tty: termios locking functions break with new termios type

Tue, 11 Sep 2007 17:59:22 -0700 

Gitweb:     
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f629307c857c030d5a3dd777fee37c8bb395e171
Commit:     f629307c857c030d5a3dd777fee37c8bb395e171
Parent:     179c85ea53bef807621f335767e41e23f86f01df
Author:     David Miller <[EMAIL PROTECTED]>
AuthorDate: Tue Sep 11 15:23:50 2007 -0700
Committer:  Linus Torvalds <[EMAIL PROTECTED]>
CommitDate: Tue Sep 11 17:21:20 2007 -0700

    tty: termios locking functions break with new termios type
    
    I ran into a few problems.
    
    n_tty_ioctl() for instance:
    
    drivers/char/tty_ioctl.c:799: error: $,1rxstruct termios$,1ry has no
    member named $,1rxc_ispeed$,1ry
    
    This is calling the copy interface that is supposed to be using
    a termios2 when the new interfaces are defined, however:
    
        case TIOCGLCKTRMIOS:
                if (kernel_termios_to_user_termios((struct termios __user 
*)arg, real_tty->termios_locked))
                        return -EFAULT;
                return 0;
    
    This is going to write over the end of the userspace
    structure by a few bytes, and wasn't caught by you yet
    because the i386 implementation is simply copy_to_user()
    which does zero type checking.
    
    Signed-off-by: Alan Cox <[EMAIL PROTECTED]>
    Cc: "David S. Miller" <[EMAIL PROTECTED]>
    Signed-off-by: Andrew Morton <[EMAIL PROTECTED]>
    Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]>
---
 drivers/char/tty_ioctl.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/char/tty_ioctl.c b/drivers/char/tty_ioctl.c
index 3423e9e..4a8969c 100644
--- a/drivers/char/tty_ioctl.c
+++ b/drivers/char/tty_ioctl.c
@@ -796,14 +796,14 @@ int n_tty_ioctl(struct tty_struct * tty, struct file * 
file,
                                retval = inq_canon(tty);
                        return put_user(retval, (unsigned int __user *) arg);
                case TIOCGLCKTRMIOS:
-                       if (kernel_termios_to_user_termios((struct termios 
__user *)arg, real_tty->termios_locked))
+                       if (kernel_termios_to_user_termios_1((struct termios 
__user *)arg, real_tty->termios_locked))
                                return -EFAULT;
                        return 0;
 
                case TIOCSLCKTRMIOS:
                        if (!capable(CAP_SYS_ADMIN))
                                return -EPERM;
-                       if 
(user_termios_to_kernel_termios(real_tty->termios_locked, (struct termios 
__user *) arg))
+                       if 
(user_termios_to_kernel_termios_1(real_tty->termios_locked, (struct termios 
__user *) arg))
                                return -EFAULT;
                        return 0;
 
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to