diff options
author | Dmitry Torokhov <dtor_core@ameritech.net> | 2005-05-17 00:53:07 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@ppc970.osdl.org> | 2005-05-17 10:59:10 -0400 |
commit | 1ff2c873ca11f9e6abffb004b908756b27597672 (patch) | |
tree | 0c231057e7d947882fcb33b5fa277ba08423a70b | |
parent | f3a5c73d5ecb40909db662c4d2ace497b25c5940 (diff) |
[PATCH] serport oops fix
serport - avoid calling serio_interrupt or serio_write_wakeup on unregistered
port. Also fix memory leak which could happen if serport was left unused by
moving serio allocation down to serport_ldisc_read.
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Cc: Vojtech Pavlik <vojtech@suse.cz>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r-- | drivers/input/serio/serport.c | 98 |
1 files changed, 68 insertions, 30 deletions
diff --git a/drivers/input/serio/serport.c b/drivers/input/serio/serport.c index 22f73683952b..f6b85222ba3d 100644 --- a/drivers/input/serio/serport.c +++ b/drivers/input/serio/serport.c | |||
@@ -27,11 +27,15 @@ MODULE_LICENSE("GPL"); | |||
27 | MODULE_ALIAS_LDISC(N_MOUSE); | 27 | MODULE_ALIAS_LDISC(N_MOUSE); |
28 | 28 | ||
29 | #define SERPORT_BUSY 1 | 29 | #define SERPORT_BUSY 1 |
30 | #define SERPORT_ACTIVE 2 | ||
31 | #define SERPORT_DEAD 3 | ||
30 | 32 | ||
31 | struct serport { | 33 | struct serport { |
32 | struct tty_struct *tty; | 34 | struct tty_struct *tty; |
33 | wait_queue_head_t wait; | 35 | wait_queue_head_t wait; |
34 | struct serio *serio; | 36 | struct serio *serio; |
37 | struct serio_device_id id; | ||
38 | spinlock_t lock; | ||
35 | unsigned long flags; | 39 | unsigned long flags; |
36 | }; | 40 | }; |
37 | 41 | ||
@@ -45,11 +49,29 @@ static int serport_serio_write(struct serio *serio, unsigned char data) | |||
45 | return -(serport->tty->driver->write(serport->tty, &data, 1) != 1); | 49 | return -(serport->tty->driver->write(serport->tty, &data, 1) != 1); |
46 | } | 50 | } |
47 | 51 | ||
52 | static int serport_serio_open(struct serio *serio) | ||
53 | { | ||
54 | struct serport *serport = serio->port_data; | ||
55 | unsigned long flags; | ||
56 | |||
57 | spin_lock_irqsave(&serport->lock, flags); | ||
58 | set_bit(SERPORT_ACTIVE, &serport->flags); | ||
59 | spin_unlock_irqrestore(&serport->lock, flags); | ||
60 | |||
61 | return 0; | ||
62 | } | ||
63 | |||
64 | |||
48 | static void serport_serio_close(struct serio *serio) | 65 | static void serport_serio_close(struct serio *serio) |
49 | { | 66 | { |
50 | struct serport *serport = serio->port_data; | 67 | struct serport *serport = serio->port_data; |
68 | unsigned long flags; | ||
69 | |||
70 | spin_lock_irqsave(&serport->lock, flags); | ||
71 | clear_bit(SERPORT_ACTIVE, &serport->flags); | ||
72 | set_bit(SERPORT_DEAD, &serport->flags); | ||
73 | spin_unlock_irqrestore(&serport->lock, flags); | ||
51 | 74 | ||
52 | serport->serio->id.type = 0; | ||
53 | wake_up_interruptible(&serport->wait); | 75 | wake_up_interruptible(&serport->wait); |
54 | } | 76 | } |
55 | 77 | ||
@@ -61,36 +83,21 @@ static void serport_serio_close(struct serio *serio) | |||
61 | static int serport_ldisc_open(struct tty_struct *tty) | 83 | static int serport_ldisc_open(struct tty_struct *tty) |
62 | { | 84 | { |
63 | struct serport *serport; | 85 | struct serport *serport; |
64 | struct serio *serio; | ||
65 | char name[64]; | ||
66 | 86 | ||
67 | if (!capable(CAP_SYS_ADMIN)) | 87 | if (!capable(CAP_SYS_ADMIN)) |
68 | return -EPERM; | 88 | return -EPERM; |
69 | 89 | ||
70 | serport = kmalloc(sizeof(struct serport), GFP_KERNEL); | 90 | serport = kcalloc(1, sizeof(struct serport), GFP_KERNEL); |
71 | serio = kmalloc(sizeof(struct serio), GFP_KERNEL); | 91 | if (!serport) |
72 | if (unlikely(!serport || !serio)) { | ||
73 | kfree(serport); | ||
74 | kfree(serio); | ||
75 | return -ENOMEM; | 92 | return -ENOMEM; |
76 | } | ||
77 | 93 | ||
78 | memset(serport, 0, sizeof(struct serport)); | ||
79 | serport->serio = serio; | ||
80 | set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); | ||
81 | serport->tty = tty; | 94 | serport->tty = tty; |
82 | tty->disc_data = serport; | 95 | spin_lock_init(&serport->lock); |
83 | |||
84 | memset(serio, 0, sizeof(struct serio)); | ||
85 | strlcpy(serio->name, "Serial port", sizeof(serio->name)); | ||
86 | snprintf(serio->phys, sizeof(serio->phys), "%s/serio0", tty_name(tty, name)); | ||
87 | serio->id.type = SERIO_RS232; | ||
88 | serio->write = serport_serio_write; | ||
89 | serio->close = serport_serio_close; | ||
90 | serio->port_data = serport; | ||
91 | |||
92 | init_waitqueue_head(&serport->wait); | 96 | init_waitqueue_head(&serport->wait); |
93 | 97 | ||
98 | tty->disc_data = serport; | ||
99 | set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); | ||
100 | |||
94 | return 0; | 101 | return 0; |
95 | } | 102 | } |
96 | 103 | ||
@@ -100,7 +107,8 @@ static int serport_ldisc_open(struct tty_struct *tty) | |||
100 | 107 | ||
101 | static void serport_ldisc_close(struct tty_struct *tty) | 108 | static void serport_ldisc_close(struct tty_struct *tty) |
102 | { | 109 | { |
103 | struct serport *serport = (struct serport*) tty->disc_data; | 110 | struct serport *serport = (struct serport *) tty->disc_data; |
111 | |||
104 | kfree(serport); | 112 | kfree(serport); |
105 | } | 113 | } |
106 | 114 | ||
@@ -116,9 +124,19 @@ static void serport_ldisc_close(struct tty_struct *tty) | |||
116 | static void serport_ldisc_receive(struct tty_struct *tty, const unsigned char *cp, char *fp, int count) | 124 | static void serport_ldisc_receive(struct tty_struct *tty, const unsigned char *cp, char *fp, int count) |
117 | { | 125 | { |
118 | struct serport *serport = (struct serport*) tty->disc_data; | 126 | struct serport *serport = (struct serport*) tty->disc_data; |
127 | unsigned long flags; | ||
119 | int i; | 128 | int i; |
129 | |||
130 | spin_lock_irqsave(&serport->lock, flags); | ||
131 | |||
132 | if (!test_bit(SERPORT_ACTIVE, &serport->flags)) | ||
133 | goto out; | ||
134 | |||
120 | for (i = 0; i < count; i++) | 135 | for (i = 0; i < count; i++) |
121 | serio_interrupt(serport->serio, cp[i], 0, NULL); | 136 | serio_interrupt(serport->serio, cp[i], 0, NULL); |
137 | |||
138 | out: | ||
139 | spin_unlock_irqrestore(&serport->lock, flags); | ||
122 | } | 140 | } |
123 | 141 | ||
124 | /* | 142 | /* |
@@ -141,16 +159,33 @@ static int serport_ldisc_room(struct tty_struct *tty) | |||
141 | static ssize_t serport_ldisc_read(struct tty_struct * tty, struct file * file, unsigned char __user * buf, size_t nr) | 159 | static ssize_t serport_ldisc_read(struct tty_struct * tty, struct file * file, unsigned char __user * buf, size_t nr) |
142 | { | 160 | { |
143 | struct serport *serport = (struct serport*) tty->disc_data; | 161 | struct serport *serport = (struct serport*) tty->disc_data; |
162 | struct serio *serio; | ||
144 | char name[64]; | 163 | char name[64]; |
145 | 164 | ||
