This commit was manufactured by cvs2svn to create tag

[linux-2.6.git] / drivers / ieee1394 / video1394.c

diff --git a/drivers/ieee1394/video1394.c b/drivers/ieee1394/video1394.c
index fd40358..e954d08 100644 (file)
--- a/drivers/ieee1394/video1394.c
+++ b/drivers/ieee1394/video1394.c
@@ -1003,9 +1003,11 @@ static int video1394_ioctl(struct inode *inode, struct file *file,
        case VIDEO1394_IOC_TALK_QUEUE_BUFFER:
        {
                struct video1394_wait v;
-               unsigned int *psizes = NULL;
+               struct video1394_queue_variable qv;
                struct dma_iso_ctx *d;
 
+               qv.packet_sizes = NULL;
+
                if (copy_from_user(&v, argp, sizeof(v)))
                        return -EFAULT;
 
@@ -1019,21 +1021,22 @@ static int video1394_ioctl(struct inode *inode, struct file *file,
                }
 
                if (d->flags & VIDEO1394_VARIABLE_PACKET_SIZE) {
+                       unsigned int *psizes;
                        int buf_size = d->nb_cmd * sizeof(unsigned int);
-                       struct video1394_queue_variable __user *p = argp;
-                       unsigned int __user *qv;
 
-                       if (get_user(qv, &p->packet_sizes))
+                       if (copy_from_user(&qv, argp, sizeof(qv)))
                                return -EFAULT;
 
                        psizes = kmalloc(buf_size, GFP_KERNEL);
                        if (!psizes)
                                return -ENOMEM;
 
-                       if (copy_from_user(psizes, qv, buf_size)) {
+                       if (copy_from_user(psizes, qv.packet_sizes, buf_size)) {
                                kfree(psizes);
                                return -EFAULT;
                        }
+
+                       qv.packet_sizes = psizes;
                }
 
                spin_lock_irqsave(&d->lock,flags);
@@ -1042,14 +1045,14 @@ static int video1394_ioctl(struct inode *inode, struct file *file,
                        PRINT(KERN_ERR, ohci->host->id,
                              "Buffer %d is already used",v.buffer);
                        spin_unlock_irqrestore(&d->lock,flags);
-                       if (psizes)
-                               kfree(psizes);
+                       if (qv.packet_sizes)
+                               kfree(qv.packet_sizes);
                        return -EFAULT;
                }
 
                if (d->flags & VIDEO1394_VARIABLE_PACKET_SIZE) {
                        initialize_dma_it_prg_var_packet_queue(
-                               d, v.buffer, psizes,
+                               d, v.buffer, qv.packet_sizes,
                                ohci);
                }
 
@@ -1098,8 +1101,8 @@ static int video1394_ioctl(struct inode *inode, struct file *file,
                        }
                }
 
-               if (psizes)
-                       kfree(psizes);
+               if (qv.packet_sizes)
+                       kfree(qv.packet_sizes);
 
                return 0;
 
@@ -1336,7 +1339,6 @@ struct video1394_wait32 {
 static int video1394_wr_wait32(unsigned int fd, unsigned int cmd, unsigned long arg,
                               struct file *file)
 {
-        struct video1394_wait32 __user *argp = (void __user *)arg;
         struct video1394_wait32 wait32;
         struct video1394_wait wait;
         mm_segment_t old_fs;
@@ -1345,7 +1347,7 @@ static int video1394_wr_wait32(unsigned int fd, unsigned int cmd, unsigned long
        if (file->f_op->ioctl != video1394_ioctl)
                return -EFAULT;
 
-        if (copy_from_user(&wait32, argp, sizeof(wait32)))
+        if (copy_from_user(&wait32, (void *)arg, sizeof(wait32)))
                 return -EFAULT;
 
         wait.channel = wait32.channel;
@@ -1371,7 +1373,7 @@ static int video1394_wr_wait32(unsigned int fd, unsigned int cmd, unsigned long
                 wait32.filltime.tv_sec = (int)wait.filltime.tv_sec;
                 wait32.filltime.tv_usec = (int)wait.filltime.tv_usec;
 
-                if (copy_to_user(argp, &wait32, sizeof(wait32)))
+                if (copy_to_user((struct video1394_wait32 *)arg, &wait32, sizeof(wait32)))
                         ret = -EFAULT;
         }
 
@@ -1389,7 +1391,7 @@ static int video1394_w_wait32(unsigned int fd, unsigned int cmd, unsigned long a
        if (file->f_op->ioctl != video1394_ioctl)
                return -EFAULT;
 
-        if (copy_from_user(&wait32, (void __user *)arg, sizeof(wait32)))
+        if (copy_from_user(&wait32, (void *)arg, sizeof(wait32)))
                 return -EFAULT;
 
         wait.channel = wait32.channel;