[ALSA] Fix ioctl32 wrapper (for SPARC)

IOCTL32 emulation Fix ioctl32 wrapper design, using compat_alloc_user_space() now. This will fix the crash on SPARC64. Signed-off-by: Takashi Iwai <tiwai@suse.de>

[ALSA] Fix ioctl32 wrapper (for SPARC)
IOCTL32 emulation Fix ioctl32 wrapper design, using compat_alloc_user_space() now. This will fix the crash on SPARC64. Signed-off-by: Takashi Iwai <tiwai@suse.de>
18813ce3 · Jaroslav Kysela · 1efef61e · 18813ce3 · 18813ce3 · 18813ce3
Commit 18813ce3 authored Dec 21, 2004 by Jaroslav Kysela
7 changed files
--- a/sound/core/ioctl32/hwdep32.c
+++ b/sound/core/ioctl32/hwdep32.c
@@ -36,24 +36,24 @@ struct sndrv_hwdep_dsp_image32 {

 static inline int _snd_ioctl32_hwdep_dsp_image(unsigned int fd, unsigned int cmd, unsigned long arg, struct file *file, unsigned int native_ctl)
 {
-	struct sndrv_hwdep_dsp_image data;
-	struct sndrv_hwdep_dsp_image32 data32;
-	mm_segment_t oldseg;
-	int err;
+	struct sndrv_hwdep_dsp_image __user *data, *dst;
+	struct sndrv_hwdep_dsp_image32 __user *data32, *src;
+	compat_caddr_t ptr;

-	if (copy_from_user(&data32, (void __user *)arg, sizeof(data32)))
+	data32 = compat_ptr(arg);
+	data = compat_alloc_user_space(sizeof(*data));
+
+	/* index and name */
+	if (copy_in_user(data, data32, 4 + 64))
+		return -EFAULT;
+	if (__get_user(ptr, &data32->image) ||
+	    __put_user(compat_ptr(ptr), &data->image))
 		return -EFAULT;
-	memset(&data, 0, sizeof(data));
-	data.index = data32.index;
-	memcpy(data.name, data32.name, sizeof(data.name));
-	data.image = compat_ptr(data32.image);
-	data.length = data32.length;
-	data.driver_data = data32.driver_data;
-	oldseg = get_fs();
-	set_fs(KERNEL_DS);
-	err = file->f_op->ioctl(file->f_dentry->d_inode, file, native_ctl, (unsigned long)&data);
-	set_fs(oldseg);
-	return err;
+	src = data32;
+	dst = data;
+	COPY_CVT(length);
+	COPY_CVT(driver_data);
+	return file->f_op->ioctl(file->f_dentry->d_inode, file, native_ctl, (unsigned long)data);
 }

 DEFINE_ALSA_IOCTL_ENTRY(hwdep_dsp_image, hwdep_dsp_image, SNDRV_HWDEP_IOCTL_DSP_LOAD);

--- a/sound/core/ioctl32/ioctl32.c
+++ b/sound/core/ioctl32/ioctl32.c
--- a/sound/core/ioctl32/ioctl32.h
+++ b/sound/core/ioctl32/ioctl32.h
@@ -28,20 +28,37 @@

 #include <linux/compat.h>

-#define COPY(x)  (dst->x = src->x)
-#define CPTR(x)	 (dst->x = compat_ptr(src->x))
+#define COPY(x) \
+	do { \
+		if (copy_in_user(&dst->x, &src->x, sizeof(dst->x))) \
+			return -EFAULT; \
+	} while (0)
+
+#define COPY_ARRAY(x) \
+	do { \
+		if (copy_in_user(dst->x, src->x, sizeof(dst->x))) \
+			return -EFAULT; \
+	} while (0)
+
+#define COPY_CVT(x) \
+	do { \
+		__typeof__(src->x) __val_tmp; \
+		if (get_user(__val_tmp, &src->x) || \
+		    put_user(__val_tmp, &dst->x))\
+			return -EFAULT; \
+	} while (0)

 #define convert_from_32(type, dstp, srcp)\
 {\
-	struct sndrv_##type *dst = dstp;\
-	struct sndrv_##type##32 *src = srcp;\
+	struct sndrv_##type __user *dst = dstp;\
+	struct sndrv_##type##32 __user *src = srcp;\
 	CVT_##sndrv_##type();\
 }

 #define convert_to_32(type, dstp, srcp)\
 {\
-	struct sndrv_##type *src = srcp;\
-	struct sndrv_##type##32 *dst = dstp;\
+	struct sndrv_##type __user *src = srcp;\
+	struct sndrv_##type##32 __user *dst = dstp;\
 	CVT_##sndrv_##type();\
 }

