* Re: yet another sparse-detected bug fix
2004-10-04 15:45 yet another sparse-detected bug fix David Mosberger
@ 2004-10-04 19:46 ` Arun Sharma
2004-10-05 7:21 ` David Mosberger
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Arun Sharma @ 2004-10-04 19:46 UTC (permalink / raw)
To: linux-ia64
[-- Attachment #1: Type: text/plain, Size: 617 bytes --]
On 10/4/2004 8:45 AM, David Mosberger wrote:
Hi David,
> Arun,
>
> copy_siginfo_from_user32() directly dereferences a user-pointer, which
> is a no-no. At that point, to->si_code already has been initialized
> so I think we can just use to->si_code instead. Compile-tested (only)
> patch attached.
>
> Signed-off-by: davidm@hpl.hp.com
I've been meaning to run sparse myself. But it wasn't very effective the last time I tried because of the missing __user annotations.
Please review the attached patches that add the missing annotations so that we can make it easy to spot these errors in the future.
-Arun
[-- Attachment #2: user-annotate-ia64.patch --]
[-- Type: text/plain, Size: 4508 bytes --]
Index: linux-2.6-cvs/include/asm-ia64/uaccess.h
===================================================================
RCS file: /home/adsharma/disk2/cvs/linux-2.5/include/asm-ia64/uaccess.h,v
retrieving revision 1.19
diff -u -r1.19 uaccess.h
--- linux-2.6-cvs/include/asm-ia64/uaccess.h 27 Aug 2004 17:43:14 -0000 1.19
+++ linux-2.6-cvs/include/asm-ia64/uaccess.h 4 Oct 2004 19:28:26 -0000
@@ -67,7 +67,7 @@
#define access_ok(type, addr, size) __access_ok((addr), (size), get_fs())
static inline int
-verify_area (int type, const void *addr, unsigned long size)
+verify_area (int type, const void __user *addr, unsigned long size)
{
return access_ok(type, addr, size) ? 0 : -EFAULT;
}
@@ -185,7 +185,7 @@
*/
#define __do_get_user(check, x, ptr, size, segment) \
({ \
- const __typeof__(*(ptr)) *__gu_ptr = (ptr); \
+ const __typeof__(*(ptr)) __user *__gu_ptr = (ptr); \
__typeof__ (size) __gu_size = (size); \
long __gu_err = -EFAULT, __gu_val = 0; \
\
@@ -213,7 +213,7 @@
#define __do_put_user(check, x, ptr, size, segment) \
({ \
__typeof__ (x) __pu_x = (x); \
- __typeof__ (*(ptr)) *__pu_ptr = (ptr); \
+ __typeof__ (*(ptr)) __user *__pu_ptr = (ptr); \
__typeof__ (size) __pu_size = (size); \
long __pu_err = -EFAULT; \
\
@@ -240,31 +240,40 @@
#define __copy_from_user(to, from, n) __copy_user((to), (from), (n))
#define __copy_to_user_inatomic __copy_to_user
#define __copy_from_user_inatomic __copy_from_user
-#define copy_to_user(to, from, n) __copy_tofrom_user((to), (from), (n), 1)
-#define copy_from_user(to, from, n) __copy_tofrom_user((to), (from), (n), 0)
-#define __copy_tofrom_user(to, from, n, check_to) \
+#define copy_to_user(to, from, n) \
({ \
- void *__cu_to = (to); \
+ void __user *__cu_to = (to); \
const void *__cu_from = (from); \
long __cu_len = (n); \
\
- if (__access_ok((long) ((check_to) ? __cu_to : __cu_from), __cu_len, get_fs())) \
- __cu_len = __copy_user(__cu_to, __cu_from, __cu_len); \
+ if (__access_ok((long) __cu_to, __cu_len, get_fs())) \
+ __cu_len = __copy_user((void *) __cu_to, __cu_from, __cu_len); \
+ __cu_len; \
+})
+
+#define copy_from_user(to, from, n) \
+({ \
+ void *__cu_to = (to); \
+ const void __user *__cu_from = (from); \
+ long __cu_len = (n); \
+ \
+ if (__access_ok((long) __cu_from, __cu_len, get_fs())) \
+ __cu_len = __copy_user(__cu_to, (const void *) __cu_from, __cu_len); \
__cu_len; \
})
#define __copy_in_user(to, from, size) __copy_user((to), (from), (size))
static inline unsigned long
-copy_in_user (void *to, const void *from, unsigned long n)
+copy_in_user (void *to, const void __user *from, unsigned long n)
{
if (likely(access_ok(VERIFY_READ, from, n) && access_ok(VERIFY_WRITE, to, n)))
n = __copy_user(to, from, n);
return n;
}
-extern unsigned long __do_clear_user (void *, unsigned long);
+extern unsigned long __do_clear_user (void __user *, unsigned long);
#define __clear_user(to, n) __do_clear_user(to, n)
@@ -281,11 +290,11 @@
* Returns: -EFAULT if exception before terminator, N if the entire buffer filled, else
* strlen.
*/
-extern long __strncpy_from_user (char *to, const char *from, long to_len);
+extern long __strncpy_from_user (char *to, const char __user *from, long to_len);
#define strncpy_from_user(to, from, n) \
({ \
- const char * __sfu_from = (from); \
+ const char __user * __sfu_from = (from); \
long __sfu_ret = -EFAULT; \
if (__access_ok((long) __sfu_from, 0, get_fs())) \
__sfu_ret = __strncpy_from_user((to), __sfu_from, (n)); \
@@ -293,11 +302,11 @@
})
/* Returns: 0 if bad, string length+1 (memory size) of string if ok */
-extern unsigned long __strlen_user (const char *);
+extern unsigned long __strlen_user (const char __user *);
#define strlen_user(str) \
({ \
- const char *__su_str = (str); \
+ const char __user *__su_str = (str); \
unsigned long __su_ret = 0; \
if (__access_ok((long) __su_str, 0, get_fs())) \
__su_ret = __strlen_user(__su_str); \
@@ -309,7 +318,7 @@
* (N), a value greater than N if the limit would be exceeded, else
* strlen.
*/
-extern unsigned long __strnlen_user (const char *, long);
+extern unsigned long __strnlen_user (const char __user *, long);
#define strnlen_user(str, len) \
({ \
[-- Attachment #3: user-annotate.patch --]
[-- Type: text/plain, Size: 14996 bytes --]
Index: linux-2.6-cvs/arch/ia64/ia32/ia32_ldt.c
===================================================================
RCS file: /home/adsharma/disk2/cvs/linux-2.5/arch/ia64/ia32/ia32_ldt.c,v
retrieving revision 1.5
diff -u -r1.5 ia32_ldt.c
--- linux-2.6-cvs/arch/ia64/ia32/ia32_ldt.c 23 Oct 2003 00:41:22 -0000 1.5
+++ linux-2.6-cvs/arch/ia64/ia32/ia32_ldt.c 4 Oct 2004 18:28:19 -0000
@@ -126,7 +126,7 @@
}
asmlinkage int
-sys32_modify_ldt (int func, unsigned int ptr, unsigned int bytecount)
+sys32_modify_ldt (int func, unsigned int __user ptr, unsigned int bytecount)
{
int ret = -ENOSYS;
Index: linux-2.6-cvs/arch/ia64/ia32/ia32_signal.c
===================================================================
RCS file: /home/adsharma/disk2/cvs/linux-2.5/arch/ia64/ia32/ia32_signal.c,v
retrieving revision 1.22
diff -u -r1.22 ia32_signal.c
--- linux-2.6-cvs/arch/ia64/ia32/ia32_signal.c 22 Sep 2004 04:16:22 -0000 1.22
+++ linux-2.6-cvs/arch/ia64/ia32/ia32_signal.c 4 Oct 2004 18:41:59 -0000
@@ -66,7 +66,7 @@
};
int
-copy_siginfo_from_user32 (siginfo_t *to, siginfo_t32 *from)
+copy_siginfo_from_user32 (siginfo_t *to, siginfo_t32 __user *from)
{
unsigned long tmp;
int err;
@@ -110,7 +110,7 @@
}
int
-copy_siginfo_to_user32 (siginfo_t32 *to, siginfo_t *from)
+copy_siginfo_to_user32 (siginfo_t32 __user *to, siginfo_t *from)
{
unsigned int addr;
int err;
@@ -202,7 +202,7 @@
*/
static int
-save_ia32_fpstate_live (struct _fpstate_ia32 *save)
+save_ia32_fpstate_live (struct _fpstate_ia32 __user *save)
{
struct task_struct *tsk = current;
struct pt_regs *ptp;
@@ -310,7 +310,7 @@
}
static int
-restore_ia32_fpstate_live (struct _fpstate_ia32 *save)
+restore_ia32_fpstate_live (struct _fpstate_ia32 __user *save)
{
struct task_struct *tsk = current;
struct pt_regs *ptp;
@@ -453,7 +453,7 @@
}
asmlinkage long
-ia32_rt_sigsuspend (compat_sigset_t *uset, unsigned int sigsetsize, struct sigscratch *scr)
+ia32_rt_sigsuspend (compat_sigset_t __user *uset, unsigned int sigsetsize, struct sigscratch *scr)
{
extern long ia64_do_signal (sigset_t *oldset, struct sigscratch *scr, long in_syscall);
sigset_t oldset, set;
@@ -512,8 +512,8 @@
}
asmlinkage long
-sys32_rt_sigaction (int sig, struct sigaction32 *act,
- struct sigaction32 *oact, unsigned int sigsetsize)
+sys32_rt_sigaction (int sig, struct sigaction32 __user *act,
+ struct sigaction32 __user *oact, unsigned int sigsetsize)
{
struct k_sigaction new_ka, old_ka;
unsigned int handler, restorer;
@@ -547,7 +547,7 @@
asmlinkage long
-sys32_rt_sigprocmask (int how, compat_sigset_t *set, compat_sigset_t *oset, unsigned int sigsetsize)
+sys32_rt_sigprocmask (int how, compat_sigset_t __user *set, compat_sigset_t __user *oset, unsigned int sigsetsize)
{
mm_segment_t old_fs = get_fs();
sigset_t s;
@@ -574,8 +574,8 @@
}
asmlinkage long
-sys32_rt_sigtimedwait (compat_sigset_t *uthese, siginfo_t32 *uinfo,
- struct compat_timespec *uts, unsigned int sigsetsize)
+sys32_rt_sigtimedwait (compat_sigset_t __user *uthese, siginfo_t32 __user *uinfo,
+ struct compat_timespec __user *uts, unsigned int sigsetsize)
{
extern int copy_siginfo_to_user32 (siginfo_t32 *, siginfo_t *);
mm_segment_t old_fs = get_fs();
@@ -600,7 +600,7 @@
}
asmlinkage long
-sys32_rt_sigqueueinfo (int pid, int sig, siginfo_t32 *uinfo)
+sys32_rt_sigqueueinfo (int pid, int sig, siginfo_t32 __user *uinfo)
{
mm_segment_t old_fs = get_fs();
siginfo_t info;
@@ -615,7 +615,7 @@
}
asmlinkage long
-sys32_sigaction (int sig, struct old_sigaction32 *act, struct old_sigaction32 *oact)
+sys32_sigaction (int sig, struct old_sigaction32 __user *act, struct old_sigaction32 __user *oact)
{
struct k_sigaction new_ka, old_ka;
unsigned int handler, restorer;
@@ -648,7 +648,7 @@
}
static int
-setup_sigcontext_ia32 (struct sigcontext_ia32 *sc, struct _fpstate_ia32 *fpstate,
+setup_sigcontext_ia32 (struct sigcontext_ia32 __user *sc, struct _fpstate_ia32 __user *fpstate,
struct pt_regs *regs, unsigned long mask)
{
int err = 0;
@@ -705,7 +705,7 @@
}
static int
-restore_sigcontext_ia32 (struct pt_regs *regs, struct sigcontext_ia32 *sc, int *peax)
+restore_sigcontext_ia32 (struct pt_regs *regs, struct sigcontext_ia32 __user *sc, int *peax)
{
unsigned int err = 0;
@@ -830,7 +830,7 @@
setup_frame_ia32 (int sig, struct k_sigaction *ka, sigset_t *set, struct pt_regs * regs)
{
struct exec_domain *ed = current_thread_info()->exec_domain;
- struct sigframe_ia32 *frame;
+ struct sigframe_ia32 __user *frame;
int err = 0;
frame = get_sigframe(ka, regs, sizeof(*frame));
@@ -896,7 +896,7 @@
sigset_t *set, struct pt_regs * regs)
{
struct exec_domain *ed = current_thread_info()->exec_domain;
- struct rt_sigframe_ia32 *frame;
+ struct rt_sigframe_ia32 __user *frame;
int err = 0;
frame = get_sigframe(ka, regs, sizeof(*frame));
