diff options
author | Wim de With <nauxuron@wimdewith.com> | 2015-12-11 10:25:13 +0100 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2015-12-26 17:13:33 -0800 |
commit | d1052aa5692d08aa4a058507ff5721317d2bef75 (patch) | |
tree | 8739397f4e3132ce6ff9eda4386f2b9626dc5aa8 /drivers/staging | |
parent | 2bc29a1abc5c1b89576f8ae864cce9c07d18fd44 (diff) | |
download | linux-d1052aa5692d08aa4a058507ff5721317d2bef75.tar.bz2 |
staging: gdm72xx: add userspace data struct
This fixes the sparse warnings about dereferencing a userspace pointer.
Once I updated the sparse annotations, I noticed a bug in
gdm_wimax_ioctl() where we pass a user space pointer to gdm_update_fsm()
which dereferences it. I fixed this.
Signed-off-by: Wim de With <nauxuron@wimdewith.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/staging')
-rw-r--r-- | drivers/staging/gdm72xx/gdm_wimax.c | 12 | ||||
-rw-r--r-- | drivers/staging/gdm72xx/wm_ioctl.h | 7 |
2 files changed, 14 insertions, 5 deletions
diff --git a/drivers/staging/gdm72xx/gdm_wimax.c b/drivers/staging/gdm72xx/gdm_wimax.c index b8eea21f2655..ba03f9386567 100644 --- a/drivers/staging/gdm72xx/gdm_wimax.c +++ b/drivers/staging/gdm72xx/gdm_wimax.c @@ -363,7 +363,7 @@ static void kdelete(void **buf) } } -static int gdm_wimax_ioctl_get_data(struct data_s *dst, struct data_s *src) +static int gdm_wimax_ioctl_get_data(struct udata_s *dst, struct data_s *src) { int size; @@ -379,7 +379,7 @@ static int gdm_wimax_ioctl_get_data(struct data_s *dst, struct data_s *src) return 0; } -static int gdm_wimax_ioctl_set_data(struct data_s *dst, struct data_s *src) +static int gdm_wimax_ioctl_set_data(struct data_s *dst, struct udata_s *src) { if (!src->size) { dst->size = 0; @@ -455,6 +455,7 @@ static int gdm_wimax_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) struct wm_req_s *req = (struct wm_req_s *)ifr; struct nic *nic = netdev_priv(dev); int ret; + struct fsm_s fsm_buf; if (cmd != SIOCWMIOCTL) return -EOPNOTSUPP; @@ -477,8 +478,11 @@ static int gdm_wimax_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) /* NOTE: gdm_update_fsm should be called * before gdm_wimax_ioctl_set_data is called. */ - gdm_update_fsm(dev, - req->data.buf); + if (copy_from_user(&fsm_buf, req->data.buf, + sizeof(struct fsm_s))) + return -EFAULT; + + gdm_update_fsm(dev, &fsm_buf); } ret = gdm_wimax_ioctl_set_data( &nic->sdk_data[req->data_id], &req->data); diff --git a/drivers/staging/gdm72xx/wm_ioctl.h b/drivers/staging/gdm72xx/wm_ioctl.h index ed8f649c0042..631cb1d23c7e 100644 --- a/drivers/staging/gdm72xx/wm_ioctl.h +++ b/drivers/staging/gdm72xx/wm_ioctl.h @@ -78,13 +78,18 @@ struct data_s { void *buf; }; +struct udata_s { + int size; + void __user *buf; +}; + struct wm_req_s { union { char ifrn_name[IFNAMSIZ]; } ifr_ifrn; unsigned short cmd; unsigned short data_id; - struct data_s data; + struct udata_s data; /* NOTE: sizeof(struct wm_req_s) must be less than sizeof(struct ifreq). */ }; |