[PATCH] trivial annotation for arch/i386/kernel/*

Several places in arch/i386/kernel were still un-annotated - they didn't trip copy_.._user(), so they stayed alive. Caught and killed. That's not all - there's a big cluster of them in vm86.c, but I haven't looked into that code yet.

[PATCH] trivial annotation for arch/i386/kernel/*
Several places in arch/i386/kernel were still un-annotated - they didn't trip copy_.._user(), so they stayed alive. Caught and killed. That's not all - there's a big cluster of them in vm86.c, but I haven't looked into that code yet.
67475a9f · Alexander Viro · Linus Torvalds · 4b0fece0 · 67475a9f · 67475a9f
Commit 67475a9f authored May 30, 2004 by Alexander Viro Committed by Linus Torvalds May 30, 2004
5 changed files
--- a/arch/i386/kernel/i387.c
+++ b/arch/i386/kernel/i387.c
@@ -246,7 +246,7 @@ static int convert_fxsr_to_user( struct _fpstate __user *buf,
 	to = &buf->_st[0];
 	from = (struct _fpxreg *) &fxsave->st_space[0];
 	for ( i = 0 ; i < 8 ; i++, to++, from++ ) {
-		unsigned long *t = (unsigned long *)to;
+		unsigned long __user *t = (unsigned long __user *)to;
 		unsigned long *f = (unsigned long *)from;

 		if (__put_user(*f, t) ||
@@ -281,7 +281,7 @@ static int convert_fxsr_from_user( struct i387_fxsave_struct *fxsave,
 	from = &buf->_st[0];
 	for ( i = 0 ; i < 8 ; i++, to++, from++ ) {
 		unsigned long *t = (unsigned long *)to;
-		unsigned long *f = (unsigned long *)from;
+		unsigned long __user *f = (unsigned long __user *)from;

 		if (__get_user(*t, f) ||
 				__get_user(*(t + 1), f + 1) ||

--- a/arch/i386/kernel/microcode.c
+++ b/arch/i386/kernel/microcode.c
@@ -113,7 +113,7 @@ static spinlock_t microcode_update_lock = SPIN_LOCK_UNLOCKED;
 /* no concurrent ->write()s are allowed on /dev/cpu/microcode */
 static DECLARE_MUTEX(microcode_sem);

-static void *user_buffer;		/* user area microcode data buffer */
+static void __user *user_buffer;	/* user area microcode data buffer */
 static unsigned int user_buffer_size;	/* it's size */

 typedef enum mc_error_code {
@@ -425,7 +425,7 @@ static int do_microcode_update (void)
 	return error;
 }

-static ssize_t microcode_write (struct file *file, const char *buf, size_t len, loff_t *ppos)
+static ssize_t microcode_write (struct file *file, const char __user *buf, size_t len, loff_t *ppos)
 {
 	ssize_t ret;

@@ -441,7 +441,7 @@ static ssize_t microcode_write (struct file *file, const char *buf, size_t len,

 	down(&microcode_sem);

-	user_buffer = (void *) buf;
+	user_buffer = (void __user *) buf;
 	user_buffer_size = (int) len;

 	ret = do_microcode_update();

--- a/arch/i386/kernel/msr.c
+++ b/arch/i386/kernel/msr.c
@@ -184,7 +184,7 @@ static loff_t msr_seek(struct file *file, loff_t offset, int orig)
 static ssize_t msr_read(struct file *file, char __user * buf,
 			size_t count, loff_t * ppos)
 {
-	u32 *tmp = (u32 *) buf;
+	u32 __user *tmp = (u32 __user *) buf;
 	u32 data[2];
 	size_t rv;
 	u32 reg = *ppos;
@@ -203,13 +203,13 @@ static ssize_t msr_read(struct file *file, char __user * buf,
 		tmp += 2;
 	}

-	return ((char *)tmp) - buf;
+	return ((char __user *)tmp) - buf;
 }

 static ssize_t msr_write(struct file *file, const char __user *buf,
 			 size_t count, loff_t *ppos)
 {
-	const u32 *tmp = (const u32 *)buf;
+	const u32 __user *tmp = (const u32 __user *)buf;
 	u32 data[2];
 	size_t rv;
 	u32 reg = *ppos;
@@ -228,7 +228,7 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
 		tmp += 2;
 	}

-	return ((char *)tmp) - buf;
+	return ((char __user *)tmp) - buf;
 }

 static int msr_open(struct inode *inode, struct file *file)

--- a/arch/i386/kernel/ptrace.c
+++ b/arch/i386/kernel/ptrace.c
@@ -235,6 +235,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
 	struct task_struct *child;
 	struct user * dummy = NULL;
 	int i, ret;
+	unsigned long __user *datap = (unsigned long __user *)data;

 	lock_kernel();
 	ret = -EPERM;
@@ -283,7 +284,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
 		ret = -EIO;
 		if (copied != sizeof(tmp))
 			break;
-		ret = put_user(tmp,(unsigned long *) data);
+		ret = put_user(tmp, datap);
 		break;
 	}

@@ -305,7 +306,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
 			addr = addr >> 2;
 			tmp = child->thread.debugreg[addr];
 		}
-		ret = put_user(tmp,(unsigned long *) data);
+		ret = put_user(tmp, datap);
 		break;
 	}

@@ -423,13 +424,13 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
 		break;

 	case PTRACE_GETREGS: { /* Get all gp regs from the child. */
-	  	if (!access_ok(VERIFY_WRITE, (unsigned *)data, FRAME_SIZE*sizeof(long))) {
+	  	if (!access_ok(VERIFY_WRITE, datap, FRAME_SIZE*sizeof(long))) {
 			ret = -EIO;
 			break;
 		}
 		for ( i = 0; i < FRAME_SIZE*sizeof(long); i += sizeof(long) ) {
-			__put_user(getreg(child, i),(unsigned long *) data);
-			data += sizeof(long);
+			__put_user(getreg(child, i), datap);
+			datap++;
 		}
 		ret = 0;
 		break;
@@ -437,21 +438,21 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)

 	case PTRACE_SETREGS: { /* Set all gp regs in the child. */
 		unsigned long tmp;
-	  	if (!access_ok(VERIFY_READ, (unsigned *)data, FRAME_SIZE*sizeof(long))) {
+	  	if (!access_ok(VERIFY_READ, datap, FRAME_SIZE*sizeof(long))) {
 			ret = -EIO;
 			break;
 		}
 		for ( i = 0; i < FRAME_SIZE*sizeof(long); i += sizeof(long) ) {
-			__get_user(tmp, (unsigned long *) data);
+			__get_user(tmp, datap);
 			putreg(child, i, tmp);
-			data += sizeof(long);
+			datap++;
 		}
 		ret = 0;
 		break;
 	}

 	case PTRACE_GETFPREGS: { /* Get the child FPU state. */
-		if (!access_ok(VERIFY_WRITE, (unsigned *)data,
+		if (!access_ok(VERIFY_WRITE, datap,
 			       sizeof(struct user_i387_struct))) {
 			ret = -EIO;
 			break;
@@ -464,7 +465,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
 	}

 	case PTRACE_SETFPREGS: { /* Set the child FPU state. */
-		if (!access_ok(VERIFY_READ, (unsigned *)data,
+		if (!access_ok(VERIFY_READ, datap,
 			       sizeof(struct user_i387_struct))) {
 			ret = -EIO;
 			break;
@@ -476,7 +477,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
 	}

 	case PTRACE_GETFPXREGS: { /* Get the child extended FPU state. */
-		if (!access_ok(VERIFY_WRITE, (unsigned *)data,
+		if (!access_ok(VERIFY_WRITE, datap,
 			       sizeof(struct user_fxsr_struct))) {
 			ret = -EIO;
 			break;
@@ -488,7 +489,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
 	}

 	case PTRACE_SETFPXREGS: { /* Set the child extended FPU state. */
-		if (!access_ok(VERIFY_READ, (unsigned *)data,
+		if (!access_ok(VERIFY_READ, datap,
 			       sizeof(struct user_fxsr_struct))) {
 			ret = -EIO;
 			break;
@@ -499,13 +500,13 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
 	}

 	case PTRACE_GET_THREAD_AREA:
-		ret = ptrace_get_thread_area(child,
-					     addr, (struct user_desc __user *) data);
+		ret = ptrace_get_thread_area(child, addr,
+					(struct user_desc __user *) data);
 		break;

 	case PTRACE_SET_THREAD_AREA:
-		ret = ptrace_set_thread_area(child,
-					     addr, (struct user_desc __user *) data);
+		ret = ptrace_set_thread_area(child, addr,
+					(struct user_desc __user *) data);
 		break;

 	default:

--- a/arch/i386/kernel/signal.c
+++ b/arch/i386/kernel/signal.c
@@ -269,12 +269,12 @@ setup_sigcontext(struct sigcontext __user *sc, struct _fpstate __user *fpstate,

 	tmp = 0;
 	__asm__("movl %%gs,%0" : "=r"(tmp): "0"(tmp));
-	err |= __put_user(tmp, (unsigned int *)&sc->gs);
+	err |= __put_user(tmp, (unsigned int __user *)&sc->gs);
 	__asm__("movl %%fs,%0" : "=r"(tmp): "0"(tmp));
-	err |= __put_user(tmp, (unsigned int *)&sc->fs);
+	err |= __put_user(tmp, (unsigned int __user *)&sc->fs);

-	err |= __put_user(regs->xes, (unsigned int *)&sc->es);
-	err |= __put_user(regs->xds, (unsigned int *)&sc->ds);
+	err |= __put_user(regs->xes, (unsigned int __user *)&sc->es);
+	err |= __put_user(regs->xds, (unsigned int __user *)&sc->ds);
 	err |= __put_user(regs->edi, &sc->edi);
 	err |= __put_user(regs->esi, &sc->esi);
 	err |= __put_user(regs->ebp, &sc->ebp);
@@ -286,10 +286,10 @@ setup_sigcontext(struct sigcontext __user *sc, struct _fpstate __user *fpstate,
 	err |= __put_user(current->thread.trap_no, &sc->trapno);
 	err |= __put_user(current->thread.error_code, &sc->err);
 	err |= __put_user(regs->eip, &sc->eip);
-	err |= __put_user(regs->xcs, (unsigned int *)&sc->cs);
+	err |= __put_user(regs->xcs, (unsigned int __user *)&sc->cs);
 	err |= __put_user(regs->eflags, &sc->eflags);
 	err |= __put_user(regs->esp, &sc->esp_at_signal);
-	err |= __put_user(regs->xss, (unsigned int *)&sc->ss);
+	err |= __put_user(regs->xss, (unsigned int __user *)&sc->ss);

 	tmp = save_i387(fpstate);
 	if (tmp < 0)
@@ -381,9 +381,9 @@ static void setup_frame(int sig, struct k_sigaction *ka,
 	 * reasons and because gdb uses it as a signature to notice
 	 * signal handler stack frames.
 	 */
-	err |= __put_user(0xb858, (short *)(frame->retcode+0));
-	err |= __put_user(__NR_sigreturn, (int *)(frame->retcode+2));
-	err |= __put_user(0x80cd, (short *)(frame->retcode+6));
+	err |= __put_user(0xb858, (short __user *)(frame->retcode+0));
+	err |= __put_user(__NR_sigreturn, (int __user *)(frame->retcode+2));
+	err |= __put_user(0x80cd, (short __user *)(frame->retcode+6));

 	if (err)
 		goto give_sigsegv;
@@ -462,9 +462,9 @@ static void setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
 	 * reasons and because gdb uses it as a signature to notice
 	 * signal handler stack frames.
 	 */
-	err |= __put_user(0xb8, (char *)(frame->retcode+0));
-	err |= __put_user(__NR_rt_sigreturn, (int *)(frame->retcode+1));
-	err |= __put_user(0x80cd, (short *)(frame->retcode+5));
+	err |= __put_user(0xb8, (char __user *)(frame->retcode+0));
+	err |= __put_user(__NR_rt_sigreturn, (int __user *)(frame->retcode+1));
+	err |= __put_user(0x80cd, (short __user *)(frame->retcode+5));

 	if (err)
 		goto give_sigsegv;