From: Ian Abbott <abbotti@mev.co.uk>
To: <driverdev-devel@linuxdriverproject.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Ian Abbott <abbotti@mev.co.uk>,
H Hartley Sweeten <hartleys@visionengravers.com>,
<linux-kernel@vger.kernel.org>, <stable@vger.kernel.org>
Subject: [PATCH v2 1/6] staging: comedi: comedi_compat32.c: fix COMEDI_CMD copy back
Date: Tue, 27 Jan 2015 18:16:51 +0000 [thread overview]
Message-ID: <1422382616-6884-2-git-send-email-abbotti@mev.co.uk> (raw)
In-Reply-To: <1422382616-6884-1-git-send-email-abbotti@mev.co.uk>
`do_cmd_ioctl()` in "comedi_fops.c" handles the `COMEDI_CMD` ioctl.
This returns `-EAGAIN` if it has copied a modified `struct comedi_cmd`
back to user-space. (This occurs when the low-level Comedi driver's
`do_cmdtest()` handler returns non-zero to indicate a problem with the
contents of the `struct comedi_cmd`, or when the `struct comedi_cmd` has
the `CMDF_BOGUS` flag set.)
`compat_cmd()` in "comedi_compat32.c" handles the 32-bit compatible
version of the `COMEDI_CMD` ioctl. Currently, it never copies a 32-bit
compatible version of `struct comedi_cmd` back to user-space, which is
at odds with the way the regular `COMEDI_CMD` ioctl is handled. To fix
it, change `compat_cmd()` to copy a 32-bit compatible version of the
`struct comedi_cmd` back to user-space when the main ioctl handler
returns `-EAGAIN`.
Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Cc: <stable@vger.kernel.org>
---
v2: keep existing type of `rc` variable - don't change it to `long`.
---
drivers/staging/comedi/comedi_compat32.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/comedi/comedi_compat32.c b/drivers/staging/comedi/comedi_compat32.c
index 5a4c74f..03a2d07 100644
--- a/drivers/staging/comedi/comedi_compat32.c
+++ b/drivers/staging/comedi/comedi_compat32.c
@@ -262,7 +262,7 @@ static int compat_cmd(struct file *file, unsigned long arg)
{
struct comedi_cmd __user *cmd;
struct comedi32_cmd_struct __user *cmd32;
- int rc;
+ int rc, err;
cmd32 = compat_ptr(arg);
cmd = compat_alloc_user_space(sizeof(*cmd));
@@ -271,7 +271,15 @@ static int compat_cmd(struct file *file, unsigned long arg)
if (rc)
return rc;
- return translated_ioctl(file, COMEDI_CMD, (unsigned long)cmd);
+ rc = translated_ioctl(file, COMEDI_CMD, (unsigned long)cmd);
+ if (rc == -EAGAIN) {
+ /* Special case: copy cmd back to user. */
+ err = put_compat_cmd(cmd32, cmd);
+ if (err)
+ rc = err;
+ }
+
+ return rc;
}
/* Handle 32-bit COMEDI_CMDTEST ioctl. */
--
2.1.4
WARNING: multiple messages have this Message-ID (diff)
From: Ian Abbott <abbotti@mev.co.uk>
To: driverdev-devel@linuxdriverproject.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Ian Abbott <abbotti@mev.co.uk>,
stable@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH v2 1/6] staging: comedi: comedi_compat32.c: fix COMEDI_CMD copy back
Date: Tue, 27 Jan 2015 18:16:51 +0000 [thread overview]
Message-ID: <1422382616-6884-2-git-send-email-abbotti@mev.co.uk> (raw)
In-Reply-To: <1422382616-6884-1-git-send-email-abbotti@mev.co.uk>
`do_cmd_ioctl()` in "comedi_fops.c" handles the `COMEDI_CMD` ioctl.
This returns `-EAGAIN` if it has copied a modified `struct comedi_cmd`
back to user-space. (This occurs when the low-level Comedi driver's
`do_cmdtest()` handler returns non-zero to indicate a problem with the
contents of the `struct comedi_cmd`, or when the `struct comedi_cmd` has
the `CMDF_BOGUS` flag set.)
`compat_cmd()` in "comedi_compat32.c" handles the 32-bit compatible
version of the `COMEDI_CMD` ioctl. Currently, it never copies a 32-bit
compatible version of `struct comedi_cmd` back to user-space, which is
at odds with the way the regular `COMEDI_CMD` ioctl is handled. To fix
it, change `compat_cmd()` to copy a 32-bit compatible version of the
`struct comedi_cmd` back to user-space when the main ioctl handler
returns `-EAGAIN`.
Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Reviewed-by: H Hartley Sweeten <hsweeten@visionengravers.com>
Cc: <stable@vger.kernel.org>
---
v2: keep existing type of `rc` variable - don't change it to `long`.
---
drivers/staging/comedi/comedi_compat32.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/comedi/comedi_compat32.c b/drivers/staging/comedi/comedi_compat32.c
index 5a4c74f..03a2d07 100644
--- a/drivers/staging/comedi/comedi_compat32.c
+++ b/drivers/staging/comedi/comedi_compat32.c
@@ -262,7 +262,7 @@ static int compat_cmd(struct file *file, unsigned long arg)
{
struct comedi_cmd __user *cmd;
struct comedi32_cmd_struct __user *cmd32;
- int rc;
+ int rc, err;
cmd32 = compat_ptr(arg);
cmd = compat_alloc_user_space(sizeof(*cmd));
@@ -271,7 +271,15 @@ static int compat_cmd(struct file *file, unsigned long arg)
if (rc)
return rc;
- return translated_ioctl(file, COMEDI_CMD, (unsigned long)cmd);
+ rc = translated_ioctl(file, COMEDI_CMD, (unsigned long)cmd);
+ if (rc == -EAGAIN) {
+ /* Special case: copy cmd back to user. */
+ err = put_compat_cmd(cmd32, cmd);
+ if (err)
+ rc = err;
+ }
+
+ return rc;
}
/* Handle 32-bit COMEDI_CMDTEST ioctl. */
--
2.1.4
_______________________________________________
devel mailing list
devel@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
next prev parent reply other threads:[~2015-01-27 18:19 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-27 15:50 [PATCH 0/7] staging: comedi: comedi_compat32.[ch] fix and tidy up Ian Abbott
2015-01-27 15:50 ` Ian Abbott
2015-01-27 15:50 ` [PATCH 1/7] staging: comedi: comedi_compat32.c: fix COMEDI_CMD copy back Ian Abbott
2015-01-27 15:50 ` Ian Abbott
2015-01-27 15:58 ` Ian Abbott
2015-01-27 15:58 ` Ian Abbott
2015-01-27 17:20 ` Hartley Sweeten
2015-01-27 17:20 ` Hartley Sweeten
2015-01-27 18:04 ` Ian Abbott
2015-01-27 18:04 ` Ian Abbott
2015-01-27 18:04 ` Ian Abbott
2015-01-27 15:50 ` [PATCH 2/7] staging: comedi: comedi_compat32.h: reformat copyright comment Ian Abbott
2015-01-27 15:50 ` Ian Abbott
2015-01-27 15:50 ` [PATCH 3/7] staging: comedi: comedi_compat.c: " Ian Abbott
2015-01-27 15:50 ` Ian Abbott
2015-01-27 15:50 ` [PATCH 4/7] staging: comedi: comedi_compat32.c: reformat other block comments Ian Abbott
2015-01-27 15:50 ` Ian Abbott
2015-01-27 15:50 ` [PATCH 5/7] staging: comedi: comedi_compat32.c: align some comments Ian Abbott
2015-01-27 15:50 ` Ian Abbott
2015-01-27 15:50 ` [PATCH 6/7] staging: comedi: comedi_compat32.c: absorb raw_ioctl() Ian Abbott
2015-01-27 15:50 ` Ian Abbott
2015-01-27 15:50 ` [PATCH 7/7] staging: comedi: comedi_compat.c: use long unlocked_ioctl return value Ian Abbott
2015-01-27 15:50 ` Ian Abbott
2015-01-27 18:16 ` [PATCH v2 0/6] staging: comedi: comedi_compat32.[ch] fix and tidy up Ian Abbott
2015-01-27 18:16 ` Ian Abbott
2015-01-27 18:16 ` Ian Abbott [this message]
2015-01-27 18:16 ` [PATCH v2 1/6] staging: comedi: comedi_compat32.c: fix COMEDI_CMD copy back Ian Abbott
2015-01-27 18:16 ` [PATCH v2 2/6] staging: comedi: comedi_compat32.h: reformat copyright comment Ian Abbott
2015-01-27 18:16 ` Ian Abbott
2015-01-27 18:16 ` [PATCH v2 3/6] staging: comedi: comedi_compat.c: " Ian Abbott
2015-01-27 18:16 ` Ian Abbott
2015-01-27 18:21 ` Ian Abbott
2015-01-27 18:21 ` Ian Abbott
2015-01-27 18:26 ` [PATCH v3 3/6] staging: comedi: comedi_compat32.c: " Ian Abbott
2015-01-27 18:26 ` Ian Abbott
2015-01-27 18:16 ` [PATCH v2 4/6] staging: comedi: comedi_compat32.c: reformat other block comments Ian Abbott
2015-01-27 18:16 ` Ian Abbott
2015-01-27 18:16 ` [PATCH v2 5/6] staging: comedi: comedi_compat32.c: align some comments Ian Abbott
2015-01-27 18:16 ` Ian Abbott
2015-01-27 18:16 ` [PATCH v2 6/6] staging: comedi: comedi_compat32.c: absorb raw_ioctl() Ian Abbott
2015-01-27 18:16 ` Ian Abbott
2015-01-27 20:38 ` [PATCH v2 0/6] staging: comedi: comedi_compat32.[ch] fix and tidy up Hartley Sweeten
2015-01-27 20:38 ` Hartley Sweeten
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1422382616-6884-2-git-send-email-abbotti@mev.co.uk \
--to=abbotti@mev.co.uk \
--cc=driverdev-devel@linuxdriverproject.org \
--cc=gregkh@linuxfoundation.org \
--cc=hartleys@visionengravers.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.