@@ -49,65 +66,19 @@
 #define DEFINE_ALSA_IOCTL(type) \
 static inline int _snd_ioctl32_##type(unsigned int fd, unsigned int cmd, unsigned long arg, struct file *file, unsigned int native_ctl)\
 {\
-	struct sndrv_##type##32 data32;\
-	struct sndrv_##type data;\
-	mm_segment_t oldseg;\
-	int err;\
-	if (copy_from_user(&data32, (void __user *)arg, sizeof(data32)))\
-		return -EFAULT;\
-	memset(&data, 0, sizeof(data));\
-	convert_from_32(type, &data, &data32);\
-	oldseg = get_fs();\
-	set_fs(KERNEL_DS);\
-	err = file->f_op->ioctl(file->f_dentry->d_inode, file, native_ctl, (unsigned long)&data);\
-	set_fs(oldseg);\
-	if (err < 0) \
-		return err;\
-	if (native_ctl & (_IOC_READ << _IOC_DIRSHIFT)) {\
-		convert_to_32(type, &data32, &data);\
-		if (copy_to_user((void __user *)arg, &data32, sizeof(data32)))\
-			return -EFAULT;\
-	}\
-	return 0;\
-}
-
-#define DEFINE_ALSA_IOCTL_BIG(type) \
-static inline int _snd_ioctl32_##type(unsigned int fd, unsigned int cmd, unsigned long arg, struct file *file, unsigned int native_ctl)\
-{\
-	struct sndrv_##type##32 *data32;\
-	struct sndrv_##type *data;\
-	mm_segment_t oldseg;\
+	struct sndrv_##type##32 __user *data32;\
+	struct sndrv_##type __user *data;\
 	int err;\
-	data32 = kmalloc(sizeof(*data32), GFP_KERNEL); \
-	data = kmalloc(sizeof(*data), GFP_KERNEL); \
-	if (data32 == NULL || data == NULL) { \
-		err = -ENOMEM; \
-		goto __end; \
-	}\
-	if (copy_from_user(data32, (void __user *)arg, sizeof(*data32))) { \
-		err = -EFAULT; \
-		goto __end; \
-	}\
-	memset(data, 0, sizeof(*data));\
+	data32 = compat_ptr(arg);\
+	data = compat_alloc_user_space(sizeof(*data));\
 	convert_from_32(type, data, data32);\
-	oldseg = get_fs();\
-	set_fs(KERNEL_DS);\
 	err = file->f_op->ioctl(file->f_dentry->d_inode, file, native_ctl, (unsigned long)data);\
-	set_fs(oldseg);\
 	if (err < 0) \
-		goto __end;\
-	err = 0;\
+		return err;\
 	if (native_ctl & (_IOC_READ << _IOC_DIRSHIFT)) {\
 		convert_to_32(type, data32, data);\
-		if (copy_to_user((void __user *)arg, data32, sizeof(*data32)))\
-			err = -EFAULT;\
 	}\
-      __end:\
-      	if (data)\
-      		kfree(data);\
-      	if (data32)\
-      		kfree(data32);\
-	return err;\
+	return 0;\
 }

 #define DEFINE_ALSA_IOCTL_ENTRY(name,type,native_ctl) \

--- a/sound/core/ioctl32/pcm32.c
+++ b/sound/core/ioctl32/pcm32.c
--- a/sound/core/ioctl32/rawmidi32.c
+++ b/sound/core/ioctl32/rawmidi32.c
@@ -38,9 +38,11 @@ struct sndrv_rawmidi_params32 {
 #define CVT_sndrv_rawmidi_params()\
 {\
 	COPY(stream);\
-	COPY(buffer_size);\
-	COPY(avail_min);\
-	COPY(no_active_sensing);\
+	COPY_CVT(buffer_size);\
+	COPY_CVT(avail_min);\
+	if (copy_in_user(((size_t __user *)&dst->avail_min + 1),\
+			 ((size_t __user *)&src->avail_min + 1), 4)) \
+		return -EFAULT;\
 }

 struct sndrv_rawmidi_status32 {
@@ -54,10 +56,10 @@ struct sndrv_rawmidi_status32 {
 #define CVT_sndrv_rawmidi_status()\
 {\
 	COPY(stream);\
-	COPY(tstamp.tv_sec);\
-	COPY(tstamp.tv_nsec);\
-	COPY(avail);\
-	COPY(xruns);\
+	COPY_CVT(tstamp.tv_sec);\
+	COPY_CVT(tstamp.tv_nsec);\
+	COPY_CVT(avail);\
+	COPY_CVT(xruns);\
 }

 DEFINE_ALSA_IOCTL(rawmidi_params);

--- a/sound/core/ioctl32/seq32.c
+++ b/sound/core/ioctl32/seq32.c
@@ -42,13 +42,14 @@ struct sndrv_seq_port_info32 {

 	u32 kernel;			/* reserved for kernel use (must be NULL) */
 	u32 flags;		/* misc. conditioning */
-	char reserved[60];		/* for future use */
+	unsigned char time_queue;	/* queue # for timestamping */
+	char reserved[59];		/* for future use */
 };

 #define CVT_sndrv_seq_port_info()\
 {\
 	COPY(addr);\
-	memcpy(dst->name, src->name, sizeof(dst->name));\
+	COPY_ARRAY(name);\
 	COPY(capability);\
 	COPY(type);\
 	COPY(midi_channels);\
@@ -57,6 +58,7 @@ struct sndrv_seq_port_info32 {
 	COPY(read_use);\
 	COPY(write_use);\
 	COPY(flags);\
+	COPY(time_queue);\
 }

 DEFINE_ALSA_IOCTL(seq_port_info);

--- a/sound/core/ioctl32/timer32.c
+++ b/sound/core/ioctl32/timer32.c
@@ -41,9 +41,9 @@ struct sndrv_timer_info32 {
 {\
 	COPY(flags);\
 	COPY(card);\
-	memcpy(dst->id, src->id, sizeof(src->id));\
-	memcpy(dst->name, src->name, sizeof(src->name));\
-	COPY(resolution);\
+	COPY_ARRAY(id);\
+	COPY_ARRAY(name);\
+	COPY_CVT(resolution);\
 }

 struct sndrv_timer_status32 {
@@ -57,8 +57,8 @@ struct sndrv_timer_status32 {

 #define CVT_sndrv_timer_status()\
 {\
-	COPY(tstamp.tv_sec);\
-	COPY(tstamp.tv_nsec);\
+	COPY_CVT(tstamp.tv_sec);\
+	COPY_CVT(tstamp.tv_nsec);\
 	COPY(resolution);\
 	COPY(lost);\
 	COPY(overrun);\