On Sun, Jan 25, 2009 at 10:45:57PM +0900, Yoichi Yuasa wrote:
> diff -pruN -X /home/yuasa/Memo/dontdiff linux-orig/arch/mips/include/asm/termios.h linux/arch/mips/include/asm/termios.h
> --- linux-orig/arch/mips/include/asm/termios.h 2008-10-19 22:33:14.114377349 +0900
> +++ linux/arch/mips/include/asm/termios.h 2008-10-19 22:41:25.322369698 +0900
> @@ -97,14 +97,14 @@ struct termio {
> #define user_termio_to_kernel_termios(termios, termio) \
> ({ \
> unsigned short tmp; \
> - get_user(tmp, &(termio)->c_iflag); \
> - (termios)->c_iflag = (0xffff0000 & ((termios)->c_iflag)) | tmp; \
> - get_user(tmp, &(termio)->c_oflag); \
> - (termios)->c_oflag = (0xffff0000 & ((termios)->c_oflag)) | tmp; \
> - get_user(tmp, &(termio)->c_cflag); \
> - (termios)->c_cflag = (0xffff0000 & ((termios)->c_cflag)) | tmp; \
> - get_user(tmp, &(termio)->c_lflag); \
> - (termios)->c_lflag = (0xffff0000 & ((termios)->c_lflag)) | tmp; \
> + if (!get_user(tmp, &(termio)->c_iflag)) \
> + (termios)->c_iflag = (0xffff0000 & ((termios)->c_iflag)) | tmp; \
> + if (!get_user(tmp, &(termio)->c_oflag)) \
> + (termios)->c_oflag = (0xffff0000 & ((termios)->c_oflag)) | tmp; \
> + if (!get_user(tmp, &(termio)->c_cflag)) \
> + (termios)->c_cflag = (0xffff0000 & ((termios)->c_cflag)) | tmp; \
> + if (!get_user(tmp, &(termio)->c_lflag)) \
> + (termios)->c_lflag = (0xffff0000 & ((termios)->c_lflag)) | tmp; \
> get_user((termios)->c_line, &(termio)->c_line); \
> copy_from_user((termios)->c_cc, (termio)->c_cc, NCC); \
Duh... That sort of trivial thing is not fatal but just shouldn't
happen. And other architectures have the same bug even. Your patch
leaves the last get_user and the copy_from_user return values unchecked.
I'll sort that out.
Thanks for reporting and patch!
Ralf
