diff options
Diffstat (limited to 'drivers/char')
-rw-r--r-- | drivers/char/hpet.c | 98 | ||||
-rw-r--r-- | drivers/char/raw.c | 243 | ||||
-rw-r--r-- | drivers/char/tlclk.c | 6 |
3 files changed, 207 insertions, 140 deletions
diff --git a/drivers/char/hpet.c b/drivers/char/hpet.c index a0a1829d319..a4eee324eb1 100644 --- a/drivers/char/hpet.c +++ b/drivers/char/hpet.c @@ -30,6 +30,7 @@ #include <linux/bcd.h> #include <linux/seq_file.h> #include <linux/bitops.h> +#include <linux/compat.h> #include <linux/clocksource.h> #include <linux/slab.h> @@ -67,6 +68,7 @@ #define read_counter(MC) readl(MC) #endif +static DEFINE_MUTEX(hpet_mutex); /* replaces BKL */ static u32 hpet_nhpet, hpet_max_freq = HPET_USER_FREQ; /* This clocksource driver currently only works on ia64 */ @@ -250,7 +252,7 @@ static int hpet_open(struct inode *inode, struct file *file) if (file->f_mode & FMODE_WRITE) return -EINVAL; - lock_kernel(); + mutex_lock(&hpet_mutex); spin_lock_irq(&hpet_lock); for (devp = NULL, hpetp = hpets; hpetp && !devp; hpetp = hpetp->hp_next) @@ -264,7 +266,7 @@ static int hpet_open(struct inode *inode, struct file *file) if (!devp) { spin_unlock_irq(&hpet_lock); - unlock_kernel(); + mutex_unlock(&hpet_mutex); return -EBUSY; } @@ -272,7 +274,7 @@ static int hpet_open(struct inode *inode, struct file *file) devp->hd_irqdata = 0; devp->hd_flags |= HPET_OPEN; spin_unlock_irq(&hpet_lock); - unlock_kernel(); + mutex_unlock(&hpet_mutex); hpet_timer_set_irq(devp); @@ -429,22 +431,6 @@ static int hpet_release(struct inode *inode, struct file *file) return 0; } -static int hpet_ioctl_common(struct hpet_dev *, int, unsigned long, int); - -static long hpet_ioctl(struct file *file, unsigned int cmd, - unsigned long arg) -{ - struct hpet_dev *devp; - int ret; - - devp = file->private_data; - lock_kernel(); - ret = hpet_ioctl_common(devp, cmd, arg, 0); - unlock_kernel(); - - return ret; -} - static int hpet_ioctl_ieon(struct hpet_dev *devp) { struct hpet_timer __iomem *timer; @@ -553,7 +539,8 @@ static inline unsigned long hpet_time_div(struct hpets *hpets, } static int -hpet_ioctl_common(struct hpet_dev *devp, int cmd, unsigned long arg, int kernel) +hpet_ioctl_common(struct hpet_dev *devp, int cmd, unsigned long arg, + struct hpet_info *info) { struct hpet_timer __iomem *timer; struct hpet __iomem *hpet; @@ -594,23 +581,15 @@ hpet_ioctl_common(struct hpet_dev *devp, int cmd, unsigned long arg, int kernel) break; case HPET_INFO: { - struct hpet_info info; - if (devp->hd_ireqfreq) - info.hi_ireqfreq = + info->hi_ireqfreq = hpet_time_div(hpetp, devp->hd_ireqfreq); else - info.hi_ireqfreq = 0; - info.hi_flags = + info->hi_ireqfreq = 0; + info->hi_flags = readq(&timer->hpet_config) & Tn_PER_INT_CAP_MASK; - info.hi_hpet = hpetp->hp_which; - info.hi_timer = devp - hpetp->hp_dev; - if (kernel) - memcpy((void *)arg, &info, sizeof(info)); - else - if (copy_to_user((void __user *)arg, &info, - sizeof(info))) - err = -EFAULT; + info->hi_hpet = hpetp->hp_which; + info->hi_timer = devp - hpetp->hp_dev; break; } case HPET_EPI: @@ -636,7 +615,7 @@ hpet_ioctl_common(struct hpet_dev *devp, int cmd, unsigned long arg, int kernel) devp->hd_flags &= ~HPET_PERIODIC; break; case HPET_IRQFREQ: - if (!kernel && (arg > hpet_max_freq) && + if ((arg > hpet_max_freq) && !capable(CAP_SYS_RESOURCE)) { err = -EACCES; break; @@ -653,12 +632,63 @@ hpet_ioctl_common(struct hpet_dev *devp, int cmd, unsigned long arg, int kernel) return err; } +static long +hpet_ioctl(struct file *file, unsigned int cmd, unsigned long arg) +{ + struct hpet_info info; + int err; + + mutex_lock(&hpet_mutex); + err = hpet_ioctl_common(file->private_data, cmd, arg, &info); + mutex_unlock(&hpet_mutex); + + if ((cmd == HPET_INFO) && !err && + (copy_to_user((void __user *)arg, &info, sizeof(info)))) + err = -EFAULT; + + return err; +} + +#ifdef CONFIG_COMPAT +struct compat_hpet_info { + compat_ulong_t hi_ireqfreq; /* Hz */ + compat_ulong_t hi_flags; /* information */ + unsigned short hi_hpet; + unsigned short hi_timer; +}; + +static long +hpet_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) +{ + struct hpet_info info; + int err; + + mutex_lock(&hpet_mutex); + err = hpet_ioctl_common(file->private_data, cmd, arg, &info); + mutex_unlock(&hpet_mutex); + + if ((cmd == HPET_INFO) && !err) { + struct compat_hpet_info __user *u = compat_ptr(arg); + if (put_user(info.hi_ireqfreq, &u->hi_ireqfreq) || + put_user(info.hi_flags, &u->hi_flags) || + put_user(info.hi_hpet, &u->hi_hpet) || + put_user(info.hi_timer, &u->hi_timer)) + err = -EFAULT; + } + + return err; +} +#endif + static const struct file_operations hpet_fops = { .owner = THIS_MODULE, .llseek = no_llseek, .read = hpet_read, .poll = hpet_poll, .unlocked_ioctl = hpet_ioctl, +#ifdef CONFIG_COMPAT + .compat_ioctl = hpet_compat_ioctl, +#endif .open = hpet_open, .release = hpet_release, .fasync = hpet_fasync, diff --git a/drivers/char/raw.c b/drivers/char/raw.c index b38942f6bf3..24b2b9160aa 100644 --- a/drivers/char/raw.c +++ b/drivers/char/raw.c @@ -19,8 +19,8 @@ #include <linux/cdev.h> #include <linux/device.h> #include <linux/mutex.h> -#include <linux/smp_lock.h> #include <linux/gfp.h> +#include <linux/compat.h> #include <asm/uaccess.h> @@ -55,7 +55,6 @@ static int raw_open(struct inode *inode, struct file *filp) return 0; } - lock_kernel(); mutex_lock(&raw_mutex); /* @@ -82,7 +81,6 @@ static int raw_open(struct inode *inode, struct file *filp) bdev->bd_inode->i_mapping; filp->private_data = bdev; mutex_unlock(&raw_mutex); - unlock_kernel(); return 0; out2: @@ -91,7 +89,6 @@ out1: blkdev_put(bdev, filp->f_mode); out: mutex_unlock(&raw_mutex); - unlock_kernel(); return err; } @@ -125,20 +122,84 @@ static long raw_ioctl(struct file *filp, unsigned int command, unsigned long arg) { struct block_device *bdev = filp->private_data; - int ret; + return blkdev_ioctl(bdev, 0, command, arg); +} + +static int bind_set(int number, u64 major, u64 minor) +{ + dev_t dev = MKDEV(major, minor); + struct raw_device_data *rawdev; + int err = 0; - lock_kernel(); - ret = blkdev_ioctl(bdev, 0, command, arg); - unlock_kernel(); + if (number <= 0 || number >= MAX_RAW_MINORS) + return -EINVAL; - return ret; + if (MAJOR(dev) != major || MINOR(dev) != minor) + return -EINVAL; + + rawdev = &raw_devices[number]; + + /* + * This is like making block devices, so demand the + * same capability + */ + if (!capable(CAP_SYS_ADMIN)) + return -EPERM; + + /* + * For now, we don't need to check that the underlying + * block device is present or not: we can do that when + * the raw device is opened. Just check that the + * major/minor numbers make sense. + */ + + if (MAJOR(dev) == 0 && dev != 0) + return -EINVAL; + + mutex_lock(&raw_mutex); + if (rawdev->inuse) { + mutex_unlock(&raw_mutex); + return -EBUSY; + } + if (rawdev->binding) { + bdput(rawdev->binding); + module_put(THIS_MODULE); + } + if (!dev) { + /* unbind */ + rawdev->binding = NULL; + device_destroy(raw_class, MKDEV(RAW_MAJOR, number)); + } else { + rawdev->binding = bdget(dev); + if (rawdev->binding == NULL) { + err = -ENOMEM; + } else { + dev_t raw = MKDEV(RAW_MAJOR, number); + __module_get(THIS_MODULE); + device_destroy(raw_class, raw); + device_create(raw_class, NULL, raw, NULL, + "raw%d", number); + } + } + mutex_unlock(&raw_mutex); + return err; } -static void bind_device(struct raw_config_request *rq) +static int bind_get(int number, dev_t *dev) { - device_destroy(raw_class, MKDEV(RAW_MAJOR, rq->raw_minor)); - device_create(raw_class, NULL, MKDEV(RAW_MAJOR, rq->raw_minor), NULL, - "raw%d", rq->raw_minor); + struct raw_device_data *rawdev; + struct block_device *bdev; + + if (number <= 0 || number >= MAX_RAW_MINORS) + return -EINVAL; + + rawdev = &raw_devices[number]; + + mutex_lock(&raw_mutex); + bdev = rawdev->binding; + *dev = bdev ? bdev->bd_dev : 0; + mutex_unlock(&raw_mutex); + return 0; } /* @@ -149,105 +210,78 @@ static long raw_ctl_ioctl(struct file *filp, unsigned int command, unsigned long arg) { struct raw_config_request rq; - struct raw_device_data *rawdev; - int err = 0; + dev_t dev; + int err; - lock_kernel(); switch (command) { case RAW_SETBIND: + if (copy_from_user(&rq, (void __user *) arg, sizeof(rq))) + return -EFAULT; + + return bind_set(rq.raw_minor, rq.block_major, rq.block_minor); + case RAW_GETBIND: + if (copy_from_user(&rq, (void __user *) arg, sizeof(rq))) + return -EFAULT; - /* First, find out which raw minor we want */ + err = bind_get(rq.raw_minor, &dev); + if (err) + return err; - if (copy_from_user(&rq, (void __user *) arg, sizeof(rq))) { - err = -EFAULT; - goto out; - } + rq.block_major = MAJOR(dev); + rq.block_minor = MINOR(dev); - if (rq.raw_minor <= 0 || rq.raw_minor >= MAX_RAW_MINORS) { - err = -EINVAL; - goto out; - } - rawdev = &raw_devices[rq.raw_minor]; - - if (command == RAW_SETBIND) { - dev_t dev; - - /* - * This is like making block devices, so demand the - * same capability - */ - if (!capable(CAP_SYS_ADMIN)) { - err = -EPERM; - goto out; - } - - /* - * For now, we don't need to check that the underlying - * block device is present or not: we can do that when - * the raw device is opened. Just check that the - * major/minor numbers make sense. - */ - - dev = MKDEV(rq.block_major, rq.block_minor); - if ((rq.block_major == 0 && rq.block_minor != 0) || - MAJOR(dev) != rq.block_major || - MINOR(dev) != rq.block_minor) { - err = -EINVAL; - goto out; - } - - mutex_lock(&raw_mutex); - if (rawdev->inuse) { - mutex_unlock(&raw_mutex); - err = -EBUSY; - goto out; - } - if (rawdev->binding) { - bdput(rawdev->binding); - module_put(THIS_MODULE); - } - if (rq.block_major == 0 && rq.block_minor == 0) { - /* unbind */ - rawdev->binding = NULL; - device_destroy(raw_class, - MKDEV(RAW_MAJOR, rq.raw_minor)); - } else { - rawdev->binding = bdget(dev); - if (rawdev->binding == NULL) - err = -ENOMEM; - else { - __module_get(THIS_MODULE); - bind_device(&rq); - } - } - mutex_unlock(&raw_mutex); - } else { - struct block_device *bdev; - - mutex_lock(&raw_mutex); - bdev = rawdev->binding; - if (bdev) { - rq.block_major = MAJOR(bdev->bd_dev); - rq.block_minor = MINOR(bdev->bd_dev); - } else { - rq.block_major = rq.block_minor = 0; - } - mutex_unlock(&raw_mutex); - if (copy_to_user((void __user *)arg, &rq, sizeof(rq))) { - err = -EFAULT; - goto out; - } - } - break; - default: - err = -EINVAL; - break; + if (copy_to_user((void __user *)arg, &rq, sizeof(rq))) + return -EFAULT; + + return 0; } -out: - unlock_kernel(); - return err; + + return -EINVAL; +} + +#ifdef CONFIG_COMPAT +struct raw32_config_request { + compat_int_t raw_minor; + compat_u64 block_major; + compat_u64 block_minor; +}; + +static long raw_ctl_compat_ioctl(struct file *file, unsigned int cmd, + unsigned long arg) +{ + struct raw32_config_request __user *user_req = compat_ptr(arg); + struct raw32_config_request rq; + dev_t dev; + int err = 0; + + switch (cmd) { + case RAW_SETBIND: + if (copy_from_user(&rq, user_req, sizeof(rq))) + return -EFAULT; + + return bind_set(rq.raw_minor, rq.block_major, rq.block_minor); + + case RAW_GETBIND: + if (copy_from_user(&rq, user_req, sizeof(rq))) + return -EFAULT; + + err = bind_get(rq.raw_minor, &dev); + if (err) + return err; + + rq.block_major = MAJOR(dev); + rq.block_minor = MINOR(dev); + + if (copy_to_user(user_req, &rq, sizeof(rq))) + return -EFAULT; + + return 0; + } + + return -EINVAL; } +#endif static const struct file_operations raw_fops = { .read = do_sync_read, @@ -263,6 +297,9 @@ static const struct file_operations raw_fops = { static const struct file_operations raw_ctl_fops = { .unlocked_ioctl = raw_ctl_ioctl, +#ifdef CONFIG_COMPAT + .compat_ioctl = raw_ctl_compat_ioctl, +#endif .open = raw_open, .owner = THIS_MODULE, }; diff --git a/drivers/char/tlclk.c b/drivers/char/tlclk.c index 80ea6bcfffd..e32cbf0c9a0 100644 --- a/drivers/char/tlclk.c +++ b/drivers/char/tlclk.c @@ -37,7 +37,7 @@ #include <linux/ioport.h> #include <linux/interrupt.h> #include <linux/spinlock.h> -#include <linux/smp_lock.h> +#include <linux/mutex.h> #include <linux/timer.h> #include <linux/sysfs.h> #include <linux/device.h> @@ -206,7 +206,7 @@ static int tlclk_open(struct inode *inode, struct file *filp) { int result; - lock_kernel(); + mutex_lock(&tlclk_mutex); if (test_and_set_bit(0, &useflags)) { result = -EBUSY; /* this legacy device is always one per system and it doesn't @@ -229,7 +229,7 @@ static int tlclk_open(struct inode *inode, struct file *filp) inb(TLCLK_REG6); /* Clear interrupt events */ out: - unlock_kernel(); + mutex_unlock(&tlclk_mutex); return result; } |