From 1bcaa0bd6fd5b510dd9f1ba2da114d3f1253af61 Mon Sep 17 00:00:00 2001 From: Jonathan Corbet Date: Thu, 15 May 2008 16:16:28 -0600 Subject: isdn: cdev lock_kernel() pushdown Signed-off-by: Jonathan Corbet --- drivers/isdn/i4l/isdn_common.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'drivers/isdn') diff --git a/drivers/isdn/i4l/isdn_common.c b/drivers/isdn/i4l/isdn_common.c index 0f3c66de69bc..5158c606ff5b 100644 --- a/drivers/isdn/i4l/isdn_common.c +++ b/drivers/isdn/i4l/isdn_common.c @@ -1732,7 +1732,7 @@ isdn_open(struct inode *ino, struct file *filep) int chidx; int retval = -ENODEV; - + lock_kernel(); if (minor == ISDN_MINOR_STATUS) { infostruct *p; @@ -1783,6 +1783,7 @@ isdn_open(struct inode *ino, struct file *filep) #endif out: nonseekable_open(ino, filep); + unlock_kernel(); return retval; } -- cgit v1.2.2 From a237f3bbaab28bb780201f15f6003cf3d2e81024 Mon Sep 17 00:00:00 2001 From: Jonathan Corbet Date: Fri, 16 May 2008 14:15:33 -0600 Subject: CAPI: BKL pushdown Put explicit lock_kernel() calls into capi_open() Signed-off-by: Jonathan Corbet --- drivers/isdn/capi/capi.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'drivers/isdn') diff --git a/drivers/isdn/capi/capi.c b/drivers/isdn/capi/capi.c index 6ca0bb949ad3..2095153582f1 100644 --- a/drivers/isdn/capi/capi.c +++ b/drivers/isdn/capi/capi.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #ifdef CONFIG_ISDN_CAPI_MIDDLEWARE @@ -983,13 +984,17 @@ capi_ioctl(struct inode *inode, struct file *file, static int capi_open(struct inode *inode, struct file *file) { + int ret; + + lock_kernel(); if (file->private_data) - return -EEXIST; - - if ((file->private_data = capidev_alloc()) == NULL) - return -ENOMEM; - - return nonseekable_open(inode, file); + ret = -EEXIST; + else if ((file->private_data = capidev_alloc()) == NULL) + ret = -ENOMEM; + else + ret = nonseekable_open(inode, file); + unlock_kernel(); + return ret; } static int -- cgit v1.2.2 From 3462032d66703ef7721329b44fe2dac4aaef475d Mon Sep 17 00:00:00 2001 From: Jonathan Corbet Date: Fri, 16 May 2008 14:17:33 -0600 Subject: divamnt: BKL pushdown Put explicit lock_kernel() calls into maint_open(). Signed-off-by: Jonathan Corbet --- drivers/isdn/hardware/eicon/divamnt.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'drivers/isdn') diff --git a/drivers/isdn/hardware/eicon/divamnt.c b/drivers/isdn/hardware/eicon/divamnt.c index c90928974249..1e85f743214e 100644 --- a/drivers/isdn/hardware/eicon/divamnt.c +++ b/drivers/isdn/hardware/eicon/divamnt.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include "platform.h" @@ -127,14 +128,19 @@ static unsigned int maint_poll(struct file *file, poll_table * wait) static int maint_open(struct inode *ino, struct file *filep) { + int ret; + + lock_kernel(); /* only one open is allowed, so we test it atomically */ if (test_and_set_bit(0, &opened)) - return (-EBUSY); - - filep->private_data = NULL; - - return nonseekable_open(ino, filep); + ret = -EBUSY; + else { + filep->private_data = NULL; + ret = nonseekable_open(ino, filep); + } + unlock_kernel(); + return ret; } static int maint_close(struct inode *ino, struct file *filep) -- cgit v1.2.2 From f2b9857eee17797541b845782ade4d7a9d50f843 Mon Sep 17 00:00:00 2001 From: Jonathan Corbet Date: Sun, 18 May 2008 15:32:43 -0600 Subject: Add a bunch of cycle_kernel_lock() calls All of the open() functions which don't need the BKL on their face may still depend on its acquisition to serialize opens against driver initialization. So make those functions acquire then release the BKL to be on the safe side. Signed-off-by: Jonathan Corbet --- drivers/isdn/hardware/eicon/divasi.c | 2 ++ drivers/isdn/hardware/eicon/divasmain.c | 2 ++ 2 files changed, 4 insertions(+) (limited to 'drivers/isdn') diff --git a/drivers/isdn/hardware/eicon/divasi.c b/drivers/isdn/hardware/eicon/divasi.c index 78f141e77466..f4969fe0a055 100644 --- a/drivers/isdn/hardware/eicon/divasi.c +++ b/drivers/isdn/hardware/eicon/divasi.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #include "platform.h" @@ -400,6 +401,7 @@ static unsigned int um_idi_poll(struct file *file, poll_table * wait) static int um_idi_open(struct inode *inode, struct file *file) { + cycle_kernel_lock(); return (0); } diff --git a/drivers/isdn/hardware/eicon/divasmain.c b/drivers/isdn/hardware/eicon/divasmain.c index 5fcbdccd7a53..65c95019a9ae 100644 --- a/drivers/isdn/hardware/eicon/divasmain.c +++ b/drivers/isdn/hardware/eicon/divasmain.c @@ -21,6 +21,7 @@ #include #include #include +#include #include "platform.h" #undef ID_MASK @@ -580,6 +581,7 @@ xdi_copy_from_user(void *os_handle, void *dst, const void __user *src, int lengt */ static int divas_open(struct inode *inode, struct file *file) { + cycle_kernel_lock(); return (0); } -- cgit v1.2.2 From 4fc89e3911aa5357b55b85b60c4beaeb8a48a290 Mon Sep 17 00:00:00 2001 From: Darren Jenkins Date: Sat, 12 Jul 2008 13:47:50 -0700 Subject: drivers/isdn/i4l/isdn_common.c fix small resource leak Coverity CID: 1356 RESOURCE_LEAK I found a very old patch for this that was Acked but did not get applied https://lists.linux-foundation.org/pipermail/kernel-janitors/2006-September/016362.html There looks to be a small leak in isdn_writebuf_stub() in isdn_common.c, when copy_from_user() returns an un-copied data length (length != 0). The below patch should be a minimally invasive fix. Signed-off-by: Darren Jenkins Acked-by: Karsten Keil Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- drivers/isdn/i4l/isdn_common.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'drivers/isdn') diff --git a/drivers/isdn/i4l/isdn_common.c b/drivers/isdn/i4l/isdn_common.c index 0f3c66de69bc..8d8c6b736167 100644 --- a/drivers/isdn/i4l/isdn_common.c +++ b/drivers/isdn/i4l/isdn_common.c @@ -1977,8 +1977,10 @@ isdn_writebuf_stub(int drvidx, int chan, const u_char __user * buf, int len) if (!skb) return -ENOMEM; skb_reserve(skb, hl); - if (copy_from_user(skb_put(skb, len), buf, len)) + if (copy_from_user(skb_put(skb, len), buf, len)) { + dev_kfree_skb(skb); return -EFAULT; + } ret = dev->drv[drvidx]->interface->writebuf_skb(drvidx, chan, 1, skb); if (ret <= 0) dev_kfree_skb(skb); -- cgit v1.2.2