* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
+#include <linux/kernel.h>
#include <linux/mm.h>
+#include <linux/fs.h>
#include <linux/sched.h>
#include <linux/file.h>
-#include <linux/smp_lock.h>
#include <linux/slab.h>
#include <linux/ptrace.h>
#include <asm/errno.h>
int error;
char *filename;
- filename = getname((char *) regs->gr[26]);
+ filename = getname((char __user *) regs->gr[26]);
error = PTR_ERR(filename);
if (IS_ERR(filename))
goto out;
- error = do_execve(filename, (char **) regs->gr[25],
- (char **)regs->gr[24], regs);
+ error = do_execve(filename, (char __user * __user *) regs->gr[25],
+ (char __user * __user *) regs->gr[24], regs);
if (error == 0) {
task_lock(current);
};
struct getdents_callback {
- struct hpux_dirent *current_dir;
- struct hpux_dirent *previous;
+ struct hpux_dirent __user *current_dir;
+ struct hpux_dirent __user *previous;
int count;
int error;
};
-#define NAME_OFFSET(de) ((int) ((de)->d_name - (char *) (de)))
-#define ROUND_UP(x) (((x)+sizeof(long)-1) & ~(sizeof(long)-1))
+#define NAME_OFFSET(de) ((int) ((de)->d_name - (char __user *) (de)))
static int filldir(void * __buf, const char * name, int namlen, loff_t offset,
u64 ino, unsigned d_type)
{
- struct hpux_dirent * dirent;
+ struct hpux_dirent __user * dirent;
struct getdents_callback * buf = (struct getdents_callback *) __buf;
ino_t d_ino;
- int reclen = ROUND_UP(NAME_OFFSET(dirent) + namlen + 1);
+ int reclen = ALIGN(NAME_OFFSET(dirent) + namlen + 1, sizeof(long));
buf->error = -EINVAL; /* only used if we fail.. */
if (reclen > buf->count)
return -EINVAL;
d_ino = ino;
- if (sizeof(d_ino) < sizeof(ino) && d_ino != ino)
+ if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) {
+ buf->error = -EOVERFLOW;
return -EOVERFLOW;
+ }
dirent = buf->previous;
if (dirent)
- put_user(offset, &dirent->d_off);
+ if (put_user(offset, &dirent->d_off))
+ goto Efault;
dirent = buf->current_dir;
+ if (put_user(d_ino, &dirent->d_ino) ||
+ put_user(reclen, &dirent->d_reclen) ||
+ put_user(namlen, &dirent->d_namlen) ||
+ copy_to_user(dirent->d_name, name, namlen) ||
+ put_user(0, dirent->d_name + namlen))
+ goto Efault;
buf->previous = dirent;
- put_user(d_ino, &dirent->d_ino);
- put_user(reclen, &dirent->d_reclen);
- put_user(namlen, &dirent->d_namlen);
- copy_to_user(dirent->d_name, name, namlen);
- put_user(0, dirent->d_name + namlen);
- dirent = (void __user *)dirent + reclen;
- buf->current_dir = dirent;
+ buf->current_dir = (void __user *)dirent + reclen;
buf->count -= reclen;
return 0;
+Efault:
+ buf->error = -EFAULT;
+ return -EFAULT;
}
#undef NAME_OFFSET
-#undef ROUND_UP
-int hpux_getdents(unsigned int fd, struct hpux_dirent *dirent, unsigned int count)
+int hpux_getdents(unsigned int fd, struct hpux_dirent __user *dirent, unsigned int count)
{
struct file * file;
- struct hpux_dirent * lastdirent;
+ struct hpux_dirent __user * lastdirent;
struct getdents_callback buf;
int error = -EBADF;
error = buf.error;
lastdirent = buf.previous;
if (lastdirent) {
- put_user(file->f_pos, &lastdirent->d_off);
- error = count - buf.count;
+ if (put_user(file->f_pos, &lastdirent->d_off))
+ error = -EFAULT;
+ else
+ error = count - buf.count;
}
out_putf:
return -ENOSYS;
}
-static int cp_hpux_stat(struct kstat *stat, struct hpux_stat64 *statbuf)
+static int cp_hpux_stat(struct kstat *stat, struct hpux_stat64 __user *statbuf)
{
struct hpux_stat64 tmp;
return copy_to_user(statbuf,&tmp,sizeof(tmp)) ? -EFAULT : 0;
}
-long hpux_stat64(char *filename, struct hpux_stat64 *statbuf)
+long hpux_stat64(char __user *filename, struct hpux_stat64 __user *statbuf)
{
struct kstat stat;
int error = vfs_stat(filename, &stat);
return error;
}
-long hpux_fstat64(unsigned int fd, struct hpux_stat64 *statbuf)
+long hpux_fstat64(unsigned int fd, struct hpux_stat64 __user *statbuf)
{
struct kstat stat;
int error = vfs_fstat(fd, &stat);
return error;
}
-long hpux_lstat64(char *filename, struct hpux_stat64 *statbuf)
+long hpux_lstat64(char __user *filename, struct hpux_stat64 __user *statbuf)
{
struct kstat stat;
int error = vfs_lstat(filename, &stat);