patchlet for cs46xx

patchlet for cs46xx

[Pete Zaitcev]

Sorry for the nitpicking, bust since 2.4 is now "stable"...
-- Pete

diff -ur -X dontdiff linux-2.4.0-ac9/drivers/sound/cs46xx.c linux-2.4.0-ac9-p3/drivers/sound/cs46xx.c
--- linux-2.4.0-ac9/drivers/sound/cs46xx.c	Sun Jan 14 15:27:58 2001
+++ linux-2.4.0-ac9-p3/drivers/sound/cs46xx.c	Wed Jan 24 21:28:30 2001
@@ -2726,7 +2726,7 @@
 			cinfo.blocks = dmabuf->count/dmabuf->divisor >> dmabuf->fragshift;
 			cinfo.ptr = dmabuf->hwptr/dmabuf->divisor;
 			spin_unlock_irqrestore(&state->card->lock, flags);
-			return copy_to_user((void *)arg, &cinfo, sizeof(cinfo));
+			return copy_to_user((void *)arg, &cinfo, sizeof(cinfo)) ? -EFAULT : 0;
 		}
 		return -ENODEV;
 
@@ -2757,7 +2757,7 @@
 			    "cs46xx: GETOPTR bytes=%d blocks=%d ptr=%d\n",
 				cinfo.bytes,cinfo.blocks,cinfo.ptr) );
 			spin_unlock_irqrestore(&state->card->lock, flags);
-			return copy_to_user((void *)arg, &cinfo, sizeof(cinfo));
+			return copy_to_user((void *)arg, &cinfo, sizeof(cinfo)) ? -EFAULT : 0;
 		}
 		return -ENODEV;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Re: patchlet for cs46xx

[Richard B. Johnson]

On Thu, 25 Jan 2001, Pete Zaitcev wrote:

> Sorry for the nitpicking, bust since 2.4 is now "stable"...
> -- Pete
> 
[SNIPPED...]
>From what I tested, copy_to/from_user, now seg-faults the caller directly.
If the function returns, it worked. Therefore you will never get a
chance to return -EFAULT.

Cheers,
Dick Johnson

Penguin : Linux version 2.4.0 on an i686 machine (799.53 BogoMips).

"Memory is like gasoline. You use it up when you are running. Of
course you get it all back when you reboot..."; Actual explanation
obtained from the Micro$oft help desk.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Re: patchlet for cs46xx

[Jens Axboe]

On Thu, Jan 25 2001, Richard B. Johnson wrote:
> [SNIPPED...]
> >From what I tested, copy_to/from_user, now seg-faults the caller directly.
> If the function returns, it worked. Therefore you will never get a
> chance to return -EFAULT.

Huh?? copy_to/from_user returns the bytes _not_ copied, in which
case you return -EFAULT go segv the caller.

I think the confusion usually is that put/get_user return -EFAULT
directly.

-- 
* Jens Axboe <axboe@suse.de>
* SuSE Labs
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Re: patchlet for cs46xx

[Richard B. Johnson]

On Thu, 25 Jan 2001, Jens Axboe wrote:

> On Thu, Jan 25 2001, Richard B. Johnson wrote:
> > [SNIPPED...]
> > >From what I tested, copy_to/from_user, now seg-faults the caller directly.
> > If the function returns, it worked. Therefore you will never get a
> > chance to return -EFAULT.
> 
> Huh?? copy_to/from_user returns the bytes _not_ copied, in which
> case you return -EFAULT go segv the caller.
> 
> I think the confusion usually is that put/get_user return -EFAULT
> directly.
> 
> -- 
> * Jens Axboe <axboe@suse.de>
> * SuSE Labs

Looking at the code, you are right. However, testing it, by malloc()ing
a buffer in user, space, I have done the following.

(1) Allocate  a buffer from malloc().
(2) Allocate shared memory
(3) fork() child to write, one byte at a time until the child seg-faults.
    The address of the buffer to be written is put into shared memory
    just before the write. Parent checks that this is (correctly) just
    over a page boundary.
    Now I know the first address at which the parent would (should)
    seg-fault if it were to attempt the same.
(4) Now, I use one byte less than that address in a ioctl(), that
    does copy_to_user. It attempts to copy sizeof(termios) bytes.
    According to the "specs" it should just fail after copying 1 byte.
    It doesn't. It just seg-faults the parent.

I did just the same with a copy_from_user. Both ioctls are standard
TCGETS/TCSETS terminal ioctls(), with the termios structure pointer
moved around.

Cheers,
Dick Johnson

Penguin : Linux version 2.4.0 on an i686 machine (799.53 BogoMips).

"Memory is like gasoline. You use it up when you are running. Of
course you get it all back when you reboot..."; Actual explanation
obtained from the Micro$oft help desk.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/