From: Remis Lima Baima <remis.developer@xxxxxxxxxxxxxx>
The operation with the variable 'c_line' was missing in the function
'user_termio_to_kernel_termios'. Also the casting '*(unsigned short *)'
in the macro 'SET_LOW_TERMIOS_BITS' was a bit 'unhealthy'. So the macro
was removed and the function was changed to be like in other archs
(e.g. h8300, m68k, sparc) that have a more elegant solution.
In the function 'kernel_termios_to_user_termio' the return values of
the functions calls 'put_user' and 'copy_to_user' were not being
checked.
Signed-off-by: Remis Lima Baima <remis.developer@xxxxxxxxxxxxxx>
Signed-off-by: Arnd Bergmann <arnd@xxxxxxxx>
---
arch/x86/include/asm/termios.h | 56 +++++++++++++++++++++++++++-------------
1 files changed, 38 insertions(+), 18 deletions(-)
diff --git a/arch/x86/include/asm/termios.h b/arch/x86/include/asm/termios.h
index f729563..cbfc2d5 100644
--- a/arch/x86/include/asm/termios.h
+++ b/arch/x86/include/asm/termios.h
@@ -54,20 +54,37 @@ struct termio {
/*
* Translate a "termio" structure into a "termios". Ugh.
*/
-#define SET_LOW_TERMIOS_BITS(termios, termio, x) { \
- unsigned short __tmp; \
- get_user(__tmp,&(termio)->x); \
- *(unsigned short *) &(termios)->x = __tmp; \
-}
-
static inline int user_termio_to_kernel_termios(struct ktermios *termios,
struct termio __user *termio)
-{
- SET_LOW_TERMIOS_BITS(termios, termio, c_iflag);
- SET_LOW_TERMIOS_BITS(termios, termio, c_oflag);
- SET_LOW_TERMIOS_BITS(termios, termio, c_cflag);
- SET_LOW_TERMIOS_BITS(termios, termio, c_lflag);
- return copy_from_user(termios->c_cc, termio->c_cc, NCC);
+{
+ unsigned short tmp;
+
+ if (get_user(tmp, &termio->c_iflag) < 0)
+ goto fault;
+ termios->c_iflag = (0xffff0000 & termios->c_iflag) | tmp;
+
+ if (get_user(tmp, &termio->c_oflag) < 0)
+ goto fault;
+ termios->c_oflag = (0xffff0000 & termios->c_oflag) | tmp;
+
+ if (get_user(tmp, &termio->c_cflag) < 0)
+ goto fault;
+ termios->c_cflag = (0xffff0000 & termios->c_cflag) | tmp;
+
+ if (get_user(tmp, &termio->c_lflag) < 0)
+ goto fault;
+ termios->c_lflag = (0xffff0000 & termios->c_lflag) | tmp;
+
+ if (get_user(termios->c_line, &termio->c_line) < 0)
+ goto fault;
+
+ if (copy_from_user(termios->c_cc, termio->c_cc, NCC) != 0)
+ goto fault;
+
+ return 0;
+
+ fault:
+ return -EFAULT;
}
/*
@@ -76,12 +93,15 @@ static inline int user_termio_to_kernel_termios(struct ktermios *termios,
static inline int kernel_termios_to_user_termio(struct termio __user *termio,
struct ktermios *termios)
{
- put_user((termios)->c_iflag, &(termio)->c_iflag);
- put_user((termios)->c_oflag, &(termio)->c_oflag);
- put_user((termios)->c_cflag, &(termio)->c_cflag);
- put_user((termios)->c_lflag, &(termio)->c_lflag);
- put_user((termios)->c_line, &(termio)->c_line);
- return copy_to_user((termio)->c_cc, (termios)->c_cc, NCC);
+ if (put_user(termios->c_iflag, &termio->c_iflag) < 0 ||
+ put_user(termios->c_oflag, &termio->c_oflag) < 0 ||
+ put_user(termios->c_cflag, &termio->c_cflag) < 0 ||
+ put_user(termios->c_lflag, &termio->c_lflag) < 0 ||
+ put_user(termios->c_line, &termio->c_line) < 0 ||
+ copy_to_user(termio->c_cc, termios->c_cc, NCC) != 0)
+ return -EFAULT;
+
+ return 0;
}
static inline int user_termios_to_kernel_termios(struct ktermios *k,
--
1.6.0.4
--
To unsubscribe from this list: send the line "unsubscribe linux-arch" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
