[media] ngene: properly handle __user ptr

author Mauro Carvalho Chehab <m.chehab@samsung.com>

Wed, 3 Sep 2014 23:44:04 +0000 (20:44 -0300)

committer Mauro Carvalho Chehab <m.chehab@samsung.com>

Mon, 8 Sep 2014 13:00:52 +0000 (10:00 -0300)
author Mauro Carvalho Chehab <m.chehab@samsung.com>
Wed, 3 Sep 2014 23:44:04 +0000 (20:44 -0300)
committer Mauro Carvalho Chehab <m.chehab@samsung.com>
Mon, 8 Sep 2014 13:00:52 +0000 (10:00 -0300)
diff --git a/drivers/media/dvb-core/dvb_ringbuffer.c b/drivers/media/dvb-core/dvb_ringbuffer.c

index a5712cd7c65ff084845cc86599d63f802ac81722..1100e98a7b1d36eaefe4440767d823d49d1ebf3b 100644 (file)
--- a/drivers/media/dvb-core/dvb_ringbuffer.c
+++ b/drivers/media/dvb-core/dvb_ringbuffer.c
@@ -166,6 +166,31 @@ ssize_t dvb_ringbuffer_write(struct dvb_ringbuffer *rbuf, const u8 *buf, size_t
         return len;
  }
  
+ssize_t dvb_ringbuffer_write_user(struct dvb_ringbuffer *rbuf,
+                                 const u8 __user *buf, size_t len)
+{
+       int status;
+       size_t todo = len;
+       size_t split;
+
+       split = (rbuf->pwrite + len > rbuf->size) ? rbuf->size - rbuf->pwrite : 0;
+
+       if (split > 0) {
+               status = copy_from_user(rbuf->data+rbuf->pwrite, buf, split);
+               if (status)
+                       return len - todo;
+               buf += split;
+               todo -= split;
+               rbuf->pwrite = 0;
+       }
+       status = copy_from_user(rbuf->data+rbuf->pwrite, buf, todo);
+       if (status)
+               return len - todo;
+       rbuf->pwrite = (rbuf->pwrite + todo) % rbuf->size;
+
+       return len;
+}
+
  ssize_t dvb_ringbuffer_pkt_write(struct dvb_ringbuffer *rbuf, u8* buf, size_t len)
  {
         int status;
@@ -297,3 +322,4 @@ EXPORT_SYMBOL(dvb_ringbuffer_flush_spinlock_wakeup);
  EXPORT_SYMBOL(dvb_ringbuffer_read_user);
  EXPORT_SYMBOL(dvb_ringbuffer_read);
  EXPORT_SYMBOL(dvb_ringbuffer_write);
+EXPORT_SYMBOL(dvb_ringbuffer_write_user);
diff --git a/drivers/media/dvb-core/dvb_ringbuffer.h b/drivers/media/dvb-core/dvb_ringbuffer.h

index 41f04dae69b618badd91e783a1ad463b6bd0a393..9e1e11b7c39cb24113084234537cdf4c82254002 100644 (file)
--- a/drivers/media/dvb-core/dvb_ringbuffer.h
+++ b/drivers/media/dvb-core/dvb_ringbuffer.h
@@ -133,6 +133,8 @@ extern void dvb_ringbuffer_read(struct dvb_ringbuffer *rbuf,
  */
  extern ssize_t dvb_ringbuffer_write(struct dvb_ringbuffer *rbuf, const u8 *buf,
                                     size_t len);
+extern ssize_t dvb_ringbuffer_write_user(struct dvb_ringbuffer *rbuf,
+                                        const u8 __user *buf, size_t len);
  
  
  /**
diff --git a/drivers/media/pci/ngene/ngene-dvb.c b/drivers/media/pci/ngene/ngene-dvb.c

index a8a4045f66d79a8d9f364092c26c6de4cf1fbb0e..59bb2858c8d0127c8779f3323b8f1d1a25b832e2 100644 (file)
--- a/drivers/media/pci/ngene/ngene-dvb.c
+++ b/drivers/media/pci/ngene/ngene-dvb.c
@@ -59,7 +59,7 @@ static ssize_t ts_write(struct file *file, const char __user *buf,
                                      (&dev->tsout_rbuf) >= count) < 0)
                 return 0;
  
-       dvb_ringbuffer_write(&dev->tsout_rbuf, buf, count);
+       dvb_ringbuffer_write_user(&dev->tsout_rbuf, buf, count);
  
         return count;
  }
author	Mauro Carvalho Chehab <m.chehab@samsung.com>
	Wed, 3 Sep 2014 23:44:04 +0000 (20:44 -0300)
committer	Mauro Carvalho Chehab <m.chehab@samsung.com>
	Mon, 8 Sep 2014 13:00:52 +0000 (10:00 -0300)
drivers/media/dvb-core/dvb_ringbuffer.c		patch \| blob \| blame \| history
drivers/media/dvb-core/dvb_ringbuffer.h		patch \| blob \| blame \| history
drivers/media/pci/ngene/ngene-dvb.c		patch \| blob \| blame \| history