Module: xenomai-forge
Branch: next
Commit: a5e66c3953e841e50bb5fdf99578b34a68fa4248
URL:    
http://git.xenomai.org/?p=xenomai-forge.git;a=commit;h=a5e66c3953e841e50bb5fdf99578b34a68fa4248

Author: Philippe Gerum <r...@xenomai.org>
Date:   Wed Feb 19 18:28:10 2014 +0100

cobalt/posix: copy handle from user-space robustly

---

 kernel/cobalt/posix/cond.c     |    8 ++++----
 kernel/cobalt/posix/event.c    |    6 +++---
 kernel/cobalt/posix/internal.h |    6 ++++++
 kernel/cobalt/posix/monitor.c  |   10 +++++-----
 kernel/cobalt/posix/mutex.c    |   11 +++++------
 kernel/cobalt/posix/nsem.c     |    2 +-
 kernel/cobalt/posix/sem.c      |   14 +++++++-------
 7 files changed, 31 insertions(+), 26 deletions(-)

diff --git a/kernel/cobalt/posix/cond.c b/kernel/cobalt/posix/cond.c
index 3c22de2..b68a1df 100644
--- a/kernel/cobalt/posix/cond.c
+++ b/kernel/cobalt/posix/cond.c
@@ -419,10 +419,10 @@ int cobalt_cond_wait_prologue(struct cobalt_cond_shadow 
__user *u_cnd,
        xnhandle_t handle;
        int err, perr = 0;
 
-       __xn_get_user(handle, &u_cnd->handle);
+       handle = cobalt_get_handle_from_user(&u_cnd->handle);
        cnd = xnregistry_lookup(handle, NULL);
 
-       __xn_get_user(handle, &u_mx->handle);
+       handle = cobalt_get_handle_from_user(&u_mx->handle);
        mx = xnregistry_lookup(handle, NULL);
 
        if (!cnd->mutex) {
@@ -479,10 +479,10 @@ int cobalt_cond_wait_epilogue(struct cobalt_cond_shadow 
__user *u_cnd,
        xnhandle_t handle;
        int err;
 
-       __xn_get_user(handle, &u_cnd->handle);
+       handle = cobalt_get_handle_from_user(&u_cnd->handle);
        cnd = xnregistry_lookup(handle, NULL);
 
-       __xn_get_user(handle, &u_mx->handle);
+       handle = cobalt_get_handle_from_user(&u_mx->handle);
        mx = xnregistry_lookup(handle, NULL);
 
        err = cobalt_cond_timedwait_epilogue(cur, cnd, mx);
diff --git a/kernel/cobalt/posix/event.c b/kernel/cobalt/posix/event.c
index ebce65f..2f5a28ef 100644
--- a/kernel/cobalt/posix/event.c
+++ b/kernel/cobalt/posix/event.c
@@ -122,7 +122,7 @@ int cobalt_event_wait(struct cobalt_event_shadow __user 
*u_event,
        int ret = 0, info;
        spl_t s;
 
-       __xn_get_user(handle, &u_event->handle);
+       handle = cobalt_get_handle_from_user(&u_event->handle);
 
        if (u_ts) {
                if (__xn_safe_copy_from_user(&ts, u_ts, sizeof(ts)))
@@ -204,7 +204,7 @@ int cobalt_event_sync(struct cobalt_event_shadow __user 
*u_event)
        int ret = 0;
        spl_t s;
 
-       __xn_get_user(handle, &u_event->handle);
+       handle = cobalt_get_handle_from_user(&u_event->handle);
 
        xnlock_get_irqsave(&nklock, s);
 
@@ -268,7 +268,7 @@ int cobalt_event_destroy(struct cobalt_event_shadow __user 
*u_event)
        int ret = 0;
        spl_t s;
 
-       __xn_get_user(handle, &u_event->handle);
+       handle = cobalt_get_handle_from_user(&u_event->handle);
 
        xnlock_get_irqsave(&nklock, s);
 
diff --git a/kernel/cobalt/posix/internal.h b/kernel/cobalt/posix/internal.h
index 915871f..2b53073 100644
--- a/kernel/cobalt/posix/internal.h
+++ b/kernel/cobalt/posix/internal.h
@@ -64,6 +64,12 @@ static inline struct cobalt_kqueues *cobalt_kqueues(int 
pshared)
        return &ppd->kqueues;
 }
 
+static inline xnhandle_t cobalt_get_handle_from_user(xnhandle_t *u_h)
+{
+       xnhandle_t handle;
+       return __xn_get_user(handle, u_h) ? 0 : handle;
+}
+
 int cobalt_init(void);
 
 void cobalt_cleanup(void);
diff --git a/kernel/cobalt/posix/monitor.c b/kernel/cobalt/posix/monitor.c
index fd7c4fe..f1bc84d 100644
--- a/kernel/cobalt/posix/monitor.c
+++ b/kernel/cobalt/posix/monitor.c
@@ -158,7 +158,7 @@ int cobalt_monitor_enter(struct cobalt_monitor_shadow 
__user *u_mon)
        int ret;
        spl_t s;
 
-       __xn_get_user(handle, &u_mon->handle);
+       handle = cobalt_get_handle_from_user(&u_mon->handle);
 
        xnlock_get_irqsave(&nklock, s);
        ret = cobalt_monitor_enter_inner(handle);
@@ -243,7 +243,7 @@ int cobalt_monitor_wait(struct cobalt_monitor_shadow __user 
*u_mon,
        xntmode_t tmode;
        spl_t s;
 
-       __xn_get_user(handle, &u_mon->handle);
+       handle = cobalt_get_handle_from_user(&u_mon->handle);
 
        if (u_ts) {
                if (__xn_safe_copy_from_user(&ts, u_ts, sizeof(ts)))
@@ -321,7 +321,7 @@ int cobalt_monitor_sync(struct cobalt_monitor_shadow __user 
*u_mon)
        int ret = 0;
        spl_t s;
 
-       __xn_get_user(handle, &u_mon->handle);
+       handle = cobalt_get_handle_from_user(&u_mon->handle);
 
        xnlock_get_irqsave(&nklock, s);
 
@@ -347,7 +347,7 @@ int cobalt_monitor_exit(struct cobalt_monitor_shadow __user 
*u_mon)
        int ret = 0;
        spl_t s;
 
-       __xn_get_user(handle, &u_mon->handle);
+       handle = cobalt_get_handle_from_user(&u_mon->handle);
 
        xnlock_get_irqsave(&nklock, s);
 
@@ -395,7 +395,7 @@ int cobalt_monitor_destroy(struct cobalt_monitor_shadow 
__user *u_mon)
        int ret = 0;
        spl_t s;
 
-       __xn_get_user(handle, &u_mon->handle);
+       handle = cobalt_get_handle_from_user(&u_mon->handle);
 
        xnlock_get_irqsave(&nklock, s);
 
diff --git a/kernel/cobalt/posix/mutex.c b/kernel/cobalt/posix/mutex.c
index 99a7e64..78b6a2c 100644
--- a/kernel/cobalt/posix/mutex.c
+++ b/kernel/cobalt/posix/mutex.c
@@ -259,7 +259,7 @@ int cobalt_mutex_check_init(struct cobalt_mutex_shadow 
__user *u_mx)
        int err;
        spl_t s;
 
-       __xn_get_user(handle, &u_mx->handle);
+       handle = cobalt_get_handle_from_user(&u_mx->handle);
 
        xnlock_get_irqsave(&nklock, s);
        mutex = xnregistry_lookup(handle, NULL);
@@ -365,7 +365,7 @@ int cobalt_mutex_trylock(struct cobalt_mutex_shadow __user 
*u_mx)
        spl_t s;
        int err;
 
-       __xn_get_user(handle, &u_mx->handle);
+       handle = cobalt_get_handle_from_user(&u_mx->handle);
 
        xnlock_get_irqsave(&nklock, s);
        mutex = xnregistry_lookup(handle, NULL);
@@ -404,7 +404,7 @@ int cobalt_mutex_lock(struct cobalt_mutex_shadow __user 
*u_mx)
        spl_t s;
        int err;
 
-       __xn_get_user(handle, &u_mx->handle);
+       handle = cobalt_get_handle_from_user(&u_mx->handle);
 
        xnlock_get_irqsave(&nklock, s);
        err = cobalt_mutex_timedlock_break(xnregistry_lookup(handle, NULL),
@@ -421,7 +421,7 @@ int cobalt_mutex_timedlock(struct cobalt_mutex_shadow 
__user *u_mx,
        spl_t s;
        int err;
 
-       __xn_get_user(handle, &u_mx->handle);
+       handle = cobalt_get_handle_from_user(&u_mx->handle);
 
        xnlock_get_irqsave(&nklock, s);
        err = cobalt_mutex_timedlock_break(xnregistry_lookup(handle, NULL),
@@ -438,8 +438,7 @@ int cobalt_mutex_unlock(struct cobalt_mutex_shadow __user 
*u_mx)
        int err;
        spl_t s;
 
-
-       __xn_get_user(handle, &u_mx->handle);
+       handle = cobalt_get_handle_from_user(&u_mx->handle);
 
        xnlock_get_irqsave(&nklock, s);
        mutex = xnregistry_lookup(handle, NULL);
diff --git a/kernel/cobalt/posix/nsem.c b/kernel/cobalt/posix/nsem.c
index 346585f..e719560 100644
--- a/kernel/cobalt/posix/nsem.c
+++ b/kernel/cobalt/posix/nsem.c
@@ -223,7 +223,7 @@ int cobalt_sem_close(struct cobalt_sem_shadow __user *usm)
        if (cc == NULL)
                return -EPERM;
 
-       __xn_get_user(handle, &usm->handle);
+       handle = cobalt_get_handle_from_user(&usm->handle);
 
        return nsem_close(cc, handle);
 }
diff --git a/kernel/cobalt/posix/sem.c b/kernel/cobalt/posix/sem.c
index 7321d9c..6610fe5 100644
--- a/kernel/cobalt/posix/sem.c
+++ b/kernel/cobalt/posix/sem.c
@@ -675,7 +675,7 @@ int cobalt_sem_post(struct cobalt_sem_shadow __user *u_sem)
 {
        xnhandle_t handle;
 
-       __xn_get_user(handle, &u_sem->handle);
+       handle = cobalt_get_handle_from_user(&u_sem->handle);
 
        return sem_post(handle);
 }
@@ -684,7 +684,7 @@ int cobalt_sem_wait(struct cobalt_sem_shadow __user *u_sem)
 {
        xnhandle_t handle;
 
-       __xn_get_user(handle, &u_sem->handle);
+       handle = cobalt_get_handle_from_user(&u_sem->handle);
 
        return sem_wait(handle);
 }
@@ -694,7 +694,7 @@ int cobalt_sem_timedwait(struct cobalt_sem_shadow __user 
*u_sem,
 {
        xnhandle_t handle;
 
-       __xn_get_user(handle, &u_sem->handle);
+       handle = cobalt_get_handle_from_user(&u_sem->handle);
 
        return sem_timedwait(handle, u_ts);
 }
@@ -703,7 +703,7 @@ int cobalt_sem_trywait(struct cobalt_sem_shadow __user 
*u_sem)
 {
        xnhandle_t handle;
 
-       __xn_get_user(handle, &u_sem->handle);
+       handle = cobalt_get_handle_from_user(&u_sem->handle);
 
        return sem_trywait(handle);
 }
@@ -713,7 +713,7 @@ int cobalt_sem_getvalue(struct cobalt_sem_shadow __user 
*u_sem, int __user *u_sv
        xnhandle_t handle;
        int err, sval;
 
-       __xn_get_user(handle, &u_sem->handle);
+       handle = cobalt_get_handle_from_user(&u_sem->handle);
 
        err = sem_getvalue(handle, &sval);
        if (err < 0)
@@ -764,7 +764,7 @@ int cobalt_sem_broadcast_np(struct cobalt_sem_shadow __user 
*u_sem)
        spl_t s;
        int err;
 
-       __xn_get_user(handle, &u_sem->handle);
+       handle = cobalt_get_handle_from_user(&u_sem->handle);
 
        xnlock_get_irqsave(&nklock, s);
        sm = xnregistry_lookup(handle, NULL);
@@ -788,7 +788,7 @@ int cobalt_sem_inquire(struct cobalt_sem_shadow __user 
*u_sem,
        xnhandle_t handle;
        spl_t s;
 
-       __xn_get_user(handle, &u_sem->handle);
+       handle = cobalt_get_handle_from_user(&u_sem->handle);
 
        nrpids = waitsz / sizeof(pid_t);
 


_______________________________________________
Xenomai-git mailing list
Xenomai-git@xenomai.org
http://www.xenomai.org/mailman/listinfo/xenomai-git

Reply via email to