In a 32/64 bit compatibility layer of ALSA sequencer core, data for some ioctls is copied to kernel stack and passed to core operations. Then, address limit of running task is changed because core implementation expected arguments in userspace.
In this case, snd_seq_kernel_client_ctl() is available. This commit replaces with it.
Signed-off-by: Takashi Sakamoto o-takashi@sakamocchi.jp --- sound/core/seq/seq_compat.c | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-)
diff --git a/sound/core/seq/seq_compat.c b/sound/core/seq/seq_compat.c index 6517590..d9cf163 100644 --- a/sound/core/seq/seq_compat.c +++ b/sound/core/seq/seq_compat.c @@ -42,12 +42,11 @@ struct snd_seq_port_info32 { char reserved[59]; /* for future use */ };
-static int snd_seq_call_port_info_ioctl(struct snd_seq_client *client, unsigned int cmd, - struct snd_seq_port_info32 __user *data32) +static int snd_seq_call_port_info_ioctl(int clientid, unsigned int cmd, + struct snd_seq_port_info32 __user *data32) { int err = -EFAULT; struct snd_seq_port_info *data; - mm_segment_t fs;
data = kmalloc(sizeof(*data), GFP_KERNEL); if (!data) @@ -59,9 +58,7 @@ static int snd_seq_call_port_info_ioctl(struct snd_seq_client *client, unsigned goto error; data->kernel = NULL;
- fs = snd_enter_user(); - err = snd_seq_do_ioctl(client, cmd, data); - snd_leave_user(fs); + err = snd_seq_kernel_client_ctl(clientid, cmd, data); if (err < 0) goto error;
@@ -123,17 +120,22 @@ static long snd_seq_ioctl_compat(struct file *file, unsigned int cmd, unsigned l case SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION: case SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT: case SNDRV_SEQ_IOCTL_RUNNING_MODE: - return snd_seq_do_ioctl(client, cmd, argp); + return snd_seq_ioctl(file, cmd, (unsigned long)argp); case SNDRV_SEQ_IOCTL_CREATE_PORT32: - return snd_seq_call_port_info_ioctl(client, SNDRV_SEQ_IOCTL_CREATE_PORT, argp); + return snd_seq_call_port_info_ioctl(client->number, + SNDRV_SEQ_IOCTL_CREATE_PORT, argp); case SNDRV_SEQ_IOCTL_DELETE_PORT32: - return snd_seq_call_port_info_ioctl(client, SNDRV_SEQ_IOCTL_DELETE_PORT, argp); + return snd_seq_call_port_info_ioctl(client->number, + SNDRV_SEQ_IOCTL_DELETE_PORT, argp); case SNDRV_SEQ_IOCTL_GET_PORT_INFO32: - return snd_seq_call_port_info_ioctl(client, SNDRV_SEQ_IOCTL_GET_PORT_INFO, argp); + return snd_seq_call_port_info_ioctl(client->number, + SNDRV_SEQ_IOCTL_GET_PORT_INFO, argp); case SNDRV_SEQ_IOCTL_SET_PORT_INFO32: - return snd_seq_call_port_info_ioctl(client, SNDRV_SEQ_IOCTL_SET_PORT_INFO, argp); + return snd_seq_call_port_info_ioctl(client->number, + SNDRV_SEQ_IOCTL_SET_PORT_INFO, argp); case SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT32: - return snd_seq_call_port_info_ioctl(client, SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT, argp); + return snd_seq_call_port_info_ioctl(client->number, + SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT, argp); } return -ENOIOCTLCMD; }