diff options
Diffstat (limited to 'drivers/block/cpqarray.c')
-rw-r--r-- | drivers/block/cpqarray.c | 78 |
1 files changed, 49 insertions, 29 deletions
diff --git a/drivers/block/cpqarray.c b/drivers/block/cpqarray.c index abb4ec6..d53b029 100644 --- a/drivers/block/cpqarray.c +++ b/drivers/block/cpqarray.c @@ -35,6 +35,7 @@ #include <linux/seq_file.h> #include <linux/init.h> #include <linux/hdreg.h> +#include <linux/smp_lock.h> #include <linux/spinlock.h> #include <linux/blkdev.h> #include <linux/genhd.h> @@ -157,7 +158,7 @@ static int sendcmd( unsigned int blkcnt, unsigned int log_unit ); -static int ida_open(struct block_device *bdev, fmode_t mode); +static int ida_unlocked_open(struct block_device *bdev, fmode_t mode); static int ida_release(struct gendisk *disk, fmode_t mode); static int ida_ioctl(struct block_device *bdev, fmode_t mode, unsigned int cmd, unsigned long arg); static int ida_getgeo(struct block_device *bdev, struct hd_geometry *geo); @@ -195,9 +196,9 @@ static inline ctlr_info_t *get_host(struct gendisk *disk) static const struct block_device_operations ida_fops = { .owner = THIS_MODULE, - .open = ida_open, + .open = ida_unlocked_open, .release = ida_release, - .locked_ioctl = ida_ioctl, + .ioctl = ida_ioctl, .getgeo = ida_getgeo, .revalidate_disk= ida_revalidate, }; @@ -840,13 +841,29 @@ static int ida_open(struct block_device *bdev, fmode_t mode) return 0; } +static int ida_unlocked_open(struct block_device *bdev, fmode_t mode) +{ + int ret; + + lock_kernel(); + ret = ida_open(bdev, mode); + unlock_kernel(); + + return ret; +} + /* * Close. Sync first. */ static int ida_release(struct gendisk *disk, fmode_t mode) { - ctlr_info_t *host = get_host(disk); + ctlr_info_t *host; + + lock_kernel(); + host = get_host(disk); host->usage_count--; + unlock_kernel(); + return 0; } @@ -1128,7 +1145,7 @@ static int ida_getgeo(struct block_device *bdev, struct hd_geometry *geo) * ida_ioctl does some miscellaneous stuff like reporting drive geometry, * setting readahead and submitting commands from userspace to the controller. */ -static int ida_ioctl(struct block_device *bdev, fmode_t mode, unsigned int cmd, unsigned long arg) +static int ida_locked_ioctl(struct block_device *bdev, fmode_t mode, unsigned int cmd, unsigned long arg) { drv_info_t *drv = get_drv(bdev->bd_disk); ctlr_info_t *host = get_host(bdev->bd_disk); @@ -1162,7 +1179,8 @@ out_passthru: return error; case IDAGETCTLRSIG: if (!arg) return -EINVAL; - put_user(host->ctlr_sig, (int __user *)arg); + if (put_user(host->ctlr_sig, (int __user *)arg)) + return -EFAULT; return 0; case IDAREVALIDATEVOLS: if (MINOR(bdev->bd_dev) != 0) @@ -1170,7 +1188,8 @@ out_passthru: return revalidate_allvol(host); case IDADRIVERVERSION: if (!arg) return -EINVAL; - put_user(DRIVER_VERSION, (unsigned long __user *)arg); + if (put_user(DRIVER_VERSION, (unsigned long __user *)arg)) + return -EFAULT; return 0; case IDAGETPCIINFO: { @@ -1192,6 +1211,19 @@ out_passthru: } } + +static int ida_ioctl(struct block_device *bdev, fmode_t mode, + unsigned int cmd, unsigned long param) +{ + int ret; + + lock_kernel(); + ret = ida_locked_ioctl(bdev, mode, cmd, param); + unlock_kernel(); + + return ret; +} + /* * ida_ctlr_ioctl is for passing commands to the controller from userspace. * The command block (io) has already been copied to kernel space for us, @@ -1225,17 +1257,11 @@ static int ida_ctlr_ioctl(ctlr_info_t *h, int dsk, ida_ioctl_t *io) /* Pre submit processing */ switch(io->cmd) { case PASSTHRU_A: - p = kmalloc(io->sg[0].size, GFP_KERNEL); - if (!p) - { - error = -ENOMEM; - cmd_free(h, c, 0); - return(error); - } - if (copy_from_user(p, io->sg[0].addr, io->sg[0].size)) { - kfree(p); - cmd_free(h, c, 0); - return -EFAULT; + p = memdup_user(io->sg[0].addr, io->sg[0].size); + if (IS_ERR(p)) { + error = PTR_ERR(p); + cmd_free(h, c, 0); + return error; } c->req.hdr.blk = pci_map_single(h->pci_dev, &(io->c), sizeof(ida_ioctl_t), @@ -1266,18 +1292,12 @@ static int ida_ctlr_ioctl(ctlr_info_t *h, int dsk, ida_ioctl_t *io) case DIAG_PASS_THRU: case COLLECT_BUFFER: case WRITE_FLASH_ROM: - p = kmalloc(io->sg[0].size, GFP_KERNEL); - if (!p) - { - error = -ENOMEM; - cmd_free(h, c, 0); - return(error); + p = memdup_user(io->sg[0].addr, io->sg[0].size); + if (IS_ERR(p)) { + error = PTR_ERR(p); + cmd_free(h, c, 0); + return error; } - if (copy_from_user(p, io->sg[0].addr, io->sg[0].size)) { - kfree(p); - cmd_free(h, c, 0); - return -EFAULT; - } c->req.sg[0].size = io->sg[0].size; c->req.sg[0].addr = pci_map_single(h->pci_dev, p, c->req.sg[0].size, PCI_DMA_BIDIRECTIONAL); |