aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/sbus/char/jsflash.c
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/sbus/char/jsflash.c')
-rw-r--r--drivers/sbus/char/jsflash.c19
1 files changed, 10 insertions, 9 deletions
diff --git a/drivers/sbus/char/jsflash.c b/drivers/sbus/char/jsflash.c
index c12c5046e2fa..14631ac11bc7 100644
--- a/drivers/sbus/char/jsflash.c
+++ b/drivers/sbus/char/jsflash.c
@@ -249,11 +249,11 @@ static loff_t jsf_lseek(struct file * file, loff_t offset, int orig)
249/* 249/*
250 * OS SIMM Cannot be read in other size but a 32bits word. 250 * OS SIMM Cannot be read in other size but a 32bits word.
251 */ 251 */
252static ssize_t jsf_read(struct file * file, char * buf, 252static ssize_t jsf_read(struct file * file, char __user * buf,
253 size_t togo, loff_t *ppos) 253 size_t togo, loff_t *ppos)
254{ 254{
255 unsigned long p = *ppos; 255 unsigned long p = *ppos;
256 char *tmp = buf; 256 char __user *tmp = buf;
257 257
258 union byte4 { 258 union byte4 {
259 char s[4]; 259 char s[4];
@@ -305,7 +305,7 @@ static ssize_t jsf_read(struct file * file, char * buf,
305 return tmp-buf; 305 return tmp-buf;
306} 306}
307 307
308static ssize_t jsf_write(struct file * file, const char * buf, 308static ssize_t jsf_write(struct file * file, const char __user * buf,
309 size_t count, loff_t *ppos) 309 size_t count, loff_t *ppos)
310{ 310{
311 return -ENOSPC; 311 return -ENOSPC;
@@ -356,10 +356,10 @@ static int jsf_ioctl_erase(unsigned long arg)
356 * Program a block of flash. 356 * Program a block of flash.
357 * Very simple because we can do it byte by byte anyway. 357 * Very simple because we can do it byte by byte anyway.
358 */ 358 */
359static int jsf_ioctl_program(unsigned long arg) 359static int jsf_ioctl_program(void __user *arg)
360{ 360{
361 struct jsflash_program_arg abuf; 361 struct jsflash_program_arg abuf;
362 char *uptr; 362 char __user *uptr;
363 unsigned long p; 363 unsigned long p;
364 unsigned int togo; 364 unsigned int togo;
365 union { 365 union {
@@ -367,13 +367,13 @@ static int jsf_ioctl_program(unsigned long arg)
367 char s[4]; 367 char s[4];
368 } b; 368 } b;
369 369
370 if (copy_from_user(&abuf, (char *)arg, JSFPRGSZ)) 370 if (copy_from_user(&abuf, arg, JSFPRGSZ))
371 return -EFAULT; 371 return -EFAULT;
372 p = abuf.off; 372 p = abuf.off;
373 togo = abuf.size; 373 togo = abuf.size;
374 if ((togo & 3) || (p & 3)) return -EINVAL; 374 if ((togo & 3) || (p & 3)) return -EINVAL;
375 375
376 uptr = (char *) (unsigned long) abuf.data; 376 uptr = (char __user *) (unsigned long) abuf.data;
377 while (togo != 0) { 377 while (togo != 0) {
378 togo -= 4; 378 togo -= 4;
379 if (copy_from_user(&b.s[0], uptr, 4)) 379 if (copy_from_user(&b.s[0], uptr, 4))
@@ -390,19 +390,20 @@ static int jsf_ioctl(struct inode *inode, struct file *f, unsigned int cmd,
390 unsigned long arg) 390 unsigned long arg)
391{ 391{
392 int error = -ENOTTY; 392 int error = -ENOTTY;
393 void __user *argp = (void __user *)arg;
393 394
394 if (!capable(CAP_SYS_ADMIN)) 395 if (!capable(CAP_SYS_ADMIN))
395 return -EPERM; 396 return -EPERM;
396 switch (cmd) { 397 switch (cmd) {
397 case JSFLASH_IDENT: 398 case JSFLASH_IDENT:
398 if (copy_to_user((void *)arg, &jsf0.id, JSFIDSZ)) 399 if (copy_to_user(argp, &jsf0.id, JSFIDSZ))
399 return -EFAULT; 400 return -EFAULT;
400 break; 401 break;
401 case JSFLASH_ERASE: 402 case JSFLASH_ERASE:
402 error = jsf_ioctl_erase(arg); 403 error = jsf_ioctl_erase(arg);
403 break; 404 break;
404 case JSFLASH_PROGRAM: 405 case JSFLASH_PROGRAM:
405 error = jsf_ioctl_program(arg); 406 error = jsf_ioctl_program(argp);
406 break; 407 break;
407 } 408 }
408 409