Skip to content

L
linux
Commit f0e4de5c authored by Al Viro's avatar Al Viro
Browse files
Options

comedi: do_cmdtest_ioctl(): lift copyin/copyout into the caller 

Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent 00035bee
Hide whitespace changes
Inline Side-by-side
Showing with 22 additions and 23 deletions
drivers/staging/comedi/comedi_fops.c
View file @ f0e4de5c
...@@ -1856,49 +1856,39 @@ static int do_cmd_ioctl(struct comedi_device *dev, ...@@ -1856,49 +1856,39 @@ static int do_cmd_ioctl(struct comedi_device *dev,
* possibly modified comedi_cmd structure * possibly modified comedi_cmd structure
*/ */
static int do_cmdtest_ioctl(struct comedi_device *dev, static int do_cmdtest_ioctl(struct comedi_device *dev,
struct comedi_cmd __user *arg, void *file) struct comedi_cmd *cmd, bool *copy, void *file)
{ {
struct comedi_cmd cmd;
struct comedi_subdevice *s; struct comedi_subdevice *s;
unsigned int __user *user_chanlist; unsigned int __user *user_chanlist;
int ret; int ret;
lockdep_assert_held(&dev->mutex); lockdep_assert_held(&dev->mutex);
if (copy_from_user(&cmd, arg, sizeof(cmd))) { /* do some simple cmd validation */
dev_dbg(dev->class_dev, "bad cmd address\n"); ret = __comedi_get_user_cmd(dev, cmd);
return -EFAULT;
}
/* get the user's cmd and do some simple validation */
ret = __comedi_get_user_cmd(dev, &cmd);
if (ret) if (ret)
return ret; return ret;
/* save user's chanlist pointer so it can be restored later */ /* save user's chanlist pointer so it can be restored later */
user_chanlist = (unsigned int __user *)cmd.chanlist; user_chanlist = (unsigned int __user *)cmd->chanlist;
s = &dev->subdevices[cmd.subdev]; s = &dev->subdevices[cmd->subdev];
/* user_chanlist can be NULL for COMEDI_CMDTEST ioctl */ /* user_chanlist can be NULL for COMEDI_CMDTEST ioctl */
if (user_chanlist) { if (user_chanlist) {
/* load channel/gain list */ /* load channel/gain list */
ret = __comedi_get_user_chanlist(dev, s, user_chanlist, &cmd); ret = __comedi_get_user_chanlist(dev, s, user_chanlist, cmd);
if (ret) if (ret)
return ret; return ret;
} }
ret = s->do_cmdtest(dev, s, &cmd); ret = s->do_cmdtest(dev, s, cmd);
kfree(cmd.chanlist); /* free kernel copy of user chanlist */ kfree(cmd->chanlist); /* free kernel copy of user chanlist */
/* restore chanlist pointer before copying back */ /* restore chanlist pointer before copying back */
cmd.chanlist = (unsigned int __force *)user_chanlist; cmd->chanlist = (unsigned int __force *)user_chanlist;
*copy = true;
if (copy_to_user(arg, &cmd, sizeof(cmd))) {
dev_dbg(dev->class_dev, "bad cmd address\n");
ret = -EFAULT;
}
return ret; return ret;
} }
...@@ -2220,10 +2210,19 @@ static long comedi_unlocked_ioctl(struct file *file, unsigned int cmd, ...@@ -2220,10 +2210,19 @@ static long comedi_unlocked_ioctl(struct file *file, unsigned int cmd,
case COMEDI_CMD: case COMEDI_CMD:
rc = do_cmd_ioctl(dev, (struct comedi_cmd __user *)arg, file); rc = do_cmd_ioctl(dev, (struct comedi_cmd __user *)arg, file);
break; break;
case COMEDI_CMDTEST: case COMEDI_CMDTEST: {
rc = do_cmdtest_ioctl(dev, (struct comedi_cmd __user *)arg, struct comedi_cmd cmd;
file); bool copy = false;
if (copy_from_user(&cmd, (void __user *)arg, sizeof(cmd))) {
rc = -EFAULT;
break;
}
rc = do_cmdtest_ioctl(dev, &cmd, &copy, file);
if (copy && copy_to_user((void __user *)arg, &cmd, sizeof(cmd)))
rc = -EFAULT;
break; break;
}
case COMEDI_INSNLIST: { case COMEDI_INSNLIST: {
struct comedi_insnlist insnlist; struct comedi_insnlist insnlist;
struct comedi_insn *insns = NULL; struct comedi_insn *insns = NULL;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7