| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 19 Feb 2016 16:13:51 +0000
From: Ian Abbott <abbotti@....co.uk>
To: devel@...verdev.osuosl.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Ian Abbott <abbotti@....co.uk>,
H Hartley Sweeten <hsweeten@...ionengravers.com>,
linux-kernel@...r.kernel.org
Subject: [PATCH 2/8] staging: comedi: COMEDI_BUFINFO: force bytes_read or bytes_written to 0
The `COMEDI_BUFINFO` ioctl is used to advance the current position in
the buffer by a specified amount (which can be 0) and get the new
position. On input, the `bytes_read` member of `struct comedi_bufinfo`
specifies the amount to advance the "read" position for an asynchronous
command in the "read" direction, and the `bytes_written` member
specifies the amount to advance the "write" position for a command in
the "write" direction. The handler `do_bufinfo_ioctl()` may adjust
these by the amount the position is actually advanced before copying
them back to the user. Currently, it ignores the specified `bytes_read`
value for a command in the "write" direction, and ignores the specified
`bytes_written` for a command in the "read" direction, so the values
copied back to the user are unchanged. Change it to force the ignored
value to 0 before copying the values back to the user.
Signed-off-by: Ian Abbott <abbotti@....co.uk>
---
drivers/staging/comedi/comedi_fops.c | 30 ++++++++++++++++++------------
1 file changed, 18 insertions(+), 12 deletions(-)
diff --git a/drivers/staging/comedi/comedi_fops.c b/drivers/staging/comedi/comedi_fops.c
index 2cfb61e..04d6040 100644
--- a/drivers/staging/comedi/comedi_fops.c
+++ b/drivers/staging/comedi/comedi_fops.c
@@ -1141,19 +1141,25 @@ static int do_bufinfo_ioctl(struct comedi_device *dev,
if (s->busy != file)
return -EACCES;
- if (bi.bytes_read && !(async->cmd.flags & CMDF_WRITE)) {
- comedi_buf_read_alloc(s, bi.bytes_read);
- bi.bytes_read = comedi_buf_read_free(s, bi.bytes_read);
-
- if (comedi_is_subdevice_idle(s) &&
- comedi_buf_read_n_available(s) == 0) {
- do_become_nonbusy(dev, s);
+ if (!(async->cmd.flags & CMDF_WRITE)) {
+ /* command was set up in "read" direction */
+ if (bi.bytes_read) {
+ comedi_buf_read_alloc(s, bi.bytes_read);
+ bi.bytes_read = comedi_buf_read_free(s, bi.bytes_read);
+
+ if (comedi_is_subdevice_idle(s) &&
+ comedi_buf_read_n_available(s) == 0)
+ do_become_nonbusy(dev, s);
}
- }
-
- if (bi.bytes_written && (async->cmd.flags & CMDF_WRITE)) {
- comedi_buf_write_alloc(s, bi.bytes_written);
- bi.bytes_written = comedi_buf_write_free(s, bi.bytes_written);
+ bi.bytes_written = 0;
+ } else {
+ /* command was set up in "write" direction */
+ if (bi.bytes_written) {
+ comedi_buf_write_alloc(s, bi.bytes_written);
+ bi.bytes_written =
+ comedi_buf_write_free(s, bi.bytes_written);
+ }
+ bi.bytes_read = 0;
}
copyback_position:
--
2.7.0
Powered by blists - more mailing lists