Commit 5b974f1a authored by Greg Kroah-Hartman's avatar Greg Kroah-Hartman

Merge kroah.com:/home/greg/linux/BK/bleed-2.6

into kroah.com:/home/greg/linux/BK/driver-2.6
parents 2285857c be62805e
...@@ -1015,15 +1015,23 @@ void __init mp_config_acpi_legacy_irqs (void) ...@@ -1015,15 +1015,23 @@ void __init mp_config_acpi_legacy_irqs (void)
for (i = 0; i < 16; i++) { for (i = 0; i < 16; i++) {
int idx; int idx;
for (idx = 0; idx < mp_irq_entries; idx++) for (idx = 0; idx < mp_irq_entries; idx++) {
if (mp_irqs[idx].mpc_srcbus == MP_ISA_BUS && struct mpc_config_intsrc *irq = mp_irqs + idx;
(mp_irqs[idx].mpc_dstapic == ioapic) &&
(mp_irqs[idx].mpc_srcbusirq == i || /* Do we already have a mapping for this ISA IRQ? */
mp_irqs[idx].mpc_dstirq == i)) if (irq->mpc_srcbus == MP_ISA_BUS && irq->mpc_srcbusirq == i)
break; break;
if (idx != mp_irq_entries) /* Do we already have a mapping for this IOAPIC pin */
continue; /* IRQ already used */ if ((irq->mpc_dstapic == intsrc.mpc_dstapic) &&
(irq->mpc_dstirq == i))
break;
}
if (idx != mp_irq_entries) {
printk(KERN_DEBUG "ACPI: IRQ%d used by override.\n", i);
continue; /* IRQ already used */
}
intsrc.mpc_irqtype = mp_INT; intsrc.mpc_irqtype = mp_INT;
intsrc.mpc_srcbusirq = i; /* Identity mapped */ intsrc.mpc_srcbusirq = i; /* Identity mapped */
......
...@@ -859,16 +859,22 @@ void __init mp_config_acpi_legacy_irqs (void) ...@@ -859,16 +859,22 @@ void __init mp_config_acpi_legacy_irqs (void)
for (i = 0; i < 16; i++) { for (i = 0; i < 16; i++) {
int idx; int idx;
for (idx = 0; idx < mp_irq_entries; idx++) for (idx = 0; idx < mp_irq_entries; idx++) {
if (mp_irqs[idx].mpc_srcbus == MP_ISA_BUS && struct mpc_config_intsrc *irq = mp_irqs + idx;
(mp_irqs[idx].mpc_dstapic == ioapic) &&
(mp_irqs[idx].mpc_srcbusirq == i || /* Do we already have a mapping for this ISA IRQ? */
mp_irqs[idx].mpc_dstirq == i)) if (irq->mpc_srcbus == MP_ISA_BUS && irq->mpc_srcbusirq == i)
break; break;
/* Do we already have a mapping for this IOAPIC pin */
if ((irq->mpc_dstapic == intsrc.mpc_dstapic) &&
(irq->mpc_dstirq == i))
break;
}
if (idx != mp_irq_entries) { if (idx != mp_irq_entries) {
printk(KERN_DEBUG "ACPI: IRQ%d used by override.\n", i); printk(KERN_DEBUG "ACPI: IRQ%d used by override.\n", i);
continue; /* IRQ already used */ continue; /* IRQ already used */
} }
intsrc.mpc_irqtype = mp_INT; intsrc.mpc_irqtype = mp_INT;
......
...@@ -2667,7 +2667,7 @@ static int __end_that_request_first(struct request *req, int uptodate, ...@@ -2667,7 +2667,7 @@ static int __end_that_request_first(struct request *req, int uptodate,
} }
total_bytes = bio_nbytes = 0; total_bytes = bio_nbytes = 0;
while ((bio = req->bio)) { while ((bio = req->bio) != NULL) {
int nbytes; int nbytes;
if (nr_bytes >= bio->bi_size) { if (nr_bytes >= bio->bi_size) {
......
...@@ -134,7 +134,7 @@ struct efivar_attribute { ...@@ -134,7 +134,7 @@ struct efivar_attribute {
#define EFI_ATTR(_name, _mode, _show, _store) \ #define EFI_ATTR(_name, _mode, _show, _store) \
struct subsys_attribute efi_attr_##_name = { \ struct subsys_attribute efi_attr_##_name = { \
.attr {.name = __stringify(_name), .mode = _mode, .owner = THIS_MODULE}, \ .attr = {.name = __stringify(_name), .mode = _mode, .owner = THIS_MODULE}, \
.show = _show, \ .show = _show, \
.store = _store, \ .store = _store, \
}; };
......
...@@ -660,7 +660,7 @@ static int hd_ioctl(struct inode * inode, struct file * file, ...@@ -660,7 +660,7 @@ static int hd_ioctl(struct inode * inode, struct file * file,
unsigned int cmd, unsigned long arg) unsigned int cmd, unsigned long arg)
{ {
struct hd_i_struct *disk = inode->i_bdev->bd_disk->private_data; struct hd_i_struct *disk = inode->i_bdev->bd_disk->private_data;
struct hd_geometry *loc = (struct hd_geometry *) arg; struct hd_geometry __user *loc = (struct hd_geometry __user *) arg;
struct hd_geometry g; struct hd_geometry g;
if (cmd != HDIO_GETGEO) if (cmd != HDIO_GETGEO)
......
...@@ -1095,7 +1095,7 @@ void stream_free(struct stream *s) ...@@ -1095,7 +1095,7 @@ void stream_free(struct stream *s)
/* File operations */ /* File operations */
static ssize_t amdtp_write(struct file *file, const char *buffer, size_t count, static ssize_t amdtp_write(struct file *file, const char __user *buffer, size_t count,
loff_t *offset_is_ignored) loff_t *offset_is_ignored)
{ {
struct stream *s = file->private_data; struct stream *s = file->private_data;
...@@ -1150,7 +1150,7 @@ static int amdtp_ioctl(struct inode *inode, struct file *file, ...@@ -1150,7 +1150,7 @@ static int amdtp_ioctl(struct inode *inode, struct file *file,
{ {
case AMDTP_IOC_PLUG: case AMDTP_IOC_PLUG:
case AMDTP_IOC_CHANNEL: case AMDTP_IOC_CHANNEL:
if (copy_from_user(&cfg, (struct amdtp_ioctl *) arg, sizeof cfg)) if (copy_from_user(&cfg, (struct amdtp_ioctl __user *) arg, sizeof cfg))
return -EFAULT; return -EFAULT;
else else
return stream_configure(s, cmd, &cfg); return stream_configure(s, cmd, &cfg);
......
...@@ -1333,7 +1333,7 @@ static int dv1394_fasync(int fd, struct file *file, int on) ...@@ -1333,7 +1333,7 @@ static int dv1394_fasync(int fd, struct file *file, int on)
return 0; return 0;
} }
static ssize_t dv1394_write(struct file *file, const char *buffer, size_t count, loff_t *ppos) static ssize_t dv1394_write(struct file *file, const char __user *buffer, size_t count, loff_t *ppos)
{ {
struct video_card *video = file_to_video_card(file); struct video_card *video = file_to_video_card(file);
DECLARE_WAITQUEUE(wait, current); DECLARE_WAITQUEUE(wait, current);
...@@ -1430,7 +1430,7 @@ static ssize_t dv1394_write(struct file *file, const char *buffer, size_t count, ...@@ -1430,7 +1430,7 @@ static ssize_t dv1394_write(struct file *file, const char *buffer, size_t count,
} }
static ssize_t dv1394_read(struct file *file, char *buffer, size_t count, loff_t *ppos) static ssize_t dv1394_read(struct file *file, char __user *buffer, size_t count, loff_t *ppos)
{ {
struct video_card *video = file_to_video_card(file); struct video_card *video = file_to_video_card(file);
DECLARE_WAITQUEUE(wait, current); DECLARE_WAITQUEUE(wait, current);
...@@ -1549,6 +1549,7 @@ static int dv1394_ioctl(struct inode *inode, struct file *file, ...@@ -1549,6 +1549,7 @@ static int dv1394_ioctl(struct inode *inode, struct file *file,
struct video_card *video = file_to_video_card(file); struct video_card *video = file_to_video_card(file);
unsigned long flags; unsigned long flags;
int ret = -EINVAL; int ret = -EINVAL;
void __user *argp = (void __user *)arg;
DECLARE_WAITQUEUE(wait, current); DECLARE_WAITQUEUE(wait, current);
...@@ -1718,10 +1719,10 @@ static int dv1394_ioctl(struct inode *inode, struct file *file, ...@@ -1718,10 +1719,10 @@ static int dv1394_ioctl(struct inode *inode, struct file *file,
case DV1394_IOC_INIT: { case DV1394_IOC_INIT: {
struct dv1394_init init; struct dv1394_init init;
if (arg == (unsigned long) NULL) { if (!argp) {
ret = do_dv1394_init_default(video); ret = do_dv1394_init_default(video);
} else { } else {
if (copy_from_user(&init, (void*)arg, sizeof(init))) { if (copy_from_user(&init, argp, sizeof(init))) {
ret = -EFAULT; ret = -EFAULT;
goto out; goto out;
} }
...@@ -1767,7 +1768,7 @@ static int dv1394_ioctl(struct inode *inode, struct file *file, ...@@ -1767,7 +1768,7 @@ static int dv1394_ioctl(struct inode *inode, struct file *file,
spin_unlock_irqrestore(&video->spinlock, flags); spin_unlock_irqrestore(&video->spinlock, flags);
if (copy_to_user((void*)arg, &status, sizeof(status))) { if (copy_to_user(argp, &status, sizeof(status))) {
ret = -EFAULT; ret = -EFAULT;
goto out; goto out;
} }
......
...@@ -35,11 +35,11 @@ struct file_info { ...@@ -35,11 +35,11 @@ struct file_info {
struct list_head addr_list; struct list_head addr_list;
u8 *fcp_buffer; u8 __user *fcp_buffer;
/* old ISO API */ /* old ISO API */
u64 listen_channels; u64 listen_channels;
quadlet_t *iso_buffer; quadlet_t __user *iso_buffer;
size_t iso_buffer_length; size_t iso_buffer_length;
u8 notification; /* (busreset-notification) RAW1394_NOTIFY_OFF/ON */ u8 notification; /* (busreset-notification) RAW1394_NOTIFY_OFF/ON */
......
...@@ -56,11 +56,11 @@ ...@@ -56,11 +56,11 @@
#include "raw1394-private.h" #include "raw1394-private.h"
#if BITS_PER_LONG == 64 #if BITS_PER_LONG == 64
#define int2ptr(x) ((void *)x) #define int2ptr(x) ((void __user *)x)
#define ptr2int(x) ((u64)x) #define ptr2int(x) ((u64)(unsigned long)(void __user *)x)
#else #else
#define int2ptr(x) ((void *)(u32)x) #define int2ptr(x) ((void __user *)(u32)x)
#define ptr2int(x) ((u64)(u32)x) #define ptr2int(x) ((u64)(unsigned long)(void __user *)x)
#endif #endif
#ifdef CONFIG_IEEE1394_VERBOSEDEBUG #ifdef CONFIG_IEEE1394_VERBOSEDEBUG
...@@ -410,7 +410,7 @@ static void fcp_request(struct hpsb_host *host, int nodeid, int direction, ...@@ -410,7 +410,7 @@ static void fcp_request(struct hpsb_host *host, int nodeid, int direction,
} }
static ssize_t raw1394_read(struct file *file, char *buffer, size_t count, static ssize_t raw1394_read(struct file *file, char __user *buffer, size_t count,
loff_t *offset_is_ignored) loff_t *offset_is_ignored)
{ {
struct file_info *fi = (struct file_info *)file->private_data; struct file_info *fi = (struct file_info *)file->private_data;
...@@ -602,7 +602,7 @@ static void handle_fcp_listen(struct file_info *fi, struct pending_request *req) ...@@ -602,7 +602,7 @@ static void handle_fcp_listen(struct file_info *fi, struct pending_request *req)
if (fi->fcp_buffer) { if (fi->fcp_buffer) {
req->req.error = RAW1394_ERROR_ALREADY; req->req.error = RAW1394_ERROR_ALREADY;
} else { } else {
fi->fcp_buffer = (u8 *)int2ptr(req->req.recvb); fi->fcp_buffer = int2ptr(req->req.recvb);
} }
} else { } else {
if (!fi->fcp_buffer) { if (!fi->fcp_buffer) {
...@@ -826,7 +826,7 @@ static int handle_async_send(struct file_info *fi, struct pending_request *req) ...@@ -826,7 +826,7 @@ static int handle_async_send(struct file_info *fi, struct pending_request *req)
return sizeof(struct raw1394_request); return sizeof(struct raw1394_request);
} }
if (copy_from_user(packet->data, ((u8*) int2ptr(req->req.sendb)) + header_length, if (copy_from_user(packet->data, int2ptr(req->req.sendb) + header_length,
packet->data_size)) { packet->data_size)) {
req->req.error = RAW1394_ERROR_MEMFAULT; req->req.error = RAW1394_ERROR_MEMFAULT;
req->req.length = 0; req->req.length = 0;
...@@ -964,9 +964,8 @@ static int arm_read (struct hpsb_host *host, int nodeid, quadlet_t *buffer, ...@@ -964,9 +964,8 @@ static int arm_read (struct hpsb_host *host, int nodeid, quadlet_t *buffer,
arm_req->buffer = NULL; arm_req->buffer = NULL;
arm_resp->buffer = NULL; arm_resp->buffer = NULL;
if (rcode == RCODE_COMPLETE) { if (rcode == RCODE_COMPLETE) {
arm_resp->buffer = ((byte_t *)(arm_resp) + byte_t *buf = (byte_t *)arm_resp + sizeof(struct arm_response);
(sizeof(struct arm_response))); memcpy (buf,
memcpy (arm_resp->buffer,
(arm_addr->addr_space_buffer)+(addr-(arm_addr->start)), (arm_addr->addr_space_buffer)+(addr-(arm_addr->start)),
length); length);
arm_resp->buffer = int2ptr((arm_addr->recvb) + arm_resp->buffer = int2ptr((arm_addr->recvb) +
...@@ -1091,10 +1090,9 @@ static int arm_write (struct hpsb_host *host, int nodeid, int destid, ...@@ -1091,10 +1090,9 @@ static int arm_write (struct hpsb_host *host, int nodeid, int destid,
(sizeof (struct arm_request_response))); (sizeof (struct arm_request_response)));
arm_resp = (struct arm_response *) ((byte_t *)(arm_req) + arm_resp = (struct arm_response *) ((byte_t *)(arm_req) +
(sizeof(struct arm_request))); (sizeof(struct arm_request)));
arm_req->buffer = ((byte_t *)(arm_resp) +
(sizeof(struct arm_response)));
arm_resp->buffer = NULL; arm_resp->buffer = NULL;
memcpy (arm_req->buffer, data, length); memcpy ((byte_t *)arm_resp + sizeof(struct arm_response),
data, length);
arm_req->buffer = int2ptr((arm_addr->recvb) + arm_req->buffer = int2ptr((arm_addr->recvb) +
sizeof (struct arm_request_response) + sizeof (struct arm_request_response) +
sizeof (struct arm_request) + sizeof (struct arm_request) +
