[PATCH 0/9] avoid mixing __user and kernel pointers

Wed Sep 19 18:37:34 UTC 2012

Revert the patch that removes the `__user` tag from pointer members of
`struct comedi_cmd` because it's a useful tag to have.  There are two
pointer members, `chanlist` and `data`, but `data` isn't actually used
for anything currently.  `chanlist` points to a channel list, but can be
`NULL` when "testing" a command with the `COMEDI_CMDTEST` ioctl.

We want to avoid using the `chanlist` pointer in `struct comedi_cmd` to
point to kernel-space memory as that conflicts with the `__user` tag.
Instead, use the following approach:

(a) Add a parameter to all the `do_cmdtest()` handlers to pass a
pointer to the kernel copy of the channel list (and change the handlers
to use it instead of the one in the `struct comedi_cmd`).

(b) Add a `chanlist` member to `struct comedi_async` to point to the
kernel copy of the channel list. Change the `do_cmd()` handlers (and
related functions) in the low-level drivers to use this pointer to
access the channel list.

There are a few other things I noticed on the way that needed fixing,
that are included in this series of patches.  Patches 4 and 9 contain
the "meat" of this series and are the longest of the patches.

Patch 1) Revert "staging: comedi: comedi.h: remove __user tag from
         chanlist"
Patch 2) staging: comedi: remove unneeded chanlist pointer casts
Patch 3) staging: comedi: ni_labpc: pass ai scan mode through various
         functions
Patch 4) staging: comedi: add chanlist to do_cmdtest() handlers
Patch 5) staging: comedi: fix memory leak for saved channel list
Patch 6) staging: comedi: das16: pass struct comedi_cmd by reference
Patch 7) staging: comedi: das1800: don't pass struct comedi_cmd by value
Patch 8) staging: comedi: ni_labpc: don't pass struct comedi_cmd by
         value
Patch 9) staging: comedi: put command channel list in async structure

Confession time:  Patch 9 contains a couple of overlength lines in
"pcmmio.c" and "pcmuio.c" which I'm too tired to fix right now, but I
haven't made them any worse than they are already!  (The affected
functions need a lot of refactoring - some of the lines have indentation
that *starts* beyond column 80!)

 drivers/staging/comedi/comedi.h                    |   2 +-
 drivers/staging/comedi/comedi_fops.c               |  30 ++--
 drivers/staging/comedi/comedidev.h                 |   3 +-
 drivers/staging/comedi/drivers/8255.c              |   3 +-
 .../staging/comedi/drivers/addi-data/addi_common.h |   2 +-
 .../comedi/drivers/addi-data/hwdrv_apci3120.c      |  36 +++--
 .../comedi/drivers/addi-data/hwdrv_apci3120.h      |   6 +-
 .../comedi/drivers/addi-data/hwdrv_apci3200.c      |  55 +++----
 .../comedi/drivers/addi-data/hwdrv_apci3200.h      |   6 +-
 drivers/staging/comedi/drivers/adl_pci9111.c       |  20 +--
 drivers/staging/comedi/drivers/adl_pci9118.c       |  15 +-
 drivers/staging/comedi/drivers/adv_pci1710.c       |  15 +-
 drivers/staging/comedi/drivers/amplc_dio200.c      |  12 +-
 drivers/staging/comedi/drivers/amplc_pc236.c       |   3 +-
 drivers/staging/comedi/drivers/amplc_pci224.c      |  24 +--
 drivers/staging/comedi/drivers/amplc_pci230.c      |  61 +++----
 drivers/staging/comedi/drivers/cb_das16_cs.c       |   3 +-
 drivers/staging/comedi/drivers/cb_pcidas.c         |  41 ++---
 drivers/staging/comedi/drivers/cb_pcidas64.c       | 117 +++++++-------
 drivers/staging/comedi/drivers/cb_pcidda.c         |   3 +-
 drivers/staging/comedi/drivers/comedi_parport.c    |   3 +-
 drivers/staging/comedi/drivers/comedi_test.c       |  10 +-
 drivers/staging/comedi/drivers/das16.c             |  37 ++---
 drivers/staging/comedi/drivers/das16m1.c           |  12 +-
 drivers/staging/comedi/drivers/das1800.c           |  92 ++++++-----
 drivers/staging/comedi/drivers/das800.c            |  21 +--
 drivers/staging/comedi/drivers/dmm32at.c           |  23 +--
 drivers/staging/comedi/drivers/dt2814.c            |   9 +-
 drivers/staging/comedi/drivers/dt282x.c            |  14 +-
 drivers/staging/comedi/drivers/dt3000.c            |  13 +-
 drivers/staging/comedi/drivers/gsc_hpdi.c          |  12 +-
 drivers/staging/comedi/drivers/me4000.c            |  46 +++---
 drivers/staging/comedi/drivers/me_daq.c            |   3 +-
 drivers/staging/comedi/drivers/ni_6527.c           |   3 +-
 drivers/staging/comedi/drivers/ni_65xx.c           |   3 +-
 drivers/staging/comedi/drivers/ni_660x.c           |   5 +-
 drivers/staging/comedi/drivers/ni_at_a2150.c       |  22 +--
 drivers/staging/comedi/drivers/ni_atmio16d.c       |  11 +-
 drivers/staging/comedi/drivers/ni_labpc.c          | 180 +++++++++++----------
 drivers/staging/comedi/drivers/ni_mio_common.c     |  58 ++++---
 drivers/staging/comedi/drivers/ni_pcidio.c         |   6 +-
 drivers/staging/comedi/drivers/ni_tio.h            |   3 +-
 drivers/staging/comedi/drivers/ni_tiocmd.c         |   3 +-
 drivers/staging/comedi/drivers/pcl711.c            |   9 +-
 drivers/staging/comedi/drivers/pcl812.c            |   9 +-
 drivers/staging/comedi/drivers/pcl816.c            |  29 ++--
 drivers/staging/comedi/drivers/pcl818.c            |  28 ++--
 drivers/staging/comedi/drivers/pcm_common.c        |   3 +-
 drivers/staging/comedi/drivers/pcm_common.h        |   3 +-
 drivers/staging/comedi/drivers/pcmmio.c            |  21 +--
 drivers/staging/comedi/drivers/pcmuio.c            |  21 +--
 drivers/staging/comedi/drivers/quatech_daqp_cs.c   |   9 +-
 drivers/staging/comedi/drivers/rtd520.c            |  12 +-
 drivers/staging/comedi/drivers/s626.c              |  26 +--
 drivers/staging/comedi/drivers/skel.c              |   6 +-
 drivers/staging/comedi/drivers/usbdux.c            |  21 ++-
 drivers/staging/comedi/drivers/usbduxfast.c        |  27 ++--
 drivers/staging/comedi/drivers/usbduxsigma.c       |  16 +-
 58 files changed, 710 insertions(+), 576 deletions(-)