Commit f4723b22 authored by Takashi Iwai's avatar Takashi Iwai

Merge branch 'topic/memdup_user' into for-linus

* topic/memdup_user:
  ALSA: sound/pci: use memdup_user()
  ALSA: sound/usb: use memdup_user()
  ALSA: sound/isa: use memdup_user()
  ALSA: sound/core: use memdup_user()
parents 00610a81 336500f0
......@@ -724,13 +724,10 @@ static int snd_ctl_elem_read_user(struct snd_card *card,
struct snd_ctl_elem_value *control;
int result;
control = kmalloc(sizeof(*control), GFP_KERNEL);
if (control == NULL)
return -ENOMEM;
if (copy_from_user(control, _control, sizeof(*control))) {
kfree(control);
return -EFAULT;
}
control = memdup_user(_control, sizeof(*control));
if (IS_ERR(control))
return PTR_ERR(control);
snd_power_lock(card);
result = snd_power_wait(card, SNDRV_CTL_POWER_D0);
if (result >= 0)
......@@ -784,13 +781,10 @@ static int snd_ctl_elem_write_user(struct snd_ctl_file *file,
struct snd_card *card;
int result;
control = kmalloc(sizeof(*control), GFP_KERNEL);
if (control == NULL)
return -ENOMEM;
if (copy_from_user(control, _control, sizeof(*control))) {
kfree(control);
return -EFAULT;
}
control = memdup_user(_control, sizeof(*control));
if (IS_ERR(control))
return PTR_ERR(control);
card = file->card;
snd_power_lock(card);
result = snd_power_wait(card, SNDRV_CTL_POWER_D0);
......@@ -916,13 +910,10 @@ static int snd_ctl_elem_user_tlv(struct snd_kcontrol *kcontrol,
if (op_flag > 0) {
if (size > 1024 * 128) /* sane value */
return -EINVAL;
new_data = kmalloc(size, GFP_KERNEL);
if (new_data == NULL)
return -ENOMEM;
if (copy_from_user(new_data, tlv, size)) {
kfree(new_data);
return -EFAULT;
}
new_data = memdup_user(tlv, size);
if (IS_ERR(new_data))
return PTR_ERR(new_data);
change = ue->tlv_data_size != size;
if (!change)
change = memcmp(ue->tlv_data, new_data, size);
......
......@@ -232,14 +232,11 @@ static int snd_pcm_ioctl_hw_params_compat(struct snd_pcm_substream *substream,
if (! (runtime = substream->runtime))
return -ENOTTY;
data = kmalloc(sizeof(*data), GFP_KERNEL);
if (data == NULL)
return -ENOMEM;
/* only fifo_size is different, so just copy all */
if (copy_from_user(data, data32, sizeof(*data32))) {
err = -EFAULT;
goto error;
}
data = memdup_user(data32, sizeof(*data32));
if (IS_ERR(data))
return PTR_ERR(data);
if (refine)
err = snd_pcm_hw_refine(substream, data);
else
......
......@@ -327,21 +327,16 @@ static int snd_pcm_hw_refine_user(struct snd_pcm_substream *substream,
struct snd_pcm_hw_params *params;
int err;
params = kmalloc(sizeof(*params), GFP_KERNEL);
if (!params) {
err = -ENOMEM;
goto out;
}
if (copy_from_user(params, _params, sizeof(*params))) {
err = -EFAULT;
goto out;
}
params = memdup_user(_params, sizeof(*params));
if (IS_ERR(params))
return PTR_ERR(params);
err = snd_pcm_hw_refine(substream, params);
if (copy_to_user(_params, params, sizeof(*params))) {
if (!err)
err = -EFAULT;
}
out:
kfree(params);
return err;
}
......@@ -465,21 +460,16 @@ static int snd_pcm_hw_params_user(struct snd_pcm_substream *substream,
struct snd_pcm_hw_params *params;
int err;
params = kmalloc(sizeof(*params), GFP_KERNEL);
if (!params) {
err = -ENOMEM;
goto out;
}
if (copy_from_user(params, _params, sizeof(*params))) {
err = -EFAULT;
goto out;
}
params = memdup_user(_params, sizeof(*params));
if (IS_ERR(params))
return PTR_ERR(params);
err = snd_pcm_hw_params(substream, params);
if (copy_to_user(_params, params, sizeof(*params))) {
if (!err)
err = -EFAULT;
}
out:
kfree(params);
return err;
}
......@@ -2593,13 +2583,11 @@ static int snd_pcm_playback_ioctl1(struct file *file,
return -EFAULT;
if (copy_from_user(&xfern, _xfern, sizeof(xfern)))
return -EFAULT;
bufs = kmalloc(sizeof(void *) * runtime->channels, GFP_KERNEL);
if (bufs == NULL)
return -ENOMEM;
if (copy_from_user(bufs, xfern.bufs, sizeof(void *) * runtime->channels)) {
kfree(bufs);
return -EFAULT;
}
bufs = memdup_user(xfern.bufs,
sizeof(void *) * runtime->channels);
if (IS_ERR(bufs))
return PTR_ERR(bufs);
result = snd_pcm_lib_writev(substream, bufs, xfern.frames);
kfree(bufs);
__put_user(result, &_xfern->result);
......@@ -2675,13 +2663,11 @@ static int snd_pcm_capture_ioctl1(struct file *file,
return -EFAULT;
if (copy_from_user(&xfern, _xfern, sizeof(xfern)))
return -EFAULT;
bufs = kmalloc(sizeof(void *) * runtime->channels, GFP_KERNEL);
if (bufs == NULL)
return -ENOMEM;
if (copy_from_user(bufs, xfern.bufs, sizeof(void *) * runtime->channels)) {
kfree(bufs);
return -EFAULT;
}
bufs = memdup_user(xfern.bufs,
sizeof(void *) * runtime->channels);
if (IS_ERR(bufs))
return PTR_ERR(bufs);
result = snd_pcm_lib_readv(substream, bufs, xfern.frames);
kfree(bufs);
__put_user(result, &_xfern->result);
......@@ -3312,18 +3298,12 @@ static int snd_pcm_hw_refine_old_user(struct snd_pcm_substream *substream,
int err;
params = kmalloc(sizeof(*params), GFP_KERNEL);
if (!params) {
err = -ENOMEM;
goto out;
}
oparams = kmalloc(sizeof(*oparams), GFP_KERNEL);
if (!oparams) {
err = -ENOMEM;
goto out;
}
if (!params)
return -ENOMEM;
if (copy_from_user(oparams, _oparams, sizeof(*oparams))) {
err = -EFAULT;
oparams = memdup_user(_oparams, sizeof(*oparams));
if (IS_ERR(oparams)) {
err = PTR_ERR(oparams);
goto out;
}
snd_pcm_hw_convert_from_old_params(params, oparams);
......@@ -3333,9 +3313,10 @@ static int snd_pcm_hw_refine_old_user(struct snd_pcm_substream *substream,
if (!err)
err = -EFAULT;
}
kfree(oparams);
out:
kfree(params);
kfree(oparams);
return err;
}
......@@ -3347,17 +3328,12 @@ static int snd_pcm_hw_params_old_user(struct snd_pcm_substream *substream,
int err;
params = kmalloc(sizeof(*params), GFP_KERNEL);
if (!params) {
err = -ENOMEM;
goto out;
}
oparams = kmalloc(sizeof(*oparams), GFP_KERNEL);
if (!oparams) {
err = -ENOMEM;
goto out;
}
if (copy_from_user(oparams, _oparams, sizeof(*oparams))) {
err = -EFAULT;
if (!params)
return -ENOMEM;
oparams = memdup_user(_oparams, sizeof(*oparams));
if (IS_ERR(oparams)) {
err = PTR_ERR(oparams);
goto out;
}
snd_pcm_hw_convert_from_old_params(params, oparams);
......@@ -3367,9 +3343,10 @@ static int snd_pcm_hw_params_old_user(struct snd_pcm_substream *substream,
if (!err)
err = -EFAULT;
}
kfree(oparams);
out:
kfree(params);
kfree(oparams);
return err;
}
#endif /* CONFIG_SND_SUPPORT_OLD_API */
......
......@@ -48,12 +48,11 @@ static int snd_seq_call_port_info_ioctl(struct snd_seq_client *client, unsigned
struct snd_seq_port_info *data;
mm_segment_t fs;
data = kmalloc(sizeof(*data), GFP_KERNEL);
if (! data)
return -ENOMEM;
data = memdup_user(data32, sizeof(*data32));
if (IS_ERR(data))
return PTR_ERR(data);
if (copy_from_user(data, data32, sizeof(*data32)) ||
get_user(data->flags, &data32->flags) ||
if (get_user(data->flags, &data32->flags) ||
get_user(data->time_queue, &data32->time_queue))
goto error;
data->kernel = NULL;
......
......@@ -1395,13 +1395,10 @@ static int snd_timer_user_ginfo(struct file *file,
struct list_head *p;
int err = 0;
ginfo = kmalloc(sizeof(*ginfo), GFP_KERNEL);
if (! ginfo)
return -ENOMEM;
if (copy_from_user(ginfo, _ginfo, sizeof(*ginfo))) {
kfree(ginfo);
return -EFAULT;
}
ginfo = memdup_user(_ginfo, sizeof(*ginfo));
if (IS_ERR(ginfo))
return PTR_ERR(ginfo);
tid = ginfo->tid;
memset(ginfo, 0, sizeof(*ginfo));
ginfo->tid = tid;
......
......@@ -684,15 +684,16 @@ static int snd_sb_csp_load(struct snd_sb_csp * p, const unsigned char *buf, int
static int snd_sb_csp_load_user(struct snd_sb_csp * p, const unsigned char __user *buf, int size, int load_flags)
{
int err = -ENOMEM;
unsigned char *kbuf = kmalloc(size, GFP_KERNEL);
if (kbuf) {
if (copy_from_user(kbuf, buf, size))
err = -EFAULT;
else
int err;
unsigned char *kbuf;
kbuf = memdup_user(buf, size);
if (IS_ERR(kbuf))
return PTR_ERR(kbuf);
err = snd_sb_csp_load(p, kbuf, size, load_flags);
kfree(kbuf);
}
return err;
}
......
......@@ -202,15 +202,11 @@ snd_wavefront_fx_ioctl (struct snd_hwdep *sdev, struct file *file,
"> 512 bytes to FX\n");
return -EIO;
}
page_data = kmalloc(r.data[2] * sizeof(short), GFP_KERNEL);
if (!page_data)
return -ENOMEM;
if (copy_from_user (page_data,
(unsigned char __user *) r.data[3],
r.data[2] * sizeof(short))) {
kfree(page_data);
return -EFAULT;
}
page_data = memdup_user((unsigned char __user *)
r.data[3],
r.data[2] * sizeof(short));
if (IS_ERR(page_data))
return PTR_ERR(page_data);
pd = page_data;
}
......
......@@ -1664,12 +1664,11 @@ snd_wavefront_synth_ioctl (struct snd_hwdep *hw, struct file *file,
break;
case WFCTL_WFCMD:
wc = kmalloc(sizeof(*wc), GFP_KERNEL);
if (! wc)
return -ENOMEM;
if (copy_from_user (wc, argp, sizeof (*wc)))
err = -EFAULT;
else if (wavefront_synth_control (acard, wc) < 0)
wc = memdup_user(argp, sizeof(*wc));
if (IS_ERR(wc))
return PTR_ERR(wc);
if (wavefront_synth_control (acard, wc) < 0)
err = -EIO;
else if (copy_to_user (argp, wc, sizeof (*wc)))
err = -EFAULT;
......
......@@ -2493,24 +2493,17 @@ static int snd_emu10k1_fx8010_ioctl(struct snd_hwdep * hw, struct file *file, un
case SNDRV_EMU10K1_IOCTL_CODE_POKE:
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
icode = kmalloc(sizeof(*icode), GFP_KERNEL);
if (icode == NULL)
return -ENOMEM;
if (copy_from_user(icode, argp, sizeof(*icode))) {
kfree(icode);
return -EFAULT;
}
icode = memdup_user(argp, sizeof(*icode));
if (IS_ERR(icode))
return PTR_ERR(icode);
res = snd_emu10k1_icode_poke(emu, icode);
kfree(icode);
return res;
case SNDRV_EMU10K1_IOCTL_CODE_PEEK:
icode = kmalloc(sizeof(*icode), GFP_KERNEL);
if (icode == NULL)
return -ENOMEM;
if (copy_from_user(icode, argp, sizeof(*icode))) {
kfree(icode);
return -EFAULT;
}
icode = memdup_user(argp, sizeof(*icode));
if (IS_ERR(icode))
return PTR_ERR(icode);
res = snd_emu10k1_icode_peek(emu, icode);
if (res == 0 && copy_to_user(argp, icode, sizeof(*icode))) {
kfree(icode);
......@@ -2519,24 +2512,16 @@ static int snd_emu10k1_fx8010_ioctl(struct snd_hwdep * hw, struct file *file, un
kfree(icode);
return res;
case SNDRV_EMU10K1_IOCTL_PCM_POKE:
ipcm = kmalloc(sizeof(*ipcm), GFP_KERNEL);
if (ipcm == NULL)
return -ENOMEM;
if (copy_from_user(ipcm, argp, sizeof(*ipcm))) {
kfree(ipcm);
return -EFAULT;
}
ipcm = memdup_user(argp, sizeof(*ipcm));
if (IS_ERR(ipcm))
return PTR_ERR(ipcm);
res = snd_emu10k1_ipcm_poke(emu, ipcm);
kfree(ipcm);
return res;
case SNDRV_EMU10K1_IOCTL_PCM_PEEK:
ipcm = kzalloc(sizeof(*ipcm), GFP_KERNEL);
if (ipcm == NULL)
return -ENOMEM;
if (copy_from_user(ipcm, argp, sizeof(*ipcm))) {
kfree(ipcm);
return -EFAULT;
}
ipcm = memdup_user(argp, sizeof(*ipcm));
if (IS_ERR(ipcm))
return PTR_ERR(ipcm);
res = snd_emu10k1_ipcm_peek(emu, ipcm);
if (res == 0 && copy_to_user(argp, ipcm, sizeof(*ipcm))) {
kfree(ipcm);
......
......@@ -349,14 +349,10 @@ static int usb_stream_hwdep_ioctl(struct snd_hwdep *hw, struct file *file,
if (cmd != SNDRV_USB_STREAM_IOCTL_SET_PARAMS)
return -ENOTTY;
cfg = kmalloc(sizeof(*cfg), GFP_KERNEL);
if (!cfg)
return -ENOMEM;
cfg = memdup_user((void *)arg, sizeof(*cfg));
if (IS_ERR(cfg))
return PTR_ERR(cfg);
if (copy_from_user(cfg, (void *)arg, sizeof(*cfg))) {
err = -EFAULT;
goto free;
}
if (cfg->version != USB_STREAM_INTERFACE_VERSION) {
err = -ENXIO;
goto free;
......
......@@ -203,13 +203,12 @@ static int snd_usX2Y_hwdep_dsp_load(struct snd_hwdep *hw,
if (access_ok(VERIFY_READ, dsp->image, dsp->length)) {
struct usb_device* dev = priv->chip.dev;
char *buf = kmalloc(dsp->length, GFP_KERNEL);
if (!buf)
return -ENOMEM;
if (copy_from_user(buf, dsp->image, dsp->length)) {
kfree(buf);
return -EFAULT;
}
char *buf;
buf = memdup_user(dsp->image, dsp->length);
if (IS_ERR(buf))
return PTR_ERR(buf);
err = usb_set_interface(dev, 0, 1);
if (err)
snd_printk(KERN_ERR "usb_set_interface error \n");
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment