1 files changed, 160 insertions, 113 deletions
diff --git a/drivers/char/raw.c b/drivers/char/raw.c
index 64acd05f71c8..bfe25ea9766b 100644
--- a/drivers/char/raw.c
+++ b/drivers/char/raw.c
@@ -19,7 +19,8 @@
 #include <linux/cdev.h>
 #include <linux/device.h>
 #include <linux/mutex.h>
-#include <linux/smp_lock.h>
+#include <linux/gfp.h>
+#include <linux/compat.h>
 #include <asm/uaccess.h>
@@ -54,7 +55,6 @@ static int raw_open(struct inode *inode, struct file *filp)
                return 0;
        }
-        lock_kernel();
        mutex_lock(&raw_mutex);
        /*
@@ -81,7 +81,6 @@ static int raw_open(struct inode *inode, struct file *filp)
                        bdev->bd_inode->i_mapping;
        filp->private_data = bdev;
        mutex_unlock(&raw_mutex);
-        unlock_kernel();
        return 0;
 out2:
@@ -90,7 +89,6 @@ out1:
        blkdev_put(bdev, filp->f_mode);
 out:
        mutex_unlock(&raw_mutex);
-        unlock_kernel();
        return err;
 }
@@ -120,143 +118,192 @@ static int raw_release(struct inode *inode, struct file *filp)
 /*
 * Forward ioctls to the underlying block device.
 */
-static int
+static long
-raw_ioctl(struct inode *inode, struct file *filp,
+raw_ioctl(struct file *filp, unsigned int command, unsigned long arg)
-                  unsigned int command, unsigned long arg)
 {
        struct block_device *bdev = filp->private_data;
        return blkdev_ioctl(bdev, 0, command, arg);
 }
-static void bind_device(struct raw_config_request *rq)
+static int bind_set(int number, u64 major, u64 minor)
 {
-        device_destroy(raw_class, MKDEV(RAW_MAJOR, rq->raw_minor));
+        dev_t dev = MKDEV(major, minor);
-        device_create(raw_class, NULL, MKDEV(RAW_MAJOR, rq->raw_minor), NULL,
+        struct raw_device_data *rawdev;
-                      "raw%d", rq->raw_minor);
+        int err = 0;
+        if (number <= 0 || number >= MAX_RAW_MINORS)
+                return -EINVAL;
+        if (MAJOR(dev) != major || MINOR(dev) != minor)
+                return -EINVAL;
+        rawdev = &raw_devices[number];
+        /*
+         * This is like making block devices, so demand the
+         * same capability
+         */
+        if (!capable(CAP_SYS_ADMIN))
+                return -EPERM;
+        /*
+         * For now, we don't need to check that the underlying
+         * block device is present or not: we can do that when
+         * the raw device is opened.  Just check that the
+         * major/minor numbers make sense.
+         */
+        if (MAJOR(dev) == 0 && dev != 0)
+                return -EINVAL;
+        mutex_lock(&raw_mutex);
+        if (rawdev->inuse) {
+                mutex_unlock(&raw_mutex);
+                return -EBUSY;
+        }
+        if (rawdev->binding) {
+                bdput(rawdev->binding);
+                module_put(THIS_MODULE);
+        }
+        if (!dev) {
+                /* unbind */
+                rawdev->binding = NULL;
+                device_destroy(raw_class, MKDEV(RAW_MAJOR, number));
+        } else {
+                rawdev->binding = bdget(dev);
+                if (rawdev->binding == NULL) {
+                        err = -ENOMEM;
+                } else {
+                        dev_t raw = MKDEV(RAW_MAJOR, number);
+                        __module_get(THIS_MODULE);
+                        device_destroy(raw_class, raw);
+                        device_create(raw_class, NULL, raw, NULL,
+                                      "raw%d", number);
+                }
+        }
+        mutex_unlock(&raw_mutex);
+        return err;
+}
+static int bind_get(int number, dev_t *dev)
+{
+        struct raw_device_data *rawdev;
+        struct block_device *bdev;
+        if (number <= 0 || number >= MAX_RAW_MINORS)
+                return -EINVAL;
+        rawdev = &raw_devices[number];
+        mutex_lock(&raw_mutex);
+        bdev = rawdev->binding;
+        *dev = bdev ? bdev->bd_dev : 0;
+        mutex_unlock(&raw_mutex);
+        return 0;
 }
 /*
 * Deal with ioctls against the raw-device control interface, to bind
 * and unbind other raw devices.
 */
-static int raw_ctl_ioctl(struct inode *inode, struct file *filp,
+static long raw_ctl_ioctl(struct file *filp, unsigned int command,
-                        unsigned int command, unsigned long arg)
+                          unsigned long arg)
 {
        struct raw_config_request rq;
-        struct raw_device_data *rawdev;
+        dev_t dev;
-        int err = 0;
+        int err;
        switch (command) {
        case RAW_SETBIND:
+                if (copy_from_user(&rq, (void __user *) arg, sizeof(rq)))
+                        return -EFAULT;
+                return bind_set(rq.raw_minor, rq.block_major, rq.block_minor);
        case RAW_GETBIND:
+                if (copy_from_user(&rq, (void __user *) arg, sizeof(rq)))
+                        return -EFAULT;
-                /* First, find out which raw minor we want */
+                err = bind_get(rq.raw_minor, &dev);
+                if (err)
+                        return err;
-                if (copy_from_user(&rq, (void __user *) arg, sizeof(rq))) {
+                rq.block_major = MAJOR(dev);
-                        err = -EFAULT;
+                rq.block_minor = MINOR(dev);
-                        goto out;
-                }
-                if (rq.raw_minor <= 0 || rq.raw_minor >= MAX_RAW_MINORS) {
+                if (copy_to_user((void __user *)arg, &rq, sizeof(rq)))
-                        err = -EINVAL;
+                        return -EFAULT;
-                        goto out;
-                }
+                return 0;
-                rawdev = &raw_devices[rq.raw_minor];
-                if (command == RAW_SETBIND) {
-                        dev_t dev;
-                        /*
-                         * This is like making block devices, so demand the
-                         * same capability
-                         */
-                        if (!capable(CAP_SYS_ADMIN)) {
-                                err = -EPERM;
-                                goto out;
-                        }
-                        /*
-                         * For now, we don't need to check that the underlying
-                         * block device is present or not: we can do that when
-                         * the raw device is opened.  Just check that the
-                         * major/minor numbers make sense.
-                         */
-                        dev = MKDEV(rq.block_major, rq.block_minor);
-                        if ((rq.block_major == 0 && rq.block_minor != 0) ||
-                                        MAJOR(dev) != rq.block_major ||
-                                        MINOR(dev) != rq.block_minor) {
-                                err = -EINVAL;
-                                goto out;
-                        }
-                        mutex_lock(&raw_mutex);
-                        if (rawdev->inuse) {
-                                mutex_unlock(&raw_mutex);
-                                err = -EBUSY;
-                                goto out;
-                        }
-                        if (rawdev->binding) {
-                                bdput(rawdev->binding);
-                                module_put(THIS_MODULE);
-                        }
-                        if (rq.block_major == 0 && rq.block_minor == 0) {
-                                /* unbind */
-                                rawdev->binding = NULL;
-                                device_destroy(raw_class,
-                                                MKDEV(RAW_MAJOR, rq.raw_minor));
-                        } else {
-                                rawdev->binding = bdget(dev);
-                                if (rawdev->binding == NULL)
-                                        err = -ENOMEM;
-                                else {
-                                        __module_get(THIS_MODULE);
-                                        bind_device(&rq);
-                                }
-                        }
-                        mutex_unlock(&raw_mutex);
-                } else {
-                        struct block_device *bdev;
-                        mutex_lock(&raw_mutex);
-                        bdev = rawdev->binding;
-                        if (bdev) {
-                                rq.block_major = MAJOR(bdev->bd_dev);
-                                rq.block_minor = MINOR(bdev->bd_dev);
-                        } else {
-                                rq.block_major = rq.block_minor = 0;
-                        }
-                        mutex_unlock(&raw_mutex);
-                        if (copy_to_user((void __user *)arg, &rq, sizeof(rq))) {
-                                err = -EFAULT;
-                                goto out;
-                        }
-                }
-                break;
-        default:
-                err = -EINVAL;
-                break;
        }
-out:
-        return err;
+        return -EINVAL;
+}
+#ifdef CONFIG_COMPAT
+struct raw32_config_request {
+        compat_int_t    raw_minor;
+        compat_u64      block_major;
+        compat_u64      block_minor;
+};
+static long raw_ctl_compat_ioctl(struct file *file, unsigned int cmd,
+                                unsigned long arg)
+{
+        struct raw32_config_request __user *user_req = compat_ptr(arg);
+        struct raw32_config_request rq;
+        dev_t dev;
+        int err = 0;
+        switch (cmd) {
+        case RAW_SETBIND:
+                if (copy_from_user(&rq, user_req, sizeof(rq)))
+                        return -EFAULT;
+                return bind_set(rq.raw_minor, rq.block_major, rq.block_minor);
+        case RAW_GETBIND:
+                if (copy_from_user(&rq, user_req, sizeof(rq)))
+                        return -EFAULT;
+                err = bind_get(rq.raw_minor, &dev);
+                if (err)
+                        return err;
+                rq.block_major = MAJOR(dev);
+                rq.block_minor = MINOR(dev);
+                if (copy_to_user(user_req, &rq, sizeof(rq)))
+                        return -EFAULT;
+                return 0;
+        }
+        return -EINVAL;
 }
+#endif
 static const struct file_operations raw_fops = {
-        .read   =       do_sync_read,
+        .read           = do_sync_read,
-        .aio_read =     generic_file_aio_read,
+        .aio_read       = generic_file_aio_read,
-        .write  =       do_sync_write,
+        .write          = do_sync_write,
-        .aio_write =    blkdev_aio_write,
+        .aio_write      = blkdev_aio_write,
-        .open   =       raw_open,
+        .fsync          = blkdev_fsync,
-        .release=       raw_release,
+        .open           = raw_open,
-        .ioctl  =       raw_ioctl,
+        .release        = raw_release,
-        .owner  =       THIS_MODULE,
+        .unlocked_ioctl = raw_ioctl,
+        .llseek         = default_llseek,
+        .owner          = THIS_MODULE,
 };
 static const struct file_operations raw_ctl_fops = {
-        .ioctl  =       raw_ctl_ioctl,
+        .unlocked_ioctl = raw_ctl_ioctl,
-        .open   =       raw_open,
+#ifdef CONFIG_COMPAT
-        .owner  =       THIS_MODULE,
+        .compat_ioctl   = raw_ctl_compat_ioctl,
+#endif
+        .open           = raw_open,
+        .owner          = THIS_MODULE,
+        .llseek         = noop_llseek,
 };
 static struct cdev raw_cdev;

diff --git a/drivers/char/raw.c b/drivers/char/raw.c index 64acd05f71c8..bfe25ea9766b 100644 --- a/drivers/char/raw.c +++ b/drivers/char/raw.c
@@ -19,7 +19,8 @@
19	#include <linux/cdev.h>	19	#include <linux/cdev.h>
20	#include <linux/device.h>	20	#include <linux/device.h>
21	#include <linux/mutex.h>	21	#include <linux/mutex.h>
22	#include <linux/smp_lock.h>	22	#include <linux/gfp.h>
		23	#include <linux/compat.h>
23		24
24	#include <asm/uaccess.h>	25	#include <asm/uaccess.h>
25		26
@@ -54,7 +55,6 @@ static int raw_open(struct inode inode, struct file filp)
54	return 0;	55	return 0;
55	}	56	}
56		57
57	lock_kernel();
58	mutex_lock(&raw_mutex);	58	mutex_lock(&raw_mutex);
59		59
60	/*	60	/*
@@ -81,7 +81,6 @@ static int raw_open(struct inode inode, struct file filp)
81	bdev->bd_inode->i_mapping;	81	bdev->bd_inode->i_mapping;
82	filp->private_data = bdev;	82	filp->private_data = bdev;
83	mutex_unlock(&raw_mutex);	83	mutex_unlock(&raw_mutex);
84	unlock_kernel();
85	return 0;	84	return 0;
86		85
87	out2:	86	out2:
@@ -90,7 +89,6 @@ out1:
90	blkdev_put(bdev, filp->f_mode);	89	blkdev_put(bdev, filp->f_mode);
91	out:	90	out:
92	mutex_unlock(&raw_mutex);	91	mutex_unlock(&raw_mutex);
93	unlock_kernel();
94	return err;	92	return err;
95	}	93	}
96		94
@@ -120,143 +118,192 @@ static int raw_release(struct inode inode, struct file filp)
120	/*	118	/*
121	* Forward ioctls to the underlying block device.	119	* Forward ioctls to the underlying block device.
122	*/	120	*/
123	static int	121	static long
124	raw_ioctl(struct inode inode, struct file filp,	122	raw_ioctl(struct file *filp, unsigned int command, unsigned long arg)
125	unsigned int command, unsigned long arg)
126	{	123	{
127	struct block_device *bdev = filp->private_data;	124	struct block_device *bdev = filp->private_data;
128
129	return blkdev_ioctl(bdev, 0, command, arg);	125	return blkdev_ioctl(bdev, 0, command, arg);
130	}	126	}
131		127
132	static void bind_device(struct raw_config_request *rq)	128	static int bind_set(int number, u64 major, u64 minor)
133	{	129	{
134	device_destroy(raw_class, MKDEV(RAW_MAJOR, rq->raw_minor));	130	dev_t dev = MKDEV(major, minor);
135	device_create(raw_class, NULL, MKDEV(RAW_MAJOR, rq->raw_minor), NULL,	131	struct raw_device_data *rawdev;
136	"raw%d", rq->raw_minor);	132	int err = 0;
		133
		134	if (number <= 0 \|\| number >= MAX_RAW_MINORS)
		135	return -EINVAL;
		136
		137	if (MAJOR(dev) != major \|\| MINOR(dev) != minor)
		138	return -EINVAL;
		139
		140	rawdev = &raw_devices[number];
		141
		142	/*
		143	* This is like making block devices, so demand the
		144	* same capability
		145	*/
		146	if (!capable(CAP_SYS_ADMIN))
		147	return -EPERM;
		148
		149	/*
		150	* For now, we don't need to check that the underlying
		151	* block device is present or not: we can do that when
		152	* the raw device is opened. Just check that the
		153	* major/minor numbers make sense.
		154	*/
		155
		156	if (MAJOR(dev) == 0 && dev != 0)
		157	return -EINVAL;
		158
		159	mutex_lock(&raw_mutex);
		160	if (rawdev->inuse) {
		161	mutex_unlock(&raw_mutex);
		162	return -EBUSY;
		163	}
		164	if (rawdev->binding) {
		165	bdput(rawdev->binding);
		166	module_put(THIS_MODULE);
		167	}
		168	if (!dev) {
		169	/* unbind */
		170	rawdev->binding = NULL;
		171	device_destroy(raw_class, MKDEV(RAW_MAJOR, number));
		172	} else {
		173	rawdev->binding = bdget(dev);
		174	if (rawdev->binding == NULL) {
		175	err = -ENOMEM;
		176	} else {
		177	dev_t raw = MKDEV(RAW_MAJOR, number);
		178	__module_get(THIS_MODULE);
		179	device_destroy(raw_class, raw);
		180	device_create(raw_class, NULL, raw, NULL,
		181	"raw%d", number);
		182	}
		183	}
		184	mutex_unlock(&raw_mutex);
		185	return err;
		186	}
		187
		188	static int bind_get(int number, dev_t *dev)
		189	{
		190	struct raw_device_data *rawdev;
		191	struct block_device *bdev;
		192
		193	if (number <= 0 \|\| number >= MAX_RAW_MINORS)
		194	return -EINVAL;
		195
		196	rawdev = &raw_devices[number];
		197
		198	mutex_lock(&raw_mutex);
		199	bdev = rawdev->binding;
		200	*dev = bdev ? bdev->bd_dev : 0;
		201	mutex_unlock(&raw_mutex);
		202	return 0;
137	}	203	}
138		204
139	/*	205	/*
140	* Deal with ioctls against the raw-device control interface, to bind	206	* Deal with ioctls against the raw-device control interface, to bind
141	* and unbind other raw devices.	207	* and unbind other raw devices.
142	*/	208	*/
143	static int raw_ctl_ioctl(struct inode inode, struct file filp,	209	static long raw_ctl_ioctl(struct file *filp, unsigned int command,
144	unsigned int command, unsigned long arg)	210	unsigned long arg)
145	{	211	{
146	struct raw_config_request rq;	212	struct raw_config_request rq;
147	struct raw_device_data *rawdev;	213	dev_t dev;
148	int err = 0;	214	int err;
149		215
150	switch (command) {	216	switch (command) {
151	case RAW_SETBIND:	217	case RAW_SETBIND:
		218	if (copy_from_user(&rq, (void __user *) arg, sizeof(rq)))
		219	return -EFAULT;
		220
		221	return bind_set(rq.raw_minor, rq.block_major, rq.block_minor);
		222
152	case RAW_GETBIND:	223	case RAW_GETBIND:
		224	if (copy_from_user(&rq, (void __user *) arg, sizeof(rq)))
		225	return -EFAULT;
153		226
154	/* First, find out which raw minor we want */	227	err = bind_get(rq.raw_minor, &dev);
		228	if (err)
		229	return err;
155		230
156	if (copy_from_user(&rq, (void __user *) arg, sizeof(rq))) {	231	rq.block_major = MAJOR(dev);
157	err = -EFAULT;	232	rq.block_minor = MINOR(dev);
158	goto out;
159	}
160		233
161	if (rq.raw_minor <= 0 \|\| rq.raw_minor >= MAX_RAW_MINORS) {	234	if (copy_to_user((void __user *)arg, &rq, sizeof(rq)))
162	err = -EINVAL;	235	return -EFAULT;
163	goto out;	236
164	}	237	return 0;
165	rawdev = &raw_devices[rq.raw_minor];
166
167	if (command == RAW_SETBIND) {
168	dev_t dev;
169
170	/*
171	* This is like making block devices, so demand the
172	* same capability
173	*/
174	if (!capable(CAP_SYS_ADMIN)) {
175	err = -EPERM;
176	goto out;
177	}
178
179	/*
180	* For now, we don't need to check that the underlying
181	* block device is present or not: we can do that when
182	* the raw device is opened. Just check that the
183	* major/minor numbers make sense.
184	*/
185
186	dev = MKDEV(rq.block_major, rq.block_minor);
187	if ((rq.block_major == 0 && rq.block_minor != 0) \|\|
188	MAJOR(dev) != rq.block_major \|\|
189	MINOR(dev) != rq.block_minor) {
190	err = -EINVAL;
191	goto out;
192	}
193
194	mutex_lock(&raw_mutex);
195	if (rawdev->inuse) {
196	mutex_unlock(&raw_mutex);
197	err = -EBUSY;
198	goto out;
199	}
200	if (rawdev->binding) {
201	bdput(rawdev->binding);
202	module_put(THIS_MODULE);
203	}
204	if (rq.block_major == 0 && rq.block_minor == 0) {
205	/* unbind */
206	rawdev->binding = NULL;
207	device_destroy(raw_class,
208	MKDEV(RAW_MAJOR, rq.raw_minor));
209	} else {
210	rawdev->binding = bdget(dev);
211	if (rawdev->binding == NULL)
212	err = -ENOMEM;
213	else {
214	__module_get(THIS_MODULE);
215	bind_device(&rq);
216	}
217	}
218	mutex_unlock(&raw_mutex);
219	} else {
220	struct block_device *bdev;
221
222	mutex_lock(&raw_mutex);
223	bdev = rawdev->binding;
224	if (bdev) {
225	rq.block_major = MAJOR(bdev->bd_dev);
226	rq.block_minor = MINOR(bdev->bd_dev);
227	} else {
228	rq.block_major = rq.block_minor = 0;
229	}
230	mutex_unlock(&raw_mutex);
231	if (copy_to_user((void __user *)arg, &rq, sizeof(rq))) {
232	err = -EFAULT;
233	goto out;
234	}
235	}
236	break;
237	default:
238	err = -EINVAL;
239	break;
240	}	238	}
241	out:	239
242	return err;	240	return -EINVAL;
		241	}
		242
		243	#ifdef CONFIG_COMPAT
		244	struct raw32_config_request {
		245	compat_int_t raw_minor;
		246	compat_u64 block_major;
		247	compat_u64 block_minor;
		248	};
		249
		250	static long raw_ctl_compat_ioctl(struct file *file, unsigned int cmd,
		251	unsigned long arg)
		252	{
		253	struct raw32_config_request __user *user_req = compat_ptr(arg);
		254	struct raw32_config_request rq;
		255	dev_t dev;
		256	int err = 0;
		257
		258	switch (cmd) {
		259	case RAW_SETBIND:
		260	if (copy_from_user(&rq, user_req, sizeof(rq)))
		261	return -EFAULT;
		262
		263	return bind_set(rq.raw_minor, rq.block_major, rq.block_minor);
		264
		265	case RAW_GETBIND:
		266	if (copy_from_user(&rq, user_req, sizeof(rq)))
		267	return -EFAULT;
		268
		269	err = bind_get(rq.raw_minor, &dev);
		270	if (err)
		271	return err;
		272
		273	rq.block_major = MAJOR(dev);
		274	rq.block_minor = MINOR(dev);
		275
		276	if (copy_to_user(user_req, &rq, sizeof(rq)))
		277	return -EFAULT;
		278
		279	return 0;
		280	}
		281
		282	return -EINVAL;
243	}	283	}
		284	#endif
244		285
245	static const struct file_operations raw_fops = {	286	static const struct file_operations raw_fops = {
246	.read = do_sync_read,	287	.read = do_sync_read,
247	.aio_read = generic_file_aio_read,	288	.aio_read = generic_file_aio_read,
248	.write = do_sync_write,	289	.write = do_sync_write,
249	.aio_write = blkdev_aio_write,	290	.aio_write = blkdev_aio_write,
250	.open = raw_open,	291	.fsync = blkdev_fsync,
251	.release= raw_release,	292	.open = raw_open,
252	.ioctl = raw_ioctl,	293	.release = raw_release,
253	.owner = THIS_MODULE,	294	.unlocked_ioctl = raw_ioctl,
		295	.llseek = default_llseek,
		296	.owner = THIS_MODULE,
254	};	297	};
255		298
256	static const struct file_operations raw_ctl_fops = {	299	static const struct file_operations raw_ctl_fops = {
257	.ioctl = raw_ctl_ioctl,	300	.unlocked_ioctl = raw_ctl_ioctl,
258	.open = raw_open,	301	#ifdef CONFIG_COMPAT
259	.owner = THIS_MODULE,	302	.compat_ioctl = raw_ctl_compat_ioctl,
		303	#endif
		304	.open = raw_open,
		305	.owner = THIS_MODULE,
		306	.llseek = noop_llseek,
260	};	307	};
261		308
262	static struct cdev raw_cdev;	309	static struct cdev raw_cdev;