[PATCH] sparse: econet annotation

econet partially annotated. It's still badly broken - it mixes userland and kernel chunks in the same iovec, then does set_fs(KERNEL_FS) and sends that to sock_sendmsg(). Do we still want to support that protocol family, anyway?

[PATCH] sparse: econet annotation
econet partially annotated. It's still badly broken - it mixes userland and kernel chunks in the same iovec, then does set_fs(KERNEL_FS) and sends that to sock_sendmsg(). Do we still want to support that protocol family, anyway?
1cc2d4bd · Alexander Viro · Linus Torvalds · 45e836f6 · 1cc2d4bd
Commit 1cc2d4bd authored Jun 03, 2004 by Alexander Viro Committed by Linus Torvalds Jun 03, 2004
Show whitespace changes
Inline Side-by-side

Showing with 14 additions and 5 deletions

net/econet/af_econet.c net/econet/af_econet.c +14 -5

No files found.
--- a/net/econet/af_econet.c
+++ b/net/econet/af_econet.c
@@ -418,10 +418,18 @@ static int econet_sendmsg(struct kiocb *iocb, struct socket *sock,
 	/* tack our header on the front of the iovec */
 	size = sizeof(struct aunhdr);
+	/*
+	 * XXX: that is b0rken.  We can't mix userland and kernel pointers
+	 * in iovec, since on a lot of platforms copy_from_user() will
+	 * *not* work with the kernel and userland ones at the same time,
+	 * regardless of what we do with set_fs().  And we are talking about
+	 * econet-over-ethernet here, so "it's only ARM anyway" doesn't
+	 * apply.  Any suggestions on fixing that code?		-- AV
+	 */
 	iov[0].iov_base = (void *)&ah;
 	iov[0].iov_len = size;
 	for (i = 0; i < msg->msg_iovlen; i++) {
-		void *base = msg->msg_iov[i].iov_base;
+		void __user *base = msg->msg_iov[i].iov_base;
 		size_t len = msg->msg_iov[i].iov_len;
 		/* Check it now since we switch to KERNEL_DS later. */
 		if ((err = verify_area(VERIFY_READ, base, len)) < 0)
@@ -589,7 +597,7 @@ static int econet_create(struct socket *sock, int protocol)
 *	Handle Econet specific ioctls
 */
-static int ec_dev_ioctl(struct socket *sock, unsigned int cmd, void *arg)
+static int ec_dev_ioctl(struct socket *sock, unsigned int cmd, void __user *arg)
 {
 	struct ifreq ifr;
 	struct ec_device *edev;
@@ -662,18 +670,19 @@ static int ec_dev_ioctl(struct socket *sock, unsigned int cmd, void *arg)
 static int econet_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
 {
 	struct sock *sk = sock->sk;
+	void __user *argp = (void __user *)arg;
 	switch(cmd) {
 		case SIOCGSTAMP:
-			return sock_get_timestamp(sk,(struct timeval __user *)arg);
+			return sock_get_timestamp(sk, argp);
 		case SIOCSIFADDR:
 		case SIOCGIFADDR:
-			return ec_dev_ioctl(sock, cmd, (void *)arg);
+			return ec_dev_ioctl(sock, cmd, argp);
 			break;
 		default:
-			return dev_ioctl(cmd,(void __user *) arg);
+			return dev_ioctl(cmd, argp);
 	}
 	/*NOTREACHED*/
 	return 0;