diff options
Diffstat (limited to 'fs/dlm/user.c')
| -rw-r--r-- | fs/dlm/user.c | 29 |
1 files changed, 12 insertions, 17 deletions
diff --git a/fs/dlm/user.c b/fs/dlm/user.c index 7cbc6826239b..ebbcf38fd33b 100644 --- a/fs/dlm/user.c +++ b/fs/dlm/user.c | |||
| @@ -82,7 +82,7 @@ struct dlm_lock_result32 { | |||
| 82 | 82 | ||
| 83 | static void compat_input(struct dlm_write_request *kb, | 83 | static void compat_input(struct dlm_write_request *kb, |
| 84 | struct dlm_write_request32 *kb32, | 84 | struct dlm_write_request32 *kb32, |
| 85 | int max_namelen) | 85 | size_t count) |
| 86 | { | 86 | { |
| 87 | kb->version[0] = kb32->version[0]; | 87 | kb->version[0] = kb32->version[0]; |
| 88 | kb->version[1] = kb32->version[1]; | 88 | kb->version[1] = kb32->version[1]; |
| @@ -94,7 +94,8 @@ static void compat_input(struct dlm_write_request *kb, | |||
| 94 | kb->cmd == DLM_USER_REMOVE_LOCKSPACE) { | 94 | kb->cmd == DLM_USER_REMOVE_LOCKSPACE) { |
| 95 | kb->i.lspace.flags = kb32->i.lspace.flags; | 95 | kb->i.lspace.flags = kb32->i.lspace.flags; |
| 96 | kb->i.lspace.minor = kb32->i.lspace.minor; | 96 | kb->i.lspace.minor = kb32->i.lspace.minor; |
| 97 | strcpy(kb->i.lspace.name, kb32->i.lspace.name); | 97 | memcpy(kb->i.lspace.name, kb32->i.lspace.name, count - |
| 98 | offsetof(struct dlm_write_request32, i.lspace.name)); | ||
| 98 | } else if (kb->cmd == DLM_USER_PURGE) { | 99 | } else if (kb->cmd == DLM_USER_PURGE) { |
| 99 | kb->i.purge.nodeid = kb32->i.purge.nodeid; | 100 | kb->i.purge.nodeid = kb32->i.purge.nodeid; |
| 100 | kb->i.purge.pid = kb32->i.purge.pid; | 101 | kb->i.purge.pid = kb32->i.purge.pid; |
| @@ -112,11 +113,8 @@ static void compat_input(struct dlm_write_request *kb, | |||
| 112 | kb->i.lock.bastaddr = (void *)(long)kb32->i.lock.bastaddr; | 113 | kb->i.lock.bastaddr = (void *)(long)kb32->i.lock.bastaddr; |
| 113 | kb->i.lock.lksb = (void *)(long)kb32->i.lock.lksb; | 114 | kb->i.lock.lksb = (void *)(long)kb32->i.lock.lksb; |
| 114 | memcpy(kb->i.lock.lvb, kb32->i.lock.lvb, DLM_USER_LVB_LEN); | 115 | memcpy(kb->i.lock.lvb, kb32->i.lock.lvb, DLM_USER_LVB_LEN); |
| 115 | if (kb->i.lock.namelen <= max_namelen) | 116 | memcpy(kb->i.lock.name, kb32->i.lock.name, count - |
| 116 | memcpy(kb->i.lock.name, kb32->i.lock.name, | 117 | offsetof(struct dlm_write_request32, i.lock.name)); |
| 117 | kb->i.lock.namelen); | ||
| 118 | else | ||
| 119 | kb->i.lock.namelen = max_namelen; | ||
| 120 | } | 118 | } |
| 121 | } | 119 | } |
| 122 | 120 | ||
| @@ -197,8 +195,8 @@ void dlm_user_add_ast(struct dlm_lkb *lkb, int type) | |||
| 197 | if (lkb->lkb_flags & (DLM_IFL_ORPHAN | DLM_IFL_DEAD)) | 195 | if (lkb->lkb_flags & (DLM_IFL_ORPHAN | DLM_IFL_DEAD)) |
| 198 | goto out; | 196 | goto out; |
| 199 | 197 | ||
| 200 | DLM_ASSERT(lkb->lkb_astparam, dlm_print_lkb(lkb);); | 198 | DLM_ASSERT(lkb->lkb_ua, dlm_print_lkb(lkb);); |
| 201 | ua = (struct dlm_user_args *)lkb->lkb_astparam; | 199 | ua = lkb->lkb_ua; |
| 202 | proc = ua->proc; | 200 | proc = ua->proc; |
| 203 | 201 | ||
