提交 e5f699d4 编写于 作者: A Al Viro

ipmi: get rid of field-by-field __get_user()

Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
上级 8b9e04f2
...@@ -704,62 +704,41 @@ struct compat_ipmi_req_settime { ...@@ -704,62 +704,41 @@ struct compat_ipmi_req_settime {
/* /*
* Define some helper functions for copying IPMI data * Define some helper functions for copying IPMI data
*/ */
static long get_compat_ipmi_msg(struct ipmi_msg *p64, static void get_compat_ipmi_msg(struct ipmi_msg *p64,
struct compat_ipmi_msg __user *p32) struct compat_ipmi_msg *p32)
{ {
compat_uptr_t tmp; p64->netfn = p32->netfn;
p64->cmd = p32->cmd;
if (!access_ok(VERIFY_READ, p32, sizeof(*p32)) || p64->data_len = p32->data_len;
__get_user(p64->netfn, &p32->netfn) || p64->data = compat_ptr(p32->data);
__get_user(p64->cmd, &p32->cmd) ||
__get_user(p64->data_len, &p32->data_len) ||
__get_user(tmp, &p32->data))
return -EFAULT;
p64->data = compat_ptr(tmp);
return 0;
} }
static long get_compat_ipmi_req(struct ipmi_req *p64, static void get_compat_ipmi_req(struct ipmi_req *p64,
struct compat_ipmi_req __user *p32) struct compat_ipmi_req *p32)
{ {
p64->addr = compat_ptr(p32->addr);
compat_uptr_t tmp; p64->addr_len = p32->addr_len;
p64->msgid = p32->msgid;
if (!access_ok(VERIFY_READ, p32, sizeof(*p32)) || get_compat_ipmi_msg(&p64->msg, &p32->msg);
__get_user(tmp, &p32->addr) ||
__get_user(p64->addr_len, &p32->addr_len) ||
__get_user(p64->msgid, &p32->msgid) ||
get_compat_ipmi_msg(&p64->msg, &p32->msg))
return -EFAULT;
p64->addr = compat_ptr(tmp);
return 0;
} }
static long get_compat_ipmi_req_settime(struct ipmi_req_settime *p64, static void get_compat_ipmi_req_settime(struct ipmi_req_settime *p64,
struct compat_ipmi_req_settime __user *p32) struct compat_ipmi_req_settime *p32)
{ {
if (!access_ok(VERIFY_READ, p32, sizeof(*p32)) || get_compat_ipmi_req(&p64->req, &p32->req);
get_compat_ipmi_req(&p64->req, &p32->req) || p64->retries = p32->retries;
__get_user(p64->retries, &p32->retries) || p64->retry_time_ms = p32->retry_time_ms;
__get_user(p64->retry_time_ms, &p32->retry_time_ms))
return -EFAULT;
return 0;
} }
static long get_compat_ipmi_recv(struct ipmi_recv *p64, static void get_compat_ipmi_recv(struct ipmi_recv *p64,
struct compat_ipmi_recv __user *p32) struct compat_ipmi_recv *p32)
{ {
compat_uptr_t tmp; memset(p64, 0, sizeof(struct ipmi_recv));
p64->recv_type = p32->recv_type;
if (!access_ok(VERIFY_READ, p32, sizeof(*p32)) || p64->addr = compat_ptr(p32->addr);
__get_user(p64->recv_type, &p32->recv_type) || p64->addr_len = p32->addr_len;
__get_user(tmp, &p32->addr) || p64->msgid = p32->msgid;
__get_user(p64->addr_len, &p32->addr_len) || get_compat_ipmi_msg(&p64->msg, &p32->msg);
__get_user(p64->msgid, &p32->msgid) ||
get_compat_ipmi_msg(&p64->msg, &p32->msg))
return -EFAULT;
p64->addr = compat_ptr(tmp);
return 0;
} }
static int copyout_recv32(struct ipmi_recv *p64, void __user *to) static int copyout_recv32(struct ipmi_recv *p64, void __user *to)
...@@ -789,10 +768,13 @@ static long compat_ipmi_ioctl(struct file *filep, unsigned int cmd, ...@@ -789,10 +768,13 @@ static long compat_ipmi_ioctl(struct file *filep, unsigned int cmd,
case COMPAT_IPMICTL_SEND_COMMAND: case COMPAT_IPMICTL_SEND_COMMAND:
{ {
struct ipmi_req rp; struct ipmi_req rp;
struct compat_ipmi_req r32;
if (get_compat_ipmi_req(&rp, compat_ptr(arg))) if (copy_from_user(&r32, compat_ptr(arg), sizeof(r32)))
return -EFAULT; return -EFAULT;
get_compat_ipmi_req(&rp, &r32);
return handle_send_req(priv->user, &rp, return handle_send_req(priv->user, &rp,
priv->default_retries, priv->default_retries,
priv->default_retry_time_ms); priv->default_retry_time_ms);
...@@ -800,10 +782,13 @@ static long compat_ipmi_ioctl(struct file *filep, unsigned int cmd, ...@@ -800,10 +782,13 @@ static long compat_ipmi_ioctl(struct file *filep, unsigned int cmd,
case COMPAT_IPMICTL_SEND_COMMAND_SETTIME: case COMPAT_IPMICTL_SEND_COMMAND_SETTIME:
{ {
struct ipmi_req_settime sp; struct ipmi_req_settime sp;
struct compat_ipmi_req_settime sp32;
if (get_compat_ipmi_req_settime(&sp, compat_ptr(arg))) if (copy_from_user(&sp32, compat_ptr(arg), sizeof(sp32)))
return -EFAULT; return -EFAULT;
get_compat_ipmi_req_settime(&sp, &sp32);
return handle_send_req(priv->user, &sp.req, return handle_send_req(priv->user, &sp.req,
sp.retries, sp.retry_time_ms); sp.retries, sp.retry_time_ms);
} }
...@@ -811,11 +796,13 @@ static long compat_ipmi_ioctl(struct file *filep, unsigned int cmd, ...@@ -811,11 +796,13 @@ static long compat_ipmi_ioctl(struct file *filep, unsigned int cmd,
case COMPAT_IPMICTL_RECEIVE_MSG_TRUNC: case COMPAT_IPMICTL_RECEIVE_MSG_TRUNC:
{ {
struct ipmi_recv recv64; struct ipmi_recv recv64;
struct compat_ipmi_recv recv32;
memset(&recv64, 0, sizeof(recv64)); if (copy_from_user(&recv32, compat_ptr(arg), sizeof(recv32)))
if (get_compat_ipmi_recv(&recv64, compat_ptr(arg)))
return -EFAULT; return -EFAULT;
get_compat_ipmi_recv(&recv64, &recv32);
return handle_recv(priv, return handle_recv(priv,
cmd == COMPAT_IPMICTL_RECEIVE_MSG_TRUNC, cmd == COMPAT_IPMICTL_RECEIVE_MSG_TRUNC,
&recv64, copyout_recv32, compat_ptr(arg)); &recv64, copyout_recv32, compat_ptr(arg));
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册