@@ -982,7 +982,7 @@
{
struct pt_regs *regs = (struct pt_regs *) &stack;
unsigned long esp = (unsigned int) regs->r12;
- struct sigframe_ia32 *frame = (struct sigframe_ia32 *)(esp - 8);
+ struct sigframe_ia32 __user *frame = (struct sigframe_ia32 *)(esp - 8);
sigset_t set;
int eax;
@@ -1015,7 +1015,7 @@
{
struct pt_regs *regs = (struct pt_regs *) &stack;
unsigned long esp = (unsigned int) regs->r12;
- struct rt_sigframe_ia32 *frame = (struct rt_sigframe_ia32 *)(esp - 4);
+ struct rt_sigframe_ia32 __user *frame = (struct rt_sigframe_ia32 *)(esp - 4);
sigset_t set;
stack_t st;
int eax;
Index: linux-2.6-cvs/arch/ia64/ia32/sys_ia32.c
===================================================================
RCS file: /home/adsharma/disk2/cvs/linux-2.5/arch/ia64/ia32/sys_ia32.c,v
retrieving revision 1.72
diff -u -r1.72 sys_ia32.c
--- linux-2.6-cvs/arch/ia64/ia32/sys_ia32.c 22 Sep 2004 04:16:22 -0000 1.72
+++ linux-2.6-cvs/arch/ia64/ia32/sys_ia32.c 4 Oct 2004 18:23:15 -0000
@@ -128,7 +128,7 @@
return error;
}
-int cp_compat_stat(struct kstat *stat, struct compat_stat *ubuf)
+int cp_compat_stat(struct kstat *stat, struct compat_stat __user *ubuf)
{
int err;
@@ -927,7 +927,7 @@
};
asmlinkage long
-sys32_mmap (struct mmap_arg_struct *arg)
+sys32_mmap (struct mmap_arg_struct __user *arg)
{
struct mmap_arg_struct a;
struct file *file = NULL;
@@ -1155,14 +1155,14 @@
}
static inline long
-get_tv32 (struct timeval *o, struct compat_timeval *i)
+get_tv32 (struct timeval *o, struct compat_timeval __user *i)
{
return (!access_ok(VERIFY_READ, i, sizeof(*i)) ||
(__get_user(o->tv_sec, &i->tv_sec) | __get_user(o->tv_usec, &i->tv_usec)));
}
static inline long
-put_tv32 (struct compat_timeval *o, struct timeval *i)
+put_tv32 (struct compat_timeval *o, struct timeval __user *i)
{
return (!access_ok(VERIFY_WRITE, o, sizeof(*o)) ||
(__put_user(i->tv_sec, &o->tv_sec) | __put_user(i->tv_usec, &o->tv_usec)));
@@ -1192,7 +1192,7 @@
extern struct timezone sys_tz;
asmlinkage long
-sys32_gettimeofday (struct compat_timeval *tv, struct timezone *tz)
+sys32_gettimeofday (struct compat_timeval __user *tv, struct timezone __user *tz)
{
if (tv) {
struct timeval ktv;
@@ -1208,7 +1208,7 @@
}
asmlinkage long
-sys32_settimeofday (struct compat_timeval *tv, struct timezone *tz)
+sys32_settimeofday (struct compat_timeval __user *tv, struct timezone __user *tz)
{
struct timeval ktv;
struct timespec kts;
@@ -1270,7 +1270,7 @@
}
asmlinkage long
-sys32_getdents (unsigned int fd, struct compat_dirent *dirent, unsigned int count)
+sys32_getdents (unsigned int fd, struct compat_dirent __user *dirent, unsigned int count)
{
struct file * file;
struct compat_dirent * lastdirent;
@@ -1326,7 +1326,7 @@
}
asmlinkage long
-sys32_readdir (unsigned int fd, void *dirent, unsigned int count)
+sys32_readdir (unsigned int fd, void __user *dirent, unsigned int count)
{
int error;
struct file * file;
@@ -1434,7 +1434,7 @@
* so we have to implement this system call here.
