Re: Misc 2.5 Fixes: cp-user-sisfb

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Dipankar Sarma <dipankar@in.ibm.com>
To: Andrew Morton <akpm@digeo.com>
Cc: linux-kernel@vger.kernel.org, thomas@winischhofer.net
Subject: Re: Misc 2.5 Fixes: cp-user-sisfb
Date: Tue, 10 Jun 2003 15:48:01 +0530	[thread overview]
Message-ID: <20030610101801.GJ2194@in.ibm.com> (raw)
In-Reply-To: <20030610101503.GI2194@in.ibm.com>



Fix sisfb_ioctl() to use copy_to/from routines. There may be some
some changes in this patch that are ifdefed out in 2.5. Maintainers
to rescue.


 drivers/video/sis/sis_main.c |   91 +++++++++++++++++++++++++------------------
 1 files changed, 55 insertions(+), 36 deletions(-)

diff -puN drivers/video/sis/sis_main.c~cp-user-sisfb drivers/video/sis/sis_main.c
--- linux-2.5.70-ds/drivers/video/sis/sis_main.c~cp-user-sisfb	2003-06-08 04:34:39.000000000 +0530
+++ linux-2.5.70-ds-dipankar/drivers/video/sis/sis_main.c	2003-06-08 12:27:49.000000000 +0530
@@ -1461,44 +1461,57 @@ static int sisfb_ioctl(struct inode *ino
 		       struct fb_info *info)
 {
 	TWDEBUG("inside ioctl");
+	struct sis_memreq req;
+	struct ap_data ap;
+	unsigned long a;
 	switch (cmd) {
 	   case FBIO_ALLOC:
 		if (!capable(CAP_SYS_RAWIO))
 			return -EPERM;
-		sis_malloc((struct sis_memreq *) arg);
+		if (copy_from_user(&req, (void *)arg, sizeof(req)))
+			return -EFAULT;
+		sis_malloc(&req);
+		if (copy_to_user((void *)arg, &req, sizeof(req)))
+			return -EFAULT;
 		break;
 	   case FBIO_FREE:
 		if (!capable(CAP_SYS_RAWIO))
 			return -EPERM;
-		sis_free(*(unsigned long *) arg);
+		if(get_user(a, (unsigned long *) arg))
+			return -EFAULT;
+		sis_free(a);
 		break;
 	   case FBIOGET_GLYPH:
+		/* Not in 2.5 ???? */
                 sis_get_glyph(info,(SIS_GLYINFO *) arg);
 		break;	
 	   case FBIOGET_HWCINFO:
 		{
 			unsigned long *hwc_offset = (unsigned long *) arg;
 
-			if (sisfb_caps & HW_CURSOR_CAP)
-				*hwc_offset = sisfb_hwcursor_vbase -
-				    (unsigned long) ivideo.video_vbase;
-			else
-				*hwc_offset = 0;
-
+			if (sisfb_caps & HW_CURSOR_CAP) {
+				if (put_user(sisfb_hwcursor_vbase -
+				    (unsigned long) ivideo.video_vbase,
+					hwc_offset))
+					return -EFAULT;
+			} else if (put_user(0UL, hwc_offset))
+					return -EFAULT;
 			break;
 		}
 	   case FBIOPUT_MODEINFO:
 		{
-			struct mode_info *x = (struct mode_info *)arg;
+			struct mode_info x;
 
-			ivideo.video_bpp        = x->bpp;
-			ivideo.video_width      = x->xres;
-			ivideo.video_height     = x->yres;
-			ivideo.video_vwidth     = x->v_xres;
-			ivideo.video_vheight    = x->v_yres;
-			ivideo.org_x            = x->org_x;
-			ivideo.org_y            = x->org_y;
-			ivideo.refresh_rate     = x->vrate;
+			if (copy_from_user(&x, (void *)arg, sizeof(x)))
+				return -EFAULT;
+			ivideo.video_bpp        = x.bpp;
+			ivideo.video_width      = x.xres;
+			ivideo.video_height     = x.yres;
+			ivideo.video_vwidth     = x.v_xres;
+			ivideo.video_vheight    = x.v_yres;
+			ivideo.org_x            = x.org_x;
+			ivideo.org_y            = x.org_y;
+			ivideo.refresh_rate     = x.vrate;
 			ivideo.video_linelength = ivideo.video_vwidth * (ivideo.video_bpp >> 3);
 			switch(ivideo.video_bpp) {
         		case 8:
@@ -1526,34 +1539,40 @@ static int sisfb_ioctl(struct inode *ino
 			break;
 		}
 	   case FBIOGET_DISPINFO:
-		sis_dispinfo((struct ap_data *)arg);
+		sis_dispinfo(&ap);
+		if (copy_to_user((void *)arg, &ap, sizeof(ap)))
+			return -EFAULT;
 		break;
 	   case SISFB_GET_INFO:  /* TW: New for communication with X driver */
 	        {
-			sisfb_info *x = (sisfb_info *)arg;
+			sisfb_info x;
 
-			x->sisfb_id = SISFB_ID;
-			x->sisfb_version = VER_MAJOR;
-			x->sisfb_revision = VER_MINOR;
-			x->sisfb_patchlevel = VER_LEVEL;
-			x->chip_id = ivideo.chip_id;
-			x->memory = ivideo.video_size / 1024;
-			x->heapstart = ivideo.heapstart / 1024;
-			x->fbvidmode = sisfb_mode_no;
-			x->sisfb_caps = sisfb_caps;
-			x->sisfb_tqlen = 512; /* yet unused */
-			x->sisfb_pcibus = ivideo.pcibus;
-			x->sisfb_pcislot = ivideo.pcislot;
-			x->sisfb_pcifunc = ivideo.pcifunc;
-			x->sisfb_lcdpdc = sisfb_detectedpdc;
-			x->sisfb_lcda = sisfb_detectedlcda;
+			x.sisfb_id = SISFB_ID;
+			x.sisfb_version = VER_MAJOR;
+			x.sisfb_revision = VER_MINOR;
+			x.sisfb_patchlevel = VER_LEVEL;
+			x.chip_id = ivideo.chip_id;
+			x.memory = ivideo.video_size / 1024;
+			x.heapstart = ivideo.heapstart / 1024;
+			x.fbvidmode = sisfb_mode_no;
+			x.sisfb_caps = sisfb_caps;
+			x.sisfb_tqlen = 512; /* yet unused */
+			x.sisfb_pcibus = ivideo.pcibus;
+			x.sisfb_pcislot = ivideo.pcislot;
+			x.sisfb_pcifunc = ivideo.pcifunc;
+			x.sisfb_lcdpdc = sisfb_detectedpdc;
+			x.sisfb_lcda = sisfb_detectedlcda;
+			if (copy_to_user((void *)arg, &x, sizeof(x)))
+				return -EFAULT;
 	                break;
 		}
 	   case SISFB_GET_VBRSTATUS:
 	        {
 			unsigned long *vbrstatus = (unsigned long *) arg;
-			if(sisfb_CheckVBRetrace()) *vbrstatus = 1;
-			else		           *vbrstatus = 0;
+			if(sisfb_CheckVBRetrace())  {
+				return put_user(1UL, vbrstatus);
+			else		           
+				return put_user(0UL, vbrstatus);
 		}
 	   default:
 		return -EINVAL;

_

next prev parent reply	other threads:[~2003-06-10 10:04 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-06-10 10:05 Misc 2.5 Fixes: Summary Dipankar Sarma
2003-06-10 10:05 ` Joshua Kwan
2003-06-10 10:11   ` Joshua Kwan
2003-06-10 10:06 ` Misc 2.5 Fixes: arcnet-oops-fix Dipankar Sarma
2003-06-10 10:07   ` Misc 2.5 Fixes: x25-facilities-parse Dipankar Sarma
2003-06-10 10:09     ` Misc 2.5 Fixes: cp-user-awe Dipankar Sarma
2003-06-10 10:09       ` Misc 2.5 Fixes: cp-user-cmpci Dipankar Sarma
2003-06-10 10:10         ` Misc 2.5 Fixes: cp-user-eicon Dipankar Sarma
2003-06-10 10:11           ` Misc 2.5 Fixes: cp-user-intermezzo Dipankar Sarma
2003-06-10 10:13             ` Misc 2.5 Fixes: cp-user-mdc800 Dipankar Sarma
2003-06-10 10:15               ` Misc 2.5 Fixes: cp-user-mpu401 Dipankar Sarma
2003-06-10 10:18                 ` Dipankar Sarma [this message]
2003-06-10 10:20                   ` Misc 2.5 Fixes: cp-user-vicam Dipankar Sarma
2003-06-10 10:22                     ` Misc 2.5 Fixes: cp-user-zoran Dipankar Sarma
2003-06-10 10:23                       ` Misc 2.5 Fixes: mem-leak-emu10k1 Dipankar Sarma
2003-06-10 10:24                         ` Misc 2.5 Fixes: mem-leak-rio Dipankar Sarma
2003-06-10 10:25                           ` Misc 2.5 Fixes: resrc-leak-i810 Dipankar Sarma
2003-06-10 14:53                       ` Misc 2.5 Fixes: cp-user-zoran Hollis Blanchard
2003-06-11 10:48                     ` Misc 2.5 Fixes: cp-user-vicam Dipankar Sarma
2003-06-11 12:18                       ` Alan Cox
2003-06-11 12:38                         ` Dipankar Sarma
2003-06-10 16:31                   ` Misc 2.5 Fixes: cp-user-sisfb Thomas Winischhofer
2003-06-10 17:34                     ` Dipankar Sarma
2003-06-10 18:29                       ` James Simmons
2003-06-10 14:38         ` Misc 2.5 Fixes: cp-user-cmpci Hollis Blanchard

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20030610101801.GJ2194@in.ibm.com \
    --to=dipankar@in.ibm.com \
    --cc=akpm@digeo.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=thomas@winischhofer.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox