tty: termios locking functions break with new termios type
I ran into a few problems.
n_tty_ioctl() for instance:
drivers/char/tty_ioctl.c:799: error: $,1rxstruct termios$,1ry has no
member named $,1rxc_ispeed$,1ry
This is calling the copy interface that is supposed to be using
a termios2 when the new interfaces are defined, however:
case TIOCGLCKTRMIOS:
if (kernel_termios_to_user_termios((struct termios __user *)arg, real_tty->termios_locked))
return -EFAULT;
return 0;
This is going to write over the end of the userspace
structure by a few bytes, and wasn't caught by you yet
because the i386 implementation is simply copy_to_user()
which does zero type checking.
Signed-off-by: Alan Cox <alan@redhat.com>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
git.openpandora.org / pandora-kernel.git / commit