aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPetr Vandrovec <petr@vandrovec.name>2007-05-06 22:14:47 -0400
committerStefan Richter <stefanr@s5r6.in-berlin.de>2007-07-09 18:07:37 -0400
commit883b97eaf2a3fba7628f9f78ca7dc422aaf9728b (patch)
treed7e4c1e569e29125f07380d8815b1706b8fb1a76
parentee9be425961c3ccf75553c83a73bf1f707e66d91 (diff)
ieee1394: raw1394: Fix write() for 32bit userland on 64bit kernel
* write(fd, buf, 52) from 32bit app was returning 56. Most of callers did not care, but some (arm registration) did, and anyway it looks bad if request for writing 52 bytes returns 56. And returning sizeof anything in 'int' is not good as well. So all functions now return '0' instead of sizeof(struct raw1394_request) on success, and write() itself provides correct return value (it just returns value it was asked to write on success as raw1394 does not do any partial writes at all). * Related to this was problem that write() could have returned 0 when kernel state would become corrupted and moved to different state than opened/initialized/connected. Now it returns -EBADFD which seemed appropriate. Signed-off-by: Petr Vandrovec <petr@vandrovec.name> Acked-by: Dan Dennedy <dan@dennedy.org> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (split into 3 patches)
-rw-r--r--drivers/ieee1394/raw1394.c65
1 files changed, 34 insertions, 31 deletions
diff --git a/drivers/ieee1394/raw1394.c b/drivers/ieee1394/raw1394.c
index 858fd9ba0143..94a3b6db589c 100644
--- a/drivers/ieee1394/raw1394.c
+++ b/drivers/ieee1394/raw1394.c
@@ -587,7 +587,7 @@ static int state_opened(struct file_info *fi, struct pending_request *req)
587 587
588 req->req.length = 0; 588 req->req.length = 0;
589 queue_complete_req(req); 589 queue_complete_req(req);
590 return sizeof(struct raw1394_request); 590 return 0;
591} 591}
592 592
593static int state_initialized(struct file_info *fi, struct pending_request *req) 593static int state_initialized(struct file_info *fi, struct pending_request *req)
@@ -601,7 +601,7 @@ static int state_initialized(struct file_info *fi, struct pending_request *req)
601 req->req.generation = atomic_read(&internal_generation); 601 req->req.generation = atomic_read(&internal_generation);
602 req->req.length = 0; 602 req->req.length = 0;
603 queue_complete_req(req); 603 queue_complete_req(req);
604 return sizeof(struct raw1394_request); 604 return 0;
605 } 605 }
606 606
607 switch (req->req.type) { 607 switch (req->req.type) {
@@ -673,7 +673,7 @@ out_set_card:
673 } 673 }
674 674
675 queue_complete_req(req); 675 queue_complete_req(req);
676 return sizeof(struct raw1394_request); 676 return 0;
677} 677}
678 678
679static void handle_iso_listen(struct file_info *fi, struct pending_request *req) 679static void handle_iso_listen(struct file_info *fi, struct pending_request *req)
@@ -865,7 +865,7 @@ static int handle_async_request(struct file_info *fi,
865 if (req->req.error) { 865 if (req->req.error) {
866 req->req.length = 0; 866 req->req.length = 0;
867 queue_complete_req(req); 867 queue_complete_req(req);
868 return sizeof(struct raw1394_request); 868 return 0;
869 } 869 }
870 870
871 hpsb_set_packet_complete_task(packet, 871 hpsb_set_packet_complete_task(packet,
@@ -883,7 +883,7 @@ static int handle_async_request(struct file_info *fi,
883 hpsb_free_tlabel(packet); 883 hpsb_free_tlabel(packet);
884 queue_complete_req(req); 884 queue_complete_req(req);
885 } 885 }
886 return sizeof(struct raw1394_request); 886 return 0;
887} 887}
888 888
889static int handle_iso_send(struct file_info *fi, struct pending_request *req, 889static int handle_iso_send(struct file_info *fi, struct pending_request *req,
@@ -907,7 +907,7 @@ static int handle_iso_send(struct file_info *fi, struct pending_request *req,
907 req->req.error = RAW1394_ERROR_MEMFAULT; 907 req->req.error = RAW1394_ERROR_MEMFAULT;
908 req->req.length = 0; 908 req->req.length = 0;
909 queue_complete_req(req); 909 queue_complete_req(req);
910 return sizeof(struct raw1394_request); 910 return 0;
911 } 911 }
912 912
913 req->req.length = 0; 913 req->req.length = 0;
@@ -927,7 +927,7 @@ static int handle_iso_send(struct file_info *fi, struct pending_request *req,
927 queue_complete_req(req); 927 queue_complete_req(req);
928 } 928 }
929 929
930 return sizeof(struct raw1394_request); 930 return 0;
931} 931}
932 932
933static int handle_async_send(struct file_info *fi, struct pending_request *req) 933static int handle_async_send(struct file_info *fi, struct pending_request *req)
@@ -943,7 +943,7 @@ static int handle_async_send(struct file_info *fi, struct pending_request *req)
943 req->req.error = RAW1394_ERROR_INVALID_ARG; 943 req->req.error = RAW1394_ERROR_INVALID_ARG;
944 req->req.length = 0; 944 req->req.length = 0;
945 queue_complete_req(req); 945 queue_complete_req(req);
946 return sizeof(struct raw1394_request); 946 return 0;
947 } 947 }
948 948
949 data_size = req->req.length - header_length; 949 data_size = req->req.length - header_length;
@@ -957,7 +957,7 @@ static int handle_async_send(struct file_info *fi, struct pending_request *req)
957 req->req.error = RAW1394_ERROR_MEMFAULT; 957 req->req.error = RAW1394_ERROR_MEMFAULT;
958 req->req.length = 0; 958 req->req.length = 0;
959 queue_complete_req(req); 959 queue_complete_req(req);
960 return sizeof(struct raw1394_request); 960 return 0;
961 } 961 }
962 962
963 if (copy_from_user 963 if (copy_from_user
@@ -966,7 +966,7 @@ static int handle_async_send(struct file_info *fi, struct pending_request *req)
966 req->req.error = RAW1394_ERROR_MEMFAULT; 966 req->req.error = RAW1394_ERROR_MEMFAULT;
967 req->req.length = 0; 967 req->req.length = 0;
968 queue_complete_req(req); 968 queue_complete_req(req);
969 return sizeof(struct raw1394_request); 969 return 0;
970 } 970 }
971 971
972 packet->type = hpsb_async; 972 packet->type = hpsb_async;
@@ -994,7 +994,7 @@ static int handle_async_send(struct file_info *fi, struct pending_request *req)
994 queue_complete_req(req); 994 queue_complete_req(req);
995 } 995 }
996 996
997 return sizeof(struct raw1394_request); 997 return 0;
998} 998}
999 999
1000static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer, 1000static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
@@ -1869,7 +1869,7 @@ static int arm_register(struct file_info *fi, struct pending_request *req)
1869 spin_lock_irqsave(&host_info_lock, flags); 1869 spin_lock_irqsave(&host_info_lock, flags);
1870 list_add_tail(&addr->addr_list, &fi->addr_list); 1870 list_add_tail(&addr->addr_list, &fi->addr_list);
1871 spin_unlock_irqrestore(&host_info_lock, flags); 1871 spin_unlock_irqrestore(&host_info_lock, flags);
1872 return sizeof(struct raw1394_request); 1872 return 0;
1873 } 1873 }
1874 retval = 1874 retval =
1875 hpsb_register_addrspace(&raw1394_highlevel, fi->host, &arm_ops, 1875 hpsb_register_addrspace(&raw1394_highlevel, fi->host, &arm_ops,
@@ -1887,7 +1887,7 @@ static int arm_register(struct file_info *fi, struct pending_request *req)
1887 return (-EALREADY); 1887 return (-EALREADY);
1888 } 1888 }
1889 free_pending_request(req); /* immediate success or fail */ 1889 free_pending_request(req); /* immediate success or fail */
1890 return sizeof(struct raw1394_request); 1890 return 0;
1891} 1891}
1892 1892
1893static int arm_unregister(struct file_info *fi, struct pending_request *req) 1893static int arm_unregister(struct file_info *fi, struct pending_request *req)
@@ -1955,7 +1955,7 @@ static int arm_unregister(struct file_info *fi, struct pending_request *req)
1955 vfree(addr->addr_space_buffer); 1955 vfree(addr->addr_space_buffer);
1956 kfree(addr); 1956 kfree(addr);
1957 free_pending_request(req); /* immediate success or fail */ 1957 free_pending_request(req); /* immediate success or fail */
1958 return sizeof(struct raw1394_request); 1958 return 0;
1959 } 1959 }
1960 retval = 1960 retval =
1961 hpsb_unregister_addrspace(&raw1394_highlevel, fi->host, 1961 hpsb_unregister_addrspace(&raw1394_highlevel, fi->host,
@@ -1971,7 +1971,7 @@ static int arm_unregister(struct file_info *fi, struct pending_request *req)
1971 vfree(addr->addr_space_buffer); 1971 vfree(addr->addr_space_buffer);
1972 kfree(addr); 1972 kfree(addr);
1973 free_pending_request(req); /* immediate success or fail */ 1973 free_pending_request(req); /* immediate success or fail */
1974 return sizeof(struct raw1394_request); 1974 return 0;
1975} 1975}
1976 1976
1977/* Copy data from ARM buffer(s) to user buffer. */ 1977/* Copy data from ARM buffer(s) to user buffer. */
@@ -2013,7 +2013,7 @@ static int arm_get_buf(struct file_info *fi, struct pending_request *req)
2013 * queue no response, and therefore nobody 2013 * queue no response, and therefore nobody
2014 * will free it. */ 2014 * will free it. */
2015 free_pending_request(req); 2015 free_pending_request(req);
2016 return sizeof(struct raw1394_request); 2016 return 0;
2017 } else { 2017 } else {
2018 DBGMSG("arm_get_buf request exceeded mapping"); 2018 DBGMSG("arm_get_buf request exceeded mapping");
2019 spin_unlock_irqrestore(&host_info_lock, flags); 2019 spin_unlock_irqrestore(&host_info_lock, flags);
@@ -2065,7 +2065,7 @@ static int arm_set_buf(struct file_info *fi, struct pending_request *req)
2065 * queue no response, and therefore nobody 2065 * queue no response, and therefore nobody
2066 * will free it. */ 2066 * will free it. */
2067 free_pending_request(req); 2067 free_pending_request(req);
2068 return sizeof(struct raw1394_request); 2068 return 0;
2069 } else { 2069 } else {
2070 DBGMSG("arm_set_buf request exceeded mapping"); 2070 DBGMSG("arm_set_buf request exceeded mapping");
2071 spin_unlock_irqrestore(&host_info_lock, flags); 2071 spin_unlock_irqrestore(&host_info_lock, flags);
@@ -2086,7 +2086,7 @@ static int reset_notification(struct file_info *fi, struct pending_request *req)
2086 (req->req.misc == RAW1394_NOTIFY_ON)) { 2086 (req->req.misc == RAW1394_NOTIFY_ON)) {
2087 fi->notification = (u8) req->req.misc; 2087 fi->notification = (u8) req->req.misc;
2088 free_pending_request(req); /* we have to free the request, because we queue no response, and therefore nobody will free it */ 2088 free_pending_request(req); /* we have to free the request, because we queue no response, and therefore nobody will free it */
2089 return sizeof(struct raw1394_request); 2089 return 0;
2090 } 2090 }
2091 /* error EINVAL (22) invalid argument */ 2091 /* error EINVAL (22) invalid argument */
2092 return (-EINVAL); 2092 return (-EINVAL);
@@ -2119,12 +2119,12 @@ static int write_phypacket(struct file_info *fi, struct pending_request *req)
2119 req->req.length = 0; 2119 req->req.length = 0;
2120 queue_complete_req(req); 2120 queue_complete_req(req);
2121 } 2121 }
2122 return sizeof(struct raw1394_request); 2122 return 0;
2123} 2123}
2124 2124
2125static int get_config_rom(struct file_info *fi, struct pending_request *req) 2125static int get_config_rom(struct file_info *fi, struct pending_request *req)
2126{ 2126{
2127 int ret = sizeof(struct raw1394_request); 2127 int ret = 0;
2128 quadlet_t *data = kmalloc(req->req.length, GFP_KERNEL); 2128 quadlet_t *data = kmalloc(req->req.length, GFP_KERNEL);
2129 int status; 2129 int status;
2130 2130
@@ -2154,7 +2154,7 @@ static int get_config_rom(struct file_info *fi, struct pending_request *req)
2154 2154
2155static int update_config_rom(struct file_info *fi, struct pending_request *req) 2155static int update_config_rom(struct file_info *fi, struct pending_request *req)
2156{ 2156{
2157 int ret = sizeof(struct raw1394_request); 2157 int ret = 0;
2158 quadlet_t *data = kmalloc(req->req.length, GFP_KERNEL); 2158 quadlet_t *data = kmalloc(req->req.length, GFP_KERNEL);
2159 if (!data) 2159 if (!data)
2160 return -ENOMEM; 2160 return -ENOMEM;
@@ -2221,7 +2221,7 @@ static int modify_config_rom(struct file_info *fi, struct pending_request *req)
2221 2221
2222 hpsb_update_config_rom_image(fi->host); 2222 hpsb_update_config_rom_image(fi->host);
2223 free_pending_request(req); 2223 free_pending_request(req);
2224 return sizeof(struct raw1394_request); 2224 return 0;
2225 } 2225 }
2226 } 2226 }
2227 2227
@@ -2286,7 +2286,7 @@ static int modify_config_rom(struct file_info *fi, struct pending_request *req)
2286 /* we have to free the request, because we queue no response, 2286 /* we have to free the request, because we queue no response,
2287 * and therefore nobody will free it */ 2287 * and therefore nobody will free it */
2288 free_pending_request(req); 2288 free_pending_request(req);
2289 return sizeof(struct raw1394_request); 2289 return 0;
2290 } else { 2290 } else {
2291 for (dentry = 2291 for (dentry =
2292 fi->csr1212_dirs[dr]->value.directory.dentries_head; 2292 fi->csr1212_dirs[dr]->value.directory.dentries_head;
@@ -2311,7 +2311,7 @@ static int state_connected(struct file_info *fi, struct pending_request *req)
2311 2311
2312 case RAW1394_REQ_ECHO: 2312 case RAW1394_REQ_ECHO:
2313 queue_complete_req(req); 2313 queue_complete_req(req);
2314 return sizeof(struct raw1394_request); 2314 return 0;
2315 2315
2316 case RAW1394_REQ_ISO_SEND: 2316 case RAW1394_REQ_ISO_SEND:
2317 print_old_iso_deprecation(); 2317 print_old_iso_deprecation();
@@ -2335,24 +2335,24 @@ static int state_connected(struct file_info *fi, struct pending_request *req)
2335 case RAW1394_REQ_ISO_LISTEN: 2335 case RAW1394_REQ_ISO_LISTEN:
2336 print_old_iso_deprecation(); 2336 print_old_iso_deprecation();
2337 handle_iso_listen(fi, req); 2337 handle_iso_listen(fi, req);
2338 return sizeof(struct raw1394_request); 2338 return 0;
2339 2339
2340 case RAW1394_REQ_FCP_LISTEN: 2340 case RAW1394_REQ_FCP_LISTEN:
2341 handle_fcp_listen(fi, req); 2341 handle_fcp_listen(fi, req);
2342 return sizeof(struct raw1394_request); 2342 return 0;
2343 2343
2344 case RAW1394_REQ_RESET_BUS: 2344 case RAW1394_REQ_RESET_BUS:
2345 if (req->req.misc == RAW1394_LONG_RESET) { 2345 if (req->req.misc == RAW1394_LONG_RESET) {
2346 DBGMSG("busreset called (type: LONG)"); 2346 DBGMSG("busreset called (type: LONG)");
2347 hpsb_reset_bus(fi->host, LONG_RESET); 2347 hpsb_reset_bus(fi->host, LONG_RESET);
2348 free_pending_request(req); /* we have to free the request, because we queue no response, and therefore nobody will free it */ 2348 free_pending_request(req); /* we have to free the request, because we queue no response, and therefore nobody will free it */
2349 return sizeof(struct raw1394_request); 2349 return 0;
2350 } 2350 }
2351 if (req->req.misc == RAW1394_SHORT_RESET) { 2351 if (req->req.misc == RAW1394_SHORT_RESET) {
2352 DBGMSG("busreset called (type: SHORT)"); 2352 DBGMSG("busreset called (type: SHORT)");
2353 hpsb_reset_bus(fi->host, SHORT_RESET); 2353 hpsb_reset_bus(fi->host, SHORT_RESET);
2354 free_pending_request(req); /* we have to free the request, because we queue no response, and therefore nobody will free it */ 2354 free_pending_request(req); /* we have to free the request, because we queue no response, and therefore nobody will free it */
2355 return sizeof(struct raw1394_request); 2355 return 0;
2356 } 2356 }
2357 /* error EINVAL (22) invalid argument */ 2357 /* error EINVAL (22) invalid argument */
2358 return (-EINVAL); 2358 return (-EINVAL);
@@ -2371,7 +2371,7 @@ static int state_connected(struct file_info *fi, struct pending_request *req)
2371 req->req.generation = get_hpsb_generation(fi->host); 2371 req->req.generation = get_hpsb_generation(fi->host);
2372 req->req.length = 0; 2372 req->req.length = 0;
2373 queue_complete_req(req); 2373 queue_complete_req(req);
2374 return sizeof(struct raw1394_request); 2374 return 0;
2375 } 2375 }
2376 2376
2377 switch (req->req.type) { 2377 switch (req->req.type) {
@@ -2384,7 +2384,7 @@ static int state_connected(struct file_info *fi, struct pending_request *req)
2384 if (req->req.length == 0) { 2384 if (req->req.length == 0) {
2385 req->req.error = RAW1394_ERROR_INVALID_ARG; 2385 req->req.error = RAW1394_ERROR_INVALID_ARG;
2386 queue_complete_req(req); 2386 queue_complete_req(req);
2387 return sizeof(struct raw1394_request); 2387 return 0;
2388 } 2388 }
2389 2389
2390 return handle_async_request(fi, req, node); 2390 return handle_async_request(fi, req, node);
@@ -2395,7 +2395,7 @@ static ssize_t raw1394_write(struct file *file, const char __user * buffer,
2395{ 2395{
2396 struct file_info *fi = (struct file_info *)file->private_data; 2396 struct file_info *fi = (struct file_info *)file->private_data;
2397 struct pending_request *req; 2397 struct pending_request *req;
2398 ssize_t retval = 0; 2398 ssize_t retval = -EBADFD;
2399 2399
2400#ifdef CONFIG_COMPAT 2400#ifdef CONFIG_COMPAT
2401 if (count == sizeof(struct compat_raw1394_req) && 2401 if (count == sizeof(struct compat_raw1394_req) &&
@@ -2437,6 +2437,9 @@ static ssize_t raw1394_write(struct file *file, const char __user * buffer,
2437 2437
2438 if (retval < 0) { 2438 if (retval < 0) {
2439 free_pending_request(req); 2439 free_pending_request(req);
2440 } else {
2441 BUG_ON(retval);
2442 retval = count;
2440 } 2443 }
2441 2444
2442 return retval; 2445 return retval;