aboutsummaryrefslogtreecommitdiffstats
path: root/fs/compat_ioctl.c
diff options
context:
space:
mode:
Diffstat (limited to 'fs/compat_ioctl.c')
-rw-r--r--fs/compat_ioctl.c33
1 files changed, 20 insertions, 13 deletions
diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c
index a91f2628c981..6e3177685556 100644
--- a/fs/compat_ioctl.c
+++ b/fs/compat_ioctl.c
@@ -211,8 +211,10 @@ static int do_video_stillpicture(unsigned int fd, unsigned int cmd, unsigned lon
211 up_native = 211 up_native =
212 compat_alloc_user_space(sizeof(struct video_still_picture)); 212 compat_alloc_user_space(sizeof(struct video_still_picture));
213 213
214 put_user(compat_ptr(fp), &up_native->iFrame); 214 err = put_user(compat_ptr(fp), &up_native->iFrame);
215 put_user(size, &up_native->size); 215 err |= put_user(size, &up_native->size);
216 if (err)
217 return -EFAULT;
216 218
217 err = sys_ioctl(fd, cmd, (unsigned long) up_native); 219 err = sys_ioctl(fd, cmd, (unsigned long) up_native);
218 220
@@ -236,8 +238,10 @@ static int do_video_set_spu_palette(unsigned int fd, unsigned int cmd, unsigned
236 err |= get_user(length, &up->length); 238 err |= get_user(length, &up->length);
237 239
238 up_native = compat_alloc_user_space(sizeof(struct video_spu_palette)); 240 up_native = compat_alloc_user_space(sizeof(struct video_spu_palette));
239 put_user(compat_ptr(palp), &up_native->palette); 241 err = put_user(compat_ptr(palp), &up_native->palette);
240 put_user(length, &up_native->length); 242 err |= put_user(length, &up_native->length);
243 if (err)
244 return -EFAULT;
241 245
242 err = sys_ioctl(fd, cmd, (unsigned long) up_native); 246 err = sys_ioctl(fd, cmd, (unsigned long) up_native);
243 247
@@ -2043,16 +2047,19 @@ static int serial_struct_ioctl(unsigned fd, unsigned cmd, unsigned long arg)
2043 struct serial_struct ss; 2047 struct serial_struct ss;
2044 mm_segment_t oldseg = get_fs(); 2048 mm_segment_t oldseg = get_fs();
2045 __u32 udata; 2049 __u32 udata;
2050 unsigned int base;
2046 2051
2047 if (cmd == TIOCSSERIAL) { 2052 if (cmd == TIOCSSERIAL) {
2048 if (!access_ok(VERIFY_READ, ss32, sizeof(SS32))) 2053 if (!access_ok(VERIFY_READ, ss32, sizeof(SS32)))
2049 return -EFAULT; 2054 return -EFAULT;
2050 if (__copy_from_user(&ss, ss32, offsetof(SS32, iomem_base))) 2055 if (__copy_from_user(&ss, ss32, offsetof(SS32, iomem_base)))
2051 return -EFAULT; 2056 return -EFAULT;
2052 __get_user(udata, &ss32->iomem_base); 2057 if (__get_user(udata, &ss32->iomem_base))
2058 return -EFAULT;
2053 ss.iomem_base = compat_ptr(udata); 2059 ss.iomem_base = compat_ptr(udata);
2054 __get_user(ss.iomem_reg_shift, &ss32->iomem_reg_shift); 2060 if (__get_user(ss.iomem_reg_shift, &ss32->iomem_reg_shift) ||
2055 __get_user(ss.port_high, &ss32->port_high); 2061 __get_user(ss.port_high, &ss32->port_high))
2062 return -EFAULT;
2056 ss.iomap_base = 0UL; 2063 ss.iomap_base = 0UL;
2057 } 2064 }
2058 set_fs(KERNEL_DS); 2065 set_fs(KERNEL_DS);
@@ -2063,12 +2070,12 @@ static int serial_struct_ioctl(unsigned fd, unsigned cmd, unsigned long arg)
2063 return -EFAULT; 2070 return -EFAULT;
2064 if (__copy_to_user(ss32,&ss,offsetof(SS32,iomem_base))) 2071 if (__copy_to_user(ss32,&ss,offsetof(SS32,iomem_base)))
2065 return -EFAULT; 2072 return -EFAULT;
2066 __put_user((unsigned long)ss.iomem_base >> 32 ? 2073 base = (unsigned long)ss.iomem_base >> 32 ?
2067 0xffffffff : (unsigned)(unsigned long)ss.iomem_base, 2074 0xffffffff : (unsigned)(unsigned long)ss.iomem_base;
2068 &ss32->iomem_base); 2075 if (__put_user(base, &ss32->iomem_base) ||
2069 __put_user(ss.iomem_reg_shift, &ss32->iomem_reg_shift); 2076 __put_user(ss.iomem_reg_shift, &ss32->iomem_reg_shift) ||
2070 __put_user(ss.port_high, &ss32->port_high); 2077 __put_user(ss.port_high, &ss32->port_high))
2071 2078 return -EFAULT;
2072 } 2079 }
2073 return err; 2080 return err;
2074} 2081}