diff options
Diffstat (limited to 'ipc/compat.c')
| -rw-r--r-- | ipc/compat.c | 23 |
1 files changed, 7 insertions, 16 deletions
diff --git a/ipc/compat.c b/ipc/compat.c index 4d20cfd38f0a..fa18141539fb 100644 --- a/ipc/compat.c +++ b/ipc/compat.c | |||
| @@ -115,7 +115,6 @@ struct compat_shm_info { | |||
| 115 | 115 | ||
| 116 | extern int sem_ctls[]; | 116 | extern int sem_ctls[]; |
| 117 | #define sc_semopm (sem_ctls[2]) | 117 | #define sc_semopm (sem_ctls[2]) |
| 118 | #define MAXBUF (64*1024) | ||
| 119 | 118 | ||
| 120 | static inline int compat_ipc_parse_version(int *cmd) | 119 | static inline int compat_ipc_parse_version(int *cmd) |
| 121 | { | 120 | { |
| @@ -307,35 +306,30 @@ long compat_sys_semctl(int first, int second, int third, void __user *uptr) | |||
| 307 | 306 | ||
| 308 | long compat_sys_msgsnd(int first, int second, int third, void __user *uptr) | 307 | long compat_sys_msgsnd(int first, int second, int third, void __user *uptr) |
| 309 | { | 308 | { |
| 310 | struct msgbuf __user *p; | ||
| 311 | struct compat_msgbuf __user *up = uptr; | 309 | struct compat_msgbuf __user *up = uptr; |
| 312 | long type; | 310 | long type; |
| 313 | 311 | ||
| 314 | if (first < 0) | 312 | if (first < 0) |
| 315 | return -EINVAL; | 313 | return -EINVAL; |
| 316 | if (second < 0 || (second >= MAXBUF - sizeof(struct msgbuf))) | 314 | if (second < 0) |
| 317 | return -EINVAL; | 315 | return -EINVAL; |
| 318 | 316 | ||
| 319 | p = compat_alloc_user_space(second + sizeof(struct msgbuf)); | 317 | if (get_user(type, &up->mtype)) |
| 320 | if (get_user(type, &up->mtype) || | ||
| 321 | put_user(type, &p->mtype) || | ||
| 322 | copy_in_user(p->mtext, up->mtext, second)) | ||
| 323 | return -EFAULT; | 318 | return -EFAULT; |
| 324 | 319 | ||
| 325 | return sys_msgsnd(first, p, second, third); | 320 | return do_msgsnd(first, type, up->mtext, second, third); |
| 326 | } | 321 | } |
| 327 | 322 | ||
| 328 | long compat_sys_msgrcv(int first, int second, int msgtyp, int third, | 323 | long compat_sys_msgrcv(int first, int second, int msgtyp, int third, |
| 329 | int version, void __user *uptr) | 324 | int version, void __user *uptr) |
| 330 | { | 325 | { |
| 331 | struct msgbuf __user *p; | ||
| 332 | struct compat_msgbuf __user *up; | 326 | struct compat_msgbuf __user *up; |
| 333 | long type; | 327 | long type; |
| 334 | int err; | 328 | int err; |
| 335 | 329 | ||
| 336 | if (first < 0) | 330 | if (first < 0) |
| 337 | return -EINVAL; | 331 | return -EINVAL; |
| 338 | if (second < 0 || (second >= MAXBUF - sizeof(struct msgbuf))) | 332 | if (second < 0) |
| 339 | return -EINVAL; | 333 | return -EINVAL; |
| 340 | 334 | ||
| 341 | if (!version) { | 335 | if (!version) { |
| @@ -349,14 +343,11 @@ long compat_sys_msgrcv(int first, int second, int msgtyp, int third, | |||
| 349 | uptr = compat_ptr(ipck.msgp); | 343 | uptr = compat_ptr(ipck.msgp); |
| 350 | msgtyp = ipck.msgtyp; | 344 | msgtyp = ipck.msgtyp; |
| 351 | } | 345 | } |
| 352 | p = compat_alloc_user_space(second + sizeof(struct msgbuf)); | 346 | up = uptr; |
| 353 | err = sys_msgrcv(first, p, second, msgtyp, third); | 347 | err = do_msgrcv(first, &type, up->mtext, second, msgtyp, third); |
| 354 | if (err < 0) | 348 | if (err < 0) |
| 355 | goto out; | 349 | goto out; |
| 356 | up = uptr; | 350 | if (put_user(type, &up->mtype)) |
| 357 | if (get_user(type, &p->mtype) || | ||
| 358 | put_user(type, &up->mtype) || | ||
| 359 | copy_in_user(up->mtext, p->mtext, err)) | ||
| 360 | err = -EFAULT; | 351 | err = -EFAULT; |
| 361 | out: | 352 | out: |
| 362 | return err; | 353 | return err; |