[PATCH RFC v2 0/6] staging: comedi: fix user/kernel space access of cmd->chanlist
H Hartley Sweeten
hartleys at visionengravers.com
Tue Sep 18 18:39:03 UTC 2012
The 'chanlist' in the comedi_cmd struct is currently an unsigned int
__user pointer. The do_cmd_ioctl() and do_cmdtest_ioctl() functions in
comedi_fops do a copy_from_user() to move the data from user space to
kernel space before passing the comedi_cmd to the comed drivers.
Unfortunately, the drivers then think 'chanlist' is still a __user pointer
since that's how the struct is defined. Remove the __user tag from the
chanlist pointer in comedi_cmd. This allows the drivers to see the pointer
in the correct address space.
We then need to do a bit of casting in the do_cmd_ioctl() and do_cmdtest_ioctl()
functions so that the __user space of the chanlist is preserved as the data
is moved between address spaced.
H Hartley Sweeten (6):
staging: comedi: comedi.h: remove the extra indents
staging: comedi: comedi.h: remove __user tag from chanlist
staging: comedi: comedi_fops: rename the __user *cmd param in
do_cmd_ioctl
staging: comedi: comedi_fops: rename user_cmd in do_cmd_ioctl
staging: comedi: comedi_fops: rename user_cmd in do_cmdtest_ioctl
staging: comedi: comedi_fops: cast the cmd->chanlist to the correct
address space
drivers/staging/comedi/comedi.h | 1109 +++++++++++++++++-----------------
drivers/staging/comedi/comedi_fops.c | 80 +--
2 files changed, 594 insertions(+), 595 deletions(-)
--
1.7.11
More information about the devel
mailing list