I just fixed all verify_area() calls in the isdn4linux code to the
new copy_from_user()/copy_to_user() call method. I also included Heiko
Eissfeldt's fix for the teles driver (to work with the new memory model)
and also a short Teles Fix (memcpy_fromfs -> copy_from_user) by me.
The patch is against 2.1.5. It works for me with a Teles 16.3.
-Andi
diff -u --recursive linux.vanilla/drivers/isdn/isdn_common.c linux/drivers/isdn/isdn_common.c
--- linux.vanilla/drivers/isdn/isdn_common.c Sat Oct 19 19:03:53 1996
+++ linux/drivers/isdn/isdn_common.c Sat Oct 19 17:57:52 1996
@@ -726,6 +726,8 @@
/*
* isdn_readbchan() tries to get data from the read-queue.
* It MUST be called with interrupts off.
+ *
+ * I hope I got the EFAULT error path right -AK.
*/
int isdn_readbchan(int di, int channel, u_char * buf, u_char * fp, int len, int user)
{
@@ -736,6 +738,7 @@
int dflag;
struct sk_buff *skb;
u_char *cp;
+ int ret = 0;
if (!dev->drv[di])
return 0;
@@ -749,6 +752,7 @@
cp = buf;
count = 0;
while (left) {
+ ret = 0;
if (!(skb = skb_peek(&dev->drv[di]->rpqueue[channel])))
break;
if (skb->lock)
@@ -765,15 +769,19 @@
count_pull = count_put = 0;
while ((count_pull < skb->len) && (left-- > 0)) {
if (dev->drv[di]->DLEflag & DLEmask) {
- if (user)
- put_fs_byte(DLE,cp++);
- else
+ if (user) {
+ ret = put_user(DLE,cp);
+ cp++;
+ if (ret) break;
+ } else
*cp++ = DLE;
dev->drv[di]->DLEflag &= ~DLEmask;
} else {
- if (user)
- put_fs_byte(*p,cp++);
- else
+ if (user) {
+ ret = put_user(*p,cp);
+ if (ret) break;
+ cp++;
+ } else
*cp++ = *p;
if (*p == DLE) {
dev->drv[di]->DLEflag |= DLEmask;
@@ -794,10 +802,12 @@
dflag = 0;
}
count_put = count_pull;
+ ret = 0;
if (user)
- copy_to_user(cp, skb->data, count_put);
+ ret = copy_to_user(cp, skb->data, count_put);
else
memcpy(cp, skb->data, count_put);
+ count_put -= ret;
cp += count_put;
left -= count_put;
}
@@ -821,11 +831,11 @@
* but we pull off the data we got until now.
*/
skb_pull(skb,count_pull);
- skb->lock = 0;
+ skb->lock = 0;
}
dev->drv[di]->rcvcount[channel] -= count_put;
}
- return count;
+ return ret ? -EFAULT : count;
}
static __inline int isdn_minor2drv(int minor)
@@ -923,9 +933,10 @@
p = isdn_statstr();
file->private_data = 0;
if ((len = strlen(p)) <= count) {
- copy_to_user(buf, p, len);
+ if (copy_to_user(buf, p, len))
+ return -EFAULT;
file->f_pos += len;
- return len;
+ return len;
}
return 0;
}
@@ -1072,35 +1083,25 @@
return ret;
save_flags(flags);
cli();
- if ((ret = verify_area(VERIFY_READ, (void *) src, sizeof(int)))) {
- restore_flags(flags);
- return ret;
- }
- copy_from_user((char *) &i, src, sizeof(int));
- src += sizeof(int);
+ ret = get_user(i, src);
+ if (ret)
+ goto out;
+ src += sizeof(int);
while (i) {
char *c;
char *c2;
- if ((ret = verify_area(VERIFY_READ, (void *) src, sizeof(cfg)))) {
- restore_flags(flags);
- return ret;
- }
- copy_from_user((char *) &cfg, src, sizeof(cfg));
+ if(copy_from_user((char *) &cfg, src, sizeof(cfg)))
+ goto fault;
src += sizeof(cfg);
if (!isdn_net_new(cfg.name, NULL)) {
restore_flags(flags);
return -EIO;
}
- if ((ret = isdn_net_setcfg(&cfg))) {
- restore_flags(flags);
- return ret;
- }
- if ((ret = verify_area(VERIFY_READ, (void *) src, sizeof(buf)))) {
- restore_flags(flags);
- return ret;
- }
- copy_from_user(buf, src, sizeof(buf));
+ if ((ret = isdn_net_setcfg(&cfg)))
+ goto out;
+ if(copy_from_user(buf, src, sizeof(buf)))
+ goto fault;
src += sizeof(buf);
c = buf;
while (*c) {
@@ -1109,20 +1110,15 @@
strcpy(phone.phone, c);
strcpy(phone.name, cfg.name);
phone.outgoing = 0;
- if ((ret = isdn_net_addphone(&phone))) {
- restore_flags(flags);
- return ret;
- }
+ if ((ret = isdn_net_addphone(&phone)))
+ goto fault;
if (c2)
c = c2;
else
c += strlen(c);
}
- if ((ret = verify_area(VERIFY_READ, (void *) src, sizeof(buf)))) {
- restore_flags(flags);
- return ret;
- }
- copy_from_user(buf, src, sizeof(buf));
+ if(copy_from_user(buf, src, sizeof(buf)))
+ goto fault;
src += sizeof(buf);
c = buf;
while (*c) {
@@ -1131,10 +1127,8 @@
strcpy(phone.phone, c);
strcpy(phone.name, cfg.name);
phone.outgoing = 1;
- if ((ret = isdn_net_addphone(&phone))) {
- restore_flags(flags);
- return ret;
- }
+ if ((ret = isdn_net_addphone(&phone)))
+ goto out;
if (c2)
c = c2;
else
@@ -1142,8 +1136,12 @@
}
i--;
}
+out:
restore_flags(flags);
- return 0;
+ return ret;
+fault:
+ restore_flags(flags);
+ return -EFAULT;
}
static int isdn_get_allcfg(char *dest)
@@ -1152,17 +1150,13 @@
isdn_net_ioctl_phone phone;
isdn_net_dev *p;
ulong flags;
- int ret;
+ int ret = 0;
/* Walk through netdev-chain */
save_flags(flags);
cli();
p = dev->netdev;
while (p) {
- if ((ret = verify_area(VERIFY_WRITE, (void *) dest, sizeof(cfg) + 10))) {
- restore_flags(flags);
- return ret;
- }
strcpy(cfg.eaz, p->local.msn);
cfg.exclusive = p->local.exclusive;
if (p->local.pre_device >= 0) {
@@ -1179,28 +1173,29 @@
cfg.callback = (p->local.flags & ISDN_NET_CALLBACK) ? 1 : 0;
cfg.chargehup = (p->local.hupflags & 4) ? 1 : 0;
cfg.ihup = (p->local.hupflags & 8) ? 1 : 0;
- copy_to_user(dest, p->local.name, 10);
+ ret = 0;
+ ret += copy_to_user(dest, p->local.name, 10);
dest += 10;
- copy_to_user(dest, (char *) &cfg, sizeof(cfg));
+ ret += copy_to_user(dest, (char *) &cfg, sizeof(cfg));
dest += sizeof(cfg);
strcpy(phone.name, p->local.name);
phone.outgoing = 0;
- if ((ret = isdn_net_getphones(&phone, dest)) < 0) {
- restore_flags(flags);
- return ret;
- } else
+ if (ret)
+ break;
+ if ((ret = isdn_net_getphones(&phone, dest)) < 0)
+ break;
+ else
dest += ret;
strcpy(phone.name, p->local.name);
phone.outgoing = 1;
- if ((ret = isdn_net_getphones(&phone, dest)) < 0) {
- restore_flags(flags);
- return ret;
- } else
+ if ((ret = isdn_net_getphones(&phone, dest)) < 0)
+ break;
+ else
dest += ret;
p = p->next;
}
restore_flags(flags);
- return 0;
+ return ret;
}
static int isdn_ioctl(struct inode *inode, struct file *file, uint cmd, ulong arg)
@@ -1209,7 +1204,7 @@
isdn_ctrl c;
int drvidx;
int chidx;
- int ret;
+ int ret = 0;
char *s;
char name[10];
char bname[21];
@@ -1227,14 +1222,15 @@
if (arg) {
ulong *p = (ulong *)arg;
int i;
- if ((ret = verify_area(VERIFY_WRITE, (void *) arg,
- sizeof(ulong)*ISDN_MAX_CHANNELS*2)))
- return ret;
for (i = 0;i<ISDN_MAX_CHANNELS;i++) {
- put_fs_long(dev->ibytes[i],p++);
- put_fs_long(dev->obytes[i],p++);
+ ret = put_user(dev->ibytes[i],p);
+ if (ret) break;
+ p++;
+ ret = put_user(dev->obytes[i],p);
+ p++;
+ if (ret) break;
}
- return 0;
+ return ret;
} else
return -EINVAL;
break;
@@ -1259,62 +1255,48 @@
case IIOCNETAIF:
/* Add a network-interface */
if (arg) {
- if ((ret = verify_area(VERIFY_READ, (void *) arg, sizeof(name))))
- return ret;
- copy_from_user(name, (char *) arg, sizeof(name));
+ if(copy_from_user(name, (char *) arg, sizeof(name)))
+ return -EFAULT;
s = name;
} else
s = NULL;
if ((s = isdn_net_new(s, NULL))) {
- if ((ret = verify_area(VERIFY_WRITE, (void *) arg, strlen(s) + 1)))
- return ret;
- copy_to_user((char *) arg, s, strlen(s) + 1);
- return 0;
+ return copy_to_user((char *) arg, s, strlen(s) + 1) ? -EFAULT : ret;
} else
return -ENODEV;
case IIOCNETASL:
/* Add a slave to a network-interface */
if (arg) {
- if ((ret = verify_area(VERIFY_READ, (void *) arg, sizeof(bname))))
- return ret;
- copy_from_user(bname, (char *) arg, sizeof(bname));
+ if(copy_from_user(bname, (char *) arg, sizeof(bname)))
+ return -EFAULT;
} else
return -EINVAL;
if ((s = isdn_net_newslave(bname))) {
- if ((ret = verify_area(VERIFY_WRITE, (void *) arg, strlen(s) + 1)))
- return ret;
- copy_to_user((char *) arg, s, strlen(s) + 1);
- return 0;
+ return copy_to_user((char *) arg, s, strlen(s) + 1) ? -EFAULT : 0;
} else
return -ENODEV;
case IIOCNETDIF:
/* Delete a network-interface */
if (arg) {
- if ((ret = verify_area(VERIFY_READ, (void *) arg, sizeof(name))))
- return ret;
- copy_from_user(name, (char *) arg, sizeof(name));
- return isdn_net_rm(name);
+ ret = copy_from_user(name, (char *) arg, sizeof(name));
+ return ret ? -EFAULT : isdn_net_rm(name);
} else
return -EINVAL;
case IIOCNETSCF:
/* Set configurable parameters of a network-interface */
if (arg) {
- if ((ret = verify_area(VERIFY_READ, (void *) arg, sizeof(cfg))))
- return ret;
- copy_from_user((char *) &cfg, (char *) arg, sizeof(cfg));
- return isdn_net_setcfg(&cfg);
+ ret = copy_from_user((char *) &cfg, (char *) arg, sizeof(cfg));
+ return ret ? -EFAULT : isdn_net_setcfg(&cfg);
} else
return -EINVAL;
case IIOCNETGCF:
/* Get configurable parameters of a network-interface */
- if (arg) {
- if ((ret = verify_area(VERIFY_READ, (void *) arg, sizeof(cfg))))
- return ret;
- copy_from_user((char *) &cfg, (char *) arg, sizeof(cfg));
+ if (arg) {
+ if(copy_from_user((char *) &cfg, (char *) arg, sizeof(cfg)))
+ return -EFAULT;
if (!(ret = isdn_net_getcfg(&cfg))) {
- if ((ret = verify_area(VERIFY_WRITE, (void *) arg, sizeof(cfg))))
- return ret;
- copy_to_user((char *) arg, (char *) &cfg, sizeof(cfg));
+ if(copy_to_user((char *) arg, (char *) &cfg, sizeof(cfg)))
+ return -EFAULT;
}
return ret;
} else
@@ -1322,68 +1304,51 @@
case IIOCNETANM:
/* Add a phone-number to a network-interface */
if (arg) {
- if ((ret = verify_area(VERIFY_READ, (void *) arg, sizeof(phone))))
- return ret;
- copy_from_user((char *) &phone, (char *) arg, sizeof(phone));
- return isdn_net_addphone(&phone);
+ ret = copy_from_user((char *) &phone, (char *) arg, sizeof(phone));
+ return ret ? -EFAULT : isdn_net_addphone(&phone);
} else
return -EINVAL;
case IIOCNETGNM:
/* Get list of phone-numbers of a network-interface */
if (arg) {
- if ((ret = verify_area(VERIFY_READ, (void *) arg, sizeof(phone))))
- return ret;
- copy_from_user((char *) &phone, (char *) arg, sizeof(phone));
- return isdn_net_getphones(&phone, (char *) arg);
+ ret = copy_from_user((char *) &phone, (char *) arg, sizeof(phone));
+ return ret ? -EFAULT : isdn_net_getphones(&phone, (char *) arg);
} else
return -EINVAL;
case IIOCNETDNM:
/* Delete a phone-number of a network-interface */
if (arg) {
- if ((ret = verify_area(VERIFY_READ, (void *) arg, sizeof(phone))))
- return ret;
- copy_from_user((char *) &phone, (char *) arg, sizeof(phone));
- return isdn_net_delphone(&phone);
+ ret = copy_from_user((char *) &phone, (char *) arg, sizeof(phone));
+ return ret ? -EFAULT : isdn_net_delphone(&phone);
} else
return -EINVAL;
case IIOCNETDIL:
/* Force dialing of a network-interface */
if (arg) {
- if ((ret = verify_area(VERIFY_READ, (void *) arg, sizeof(name))))
- return ret;
- copy_from_user(name, (char *) arg, sizeof(name));
- return isdn_net_force_dial(name);
+ ret = copy_from_user(name, (char *) arg, sizeof(name));
+ return ret ? -EFAULT : isdn_net_force_dial(name);
} else
return -EINVAL;
#ifdef CONFIG_ISDN_PPP
case IIOCNETALN:
- if(arg) {
- if ((ret = verify_area(VERIFY_READ,
- (void*)arg,
- sizeof(name))))
- return ret;
- } else
- return -EINVAL;
- copy_from_user(name,(char*)arg,sizeof(name));
- return isdn_ppp_dial_slave(name);
+ if (arg)
+ ret = copy_from_user(name,(char*)arg,sizeof(name));
+ else
+ return -EINVAL;
+ return ret ? -EFAULT : isdn_ppp_dial_slave(name);
case IIOCNETDLN:
+
if(arg) {
- if ((ret = verify_area(VERIFY_READ,
- (void*)arg,
- sizeof(name))))
- return ret;
+ ret = copy_from_user(name,(char*)arg,sizeof(name));
} else
return -EINVAL;
- copy_from_user(name,(char*)arg,sizeof(name));
- return isdn_ppp_hangup_slave(name);
+ return ret ? -EFAULT : isdn_ppp_hangup_slave(name);
#endif
case IIOCNETHUP:
/* Force hangup of a network-interface */
if (arg) {
- if ((ret = verify_area(VERIFY_READ, (void *) arg, sizeof(name))))
- return ret;
- copy_from_user(name, (char *) arg, sizeof(name));
- return isdn_net_force_hangup(name);
+ ret = copy_from_user(name, (char *) arg, sizeof(name));
+ return ret ? -EFAULT : isdn_net_force_hangup(name);
} else
return -EINVAL;
break;
@@ -1405,12 +1370,10 @@
if (arg) {
int i;
char *p;
- if ((ret = verify_area(VERIFY_READ, (void *) arg,
- sizeof(isdn_ioctl_struct))))
- return ret;
- copy_from_user((char *) &iocts, (char *) arg,
- sizeof(isdn_ioctl_struct));
- if (strlen(iocts.drvid)) {
+ if(copy_from_user((char *) &iocts, (char *) arg,
+ sizeof(isdn_ioctl_struct)))
+ return -EFAULT;
+ if (strlen(iocts.drvid)) {
if ((p = strchr(iocts.drvid, ',')))
*p = 0;
drvidx = -1;
@@ -1450,17 +1413,14 @@
if (arg) {
char *p = (char *) arg;
int i;
-
- if ((ret = verify_area(VERIFY_WRITE, (void *) arg,
- (ISDN_MODEM_ANZREG + ISDN_MSNLEN)
- * ISDN_MAX_CHANNELS)))
- return ret;
-
+
for (i = 0; i < ISDN_MAX_CHANNELS; i++) {
- copy_to_user(p, dev->mdm.info[i].emu.profile,
- ISDN_MODEM_ANZREG);
+ if(copy_to_user(p, dev->mdm.info[i].emu.profile,
+ ISDN_MODEM_ANZREG))
+ return -EFAULT;
p += ISDN_MODEM_ANZREG;
- copy_to_user(p, dev->mdm.info[i].emu.pmsn, ISDN_MSNLEN);
+ if(copy_to_user(p, dev->mdm.info[i].emu.pmsn, ISDN_MSNLEN))
+ return -EFAULT;
p += ISDN_MSNLEN;
}
return (ISDN_MODEM_ANZREG + ISDN_MSNLEN) * ISDN_MAX_CHANNELS;
@@ -1473,17 +1433,14 @@
char *p = (char *) arg;
int i;
- if ((ret = verify_area(VERIFY_READ, (void *) arg,
- (ISDN_MODEM_ANZREG + ISDN_MSNLEN)
- * ISDN_MAX_CHANNELS)))
- return ret;
-
for (i = 0; i < ISDN_MAX_CHANNELS; i++) {
- copy_from_user(dev->mdm.info[i].emu.profile, p,
- ISDN_MODEM_ANZREG);
- p += ISDN_MODEM_ANZREG;
- copy_from_user(dev->mdm.info[i].emu.pmsn, p, ISDN_MSNLEN);
- p += ISDN_MSNLEN;
+ if(copy_from_user(dev->mdm.info[i].emu.profile, p,
+ ISDN_MODEM_ANZREG))
+ return -EFAULT;
+ p += ISDN_MODEM_ANZREG;
+ if(copy_from_user(dev->mdm.info[i].emu.pmsn, p, ISDN_MSNLEN))
+ return -EFAULT;
+ p += ISDN_MSNLEN;
}
return 0;
} else
@@ -1497,11 +1454,10 @@
char *p;
char nstring[255];
- if ((ret = verify_area(VERIFY_READ, (void *) arg,
- sizeof(isdn_ioctl_struct))))
- return ret;
- copy_from_user((char *) &iocts, (char *) arg, sizeof(isdn_ioctl_struct));
- if (strlen(iocts.drvid)) {
+ ret = copy_from_user((char *) &iocts, (char *) arg, sizeof(isdn_ioctl_struct));
+
+ if (ret) return -EFAULT;
+ if (strlen(iocts.drvid)) {
drvidx = -1;
for (i = 0; i < ISDN_MAX_DRIVERS; i++)
if (!(strcmp(dev->drvid[i], iocts.drvid))) {
@@ -1513,9 +1469,8 @@
if (drvidx == -1)
return -ENODEV;
if (cmd == IIOCSETMAP) {
- if ((ret = verify_area(VERIFY_READ, (void *) iocts.arg, 255)))
- return ret;
- copy_from_user(nstring, (char *) iocts.arg, 255);
+ ret = copy_from_user(nstring, (char *) iocts.arg, 255);
+ if (ret) return -EFAULT;
memset(dev->drv[drvidx]->msn2eaz, 0,
sizeof(dev->drv[drvidx]->msn2eaz));
p = strtok(nstring, ",");
@@ -1531,21 +1486,16 @@
strlen(dev->drv[drvidx]->msn2eaz[i]) ?
dev->drv[drvidx]->msn2eaz[i] : "-",
(i < 9) ? "," : "\0");
- if ((ret = verify_area(VERIFY_WRITE, (void *) iocts.arg,
- strlen(nstring) + 1)))
- return ret;
- copy_to_user((char *) iocts.arg, nstring, strlen(nstring) + 1);
- }
+ if(copy_to_user((char *) iocts.arg, nstring, strlen(nstring) + 1))
+ return -EFAULT;
+ }
return 0;
} else
return -EINVAL;
case IIOCDBGVAR:
if (arg) {
- if ((ret = verify_area(VERIFY_WRITE, (void *) arg, sizeof(ulong))))
- return ret;
- copy_to_user((char *) arg, (char *) &dev, sizeof(ulong));
- return 0;
- } else
+ return copy_to_user((char *) arg, (char *) &dev, sizeof(ulong)) ? -EFAULT : 0;
+ } else
return -EINVAL;
break;
default:
@@ -1556,10 +1506,10 @@
if (arg) {
int i;
char *p;
- if ((ret = verify_area(VERIFY_READ, (void *) arg,
- sizeof(isdn_ioctl_struct))))
- return ret;
- copy_from_user((char *) &iocts, (char *) arg, sizeof(isdn_ioctl_struct));
+
+ ret = copy_from_user((char *) &iocts, (char *) arg, sizeof(isdn_ioctl_struct));
+ if (ret)
+ return -EFAULT;
if (strlen(iocts.drvid)) {
if ((p = strchr(iocts.drvid, ',')))
*p = 0;
@@ -1573,17 +1523,13 @@
drvidx = 0;
if (drvidx == -1)
return -ENODEV;
- if ((ret = verify_area(VERIFY_WRITE, (void *) arg,
- sizeof(isdn_ioctl_struct))))
- return ret;
c.driver = drvidx;
c.command = ISDN_CMD_IOCTL;
c.arg = cmd;
memcpy(c.num, (char *) &iocts.arg, sizeof(ulong));
ret = dev->drv[drvidx]->interface->command(&c);
memcpy((char *) &iocts.arg, c.num, sizeof(ulong));
- copy_to_user((char *) arg, &iocts, sizeof(isdn_ioctl_struct));
- return ret;
+ return copy_to_user((char *) arg, &iocts, sizeof(isdn_ioctl_struct)) ? -EFAULT : 0;
} else
return -EINVAL;
}
@@ -1890,9 +1836,12 @@
skb_reserve(skb, dev->drv[drvidx]->interface->hl_hdrlen);
skb->free = 1;
- if (user)
- copy_from_user(skb_put(skb, len), buf, len);
- else
+ if (user) {
+ if(copy_from_user(skb_put(skb, len), buf, len)) {
+ kfree_skb(skb,FREE_WRITE);
+ return -EFAULT;
+ }
+ } else
memcpy(skb_put(skb, len), buf, len);
ret = dev->drv[drvidx]->interface->writebuf_skb(drvidx,
diff -u --recursive linux.vanilla/drivers/isdn/isdn_net.c linux/drivers/isdn/isdn_net.c
--- linux.vanilla/drivers/isdn/isdn_net.c Sat Oct 19 19:03:53 1996
+++ linux/drivers/isdn/isdn_net.c Sat Oct 19 18:06:50 1996
@@ -170,14 +170,14 @@
p->start = 1;
p = (((isdn_net_local *) p->priv)->slave);
}
- }
+ }
- isdn_MOD_INC_USE_COUNT();
- return 0;
-}
+ isdn_MOD_INC_USE_COUNT();
+ return 0;
+}
-/*
- * Assign an ISDN-channel to a net-interface
+/*
+ Assign an ISDN-channel to a net-interface
*/
static void
isdn_net_bind_channel(isdn_net_local * lp, int idx)
@@ -2179,7 +2179,7 @@
int count = 0;
isdn_net_phone *n;
int flags;
- int ret;
+ int ret = 0;
if (!p)
return -ENODEV;
@@ -2188,22 +2188,22 @@
inout &= 1;
for (n = p->local.phone[inout]; n; n = n->next) {
if (more) {
- put_fs_byte(' ', phones++);
+ ret = put_user(((char)' '), phones);
+ phones++;
count++;
}
- if ((ret = verify_area(VERIFY_WRITE, (void *) phones, strlen(n->num) + 1))) {
+ if (ret || copy_to_user(phones, n->num, strlen(n->num) + 1)) {
restore_flags(flags);
- return ret;
+ return -EFAULT;
}
- copy_to_user(phones, n->num, strlen(n->num) + 1);
phones += strlen(n->num);
count += strlen(n->num);
more = 1;
}
- put_fs_byte(0,phones);
- count++;
+ ret = put_user(((char)0),phones);
+ count++;
restore_flags(flags);
- return count;
+ return ret ? -EFAULT : count;
}
/*
diff -u --recursive linux.vanilla/drivers/isdn/isdn_ppp.c linux/drivers/isdn/isdn_ppp.c
--- linux.vanilla/drivers/isdn/isdn_ppp.c Sat Oct 19 19:03:53 1996
+++ linux/drivers/isdn/isdn_ppp.c Sat Oct 19 18:14:02 1996
@@ -345,15 +345,15 @@
is->state = 0;
}
+#if 0 /* get_user() / put_user() in 2.1 replace them 1:1 */
/*
* get_arg .. ioctl helper
*/
static int get_arg(void *b, unsigned long *val)
{
int r;
- if ((r = verify_area(VERIFY_READ, (void *) b, sizeof(unsigned long))))
- return r;
- copy_from_user((void *) val, b, sizeof(unsigned long));
+ if (copy_from_user((void *) val, b, sizeof(unsigned long)))
+ return -EFAULT;
return 0;
}
@@ -368,6 +368,7 @@
copy_to_user(b, (void *) &val, sizeof(unsigned long));
return 0;
}
+#endif
/*
* ippp device ioctl
@@ -377,6 +378,7 @@
unsigned long val;
int r;
struct ippp_struct *is;
+ unsigned long *argp = (unsigned long*)arg;
is = file->private_data;
@@ -389,7 +391,7 @@
switch (cmd) {
case PPPIOCBUNDLE:
#ifdef CONFIG_ISDN_MPP
- if ((r = get_arg((void *) arg, &val)))
+ if ((r = get_user(val, arg)))
return r;
printk(KERN_DEBUG "iPPP-bundle: minor: %d, slave unit: %d, master unit: %d\n",
(int) min, (int) is->unit, (int) val);
@@ -399,24 +401,24 @@
#endif
break;
case PPPIOCGUNIT: /* get ppp/isdn unit number */
- if ((r = set_arg((void *) arg, is->unit)))
+ if ((r = put_user(is->unit, argp)))
return r;
break;
case PPPIOCGMPFLAGS: /* get configuration flags */
- if ((r = set_arg((void *) arg, is->mpppcfg)))
+ if ((r = put_user(is->mpppcfg, argp)))
return r;
break;
case PPPIOCSMPFLAGS: /* set configuration flags */
- if ((r = get_arg((void *) arg, &val)))
+ if ((r = get_user(val, argp)))
return r;
is->mpppcfg = val;
break;
case PPPIOCGFLAGS: /* get configuration flags */
- if ((r = set_arg((void *) arg, is->pppcfg)))
+ if ((r = put_user(is->pppcfg ,argp)))
return r;
break;
case PPPIOCSFLAGS: /* set configuration flags */
- if ((r = get_arg((void *) arg, &val))) {
+ if ((r = get_user(val, argp))) {
return r;
}
if (val & SC_ENABLE_IP && !(is->pppcfg & SC_ENABLE_IP)) {
@@ -433,7 +435,7 @@
break;
#endif
case PPPIOCSMRU: /* set receive unit size for PPP */
- if ((r = get_arg((void *) arg, &val)))
+ if ((r = get_user(val, argp)))
return r;
is->mru = val;
break;
@@ -442,7 +444,7 @@
case PPPIOCSMPMTU:
break;
case PPPIOCSMAXCID: /* set the maximum compression slot id */
- if ((r = get_arg((void *) arg, &val)))
+ if ((r = get_user(val, argp)))
return r;
val++;
if(is->maxcid != val) {
@@ -465,11 +467,11 @@
}
break;
case PPPIOCGDEBUG:
- if ((r = set_arg((void *) arg, is->debug)))
+ if ((r = put_user(is->debug, argp)))
return r;
break;
case PPPIOCSDEBUG:
- if ((r = get_arg((void *) arg, &val)))
+ if ((r = get_user(val, argp)))
return r;
is->debug = val;
break;
@@ -594,9 +596,6 @@
if (!(is->state & IPPP_OPEN))
return 0;
- if ((r = verify_area(VERIFY_WRITE, (void *) buf, count)))
- return r;
-
save_flags(flags);
cli();
@@ -607,7 +606,8 @@
}
if (b->len < count)
count = b->len;
- copy_to_user(buf, b->buf, count);
+ if (copy_to_user(buf, b->buf, count))
+ count = -EFAULT; /* ugly */
kfree(b->buf);
b->buf = NULL;
is->first = b;
@@ -1447,11 +1447,7 @@
isdn_net_local *lp = (isdn_net_local *) dev->priv;
int err;
- res = (struct ppp_stats *) ifr->ifr_ifru.ifru_data;
- err = verify_area (VERIFY_WRITE, res,sizeof(struct ppp_stats));
-
- if(err)
- return err;
+ res = (struct ppp_stats *) ifr->ifr_ifru.ifru_data;
/* build a temporary stat struct and copy it to user space */
@@ -1475,9 +1471,7 @@
}
#endif
}
- copy_to_user (res, &t, sizeof (struct ppp_stats));
- return 0;
-
+ return copy_to_user (res, &t, sizeof (struct ppp_stats)) ? -EFAULT : 0;
}
int isdn_ppp_dev_ioctl(struct device *dev, struct ifreq *ifr, int cmd)
@@ -1498,9 +1492,8 @@
case SIOCGPPPVER:
r = (char *) ifr->ifr_ifru.ifru_data;
len = strlen(PPP_VERSION) + 1;
- error = verify_area(VERIFY_WRITE, r, len);
- if (!error)
- copy_to_user(r, PPP_VERSION, len);
+ if (copy_to_user(r, PPP_VERSION, len))
+ error = -EFAULT;
break;
case SIOCGPPPSTATS:
error = isdn_ppp_dev_ioctl_stats (lp->ppp_slot, ifr, dev);
diff -u --recursive linux.vanilla/drivers/isdn/isdn_tty.c linux/drivers/isdn/isdn_tty.c
--- linux.vanilla/drivers/isdn/isdn_tty.c Sat Oct 19 19:03:54 1996
+++ linux/drivers/isdn/isdn_tty.c Sat Oct 19 16:17:59 1996
@@ -1013,8 +1013,7 @@
status = info->lsr;
restore_flags(flags);
result = ((status & UART_LSR_TEMT) ? TIOCSER_TEMT : 0);
- put_user(result, (ulong *) value);
- return 0;
+ return put_user(result, (ulong *) value);
}
@@ -1035,14 +1034,18 @@
| ((status & UART_MSR_RI) ? TIOCM_RNG : 0)
| ((status & UART_MSR_DSR) ? TIOCM_DSR : 0)
| ((status & UART_MSR_CTS) ? TIOCM_CTS : 0);
- put_user(result, (ulong *) value);
- return 0;
+ return put_user(result, (ulong *) value);
}
static int isdn_tty_set_modem_info(modem_info * info, uint cmd, uint * value)
{
- uint arg = get_user((uint *) value);
- int pre_dtr;
+ uint arg;
+ int pre_dtr;
+ int error;
+
+ error = get_user(arg, ((uint *) value));
+ if (error)
+ return error;
switch (cmd) {
case TIOCMBIS:
@@ -1140,19 +1143,17 @@
#ifdef ISDN_DEBUG_MODEM_IOCTL
printk(KERN_DEBUG "ttyI%d ioctl TIOCGSOFTCAR\n", info->line);
#endif
- error = verify_area(VERIFY_WRITE, (void *) arg, sizeof(long));
- if (error)
- return error;
- put_user(C_CLOCAL(tty) ? 1 : 0, (ulong *) arg);
+ error = put_user(C_CLOCAL(tty) ? 1 : 0, (ulong *) arg);
+ if (error)
+ return error;
return 0;
case TIOCSSOFTCAR:
#ifdef ISDN_DEBUG_MODEM_IOCTL
printk(KERN_DEBUG "ttyI%d ioctl TIOCSSOFTCAR\n", info->line);
#endif
- error = verify_area(VERIFY_READ, (void *) arg, sizeof(long));
- if (error)
- return error;
- arg = get_user((ulong *) arg);
+ error = get_user(arg ,((ulong *) arg));
+ if (error)
+ return error;
tty->termios->c_cflag =
((tty->termios->c_cflag & ~CLOCAL) |
(arg ? CLOCAL : 0));
@@ -1161,26 +1162,16 @@
#ifdef ISDN_DEBUG_MODEM_IOCTL
printk(KERN_DEBUG "ttyI%d ioctl TIOCMGET\n", info->line);
#endif
- error = verify_area(VERIFY_WRITE, (void *) arg, sizeof(uint));
- if (error)
- return error;
return isdn_tty_get_modem_info(info, (uint *) arg);
case TIOCMBIS:
case TIOCMBIC:
case TIOCMSET:
- error = verify_area(VERIFY_READ, (void *) arg, sizeof(uint));
- if (error)
- return error;
return isdn_tty_set_modem_info(info, cmd, (uint *) arg);
case TIOCSERGETLSR: /* Get line status register */
#ifdef ISDN_DEBUG_MODEM_IOCTL
printk(KERN_DEBUG "ttyI%d ioctl TIOCSERGETLSR\n", info->line);
#endif
- error = verify_area(VERIFY_WRITE, (void *) arg, sizeof(uint));
- if (error)
- return error;
- else
- return isdn_tty_get_lsr_info(info, (uint *) arg);
+ return isdn_tty_get_lsr_info(info, (uint *) arg);
default:
#ifdef ISDN_DEBUG_MODEM_IOCTL
@@ -2670,7 +2661,7 @@
for (cnt = count; cnt > 0; p++, cnt--) {
if (user)
- c = get_user(p);
+ get_user(c, p);
else
c = *p;
total++;
Only in linux/drivers/isdn/pcbit: .depend
Only in linux/drivers/isdn/teles: .depend
diff -u --recursive linux.vanilla/drivers/isdn/teles/callc.c linux/drivers/isdn/teles/callc.c
--- linux.vanilla/drivers/isdn/teles/callc.c Sat Jun 29 19:36:23 1996
+++ linux/drivers/isdn/teles/callc.c Sat Oct 19 18:48:12 1996
@@ -1450,9 +1450,10 @@
ptr += i;
- if (user)
- memcpy_fromfs(ptr, buf, count);
- else
+ if (user) {
+ if (copy_from_user(ptr, buf, count))
+ return -EFAULT;
+ } else
memcpy(ptr, buf, count);
ibh->datasize = count + i;
diff -u --recursive linux.vanilla/drivers/isdn/teles/card.c linux/drivers/isdn/teles/card.c
--- linux.vanilla/drivers/isdn/teles/card.c Sat Aug 31 18:01:49 1996
+++ linux/drivers/isdn/teles/card.c Sat Oct 19 18:15:07 1996
@@ -1093,17 +1093,17 @@
struct IsdnCard *card = cards + cardnr;
if (card->membase)
- if ((unsigned long)card->membase < 0x10000) {
+ if (card->membase < (byte *) bus_to_virt(0x10000)) {
(unsigned long)card->membase <<= 4;
printk(KERN_INFO
"Teles membase configured DOSish, assuming 0x%lx\n",
- (unsigned long)card->membase);
+ (unsigned long)virt_to_bus(card->membase));
}
if (!card->iobase) {
if (card->membase) {
printk(KERN_NOTICE
"Teles 8 assumed, mem: %lx irq: %d proto: %s\n",
- (long) card->membase, card->interrupt,
+ (long) virt_to_bus(card->membase), card->interrupt,
(card->protocol == ISDN_PTYPE_1TR6) ?
"1TR6" : "EDSS1");
printk(KERN_INFO "HSCX version A:%x B:%x\n",
@@ -1186,7 +1186,7 @@
break;
}
if (card->membase) {
- cfval |= (((unsigned int) card->membase >> 9) & 0xF0);
+ cfval |= (((unsigned int) virt_to_bus(card->membase) >> 9) & 0xF0);
}
if (bytein(card->iobase + 0) != 0x51) {
printk(KERN_INFO "XXX Byte at %x is %x\n",
@@ -1233,7 +1233,7 @@
if (card->membase)
printk(KERN_NOTICE
"Teles 16.0 found, io: %x mem: %lx irq: %d proto: %s\n",
- card->iobase, (long) card->membase,
+ card->iobase, (long) virt_to_bus(card->membase),
card->interrupt,
(card->protocol == ISDN_PTYPE_1TR6) ?
"1TR6" : "EDSS1");
Only in linux/drivers/isdn/teles: card.c.orig
diff -u --recursive linux.vanilla/drivers/isdn/teles/config.c linux/drivers/isdn/teles/config.c
--- linux.vanilla/drivers/isdn/teles/config.c Sun Apr 21 10:56:15 1996
+++ linux/drivers/isdn/teles/config.c Sat Oct 19 18:15:07 1996
@@ -29,7 +29,7 @@
struct IsdnCard cards[] =
{
- {(byte *) 0xd0000, 15, 0xd80, ISDN_PTYPE_EURO, NULL}, /* example */
+ {(byte *) __va(0xd0000), 15, 0xd80, ISDN_PTYPE_EURO, NULL}, /* example */
{NULL, 0, 0, 0, NULL},
{NULL, 0, 0, 0, NULL},
{NULL, 0, 0, 0, NULL},
Only in linux/drivers/isdn/teles: config.c.orig
diff -u --recursive linux.vanilla/drivers/isdn/teles/llglue.c linux/drivers/isdn/teles/llglue.c
--- linux.vanilla/drivers/isdn/teles/llglue.c Fri Jun 7 15:02:42 1996
+++ linux/drivers/isdn/teles/llglue.c Sat Oct 19 18:18:43 1996
@@ -46,9 +46,10 @@
byte *p;
for (p = buf, count = 0; count < len; p++, count++) {
- if (user)
- put_fs_byte(*teles_status_read++, p);
- else
+ if (user) {
+ put_user(*teles_status_read, p);
+ teles_status_read++;
+ } else
*p++ = *teles_status_read++;
if (teles_status_read > teles_status_end)
teles_status_read = teles_status_buf;
diff -u --recursive linux.vanilla/drivers/isdn/teles/mod.c linux/drivers/isdn/teles/mod.c
--- linux.vanilla/drivers/isdn/teles/mod.c Sun Apr 21 10:56:15 1996
+++ linux/drivers/isdn/teles/mod.c Sat Oct 19 18:15:07 1996
@@ -73,7 +73,7 @@
j++; argc--;
}
if (argc) {
- io[i].membase = (byte *)ints[j];
+ io[i].membase = (byte *) bus_to_virt(ints[j]);
j++; argc--;
}
if (argc) {
Only in linux/drivers/isdn/teles: mod.c.orig
-- |andi@mlm.extern.lrz-muenchen.de Nonsense is better than no sense at all. | -NoMeansNo,0-1=2