...@@ -1233,6 +1231,7 @@ static int arm_lock (struct hpsb_host *host, int nodeid, quadlet_t *store, ...@@ -1233,6 +1231,7 @@ static int arm_lock (struct hpsb_host *host, int nodeid, quadlet_t *store,
} }
} }
if (arm_addr->notification_options & ARM_LOCK) { if (arm_addr->notification_options & ARM_LOCK) {
byte_t *buf1, *buf2;
DBGMSG("arm_lock -> entering notification-section"); DBGMSG("arm_lock -> entering notification-section");
req = __alloc_pending_request(SLAB_ATOMIC); req = __alloc_pending_request(SLAB_ATOMIC);
if (!req) { if (!req) {
...@@ -1258,26 +1257,22 @@ static int arm_lock (struct hpsb_host *host, int nodeid, quadlet_t *store, ...@@ -1258,26 +1257,22 @@ static int arm_lock (struct hpsb_host *host, int nodeid, quadlet_t *store,
(sizeof (struct arm_request_response))); (sizeof (struct arm_request_response)));
arm_resp = (struct arm_response *) ((byte_t *)(arm_req) + arm_resp = (struct arm_response *) ((byte_t *)(arm_req) +
(sizeof(struct arm_request))); (sizeof(struct arm_request)));
arm_req->buffer = ((byte_t *)(arm_resp) + buf1 = (byte_t *)arm_resp + sizeof(struct arm_response);
(sizeof(struct arm_response))); buf2 = buf1 + 2 * sizeof(*store);
arm_resp->buffer = ((byte_t *)(arm_req->buffer) +
(2* sizeof(*store)));
if ((ext_tcode == EXTCODE_FETCH_ADD) || if ((ext_tcode == EXTCODE_FETCH_ADD) ||
(ext_tcode == EXTCODE_LITTLE_ADD)) { (ext_tcode == EXTCODE_LITTLE_ADD)) {
arm_req->buffer_length = sizeof(*store); arm_req->buffer_length = sizeof(*store);
memcpy (arm_req->buffer, &data, sizeof(*store)); memcpy (buf1, &data, sizeof(*store));
} else { } else {
arm_req->buffer_length = 2 * sizeof(*store); arm_req->buffer_length = 2 * sizeof(*store);
memcpy (arm_req->buffer, &arg, sizeof(*store)); memcpy (buf1, &arg, sizeof(*store));
memcpy (((arm_req->buffer) + sizeof(*store)), memcpy (buf1 + sizeof(*store), &data, sizeof(*store));
&data, sizeof(*store));
} }
if (rcode == RCODE_COMPLETE) { if (rcode == RCODE_COMPLETE) {
arm_resp->buffer_length = sizeof(*store); arm_resp->buffer_length = sizeof(*store);
memcpy (arm_resp->buffer, &old, sizeof(*store)); memcpy (buf2, &old, sizeof(*store));
} else { } else {
arm_resp->buffer = NULL;
arm_resp->buffer_length = 0; arm_resp->buffer_length = 0;
} }
req->file_info = fi; req->file_info = fi;
...@@ -1438,6 +1433,7 @@ static int arm_lock64 (struct hpsb_host *host, int nodeid, octlet_t *store, ...@@ -1438,6 +1433,7 @@ static int arm_lock64 (struct hpsb_host *host, int nodeid, octlet_t *store,
} }
} }
if (arm_addr->notification_options & ARM_LOCK) { if (arm_addr->notification_options & ARM_LOCK) {
byte_t *buf1, *buf2;
DBGMSG("arm_lock64 -> entering notification-section"); DBGMSG("arm_lock64 -> entering notification-section");
req = __alloc_pending_request(SLAB_ATOMIC); req = __alloc_pending_request(SLAB_ATOMIC);
if (!req) { if (!req) {
...@@ -1463,26 +1459,22 @@ static int arm_lock64 (struct hpsb_host *host, int nodeid, octlet_t *store, ...@@ -1463,26 +1459,22 @@ static int arm_lock64 (struct hpsb_host *host, int nodeid, octlet_t *store,
(sizeof (struct arm_request_response))); (sizeof (struct arm_request_response)));
arm_resp = (struct arm_response *) ((byte_t *)(arm_req) + arm_resp = (struct arm_response *) ((byte_t *)(arm_req) +
(sizeof(struct arm_request))); (sizeof(struct arm_request)));
arm_req->buffer = ((byte_t *)(arm_resp) + buf1 = (byte_t *)arm_resp + sizeof(struct arm_response);
(sizeof(struct arm_response))); buf2 = buf1 + 2 * sizeof(*store);
arm_resp->buffer = ((byte_t *)(arm_req->buffer) +
(2* sizeof(*store)));
if ((ext_tcode == EXTCODE_FETCH_ADD) || if ((ext_tcode == EXTCODE_FETCH_ADD) ||
(ext_tcode == EXTCODE_LITTLE_ADD)) { (ext_tcode == EXTCODE_LITTLE_ADD)) {
arm_req->buffer_length = sizeof(*store); arm_req->buffer_length = sizeof(*store);
memcpy (arm_req->buffer, &data, sizeof(*store)); memcpy (buf1, &data, sizeof(*store));
} else { } else {
arm_req->buffer_length = 2 * sizeof(*store); arm_req->buffer_length = 2 * sizeof(*store);
memcpy (arm_req->buffer, &arg, sizeof(*store)); memcpy (buf1, &arg, sizeof(*store));
memcpy (((arm_req->buffer) + sizeof(*store)), memcpy (buf1 + sizeof(*store), &data, sizeof(*store));
&data, sizeof(*store));
} }
if (rcode == RCODE_COMPLETE) { if (rcode == RCODE_COMPLETE) {
arm_resp->buffer_length = sizeof(*store); arm_resp->buffer_length = sizeof(*store);
memcpy (arm_resp->buffer, &old, sizeof(*store)); memcpy (buf2, &old, sizeof(*store));
} else { } else {
arm_resp->buffer = NULL;
arm_resp->buffer_length = 0; arm_resp->buffer_length = 0;
} }
req->file_info = fi; req->file_info = fi;
...@@ -2146,7 +2138,7 @@ static int state_connected(struct file_info *fi, struct pending_request *req) ...@@ -2146,7 +2138,7 @@ static int state_connected(struct file_info *fi, struct pending_request *req)
} }
static ssize_t raw1394_write(struct file *file, const char *buffer, size_t count, static ssize_t raw1394_write(struct file *file, const char __user *buffer, size_t count,
loff_t *offset_is_ignored) loff_t *offset_is_ignored)
{ {
struct file_info *fi = (struct file_info *)file->private_data; struct file_info *fi = (struct file_info *)file->private_data;
...@@ -2262,7 +2254,7 @@ static void raw1394_iso_fill_status(struct hpsb_iso *iso, struct raw1394_iso_sta ...@@ -2262,7 +2254,7 @@ static void raw1394_iso_fill_status(struct hpsb_iso *iso, struct raw1394_iso_sta
stat->xmit_cycle = iso->xmit_cycle; stat->xmit_cycle = iso->xmit_cycle;
} }
static int raw1394_iso_xmit_init(struct file_info *fi, void *uaddr) static int raw1394_iso_xmit_init(struct file_info *fi, void __user *uaddr)
{ {
struct raw1394_iso_status stat; struct raw1394_iso_status stat;
...@@ -2294,7 +2286,7 @@ static int raw1394_iso_xmit_init(struct file_info *fi, void *uaddr) ...@@ -2294,7 +2286,7 @@ static int raw1394_iso_xmit_init(struct file_info *fi, void *uaddr)
return 0; return 0;
} }
static int raw1394_iso_recv_init(struct file_info *fi, void *uaddr) static int raw1394_iso_recv_init(struct file_info *fi, void __user *uaddr)
{ {
struct raw1394_iso_status stat; struct raw1394_iso_status stat;
...@@ -2322,7 +2314,7 @@ static int raw1394_iso_recv_init(struct file_info *fi, void *uaddr) ...@@ -2322,7 +2314,7 @@ static int raw1394_iso_recv_init(struct file_info *fi, void *uaddr)
return 0; return 0;
} }
static int raw1394_iso_get_status(struct file_info *fi, void *uaddr) static int raw1394_iso_get_status(struct file_info *fi, void __user *uaddr)
{ {
struct raw1394_iso_status stat; struct raw1394_iso_status stat;
struct hpsb_iso *iso = fi->iso_handle; struct hpsb_iso *iso = fi->iso_handle;
...@@ -2338,7 +2330,7 @@ static int raw1394_iso_get_status(struct file_info *fi, void *uaddr) ...@@ -2338,7 +2330,7 @@ static int raw1394_iso_get_status(struct file_info *fi, void *uaddr)
} }
/* copy N packet_infos out of the ringbuffer into user-supplied array */ /* copy N packet_infos out of the ringbuffer into user-supplied array */
static int raw1394_iso_recv_packets(struct file_info *fi, void *uaddr) static int raw1394_iso_recv_packets(struct file_info *fi, void __user *uaddr)
{ {
struct raw1394_iso_packets upackets; struct raw1394_iso_packets upackets;
unsigned int packet = fi->iso_handle->first_packet; unsigned int packet = fi->iso_handle->first_packet;
...@@ -2369,7 +2361,7 @@ static int raw1394_iso_recv_packets(struct file_info *fi, void *uaddr) ...@@ -2369,7 +2361,7 @@ static int raw1394_iso_recv_packets(struct file_info *fi, void *uaddr)
} }
/* copy N packet_infos from user to ringbuffer, and queue them for transmission */ /* copy N packet_infos from user to ringbuffer, and queue them for transmission */
static int raw1394_iso_send_packets(struct file_info *fi, void *uaddr) static int raw1394_iso_send_packets(struct file_info *fi, void __user *uaddr)
{ {
struct raw1394_iso_packets upackets; struct raw1394_iso_packets upackets;
int i, rv; int i, rv;
...@@ -2426,14 +2418,15 @@ static int raw1394_mmap(struct file *file, struct vm_area_struct *vma) ...@@ -2426,14 +2418,15 @@ static int raw1394_mmap(struct file *file, struct vm_area_struct *vma)
static int raw1394_ioctl(struct inode *inode, struct file *file, unsigned int cmd, unsigned long arg) static int raw1394_ioctl(struct inode *inode, struct file *file, unsigned int cmd, unsigned long arg)
{ {
struct file_info *fi = file->private_data; struct file_info *fi = file->private_data;
void __user *argp = (void __user *)arg;
switch(fi->iso_state) { switch(fi->iso_state) {
case RAW1394_ISO_INACTIVE: case RAW1394_ISO_INACTIVE:
switch(cmd) { switch(cmd) {
case RAW1394_IOC_ISO_XMIT_INIT: case RAW1394_IOC_ISO_XMIT_INIT:
return raw1394_iso_xmit_init(fi, (void*) arg); return raw1394_iso_xmit_init(fi, argp);
case RAW1394_IOC_ISO_RECV_INIT: case RAW1394_IOC_ISO_RECV_INIT:
return raw1394_iso_recv_init(fi, (void*) arg); return raw1394_iso_recv_init(fi, argp);
default: default:
break; break;
} }
...@@ -2443,7 +2436,7 @@ static int raw1394_ioctl(struct inode *inode, struct file *file, unsigned int cm ...@@ -2443,7 +2436,7 @@ static int raw1394_ioctl(struct inode *inode, struct file *file, unsigned int cm
case RAW1394_IOC_ISO_RECV_START: { case RAW1394_IOC_ISO_RECV_START: {
/* copy args from user-space */ /* copy args from user-space */
int args[3]; int args[3];
if (copy_from_user(&args[0], (void*) arg, sizeof(args))) if (copy_from_user(&args[0], argp, sizeof(args)))
return -EFAULT; return -EFAULT;
return hpsb_iso_recv_start(fi->iso_handle, args[0], args[1], args[2]); return hpsb_iso_recv_start(fi->iso_handle, args[0], args[1], args[2]);
} }
...@@ -2457,14 +2450,14 @@ static int raw1394_ioctl(struct inode *inode, struct file *file, unsigned int cm ...@@ -2457,14 +2450,14 @@ static int raw1394_ioctl(struct inode *inode, struct file *file, unsigned int cm
case RAW1394_IOC_ISO_RECV_SET_CHANNEL_MASK: { case RAW1394_IOC_ISO_RECV_SET_CHANNEL_MASK: {
/* copy the u64 from user-space */ /* copy the u64 from user-space */
u64 mask; u64 mask;
if (copy_from_user(&mask, (void*) arg, sizeof(mask))) if (copy_from_user(&mask, argp, sizeof(mask)))
return -EFAULT; return -EFAULT;
return hpsb_iso_recv_set_channel_mask(fi->iso_handle, mask); return hpsb_iso_recv_set_channel_mask(fi->iso_handle, mask);
} }
case RAW1394_IOC_ISO_GET_STATUS: case RAW1394_IOC_ISO_GET_STATUS:
return raw1394_iso_get_status(fi, (void*) arg); return raw1394_iso_get_status(fi, argp);
case RAW1394_IOC_ISO_RECV_PACKETS: case RAW1394_IOC_ISO_RECV_PACKETS:
return raw1394_iso_recv_packets(fi, (void*) arg); return raw1394_iso_recv_packets(fi, argp);
case RAW1394_IOC_ISO_RECV_RELEASE_PACKETS: case RAW1394_IOC_ISO_RECV_RELEASE_PACKETS:
return hpsb_iso_recv_release_packets(fi->iso_handle, arg); return hpsb_iso_recv_release_packets(fi->iso_handle, arg);
case RAW1394_IOC_ISO_RECV_FLUSH: case RAW1394_IOC_ISO_RECV_FLUSH:
...@@ -2482,7 +2475,7 @@ static int raw1394_ioctl(struct inode *inode, struct file *file, unsigned int cm ...@@ -2482,7 +2475,7 @@ static int raw1394_ioctl(struct inode *inode, struct file *file, unsigned int cm
case RAW1394_IOC_ISO_XMIT_START: { case RAW1394_IOC_ISO_XMIT_START: {
/* copy two ints from user-space */ /* copy two ints from user-space */
int args[2]; int args[2];
if (copy_from_user(&args[0], (void*) arg, sizeof(args))) if (copy_from_user(&args[0], argp, sizeof(args)))
return -EFAULT; return -EFAULT;
return hpsb_iso_xmit_start(fi->iso_handle, args[0], args[1]); return hpsb_iso_xmit_start(fi->iso_handle, args[0], args[1]);
} }
...@@ -2492,9 +2485,9 @@ static int raw1394_ioctl(struct inode *inode, struct file *file, unsigned int cm ...@@ -2492,9 +2485,9 @@ static int raw1394_ioctl(struct inode *inode, struct file *file, unsigned int cm
hpsb_iso_stop(fi->iso_handle); hpsb_iso_stop(fi->iso_handle);
return 0; return 0;
case RAW1394_IOC_ISO_GET_STATUS: case RAW1394_IOC_ISO_GET_STATUS:
return raw1394_iso_get_status(fi, (void*) arg); return raw1394_iso_get_status(fi, argp);
case RAW1394_IOC_ISO_XMIT_PACKETS: case RAW1394_IOC_ISO_XMIT_PACKETS:
return raw1394_iso_send_packets(fi, (void*) arg); return raw1394_iso_send_packets(fi, argp);
case RAW1394_IOC_ISO_SHUTDOWN: case RAW1394_IOC_ISO_SHUTDOWN:
raw1394_iso_shutdown(fi); raw1394_iso_shutdown(fi);
return 0; return 0;
......
...@@ -105,18 +105,18 @@ typedef struct arm_request { ...@@ -105,18 +105,18 @@ typedef struct arm_request {
__u8 extended_transaction_code; __u8 extended_transaction_code;
__u32 generation; __u32 generation;
__u16 buffer_length; __u16 buffer_length;
__u8 *buffer; __u8 __user *buffer;
} *arm_request_t; } *arm_request_t;
typedef struct arm_response { typedef struct arm_response {
__s32 response_code; __s32 response_code;
__u16 buffer_length; __u16 buffer_length;
__u8 *buffer; __u8 __user *buffer;
} *arm_response_t; } *arm_response_t;
typedef struct arm_request_response { typedef struct arm_request_response {
struct arm_request *request; struct arm_request __user *request;
struct arm_response *response; struct arm_response __user *response;
} *arm_request_response_t; } *arm_request_response_t;
/* rawiso API */ /* rawiso API */
...@@ -136,7 +136,7 @@ struct raw1394_iso_packet_info { ...@@ -136,7 +136,7 @@ struct raw1394_iso_packet_info {
/* argument for RAW1394_ISO_RECV/XMIT_PACKETS ioctls */ /* argument for RAW1394_ISO_RECV/XMIT_PACKETS ioctls */
struct raw1394_iso_packets { struct raw1394_iso_packets {
__u32 n_packets; __u32 n_packets;
struct raw1394_iso_packet_info *infos; struct raw1394_iso_packet_info __user *infos;
}; };
struct raw1394_iso_config { struct raw1394_iso_config {
......
...@@ -705,6 +705,7 @@ static int video1394_ioctl(struct inode *inode, struct file *file, ...@@ -705,6 +705,7 @@ static int video1394_ioctl(struct inode *inode, struct file *file,
struct file_ctx *ctx = (struct file_ctx *)file->private_data; struct file_ctx *ctx = (struct file_ctx *)file->private_data;
struct ti_ohci *ohci = ctx->ohci; struct ti_ohci *ohci = ctx->ohci;
unsigned long flags; unsigned long flags;
void __user *argp = (void __user *)arg;
switch(cmd) switch(cmd)
{ {
...@@ -716,7 +717,7 @@ static int video1394_ioctl(struct inode *inode, struct file *file, ...@@ -716,7 +717,7 @@ static int video1394_ioctl(struct inode *inode, struct file *file,
struct dma_iso_ctx *d; struct dma_iso_ctx *d;
int i; int i;
if (copy_from_user(&v, (void *)arg, sizeof(v))) if (copy_from_user(&v, argp, sizeof(v)))
return -EFAULT; return -EFAULT;
/* if channel < 0, find lowest available one */ /* if channel < 0, find lowest available one */
...@@ -813,7 +814,7 @@ static int video1394_ioctl(struct inode *inode, struct file *file, ...@@ -813,7 +814,7 @@ static int video1394_ioctl(struct inode *inode, struct file *file,
v.channel); v.channel);
} }
if (copy_to_user((void *)arg, &v, sizeof(v))) if (copy_to_user(argp, &v, sizeof(v)))
return -EFAULT; return -EFAULT;
return 0; return 0;
...@@ -825,7 +826,7 @@ static int video1394_ioctl(struct inode *inode, struct file *file, ...@@ -825,7 +826,7 @@ static int video1394_ioctl(struct inode *inode, struct file *file,
u64 mask; u64 mask;
struct dma_iso_ctx *d; struct dma_iso_ctx *d;
if (copy_from_user(&channel, (void *)arg, sizeof(int))) if (copy_from_user(&channel, argp, sizeof(int)))
return -EFAULT; return -EFAULT;
if (channel<0 || channel>(ISO_CHANNELS-1)) { if (channel<0 || channel>(ISO_CHANNELS-1)) {
...@@ -860,7 +861,7 @@ static int video1394_ioctl(struct inode *inode, struct file *file, ...@@ -860,7 +861,7 @@ static int video1394_ioctl(struct inode *inode, struct file *file,
struct video1394_wait v; struct video1394_wait v;
struct dma_iso_ctx *d; struct dma_iso_ctx *d;
if (copy_from_user(&v, (void *)arg, sizeof(v))) if (copy_from_user(&v, argp, sizeof(v)))
return -EFAULT; return -EFAULT;
d = find_ctx(&ctx->context_list, OHCI_ISO_RECEIVE, v.channel); d = find_ctx(&ctx->context_list, OHCI_ISO_RECEIVE, v.channel);
...@@ -923,7 +924,7 @@ static int video1394_ioctl(struct inode *inode, struct file *file, ...@@ -923,7 +924,7 @@ static int video1394_ioctl(struct inode *inode, struct file *file,
struct dma_iso_ctx *d; struct dma_iso_ctx *d;
int i; int i;
if (copy_from_user(&v, (void *)arg, sizeof(v))) if (copy_from_user(&v, argp, sizeof(v)))
return -EFAULT; return -EFAULT;
d = find_ctx(&ctx->context_list, OHCI_ISO_RECEIVE, v.channel); d = find_ctx(&ctx->context_list, OHCI_ISO_RECEIVE, v.channel);
...@@ -994,7 +995,7 @@ static int video1394_ioctl(struct inode *inode, struct file *file, ...@@ -994,7 +995,7 @@ static int video1394_ioctl(struct inode *inode, struct file *file,
spin_unlock_irqrestore(&d->lock, flags); spin_unlock_irqrestore(&d->lock, flags);
v.buffer=i; v.buffer=i;
if (copy_to_user((void *)arg, &v, sizeof(v))) if (copy_to_user(argp, &v, sizeof(v)))
return -EFAULT; return -EFAULT;
return 0; return 0;
...@@ -1007,7 +1008,7 @@ static int video1394_ioctl(struct inode *inode, struct file *file, ...@@ -1007,7 +1008,7 @@ static int video1394_ioctl(struct inode *inode, struct file *file,
qv.packet_sizes = NULL; qv.packet_sizes = NULL;
if (copy_from_user(&v, (void *)arg, sizeof(v))) if (copy_from_user(&v, argp, sizeof(v)))
return -EFAULT; return -EFAULT;
d = find_ctx(&ctx->context_list, OHCI_ISO_TRANSMIT, v.channel); d = find_ctx(&ctx->context_list, OHCI_ISO_TRANSMIT, v.channel);
...@@ -1023,7 +1024,7 @@ static int video1394_ioctl(struct inode *inode, struct file *file, ...@@ -1023,7 +1024,7 @@ static int video1394_ioctl(struct inode *inode, struct file *file,
unsigned int *psizes; unsigned int *psizes;
int buf_size = d->nb_cmd * sizeof(unsigned int); int buf_size = d->nb_cmd * sizeof(unsigned int);
if (copy_from_user(&qv, (void *)arg, sizeof(qv))) if (copy_from_user(&qv, argp, sizeof(qv)))
return -EFAULT; return -EFAULT;
psizes = kmalloc(buf_size, GFP_KERNEL); psizes = kmalloc(buf_size, GFP_KERNEL);
...@@ -1111,7 +1112,7 @@ static int video1394_ioctl(struct inode *inode, struct file *file, ...@@ -1111,7 +1112,7 @@ static int video1394_ioctl(struct inode *inode, struct file *file,
struct video1394_wait v; struct video1394_wait v;
struct dma_iso_ctx *d; struct dma_iso_ctx *d;
if (copy_from_user(&v, (void *)arg, sizeof(v))) if (copy_from_user(&v, argp, sizeof(v)))
return -EFAULT; return -EFAULT;
d = find_ctx(&ctx->context_list, OHCI_ISO_TRANSMIT, v.channel); d = find_ctx(&ctx->context_list, OHCI_ISO_TRANSMIT, v.channel);
......
...@@ -320,8 +320,8 @@ isdn_ppp_open(int min, struct file *file) ...@@ -320,8 +320,8 @@ isdn_ppp_open(int min, struct file *file)
is->slcomp = slhc_init(16, 16); /* not necessary for 2. link in bundle */ is->slcomp = slhc_init(16, 16); /* not necessary for 2. link in bundle */
#endif #endif
#ifdef CONFIG_IPPP_FILTER #ifdef CONFIG_IPPP_FILTER
is->pass_filter.filter = NULL; is->pass_filter = NULL;
is->active_filter.filter = NULL; is->active_filter = NULL;
#endif #endif
is->state = IPPP_OPEN; is->state = IPPP_OPEN;
...@@ -378,13 +378,13 @@ isdn_ppp_release(int min, struct file *file) ...@@ -378,13 +378,13 @@ isdn_ppp_release(int min, struct file *file)
is->slcomp = NULL; is->slcomp = NULL;
#endif #endif
#ifdef CONFIG_IPPP_FILTER #ifdef CONFIG_IPPP_FILTER
if (is->pass_filter.filter) { if (is->pass_filter) {
kfree(is->pass_filter.filter); kfree(is->pass_filter);
is->pass_filter.filter = NULL; is->pass_filter = NULL;
} }
if (is->active_filter.filter) { if (is->active_filter) {
kfree(is->active_filter.filter); kfree(is->active_filter);
is->active_filter.filter = NULL; is->active_filter = NULL;
} }
#endif #endif
...@@ -414,11 +414,11 @@ isdn_ppp_release(int min, struct file *file) ...@@ -414,11 +414,11 @@ isdn_ppp_release(int min, struct file *file)
* get_arg .. ioctl helper * get_arg .. ioctl helper
*/ */
static int static int
get_arg(void *b, void *val, int len) get_arg(void __user *b, void *val, int len)
{ {
if (len <= 0) if (len <= 0)
len = sizeof(void *); len = sizeof(void *);
if (copy_from_user((void *) val, b, len)) if (copy_from_user(val, b, len))
return -EFAULT; return -EFAULT;
return 0; return 0;
} }
...@@ -427,15 +427,50 @@ get_arg(void *b, void *val, int len) ...@@ -427,15 +427,50 @@ get_arg(void *b, void *val, int len)
* set arg .. ioctl helper * set arg .. ioctl helper
*/ */
static int static int
set_arg(void *b, void *val,int len) set_arg(void __user *b, void *val,int len)
{ {
if(len <= 0) if(len <= 0)
len = sizeof(void *); len = sizeof(void *);
if (copy_to_user(b, (void *) val, len)) if (copy_to_user(b, val, len))
return -EFAULT; return -EFAULT;
return 0; return 0;
} }
static int get_filter(void __user *arg, struct sock_filter **p)
{
struct sock_fprog uprog;
struct sock_filter *code = NULL;
int len, err;
if (copy_from_user(&uprog, arg, sizeof(uprog)))
return -EFAULT;
if (!uprog.len) {
*p = NULL;
return 0;
}
/* uprog.len is unsigned short, so no overflow here */
len = uprog.len * sizeof(struct sock_filter);
code = kmalloc(len, GFP_KERNEL);
if (code == NULL)
return -ENOMEM;
if (copy_from_user(code, uprog.filter, len)) {
kfree(code);
return -EFAULT;
}
err = sk_chk_filter(code, uprog.len);
if (err) {
kfree(code);
return err;
}
*p = code;
return uprog.len;
}
/* /*
* ippp device ioctl * ippp device ioctl
*/ */
...@@ -447,6 +482,7 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg) ...@@ -447,6 +482,7 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg)
struct ippp_struct *is; struct ippp_struct *is;
isdn_net_local *lp; isdn_net_local *lp;
struct isdn_ppp_comp_data data; struct isdn_ppp_comp_data data;
void __user *argp = (void __user *)arg;
is = (struct ippp_struct *) file->private_data; is = (struct ippp_struct *) file->private_data;
lp = is->lp; lp = is->lp;
...@@ -462,7 +498,7 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg) ...@@ -462,7 +498,7 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg)
#ifdef CONFIG_ISDN_MPP #ifdef CONFIG_ISDN_MPP
if (!(is->state & IPPP_CONNECT)) if (!(is->state & IPPP_CONNECT))
return -EINVAL; return -EINVAL;
if ((r = get_arg((void *) arg, &val, sizeof(val) ))) if ((r = get_arg(argp, &val, sizeof(val) )))
return r; return r;
printk(KERN_DEBUG "iPPP-bundle: minor: %d, slave unit: %d, master unit: %d\n", printk(KERN_DEBUG "iPPP-bundle: minor: %d, slave unit: %d, master unit: %d\n",
(int) min, (int) is->unit, (int) val); (int) min, (int) is->unit, (int) val);
...@@ -472,30 +508,30 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg) ...@@ -472,30 +508,30 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg)
#endif #endif
break; break;
case PPPIOCGUNIT: /* get ppp/isdn unit number */ case PPPIOCGUNIT: /* get ppp/isdn unit number */
if ((r = set_arg((void *) arg, &is->unit, sizeof(is->unit) ))) if ((r = set_arg(argp, &is->unit, sizeof(is->unit) )))
return r; return r;
break; break;
case PPPIOCGIFNAME: case PPPIOCGIFNAME:
if(!lp) if(!lp)
return -EINVAL; return -EINVAL;
if ((r = set_arg((void *) arg, lp->name, strlen(lp->name)))) if ((r = set_arg(argp, lp->name, strlen(lp->name))))
return r; return r;
break; break;
case PPPIOCGMPFLAGS: /* get configuration flags */ case PPPIOCGMPFLAGS: /* get configuration flags */
if ((r = set_arg((void *) arg, &is->mpppcfg, sizeof(is->mpppcfg) ))) if ((r = set_arg(argp, &is->mpppcfg, sizeof(is->mpppcfg) )))
return r; return r;
break; break;
case PPPIOCSMPFLAGS: /* set configuration flags */ case PPPIOCSMPFLAGS: /* set configuration flags */
if ((r = get_arg((void *) arg, &val, sizeof(val) ))) if ((r = get_arg(argp, &val, sizeof(val) )))
return r; return r;
is->mpppcfg = val; is->mpppcfg = val;
break; break;
case PPPIOCGFLAGS: /* get configuration flags */ case PPPIOCGFLAGS: /* get configuration flags */
if ((r = set_arg((void *) arg, &is->pppcfg,sizeof(is->pppcfg) ))) if ((r = set_arg(argp, &is->pppcfg,sizeof(is->pppcfg) )))
return r; return r;
break; break;
case PPPIOCSFLAGS: /* set configuration flags */ case PPPIOCSFLAGS: /* set configuration flags */
if ((r = get_arg((void *) arg, &val, sizeof(val) ))) { if ((r = get_arg(argp, &val, sizeof(val) ))) {
return r; return r;
} }
if (val & SC_ENABLE_IP && !(is->pppcfg & SC_ENABLE_IP) && (is->state & IPPP_CONNECT)) { if (val & SC_ENABLE_IP && !(is->pppcfg & SC_ENABLE_IP) && (is->state & IPPP_CONNECT)) {
...@@ -512,12 +548,12 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg) ...@@ -512,12 +548,12 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg)
if (lp) { if (lp) {
struct ppp_idle pidle; struct ppp_idle pidle;
pidle.xmit_idle = pidle.recv_idle = lp->huptimer; pidle.xmit_idle = pidle.recv_idle = lp->huptimer;
if ((r = set_arg((void *) arg, &pidle,sizeof(struct ppp_idle)))) if ((r = set_arg(argp, &pidle,sizeof(struct ppp_idle))))
return r; return r;
} }
break; break;
case PPPIOCSMRU: /* set receive unit size for PPP */ case PPPIOCSMRU: /* set receive unit size for PPP */
if ((r = get_arg((void *) arg, &val, sizeof(val) ))) if ((r = get_arg(argp, &val, sizeof(val) )))
return r; return r;
is->mru = val; is->mru = val;
break; break;
...@@ -526,7 +562,7 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg) ...@@ -526,7 +562,7 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg)
case PPPIOCSMPMTU: case PPPIOCSMPMTU:
break; break;
case PPPIOCSMAXCID: /* set the maximum compression slot id */ case PPPIOCSMAXCID: /* set the maximum compression slot id */
if ((r = get_arg((void *) arg, &val, sizeof(val) ))) if ((r = get_arg(argp, &val, sizeof(val) )))
return r; return r;
val++; val++;
if (is->maxcid != val) { if (is->maxcid != val) {
...@@ -549,11 +585,11 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg) ...@@ -549,11 +585,11 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg)
} }
break; break;
case PPPIOCGDEBUG: case PPPIOCGDEBUG:
if ((r = set_arg((void *) arg, &is->debug, sizeof(is->debug) ))) if ((r = set_arg(argp, &is->debug, sizeof(is->debug) )))
return r; return r;
break; break;
case PPPIOCSDEBUG: case PPPIOCSDEBUG:
if ((r = get_arg((void *) arg, &val, sizeof(val) ))) if ((r = get_arg(argp, &val, sizeof(val) )))
return r; return r;
is->debug = val; is->debug = val;
break; break;
...@@ -568,12 +604,12 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg) ...@@ -568,12 +604,12 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg)
protos[j] |= (0x1<<i); protos[j] |= (0x1<<i);
ipc = ipc->next; ipc = ipc->next;
} }
if ((r = set_arg((void *) arg,protos,8*sizeof(long) ))) if ((r = set_arg(argp,protos,8*sizeof(long) )))
return r; return r;
} }
break; break;
case PPPIOCSCOMPRESSOR: case PPPIOCSCOMPRESSOR:
if ((r = get_arg((void *) arg, &data, sizeof(struct isdn_ppp_comp_data)))) if ((r = get_arg(argp, &data, sizeof(struct isdn_ppp_comp_data))))
return r; return r;
return isdn_ppp_set_compressor(is, &data); return isdn_ppp_set_compressor(is, &data);
case PPPIOCGCALLINFO: case PPPIOCGCALLINFO:
...@@ -594,38 +630,29 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg) ...@@ -594,38 +630,29 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg)
if(lp->flags & ISDN_NET_CALLBACK) if(lp->flags & ISDN_NET_CALLBACK)
pci.calltype |= CALLTYPE_CALLBACK; pci.calltype |= CALLTYPE_CALLBACK;
} }
return set_arg((void *)arg,&pci,sizeof(struct pppcallinfo)); return set_arg(argp,&pci,sizeof(struct pppcallinfo));
} }
#ifdef CONFIG_IPPP_FILTER #ifdef CONFIG_IPPP_FILTER
case PPPIOCSPASS: case PPPIOCSPASS:
{
struct sock_filter *code;
int len = get_filter(argp, &code);
if (len < 0)
return len;
kfree(is->pass_filter);
is->pass_filter = code;
is->pass_len = len;
break;
}
case PPPIOCSACTIVE: case PPPIOCSACTIVE:
{ {
struct sock_fprog uprog, *filtp; struct sock_filter *code;
struct sock_filter *code = NULL; int len = get_filter(argp, &code);
int len, err; if (len < 0)
return len;
if (copy_from_user(&uprog, (void *) arg, sizeof(uprog))) kfree(is->active_filter);
return -EFAULT; is->active_filter = code;
if (uprog.len > 0) { is->active_len = len;
len = uprog.len * sizeof(struct sock_filter);
code = kmalloc(len, GFP_KERNEL);
if (code == NULL)
return -ENOMEM;
if (copy_from_user(code, uprog.filter, len)) {
kfree(code);
return -EFAULT;
}
err = sk_chk_filter(code, uprog.len);
if (err) {
kfree(code);
return err;
}
}
filtp = (cmd == PPPIOCSPASS) ? &is->pass_filter : &is->active_filter;
if (filtp->filter)
kfree(filtp->filter);
filtp->filter = code;
filtp->len = uprog.len;
break; break;
} }
#endif /* CONFIG_IPPP_FILTER */ #endif /* CONFIG_IPPP_FILTER */
...@@ -733,7 +760,7 @@ isdn_ppp_fill_rq(unsigned char *buf, int len, int proto, int slot) ...@@ -733,7 +760,7 @@ isdn_ppp_fill_rq(unsigned char *buf, int len, int proto, int slot)
*/ */
int int
isdn_ppp_read(int min, struct file *file, char *buf, int count) isdn_ppp_read(int min, struct file *file, char __user *buf, int count)
{ {
struct ippp_struct *is; struct ippp_struct *is;
struct ippp_buf_queue *b; struct ippp_buf_queue *b;
...@@ -746,7 +773,7 @@ isdn_ppp_read(int min, struct file *file, char *buf, int count) ...@@ -746,7 +773,7 @@ isdn_ppp_read(int min, struct file *file, char *buf, int count)
if (!(is->state & IPPP_OPEN)) if (!(is->state & IPPP_OPEN))
return 0; return 0;
if ((r = verify_area(VERIFY_WRITE, (void *) buf, count))) if ((r = verify_area(VERIFY_WRITE, buf, count)))
return r; return r;
spin_lock_irqsave(&is->buflock, flags); spin_lock_irqsave(&is->buflock, flags);
...@@ -773,7 +800,7 @@ isdn_ppp_read(int min, struct file *file, char *buf, int count) ...@@ -773,7 +800,7 @@ isdn_ppp_read(int min, struct file *file, char *buf, int count)
*/ */
int int
isdn_ppp_write(int min, struct file *file, const char *buf, int count) isdn_ppp_write(int min, struct file *file, const char __user *buf, int count)
{ {
isdn_net_local *lp; isdn_net_local *lp;
struct ippp_struct *is; struct ippp_struct *is;
...@@ -1128,17 +1155,16 @@ isdn_ppp_push_higher(isdn_net_dev * net_dev, isdn_net_local * lp, struct sk_buff ...@@ -1128,17 +1155,16 @@ isdn_ppp_push_higher(isdn_net_dev * net_dev, isdn_net_local * lp, struct sk_buff
*p = 0; /* indicate inbound in DLT_LINUX_SLL */ *p = 0; /* indicate inbound in DLT_LINUX_SLL */
} }
if (is->pass_filter.filter if (is->pass_filter
&& sk_run_filter(skb, is->pass_filter.filter, && sk_run_filter(skb, is->pass_filter, is->pass_len) == 0) {
is->pass_filter.len) == 0) {
if (is->debug & 0x2) if (is->debug & 0x2)
printk(KERN_DEBUG "IPPP: inbound frame filtered.\n"); printk(KERN_DEBUG "IPPP: inbound frame filtered.\n");
kfree_skb(skb); kfree_skb(skb);
return; return;
} }
if (!(is->active_filter.filter if (!(is->active_filter
&& sk_run_filter(skb, is->active_filter.filter, && sk_run_filter(skb, is->active_filter,
is->active_filter.len) == 0)) { is->active_len) == 0)) {
if (is->debug & 0x2) if (is->debug & 0x2)
printk(KERN_DEBUG "IPPP: link-active filter: reseting huptimer.\n"); printk(KERN_DEBUG "IPPP: link-active filter: reseting huptimer.\n");
lp->huptimer = 0; lp->huptimer = 0;
...@@ -1276,17 +1302,16 @@ isdn_ppp_xmit(struct sk_buff *skb, struct net_device *netdev) ...@@ -1276,17 +1302,16 @@ isdn_ppp_xmit(struct sk_buff *skb, struct net_device *netdev)
*p = htons(proto); *p = htons(proto);
} }
if (ipt->pass_filter.filter if (ipt->pass_filter
&& sk_run_filter(skb, ipt->pass_filter.filter, && sk_run_filter(skb, ipt->pass_filter, ipt->pass_len) == 0) {
ipt->pass_filter.len) == 0) {
if (ipt->debug & 0x4) if (ipt->debug & 0x4)
printk(KERN_DEBUG "IPPP: outbound frame filtered.\n"); printk(KERN_DEBUG "IPPP: outbound frame filtered.\n");
kfree_skb(skb); kfree_skb(skb);
goto unlock; goto unlock;
} }
if (!(ipt->active_filter.filter if (!(ipt->active_filter
&& sk_run_filter(skb, ipt->active_filter.filter, && sk_run_filter(skb, ipt->active_filter,
ipt->active_filter.len) == 0)) { ipt->active_len) == 0)) {
if (ipt->debug & 0x4) if (ipt->debug & 0x4)
printk(KERN_DEBUG "IPPP: link-active filter: reseting huptimer.\n"); printk(KERN_DEBUG "IPPP: link-active filter: reseting huptimer.\n");
lp->huptimer = 0; lp->huptimer = 0;
...@@ -1475,12 +1500,10 @@ int isdn_ppp_autodial_filter(struct sk_buff *skb, isdn_net_local *lp) ...@@ -1475,12 +1500,10 @@ int isdn_ppp_autodial_filter(struct sk_buff *skb, isdn_net_local *lp)
*p = htons(proto); *p = htons(proto);
} }
drop |= is->pass_filter.filter drop |= is->pass_filter
&& sk_run_filter(skb, is->pass_filter.filter, && sk_run_filter(skb, is->pass_filter, is->pass_len) == 0;
is->pass_filter.len) == 0; drop |= is->active_filter
drop |= is->active_filter.filter && sk_run_filter(skb, is->active_filter, is->active_len) == 0;
&& sk_run_filter(skb, is->active_filter.filter,
is->active_filter.len) == 0;
skb_push(skb, IPPP_MAX_HEADER - 4); skb_push(skb, IPPP_MAX_HEADER - 4);
return drop; return drop;
...@@ -1969,12 +1992,11 @@ isdn_ppp_bundle(struct ippp_struct *is, int unit) ...@@ -1969,12 +1992,11 @@ isdn_ppp_bundle(struct ippp_struct *is, int unit)
static int static int
isdn_ppp_dev_ioctl_stats(int slot, struct ifreq *ifr, struct net_device *dev) isdn_ppp_dev_ioctl_stats(int slot, struct ifreq *ifr, struct net_device *dev)
{ {
struct ppp_stats *res, struct ppp_stats __user *res = ifr->ifr_data;
t; struct ppp_stats t;
isdn_net_local *lp = (isdn_net_local *) dev->priv; isdn_net_local *lp = (isdn_net_local *) dev->priv;
int err; int err;
res = (struct ppp_stats *) ifr->ifr_ifru.ifru_data;
err = verify_area(VERIFY_WRITE, res, sizeof(struct ppp_stats)); err = verify_area(VERIFY_WRITE, res, sizeof(struct ppp_stats));
if (err) if (err)
...@@ -2004,7 +2026,8 @@ isdn_ppp_dev_ioctl_stats(int slot, struct ifreq *ifr, struct net_device *dev) ...@@ -2004,7 +2026,8 @@ isdn_ppp_dev_ioctl_stats(int slot, struct ifreq *ifr, struct net_device *dev)
} }
#endif #endif
} }
if( copy_to_user(res, &t, sizeof(struct ppp_stats))) return -EFAULT; if (copy_to_user(res, &t, sizeof(struct ppp_stats)))
return -EFAULT;
return 0; return 0;
} }
...@@ -2012,7 +2035,6 @@ int ...@@ -2012,7 +2035,6 @@ int
isdn_ppp_dev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) isdn_ppp_dev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
{ {
int error=0; int error=0;
char *r;
int len; int len;
isdn_net_local *lp = (isdn_net_local *) dev->priv; isdn_net_local *lp = (isdn_net_local *) dev->priv;
...@@ -2023,9 +2045,8 @@ isdn_ppp_dev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) ...@@ -2023,9 +2045,8 @@ isdn_ppp_dev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
switch (cmd) { switch (cmd) {
#define PPP_VERSION "2.3.7" #define PPP_VERSION "2.3.7"
case SIOCGPPPVER: case SIOCGPPPVER:
r = (char *) ifr->ifr_ifru.ifru_data;
len = strlen(PPP_VERSION) + 1; len = strlen(PPP_VERSION) + 1;
if (copy_to_user(r, PPP_VERSION, len)) if (copy_to_user(ifr->ifr_data, PPP_VERSION, len))
error = -EFAULT; error = -EFAULT;
break; break;
......
...@@ -12,8 +12,8 @@ ...@@ -12,8 +12,8 @@
#include <linux/ppp_defs.h> /* for PPP_PROTOCOL */ #include <linux/ppp_defs.h> /* for PPP_PROTOCOL */
#include <linux/isdn_ppp.h> /* for isdn_ppp info */ #include <linux/isdn_ppp.h> /* for isdn_ppp info */
extern int isdn_ppp_read(int, struct file *, char *, int); extern int isdn_ppp_read(int, struct file *, char __user *, int);
extern int isdn_ppp_write(int, struct file *, const char *, int); extern int isdn_ppp_write(int, struct file *, const char __user *, int);
extern int isdn_ppp_open(int, struct file *); extern int isdn_ppp_open(int, struct file *);
extern int isdn_ppp_init(void); extern int isdn_ppp_init(void);
extern void isdn_ppp_cleanup(void); extern void isdn_ppp_cleanup(void);
......
...@@ -129,8 +129,9 @@ struct ppp { ...@@ -129,8 +129,9 @@ struct ppp {
#endif /* CONFIG_PPP_MULTILINK */ #endif /* CONFIG_PPP_MULTILINK */
struct net_device_stats stats; /* statistics */ struct net_device_stats stats; /* statistics */
#ifdef CONFIG_PPP_FILTER #ifdef CONFIG_PPP_FILTER
struct sock_fprog pass_filter; /* filter for packets to pass */ struct sock_filter *pass_filter; /* filter for packets to pass */
struct sock_fprog active_filter;/* filter for pkts to reset idle */ struct sock_filter *active_filter;/* filter for pkts to reset idle */
unsigned pass_len, active_len;
#endif /* CONFIG_PPP_FILTER */ #endif /* CONFIG_PPP_FILTER */
}; };
...@@ -493,6 +494,43 @@ static unsigned int ppp_poll(struct file *file, poll_table *wait) ...@@ -493,6 +494,43 @@ static unsigned int ppp_poll(struct file *file, poll_table *wait)
return mask; return mask;
} }
static int get_filter(void __user *arg, struct sock_filter **p)
{
struct sock_fprog uprog;
struct sock_filter *code = NULL;
int len, err;
if (copy_from_user(&uprog, arg, sizeof(uprog)))
return -EFAULT;
if (uprog.len > BPF_MAXINSNS)
return -EINVAL;
if (!uprog.len) {
*p = NULL;
return 0;
}
len = uprog.len * sizeof(struct sock_filter);
code = kmalloc(len, GFP_KERNEL);
if (code == NULL)
return -ENOMEM;
if (copy_from_user(code, uprog.filter, len)) {
kfree(code);
return -EFAULT;
}
err = sk_chk_filter(code, uprog.len);
if (err) {
kfree(code);
return err;
}
*p = code;
return uprog.len;
}
static int ppp_ioctl(struct inode *inode, struct file *file, static int ppp_ioctl(struct inode *inode, struct file *file,
unsigned int cmd, unsigned long arg) unsigned int cmd, unsigned long arg)
{ {
...@@ -503,6 +541,8 @@ static int ppp_ioctl(struct inode *inode, struct file *file, ...@@ -503,6 +541,8 @@ static int ppp_ioctl(struct inode *inode, struct file *file,
struct npioctl npi; struct npioctl npi;
int unit, cflags; int unit, cflags;
struct slcompress *vj; struct slcompress *vj;
void __user *argp = (void __user *)arg;
int __user *p = argp;
if (pf == 0) if (pf == 0)
return ppp_unattached_ioctl(pf, file, cmd, arg); return ppp_unattached_ioctl(pf, file, cmd, arg);
...@@ -540,7 +580,7 @@ static int ppp_ioctl(struct inode *inode, struct file *file, ...@@ -540,7 +580,7 @@ static int ppp_ioctl(struct inode *inode, struct file *file,
switch (cmd) { switch (cmd) {
case PPPIOCCONNECT: case PPPIOCCONNECT:
if (get_user(unit, (int *) arg)) if (get_user(unit, p))
break; break;
err = ppp_connect_channel(pch, unit); err = ppp_connect_channel(pch, unit);
break; break;
...@@ -569,14 +609,14 @@ static int ppp_ioctl(struct inode *inode, struct file *file, ...@@ -569,14 +609,14 @@ static int ppp_ioctl(struct inode *inode, struct file *file,
ppp = PF_TO_PPP(pf); ppp = PF_TO_PPP(pf);
switch (cmd) { switch (cmd) {
case PPPIOCSMRU: case PPPIOCSMRU:
if (get_user(val, (int *) arg)) if (get_user(val, p))
break; break;
ppp->mru = val; ppp->mru = val;
err = 0; err = 0;
break; break;
case PPPIOCSFLAGS: case PPPIOCSFLAGS:
if (get_user(val, (int *) arg)) if (get_user(val, p))
break; break;
ppp_lock(ppp); ppp_lock(ppp);
cflags = ppp->flags & ~val; cflags = ppp->flags & ~val;
...@@ -589,7 +629,7 @@ static int ppp_ioctl(struct inode *inode, struct file *file, ...@@ -589,7 +629,7 @@ static int ppp_ioctl(struct inode *inode, struct file *file,
case PPPIOCGFLAGS: case PPPIOCGFLAGS:
val = ppp->flags | ppp->xstate | ppp->rstate; val = ppp->flags | ppp->xstate | ppp->rstate;
if (put_user(val, (int *) arg)) if (put_user(val, p))
break; break;
err = 0; err = 0;
break; break;
...@@ -599,20 +639,20 @@ static int ppp_ioctl(struct inode *inode, struct file *file, ...@@ -599,20 +639,20 @@ static int ppp_ioctl(struct inode *inode, struct file *file,
break; break;
case PPPIOCGUNIT: case PPPIOCGUNIT:
if (put_user(ppp->file.index, (int *) arg)) if (put_user(ppp->file.index, p))
break; break;
err = 0; err = 0;
break; break;
case PPPIOCSDEBUG: case PPPIOCSDEBUG:
if (get_user(val, (int *) arg)) if (get_user(val, p))
break; break;
ppp->debug = val; ppp->debug = val;
err = 0; err = 0;
break; break;
case PPPIOCGDEBUG: case PPPIOCGDEBUG:
if (put_user(ppp->debug, (int *) arg)) if (put_user(ppp->debug, p))
break; break;
err = 0; err = 0;
break; break;
...@@ -620,13 +660,13 @@ static int ppp_ioctl(struct inode *inode, struct file *file, ...@@ -620,13 +660,13 @@ static int ppp_ioctl(struct inode *inode, struct file *file,
case PPPIOCGIDLE: case PPPIOCGIDLE:
idle.xmit_idle = (jiffies - ppp->last_xmit) / HZ; idle.xmit_idle = (jiffies - ppp->last_xmit) / HZ;
idle.recv_idle = (jiffies - ppp->last_recv) / HZ; idle.recv_idle = (jiffies - ppp->last_recv) / HZ;
if (copy_to_user((void __user *) arg, &idle, sizeof(idle))) if (copy_to_user(argp, &idle, sizeof(idle)))
break; break;
err = 0; err = 0;
break; break;
case PPPIOCSMAXCID: case PPPIOCSMAXCID:
if (get_user(val, (int *) arg)) if (get_user(val, p))
break; break;
val2 = 15; val2 = 15;
if ((val >> 16) != 0) { if ((val >> 16) != 0) {
...@@ -649,7 +689,7 @@ static int ppp_ioctl(struct inode *inode, struct file *file, ...@@ -649,7 +689,7 @@ static int ppp_ioctl(struct inode *inode, struct file *file,
case PPPIOCGNPMODE: case PPPIOCGNPMODE:
case PPPIOCSNPMODE: case PPPIOCSNPMODE:
if (copy_from_user(&npi, (void __user *) arg, sizeof(npi))) if (copy_from_user(&npi, argp, sizeof(npi)))
break; break;
err = proto_to_npindex(npi.protocol); err = proto_to_npindex(npi.protocol);
if (err < 0) if (err < 0)
...@@ -658,7 +698,7 @@ static int ppp_ioctl(struct inode *inode, struct file *file, ...@@ -658,7 +698,7 @@ static int ppp_ioctl(struct inode *inode, struct file *file,
if (cmd == PPPIOCGNPMODE) { if (cmd == PPPIOCGNPMODE) {
err = -EFAULT; err = -EFAULT;
npi.mode = ppp->npmode[i]; npi.mode = ppp->npmode[i];
if (copy_to_user((void __user *) arg, &npi, sizeof(npi))) if (copy_to_user(argp, &npi, sizeof(npi)))
break; break;
} else { } else {
ppp->npmode[i] = npi.mode; ppp->npmode[i] = npi.mode;
...@@ -670,49 +710,38 @@ static int ppp_ioctl(struct inode *inode, struct file *file, ...@@ -670,49 +710,38 @@ static int ppp_ioctl(struct inode *inode, struct file *file,
#ifdef CONFIG_PPP_FILTER #ifdef CONFIG_PPP_FILTER
case PPPIOCSPASS: case PPPIOCSPASS:
{
struct sock_filter *code;
err = get_filter(argp, &code);
if (err >= 0) {
ppp_lock(ppp);
kfree(ppp->pass_filter);
ppp->pass_filter = code;
ppp->pass_len = err;
ppp_unlock(ppp);
err = 0;
}
break;
}
case PPPIOCSACTIVE: case PPPIOCSACTIVE:
{ {
struct sock_fprog uprog, *filtp; struct sock_filter *code;
struct sock_filter *code = NULL; err = get_filter(argp, &code);
int len; if (err >= 0) {
ppp_lock(ppp);
if (copy_from_user(&uprog, (void __user *) arg, sizeof(uprog))) kfree(ppp->active_filter);
break; ppp->active_filter = code;
err = -EINVAL; ppp->active_len = err;
if (uprog.len > BPF_MAXINSNS) ppp_unlock(ppp);
break; err = 0;
err = -ENOMEM;
if (uprog.len > 0) {
len = uprog.len * sizeof(struct sock_filter);
code = kmalloc(len, GFP_KERNEL);
if (code == NULL)
break;
err = -EFAULT;
if (copy_from_user(code, (void __user *) uprog.filter, len)) {
kfree(code);
break;
}
err = sk_chk_filter(code, uprog.len);
if (err) {
kfree(code);
break;
}
} }
filtp = (cmd == PPPIOCSPASS)? &ppp->pass_filter: &ppp->active_filter;
ppp_lock(ppp);
if (filtp->filter)
kfree(filtp->filter);
filtp->filter = code;
filtp->len = uprog.len;
ppp_unlock(ppp);
err = 0;
break; break;
} }
#endif /* CONFIG_PPP_FILTER */ #endif /* CONFIG_PPP_FILTER */
#ifdef CONFIG_PPP_MULTILINK #ifdef CONFIG_PPP_MULTILINK
case PPPIOCSMRRU: case PPPIOCSMRRU:
if (get_user(val, (int *) arg)) if (get_user(val, p))
break; break;
ppp_recv_lock(ppp); ppp_recv_lock(ppp);
ppp->mrru = val; ppp->mrru = val;
...@@ -734,11 +763,12 @@ static int ppp_unattached_ioctl(struct ppp_file *pf, struct file *file, ...@@ -734,11 +763,12 @@ static int ppp_unattached_ioctl(struct ppp_file *pf, struct file *file,
int unit, err = -EFAULT; int unit, err = -EFAULT;
struct ppp *ppp; struct ppp *ppp;
struct channel *chan; struct channel *chan;
int __user *p = (int __user *)arg;
switch (cmd) { switch (cmd) {
case PPPIOCNEWUNIT: case PPPIOCNEWUNIT:
/* Create a new ppp unit */ /* Create a new ppp unit */
if (get_user(unit, (int *) arg)) if (get_user(unit, p))
break; break;
ppp = ppp_create_interface(unit, &err); ppp = ppp_create_interface(unit, &err);
if (ppp == 0) if (ppp == 0)
...@@ -746,14 +776,14 @@ static int ppp_unattached_ioctl(struct ppp_file *pf, struct file *file, ...@@ -746,14 +776,14 @@ static int ppp_unattached_ioctl(struct ppp_file *pf, struct file *file,
file->private_data = &ppp->file; file->private_data = &ppp->file;
ppp->owner = file; ppp->owner = file;
err = -EFAULT; err = -EFAULT;
if (put_user(ppp->file.index, (int *) arg)) if (put_user(ppp->file.index, p))
break; break;
err = 0; err = 0;
break; break;
case PPPIOCATTACH: case PPPIOCATTACH:
/* Attach to an existing ppp unit */ /* Attach to an existing ppp unit */
if (get_user(unit, (int *) arg)) if (get_user(unit, p))
break; break;
down(&all_ppp_sem); down(&all_ppp_sem);
err = -ENXIO; err = -ENXIO;
...@@ -767,7 +797,7 @@ static int ppp_unattached_ioctl(struct ppp_file *pf, struct file *file, ...@@ -767,7 +797,7 @@ static int ppp_unattached_ioctl(struct ppp_file *pf, struct file *file,
break; break;
case PPPIOCATTCHAN: case PPPIOCATTCHAN:
if (get_user(unit, (int *) arg)) if (get_user(unit, p))
break; break;
spin_lock_bh(&all_channels_lock); spin_lock_bh(&all_channels_lock);
err = -ENXIO; err = -ENXIO;
...@@ -999,18 +1029,18 @@ ppp_send_frame(struct ppp *ppp, struct sk_buff *skb) ...@@ -999,18 +1029,18 @@ ppp_send_frame(struct ppp *ppp, struct sk_buff *skb)
*p = htons(4); /* indicate outbound in DLT_LINUX_SLL */; *p = htons(4); /* indicate outbound in DLT_LINUX_SLL */;
} }
if (ppp->pass_filter.filter if (ppp->pass_filter
&& sk_run_filter(skb, ppp->pass_filter.filter, && sk_run_filter(skb, ppp->pass_filter,
ppp->pass_filter.len) == 0) { ppp->pass_len) == 0) {
if (ppp->debug & 1) if (ppp->debug & 1)
printk(KERN_DEBUG "PPP: outbound frame not passed\n"); printk(KERN_DEBUG "PPP: outbound frame not passed\n");
kfree_skb(skb); kfree_skb(skb);
return; return;
} }
/* if this packet passes the active filter, record the time */ /* if this packet passes the active filter, record the time */
if (!(ppp->active_filter.filter if (!(ppp->active_filter
&& sk_run_filter(skb, ppp->active_filter.filter, && sk_run_filter(skb, ppp->active_filter,
ppp->active_filter.len) == 0)) ppp->active_len) == 0))
ppp->last_xmit = jiffies; ppp->last_xmit = jiffies;
skb_pull(skb, 2); skb_pull(skb, 2);
#else #else
...@@ -1546,17 +1576,17 @@ ppp_receive_nonmp_frame(struct ppp *ppp, struct sk_buff *skb) ...@@ -1546,17 +1576,17 @@ ppp_receive_nonmp_frame(struct ppp *ppp, struct sk_buff *skb)
*p = 0; /* indicate inbound in DLT_LINUX_SLL */ *p = 0; /* indicate inbound in DLT_LINUX_SLL */
} }
if (ppp->pass_filter.filter if (ppp->pass_filter
&& sk_run_filter(skb, ppp->pass_filter.filter, && sk_run_filter(skb, ppp->pass_filter,
ppp->pass_filter.len) == 0) { ppp->pass_len) == 0) {
if (ppp->debug & 1) if (ppp->debug & 1)
printk(KERN_DEBUG "PPP: inbound frame not passed\n"); printk(KERN_DEBUG "PPP: inbound frame not passed\n");
kfree_skb(skb); kfree_skb(skb);
return; return;
} }
if (!(ppp->active_filter.filter if (!(ppp->active_filter
&& sk_run_filter(skb, ppp->active_filter.filter, && sk_run_filter(skb, ppp->active_filter,
ppp->active_filter.len) == 0)) ppp->active_len) == 0))
ppp->last_recv = jiffies; ppp->last_recv = jiffies;
skb_pull(skb, 2); skb_pull(skb, 2);
#else #else
...@@ -2423,13 +2453,13 @@ static void ppp_destroy_interface(struct ppp *ppp) ...@@ -2423,13 +2453,13 @@ static void ppp_destroy_interface(struct ppp *ppp)
skb_queue_purge(&ppp->mrq); skb_queue_purge(&ppp->mrq);
#endif /* CONFIG_PPP_MULTILINK */ #endif /* CONFIG_PPP_MULTILINK */
#ifdef CONFIG_PPP_FILTER #ifdef CONFIG_PPP_FILTER
if (ppp->pass_filter.filter) { if (ppp->pass_filter) {
kfree(ppp->pass_filter.filter); kfree(ppp->pass_filter);
ppp->pass_filter.filter = NULL; ppp->pass_filter = NULL;
} }
if (ppp->active_filter.filter) { if (ppp->active_filter) {
kfree(ppp->active_filter.filter); kfree(ppp->active_filter);
ppp->active_filter.filter = 0; ppp->active_filter = 0;
} }
#endif /* CONFIG_PPP_FILTER */ #endif /* CONFIG_PPP_FILTER */
......
...@@ -127,6 +127,7 @@ in the event that chatty debug messages are desired - jjs 12/30/98 */ ...@@ -127,6 +127,7 @@ in the event that chatty debug messages are desired - jjs 12/30/98 */
#include <linux/ioport.h> #include <linux/ioport.h>
#include <linux/netdevice.h> #include <linux/netdevice.h>
#include <linux/ip.h>
#include <linux/trdevice.h> #include <linux/trdevice.h>
#include <linux/ibmtr.h> #include <linux/ibmtr.h>
......
...@@ -220,7 +220,8 @@ static int c101_close(struct net_device *dev) ...@@ -220,7 +220,8 @@ static int c101_close(struct net_device *dev)
static int c101_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) static int c101_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
{ {
const size_t size = sizeof(sync_serial_settings); const size_t size = sizeof(sync_serial_settings);
sync_serial_settings new_line, *line = ifr->ifr_settings.ifs_ifsu.sync; sync_serial_settings new_line;
sync_serial_settings __user *line = ifr->ifr_settings.ifs_ifsu.sync;
port_t *port = dev_to_port(dev); port_t *port = dev_to_port(dev);
#ifdef DEBUG_RINGS #ifdef DEBUG_RINGS
......
...@@ -301,9 +301,9 @@ static char *chrdev_setup_rx(struct channel_data *channel, int size); ...@@ -301,9 +301,9 @@ static char *chrdev_setup_rx(struct channel_data *channel, int size);
static int chrdev_rx_done(struct channel_data *channel); static int chrdev_rx_done(struct channel_data *channel);
static int chrdev_tx_done(struct channel_data *channel, int size); static int chrdev_tx_done(struct channel_data *channel, int size);
static ssize_t cosa_read(struct file *file, static ssize_t cosa_read(struct file *file,
char *buf, size_t count, loff_t *ppos); char __user *buf, size_t count, loff_t *ppos);
static ssize_t cosa_write(struct file *file, static ssize_t cosa_write(struct file *file,
const char *buf, size_t count, loff_t *ppos); const char __user *buf, size_t count, loff_t *ppos);
static unsigned int cosa_poll(struct file *file, poll_table *poll); static unsigned int cosa_poll(struct file *file, poll_table *poll);
static int cosa_open(struct inode *inode, struct file *file); static int cosa_open(struct inode *inode, struct file *file);
static int cosa_release(struct inode *inode, struct file *file); static int cosa_release(struct inode *inode, struct file *file);
...@@ -330,13 +330,13 @@ static struct file_operations cosa_fops = { ...@@ -330,13 +330,13 @@ static struct file_operations cosa_fops = {
/* Ioctls */ /* Ioctls */
static int cosa_start(struct cosa_data *cosa, int address); static int cosa_start(struct cosa_data *cosa, int address);
static int cosa_reset(struct cosa_data *cosa); static int cosa_reset(struct cosa_data *cosa);
static int cosa_download(struct cosa_data *cosa, unsigned long a); static int cosa_download(struct cosa_data *cosa, void __user *a);
static int cosa_readmem(struct cosa_data *cosa, unsigned long a); static int cosa_readmem(struct cosa_data *cosa, void __user *a);
/* COSA/SRP ROM monitor */ /* COSA/SRP ROM monitor */
static int download(struct cosa_data *cosa, const char *data, int addr, int len); static int download(struct cosa_data *cosa, const char __user *data, int addr, int len);
static int startmicrocode(struct cosa_data *cosa, int address); static int startmicrocode(struct cosa_data *cosa, int address);
static int readmem(struct cosa_data *cosa, char *data, int addr, int len); static int readmem(struct cosa_data *cosa, char __user *data, int addr, int len);
static int cosa_reset_and_read_id(struct cosa_data *cosa, char *id); static int cosa_reset_and_read_id(struct cosa_data *cosa, char *id);
/* Auxilliary functions */ /* Auxilliary functions */
...@@ -830,7 +830,7 @@ static void chardev_channel_init(struct channel_data *chan) ...@@ -830,7 +830,7 @@ static void chardev_channel_init(struct channel_data *chan)
} }
static ssize_t cosa_read(struct file *file, static ssize_t cosa_read(struct file *file,
char *buf, size_t count, loff_t *ppos) char __user *buf, size_t count, loff_t *ppos)
{ {
DECLARE_WAITQUEUE(wait, current); DECLARE_WAITQUEUE(wait, current);
unsigned long flags; unsigned long flags;
...@@ -905,7 +905,7 @@ static int chrdev_rx_done(struct channel_data *chan) ...@@ -905,7 +905,7 @@ static int chrdev_rx_done(struct channel_data *chan)
static ssize_t cosa_write(struct file *file, static ssize_t cosa_write(struct file *file,
const char *buf, size_t count, loff_t *ppos) const char __user *buf, size_t count, loff_t *ppos)
{ {
DECLARE_WAITQUEUE(wait, current); DECLARE_WAITQUEUE(wait, current);
struct channel_data *chan = file->private_data; struct channel_data *chan = file->private_data;
...@@ -1066,7 +1066,7 @@ static inline int cosa_reset(struct cosa_data *cosa) ...@@ -1066,7 +1066,7 @@ static inline int cosa_reset(struct cosa_data *cosa)
} }
/* High-level function to download data into COSA memory. Calls download() */ /* High-level function to download data into COSA memory. Calls download() */
static inline int cosa_download(struct cosa_data *cosa, unsigned long arg) static inline int cosa_download(struct cosa_data *cosa, void __user *arg)
{ {
struct cosa_download d; struct cosa_download d;
int i; int i;
...@@ -1080,7 +1080,7 @@ static inline int cosa_download(struct cosa_data *cosa, unsigned long arg) ...@@ -1080,7 +1080,7 @@ static inline int cosa_download(struct cosa_data *cosa, unsigned long arg)
return -EPERM; return -EPERM;
} }
if (copy_from_user(&d, (void __user *) arg, sizeof(d))) if (copy_from_user(&d, arg, sizeof(d)))
return -EFAULT; return -EFAULT;
if (d.addr < 0 || d.addr > COSA_MAX_FIRMWARE_SIZE) if (d.addr < 0 || d.addr > COSA_MAX_FIRMWARE_SIZE)
...@@ -1105,7 +1105,7 @@ static inline int cosa_download(struct cosa_data *cosa, unsigned long arg) ...@@ -1105,7 +1105,7 @@ static inline int cosa_download(struct cosa_data *cosa, unsigned long arg)
} }
/* High-level function to read COSA memory. Calls readmem() */ /* High-level function to read COSA memory. Calls readmem() */
static inline int cosa_readmem(struct cosa_data *cosa, unsigned long arg) static inline int cosa_readmem(struct cosa_data *cosa, void __user *arg)
{ {
struct cosa_download d; struct cosa_download d;
int i; int i;
...@@ -1120,7 +1120,7 @@ static inline int cosa_readmem(struct cosa_data *cosa, unsigned long arg) ...@@ -1120,7 +1120,7 @@ static inline int cosa_readmem(struct cosa_data *cosa, unsigned long arg)
return -EPERM; return -EPERM;
} }
if (copy_from_user(&d, (void __user *) arg, sizeof(d))) if (copy_from_user(&d, arg, sizeof(d)))
return -EFAULT; return -EFAULT;
/* If something fails, force the user to reset the card */ /* If something fails, force the user to reset the card */
...@@ -1167,7 +1167,7 @@ static inline int cosa_start(struct cosa_data *cosa, int address) ...@@ -1167,7 +1167,7 @@ static inline int cosa_start(struct cosa_data *cosa, int address)
} }
/* Buffer of size at least COSA_MAX_ID_STRING is expected */ /* Buffer of size at least COSA_MAX_ID_STRING is expected */
static inline int cosa_getidstr(struct cosa_data *cosa, char *string) static inline int cosa_getidstr(struct cosa_data *cosa, char __user *string)
{ {
int l = strlen(cosa->id_string)+1; int l = strlen(cosa->id_string)+1;
if (copy_to_user(string, cosa->id_string, l)) if (copy_to_user(string, cosa->id_string, l))
...@@ -1176,7 +1176,7 @@ static inline int cosa_getidstr(struct cosa_data *cosa, char *string) ...@@ -1176,7 +1176,7 @@ static inline int cosa_getidstr(struct cosa_data *cosa, char *string)
} }
/* Buffer of size at least COSA_MAX_ID_STRING is expected */ /* Buffer of size at least COSA_MAX_ID_STRING is expected */
static inline int cosa_gettype(struct cosa_data *cosa, char *string) static inline int cosa_gettype(struct cosa_data *cosa, char __user *string)
{ {
int l = strlen(cosa->type)+1; int l = strlen(cosa->type)+1;
if (copy_to_user(string, cosa->type, l)) if (copy_to_user(string, cosa->type, l))
...@@ -1187,6 +1187,7 @@ static inline int cosa_gettype(struct cosa_data *cosa, char *string) ...@@ -1187,6 +1187,7 @@ static inline int cosa_gettype(struct cosa_data *cosa, char *string)
static int cosa_ioctl_common(struct cosa_data *cosa, static int cosa_ioctl_common(struct cosa_data *cosa,
struct channel_data *channel, unsigned int cmd, unsigned long arg) struct channel_data *channel, unsigned int cmd, unsigned long arg)
{ {
void __user *argp = (void __user *)arg;
switch(cmd) { switch(cmd) {
case COSAIORSET: /* Reset the device */ case COSAIORSET: /* Reset the device */
if (!capable(CAP_NET_ADMIN)) if (!capable(CAP_NET_ADMIN))
...@@ -1200,15 +1201,15 @@ static int cosa_ioctl_common(struct cosa_data *cosa, ...@@ -1200,15 +1201,15 @@ static int cosa_ioctl_common(struct cosa_data *cosa,
if (!capable(CAP_SYS_RAWIO)) if (!capable(CAP_SYS_RAWIO))
return -EACCES; return -EACCES;
return cosa_download(cosa, arg); return cosa_download(cosa, argp);
case COSAIORMEM: case COSAIORMEM:
if (!capable(CAP_SYS_RAWIO)) if (!capable(CAP_SYS_RAWIO))
return -EACCES; return -EACCES;
return cosa_readmem(cosa, arg); return cosa_readmem(cosa, argp);
case COSAIORTYPE: case COSAIORTYPE:
return cosa_gettype(cosa, (char *)arg); return cosa_gettype(cosa, argp);
case COSAIORIDSTR: case COSAIORIDSTR:
return cosa_getidstr(cosa, (char *)arg); return cosa_getidstr(cosa, argp);
case COSAIONRCARDS: case COSAIONRCARDS:
return nr_cards; return nr_cards;
case COSAIONRCHANS: case COSAIONRCHANS:
...@@ -1434,7 +1435,7 @@ static int cosa_dma_able(struct channel_data *chan, char *buf, int len) ...@@ -1434,7 +1435,7 @@ static int cosa_dma_able(struct channel_data *chan, char *buf, int len)
* by a single space. Monitor has to reply with a space. Now the download * by a single space. Monitor has to reply with a space. Now the download
* begins. After the download monitor replies with "\r\n." (CR LF dot). * begins. After the download monitor replies with "\r\n." (CR LF dot).
*/ */
static int download(struct cosa_data *cosa, const char *microcode, int length, int address) static int download(struct cosa_data *cosa, const char __user *microcode, int length, int address)
{ {
int i; int i;
...@@ -1508,7 +1509,7 @@ static int startmicrocode(struct cosa_data *cosa, int address) ...@@ -1508,7 +1509,7 @@ static int startmicrocode(struct cosa_data *cosa, int address)
* This routine is not needed during the normal operation and serves * This routine is not needed during the normal operation and serves
* for debugging purposes only. * for debugging purposes only.
*/ */
static int readmem(struct cosa_data *cosa, char *microcode, int length, int address) static int readmem(struct cosa_data *cosa, char __user *microcode, int length, int address)
{ {
if (put_wait_data(cosa, 'r') == -1) return -1; if (put_wait_data(cosa, 'r') == -1) return -1;
if ((get_wait_data(cosa)) != 'r') return -2; if ((get_wait_data(cosa)) != 'r') return -2;
......
...@@ -66,7 +66,7 @@ ...@@ -66,7 +66,7 @@
/* ioctls */ /* ioctls */
struct cosa_download { struct cosa_download {
int addr, len; int addr, len;
char *code; char __user *code;
}; };
/* Reset the device */ /* Reset the device */
......
...@@ -1296,7 +1296,7 @@ static int dscc4_set_clock(struct net_device *dev, u32 *bps, u32 *state) ...@@ -1296,7 +1296,7 @@ static int dscc4_set_clock(struct net_device *dev, u32 *bps, u32 *state)
static int dscc4_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) static int dscc4_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
{ {
sync_serial_settings *line = ifr->ifr_settings.ifs_ifsu.sync; sync_serial_settings __user *line = ifr->ifr_settings.ifs_ifsu.sync;
struct dscc4_dev_priv *dpriv = dscc4_priv(dev); struct dscc4_dev_priv *dpriv = dscc4_priv(dev);
const size_t size = sizeof(dpriv->settings); const size_t size = sizeof(dpriv->settings);
int ret = 0; int ret = 0;
......
...@@ -272,7 +272,7 @@ static void cisco_stop(struct net_device *dev) ...@@ -272,7 +272,7 @@ static void cisco_stop(struct net_device *dev)
int hdlc_cisco_ioctl(struct net_device *dev, struct ifreq *ifr) int hdlc_cisco_ioctl(struct net_device *dev, struct ifreq *ifr)
{ {
cisco_proto *cisco_s = ifr->ifr_settings.ifs_ifsu.cisco; cisco_proto __user *cisco_s = ifr->ifr_settings.ifs_ifsu.cisco;
const size_t size = sizeof(cisco_proto); const size_t size = sizeof(cisco_proto);
cisco_proto new_settings; cisco_proto new_settings;
hdlc_device *hdlc = dev_to_hdlc(dev); hdlc_device *hdlc = dev_to_hdlc(dev);
......
...@@ -1137,7 +1137,7 @@ static void fr_destroy(hdlc_device *hdlc) ...@@ -1137,7 +1137,7 @@ static void fr_destroy(hdlc_device *hdlc)
int hdlc_fr_ioctl(struct net_device *dev, struct ifreq *ifr) int hdlc_fr_ioctl(struct net_device *dev, struct ifreq *ifr)
{ {
fr_proto *fr_s = ifr->ifr_settings.ifs_ifsu.fr; fr_proto __user *fr_s = ifr->ifr_settings.ifs_ifsu.fr;
const size_t size = sizeof(fr_proto); const size_t size = sizeof(fr_proto);
fr_proto new_settings; fr_proto new_settings;
hdlc_device *hdlc = dev_to_hdlc(dev); hdlc_device *hdlc = dev_to_hdlc(dev);
......
...@@ -34,7 +34,7 @@ static unsigned short raw_type_trans(struct sk_buff *skb, ...@@ -34,7 +34,7 @@ static unsigned short raw_type_trans(struct sk_buff *skb,
int hdlc_raw_ioctl(struct net_device *dev, struct ifreq *ifr) int hdlc_raw_ioctl(struct net_device *dev, struct ifreq *ifr)
{ {
raw_hdlc_proto *raw_s = ifr->ifr_settings.ifs_ifsu.raw_hdlc; raw_hdlc_proto __user *raw_s = ifr->ifr_settings.ifs_ifsu.raw_hdlc;
const size_t size = sizeof(raw_hdlc_proto); const size_t size = sizeof(raw_hdlc_proto);
raw_hdlc_proto new_settings; raw_hdlc_proto new_settings;
hdlc_device *hdlc = dev_to_hdlc(dev); hdlc_device *hdlc = dev_to_hdlc(dev);
......
...@@ -46,7 +46,7 @@ static int eth_tx(struct sk_buff *skb, struct net_device *dev) ...@@ -46,7 +46,7 @@ static int eth_tx(struct sk_buff *skb, struct net_device *dev)
int hdlc_raw_eth_ioctl(struct net_device *dev, struct ifreq *ifr) int hdlc_raw_eth_ioctl(struct net_device *dev, struct ifreq *ifr)
{ {
raw_hdlc_proto *raw_s = ifr->ifr_settings.ifs_ifsu.raw_hdlc; raw_hdlc_proto __user *raw_s = ifr->ifr_settings.ifs_ifsu.raw_hdlc;
const size_t size = sizeof(raw_hdlc_proto); const size_t size = sizeof(raw_hdlc_proto);
raw_hdlc_proto new_settings; raw_hdlc_proto new_settings;
hdlc_device *hdlc = dev_to_hdlc(dev); hdlc_device *hdlc = dev_to_hdlc(dev);
......
...@@ -234,7 +234,7 @@ typedef struct lmc_st1f_control { ...@@ -234,7 +234,7 @@ typedef struct lmc_st1f_control {
int command; int command;
int address; int address;
int value; int value;
char *data; char __user *data;
} lmc_t1f_control; } lmc_t1f_control;
enum lmc_xilinx_c { enum lmc_xilinx_c {
...@@ -246,7 +246,7 @@ enum lmc_xilinx_c { ...@@ -246,7 +246,7 @@ enum lmc_xilinx_c {
struct lmc_xilinx_control { struct lmc_xilinx_control {
enum lmc_xilinx_c command; enum lmc_xilinx_c command;
int len; int len;
char *data; char __user *data;
}; };
/* ------------------ end T1 defs ------------------- */ /* ------------------ end T1 defs ------------------- */
......
...@@ -254,7 +254,8 @@ static int n2_close(struct net_device *dev) ...@@ -254,7 +254,8 @@ static int n2_close(struct net_device *dev)
static int n2_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) static int n2_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
{ {
const size_t size = sizeof(sync_serial_settings); const size_t size = sizeof(sync_serial_settings);
sync_serial_settings new_line, *line = ifr->ifr_settings.ifs_ifsu.sync; sync_serial_settings new_line;
sync_serial_settings __user *line = ifr->ifr_settings.ifs_ifsu.sync;
port_t *port = dev_to_port(dev); port_t *port = dev_to_port(dev);
#ifdef DEBUG_RINGS #ifdef DEBUG_RINGS
......
...@@ -204,7 +204,8 @@ static int pci200_close(struct net_device *dev) ...@@ -204,7 +204,8 @@ static int pci200_close(struct net_device *dev)
static int pci200_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) static int pci200_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
{ {
const size_t size = sizeof(sync_serial_settings); const size_t size = sizeof(sync_serial_settings);
sync_serial_settings new_line, *line = ifr->ifr_settings.ifs_ifsu.sync; sync_serial_settings new_line;
sync_serial_settings __user *line = ifr->ifr_settings.ifs_ifsu.sync;
port_t *port = dev_to_port(dev); port_t *port = dev_to_port(dev);
#ifdef DEBUG_RINGS #ifdef DEBUG_RINGS
......
...@@ -733,7 +733,7 @@ static int x25_asy_ioctl(struct tty_struct *tty, struct file *file, ...@@ -733,7 +733,7 @@ static int x25_asy_ioctl(struct tty_struct *tty, struct file *file,
switch(cmd) { switch(cmd) {
case SIOCGIFNAME: case SIOCGIFNAME:
if (copy_to_user((void *)arg, sl->dev->name, if (copy_to_user((void __user *)arg, sl->dev->name,
strlen(sl->dev->name) + 1)) strlen(sl->dev->name) + 1))
return -EFAULT; return -EFAULT;
return 0; return 0;
......
...@@ -2490,7 +2490,8 @@ static int devfs_mknod(struct inode *dir, struct dentry *dentry, int mode, ...@@ -2490,7 +2490,8 @@ static int devfs_mknod(struct inode *dir, struct dentry *dentry, int mode,
return 0; return 0;
} /* End Function devfs_mknod */ } /* End Function devfs_mknod */
static int devfs_readlink(struct dentry *dentry, char *buffer, int buflen) static int devfs_readlink(struct dentry *dentry, char __user *buffer,
int buflen)
{ {
int err; int err;
struct devfs_entry *de; struct devfs_entry *de;
......
...@@ -30,7 +30,7 @@ ...@@ -30,7 +30,7 @@
#define NCP_PACKET_SIZE_INTERNAL 65536 #define NCP_PACKET_SIZE_INTERNAL 65536
static int static int
ncp_get_fs_info(struct ncp_server* server, struct inode* inode, struct ncp_fs_info* arg) ncp_get_fs_info(struct ncp_server* server, struct inode* inode, struct ncp_fs_info __user *arg)
{ {
struct ncp_fs_info info; struct ncp_fs_info info;
...@@ -58,7 +58,7 @@ ncp_get_fs_info(struct ncp_server* server, struct inode* inode, struct ncp_fs_in ...@@ -58,7 +58,7 @@ ncp_get_fs_info(struct ncp_server* server, struct inode* inode, struct ncp_fs_in
} }
static int static int
ncp_get_fs_info_v2(struct ncp_server* server, struct inode* inode, struct ncp_fs_info_v2* arg) ncp_get_fs_info_v2(struct ncp_server* server, struct inode* inode, struct ncp_fs_info_v2 __user * arg)
{ {
struct ncp_fs_info_v2 info2; struct ncp_fs_info_v2 info2;
...@@ -90,7 +90,7 @@ ncp_get_fs_info_v2(struct ncp_server* server, struct inode* inode, struct ncp_fs ...@@ -90,7 +90,7 @@ ncp_get_fs_info_v2(struct ncp_server* server, struct inode* inode, struct ncp_fs
* Thanks Petr Vandrovec for idea and many hints. * Thanks Petr Vandrovec for idea and many hints.
*/ */
static int static int
ncp_set_charsets(struct ncp_server* server, struct ncp_nls_ioctl* arg) ncp_set_charsets(struct ncp_server* server, struct ncp_nls_ioctl __user *arg)
{ {
struct ncp_nls_ioctl user; struct ncp_nls_ioctl user;
struct nls_table *codepage; struct nls_table *codepage;
...@@ -148,7 +148,7 @@ ncp_set_charsets(struct ncp_server* server, struct ncp_nls_ioctl* arg) ...@@ -148,7 +148,7 @@ ncp_set_charsets(struct ncp_server* server, struct ncp_nls_ioctl* arg)
} }
static int static int
ncp_get_charsets(struct ncp_server* server, struct ncp_nls_ioctl* arg) ncp_get_charsets(struct ncp_server* server, struct ncp_nls_ioctl __user *arg)
{ {
struct ncp_nls_ioctl user; struct ncp_nls_ioctl user;
int len; int len;
...@@ -185,6 +185,7 @@ int ncp_ioctl(struct inode *inode, struct file *filp, ...@@ -185,6 +185,7 @@ int ncp_ioctl(struct inode *inode, struct file *filp,
int result; int result;
struct ncp_ioctl_request request; struct ncp_ioctl_request request;
char* bouncebuffer; char* bouncebuffer;
void __user *argp = (void __user *)arg;
switch (cmd) { switch (cmd) {
case NCP_IOC_NCPREQUEST: case NCP_IOC_NCPREQUEST:
...@@ -193,8 +194,7 @@ int ncp_ioctl(struct inode *inode, struct file *filp, ...@@ -193,8 +194,7 @@ int ncp_ioctl(struct inode *inode, struct file *filp,
&& (current->uid != server->m.mounted_uid)) { && (current->uid != server->m.mounted_uid)) {
return -EACCES; return -EACCES;
} }
if (copy_from_user(&request, (struct ncp_ioctl_request *) arg, if (copy_from_user(&request, argp, sizeof(request)))
sizeof(request)))
return -EFAULT; return -EFAULT;
if ((request.function > 255) if ((request.function > 255)
...@@ -245,10 +245,10 @@ int ncp_ioctl(struct inode *inode, struct file *filp, ...@@ -245,10 +245,10 @@ int ncp_ioctl(struct inode *inode, struct file *filp,
return ncp_conn_logged_in(inode->i_sb); return ncp_conn_logged_in(inode->i_sb);
case NCP_IOC_GET_FS_INFO: case NCP_IOC_GET_FS_INFO:
return ncp_get_fs_info(server, inode, (struct ncp_fs_info *)arg); return ncp_get_fs_info(server, inode, argp);
case NCP_IOC_GET_FS_INFO_V2: case NCP_IOC_GET_FS_INFO_V2:
return ncp_get_fs_info_v2(server, inode, (struct ncp_fs_info_v2 *)arg); return ncp_get_fs_info_v2(server, inode, argp);
case NCP_IOC_GETMOUNTUID2: case NCP_IOC_GETMOUNTUID2:
{ {
...@@ -259,7 +259,7 @@ int ncp_ioctl(struct inode *inode, struct file *filp, ...@@ -259,7 +259,7 @@ int ncp_ioctl(struct inode *inode, struct file *filp,
{ {
return -EACCES; return -EACCES;
} }
if (put_user(tmp, (unsigned long*) arg)) if (put_user(tmp, (unsigned long __user *)argp))
return -EFAULT; return -EFAULT;
return 0; return 0;
} }
...@@ -292,9 +292,8 @@ int ncp_ioctl(struct inode *inode, struct file *filp, ...@@ -292,9 +292,8 @@ int ncp_ioctl(struct inode *inode, struct file *filp,
sr.namespace = 0; sr.namespace = 0;
sr.dirEntNum = 0; sr.dirEntNum = 0;
} }
if (copy_to_user((struct ncp_setroot_ioctl*)arg, if (copy_to_user(argp, &sr, sizeof(sr)))
&sr, return -EFAULT;
sizeof(sr))) return -EFAULT;
return 0; return 0;
} }
case NCP_IOC_SETROOT: case NCP_IOC_SETROOT:
...@@ -308,9 +307,8 @@ int ncp_ioctl(struct inode *inode, struct file *filp, ...@@ -308,9 +307,8 @@ int ncp_ioctl(struct inode *inode, struct file *filp,
return -EACCES; return -EACCES;
} }
if (server->root_setuped) return -EBUSY; if (server->root_setuped) return -EBUSY;
if (copy_from_user(&sr, if (copy_from_user(&sr, argp, sizeof(sr)))
(struct ncp_setroot_ioctl*)arg, return -EFAULT;
sizeof(sr))) return -EFAULT;
if (sr.volNumber < 0) { if (sr.volNumber < 0) {
server->m.mounted_vol[0] = 0; server->m.mounted_vol[0] = 0;
vnum = NCP_NUMBER_OF_VOLUMES; vnum = NCP_NUMBER_OF_VOLUMES;
...@@ -348,13 +346,13 @@ int ncp_ioctl(struct inode *inode, struct file *filp, ...@@ -348,13 +346,13 @@ int ncp_ioctl(struct inode *inode, struct file *filp,
{ {
return -EACCES; return -EACCES;
} }
if (arg) { if (argp) {
if (server->sign_wanted) if (server->sign_wanted)
{ {
struct ncp_sign_init sign; struct ncp_sign_init sign;
if (copy_from_user(&sign, (struct ncp_sign_init *) arg, if (copy_from_user(&sign, argp, sizeof(sign)))
sizeof(sign))) return -EFAULT; return -EFAULT;
memcpy(server->sign_root,sign.sign_root,8); memcpy(server->sign_root,sign.sign_root,8);
memcpy(server->sign_last,sign.sign_last,16); memcpy(server->sign_last,sign.sign_last,16);
server->sign_active = 1; server->sign_active = 1;
...@@ -372,7 +370,7 @@ int ncp_ioctl(struct inode *inode, struct file *filp, ...@@ -372,7 +370,7 @@ int ncp_ioctl(struct inode *inode, struct file *filp,
return -EACCES; return -EACCES;
} }
if (put_user(server->sign_wanted, (int*) arg)) if (put_user(server->sign_wanted, (int __user *)argp))
return -EFAULT; return -EFAULT;
return 0; return 0;
case NCP_IOC_SET_SIGN_WANTED: case NCP_IOC_SET_SIGN_WANTED:
...@@ -385,7 +383,7 @@ int ncp_ioctl(struct inode *inode, struct file *filp, ...@@ -385,7 +383,7 @@ int ncp_ioctl(struct inode *inode, struct file *filp,
return -EACCES; return -EACCES;
} }
/* get only low 8 bits... */ /* get only low 8 bits... */
if (get_user(newstate, (unsigned char *) arg)) if (get_user(newstate, (unsigned char __user *)argp))
return -EFAULT; return -EFAULT;
if (server->sign_active) { if (server->sign_active) {
/* cannot turn signatures OFF when active */ /* cannot turn signatures OFF when active */
...@@ -409,8 +407,8 @@ int ncp_ioctl(struct inode *inode, struct file *filp, ...@@ -409,8 +407,8 @@ int ncp_ioctl(struct inode *inode, struct file *filp,
struct ncp_lock_ioctl rqdata; struct ncp_lock_ioctl rqdata;
int result; int result;
if (copy_from_user(&rqdata, (struct ncp_lock_ioctl*)arg, if (copy_from_user(&rqdata, argp, sizeof(rqdata)))
sizeof(rqdata))) return -EFAULT; return -EFAULT;
if (rqdata.origin != 0) if (rqdata.origin != 0)
return -EINVAL; return -EINVAL;
/* check for cmd */ /* check for cmd */
...@@ -480,9 +478,8 @@ int ncp_ioctl(struct inode *inode, struct file *filp, ...@@ -480,9 +478,8 @@ int ncp_ioctl(struct inode *inode, struct file *filp,
struct ncp_objectname_ioctl user; struct ncp_objectname_ioctl user;
size_t outl; size_t outl;
if (copy_from_user(&user, if (copy_from_user(&user, argp, sizeof(user)))
(struct ncp_objectname_ioctl*)arg, return -EFAULT;
sizeof(user))) return -EFAULT;
user.auth_type = server->auth.auth_type; user.auth_type = server->auth.auth_type;
outl = user.object_name_len; outl = user.object_name_len;
user.object_name_len = server->auth.object_name_len; user.object_name_len = server->auth.object_name_len;
...@@ -493,9 +490,8 @@ int ncp_ioctl(struct inode *inode, struct file *filp, ...@@ -493,9 +490,8 @@ int ncp_ioctl(struct inode *inode, struct file *filp,
server->auth.object_name, server->auth.object_name,
outl)) return -EFAULT; outl)) return -EFAULT;
} }
if (copy_to_user((struct ncp_objectname_ioctl*)arg, if (copy_to_user(argp, &user, sizeof(user)))
&user, return -EFAULT;
sizeof(user))) return -EFAULT;
return 0; return 0;
} }
case NCP_IOC_SETOBJECTNAME: case NCP_IOC_SETOBJECTNAME:
...@@ -510,9 +506,8 @@ int ncp_ioctl(struct inode *inode, struct file *filp, ...@@ -510,9 +506,8 @@ int ncp_ioctl(struct inode *inode, struct file *filp,
void* oldprivate; void* oldprivate;
size_t oldprivatelen; size_t oldprivatelen;
if (copy_from_user(&user, if (copy_from_user(&user, argp, sizeof(user)))
(struct ncp_objectname_ioctl*)arg, return -EFAULT;
sizeof(user))) return -EFAULT;
if (user.object_name_len > NCP_OBJECT_NAME_MAX_LEN) if (user.object_name_len > NCP_OBJECT_NAME_MAX_LEN)
return -ENOMEM; return -ENOMEM;
if (user.object_name_len) { if (user.object_name_len) {
...@@ -550,9 +545,8 @@ int ncp_ioctl(struct inode *inode, struct file *filp, ...@@ -550,9 +545,8 @@ int ncp_ioctl(struct inode *inode, struct file *filp,
struct ncp_privatedata_ioctl user; struct ncp_privatedata_ioctl user;
size_t outl; size_t outl;
if (copy_from_user(&user, if (copy_from_user(&user, argp, sizeof(user)))
(struct ncp_privatedata_ioctl*)arg, return -EFAULT;
sizeof(user))) return -EFAULT;
outl = user.len; outl = user.len;
user.len = server->priv.len; user.len = server->priv.len;
if (outl > user.len) outl = user.len; if (outl > user.len) outl = user.len;
...@@ -561,9 +555,8 @@ int ncp_ioctl(struct inode *inode, struct file *filp, ...@@ -561,9 +555,8 @@ int ncp_ioctl(struct inode *inode, struct file *filp,
server->priv.data, server->priv.data,
outl)) return -EFAULT; outl)) return -EFAULT;
} }
if (copy_to_user((struct ncp_privatedata_ioctl*)arg, if (copy_to_user(argp, &user, sizeof(user)))
&user, return -EFAULT;
sizeof(user))) return -EFAULT;
return 0; return 0;
} }
case NCP_IOC_SETPRIVATEDATA: case NCP_IOC_SETPRIVATEDATA:
...@@ -576,9 +569,8 @@ int ncp_ioctl(struct inode *inode, struct file *filp, ...@@ -576,9 +569,8 @@ int ncp_ioctl(struct inode *inode, struct file *filp,
void* old; void* old;
size_t oldlen; size_t oldlen;
if (copy_from_user(&user, if (copy_from_user(&user, argp, sizeof(user)))
(struct ncp_privatedata_ioctl*)arg, return -EFAULT;
sizeof(user))) return -EFAULT;
if (user.len > NCP_PRIVATE_DATA_MAX_LEN) if (user.len > NCP_PRIVATE_DATA_MAX_LEN)
return -ENOMEM; return -ENOMEM;
if (user.len) { if (user.len) {
...@@ -603,10 +595,10 @@ int ncp_ioctl(struct inode *inode, struct file *filp, ...@@ -603,10 +595,10 @@ int ncp_ioctl(struct inode *inode, struct file *filp,
#ifdef CONFIG_NCPFS_NLS #ifdef CONFIG_NCPFS_NLS
case NCP_IOC_SETCHARSETS: case NCP_IOC_SETCHARSETS:
return ncp_set_charsets(server, (struct ncp_nls_ioctl *)arg); return ncp_set_charsets(server, argp);
case NCP_IOC_GETCHARSETS: case NCP_IOC_GETCHARSETS:
return ncp_get_charsets(server, (struct ncp_nls_ioctl *)arg); return ncp_get_charsets(server, argp);
#endif /* CONFIG_NCPFS_NLS */ #endif /* CONFIG_NCPFS_NLS */
...@@ -617,7 +609,7 @@ int ncp_ioctl(struct inode *inode, struct file *filp, ...@@ -617,7 +609,7 @@ int ncp_ioctl(struct inode *inode, struct file *filp,
{ {
u_int32_t user; u_int32_t user;
if (copy_from_user(&user, (u_int32_t*)arg, sizeof(user))) if (copy_from_user(&user, argp, sizeof(user)))
return -EFAULT; return -EFAULT;
/* 20 secs at most... */ /* 20 secs at most... */
if (user > 20000) if (user > 20000)
...@@ -630,7 +622,7 @@ int ncp_ioctl(struct inode *inode, struct file *filp, ...@@ -630,7 +622,7 @@ int ncp_ioctl(struct inode *inode, struct file *filp,
case NCP_IOC_GETDENTRYTTL: case NCP_IOC_GETDENTRYTTL:
{ {
u_int32_t user = (server->dentry_ttl * 1000) / HZ; u_int32_t user = (server->dentry_ttl * 1000) / HZ;
if (copy_to_user((u_int32_t*)arg, &user, sizeof(user))) if (copy_to_user(argp, &user, sizeof(user)))
return -EFAULT; return -EFAULT;
return 0; return 0;
} }
...@@ -646,7 +638,7 @@ int ncp_ioctl(struct inode *inode, struct file *filp, ...@@ -646,7 +638,7 @@ int ncp_ioctl(struct inode *inode, struct file *filp,
return -EACCES; return -EACCES;
} }
SET_UID(uid, server->m.mounted_uid); SET_UID(uid, server->m.mounted_uid);
if (put_user(uid, (__kernel_uid_t *) arg)) if (put_user(uid, (__kernel_uid_t __user *)argp))
return -EFAULT; return -EFAULT;
return 0; return 0;
} }
......
...@@ -1463,7 +1463,8 @@ static struct inode_operations proc_tid_attr_inode_operations = { ...@@ -1463,7 +1463,8 @@ static struct inode_operations proc_tid_attr_inode_operations = {
/* /*
* /proc/self: * /proc/self:
*/ */
static int proc_self_readlink(struct dentry *dentry, char *buffer, int buflen) static int proc_self_readlink(struct dentry *dentry, char __user *buffer,
int buflen)
{ {
char tmp[30]; char tmp[30];
sprintf(tmp, "%d", current->tgid); sprintf(tmp, "%d", current->tgid);
...@@ -1747,7 +1748,9 @@ int proc_pid_readdir(struct file * filp, void * dirent, filldir_t filldir) ...@@ -1747,7 +1748,9 @@ int proc_pid_readdir(struct file * filp, void * dirent, filldir_t filldir)
ino_t ino = fake_ino(tgid,PROC_TGID_INO); ino_t ino = fake_ino(tgid,PROC_TGID_INO);
unsigned long j = PROC_NUMBUF; unsigned long j = PROC_NUMBUF;
do buf[--j] = '0' + (tgid % 10); while (tgid/=10); do
buf[--j] = '0' + (tgid % 10);
while ((tgid /= 10) != 0);
if (filldir(dirent, buf+j, PROC_NUMBUF-j, filp->f_pos, ino, DT_DIR) < 0) { if (filldir(dirent, buf+j, PROC_NUMBUF-j, filp->f_pos, ino, DT_DIR) < 0) {
filp->f_version = tgid; filp->f_version = tgid;
...@@ -1799,7 +1802,7 @@ static int proc_task_readdir(struct file * filp, void * dirent, filldir_t filldi ...@@ -1799,7 +1802,7 @@ static int proc_task_readdir(struct file * filp, void * dirent, filldir_t filldi
do do
buf[--j] = '0' + (tid % 10); buf[--j] = '0' + (tid % 10);
while (tid /= 10); while ((tid /= 10) != 0);
if (filldir(dirent, buf+j, PROC_NUMBUF-j, pos, ino, DT_DIR) < 0) if (filldir(dirent, buf+j, PROC_NUMBUF-j, pos, ino, DT_DIR) < 0)
break; break;
......
...@@ -150,7 +150,7 @@ void sync_dquots(struct super_block *sb, int type) ...@@ -150,7 +150,7 @@ void sync_dquots(struct super_block *sb, int type)
} }
/* Copy parameters and call proper function */ /* Copy parameters and call proper function */
static int do_quotactl(struct super_block *sb, int type, int cmd, qid_t id, caddr_t addr) static int do_quotactl(struct super_block *sb, int type, int cmd, qid_t id, void __user *addr)
{ {
int ret; int ret;
...@@ -264,7 +264,7 @@ static int do_quotactl(struct super_block *sb, int type, int cmd, qid_t id, cadd ...@@ -264,7 +264,7 @@ static int do_quotactl(struct super_block *sb, int type, int cmd, qid_t id, cadd
* calls. Maybe we need to add the process quotas etc. in the future, * calls. Maybe we need to add the process quotas etc. in the future,
* but we probably should use rlimits for that. * but we probably should use rlimits for that.
*/ */
asmlinkage long sys_quotactl(unsigned int cmd, const char __user *special, qid_t id, caddr_t addr) asmlinkage long sys_quotactl(unsigned int cmd, const char __user *special, qid_t id, void __user *addr)
{ {
uint cmds, type; uint cmds, type;
struct super_block *sb = NULL; struct super_block *sb = NULL;
......
...@@ -108,15 +108,15 @@ struct if_settings ...@@ -108,15 +108,15 @@ struct if_settings
unsigned int size; /* Size of the data allocated by the caller */ unsigned int size; /* Size of the data allocated by the caller */
union { union {
/* {atm/eth/dsl}_settings anyone ? */ /* {atm/eth/dsl}_settings anyone ? */
raw_hdlc_proto *raw_hdlc; raw_hdlc_proto __user *raw_hdlc;
cisco_proto *cisco; cisco_proto __user *cisco;
fr_proto *fr; fr_proto __user *fr;
fr_proto_pvc *fr_pvc; fr_proto_pvc __user *fr_pvc;
fr_proto_pvc_info *fr_pvc_info; fr_proto_pvc_info __user *fr_pvc_info;
/* interface settings */ /* interface settings */
sync_serial_settings *sync; sync_serial_settings __user *sync;
te1_settings *te1; te1_settings __user *te1;
} ifs_ifsu; } ifs_ifsu;
}; };
......
...@@ -233,8 +233,9 @@ struct ippp_struct { ...@@ -233,8 +233,9 @@ struct ippp_struct {
struct slcompress *slcomp; struct slcompress *slcomp;
#endif #endif
#ifdef CONFIG_IPPP_FILTER #ifdef CONFIG_IPPP_FILTER
struct sock_fprog pass_filter; /* filter for packets to pass */ struct sock_filter *pass_filter; /* filter for packets to pass */
struct sock_fprog active_filter; /* filter for pkts to reset idle */ struct sock_filter *active_filter; /* filter for pkts to reset idle */
unsigned pass_len, active_len;
#endif #endif
unsigned long debug; unsigned long debug;
struct isdn_ppp_compressor *compressor,*decompressor; struct isdn_ppp_compressor *compressor,*decompressor;
......
...@@ -24,7 +24,7 @@ ...@@ -24,7 +24,7 @@
struct ncp_ioctl_request { struct ncp_ioctl_request {
unsigned int function; unsigned int function;
unsigned int size; unsigned int size;
char *data; char __user *data;
}; };
struct ncp_fs_info { struct ncp_fs_info {
...@@ -88,13 +88,13 @@ struct ncp_objectname_ioctl ...@@ -88,13 +88,13 @@ struct ncp_objectname_ioctl
#define NCP_AUTH_NDS 0x32 #define NCP_AUTH_NDS 0x32
int auth_type; int auth_type;
size_t object_name_len; size_t object_name_len;
void* object_name; /* an userspace data, in most cases user name */ void __user * object_name; /* an userspace data, in most cases user name */
}; };
struct ncp_privatedata_ioctl struct ncp_privatedata_ioctl
{ {
size_t len; size_t len;
void* data; /* ~1000 for NDS */ void __user * data; /* ~1000 for NDS */
}; };
/* NLS charsets by ioctl */ /* NLS charsets by ioctl */
......
...@@ -382,7 +382,7 @@ asmlinkage long sys_fchdir(unsigned int fd); ...@@ -382,7 +382,7 @@ asmlinkage long sys_fchdir(unsigned int fd);
asmlinkage long sys_rmdir(const char __user *pathname); asmlinkage long sys_rmdir(const char __user *pathname);
asmlinkage long sys_lookup_dcookie(u64 cookie64, char __user *buf, size_t len); asmlinkage long sys_lookup_dcookie(u64 cookie64, char __user *buf, size_t len);
asmlinkage long sys_quotactl(unsigned int cmd, const char __user *special, asmlinkage long sys_quotactl(unsigned int cmd, const char __user *special,
qid_t id, caddr_t addr); qid_t id, void __user *addr);
asmlinkage long sys_getdents(unsigned int fd, asmlinkage long sys_getdents(unsigned int fd,
struct linux_dirent __user *dirent, struct linux_dirent __user *dirent,
unsigned int count); unsigned int count);
......
...@@ -1262,7 +1262,7 @@ static block_state deflate_slow( ...@@ -1262,7 +1262,7 @@ static block_state deflate_slow(
return flush == Z_FINISH ? finish_done : block_done; return flush == Z_FINISH ? finish_done : block_done;
} }
extern int zlib_deflate_workspacesize(void) int zlib_deflate_workspacesize(void)
{ {
return sizeof(deflate_workspace); return sizeof(deflate_workspace);
} }
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment