Commit 67475a9f authored by Alexander Viro's avatar Alexander Viro Committed by Linus Torvalds

[PATCH] trivial annotation for arch/i386/kernel/*

Several places in arch/i386/kernel were still un-annotated - they didn't
trip copy_.._user(), so they stayed alive.  Caught and killed.

That's not all - there's a big cluster of them in vm86.c, but I haven't
looked into that code yet.
parent 4b0fece0
...@@ -246,7 +246,7 @@ static int convert_fxsr_to_user( struct _fpstate __user *buf, ...@@ -246,7 +246,7 @@ static int convert_fxsr_to_user( struct _fpstate __user *buf,
to = &buf->_st[0]; to = &buf->_st[0];
from = (struct _fpxreg *) &fxsave->st_space[0]; from = (struct _fpxreg *) &fxsave->st_space[0];
for ( i = 0 ; i < 8 ; i++, to++, from++ ) { for ( i = 0 ; i < 8 ; i++, to++, from++ ) {
unsigned long *t = (unsigned long *)to; unsigned long __user *t = (unsigned long __user *)to;
unsigned long *f = (unsigned long *)from; unsigned long *f = (unsigned long *)from;
if (__put_user(*f, t) || if (__put_user(*f, t) ||
...@@ -281,7 +281,7 @@ static int convert_fxsr_from_user( struct i387_fxsave_struct *fxsave, ...@@ -281,7 +281,7 @@ static int convert_fxsr_from_user( struct i387_fxsave_struct *fxsave,
from = &buf->_st[0]; from = &buf->_st[0];
for ( i = 0 ; i < 8 ; i++, to++, from++ ) { for ( i = 0 ; i < 8 ; i++, to++, from++ ) {
unsigned long *t = (unsigned long *)to; unsigned long *t = (unsigned long *)to;
unsigned long *f = (unsigned long *)from; unsigned long __user *f = (unsigned long __user *)from;
if (__get_user(*t, f) || if (__get_user(*t, f) ||
__get_user(*(t + 1), f + 1) || __get_user(*(t + 1), f + 1) ||
......
...@@ -113,7 +113,7 @@ static spinlock_t microcode_update_lock = SPIN_LOCK_UNLOCKED; ...@@ -113,7 +113,7 @@ static spinlock_t microcode_update_lock = SPIN_LOCK_UNLOCKED;
/* no concurrent ->write()s are allowed on /dev/cpu/microcode */ /* no concurrent ->write()s are allowed on /dev/cpu/microcode */
static DECLARE_MUTEX(microcode_sem); static DECLARE_MUTEX(microcode_sem);
static void *user_buffer; /* user area microcode data buffer */ static void __user *user_buffer; /* user area microcode data buffer */
static unsigned int user_buffer_size; /* it's size */ static unsigned int user_buffer_size; /* it's size */
typedef enum mc_error_code { typedef enum mc_error_code {
...@@ -425,7 +425,7 @@ static int do_microcode_update (void) ...@@ -425,7 +425,7 @@ static int do_microcode_update (void)
return error; return error;
} }
static ssize_t microcode_write (struct file *file, const char *buf, size_t len, loff_t *ppos) static ssize_t microcode_write (struct file *file, const char __user *buf, size_t len, loff_t *ppos)
{ {
ssize_t ret; ssize_t ret;
...@@ -441,7 +441,7 @@ static ssize_t microcode_write (struct file *file, const char *buf, size_t len, ...@@ -441,7 +441,7 @@ static ssize_t microcode_write (struct file *file, const char *buf, size_t len,
down(&microcode_sem); down(&microcode_sem);
user_buffer = (void *) buf; user_buffer = (void __user *) buf;
user_buffer_size = (int) len; user_buffer_size = (int) len;
ret = do_microcode_update(); ret = do_microcode_update();
......
...@@ -184,7 +184,7 @@ static loff_t msr_seek(struct file *file, loff_t offset, int orig) ...@@ -184,7 +184,7 @@ static loff_t msr_seek(struct file *file, loff_t offset, int orig)
static ssize_t msr_read(struct file *file, char __user * buf, static ssize_t msr_read(struct file *file, char __user * buf,
size_t count, loff_t * ppos) size_t count, loff_t * ppos)
{ {
u32 *tmp = (u32 *) buf; u32 __user *tmp = (u32 __user *) buf;
u32 data[2]; u32 data[2];
size_t rv; size_t rv;
u32 reg = *ppos; u32 reg = *ppos;
...@@ -203,13 +203,13 @@ static ssize_t msr_read(struct file *file, char __user * buf, ...@@ -203,13 +203,13 @@ static ssize_t msr_read(struct file *file, char __user * buf,
tmp += 2; tmp += 2;
} }
return ((char *)tmp) - buf; return ((char __user *)tmp) - buf;
} }
static ssize_t msr_write(struct file *file, const char __user *buf, static ssize_t msr_write(struct file *file, const char __user *buf,
size_t count, loff_t *ppos) size_t count, loff_t *ppos)
{ {
const u32 *tmp = (const u32 *)buf; const u32 __user *tmp = (const u32 __user *)buf;
u32 data[2]; u32 data[2];
size_t rv; size_t rv;
u32 reg = *ppos; u32 reg = *ppos;
...@@ -228,7 +228,7 @@ static ssize_t msr_write(struct file *file, const char __user *buf, ...@@ -228,7 +228,7 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
tmp += 2; tmp += 2;
} }
return ((char *)tmp) - buf; return ((char __user *)tmp) - buf;
} }
static int msr_open(struct inode *inode, struct file *file) static int msr_open(struct inode *inode, struct file *file)
......
...@@ -235,6 +235,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data) ...@@ -235,6 +235,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
struct task_struct *child; struct task_struct *child;
struct user * dummy = NULL; struct user * dummy = NULL;
int i, ret; int i, ret;
unsigned long __user *datap = (unsigned long __user *)data;
lock_kernel(); lock_kernel();
ret = -EPERM; ret = -EPERM;
...@@ -283,7 +284,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data) ...@@ -283,7 +284,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
ret = -EIO; ret = -EIO;
if (copied != sizeof(tmp)) if (copied != sizeof(tmp))
break; break;
ret = put_user(tmp,(unsigned long *) data); ret = put_user(tmp, datap);
break; break;
} }
...@@ -305,7 +306,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data) ...@@ -305,7 +306,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
addr = addr >> 2; addr = addr >> 2;
tmp = child->thread.debugreg[addr]; tmp = child->thread.debugreg[addr];
} }
ret = put_user(tmp,(unsigned long *) data); ret = put_user(tmp, datap);
break; break;
} }
...@@ -423,13 +424,13 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data) ...@@ -423,13 +424,13 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
break; break;
case PTRACE_GETREGS: { /* Get all gp regs from the child. */ case PTRACE_GETREGS: { /* Get all gp regs from the child. */
if (!access_ok(VERIFY_WRITE, (unsigned *)data, FRAME_SIZE*sizeof(long))) { if (!access_ok(VERIFY_WRITE, datap, FRAME_SIZE*sizeof(long))) {
ret = -EIO; ret = -EIO;
break; break;
} }
for ( i = 0; i < FRAME_SIZE*sizeof(long); i += sizeof(long) ) { for ( i = 0; i < FRAME_SIZE*sizeof(long); i += sizeof(long) ) {
__put_user(getreg(child, i),(unsigned long *) data); __put_user(getreg(child, i), datap);
data += sizeof(long); datap++;
} }
ret = 0; ret = 0;
break; break;
...@@ -437,21 +438,21 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data) ...@@ -437,21 +438,21 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
case PTRACE_SETREGS: { /* Set all gp regs in the child. */ case PTRACE_SETREGS: { /* Set all gp regs in the child. */
unsigned long tmp; unsigned long tmp;
if (!access_ok(VERIFY_READ, (unsigned *)data, FRAME_SIZE*sizeof(long))) { if (!access_ok(VERIFY_READ, datap, FRAME_SIZE*sizeof(long))) {
ret = -EIO; ret = -EIO;
break; break;
} }
for ( i = 0; i < FRAME_SIZE*sizeof(long); i += sizeof(long) ) { for ( i = 0; i < FRAME_SIZE*sizeof(long); i += sizeof(long) ) {
__get_user(tmp, (unsigned long *) data); __get_user(tmp, datap);
putreg(child, i, tmp); putreg(child, i, tmp);
data += sizeof(long); datap++;
} }
ret = 0; ret = 0;
break; break;
} }
case PTRACE_GETFPREGS: { /* Get the child FPU state. */ case PTRACE_GETFPREGS: { /* Get the child FPU state. */
if (!access_ok(VERIFY_WRITE, (unsigned *)data, if (!access_ok(VERIFY_WRITE, datap,
sizeof(struct user_i387_struct))) { sizeof(struct user_i387_struct))) {
ret = -EIO; ret = -EIO;
break; break;
...@@ -464,7 +465,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data) ...@@ -464,7 +465,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
} }
case PTRACE_SETFPREGS: { /* Set the child FPU state. */ case PTRACE_SETFPREGS: { /* Set the child FPU state. */
if (!access_ok(VERIFY_READ, (unsigned *)data, if (!access_ok(VERIFY_READ, datap,
sizeof(struct user_i387_struct))) { sizeof(struct user_i387_struct))) {
ret = -EIO; ret = -EIO;
break; break;
...@@ -476,7 +477,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data) ...@@ -476,7 +477,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
} }
case PTRACE_GETFPXREGS: { /* Get the child extended FPU state. */ case PTRACE_GETFPXREGS: { /* Get the child extended FPU state. */
if (!access_ok(VERIFY_WRITE, (unsigned *)data, if (!access_ok(VERIFY_WRITE, datap,
sizeof(struct user_fxsr_struct))) { sizeof(struct user_fxsr_struct))) {
ret = -EIO; ret = -EIO;
break; break;
...@@ -488,7 +489,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data) ...@@ -488,7 +489,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
} }
case PTRACE_SETFPXREGS: { /* Set the child extended FPU state. */ case PTRACE_SETFPXREGS: { /* Set the child extended FPU state. */
if (!access_ok(VERIFY_READ, (unsigned *)data, if (!access_ok(VERIFY_READ, datap,
sizeof(struct user_fxsr_struct))) { sizeof(struct user_fxsr_struct))) {
ret = -EIO; ret = -EIO;
break; break;
...@@ -499,13 +500,13 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data) ...@@ -499,13 +500,13 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
} }
case PTRACE_GET_THREAD_AREA: case PTRACE_GET_THREAD_AREA:
ret = ptrace_get_thread_area(child, ret = ptrace_get_thread_area(child, addr,
addr, (struct user_desc __user *) data); (struct user_desc __user *) data);
break; break;
case PTRACE_SET_THREAD_AREA: case PTRACE_SET_THREAD_AREA:
ret = ptrace_set_thread_area(child, ret = ptrace_set_thread_area(child, addr,
addr, (struct user_desc __user *) data); (struct user_desc __user *) data);
break; break;
default: default:
......
...@@ -269,12 +269,12 @@ setup_sigcontext(struct sigcontext __user *sc, struct _fpstate __user *fpstate, ...@@ -269,12 +269,12 @@ setup_sigcontext(struct sigcontext __user *sc, struct _fpstate __user *fpstate,
tmp = 0; tmp = 0;
__asm__("movl %%gs,%0" : "=r"(tmp): "0"(tmp)); __asm__("movl %%gs,%0" : "=r"(tmp): "0"(tmp));
err |= __put_user(tmp, (unsigned int *)&sc->gs); err |= __put_user(tmp, (unsigned int __user *)&sc->gs);
__asm__("movl %%fs,%0" : "=r"(tmp): "0"(tmp)); __asm__("movl %%fs,%0" : "=r"(tmp): "0"(tmp));
err |= __put_user(tmp, (unsigned int *)&sc->fs); err |= __put_user(tmp, (unsigned int __user *)&sc->fs);
err |= __put_user(regs->xes, (unsigned int *)&sc->es); err |= __put_user(regs->xes, (unsigned int __user *)&sc->es);
err |= __put_user(regs->xds, (unsigned int *)&sc->ds); err |= __put_user(regs->xds, (unsigned int __user *)&sc->ds);
err |= __put_user(regs->edi, &sc->edi); err |= __put_user(regs->edi, &sc->edi);
err |= __put_user(regs->esi, &sc->esi); err |= __put_user(regs->esi, &sc->esi);
err |= __put_user(regs->ebp, &sc->ebp); err |= __put_user(regs->ebp, &sc->ebp);
...@@ -286,10 +286,10 @@ setup_sigcontext(struct sigcontext __user *sc, struct _fpstate __user *fpstate, ...@@ -286,10 +286,10 @@ setup_sigcontext(struct sigcontext __user *sc, struct _fpstate __user *fpstate,
err |= __put_user(current->thread.trap_no, &sc->trapno); err |= __put_user(current->thread.trap_no, &sc->trapno);
err |= __put_user(current->thread.error_code, &sc->err); err |= __put_user(current->thread.error_code, &sc->err);
err |= __put_user(regs->eip, &sc->eip); err |= __put_user(regs->eip, &sc->eip);
err |= __put_user(regs->xcs, (unsigned int *)&sc->cs); err |= __put_user(regs->xcs, (unsigned int __user *)&sc->cs);
err |= __put_user(regs->eflags, &sc->eflags); err |= __put_user(regs->eflags, &sc->eflags);
err |= __put_user(regs->esp, &sc->esp_at_signal); err |= __put_user(regs->esp, &sc->esp_at_signal);
err |= __put_user(regs->xss, (unsigned int *)&sc->ss); err |= __put_user(regs->xss, (unsigned int __user *)&sc->ss);
tmp = save_i387(fpstate); tmp = save_i387(fpstate);
if (tmp < 0) if (tmp < 0)
...@@ -381,9 +381,9 @@ static void setup_frame(int sig, struct k_sigaction *ka, ...@@ -381,9 +381,9 @@ static void setup_frame(int sig, struct k_sigaction *ka,
* reasons and because gdb uses it as a signature to notice * reasons and because gdb uses it as a signature to notice
* signal handler stack frames. * signal handler stack frames.
*/ */
err |= __put_user(0xb858, (short *)(frame->retcode+0)); err |= __put_user(0xb858, (short __user *)(frame->retcode+0));
err |= __put_user(__NR_sigreturn, (int *)(frame->retcode+2)); err |= __put_user(__NR_sigreturn, (int __user *)(frame->retcode+2));
err |= __put_user(0x80cd, (short *)(frame->retcode+6)); err |= __put_user(0x80cd, (short __user *)(frame->retcode+6));
if (err) if (err)
goto give_sigsegv; goto give_sigsegv;
...@@ -462,9 +462,9 @@ static void setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, ...@@ -462,9 +462,9 @@ static void setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
* reasons and because gdb uses it as a signature to notice * reasons and because gdb uses it as a signature to notice
* signal handler stack frames. * signal handler stack frames.
*/ */
err |= __put_user(0xb8, (char *)(frame->retcode+0)); err |= __put_user(0xb8, (char __user *)(frame->retcode+0));
err |= __put_user(__NR_rt_sigreturn, (int *)(frame->retcode+1)); err |= __put_user(__NR_rt_sigreturn, (int __user *)(frame->retcode+1));
err |= __put_user(0x80cd, (short *)(frame->retcode+5)); err |= __put_user(0x80cd, (short __user *)(frame->retcode+5));
if (err) if (err)
goto give_sigsegv; goto give_sigsegv;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment