }
740 error = 0;
741 731
742dput_and_out: 732dput_and_out:
743 path_release(&nd); 733 path_release(&nd);
@@ -745,7 +735,7 @@ out:
745 return error; 735 return error;
746} 736}
747 737
748asmlinkage int irix_fstatfs(unsigned int fd, struct irix_statfs *buf) 738asmlinkage int irix_fstatfs(unsigned int fd, struct irix_statfs __user *buf)
749{ 739{
750 struct kstatfs kbuf; 740 struct kstatfs kbuf;
751 struct file *file; 741 struct file *file;
@@ -755,6 +745,7 @@ asmlinkage int irix_fstatfs(unsigned int fd, struct irix_statfs *buf)
755 error = -EFAULT; 745 error = -EFAULT;
756 goto out; 746 goto out;
757 } 747 }
748
758 if (!(file = fget(fd))) { 749 if (!(file = fget(fd))) {
759 error = -EBADF; 750 error = -EBADF;
760 goto out; 751 goto out;
@@ -764,16 +755,17 @@ asmlinkage int irix_fstatfs(unsigned int fd, struct irix_statfs *buf)
764 if (error) 755 if (error)
765 goto out_f; 756 goto out_f;
766 757
767 __put_user(kbuf.f_type, &buf->f_type); 758 error = __put_user(kbuf.f_type, &buf->f_type);
768 __put_user(kbuf.f_bsize, &buf->f_bsize); 759 error |= __put_user(kbuf.f_bsize, &buf->f_bsize);
769 __put_user(kbuf.f_frsize, &buf->f_frsize); 760 error |= __put_user(kbuf.f_frsize, &buf->f_frsize);
770 __put_user(kbuf.f_blocks, &buf->f_blocks); 761 error |= __put_user(kbuf.f_blocks, &buf->f_blocks);
771 __put_user(kbuf.f_bfree, &buf->f_bfree); 762 error |= __put_user(kbuf.f_bfree, &buf->f_bfree);
772 __put_user(kbuf.f_files, &buf->f_files); 763 error |= __put_user(kbuf.f_files, &buf->f_files);
773 __put_user(kbuf.f_ffree, &buf->f_ffree); 764 error |= __put_user(kbuf.f_ffree, &buf->f_ffree);
774 for(i = 0; i < 6; i++) { 765
775 __put_user(0, &buf->f_fname[i]); 766 for (i = 0; i < 6; i++) {
776 __put_user(0, &buf->f_fpack[i]); 767 error |= __put_user(0, &buf->f_fname[i]);
768 error |= __put_user(0, &buf->f_fpack[i]);
777 } 769 }
778 770
779out_f: 771out_f:
@@ -800,14 +792,15 @@ asmlinkage int irix_setpgrp(int flags)
800 return error; 792 return error;
801} 793}
802 794
803asmlinkage int irix_times(struct tms * tbuf) 795asmlinkage int irix_times(struct tms __user *tbuf)
804{ 796{
805 int err = 0; 797 int err = 0;
806 798
807 if (tbuf) { 799 if (tbuf) {
808 if (!access_ok(VERIFY_WRITE,tbuf,sizeof *tbuf)) 800 if (!access_ok(VERIFY_WRITE,tbuf,sizeof *tbuf))
809 return -EFAULT; 801 return -EFAULT;
810 err |= __put_user(current->utime, &tbuf->tms_utime); 802
803 err = __put_user(current->utime, &tbuf->tms_utime);
811 err |= __put_user(current->stime, &tbuf->tms_stime); 804 err |= __put_user(current->stime, &tbuf->tms_stime);
812 err |= __put_user(current->signal->cutime, &tbuf->tms_cutime); 805 err |= __put_user(current->signal->cutime, &tbuf->tms_cutime);
813 err |= __put_user(current->signal->cstime, &tbuf->tms_cstime); 806 err |= __put_user(current->signal->cstime, &tbuf->tms_cstime);
@@ -823,13 +816,13 @@ asmlinkage int irix_exec(struct pt_regs *regs)
823 816
824 if(regs->regs[2] == 1000) 817 if(regs->regs[2] == 1000)
825 base = 1; 818 base = 1;
826 filename = getname((char *) (long)regs->regs[base + 4]); 819 filename = getname((char __user *) (long)regs->regs[base + 4]);
827 error = PTR_ERR(filename); 820 error = PTR_ERR(filename);
828 if (IS_ERR(filename)) 821 if (IS_ERR(filename))
829 return error; 822 return error;
830 823
831 error = do_execve(filename, (char **) (long)regs->regs[base + 5], 824 error = do_execve(filename, (char __user * __user *) (long)regs->regs[base + 5],
832 (char **) 0, regs); 825 NULL, regs);
833 putname(filename); 826 putname(filename);
834 827
835 return error; 828 return error;
@@ -842,12 +835,12 @@ asmlinkage int irix_exece(struct pt_regs *regs)
842 835
843 if (regs->regs[2] == 1000) 836 if (regs->regs[2] == 1000)
844 base = 1; 837 base = 1;
845 filename = getname((char *) (long)regs->regs[base + 4]); 838 filename = getname((char __user *) (long)regs->regs[base + 4]);
846 error = PTR_ERR(filename); 839 error = PTR_ERR(filename);
847 if (IS_ERR(filename)) 840 if (IS_ERR(filename))
848 return error; 841 return error;
849 error = do_execve(filename, (char **) (long)regs->regs[base + 5], 842 error = do_execve(filename, (char __user * __user *) (long)regs->regs[base + 5],
850 (char **) (long)regs->regs[base + 6], regs); 843 (char __user * __user *) (long)regs->regs[base + 6], regs);
851 putname(filename); 844 putname(filename);
852 845
853 return error; 846 return error;
@@ -903,22 +896,17 @@ asmlinkage int irix_socket(int family, int type, int protocol)
903 return sys_socket(family, type, protocol); 896 return sys_socket(family, type, protocol);
904} 897}
905 898
906asmlinkage int irix_getdomainname(char *name, int len) 899asmlinkage int irix_getdomainname(char __user *name, int len)
907{ 900{
908 int error; 901 int err;
909
910 if (!access_ok(VERIFY_WRITE, name, len))
911 return -EFAULT;
912 902
913 down_read(&uts_sem); 903 down_read(&uts_sem);
914 if (len > __NEW_UTS_LEN) 904 if (len > __NEW_UTS_LEN)
915 len = __NEW_UTS_LEN; 905 len = __NEW_UTS_LEN;
916 error = 0; 906 err = copy_to_user(name, system_utsname.domainname, len) ? -EFAULT : 0;
917 if (copy_to_user(name, system_utsname.domainname, len))
918 error = -EFAULT;
919 up_read(&uts_sem); 907 up_read(&uts_sem);
920 908
921 return error; 909 return err;
922} 910}
923 911
924asmlinkage unsigned long irix_getpagesize(void) 912asmlinkage unsigned long irix_getpagesize(void)
@@ -934,12 +922,13 @@ asmlinkage int irix_msgsys(int opcode, unsigned long arg0, unsigned long arg1,
934 case 0: 922 case 0:
935 return sys_msgget((key_t) arg0, (int) arg1); 923 return sys_msgget((key_t) arg0, (int) arg1);
936 case 1: 924 case 1:
937 return sys_msgctl((int) arg0, (int) arg1, (struct msqid_ds *)arg2); 925 return sys_msgctl((int) arg0, (int) arg1,
926 (struct msqid_ds __user *)arg2);
938 case 2: 927 case 2:
939 return sys_msgrcv((int) arg0, (struct msgbuf *) arg1, 928 return sys_msgrcv((int) arg0, (struct msgbuf __user *) arg1,
940 (size_t) arg2, (long) arg3, (int) arg4); 929 (size_t) arg2, (long) arg3, (int) arg4);
941 case 3: 930 case 3:
942 return sys_msgsnd((int) arg0, (struct msgbuf *) arg1, 931 return sys_msgsnd((int) arg0, (struct msgbuf __user *) arg1,
943 (size_t) arg2, (int) arg3); 932 (size_t) arg2, (int) arg3);
944 default: 933 default:
945 return -EINVAL; 934 return -EINVAL;
@@ -951,12 +940,13 @@ asmlinkage int irix_shmsys(int opcode, unsigned long arg0, unsigned long arg1,
951{ 940{
952 switch (opcode) { 941 switch (opcode) {
953 case 0: 942 case 0:
954 return do_shmat((int) arg0, (char *)arg1, (int) arg2, 943 return do_shmat((int) arg0, (char __user *) arg1, (int) arg2,
955 (unsigned long *) arg3); 944 (unsigned long *) arg3);
956 case 1: 945 case 1:
957 return sys_shmctl((int)arg0, (int)arg1, (struct shmid_ds *)arg2); 946 return sys_shmctl((int)arg0, (int)arg1,
947 (struct shmid_ds __user *)arg2);
958 case 2: 948 case 2:
959 return sys_shmdt((char *)arg0); 949 return sys_shmdt((char __user *)arg0);
960 case 3: 950 case 3:
961 return sys_shmget((key_t) arg0, (int) arg1, (int) arg2); 951 return sys_shmget((key_t) arg0, (int) arg1, (int) arg2);
962 default: 952 default:
@@ -974,7 +964,7 @@ asmlinkage int irix_semsys(int opcode, unsigned long arg0, unsigned long arg1,
974 case 1: 964 case 1:
975 return sys_semget((key_t) arg0, (int) arg1, (int) arg2); 965 return sys_semget((key_t) arg0, (int) arg1, (int) arg2);
976 case 2: 966 case 2:
977 return sys_semop((int) arg0, (struct sembuf *)arg1, 967 return sys_semop((int) arg0, (struct sembuf __user *)arg1,
978 (unsigned int) arg2); 968 (unsigned int) arg2);
979 default: 969 default:
980 return -EINVAL; 970 return -EINVAL;
@@ -992,15 +982,16 @@ static inline loff_t llseek(struct file *file, loff_t offset, int origin)
992 lock_kernel(); 982 lock_kernel();
993 retval = fn(file, offset, origin); 983 retval = fn(file, offset, origin);
994 unlock_kernel(); 984 unlock_kernel();
985
995 return retval; 986 return retval;
996} 987}
997 988
998asmlinkage int irix_lseek64(int fd, int _unused, int offhi, int offlow, 989asmlinkage int irix_lseek64(int fd, int _unused, int offhi, int offlow,
999 int origin) 990 int origin)
1000{ 991{
1001 int retval;
1002 struct file * file; 992 struct file * file;
1003 loff_t offset; 993 loff_t offset;
994 int retval;
1004 995
1005 retval = -EBADF; 996 retval = -EBADF;
1006 file = fget(fd); 997 file = fget(fd);
@@ -1025,12 +1016,12 @@ asmlinkage int irix_sginap(int ticks)
1025 return 0; 1016 return 0;
1026} 1017}
1027 1018
1028asmlinkage int irix_sgikopt(char *istring, char *ostring, int len) 1019asmlinkage int irix_sgikopt(char __user *istring, char __user *ostring, int len)
1029{ 1020{
1030 return -EINVAL; 1021 return -EINVAL;
1031} 1022}
1032 1023
1033asmlinkage int irix_gettimeofday(struct timeval *tv) 1024asmlinkage int irix_gettimeofday(struct timeval __user *tv)
1034{ 1025{
1035 time_t sec; 1026 time_t sec;
1036 long nsec, seq; 1027 long nsec, seq;
@@ -1071,7 +1062,7 @@ asmlinkage unsigned long irix_mmap32(unsigned long addr, size_t len, int prot,
1071 1062
1072 if (max_size > file->f_dentry->d_inode->i_size) { 1063 if (max_size > file->f_dentry->d_inode->i_size) {
1073 old_pos = sys_lseek (fd, max_size - 1, 0); 1064 old_pos = sys_lseek (fd, max_size - 1, 0);
1074 sys_write (fd, "", 1); 1065 sys_write (fd, (void __user *) "", 1);
1075 sys_lseek (fd, old_pos, 0); 1066 sys_lseek (fd, old_pos, 0);
1076 } 1067 }
1077 } 1068 }
@@ -1096,7 +1087,7 @@ asmlinkage int irix_madvise(unsigned long addr, int len, int behavior)
1096 return -EINVAL; 1087 return -EINVAL;
1097} 1088}
1098 1089
1099asmlinkage int irix_pagelock(char *addr, int len, int op) 1090asmlinkage int irix_pagelock(char __user *addr, int len, int op)
1100{ 1091{
1101 printk("[%s:%d] Wheee.. irix_pagelock(%p,%d,%d)\n", 1092 printk("[%s:%d] Wheee.. irix_pagelock(%p,%d,%d)\n",
1102 current->comm, current->pid, addr, len, op); 1093 current->comm, current->pid, addr, len, op);
@@ -1136,7 +1127,7 @@ asmlinkage int irix_BSDsetpgrp(int pid, int pgrp)
1136 return error; 1127 return error;
1137} 1128}
1138 1129
1139asmlinkage int irix_systeminfo(int cmd, char *buf, int cnt) 1130asmlinkage int irix_systeminfo(int cmd, char __user *buf, int cnt)
1140{ 1131{
1141 printk("[%s:%d] Wheee.. irix_systeminfo(%d,%p,%d)\n", 1132 printk("[%s:%d] Wheee.. irix_systeminfo(%d,%p,%d)\n",
1142 current->comm, current->pid, cmd, buf, cnt); 1133 current->comm, current->pid, cmd, buf, cnt);
@@ -1152,14 +1143,14 @@ struct iuname {
1152 char _unused3[257], _unused4[257], _unused5[257]; 1143 char _unused3[257], _unused4[257], _unused5[257];
1153}; 1144};
1154 1145
1155asmlinkage int irix_uname(struct iuname *buf) 1146asmlinkage int irix_uname(struct iuname __user *buf)
1156{ 1147{
1157 down_read(&uts_sem); 1148 down_read(&uts_sem);
1158 if (copy_to_user(system_utsname.sysname, buf->sysname, 65) 1149 if (copy_from_user(system_utsname.sysname, buf->sysname, 65)
1159 || copy_to_user(system_utsname.nodename, buf->nodename, 65) 1150 || copy_from_user(system_utsname.nodename, buf->nodename, 65)
1160 || copy_to_user(system_utsname.release, buf->release, 65) 1151 || copy_from_user(system_utsname.release, buf->release, 65)
1161 || copy_to_user(system_utsname.version, buf->version, 65) 1152 || copy_from_user(system_utsname.version, buf->version, 65)
1162 || copy_to_user(system_utsname.machine, buf->machine, 65)) { 1153 || copy_from_user(system_utsname.machine, buf->machine, 65)) {
1163 return -EFAULT; 1154 return -EFAULT;
1164 } 1155 }
1165 up_read(&uts_sem); 1156 up_read(&uts_sem);
@@ -1169,7 +1160,7 @@ asmlinkage int irix_uname(struct iuname *buf)
1169 1160
1170#undef DEBUG_XSTAT 1161#undef DEBUG_XSTAT
1171 1162
1172static int irix_xstat32_xlate(struct kstat *stat, void *ubuf) 1163static int irix_xstat32_xlate(struct kstat *stat, void __user *ubuf)
1173{ 1164{
1174 struct xstat32 { 1165 struct xstat32 {
1175 u32 st_dev, st_pad1[3], st_ino, st_mode, st_nlink, st_uid, st_gid; 1166 u32 st_dev, st_pad1[3], st_ino, st_mode, st_nlink, st_uid, st_gid;
@@ -1209,7 +1200,7 @@ static int irix_xstat32_xlate(struct kstat *stat, void *ubuf)
1209 return copy_to_user(ubuf, &ub, sizeof(ub)) ? -EFAULT : 0; 1200 return copy_to_user(ubuf, &ub, sizeof(ub)) ? -EFAULT : 0;
1210} 1201}
1211 1202
1212static int irix_xstat64_xlate(struct kstat *stat, void *ubuf) 1203static int irix_xstat64_xlate(struct kstat *stat, void __user *ubuf)
1213{ 1204{
1214 struct xstat64 { 1205 struct xstat64 {
1215 u32 st_dev; s32 st_pad1[3]; 1206 u32 st_dev; s32 st_pad1[3];
@@ -1259,7 +1250,7 @@ static int irix_xstat64_xlate(struct kstat *stat, void *ubuf)
1259 return copy_to_user(ubuf, &ks, sizeof(ks)) ? -EFAULT : 0; 1250 return copy_to_user(ubuf, &ks, sizeof(ks)) ? -EFAULT : 0;
1260} 1251}
1261 1252
1262asmlinkage int irix_xstat(int version, char *filename, struct stat *statbuf) 1253asmlinkage int irix_xstat(int version, char __user *filename, struct stat __user *statbuf)
1263{ 1254{
1264 int retval; 1255 int retval;
1265 struct kstat stat; 1256 struct kstat stat;
@@ -1285,7 +1276,7 @@ asmlinkage int irix_xstat(int version, char *filename, struct stat *statbuf)
1285 return retval; 1276 return retval;
1286} 1277}
1287 1278
1288asmlinkage int irix_lxstat(int version, char *filename, struct stat *statbuf) 1279asmlinkage int irix_lxstat(int version, char __user *filename, struct stat __user *statbuf)
1289{ 1280{
1290 int error; 1281 int error;
1291 struct kstat stat; 1282 struct kstat stat;
@@ -1312,7 +1303,7 @@ asmlinkage int irix_lxstat(int version, char *filename, struct stat *statbuf)
1312 return error; 1303 return error;
1313} 1304}
1314 1305
1315asmlinkage int irix_fxstat(int version, int fd, struct stat *statbuf) 1306asmlinkage int irix_fxstat(int version, int fd, struct stat __user *statbuf)
1316{ 1307{
1317 int error; 1308 int error;
1318 struct kstat stat; 1309 struct kstat stat;
@@ -1338,7 +1329,7 @@ asmlinkage int irix_fxstat(int version, int fd, struct stat *statbuf)
1338 return error; 1329 return error;
1339} 1330}
1340 1331
1341asmlinkage int irix_xmknod(int ver, char *filename, int mode, unsigned dev) 1332asmlinkage int irix_xmknod(int ver, char __user *filename, int mode, unsigned dev)
1342{ 1333{
1343 int retval; 1334 int retval;
1344 printk("[%s:%d] Wheee.. irix_xmknod(%d,%s,%x,%x)\n", 1335 printk("[%s:%d] Wheee.. irix_xmknod(%d,%s,%x,%x)\n",
@@ -1358,7 +1349,7 @@ asmlinkage int irix_xmknod(int ver, char *filename, int mode, unsigned dev)
1358 return retval; 1349 return retval;
1359} 1350}
1360 1351
1361asmlinkage int irix_swapctl(int cmd, char *arg) 1352asmlinkage int irix_swapctl(int cmd, char __user *arg)
1362{ 1353{
1363 printk("[%s:%d] Wheee.. irix_swapctl(%d,%p)\n", 1354 printk("[%s:%d] Wheee.. irix_swapctl(%d,%p)\n",
1364 current->comm, current->pid, cmd, arg); 1355 current->comm, current->pid, cmd, arg);
@@ -1374,7 +1365,7 @@ struct irix_statvfs {
1374 char f_fstr[32]; u32 f_filler[16]; 1365 char f_fstr[32]; u32 f_filler[16];
1375}; 1366};
1376 1367
1377asmlinkage int irix_statvfs(char *fname, struct irix_statvfs *buf) 1368asmlinkage int irix_statvfs(char __user *fname, struct irix_statvfs __user *buf)
1378{ 1369{
1379 struct nameidata nd; 1370 struct nameidata nd;
1380 struct kstatfs kbuf; 1371 struct kstatfs kbuf;
@@ -1382,10 +1373,9 @@ asmlinkage int irix_statvfs(char *fname, struct irix_statvfs *buf)
1382 1373
1383 printk("[%s:%d] Wheee.. irix_statvfs(%s,%p)\n", 1374 printk("[%s:%d] Wheee.. irix_statvfs(%s,%p)\n",
1384 current->comm, current->pid, fname, buf); 1375 current->comm, current->pid, fname, buf);
1385 if (!access_ok(VERIFY_WRITE, buf, sizeof(struct irix_statvfs))) { 1376 if (!access_ok(VERIFY_WRITE, buf, sizeof(struct irix_statvfs)))
1386 error = -EFAULT; 1377 return -EFAULT;
1387 goto out; 1378
1388 }
1389 error = user_path_walk(fname, &nd); 1379 error = user_path_walk(fname, &nd);
1390 if (error) 1380 if (error)
1391 goto out; 1381 goto out;
@@ -1393,27 +1383,25 @@ asmlinkage int irix_statvfs(char *fname, struct irix_statvfs *buf)
1393 if (error) 1383 if (error)
1394 goto dput_and_out; 1384 goto dput_and_out;
1395 1385
1396 __put_user(kbuf.f_bsize, &buf->f_bsize); 1386 error |= __put_user(kbuf.f_bsize, &buf->f_bsize);
1397 __put_user(kbuf.f_frsize, &buf->f_frsize); 1387 error |= __put_user(kbuf.f_frsize, &buf->f_frsize);
1398 __put_user(kbuf.f_blocks, &buf->f_blocks); 1388 error |= __put_user(kbuf.f_blocks, &buf->f_blocks);
1399 __put_user(kbuf.f_bfree, &buf->f_bfree); 1389 error |= __put_user(kbuf.f_bfree, &buf->f_bfree);
1400 __put_user(kbuf.f_bfree, &buf->f_bavail); /* XXX hackety hack... */ 1390 error |= __put_user(kbuf.f_bfree, &buf->f_bavail); /* XXX hackety hack... */
1401 __put_user(kbuf.f_files, &buf->f_files); 1391 error |= __put_user(kbuf.f_files, &buf->f_files);
1402 __put_user(kbuf.f_ffree, &buf->f_ffree); 1392 error |= __put_user(kbuf.f_ffree, &buf->f_ffree);
1403 __put_user(kbuf.f_ffree, &buf->f_favail); /* XXX hackety hack... */ 1393 error |= __put_user(kbuf.f_ffree, &buf->f_favail); /* XXX hackety hack... */
1404#ifdef __MIPSEB__ 1394#ifdef __MIPSEB__
1405 __put_user(kbuf.f_fsid.val[1], &buf->f_fsid); 1395 error |= __put_user(kbuf.f_fsid.val[1], &buf->f_fsid);
1406#else 1396#else
1407 __put_user(kbuf.f_fsid.val[0], &buf->f_fsid); 1397 error |= __put_user(kbuf.f_fsid.val[0], &buf->f_fsid);
1408#endif 1398#endif
1409 for (i = 0; i < 16; i++) 1399 for (i = 0; i < 16; i++)
1410 __put_user(0, &buf->f_basetype[i]); 1400 error |= __put_user(0, &buf->f_basetype[i]);
1411 __put_user(0, &buf->f_flag); 1401 error |= __put_user(0, &buf->f_flag);
1412 __put_user(kbuf.f_namelen, &buf->f_namemax); 1402 error |= __put_user(kbuf.f_namelen, &buf->f_namemax);
1413 for (i = 0; i < 32; i++) 1403 for (i = 0; i < 32; i++)
1414 __put_user(0, &buf->f_fstr[i]); 1404 error |= __put_user(0, &buf->f_fstr[i]);
1415
1416 error = 0;
1417 1405
1418dput_and_out: 1406dput_and_out:
1419 path_release(&nd); 1407 path_release(&nd);
@@ -1421,7 +1409,7 @@ out:
1421 return error; 1409 return error;
1422} 1410}
1423 1411
1424asmlinkage int irix_fstatvfs(int fd, struct irix_statvfs *buf) 1412asmlinkage int irix_fstatvfs(int fd, struct irix_statvfs __user *buf)
1425{ 1413{
1426 struct kstatfs kbuf; 1414 struct kstatfs kbuf;
1427 struct file *file; 1415 struct file *file;
@@ -1430,10 +1418,9 @@ asmlinkage int irix_fstatvfs(int fd, struct irix_statvfs *buf)
1430 printk("[%s:%d] Wheee.. irix_fstatvfs(%d,%p)\n", 1418 printk("[%s:%d] Wheee.. irix_fstatvfs(%d,%p)\n",
1431 current->comm, current->pid, fd, buf); 1419 current->comm, current->pid, fd, buf);
1432 1420
1433 if (!access_ok(VERIFY_WRITE, buf, sizeof(struct irix_statvfs))) { 1421 if (!access_ok(VERIFY_WRITE, buf, sizeof(struct irix_statvfs)))
1434 error = -EFAULT; 1422 return -EFAULT;
1435 goto out; 1423
1436 }
1437 if (!(file = fget(fd))) { 1424 if (!(file = fget(fd))) {
1438 error = -EBADF; 1425 error = -EBADF;
1439 goto out; 1426 goto out;
@@ -1442,24 +1429,24 @@ asmlinkage int irix_fstatvfs(int fd, struct irix_statvfs *buf)
1442 if (error) 1429 if (error)
1443 goto out_f; 1430 goto out_f;
1444 1431
1445 __put_user(kbuf.f_bsize, &buf->f_bsize); 1432 error = __put_user(kbuf.f_bsize, &buf->f_bsize);
1446 __put_user(kbuf.f_frsize, &buf->f_frsize); 1433 error |= __put_user(kbuf.f_frsize, &buf->f_frsize);
1447 __put_user(kbuf.f_blocks, &buf->f_blocks); 1434 error |= __put_user(kbuf.f_blocks, &buf->f_blocks);
1448 __put_user(kbuf.f_bfree, &buf->f_bfree); 1435 error |= __put_user(kbuf.f_bfree, &buf->f_bfree);
1449 __put_user(kbuf.f_bfree, &buf->f_bavail); /* XXX hackety hack... */ 1436 error |= __put_user(kbuf.f_bfree, &buf->f_bavail); /* XXX hackety hack... */
1450 __put_user(kbuf.f_files, &buf->f_files); 1437 error |= __put_user(kbuf.f_files, &buf->f_files);
1451 __put_user(kbuf.f_ffree, &buf->f_ffree); 1438 error |= __put_user(kbuf.f_ffree, &buf->f_ffree);
1452 __put_user(kbuf.f_ffree, &buf->f_favail); /* XXX hackety hack... */ 1439 error |= __put_user(kbuf.f_ffree, &buf->f_favail); /* XXX hackety hack... */
1453#ifdef __MIPSEB__ 1440#ifdef __MIPSEB__
1454 __put_user(kbuf.f_fsid.val[1], &buf->f_fsid); 1441 error |= __put_user(kbuf.f_fsid.val[1], &buf->f_fsid);
1455#else 1442#else
1456 __put_user(kbuf.f_fsid.val[0], &buf->f_fsid); 1443 error |= __put_user(kbuf.f_fsid.val[0], &buf->f_fsid);
1457#endif 1444#endif
1458 for(i = 0; i < 16; i++) 1445 for(i = 0; i < 16; i++)
1459 __put_user(0, &buf->f_basetype[i]); 1446 error |= __put_user(0, &buf->f_basetype[i]);
1460 __put_user(0, &buf->f_flag); 1447 error |= __put_user(0, &buf->f_flag);
1461 __put_user(kbuf.f_namelen, &buf->f_namemax); 1448 error |= __put_user(kbuf.f_namelen, &buf->f_namemax);
1462 __clear_user(&buf->f_fstr, sizeof(buf->f_fstr)); 1449 error |= __clear_user(&buf->f_fstr, sizeof(buf->f_fstr)) ? -EFAULT : 0;
1463 1450
1464out_f: 1451out_f:
1465 fput(file); 1452 fput(file);
@@ -1483,7 +1470,7 @@ asmlinkage int irix_sigqueue(int pid, int sig, int code, int val)
1483 return -EINVAL; 1470 return -EINVAL;
1484} 1471}
1485 1472
1486asmlinkage int irix_truncate64(char *name, int pad, int size1, int size2) 1473asmlinkage int irix_truncate64(char __user *name, int pad, int size1, int size2)
1487{ 1474{
1488 int retval; 1475 int retval;
1489 1476
@@ -1516,6 +1503,7 @@ asmlinkage int irix_mmap64(struct pt_regs *regs)
1516 int len, prot, flags, fd, off1, off2, error, base = 0; 1503 int len, prot, flags, fd, off1, off2, error, base = 0;
1517 unsigned long addr, pgoff, *sp; 1504 unsigned long addr, pgoff, *sp;
1518 struct file *file = NULL; 1505 struct file *file = NULL;
1506 int err;
1519 1507
1520 if (regs->regs[2] == 1000) 1508 if (regs->regs[2] == 1000)
1521 base = 1; 1509 base = 1;
@@ -1525,36 +1513,31 @@ asmlinkage int irix_mmap64(struct pt_regs *regs)
1525 prot = regs->regs[base + 6]; 1513 prot = regs->regs[base + 6];
1526 if (!base) { 1514 if (!base) {
1527 flags = regs->regs[base + 7]; 1515 flags = regs->regs[base + 7];
1528 if (!access_ok(VERIFY_READ, sp, (4 * sizeof(unsigned long)))) { 1516 if (!access_ok(VERIFY_READ, sp, (4 * sizeof(unsigned long))))
1529 error = -EFAULT; 1517 return -EFAULT;
1530 goto out;
1531 }
1532 fd = sp[0]; 1518 fd = sp[0];
1533 __get_user(off1, &sp[1]); 1519 err = __get_user(off1, &sp[1]);
1534 __get_user(off2, &sp[2]); 1520 err |= __get_user(off2, &sp[2]);
1535 } else { 1521 } else {
1536 if (!access_ok(VERIFY_READ, sp, (5 * sizeof(unsigned long)))) { 1522 if (!access_ok(VERIFY_READ, sp, (5 * sizeof(unsigned long))))
1537 error = -EFAULT; 1523 return -EFAULT;
1538 goto out; 1524 err = __get_user(flags, &sp[0]);
1539 } 1525 err |= __get_user(fd, &sp[1]);
1540 __get_user(flags, &sp[0]); 1526 err |= __get_user(off1, &sp[2]);
1541 __get_user(fd, &sp[1]); 1527 err |= __get_user(off2, &sp[3]);
1542 __get_user(off1, &sp[2]);
1543 __get_user(off2, &sp[3]);
1544 } 1528 }
1545 1529
1546 if (off1 & PAGE_MASK) { 1530 if (err)
1547 error = -EOVERFLOW; 1531 return err;
1548 goto out; 1532
1549 } 1533 if (off1 & PAGE_MASK)
1534 return -EOVERFLOW;
1550 1535
1551 pgoff = (off1 << (32 - PAGE_SHIFT)) | (off2 >> PAGE_SHIFT); 1536 pgoff = (off1 << (32 - PAGE_SHIFT)) | (off2 >> PAGE_SHIFT);
1552 1537
1553 if (!(flags & MAP_ANONYMOUS)) { 1538 if (!(flags & MAP_ANONYMOUS)) {
1554 if (!(file = fget(fd))) { 1539 if (!(file = fget(fd)))
1555 error = -EBADF; 1540 return -EBADF;
1556 goto out;
1557 }
1558 1541
1559 /* Ok, bad taste hack follows, try to think in something else 1542 /* Ok, bad taste hack follows, try to think in something else
1560 when reading this */ 1543 when reading this */
@@ -1564,7 +1547,7 @@ asmlinkage int irix_mmap64(struct pt_regs *regs)
1564 1547
1565 if (max_size > file->f_dentry->d_inode->i_size) { 1548 if (max_size > file->f_dentry->d_inode->i_size) {
1566 old_pos = sys_lseek (fd, max_size - 1, 0); 1549 old_pos = sys_lseek (fd, max_size - 1, 0);
1567 sys_write (fd, "", 1); 1550 sys_write (fd, (void __user *) "", 1);
1568 sys_lseek (fd, old_pos, 0); 1551 sys_lseek (fd, old_pos, 0);
1569 } 1552 }
1570 } 1553 }
@@ -1579,7 +1562,6 @@ asmlinkage int irix_mmap64(struct pt_regs *regs)
1579 if (file) 1562 if (file)
1580 fput(file); 1563 fput(file);
1581 1564
1582out:
1583 return error; 1565 return error;
1584} 1566}
1585 1567
@@ -1591,7 +1573,7 @@ asmlinkage int irix_dmi(struct pt_regs *regs)
1591 return -EINVAL; 1573 return -EINVAL;
1592} 1574}
1593 1575
1594asmlinkage int irix_pread(int fd, char *buf, int cnt, int off64, 1576asmlinkage int irix_pread(int fd, char __user *buf, int cnt, int off64,
1595 int off1, int off2) 1577 int off1, int off2)
1596{ 1578{
1597 printk("[%s:%d] Wheee.. irix_pread(%d,%p,%d,%d,%d,%d)\n", 1579 printk("[%s:%d] Wheee.. irix_pread(%d,%p,%d,%d,%d,%d)\n",
@@ -1600,7 +1582,7 @@ asmlinkage int irix_pread(int fd, char *buf, int cnt, int off64,
1600 return -EINVAL; 1582 return -EINVAL;
1601} 1583}
1602 1584
1603asmlinkage int irix_pwrite(int fd, char *buf, int cnt, int off64, 1585asmlinkage int irix_pwrite(int fd, char __user *buf, int cnt, int off64,
1604 int off1, int off2) 1586 int off1, int off2)
1605{ 1587{
1606 printk("[%s:%d] Wheee.. irix_pwrite(%d,%p,%d,%d,%d,%d)\n", 1588 printk("[%s:%d] Wheee.. irix_pwrite(%d,%p,%d,%d,%d,%d)\n",
@@ -1632,7 +1614,7 @@ struct irix_statvfs64 {
1632 u32 f_filler[16]; 1614 u32 f_filler[16];
1633}; 1615};
1634 1616
1635asmlinkage int irix_statvfs64(char *fname, struct irix_statvfs64 *buf) 1617asmlinkage int irix_statvfs64(char __user *fname, struct irix_statvfs64 __user *buf)
1636{ 1618{
1637 struct nameidata nd; 1619 struct nameidata nd;
1638 struct kstatfs kbuf; 1620 struct kstatfs kbuf;
@@ -1644,6 +1626,7 @@ asmlinkage int irix_statvfs64(char *fname, struct irix_statvfs64 *buf)
1644 error = -EFAULT; 1626 error = -EFAULT;
1645 goto out; 1627 goto out;
1646 } 1628 }
1629
1647 error = user_path_walk(fname, &nd); 1630 error = user_path_walk(fname, &nd);
1648 if (error) 1631 if (error)
1649 goto out; 1632 goto out;
@@ -1651,27 +1634,25 @@ asmlinkage int irix_statvfs64(char *fname, struct irix_statvfs64 *buf)
1651 if (error) 1634 if (error)
1652 goto dput_and_out; 1635 goto dput_and_out;
1653 1636
1654 __put_user(kbuf.f_bsize, &buf->f_bsize); 1637 error = __put_user(kbuf.f_bsize, &buf->f_bsize);
1655 __put_user(kbuf.f_frsize, &buf->f_frsize); 1638 error |= __put_user(kbuf.f_frsize, &buf->f_frsize);
1656 __put_user(kbuf.f_blocks, &buf->f_blocks); 1639 error |= __put_user(kbuf.f_blocks, &buf->f_blocks);
1657 __put_user(kbuf.f_bfree, &buf->f_bfree); 1640 error |= __put_user(kbuf.f_bfree, &buf->f_bfree);
1658 __put_user(kbuf.f_bfree, &buf->f_bavail); /* XXX hackety hack... */ 1641 error |= __put_user(kbuf.f_bfree, &buf->f_bavail); /* XXX hackety hack... */
1659 __put_user(kbuf.f_files, &buf->f_files); 1642 error |= __put_user(kbuf.f_files, &buf->f_files);
1660 __put_user(kbuf.f_ffree, &buf->f_ffree); 1643 error |= __put_user(kbuf.f_ffree, &buf->f_ffree);
1661 __put_user(kbuf.f_ffree, &buf->f_favail); /* XXX hackety hack... */ 1644 error |= __put_user(kbuf.f_ffree, &buf->f_favail); /* XXX hackety hack... */
1662#ifdef __MIPSEB__ 1645#ifdef __MIPSEB__
1663 __put_user(kbuf.f_fsid.val[1], &buf->f_fsid); 1646 error |= __put_user(kbuf.f_fsid.val[1], &buf->f_fsid);
1664#else 1647#else
1665 __put_user(kbuf.f_fsid.val[0], &buf->f_fsid); 1648 error |= __put_user(kbuf.f_fsid.val[0], &buf->f_fsid);
1666#endif 1649#endif
1667 for(i = 0; i < 16; i++) 1650 for(i = 0; i < 16; i++)
1668 __put_user(0, &buf->f_basetype[i]); 1651 error |= __put_user(0, &buf->f_basetype[i]);
1669 __put_user(0, &buf->f_flag); 1652 error |= __put_user(0, &buf->f_flag);
1670 __put_user(kbuf.f_namelen, &buf->f_namemax); 1653 error |= __put_user(kbuf.f_namelen, &buf->f_namemax);
1671 for(i = 0; i < 32; i++) 1654 for(i = 0; i < 32; i++)
1672 __put_user(0, &buf->f_fstr[i]); 1655 error |= __put_user(0, &buf->f_fstr[i]);
1673
1674 error = 0;
1675 1656
1676dput_and_out: 1657dput_and_out:
1677 path_release(&nd); 1658 path_release(&nd);
@@ -1679,7 +1660,7 @@ out:
1679 return error; 1660 return error;
1680} 1661}
1681 1662
1682asmlinkage int irix_fstatvfs64(int fd, struct irix_statvfs *buf) 1663asmlinkage int irix_fstatvfs64(int fd, struct irix_statvfs __user *buf)
1683{ 1664{
1684 struct kstatfs kbuf; 1665 struct kstatfs kbuf;
1685 struct file *file; 1666 struct file *file;
@@ -1700,24 +1681,24 @@ asmlinkage int irix_fstatvfs64(int fd, struct irix_statvfs *buf)
1700 if (error) 1681 if (error)
1701 goto out_f; 1682 goto out_f;
1702 1683
1703 __put_user(kbuf.f_bsize, &buf->f_bsize); 1684 error = __put_user(kbuf.f_bsize, &buf->f_bsize);
1704 __put_user(kbuf.f_frsize, &buf->f_frsize); 1685 error |= __put_user(kbuf.f_frsize, &buf->f_frsize);
1705 __put_user(kbuf.f_blocks, &buf->f_blocks); 1686 error |= __put_user(kbuf.f_blocks, &buf->f_blocks);
1706 __put_user(kbuf.f_bfree, &buf->f_bfree); 1687 error |= __put_user(kbuf.f_bfree, &buf->f_bfree);
1707 __put_user(kbuf.f_bfree, &buf->f_bavail); /* XXX hackety hack... */ 1688 error |= __put_user(kbuf.f_bfree, &buf->f_bavail); /* XXX hackety hack... */
1708 __put_user(kbuf.f_files, &buf->f_files); 1689 error |= __put_user(kbuf.f_files, &buf->f_files);
1709 __put_user(kbuf.f_ffree, &buf->f_ffree); 1690 error |= __put_user(kbuf.f_ffree, &buf->f_ffree);
1710 __put_user(kbuf.f_ffree, &buf->f_favail); /* XXX hackety hack... */ 1691 error |= __put_user(kbuf.f_ffree, &buf->f_favail); /* XXX hackety hack... */
1711#ifdef __MIPSEB__ 1692#ifdef __MIPSEB__
1712 __put_user(kbuf.f_fsid.val[1], &buf->f_fsid); 1693 error |= __put_user(kbuf.f_fsid.val[1], &buf->f_fsid);
1713#else 1694#else
1714 __put_user(kbuf.f_fsid.val[0], &buf->f_fsid); 1695 error |= __put_user(kbuf.f_fsid.val[0], &buf->f_fsid);
1715#endif 1696#endif
1716 for(i = 0; i < 16; i++) 1697 for(i = 0; i < 16; i++)
1717 __put_user(0, &buf->f_basetype[i]); 1698 error |= __put_user(0, &buf->f_basetype[i]);
1718 __put_user(0, &buf->f_flag); 1699 error |= __put_user(0, &buf->f_flag);
1719 __put_user(kbuf.f_namelen, &buf->f_namemax); 1700 error |= __put_user(kbuf.f_namelen, &buf->f_namemax);
1720 __clear_user(buf->f_fstr, sizeof(buf->f_fstr[i])); 1701 error |= __clear_user(buf->f_fstr, sizeof(buf->f_fstr[i])) ? -EFAULT : 0;
1721 1702
1722out_f: 1703out_f:
1723 fput(file); 1704 fput(file);
@@ -1725,9 +1706,9 @@ out:
1725 return error; 1706 return error;
1726} 1707}
1727 1708
1728asmlinkage int irix_getmountid(char *fname, unsigned long *midbuf) 1709asmlinkage int irix_getmountid(char __user *fname, unsigned long __user *midbuf)
1729{ 1710{
1730 int err = 0; 1711 int err;
1731 1712
1732 printk("[%s:%d] irix_getmountid(%s, %p)\n", 1713 printk("[%s:%d] irix_getmountid(%s, %p)\n",
1733 current->comm, current->pid, fname, midbuf); 1714 current->comm, current->pid, fname, midbuf);
@@ -1740,7 +1721,7 @@ asmlinkage int irix_getmountid(char *fname, unsigned long *midbuf)
1740 * fsid of the filesystem to try and make the right decision, but 1721 * fsid of the filesystem to try and make the right decision, but
1741 * we don't have this so for now. XXX 1722 * we don't have this so for now. XXX
1742 */ 1723 */
1743 err |= __put_user(0, &midbuf[0]); 1724 err = __put_user(0, &midbuf[0]);
1744 err |= __put_user(0, &midbuf[1]); 1725 err |= __put_user(0, &midbuf[1]);
1745 err |= __put_user(0, &midbuf[2]); 1726 err |= __put_user(0, &midbuf[2]);
1746 err |= __put_user(0, &midbuf[3]); 1727 err |= __put_user(0, &midbuf[3]);
@@ -1767,8 +1748,8 @@ struct irix_dirent32 {
1767}; 1748};
1768 1749
1769struct irix_dirent32_callback { 1750struct irix_dirent32_callback {
1770 struct irix_dirent32 *current_dir; 1751 struct irix_dirent32 __user *current_dir;
1771 struct irix_dirent32 *previous; 1752 struct irix_dirent32 __user *previous;
1772 int count; 1753 int count;
1773 int error; 1754 int error;
1774}; 1755};
@@ -1776,13 +1757,13 @@ struct irix_dirent32_callback {
1776#define NAME_OFFSET32(de) ((int) ((de)->d_name - (char *) (de))) 1757#define NAME_OFFSET32(de) ((int) ((de)->d_name - (char *) (de)))
1777#define ROUND_UP32(x) (((x)+sizeof(u32)-1) & ~(sizeof(u32)-1)) 1758#define ROUND_UP32(x) (((x)+sizeof(u32)-1) & ~(sizeof(u32)-1))
1778 1759
1779static int irix_filldir32(void *__buf, const char *name, int namlen, 1760static int irix_filldir32(void *__buf, const char *name,
1780 loff_t offset, ino_t ino, unsigned int d_type) 1761 int namlen, loff_t offset, ino_t ino, unsigned int d_type)
1781{ 1762{
1782 struct irix_dirent32 *dirent; 1763 struct irix_dirent32 __user *dirent;
1783 struct irix_dirent32_callback *buf = 1764 struct irix_dirent32_callback *buf = __buf;
1784 (struct irix_dirent32_callback *)__buf;
1785 unsigned short reclen = ROUND_UP32(NAME_OFFSET32(dirent) + namlen + 1); 1765 unsigned short reclen = ROUND_UP32(NAME_OFFSET32(dirent) + namlen + 1);
1766 int err = 0;
1786 1767
1787#ifdef DEBUG_GETDENTS 1768#ifdef DEBUG_GETDENTS
1788 printk("\nirix_filldir32[reclen<%d>namlen<%d>count<%d>]", 1769 printk("\nirix_filldir32[reclen<%d>namlen<%d>count<%d>]",
@@ -1793,25 +1774,26 @@ static int irix_filldir32(void *__buf, const char *name, int namlen,
1793 return -EINVAL; 1774 return -EINVAL;
1794 dirent = buf->previous; 1775 dirent = buf->previous;
1795 if (dirent) 1776 if (dirent)
1796 __put_user(offset, &dirent->d_off); 1777 err = __put_user(offset, &dirent->d_off);
1797 dirent = buf->current_dir; 1778 dirent = buf->current_dir;
1798 buf->previous = dirent; 1779 err |= __put_user(dirent, &buf->previous);
1799 __put_user(ino, &dirent->d_ino); 1780 err |= __put_user(ino, &dirent->d_ino);
1800 __put_user(reclen, &dirent->d_reclen); 1781 err |= __put_user(reclen, &dirent->d_reclen);
1801 copy_to_user(dirent->d_name, name, namlen); 1782 err |= copy_to_user((char __user *)dirent->d_name, name, namlen) ? -EFAULT : 0;
1802 __put_user(0, &dirent->d_name[namlen]); 1783 err |= __put_user(0, &dirent->d_name[namlen]);
1803 ((char *) dirent) += reclen; 1784 dirent = (struct irix_dirent32 __user *) ((char __user *) dirent + reclen);
1785
1804 buf->current_dir = dirent; 1786 buf->current_dir = dirent;
1805 buf->count -= reclen; 1787 buf->count -= reclen;
1806 1788
1807 return 0; 1789 return err;
1808} 1790}
1809 1791
1810asmlinkage int irix_ngetdents(unsigned int fd, void * dirent, 1792asmlinkage int irix_ngetdents(unsigned int fd, void __user * dirent,
1811 unsigned int count, int *eob) 1793 unsigned int count, int __user *eob)
1812{ 1794{
1813 struct file *file; 1795 struct file *file;
1814 struct irix_dirent32 *lastdirent; 1796 struct irix_dirent32 __user *lastdirent;
1815 struct irix_dirent32_callback buf; 1797 struct irix_dirent32_callback buf;
1816 int error; 1798 int error;
1817 1799
@@ -1824,7 +1806,7 @@ asmlinkage int irix_ngetdents(unsigned int fd, void * dirent,
1824 if (!file) 1806 if (!file)
1825 goto out; 1807 goto out;
1826 1808
1827 buf.current_dir = (struct irix_dirent32 *) dirent; 1809 buf.current_dir = (struct irix_dirent32 __user *) dirent;
1828 buf.previous = NULL; 1810 buf.previous = NULL;
1829 buf.count = count; 1811 buf.count = count;
1830 buf.error = 0; 1812 buf.error = 0;
@@ -1864,8 +1846,8 @@ struct irix_dirent64 {
1864}; 1846};
1865 1847
1866struct irix_dirent64_callback { 1848struct irix_dirent64_callback {
1867 struct irix_dirent64 *curr; 1849 struct irix_dirent64 __user *curr;
1868 struct irix_dirent64 *previous; 1850 struct irix_dirent64 __user *previous;
1869 int count; 1851 int count;
1870 int error; 1852 int error;
1871}; 1853};
@@ -1873,37 +1855,44 @@ struct irix_dirent64_callback {
1873#define NAME_OFFSET64(de) ((int) ((de)->d_name - (char *) (de))) 1855#define NAME_OFFSET64(de) ((int) ((de)->d_name - (char *) (de)))
1874#define ROUND_UP64(x) (((x)+sizeof(u64)-1) & ~(sizeof(u64)-1)) 1856#define ROUND_UP64(x) (((x)+sizeof(u64)-1) & ~(sizeof(u64)-1))
1875 1857
1876static int irix_filldir64(void * __buf, const char * name, int namlen, 1858static int irix_filldir64(void *__buf, const char *name,
1877 loff_t offset, ino_t ino, unsigned int d_type) 1859 int namlen, loff_t offset, ino_t ino, unsigned int d_type)
1878{ 1860{
1879 struct irix_dirent64 *dirent; 1861 struct irix_dirent64 __user *dirent;
1880 struct irix_dirent64_callback * buf = 1862 struct irix_dirent64_callback * buf = __buf;
1881 (struct irix_dirent64_callback *) __buf;
1882 unsigned short reclen = ROUND_UP64(NAME_OFFSET64(dirent) + namlen + 1); 1863 unsigned short reclen = ROUND_UP64(NAME_OFFSET64(dirent) + namlen + 1);
1864 int err = 0;
1883 1865
1884 buf->error = -EINVAL; /* only used if we fail.. */ 1866 if (!access_ok(VERIFY_WRITE, buf, sizeof(*buf)))
1867 return -EFAULT;
1868
1869 if (__put_user(-EINVAL, &buf->error)) /* only used if we fail.. */
1870 return -EFAULT;
1885 if (reclen > buf->count) 1871 if (reclen > buf->count)
1886 return -EINVAL; 1872 return -EINVAL;
1887 dirent = buf->previous; 1873 dirent = buf->previous;
1888 if (dirent) 1874 if (dirent)
1889 __put_user(offset, &dirent->d_off); 1875 err = __put_user(offset, &dirent->d_off);
1890 dirent = buf->curr; 1876 dirent = buf->curr;
1891 buf->previous = dirent; 1877 buf->previous = dirent;
1892 __put_user(ino, &dirent->d_ino); 1878 err |= __put_user(ino, &dirent->d_ino);
1893 __put_user(reclen, &dirent->d_reclen); 1879 err |= __put_user(reclen, &dirent->d_reclen);
1894 __copy_to_user(dirent->d_name, name, namlen); 1880 err |= __copy_to_user((char __user *)dirent->d_name, name, namlen)
1895 __put_user(0, &dirent->d_name[namlen]); 1881 ? -EFAULT : 0;
1896 ((char *) dirent) += reclen; 1882 err |= __put_user(0, &dirent->d_name[namlen]);
1883
1884 dirent = (struct irix_dirent64 __user *) ((char __user *) dirent + reclen);
1885
1897 buf->curr = dirent; 1886 buf->curr = dirent;
1898 buf->count -= reclen; 1887 buf->count -= reclen;
1899 1888
1900 return 0; 1889 return err;
1901} 1890}
1902 1891
1903asmlinkage int irix_getdents64(int fd, void *dirent, int cnt) 1892asmlinkage int irix_getdents64(int fd, void __user *dirent, int cnt)
1904{ 1893{
1905 struct file *file; 1894 struct file *file;
1906 struct irix_dirent64 *lastdirent; 1895 struct irix_dirent64 __user *lastdirent;
1907 struct irix_dirent64_callback buf; 1896 struct irix_dirent64_callback buf;
1908 int error; 1897 int error;
1909 1898
@@ -1923,7 +1912,7 @@ asmlinkage int irix_getdents64(int fd, void *dirent, int cnt)
1923 if (cnt < (sizeof(struct irix_dirent64) + 255)) 1912 if (cnt < (sizeof(struct irix_dirent64) + 255))
1924 goto out_f; 1913 goto out_f;
1925 1914
1926 buf.curr = (struct irix_dirent64 *) dirent; 1915 buf.curr = (struct irix_dirent64 __user *) dirent;
1927 buf.previous = NULL; 1916 buf.previous = NULL;
1928 buf.count = cnt; 1917 buf.count = cnt;
1929 buf.error = 0; 1918 buf.error = 0;
@@ -1935,7 +1924,8 @@ asmlinkage int irix_getdents64(int fd, void *dirent, int cnt)
1935 error = buf.error; 1924 error = buf.error;
1936 goto out_f; 1925 goto out_f;
1937 } 1926 }
1938 lastdirent->d_off = (u64) file->f_pos; 1927 if (put_user(file->f_pos, &lastdirent->d_off))
1928 return -EFAULT;
1939#ifdef DEBUG_GETDENTS 1929#ifdef DEBUG_GETDENTS
1940 printk("returning %d\n", cnt - buf.count); 1930 printk("returning %d\n", cnt - buf.count);
1941#endif 1931#endif
@@ -1947,10 +1937,10 @@ out:
1947 return error; 1937 return error;
1948} 1938}
1949 1939
1950asmlinkage int irix_ngetdents64(int fd, void *dirent, int cnt, int *eob) 1940asmlinkage int irix_ngetdents64(int fd, void __user *dirent, int cnt, int *eob)
1951{ 1941{
1952 struct file *file; 1942 struct file *file;
1953 struct irix_dirent64 *lastdirent; 1943 struct irix_dirent64 __user *lastdirent;
1954 struct irix_dirent64_callback buf; 1944 struct irix_dirent64_callback buf;
1955 int error; 1945 int error;
1956 1946
@@ -1972,7 +1962,7 @@ asmlinkage int irix_ngetdents64(int fd, void *dirent, int cnt, int *eob)
1972 goto out_f; 1962 goto out_f;
1973 1963
1974 *eob = 0; 1964 *eob = 0;
1975 buf.curr = (struct irix_dirent64 *) dirent; 1965 buf.curr = (struct irix_dirent64 __user *) dirent;
1976 buf.previous = NULL; 1966 buf.previous = NULL;
1977 buf.count = cnt; 1967 buf.count = cnt;
1978 buf.error = 0; 1968 buf.error = 0;
@@ -1984,7 +1974,8 @@ asmlinkage int irix_ngetdents64(int fd, void *dirent, int cnt, int *eob)
1984 error = buf.error; 1974 error = buf.error;
1985 goto out_f; 1975 goto out_f;
1986 } 1976 }
1987 lastdirent->d_off = (u64) file->f_pos; 1977 if (put_user(file->f_pos, &lastdirent->d_off))
1978 return -EFAULT;
1988#ifdef DEBUG_GETDENTS 1979#ifdef DEBUG_GETDENTS
1989 printk("eob=%d returning %d\n", *eob, cnt - buf.count); 1980 printk("eob=%d returning %d\n", *eob, cnt - buf.count);
1990#endif 1981#endif
@@ -2047,14 +2038,14 @@ out:
2047 return retval; 2038 return retval;
2048} 2039}
2049 2040
2050asmlinkage int irix_utssys(char *inbuf, int arg, int type, char *outbuf) 2041asmlinkage int irix_utssys(char __user *inbuf, int arg, int type, char __user *outbuf)
2051{ 2042{
2052 int retval; 2043 int retval;
2053 2044
2054 switch(type) { 2045 switch(type) {
2055 case 0: 2046 case 0:
2056 /* uname() */ 2047 /* uname() */
2057 retval = irix_uname((struct iuname *)inbuf); 2048 retval = irix_uname((struct iuname __user *)inbuf);
2058 goto out; 2049 goto out;
2059 2050
2060 case 2: 2051 case 2:
diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c
index d06db5f8115f..f9a6a5665559 100644
--- a/arch/mips/kernel/traps.c
+++ b/arch/mips/kernel/traps.c
@@ -339,9 +339,9 @@ asmlinkage void do_be(struct pt_regs *regs)
339 339
340static inline int get_insn_opcode(struct pt_regs *regs, unsigned int *opcode) 340static inline int get_insn_opcode(struct pt_regs *regs, unsigned int *opcode)
341{ 341{
342 unsigned int *epc; 342 unsigned int __user *epc;
343 343
344 epc = (unsigned int *) regs->cp0_epc + 344 epc = (unsigned int __user *) regs->cp0_epc +
345 ((regs->cp0_cause & CAUSEF_BD) != 0); 345 ((regs->cp0_cause & CAUSEF_BD) != 0);
346 if (!get_user(*opcode, epc)) 346 if (!get_user(*opcode, epc))
347 return 0; 347 return 0;
@@ -371,7 +371,7 @@ static struct task_struct *ll_task = NULL;
371 371
372static inline void simulate_ll(struct pt_regs *regs, unsigned int opcode) 372static inline void simulate_ll(struct pt_regs *regs, unsigned int opcode)
373{ 373{
374 unsigned long value, *vaddr; 374 unsigned long value, __user *vaddr;
375 long offset; 375 long offset;
376 int signal = 0; 376 int signal = 0;
377 377
@@ -385,7 +385,8 @@ static inline void simulate_ll(struct pt_regs *regs, unsigned int opcode)
385 offset <<= 16; 385 offset <<= 16;
386 offset >>= 16; 386 offset >>= 16;
387 387
388 vaddr = (unsigned long *)((long)(regs->regs[(opcode & BASE) >> 21]) + offset); 388 vaddr = (unsigned long __user *)
389 ((unsigned long)(regs->regs[(opcode & BASE) >> 21]) + offset);
389 390
390 if ((unsigned long)vaddr & 3) { 391 if ((unsigned long)vaddr & 3) {
391 signal = SIGBUS; 392 signal = SIGBUS;
@@ -418,7 +419,8 @@ sig:
418 419
419static inline void simulate_sc(struct pt_regs *regs, unsigned int opcode) 420static inline void simulate_sc(struct pt_regs *regs, unsigned int opcode)
420{ 421{
421 unsigned long *vaddr, reg; 422 unsigned long __user *vaddr;
423 unsigned long reg;
422 long offset; 424 long offset;
423 int signal = 0; 425 int signal = 0;
424 426
@@ -432,7 +434,8 @@ static inline void simulate_sc(struct pt_regs *regs, unsigned int opcode)
432 offset <<= 16; 434 offset <<= 16;
433 offset >>= 16; 435 offset >>= 16;
434 436
435 vaddr = (unsigned long *)((long)(regs->regs[(opcode & BASE) >> 21]) + offset); 437 vaddr = (unsigned long __user *)
438 ((unsigned long)(regs->regs[(opcode & BASE) >> 21]) + offset);
436 reg = (opcode & RT) >> 16; 439 reg = (opcode & RT) >> 16;
437 440
438 if ((unsigned long)vaddr & 3) { 441 if ((unsigned long)vaddr & 3) {
@@ -498,7 +501,7 @@ asmlinkage void do_ov(struct pt_regs *regs)
498 info.si_code = FPE_INTOVF; 501 info.si_code = FPE_INTOVF;
499 info.si_signo = SIGFPE; 502 info.si_signo = SIGFPE;
500 info.si_errno = 0; 503 info.si_errno = 0;
501 info.si_addr = (void *)regs->cp0_epc; 504 info.si_addr = (void __user *) regs->cp0_epc;
502 force_sig_info(SIGFPE, &info, current); 505 force_sig_info(SIGFPE, &info, current);
503} 506}
504 507
@@ -584,7 +587,7 @@ asmlinkage void do_bp(struct pt_regs *regs)
584 info.si_code = FPE_INTOVF; 587 info.si_code = FPE_INTOVF;
585 info.si_signo = SIGFPE; 588 info.si_signo = SIGFPE;
586 info.si_errno = 0; 589 info.si_errno = 0;
587 info.si_addr = (void *)regs->cp0_epc; 590 info.si_addr = (void __user *) regs->cp0_epc;
588 force_sig_info(SIGFPE, &info, current); 591 force_sig_info(SIGFPE, &info, current);
589 break; 592 break;
590 default: 593 default:
@@ -621,7 +624,7 @@ asmlinkage void do_tr(struct pt_regs *regs)
621 info.si_code = FPE_INTOVF; 624 info.si_code = FPE_INTOVF;
622 info.si_signo = SIGFPE; 625 info.si_signo = SIGFPE;
623 info.si_errno = 0; 626 info.si_errno = 0;
624 info.si_addr = (void *)regs->cp0_epc; 627 info.si_addr = (void __user *) regs->cp0_epc;
625 force_sig_info(SIGFPE, &info, current); 628 force_sig_info(SIGFPE, &info, current);
626 break; 629 break;
627 default: 630 default:
diff --git a/arch/mips/kernel/unaligned.c b/arch/mips/kernel/unaligned.c
index 36c5212e0928..5b5a3736cbbc 100644
--- a/arch/mips/kernel/unaligned.c
+++ b/arch/mips/kernel/unaligned.c
@@ -94,7 +94,7 @@ unsigned long unaligned_instructions;
94#endif 94#endif
95 95
96static inline int emulate_load_store_insn(struct pt_regs *regs, 96static inline int emulate_load_store_insn(struct pt_regs *regs,
97 void *addr, unsigned long pc, 97 void __user *addr, unsigned int __user *pc,
98 unsigned long **regptr, unsigned long *newvalue) 98 unsigned long **regptr, unsigned long *newvalue)
99{ 99{
100 union mips_instruction insn; 100 union mips_instruction insn;
@@ -107,7 +107,7 @@ static inline int emulate_load_store_insn(struct pt_regs *regs,
107 /* 107 /*
108 * This load never faults. 108 * This load never faults.
109 */ 109 */
110 __get_user(insn.word, (unsigned int *)pc); 110 __get_user(insn.word, pc);
111 111
112 switch (insn.i_format.opcode) { 112 switch (insn.i_format.opcode) {
113 /* 113 /*
@@ -494,8 +494,8 @@ asmlinkage void do_ade(struct pt_regs *regs)
494{ 494{
495 unsigned long *regptr, newval; 495 unsigned long *regptr, newval;
496 extern int do_dsemulret(struct pt_regs *); 496 extern int do_dsemulret(struct pt_regs *);
497 unsigned int __user *pc;
497 mm_segment_t seg; 498 mm_segment_t seg;
498 unsigned long pc;
499 499
500 /* 500 /*
501 * Address errors may be deliberately induced by the FPU emulator to 501 * Address errors may be deliberately induced by the FPU emulator to
@@ -515,7 +515,7 @@ asmlinkage void do_ade(struct pt_regs *regs)
515 if ((regs->cp0_badvaddr == regs->cp0_epc) || (regs->cp0_epc & 0x1)) 515 if ((regs->cp0_badvaddr == regs->cp0_epc) || (regs->cp0_epc & 0x1))
516 goto sigbus; 516 goto sigbus;
517 517
518 pc = exception_epc(regs); 518 pc = (unsigned int __user *) exception_epc(regs);
519 if ((current->thread.mflags & MF_FIXADE) == 0) 519 if ((current->thread.mflags & MF_FIXADE) == 0)
520 goto sigbus; 520 goto sigbus;
521 521
@@ -526,7 +526,7 @@ asmlinkage void do_ade(struct pt_regs *regs)
526 seg = get_fs(); 526 seg = get_fs();
527 if (!user_mode(regs)) 527 if (!user_mode(regs))
528 set_fs(KERNEL_DS); 528 set_fs(KERNEL_DS);
529 if (!emulate_load_store_insn(regs, (void *)regs->cp0_badvaddr, pc, 529 if (!emulate_load_store_insn(regs, (void __user *)regs->cp0_badvaddr, pc,
530 &regptr, &newval)) { 530 &regptr, &newval)) {
531 compute_return_epc(regs); 531 compute_return_epc(regs);
532 /* 532 /*