OMAPDSS: VENC: fix NULL pointer dereference in DSS2 VENC sysfs debug attr on OMAP4
[zen-stable.git] / ipc / compat.c
blob845a28738d3a824e5c7a4cd583c28c9d793467cf
1 /*
2 * 32 bit compatibility code for System V IPC
4 * Copyright (C) 1997,1998 Jakub Jelinek (jj@sunsite.mff.cuni.cz)
5 * Copyright (C) 1997 David S. Miller (davem@caip.rutgers.edu)
6 * Copyright (C) 1999 Arun Sharma <arun.sharma@intel.com>
7 * Copyright (C) 2000 VA Linux Co
8 * Copyright (C) 2000 Don Dugger <n0ano@valinux.com>
9 * Copyright (C) 2000 Hewlett-Packard Co.
10 * Copyright (C) 2000 David Mosberger-Tang <davidm@hpl.hp.com>
11 * Copyright (C) 2000 Gerhard Tonn (ton@de.ibm.com)
12 * Copyright (C) 2000-2002 Andi Kleen, SuSE Labs (x86-64 port)
13 * Copyright (C) 2000 Silicon Graphics, Inc.
14 * Copyright (C) 2001 IBM
15 * Copyright (C) 2004 IBM Deutschland Entwicklung GmbH, IBM Corporation
16 * Copyright (C) 2004 Arnd Bergmann (arnd@arndb.de)
18 * This code is collected from the versions for sparc64, mips64, s390x, ia64,
19 * ppc64 and x86_64, all of which are based on the original sparc64 version
20 * by Jakub Jelinek.
23 #include <linux/compat.h>
24 #include <linux/errno.h>
25 #include <linux/highuid.h>
26 #include <linux/init.h>
27 #include <linux/msg.h>
28 #include <linux/shm.h>
29 #include <linux/syscalls.h>
31 #include <linux/mutex.h>
32 #include <asm/uaccess.h>
34 #include "util.h"
36 struct compat_msgbuf {
37 compat_long_t mtype;
38 char mtext[1];
41 struct compat_ipc_perm {
42 key_t key;
43 __compat_uid_t uid;
44 __compat_gid_t gid;
45 __compat_uid_t cuid;
46 __compat_gid_t cgid;
47 compat_mode_t mode;
48 unsigned short seq;
51 struct compat_semid_ds {
52 struct compat_ipc_perm sem_perm;
53 compat_time_t sem_otime;
54 compat_time_t sem_ctime;
55 compat_uptr_t sem_base;
56 compat_uptr_t sem_pending;
57 compat_uptr_t sem_pending_last;
58 compat_uptr_t undo;
59 unsigned short sem_nsems;
62 struct compat_msqid_ds {
63 struct compat_ipc_perm msg_perm;
64 compat_uptr_t msg_first;
65 compat_uptr_t msg_last;
66 compat_time_t msg_stime;
67 compat_time_t msg_rtime;
68 compat_time_t msg_ctime;
69 compat_ulong_t msg_lcbytes;
70 compat_ulong_t msg_lqbytes;
71 unsigned short msg_cbytes;
72 unsigned short msg_qnum;
73 unsigned short msg_qbytes;
74 compat_ipc_pid_t msg_lspid;
75 compat_ipc_pid_t msg_lrpid;
78 struct compat_shmid_ds {
79 struct compat_ipc_perm shm_perm;
80 int shm_segsz;
81 compat_time_t shm_atime;
82 compat_time_t shm_dtime;
83 compat_time_t shm_ctime;
84 compat_ipc_pid_t shm_cpid;
85 compat_ipc_pid_t shm_lpid;
86 unsigned short shm_nattch;
87 unsigned short shm_unused;
88 compat_uptr_t shm_unused2;
89 compat_uptr_t shm_unused3;
92 struct compat_ipc_kludge {
93 compat_uptr_t msgp;
94 compat_long_t msgtyp;
97 struct compat_shminfo64 {
98 compat_ulong_t shmmax;
99 compat_ulong_t shmmin;
100 compat_ulong_t shmmni;
101 compat_ulong_t shmseg;
102 compat_ulong_t shmall;
103 compat_ulong_t __unused1;
104 compat_ulong_t __unused2;
105 compat_ulong_t __unused3;
106 compat_ulong_t __unused4;
109 struct compat_shm_info {
110 compat_int_t used_ids;
111 compat_ulong_t shm_tot, shm_rss, shm_swp;
112 compat_ulong_t swap_attempts, swap_successes;
115 extern int sem_ctls[];
116 #define sc_semopm (sem_ctls[2])
118 static inline int compat_ipc_parse_version(int *cmd)
120 int version = *cmd & IPC_64;
122 /* this is tricky: architectures that have support for the old
123 * ipc structures in 64 bit binaries need to have IPC_64 set
124 * in cmd, the others need to have it cleared */
125 #ifndef ipc_parse_version
126 *cmd |= IPC_64;
127 #else
128 *cmd &= ~IPC_64;
129 #endif
130 return version;
133 static inline int __get_compat_ipc64_perm(struct ipc64_perm *p64,
134 struct compat_ipc64_perm __user *up64)
136 int err;
138 err = __get_user(p64->uid, &up64->uid);
139 err |= __get_user(p64->gid, &up64->gid);
140 err |= __get_user(p64->mode, &up64->mode);
141 return err;
144 static inline int __get_compat_ipc_perm(struct ipc64_perm *p,
145 struct compat_ipc_perm __user *up)
147 int err;
149 err = __get_user(p->uid, &up->uid);
150 err |= __get_user(p->gid, &up->gid);
151 err |= __get_user(p->mode, &up->mode);
152 return err;
155 static inline int __put_compat_ipc64_perm(struct ipc64_perm *p64,
156 struct compat_ipc64_perm __user *up64)
158 int err;
160 err = __put_user(p64->key, &up64->key);
161 err |= __put_user(p64->uid, &up64->uid);
162 err |= __put_user(p64->gid, &up64->gid);
163 err |= __put_user(p64->cuid, &up64->cuid);
164 err |= __put_user(p64->cgid, &up64->cgid);
165 err |= __put_user(p64->mode, &up64->mode);
166 err |= __put_user(p64->seq, &up64->seq);
167 return err;
170 static inline int __put_compat_ipc_perm(struct ipc64_perm *p,
171 struct compat_ipc_perm __user *up)
173 int err;
174 __compat_uid_t u;
175 __compat_gid_t g;
177 err = __put_user(p->key, &up->key);
178 SET_UID(u, p->uid);
179 err |= __put_user(u, &up->uid);
180 SET_GID(g, p->gid);
181 err |= __put_user(g, &up->gid);
182 SET_UID(u, p->cuid);
183 err |= __put_user(u, &up->cuid);
184 SET_GID(g, p->cgid);
185 err |= __put_user(g, &up->cgid);
186 err |= __put_user(p->mode, &up->mode);
187 err |= __put_user(p->seq, &up->seq);
188 return err;
191 static inline int get_compat_semid64_ds(struct semid64_ds *s64,
192 struct compat_semid64_ds __user *up64)
194 if (!access_ok (VERIFY_READ, up64, sizeof(*up64)))
195 return -EFAULT;
196 return __get_compat_ipc64_perm(&s64->sem_perm, &up64->sem_perm);
199 static inline int get_compat_semid_ds(struct semid64_ds *s,
200 struct compat_semid_ds __user *up)
202 if (!access_ok (VERIFY_READ, up, sizeof(*up)))
203 return -EFAULT;
204 return __get_compat_ipc_perm(&s->sem_perm, &up->sem_perm);
207 static inline int put_compat_semid64_ds(struct semid64_ds *s64,
208 struct compat_semid64_ds __user *up64)
210 int err;
212 if (!access_ok (VERIFY_WRITE, up64, sizeof(*up64)))
213 return -EFAULT;
214 err = __put_compat_ipc64_perm(&s64->sem_perm, &up64->sem_perm);
215 err |= __put_user(s64->sem_otime, &up64->sem_otime);
216 err |= __put_user(s64->sem_ctime, &up64->sem_ctime);
217 err |= __put_user(s64->sem_nsems, &up64->sem_nsems);
218 return err;
221 static inline int put_compat_semid_ds(struct semid64_ds *s,
