From 1bcaa0bd6fd5b510dd9f1ba2da114d3f1253af61 Mon Sep 17 00:00:00 2001 From: Jonathan Corbet Date: Thu, 15 May 2008 16:16:28 -0600 Subject: isdn: cdev lock_kernel() pushdown Signed-off-by: Jonathan Corbet --- drivers/isdn/i4l/isdn_common.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'drivers/isdn') diff --git a/drivers/isdn/i4l/isdn_common.c b/drivers/isdn/i4l/isdn_common.c index 0f3c66de69b..5158c606ff5 100644 --- a/drivers/isdn/i4l/isdn_common.c +++ b/drivers/isdn/i4l/isdn_common.c @@ -1732,7 +1732,7 @@ isdn_open(struct inode *ino, struct file *filep) int chidx; int retval = -ENODEV; - + lock_kernel(); if (minor == ISDN_MINOR_STATUS) { infostruct *p; @@ -1783,6 +1783,7 @@ isdn_open(struct inode *ino, struct file *filep) #endif out: nonseekable_open(ino, filep); + unlock_kernel(); return retval; } -- cgit v1.2.3-70-g09d2 From a237f3bbaab28bb780201f15f6003cf3d2e81024 Mon Sep 17 00:00:00 2001 From: Jonathan Corbet Date: Fri, 16 May 2008 14:15:33 -0600 Subject: CAPI: BKL pushdown Put explicit lock_kernel() calls into capi_open() Signed-off-by: Jonathan Corbet --- drivers/isdn/capi/capi.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'drivers/isdn') diff --git a/drivers/isdn/capi/capi.c b/drivers/isdn/capi/capi.c index 6ca0bb949ad..2095153582f 100644 --- a/drivers/isdn/capi/capi.c +++ b/drivers/isdn/capi/capi.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #ifdef CONFIG_ISDN_CAPI_MIDDLEWARE @@ -983,13 +984,17 @@ capi_ioctl(struct inode *inode, struct file *file, static int capi_open(struct inode *inode, struct file *file) { + int ret; + + lock_kernel(); if (file->private_data) - return -EEXIST; - - if ((file->private_data = capidev_alloc()) == NULL) - return -ENOMEM; - - return nonseekable_open(inode, file); + ret = -EEXIST; + else if ((file->private_data = capidev_alloc()) == NULL) + ret = -ENOMEM; + else + ret = nonseekable_open(inode, file); + unlock_kernel(); + return ret; } static int -- cgit v1.2.3-70-g09d2 From 3462032d66703ef7721329b44fe2dac4aaef475d Mon Sep 17 00:00:00 2001 From: Jonathan Corbet Date: Fri, 16 May 2008 14:17:33 -0600 Subject: divamnt: BKL pushdown Put explicit lock_kernel() calls into maint_open(). Signed-off-by: Jonathan Corbet --- drivers/isdn/hardware/eicon/divamnt.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'drivers/isdn') diff --git a/drivers/isdn/hardware/eicon/divamnt.c b/drivers/isdn/hardware/eicon/divamnt.c index c9092897424..1e85f743214 100644 --- a/drivers/isdn/hardware/eicon/divamnt.c +++ b/drivers/isdn/hardware/eicon/divamnt.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include "platform.h" @@ -127,14 +128,19 @@ static unsigned int maint_poll(struct file *file, poll_table * wait) static int maint_open(struct inode *ino, struct file *filep) { + int ret; + + lock_kernel(); /* only one open is allowed, so we test it atomically */ if (test_and_set_bit(0, &opened)) - return (-EBUSY); - - filep->private_data = NULL; - - return nonseekable_open(ino, filep); + ret = -EBUSY; + else { + filep->private_data = NULL; + ret = nonseekable_open(ino, filep); + } + unlock_kernel(); + return ret; } static int maint_close(struct inode *ino, struct file *filep) -- cgit v1.2.3-70-g09d2 From f2b9857eee17797541b845782ade4d7a9d50f843 Mon Sep 17 00:00:00 2001 From: Jonathan Corbet Date: Sun, 18 May 2008 15:32:43 -0600 Subject: Add a bunch of cycle_kernel_lock() calls All of the open() functions which don't need the BKL on their face may still depend on its acquisition to serialize opens against driver initialization. So make those functions acquire then release the BKL to be on the safe side. Signed-off-by: Jonathan Corbet --- arch/cris/arch-v10/drivers/eeprom.c | 4 ++-- arch/cris/arch-v10/drivers/i2c.c | 2 ++ arch/cris/arch-v32/drivers/cryptocop.c | 3 ++- arch/cris/arch-v32/drivers/i2c.c | 2 ++ drivers/char/cs5535_gpio.c | 4 ++-- drivers/char/dtlk.c | 5 ++-- drivers/char/ip2/ip2main.c | 34 ++-------------------------- drivers/char/pc8736x_gpio.c | 3 ++- drivers/char/ppdev.c | 3 ++- drivers/char/scx200_gpio.c | 3 ++- drivers/char/tb0219.c | 3 ++- drivers/char/vr41xx_giu.c | 4 ++-- drivers/infiniband/core/ucm.c | 3 ++- drivers/infiniband/hw/ipath/ipath_file_ops.c | 3 ++- drivers/isdn/hardware/eicon/divasi.c | 2 ++ drivers/isdn/hardware/eicon/divasmain.c | 2 ++ drivers/net/ppp_generic.c | 3 ++- drivers/scsi/3w-9xxx.c | 5 ++-- drivers/scsi/3w-xxxx.c | 5 ++-- drivers/scsi/megaraid.c | 4 ++-- drivers/scsi/megaraid/megaraid_sas.c | 3 ++- 21 files changed, 45 insertions(+), 55 deletions(-) (limited to 'drivers/isdn') diff --git a/arch/cris/arch-v10/drivers/eeprom.c b/arch/cris/arch-v10/drivers/eeprom.c index 40c6fe4c06f..1f2ae909d3e 100644 --- a/arch/cris/arch-v10/drivers/eeprom.c +++ b/arch/cris/arch-v10/drivers/eeprom.c @@ -28,6 +28,7 @@ #include #include #include +#include #include #include #include "i2c.h" @@ -375,10 +376,9 @@ int __init eeprom_init(void) } /* Opens the device. */ -/* BKL not needed: no global resources accessed */ static int eeprom_open(struct inode * inode, struct file * file) { - + cycle_kernel_lock(); if(iminor(inode) != EEPROM_MINOR_NR) return -ENXIO; if(imajor(inode) != EEPROM_MAJOR_NR) diff --git a/arch/cris/arch-v10/drivers/i2c.c b/arch/cris/arch-v10/drivers/i2c.c index d6d22067d0c..2797e67ce4f 100644 --- a/arch/cris/arch-v10/drivers/i2c.c +++ b/arch/cris/arch-v10/drivers/i2c.c @@ -15,6 +15,7 @@ #include #include #include +#include #include #include #include @@ -566,6 +567,7 @@ i2c_readreg(unsigned char theSlave, unsigned char theReg) static int i2c_open(struct inode *inode, struct file *filp) { + cycle_kernel_lock(); return 0; } diff --git a/arch/cris/arch-v32/drivers/cryptocop.c b/arch/cris/arch-v32/drivers/cryptocop.c index c1720428957..67c61ea8681 100644 --- a/arch/cris/arch-v32/drivers/cryptocop.c +++ b/arch/cris/arch-v32/drivers/cryptocop.c @@ -11,6 +11,7 @@ #include #include #include +#include #include #include @@ -2302,11 +2303,11 @@ static int cryptocop_job_setup(struct cryptocop_prio_job **pj, struct cryptocop_ return 0; } -/* No BKL needed here - no global resources accessed */ static int cryptocop_open(struct inode *inode, struct file *filp) { int p = iminor(inode); + cycle_kernel_lock(); if (p != CRYPTOCOP_MINOR) return -EINVAL; filp->private_data = NULL; diff --git a/arch/cris/arch-v32/drivers/i2c.c b/arch/cris/arch-v32/drivers/i2c.c index c2fb7a5c139..179e7b80433 100644 --- a/arch/cris/arch-v32/drivers/i2c.c +++ b/arch/cris/arch-v32/drivers/i2c.c @@ -33,6 +33,7 @@ #include #include #include +#include #include @@ -636,6 +637,7 @@ i2c_readreg(unsigned char theSlave, unsigned char theReg) static int i2c_open(struct inode *inode, struct file *filp) { + cycle_kernel_lock(); return 0; } diff --git a/drivers/char/cs5535_gpio.c b/drivers/char/cs5535_gpio.c index 628e3d3249d..04ba906b488 100644 --- a/drivers/char/cs5535_gpio.c +++ b/drivers/char/cs5535_gpio.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #include @@ -153,12 +154,11 @@ static ssize_t cs5535_gpio_read(struct file *file, char __user *buf, return count; } -/* No BKL needed here - "mask" is the only global resource used - here and it's a boot-time parameter */ static int cs5535_gpio_open(struct inode *inode, struct file *file) { u32 m = iminor(inode); + cycle_kernel_lock(); /* the mask says which pins are usable by this driver */ if ((mask & (1 << m)) == 0) return -EINVAL; diff --git a/drivers/char/dtlk.c b/drivers/char/dtlk.c index 433388c6023..6b900b297cc 100644 --- a/drivers/char/dtlk.c +++ b/drivers/char/dtlk.c @@ -56,6 +56,7 @@ #include /* for -EBUSY */ #include /* for request_region */ #include /* for loops_per_jiffy */ +#include /* cycle_kernel_lock() */ #include /* for inb_p, outb_p, inb, outb, etc. */ #include /* for get_user, etc. */ #include /* for wait_queue */ @@ -288,12 +289,12 @@ static int dtlk_ioctl(struct inode *inode, } } -/* No BKL needed here; "dtlk_busy" is the only global resource, - and it is not ever set by anybody (test is broken) */ +/* Note that nobody ever sets dtlk_busy... */ static int dtlk_open(struct inode *inode, struct file *file) { TRACE_TEXT("(dtlk_open"); + cycle_kernel_lock(); nonseekable_open(inode, file); switch (iminor(inode)) { case DTLK_MINOR: diff --git a/drivers/char/ip2/ip2main.c b/drivers/char/ip2/ip2main.c index 70957acaa96..a978c57b6b2 100644 --- a/drivers/char/ip2/ip2main.c +++ b/drivers/char/ip2/ip2main.c @@ -98,6 +98,7 @@ #include #include #include +#include #include #include @@ -2931,42 +2932,11 @@ ip2_ipl_ioctl ( struct inode *pInode, struct file *pFile, UINT cmd, ULONG arg ) static int ip2_ipl_open( struct inode *pInode, struct file *pFile ) { - unsigned int iplminor = iminor(pInode); - i2eBordStrPtr pB; - i2ChanStrPtr pCh; #ifdef IP2DEBUG_IPL printk (KERN_DEBUG "IP2IPL: open\n" ); #endif - - switch(iplminor) { - // These are the IPL devices - case 0: - case 4: - case 8: - case 12: - break; - - // These are the status devices - case 1: - case 5: - case 9: - case 13: - break; - - // These are the debug devices - case 2: - case 6: - case 10: - case 14: - pB = i2BoardPtrTable[iplminor / 4]; - pCh = (i2ChanStrPtr) pB->i2eChannelPtr; - break; - - // This is the trace device - case 3: - break; - } + cycle_kernel_lock(); return 0; } diff --git a/drivers/char/pc8736x_gpio.c b/drivers/char/pc8736x_gpio.c index 8715dc9f4a5..b930de50407 100644 --- a/drivers/char/pc8736x_gpio.c +++ b/drivers/char/pc8736x_gpio.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #define DEVNAME "pc8736x_gpio" @@ -212,12 +213,12 @@ static struct nsc_gpio_ops pc8736x_gpio_ops = { .gpio_current = pc8736x_gpio_current }; -/* No BKL needed here; no global resources accessed */ static int pc8736x_gpio_open(struct inode *inode, struct file *file) { unsigned m = iminor(inode); file->private_data = &pc8736x_gpio_ops; + cycle_kernel_lock(); dev_dbg(&pdev->dev, "open %d\n", m); if (m >= PC8736X_GPIO_CT) diff --git a/drivers/char/ppdev.c b/drivers/char/ppdev.c index ce198757488..f6e6acadd9a 100644 --- a/drivers/char/ppdev.c +++ b/drivers/char/ppdev.c @@ -66,6 +66,7 @@ #include #include #include +#include #include #define PP_VERSION "ppdev: user-space parallel port driver" @@ -633,12 +634,12 @@ static int pp_ioctl(struct inode *inode, struct file *file, return 0; } -/* No BKL needed here: only local resources used */ static int pp_open (struct inode * inode, struct file * file) { unsigned int minor = iminor(inode); struct pp_struct *pp; + cycle_kernel_lock(); if (minor >= PARPORT_MAX) return -ENXIO; diff --git a/drivers/char/scx200_gpio.c b/drivers/char/scx200_gpio.c index be2c623a986..1d9100561c8 100644 --- a/drivers/char/scx200_gpio.c +++ b/drivers/char/scx200_gpio.c @@ -12,6 +12,7 @@ #include #include #include +#include #include #include @@ -46,12 +47,12 @@ struct nsc_gpio_ops scx200_gpio_ops = { }; EXPORT_SYMBOL_GPL(scx200_gpio_ops); -/* No BKL needed here: no global resources used */ static int scx200_gpio_open(struct inode *inode, struct file *file) { unsigned m = iminor(inode); file->private_data = &scx200_gpio_ops; + cycle_kernel_lock(); if (m >= MAX_PINS) return -EINVAL; return nonseekable_open(inode, file); diff --git a/drivers/char/tb0219.c b/drivers/char/tb0219.c index db8c2ca2ce4..6062b62800f 100644 --- a/drivers/char/tb0219.c +++ b/drivers/char/tb0219.c @@ -21,6 +21,7 @@ #include #include #include +#include #include #include @@ -232,11 +233,11 @@ static ssize_t tanbac_tb0219_write(struct file *file, const char __user *data, return i; } -/* No BKL needed here; no global resources accessed */ static int tanbac_tb0219_open(struct inode *inode, struct file *file) { unsigned int minor; + cycle_kernel_lock(); minor = iminor(inode); switch (minor) { case 0: diff --git a/drivers/char/vr41xx_giu.c b/drivers/char/vr41xx_giu.c index 412937fdb95..ffe9b4e3072 100644 --- a/drivers/char/vr41xx_giu.c +++ b/drivers/char/vr41xx_giu.c @@ -27,6 +27,7 @@ #include #include #include +#include #include #include @@ -543,12 +544,11 @@ static ssize_t gpio_write(struct file *file, const char __user *data, return i; } -/* No BKL needed here; only global (giu_nr_pins) is only set - at probe time */ static int gpio_open(struct inode *inode, struct file *file) { unsigned int pin; + cycle_kernel_lock(); pin = iminor(inode); if (pin >= giu_nr_pins) return -EBADF; diff --git a/drivers/infiniband/core/ucm.c b/drivers/infiniband/core/ucm.c index 3e6a8ff6d76..b25675faaaf 100644 --- a/drivers/infiniband/core/ucm.c +++ b/drivers/infiniband/core/ucm.c @@ -45,6 +45,7 @@ #include #include #include +#include #include @@ -1155,11 +1156,11 @@ static unsigned int ib_ucm_poll(struct file *filp, return mask; } -/* No BKL needed here: no global resources used */ static int ib_ucm_open(struct inode *inode, struct file *filp) { struct ib_ucm_file *file; + cycle_kernel_lock(); file = kmalloc(sizeof(*file), GFP_KERNEL); if (!file) return -ENOMEM; diff --git a/drivers/infiniband/hw/ipath/ipath_file_ops.c b/drivers/infiniband/hw/ipath/ipath_file_ops.c index e80cfbd4f3f..35f301c88b5 100644 --- a/drivers/infiniband/hw/ipath/ipath_file_ops.c +++ b/drivers/infiniband/hw/ipath/ipath_file_ops.c @@ -39,6 +39,7 @@ #include #include #include +#include #include #include "ipath_kernel.h" @@ -1812,10 +1813,10 @@ done: return ret; } -/* No BKL needed here */ static int ipath_open(struct inode *in, struct file *fp) { /* The real work is performed later in ipath_assign_port() */ + cycle_kernel_lock(); fp->private_data = kzalloc(sizeof(struct ipath_filedata), GFP_KERNEL); return fp->private_data ? 0 : -ENOMEM; } diff --git a/drivers/isdn/hardware/eicon/divasi.c b/drivers/isdn/hardware/eicon/divasi.c index 78f141e7746..f4969fe0a05 100644 --- a/drivers/isdn/hardware/eicon/divasi.c +++ b/drivers/isdn/hardware/eicon/divasi.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #include "platform.h" @@ -400,6 +401,7 @@ static unsigned int um_idi_poll(struct file *file, poll_table * wait) static int um_idi_open(struct inode *inode, struct file *file) { + cycle_kernel_lock(); return (0); } diff --git a/drivers/isdn/hardware/eicon/divasmain.c b/drivers/isdn/hardware/eicon/divasmain.c index 5fcbdccd7a5..65c95019a9a 100644 --- a/drivers/isdn/hardware/eicon/divasmain.c +++ b/drivers/isdn/hardware/eicon/divasmain.c @@ -21,6 +21,7 @@ #include #include #include +#include #include "platform.h" #undef ID_MASK @@ -580,6 +581,7 @@ xdi_copy_from_user(void *os_handle, void *dst, const void __user *src, int lengt */ static int divas_open(struct inode *inode, struct file *file) { + cycle_kernel_lock(); return (0); } diff --git a/drivers/net/ppp_generic.c b/drivers/net/ppp_generic.c index dc8505062da..83625fdff3d 100644 --- a/drivers/net/ppp_generic.c +++ b/drivers/net/ppp_generic.c @@ -39,6 +39,7 @@ #include #include #include +#include #include #include #include @@ -351,9 +352,9 @@ static const int npindex_to_ethertype[NUM_NP] = { * Open instances of /dev/ppp can be in one of three states: * unattached, attached to a ppp unit, or attached to a ppp channel. */ -/* No BKL needed here */ static int ppp_open(struct inode *inode, struct file *file) { + cycle_kernel_lock(); /* * This could (should?) be enforced by the permissions on /dev/ppp. */ diff --git a/drivers/scsi/3w-9xxx.c b/drivers/scsi/3w-9xxx.c index 2239d16fb9b..eaa805df5b0 100644 --- a/drivers/scsi/3w-9xxx.c +++ b/drivers/scsi/3w-9xxx.c @@ -84,6 +84,7 @@ #include #include #include +#include #include #include #include @@ -862,13 +863,13 @@ out: } /* End twa_chrdev_ioctl() */ /* This function handles open for the character device */ -/* NOTE that this function will race with remove; adding BKL - will not help. */ +/* NOTE that this function will race with remove. */ static int twa_chrdev_open(struct inode *inode, struct file *file) { unsigned int minor_number; int retval = TW_IOCTL_ERROR_OS_ENODEV; + cycle_kernel_lock(); minor_number = iminor(inode); if (minor_number >= twa_device_extension_count) goto out; diff --git a/drivers/scsi/3w-xxxx.c b/drivers/scsi/3w-xxxx.c index bbff029536e..a0537f09aa2 100644 --- a/drivers/scsi/3w-xxxx.c +++ b/drivers/scsi/3w-xxxx.c @@ -198,6 +198,7 @@ #include #include +#include #include #include #include @@ -1027,12 +1028,12 @@ out: } /* End tw_chrdev_ioctl() */ /* This function handles open for the character device */ -/* NOTE that this function races with remove - adding BKL - won't help */ +/* NOTE that this function races with remove. */ static int tw_chrdev_open(struct inode *inode, struct file *file) { unsigned int minor_number; + cycle_kernel_lock(); dprintk(KERN_WARNING "3w-xxxx: tw_ioctl_open()\n"); minor_number = iminor(inode); diff --git a/drivers/scsi/megaraid.c b/drivers/scsi/megaraid.c index c9aa2c45a69..28c9da7d4a5 100644 --- a/drivers/scsi/megaraid.c +++ b/drivers/scsi/megaraid.c @@ -46,6 +46,7 @@ #include #include #include +#include #include #include "scsi.h" @@ -3273,12 +3274,11 @@ mega_init_scb(adapter_t *adapter) * * Routines for the character/ioctl interface to the driver. Find out if this * is a valid open. - * - * No BKL needed here. */ static int megadev_open (struct inode *inode, struct file *filep) { + cycle_kernel_lock(); /* * Only allow superuser to access private ioctl interface */ diff --git a/drivers/scsi/megaraid/megaraid_sas.c b/drivers/scsi/megaraid/megaraid_sas.c index 81374b7c555..fc7ac158476 100644 --- a/drivers/scsi/megaraid/megaraid_sas.c +++ b/drivers/scsi/megaraid/megaraid_sas.c @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include @@ -2860,10 +2861,10 @@ static void megasas_shutdown(struct pci_dev *pdev) /** * megasas_mgmt_open - char node "open" entry point - * No BKL is needed here. */ static int megasas_mgmt_open(struct inode *inode, struct file *filep) { + cycle_kernel_lock(); /* * Allow only those users with admin rights */ -- cgit v1.2.3-70-g09d2 From 4fc89e3911aa5357b55b85b60c4beaeb8a48a290 Mon Sep 17 00:00:00 2001 From: Darren Jenkins Date: Sat, 12 Jul 2008 13:47:50 -0700 Subject: drivers/isdn/i4l/isdn_common.c fix small resource leak Coverity CID: 1356 RESOURCE_LEAK I found a very old patch for this that was Acked but did not get applied https://lists.linux-foundation.org/pipermail/kernel-janitors/2006-September/016362.html There looks to be a small leak in isdn_writebuf_stub() in isdn_common.c, when copy_from_user() returns an un-copied data length (length != 0). The below patch should be a minimally invasive fix. Signed-off-by: Darren Jenkins Acked-by: Karsten Keil Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- drivers/isdn/i4l/isdn_common.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'drivers/isdn') diff --git a/drivers/isdn/i4l/isdn_common.c b/drivers/isdn/i4l/isdn_common.c index 0f3c66de69b..8d8c6b73616 100644 --- a/drivers/isdn/i4l/isdn_common.c +++ b/drivers/isdn/i4l/isdn_common.c @@ -1977,8 +1977,10 @@ isdn_writebuf_stub(int drvidx, int chan, const u_char __user * buf, int len) if (!skb) return -ENOMEM; skb_reserve(skb, hl); - if (copy_from_user(skb_put(skb, len), buf, len)) + if (copy_from_user(skb_put(skb, len), buf, len)) { + dev_kfree_skb(skb); return -EFAULT; + } ret = dev->drv[drvidx]->interface->writebuf_skb(drvidx, chan, 1, skb); if (ret <= 0) dev_kfree_skb(skb); -- cgit v1.2.3-70-g09d2