[BKPATCH] ISDN: Re: AUDIT of 2.5.15 copy_to/from_user

Arnaldo Carvalho de Melo (acme@conectiva.com.br)
Sat, 18 May 2002 22:07:12 -0300


Em Sat, May 18, 2002 at 09:45:58PM -0300, Arnaldo C. Melo escreveu:
> Em Sun, May 19, 2002 at 01:30:34AM -0500, Kai Germaschewski escreveu:
> > On Sat, 18 May 2002, Arnaldo Carvalho de Melo wrote:
> >
> > > ISDN will be on its way to Linus in some minutes...
> >
> > I surely remember fixing that some months back already. Apparently I lost
> > the patch somewhere on the way ;(
> >
> > Anyway, I'll be happy to do this for ISDN, but if you have it already
> > done, go ahead (and CC me when you submit it, please).
>
> Of course, I'm finishing it in some minutes.

Here it is,

Linus/Kai, please consider pulling it from:

http://kernel-acme.bkbits.net:8080/isdn-copy_tofrom_user-2.5

- Arnaldo

# This is a BitKeeper generated patch for the following project:
# Project Name: Linux kernel tree
# This patch format is intended for GNU patch command version 2.5 or higher.
# This patch includes the following deltas:
# ChangeSet 1.544 -> 1.545
# drivers/isdn/isdnloop/isdnloop.c 1.8 -> 1.9
# drivers/isdn/hardware/avm/c4.c 1.25 -> 1.26
# drivers/isdn/eicon/eicon_mod.c 1.7 -> 1.8
# drivers/isdn/tpam/tpam_commands.c 1.3 -> 1.4
# drivers/isdn/i4l/isdn_tty.c 1.11 -> 1.12
# drivers/isdn/act2000/module.c 1.4 -> 1.5
# drivers/isdn/sc/command.c 1.3 -> 1.4
# drivers/isdn/hardware/avm/b1.c 1.16 -> 1.17
# drivers/isdn/hisax/isar.c 1.8 -> 1.9
# drivers/isdn/icn/icn.c 1.8 -> 1.9
# drivers/isdn/sc/ioctl.c 1.2 -> 1.3
# drivers/isdn/i4l/isdn_ppp.c 1.16 -> 1.17
# drivers/isdn/capi/kcapi.c 1.30 -> 1.31
# drivers/isdn/hisax/config.c 1.16 -> 1.17
# drivers/isdn/divert/divert_procfs.c 1.8 -> 1.9
# drivers/isdn/capi/capi.c 1.29 -> 1.30
#
# The following is the BitKeeper ChangeSet Log
# --------------------------------------------
# 02/05/19 acme@conectiva.com.br 1.545
# drivers/isdn/*.c
#
# - fix copy_{to,from}_user error handling (thanks to Rusty for pointing this out)
# --------------------------------------------
#
diff -Nru a/drivers/isdn/act2000/module.c b/drivers/isdn/act2000/module.c
--- a/drivers/isdn/act2000/module.c Sun May 19 03:59:20 2002
+++ b/drivers/isdn/act2000/module.c Sun May 19 03:59:20 2002
@@ -283,16 +283,18 @@
actcapi_manufacturer_req_net(card);
return 0;
case ACT2000_IOCTL_SETMSN:
- if ((ret = copy_from_user(tmp, (char *)a, sizeof(tmp))))
- return ret;
+ if (copy_from_user(tmp, (char *)a,
+ sizeof(tmp)))
+ return -EFAULT;
if ((ret = act2000_set_msn(card, tmp)))
return ret;
if (card->flags & ACT2000_FLAGS_RUNNING)
return(actcapi_manufacturer_req_msn(card));
return 0;
case ACT2000_IOCTL_ADDCARD:
- if ((ret = copy_from_user(&cdef, (char *)a, sizeof(cdef))))
- return ret;
+ if (copy_from_user(&cdef, (char *)a,
+ sizeof(cdef)))
+ return -EFAULT;
if (act2000_addcard(cdef.bus, cdef.port, cdef.irq, cdef.id))
return -EIO;
return 0;
diff -Nru a/drivers/isdn/capi/capi.c b/drivers/isdn/capi/capi.c
--- a/drivers/isdn/capi/capi.c Sun May 19 03:59:20 2002
+++ b/drivers/isdn/capi/capi.c Sun May 19 03:59:20 2002
@@ -673,10 +673,9 @@
skb_queue_head(&cdev->recvqueue, skb);
return -EMSGSIZE;
}
- retval = copy_to_user(buf, skb->data, skb->len);
- if (retval) {
+ if (copy_to_user(buf, skb->data, skb->len)) {
skb_queue_head(&cdev->recvqueue, skb);
- return retval;
+ return -EFAULT;
}
copied = skb->len;

@@ -703,7 +702,7 @@
if (!skb)
return -ENOMEM;

- if ((retval = copy_from_user(skb_put(skb, count), buf, count))) {
+ if (copy_from_user(skb_put(skb, count), buf, count)) {
kfree_skb(skb);
return -EFAULT;
}
@@ -782,45 +781,36 @@

case CAPI_GET_VERSION:
{
- retval = copy_from_user((void *) &data.contr,
+ if (copy_from_user((void *) &data.contr,
(void *) arg,
- sizeof(data.contr));
- if (retval)
+ sizeof(data.contr)))
return -EFAULT;
cdev->errcode = capi20_get_version(data.contr, &data.version);
if (cdev->errcode)
return -EIO;
- retval = copy_to_user((void *) arg,
- (void *) &data.version,
- sizeof(data.version));
- if (retval)
+ if (copy_to_user((void *)arg, (void *)&data.version,
+ sizeof(data.version)))
return -EFAULT;
}
return 0;

case CAPI_GET_SERIAL:
{
- retval = copy_from_user((void *) &data.contr,
- (void *) arg,
- sizeof(data.contr));
- if (retval)
+ if (copy_from_user((void *)&data.contr, (void *)arg,
+ sizeof(data.contr)))
return -EFAULT;
cdev->errcode = capi20_get_serial (data.contr, data.serial);
if (cdev->errcode)
return -EIO;
- retval = copy_to_user((void *) arg,
- (void *) data.serial,
- sizeof(data.serial));
- if (retval)
+ if (copy_to_user((void *)arg, (void *)data.serial,
+ sizeof(data.serial)))
return -EFAULT;
}
return 0;
case CAPI_GET_PROFILE:
{
- retval = copy_from_user((void *) &data.contr,
- (void *) arg,
- sizeof(data.contr));
- if (retval)
+ if (copy_from_user((void *)&data.contr, (void *)arg,
+ sizeof(data.contr)))
return -EFAULT;

if (data.contr == 0) {
@@ -848,18 +838,15 @@

case CAPI_GET_MANUFACTURER:
{
- retval = copy_from_user((void *) &data.contr,
- (void *) arg,
- sizeof(data.contr));
- if (retval)
+ if (copy_from_user((void *)&data.contr, (void *)arg,
+ sizeof(data.contr)))
return -EFAULT;
cdev->errcode = capi20_get_manufacturer(data.contr, data.manufacturer);
if (cdev->errcode)
return -EIO;

- retval = copy_to_user((void *) arg, (void *) data.manufacturer,
- sizeof(data.manufacturer));
- if (retval)
+ if (copy_to_user((void *)arg, (void *)data.manufacturer,
+ sizeof(data.manufacturer)))
return -EFAULT;

}
@@ -868,10 +855,8 @@
data.errcode = cdev->errcode;
cdev->errcode = CAPI_NOERROR;
if (arg) {
- retval = copy_to_user((void *) arg,
- (void *) &data.errcode,
- sizeof(data.errcode));
- if (retval)
+ if (copy_to_user((void *)arg, (void *)&data.errcode,
+ sizeof(data.errcode)))
return -EFAULT;
}
return data.errcode;
@@ -886,9 +871,8 @@
struct capi_manufacturer_cmd mcmd;
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
- retval = copy_from_user((void *) &mcmd, (void *) arg,
- sizeof(mcmd));
- if (retval)
+ if (copy_from_user((void *)&mcmd, (void *)arg,
+ sizeof(mcmd)))
return -EFAULT;
return capi20_manufacturer(mcmd.cmd, mcmd.data);
}
@@ -898,10 +882,8 @@
case CAPI_CLR_FLAGS:
{
unsigned userflags;
- retval = copy_from_user((void *) &userflags,
- (void *) arg,
- sizeof(userflags));
- if (retval)
+ if (copy_from_user((void *)&userflags, (void *)arg,
+ sizeof(userflags)))
return -EFAULT;
if (cmd == CAPI_SET_FLAGS)
cdev->userflags |= userflags;
@@ -911,13 +893,9 @@
return 0;

case CAPI_GET_FLAGS:
- {
- retval = copy_to_user((void *) arg,
- (void *) &cdev->userflags,
- sizeof(cdev->userflags));
- if (retval)
- return -EFAULT;
- }
+ if (copy_to_user((void *)arg, (void *)&cdev->userflags,
+ sizeof(cdev->userflags)))
+ return -EFAULT;
return 0;

case CAPI_NCCI_OPENCOUNT:
@@ -928,10 +906,8 @@
#endif /* CONFIG_ISDN_CAPI_MIDDLEWARE */
unsigned ncci;
int count = 0;
- retval = copy_from_user((void *) &ncci,
- (void *) arg,
- sizeof(ncci));
- if (retval)
+ if (copy_from_user((void *)&ncci, (void *)arg,
+ sizeof(ncci)))
return -EFAULT;
nccip = capincci_find(cdev, (u32) ncci);
if (!nccip)
@@ -951,10 +927,8 @@
struct capincci *nccip;
struct capiminor *mp;
unsigned ncci;
- retval = copy_from_user((void *) &ncci,
- (void *) arg,
- sizeof(ncci));
- if (retval)
+ if (copy_from_user((void *)&ncci, (void *)arg,
+ sizeof(ncci)))
return -EFAULT;
nccip = capincci_find(cdev, (u32) ncci);
if (!nccip || (mp = nccip->minorp) == 0)
diff -Nru a/drivers/isdn/capi/kcapi.c b/drivers/isdn/capi/kcapi.c
--- a/drivers/isdn/capi/kcapi.c Sun May 19 03:59:20 2002
+++ b/drivers/isdn/capi/kcapi.c Sun May 19 03:59:20 2002
@@ -1060,15 +1060,15 @@
case AVMB1_LOAD_AND_CONFIG:

if (cmd == AVMB1_LOAD) {
- if ((retval = copy_from_user((void *) &ldef, data,
- sizeof(avmb1_loaddef))))
- return retval;
+ if (copy_from_user((void *)&ldef, data,
+ sizeof(avmb1_loaddef)))
+ return -EFAULT;
ldef.t4config.len = 0;
ldef.t4config.data = 0;
} else {
- if ((retval = copy_from_user((void *) &ldef, data,
- sizeof(avmb1_loadandconfigdef))))
- return retval;
+ if (copy_from_user((void *)&ldef, data,
+ sizeof(avmb1_loadandconfigdef)))
+ return -EFAULT;
}
card = get_capi_ctr_by_nr(ldef.contr);
card = capi_ctr_get(card);
@@ -1123,9 +1123,8 @@
return 0;

case AVMB1_RESETCARD:
- if ((retval = copy_from_user((void *) &rdef, data,
- sizeof(avmb1_resetdef))))
- return retval;
+ if (copy_from_user((void *)&rdef, data, sizeof(avmb1_resetdef)))
+ return -EFAULT;
card = get_capi_ctr_by_nr(rdef.contr);
if (!card)
return -ESRCH;
@@ -1146,9 +1145,8 @@
return 0;

case AVMB1_GET_CARDINFO:
- if ((retval = copy_from_user((void *) &gdef, data,
- sizeof(avmb1_getdef))))
- return retval;
+ if (copy_from_user((void *)&gdef, data, sizeof(avmb1_getdef)))
+ return -EFAULT;

card = get_capi_ctr_by_nr(gdef.contr);
if (!card)
@@ -1159,9 +1157,8 @@
gdef.cardtype = AVM_CARDTYPE_T1;
else gdef.cardtype = AVM_CARDTYPE_B1;

- if ((retval = copy_to_user(data, (void *) &gdef,
- sizeof(avmb1_getdef))))
- return retval;
+ if (copy_to_user(data, (void *)&gdef, sizeof(avmb1_getdef)))
+ return -EFAULT;

return 0;
}
@@ -1187,9 +1184,8 @@
{
kcapi_flagdef fdef;

- if ((retval = copy_from_user((void *) &fdef, data,
- sizeof(kcapi_flagdef))))
- return retval;
+ if (copy_from_user((void *)&fdef, data, sizeof(kcapi_flagdef)))
+ return -EFAULT;

card = get_capi_ctr_by_nr(fdef.contr);
if (!card)
diff -Nru a/drivers/isdn/divert/divert_procfs.c b/drivers/isdn/divert/divert_procfs.c
--- a/drivers/isdn/divert/divert_procfs.c Sun May 19 03:59:20 2002
+++ b/drivers/isdn/divert/divert_procfs.c Sun May 19 03:59:20 2002
@@ -185,8 +185,8 @@
divert_rule *rulep;
char *cp;

- if ((i = copy_from_user(&dioctl, (char *) arg, sizeof(dioctl))))
- return (i);
+ if (copy_from_user(&dioctl, (char *) arg, sizeof(dioctl)))
+ return -EFAULT;

switch (cmd) {
case IIOCGETVER:
@@ -254,7 +254,7 @@
default:
return (-EINVAL);
} /* switch cmd */
- return (copy_to_user((char *) arg, &dioctl, sizeof(dioctl))); /* success */
+ return copy_to_user((char *)arg, &dioctl, sizeof(dioctl)) ? -EFAULT : 0;
} /* isdn_divert_ioctl */


diff -Nru a/drivers/isdn/eicon/eicon_mod.c b/drivers/isdn/eicon/eicon_mod.c
--- a/drivers/isdn/eicon/eicon_mod.c Sun May 19 03:59:20 2002
+++ b/drivers/isdn/eicon/eicon_mod.c Sun May 19 03:59:20 2002
@@ -213,7 +213,10 @@
return(EICON_CTRL_VERSION);
case EICON_IOCTL_GETTYPE:
if (card->bus == EICON_BUS_PCI) {
- copy_to_user((char *)a, &card->hwif.pci.master, sizeof(int));
+ if (copy_to_user((char *)a,
+ &card->hwif.pci.master,
+ sizeof(int)))
+ return -EFAULT;
}
return(card->type);
case EICON_IOCTL_GETMMIO:
@@ -351,7 +354,8 @@
return -ENODEV;

case EICON_IOCTL_ADDCARD:
- if ((ret = copy_from_user(&cdef, (char *)a, sizeof(cdef))))
+ if (copy_from_user(&cdef, (char *)a,
+ sizeof(cdef)))
return -EFAULT;
if (!(eicon_addcard(0, cdef.membase, cdef.irq, cdef.id, 0)))
return -EIO;
@@ -376,8 +380,9 @@
#ifdef CONFIG_ISDN_DRV_EICON_PCI
if (c->arg < EICON_IOCTL_DIA_OFFSET)
return -EINVAL;
- if (copy_from_user(&dstart, (char *)a, sizeof(dstart)))
- return -1;
+ if (copy_from_user(&dstart, (char *)a,
+ sizeof(dstart)))
+ return -EFAULT;
if (!(card = eicon_findnpcicard(dstart.card_id)))
return -EINVAL;
ret = do_ioctl(NULL, NULL,
@@ -667,7 +672,8 @@

if (user) {
spin_unlock_irqrestore(&eicon_lock, flags);
- copy_to_user(p, skb->data, cnt);
+ if (copy_to_user(p, skb->data, cnt))
+ return -EFAULT;
spin_lock_irqsave(&eicon_lock, flags);
}
else
diff -Nru a/drivers/isdn/hardware/avm/b1.c b/drivers/isdn/hardware/avm/b1.c
--- a/drivers/isdn/hardware/avm/b1.c Sun May 19 03:59:20 2002
+++ b/drivers/isdn/hardware/avm/b1.c Sun May 19 03:59:20 2002
@@ -166,15 +166,14 @@
{
unsigned char buf[256];
unsigned char *dp;
- int i, left, retval;
+ int i, left;
unsigned int base = card->port;

dp = t4file->data;
left = t4file->len;
while (left > sizeof(buf)) {
if (t4file->user) {
- retval = copy_from_user(buf, dp, sizeof(buf));
- if (retval)
+ if (copy_from_user(buf, dp, sizeof(buf)))
return -EFAULT;
} else {
memcpy(buf, dp, sizeof(buf));
@@ -190,8 +189,7 @@
}
if (left) {
if (t4file->user) {
- retval = copy_from_user(buf, dp, left);
- if (retval)
+ if (copy_from_user(buf, dp, left))
return -EFAULT;
} else {
memcpy(buf, dp, left);
@@ -211,7 +209,7 @@
unsigned char buf[256];
unsigned char *dp;
unsigned int base = card->port;
- int i, j, left, retval;
+ int i, j, left;

dp = config->data;
left = config->len;
@@ -223,8 +221,7 @@
}
while (left > sizeof(buf)) {
if (config->user) {
- retval = copy_from_user(buf, dp, sizeof(buf));
- if (retval)
+ if (copy_from_user(buf, dp, sizeof(buf)))
return -EFAULT;
} else {
memcpy(buf, dp, sizeof(buf));
@@ -240,8 +237,7 @@
}
if (left) {
if (config->user) {
- retval = copy_from_user(buf, dp, left);
- if (retval)
+ if (copy_from_user(buf, dp, left))
return -EFAULT;
} else {
memcpy(buf, dp, left);
diff -Nru a/drivers/isdn/hardware/avm/c4.c b/drivers/isdn/hardware/avm/c4.c
--- a/drivers/isdn/hardware/avm/c4.c Sun May 19 03:59:20 2002
+++ b/drivers/isdn/hardware/avm/c4.c Sun May 19 03:59:20 2002
@@ -191,15 +191,14 @@
{
u32 val;
unsigned char *dp;
- int left, retval;
+ int left;
u32 loadoff = 0;

dp = t4file->data;
left = t4file->len;
while (left >= sizeof(u32)) {
if (t4file->user) {
- retval = copy_from_user(&val, dp, sizeof(val));
- if (retval)
+ if (copy_from_user(&val, dp, sizeof(val)))
return -EFAULT;
} else {
memcpy(&val, dp, sizeof(val));
@@ -216,8 +215,7 @@
if (left) {
val = 0;
if (t4file->user) {
- retval = copy_from_user(&val, dp, left);
- if (retval)
+ if (copy_from_user(&val, dp, left))
return -EFAULT;
} else {
memcpy(&val, dp, left);
@@ -808,8 +806,7 @@
left = config->len;
while (left >= sizeof(u32)) {
if (config->user) {
- retval = copy_from_user(val, dp, sizeof(val));
- if (retval)
+ if (copy_from_user(val, dp, sizeof(val)))
return -EFAULT;
} else {
memcpy(val, dp, sizeof(val));
@@ -822,8 +819,7 @@
if (left) {
memset(val, 0, sizeof(val));
if (config->user) {
- retval = copy_from_user(&val, dp, left);
- if (retval)
+ if (copy_from_user(&val, dp, left))
return -EFAULT;
} else {
memcpy(&val, dp, left);
diff -Nru a/drivers/isdn/hisax/config.c b/drivers/isdn/hisax/config.c
--- a/drivers/isdn/hisax/config.c Sun May 19 03:59:20 2002
+++ b/drivers/isdn/hisax/config.c Sun May 19 03:59:20 2002
@@ -641,9 +641,10 @@
count = cs->status_end - cs->status_read + 1;
if (count >= len)
count = len;
- if (user)
- copy_to_user(p, cs->status_read, count);
- else
+ if (user) {
+ if (copy_to_user(p, cs->status_read, count))
+ return -EFAULT;
+ } else
memcpy(p, cs->status_read, count);
cs->status_read += count;
if (cs->status_read > cs->status_end)
@@ -655,9 +656,10 @@
cnt = HISAX_STATUS_BUFSIZE;
else
cnt = count;
- if (user)
- copy_to_user(p, cs->status_read, cnt);
- else
+ if (user) {
+ if (copy_to_user(p, cs->status_read, cnt))
+ return -EFAULT;
+ } else
memcpy(p, cs->status_read, cnt);
p += cnt;
cs->status_read += cnt % HISAX_STATUS_BUFSIZE;
diff -Nru a/drivers/isdn/hisax/isar.c b/drivers/isdn/hisax/isar.c
--- a/drivers/isdn/hisax/isar.c Sun May 19 03:59:20 2002
+++ b/drivers/isdn/hisax/isar.c Sun May 19 03:59:20 2002
@@ -217,7 +217,7 @@
}
if ((ret = copy_from_user(&size, p, sizeof(int)))) {
printk(KERN_ERR"isar_load_firmware copy_from_user ret %d\n", ret);
- return ret;
+ return -EFAULT;
}
p += sizeof(int);
printk(KERN_DEBUG"isar_load_firmware size: %d\n", size);
@@ -240,6 +240,7 @@
while (cnt < size) {
if ((ret = copy_from_user(&blk_head, p, BLK_HEAD_SIZE))) {
printk(KERN_ERR"isar_load_firmware copy_from_user ret %d\n", ret);
+ ret = -EFAULT;
goto reterror;
}
#ifdef __BIG_ENDIAN
@@ -282,6 +283,7 @@
*mp++ = noc;
if ((ret = copy_from_user(tmpmsg, p, nom))) {
printk(KERN_ERR"isar_load_firmware copy_from_user ret %d\n", ret);
+ ret = -EFAULT;
goto reterror;
}
p += nom;
diff -Nru a/drivers/isdn/i4l/isdn_ppp.c b/drivers/isdn/i4l/isdn_ppp.c
--- a/drivers/isdn/i4l/isdn_ppp.c Sun May 19 03:59:20 2002
+++ b/drivers/isdn/i4l/isdn_ppp.c Sun May 19 03:59:20 2002
@@ -731,7 +731,11 @@

restore_flags(flags);

- copy_to_user(buf, save_buf, count);
+ if (copy_to_user(buf, save_buf, count)) {
+ kfree(save_buf);
+ retval = -EFAULT;
+ goto out;
+ }
kfree(save_buf);

retval = count;
diff -Nru a/drivers/isdn/i4l/isdn_tty.c b/drivers/isdn/i4l/isdn_tty.c
--- a/drivers/isdn/i4l/isdn_tty.c Sun May 19 03:59:20 2002
+++ b/drivers/isdn/i4l/isdn_tty.c Sun May 19 03:59:20 2002
@@ -1202,9 +1202,12 @@
&(m->pluscount),
&(m->lastplus),
from_user);
- if (from_user)
- copy_from_user(&(info->xmit_buf[info->xmit_count]), buf, c);
- else
+ if (from_user) {
+ if (copy_from_user(&(info->xmit_buf[info->xmit_count]), buf, c)) {
+ total = -EFAULT;
+ goto out;
+ }
+ } else
memcpy(&(info->xmit_buf[info->xmit_count]), buf, c);
#ifdef CONFIG_ISDN_AUDIO
if (info->vonline) {
@@ -1284,6 +1287,7 @@
}
isdn_timer_ctrl(ISDN_TIMER_MODEMXMIT, 1);
}
+out:
if (from_user)
up(&info->write_sem);
return total;
@@ -2589,7 +2593,8 @@
*pluscount = 0;
}
if (from_user) {
- copy_from_user(cbuf, p, count);
+ if (copy_from_user(cbuf, p, count))
+ return;
p = cbuf;
}
while (count > 0) {
diff -Nru a/drivers/isdn/icn/icn.c b/drivers/isdn/icn/icn.c
--- a/drivers/isdn/icn/icn.c Sun May 19 03:59:20 2002
+++ b/drivers/isdn/icn/icn.c Sun May 19 03:59:20 2002
@@ -821,9 +821,9 @@
printk(KERN_WARNING "icn: Could not allocate code buffer\n");
return -ENOMEM;
}
- if ((ret = copy_from_user(codebuf, buffer, ICN_CODE_STAGE1))) {
+ if (copy_from_user(codebuf, buffer, ICN_CODE_STAGE1)) {
kfree(codebuf);
- return ret;
+ return -EFAULT;
}
if (!card->rvalid) {
if (check_region(card->port, ICN_PORTLEN)) {
@@ -1057,9 +1057,10 @@
count = cmd_free;
if (count > len)
count = len;
- if (user)
- copy_from_user(msg, buf, count);
- else
+ if (user) {
+ if (copy_from_user(msg, buf, count))
+ return -EFAULT;
+ } else
memcpy(msg, buf, count);

save_flags(flags);
@@ -1237,15 +1238,17 @@
case ICN_IOCTL_GETDOUBLE:
return (int) card->doubleS0;
case ICN_IOCTL_DEBUGVAR:
- if ((i = copy_to_user((char *) a,
- (char *) &card, sizeof(ulong))))
- return i;
+ if (copy_to_user((char *)a,
+ (char *)&card,
+ sizeof(ulong)))
+ return -EFAULT;
a += sizeof(ulong);
{
ulong l = (ulong) & dev;
- if ((i = copy_to_user((char *) a,
- (char *) &l, sizeof(ulong))))
- return i;
+ if (copy_to_user((char *)a,
+ (char *)&l,
+ sizeof(ulong)))
+ return -EFAULT;
}
return 0;
case ICN_IOCTL_LOADBOOT:
@@ -1266,8 +1269,10 @@
case ICN_IOCTL_ADDCARD:
if (!dev.firstload)
return -EBUSY;
- if ((i = copy_from_user((char *) &cdef, (char *) a, sizeof(cdef))))
- return i;
+ if (copy_from_user((char *)&cdef,
+ (char *)a,
+ sizeof(cdef)))
+ return -EFAULT;
return (icn_addcard(cdef.port, cdef.id1, cdef.id2));
break;
case ICN_IOCTL_LEASEDCFG:
diff -Nru a/drivers/isdn/isdnloop/isdnloop.c b/drivers/isdn/isdnloop/isdnloop.c
--- a/drivers/isdn/isdnloop/isdnloop.c Sun May 19 03:59:20 2002
+++ b/drivers/isdn/isdnloop/isdnloop.c Sun May 19 03:59:20 2002
@@ -986,9 +986,10 @@

if (count > 255)
count = 255;
- if (user)
- copy_from_user(msg, buf, count);
- else
+ if (user) {
+ if (copy_from_user(msg, buf, count))
+ return -EFAULT;
+ } else
memcpy(msg, buf, count);
isdnloop_putmsg(card, '>');
for (p = msg; count > 0; count--, p++) {
@@ -1076,7 +1077,8 @@

if (card->flags & ISDNLOOP_FLAGS_RUNNING)
return -EBUSY;
- copy_from_user((char *) &sdef, (char *) sdefp, sizeof(sdef));
+ if (copy_from_user((char *) &sdef, (char *) sdefp, sizeof(sdef)))
+ return -EFAULT;
save_flags(flags);
cli();
switch (sdef.ptype) {
@@ -1149,9 +1151,10 @@
return (isdnloop_start(card, (isdnloop_sdef *) a));
break;
case ISDNLOOP_IOCTL_ADDCARD:
- if ((i = verify_area(VERIFY_READ, (void *) a, sizeof(isdnloop_cdef))))
- return i;
- copy_from_user((char *) &cdef, (char *) a, sizeof(cdef));
+ if (copy_from_user((char *)&cdef,
+ (char *)a,
+ sizeof(cdef)))
+ return -EFAULT;
return (isdnloop_addcard(cdef.id1));
break;
case ISDNLOOP_IOCTL_LEASEDCFG:
diff -Nru a/drivers/isdn/sc/command.c b/drivers/isdn/sc/command.c
--- a/drivers/isdn/sc/command.c Sun May 19 03:59:20 2002
+++ b/drivers/isdn/sc/command.c Sun May 19 03:59:20 2002
@@ -126,11 +126,11 @@
int err;

memcpy(&cmdptr, cmd->parm.num, sizeof(unsigned long));
- if((err = copy_from_user(&ioc, (scs_ioctl *) cmdptr,
- sizeof(scs_ioctl)))) {
+ if (copy_from_user(&ioc, (scs_ioctl *)cmdptr,
+ sizeof(scs_ioctl))) {
pr_debug("%s: Failed to verify user space 0x%x\n",
adapter[card]->devicename, cmdptr);
- return err;
+ return -EFAULT;
}
return sc_ioctl(card, &ioc);
}
diff -Nru a/drivers/isdn/sc/ioctl.c b/drivers/isdn/sc/ioctl.c
--- a/drivers/isdn/sc/ioctl.c Sun May 19 03:59:20 2002
+++ b/drivers/isdn/sc/ioctl.c Sun May 19 03:59:20 2002
@@ -55,8 +55,8 @@
/*
* Get the SRec from user space
*/
- if ((err = copy_from_user(srec, (char *) data->dataptr, sizeof(srec))))
- return err;
+ if (copy_from_user(srec, (char *) data->dataptr, sizeof(srec)))
+ return -EFAULT;

status = send_and_receive(card, CMPID, cmReqType2, cmReqClass0, cmReqLoadProc,
0, sizeof(srec), srec, &rcvmsg, SAR_TIMEOUT);
@@ -96,8 +96,9 @@
/*
* Get the switch type from user space
*/
- if ((err = copy_from_user(&switchtype, (char *) data->dataptr, sizeof(char))))
- return err;
+ if (copy_from_user(&switchtype, (char *)data->dataptr,
+ sizeof(char)))
+ return -EFAULT;

pr_debug("%s: SCIOCSETSWITCH: setting switch type to %d\n", adapter[card]->devicename,
switchtype);
@@ -141,8 +142,9 @@
/*
* Package the switch type and send to user space
*/
- if ((err = copy_to_user((char *) data->dataptr, &switchtype, sizeof(char))))
- return err;
+ if (copy_to_user((char *)data->dataptr, &switchtype,
+ sizeof(char)))
+ return -EFAULT;

return 0;
}
@@ -173,8 +175,8 @@
/*
* Package the switch type and send to user space
*/
- if ((err = copy_to_user((char *) data->dataptr, spid, sizeof(spid))))
- return err;
+ if (copy_to_user((char *)data->dataptr, spid, sizeof(spid)))
+ return -EFAULT;

return 0;
}
@@ -190,8 +192,8 @@
/*
* Get the spid from user space
*/
- if ((err = copy_from_user(spid, (char *) data->dataptr, sizeof(spid))))
- return err;
+ if (copy_from_user(spid, (char *) data->dataptr, sizeof(spid)))
+ return -EFAULT;

pr_debug("%s: SCIOCSETSPID: setting channel %d spid to %s\n",
adapter[card]->devicename, data->channel, spid);
@@ -237,8 +239,8 @@
/*
* Package the dn and send to user space
*/
- if ((err = copy_to_user((char *) data->dataptr, dn, sizeof(dn))))
- return err;
+ if (copy_to_user((char *)data->dataptr, dn, sizeof(dn)))
+ return -EFAULT;

return 0;
}
@@ -254,8 +256,8 @@
/*
* Get the spid from user space
*/
- if ((err = copy_from_user(dn, (char *) data->dataptr, sizeof(dn))))
- return err;
+ if (copy_from_user(dn, (char *)data->dataptr, sizeof(dn)))
+ return -EFAULT;

pr_debug("%s: SCIOCSETDN: setting channel %d dn to %s\n",
adapter[card]->devicename, data->channel, dn);
@@ -290,8 +292,9 @@
pr_debug("%s: SCIOSTAT: ioctl received\n", adapter[card]->devicename);
GetStatus(card, &bi);

- if ((err = copy_to_user((boardInfo *) data->dataptr, &bi, sizeof(boardInfo))))
- return err;
+ if (copy_to_user((boardInfo *)data->dataptr, &bi,
+ sizeof(boardInfo)))
+ return -EFAULT;

return 0;
}
@@ -324,8 +327,8 @@
/*
* Package the switch type and send to user space
*/
- if ((err = copy_to_user((char *) data->dataptr, &speed, sizeof(char))))
- return err;
+ if (copy_to_user((char *) data->dataptr, &speed, sizeof(char)))
+ return -EFAULT;

return 0;
}
diff -Nru a/drivers/isdn/tpam/tpam_commands.c b/drivers/isdn/tpam/tpam_commands.c
--- a/drivers/isdn/tpam/tpam_commands.c Sun May 19 03:59:20 2002
+++ b/drivers/isdn/tpam/tpam_commands.c Sun May 19 03:59:20 2002
@@ -126,7 +126,6 @@
*/
static int tpam_command_ioctl_dspload(tpam_card *card, u32 arg) {
tpam_dsp_ioctl tdl;
- int ret;

dprintk("TurboPAM(tpam_command_ioctl_dspload): card=%d\n", card->id);

@@ -141,10 +140,9 @@
return -EPERM;

/* write the data in the board's memory */
- ret = copy_from_user_to_pam(card, (void *)tdl.address,
- (void *)arg + sizeof(tpam_dsp_ioctl),
- tdl.data_len);
- return 0;
+ return copy_from_user_to_pam(card, (void *)tdl.address,
+ (void *)arg + sizeof(tpam_dsp_ioctl),
+ tdl.data_len);
}

/*
@@ -158,7 +156,6 @@
*/
static int tpam_command_ioctl_dspsave(tpam_card *card, u32 arg) {
tpam_dsp_ioctl tdl;
- int ret;

dprintk("TurboPAM(tpam_command_ioctl_dspsave): card=%d\n", card->id);

@@ -171,9 +168,8 @@
return -EPERM;

/* read the data from the board's memory */
- ret = copy_from_pam_to_user(card, (void *)arg + sizeof(tpam_dsp_ioctl),
- (void *)tdl.address, tdl.data_len);
- return ret;
+ return copy_from_pam_to_user(card, (void *)arg + sizeof(tpam_dsp_ioctl),
+ (void *)tdl.address, tdl.data_len);
}

/*
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/