Commit d1052aa5 authored by Wim de With's avatar Wim de With Committed by Greg Kroah-Hartman

staging: gdm72xx: add userspace data struct

This fixes the sparse warnings about dereferencing a userspace pointer.

Once I updated the sparse annotations, I noticed a bug in
gdm_wimax_ioctl() where we pass a user space pointer to gdm_update_fsm()
which dereferences it. I fixed this.
Signed-off-by: default avatarWim de With <nauxuron@wimdewith.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 2bc29a1a
...@@ -363,7 +363,7 @@ static void kdelete(void **buf) ...@@ -363,7 +363,7 @@ static void kdelete(void **buf)
} }
} }
static int gdm_wimax_ioctl_get_data(struct data_s *dst, struct data_s *src) static int gdm_wimax_ioctl_get_data(struct udata_s *dst, struct data_s *src)
{ {
int size; int size;
...@@ -379,7 +379,7 @@ static int gdm_wimax_ioctl_get_data(struct data_s *dst, struct data_s *src) ...@@ -379,7 +379,7 @@ static int gdm_wimax_ioctl_get_data(struct data_s *dst, struct data_s *src)
return 0; return 0;
} }
static int gdm_wimax_ioctl_set_data(struct data_s *dst, struct data_s *src) static int gdm_wimax_ioctl_set_data(struct data_s *dst, struct udata_s *src)
{ {
if (!src->size) { if (!src->size) {
dst->size = 0; dst->size = 0;
...@@ -455,6 +455,7 @@ static int gdm_wimax_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) ...@@ -455,6 +455,7 @@ static int gdm_wimax_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
struct wm_req_s *req = (struct wm_req_s *)ifr; struct wm_req_s *req = (struct wm_req_s *)ifr;
struct nic *nic = netdev_priv(dev); struct nic *nic = netdev_priv(dev);
int ret; int ret;
struct fsm_s fsm_buf;
if (cmd != SIOCWMIOCTL) if (cmd != SIOCWMIOCTL)
return -EOPNOTSUPP; return -EOPNOTSUPP;
...@@ -477,8 +478,11 @@ static int gdm_wimax_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) ...@@ -477,8 +478,11 @@ static int gdm_wimax_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
/* NOTE: gdm_update_fsm should be called /* NOTE: gdm_update_fsm should be called
* before gdm_wimax_ioctl_set_data is called. * before gdm_wimax_ioctl_set_data is called.
*/ */
gdm_update_fsm(dev, if (copy_from_user(&fsm_buf, req->data.buf,
req->data.buf); sizeof(struct fsm_s)))
return -EFAULT;
gdm_update_fsm(dev, &fsm_buf);
} }
ret = gdm_wimax_ioctl_set_data( ret = gdm_wimax_ioctl_set_data(
&nic->sdk_data[req->data_id], &req->data); &nic->sdk_data[req->data_id], &req->data);
......
...@@ -78,13 +78,18 @@ struct data_s { ...@@ -78,13 +78,18 @@ struct data_s {
void *buf; void *buf;
}; };
struct udata_s {
int size;
void __user *buf;
};
struct wm_req_s { struct wm_req_s {
union { union {
char ifrn_name[IFNAMSIZ]; char ifrn_name[IFNAMSIZ];
} ifr_ifrn; } ifr_ifrn;
unsigned short cmd; unsigned short cmd;
unsigned short data_id; unsigned short data_id;
struct data_s data; struct udata_s data;
/* NOTE: sizeof(struct wm_req_s) must be less than sizeof(struct ifreq). */ /* NOTE: sizeof(struct wm_req_s) must be less than sizeof(struct ifreq). */
}; };
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment