From: Dan Carpenter Date: Fri, 4 Jun 2010 10:38:40 +0000 (+0200) Subject: Staging: sep: return -EFAULT on copy_to_user errors X-Git-Tag: MMI-PSA29.97-13-9~23347^2 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=640f7dcfe047aa5859df5f5d41e7f6455a442b89;p=GitHub%2FMotorolaMobilityLLC%2Fkernel-slsi.git Staging: sep: return -EFAULT on copy_to_user errors copy_to_user() returns the number of bytes remaining but we want to return a negative error code here. These functions are used in the ioctl handler and the error code gets returned to userspace. Signed-off-by: Dan Carpenter Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/sep/sep_driver.c b/drivers/staging/sep/sep_driver.c index 0332c370fd82..ecbde3467b1b 100644 --- a/drivers/staging/sep/sep_driver.c +++ b/drivers/staging/sep/sep_driver.c @@ -594,8 +594,10 @@ static int sep_allocate_data_pool_memory_handler(struct sep_device *sep, dbg("SEP Driver:--------> sep_allocate_data_pool_memory_handler start\n"); error = copy_from_user(&command_args, (void *) arg, sizeof(struct sep_driver_alloc_t)); - if (error) + if (error) { + error = -EFAULT; goto end_function; + } /* allocate memory */ if ((sep->data_pool_bytes_allocated + command_args.num_bytes) > SEP_DRIVER_DATA_POOL_SHARED_AREA_SIZE_IN_BYTES) { @@ -609,8 +611,10 @@ static int sep_allocate_data_pool_memory_handler(struct sep_device *sep, /* write the memory back to the user space */ error = copy_to_user((void *) arg, (void *) &command_args, sizeof(struct sep_driver_alloc_t)); - if (error) + if (error) { + error = -EFAULT; goto end_function; + } /* set the allocation */ sep->data_pool_bytes_allocated += command_args.num_bytes; @@ -661,6 +665,8 @@ static int sep_write_into_data_pool_handler(struct sep_device *sep, unsigned lon } /* copy the application data */ error = copy_from_user(virt_address, (void *) app_in_address, num_bytes); + if (error) + error = -EFAULT; end_function: dbg("SEP Driver:<-------- sep_write_into_data_pool_handler end\n"); return error; @@ -711,6 +717,8 @@ static int sep_read_from_data_pool_handler(struct sep_device *sep, unsigned long /* copy the application data */ error = copy_to_user((void *) app_out_address, virt_address, num_bytes); + if (error) + error = -EFAULT; end_function: dbg("SEP Driver:<-------- sep_read_from_data_pool_handler end\n"); return error; @@ -1448,8 +1456,10 @@ static int sep_create_sync_dma_tables_handler(struct sep_device *sep, dbg("SEP Driver:--------> sep_create_sync_dma_tables_handler start\n"); error = copy_from_user(&command_args, (void *) arg, sizeof(struct sep_driver_build_sync_table_t)); - if (error) + if (error) { + error = -EFAULT; goto end_function; + } edbg("app_in_address is %08lx\n", command_args.app_in_address); edbg("app_out_address is %08lx\n", command_args.app_out_address); @@ -1799,8 +1809,10 @@ static int sep_create_flow_dma_tables_handler(struct sep_device *sep, goto end_function; error = copy_from_user(&command_args, (void *) arg, sizeof(struct sep_driver_build_flow_table_t)); - if (error) + if (error) { + error = -EFAULT; goto end_function; + } /* create flow tables */ error = sep_prepare_flow_dma_tables(sep, command_args.num_virtual_buffers, command_args.virt_buff_data_addr, flow_context_ptr, &first_table_data, &last_table_data, command_args.isKernelVirtualAddress); @@ -1819,8 +1831,10 @@ static int sep_create_flow_dma_tables_handler(struct sep_device *sep, /* send the parameters to user application */ error = copy_to_user((void *) arg, &command_args, sizeof(struct sep_driver_build_flow_table_t)); - if (error) + if (error) { + error = -EFAULT; goto end_function_with_error; + } /* all the flow created - update the flow entry with temp id */ flow_context_ptr->flow_id = SEP_TEMP_FLOW_ID; @@ -1861,8 +1875,10 @@ static int sep_add_flow_tables_handler(struct sep_device *sep, unsigned long arg /* get input parameters */ error = copy_from_user(&command_args, (void *) arg, sizeof(struct sep_driver_add_flow_table_t)); - if (error) + if (error) { + error = -EFAULT; goto end_function; + } /* find the flow structure for the flow id */ flow_context_ptr = sep_find_flow_context(sep, command_args.flow_id); @@ -1933,6 +1949,8 @@ static int sep_add_flow_tables_handler(struct sep_device *sep, unsigned long arg /* send the parameters to user application */ error = copy_to_user((void *) arg, &command_args, sizeof(struct sep_driver_add_flow_table_t)); + if (error) + error = -EFAULT; end_function_with_error: /* free the allocated tables */ sep_deallocated_flow_tables(&first_table_data); @@ -1953,8 +1971,10 @@ static int sep_add_flow_tables_message_handler(struct sep_device *sep, unsigned dbg("SEP Driver:--------> sep_add_flow_tables_message_handler start\n"); error = copy_from_user(&command_args, (void *) arg, sizeof(struct sep_driver_add_message_t)); - if (error) + if (error) { + error = -EFAULT; goto end_function; + } /* check input */ if (command_args.message_size_in_bytes > SEP_MAX_ADD_MESSAGE_LENGTH_IN_BYTES) { @@ -1970,6 +1990,8 @@ static int sep_add_flow_tables_message_handler(struct sep_device *sep, unsigned /* copy the message into context */ flow_context_ptr->message_size_in_bytes = command_args.message_size_in_bytes; error = copy_from_user(flow_context_ptr->message, (void *) command_args.message_address, command_args.message_size_in_bytes); + if (error) + error = -EFAULT; end_function: dbg("SEP Driver:<-------- sep_add_flow_tables_message_handler end\n"); return error; @@ -1994,6 +2016,8 @@ static int sep_get_static_pool_addr_handler(struct sep_device *sep, unsigned lon /* send the parameters to user application */ error = copy_to_user((void *) arg, &command_args, sizeof(struct sep_driver_static_pool_addr_t)); + if (error) + error = -EFAULT; dbg("SEP Driver:<-------- sep_get_static_pool_addr_handler end\n"); return error; } @@ -2010,8 +2034,10 @@ static int sep_get_physical_mapped_offset_handler(struct sep_device *sep, unsign dbg("SEP Driver:--------> sep_get_physical_mapped_offset_handler start\n"); error = copy_from_user(&command_args, (void *) arg, sizeof(struct sep_driver_get_mapped_offset_t)); - if (error) + if (error) { + error = -EFAULT; goto end_function; + } if (command_args.physical_address < sep->shared_bus) { error = -EINVAL; @@ -2025,6 +2051,8 @@ static int sep_get_physical_mapped_offset_handler(struct sep_device *sep, unsign /* send the parameters to user application */ error = copy_to_user((void *) arg, &command_args, sizeof(struct sep_driver_get_mapped_offset_t)); + if (error) + error = -EFAULT; end_function: dbg("SEP Driver:<-------- sep_get_physical_mapped_offset_handler end\n"); return error; @@ -2070,11 +2098,11 @@ static int sep_init_handler(struct sep_device *sep, unsigned long arg) error = 0; error = copy_from_user(&command_args, (void *) arg, sizeof(struct sep_driver_init_t)); - - dbg("SEP Driver:--------> sep_init_handler - finished copy_from_user \n"); - - if (error) + if (error) { + error = -EFAULT; goto end_function; + } + dbg("SEP Driver:--------> sep_init_handler - finished copy_from_user\n"); /* PATCH - configure the DMA to single -burst instead of multi-burst */ /*sep_configure_dma_burst(); */