222 struct compat_semid_ds __user *up)
224 int err;
226 if (!access_ok (VERIFY_WRITE, up, sizeof(*up)))
227 return -EFAULT;
228 err = __put_compat_ipc_perm(&s->sem_perm, &up->sem_perm);
229 err |= __put_user(s->sem_otime, &up->sem_otime);
230 err |= __put_user(s->sem_ctime, &up->sem_ctime);
231 err |= __put_user(s->sem_nsems, &up->sem_nsems);
232 return err;
235 long compat_sys_semctl(int first, int second, int third, void __user *uptr)
237 union semun fourth;
238 u32 pad;
239 int err, err2;
240 struct semid64_ds s64;
241 struct semid64_ds __user *up64;
242 int version = compat_ipc_parse_version(&third);
244 memset(&s64, 0, sizeof(s64));
246 if (!uptr)
247 return -EINVAL;
248 if (get_user(pad, (u32 __user *) uptr))
249 return -EFAULT;
250 if ((third & (~IPC_64)) == SETVAL)
251 fourth.val = (int) pad;
252 else
253 fourth.__pad = compat_ptr(pad);
254 switch (third & (~IPC_64)) {
255 case IPC_INFO:
256 case IPC_RMID:
257 case SEM_INFO:
258 case GETVAL:
259 case GETPID:
260 case GETNCNT:
261 case GETZCNT:
262 case GETALL:
263 case SETVAL:
264 case SETALL:
265 err = sys_semctl(first, second, third, fourth);
266 break;
268 case IPC_STAT:
269 case SEM_STAT:
270 up64 = compat_alloc_user_space(sizeof(s64));
271 fourth.__pad = up64;
272 err = sys_semctl(first, second, third, fourth);
273 if (err < 0)
274 break;
275 if (copy_from_user(&s64, up64, sizeof(s64)))
276 err2 = -EFAULT;
277 else if (version == IPC_64)
278 err2 = put_compat_semid64_ds(&s64, compat_ptr(pad));
279 else
280 err2 = put_compat_semid_ds(&s64, compat_ptr(pad));
281 if (err2)
282 err = -EFAULT;
283 break;
285 case IPC_SET:
286 if (version == IPC_64) {
287 err = get_compat_semid64_ds(&s64, compat_ptr(pad));
288 } else {
289 err = get_compat_semid_ds(&s64, compat_ptr(pad));
291 up64 = compat_alloc_user_space(sizeof(s64));
292 if (copy_to_user(up64, &s64, sizeof(s64)))
293 err = -EFAULT;
294 if (err)
295 break;
297 fourth.__pad = up64;
298 err = sys_semctl(first, second, third, fourth);
299 break;
301 default:
302 err = -EINVAL;
303 break;
305 return err;
308 long compat_sys_msgsnd(int first, int second, int third, void __user *uptr)
310 struct compat_msgbuf __user *up = uptr;
311 long type;
313 if (first < 0)
314 return -EINVAL;
315 if (second < 0)
316 return -EINVAL;
318 if (get_user(type, &up->mtype))
319 return -EFAULT;
321 return do_msgsnd(first, type, up->mtext, second, third);
324 long compat_sys_msgrcv(int first, int second, int msgtyp, int third,
325 int version, void __user *uptr)
327 struct compat_msgbuf __user *up;
328 long type;
329 int err;
331 if (first < 0)
332 return -EINVAL;
333 if (second < 0)
334 return -EINVAL;
336 if (!version) {
337 struct compat_ipc_kludge ipck;
338 err = -EINVAL;
339 if (!uptr)
340 goto out;
341 err = -EFAULT;
342 if (copy_from_user (&ipck, uptr, sizeof(ipck)))
343 goto out;
344 uptr = compat_ptr(ipck.msgp);
345 msgtyp = ipck.msgtyp;
347 up = uptr;
348 err = do_msgrcv(first, &type, up->mtext, second, msgtyp, third);
349 if (err < 0)
350 goto out;
351 if (put_user(type, &up->mtype))
352 err = -EFAULT;
353 out:
354 return err;
357 static inline int get_compat_msqid64(struct msqid64_ds *m64,
358 struct compat_msqid64_ds __user *up64)
360 int err;
362 if (!access_ok(VERIFY_READ, up64, sizeof(*up64)))
363 return -EFAULT;
364 err = __get_compat_ipc64_perm(&m64->msg_perm, &up64->msg_perm);
365 err |= __get_user(m64->msg_qbytes, &up64->msg_qbytes);
366 return err;
369 static inline int get_compat_msqid(struct msqid64_ds *m,
370 struct compat_msqid_ds __user *up)
372 int err;
374 if (!access_ok(VERIFY_READ, up, sizeof(*up)))
375 return -EFAULT;
376 err = __get_compat_ipc_perm(&m->msg_perm, &up->msg_perm);
377 err |= __get_user(m->msg_qbytes, &up->msg_qbytes);
378 return err;
381 static inline int put_compat_msqid64_ds(struct msqid64_ds *m64,
382 struct compat_msqid64_ds __user *up64)
384 int err;
386 if (!access_ok(VERIFY_WRITE, up64, sizeof(*up64)))
387 return -EFAULT;
388 err = __put_compat_ipc64_perm(&m64->msg_perm, &up64->msg_perm);
389 err |= __put_user(m64->msg_stime, &up64->msg_stime);
390 err |= __put_user(m64->msg_rtime, &up64->msg_rtime);
391 err |= __put_user(m64->msg_ctime, &up64->msg_ctime);
392 err |= __put_user(m64->msg_cbytes, &up64->msg_cbytes);
393 err |= __put_user(m64->msg_qnum, &up64->msg_qnum);
394 err |= __put_user(m64->msg_qbytes, &up64->msg_qbytes);
395 err |= __put_user(m64->msg_lspid, &up64->msg_lspid);
396 err |= __put_user(m64->msg_lrpid, &up64->msg_lrpid);
397 return err;
400 static inline int put_compat_msqid_ds(struct msqid64_ds *m,
401 struct compat_msqid_ds __user *up)
403 int err;
405 if (!access_ok(VERIFY_WRITE, up, sizeof(*up)))
406 return -EFAULT;
407 err = __put_compat_ipc_perm(&m->msg_perm, &up->msg_perm);
408 err |= __put_user(m->msg_stime, &up->msg_stime);
409 err |= __put_user(m->msg_rtime, &up->msg_rtime);
410 err |= __put_user(m->msg_ctime, &up->msg_ctime);
411 err |= __put_user(m->msg_cbytes, &up->msg_cbytes);
412 err |= __put_user(m->msg_qnum, &up->msg_qnum);
413 err |= __put_user(m->msg_qbytes, &up->msg_qbytes);
414 err |= __put_user(m->msg_lspid, &up->msg_lspid);
415 err |= __put_user(m->msg_lrpid, &up->msg_lrpid);
416 return err;
419 long compat_sys_msgctl(int first, int second, void __user *uptr)
421 int err, err2;
422 struct msqid64_ds m64;
423 int version = compat_ipc_parse_version(&second);
424 void __user *p;
426 memset(&m64, 0, sizeof(m64));
428 switch (second & (~IPC_64)) {
429 case IPC_INFO:
430 case IPC_RMID:
431 case MSG_INFO:
432 err = sys_msgctl(first, second, uptr);
433 break;
435 case IPC_SET:
436 if (version == IPC_64) {
437 err = get_compat_msqid64(&m64, uptr);
438 } else {
439 err = get_compat_msqid(&m64, uptr);
441 if (err)
442 break;
443 p = compat_alloc_user_space(sizeof(m64));
444 if (copy_to_user(p, &m64, sizeof(m64)))
445 err = -EFAULT;
446 else
447 err = sys_msgctl(first, second, p);
448 break;
450 case IPC_STAT:
451 case MSG_STAT:
452 p = compat_alloc_user_space(sizeof(m64));
453 err = sys_msgctl(first, second, p);
454 if (err < 0)
455 break;
456 if (copy_from_user(&m64, p, sizeof(m64)))
457 err2 = -EFAULT;
458 else if (version == IPC_64)
459 err2 = put_compat_msqid64_ds(&m64, uptr);
460 else
461 err2 = put_compat_msqid_ds(&m64, uptr);
462 if (err2)
463 err = -EFAULT;
464 break;
466 default:
467 err = -EINVAL;
468 break;
470 return err;
473 long compat_sys_shmat(int first, int second, compat_uptr_t third, int version,
474 void __user *uptr)
476 int err;
477 unsigned long raddr;
478 compat_ulong_t __user *uaddr;
480 if (version == 1)
481 return -EINVAL;
482 err = do_shmat(first, uptr, second, &raddr);
483 if (err < 0)
484 return err;
485 uaddr = compat_ptr(third);
486 return put_user(raddr, uaddr);
489 static inline int get_compat_shmid64_ds(struct shmid64_ds *s64,
490 struct compat_shmid64_ds __user *up64)
492 if (!access_ok(VERIFY_READ, up64, sizeof(*up64)))
493 return -EFAULT;
494 return __get_compat_ipc64_perm(&s64->shm_perm, &up64->shm_perm);
497 static inline int get_compat_shmid_ds(struct shmid64_ds *s,
498 struct compat_shmid_ds __user *up)
500 if (!access_ok(VERIFY_READ, up, sizeof(*up)))
501 return -EFAULT;
502 return __get_compat_ipc_perm(&s->shm_perm, &up->shm_perm);
505 static inline int put_compat_shmid64_ds(struct shmid64_ds *s64,
506 struct compat_shmid64_ds __user *up64)
508 int err;
510 if (!access_ok(VERIFY_WRITE, up64, sizeof(*up64)))
511 return -EFAULT;
512 err = __put_compat_ipc64_perm(&s64->shm_perm, &up64->shm_perm);
513 err |= __put_user(s64->shm_atime, &up64->shm_atime);
514 err |= __put_user(s64->shm_dtime, &up64->shm_dtime);
515 err |= __put_user(s64->shm_ctime, &up64->shm_ctime);
516 err |= __put_user(s64->shm_segsz, &up64->shm_segsz);
517 err |= __put_user(s64->shm_nattch, &up64->shm_nattch);
518 err |= __put_user(s64->shm_cpid, &up64->shm_cpid);
519 err |= __put_user(s64->shm_lpid, &up64->shm_lpid);
520 return err;
523 static inline int put_compat_shmid_ds(struct shmid64_ds *s,
524 struct compat_shmid_ds __user *up)
526 int err;
528 if (!access_ok(VERIFY_WRITE, up, sizeof(*up)))
529 return -EFAULT;
530 err = __put_compat_ipc_perm(&s->shm_perm, &up->shm_perm);
531 err |= __put_user(s->shm_atime, &up->shm_atime);
532 err |= __put_user(s->shm_dtime, &up->shm_dtime);
533 err |= __put_user(s->shm_ctime, &up->shm_ctime);
534 err |= __put_user(s->shm_segsz, &up->shm_segsz);
535 err |= __put_user(s->shm_nattch, &up->shm_nattch);
536 err |= __put_user(s->shm_cpid, &up->shm_cpid);
537 err |= __put_user(s->shm_lpid, &up->shm_lpid);
538 return err;
541 static inline int put_compat_shminfo64(struct shminfo64 *smi,
542 struct compat_shminfo64 __user *up64)
544 int err;
546 if (!access_ok(VERIFY_WRITE, up64, sizeof(*up64)))
547 return -EFAULT;
548 if (smi->shmmax > INT_MAX)
549 smi->shmmax = INT_MAX;
550 err = __put_user(smi->shmmax, &up64->shmmax);
551 err |= __put_user(smi->shmmin, &up64->shmmin);
552 err |= __put_user(smi->shmmni, &up64->shmmni);
553 err |= __put_user(smi->shmseg, &up64->shmseg);
554 err |= __put_user(smi->shmall, &up64->shmall);
555 return err;
558 static inline int put_compat_shminfo(struct shminfo64 *smi,
559 struct shminfo __user *up)
561 int err;
563 if (!access_ok(VERIFY_WRITE, up, sizeof(*up)))
564 return -EFAULT;
565 if (smi->shmmax > INT_MAX)
566 smi->shmmax = INT_MAX;
567 err = __put_user(smi->shmmax, &up->shmmax);
568 err |= __put_user(smi->shmmin, &up->shmmin);
569 err |= __put_user(smi->shmmni, &up->shmmni);
570 err |= __put_user(smi->shmseg, &up->shmseg);
571 err |= __put_user(smi->shmall, &up->shmall);
572 return err;
575 static inline int put_compat_shm_info(struct shm_info __user *ip,
576 struct compat_shm_info __user *uip)
578 int err;
579 struct shm_info si;
581 if (!access_ok(VERIFY_WRITE, uip, sizeof(*uip)) ||
582 copy_from_user(&si, ip, sizeof(si)))
583 return -EFAULT;
584 err = __put_user(si.used_ids, &uip->used_ids);
585 err |= __put_user(si.shm_tot, &uip->shm_tot);
586 err |= __put_user(si.shm_rss, &uip->shm_rss);
587 err |= __put_user(si.shm_swp, &uip->shm_swp);
588 err |= __put_user(si.swap_attempts, &uip->swap_attempts);
589 err |= __put_user(si.swap_successes, &uip->swap_successes);
590 return err;
593 long compat_sys_shmctl(int first, int second, void __user *uptr)
595 void __user *p;
596 struct shmid64_ds s64;
597 struct shminfo64 smi;
598 int err, err2;
599 int version = compat_ipc_parse_version(&second);
601 memset(&s64, 0, sizeof(s64));
603 switch (second & (~IPC_64)) {
604 case IPC_RMID:
605 case SHM_LOCK:
606 case SHM_UNLOCK:
607 err = sys_shmctl(first, second, uptr);
608 break;
610 case IPC_INFO:
611 p = compat_alloc_user_space(sizeof(smi));
612 err = sys_shmctl(first, second, p);
613 if (err < 0)
614 break;
615 if (copy_from_user(&smi, p, sizeof(smi)))
616 err2 = -EFAULT;
617 else if (version == IPC_64)
618 err2 = put_compat_shminfo64(&smi, uptr);
619 else
620 err2 = put_compat_shminfo(&smi, uptr);
621 if (err2)
622 err = -EFAULT;
623 break;
626 case IPC_SET:
627 if (version == IPC_64) {
628 err = get_compat_shmid64_ds(&s64, uptr);
629 } else {
630 err = get_compat_shmid_ds(&s64, uptr);
632 if (err)
633 break;
634 p = compat_alloc_user_space(sizeof(s64));
635 if (copy_to_user(p, &s64, sizeof(s64)))
636 err = -EFAULT;
637 else
638 err = sys_shmctl(first, second, p);
639 break;
641 case IPC_STAT:
642 case SHM_STAT:
643 p = compat_alloc_user_space(sizeof(s64));
644 err = sys_shmctl(first, second, p);
645 if (err < 0)
646 break;
647 if (copy_from_user(&s64, p, sizeof(s64)))
648 err2 = -EFAULT;
649 else if (version == IPC_64)
650 err2 = put_compat_shmid64_ds(&s64, uptr);
651 else
652 err2 = put_compat_shmid_ds(&s64, uptr);
653 if (err2)
654 err = -EFAULT;
655 break;
657 case SHM_INFO:
658 p = compat_alloc_user_space(sizeof(struct shm_info));
659 err = sys_shmctl(first, second, p);
660 if (err < 0)
661 break;
662 err2 = put_compat_shm_info(p, uptr);
663 if (err2)
664 err = -EFAULT;
665 break;
667 default:
668 err = -EINVAL;
669 break;
671 return err;
674 long compat_sys_semtimedop(int semid, struct sembuf __user *tsems,
675 unsigned nsops, const struct compat_timespec __user *timeout)
677 struct timespec __user *ts64 = NULL;
678 if (timeout) {
679 struct timespec ts;
680 ts64 = compat_alloc_user_space(sizeof(*ts64));
681 if (get_compat_timespec(&ts, timeout))
682 return -EFAULT;
683 if (copy_to_user(ts64, &ts, sizeof(ts)))
684 return -EFAULT;
686 return sys_semtimedop(semid, tsems, nsops, ts64);