Re: video_usercopy() enforces change of VideoText IOCTLs since 2.6.8

[Gerd Knorr]

> >  	/*  Copy arguments into temp kernel buffer  */
> >  	switch (_IOC_DIR(cmd)) {
> >  	case _IOC_NONE:
> > -		parg = NULL;
> > +		parg = (void*)arg;
> >  		break;
> 
> (the typecast is unneeded)
> 
> Seems that with this change we are now sometimes passing a user pointer
> into (*func)().  And we're sometimes passing a kernel pointer, yes?

Assuming that ioctls passing _pointers_ are declared correctly with _IO*
that shouldn't be the case:  _IOC_DIR(cmd) == _IOC_NONE means _IO()
means no pointer passed in.

> Are all the implementations of (*func)() handling that correctly?

Hmm, it broke for videotext, checking ...

Ok, you can drop it.  The videotext ioctls (include/videotext.h) don't
use the _IO*() macros but pass around pointers anyway, thats bad.

Michael, you'll have to fix the saa5246a driver.  video_usercopy() will
not work for you because the videotext ioctls doesn't use the _IO()
macros.  You have to do the userspace copying in the driver yourself.

  Gerd

-- 
return -ENOSIG;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/