From 5c105d9f3fd086aff195d3849dcf847d6b0bd927 Mon Sep 17 00:00:00 2001 From: blogic Date: Fri, 5 Oct 2012 10:12:53 +0000 Subject: branch Attitude Adjustment git-svn-id: svn://svn.openwrt.org/openwrt/branches/attitude_adjustment@33625 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- ...-mpcore_wdt_fix_wdioc_setoptions_handling.patch | 29 ++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 target/linux/generic/patches-3.3/993-mpcore_wdt_fix_wdioc_setoptions_handling.patch (limited to 'target/linux/generic/patches-3.3/993-mpcore_wdt_fix_wdioc_setoptions_handling.patch') diff --git a/target/linux/generic/patches-3.3/993-mpcore_wdt_fix_wdioc_setoptions_handling.patch b/target/linux/generic/patches-3.3/993-mpcore_wdt_fix_wdioc_setoptions_handling.patch new file mode 100644 index 000000000..fa261ce64 --- /dev/null +++ b/target/linux/generic/patches-3.3/993-mpcore_wdt_fix_wdioc_setoptions_handling.patch @@ -0,0 +1,29 @@ +According to the include/linux/watchdog.h WDIOC_SETOPTIONS is +classified as 'read from device' ioctl call: + #define WDIOC_SETOPTIONS _IOR(WATCHDOG_IOCTL_BASE, 4, int) + +However, the driver 'mpcore_wdt' performs 'copy_from_user' only if +_IOC_WRITE is set, thus the local variable 'uarg' which is used in +WDIOC_SETOPTIONS handling remains uninitialized. + +The proper way to fix this is to bind WDIOC_SETOPTIONS to _IOW, +but this will break compatibility. +So adding additional condition for performing 'copy_from_user'. + +Signed-off-by: Vitaly Kuzmichev +--- + drivers/watchdog/mpcore_wdt.c | 3 ++- + 1 files changed, 2 insertions(+), 1 deletions(-) + +--- a/drivers/watchdog/mpcore_wdt.c ++++ b/drivers/watchdog/mpcore_wdt.c +@@ -233,7 +233,8 @@ static long mpcore_wdt_ioctl(struct file + if (_IOC_DIR(cmd) && _IOC_SIZE(cmd) > sizeof(uarg)) + return -ENOTTY; + +- if (_IOC_DIR(cmd) & _IOC_WRITE) { ++ if ((_IOC_DIR(cmd) & _IOC_WRITE) ++ || cmd == WDIOC_SETOPTIONS) { + ret = copy_from_user(&uarg, (void __user *)arg, _IOC_SIZE(cmd)); + if (ret) + return -EFAULT; -- cgit v1.2.3