lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1237929168-15341-2-git-send-email-stoyboyker@gmail.com>
Date:	Tue, 24 Mar 2009 16:12:36 -0500
From:	stoyboyker@...il.com
To:	linux-kernel@...r.kernel.org
Cc:	Stoyan Gaydarov <stoyboyker@...il.com>, gregkh@...e.de
Subject: [PATCH 01/13] [staging] changed ioctls to unlocked

From: Stoyan Gaydarov <stoyboyker@...il.com>

Signed-off-by: Stoyan Gaydarov <stoyboyker@...il.com>
---
 drivers/staging/epl/EplApiLinuxKernel.c |   10 ++-
 drivers/staging/meilhaus/memain.c       |  124 +++++++++++++++++++++----------
 drivers/staging/poch/poch.c             |   25 +++++--
 3 files changed, 107 insertions(+), 52 deletions(-)

diff --git a/drivers/staging/epl/EplApiLinuxKernel.c b/drivers/staging/epl/EplApiLinuxKernel.c
index 05ca062..9517da2 100644
--- a/drivers/staging/epl/EplApiLinuxKernel.c
+++ b/drivers/staging/epl/EplApiLinuxKernel.c
@@ -219,7 +219,7 @@ static ssize_t EplLinRead(struct file *pInstance_p, char *pDstBuff_p,
 			  size_t BuffSize_p, loff_t * pFileOffs_p);
 static ssize_t EplLinWrite(struct file *pInstance_p, const char *pSrcBuff_p,
 			   size_t BuffSize_p, loff_t * pFileOffs_p);
-static int EplLinIoctl(struct inode *pDeviceFile_p, struct file *pInstance_p,
+static long EplLinIoctl(struct file *pInstance_p,
 		       unsigned int uiIoctlCmd_p, unsigned long ulArg_p);
 
 //---------------------------------------------------------------------------
@@ -237,7 +237,7 @@ static struct file_operations EplLinFileOps_g = {
 	.release = EplLinRelease,
 	.read = EplLinRead,
 	.write = EplLinWrite,
-	.ioctl = EplLinIoctl,
+	.unlocked_ioctl = EplLinIoctl,
 
 };
 
@@ -551,12 +551,13 @@ static ssize_t EplLinWrite(struct file *pInstance_p,	// information about driver
 //  -> ioctl(...)
 //---------------------------------------------------------------------------
 
-static int EplLinIoctl(struct inode *pDeviceFile_p,	// information about the device to open
-		       struct file *pInstance_p,	// information about driver instance
+static long EplLinIoctl(struct file *pInstance_p,	// information about driver instance
 		       unsigned int uiIoctlCmd_p,	// Ioctl command to execute
 		       unsigned long ulArg_p)	// Ioctl command specific argument/parameter
 {
 
+	lock_kernel();
+
 	tEplKernel EplRet;
 	int iErr;
 	int iRet;
@@ -1148,6 +1149,7 @@ static int EplLinIoctl(struct inode *pDeviceFile_p,	// information about the dev
       Exit:
 
 //    TRACE1("EPL: - EplLinIoctl (iRet=%d)\n", iRet);
+	unlock_kernel();
 	return (iRet);
 
 }
diff --git a/drivers/staging/meilhaus/memain.c b/drivers/staging/meilhaus/memain.c
index b09d1a6..9a1706b 100644
--- a/drivers/staging/meilhaus/memain.c
+++ b/drivers/staging/meilhaus/memain.c
@@ -95,7 +95,7 @@ static int replace_with_dummy(int vendor_id, int device_id, int serial_no);
 static void clear_device_list(void);
 static int me_open(struct inode *inode_ptr, struct file *filep);
 static int me_release(struct inode *, struct file *);
-static int me_ioctl(struct inode *, struct file *, unsigned int, unsigned long);
+static long me_ioctl(struct file *, unsigned int, unsigned long);
 //static int me_probe_usb(struct usb_interface *interface, const struct usb_device_id *id);
 //static void me_disconnect_usb(struct usb_interface *interface);
 
@@ -109,7 +109,7 @@ static struct cdev *cdevp;
 
 static struct file_operations me_file_operations = {
 	.owner = THIS_MODULE,
-	.ioctl = me_ioctl,
+	.unlocked_ioctl = me_ioctl,
 	.open = me_open,
 	.release = me_release,
 };
@@ -1751,14 +1751,17 @@ static void me_disconnect_usb(struct usb_interface *interface)
 }
 */
 
-static int me_ioctl(struct inode *inodep,
-		    struct file *filep, unsigned int service, unsigned long arg)
+static long me_ioctl(struct file *filep, unsigned int service,
+		    unsigned long arg)
 {
+	lock_kernel();
+	long ret;
 
 	PDEBUG("executed.\n");
 
 	if (_IOC_TYPE(service) != MEMAIN_MAGIC) {
 		PERROR("Invalid magic number.\n");
+		unlock_kernel();
 		return -ENOTTY;
 	}
 
@@ -1766,147 +1769,186 @@ static int me_ioctl(struct inode *inodep,
 
 	switch (service) {
 	case ME_IO_IRQ_ENABLE:
-		return me_io_irq_start(filep, (me_io_irq_start_t *) arg);
+		ret = me_io_irq_start(filep, (me_io_irq_start_t *) arg);
+		break;
 
 	case ME_IO_IRQ_WAIT:
-		return me_io_irq_wait(filep, (me_io_irq_wait_t *) arg);
+		ret = me_io_irq_wait(filep, (me_io_irq_wait_t *) arg);
+		break;
 
 	case ME_IO_IRQ_DISABLE:
-		return me_io_irq_stop(filep, (me_io_irq_stop_t *) arg);
+		ret = me_io_irq_stop(filep, (me_io_irq_stop_t *) arg);
+		break;
 
 	case ME_IO_RESET_DEVICE:
-		return me_io_reset_device(filep, (me_io_reset_device_t *) arg);
+		ret =  me_io_reset_device(filep, (me_io_reset_device_t *) arg);
+		break;
 
 	case ME_IO_RESET_SUBDEVICE:
-		return me_io_reset_subdevice(filep,
+		ret =  me_io_reset_subdevice(filep,
 					     (me_io_reset_subdevice_t *) arg);
+		break;
 
 	case ME_IO_SINGLE_CONFIG:
-		return me_io_single_config(filep,
+		ret = me_io_single_config(filep,
 					   (me_io_single_config_t *) arg);
+		break;
 
 	case ME_IO_SINGLE:
-		return me_io_single(filep, (me_io_single_t *) arg);
+		ret =  me_io_single(filep, (me_io_single_t *) arg);
+		break;
 
 	case ME_IO_STREAM_CONFIG:
-		return me_io_stream_config(filep,
+		ret = me_io_stream_config(filep,
 					   (me_io_stream_config_t *) arg);
+		break;
 
 	case ME_IO_STREAM_NEW_VALUES:
-		return me_io_stream_new_values(filep,
+		ret =  me_io_stream_new_values(filep,
 					       (me_io_stream_new_values_t *)
 					       arg);
+		break;
 
 	case ME_IO_STREAM_READ:
-		return me_io_stream_read(filep, (me_io_stream_read_t *) arg);
+		ret = me_io_stream_read(filep, (me_io_stream_read_t *) arg);
+		break;
 
 	case ME_IO_STREAM_START:
-		return me_io_stream_start(filep, (me_io_stream_start_t *) arg);
+		ret = me_io_stream_start(filep, (me_io_stream_start_t *) arg);
+		break;
 
 	case ME_IO_STREAM_STATUS:
-		return me_io_stream_status(filep,
+		ret =  me_io_stream_status(filep,
 					   (me_io_stream_status_t *) arg);
+		break;
 
 	case ME_IO_STREAM_STOP:
-		return me_io_stream_stop(filep, (me_io_stream_stop_t *) arg);
+		ret = me_io_stream_stop(filep, (me_io_stream_stop_t *) arg);
+		break;
 
 	case ME_IO_STREAM_WRITE:
-		return me_io_stream_write(filep, (me_io_stream_write_t *) arg);
+		ret = me_io_stream_write(filep, (me_io_stream_write_t *) arg);
+		break;
 
 	case ME_LOCK_DRIVER:
-		return me_lock_driver(filep, (me_lock_driver_t *) arg);
+		ret = me_lock_driver(filep, (me_lock_driver_t *) arg);
+		break;
 
 	case ME_LOCK_DEVICE:
-		return me_lock_device(filep, (me_lock_device_t *) arg);
+		ret = me_lock_device(filep, (me_lock_device_t *) arg);
+		break;
 
 	case ME_LOCK_SUBDEVICE:
-		return me_lock_subdevice(filep, (me_lock_subdevice_t *) arg);
+		ret = me_lock_subdevice(filep, (me_lock_subdevice_t *) arg);
+		break;
 
 	case ME_QUERY_INFO_DEVICE:
-		return me_query_info_device(filep,
+		ret = me_query_info_device(filep,
 					    (me_query_info_device_t *) arg);
+		break;
 
 	case ME_QUERY_DESCRIPTION_DEVICE:
-		return me_query_description_device(filep,
+		ret = me_query_description_device(filep,
 						   (me_query_description_device_t
 						    *) arg);
+		break;
 
 	case ME_QUERY_NAME_DEVICE:
-		return me_query_name_device(filep,
+		ret = me_query_name_device(filep,
 					    (me_query_name_device_t *) arg);
+		break;
 
 	case ME_QUERY_NAME_DEVICE_DRIVER:
-		return me_query_name_device_driver(filep,
+		ret = me_query_name_device_driver(filep,
 						   (me_query_name_device_driver_t
 						    *) arg);
+		break;
 
 	case ME_QUERY_NUMBER_DEVICES:
-		return me_query_number_devices(filep,
+		ret = me_query_number_devices(filep,
 					       (me_query_number_devices_t *)
 					       arg);
+		break;
 
 	case ME_QUERY_NUMBER_SUBDEVICES:
-		return me_query_number_subdevices(filep,
+		ret =  me_query_number_subdevices(filep,
 						  (me_query_number_subdevices_t
 						   *) arg);
+		break;
 
 	case ME_QUERY_NUMBER_CHANNELS:
-		return me_query_number_channels(filep,
+		ret = me_query_number_channels(filep,
 						(me_query_number_channels_t *)
 						arg);
+		break;
 
 	case ME_QUERY_NUMBER_RANGES:
-		return me_query_number_ranges(filep,
+		ret = me_query_number_ranges(filep,
 					      (me_query_number_ranges_t *) arg);
+		break;
 
 	case ME_QUERY_RANGE_BY_MIN_MAX:
-		return me_query_range_by_min_max(filep,
+		ret = me_query_range_by_min_max(filep,
 						 (me_query_range_by_min_max_t *)
 						 arg);
+		break;
 
 	case ME_QUERY_RANGE_INFO:
-		return me_query_range_info(filep,
+		ret = me_query_range_info(filep,
 					   (me_query_range_info_t *) arg);
+		break;
 
 	case ME_QUERY_SUBDEVICE_BY_TYPE:
-		return me_query_subdevice_by_type(filep,
+		ret = me_query_subdevice_by_type(filep,
 						  (me_query_subdevice_by_type_t
 						   *) arg);
+		break;
 
 	case ME_QUERY_SUBDEVICE_TYPE:
-		return me_query_subdevice_type(filep,
+		ret = me_query_subdevice_type(filep,
 					       (me_query_subdevice_type_t *)
 					       arg);
+		break;
 
 	case ME_QUERY_SUBDEVICE_CAPS:
-		return me_query_subdevice_caps(filep,
+		ret = me_query_subdevice_caps(filep,
 					       (me_query_subdevice_caps_t *)
 					       arg);
+		break;
 
 	case ME_QUERY_SUBDEVICE_CAPS_ARGS:
-		return me_query_subdevice_caps_args(filep,
+		ret = me_query_subdevice_caps_args(filep,
 						    (me_query_subdevice_caps_args_t
 						     *) arg);
+		break;
 
 	case ME_QUERY_TIMER:
-		return me_query_timer(filep, (me_query_timer_t *) arg);
+		ret = me_query_timer(filep, (me_query_timer_t *) arg);
+		break;
 
 	case ME_QUERY_VERSION_MAIN_DRIVER:
-		return me_query_version_main_driver(filep,
+		ret = me_query_version_main_driver(filep,
 						    (me_query_version_main_driver_t
 						     *) arg);
+		break;
 
 	case ME_QUERY_VERSION_DEVICE_DRIVER:
-		return me_query_version_device_driver(filep,
+		ret = me_query_version_device_driver(filep,
 						      (me_query_version_device_driver_t
 						       *) arg);
+		break;
 
 	case ME_CONFIG_LOAD:
-		return me_config_load(filep, (me_config_load_t *) arg);
+		ret = me_config_load(filep, (me_config_load_t *) arg);
+		break;
+	}
+	if(!ret) {
+	    PERROR("Invalid ioctl number.\n");
+	    ret = -ENOTTY;
 	}
 
-	PERROR("Invalid ioctl number.\n");
-	return -ENOTTY;
+	unlock_kernel();
+	return ret;
 }
 
 // Init and exit of module.
diff --git a/drivers/staging/poch/poch.c b/drivers/staging/poch/poch.c
index 0d111dd..03cc5b7 100644
--- a/drivers/staging/poch/poch.c
+++ b/drivers/staging/poch/poch.c
@@ -979,9 +979,10 @@ static unsigned int poch_poll(struct file *filp, poll_table *pt)
 	return ret;
 }
 
-static int poch_ioctl(struct inode *inode, struct file *filp,
-		      unsigned int cmd, unsigned long arg)
+static long poch_ioctl(struct file *filp, unsigned int cmd,
+		      unsigned long arg)
 {
+	lock_kernel();
 	struct channel_info *channel = filp->private_data;
 	void __iomem *fpga = channel->fpga_iomem;
 	void __iomem *bridge = channel->bridge_iomem;
@@ -1026,8 +1027,10 @@ static int poch_ioctl(struct inode *inode, struct file *filp,
 		}
 		break;
 	case POCH_IOC_GET_COUNTERS:
-		if (!access_ok(VERIFY_WRITE, argp, sizeof(struct poch_counters)))
+		if (!access_ok(VERIFY_WRITE, argp, sizeof(struct poch_counters))) {
+			unlock_kernel();
 			return -EFAULT;
+		}
 
 		spin_lock_irq(&channel->counters_lock);
 		counters = channel->counters;
@@ -1036,23 +1039,31 @@ static int poch_ioctl(struct inode *inode, struct file *filp,
 
 		ret = copy_to_user(argp, &counters,
 				   sizeof(struct poch_counters));
-		if (ret)
+		if (ret) {
+			unlock_kernel();
 			return ret;
+		}
 
 		break;
 	case POCH_IOC_SYNC_GROUP_FOR_USER:
 	case POCH_IOC_SYNC_GROUP_FOR_DEVICE:
 		vms = find_vma(current->mm, arg);
-		if (!vms)
+		if (!vms) {
+			unlock_kernel();
 			/* Address not mapped. */
 			return -EINVAL;
-		if (vms->vm_file != filp)
+		}
+		if (vms->vm_file != filp) {
+			unlock_kernel();
 			/* Address mapped from different device/file. */
 			return -EINVAL;
+		}
 
 		flush_cache_range(vms, arg, arg + channel->group_size);
 		break;
 	}
+
+	unlock_kernel();
 	return 0;
 }
 
@@ -1060,7 +1071,7 @@ static struct file_operations poch_fops = {
 	.owner = THIS_MODULE,
 	.open = poch_open,
 	.release = poch_release,
-	.ioctl = poch_ioctl,
+	.unlocked_ioctl = poch_ioctl,
 	.poll = poch_poll,
 	.mmap = poch_mmap
 };
-- 
1.6.2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