diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-07-14 14:48:31 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-07-14 14:48:31 -0700 |
commit | d1794f2c5b5817eb79ccc5e00701ca748d1b073a (patch) | |
tree | 5a4c98e694e88a8c82f342d0cc9edb2a4cbbef36 /drivers | |
parent | a41eebab7537890409ea9dfe0fcda9b5fbdb090d (diff) | |
parent | 2fceef397f9880b212a74c418290ce69e7ac00eb (diff) |
Merge branch 'bkl-removal' of git://git.lwn.net/linux-2.6
* 'bkl-removal' of git://git.lwn.net/linux-2.6: (146 commits)
IB/umad: BKL is not needed for ib_umad_open()
IB/uverbs: BKL is not needed for ib_uverbs_open()
bf561-coreb: BKL unneeded for open()
Call fasync() functions without the BKL
snd/PCM: fasync BKL pushdown
ipmi: fasync BKL pushdown
ecryptfs: fasync BKL pushdown
Bluetooth VHCI: fasync BKL pushdown
tty_io: fasync BKL pushdown
tun: fasync BKL pushdown
i2o: fasync BKL pushdown
mpt: fasync BKL pushdown
Remove BKL from remote_llseek v2
Make FAT users happier by not deadlocking
x86-mce: BKL pushdown
vmwatchdog: BKL pushdown
vmcp: BKL pushdown
via-pmu: BKL pushdown
uml-random: BKL pushdown
uml-mmapper: BKL pushdown
...
Diffstat (limited to 'drivers')
124 files changed, 742 insertions, 193 deletions
diff --git a/drivers/block/aoe/aoechr.c b/drivers/block/aoe/aoechr.c index e8e60e7a2e70..d1de68a31920 100644 --- a/drivers/block/aoe/aoechr.c +++ b/drivers/block/aoe/aoechr.c @@ -7,6 +7,7 @@ #include <linux/hdreg.h> #include <linux/blkdev.h> #include <linux/delay.h> +#include <linux/smp_lock.h> #include "aoe.h" enum { @@ -174,12 +175,16 @@ aoechr_open(struct inode *inode, struct file *filp) { int n, i; + lock_kernel(); n = iminor(inode); filp->private_data = (void *) (unsigned long) n; for (i = 0; i < ARRAY_SIZE(chardevs); ++i) - if (chardevs[i].minor == n) + if (chardevs[i].minor == n) { + unlock_kernel(); return 0; + } + unlock_kernel(); return -EINVAL; } diff --git a/drivers/block/paride/pg.c b/drivers/block/paride/pg.c index ab86e23ddc69..9d92636350e5 100644 --- a/drivers/block/paride/pg.c +++ b/drivers/block/paride/pg.c @@ -162,6 +162,7 @@ enum {D_PRT, D_PRO, D_UNI, D_MOD, D_SLV, D_DLY}; #include <linux/pg.h> #include <linux/device.h> #include <linux/sched.h> /* current, TASK_* */ +#include <linux/smp_lock.h> #include <linux/jiffies.h> #include <asm/uaccess.h> @@ -515,12 +516,18 @@ static int pg_open(struct inode *inode, struct file *file) { int unit = iminor(inode) & 0x7f; struct pg *dev = &devices[unit]; + int ret = 0; - if ((unit >= PG_UNITS) || (!dev->present)) - return -ENODEV; + lock_kernel(); + if ((unit >= PG_UNITS) || (!dev->present)) { + ret = -ENODEV; + goto out; + } - if (test_and_set_bit(0, &dev->access)) - return -EBUSY; + if (test_and_set_bit(0, &dev->access)) { + ret = -EBUSY; + goto out; + } if (dev->busy) { pg_reset(dev); @@ -533,12 +540,15 @@ static int pg_open(struct inode *inode, struct file *file) if (dev->bufptr == NULL) { clear_bit(0, &dev->access); printk("%s: buffer allocation failed\n", dev->name); - return -ENOMEM; + ret = -ENOMEM; + goto out; } file->private_data = dev; - return 0; +out: + unlock_kernel(); + return ret; } static int pg_release(struct inode *inode, struct file *file) diff --git a/drivers/block/paride/pt.c b/drivers/block/paride/pt.c index 27455ee1e9da..5c74c3574a5a 100644 --- a/drivers/block/paride/pt.c +++ b/drivers/block/paride/pt.c @@ -650,8 +650,11 @@ static int pt_open(struct inode *inode, struct file *file) struct pt_unit *tape = pt + unit; int err; - if (unit >= PT_UNITS || (!tape->present)) + lock_kernel(); + if (unit >= PT_UNITS || (!tape->present)) { + unlock_kernel(); return -ENODEV; + } err = -EBUSY; if (!atomic_dec_and_test(&tape->available)) @@ -678,10 +681,12 @@ static int pt_open(struct inode *inode, struct file *file) } file->private_data = tape; + unlock_kernel(); return 0; out: atomic_inc(&tape->available); + unlock_kernel(); return err; } diff --git a/drivers/bluetooth/hci_vhci.c b/drivers/bluetooth/hci_vhci.c index 0638730a4a19..d97700aa54a9 100644 --- a/drivers/bluetooth/hci_vhci.c +++ b/drivers/bluetooth/hci_vhci.c @@ -28,6 +28,7 @@ #include <linux/kernel.h> #include <linux/init.h> #include <linux/slab.h> +#include <linux/smp_lock.h> #include <linux/types.h> #include <linux/errno.h> #include <linux/sched.h> @@ -263,9 +264,11 @@ static int vhci_open(struct inode *inode, struct file *file) skb_queue_head_init(&data->readq); init_waitqueue_head(&data->read_wait); + lock_kernel(); hdev = hci_alloc_dev(); if (!hdev) { kfree(data); + unlock_kernel(); return -ENOMEM; } @@ -286,10 +289,12 @@ static int vhci_open(struct inode *inode, struct file *file) BT_ERR("Can't register HCI device"); kfree(data); hci_free_dev(hdev); + unlock_kernel(); return -EBUSY; } file->private_data = data; + unlock_kernel(); return nonseekable_open(inode, file); } @@ -313,18 +318,21 @@ static int vhci_release(struct inode *inode, struct file *file) static int vhci_fasync(int fd, struct file *file, int on) { struct vhci_data *data = file->private_data; - int err; + int err = 0; + lock_kernel(); err = fasync_helper(fd, file, on, &data->fasync); if (err < 0) - return err; + goto out; if (on) data->flags |= VHCI_FASYNC; else data->flags &= ~VHCI_FASYNC; - return 0; +out: + unlock_kernel(); + return err; } static const struct file_operations vhci_fops = { diff --git a/drivers/char/agp/frontend.c b/drivers/char/agp/frontend.c index e6cb1ab03e06..a96f3197e60f 100644 --- a/drivers/char/agp/frontend.c +++ b/drivers/char/agp/frontend.c @@ -39,6 +39,7 @@ #include <linux/mm.h> #include <linux/fs.h> #include <linux/sched.h> +#include <linux/smp_lock.h> #include <asm/uaccess.h> #include <asm/pgtable.h> #include "agp.h" @@ -677,6 +678,7 @@ static int agp_open(struct inode *inode, struct file *file) struct agp_client *client; int rc = -ENXIO; + lock_kernel(); mutex_lock(&(agp_fe.agp_mutex)); if (minor != AGPGART_MINOR) @@ -703,12 +705,14 @@ static int agp_open(struct inode *inode, struct file *file) agp_insert_file_private(priv); DBG("private=%p, client=%p", priv, client); mutex_unlock(&(agp_fe.agp_mutex)); + unlock_kernel(); return 0; err_out_nomem: rc = -ENOMEM; err_out: mutex_unlock(&(agp_fe.agp_mutex)); + unlock_kernel(); return rc; } diff --git a/drivers/char/apm-emulation.c b/drivers/char/apm-emulation.c index cdd876dbb2b0..da8a1658a273 100644 --- a/drivers/char/apm-emulation.c +++ b/drivers/char/apm-emulation.c @@ -13,6 +13,7 @@ #include <linux/module.h> #include <linux/poll.h> #include <linux/slab.h> +#include <linux/smp_lock.h> #include <linux/proc_fs.h> #include <linux/seq_file.h> #include <linux/miscdevice.h> @@ -416,6 +417,7 @@ static int apm_open(struct inode * inode, struct file * filp) { struct apm_user *as; + lock_kernel(); as = kzalloc(sizeof(*as), GFP_KERNEL); if (as) { /* @@ -435,6 +437,7 @@ static int apm_open(struct inode * inode, struct file * filp) filp->private_data = as; } + unlock_kernel(); return as ? 0 : -ENOMEM; } diff --git a/drivers/char/briq_panel.c b/drivers/char/briq_panel.c index b6f2639f903d..d8cff909001c 100644 --- a/drivers/char/briq_panel.c +++ b/drivers/char/briq_panel.c @@ -6,6 +6,7 @@ #include <linux/module.h> +#include <linux/smp_lock.h> #include <linux/types.h> #include <linux/errno.h> #include <linux/tty.h> @@ -67,11 +68,15 @@ static void set_led(char state) static int briq_panel_open(struct inode *ino, struct file *filep) { - /* enforce single access */ - if (vfd_is_open) + lock_kernel(); + /* enforce single access, vfd_is_open is protected by BKL */ + if (vfd_is_open) { + unlock_kernel(); return -EBUSY; + } vfd_is_open = 1; + unlock_kernel(); return 0; } diff --git a/drivers/char/cs5535_gpio.c b/drivers/char/cs5535_gpio.c index c0a4a0bb509e..04ba906b4880 100644 --- a/drivers/char/cs5535_gpio.c +++ b/drivers/char/cs5535_gpio.c @@ -17,6 +17,7 @@ #include <linux/cdev.h> #include <linux/ioport.h> #include <linux/pci.h> +#include <linux/smp_lock.h> #include <asm/uaccess.h> #include <asm/io.h> @@ -157,6 +158,7 @@ static int cs5535_gpio_open(struct inode *inode, struct file *file) { u32 m = iminor(inode); + cycle_kernel_lock(); /* the mask says which pins are usable by this driver */ if ((mask & (1 << m)) == 0) return -EINVAL; diff --git a/drivers/char/ds1286.c b/drivers/char/ds1286.c index ea35ab2c9909..fb584938c9c3 100644 --- a/drivers/char/ds1286.c +++ b/drivers/char/ds1286.c @@ -27,6 +27,7 @@ * option) any later version. */ #include <linux/ds1286.h> +#include <linux/smp_lock.h> #include <linux/types.h> #include <linux/errno.h> #include <linux/miscdevice.h> @@ -252,6 +253,7 @@ static int ds1286_ioctl(struct inode *inode, struct file *file, static int ds1286_open(struct inode *inode, struct file *file) { + lock_kernel(); spin_lock_irq(&ds1286_lock); if (ds1286_status & RTC_IS_OPEN) @@ -260,10 +262,12 @@ static int ds1286_open(struct inode *inode, struct file *file) ds1286_status |= RTC_IS_OPEN; spin_unlock_irq(&ds1286_lock); + unlock_kernel(); return 0; out_busy: spin_lock_irq(&ds1286_lock); + unlock_kernel(); return -EBUSY; } diff --git a/drivers/char/ds1620.c b/drivers/char/ds1620.c index 334ad5bbe6b6..34275c6f1da2 100644 --- a/drivers/char/ds1620.c +++ b/drivers/char/ds1620.c @@ -8,6 +8,7 @@ #include <linux/proc_fs.h> #include <linux/capability.h> #include <linux/init.h> +#include <linux/smp_lock.h> #include <asm/hardware.h> #include <asm/mach-types.h> @@ -208,6 +209,12 @@ static void ds1620_read_state(struct therm *therm) therm->hi = cvt_9_to_int(ds1620_in(THERM_READ_TH, 9)); } +static int ds1620_open(struct inode *inode, struct file *file) +{ + cycle_kernel_lock(); + return nonseekable_open(inode, file); +} + static ssize_t ds1620_read(struct file *file, char __user *buf, size_t count, loff_t *ptr) { @@ -336,7 +343,7 @@ static struct proc_dir_entry *proc_therm_ds1620; static const struct file_operations ds1620_fops = { .owner = THIS_MODULE, - .open = nonseekable_open, + .open = ds1620_open, .read = ds1620_read, .ioctl = ds1620_ioctl, }; diff --git a/drivers/char/dsp56k.c b/drivers/char/dsp56k.c index a69c65283260..7bf7485377e6 100644 --- a/drivers/char/dsp56k.c +++ b/drivers/char/dsp56k.c @@ -33,6 +33,7 @@ #include <linux/mm.h> #include <linux/init.h> #include <linux/device.h> +#include <linux/smp_lock.h> #include <asm/atarihw.h> #include <asm/traps.h> @@ -436,13 +437,17 @@ static unsigned int dsp56k_poll(struct file *file, poll_table *wait) static int dsp56k_open(struct inode *inode, struct file *file) { int dev = iminor(inode) & 0x0f; + int ret = 0; + lock_kernel(); switch(dev) { case DSP56K_DEV_56001: - if (test_and_set_bit(0, &dsp56k.in_use)) - return -EBUSY; + if (test_and_set_bit(0, &dsp56k.in_use)) { + ret = -EBUSY; + goto out; + } dsp56k.timeout = TIMEOUT; dsp56k.maxio = MAXIO; @@ -458,10 +463,11 @@ static int dsp56k_open(struct inode *inode, struct file *file) break; default: - return -ENODEV; + ret = -ENODEV; } - - return 0; +out: + unlock_kernel(); + return ret; } static int dsp56k_release(struct inode *inode, struct file *file) diff --git a/drivers/char/dtlk.c b/drivers/char/dtlk.c index abde6ddefe69..6b900b297cc6 100644 --- a/drivers/char/dtlk.c +++ b/drivers/char/dtlk.c @@ -56,6 +56,7 @@ #include <linux/errno.h> /* for -EBUSY */ #include <linux/ioport.h> /* for request_region */ #include <linux/delay.h> /* for loops_per_jiffy */ +#include <linux/smp_lock.h> /* cycle_kernel_lock() */ #include <asm/io.h> /* for inb_p, outb_p, inb, outb, etc. */ #include <asm/uaccess.h> /* for get_user, etc. */ #include <linux/wait.h> /* for wait_queue */ @@ -288,10 +289,12 @@ static int dtlk_ioctl(struct inode *inode, } } +/* Note that nobody ever sets dtlk_busy... */ static int dtlk_open(struct inode *inode, struct file *file) { TRACE_TEXT("(dtlk_open"); + cycle_kernel_lock(); nonseekable_open(inode, file); switch (iminor(inode)) { case DTLK_MINOR: diff --git a/drivers/char/efirtc.c b/drivers/char/efirtc.c index 49233f589874..d57ca3e4e534 100644 --- a/drivers/char/efirtc.c +++ b/drivers/char/efirtc.c @@ -28,6 +28,7 @@ */ +#include <linux/smp_lock.h> #include <linux/types.h> #include <linux/errno.h> #include <linux/miscdevice.h> @@ -272,6 +273,7 @@ efi_rtc_open(struct inode *inode, struct file *file) * We do accept multiple open files at the same time as we * synchronize on the per call operation. */ + cycle_kernel_lock(); return 0; } diff --git a/drivers/char/genrtc.c b/drivers/char/genrtc.c index 69f0a2993af0..aac0985a572b 100644 --- a/drivers/char/genrtc.c +++ b/drivers/char/genrtc.c @@ -51,6 +51,7 @@ #include <linux/init.h> #include <linux/poll.h> #include <linux/proc_fs.h> +#include <linux/smp_lock.h> #include <linux/workqueue.h> #include <asm/uaccess.h> @@ -338,12 +339,16 @@ static int gen_rtc_ioctl(struct inode *inode, struct file *file, static int gen_rtc_open(struct inode *inode, struct file *file) { - if (gen_rtc_status & RTC_IS_OPEN) + lock_kernel(); + if (gen_rtc_status & RTC_IS_OPEN) { + unlock_kernel(); return -EBUSY; + } gen_rtc_status |= RTC_IS_OPEN; gen_rtc_irq_data = 0; irq_active = 0; + unlock_kernel(); return 0; } diff --git a/drivers/char/hpet.c b/drivers/char/hpet.c index e7fb0bca3667..fb0a85a1eb36 100644 --- a/drivers/char/hpet.c +++ b/drivers/char/hpet.c @@ -14,6 +14,7 @@ #include <linux/interrupt.h> #include <linux/module.h> #include <linux/kernel.h> +#include <linux/smp_lock.h> #include <linux/types.h> #include <linux/miscdevice.h> #include <linux/major.h> @@ -193,6 +194,7 @@ static int hpet_open(struct inode *inode, struct file *file) if (file->f_mode & FMODE_WRITE) return -EINVAL; + lock_kernel(); spin_lock_irq(&hpet_lock); for (devp = NULL, hpetp = hpets; hpetp && !devp; hpetp = hpetp->hp_next) @@ -207,6 +209,7 @@ static int hpet_open(struct inode *inode, struct file *file) if (!devp) { spin_unlock_irq(&hpet_lock); + unlock_kernel(); return -EBUSY; } @@ -214,6 +217,7 @@ static int hpet_open(struct inode *inode, struct file *file) devp->hd_irqdata = 0; devp->hd_flags |= HPET_OPEN; spin_unlock_irq(&hpet_lock); + unlock_kernel(); return 0; } diff --git a/drivers/char/hw_random/core.c b/drivers/char/hw_random/core.c index 662d60e44e9a..e5d583c84e4f 100644 --- a/drivers/char/hw_random/core.c +++ b/drivers/char/hw_random/core.c @@ -37,6 +37,7 @@ #include <linux/kernel.h> #include <linux/fs.h> #include <linux/sched.h> +#include <linux/smp_lock.h> #include <linux/init.h> #include <linux/miscdevice.h> #include <linux/delay.h> @@ -86,6 +87,7 @@ static int rng_dev_open(struct inode *inode, struct file *filp) return -EINVAL; if (filp->f_mode & FMODE_WRITE) return -EINVAL; + cycle_kernel_lock(); return 0; } diff --git a/drivers/char/ip2/ip2main.c b/drivers/char/ip2/ip2main.c index c12cf8fc4be0..61b6fe4156bb 100644 --- a/drivers/char/ip2/ip2main.c +++ b/drivers/char/ip2/ip2main.c @@ -98,6 +98,7 @@ #include <linux/major.h> #include <linux/wait.h> #include <linux/device.h> +#include <linux/smp_lock.h> #include <linux/tty.h> #include <linux/tty_flip.h> @@ -2908,42 +2909,11 @@ ip2_ipl_ioctl ( struct inode *pInode, struct file *pFile, UINT cmd, ULONG arg ) static int ip2_ipl_open( struct inode *pInode, struct file *pFile ) { - unsigned int iplminor = iminor(pInode); - i2eBordStrPtr pB; - i2ChanStrPtr pCh; #ifdef IP2DEBUG_IPL printk (KERN_DEBUG "IP2IPL: open\n" ); #endif - - switch(iplminor) { - // These are the IPL devices - case 0: - case 4: - case 8: - case 12: - break; - - // These are the status devices - case 1: - case 5: - case 9: - case 13: - break; - - // These are the debug devices - case 2: - case 6: - case 10: - case 14: - pB = i2BoardPtrTable[iplminor / 4]; - pCh = (i2ChanStrPtr) pB->i2eChannelPtr; - break; - - // This is the trace device - case 3: - break; - } + cycle_kernel_lock(); return 0; } diff --git a/drivers/char/ip27-rtc.c b/drivers/char/ip27-rtc.c index 86e6538a77b0..ec9d0443d92c 100644 --- a/drivers/char/ip27-rtc.c +++ b/drivers/char/ip27-rtc.c @@ -27,6 +27,7 @@ #include <linux/bcd.h> #include <linux/module.h> #include <linux/kernel.h> +#include <linux/smp_lock.h> #include <linux/types.h> #include <linux/miscdevice.h> #include <linux/ioport.h> @@ -163,15 +164,18 @@ static long rtc_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) static int rtc_open(struct inode *inode, struct file *file) { + lock_kernel(); spin_lock_irq(&rtc_lock); if (rtc_status & RTC_IS_OPEN) { spin_unlock_irq(&rtc_lock); + unlock_kernel(); return -EBUSY; } rtc_status |= RTC_IS_OPEN; spin_unlock_irq(&rtc_lock); + unlock_kernel(); return 0; } diff --git a/drivers/char/ipmi/ipmi_devintf.c b/drivers/char/ipmi/ipmi_devintf.c index 0246a2b8ce48..c11a40483459 100644 --- a/drivers/char/ipmi/ipmi_devintf.c +++ b/drivers/char/ipmi/ipmi_devintf.c @@ -43,6 +43,7 @@ #include <linux/init.h> #include <linux/device.h> #include <linux/compat.h> +#include <linux/smp_lock.h> struct ipmi_file_private { @@ -100,7 +101,9 @@ static int ipmi_fasync(int fd, struct file *file, int on) struct ipmi_file_private *priv = file->private_data; int result; + lock_kernel(); /* could race against open() otherwise */ result = fasync_helper(fd, file, on, &priv->fasync_queue); + unlock_kernel(); return (result); } @@ -121,6 +124,7 @@ static int ipmi_open(struct inode *inode, struct file *file) if (!priv) return -ENOMEM; + lock_kernel(); priv->file = file; rv = ipmi_create_user(if_num, @@ -129,7 +133,7 @@ static int ipmi_open(struct inode *inode, struct file *file) &(priv->user)); if (rv) { kfree(priv); - return rv; + goto out; } file->private_data = priv; @@ -144,7 +148,9 @@ static int ipmi_open(struct inode *inode, struct file *file) priv->default_retries = -1; priv->default_retry_time_ms = 0; - return 0; +out: + unlock_kernel(); + return rv; } static int ipmi_release(struct inode *inode, struct file *file) diff --git a/drivers/char/ipmi/ipmi_watchdog.c b/drivers/char/ipmi/ipmi_watchdog.c index 0e6df289cb46..235fab0bdf79 100644 --- a/drivers/char/ipmi/ipmi_watchdog.c +++ b/drivers/char/ipmi/ipmi_watchdog.c @@ -35,6 +35,7 @@ #include <linux/moduleparam.h> #include <linux/ipmi.h> #include <linux/ipmi_smi.h> +#include <linux/smp_lock.h> #include <linux/watchdog.h> #include <linux/miscdevice.h> #include <linux/init.h> @@ -818,6 +819,8 @@ static int ipmi_open(struct inode *ino, struct file *filep) if (test_and_set_bit(0, &ipmi_wdog_open)) return -EBUSY; + cycle_kernel_lock(); + /* * Don't start the timer now, let it start on the * first heartbeat. diff --git a/drivers/char/lcd.c b/drivers/char/lcd.c index 4fe9206f84de..1c29b20e4f4c 100644 --- a/drivers/char/lcd.c +++ b/drivers/char/lcd.c @@ -20,6 +20,7 @@ #include <linux/mc146818rtc.h> #include <linux/netdevice.h> #include <linux/sched.h> +#include <linux/smp_lock.h> #include <linux/delay.h> #include <asm/io.h> @@ -414,6 +415,8 @@ static int lcd_ioctl(struct inode *inode, struct file *file, static int lcd_open(struct inode *inode, struct file *file) { + cycle_kernel_lock(); + if (!lcd_present) return -ENXIO; else diff --git a/drivers/char/lp.c b/drivers/char/lp.c index 60ac642752be..71abb4c33aa2 100644 --- a/drivers/char/lp.c +++ b/drivers/char/lp.c @@ -126,6 +126,7 @@ #include <linux/device.h> #include <linux/wait.h> #include <linux/jiffies.h> +#include <linux/smp_lock.h> #include <linux/parport.h> #undef LP_STATS @@ -489,14 +490,21 @@ static ssize_t lp_read(struct file * file, char __user * buf, static int lp_open(struct inode * inode, struct file * file) { unsigned int minor = iminor(inode); + int ret = 0; - if (minor >= LP_NO) - return -ENXIO; - if ((LP_F(minor) & LP_EXIST) == 0) - return -ENXIO; - if (test_and_set_bit(LP_BUSY_BIT_POS, &LP_F(minor))) - return -EBUSY; - + lock_kernel(); + if (minor >= LP_NO) { + ret = -ENXIO; + goto out; + } + if ((LP_F(minor) & LP_EXIST) == 0) { + ret = -ENXIO; + goto out; + } + if (test_and_set_bit(LP_BUSY_BIT_POS, &LP_F(minor))) { + ret = -EBUSY; + goto out; + } /* If ABORTOPEN is set and the printer is offline or out of paper, we may still want to open it to perform ioctl()s. Therefore we have commandeered O_NONBLOCK, even though it is being used in @@ -510,21 +518,25 @@ static int lp_open(struct inode * inode, struct file * file) if (status & LP_POUTPA) { printk(KERN_INFO "lp%d out of paper\n", minor); LP_F(minor) &= ~LP_BUSY; - return -ENOSPC; + ret = -ENOSPC; + goto out; } else if (!(status & LP_PSELECD)) { printk(KERN_INFO "lp%d off-line\n", minor); LP_F(minor) &= ~LP_BUSY; - return -EIO; + ret = -EIO; + goto out; } else if (!(status & LP_PERRORP)) { printk(KERN_ERR "lp%d printer error\n", minor); LP_F(minor) &= ~LP_BUSY; - return -EIO; + ret = -EIO; + goto out; } } lp_table[minor].lp_buffer = kmalloc(LP_BUFFER_SIZE, GFP_KERNEL); if (!lp_table[minor].lp_buffer) { LP_F(minor) &= ~LP_BUSY; - return -ENOMEM; + ret = -ENOMEM; + goto out; } /* Determine if the peripheral supports ECP mode */ lp_claim_parport_or_block (&lp_table[minor]); @@ -540,7 +552,9 @@ static int lp_open(struct inode * inode, struct file * file) parport_negotiate (lp_table[minor].dev->port, IEEE1284_MODE_COMPAT); lp_release_parport (&lp_table[minor]); lp_table[minor].current_mode = IEEE1284_MODE_COMPAT; - return 0; +out: + unlock_kernel(); + return ret; } static int lp_release(struct inode * inode, struct file * file) diff --git a/drivers/char/mbcs.c b/drivers/char/mbcs.c index f4716ad7348a..acd8e9ed474a 100644 --- a/drivers/char/mbcs.c +++ b/drivers/char/mbcs.c @@ -24,6 +24,7 @@ #include <linux/mm.h> #include <linux/uio.h> #include <linux/mutex.h> +#include <linux/smp_lock.h> #include <asm/io.h> #include <asm/uaccess.h> #include <asm/system.h> @@ -382,15 +383,19 @@ static int mbcs_open(struct inode *ip, struct file *fp) struct mbcs_soft *soft; int minor; + lock_kernel(); minor = iminor(ip); + /* Nothing protects access to this list... */ list_for_each_entry(soft, &soft_list, list) { if (soft->nasid == minor) { fp->private_data = soft->cxdev; + unlock_kernel(); return 0; } } + unlock_kernel(); return -ENODEV; } diff --git a/drivers/char/mem.c b/drivers/char/mem.c index 934ffafedaea..070e22e8ea9e 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -26,6 +26,7 @@ #include <linux/bootmem.h> #include <linux/splice.h> #include <linux/pfn.h> +#include <linux/smp_lock.h> #include <asm/uaccess.h> #include <asm/io.h> @@ -889,6 +890,9 @@ static const struct file_operations kmsg_fops = { static int memory_open(struct inode * inode, struct file * filp) { + int ret = 0; + + lock_kernel(); switch (iminor(inode)) { case 1: filp->f_op = &mem_fops; @@ -932,11 +936,13 @@ static int memory_open(struct inode * inode, struct file * filp) break; #endif default: + unlock_kernel(); return -ENXIO; } if (filp->f_op && filp->f_op->open) - return filp->f_op->open(inode,filp); - return 0; + ret = filp->f_op->open(inode,filp); + unlock_kernel(); + return ret; } static const struct file_operations memory_fops = { diff --git a/drivers/char/misc.c b/drivers/char/misc.c index eaace0db0ff4..6e1563c3d30a 100644 --- a/drivers/char/misc.c +++ b/drivers/char/misc.c @@ -49,6 +49,7 @@ #include <linux/device.h> #include <linux/tty.h> #include <linux/kmod.h> +#include <linux/smp_lock.h> /* * Head entry for the doubly linked miscdevice list @@ -118,6 +119,7 @@ static int misc_open(struct inode * inode, struct file * file) int err = -ENODEV; const struct file_operations *old_fops, *new_fops = NULL; + lock_kernel(); mutex_lock(&misc_mtx); list_for_each_entry(c, &misc_list, list) { @@ -155,6 +157,7 @@ static int misc_open(struct inode * inode, struct file * file) fops_put(old_fops); fail: mutex_unlock(&misc_mtx); + unlock_kernel(); return err; } diff --git a/drivers/char/mwave/mwavedd.c b/drivers/char/mwave/mwavedd.c index 8d14823b0514..50243fcd87e8 100644 --- a/drivers/char/mwave/mwavedd.c +++ b/drivers/char/mwave/mwavedd.c @@ -56,6 +56,7 @@ #include <linux/serial.h> #include <linux/sched.h> #include <linux/spinlock.h> +#include <linux/smp_lock.h> #include <linux/delay.h> #include <linux/serial_8250.h> #include "smapi.h" @@ -100,6 +101,7 @@ static int mwave_open(struct inode *inode, struct file *file) PRINTK_2(TRACE_MWAVE, "mwavedd::mwave_open, exit return retval %x\n", retval); + cycle_kernel_lock(); return retval; } diff --git a/drivers/char/nvram.c b/drivers/char/nvram.c index 98dec380af49..197cd7a0c332 100644 --- a/drivers/char/nvram.c +++ b/drivers/char/nvram.c @@ -107,6 +107,7 @@ #include <linux/init.h> #include <linux/proc_fs.h> #include <linux/spinlock.h> +#include <linux/smp_lock.h> #include <asm/io.h> #include <asm/uaccess.h> @@ -333,12 +334,14 @@ nvram_ioctl(struct inode *inode, struct file *file, static int nvram_open(struct inode *inode, struct file *file) { + lock_kernel(); spin_lock(&nvram_state_lock); if ((nvram_open_cnt && (file->f_flags & O_EXCL)) || (nvram_open_mode & NVRAM_EXCL) || ((file->f_mode & 2) && (nvram_open_mode & NVRAM_WRITE))) { spin_unlock(&nvram_state_lock); + unlock_kernel(); return -EBUSY; } @@ -349,6 +352,7 @@ nvram_open(struct inode *inode, struct file *file) nvram_open_cnt++; spin_unlock(&nvram_state_lock); + unlock_kernel(); return 0; } diff --git a/drivers/char/pc8736x_gpio.c b/drivers/char/pc8736x_gpio.c index ecfaf180e5bd..b930de50407a 100644 --- a/drivers/char/pc8736x_gpio.c +++ b/drivers/char/pc8736x_gpio.c @@ -20,6 +20,7 @@ #include <linux/mutex.h> #include <linux/nsc_gpio.h> #include <linux/platform_device.h> +#include <linux/smp_lock.h> #include <asm/uaccess.h> #define DEVNAME "pc8736x_gpio" @@ -217,6 +218,7 @@ static int pc8736x_gpio_open(struct inode *inode, struct file *file) unsigned m = iminor(inode); file->private_data = &pc8736x_gpio_ops; + cycle_kernel_lock(); dev_dbg(&pdev->dev, "open %d\n", m); if (m >= PC8736X_GPIO_CT) diff --git a/drivers/char/ppdev.c b/drivers/char/ppdev.c index 3aab837d9480..f6e6acadd9a0 100644 --- a/drivers/char/ppdev.c +++ b/drivers/char/ppdev.c @@ -66,6 +66,7 @@ #include <linux/poll.h> #include <linux/major.h> #include <linux/ppdev.h> +#include <linux/smp_lock.h> #include <asm/uaccess.h> #define PP_VERSION "ppdev: user-space parallel port driver" @@ -638,6 +639,7 @@ static int pp_open (struct inode * inode, struct file * file) unsigned int minor = iminor(inode); struct pp_struct *pp; + cycle_kernel_lock(); if (minor >= PARPORT_MAX) return -ENXIO; diff --git a/drivers/char/raw.c b/drivers/char/raw.c index bbfa0e241cba..505fcbe884a4 100644 --- a/drivers/char/raw.c +++ b/drivers/char/raw.c @@ -19,6 +19,7 @@ #include <linux/cdev.h> #include <linux/device.h> #include <linux/mutex.h> +#include <linux/smp_lock.h> #include <asm/uaccess.h> @@ -53,6 +54,7 @@ static int raw_open(struct inode *inode, struct file *filp) return 0; } + lock_kernel(); mutex_lock(&raw_mutex); /* @@ -79,6 +81,7 @@ static int raw_open(struct inode *inode, struct file *filp) bdev->bd_inode->i_mapping; filp->private_data = bdev; mutex_unlock(&raw_mutex); + unlock_kernel(); return 0; out2: diff --git a/drivers/char/rtc.c b/drivers/char/rtc.c index 909cac93fa2a..fa92a8af5a5a 100644 --- a/drivers/char/rtc.c +++ b/drivers/char/rtc.c @@ -73,6 +73,7 @@ #include <linux/proc_fs.h> #include <linux/seq_file.h> #include <linux/spinlock.h> +#include <linux/smp_lock.h> #include <linux/sysctl.h> #include <linux/wait.h> #include <linux/bcd.h> @@ -734,6 +735,7 @@ static int rtc_ioctl(struct inode *inode, struct file *file, unsigned int cmd, * needed here. Or anywhere else in this driver. */ static int rtc_open(struct inode *inode, struct file *file) { + lock_kernel(); spin_lock_irq(&rtc_lock); if (rtc_status & RTC_IS_OPEN) @@ -743,10 +745,12 @@ static int rtc_open(struct inode *inode, struct file *file) rtc_irq_data = 0; spin_unlock_irq(&rtc_lock); + unlock_kernel(); return 0; out_busy: spin_unlock_irq(&rtc_lock); + unlock_kernel(); return -EBUSY; } diff --git a/drivers/char/scx200_gpio.c b/drivers/char/scx200_gpio.c index 99e5272e3c53..1d9100561c8a 100644 --- a/drivers/char/scx200_gpio.c +++ b/drivers/char/scx200_gpio.c @@ -12,6 +12,7 @@ #include <linux/kernel.h> #include <linux/init.h> #include <linux/platform_device.h> +#include <linux/smp_lock.h> #include <asm/uaccess.h> #include <asm/io.h> @@ -51,6 +52,7 @@ static int scx200_gpio_open(struct inode *inode, struct file *file) unsigned m = iminor(inode); file->private_data = &scx200_gpio_ops; + cycle_kernel_lock(); if (m >= MAX_PINS) return -EINVAL; return nonseekable_open(inode, file); diff --git a/drivers/char/snsc.c b/drivers/char/snsc.c index 8fe099a41065..0b799ac1b049 100644 --- a/drivers/char/snsc.c +++ b/drivers/char/snsc.c @@ -21,6 +21,7 @@ #include <linux/poll.h> #include <linux/module.h> #include <linux/slab.h> +#include <linux/smp_lock.h> #include <asm/sn/io.h> #include <asm/sn/sn_sal.h> #include <asm/sn/module.h> @@ -104,6 +105,7 @@ scdrv_open(struct inode *inode, struct file *file) file->private_data = sd; /* hook this subchannel up to the system controller interrupt */ + lock_kernel(); rv = request_irq(SGI_UART_VECTOR, scdrv_interrupt, IRQF_SHARED | IRQF_DISABLED, SYSCTL_BASENAME, sd); @@ -111,9 +113,10 @@ scdrv_open(struct inode *inode, struct file *file) ia64_sn_irtr_close(sd->sd_nasid, sd->sd_subch); kfree(sd); printk("%s: irq request failed (%d)\n", __func__, rv); + unlock_kernel(); return -EBUSY; } - + unlock_kernel(); return 0; } diff --git a/drivers/char/sonypi.c b/drivers/char/sonypi.c index 58533de59027..85e0eb76eeab 100644 --- a/drivers/char/sonypi.c +++ b/drivers/char/sonypi.c @@ -49,6 +49,7 @@ #include <linux/err.h> #include <linux/kfifo.h> #include <linux/platform_device.h> +#include <linux/smp_lock.h> #include <asm/uaccess.h> #include <asm/io.h> @@ -906,12 +907,14 @@ static int sonypi_misc_release(struct inode *inode, struct file *file) static int sonypi_misc_open(struct inode *inode, struct file *file) { + lock_kernel(); mutex_lock(&sonypi_device.lock); /* Flush input queue on first open */ if (!sonypi_device.open_count) kfifo_reset(sonypi_device.fifo); sonypi_device.open_count++; mutex_unlock(&sonypi_device.lock); + unlock_kernel(); return 0; } diff --git a/drivers/char/tb0219.c b/drivers/char/tb0219.c index 4c431cb7cf1b..6062b62800fd 100644 --- a/drivers/char/tb0219.c +++ b/drivers/char/tb0219.c @@ -21,6 +21,7 @@ #include <linux/fs.h> #include <linux/init.h> #include <linux/module.h> +#include <linux/smp_lock.h> #include <asm/io.h> #include <asm/reboot.h> @@ -236,6 +237,7 @@ static int tanbac_tb0219_open(struct inode *inode, struct file *file) { unsigned int minor; + cycle_kernel_lock(); minor = iminor(inode); switch (minor) { case 0: diff --git a/drivers/char/tlclk.c b/drivers/char/tlclk.c index 35e58030d296..8f2284be68e1 100644 --- a/drivers/char/tlclk.c +++ b/drivers/char/tlclk.c @@ -36,6 +36,7 @@ #include <linux/ioport.h> #include <linux/interrupt.h> #include <linux/spinlock.h> +#include <linux/smp_lock.h> #include <linux/timer.h> #include <linux/sysfs.h> #include <linux/device.h> @@ -204,11 +205,14 @@ static int tlclk_open(struct inode *inode, struct file *filp) { int result; - if (test_and_set_bit(0, &useflags)) - return -EBUSY; + lock_kernel(); + if (test_and_set_bit(0, &useflags)) { + result = -EBUSY; /* this legacy device is always one per system and it doesn't * know how to handle multiple concurrent clients. */ + goto out; + } /* Make sure there is no interrupt pending while * initialising interrupt handler */ @@ -218,13 +222,14 @@ static int tlclk_open(struct inode *inode, struct file *filp) * we can't share this IRQ */ result = request_irq(telclk_interrupt, &tlclk_interrupt, IRQF_DISABLED, "telco_clock", tlclk_interrupt); - if (result == -EBUSY) { + if (result == -EBUSY) printk(KERN_ERR "tlclk: Interrupt can't be reserved.\n"); - return -EBUSY; - } - inb(TLCLK_REG6); /* Clear interrupt events */ + else + inb(TLCLK_REG6); /* Clear interrupt events */ - return 0; +out: + unlock_kernel(); + return result; } static int tlclk_release(struct inode *inode, struct file *filp) diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c index a5d8bcb40000..e1fc193d9396 100644 --- a/drivers/char/tpm/tpm.c +++ b/drivers/char/tpm/tpm.c @@ -26,6 +26,7 @@ #include <linux/poll.h> #include <linux/mutex.h> #include <linux/spinlock.h> +#include <linux/smp_lock.h> #include "tpm.h" @@ -897,6 +898,7 @@ int tpm_open(struct inode *inode, struct file *file) int rc = 0, minor = iminor(inode); struct tpm_chip *chip = NULL, *pos; + lock_kernel(); spin_lock(&driver_lock); list_for_each_entry(pos, &tpm_chip_list, list) { @@ -926,16 +928,19 @@ int tpm_open(struct inode *inode, struct file *file) if (chip->data_buffer == NULL) { chip->num_opens--; put_device(chip->dev); + unlock_kernel(); return -ENOMEM; } atomic_set(&chip->data_pending, 0); file->private_data = chip; + unlock_kernel(); return 0; err_out: spin_unlock(&driver_lock); + unlock_kernel(); return rc; } EXPORT_SYMBOL_GPL(tpm_open); diff --git a/drivers/char/tty_io.c b/drivers/char/tty_io.c index 750131010af0..047a17339f83 100644 --- a/drivers/char/tty_io.c +++ b/drivers/char/tty_io.c @@ -2665,7 +2665,7 @@ static void release_dev(struct file *filp) * ->siglock protects ->signal/->sighand */ -static int tty_open(struct inode *inode, struct file *filp) +static int __tty_open(struct inode *inode, struct file *filp) { struct tty_struct *tty; int noctty, retval; @@ -2779,6 +2779,19 @@ got_driver: return 0; } +/* BKL pushdown: scary code avoidance wrapper */ +static int tty_open(struct inode *inode, struct file *filp) +{ + int ret; + + lock_kernel(); + ret = __tty_open(inode, filp); + unlock_kernel(); + return ret; +} + + + #ifdef CONFIG_UNIX98_PTYS /** * ptmx_open - open a unix 98 pty master @@ -2792,7 +2805,7 @@ got_driver: * allocated_ptys_lock handles the list of free pty numbers */ -static int ptmx_open(struct inode *inode, struct file *filp) +static int __ptmx_open(struct inode *inode, struct file *filp) { struct tty_struct *tty; int retval; @@ -2831,6 +2844,16 @@ out: devpts_kill_index(index); return retval; } + +static int ptmx_open(struct inode *inode, struct file *filp) +{ + int ret; + + lock_kernel(); + ret = __ptmx_open(inode, filp); + unlock_kernel(); + return ret; +} #endif /** @@ -2886,15 +2909,16 @@ static int tty_fasync(int fd, struct file *filp, int on) { struct tty_struct *tty; unsigned long flags; - int retval; + int retval = 0; + lock_kernel(); tty = (struct tty_struct *)filp->private_data; if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync")) - return 0; + goto out; retval = fasync_helper(fd, filp, on, &tty->fasync); if (retval <= 0) - return retval; + goto out; if (on) { enum pid_type type; @@ -2912,12 +2936,15 @@ static int tty_fasync(int fd, struct file *filp, int on) spin_unlock_irqrestore(&tty->ctrl_lock, flags); retval = __f_setown(filp, pid, type, 0); if (retval) - return retval; + goto out; } else { if (!tty->fasync && !waitqueue_active(&tty->read_wait)) tty->minimum_to_wake = N_TTY_BUF_SIZE; } - return 0; + retval = 0; +out: + unlock_kernel(); + return retval; } /** diff --git a/drivers/char/vc_screen.c b/drivers/char/vc_screen.c index 83aeedda200c..eebfad2777d2 100644 --- a/drivers/char/vc_screen.c +++ b/drivers/char/vc_screen.c @@ -34,6 +34,7 @@ #include <linux/kbd_kern.h> #include <linux/console.h> #include <linux/device.h> +#include <linux/smp_lock.h> #include <asm/uaccess.h> #include <asm/byteorder.h> @@ -460,9 +461,13 @@ static int vcs_open(struct inode *inode, struct file *filp) { unsigned int currcons = iminor(inode) & 127; + int ret = 0; + + lock_kernel(); if(currcons && !vc_cons_allocated(currcons-1)) - return -ENXIO; - return 0; + ret = -ENXIO; + unlock_kernel(); + return ret; } static const struct file_operations vcs_fops = { diff --git a/drivers/char/viotape.c b/drivers/char/viotape.c index c39ddaff5e8f..977f7d35e769 100644 --- a/drivers/char/viotape.c +++ b/drivers/char/viotape.c @@ -46,6 +46,7 @@ #include <linux/completion.h> #include <linux/proc_fs.h> #include <linux/seq_file.h> +#include <linux/smp_lock.h> #include <asm/uaccess.h> #include <asm/ioctls.h> @@ -687,6 +688,7 @@ static int viotap_open(struct inode *inode, struct file *file) if (op == NULL) return -ENOMEM; + lock_kernel(); get_dev_info(file->f_path.dentry->d_inode, &devi); /* Note: We currently only support one mode! */ @@ -717,6 +719,7 @@ static int viotap_open(struct inode *inode, struct file *file) free_op: free_op_struct(op); + unlock_kernel(); return ret; } diff --git a/drivers/char/vr41xx_giu.c b/drivers/char/vr41xx_giu.c index e5ed09192be8..ffe9b4e3072e 100644 --- a/drivers/char/vr41xx_giu.c +++ b/drivers/char/vr41xx_giu.c @@ -27,6 +27,7 @@ #include <linux/kernel.h> #include <linux/module.h> #include <linux/platform_device.h> +#include <linux/smp_lock.h> #include <linux/spinlock.h> #include <linux/types.h> @@ -547,6 +548,7 @@ static int gpio_open(struct inode *inode, struct file *file) { unsigned int pin; + cycle_kernel_lock(); pin = iminor(inode); if (pin >= giu_nr_pins) return -EBADF; diff --git a/drivers/char/xilinx_hwicap/xilinx_hwicap.c b/drivers/char/xilinx_hwicap/xilinx_hwicap.c index 3edf1fc12963..1e1b81e57cdc 100644 --- a/drivers/char/xilinx_hwicap/xilinx_hwicap.c +++ b/drivers/char/xilinx_hwicap/xilinx_hwicap.c @@ -85,6 +85,7 @@ #include <linux/poll.h> #include <linux/proc_fs.h> #include <linux/mutex.h> +#include <linux/smp_lock.h> #include <linux/sysctl.h> #include <linux/version.h> #include <linux/fs.h> @@ -504,11 +505,12 @@ static int hwicap_open(struct inode *inode, struct file *file) struct hwicap_drvdata *drvdata; int status; + lock_kernel(); drvdata = container_of(inode->i_cdev, struct hwicap_drvdata, cdev); status = mutex_lock_interruptible(&drvdata->sem); if (status) - return status; + goto out; if (drvdata->is_open) { status = -EBUSY; @@ -528,6 +530,8 @@ static int hwicap_open(struct inode *inode, struct file *file) error: mutex_unlock(&drvdata->sem); + out: + unlock_kernel(); return status; } diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c index d2e6da85f58a..851a53f1acce 100644 --- a/drivers/gpu/drm/drm_fops.c +++ b/drivers/gpu/drm/drm_fops.c @@ -37,6 +37,7 @@ #include "drmP.h" #include "drm_sarea.h" #include <linux/poll.h> +#include <linux/smp_lock.h> static int drm_open_helper(struct inode *inode, struct file *filp, struct drm_device * dev); @@ -174,12 +175,14 @@ int drm_stub_open(struct inode *inode, struct file *filp) DRM_DEBUG("\n"); + /* BKL pushdown: note that nothing else serializes idr_find() */ + lock_kernel(); minor = idr_find(&drm_minors_idr, minor_id); if (!minor) - return -ENODEV; + goto out; if (!(dev = minor->dev)) - return -ENODEV; + goto out; old_fops = filp->f_op; filp->f_op = fops_get(&dev->driver->fops); @@ -189,6 +192,8 @@ int drm_stub_open(struct inode *inode, struct file *filp) } fops_put(old_fops); +out: + unlock_kernel(); return err; } diff --git a/drivers/hid/hidraw.c b/drivers/hid/hidraw.c index 1ca6f4635eeb..2fde6c63f47d 100644 --- a/drivers/hid/hidraw.c +++ b/drivers/hid/hidraw.c @@ -30,6 +30,7 @@ #include <linux/major.h> #include <linux/hid.h> #include <linux/mutex.h> +#include <linux/smp_lock.h> #include <linux/hidraw.h> @@ -157,6 +158,7 @@ static int hidraw_open(struct inode *inode, struct file *file) struct hidraw_list *list; int err = 0; + lock_kernel(); if (!(list = kzalloc(sizeof(struct hidraw_list), GFP_KERNEL))) { err = -ENOMEM; goto out; @@ -183,6 +185,7 @@ static int hidraw_open(struct inode *inode, struct file *file) out_unlock: spin_unlock(&minors_lock); out: + unlock_kernel(); return err; } diff --git a/drivers/i2c/i2c-dev.c b/drivers/i2c/i2c-dev.c index d34c14c81c29..006a5857256a 100644 --- a/drivers/i2c/i2c-dev.c +++ b/drivers/i2c/i2c-dev.c @@ -34,6 +34,7 @@ #include <linux/list.h> #include <linux/i2c.h> #include <linux/i2c-dev.h> +#include <linux/smp_lock.h> #include <asm/uaccess.h> static struct i2c_driver i2cdev_driver; @@ -441,14 +442,20 @@ static int i2cdev_open(struct inode *inode, struct file *file) struct i2c_client *client; struct i2c_adapter *adap; struct i2c_dev *i2c_dev; + int ret = 0; + lock_kernel(); i2c_dev = i2c_dev_get_by_minor(minor); - if (!i2c_dev) - return -ENODEV; + if (!i2c_dev) { + ret = -ENODEV; + goto out; + } adap = i2c_get_adapter(i2c_dev->adap->nr); - if (!adap) - return -ENODEV; + if (!adap) { + ret = -ENODEV; + goto out; + } /* This creates an anonymous i2c_client, which may later be * pointed to some address using I2C_SLAVE or I2C_SLAVE_FORCE. @@ -460,7 +467,8 @@ static int i2cdev_open(struct inode *inode, struct file *file) client = kzalloc(sizeof(*client), GFP_KERNEL); if (!client) { i2c_put_adapter(adap); - return -ENOMEM; + ret = -ENOMEM; + goto out; } snprintf(client->name, I2C_NAME_SIZE, "i2c-dev %d", adap->nr); client->driver = &i2cdev_driver; @@ -468,7 +476,9 @@ static int i2cdev_open(struct inode *inode, struct file *file) client->adapter = adap; file->private_data = client; - return 0; +out: + unlock_kernel(); + return ret; } static int i2cdev_release(struct inode *inode, struct file *file) diff --git a/drivers/ide/ide-tape.c b/drivers/ide/ide-tape.c index 1e1f26331a24..a3d228302d20 100644 --- a/drivers/ide/ide-tape.c +++ b/drivers/ide/ide-tape.c @@ -2421,9 +2421,12 @@ static int idetape_chrdev_open(struct inode *inode, struct file *filp) if (i >= MAX_HWIFS * MAX_DRIVES) return -ENXIO; + lock_kernel(); tape = ide_tape_chrdev_get(i); - if (!tape) + if (!tape) { + unlock_kernel(); return -ENXIO; + } debug_log(DBG_CHRDEV, "Enter %s\n", __func__); @@ -2482,10 +2485,12 @@ static int idetape_chrdev_open(struct inode *inode, struct file *filp) } } } + unlock_kernel(); return 0; out_put_tape: ide_tape_put(tape); + unlock_kernel(); return retval; } diff --git a/drivers/infiniband/core/ucm.c b/drivers/infiniband/core/ucm.c index d7a6881b571d..b25675faaaf5 100644 --- a/drivers/infiniband/core/ucm.c +++ b/drivers/infiniband/core/ucm.c @@ -45,6 +45,7 @@ #include <linux/cdev.h> #include <linux/idr.h> #include <linux/mutex.h> +#include <linux/smp_lock.h> #include <asm/uaccess.h> @@ -1159,6 +1160,7 @@ static int ib_ucm_open(struct inode *inode, struct file *filp) { struct ib_ucm_file *file; + cycle_kernel_lock(); file = kmalloc(sizeof(*file), GFP_KERNEL); if (!file) return -ENOMEM; diff --git a/drivers/infiniband/core/ucma.c b/drivers/infiniband/core/ucma.c index ca4cf3a511ab..195f97302fe5 100644 --- a/drivers/infiniband/core/ucma.c +++ b/drivers/infiniband/core/ucma.c @@ -38,6 +38,7 @@ #include <linux/in.h> #include <linux/in6.h> #include <linux/miscdevice.h> +#include <linux/smp_lock.h> #include <rdma/rdma_user_cm.h> #include <rdma/ib_marshall.h> @@ -1156,6 +1157,7 @@ static int ucma_open(struct inode *inode, struct file *filp) if (!file) return -ENOMEM; + lock_kernel(); INIT_LIST_HEAD(&file->event_list); INIT_LIST_HEAD(&file->ctx_list); init_waitqueue_head(&file->poll_wait); @@ -1163,6 +1165,7 @@ static int ucma_open(struct inode *inode, struct file *filp) filp->private_data = file; file->filp = filp; + unlock_kernel(); return 0; } diff --git a/drivers/infiniband/core/user_mad.c b/drivers/infiniband/core/user_mad.c index 840ede9ae965..208c7f34323c 100644 --- a/drivers/infiniband/core/user_mad.c +++ b/drivers/infiniband/core/user_mad.c @@ -777,6 +777,19 @@ static long ib_umad_compat_ioctl(struct file *filp, unsigned int cmd, } #endif +/* + * ib_umad_open() does not need the BKL: + * + * - umad_port[] accesses are protected by port_lock, the + * ib_umad_port structures are properly reference counted, and + * everything else is purely local to the file being created, so + * races against other open calls are not a problem; + * - the ioctl method does not affect any global state outside of the + * file structure being operated on; + * - the port is added to umad_port[] as the last part of module + * initialization so the open method will either immediately run + * -ENXIO, or all required initialization will be done. + */ static int ib_umad_open(struct inode *inode, struct file *filp) { struct ib_umad_port *port; diff --git a/drivers/infiniband/core/uverbs_main.c b/drivers/infiniband/core/uverbs_main.c index caed42bf7ef5..0f34858e31e7 100644 --- a/drivers/infiniband/core/uverbs_main.c +++ b/drivers/infiniband/core/uverbs_main.c @@ -610,6 +610,18 @@ static int ib_uverbs_mmap(struct file *filp, struct vm_area_struct *vma) return file->device->ib_dev->mmap(file->ucontext, vma); } +/* + * ib_uverbs_open() does not need the BKL: + * + * - dev_table[] accesses are protected by map_lock, the + * ib_uverbs_device structures are properly reference counted, and + * everything else is purely local to the file being created, so + * races against other open calls are not a problem; + * - there is no ioctl method to race against; + * - the device is added to dev_table[] as the last part of module + * initialization, the open method will either immediately run + * -ENXIO, or all required initialization will be done. + */ static int ib_uverbs_open(struct inode *inode, struct file *filp) { struct ib_uverbs_device *dev; @@ -651,7 +663,6 @@ err_module: err: kref_put(&dev->ref, ib_uverbs_release_dev); - return ret; } diff --git a/drivers/infiniband/hw/ipath/ipath_file_ops.c b/drivers/infiniband/hw/ipath/ipath_file_ops.c index b472b15637f0..35f301c88b57 100644 --- a/drivers/infiniband/hw/ipath/ipath_file_ops.c +++ b/drivers/infiniband/hw/ipath/ipath_file_ops.c @@ -39,6 +39,7 @@ #include <linux/highmem.h> #include <linux/io.h> #include <linux/jiffies.h> +#include <linux/smp_lock.h> #include <asm/pgtable.h> #include "ipath_kernel.h" @@ -1815,6 +1816,7 @@ done: static int ipath_open(struct inode *in, struct file *fp) { /* The real work is performed later in ipath_assign_port() */ + cycle_kernel_lock(); fp->private_data = kzalloc(sizeof(struct ipath_filedata), GFP_KERNEL); return fp->private_data ? 0 : -ENOMEM; } diff --git a/drivers/input/input.c b/drivers/input/input.c index 27006fc18305..408df0bd6be5 100644 --- a/drivers/input/input.c +++ b/drivers/input/input.c @@ -21,6 +21,7 @@ #include <linux/device.h> #include <linux/mutex.h> #include <linux/rcupdate.h> +#include <linux/smp_lock.h> MODULE_AUTHOR("Vojtech Pavlik <vojtech@suse.cz>"); MODULE_DESCRIPTION("Input core"); @@ -1588,13 +1589,17 @@ EXPORT_SYMBOL(input_unregister_handle); static int input_open_file(struct inode *inode, struct file *file) { - struct input_handler *handler = input_table[iminor(inode) >> 5]; + struct input_handler *handler; const struct file_operations *old_fops, *new_fops = NULL; int err; + lock_kernel(); /* No load-on-demand here? */ - if (!handler || !(new_fops = fops_get(handler->fops))) - return -ENODEV; + handler = input_table[iminor(inode) >> 5]; + if (!handler || !(new_fops = fops_get(handler->fops))) { + err = -ENODEV; + goto out; + } /* * That's _really_ odd. Usually NULL ->open means "nothing special", @@ -1602,7 +1607,8 @@ static int input_open_file(struct inode *inode, struct file *file) */ if (!new_fops->open) { fops_put(new_fops); - return -ENODEV; + err = -ENODEV; + goto out; } old_fops = file->f_op; file->f_op = new_fops; @@ -1614,6 +1620,8 @@ static int input_open_file(struct inode *inode, struct file *file) file->f_op = fops_get(old_fops); } fops_put(old_fops); +out: + unlock_kernel(); return err; } diff --git a/drivers/input/misc/hp_sdc_rtc.c b/drivers/input/misc/hp_sdc_rtc.c index 45e5d05b01de..49d8abfe38fe 100644 --- a/drivers/input/misc/hp_sdc_rtc.c +++ b/drivers/input/misc/hp_sdc_rtc.c @@ -35,6 +35,7 @@ #include <linux/hp_sdc.h> #include <linux/errno.h> +#include <linux/smp_lock.h> #include <linux/types.h> #include <linux/init.h> #include <linux/module.h> @@ -408,6 +409,7 @@ static unsigned int hp_sdc_rtc_poll(struct file *file, poll_table *wait) static int hp_sdc_rtc_open(struct inode *inode, struct file *file) { + cycle_kernel_lock(); return 0; } diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c index a56ad4ba8fe2..2bcfa0b35061 100644 --- a/drivers/input/misc/uinput.c +++ b/drivers/input/misc/uinput.c @@ -37,6 +37,7 @@ #include <linux/fs.h> #include <linux/miscdevice.h> #include <linux/uinput.h> +#include <linux/smp_lock.h> static int uinput_dev_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) { @@ -222,6 +223,7 @@ static int uinput_open(struct inode *inode, struct file *file) if (!newdev) return -ENOMEM; + lock_kernel(); mutex_init(&newdev->mutex); spin_lock_init(&newdev->requests_lock); init_waitqueue_head(&newdev->requests_waitq); @@ -229,6 +231,7 @@ static int uinput_open(struct inode *inode, struct file *file) newdev->state = UIST_NEW_DEVICE; file->private_data = newdev; + unlock_kernel(); return 0; } diff --git a/drivers/input/mousedev.c b/drivers/input/mousedev.c index b989748598ae..8137e50ded87 100644 --- a/drivers/input/mousedev.c +++ b/drivers/input/mousedev.c @@ -14,6 +14,7 @@ #define MOUSEDEV_MIX 31 #include <linux/slab.h> +#include <linux/smp_lock.h> #include <linux/poll.h> #include <linux/module.h> #include <linux/init.h> @@ -545,16 +546,21 @@ static int mousedev_open(struct inode *inode, struct file *file) if (i >= MOUSEDEV_MINORS) return -ENODEV; + lock_kernel(); error = mutex_lock_interruptible(&mousedev_table_mutex); - if (error) + if (error) { + unlock_kernel(); return error; + } mousedev = mousedev_table[i]; if (mousedev) get_device(&mousedev->dev); mutex_unlock(&mousedev_table_mutex); - if (!mousedev) + if (!mousedev) { + unlock_kernel(); return -ENODEV; + } client = kzalloc(sizeof(struct mousedev_client), GFP_KERNEL); if (!client) { @@ -573,6 +579,7 @@ static int mousedev_open(struct inode *inode, struct file *file) goto err_free_client; file->private_data = client; + unlock_kernel(); return 0; err_free_client: @@ -580,6 +587,7 @@ static int mousedev_open(struct inode *inode, struct file *file) kfree(client); err_put_mousedev: put_device(&mousedev->dev); + unlock_kernel(); return error; } diff --git a/drivers/input/serio/serio_raw.c b/drivers/input/serio/serio_raw.c index 0403622ae267..c9397c8ee97e 100644 --- a/drivers/input/serio/serio_raw.c +++ b/drivers/input/serio/serio_raw.c @@ -10,6 +10,7 @@ */ #include <linux/slab.h> +#include <linux/smp_lock.h> #include <linux/poll.h> #include <linux/module.h> #include <linux/serio.h> @@ -81,9 +82,10 @@ static int serio_raw_open(struct inode *inode, struct file *file) struct serio_raw_list *list; int retval = 0; + lock_kernel(); retval = mutex_lock_interruptible(&serio_raw_mutex); if (retval) - return retval; + goto out_bkl; if (!(serio_raw = serio_raw_locate(iminor(inode)))) { retval = -ENODEV; @@ -108,6 +110,8 @@ static int serio_raw_open(struct inode *inode, struct file *file) out: mutex_unlock(&serio_raw_mutex); +out_bkl: + unlock_kernel(); return retval; } diff --git a/drivers/isdn/capi/capi.c b/drivers/isdn/capi/capi.c index 6ca0bb949ad3..2095153582f1 100644 --- a/drivers/isdn/capi/capi.c +++ b/drivers/isdn/capi/capi.c @@ -20,6 +20,7 @@ #include <linux/signal.h> #include <linux/mutex.h> #include <linux/mm.h> +#include <linux/smp_lock.h> #include <linux/timer.h> #include <linux/wait.h> #ifdef CONFIG_ISDN_CAPI_MIDDLEWARE @@ -983,13 +984,17 @@ capi_ioctl(struct inode *inode, struct file *file, static int capi_open(struct inode *inode, struct file *file) { + int ret; + + lock_kernel(); if (file->private_data) - return -EEXIST; - - if ((file->private_data = capidev_alloc()) == NULL) - return -ENOMEM; - - return nonseekable_open(inode, file); + ret = -EEXIST; + else if ((file->private_data = capidev_alloc()) == NULL) + ret = -ENOMEM; + else + ret = nonseekable_open(inode, file); + unlock_kernel(); + return ret; } static int diff --git a/drivers/isdn/hardware/eicon/divamnt.c b/drivers/isdn/hardware/eicon/divamnt.c index c90928974249..1e85f743214e 100644 --- a/drivers/isdn/hardware/eicon/divamnt.c +++ b/drivers/isdn/hardware/eicon/divamnt.c @@ -14,6 +14,7 @@ #include <linux/init.h> #include <linux/kernel.h> #include <linux/poll.h> +#include <linux/smp_lock.h> #include <asm/uaccess.h> #include "platform.h" @@ -127,14 +128,19 @@ static unsigned int maint_poll(struct file *file, poll_table * wait) static int maint_open(struct inode *ino, struct file *filep) { + int ret; + + lock_kernel(); /* only one open is allowed, so we test it atomically */ if (test_and_set_bit(0, &opened)) - return (-EBUSY); - - filep->private_data = NULL; - - return nonseekable_open(ino, filep); + ret = -EBUSY; + else { + filep->private_data = NULL; + ret = nonseekable_open(ino, filep); + } + unlock_kernel(); + return ret; } static int maint_close(struct inode *ino, struct file *filep) diff --git a/drivers/isdn/hardware/eicon/divasi.c b/drivers/isdn/hardware/eicon/divasi.c index 78f141e77466..f4969fe0a055 100644 --- a/drivers/isdn/hardware/eicon/divasi.c +++ b/drivers/isdn/hardware/eicon/divasi.c @@ -17,6 +17,7 @@ #include <linux/poll.h> #include <linux/proc_fs.h> #include <linux/skbuff.h> +#include <linux/smp_lock.h> #include <asm/uaccess.h> #include "platform.h" @@ -400,6 +401,7 @@ static unsigned int um_idi_poll(struct file *file, poll_table * wait) static int um_idi_open(struct inode *inode, struct file *file) { + cycle_kernel_lock(); return (0); } diff --git a/drivers/isdn/hardware/eicon/divasmain.c b/drivers/isdn/hardware/eicon/divasmain.c index 16a874bb1561..fbbcb27fb681 100644 --- a/drivers/isdn/hardware/eicon/divasmain.c +++ b/drivers/isdn/hardware/eicon/divasmain.c @@ -21,6 +21,7 @@ #include <linux/list.h> #include <linux/poll.h> #include <linux/kmod.h> +#include <linux/smp_lock.h> #include "platform.h" #undef ID_MASK @@ -580,6 +581,7 @@ xdi_copy_from_user(void *os_handle, void *dst, const void __user *src, int lengt */ static int divas_open(struct inode *inode, struct file *file) { + cycle_kernel_lock(); return (0); } diff --git a/drivers/isdn/i4l/isdn_common.c b/drivers/isdn/i4l/isdn_common.c index 8d8c6b736167..7188c59a76ff 100644 --- a/drivers/isdn/i4l/isdn_common.c +++ b/drivers/isdn/i4l/isdn_common.c @@ -1732,7 +1732,7 @@ isdn_open(struct inode *ino, struct file *filep) int chidx; int retval = -ENODEV; - + lock_kernel(); if (minor == ISDN_MINOR_STATUS) { infostruct *p; @@ -1783,6 +1783,7 @@ isdn_open(struct inode *ino, struct file *filep) #endif out: nonseekable_open(ino, filep); + unlock_kernel(); return retval; } diff --git a/drivers/macintosh/adb.c b/drivers/macintosh/adb.c index dbaad39020a1..40c70ba62bf0 100644 --- a/drivers/macintosh/adb.c +++ b/drivers/macintosh/adb.c @@ -644,12 +644,18 @@ do_adb_query(struct adb_request *req) static int adb_open(struct inode *inode, struct file *file) { struct adbdev_state *state; + int ret = 0; - if (iminor(inode) > 0 || adb_controller == NULL) - return -ENXIO; + lock_kernel(); + if (iminor(inode) > 0 || adb_controller == NULL) { + ret = -ENXIO; + goto out; + } state = kmalloc(sizeof(struct adbdev_state), GFP_KERNEL); - if (state == 0) - return -ENOMEM; + if (state == 0) { + ret = -ENOMEM; + goto out; + } file->private_data = state; spin_lock_init(&state->lock); atomic_set(&state->n_pending, 0); @@ -657,7 +663,9 @@ static int adb_open(struct inode *inode, struct file *file) init_waitqueue_head(&state->wait_queue); state->inuse = 1; - return 0; +out: + unlock_kernel(); + return ret; } static int adb_release(struct inode *inode, struct file *file) diff --git a/drivers/macintosh/ans-lcd.c b/drivers/macintosh/ans-lcd.c index 73c50bc02095..6a8221893256 100644 --- a/drivers/macintosh/ans-lcd.c +++ b/drivers/macintosh/ans-lcd.c @@ -3,6 +3,7 @@ */ #include <linux/types.h> +#include <linux/smp_lock.h> #include <linux/errno.h> #include <linux/kernel.h> #include <linux/miscdevice.h> @@ -119,6 +120,7 @@ anslcd_ioctl( struct inode * inode, struct file * file, static int anslcd_open( struct inode * inode, struct file * file ) { + cycle_kernel_lock(); return 0; } diff --git a/drivers/macintosh/smu.c b/drivers/macintosh/smu.c index d86d57af282a..32cb0298f88e 100644 --- a/drivers/macintosh/smu.c +++ b/drivers/macintosh/smu.c @@ -19,6 +19,7 @@ * the userland interface */ +#include <linux/smp_lock.h> #include <linux/types.h> #include <linux/kernel.h> #include <linux/device.h> @@ -1086,10 +1087,12 @@ static int smu_open(struct inode *inode, struct file *file) pp->mode = smu_file_commands; init_waitqueue_head(&pp->wait); + lock_kernel(); spin_lock_irqsave(&smu_clist_lock, flags); list_add(&pp->list, &smu_clist); spin_unlock_irqrestore(&smu_clist_lock, flags); file->private_data = pp; + unlock_kernel(); return 0; } diff --git a/drivers/macintosh/via-pmu.c b/drivers/macintosh/via-pmu.c index d6365a9f0637..d524dc245a2c 100644 --- a/drivers/macintosh/via-pmu.c +++ b/drivers/macintosh/via-pmu.c @@ -18,6 +18,7 @@ * */ #include <stdarg.h> +#include <linux/smp_lock.h> #include <linux/types.h> #include <linux/errno.h> #include <linux/kernel.h> @@ -2047,6 +2048,7 @@ pmu_open(struct inode *inode, struct file *file) pp->rb_get = pp->rb_put = 0; spin_lock_init(&pp->lock); init_waitqueue_head(&pp->wait); + lock_kernel(); spin_lock_irqsave(&all_pvt_lock, flags); #if defined(CONFIG_INPUT_ADBHID) && defined(CONFIG_PMAC_BACKLIGHT) pp->backlight_locker = 0; @@ -2054,6 +2056,7 @@ pmu_open(struct inode *inode, struct file *file) list_add(&pp->list, &all_pmu_pvt); spin_unlock_irqrestore(&all_pvt_lock, flags); file->private_data = pp; + unlock_kernel(); return 0; } diff --git a/drivers/media/dvb/dvb-core/dvbdev.c b/drivers/media/dvb/dvb-core/dvbdev.c index 8b56d929f7fd..e208a60c048a 100644 --- a/drivers/media/dvb/dvb-core/dvbdev.c +++ b/drivers/media/dvb/dvb-core/dvbdev.c @@ -32,6 +32,7 @@ #include <linux/fs.h> #include <linux/cdev.h> #include <linux/mutex.h> +#include <linux/smp_lock.h> #include "dvbdev.h" static int dvbdev_debug; @@ -74,6 +75,7 @@ static int dvb_device_open(struct inode *inode, struct file *file) { struct dvb_device *dvbdev; + lock_kernel(); dvbdev = dvbdev_find_device (iminor(inode)); if (dvbdev && dvbdev->fops) { @@ -90,8 +92,10 @@ static int dvb_device_open(struct inode *inode, struct file *file) file->f_op = fops_get(old_fops); } fops_put(old_fops); + unlock_kernel(); return err; } + unlock_kernel(); return -ENODEV; } diff --git a/drivers/media/radio/miropcm20-rds.c b/drivers/media/radio/miropcm20-rds.c index 06dfed9ef4c7..3e840f74d45c 100644 --- a/drivers/media/radio/miropcm20-rds.c +++ b/drivers/media/radio/miropcm20-rds.c @@ -12,6 +12,7 @@ #include <linux/module.h> #include <linux/init.h> #include <linux/slab.h> +#include <linux/smp_lock.h> #include <linux/fs.h> #include <linux/miscdevice.h> #include <linux/delay.h> @@ -27,13 +28,16 @@ static int rds_f_open(struct inode *in, struct file *fi) if (rds_users) return -EBUSY; + lock_kernel(); rds_users++; if ((text_buffer=kmalloc(66, GFP_KERNEL)) == 0) { rds_users--; printk(KERN_NOTICE "aci-rds: Out of memory by open()...\n"); + unlock_kernel(); return -ENOMEM; } + unlock_kernel(); return 0; } diff --git a/drivers/media/video/videodev.c b/drivers/media/video/videodev.c index 67a661cf5219..7649860a388d 100644 --- a/drivers/media/video/videodev.c +++ b/drivers/media/video/videodev.c @@ -36,6 +36,7 @@ #include <linux/init.h> #include <linux/kmod.h> #include <linux/slab.h> +#include <linux/smp_lock.h> #include <asm/uaccess.h> #include <asm/system.h> @@ -442,6 +443,7 @@ static int video_open(struct inode *inode, struct file *file) if(minor>=VIDEO_NUM_DEVICES) return -ENODEV; + lock_kernel(); mutex_lock(&videodev_lock); vfl=video_device[minor]; if(vfl==NULL) { @@ -451,6 +453,7 @@ static int video_open(struct inode *inode, struct file *file) vfl=video_device[minor]; if (vfl==NULL) { mutex_unlock(&videodev_lock); + unlock_kernel(); return -ENODEV; } } @@ -464,6 +467,7 @@ static int video_open(struct inode *inode, struct file *file) } fops_put(old_fops); mutex_unlock(&videodev_lock); + unlock_kernel(); return err; } diff --git a/drivers/message/fusion/mptctl.c b/drivers/message/fusion/mptctl.c index e630b50966ec..c5946560c4e2 100644 --- a/drivers/message/fusion/mptctl.c +++ b/drivers/message/fusion/mptctl.c @@ -548,11 +548,15 @@ static int mptctl_fasync(int fd, struct file *filep, int mode) { MPT_ADAPTER *ioc; + int ret; + lock_kernel(); list_for_each_entry(ioc, &ioc_list, list) ioc->aen_event_read_flag=0; - return fasync_helper(fd, filep, mode, &async_queue); + ret = fasync_helper(fd, filep, mode, &async_queue); + unlock_kernel(); + return ret; } static int diff --git a/drivers/message/i2o/i2o_config.c b/drivers/message/i2o/i2o_config.c index c0fb77dc19bb..4238de98d4a6 100644 --- a/drivers/message/i2o/i2o_config.c +++ b/drivers/message/i2o/i2o_config.c @@ -1061,6 +1061,7 @@ static int cfg_open(struct inode *inode, struct file *file) if (!tmp) return -ENOMEM; + lock_kernel(); file->private_data = (void *)(i2o_cfg_info_id++); tmp->fp = file; tmp->fasync = NULL; @@ -1074,6 +1075,7 @@ static int cfg_open(struct inode *inode, struct file *file) spin_lock_irqsave(&i2o_config_lock, flags); open_files = tmp; spin_unlock_irqrestore(&i2o_config_lock, flags); + unlock_kernel(); return 0; } @@ -1082,15 +1084,17 @@ static int cfg_fasync(int fd, struct file *fp, int on) { ulong id = (ulong) fp->private_data; struct i2o_cfg_info *p; + int ret = -EBADF; + lock_kernel(); for (p = open_files; p; p = p->next) if (p->q_id == id) break; - if (!p) - return -EBADF; - - return fasync_helper(fd, fp, on, &p->fasync); + if (p) + ret = fasync_helper(fd, fp, on, &p->fasync); + unlock_kernel(); + return ret; } static int cfg_release(struct inode *inode, struct file *file) diff --git a/drivers/misc/hdpuftrs/hdpu_cpustate.c b/drivers/misc/hdpuftrs/hdpu_cpustate.c index ff51ab67231c..176fe4e09d3f 100644 --- a/drivers/misc/hdpuftrs/hdpu_cpustate.c +++ b/drivers/misc/hdpuftrs/hdpu_cpustate.c @@ -17,6 +17,7 @@ #include <linux/module.h> #include <linux/kernel.h> #include <linux/spinlock.h> +#include <linux/smp_lock.h> #include <linux/miscdevice.h> #include <linux/proc_fs.h> #include <linux/hdpu_features.h> @@ -151,7 +152,13 @@ static ssize_t cpustate_write(struct file *file, const char *buf, static int cpustate_open(struct inode *inode, struct file *file) { - return cpustate_get_ref((file->f_flags & O_EXCL)); + int ret; + + lock_kernel(); + ret = cpustate_get_ref((file->f_flags & O_EXCL)); + unlock_kernel(); + + return ret; } static int cpustate_release(struct inode *inode, struct file *file) diff --git a/drivers/misc/phantom.c b/drivers/misc/phantom.c index 71d1c84e2fa8..186162470090 100644 --- a/drivers/misc/phantom.c +++ b/drivers/misc/phantom.c @@ -22,6 +22,7 @@ #include <linux/interrupt.h> #include <linux/cdev.h> #include <linux/phantom.h> +#include <linux/smp_lock.h> #include <asm/atomic.h> #include <asm/io.h> @@ -212,13 +213,17 @@ static int phantom_open(struct inode *inode, struct file *file) struct phantom_device *dev = container_of(inode->i_cdev, struct phantom_device, cdev); + lock_kernel(); nonseekable_open(inode, file); - if (mutex_lock_interruptible(&dev->open_lock)) + if (mutex_lock_interruptible(&dev->open_lock)) { + unlock_kernel(); return -ERESTARTSYS; + } if (dev->opened) { mutex_unlock(&dev->open_lock); + unlock_kernel(); return -EINVAL; } @@ -229,7 +234,7 @@ static int phantom_open(struct inode *inode, struct file *file) atomic_set(&dev->counter, 0); dev->opened++; mutex_unlock(&dev->open_lock); - + unlock_kernel(); return 0; } diff --git a/drivers/misc/sony-laptop.c b/drivers/misc/sony-laptop.c index 00e48e2a9c11..60775be22822 100644 --- a/drivers/misc/sony-laptop.c +++ b/drivers/misc/sony-laptop.c @@ -46,6 +46,7 @@ #include <linux/module.h> #include <linux/moduleparam.h> #include <linux/init.h> +#include <linux/smp_lock.h> #include <linux/types.h> #include <linux/backlight.h> #include <linux/platform_device.h> @@ -1927,8 +1928,10 @@ static int sonypi_misc_release(struct inode *inode, struct file *file) static int sonypi_misc_open(struct inode *inode, struct file *file) { /* Flush input queue on first open */ + lock_kernel(); if (atomic_inc_return(&sonypi_compat.open_count) == 1) kfifo_reset(sonypi_compat.fifo); + unlock_kernel(); return 0; } diff --git a/drivers/mtd/mtdchar.c b/drivers/mtd/mtdchar.c index 5d3ac512ce16..129d429cd2da 100644 --- a/drivers/mtd/mtdchar.c +++ b/drivers/mtd/mtdchar.c @@ -14,6 +14,7 @@ #include <linux/module.h> #include <linux/slab.h> #include <linux/sched.h> +#include <linux/smp_lock.h> #include <linux/mtd/mtd.h> #include <linux/mtd/compatmac.h> @@ -86,6 +87,7 @@ static int mtd_open(struct inode *inode, struct file *file) { int minor = iminor(inode); int devnum = minor >> 1; + int ret = 0; struct mtd_info *mtd; struct mtd_file_info *mfi; @@ -98,31 +100,39 @@ static int mtd_open(struct inode *inode, struct file *file) if ((file->f_mode & 2) && (minor & 1)) return -EACCES; + lock_kernel(); mtd = get_mtd_device(NULL, devnum); - if (IS_ERR(mtd)) - return PTR_ERR(mtd); + if (IS_ERR(mtd)) { + ret = PTR_ERR(mtd); + goto out; + } if (MTD_ABSENT == mtd->type) { put_mtd_device(mtd); - return -ENODEV; + ret = -ENODEV; + goto out; } /* You can't open it RW if it's not a writeable device */ if ((file->f_mode & 2) && !(mtd->flags & MTD_WRITEABLE)) { put_mtd_device(mtd); - return -EACCES; + ret = -EACCES; + goto out; } mfi = kzalloc(sizeof(*mfi), GFP_KERNEL); if (!mfi) { put_mtd_device(mtd); - return -ENOMEM; + ret = -ENOMEM; + goto out; } mfi->mtd = mtd; file->private_data = mfi; - return 0; +out: + unlock_kernel(); + return ret; } /* mtd_open */ /*====================================================================*/ diff --git a/drivers/mtd/ubi/cdev.c b/drivers/mtd/ubi/cdev.c index 9d6aae5449b6..89193ba9451e 100644 --- a/drivers/mtd/ubi/cdev.c +++ b/drivers/mtd/ubi/cdev.c @@ -39,6 +39,7 @@ #include <linux/stat.h> #include <linux/ioctl.h> #include <linux/capability.h> +#include <linux/smp_lock.h> #include <mtd/ubi-user.h> #include <asm/uaccess.h> #include <asm/div64.h> @@ -103,9 +104,12 @@ static int vol_cdev_open(struct inode *inode, struct file *file) struct ubi_volume_desc *desc; int vol_id = iminor(inode) - 1, mode, ubi_num; + lock_kernel(); ubi_num = ubi_major2num(imajor(inode)); - if (ubi_num < 0) + if (ubi_num < 0) { + unlock_kernel(); return ubi_num; + } if (file->f_mode & FMODE_WRITE) mode = UBI_READWRITE; @@ -115,6 +119,7 @@ static int vol_cdev_open(struct inode *inode, struct file *file) dbg_msg("open volume %d, mode %d", vol_id, mode); desc = ubi_open_volume(ubi_num, vol_id, mode); + unlock_kernel(); if (IS_ERR(desc)) return PTR_ERR(desc); diff --git a/drivers/net/ppp_generic.c b/drivers/net/ppp_generic.c index 1f4ca2b54a73..83625fdff3dd 100644 --- a/drivers/net/ppp_generic.c +++ b/drivers/net/ppp_generic.c @@ -39,6 +39,7 @@ #include <linux/if_arp.h> #include <linux/ip.h> #include <linux/tcp.h> +#include <linux/smp_lock.h> #include <linux/spinlock.h> #include <linux/rwsem.h> #include <linux/stddef.h> @@ -353,6 +354,7 @@ static const int npindex_to_ethertype[NUM_NP] = { */ static int ppp_open(struct inode *inode, struct file *file) { + cycle_kernel_lock(); /* * This could (should?) be enforced by the permissions on /dev/ppp. */ diff --git a/drivers/net/tun.c b/drivers/net/tun.c index b9018bfa0a97..eba1271b9735 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c @@ -48,6 +48,7 @@ #include <linux/kernel.h> #include <linux/major.h> #include <linux/slab.h> +#include <linux/smp_lock.h> #include <linux/poll.h> #include <linux/fcntl.h> #include <linux/init.h> @@ -802,22 +803,26 @@ static int tun_chr_fasync(int fd, struct file *file, int on) DBG(KERN_INFO "%s: tun_chr_fasync %d\n", tun->dev->name, on); + lock_kernel(); if ((ret = fasync_helper(fd, file, on, &tun->fasync)) < 0) - return ret; + goto out; if (on) { ret = __f_setown(file, task_pid(current), PIDTYPE_PID, 0); if (ret) - return ret; + goto out; tun->flags |= TUN_FASYNC; } else tun->flags &= ~TUN_FASYNC; - - return 0; + ret = 0; +out: + unlock_kernel(); + return ret; } static int tun_chr_open(struct inode *inode, struct file * file) { + cycle_kernel_lock(); DBG1(KERN_INFO "tunX: tun_chr_open\n"); file->private_data = NULL; return 0; diff --git a/drivers/net/wan/cosa.c b/drivers/net/wan/cosa.c index b0fce1387eaf..5827324e9d9f 100644 --- a/drivers/net/wan/cosa.c +++ b/drivers/net/wan/cosa.c @@ -92,6 +92,7 @@ #include <linux/spinlock.h> #include <linux/mutex.h> #include <linux/device.h> +#include <linux/smp_lock.h> #undef COSA_SLOW_IO /* for testing purposes only */ @@ -970,15 +971,21 @@ static int cosa_open(struct inode *inode, struct file *file) struct channel_data *chan; unsigned long flags; int n; + int ret = 0; + lock_kernel(); if ((n=iminor(file->f_path.dentry->d_inode)>>CARD_MINOR_BITS) - >= nr_cards) - return -ENODEV; + >= nr_cards) { + ret = -ENODEV; + goto out; + } cosa = cosa_cards+n; if ((n=iminor(file->f_path.dentry->d_inode) - & ((1<<CARD_MINOR_BITS)-1)) >= cosa->nchannels) - return -ENODEV; + & ((1<<CARD_MINOR_BITS)-1)) >= cosa->nchannels) { + ret = -ENODEV; + goto out; + } chan = cosa->chan + n; file->private_data = chan; @@ -987,7 +994,8 @@ static int cosa_open(struct inode *inode, struct file *file) if (chan->usage < 0) { /* in netdev mode */ spin_unlock_irqrestore(&cosa->lock, flags); - return -EBUSY; + ret = -EBUSY; + goto out; } cosa->usage++; chan->usage++; @@ -996,7 +1004,9 @@ static int cosa_open(struct inode *inode, struct file *file) chan->setup_rx = chrdev_setup_rx; chan->rx_done = chrdev_rx_done; spin_unlock_irqrestore(&cosa->lock, flags); - return 0; +out: + unlock_kernel(); + return ret; } static int cosa_release(struct inode *inode, struct file *file) diff --git a/drivers/parisc/eisa_eeprom.c b/drivers/parisc/eisa_eeprom.c index 86e9c84a965e..5ac207932fd7 100644 --- a/drivers/parisc/eisa_eeprom.c +++ b/drivers/parisc/eisa_eeprom.c @@ -24,6 +24,7 @@ #include <linux/kernel.h> #include <linux/miscdevice.h> #include <linux/slab.h> +#include <linux/smp_lock.h> #include <linux/fs.h> #include <asm/io.h> #include <asm/uaccess.h> @@ -83,6 +84,8 @@ static int eisa_eeprom_ioctl(struct inode *inode, struct file *file, static int eisa_eeprom_open(struct inode *inode, struct file *file) { + cycle_kernel_lock(); + if (file->f_mode & 2) return -EINVAL; diff --git a/drivers/pcmcia/pcmcia_ioctl.c b/drivers/pcmcia/pcmcia_ioctl.c index afd00e7bbbef..419f97fc9a62 100644 --- a/drivers/pcmcia/pcmcia_ioctl.c +++ b/drivers/pcmcia/pcmcia_ioctl.c @@ -27,6 +27,7 @@ #include <linux/proc_fs.h> #include <linux/poll.h> #include <linux/pci.h> +#include <linux/smp_lock.h> #include <linux/workqueue.h> #include <pcmcia/cs_types.h> @@ -545,20 +546,27 @@ static int ds_open(struct inode *inode, struct file *file) struct pcmcia_socket *s; user_info_t *user; static int warning_printed = 0; + int ret = 0; ds_dbg(0, "ds_open(socket %d)\n", i); + lock_kernel(); s = pcmcia_get_socket_by_nr(i); - if (!s) - return -ENODEV; + if (!s) { + ret = -ENODEV; + goto out; + } s = pcmcia_get_socket(s); - if (!s) - return -ENODEV; + if (!s) { + ret = -ENODEV; + goto out; + } if ((file->f_flags & O_ACCMODE) != O_RDONLY) { if (s->pcmcia_state.busy) { pcmcia_put_socket(s); - return -EBUSY; + ret = -EBUSY; + goto out; } else s->pcmcia_state.busy = 1; @@ -567,7 +575,8 @@ static int ds_open(struct inode *inode, struct file *file) user = kmalloc(sizeof(user_info_t), GFP_KERNEL); if (!user) { pcmcia_put_socket(s); - return -ENOMEM; + ret = -ENOMEM; + goto out; } user->event_tail = user->event_head = 0; user->next = s->user; @@ -589,7 +598,9 @@ static int ds_open(struct inode *inode, struct file *file) if (s->pcmcia_state.present) queue_event(user, CS_EVENT_CARD_INSERTION); - return 0; +out: + unlock_kernel(); + return ret; } /* ds_open */ /*====================================================================*/ diff --git a/drivers/rtc/rtc-dev.c b/drivers/rtc/rtc-dev.c index 90dfa0df747a..0114a78b7cbb 100644 --- a/drivers/rtc/rtc-dev.c +++ b/drivers/rtc/rtc-dev.c @@ -13,6 +13,7 @@ #include <linux/module.h> #include <linux/rtc.h> +#include <linux/smp_lock.h> #include "rtc-core.h" static dev_t rtc_devt; @@ -26,8 +27,11 @@ static int rtc_dev_open(struct inode *inode, struct file *file) struct rtc_device, char_dev); const struct rtc_class_ops *ops = rtc->ops; - if (test_and_set_bit_lock(RTC_DEV_BUSY, &rtc->flags)) - return -EBUSY; + lock_kernel(); + if (test_and_set_bit_lock(RTC_DEV_BUSY, &rtc->flags)) { + err = -EBUSY; + goto out; + } file->private_data = rtc; @@ -37,11 +41,13 @@ static int rtc_dev_open(struct inode *inode, struct file *file) rtc->irq_data = 0; spin_unlock_irq(&rtc->irq_lock); - return 0; + goto out; } /* something has gone wrong */ clear_bit_unlock(RTC_DEV_BUSY, &rtc->flags); +out: + unlock_kernel(); return err; } diff --git a/drivers/rtc/rtc-m41t80.c b/drivers/rtc/rtc-m41t80.c index a3e0880b38fb..0a19c06019be 100644 --- a/drivers/rtc/rtc-m41t80.c +++ b/drivers/rtc/rtc-m41t80.c @@ -17,6 +17,7 @@ #include <linux/init.h> #include <linux/kernel.h> #include <linux/slab.h> +#include <linux/smp_lock.h> #include <linux/string.h> #include <linux/i2c.h> #include <linux/rtc.h> @@ -655,12 +656,16 @@ static int wdt_ioctl(struct inode *inode, struct file *file, unsigned int cmd, static int wdt_open(struct inode *inode, struct file *file) { if (MINOR(inode->i_rdev) == WATCHDOG_MINOR) { - if (test_and_set_bit(0, &wdt_is_open)) + lock_kernel(); + if (test_and_set_bit(0, &wdt_is_open)) { + unlock_kernel(); return -EBUSY; + } /* * Activate */ wdt_is_open = 1; + unlock_kernel(); return 0; } return -ENODEV; diff --git a/drivers/s390/block/dasd_eer.c b/drivers/s390/block/dasd_eer.c index 6e53ab606e97..29da4413ad43 100644 --- a/drivers/s390/block/dasd_eer.c +++ b/drivers/s390/block/dasd_eer.c @@ -15,6 +15,7 @@ #include <linux/device.h> #include <linux/poll.h> #include <linux/mutex.h> +#include <linux/smp_lock.h> #include <asm/uaccess.h> #include <asm/atomic.h> @@ -525,6 +526,7 @@ static int dasd_eer_open(struct inode *inp, struct file *filp) eerb = kzalloc(sizeof(struct eerbuffer), GFP_KERNEL); if (!eerb) return -ENOMEM; + lock_kernel(); eerb->buffer_page_count = eer_pages; if (eerb->buffer_page_count < 1 || eerb->buffer_page_count > INT_MAX / PAGE_SIZE) { @@ -532,6 +534,7 @@ static int dasd_eer_open(struct inode *inp, struct file *filp) MESSAGE(KERN_WARNING, "can't open device since module " "parameter eer_pages is smaller then 1 or" " bigger then %d", (int)(INT_MAX / PAGE_SIZE)); + unlock_kernel(); return -EINVAL; } eerb->buffersize = eerb->buffer_page_count * PAGE_SIZE; @@ -539,12 +542,14 @@ static int dasd_eer_open(struct inode *inp, struct file *filp) GFP_KERNEL); if (!eerb->buffer) { kfree(eerb); + unlock_kernel(); return -ENOMEM; } if (dasd_eer_allocate_buffer_pages(eerb->buffer, eerb->buffer_page_count)) { kfree(eerb->buffer); kfree(eerb); + unlock_kernel(); return -ENOMEM; } filp->private_data = eerb; @@ -552,6 +557,7 @@ static int dasd_eer_open(struct inode *inp, struct file *filp) list_add(&eerb->list, &bufferlist); spin_unlock_irqrestore(&bufferlock, flags); + unlock_kernel(); return nonseekable_open(inp,filp); } diff --git a/drivers/s390/char/fs3270.c b/drivers/s390/char/fs3270.c index e136d10a0de6..d18e6d2e0b49 100644 --- a/drivers/s390/char/fs3270.c +++ b/drivers/s390/char/fs3270.c @@ -14,6 +14,7 @@ #include <linux/interrupt.h> #include <linux/list.h> #include <linux/types.h> +#include <linux/smp_lock.h> #include <asm/ccwdev.h> #include <asm/cio.h> @@ -421,6 +422,7 @@ fs3270_open(struct inode *inode, struct file *filp) if (imajor(filp->f_path.dentry->d_inode) != IBM_FS3270_MAJOR) return -ENODEV; + lock_kernel(); minor = iminor(filp->f_path.dentry->d_inode); /* Check for minor 0 multiplexer. */ if (minor == 0) { @@ -429,7 +431,8 @@ fs3270_open(struct inode *inode, struct file *filp) tty = get_current_tty(); if (!tty || tty->driver->major != IBM_TTY3270_MAJOR) { mutex_unlock(&tty_mutex); - return -ENODEV; + rc = -ENODEV; + goto out; } minor = tty->index + RAW3270_FIRSTMINOR; mutex_unlock(&tty_mutex); @@ -438,19 +441,22 @@ fs3270_open(struct inode *inode, struct file *filp) fp = (struct fs3270 *) raw3270_find_view(&fs3270_fn, minor); if (!IS_ERR(fp)) { raw3270_put_view(&fp->view); - return -EBUSY; + rc = -EBUSY; + goto out; } /* Allocate fullscreen view structure. */ fp = fs3270_alloc_view(); - if (IS_ERR(fp)) - return PTR_ERR(fp); + if (IS_ERR(fp)) { + rc = PTR_ERR(fp); + goto out; + } init_waitqueue_head(&fp->wait); fp->fs_pid = get_pid(task_pid(current)); rc = raw3270_add_view(&fp->view, &fs3270_fn, minor); if (rc) { fs3270_free_view(&fp->view); - return rc; + goto out; } /* Allocate idal-buffer. */ @@ -458,7 +464,8 @@ fs3270_open(struct inode *inode, struct file *filp) if (IS_ERR(ib)) { raw3270_put_view(&fp->view); raw3270_del_view(&fp->view); - return PTR_ERR(fp); + rc = PTR_ERR(fp); + goto out; } fp->rdbuf = ib; @@ -466,9 +473,11 @@ fs3270_open(struct inode *inode, struct file *filp) if (rc) { raw3270_put_view(&fp->view); raw3270_del_view(&fp->view); - return rc; + goto out; } filp->private_data = fp; +out: + unlock_kernel(); return 0; } diff --git a/drivers/s390/char/monreader.c b/drivers/s390/char/monreader.c index f0e4c96afbf8..35fd8dfcaaa6 100644 --- a/drivers/s390/char/monreader.c +++ b/drivers/s390/char/monreader.c @@ -10,6 +10,7 @@ #include <linux/module.h> #include <linux/moduleparam.h> #include <linux/init.h> +#include <linux/smp_lock.h> #include <linux/errno.h> #include <linux/types.h> #include <linux/kernel.h> @@ -291,6 +292,7 @@ static int mon_open(struct inode *inode, struct file *filp) /* * only one user allowed */ + lock_kernel(); rc = -EBUSY; if (test_and_set_bit(MON_IN_USE, &mon_in_use)) goto out; @@ -327,6 +329,7 @@ static int mon_open(struct inode *inode, struct file *filp) goto out_path; } filp->private_data = monpriv; + unlock_kernel(); return nonseekable_open(inode, filp); out_path: @@ -336,6 +339,7 @@ out_priv: out_use: clear_bit(MON_IN_USE, &mon_in_use); out: + unlock_kernel(); return rc; } diff --git a/drivers/s390/char/monwriter.c b/drivers/s390/char/monwriter.c index a86c0534cd49..4d71aa8c1a79 100644 --- a/drivers/s390/char/monwriter.c +++ b/drivers/s390/char/monwriter.c @@ -12,6 +12,7 @@ #include <linux/moduleparam.h> #include <linux/init.h> #include <linux/errno.h> +#include <linux/smp_lock.h> #include <linux/types.h> #include <linux/kernel.h> #include <linux/miscdevice.h> @@ -179,10 +180,12 @@ static int monwrite_open(struct inode *inode, struct file *filp) monpriv = kzalloc(sizeof(struct mon_private), GFP_KERNEL); if (!monpriv) return -ENOMEM; + lock_kernel(); INIT_LIST_HEAD(&monpriv->list); monpriv->hdr_to_read = sizeof(monpriv->hdr); mutex_init(&monpriv->thread_mutex); filp->private_data = monpriv; + unlock_kernel(); return nonseekable_open(inode, filp); } diff --git a/drivers/s390/char/tape_char.c b/drivers/s390/char/tape_char.c index ebe84067bae9..687720b552d1 100644 --- a/drivers/s390/char/tape_char.c +++ b/drivers/s390/char/tape_char.c @@ -14,6 +14,7 @@ #include <linux/types.h> #include <linux/proc_fs.h> #include <linux/mtio.h> +#include <linux/smp_lock.h> #include <asm/uaccess.h> @@ -289,21 +290,26 @@ tapechar_open (struct inode *inode, struct file *filp) if (imajor(filp->f_path.dentry->d_inode) != tapechar_major) return -ENODEV; + lock_kernel(); minor = iminor(filp->f_path.dentry->d_inode); device = tape_get_device(minor / TAPE_MINORS_PER_DEV); if (IS_ERR(device)) { DBF_EVENT(3, "TCHAR:open: tape_get_device() failed\n"); - return PTR_ERR(device); + rc = PTR_ERR(device); + goto out; } rc = tape_open(device); if (rc == 0) { filp->private_data = device; - return nonseekable_open(inode, filp); + rc = nonseekable_open(inode, filp); } - tape_put_device(device); + else + tape_put_device(device); +out: + unlock_kernel(); return rc; } diff --git a/drivers/s390/char/vmcp.c b/drivers/s390/char/vmcp.c index 401ea84b3059..09e7d9bf438b 100644 --- a/drivers/s390/char/vmcp.c +++ b/drivers/s390/char/vmcp.c @@ -16,6 +16,7 @@ #include <linux/kernel.h> #include <linux/miscdevice.h> #include <linux/module.h> +#include <linux/smp_lock.h> #include <asm/cpcmd.h> #include <asm/debug.h> #include <asm/uaccess.h> @@ -39,11 +40,14 @@ static int vmcp_open(struct inode *inode, struct file *file) session = kmalloc(sizeof(*session), GFP_KERNEL); if (!session) return -ENOMEM; + + lock_kernel(); session->bufsize = PAGE_SIZE; session->response = NULL; session->resp_size = 0; mutex_init(&session->mutex); file->private_data = session; + unlock_kernel(); return nonseekable_open(inode, file); } diff --git a/drivers/s390/char/vmlogrdr.c b/drivers/s390/char/vmlogrdr.c index a246bc73ae64..c31faefa2b3b 100644 --- a/drivers/s390/char/vmlogrdr.c +++ b/drivers/s390/char/vmlogrdr.c @@ -25,6 +25,7 @@ #include <linux/kmod.h> #include <linux/cdev.h> #include <linux/device.h> +#include <linux/smp_lock.h> #include <linux/string.h> @@ -310,9 +311,11 @@ static int vmlogrdr_open (struct inode *inode, struct file *filp) return -ENOSYS; /* Besure this device hasn't already been opened */ + lock_kernel(); spin_lock_bh(&logptr->priv_lock); if (logptr->dev_in_use) { spin_unlock_bh(&logptr->priv_lock); + unlock_kernel(); return -EBUSY; } logptr->dev_in_use = 1; @@ -356,7 +359,9 @@ static int vmlogrdr_open (struct inode *inode, struct file *filp) || (logptr->iucv_path_severed)); if (logptr->iucv_path_severed) goto out_record; - return nonseekable_open(inode, filp); + ret = nonseekable_open(inode, filp); + unlock_kernel(); + return ret; out_record: if (logptr->autorecording) @@ -366,6 +371,7 @@ out_path: logptr->path = NULL; out_dev: logptr->dev_in_use = 0; + unlock_kernel(); return -EIO; } diff --git a/drivers/s390/char/vmur.c b/drivers/s390/char/vmur.c index 49cba9effe89..0a9f1cccbe58 100644 --- a/drivers/s390/char/vmur.c +++ b/drivers/s390/char/vmur.c @@ -9,6 +9,7 @@ */ #include <linux/cdev.h> +#include <linux/smp_lock.h> #include <asm/uaccess.h> #include <asm/cio.h> @@ -669,7 +670,7 @@ static int ur_open(struct inode *inode, struct file *file) if (accmode == O_RDWR) return -EACCES; - + lock_kernel(); /* * We treat the minor number as the devno of the ur device * to find in the driver tree. @@ -677,8 +678,10 @@ static int ur_open(struct inode *inode, struct file *file) devno = MINOR(file->f_dentry->d_inode->i_rdev); urd = urdev_get_from_devno(devno); - if (!urd) - return -ENXIO; + if (!urd) { + rc = -ENXIO; + goto out; + } spin_lock(&urd->open_lock); while (urd->open_flag) { @@ -721,6 +724,7 @@ static int ur_open(struct inode *inode, struct file *file) goto fail_urfile_free; urf->file_reclen = rc; file->private_data = urf; + unlock_kernel(); return 0; fail_urfile_free: @@ -731,6 +735,8 @@ fail_unlock: spin_unlock(&urd->open_lock); fail_put: urdev_put(urd); +out: + unlock_kernel(); return rc; } diff --git a/drivers/s390/char/vmwatchdog.c b/drivers/s390/char/vmwatchdog.c index 56b3eab019cb..21a2a829bf4e 100644 --- a/drivers/s390/char/vmwatchdog.c +++ b/drivers/s390/char/vmwatchdog.c @@ -13,6 +13,7 @@ #include <linux/module.h> #include <linux/moduleparam.h> #include <linux/watchdog.h> +#include <linux/smp_lock.h> #include <asm/ebcdic.h> #include <asm/io.h> @@ -121,11 +122,15 @@ static int __init vmwdt_probe(void) static int vmwdt_open(struct inode *i, struct file *f) { int ret; - if (test_and_set_bit(0, &vmwdt_is_open)) + lock_kernel(); + if (test_and_set_bit(0, &vmwdt_is_open)) { + unlock_kernel(); return -EBUSY; + } ret = vmwdt_keepalive(); if (ret) clear_bit(0, &vmwdt_is_open); + unlock_kernel(); return ret ? ret : nonseekable_open(i, f); } diff --git a/drivers/s390/crypto/zcrypt_api.c b/drivers/s390/crypto/zcrypt_api.c index 8a4964f3584b..cb22b97944b8 100644 --- a/drivers/s390/crypto/zcrypt_api.c +++ b/drivers/s390/crypto/zcrypt_api.c @@ -34,6 +34,7 @@ #include <linux/fs.h> #include <linux/proc_fs.h> #include <linux/compat.h> +#include <linux/smp_lock.h> #include <asm/atomic.h> #include <asm/uaccess.h> #include <linux/hw_random.h> @@ -300,7 +301,9 @@ static ssize_t zcrypt_write(struct file *filp, const char __user *buf, */ static int zcrypt_open(struct inode *inode, struct file *filp) { + lock_kernel(); atomic_inc(&zcrypt_open_count); + unlock_kernel(); return 0; } diff --git a/drivers/sbus/char/bpp.c b/drivers/sbus/char/bpp.c index 03c966059471..bba21e053a1b 100644 --- a/drivers/sbus/char/bpp.c +++ b/drivers/sbus/char/bpp.c @@ -19,6 +19,7 @@ #include <linux/timer.h> #include <linux/ioport.h> #include <linux/major.h> +#include <linux/smp_lock.h> #include <asm/uaccess.h> #include <asm/io.h> @@ -429,6 +430,7 @@ static int bpp_open(struct inode *inode, struct file *f) unsigned minor = iminor(inode); int ret; + lock_kernel(); spin_lock(&bpp_open_lock); ret = 0; if (minor >= BPP_NO) { @@ -444,6 +446,7 @@ static int bpp_open(struct inode *inode, struct file *f) } } spin_unlock(&bpp_open_lock); + unlock_kernel(); return ret; } diff --git a/drivers/sbus/char/cpwatchdog.c b/drivers/sbus/char/cpwatchdog.c index 235703414370..23abfdfb44f1 100644 --- a/drivers/sbus/char/cpwatchdog.c +++ b/drivers/sbus/char/cpwatchdog.c @@ -279,6 +279,7 @@ static inline int wd_opt_timeout(void) static int wd_open(struct inode *inode, struct file *f) { + lock_kernel(); switch(iminor(inode)) { case WD0_MINOR: @@ -291,6 +292,7 @@ static int wd_open(struct inode *inode, struct file *f) f->private_data = &wd_dev.watchdog[WD2_ID]; break; default: + unlock_kernel(); return(-ENODEV); } @@ -304,11 +306,13 @@ static int wd_open(struct inode *inode, struct file *f) (void *)wd_dev.regs)) { printk("%s: Cannot register IRQ %d\n", WD_OBPNAME, wd_dev.irq); + unlock_kernel(); return(-EBUSY); } wd_dev.initialized = 1; } + unlock_kernel(); return(nonseekable_open(inode, f)); } diff --git a/drivers/sbus/char/display7seg.c b/drivers/sbus/char/display7seg.c index 3279a1b6501d..d8f5c0ca236d 100644 --- a/drivers/sbus/char/display7seg.c +++ b/drivers/sbus/char/display7seg.c @@ -94,6 +94,7 @@ static int d7s_open(struct inode *inode, struct file *f) { if (D7S_MINOR != iminor(inode)) return -ENODEV; + cycle_kernel_lock(); atomic_inc(&d7s_users); return 0; } diff --git a/drivers/sbus/char/envctrl.c b/drivers/sbus/char/envctrl.c index dadabef116b6..a408402426f8 100644 --- a/drivers/sbus/char/envctrl.c +++ b/drivers/sbus/char/envctrl.c @@ -27,6 +27,7 @@ #include <linux/miscdevice.h> #include <linux/kmod.h> #include <linux/reboot.h> +#include <linux/smp_lock.h> #include <asm/ebus.h> #include <asm/uaccess.h> @@ -694,6 +695,7 @@ envctrl_ioctl(struct file *file, unsigned int cmd, unsigned long arg) static int envctrl_open(struct inode *inode, struct file *file) { + cycle_kernel_lock(); file->private_data = NULL; return 0; } diff --git a/drivers/sbus/char/flash.c b/drivers/sbus/char/flash.c index 44e039865aa9..7d95e151513a 100644 --- a/drivers/sbus/char/flash.c +++ b/drivers/sbus/char/flash.c @@ -127,9 +127,13 @@ flash_read(struct file * file, char __user * buf, static int flash_open(struct inode *inode, struct file *file) { - if (test_and_set_bit(0, (void *)&flash.busy) != 0) + lock_kernel(); + if (test_and_set_bit(0, (void *)&flash.busy) != 0) { + unlock_kernel(); return -EBUSY; + } + unlock_kernel(); return 0; } diff --git a/drivers/sbus/char/jsflash.c b/drivers/sbus/char/jsflash.c index 4b7079fdc10c..2bec9ccc0293 100644 --- a/drivers/sbus/char/jsflash.c +++ b/drivers/sbus/char/jsflash.c @@ -27,6 +27,7 @@ */ #include <linux/module.h> +#include <linux/smp_lock.h> #include <linux/types.h> #include <linux/errno.h> #include <linux/miscdevice.h> @@ -417,11 +418,17 @@ static int jsf_mmap(struct file * file, struct vm_area_struct * vma) static int jsf_open(struct inode * inode, struct file * filp) { - - if (jsf0.base == 0) return -ENXIO; - if (test_and_set_bit(0, (void *)&jsf0.busy) != 0) + lock_kernel(); + if (jsf0.base == 0) { + unlock_kernel(); + return -ENXIO; + } + if (test_and_set_bit(0, (void *)&jsf0.busy) != 0) { + unlock_kernel(); return -EBUSY; + } + unlock_kernel(); return 0; /* XXX What security? */ } diff --git a/drivers/sbus/char/openprom.c b/drivers/sbus/char/openprom.c index fbfeb89a6f32..29dc735e1a20 100644 --- a/drivers/sbus/char/openprom.c +++ b/drivers/sbus/char/openprom.c @@ -33,6 +33,7 @@ #include <linux/kernel.h> #include <linux/errno.h> #include <linux/slab.h> +#include <linux/smp_lock.h> #include <linux/string.h> #include <linux/miscdevice.h> #include <linux/init.h> @@ -689,9 +690,11 @@ static int openprom_open(struct inode * inode, struct file * file) if (!data) return -ENOMEM; + lock_kernel(); data->current_node = of_find_node_by_path("/"); data->lastnode = data->current_node; file->private_data = (void *) data; + unlock_kernel(); return 0; } diff --git a/drivers/sbus/char/riowatchdog.c b/drivers/sbus/char/riowatchdog.c index a2fc6b8c1334..88c0fc6395e1 100644 --- a/drivers/sbus/char/riowatchdog.c +++ b/drivers/sbus/char/riowatchdog.c @@ -11,6 +11,7 @@ #include <linux/errno.h> #include <linux/init.h> #include <linux/miscdevice.h> +#include <linux/smp_lock.h> #include <asm/io.h> #include <asm/ebus.h> @@ -116,6 +117,7 @@ static void riowd_starttimer(void) static int riowd_open(struct inode *inode, struct file *filp) { + cycle_kernel_lock(); nonseekable_open(inode, filp); return 0; } diff --git a/drivers/sbus/char/rtc.c b/drivers/sbus/char/rtc.c index 18d18f1a114e..b0429917154d 100644 --- a/drivers/sbus/char/rtc.c +++ b/drivers/sbus/char/rtc.c @@ -12,6 +12,7 @@ */ #include <linux/module.h> +#include <linux/smp_lock.h> #include <linux/types.h> #include <linux/errno.h> #include <linux/miscdevice.h> @@ -213,6 +214,7 @@ static int rtc_open(struct inode *inode, struct file *file) { int ret; + lock_kernel(); spin_lock_irq(&mostek_lock); if (rtc_busy) { ret = -EBUSY; @@ -221,6 +223,7 @@ static int rtc_open(struct inode *inode, struct file *file) ret = 0; } spin_unlock_irq(&mostek_lock); + unlock_kernel(); return ret; } diff --git a/drivers/sbus/char/uctrl.c b/drivers/sbus/char/uctrl.c index 383f32c1d347..513ba61ae966 100644 --- a/drivers/sbus/char/uctrl.c +++ b/drivers/sbus/char/uctrl.c @@ -9,6 +9,7 @@ #include <linux/delay.h> #include <linux/interrupt.h> #include <linux/slab.h> +#include <linux/smp_lock.h> #include <linux/ioport.h> #include <linux/init.h> #include <linux/miscdevice.h> @@ -211,8 +212,10 @@ uctrl_ioctl(struct inode *inode, struct file *file, static int uctrl_open(struct inode *inode, struct file *file) { + lock_kernel(); uctrl_get_event_status(); uctrl_get_external_status(); + unlock_kernel(); return 0; } diff --git a/drivers/sbus/char/vfc_dev.c b/drivers/sbus/char/vfc_dev.c index d4f8fcded51d..1f6cb8ae2784 100644 --- a/drivers/sbus/char/vfc_dev.c +++ b/drivers/sbus/char/vfc_dev.c @@ -24,6 +24,7 @@ #include <linux/spinlock.h> #include <linux/mutex.h> #include <linux/mm.h> +#include <linux/smp_lock.h> #include <asm/openprom.h> #include <asm/oplib.h> @@ -178,14 +179,17 @@ static int vfc_open(struct inode *inode, struct file *file) { struct vfc_dev *dev; + lock_kernel(); spin_lock(&vfc_dev_lock); dev = vfc_get_dev_ptr(iminor(inode)); if (dev == NULL) { spin_unlock(&vfc_dev_lock); + unlock_kernel(); return -ENODEV; } if (dev->busy) { spin_unlock(&vfc_dev_lock); + unlock_kernel(); return -EBUSY; } @@ -202,6 +206,7 @@ static int vfc_open(struct inode *inode, struct file *file) vfc_captstat_reset(dev); vfc_unlock_device(dev); + unlock_kernel(); return 0; } diff --git a/drivers/scsi/3w-9xxx.c b/drivers/scsi/3w-9xxx.c index 867f6fd5c2c0..7045511f9ad2 100644 --- a/drivers/scsi/3w-9xxx.c +++ b/drivers/scsi/3w-9xxx.c @@ -84,6 +84,7 @@ #include <linux/pci.h> #include <linux/time.h> #include <linux/mutex.h> +#include <linux/smp_lock.h> #include <asm/io.h> #include <asm/irq.h> #include <asm/uaccess.h> @@ -862,11 +863,13 @@ out: } /* End twa_chrdev_ioctl() */ /* This function handles open for the character device */ +/* NOTE that this function will race with remove. */ static int twa_chrdev_open(struct inode *inode, struct file *file) { unsigned int minor_number; int retval = TW_IOCTL_ERROR_OS_ENODEV; + cycle_kernel_lock(); minor_number = iminor(inode); if (minor_number >= twa_device_extension_count) goto out; diff --git a/drivers/scsi/3w-xxxx.c b/drivers/scsi/3w-xxxx.c index 8c22329aa85e..a0537f09aa21 100644 --- a/drivers/scsi/3w-xxxx.c +++ b/drivers/scsi/3w-xxxx.c @@ -198,6 +198,7 @@ #include <linux/module.h> #include <linux/reboot.h> +#include <linux/smp_lock.h> #include <linux/spinlock.h> #include <linux/interrupt.h> #include <linux/moduleparam.h> @@ -1027,10 +1028,12 @@ out: } /* End tw_chrdev_ioctl() */ /* This function handles open for the character device */ +/* NOTE that this function races with remove. */ static int tw_chrdev_open(struct inode *inode, struct file *file) { unsigned int minor_number; + cycle_kernel_lock(); dprintk(KERN_WARNING "3w-xxxx: tw_ioctl_open()\n"); minor_number = iminor(inode); diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c index 1f7c83607f84..68c140e82673 100644 --- a/drivers/scsi/aacraid/linit.c +++ b/drivers/scsi/aacraid/linit.c @@ -38,6 +38,7 @@ #include <linux/moduleparam.h> #include <linux/pci.h> #include <linux/slab.h> +#include <linux/smp_lock.h> #include <linux/spinlock.h> #include <linux/syscalls.h> #include <linux/delay.h> @@ -667,6 +668,7 @@ static int aac_cfg_open(struct inode *inode, struct file *file) unsigned minor_number = iminor(inode); int err = -ENODEV; + lock_kernel(); /* BKL pushdown: nothing else protects this list */ list_for_each_entry(aac, &aac_devices, entry) { if (aac->id == minor_number) { file->private_data = aac; @@ -674,6 +676,7 @@ static int aac_cfg_open(struct inode *inode, struct file *file) break; } } + unlock_kernel(); return err; } diff --git a/drivers/scsi/ch.c b/drivers/scsi/ch.c index c4b938bc30d3..aa2011b64683 100644 --- a/drivers/scsi/ch.c +++ b/drivers/scsi/ch.c @@ -22,6 +22,7 @@ #include <linux/chio.h> /* here are all the ioctls */ #include <linux/mutex.h> #include <linux/idr.h> +#include <linux/smp_lock.h> #include <scsi/scsi.h> #include <scsi/scsi_cmnd.h> @@ -571,16 +572,19 @@ ch_open(struct inode *inode, struct file *file) scsi_changer *ch; int minor = iminor(inode); + lock_kernel(); spin_lock(&ch_index_lock); ch = idr_find(&ch_index_idr, minor); if (NULL == ch || scsi_device_get(ch->device)) { spin_unlock(&ch_index_lock); + unlock_kernel(); return -ENXIO; } spin_unlock(&ch_index_lock); file->private_data = ch; + unlock_kernel(); return 0; } diff --git a/drivers/scsi/dpt_i2o.c b/drivers/scsi/dpt_i2o.c index 8508816f303d..2bc30e32b67a 100644 --- a/drivers/scsi/dpt_i2o.c +++ b/drivers/scsi/dpt_i2o.c @@ -49,6 +49,7 @@ MODULE_DESCRIPTION("Adaptec I2O RAID Driver"); #include <linux/kernel.h> /* for printk */ #include <linux/sched.h> #include <linux/reboot.h> +#include <linux/smp_lock.h> #include <linux/spinlock.h> #include <linux/dma-mapping.h> @@ -1727,10 +1728,12 @@ static int adpt_open(struct inode *inode, struct file *file) int minor; adpt_hba* pHba; + lock_kernel(); //TODO check for root access // minor = iminor(inode); if (minor >= hba_count) { + unlock_kernel(); return -ENXIO; } mutex_lock(&adpt_configuration_lock); @@ -1741,6 +1744,7 @@ static int adpt_open(struct inode *inode, struct file *file) } if (pHba == NULL) { mutex_unlock(&adpt_configuration_lock); + unlock_kernel(); return -ENXIO; } @@ -1751,6 +1755,7 @@ static int adpt_open(struct inode *inode, struct file *file) pHba->in_use = 1; mutex_unlock(&adpt_configuration_lock); + unlock_kernel(); return 0; } diff --git a/drivers/scsi/gdth.c b/drivers/scsi/gdth.c index 46771d4c81bd..822d5214692b 100644 --- a/drivers/scsi/gdth.c +++ b/drivers/scsi/gdth.c @@ -120,6 +120,7 @@ #include <linux/timer.h> #include <linux/dma-mapping.h> #include <linux/list.h> +#include <linux/smp_lock.h> #ifdef GDTH_RTC #include <linux/mc146818rtc.h> @@ -4019,10 +4020,12 @@ static int gdth_open(struct inode *inode, struct file *filep) { gdth_ha_str *ha; + lock_kernel(); list_for_each_entry(ha, &gdth_instances, list) { if (!ha->sdev) ha->sdev = scsi_get_host_dev(ha->shost); } + unlock_kernel(); TRACE(("gdth_open()\n")); return 0; diff --git a/drivers/scsi/megaraid.c b/drivers/scsi/megaraid.c index 18551aaf5e09..28c9da7d4a5c 100644 --- a/drivers/scsi/megaraid.c +++ b/drivers/scsi/megaraid.c @@ -46,6 +46,7 @@ #include <linux/pci.h> #include <linux/init.h> #include <linux/dma-mapping.h> +#include <linux/smp_lock.h> #include <scsi/scsicam.h> #include "scsi.h" @@ -3272,12 +3273,12 @@ mega_init_scb(adapter_t *adapter) * @filep - unused * * Routines for the character/ioctl interface to the driver. Find out if this - * is a valid open. If yes, increment the module use count so that it cannot - * be unloaded. + * is a valid open. */ static int megadev_open (struct inode *inode, struct file *filep) { + cycle_kernel_lock(); /* * Only allow superuser to access private ioctl interface */ diff --git a/drivers/scsi/megaraid/megaraid_mm.c b/drivers/scsi/megaraid/megaraid_mm.c index 0ad215e27b83..ac3b280c2a72 100644 --- a/drivers/scsi/megaraid/megaraid_mm.c +++ b/drivers/scsi/megaraid/megaraid_mm.c @@ -15,6 +15,7 @@ * Common management module */ #include <linux/sched.h> +#include <linux/smp_lock.h> #include "megaraid_mm.h" @@ -96,6 +97,7 @@ mraid_mm_open(struct inode *inode, struct file *filep) */ if (!capable(CAP_SYS_ADMIN)) return (-EACCES); + cycle_kernel_lock(); return 0; } diff --git a/drivers/scsi/megaraid/megaraid_sas.c b/drivers/scsi/megaraid/megaraid_sas.c index 7d84c8bbcf3f..fc7ac158476c 100644 --- a/drivers/scsi/megaraid/megaraid_sas.c +++ b/drivers/scsi/megaraid/megaraid_sas.c @@ -33,6 +33,7 @@ #include <linux/spinlock.h> #include <linux/interrupt.h> #include <linux/delay.h> +#include <linux/smp_lock.h> #include <linux/uio.h> #include <asm/uaccess.h> #include <linux/fs.h> @@ -2863,6 +2864,7 @@ static void megasas_shutdown(struct pci_dev *pdev) */ static int megasas_mgmt_open(struct inode *inode, struct file *filep) { + cycle_kernel_lock(); /* * Allow only those users with admin rights */ diff --git a/drivers/scsi/osst.c b/drivers/scsi/osst.c index 243d8becd30f..1c79f9794f4e 100644 --- a/drivers/scsi/osst.c +++ b/drivers/scsi/osst.c @@ -50,6 +50,7 @@ static const char * osst_version = "0.99.4"; #include <linux/moduleparam.h> #include <linux/delay.h> #include <linux/jiffies.h> +#include <linux/smp_lock.h> #include <asm/uaccess.h> #include <asm/dma.h> #include <asm/system.h> @@ -4359,7 +4360,7 @@ os_bypass: /* Open the device */ -static int os_scsi_tape_open(struct inode * inode, struct file * filp) +static int __os_scsi_tape_open(struct inode * inode, struct file * filp) { unsigned short flags; int i, b_size, new_session = 0, retval = 0; @@ -4725,6 +4726,18 @@ err_out: return retval; } +/* BKL pushdown: spaghetti avoidance wrapper */ +static int os_scsi_tape_open(struct inode * inode, struct file * filp) +{ + int ret; + + lock_kernel(); + ret = __os_scsi_tape_open(inode, filp); + unlock_kernel(); + return ret; +} + + /* Flush the tape buffer before close */ static int os_scsi_tape_flush(struct file * filp, fl_owner_t id) diff --git a/drivers/scsi/scsi_tgt_if.c b/drivers/scsi/scsi_tgt_if.c index d2557dbc2dc1..0e9533f7aabc 100644 --- a/drivers/scsi/scsi_tgt_if.c +++ b/drivers/scsi/scsi_tgt_if.c @@ -21,6 +21,7 @@ */ #include <linux/miscdevice.h> #include <linux/file.h> +#include <linux/smp_lock.h> #include <net/tcp.h> #include <scsi/scsi.h> #include <scsi/scsi_cmnd.h> @@ -321,6 +322,7 @@ static int tgt_open(struct inode *inode, struct file *file) { tx_ring.tr_idx = rx_ring.tr_idx = 0; + cycle_kernel_lock(); return 0; } diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c index fe694f0ee19a..fccd2e88d600 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -49,6 +49,7 @@ static int sg_version_num = 30534; /* 2 digits for each component */ #include <linux/delay.h> #include <linux/scatterlist.h> #include <linux/blktrace_api.h> +#include <linux/smp_lock.h> #include "scsi.h" #include <scsi/scsi_dbg.h> @@ -227,19 +228,26 @@ sg_open(struct inode *inode, struct file *filp) int res; int retval; + lock_kernel(); nonseekable_open(inode, filp); SCSI_LOG_TIMEOUT(3, printk("sg_open: dev=%d, flags=0x%x\n", dev, flags)); sdp = sg_get_dev(dev); - if ((!sdp) || (!sdp->device)) + if ((!sdp) || (!sdp->device)) { + unlock_kernel(); return -ENXIO; - if (sdp->detached) + } + if (sdp->detached) { + unlock_kernel(); return -ENODEV; + } /* This driver's module count bumped by fops_get in <linux/fs.h> */ /* Prevent the device driver from vanishing while we sleep */ retval = scsi_device_get(sdp->device); - if (retval) + if (retval) { + unlock_kernel(); return retval; + } if (!((flags & O_NONBLOCK) || scsi_block_when_processing_errors(sdp->device))) { @@ -295,10 +303,12 @@ sg_open(struct inode *inode, struct file *filp) retval = -ENOMEM; goto error_out; } + unlock_kernel(); return 0; error_out: scsi_device_put(sdp->device); + unlock_kernel(); return retval; } diff --git a/drivers/scsi/st.c b/drivers/scsi/st.c index 6e5a5bb31311..4684cc716aa4 100644 --- a/drivers/scsi/st.c +++ b/drivers/scsi/st.c @@ -38,6 +38,7 @@ static const char *verstr = "20080224"; #include <linux/cdev.h> #include <linux/delay.h> #include <linux/mutex.h> +#include <linux/smp_lock.h> #include <asm/uaccess.h> #include <asm/dma.h> @@ -1113,7 +1114,7 @@ static int check_tape(struct scsi_tape *STp, struct file *filp) } -/* Open the device. Needs to be called with BKL only because of incrementing the SCSI host +/* Open the device. Needs to take the BKL only because of incrementing the SCSI host module count. */ static int st_open(struct inode *inode, struct file *filp) { @@ -1123,6 +1124,7 @@ static int st_open(struct inode *inode, struct file *filp) int dev = TAPE_NR(inode); char *name; + lock_kernel(); /* * We really want to do nonseekable_open(inode, filp); here, but some * versions of tar incorrectly call lseek on tapes and bail out if that @@ -1130,8 +1132,10 @@ static int st_open(struct inode *inode, struct file *filp) */ filp->f_mode &= ~(FMODE_PREAD | FMODE_PWRITE); - if (!(STp = scsi_tape_get(dev))) + if (!(STp = scsi_tape_get(dev))) { + unlock_kernel(); return -ENXIO; + } write_lock(&st_dev_arr_lock); filp->private_data = STp; @@ -1140,6 +1144,7 @@ static int st_open(struct inode *inode, struct file *filp) if (STp->in_use) { write_unlock(&st_dev_arr_lock); scsi_tape_put(STp); + unlock_kernel(); DEB( printk(ST_DEB_MSG "%s: Device already in use.\n", name); ) return (-EBUSY); } @@ -1188,12 +1193,14 @@ static int st_open(struct inode *inode, struct file *filp) retval = (-EIO); goto err_out; } + unlock_kernel(); return 0; err_out: normalize_buffer(STp->buffer); STp->in_use = 0; scsi_tape_put(STp); + unlock_kernel(); return retval; } diff --git a/drivers/spi/spidev.c b/drivers/spi/spidev.c index f5b60c70389b..ddbe1a5e970e 100644 --- a/drivers/spi/spidev.c +++ b/drivers/spi/spidev.c @@ -30,6 +30,7 @@ #include <linux/errno.h> #include <linux/mutex.h> #include <linux/slab.h> +#include <linux/smp_lock.h> #include <linux/spi/spi.h> #include <linux/spi/spidev.h> @@ -464,6 +465,7 @@ static int spidev_open(struct inode *inode, struct file *filp) struct spidev_data *spidev; int status = -ENXIO; + lock_kernel(); mutex_lock(&device_list_lock); list_for_each_entry(spidev, &device_list, device_entry) { @@ -489,6 +491,7 @@ static int spidev_open(struct inode *inode, struct file *filp) pr_debug("spidev: nothing for minor %d\n", iminor(inode)); mutex_unlock(&device_list_lock); + unlock_kernel(); return status; } diff --git a/drivers/telephony/phonedev.c b/drivers/telephony/phonedev.c index bcea8d9b718c..4d74ba36c3a1 100644 --- a/drivers/telephony/phonedev.c +++ b/drivers/telephony/phonedev.c @@ -23,6 +23,7 @@ #include <linux/errno.h> #include <linux/phonedev.h> #include <linux/init.h> +#include <linux/smp_lock.h> #include <asm/uaccess.h> #include <asm/system.h> @@ -53,6 +54,7 @@ static int phone_open(struct inode *inode, struct file *file) if (minor >= PHONE_NUM_DEVICES) return -ENODEV; + lock_kernel(); mutex_lock(&phone_lock); p = phone_device[minor]; if (p) @@ -79,6 +81,7 @@ static int phone_open(struct inode *inode, struct file *file) fops_put(old_fops); end: mutex_unlock(&phone_lock); + unlock_kernel(); return err; } diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c index 0a12e90ad416..5a7ca2e6094d 100644 --- a/drivers/uio/uio.c +++ b/drivers/uio/uio.c @@ -297,12 +297,17 @@ static int uio_open(struct inode *inode, struct file *filep) struct uio_listener *listener; int ret = 0; + lock_kernel(); idev = idr_find(&uio_idr, iminor(inode)); - if (!idev) - return -ENODEV; + if (!idev) { + ret = -ENODEV; + goto out; + } - if (!try_module_get(idev->owner)) - return -ENODEV; + if (!try_module_get(idev->owner)) { + ret = -ENODEV; + goto out; + } listener = kmalloc(sizeof(*listener), GFP_KERNEL); if (!listener) { @@ -319,7 +324,7 @@ static int uio_open(struct inode *inode, struct file *filep) if (ret) goto err_infoopen; } - + unlock_kernel(); return 0; err_infoopen: @@ -329,6 +334,8 @@ err_alloc_listener: module_put(idev->owner); +out: + unlock_kernel(); return ret; } diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c index de17738f3acb..9218cca21043 100644 --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c @@ -565,6 +565,7 @@ static int usbdev_open(struct inode *inode, struct file *file) struct dev_state *ps; int ret; + lock_kernel(); /* Protect against simultaneous removal or release */ mutex_lock(&usbfs_mutex); @@ -611,6 +612,7 @@ static int usbdev_open(struct inode *inode, struct file *file) if (ret) kfree(ps); mutex_unlock(&usbfs_mutex); + unlock_kernel(); return ret; } diff --git a/drivers/usb/core/file.c b/drivers/usb/core/file.c index 8133c99c6c5c..c6a95395e52a 100644 --- a/drivers/usb/core/file.c +++ b/drivers/usb/core/file.c @@ -18,6 +18,7 @@ #include <linux/module.h> #include <linux/errno.h> #include <linux/rwsem.h> +#include <linux/smp_lock.h> #include <linux/usb.h> #include "usb.h" @@ -33,6 +34,7 @@ static int usb_open(struct inode * inode, struct file * file) int err = -ENODEV; const struct file_operations *old_fops, *new_fops = NULL; + lock_kernel(); down_read(&minor_rwsem); c = usb_minors[minor]; @@ -51,6 +53,7 @@ static int usb_open(struct inode * inode, struct file * file) fops_put(old_fops); done: up_read(&minor_rwsem); + unlock_kernel(); return err; } diff --git a/drivers/usb/gadget/printer.c b/drivers/usb/gadget/printer.c index 76be75e3ab8f..ec8f2eb041ca 100644 --- a/drivers/usb/gadget/printer.c +++ b/drivers/usb/gadget/printer.c @@ -462,6 +462,7 @@ printer_open(struct inode *inode, struct file *fd) unsigned long flags; int ret = -EBUSY; + lock_kernel(); dev = container_of(inode->i_cdev, struct printer_dev, printer_cdev); spin_lock_irqsave(&dev->lock, flags); @@ -477,7 +478,7 @@ printer_open(struct inode *inode, struct file *fd) spin_unlock_irqrestore(&dev->lock, flags); DBG(dev, "printer_open returned %x\n", ret); - + unlock_kernel(); return ret; } diff --git a/drivers/usb/mon/mon_bin.c b/drivers/usb/mon/mon_bin.c index 49145534e06e..293a46247c3b 100644 --- a/drivers/usb/mon/mon_bin.c +++ b/drivers/usb/mon/mon_bin.c @@ -15,6 +15,7 @@ #include <linux/poll.h> #include <linux/compat.h> #include <linux/mm.h> +#include <linux/smp_lock.h> #include <asm/uaccess.h> @@ -527,14 +528,17 @@ static int mon_bin_open(struct inode *inode, struct file *file) size_t size; int rc; + lock_kernel(); mutex_lock(&mon_lock); if ((mbus = mon_bus_lookup(iminor(inode))) == NULL) { mutex_unlock(&mon_lock); + unlock_kernel(); return -ENODEV; } if (mbus != &mon_bus0 && mbus->u_bus == NULL) { printk(KERN_ERR TAG ": consistency error on open\n"); mutex_unlock(&mon_lock); + unlock_kernel(); return -ENODEV; } @@ -568,6 +572,7 @@ static int mon_bin_open(struct inode *inode, struct file *file) file->private_data = rp; mutex_unlock(&mon_lock); + unlock_kernel(); return 0; err_allocbuff: @@ -576,6 +581,7 @@ err_allocvec: kfree(rp); err_alloc: mutex_unlock(&mon_lock); + unlock_kernel(); return rc; } diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c index 776f7fcd2fbf..33ebdb198daf 100644 --- a/drivers/video/fbmem.c +++ b/drivers/video/fbmem.c @@ -1326,20 +1326,27 @@ fb_open(struct inode *inode, struct file *file) if (fbidx >= FB_MAX) return -ENODEV; + lock_kernel(); #ifdef CONFIG_KMOD if (!(info = registered_fb[fbidx])) try_to_load(fbidx); #endif /* CONFIG_KMOD */ - if (!(info = registered_fb[fbidx])) - return -ENODEV; - if (!try_module_get(info->fbops->owner)) - return -ENODEV; + if (!(info = registered_fb[fbidx])) { + res = -ENODEV; + goto out; + } + if (!try_module_get(info->fbops->owner)) { + res = -ENODEV; + goto out; + } file->private_data = info; if (info->fbops->fb_open) { res = info->fbops->fb_open(info,1); if (res) module_put(info->fbops->owner); } +out: + unlock_kernel(); return res; } |