]> rtime.felk.cvut.cz Git - sojka/nv-tegra/linux-3.10.git/commitdiff
projects / sojka / nv-tegra / linux-3.10.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2b142a8)
video: tegra: nvmap: fix handle get during pinop
authorKrishna Reddy <vdumpa@nvidia.com>
Wed, 18 Sep 2013 19:35:44 +0000 (12:35 -0700)
committerTom Cherry <tcherry@nvidia.com>
Tue, 21 Jan 2014 23:14:04 +0000 (15:14 -0800)
fix handle get during pinop when CONFIG_COMPAT is enabled or
pointer size is > 32-bit.

Change-Id: Id63bb3fbdb2a00295144f391a62e29547a095876
Signed-off-by: Krishna Reddy <vdumpa@nvidia.com>
Reviewed-on: http://git-master/r/276388
Tested-by: Bo Yan <byan@nvidia.com>
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Bo Yan <byan@nvidia.com>
drivers/video/tegra/nvmap/nvmap_ioctl.c patch | blob | history

diff --git a/drivers/video/tegra/nvmap/nvmap_ioctl.c b/drivers/video/tegra/nvmap/nvmap_ioctl.c
index 55a90078f480dde48f6cb9ced3709cb691277b57..de077c675513722f70509d9dfaf389f7ae42097c 100644 (file)
--- a/drivers/video/tegra/nvmap/nvmap_ioctl.c
+++ b/drivers/video/tegra/nvmap/nvmap_ioctl.c
@@ -203,14 +203,13 @@ int nvmap_ioctl_pinop(struct file *filp, bool is_pin, void __user *arg)
        struct nvmap_handle *h;
        unsigned long on_stack[16];
        unsigned long *refs;
-       unsigned long __user *output;
-       unsigned int i;
-       int err = 0;
 #ifdef CONFIG_COMPAT
-       u32 handle;
+       u32 __user *output;
 #else
-       struct nvmap_handle *handle;
+       unsigned long __user *output;
 #endif
+       unsigned int i;
+       int err = 0;
 
        if (copy_from_user(&op, arg, sizeof(op)))
                return -EFAULT;
@@ -235,7 +234,14 @@ int nvmap_ioctl_pinop(struct file *filp, bool is_pin, void __user *arg)
                }
 
                for (i = 0; i < op.count; i++) {
-                       if (__get_user(handle, &op.handles[i])) {
+#ifdef CONFIG_COMPAT
+                       u32 handle;
+                       u32 *handles = (u32 *)op.handles;
+#else
+                       struct nvmap_handle *handle;
+                       struct nvmap_handle **handles = op.handles;
+#endif
+                       if (__get_user(handle, &handles[i])) {
                                err = -EFAULT;
                                goto out;
                        }
@@ -260,10 +266,10 @@ int nvmap_ioctl_pinop(struct file *filp, bool is_pin, void __user *arg)
         * all of the handle_ref objects are valid, so dereferencing
         * directly here is safe */
        if (op.count > 1)
-               output = unmarshal_user_pointer(op.addr);
+               output = (typeof(output))op.addr;
        else {
                struct nvmap_pin_handle __user *tmp = arg;
-               output = (unsigned long __user *)&(tmp->addr);
+               output = (typeof(output))&(tmp->addr);
        }
 
        if (!output)