diff options
author | Petr Vandrovec <petr@vandrovec.name> | 2007-05-06 22:14:47 -0400 |
---|---|---|
committer | Stefan Richter <stefanr@s5r6.in-berlin.de> | 2007-07-09 18:07:37 -0400 |
commit | 883b97eaf2a3fba7628f9f78ca7dc422aaf9728b (patch) | |
tree | d7e4c1e569e29125f07380d8815b1706b8fb1a76 /drivers | |
parent | ee9be425961c3ccf75553c83a73bf1f707e66d91 (diff) |
ieee1394: raw1394: Fix write() for 32bit userland on 64bit kernel
* write(fd, buf, 52) from 32bit app was returning 56. Most of callers did not
care, but some (arm registration) did, and anyway it looks bad if request for
writing 52 bytes returns 56. And returning sizeof anything in 'int' is not
good as well. So all functions now return '0' instead of
sizeof(struct raw1394_request) on success, and write() itself provides correct
return value (it just returns value it was asked to write on success as raw1394
does not do any partial writes at all).
* Related to this was problem that write() could have returned 0 when kernel
state would become corrupted and moved to different state than
opened/initialized/connected. Now it returns -EBADFD which seemed appropriate.
Signed-off-by: Petr Vandrovec <petr@vandrovec.name>
Acked-by: Dan Dennedy <dan@dennedy.org>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (split into 3 patches)
Diffstat (limited to 'drivers')
-rw-r--r-- | drivers/ieee1394/raw1394.c | 65 |
1 files changed, 34 insertions, 31 deletions
diff --git a/drivers/ieee1394/raw1394.c b/drivers/ieee1394/raw1394.c index 858fd9ba0143..94a3b6db589c 100644 --- a/drivers/ieee1394/raw1394.c +++ b/drivers/ieee1394/raw1394.c | |||
@@ -587,7 +587,7 @@ static int state_opened(struct file_info *fi, struct pending_request *req) | |||
587 | 587 | ||
588 | req->req.length = 0; | 588 | req->req.length = 0; |
589 | queue_complete_req(req); | 589 | queue_complete_req(req); |
590 | return sizeof(struct raw1394_request); | 590 | return 0; |
591 | } | 591 | } |
592 | 592 | ||
593 | static int state_initialized(struct file_info *fi, struct pending_request *req) | 593 | static int state_initialized(struct file_info *fi, struct pending_request *req) |
@@ -601,7 +601,7 @@ static int state_initialized(struct file_info *fi, struct pending_request *req) | |||
601 | req->req.generation = atomic_read(&internal_generation); | 601 | req->req.generation = atomic_read(&internal_generation); |
602 | req->req.length = 0; | 602 | req->req.length = 0; |
603 | queue_complete_req(req); | 603 | queue_complete_req(req); |
604 | return sizeof(struct raw1394_request); | 604 | return 0; |
605 | } | 605 | } |
606 | 606 | ||
607 | switch (req->req.type) { | 607 | switch (req->req.type) { |
@@ -673,7 +673,7 @@ out_set_card: | |||
673 | } | 673 | } |
674 | 674 | ||
675 | queue_complete_req(req); | 675 | queue_complete_req(req); |
676 | return sizeof(struct raw1394_request); | 676 | return 0; |
677 | } | 677 | } |
678 | 678 | ||
679 | static void handle_iso_listen(struct file_info *fi, struct pending_request *req) | 679 | static void handle_iso_listen(struct file_info *fi, struct pending_request *req) |
@@ -865,7 +865,7 @@ static int handle_async_request(struct file_info *fi, | |||
865 | if (req->req.error) { | 865 | if (req->req.error) { |
866 | req->req.length = 0; | 866 | req->req.length = 0; |
867 | queue_complete_req(req); | 867 | queue_complete_req(req); |
868 | return sizeof(struct raw1394_request); | 868 | return 0; |
869 | } | 869 | } |
870 | 870 | ||
871 | hpsb_set_packet_complete_task(packet, | 871 | hpsb_set_packet_complete_task(packet, |
@@ -883,7 +883,7 @@ static int handle_async_request(struct file_info *fi, | |||
883 | hpsb_free_tlabel(packet); | 883 | hpsb_free_tlabel(packet); |
884 | queue_complete_req(req); | 884 | queue_complete_req(req); |
885 | } | 885 | } |
886 | return sizeof(struct raw1394_request); | 886 | return 0; |
887 | } | 887 | } |
888 | 888 | ||
889 | static int handle_iso_send(struct file_info *fi, struct pending_request *req, | 889 | static int handle_iso_send(struct file_info *fi, struct pending_request *req, |
@@ -907,7 +907,7 @@ static int handle_iso_send(struct file_info *fi, struct pending_request *req, | |||
907 | req->req.error = RAW1394_ERROR_MEMFAULT; | 907 | req->req.error = RAW1394_ERROR_MEMFAULT; |
908 | req->req.length = 0; | 908 | req->req.length = 0; |
909 | queue_complete_req(req); | 909 | queue_complete_req(req); |
910 | return sizeof(struct raw1394_request); | 910 | return 0; |
911 | } | 911 | } |
912 | 912 | ||
913 | req->req.length = 0; | 913 | req->req.length = 0; |
@@ -927,7 +927,7 @@ static int handle_iso_send(struct file_info *fi, struct pending_request *req, | |||
927 | queue_complete_req(req); | 927 | queue_complete_req(req); |
928 | } | 928 | } |
929 | 929 | ||
930 | return sizeof(struct raw1394_request); | 930 | return 0; |
931 | } | 931 | } |
932 | 932 | ||
933 | static int handle_async_send(struct file_info *fi, struct pending_request *req) | 933 | static int handle_async_send(struct file_info *fi, struct pending_request *req) |
@@ -943,7 +943,7 @@ static int handle_async_send(struct file_info *fi, struct pending_request *req) | |||
943 | req->req.error = RAW1394_ERROR_INVALID_ARG; | 943 | req->req.error = RAW1394_ERROR_INVALID_ARG; |
944 | req->req.length = 0; | 944 | req->req.length = 0; |
945 | queue_complete_req(req); | 945 | queue_complete_req(req); |
946 | return sizeof(struct raw1394_request); | 946 | return 0; |
947 | } | 947 | } |
948 | 948 | ||
949 | data_size = req->req.length - header_length; | 949 | data_size = req->req.length - header_length; |
@@ -957,7 +957,7 @@ static int handle_async_send(struct file_info *fi, struct pending_request *req) | |||
957 | req->req.error = RAW1394_ERROR_MEMFAULT; | 957 | req->req.error = RAW1394_ERROR_MEMFAULT; |
958 | req->req.length = 0; | 958 | req->req.length = 0; |
959 | queue_complete_req(req); | 959 | queue_complete_req(req); |
960 | return sizeof(struct raw1394_request); | 960 | return 0; |
961 | } | 961 | } |
962 | 962 | ||
963 | if (copy_from_user | 963 | if (copy_from_user |
@@ -966,7 +966,7 @@ static int handle_async_send(struct file_info *fi, struct pending_request *req) | |||
966 | req->req.error = RAW1394_ERROR_MEMFAULT; | 966 | req->req.error = RAW1394_ERROR_MEMFAULT; |
967 | req->req.length = 0; | 967 | req->req.length = 0; |
968 | queue_complete_req(req); | 968 | queue_complete_req(req); |
969 | return sizeof(struct raw1394_request); | 969 | return 0; |
970 | } | 970 | } |
971 | 971 | ||
972 | packet->type = hpsb_async; | 972 | packet->type = hpsb_async; |
@@ -994,7 +994,7 @@ static int handle_async_send(struct file_info *fi, struct pending_request *req) | |||
994 | queue_complete_req(req); | 994 | queue_complete_req(req); |
995 | } | 995 | } |
996 | 996 | ||
997 | return sizeof(struct raw1394_request); | 997 | return 0; |
998 | } | 998 | } |
999 | 999 | ||
1000 | static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer, | 1000 | static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer, |
@@ -1869,7 +1869,7 @@ static int arm_register(struct file_info *fi, struct pending_request *req) | |||
1869 | spin_lock_irqsave(&host_info_lock, flags); | 1869 | spin_lock_irqsave(&host_info_lock, flags); |
1870 | list_add_tail(&addr->addr_list, &fi->addr_list); | 1870 | list_add_tail(&addr->addr_list, &fi->addr_list); |
1871 | spin_unlock_irqrestore(&host_info_lock, flags); | 1871 | spin_unlock_irqrestore(&host_info_lock, flags); |
1872 | return sizeof(struct raw1394_request); | 1872 | return 0; |
1873 | } | 1873 | } |
1874 | retval = | 1874 | retval = |
1875 | hpsb_register_addrspace(&raw1394_highlevel, fi->host, &arm_ops, | 1875 | hpsb_register_addrspace(&raw1394_highlevel, fi->host, &arm_ops, |
@@ -1887,7 +1887,7 @@ static int arm_register(struct file_info *fi, struct pending_request *req) | |||
1887 | return (-EALREADY); | 1887 | return (-EALREADY); |
1888 | } | 1888 | } |
1889 | free_pending_request(req); /* immediate success or fail */ | 1889 | free_pending_request(req); /* immediate success or fail */ |
1890 | return sizeof(struct raw1394_request); | 1890 | return 0; |
1891 | } | 1891 | } |
1892 | 1892 | ||
1893 | static int arm_unregister(struct file_info *fi, struct pending_request *req) | 1893 | static int arm_unregister(struct file_info *fi, struct pending_request *req) |
@@ -1955,7 +1955,7 @@ static int arm_unregister(struct file_info *fi, struct pending_request *req) | |||
1955 | vfree(addr->addr_space_buffer); | 1955 | vfree(addr->addr_space_buffer); |
1956 | kfree(addr); | 1956 | kfree(addr); |
1957 | free_pending_request(req); /* immediate success or fail */ | 1957 | free_pending_request(req); /* immediate success or fail */ |
1958 | return sizeof(struct raw1394_request); | 1958 | return 0; |
1959 | } | 1959 | } |
1960 | retval = | 1960 | retval = |
1961 | hpsb_unregister_addrspace(&raw1394_highlevel, fi->host, | 1961 | hpsb_unregister_addrspace(&raw1394_highlevel, fi->host, |
@@ -1971,7 +1971,7 @@ static int arm_unregister(struct file_info *fi, struct pending_request *req) | |||
1971 | vfree(addr->addr_space_buffer); | 1971 | vfree(addr->addr_space_buffer); |
1972 | kfree(addr); | 1972 | kfree(addr); |
1973 | free_pending_request(req); /* immediate success or fail */ | 1973 | free_pending_request(req); /* immediate success or fail */ |
1974 | return sizeof(struct raw1394_request); | 1974 | return 0; |
1975 | } | 1975 | } |
1976 | 1976 | ||
1977 | /* Copy data from ARM buffer(s) to user buffer. */ | 1977 | /* Copy data from ARM buffer(s) to user buffer. */ |
@@ -2013,7 +2013,7 @@ static int arm_get_buf(struct file_info *fi, struct pending_request *req) | |||
2013 | * queue no response, and therefore nobody | 2013 | * queue no response, and therefore nobody |
2014 | * will free it. */ | 2014 | * will free it. */ |
2015 | free_pending_request(req); | 2015 | free_pending_request(req); |
2016 | return sizeof(struct raw1394_request); | 2016 | return 0; |
2017 | } else { | 2017 | } else { |
2018 | DBGMSG("arm_get_buf request exceeded mapping"); | 2018 | DBGMSG("arm_get_buf request exceeded mapping"); |
2019 | spin_unlock_irqrestore(&host_info_lock, flags); | 2019 | spin_unlock_irqrestore(&host_info_lock, flags); |
@@ -2065,7 +2065,7 @@ static int arm_set_buf(struct file_info *fi, struct pending_request *req) | |||
2065 | * queue no response, and therefore nobody | 2065 | * queue no response, and therefore nobody |
2066 | * will free it. */ | 2066 | * will free it. */ |
2067 | free_pending_request(req); | 2067 | free_pending_request(req); |
2068 | return sizeof(struct raw1394_request); | 2068 | return 0; |
2069 | } else { | 2069 | } else { |
2070 | DBGMSG("arm_set_buf request exceeded mapping"); | 2070 | DBGMSG("arm_set_buf request exceeded mapping"); |
2071 | spin_unlock_irqrestore(&host_info_lock, flags); | 2071 | spin_unlock_irqrestore(&host_info_lock, flags); |
@@ -2086,7 +2086,7 @@ static int reset_notification(struct file_info *fi, struct pending_request *req) | |||
2086 | (req->req.misc == RAW1394_NOTIFY_ON)) { | 2086 | (req->req.misc == RAW1394_NOTIFY_ON)) { |
2087 | fi->notification = (u8) req->req.misc; | 2087 | fi->notification = (u8) req->req.misc; |
2088 | free_pending_request(req); /* we have to free the request, because we queue no response, and therefore nobody will free it */ | 2088 | free_pending_request(req); /* we have to free the request, because we queue no response, and therefore nobody will free it */ |
2089 | return sizeof(struct raw1394_request); | 2089 | return 0; |
2090 | } | 2090 | } |
2091 | /* error EINVAL (22) invalid argument */ | 2091 | /* error EINVAL (22) invalid argument */ |
2092 | return (-EINVAL); | 2092 | return (-EINVAL); |
@@ -2119,12 +2119,12 @@ static int write_phypacket(struct file_info *fi, struct pending_request *req) | |||
2119 | req->req.length = 0; | 2119 | req->req.length = 0; |
2120 | queue_complete_req(req); | 2120 | queue_complete_req(req); |
2121 | } | 2121 | } |
2122 | return sizeof(struct raw1394_request); | 2122 | return 0; |
2123 | } | 2123 | } |
2124 | 2124 | ||
2125 | static int get_config_rom(struct file_info *fi, struct pending_request *req) | 2125 | static int get_config_rom(struct file_info *fi, struct pending_request *req) |
2126 | { | 2126 | { |
2127 | int ret = sizeof(struct raw1394_request); | 2127 | int ret = 0; |
2128 | quadlet_t *data = kmalloc(req->req.length, GFP_KERNEL); | 2128 | quadlet_t *data = kmalloc(req->req.length, GFP_KERNEL); |
2129 | int status; | 2129 | int status; |
2130 | 2130 | ||
@@ -2154,7 +2154,7 @@ static int get_config_rom(struct file_info *fi, struct pending_request *req) | |||
2154 | 2154 | ||
2155 | static int update_config_rom(struct file_info *fi, struct pending_request *req) | 2155 | static int update_config_rom(struct file_info *fi, struct pending_request *req) |
2156 | { | 2156 | { |
2157 | int ret = sizeof(struct raw1394_request); | 2157 | int ret = 0; |
2158 | quadlet_t *data = kmalloc(req->req.length, GFP_KERNEL); | 2158 | quadlet_t *data = kmalloc(req->req.length, GFP_KERNEL); |
2159 | if (!data) | 2159 | if (!data) |
2160 | return -ENOMEM; | 2160 | return -ENOMEM; |
@@ -2221,7 +2221,7 @@ static int modify_config_rom(struct file_info *fi, struct pending_request *req) | |||
2221 | 2221 | ||
2222 | hpsb_update_config_rom_image(fi->host); | 2222 | hpsb_update_config_rom_image(fi->host); |
2223 | free_pending_request(req); | 2223 | free_pending_request(req); |
2224 | return sizeof(struct raw1394_request); | 2224 | return 0; |
2225 | } | 2225 | } |
2226 | } | 2226 | } |
2227 | 2227 | ||
@@ -2286,7 +2286,7 @@ static int modify_config_rom(struct file_info *fi, struct pending_request *req) | |||
2286 | /* we have to free the request, because we queue no response, | 2286 | /* we have to free the request, because we queue no response, |
2287 | * and therefore nobody will free it */ | 2287 | * and therefore nobody will free it */ |
2288 | free_pending_request(req); | 2288 | free_pending_request(req); |
2289 | return sizeof(struct raw1394_request); | 2289 | return 0; |
2290 | } else { | 2290 | } else { |
2291 | for (dentry = | 2291 | for (dentry = |
2292 | fi->csr1212_dirs[dr]->value.directory.dentries_head; | 2292 | fi->csr1212_dirs[dr]->value.directory.dentries_head; |
@@ -2311,7 +2311,7 @@ static int state_connected(struct file_info *fi, struct pending_request *req) | |||
2311 | 2311 | ||
2312 | case RAW1394_REQ_ECHO: | 2312 | case RAW1394_REQ_ECHO: |
2313 | queue_complete_req(req); | 2313 | queue_complete_req(req); |
2314 | return sizeof(struct raw1394_request); | 2314 | return 0; |
2315 | 2315 | ||
2316 | case RAW1394_REQ_ISO_SEND: | 2316 | case RAW1394_REQ_ISO_SEND: |
2317 | print_old_iso_deprecation(); | 2317 | print_old_iso_deprecation(); |
@@ -2335,24 +2335,24 @@ static int state_connected(struct file_info *fi, struct pending_request *req) | |||
2335 | case RAW1394_REQ_ISO_LISTEN: | 2335 | case RAW1394_REQ_ISO_LISTEN: |
2336 | print_old_iso_deprecation(); | 2336 | print_old_iso_deprecation(); |
2337 | handle_iso_listen(fi, req); | 2337 | handle_iso_listen(fi, req); |
2338 | return sizeof(struct raw1394_request); | 2338 | return 0; |
2339 | 2339 | ||
2340 | case RAW1394_REQ_FCP_LISTEN: | 2340 | case RAW1394_REQ_FCP_LISTEN: |
2341 | handle_fcp_listen(fi, req); | 2341 | handle_fcp_listen(fi, req); |
2342 | return sizeof(struct raw1394_request); | 2342 | return 0; |
2343 | 2343 | ||
2344 | case RAW1394_REQ_RESET_BUS: | 2344 | case RAW1394_REQ_RESET_BUS: |
2345 | if (req->req.misc == RAW1394_LONG_RESET) { | 2345 | if (req->req.misc == RAW1394_LONG_RESET) { |
2346 | DBGMSG("busreset called (type: LONG)"); | 2346 | DBGMSG("busreset called (type: LONG)"); |
2347 | hpsb_reset_bus(fi->host, LONG_RESET); | 2347 | hpsb_reset_bus(fi->host, LONG_RESET); |
2348 | free_pending_request(req); /* we have to free the request, because we queue no response, and therefore nobody will free it */ | 2348 | free_pending_request(req); /* we have to free the request, because we queue no response, and therefore nobody will free it */ |
2349 | return sizeof(struct raw1394_request); | 2349 | return 0; |
2350 | } | 2350 | } |
2351 | if (req->req.misc == RAW1394_SHORT_RESET) { | 2351 | if (req->req.misc == RAW1394_SHORT_RESET) { |
2352 | DBGMSG("busreset called (type: SHORT)"); | 2352 | DBGMSG("busreset called (type: SHORT)"); |
2353 | hpsb_reset_bus(fi->host, SHORT_RESET); | 2353 | hpsb_reset_bus(fi->host, SHORT_RESET); |
2354 | free_pending_request(req); /* we have to free the request, because we queue no response, and therefore nobody will free it */ | 2354 | free_pending_request(req); /* we have to free the request, because we queue no response, and therefore nobody will free it */ |
2355 | return sizeof(struct raw1394_request); | 2355 | return 0; |
2356 | } | 2356 | } |
2357 | /* error EINVAL (22) invalid argument */ | 2357 | /* error EINVAL (22) invalid argument */ |
2358 | return (-EINVAL); | 2358 | return (-EINVAL); |
@@ -2371,7 +2371,7 @@ static int state_connected(struct file_info *fi, struct pending_request *req) | |||
2371 | req->req.generation = get_hpsb_generation(fi->host); | 2371 | req->req.generation = get_hpsb_generation(fi->host); |
2372 | req->req.length = 0; | 2372 | req->req.length = 0; |
2373 | queue_complete_req(req); | 2373 | queue_complete_req(req); |
2374 | return sizeof(struct raw1394_request); | 2374 | return 0; |
2375 | } | 2375 | } |
2376 | 2376 | ||
2377 | switch (req->req.type) { | 2377 | switch (req->req.type) { |
@@ -2384,7 +2384,7 @@ static int state_connected(struct file_info *fi, struct pending_request *req) | |||
2384 | if (req->req.length == 0) { | 2384 | if (req->req.length == 0) { |
2385 | req->req.error = RAW1394_ERROR_INVALID_ARG; | 2385 | req->req.error = RAW1394_ERROR_INVALID_ARG; |
2386 | queue_complete_req(req); | 2386 | queue_complete_req(req); |
2387 | return sizeof(struct raw1394_request); | 2387 | return 0; |
2388 | } | 2388 | } |
2389 | 2389 | ||
2390 | return handle_async_request(fi, req, node); | 2390 | return handle_async_request(fi, req, node); |
@@ -2395,7 +2395,7 @@ static ssize_t raw1394_write(struct file *file, const char __user * buffer, | |||
2395 | { | 2395 | { |
2396 | struct file_info *fi = (struct file_info *)file->private_data; | 2396 | struct file_info *fi = (struct file_info *)file->private_data; |
2397 | struct pending_request *req; | 2397 | struct pending_request *req; |
2398 | ssize_t retval = 0; | 2398 | ssize_t retval = -EBADFD; |
2399 | 2399 | ||
2400 | #ifdef CONFIG_COMPAT | 2400 | #ifdef CONFIG_COMPAT |
2401 | if (count == sizeof(struct compat_raw1394_req) && | 2401 | if (count == sizeof(struct compat_raw1394_req) && |
@@ -2437,6 +2437,9 @@ static ssize_t raw1394_write(struct file *file, const char __user * buffer, | |||
2437 | 2437 | ||
2438 | if (retval < 0) { | 2438 | if (retval < 0) { |
2439 | free_pending_request(req); | 2439 | free_pending_request(req); |
2440 | } else { | ||
2441 | BUG_ON(retval); | ||
2442 | retval = count; | ||
2440 | } | 2443 | } |
2441 | 2444 | ||
2442 | return retval; | 2445 | return retval; |