git://git.onelab.eu
/
linux-2.6.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
fedora core 6 1.2949 + vserver 2.2.0
[linux-2.6.git]
/
fs
/
coda
/
upcall.c
diff --git
a/fs/coda/upcall.c
b/fs/coda/upcall.c
index
569e144
..
a5b5e63
100644
(file)
--- a/
fs/coda/upcall.c
+++ b/
fs/coda/upcall.c
@@
-15,7
+15,6
@@
*/
#include <asm/system.h>
*/
#include <asm/system.h>
-#include <asm/signal.h>
#include <linux/signal.h>
#include <linux/types.h>
#include <linux/signal.h>
#include <linux/types.h>
@@
-331,7
+330,7
@@
int venus_rename(struct super_block *sb, struct CodaFid *old_fid,
}
int venus_create(struct super_block *sb, struct CodaFid *dirfid,
}
int venus_create(struct super_block *sb, struct CodaFid *dirfid,
- const char *name, int length, int excl, int mode,
dev_t rdev,
+ const char *name, int length, int excl, int mode,
struct CodaFid *newfid, struct coda_vattr *attrs)
{
union inputArgs *inp;
struct CodaFid *newfid, struct coda_vattr *attrs)
{
union inputArgs *inp;
@@
-345,7
+344,6
@@
int venus_create(struct super_block *sb, struct CodaFid *dirfid,
inp->coda_create.VFid = *dirfid;
inp->coda_create.attr.va_mode = mode;
inp->coda_create.VFid = *dirfid;
inp->coda_create.attr.va_mode = mode;
- inp->coda_create.attr.va_rdev = huge_encode_dev(rdev);
inp->coda_create.excl = excl;
inp->coda_create.mode = mode;
inp->coda_create.name = offset;
inp->coda_create.excl = excl;
inp->coda_create.mode = mode;
inp->coda_create.name = offset;
@@
-555,6
+553,11
@@
int venus_pioctl(struct super_block *sb, struct CodaFid *fid,
goto exit;
}
goto exit;
}
+ if (data->vi.out_size > VC_MAXDATASIZE) {
+ error = -EINVAL;
+ goto exit;
+ }
+
inp->coda_ioctl.VFid = *fid;
/* the cmd field was mutated by increasing its size field to
inp->coda_ioctl.VFid = *fid;
/* the cmd field was mutated by increasing its size field to
@@
-583,25
+586,32
@@
int venus_pioctl(struct super_block *sb, struct CodaFid *fid,
error, coda_f2s(fid));
goto exit;
}
error, coda_f2s(fid));
goto exit;
}
+
+ if (outsize < (long)outp->coda_ioctl.data + outp->coda_ioctl.len) {
+ error = -EINVAL;
+ goto exit;
+ }
/* Copy out the OUT buffer. */
if (outp->coda_ioctl.len > data->vi.out_size) {
error = -EINVAL;
/* Copy out the OUT buffer. */
if (outp->coda_ioctl.len > data->vi.out_size) {
error = -EINVAL;
- } else {
- if (copy_to_user(data->vi.out,
- (char *)outp + (long)outp->coda_ioctl.data,
- data->vi.out_size)) {
- error = -EFAULT;
- goto exit;
- }
+ goto exit;
}
}
+ /* Copy out the OUT buffer. */
+ if (copy_to_user(data->vi.out,
+ (char *)outp + (long)outp->coda_ioctl.data,
+ outp->coda_ioctl.len)) {
+ error = -EFAULT;
+ goto exit;
+ }
+
exit:
CODA_FREE(inp, insize);
return error;
}
exit:
CODA_FREE(inp, insize);
return error;
}
-int venus_statfs(struct
super_block *sb, struct kstatfs *sfs)
+int venus_statfs(struct
dentry *dentry, struct kstatfs *sfs)
{
union inputArgs *inp;
union outputArgs *outp;
{
union inputArgs *inp;
union outputArgs *outp;
@@
-610,7
+620,7
@@
int venus_statfs(struct super_block *sb, struct kstatfs *sfs)
insize = max_t(unsigned int, INSIZE(statfs), OUTSIZE(statfs));
UPARG(CODA_STATFS);
insize = max_t(unsigned int, INSIZE(statfs), OUTSIZE(statfs));
UPARG(CODA_STATFS);
- error = coda_upcall(coda_sbp(sb), insize, &outsize, inp);
+ error = coda_upcall(coda_sbp(
dentry->d_
sb), insize, &outsize, inp);
if (!error) {
sfs->f_blocks = outp->coda_statfs.stat.f_blocks;
if (!error) {
sfs->f_blocks = outp->coda_statfs.stat.f_blocks;
@@
-715,7
+725,7
@@
static int coda_upcall(struct coda_sb_info *sbi,
((union inputArgs *)buffer)->ih.unique = req->uc_unique;
/* Append msg to pending queue and poke Venus. */
((union inputArgs *)buffer)->ih.unique = req->uc_unique;
/* Append msg to pending queue and poke Venus. */
- list_add
(&(req->uc_chain), vcommp->vc_pending.prev
);
+ list_add
_tail(&(req->uc_chain), &vcommp->vc_pending
);
wake_up_interruptible(&vcommp->vc_waitq);
/* We can be interrupted while we wait for Venus to process
wake_up_interruptible(&vcommp->vc_waitq);
/* We can be interrupted while we wait for Venus to process