| 204 | if (type == AST_BAST && ua->bastaddr == NULL) | 202 | if (type == AST_BAST && ua->bastaddr == NULL) |
| @@ -508,7 +506,7 @@ static ssize_t device_write(struct file *file, const char __user *buf, | |||
| 508 | #endif | 506 | #endif |
| 509 | return -EINVAL; | 507 | return -EINVAL; |
| 510 | 508 | ||
| 511 | kbuf = kmalloc(count, GFP_KERNEL); | 509 | kbuf = kzalloc(count + 1, GFP_KERNEL); |
| 512 | if (!kbuf) | 510 | if (!kbuf) |
| 513 | return -ENOMEM; | 511 | return -ENOMEM; |
| 514 | 512 | ||
| @@ -526,15 +524,14 @@ static ssize_t device_write(struct file *file, const char __user *buf, | |||
| 526 | if (!kbuf->is64bit) { | 524 | if (!kbuf->is64bit) { |
| 527 | struct dlm_write_request32 *k32buf; | 525 | struct dlm_write_request32 *k32buf; |
| 528 | k32buf = (struct dlm_write_request32 *)kbuf; | 526 | k32buf = (struct dlm_write_request32 *)kbuf; |
| 529 | kbuf = kmalloc(count + (sizeof(struct dlm_write_request) - | 527 | kbuf = kmalloc(count + 1 + (sizeof(struct dlm_write_request) - |
| 530 | sizeof(struct dlm_write_request32)), GFP_KERNEL); | 528 | sizeof(struct dlm_write_request32)), GFP_KERNEL); |
| 531 | if (!kbuf) | 529 | if (!kbuf) |
| 532 | return -ENOMEM; | 530 | return -ENOMEM; |
| 533 | 531 | ||
| 534 | if (proc) | 532 | if (proc) |
| 535 | set_bit(DLM_PROC_FLAGS_COMPAT, &proc->flags); | 533 | set_bit(DLM_PROC_FLAGS_COMPAT, &proc->flags); |
| 536 | compat_input(kbuf, k32buf, | 534 | compat_input(kbuf, k32buf, count + 1); |
| 537 | count - sizeof(struct dlm_write_request32)); | ||
| 538 | kfree(k32buf); | 535 | kfree(k32buf); |
| 539 | } | 536 | } |
| 540 | #endif | 537 | #endif |
| @@ -774,7 +771,6 @@ static ssize_t device_read(struct file *file, char __user *buf, size_t count, | |||
| 774 | { | 771 | { |
| 775 | struct dlm_user_proc *proc = file->private_data; | 772 | struct dlm_user_proc *proc = file->private_data; |
| 776 | struct dlm_lkb *lkb; | 773 | struct dlm_lkb *lkb; |
| 777 | struct dlm_user_args *ua; | ||
| 778 | DECLARE_WAITQUEUE(wait, current); | 774 | DECLARE_WAITQUEUE(wait, current); |
| 779 | int error, type=0, bmode=0, removed = 0; | 775 | int error, type=0, bmode=0, removed = 0; |
| 780 | 776 | ||
| @@ -845,8 +841,7 @@ static ssize_t device_read(struct file *file, char __user *buf, size_t count, | |||
| 845 | } | 841 | } |
| 846 | spin_unlock(&proc->asts_spin); | 842 | spin_unlock(&proc->asts_spin); |
| 847 | 843 | ||
| 848 | ua = (struct dlm_user_args *)lkb->lkb_astparam; | 844 | error = copy_result_to_user(lkb->lkb_ua, |
| 849 | error = copy_result_to_user(ua, | ||
| 850 | test_bit(DLM_PROC_FLAGS_COMPAT, &proc->flags), | 845 | test_bit(DLM_PROC_FLAGS_COMPAT, &proc->flags), |
| 851 | type, bmode, buf, count); | 846 | type, bmode, buf, count); |
| 852 | 847 | ||
| @@ -907,7 +902,7 @@ static struct miscdevice ctl_device = { | |||
| 907 | .minor = MISC_DYNAMIC_MINOR, | 902 | .minor = MISC_DYNAMIC_MINOR, |
| 908 | }; | 903 | }; |
| 909 | 904 | ||
| 910 | int dlm_user_init(void) | 905 | int __init dlm_user_init(void) |
| 911 | { | 906 | { |
| 912 | int error; | 907 | int error; |
| 913 | 908 | ||