Commit f90de660 authored by andrew hendry's avatar andrew hendry Committed by David S. Miller

X25 remove bkl in facility ioctls

Signed-off-by: default avatarAndrew Hendry <andrew.hendry@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 5595a1a5
...@@ -1424,34 +1424,34 @@ static int x25_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) ...@@ -1424,34 +1424,34 @@ static int x25_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
rc = x25_subscr_ioctl(cmd, argp); rc = x25_subscr_ioctl(cmd, argp);
break; break;
case SIOCX25GFACILITIES: { case SIOCX25GFACILITIES: {
struct x25_facilities fac = x25->facilities; lock_sock(sk);
lock_kernel(); rc = copy_to_user(argp, &x25->facilities,
rc = copy_to_user(argp, &fac, sizeof(x25->facilities))
sizeof(fac)) ? -EFAULT : 0; ? -EFAULT : 0;
unlock_kernel(); release_sock(sk);
break; break;
} }
case SIOCX25SFACILITIES: { case SIOCX25SFACILITIES: {
struct x25_facilities facilities; struct x25_facilities facilities;
rc = -EFAULT; rc = -EFAULT;
lock_kernel();
if (copy_from_user(&facilities, argp, if (copy_from_user(&facilities, argp,
sizeof(facilities))) sizeof(facilities)))
break; break;
rc = -EINVAL; rc = -EINVAL;
lock_sock(sk);
if (sk->sk_state != TCP_LISTEN && if (sk->sk_state != TCP_LISTEN &&
sk->sk_state != TCP_CLOSE) sk->sk_state != TCP_CLOSE)
break; goto out_fac_release;
if (facilities.pacsize_in < X25_PS16 || if (facilities.pacsize_in < X25_PS16 ||
facilities.pacsize_in > X25_PS4096) facilities.pacsize_in > X25_PS4096)
break; goto out_fac_release;
if (facilities.pacsize_out < X25_PS16 || if (facilities.pacsize_out < X25_PS16 ||
facilities.pacsize_out > X25_PS4096) facilities.pacsize_out > X25_PS4096)
break; goto out_fac_release;
if (facilities.winsize_in < 1 || if (facilities.winsize_in < 1 ||
facilities.winsize_in > 127) facilities.winsize_in > 127)
break; goto out_fac_release;
if (facilities.throughput) { if (facilities.throughput) {
int out = facilities.throughput & 0xf0; int out = facilities.throughput & 0xf0;
int in = facilities.throughput & 0x0f; int in = facilities.throughput & 0x0f;
...@@ -1459,27 +1459,28 @@ static int x25_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) ...@@ -1459,27 +1459,28 @@ static int x25_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
facilities.throughput |= facilities.throughput |=
X25_DEFAULT_THROUGHPUT << 4; X25_DEFAULT_THROUGHPUT << 4;
else if (out < 0x30 || out > 0xD0) else if (out < 0x30 || out > 0xD0)
break; goto out_fac_release;
if (!in) if (!in)
facilities.throughput |= facilities.throughput |=
X25_DEFAULT_THROUGHPUT; X25_DEFAULT_THROUGHPUT;
else if (in < 0x03 || in > 0x0D) else if (in < 0x03 || in > 0x0D)
break; goto out_fac_release;
} }
if (facilities.reverse && if (facilities.reverse &&
(facilities.reverse & 0x81) != 0x81) (facilities.reverse & 0x81) != 0x81)
break; goto out_fac_release;
x25->facilities = facilities; x25->facilities = facilities;
rc = 0; rc = 0;
unlock_kernel(); out_fac_release:
release_sock(sk);
break; break;
} }
case SIOCX25GDTEFACILITIES: { case SIOCX25GDTEFACILITIES: {
lock_kernel(); lock_sock(sk);
rc = copy_to_user(argp, &x25->dte_facilities, rc = copy_to_user(argp, &x25->dte_facilities,
sizeof(x25->dte_facilities)); sizeof(x25->dte_facilities));
unlock_kernel(); release_sock(sk);
if (rc) if (rc)
rc = -EFAULT; rc = -EFAULT;
break; break;
...@@ -1488,24 +1489,25 @@ static int x25_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) ...@@ -1488,24 +1489,25 @@ static int x25_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
case SIOCX25SDTEFACILITIES: { case SIOCX25SDTEFACILITIES: {
struct x25_dte_facilities dtefacs; struct x25_dte_facilities dtefacs;
rc = -EFAULT; rc = -EFAULT;
lock_kernel();
if (copy_from_user(&dtefacs, argp, sizeof(dtefacs))) if (copy_from_user(&dtefacs, argp, sizeof(dtefacs)))
break; break;
rc = -EINVAL; rc = -EINVAL;
lock_sock(sk);
if (sk->sk_state != TCP_LISTEN && if (sk->sk_state != TCP_LISTEN &&
sk->sk_state != TCP_CLOSE) sk->sk_state != TCP_CLOSE)
break; goto out_dtefac_release;
if (dtefacs.calling_len > X25_MAX_AE_LEN) if (dtefacs.calling_len > X25_MAX_AE_LEN)
break; goto out_dtefac_release;
if (dtefacs.calling_ae == NULL) if (dtefacs.calling_ae == NULL)
break; goto out_dtefac_release;
if (dtefacs.called_len > X25_MAX_AE_LEN) if (dtefacs.called_len > X25_MAX_AE_LEN)
break; goto out_dtefac_release;
if (dtefacs.called_ae == NULL) if (dtefacs.called_ae == NULL)
break; goto out_dtefac_release;
x25->dte_facilities = dtefacs; x25->dte_facilities = dtefacs;
rc = 0; rc = 0;
unlock_kernel(); out_dtefac_release:
release_sock(sk);
break; break;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment