diff options
| author | Hannes Reinecke <hare@suse.de> | 2012-04-16 09:06:25 -0400 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2012-04-18 18:39:52 -0400 |
| commit | a15d49fd3094cff90e5410ca454a870e0a722fe1 (patch) | |
| tree | f3e458fa4ce3524f756e0faa48d5ed2400c022bf | |
| parent | 97ec448aeadff55234368a89c4a07a7ef290a084 (diff) | |
driver core: check start node in klist_iter_init_node
klist_iter_init_node() takes a node as a start argument.
However, this node might not be valid anymore.
This patch updates the klist_iter_init_node() and
dependent functions to return an error if so.
All calling functions have been audited to check
for a return code here.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Cc: Greg Kroah-Hartmann <gregkh@linuxfoundation.org>
Cc: Kay Sievers <kay@vrfy.org>
Cc: Stable Kernel <stable@kernel.org>
Cc: Linux Kernel <linux-kernel@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | drivers/base/bus.c | 46 | ||||
| -rw-r--r-- | drivers/base/class.c | 32 | ||||
| -rw-r--r-- | drivers/base/driver.c | 18 | ||||
| -rw-r--r-- | include/linux/device.h | 10 | ||||
| -rw-r--r-- | include/linux/klist.h | 2 | ||||
| -rw-r--r-- | lib/klist.c | 14 |
6 files changed, 76 insertions, 46 deletions
diff --git a/drivers/base/bus.c b/drivers/base/bus.c index 2bcef657a60c..76aed01a8b2c 100644 --- a/drivers/base/bus.c +++ b/drivers/base/bus.c | |||
| @@ -296,11 +296,13 @@ int bus_for_each_dev(struct bus_type *bus, struct device *start, | |||
| 296 | if (!bus) | 296 | if (!bus) |
| 297 | return -EINVAL; | 297 | return -EINVAL; |
| 298 | 298 | ||
| 299 | klist_iter_init_node(&bus->p->klist_devices, &i, | 299 | error = klist_iter_init_node(&bus->p->klist_devices, &i, |
| 300 | (start ? &start->p->knode_bus : NULL)); | 300 | (start ? &start->p->knode_bus : NULL)); |
| 301 | while ((dev = next_device(&i)) && !error) | 301 | if (!error) { |
| 302 | error = fn(dev, data); | 302 | while ((dev = next_device(&i)) && !error) |
| 303 | klist_iter_exit(&i); | 303 | error = fn(dev, data); |
| 304 | klist_iter_exit(&i); | ||
| 305 | } | ||
| 304 | return error; | 306 | return error; |
| 305 | } | 307 | } |
| 306 | EXPORT_SYMBOL_GPL(bus_for_each_dev); | 308 | EXPORT_SYMBOL_GPL(bus_for_each_dev); |
| @@ -330,8 +332,10 @@ struct device *bus_find_device(struct bus_type *bus, | |||
| 330 | if (!bus) | 332 | if (!bus) |
| 331 | return NULL; | 333 | return NULL; |
| 332 | 334 | ||
| 333 | klist_iter_init_node(&bus->p->klist_devices, &i, | 335 | if (klist_iter_init_node(&bus->p->klist_devices, &i, |
| 334 | (start ? &start->p->knode_bus : NULL)); | 336 | (start ? &start->p->knode_bus : NULL)) < 0) |
| 337 | return NULL; | ||
| 338 | |||
| 335 | while ((dev = next_device(&i))) | 339 | while ((dev = next_device(&i))) |
| 336 | if (match(dev, data) && get_device(dev)) | 340 | if (match(dev, data) && get_device(dev)) |
| 337 | break; | 341 | break; |
| @@ -384,7 +388,9 @@ struct device *subsys_find_device_by_id(struct bus_type *subsys, unsigned int id | |||
| 384 | return NULL; | 388 | return NULL; |
| 385 | 389 | ||
| 386 | if (hint) { | 390 | if (hint) { |
| 387 | klist_iter_init_node(&subsys->p->klist_devices, &i, &hint->p->knode_bus); | 391 | if (klist_iter_init_node(&subsys->p->klist_devices, &i, |
| 392 | &hint->p->knode_bus) < 0) | ||
| 393 | return NULL; | ||
| 388 | dev = next_device(&i); | 394 | dev = next_device(&i); |
| 389 | if (dev && dev->id == id && get_device(dev)) { | 395 | if (dev && dev->id == id && get_device(dev)) { |
| 390 | klist_iter_exit(&i); | 396 | klist_iter_exit(&i); |
| @@ -446,11 +452,13 @@ int bus_for_each_drv(struct bus_type *bus, struct device_driver *start, | |||
| 446 | if (!bus) | 452 | if (!bus) |
| 447 | return -EINVAL; | 453 | return -EINVAL; |
| 448 | 454 | ||
| 449 | klist_iter_init_node(&bus->p->klist_drivers, &i, | 455 | error = klist_iter_init_node(&bus->p->klist_drivers, &i, |
| 450 | start ? &start->p->knode_bus : NULL); | 456 | start ? &start->p->knode_bus : NULL); |
| 451 | while ((drv = next_driver(&i)) && !error) | 457 | if (!error) { |
| 452 | error = fn(drv, data); | 458 | while ((drv = next_driver(&i)) && !error) |
| 453 | klist_iter_exit(&i); | 459 | error = fn(drv, data); |
| 460 | klist_iter_exit(&i); | ||
| 461 | } | ||
| 454 | return error; | 462 | return error; |
| 455 | } | 463 | } |
| 456 | EXPORT_SYMBOL_GPL(bus_for_each_drv); | 464 | EXPORT_SYMBOL_GPL(bus_for_each_drv); |
| @@ -1111,15 +1119,19 @@ EXPORT_SYMBOL_GPL(bus_sort_breadthfirst); | |||
| 1111 | * otherwise if it is NULL, the iteration starts at the beginning of | 1119 | * otherwise if it is NULL, the iteration starts at the beginning of |
| 1112 | * the list. | 1120 | * the list. |
| 1113 | */ | 1121 | */ |
| 1114 | void subsys_dev_iter_init(struct subsys_dev_iter *iter, struct bus_type *subsys, | 1122 | int subsys_dev_iter_init(struct subsys_dev_iter *iter, struct bus_type *subsys, |
| 1115 | struct device *start, const struct device_type *type) | 1123 | struct device *start, const struct device_type *type) |
| 1116 | { | 1124 | { |
| 1117 | struct klist_node *start_knode = NULL; | 1125 | struct klist_node *start_knode = NULL; |
| 1126 | int error; | ||
| 1118 | 1127 | ||
| 1119 | if (start) | 1128 | if (start) |
| 1120 | start_knode = &start->p->knode_bus; | 1129 | start_knode = &start->p->knode_bus; |
| 1121 | klist_iter_init_node(&subsys->p->klist_devices, &iter->ki, start_knode); | 1130 | error = klist_iter_init_node(&subsys->p->klist_devices, &iter->ki, |
| 1122 | iter->type = type; | 1131 | start_knode); |
| 1132 | if (!error) | ||
| 1133 | iter->type = type; | ||
| 1134 | return error; | ||
| 1123 | } | 1135 | } |
| 1124 | EXPORT_SYMBOL_GPL(subsys_dev_iter_init); | 1136 | EXPORT_SYMBOL_GPL(subsys_dev_iter_init); |
| 1125 | 1137 | ||
diff --git a/drivers/base/class.c b/drivers/base/class.c index 03243d4002fd..23dbc661d4a0 100644 --- a/drivers/base/class.c +++ b/drivers/base/class.c | |||
| @@ -301,15 +301,20 @@ void class_destroy(struct class *cls) | |||
| 301 | * otherwise if it is NULL, the iteration starts at the beginning of | 301 | * otherwise if it is NULL, the iteration starts at the beginning of |
| 302 | * the list. | 302 | * the list. |
| 303 | */ | 303 | */ |
| 304 | void class_dev_iter_init(struct class_dev_iter *iter, struct class *class, | 304 | int class_dev_iter_init(struct class_dev_iter *iter, struct class *class, |
| 305 | struct device *start, const struct device_type *type) | 305 | struct device *start, const struct device_type *type) |
| 306 | { | 306 | { |
| 307 | struct klist_node *start_knode = NULL; | 307 | struct klist_node *start_knode = NULL; |
| 308 | int error; | ||
| 308 | 309 | ||
| 309 | if (start) | 310 | if (start) |
| 310 | start_knode = &start->knode_class; | 311 | start_knode = &start->knode_class; |
| 311 | klist_iter_init_node(&class->p->klist_devices, &iter->ki, start_knode); | 312 | error = klist_iter_init_node(&class->p->klist_devices, &iter->ki, |
| 312 | iter->type = type; | 313 | start_knode); |
| 314 | if (!error) | ||
| 315 | iter->type = type; | ||
| 316 | |||
| 317 | return error; | ||
| 313 | } | 318 | } |
| 314 | EXPORT_SYMBOL_GPL(class_dev_iter_init); | 319 | EXPORT_SYMBOL_GPL(class_dev_iter_init); |
| 315 | 320 | ||
| @@ -387,14 +392,15 @@ int class_for_each_device(struct class *class, struct device *start, | |||
| 387 | return -EINVAL; | 392 | return -EINVAL; |
| 388 | } | 393 | } |
| 389 | 394 | ||
| 390 | class_dev_iter_init(&iter, class, start, NULL); | 395 | error = class_dev_iter_init(&iter, class, start, NULL); |
| 391 | while ((dev = class_dev_iter_next(&iter))) { | 396 | if (!error) { |
| 392 | error = fn(dev, data); | 397 | while ((dev = class_dev_iter_next(&iter))) { |
| 393 | if (error) | 398 | error = fn(dev, data); |
| 394 | break; | 399 | if (error) |
| 400 | break; | ||
| 401 | } | ||
| 402 | class_dev_iter_exit(&iter); | ||
| 395 | } | 403 | } |
| 396 | class_dev_iter_exit(&iter); | ||
| 397 | |||
| 398 | return error; | 404 | return error; |
| 399 | } | 405 | } |
| 400 | EXPORT_SYMBOL_GPL(class_for_each_device); | 406 | EXPORT_SYMBOL_GPL(class_for_each_device); |
| @@ -434,7 +440,9 @@ struct device *class_find_device(struct class *class, struct device *start, | |||
| 434 | return NULL; | 440 | return NULL; |
| 435 | } | 441 | } |
| 436 | 442 | ||
| 437 | class_dev_iter_init(&iter, class, start, NULL); | 443 | if (class_dev_iter_init(&iter, class, start, NULL) < 0) |
| 444 | return NULL; | ||
| 445 | |||
| 438 | while ((dev = class_dev_iter_next(&iter))) { | 446 | while ((dev = class_dev_iter_next(&iter))) { |
| 439 | if (match(dev, data)) { | 447 | if (match(dev, data)) { |
| 440 | get_device(dev); | 448 | get_device(dev); |
diff --git a/drivers/base/driver.c b/drivers/base/driver.c index 3ec3896c83a6..16f6dd2c4403 100644 --- a/drivers/base/driver.c +++ b/drivers/base/driver.c | |||
| @@ -49,11 +49,13 @@ int driver_for_each_device(struct device_driver *drv, struct device *start, | |||
| 49 | if (!drv) | 49 | if (!drv) |
| 50 | return -EINVAL; | 50 | return -EINVAL; |
| 51 | 51 | ||
| 52 | klist_iter_init_node(&drv->p->klist_devices, &i, | 52 | error = klist_iter_init_node(&drv->p->klist_devices, &i, |
| 53 | start ? &start->p->knode_driver : NULL); | 53 | start ? &start->p->knode_driver : NULL); |
| 54 | while ((dev = next_device(&i)) && !error) | 54 | if (!error) { |
| 55 | error = fn(dev, data); | 55 | while ((dev = next_device(&i)) && !error) |
| 56 | klist_iter_exit(&i); | 56 | error = fn(dev, data); |
| 57 | klist_iter_exit(&i); | ||
| 58 | } | ||
| 57 | return error; | 59 | return error; |
| 58 | } | 60 | } |
| 59 | EXPORT_SYMBOL_GPL(driver_for_each_device); | 61 | EXPORT_SYMBOL_GPL(driver_for_each_device); |
| @@ -83,8 +85,10 @@ struct device *driver_find_device(struct device_driver *drv, | |||
| 83 | if (!drv) | 85 | if (!drv) |
| 84 | return NULL; | 86 | return NULL; |
| 85 | 87 | ||
| 86 | klist_iter_init_node(&drv->p->klist_devices, &i, | 88 | if (klist_iter_init_node(&drv->p->klist_devices, &i, |
| 87 | (start ? &start->p->knode_driver : NULL)); | 89 | (start ? &start->p->knode_driver : NULL)) < 0) |
| 90 | return NULL; | ||
| 91 | |||
| 88 | while ((dev = next_device(&i))) | 92 | while ((dev = next_device(&i))) |
| 89 | if (match(dev, data) && get_device(dev)) | 93 | if (match(dev, data) && get_device(dev)) |
| 90 | break; | 94 | break; |
diff --git a/include/linux/device.h b/include/linux/device.h index 5ad17cccdd71..50429b911b21 100644 --- a/include/linux/device.h +++ b/include/linux/device.h | |||
| @@ -128,7 +128,7 @@ struct subsys_dev_iter { | |||
| 128 | struct klist_iter ki; | 128 | struct klist_iter ki; |
| 129 | const struct device_type *type; | 129 | const struct device_type *type; |
| 130 | }; | 130 | }; |
| 131 | void subsys_dev_iter_init(struct subsys_dev_iter *iter, | 131 | int subsys_dev_iter_init(struct subsys_dev_iter *iter, |
| 132 | struct bus_type *subsys, | 132 | struct bus_type *subsys, |
| 133 | struct device *start, | 133 | struct device *start, |
| 134 | const struct device_type *type); | 134 | const struct device_type *type); |
| @@ -380,10 +380,10 @@ int class_compat_create_link(struct class_compat *cls, struct device *dev, | |||
| 380 | void class_compat_remove_link(struct class_compat *cls, struct device *dev, | 380 | void class_compat_remove_link(struct class_compat *cls, struct device *dev, |
| 381 | struct device *device_link); | 381 | struct device *device_link); |
| 382 | 382 | ||
| 383 | extern void class_dev_iter_init(struct class_dev_iter *iter, | 383 | extern int class_dev_iter_init(struct class_dev_iter *iter, |
| 384 | struct class *class, | 384 | struct class *class, |
| 385 | struct device *start, | 385 | struct device *start, |
| 386 | const struct device_type *type); | 386 | const struct device_type *type); |
| 387 | extern struct device *class_dev_iter_next(struct class_dev_iter *iter); | 387 | extern struct device *class_dev_iter_next(struct class_dev_iter *iter); |
| 388 | extern void class_dev_iter_exit(struct class_dev_iter *iter); | 388 | extern void class_dev_iter_exit(struct class_dev_iter *iter); |
| 389 | 389 | ||
diff --git a/include/linux/klist.h b/include/linux/klist.h index a370ce57cf1d..9f633230f189 100644 --- a/include/linux/klist.h +++ b/include/linux/klist.h | |||
| @@ -60,7 +60,7 @@ struct klist_iter { | |||
| 60 | 60 | ||
| 61 | 61 | ||
| 62 | extern void klist_iter_init(struct klist *k, struct klist_iter *i); | 62 | extern void klist_iter_init(struct klist *k, struct klist_iter *i); |
| 63 | extern void klist_iter_init_node(struct klist *k, struct klist_iter *i, | 63 | extern int klist_iter_init_node(struct klist *k, struct klist_iter *i, |
| 64 | struct klist_node *n); | 64 | struct klist_node *n); |
| 65 | extern void klist_iter_exit(struct klist_iter *i); | 65 | extern void klist_iter_exit(struct klist_iter *i); |
| 66 | extern struct klist_node *klist_next(struct klist_iter *i); | 66 | extern struct klist_node *klist_next(struct klist_iter *i); |
diff --git a/lib/klist.c b/lib/klist.c index 0874e41609a6..a2741a7d9784 100644 --- a/lib/klist.c +++ b/lib/klist.c | |||
| @@ -278,13 +278,19 @@ EXPORT_SYMBOL_GPL(klist_node_attached); | |||
| 278 | * Similar to klist_iter_init(), but starts the action off with @n, | 278 | * Similar to klist_iter_init(), but starts the action off with @n, |
| 279 | * instead of with the list head. | 279 | * instead of with the list head. |
| 280 | */ | 280 | */ |
| 281 | void klist_iter_init_node(struct klist *k, struct klist_iter *i, | 281 | int klist_iter_init_node(struct klist *k, struct klist_iter *i, |
| 282 | struct klist_node *n) | 282 | struct klist_node *n) |
| 283 | { | 283 | { |
| 284 | if (n) { | ||
| 285 | kref_get(&n->n_ref); | ||
| 286 | if (!n->n_klist) { | ||
| 287 | kref_put(&n->n_ref); | ||
| 288 | return -ENODEV; | ||
| 289 | } | ||
| 290 | } | ||
| 284 | i->i_klist = k; | 291 | i->i_klist = k; |
| 285 | i->i_cur = n; | 292 | i->i_cur = n; |
| 286 | if (n) | 293 | return 0; |
| 287 | kref_get(&n->n_ref); | ||
| 288 | } | 294 | } |
| 289 | EXPORT_SYMBOL_GPL(klist_iter_init_node); | 295 | EXPORT_SYMBOL_GPL(klist_iter_init_node); |
| 290 | 296 | ||