aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--drivers/char/raw.c243
-rw-r--r--fs/compat_ioctl.c70
2 files changed, 140 insertions, 173 deletions
diff --git a/drivers/char/raw.c b/drivers/char/raw.c
index b38942f6bf31..24b2b9160aa6 100644
--- a/drivers/char/raw.c
+++ b/drivers/char/raw.c
@@ -19,8 +19,8 @@
19#include <linux/cdev.h> 19#include <linux/cdev.h>
20#include <linux/device.h> 20#include <linux/device.h>
21#include <linux/mutex.h> 21#include <linux/mutex.h>
22#include <linux/smp_lock.h>
23#include <linux/gfp.h> 22#include <linux/gfp.h>
23#include <linux/compat.h>
24 24
25#include <asm/uaccess.h> 25#include <asm/uaccess.h>
26 26
@@ -55,7 +55,6 @@ static int raw_open(struct inode *inode, struct file *filp)
55 return 0; 55 return 0;
56 } 56 }
57 57
58 lock_kernel();
59 mutex_lock(&raw_mutex); 58 mutex_lock(&raw_mutex);
60 59
61 /* 60 /*
@@ -82,7 +81,6 @@ static int raw_open(struct inode *inode, struct file *filp)
82 bdev->bd_inode->i_mapping; 81 bdev->bd_inode->i_mapping;
83 filp->private_data = bdev; 82 filp->private_data = bdev;
84 mutex_unlock(&raw_mutex); 83 mutex_unlock(&raw_mutex);
85 unlock_kernel();
86 return 0; 84 return 0;
87 85
88out2: 86out2:
@@ -91,7 +89,6 @@ out1:
91 blkdev_put(bdev, filp->f_mode); 89 blkdev_put(bdev, filp->f_mode);
92out: 90out:
93 mutex_unlock(&raw_mutex); 91 mutex_unlock(&raw_mutex);
94 unlock_kernel();
95 return err; 92 return err;
96} 93}
97 94
@@ -125,20 +122,84 @@ static long
125raw_ioctl(struct file *filp, unsigned int command, unsigned long arg) 122raw_ioctl(struct file *filp, unsigned int command, unsigned long arg)
126{ 123{
127 struct block_device *bdev = filp->private_data; 124 struct block_device *bdev = filp->private_data;
128 int ret; 125 return blkdev_ioctl(bdev, 0, command, arg);
126}
127
128static int bind_set(int number, u64 major, u64 minor)
129{
130 dev_t dev = MKDEV(major, minor);
131 struct raw_device_data *rawdev;
132 int err = 0;
129 133
130 lock_kernel(); 134 if (number <= 0 || number >= MAX_RAW_MINORS)
131 ret = blkdev_ioctl(bdev, 0, command, arg); 135 return -EINVAL;
132 unlock_kernel();
133 136
134 return ret; 137 if (MAJOR(dev) != major || MINOR(dev) != minor)
138 return -EINVAL;
139
140 rawdev = &raw_devices[number];
141
142 /*
143 * This is like making block devices, so demand the
144 * same capability
145 */
146 if (!capable(CAP_SYS_ADMIN))
147 return -EPERM;
148
149 /*
150 * For now, we don't need to check that the underlying
151 * block device is present or not: we can do that when
152 * the raw device is opened. Just check that the
153 * major/minor numbers make sense.
154 */
155
156 if (MAJOR(dev) == 0 && dev != 0)
157 return -EINVAL;
158
159 mutex_lock(&raw_mutex);
160 if (rawdev->inuse) {
161 mutex_unlock(&raw_mutex);
162 return -EBUSY;
163 }
164 if (rawdev->binding) {
165 bdput(rawdev->binding);
166 module_put(THIS_MODULE);
167 }
168 if (!dev) {
169 /* unbind */
170 rawdev->binding = NULL;
171 device_destroy(raw_class, MKDEV(RAW_MAJOR, number));
172 } else {
173 rawdev->binding = bdget(dev);
174 if (rawdev->binding == NULL) {
175 err = -ENOMEM;
176 } else {
177 dev_t raw = MKDEV(RAW_MAJOR, number);
178 __module_get(THIS_MODULE);
179 device_destroy(raw_class, raw);
180 device_create(raw_class, NULL, raw, NULL,
181 "raw%d", number);
182 }
183 }
184 mutex_unlock(&raw_mutex);
185 return err;
135} 186}
136 187
137static void bind_device(struct raw_config_request *rq) 188static int bind_get(int number, dev_t *dev)
138{ 189{
139 device_destroy(raw_class, MKDEV(RAW_MAJOR, rq->raw_minor)); 190 struct raw_device_data *rawdev;
140 device_create(raw_class, NULL, MKDEV(RAW_MAJOR, rq->raw_minor), NULL, 191 struct block_device *bdev;
141 "raw%d", rq->raw_minor); 192
193 if (number <= 0 || number >= MAX_RAW_MINORS)
194 return -EINVAL;
195
196 rawdev = &raw_devices[number];
197
198 mutex_lock(&raw_mutex);
199 bdev = rawdev->binding;
200 *dev = bdev ? bdev->bd_dev : 0;
201 mutex_unlock(&raw_mutex);
202 return 0;
142} 203}
143 204
144/* 205/*
@@ -149,105 +210,78 @@ static long raw_ctl_ioctl(struct file *filp, unsigned int command,
149 unsigned long arg) 210 unsigned long arg)
150{ 211{
151 struct raw_config_request rq; 212 struct raw_config_request rq;
152 struct raw_device_data *rawdev; 213 dev_t dev;
153 int err = 0; 214 int err;
154 215
155 lock_kernel();
156 switch (command) { 216 switch (command) {
157 case RAW_SETBIND: 217 case RAW_SETBIND:
218 if (copy_from_user(&rq, (void __user *) arg, sizeof(rq)))
219 return -EFAULT;
220
221 return bind_set(rq.raw_minor, rq.block_major, rq.block_minor);
222
158 case RAW_GETBIND: 223 case RAW_GETBIND:
224 if (copy_from_user(&rq, (void __user *) arg, sizeof(rq)))
225 return -EFAULT;
159 226
160 /* First, find out which raw minor we want */ 227 err = bind_get(rq.raw_minor, &dev);
228 if (err)
229 return err;
161 230
162 if (copy_from_user(&rq, (void __user *) arg, sizeof(rq))) { 231 rq.block_major = MAJOR(dev);
163 err = -EFAULT; 232 rq.block_minor = MINOR(dev);
164 goto out;
165 }
166 233
167 if (rq.raw_minor <= 0 || rq.raw_minor >= MAX_RAW_MINORS) { 234 if (copy_to_user((void __user *)arg, &rq, sizeof(rq)))
168 err = -EINVAL; 235 return -EFAULT;
169 goto out; 236
170 } 237 return 0;
171 rawdev = &raw_devices[rq.raw_minor];
172
173 if (command == RAW_SETBIND) {
174 dev_t dev;
175
176 /*
177 * This is like making block devices, so demand the
178 * same capability
179 */
180 if (!capable(CAP_SYS_ADMIN)) {
181 err = -EPERM;
182 goto out;
183 }
184
185 /*
186 * For now, we don't need to check that the underlying
187 * block device is present or not: we can do that when
188 * the raw device is opened. Just check that the
189 * major/minor numbers make sense.
190 */
191
192 dev = MKDEV(rq.block_major, rq.block_minor);
193 if ((rq.block_major == 0 && rq.block_minor != 0) ||
194 MAJOR(dev) != rq.block_major ||
195 MINOR(dev) != rq.block_minor) {
196 err = -EINVAL;
197 goto out;
198 }
199
200 mutex_lock(&raw_mutex);
201 if (rawdev->inuse) {
202 mutex_unlock(&raw_mutex);
203 err = -EBUSY;
204 goto out;
205 }
206 if (rawdev->binding) {
207 bdput(rawdev->binding);
208 module_put(THIS_MODULE);
209 }
210 if (rq.block_major == 0 && rq.block_minor == 0) {
211 /* unbind */
212 rawdev->binding = NULL;
213 device_destroy(raw_class,
214 MKDEV(RAW_MAJOR, rq.raw_minor));
215 } else {
216 rawdev->binding = bdget(dev);
217 if (rawdev->binding == NULL)
218 err = -ENOMEM;
219 else {
220 __module_get(THIS_MODULE);
221 bind_device(&rq);
222 }
223 }
224 mutex_unlock(&raw_mutex);
225 } else {
226 struct block_device *bdev;
227
228 mutex_lock(&raw_mutex);
229 bdev = rawdev->binding;
230 if (bdev) {
231 rq.block_major = MAJOR(bdev->bd_dev);
232 rq.block_minor = MINOR(bdev->bd_dev);
233 } else {
234 rq.block_major = rq.block_minor = 0;
235 }
236 mutex_unlock(&raw_mutex);
237 if (copy_to_user((void __user *)arg, &rq, sizeof(rq))) {
238 err = -EFAULT;
239 goto out;
240 }
241 }
242 break;
243 default:
244 err = -EINVAL;
245 break;
246 } 238 }
247out: 239
248 unlock_kernel(); 240 return -EINVAL;
249 return err; 241}
242
243#ifdef CONFIG_COMPAT
244struct raw32_config_request {
245 compat_int_t raw_minor;
246 compat_u64 block_major;
247 compat_u64 block_minor;
248};
249
250static long raw_ctl_compat_ioctl(struct file *file, unsigned int cmd,
251 unsigned long arg)
252{
253 struct raw32_config_request __user *user_req = compat_ptr(arg);
254 struct raw32_config_request rq;
255 dev_t dev;
256 int err = 0;
257
258 switch (cmd) {
259 case RAW_SETBIND:
260 if (copy_from_user(&rq, user_req, sizeof(rq)))
261 return -EFAULT;
262
263 return bind_set(rq.raw_minor, rq.block_major, rq.block_minor);
264
265 case RAW_GETBIND:
266 if (copy_from_user(&rq, user_req, sizeof(rq)))
267 return -EFAULT;
268
269 err = bind_get(rq.raw_minor, &dev);
270 if (err)
271 return err;
272
273 rq.block_major = MAJOR(dev);
274 rq.block_minor = MINOR(dev);
275
276 if (copy_to_user(user_req, &rq, sizeof(rq)))
277 return -EFAULT;
278
279 return 0;
280 }
281
282 return -EINVAL;
250} 283}
284#endif
251 285
252static const struct file_operations raw_fops = { 286static const struct file_operations raw_fops = {
253 .read = do_sync_read, 287 .read = do_sync_read,
@@ -263,6 +297,9 @@ static const struct file_operations raw_fops = {
263 297
264static const struct file_operations raw_ctl_fops = { 298static const struct file_operations raw_ctl_fops = {
265 .unlocked_ioctl = raw_ctl_ioctl, 299 .unlocked_ioctl = raw_ctl_ioctl,
300#ifdef CONFIG_COMPAT
301 .compat_ioctl = raw_ctl_compat_ioctl,
302#endif
266 .open = raw_open, 303 .open = raw_open,
267 .owner = THIS_MODULE, 304 .owner = THIS_MODULE,
268}; 305};
diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c
index 03e59aa318eb..d0ad09d57789 100644
--- a/fs/compat_ioctl.c
+++ b/fs/compat_ioctl.c
@@ -599,69 +599,6 @@ static int do_smb_getmountuid(unsigned int fd, unsigned int cmd,
599#define HIDPGETCONNLIST _IOR('H', 210, int) 599#define HIDPGETCONNLIST _IOR('H', 210, int)
600#define HIDPGETCONNINFO _IOR('H', 211, int) 600#define HIDPGETCONNINFO _IOR('H', 211, int)
601 601
602#ifdef CONFIG_BLOCK
603struct raw32_config_request
604{
605 compat_int_t raw_minor;
606 __u64 block_major;
607 __u64 block_minor;
608} __attribute__((packed));
609
610static int get_raw32_request(struct raw_config_request *req, struct raw32_config_request __user *user_req)
611{
612 int ret;
613
614 if (!access_ok(VERIFY_READ, user_req, sizeof(struct raw32_config_request)))
615 return -EFAULT;
616
617 ret = __get_user(req->raw_minor, &user_req->raw_minor);
618 ret |= __get_user(req->block_major, &user_req->block_major);
619 ret |= __get_user(req->block_minor, &user_req->block_minor);
620
621 return ret ? -EFAULT : 0;
622}
623
624static int set_raw32_request(struct raw_config_request *req, struct raw32_config_request __user *user_req)
625{
626 int ret;
627
628 if (!access_ok(VERIFY_WRITE, user_req, sizeof(struct raw32_config_request)))
629 return -EFAULT;
630
631 ret = __put_user(req->raw_minor, &user_req->raw_minor);
632 ret |= __put_user(req->block_major, &user_req->block_major);
633 ret |= __put_user(req->block_minor, &user_req->block_minor);
634
635 return ret ? -EFAULT : 0;
636}
637
638static int raw_ioctl(unsigned fd, unsigned cmd,
639 struct raw32_config_request __user *user_req)
640{
641 int ret;
642
643 switch (cmd) {
644 case RAW_SETBIND:
645 default: { /* RAW_GETBIND */
646 struct raw_config_request req;
647 mm_segment_t oldfs = get_fs();
648
649 if ((ret = get_raw32_request(&req, user_req)))
650 return ret;
651
652 set_fs(KERNEL_DS);
653 ret = sys_ioctl(fd,cmd,(unsigned long)&req);
654 set_fs(oldfs);
655
656 if ((!ret) && (cmd == RAW_GETBIND)) {
657 ret = set_raw32_request(&req, user_req);
658 }
659 break;
660 }
661 }
662 return ret;
663}
664#endif /* CONFIG_BLOCK */
665 602
666struct serial_struct32 { 603struct serial_struct32 {
667 compat_int_t type; 604 compat_int_t type;
@@ -1262,9 +1199,6 @@ COMPATIBLE_IOCTL(SOUND_MIXER_PRIVATE5)
1262COMPATIBLE_IOCTL(SOUND_MIXER_GETLEVELS) 1199COMPATIBLE_IOCTL(SOUND_MIXER_GETLEVELS)
1263COMPATIBLE_IOCTL(SOUND_MIXER_SETLEVELS) 1200COMPATIBLE_IOCTL(SOUND_MIXER_SETLEVELS)
1264COMPATIBLE_IOCTL(OSS_GETVERSION) 1201COMPATIBLE_IOCTL(OSS_GETVERSION)
1265/* Raw devices */
1266COMPATIBLE_IOCTL(RAW_SETBIND)
1267COMPATIBLE_IOCTL(RAW_GETBIND)
1268/* SMB ioctls which do not need any translations */ 1202/* SMB ioctls which do not need any translations */
1269COMPATIBLE_IOCTL(SMB_IOC_NEWCONN) 1203COMPATIBLE_IOCTL(SMB_IOC_NEWCONN)
1270/* Watchdog */ 1204/* Watchdog */
@@ -1523,10 +1457,6 @@ static long do_ioctl_trans(int fd, unsigned int cmd,
1523 case MTIOCGET32: 1457 case MTIOCGET32:
1524 case MTIOCPOS32: 1458 case MTIOCPOS32:
1525 return mt_ioctl_trans(fd, cmd, argp); 1459 return mt_ioctl_trans(fd, cmd, argp);
1526 /* Raw devices */
1527 case RAW_SETBIND:
1528 case RAW_GETBIND:
1529 return raw_ioctl(fd, cmd, argp);
1530#endif 1460#endif
1531 /* One SMB ioctl needs translations. */ 1461 /* One SMB ioctl needs translations. */
1532#define SMB_IOC_GETMOUNTUID_32 _IOR('u', 1, compat_uid_t) 1462#define SMB_IOC_GETMOUNTUID_32 _IOR('u', 1, compat_uid_t)