146 | if (test_and_set_bit(SERPORT_BUSY, &serport->flags)) | 165 | if (test_and_set_bit(SERPORT_BUSY, &serport->flags)) |
147 | return -EBUSY; | 166 | return -EBUSY; |
148 | 167 | ||
168 | serport->serio = serio = kcalloc(1, sizeof(struct serio), GFP_KERNEL); | ||
169 | if (!serio) | ||
170 | return -ENOMEM; | ||
171 | |||
172 | strlcpy(serio->name, "Serial port", sizeof(serio->name)); | ||
173 | snprintf(serio->phys, sizeof(serio->phys), "%s/serio0", tty_name(tty, name)); | ||
174 | serio->id = serport->id; | ||
175 | serio->id.type = SERIO_RS232; | ||
176 | serio->write = serport_serio_write; | ||
177 | serio->open = serport_serio_open; | ||
178 | serio->close = serport_serio_close; | ||
179 | serio->port_data = serport; | ||
180 | |||
149 | serio_register_port(serport->serio); | 181 | serio_register_port(serport->serio); |
150 | printk(KERN_INFO "serio: Serial port %s\n", tty_name(tty, name)); | 182 | printk(KERN_INFO "serio: Serial port %s\n", tty_name(tty, name)); |
151 | wait_event_interruptible(serport->wait, !serport->serio->id.type); | 183 | |
184 | wait_event_interruptible(serport->wait, test_bit(SERPORT_DEAD, &serport->flags)); | ||
152 | serio_unregister_port(serport->serio); | 185 | serio_unregister_port(serport->serio); |
186 | serport->serio = NULL; | ||
153 | 187 | ||
188 | clear_bit(SERPORT_DEAD, &serport->flags); | ||
154 | clear_bit(SERPORT_BUSY, &serport->flags); | 189 | clear_bit(SERPORT_BUSY, &serport->flags); |
155 | 190 | ||
156 | return 0; | 191 | return 0; |
@@ -163,16 +198,15 @@ static ssize_t serport_ldisc_read(struct tty_struct * tty, struct file * file, u | |||
163 | static int serport_ldisc_ioctl(struct tty_struct * tty, struct file * file, unsigned int cmd, unsigned long arg) | 198 | static int serport_ldisc_ioctl(struct tty_struct * tty, struct file * file, unsigned int cmd, unsigned long arg) |
164 | { | 199 | { |
165 | struct serport *serport = (struct serport*) tty->disc_data; | 200 | struct serport *serport = (struct serport*) tty->disc_data; |
166 | struct serio *serio = serport->serio; | ||
167 | unsigned long type; | 201 | unsigned long type; |
168 | 202 | ||
169 | if (cmd == SPIOCSTYPE) { | 203 | if (cmd == SPIOCSTYPE) { |
170 | if (get_user(type, (unsigned long __user *) arg)) | 204 | if (get_user(type, (unsigned long __user *) arg)) |
171 | return -EFAULT; | 205 | return -EFAULT; |
172 | 206 | ||
173 | serio->id.proto = type & 0x000000ff; | 207 | serport->id.proto = type & 0x000000ff; |
174 | serio->id.id = (type & 0x0000ff00) >> 8; | 208 | serport->id.id = (type & 0x0000ff00) >> 8; |
175 | serio->id.extra = (type & 0x00ff0000) >> 16; | 209 | serport->id.extra = (type & 0x00ff0000) >> 16; |
176 | 210 | ||
177 | return 0; | 211 | return 0; |
178 | } | 212 | } |
@@ -182,9 +216,13 @@ static int serport_ldisc_ioctl(struct tty_struct * tty, struct file * file, unsi | |||
182 | 216 | ||
183 | static void serport_ldisc_write_wakeup(struct tty_struct * tty) | 217 | static void serport_ldisc_write_wakeup(struct tty_struct * tty) |
184 | { | 218 | { |
185 | struct serport *sp = (struct serport *) tty->disc_data; | 219 | struct serport *serport = (struct serport *) tty->disc_data; |
220 | unsigned long flags; | ||
186 | 221 | ||
187 | serio_drv_write_wakeup(sp->serio); | 222 | spin_lock_irqsave(&serport->lock, flags); |
223 | if (test_bit(SERPORT_ACTIVE, &serport->flags)) | ||
224 | serio_drv_write_wakeup(serport->serio); | ||
225 | spin_unlock_irqrestore(&serport->lock, flags); | ||
188 | } | 226 | } |
189 | 227 | ||
190 | /* | 228 | /* |