*/
asmlinkage long
-sys32_time (int *tloc)
+sys32_time (int __user *tloc)
{
int i;
struct timeval tv;
@@ -1454,7 +1454,7 @@
struct compat_rusage *ru);
asmlinkage long
-sys32_waitpid (int pid, unsigned int *stat_addr, int options)
+sys32_waitpid (int pid, unsigned int __user *stat_addr, int options)
{
return compat_sys_wait4(pid, stat_addr, options, NULL);
}
@@ -1627,7 +1627,7 @@
}
int
-save_ia32_fpstate (struct task_struct *tsk, struct ia32_user_i387_struct *save)
+save_ia32_fpstate (struct task_struct *tsk, struct ia32_user_i387_struct __user *save)
{
struct switch_stack *swp;
struct pt_regs *ptp;
@@ -1656,7 +1656,7 @@
}
static int
-restore_ia32_fpstate (struct task_struct *tsk, struct ia32_user_i387_struct *save)
+restore_ia32_fpstate (struct task_struct *tsk, struct ia32_user_i387_struct __user *save)
{
struct switch_stack *swp;
struct pt_regs *ptp;
@@ -1689,7 +1689,7 @@
}
int
-save_ia32_fpxstate (struct task_struct *tsk, struct ia32_user_fxsr_struct *save)
+save_ia32_fpxstate (struct task_struct *tsk, struct ia32_user_fxsr_struct __user *save)
{
struct switch_stack *swp;
struct pt_regs *ptp;
@@ -1728,7 +1728,7 @@
}
static int
-restore_ia32_fpxstate (struct task_struct *tsk, struct ia32_user_fxsr_struct *save)
+restore_ia32_fpxstate (struct task_struct *tsk, struct ia32_user_fxsr_struct __user *save)
{
struct switch_stack *swp;
struct pt_regs *ptp;
@@ -1920,7 +1920,7 @@
} ia32_stack_t;
asmlinkage long
-sys32_sigaltstack (ia32_stack_t *uss32, ia32_stack_t *uoss32,
+sys32_sigaltstack (ia32_stack_t __user *uss32, ia32_stack_t __user *uoss32,
long arg2, long arg3, long arg4, long arg5, long arg6, long arg7, long stack)
{
struct pt_regs *pt = (struct pt_regs *) &stack;
@@ -1989,7 +1989,7 @@
};
asmlinkage long
-sys32_sysctl (struct sysctl32 *args)
+sys32_sysctl (struct sysctl32 __user *args)
{
#ifdef CONFIG_SYSCTL
struct sysctl32 a32;
@@ -2035,7 +2035,7 @@
}
asmlinkage long
-sys32_newuname (struct new_utsname *name)
+sys32_newuname (struct new_utsname __user *name)
{
int ret = sys_newuname(name);
@@ -2046,7 +2046,7 @@
}
asmlinkage long
-sys32_getresuid16 (u16 *ruid, u16 *euid, u16 *suid)
+sys32_getresuid16 (u16 __user *ruid, u16 __user *euid, u16 __user *suid)
{
uid_t a, b, c;
int ret;
@@ -2086,7 +2086,7 @@
}
static int
-groups16_to_user(short *grouplist, struct group_info *group_info)
+groups16_to_user(short __user *grouplist, struct group_info *group_info)
{
int i;
short group;
@@ -2101,7 +2101,7 @@
}
static int
-groups16_from_user(struct group_info *group_info, short *grouplist)
+groups16_from_user(struct group_info *group_info, short __user *grouplist)
{
int i;
short group;
@@ -2116,7 +2116,7 @@
}
asmlinkage long
-sys32_getgroups16 (int gidsetsize, short *grouplist)
+sys32_getgroups16 (int gidsetsize, short __user *grouplist)
{
int i;
@@ -2141,7 +2141,7 @@
}
asmlinkage long
-sys32_setgroups16 (int gidsetsize, short *grouplist)
+sys32_setgroups16 (int gidsetsize, short __user *grouplist)
{
struct group_info *group_info;
int retval;
@@ -2179,7 +2179,7 @@
}
static int
-putstat64 (struct stat64 *ubuf, struct kstat *kbuf)
+putstat64 (struct stat64 __user *ubuf, struct kstat *kbuf)
{
int err;
u64 hdev;
@@ -2214,7 +2214,7 @@
}
asmlinkage long
-sys32_stat64 (char *filename, struct stat64 *statbuf)
+sys32_stat64 (char __user *filename, struct stat64 __user *statbuf)
{
struct kstat s;
long ret = vfs_stat(filename, &s);
@@ -2224,7 +2224,7 @@
}
asmlinkage long
-sys32_lstat64 (char *filename, struct stat64 *statbuf)
+sys32_lstat64 (char __user *filename, struct stat64 __user *statbuf)
{
struct kstat s;
long ret = vfs_lstat(filename, &s);
@@ -2234,7 +2234,7 @@
}
asmlinkage long
-sys32_fstat64 (unsigned int fd, struct stat64 *statbuf)
+sys32_fstat64 (unsigned int fd, struct stat64 __user *statbuf)
{
struct kstat s;
long ret = vfs_fstat(fd, &s);
@@ -2261,7 +2261,7 @@
};
asmlinkage long
-sys32_sysinfo (struct sysinfo32 *info)
+sys32_sysinfo (struct sysinfo32 __user *info)
{
struct sysinfo s;
long ret, err;
@@ -2312,7 +2312,7 @@
}
asmlinkage long
-sys32_sched_rr_get_interval (pid_t pid, struct compat_timespec *interval)
+sys32_sched_rr_get_interval (pid_t pid, struct compat_timespec __user *interval)
{
mm_segment_t old_fs = get_fs();
struct timespec t;
@@ -2327,19 +2327,19 @@
}
asmlinkage long
-sys32_pread (unsigned int fd, void *buf, unsigned int count, u32 pos_lo, u32 pos_hi)
+sys32_pread (unsigned int fd, void __user *buf, unsigned int count, u32 pos_lo, u32 pos_hi)
{
return sys_pread64(fd, buf, count, ((unsigned long) pos_hi << 32) | pos_lo);
}
asmlinkage long
-sys32_pwrite (unsigned int fd, void *buf, unsigned int count, u32 pos_lo, u32 pos_hi)
+sys32_pwrite (unsigned int fd, void __user *buf, unsigned int count, u32 pos_lo, u32 pos_hi)
{
return sys_pwrite64(fd, buf, count, ((unsigned long) pos_hi << 32) | pos_lo);
}
asmlinkage long
-sys32_sendfile (int out_fd, int in_fd, int *offset, unsigned int count)
+sys32_sendfile (int out_fd, int in_fd, int __user *offset, unsigned int count)
{
mm_segment_t old_fs = get_fs();
long ret;
@@ -2388,7 +2388,7 @@
* Exactly like fs/open.c:sys_open(), except that it doesn't set the O_LARGEFILE flag.
*/
asmlinkage long
-sys32_open (const char * filename, int flags, int mode)
+sys32_open (const char __user *filename, int flags, int mode)
{
char * tmp;
int fd, error;
@@ -2423,7 +2423,7 @@
};
asmlinkage long
-sys32_epoll_ctl(int epfd, int op, int fd, struct epoll_event32 *event)
+sys32_epoll_ctl(int epfd, int op, int fd, struct epoll_event32 __user *event)
{
mm_segment_t old_fs = get_fs();
struct epoll_event event64;
@@ -2448,7 +2448,7 @@
}
asmlinkage long
-sys32_epoll_wait(int epfd, struct epoll_event32 *events, int maxevents,
+sys32_epoll_wait(int epfd, struct epoll_event32 __user *events, int maxevents,
int timeout)
{
struct epoll_event *events64 = NULL;
@@ -2526,7 +2526,7 @@
* Set a given TLS descriptor:
*/
asmlinkage int
-sys32_set_thread_area (struct ia32_user_desc *u_info)
+sys32_set_thread_area (struct ia32_user_desc __user *u_info)
{
struct thread_struct *t = ¤t->thread;
struct ia32_user_desc info;
@@ -2587,7 +2587,7 @@
#define GET_USEABLE(desc) (((desc)->b >> 20) & 1)
asmlinkage int
-sys32_get_thread_area (struct ia32_user_desc *u_info)
+sys32_get_thread_area (struct ia32_user_desc __user *u_info)
{
struct ia32_user_desc info;
struct desc_struct *desc;
@@ -2620,7 +2620,7 @@
timer_t * created_timer_id);
asmlinkage long
-sys32_timer_create(u32 clock, struct sigevent32 *se32, timer_t *timer_id)
+sys32_timer_create(u32 clock, struct sigevent32 __user *se32, timer_t __user *timer_id)
{
struct sigevent se;
mm_segment_t oldfs;
@@ -2724,7 +2724,7 @@
extern int do_adjtimex(struct timex *);
asmlinkage long
-sys32_adjtimex(struct timex32 *utp)
+sys32_adjtimex(struct timex32 __user *utp)
{
struct timex txc;
int ret;
^ permalink raw reply [flat|nested] 5+ messages in thread