aboutsummaryrefslogtreecommitdiffstats
path: root/drivers
diff options
context:
space:
mode:
authorDavid Brownell <david-b@pacbell.net>2008-05-23 16:05:03 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2008-05-24 12:56:14 -0400
commit25d5cb4b0375e5864ec0ccf35e12ff1d1b5cf3f0 (patch)
tree0d83e4176f9a8178a98631097fbf839a53702d94 /drivers
parent5c02b575780d0d785815a1e7b79a98edddee895a (diff)
spi: remove some spidev oops-on-rmmod paths
Somehow the spidev code forgot to include a critical mechanism: when the underlying device is removed (e.g. spi_master rmmod), open file descriptors must be prevented from issuing new I/O requests to that device. On penalty of the oopsing reported by Sebastian Siewior <bigeasy@tglx.de> ... This is a partial fix, adding handshaking between the lower level (SPI messaging) and the file operations using the spi_dev. (It also fixes an issue where reads and writes didn't return the number of bytes sent or received.) There's still a refcounting issue to be addressed (separately). Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Reported-by: Sebastian Siewior <bigeasy@tglx.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/spi/spidev.c102
1 files changed, 89 insertions, 13 deletions
diff --git a/drivers/spi/spidev.c b/drivers/spi/spidev.c
index b3518ca9f04e..41620c0fb046 100644
--- a/drivers/spi/spidev.c
+++ b/drivers/spi/spidev.c
@@ -68,6 +68,7 @@ static unsigned long minors[N_SPI_MINORS / BITS_PER_LONG];
68 68
69struct spidev_data { 69struct spidev_data {
70 struct device dev; 70 struct device dev;
71 spinlock_t spi_lock;
71 struct spi_device *spi; 72 struct spi_device *spi;
72 struct list_head device_entry; 73 struct list_head device_entry;
73 74
@@ -85,12 +86,75 @@ MODULE_PARM_DESC(bufsiz, "data bytes in biggest supported SPI message");
85 86
86/*-------------------------------------------------------------------------*/ 87/*-------------------------------------------------------------------------*/
87 88
89/*
90 * We can't use the standard synchronous wrappers for file I/O; we
91 * need to protect against async removal of the underlying spi_device.
92 */
93static void spidev_complete(void *arg)
94{
95 complete(arg);
96}
97
98static ssize_t
99spidev_sync(struct spidev_data *spidev, struct spi_message *message)
100{
101 DECLARE_COMPLETION_ONSTACK(done);
102 int status;
103
104 message->complete = spidev_complete;
105 message->context = &done;
106
107 spin_lock_irq(&spidev->spi_lock);
108 if (spidev->spi == NULL)
109 status = -ESHUTDOWN;
110 else
111 status = spi_async(spidev->spi, message);
112 spin_unlock_irq(&spidev->spi_lock);
113
114 if (status == 0) {
115 wait_for_completion(&done);
116 status = message->status;
117 if (status == 0)
118 status = message->actual_length;
119 }
120 return status;
121}
122
123static inline ssize_t
124spidev_sync_write(struct spidev_data *spidev, size_t len)
125{
126 struct spi_transfer t = {
127 .tx_buf = spidev->buffer,
128 .len = len,
129 };
130 struct spi_message m;
131
132 spi_message_init(&m);
133 spi_message_add_tail(&t, &m);
134 return spidev_sync(spidev, &m);
135}
136
137static inline ssize_t
138spidev_sync_read(struct spidev_data *spidev, size_t len)
139{
140 struct spi_transfer t = {
141 .rx_buf = spidev->buffer,
142 .len = len,
143 };
144 struct spi_message m;
145
146 spi_message_init(&m);
147 spi_message_add_tail(&t, &m);
148 return spidev_sync(spidev, &m);
149}
150
151/*-------------------------------------------------------------------------*/
152
88/* Read-only message with current device setup */ 153/* Read-only message with current device setup */
89static ssize_t 154static ssize_t
90spidev_read(struct file *filp, char __user *buf, size_t count, loff_t *f_pos) 155spidev_read(struct file *filp, char __user *buf, size_t count, loff_t *f_pos)
91{ 156{
92 struct spidev_data *spidev; 157 struct spidev_data *spidev;
93 struct spi_device *spi;
94 ssize_t status = 0; 158 ssize_t status = 0;
95 159
96 /* chipselect only toggles at start or end of operation */ 160 /* chipselect only toggles at start or end of operation */
@@ -98,10 +162,9 @@ spidev_read(struct file *filp, char __user *buf, size_t count, loff_t *f_pos)
98 return -EMSGSIZE; 162 return -EMSGSIZE;
99 163
100 spidev = filp->private_data; 164 spidev = filp->private_data;
101 spi = spidev->spi;
102 165
103 mutex_lock(&spidev->buf_lock); 166 mutex_lock(&spidev->buf_lock);
104 status = spi_read(spi, spidev->buffer, count); 167 status = spidev_sync_read(spidev, count);
105 if (status == 0) { 168 if (status == 0) {
106 unsigned long missing; 169 unsigned long missing;
107 170
@@ -122,7 +185,6 @@ spidev_write(struct file *filp, const char __user *buf,
122 size_t count, loff_t *f_pos) 185 size_t count, loff_t *f_pos)
123{ 186{
124 struct spidev_data *spidev; 187 struct spidev_data *spidev;
125 struct spi_device *spi;
126 ssize_t status = 0; 188 ssize_t status = 0;
127 unsigned long missing; 189 unsigned long missing;
128 190
@@ -131,12 +193,11 @@ spidev_write(struct file *filp, const char __user *buf,
131 return -EMSGSIZE; 193 return -EMSGSIZE;
132 194
133 spidev = filp->private_data; 195 spidev = filp->private_data;
134 spi = spidev->spi;
135 196
136 mutex_lock(&spidev->buf_lock); 197 mutex_lock(&spidev->buf_lock);
137 missing = copy_from_user(spidev->buffer, buf, count); 198 missing = copy_from_user(spidev->buffer, buf, count);
138 if (missing == 0) { 199 if (missing == 0) {
139 status = spi_write(spi, spidev->buffer, count); 200 status = spidev_sync_write(spidev, count);
140 if (status == 0) 201 if (status == 0)
141 status = count; 202 status = count;
142 } else 203 } else
@@ -153,7 +214,6 @@ static int spidev_message(struct spidev_data *spidev,
153 struct spi_transfer *k_xfers; 214 struct spi_transfer *k_xfers;
154 struct spi_transfer *k_tmp; 215 struct spi_transfer *k_tmp;
155 struct spi_ioc_transfer *u_tmp; 216 struct spi_ioc_transfer *u_tmp;
156 struct spi_device *spi = spidev->spi;
157 unsigned n, total; 217 unsigned n, total;
158 u8 *buf; 218 u8 *buf;
159 int status = -EFAULT; 219 int status = -EFAULT;
@@ -215,7 +275,7 @@ static int spidev_message(struct spidev_data *spidev,
215 spi_message_add_tail(k_tmp, &msg); 275 spi_message_add_tail(k_tmp, &msg);
216 } 276 }
217 277
218 status = spi_sync(spi, &msg); 278 status = spidev_sync(spidev, &msg);
219 if (status < 0) 279 if (status < 0)
220 goto done; 280 goto done;
221 281
@@ -269,8 +329,16 @@ spidev_ioctl(struct inode *inode, struct file *filp,
269 if (err) 329 if (err)
270 return -EFAULT; 330 return -EFAULT;
271 331
332 /* guard against device removal before, or while,
333 * we issue this ioctl.
334 */
272 spidev = filp->private_data; 335 spidev = filp->private_data;
273 spi = spidev->spi; 336 spin_lock_irq(&spidev->spi_lock);
337 spi = spi_dev_get(spidev->spi);
338 spin_unlock_irq(&spidev->spi_lock);
339
340 if (spi == NULL)
341 return -ESHUTDOWN;
274 342
275 switch (cmd) { 343 switch (cmd) {
276 /* read requests */ 344 /* read requests */
@@ -356,8 +424,10 @@ spidev_ioctl(struct inode *inode, struct file *filp,
356 default: 424 default:
357 /* segmented and/or full-duplex I/O request */ 425 /* segmented and/or full-duplex I/O request */
358 if (_IOC_NR(cmd) != _IOC_NR(SPI_IOC_MESSAGE(0)) 426 if (_IOC_NR(cmd) != _IOC_NR(SPI_IOC_MESSAGE(0))
359 || _IOC_DIR(cmd) != _IOC_WRITE) 427 || _IOC_DIR(cmd) != _IOC_WRITE) {
360 return -ENOTTY; 428 retval = -ENOTTY;
429 break;
430 }
361 431
362 tmp = _IOC_SIZE(cmd); 432 tmp = _IOC_SIZE(cmd);
363 if ((tmp % sizeof(struct spi_ioc_transfer)) != 0) { 433 if ((tmp % sizeof(struct spi_ioc_transfer)) != 0) {
@@ -385,6 +455,7 @@ spidev_ioctl(struct inode *inode, struct file *filp,
385 kfree(ioc); 455 kfree(ioc);
386 break; 456 break;
387 } 457 }
458 spi_dev_put(spi);
388 return retval; 459 return retval;
389} 460}
390 461
@@ -488,6 +559,7 @@ static int spidev_probe(struct spi_device *spi)
488 559
489 /* Initialize the driver data */ 560 /* Initialize the driver data */
490 spidev->spi = spi; 561 spidev->spi = spi;
562 spin_lock_init(&spidev->spi_lock);
491 mutex_init(&spidev->buf_lock); 563 mutex_init(&spidev->buf_lock);
492 564
493 INIT_LIST_HEAD(&spidev->device_entry); 565 INIT_LIST_HEAD(&spidev->device_entry);
@@ -526,13 +598,17 @@ static int spidev_remove(struct spi_device *spi)
526{ 598{
527 struct spidev_data *spidev = dev_get_drvdata(&spi->dev); 599 struct spidev_data *spidev = dev_get_drvdata(&spi->dev);
528 600
529 mutex_lock(&device_list_lock); 601 /* make sure ops on existing fds can abort cleanly */
602 spin_lock_irq(&spidev->spi_lock);
603 spidev->spi = NULL;
604 spin_unlock_irq(&spidev->spi_lock);
530 605
606 /* prevent new opens */
607 mutex_lock(&device_list_lock);
531 list_del(&spidev->device_entry); 608 list_del(&spidev->device_entry);
532 dev_set_drvdata(&spi->dev, NULL); 609 dev_set_drvdata(&spi->dev, NULL);
533 clear_bit(MINOR(spidev->dev.devt), minors); 610 clear_bit(MINOR(spidev->dev.devt), minors);
534 device_unregister(&spidev->dev); 611 device_unregister(&spidev->dev);
535
536 mutex_unlock(&device_list_lock); 612 mutex_unlock(&device_list_lock);
537 613
538 return 0; 614 return 0;