Merge master.kernel.org:/pub/scm/linux/kernel/git/davej/cpufreq

[mv-sheeva.git] / arch / parisc / hpux / sys_hpux.c

diff --git a/arch/parisc/hpux/sys_hpux.c b/arch/parisc/hpux/sys_hpux.c
index 29b4d61898f2ca0b76e64dda8abcbab7ac48a76e..cb69727027aecf66889bad82a29e947bf87cb994 100644 (file)
--- a/arch/parisc/hpux/sys_hpux.c
+++ b/arch/parisc/hpux/sys_hpux.c
@@ -145,7 +145,7 @@ static int hpux_ustat(dev_t dev, struct hpux_ustat __user *ubuf)
        s = user_get_super(dev);
        if (s == NULL)
                goto out;
-       err = vfs_statfs(s, &sbuf);
+       err = vfs_statfs(s->s_root, &sbuf);
        drop_super(s);
        if (err)
                goto out;
@@ -186,12 +186,12 @@ struct hpux_statfs {
      int16_t f_pad;
 };
 
-static int vfs_statfs_hpux(struct super_block *sb, struct hpux_statfs *buf)
+static int vfs_statfs_hpux(struct dentry *dentry, struct hpux_statfs *buf)
 {
        struct kstatfs st;
        int retval;
        
-       retval = vfs_statfs(sb, &st);
+       retval = vfs_statfs(dentry, &st);
        if (retval)
                return retval;
 
@@ -219,7 +219,7 @@ asmlinkage long hpux_statfs(const char __user *path,
        error = user_path_walk(path, &nd);
        if (!error) {
                struct hpux_statfs tmp;
-               error = vfs_statfs_hpux(nd.dentry->d_inode->i_sb, &tmp);
+               error = vfs_statfs_hpux(nd.dentry, &tmp);
                if (!error && copy_to_user(buf, &tmp, sizeof(tmp)))
                        error = -EFAULT;
                path_release(&nd);
@@ -237,7 +237,7 @@ asmlinkage long hpux_fstatfs(unsigned int fd, struct hpux_statfs __user * buf)
        file = fget(fd);
        if (!file)
                goto out;
-       error = vfs_statfs_hpux(file->f_dentry->d_inode->i_sb, &tmp);
+       error = vfs_statfs_hpux(file->f_dentry, &tmp);
        if (!error && copy_to_user(buf, &tmp, sizeof(tmp)))
                error = -EFAULT;
        fput(file);
@@ -468,19 +468,23 @@ int hpux_sysfs(int opcode, unsigned long arg1, unsigned long arg2)
        if ( opcode == 1 ) { /* GETFSIND */     
                len = strlen_user((char *)arg1);
                printk(KERN_DEBUG "len of arg1 = %d\n", len);
-
-               fsname = (char *) kmalloc(len+1, GFP_KERNEL);
+               if (len == 0)
+                       return 0;
+               fsname = (char *) kmalloc(len, GFP_KERNEL);
                if ( !fsname ) {
                        printk(KERN_DEBUG "failed to kmalloc fsname\n");
                        return 0;
                }
 
-               if ( copy_from_user(fsname, (char *)arg1, len+1) ) {
+               if ( copy_from_user(fsname, (char *)arg1, len) ) {
                        printk(KERN_DEBUG "failed to copy_from_user fsname\n");
                        kfree(fsname);
                        return 0;
                }
 
+               /* String could be altered by userspace after strlen_user() */
+               fsname[len] = '\0';
+
                printk(KERN_DEBUG "that is '%s' as (char *)\n", fsname);
                if ( !strcmp(fsname, "hfs") ) {
                        fstype = 0;