From 42a561e56fb9b581a4adb89efe54a387e3d4dc1b Mon Sep 17 00:00:00 2001 From: Julia Lawall Date: Sat, 14 Nov 2015 13:30:34 +0100 Subject: lustre: constify inode_operations structures The inode_operations structures are never modified, so declare them as const, like all the other inode_operations structures. Done with the help of Coccinelle. Signed-off-by: Julia Lawall Signed-off-by: Al Viro --- drivers/staging/lustre/lustre/llite/file.c | 2 +- drivers/staging/lustre/lustre/llite/llite_internal.h | 4 ++-- drivers/staging/lustre/lustre/llite/symlink.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) (limited to 'drivers') diff --git a/drivers/staging/lustre/lustre/llite/file.c b/drivers/staging/lustre/lustre/llite/file.c index 02f27593013e..31cd6b323a39 100644 --- a/drivers/staging/lustre/lustre/llite/file.c +++ b/drivers/staging/lustre/lustre/llite/file.c @@ -3139,7 +3139,7 @@ struct file_operations ll_file_operations_noflock = { .lock = ll_file_noflock }; -struct inode_operations ll_file_inode_operations = { +const struct inode_operations ll_file_inode_operations = { .setattr = ll_setattr, .getattr = ll_getattr, .permission = ll_inode_permission, diff --git a/drivers/staging/lustre/lustre/llite/llite_internal.h b/drivers/staging/lustre/lustre/llite/llite_internal.h index 9096d311e45d..6102b29dbf30 100644 --- a/drivers/staging/lustre/lustre/llite/llite_internal.h +++ b/drivers/staging/lustre/lustre/llite/llite_internal.h @@ -705,7 +705,7 @@ extern const struct address_space_operations ll_aops; extern struct file_operations ll_file_operations; extern struct file_operations ll_file_operations_flock; extern struct file_operations ll_file_operations_noflock; -extern struct inode_operations ll_file_inode_operations; +extern const struct inode_operations ll_file_inode_operations; int ll_have_md_lock(struct inode *inode, __u64 *bits, ldlm_mode_t l_req_mode); ldlm_mode_t ll_take_md_lock(struct inode *inode, __u64 bits, @@ -805,7 +805,7 @@ struct inode *search_inode_for_lustre(struct super_block *sb, const struct lu_fid *fid); /* llite/symlink.c */ -extern struct inode_operations ll_fast_symlink_inode_operations; +extern const struct inode_operations ll_fast_symlink_inode_operations; /* llite/llite_close.c */ struct ll_close_queue { diff --git a/drivers/staging/lustre/lustre/llite/symlink.c b/drivers/staging/lustre/lustre/llite/symlink.c index 69b203651905..32c4cf48b318 100644 --- a/drivers/staging/lustre/lustre/llite/symlink.c +++ b/drivers/staging/lustre/lustre/llite/symlink.c @@ -146,7 +146,7 @@ static void ll_put_link(struct inode *unused, void *cookie) ptlrpc_req_finished(cookie); } -struct inode_operations ll_fast_symlink_inode_operations = { +const struct inode_operations ll_fast_symlink_inode_operations = { .readlink = generic_readlink, .setattr = ll_setattr, .follow_link = ll_follow_link, -- cgit v1.2.3 From dfbf53ed548e838ab933d1a7072ffc38cba3bae8 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 26 Nov 2015 23:24:14 -0500 Subject: vgaarb: remove bogus checks neither ->release() nor ->poll() can be called unless ->open() has succeeded on the same struct file, so checking for "has open() failed" is pointless. What's more, ->poll() doesn't return -E... - it always returns a bitmap of POLL... values, so the dead code in that one had been actively bogus. Signed-off-by: Al Viro --- drivers/gpu/vga/vgaarb.c | 7 ------- 1 file changed, 7 deletions(-) (limited to 'drivers') diff --git a/drivers/gpu/vga/vgaarb.c b/drivers/gpu/vga/vgaarb.c index 3166e4bc4eb6..de083aade105 100644 --- a/drivers/gpu/vga/vgaarb.c +++ b/drivers/gpu/vga/vgaarb.c @@ -1161,12 +1161,8 @@ done: static unsigned int vga_arb_fpoll(struct file *file, poll_table *wait) { - struct vga_arb_private *priv = file->private_data; - pr_debug("%s\n", __func__); - if (priv == NULL) - return -ENODEV; poll_wait(file, &vga_wait_queue, wait); return POLLIN; } @@ -1207,9 +1203,6 @@ static int vga_arb_release(struct inode *inode, struct file *file) pr_debug("%s\n", __func__); - if (priv == NULL) - return -ENODEV; - spin_lock_irqsave(&vga_user_lock, flags); list_del(&priv->list); for (i = 0; i < MAX_USER_CARDS; i++) { -- cgit v1.2.3 From 0e81ba231239b58c8b17dca18c6345c13e793824 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 5 Dec 2015 18:23:48 -0500 Subject: don't opencode iget_failed() Signed-off-by: Al Viro --- drivers/staging/lustre/lustre/llite/namei.c | 4 +--- fs/ecryptfs/inode.c | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) (limited to 'drivers') diff --git a/drivers/staging/lustre/lustre/llite/namei.c b/drivers/staging/lustre/lustre/llite/namei.c index 2ca22001a534..64db5e86672f 100644 --- a/drivers/staging/lustre/lustre/llite/namei.c +++ b/drivers/staging/lustre/lustre/llite/namei.c @@ -126,9 +126,7 @@ struct inode *ll_iget(struct super_block *sb, ino_t hash, rc = cl_file_inode_init(inode, md); } if (rc != 0) { - make_bad_inode(inode); - unlock_new_inode(inode); - iput(inode); + iget_failed(inode); inode = ERR_PTR(rc); } else unlock_new_inode(inode); diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c index e2e47ba5d313..92c5dae576b1 100644 --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c @@ -282,9 +282,7 @@ ecryptfs_create(struct inode *directory_inode, struct dentry *ecryptfs_dentry, if (rc) { ecryptfs_do_unlink(directory_inode, ecryptfs_dentry, ecryptfs_inode); - make_bad_inode(ecryptfs_inode); - unlock_new_inode(ecryptfs_inode); - iput(ecryptfs_inode); + iget_failed(ecryptfs_inode); goto out; } unlock_new_inode(ecryptfs_inode); -- cgit v1.2.3 From b808b1d632f6915e4d6b1badb927b2c970ad11bb Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 5 Dec 2015 21:39:06 -0500 Subject: don't open-code generic_file_llseek_size() Signed-off-by: Al Viro --- arch/powerpc/kernel/nvram_64.c | 19 +++---------------- drivers/char/generic_nvram.c | 21 +++------------------ drivers/char/mbcs.c | 28 +++------------------------- drivers/char/nvram.c | 18 +++--------------- 4 files changed, 12 insertions(+), 74 deletions(-) (limited to 'drivers') diff --git a/arch/powerpc/kernel/nvram_64.c b/arch/powerpc/kernel/nvram_64.c index 32e26526f7e4..0cab9e8c3794 100644 --- a/arch/powerpc/kernel/nvram_64.c +++ b/arch/powerpc/kernel/nvram_64.c @@ -27,6 +27,7 @@ #include #include #include +#include #include #include #include @@ -733,24 +734,10 @@ static void oops_to_nvram(struct kmsg_dumper *dumper, static loff_t dev_nvram_llseek(struct file *file, loff_t offset, int origin) { - int size; - if (ppc_md.nvram_size == NULL) return -ENODEV; - size = ppc_md.nvram_size(); - - switch (origin) { - case 1: - offset += file->f_pos; - break; - case 2: - offset += size; - break; - } - if (offset < 0) - return -EINVAL; - file->f_pos = offset; - return file->f_pos; + return generic_file_llseek_size(file, offset, origin, MAX_LFS_FILESIZE, + ppc_md.nvram_size()); } diff --git a/drivers/char/generic_nvram.c b/drivers/char/generic_nvram.c index 6c4f4b5a9dd3..073db9558379 100644 --- a/drivers/char/generic_nvram.c +++ b/drivers/char/generic_nvram.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #ifdef CONFIG_PPC_PMAC @@ -33,24 +34,8 @@ static ssize_t nvram_len; static loff_t nvram_llseek(struct file *file, loff_t offset, int origin) { - switch (origin) { - case 0: - break; - case 1: - offset += file->f_pos; - break; - case 2: - offset += nvram_len; - break; - default: - offset = -1; - } - if (offset < 0) - return -EINVAL; - - file->f_pos = offset; - - return file->f_pos; + return generic_file_llseek_size(file, offset, origin, + MAX_LFS_FILESIZE, nvram_len); } static ssize_t read_nvram(struct file *file, char __user *buf, diff --git a/drivers/char/mbcs.c b/drivers/char/mbcs.c index e5d3e3f7a49b..67d426470e53 100644 --- a/drivers/char/mbcs.c +++ b/drivers/char/mbcs.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include #include @@ -451,31 +452,8 @@ mbcs_sram_write(struct file * fp, const char __user *buf, size_t len, loff_t * o static loff_t mbcs_sram_llseek(struct file * filp, loff_t off, int whence) { - loff_t newpos; - - switch (whence) { - case SEEK_SET: - newpos = off; - break; - - case SEEK_CUR: - newpos = filp->f_pos + off; - break; - - case SEEK_END: - newpos = MBCS_SRAM_SIZE + off; - break; - - default: /* can't happen */ - return -EINVAL; - } - - if (newpos < 0) - return -EINVAL; - - filp->f_pos = newpos; - - return newpos; + return generic_file_llseek_size(filp, off, whence, MAX_LFS_FILESIZE, + MBCS_SRAM_SIZE); } static uint64_t mbcs_pioaddr(struct mbcs_soft *soft, uint64_t offset) diff --git a/drivers/char/nvram.c b/drivers/char/nvram.c index 97c2d8d433d6..01292328a456 100644 --- a/drivers/char/nvram.c +++ b/drivers/char/nvram.c @@ -110,6 +110,7 @@ #include #include #include +#include static DEFINE_MUTEX(nvram_mutex); @@ -213,21 +214,8 @@ void nvram_set_checksum(void) static loff_t nvram_llseek(struct file *file, loff_t offset, int origin) { - switch (origin) { - case 0: - /* nothing to do */ - break; - case 1: - offset += file->f_pos; - break; - case 2: - offset += NVRAM_BYTES; - break; - default: - return -EINVAL; - } - - return (offset >= 0) ? (file->f_pos = offset) : -EINVAL; + return generic_file_llseek_size(file, offset, origin, MAX_LFS_FILESIZE, + NVRAM_BYTES); } static ssize_t nvram_read(struct file *file, char __user *buf, -- cgit v1.2.3 From b25472f9b96159cc0b9b7ed449448805973cd789 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 5 Dec 2015 22:04:48 -0500 Subject: new helpers: no_seek_end_llseek{,_size}() Signed-off-by: Al Viro --- arch/sparc/kernel/mdesc.c | 20 ++-------------- arch/x86/kernel/cpuid.c | 24 +------------------- arch/x86/kernel/msr.c | 24 +------------------- drivers/char/nwflash.c | 31 +------------------------ drivers/net/wireless/ti/wlcore/debugfs.c | 17 +------------- drivers/s390/char/vmur.c | 15 +----------- drivers/s390/char/zcore.c | 13 +---------- drivers/usb/core/devices.c | 26 +-------------------- drivers/usb/core/devio.c | 26 +-------------------- drivers/usb/host/uhci-debug.c | 23 ++----------------- drivers/usb/misc/sisusbvga/sisusb.c | 16 +------------ fs/read_write.c | 39 ++++++++++++++++++++++++++++++++ include/linux/fs.h | 2 ++ 13 files changed, 54 insertions(+), 222 deletions(-) (limited to 'drivers') diff --git a/arch/sparc/kernel/mdesc.c b/arch/sparc/kernel/mdesc.c index 6f80936e0eea..11228861d9b4 100644 --- a/arch/sparc/kernel/mdesc.c +++ b/arch/sparc/kernel/mdesc.c @@ -1033,25 +1033,9 @@ static ssize_t mdesc_read(struct file *file, char __user *buf, static loff_t mdesc_llseek(struct file *file, loff_t offset, int whence) { - struct mdesc_handle *hp; - - switch (whence) { - case SEEK_CUR: - offset += file->f_pos; - break; - case SEEK_SET: - break; - default: - return -EINVAL; - } - - hp = file->private_data; - if (offset > hp->handle_size) - return -EINVAL; - else - file->f_pos = offset; + struct mdesc_handle *hp = file->private_data; - return offset; + return no_seek_end_llseek_size(file, offset, whence, hp->handle_size); } /* mdesc_close() - /dev/mdesc is being closed, release the reference to diff --git a/arch/x86/kernel/cpuid.c b/arch/x86/kernel/cpuid.c index bd3507da39f0..2836de390f95 100644 --- a/arch/x86/kernel/cpuid.c +++ b/arch/x86/kernel/cpuid.c @@ -58,28 +58,6 @@ static void cpuid_smp_cpuid(void *cmd_block) &cmd->eax, &cmd->ebx, &cmd->ecx, &cmd->edx); } -static loff_t cpuid_seek(struct file *file, loff_t offset, int orig) -{ - loff_t ret; - struct inode *inode = file->f_mapping->host; - - mutex_lock(&inode->i_mutex); - switch (orig) { - case 0: - file->f_pos = offset; - ret = file->f_pos; - break; - case 1: - file->f_pos += offset; - ret = file->f_pos; - break; - default: - ret = -EINVAL; - } - mutex_unlock(&inode->i_mutex); - return ret; -} - static ssize_t cpuid_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) { @@ -132,7 +110,7 @@ static int cpuid_open(struct inode *inode, struct file *file) */ static const struct file_operations cpuid_fops = { .owner = THIS_MODULE, - .llseek = cpuid_seek, + .llseek = no_seek_end_llseek, .read = cpuid_read, .open = cpuid_open, }; diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c index 113e70784854..64f9616f93f1 100644 --- a/arch/x86/kernel/msr.c +++ b/arch/x86/kernel/msr.c @@ -45,28 +45,6 @@ static struct class *msr_class; -static loff_t msr_seek(struct file *file, loff_t offset, int orig) -{ - loff_t ret; - struct inode *inode = file_inode(file); - - mutex_lock(&inode->i_mutex); - switch (orig) { - case SEEK_SET: - file->f_pos = offset; - ret = file->f_pos; - break; - case SEEK_CUR: - file->f_pos += offset; - ret = file->f_pos; - break; - default: - ret = -EINVAL; - } - mutex_unlock(&inode->i_mutex); - return ret; -} - static ssize_t msr_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) { @@ -194,7 +172,7 @@ static int msr_open(struct inode *inode, struct file *file) */ static const struct file_operations msr_fops = { .owner = THIS_MODULE, - .llseek = msr_seek, + .llseek = no_seek_end_llseek, .read = msr_read, .write = msr_write, .open = msr_open, diff --git a/drivers/char/nwflash.c b/drivers/char/nwflash.c index e371480d3639..dbe598de9b74 100644 --- a/drivers/char/nwflash.c +++ b/drivers/char/nwflash.c @@ -277,36 +277,7 @@ static loff_t flash_llseek(struct file *file, loff_t offset, int orig) printk(KERN_DEBUG "flash_llseek: offset=0x%X, orig=0x%X.\n", (unsigned int) offset, orig); - switch (orig) { - case 0: - if (offset < 0) { - ret = -EINVAL; - break; - } - - if ((unsigned int) offset > gbFlashSize) { - ret = -EINVAL; - break; - } - - file->f_pos = (unsigned int) offset; - ret = file->f_pos; - break; - case 1: - if ((file->f_pos + offset) > gbFlashSize) { - ret = -EINVAL; - break; - } - if ((file->f_pos + offset) < 0) { - ret = -EINVAL; - break; - } - file->f_pos += offset; - ret = file->f_pos; - break; - default: - ret = -EINVAL; - } + ret = no_seek_end_llseek_size(file, offset, orig, gbFlashSize); mutex_unlock(&flash_mutex); return ret; } diff --git a/drivers/net/wireless/ti/wlcore/debugfs.c b/drivers/net/wireless/ti/wlcore/debugfs.c index eb43f94a1597..be72306f8c69 100644 --- a/drivers/net/wireless/ti/wlcore/debugfs.c +++ b/drivers/net/wireless/ti/wlcore/debugfs.c @@ -1205,26 +1205,11 @@ err_out: static loff_t dev_mem_seek(struct file *file, loff_t offset, int orig) { - loff_t ret; - /* only requests of dword-aligned size and offset are supported */ if (offset % 4) return -EINVAL; - switch (orig) { - case SEEK_SET: - file->f_pos = offset; - ret = file->f_pos; - break; - case SEEK_CUR: - file->f_pos += offset; - ret = file->f_pos; - break; - default: - ret = -EINVAL; - } - - return ret; + return no_seek_end_llseek(file, offset, orig); } static const struct file_operations dev_mem_ops = { diff --git a/drivers/s390/char/vmur.c b/drivers/s390/char/vmur.c index 0efb27f6f199..6c30e93ab8fa 100644 --- a/drivers/s390/char/vmur.c +++ b/drivers/s390/char/vmur.c @@ -782,24 +782,11 @@ static int ur_release(struct inode *inode, struct file *file) static loff_t ur_llseek(struct file *file, loff_t offset, int whence) { - loff_t newpos; - if ((file->f_flags & O_ACCMODE) != O_RDONLY) return -ESPIPE; /* seek allowed only for reader */ if (offset % PAGE_SIZE) return -ESPIPE; /* only multiples of 4K allowed */ - switch (whence) { - case 0: /* SEEK_SET */ - newpos = offset; - break; - case 1: /* SEEK_CUR */ - newpos = file->f_pos + offset; - break; - default: - return -EINVAL; - } - file->f_pos = newpos; - return newpos; + return no_seek_end_llseek(file, offset, whence); } static const struct file_operations ur_fops = { diff --git a/drivers/s390/char/zcore.c b/drivers/s390/char/zcore.c index 823f41fc4bbd..3339b862ec17 100644 --- a/drivers/s390/char/zcore.c +++ b/drivers/s390/char/zcore.c @@ -385,18 +385,7 @@ static loff_t zcore_lseek(struct file *file, loff_t offset, int orig) loff_t rc; mutex_lock(&zcore_mutex); - switch (orig) { - case 0: - file->f_pos = offset; - rc = file->f_pos; - break; - case 1: - file->f_pos += offset; - rc = file->f_pos; - break; - default: - rc = -EINVAL; - } + rc = no_seek_end_llseek(file, offset, orig); mutex_unlock(&zcore_mutex); return rc; } diff --git a/drivers/usb/core/devices.c b/drivers/usb/core/devices.c index 2a3bbdf7eb94..cffa0a0d7de2 100644 --- a/drivers/usb/core/devices.c +++ b/drivers/usb/core/devices.c @@ -661,32 +661,8 @@ static unsigned int usb_device_poll(struct file *file, return 0; } -static loff_t usb_device_lseek(struct file *file, loff_t offset, int orig) -{ - loff_t ret; - - mutex_lock(&file_inode(file)->i_mutex); - - switch (orig) { - case 0: - file->f_pos = offset; - ret = file->f_pos; - break; - case 1: - file->f_pos += offset; - ret = file->f_pos; - break; - case 2: - default: - ret = -EINVAL; - } - - mutex_unlock(&file_inode(file)->i_mutex); - return ret; -} - const struct file_operations usbfs_devices_fops = { - .llseek = usb_device_lseek, + .llseek = no_seek_end_llseek, .read = usb_device_read, .poll = usb_device_poll, }; diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c index 38ae877c46e3..dbc3e143453a 100644 --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c @@ -157,30 +157,6 @@ static int connected(struct usb_dev_state *ps) ps->dev->state != USB_STATE_NOTATTACHED); } -static loff_t usbdev_lseek(struct file *file, loff_t offset, int orig) -{ - loff_t ret; - - mutex_lock(&file_inode(file)->i_mutex); - - switch (orig) { - case 0: - file->f_pos = offset; - ret = file->f_pos; - break; - case 1: - file->f_pos += offset; - ret = file->f_pos; - break; - case 2: - default: - ret = -EINVAL; - } - - mutex_unlock(&file_inode(file)->i_mutex); - return ret; -} - static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos) { @@ -2366,7 +2342,7 @@ static unsigned int usbdev_poll(struct file *file, const struct file_operations usbdev_file_operations = { .owner = THIS_MODULE, - .llseek = usbdev_lseek, + .llseek = no_seek_end_llseek, .read = usbdev_read, .poll = usbdev_poll, .unlocked_ioctl = usbdev_ioctl, diff --git a/drivers/usb/host/uhci-debug.c b/drivers/usb/host/uhci-debug.c index 1b28a000d5c6..9c6635d43db0 100644 --- a/drivers/usb/host/uhci-debug.c +++ b/drivers/usb/host/uhci-debug.c @@ -584,27 +584,8 @@ static int uhci_debug_open(struct inode *inode, struct file *file) static loff_t uhci_debug_lseek(struct file *file, loff_t off, int whence) { - struct uhci_debug *up; - loff_t new = -1; - - up = file->private_data; - - /* - * XXX: atomic 64bit seek access, but that needs to be fixed in the VFS - */ - switch (whence) { - case 0: - new = off; - break; - case 1: - new = file->f_pos + off; - break; - } - - if (new < 0 || new > up->size) - return -EINVAL; - - return (file->f_pos = new); + struct uhci_debug *up = file->private_data; + return no_seek_end_llseek_size(file, off, whence, up->size); } static ssize_t uhci_debug_read(struct file *file, char __user *buf, diff --git a/drivers/usb/misc/sisusbvga/sisusb.c b/drivers/usb/misc/sisusbvga/sisusb.c index 306d6852ebc7..8efbabacc84e 100644 --- a/drivers/usb/misc/sisusbvga/sisusb.c +++ b/drivers/usb/misc/sisusbvga/sisusb.c @@ -2825,21 +2825,7 @@ sisusb_lseek(struct file *file, loff_t offset, int orig) return -ENODEV; } - switch (orig) { - case 0: - file->f_pos = offset; - ret = file->f_pos; - /* never negative, no force_successful_syscall needed */ - break; - case 1: - file->f_pos += offset; - ret = file->f_pos; - /* never negative, no force_successful_syscall needed */ - break; - default: - /* seeking relative to "end of file" is not supported */ - ret = -EINVAL; - } + ret = no_seek_end_llseek(file, offset, orig); mutex_unlock(&sisusb->lock); return ret; diff --git a/fs/read_write.c b/fs/read_write.c index 819ef3faf1bb..acb171331278 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -170,6 +170,45 @@ loff_t fixed_size_llseek(struct file *file, loff_t offset, int whence, loff_t si } EXPORT_SYMBOL(fixed_size_llseek); +/** + * no_seek_end_llseek - llseek implementation for fixed-sized devices + * @file: file structure to seek on + * @offset: file offset to seek to + * @whence: type of seek + * + */ +loff_t no_seek_end_llseek(struct file *file, loff_t offset, int whence) +{ + switch (whence) { + case SEEK_SET: case SEEK_CUR: + return generic_file_llseek_size(file, offset, whence, + ~0ULL, 0); + default: + return -EINVAL; + } +} +EXPORT_SYMBOL(no_seek_end_llseek); + +/** + * no_seek_end_llseek_size - llseek implementation for fixed-sized devices + * @file: file structure to seek on + * @offset: file offset to seek to + * @whence: type of seek + * @size: maximal offset allowed + * + */ +loff_t no_seek_end_llseek_size(struct file *file, loff_t offset, int whence, loff_t size) +{ + switch (whence) { + case SEEK_SET: case SEEK_CUR: + return generic_file_llseek_size(file, offset, whence, + size, 0); + default: + return -EINVAL; + } +} +EXPORT_SYMBOL(no_seek_end_llseek_size); + /** * noop_llseek - No Operation Performed llseek implementation * @file: file structure to seek on diff --git a/include/linux/fs.h b/include/linux/fs.h index bd1447661e3c..fb0fa224d8e8 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2660,6 +2660,8 @@ extern loff_t generic_file_llseek_size(struct file *file, loff_t offset, int whence, loff_t maxsize, loff_t eof); extern loff_t fixed_size_llseek(struct file *file, loff_t offset, int whence, loff_t size); +extern loff_t no_seek_end_llseek_size(struct file *, loff_t, int, loff_t); +extern loff_t no_seek_end_llseek(struct file *, loff_t, int); extern int generic_file_open(struct inode * inode, struct file * filp); extern int nonseekable_open(struct inode * inode, struct file * filp); -- cgit v1.2.3 From 16e5c1fc36040e592128a164499bc25eb138a80f Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 24 Dec 2015 00:06:05 -0500 Subject: convert a bunch of open-coded instances of memdup_user_nul() A _lot_ of ->write() instances were open-coding it; some are converted to memdup_user_nul(), a lot more remain... Signed-off-by: Al Viro --- arch/xtensa/platforms/iss/simdisk.c | 12 +-- drivers/net/wireless/ath/wil6210/debugfs.c | 12 +-- drivers/s390/char/vmcp.c | 11 +-- drivers/sbus/char/openprom.c | 13 +--- fs/afs/proc.c | 25 ++----- fs/cachefiles/daemon.c | 12 +-- fs/dlm/user.c | 11 +-- kernel/trace/blktrace.c | 12 +-- lib/dynamic_debug.c | 11 +-- net/rxrpc/ar-key.c | 24 ++---- security/smack/smackfs.c | 114 ++++++++--------------------- security/tomoyo/securityfs_if.c | 11 +-- 12 files changed, 71 insertions(+), 197 deletions(-) (limited to 'drivers') diff --git a/arch/xtensa/platforms/iss/simdisk.c b/arch/xtensa/platforms/iss/simdisk.c index 3c3ace2c46b6..f58a4e6472cb 100644 --- a/arch/xtensa/platforms/iss/simdisk.c +++ b/arch/xtensa/platforms/iss/simdisk.c @@ -227,16 +227,12 @@ static ssize_t proc_read_simdisk(struct file *file, char __user *buf, static ssize_t proc_write_simdisk(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { - char *tmp = kmalloc(count + 1, GFP_KERNEL); + char *tmp = memdup_user_nul(buf, count); struct simdisk *dev = PDE_DATA(file_inode(file)); int err; - if (tmp == NULL) - return -ENOMEM; - if (copy_from_user(tmp, buf, count)) { - err = -EFAULT; - goto out_free; - } + if (IS_ERR(tmp)) + return PTR_ERR(tmp); err = simdisk_detach(dev); if (err != 0) @@ -244,8 +240,6 @@ static ssize_t proc_write_simdisk(struct file *file, const char __user *buf, if (count > 0 && tmp[count - 1] == '\n') tmp[count - 1] = 0; - else - tmp[count] = 0; if (tmp[0]) err = simdisk_attach(dev, tmp); diff --git a/drivers/net/wireless/ath/wil6210/debugfs.c b/drivers/net/wireless/ath/wil6210/debugfs.c index 97bc186f9728..a1d10b85989f 100644 --- a/drivers/net/wireless/ath/wil6210/debugfs.c +++ b/drivers/net/wireless/ath/wil6210/debugfs.c @@ -580,16 +580,10 @@ static ssize_t wil_write_file_rxon(struct file *file, const char __user *buf, long channel; bool on; - char *kbuf = kmalloc(len + 1, GFP_KERNEL); - - if (!kbuf) - return -ENOMEM; - if (copy_from_user(kbuf, buf, len)) { - kfree(kbuf); - return -EIO; - } + char *kbuf = memdup_user_nul(buf, len); - kbuf[len] = '\0'; + if (IS_ERR(kbuf)) + return PTR_ERR(kbuf); rc = kstrtol(kbuf, 0, &channel); kfree(kbuf); if (rc) diff --git a/drivers/s390/char/vmcp.c b/drivers/s390/char/vmcp.c index 0fdedadff7bc..2a67b496a9e2 100644 --- a/drivers/s390/char/vmcp.c +++ b/drivers/s390/char/vmcp.c @@ -88,14 +88,9 @@ vmcp_write(struct file *file, const char __user *buff, size_t count, if (count > 240) return -EINVAL; - cmd = kmalloc(count + 1, GFP_KERNEL); - if (!cmd) - return -ENOMEM; - if (copy_from_user(cmd, buff, count)) { - kfree(cmd); - return -EFAULT; - } - cmd[count] = '\0'; + cmd = memdup_user_nul(buff, count); + if (IS_ERR(cmd)) + return PTR_ERR(cmd); session = file->private_data; if (mutex_lock_interruptible(&session->mutex)) { kfree(cmd); diff --git a/drivers/sbus/char/openprom.c b/drivers/sbus/char/openprom.c index 5843288f64bc..e077ebd89319 100644 --- a/drivers/sbus/char/openprom.c +++ b/drivers/sbus/char/openprom.c @@ -390,16 +390,9 @@ static int copyin_string(char __user *user, size_t len, char **ptr) if ((ssize_t)len < 0 || (ssize_t)(len + 1) < 0) return -EINVAL; - tmp = kmalloc(len + 1, GFP_KERNEL); - if (!tmp) - return -ENOMEM; - - if (copy_from_user(tmp, user, len)) { - kfree(tmp); - return -EFAULT; - } - - tmp[len] = '\0'; + tmp = memdup_user_nul(user, len); + if (IS_ERR(tmp)) + return PTR_ERR(tmp); *ptr = tmp; diff --git a/fs/afs/proc.c b/fs/afs/proc.c index 24a905b076fd..2853b4095344 100644 --- a/fs/afs/proc.c +++ b/fs/afs/proc.c @@ -230,14 +230,9 @@ static ssize_t afs_proc_cells_write(struct file *file, const char __user *buf, if (size <= 1 || size >= PAGE_SIZE) return -EINVAL; - kbuf = kmalloc(size + 1, GFP_KERNEL); - if (!kbuf) - return -ENOMEM; - - ret = -EFAULT; - if (copy_from_user(kbuf, buf, size) != 0) - goto done; - kbuf[size] = 0; + kbuf = memdup_user_nul(buf, size); + if (IS_ERR(kbuf)) + return PTR_ERR(kbuf); /* trim to first NL */ name = memchr(kbuf, '\n', size); @@ -315,15 +310,9 @@ static ssize_t afs_proc_rootcell_write(struct file *file, if (size <= 1 || size >= PAGE_SIZE) return -EINVAL; - ret = -ENOMEM; - kbuf = kmalloc(size + 1, GFP_KERNEL); - if (!kbuf) - goto nomem; - - ret = -EFAULT; - if (copy_from_user(kbuf, buf, size) != 0) - goto infault; - kbuf[size] = 0; + kbuf = memdup_user_nul(buf, size); + if (IS_ERR(kbuf)) + return PTR_ERR(kbuf); /* trim to first NL */ s = memchr(kbuf, '\n', size); @@ -337,9 +326,7 @@ static ssize_t afs_proc_rootcell_write(struct file *file, if (ret >= 0) ret = size; /* consume everything, always */ -infault: kfree(kbuf); -nomem: _leave(" = %d", ret); return ret; } diff --git a/fs/cachefiles/daemon.c b/fs/cachefiles/daemon.c index f601def05bdf..452e98dd7560 100644 --- a/fs/cachefiles/daemon.c +++ b/fs/cachefiles/daemon.c @@ -226,15 +226,9 @@ static ssize_t cachefiles_daemon_write(struct file *file, return -EOPNOTSUPP; /* drag the command string into the kernel so we can parse it */ - data = kmalloc(datalen + 1, GFP_KERNEL); - if (!data) - return -ENOMEM; - - ret = -EFAULT; - if (copy_from_user(data, _data, datalen) != 0) - goto error; - - data[datalen] = '\0'; + data = memdup_user_nul(_data, datalen); + if (IS_ERR(data)) + return PTR_ERR(data); ret = -EINVAL; if (memchr(data, '\0', datalen)) diff --git a/fs/dlm/user.c b/fs/dlm/user.c index 173b3873a4f4..1925d6d222b8 100644 --- a/fs/dlm/user.c +++ b/fs/dlm/user.c @@ -515,14 +515,9 @@ static ssize_t device_write(struct file *file, const char __user *buf, if (count > sizeof(struct dlm_write_request) + DLM_RESNAME_MAXLEN) return -EINVAL; - kbuf = kzalloc(count + 1, GFP_NOFS); - if (!kbuf) - return -ENOMEM; - - if (copy_from_user(kbuf, buf, count)) { - error = -EFAULT; - goto out_free; - } + kbuf = memdup_user_nul(buf, count); + if (!IS_ERR(kbuf)) + return PTR_ERR(kbuf); if (check_version(kbuf)) { error = -EBADE; diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c index a990824c8604..2aeb6ffc0a1e 100644 --- a/kernel/trace/blktrace.c +++ b/kernel/trace/blktrace.c @@ -349,16 +349,10 @@ static ssize_t blk_msg_write(struct file *filp, const char __user *buffer, if (count >= BLK_TN_MAX_MSG) return -EINVAL; - msg = kmalloc(count + 1, GFP_KERNEL); - if (msg == NULL) - return -ENOMEM; - - if (copy_from_user(msg, buffer, count)) { - kfree(msg); - return -EFAULT; - } + msg = memdup_user_nul(buffer, count); + if (IS_ERR(msg)) + return PTR_ERR(msg); - msg[count] = '\0'; bt = filp->private_data; __trace_note_message(bt, "%s", msg); kfree(msg); diff --git a/lib/dynamic_debug.c b/lib/dynamic_debug.c index e3952e9c8ec0..fe42b6ec3f0c 100644 --- a/lib/dynamic_debug.c +++ b/lib/dynamic_debug.c @@ -657,14 +657,9 @@ static ssize_t ddebug_proc_write(struct file *file, const char __user *ubuf, pr_warn("expected <%d bytes into control\n", USER_BUF_PAGE); return -E2BIG; } - tmpbuf = kmalloc(len + 1, GFP_KERNEL); - if (!tmpbuf) - return -ENOMEM; - if (copy_from_user(tmpbuf, ubuf, len)) { - kfree(tmpbuf); - return -EFAULT; - } - tmpbuf[len] = '\0'; + tmpbuf = memdup_user_nul(ubuf, len); + if (IS_ERR(tmpbuf)) + return PTR_ERR(tmpbuf); vpr_info("read %d bytes from userspace\n", (int)len); ret = ddebug_exec_queries(tmpbuf, NULL); diff --git a/net/rxrpc/ar-key.c b/net/rxrpc/ar-key.c index da3cc09f683e..3f6571651d32 100644 --- a/net/rxrpc/ar-key.c +++ b/net/rxrpc/ar-key.c @@ -896,15 +896,9 @@ int rxrpc_request_key(struct rxrpc_sock *rx, char __user *optval, int optlen) if (optlen <= 0 || optlen > PAGE_SIZE - 1) return -EINVAL; - description = kmalloc(optlen + 1, GFP_KERNEL); - if (!description) - return -ENOMEM; - - if (copy_from_user(description, optval, optlen)) { - kfree(description); - return -EFAULT; - } - description[optlen] = 0; + description = memdup_user_nul(optval, optlen); + if (IS_ERR(description)) + return PTR_ERR(description); key = request_key(&key_type_rxrpc, description, NULL); if (IS_ERR(key)) { @@ -933,15 +927,9 @@ int rxrpc_server_keyring(struct rxrpc_sock *rx, char __user *optval, if (optlen <= 0 || optlen > PAGE_SIZE - 1) return -EINVAL; - description = kmalloc(optlen + 1, GFP_KERNEL); - if (!description) - return -ENOMEM; - - if (copy_from_user(description, optval, optlen)) { - kfree(description); - return -EFAULT; - } - description[optlen] = 0; + description = memdup_user_nul(optval, optlen); + if (IS_ERR(description)) + return PTR_ERR(description); key = request_key(&key_type_keyring, description, NULL); if (IS_ERR(key)) { diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 94bd9e41c9ec..e249a66db533 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -497,14 +497,9 @@ static ssize_t smk_write_rules_list(struct file *file, const char __user *buf, } } - data = kmalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - rc = -EFAULT; - goto out; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); /* * In case of parsing only part of user buf, @@ -884,16 +879,10 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf, (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX)) return -EINVAL; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - rc = -EFAULT; - goto unlockedout; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); - data[count] = '\0'; rule = data; /* * Only allow one writer at a time. Writes should be @@ -946,7 +935,6 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf, out: mutex_unlock(&smack_cipso_lock); -unlockedout: kfree(data); return rc; } @@ -1187,14 +1175,9 @@ static ssize_t smk_write_net4addr(struct file *file, const char __user *buf, if (count < SMK_NETLBLADDRMIN) return -EINVAL; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - rc = -EFAULT; - goto free_data_out; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); smack = kzalloc(count + 1, GFP_KERNEL); if (smack == NULL) { @@ -1202,8 +1185,6 @@ static ssize_t smk_write_net4addr(struct file *file, const char __user *buf, goto free_data_out; } - data[count] = '\0'; - rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%u %s", &host[0], &host[1], &host[2], &host[3], &masks, smack); if (rc != 6) { @@ -1454,14 +1435,9 @@ static ssize_t smk_write_net6addr(struct file *file, const char __user *buf, if (count < SMK_NETLBLADDRMIN) return -EINVAL; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - rc = -EFAULT; - goto free_data_out; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); smack = kzalloc(count + 1, GFP_KERNEL); if (smack == NULL) { @@ -1469,8 +1445,6 @@ static ssize_t smk_write_net6addr(struct file *file, const char __user *buf, goto free_data_out; } - data[count] = '\0'; - i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x/%u %s", &scanned[0], &scanned[1], &scanned[2], &scanned[3], &scanned[4], &scanned[5], &scanned[6], &scanned[7], @@ -1865,14 +1839,9 @@ static ssize_t smk_write_ambient(struct file *file, const char __user *buf, if (!smack_privileged(CAP_MAC_ADMIN)) return -EPERM; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - rc = -EFAULT; - goto out; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); skp = smk_import_entry(data, count); if (IS_ERR(skp)) { @@ -2041,14 +2010,9 @@ static ssize_t smk_write_onlycap(struct file *file, const char __user *buf, if (!smack_privileged(CAP_MAC_ADMIN)) return -EPERM; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - kfree(data); - return -EFAULT; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); rc = smk_parse_label_list(data, &list_tmp); kfree(data); @@ -2133,14 +2097,9 @@ static ssize_t smk_write_unconfined(struct file *file, const char __user *buf, if (!smack_privileged(CAP_MAC_ADMIN)) return -EPERM; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - rc = -EFAULT; - goto freeout; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); /* * Clear the smack_unconfined on invalid label errors. This means @@ -2696,19 +2655,15 @@ static ssize_t smk_write_syslog(struct file *file, const char __user *buf, if (!smack_privileged(CAP_MAC_ADMIN)) return -EPERM; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); - if (copy_from_user(data, buf, count) != 0) - rc = -EFAULT; - else { - skp = smk_import_entry(data, count); - if (IS_ERR(skp)) - rc = PTR_ERR(skp); - else - smack_syslog_label = skp; - } + skp = smk_import_entry(data, count); + if (IS_ERR(skp)) + rc = PTR_ERR(skp); + else + smack_syslog_label = skp; kfree(data); return rc; @@ -2798,14 +2753,9 @@ static ssize_t smk_write_relabel_self(struct file *file, const char __user *buf, if (*ppos != 0) return -EINVAL; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - kfree(data); - return -EFAULT; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); rc = smk_parse_label_list(data, &list_tmp); kfree(data); diff --git a/security/tomoyo/securityfs_if.c b/security/tomoyo/securityfs_if.c index 179a955b319d..06ab41b1ff28 100644 --- a/security/tomoyo/securityfs_if.c +++ b/security/tomoyo/securityfs_if.c @@ -43,13 +43,9 @@ static ssize_t tomoyo_write_self(struct file *file, const char __user *buf, int error; if (!count || count >= TOMOYO_EXEC_TMPSIZE - 10) return -ENOMEM; - data = kzalloc(count + 1, GFP_NOFS); - if (!data) - return -ENOMEM; - if (copy_from_user(data, buf, count)) { - error = -EFAULT; - goto out; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); tomoyo_normalize_line(data); if (tomoyo_correct_domain(data)) { const int idx = tomoyo_read_lock(); @@ -87,7 +83,6 @@ static ssize_t tomoyo_write_self(struct file *file, const char __user *buf, tomoyo_read_unlock(idx); } else error = -EINVAL; -out: kfree(data); return error ? error : count; } -- cgit v1.2.3 From f0fc86966253ad244f53841e3d8db2cf9f862019 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 24 Dec 2015 00:10:20 -0500 Subject: switch wireless debugfs ->write() instances to memdup_user_nul() again, it only parses the contents of the copied buffer, so get_zeroed_page() might as well had been kmalloc(), which makes it open-coded memdup_user_nul() Signed-off-by: Al Viro --- drivers/net/wireless/libertas/debugfs.c | 181 +++++++++++--------------------- drivers/net/wireless/mwifiex/debugfs.c | 82 +++++---------- 2 files changed, 89 insertions(+), 174 deletions(-) (limited to 'drivers') diff --git a/drivers/net/wireless/libertas/debugfs.c b/drivers/net/wireless/libertas/debugfs.c index 26cbf1dcc662..faed1823c58e 100644 --- a/drivers/net/wireless/libertas/debugfs.c +++ b/drivers/net/wireless/libertas/debugfs.c @@ -56,19 +56,15 @@ static ssize_t lbs_sleepparams_write(struct file *file, loff_t *ppos) { struct lbs_private *priv = file->private_data; - ssize_t buf_size, ret; + ssize_t ret; struct sleep_params sp; int p1, p2, p3, p4, p5, p6; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *)addr; - if (!buf) - return -ENOMEM; + char *buf; + + buf = memdup_user_nul(user_buf, min(count, len - 1)); + if (IS_ERR(buf)) + return PTR_ERR(buf); - buf_size = min(count, len - 1); - if (copy_from_user(buf, user_buf, buf_size)) { - ret = -EFAULT; - goto out_unlock; - } ret = sscanf(buf, "%d %d %d %d %d %d", &p1, &p2, &p3, &p4, &p5, &p6); if (ret != 6) { ret = -EINVAL; @@ -88,7 +84,7 @@ static ssize_t lbs_sleepparams_write(struct file *file, ret = -EINVAL; out_unlock: - free_page(addr); + kfree(buf); return ret; } @@ -125,18 +121,14 @@ static ssize_t lbs_host_sleep_write(struct file *file, loff_t *ppos) { struct lbs_private *priv = file->private_data; - ssize_t buf_size, ret; + ssize_t ret; int host_sleep; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *)addr; - if (!buf) - return -ENOMEM; + char *buf; + + buf = memdup_user_nul(user_buf, min(count, len - 1)); + if (IS_ERR(buf)) + return PTR_ERR(buf); - buf_size = min(count, len - 1); - if (copy_from_user(buf, user_buf, buf_size)) { - ret = -EFAULT; - goto out_unlock; - } ret = sscanf(buf, "%d", &host_sleep); if (ret != 1) { ret = -EINVAL; @@ -162,7 +154,7 @@ static ssize_t lbs_host_sleep_write(struct file *file, ret = count; out_unlock: - free_page(addr); + kfree(buf); return ret; } @@ -281,21 +273,15 @@ static ssize_t lbs_threshold_write(uint16_t tlv_type, uint16_t event_mask, struct cmd_ds_802_11_subscribe_event *events; struct mrvl_ie_thresholds *tlv; struct lbs_private *priv = file->private_data; - ssize_t buf_size; int value, freq, new_mask; uint16_t curr_mask; char *buf; int ret; - buf = (char *)get_zeroed_page(GFP_KERNEL); - if (!buf) - return -ENOMEM; + buf = memdup_user_nul(userbuf, min(count, len - 1)); + if (IS_ERR(buf)) + return PTR_ERR(buf); - buf_size = min(count, len - 1); - if (copy_from_user(buf, userbuf, buf_size)) { - ret = -EFAULT; - goto out_page; - } ret = sscanf(buf, "%d %d %d", &value, &freq, &new_mask); if (ret != 3) { ret = -EINVAL; @@ -343,7 +329,7 @@ static ssize_t lbs_threshold_write(uint16_t tlv_type, uint16_t event_mask, out_events: kfree(events); out_page: - free_page((unsigned long)buf); + kfree(buf); return ret; } @@ -472,22 +458,15 @@ static ssize_t lbs_rdmac_write(struct file *file, size_t count, loff_t *ppos) { struct lbs_private *priv = file->private_data; - ssize_t res, buf_size; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *)addr; - if (!buf) - return -ENOMEM; + char *buf; + + buf = memdup_user_nul(userbuf, min(count, len - 1)); + if (IS_ERR(buf)) + return PTR_ERR(buf); - buf_size = min(count, len - 1); - if (copy_from_user(buf, userbuf, buf_size)) { - res = -EFAULT; - goto out_unlock; - } priv->mac_offset = simple_strtoul(buf, NULL, 16); - res = count; -out_unlock: - free_page(addr); - return res; + kfree(buf); + return count; } static ssize_t lbs_wrmac_write(struct file *file, @@ -496,18 +475,14 @@ static ssize_t lbs_wrmac_write(struct file *file, { struct lbs_private *priv = file->private_data; - ssize_t res, buf_size; + ssize_t res; u32 offset, value; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *)addr; - if (!buf) - return -ENOMEM; + char *buf; + + buf = memdup_user_nul(userbuf, min(count, len - 1)); + if (IS_ERR(buf)) + return PTR_ERR(buf); - buf_size = min(count, len - 1); - if (copy_from_user(buf, userbuf, buf_size)) { - res = -EFAULT; - goto out_unlock; - } res = sscanf(buf, "%x %x", &offset, &value); if (res != 2) { res = -EFAULT; @@ -520,7 +495,7 @@ static ssize_t lbs_wrmac_write(struct file *file, if (!res) res = count; out_unlock: - free_page(addr); + kfree(buf); return res; } @@ -554,22 +529,16 @@ static ssize_t lbs_rdbbp_write(struct file *file, size_t count, loff_t *ppos) { struct lbs_private *priv = file->private_data; - ssize_t res, buf_size; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *)addr; - if (!buf) - return -ENOMEM; + char *buf; + + buf = memdup_user_nul(userbuf, min(count, len - 1)); + if (IS_ERR(buf)) + return PTR_ERR(buf); - buf_size = min(count, len - 1); - if (copy_from_user(buf, userbuf, buf_size)) { - res = -EFAULT; - goto out_unlock; - } priv->bbp_offset = simple_strtoul(buf, NULL, 16); - res = count; -out_unlock: - free_page(addr); - return res; + kfree(buf); + + return count; } static ssize_t lbs_wrbbp_write(struct file *file, @@ -578,18 +547,14 @@ static ssize_t lbs_wrbbp_write(struct file *file, { struct lbs_private *priv = file->private_data; - ssize_t res, buf_size; + ssize_t res; u32 offset, value; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *)addr; - if (!buf) - return -ENOMEM; + char *buf; + + buf = memdup_user_nul(userbuf, min(count, len - 1)); + if (IS_ERR(buf)) + return PTR_ERR(buf); - buf_size = min(count, len - 1); - if (copy_from_user(buf, userbuf, buf_size)) { - res = -EFAULT; - goto out_unlock; - } res = sscanf(buf, "%x %x", &offset, &value); if (res != 2) { res = -EFAULT; @@ -602,7 +567,7 @@ static ssize_t lbs_wrbbp_write(struct file *file, if (!res) res = count; out_unlock: - free_page(addr); + kfree(buf); return res; } @@ -636,22 +601,15 @@ static ssize_t lbs_rdrf_write(struct file *file, size_t count, loff_t *ppos) { struct lbs_private *priv = file->private_data; - ssize_t res, buf_size; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *)addr; - if (!buf) - return -ENOMEM; + char *buf; + + buf = memdup_user_nul(userbuf, min(count, len - 1)); + if (IS_ERR(buf)) + return PTR_ERR(buf); - buf_size = min(count, len - 1); - if (copy_from_user(buf, userbuf, buf_size)) { - res = -EFAULT; - goto out_unlock; - } priv->rf_offset = simple_strtoul(buf, NULL, 16); - res = count; -out_unlock: - free_page(addr); - return res; + kfree(buf); + return count; } static ssize_t lbs_wrrf_write(struct file *file, @@ -660,18 +618,14 @@ static ssize_t lbs_wrrf_write(struct file *file, { struct lbs_private *priv = file->private_data; - ssize_t res, buf_size; + ssize_t res; u32 offset, value; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *)addr; - if (!buf) - return -ENOMEM; + char *buf; + + buf = memdup_user_nul(userbuf, min(count, len - 1)); + if (IS_ERR(buf)) + return PTR_ERR(buf); - buf_size = min(count, len - 1); - if (copy_from_user(buf, userbuf, buf_size)) { - res = -EFAULT; - goto out_unlock; - } res = sscanf(buf, "%x %x", &offset, &value); if (res != 2) { res = -EFAULT; @@ -684,7 +638,7 @@ static ssize_t lbs_wrrf_write(struct file *file, if (!res) res = count; out_unlock: - free_page(addr); + kfree(buf); return res; } @@ -915,16 +869,9 @@ static ssize_t lbs_debugfs_write(struct file *f, const char __user *buf, if (cnt == 0) return 0; - pdata = kmalloc(cnt + 1, GFP_KERNEL); - if (pdata == NULL) - return 0; - - if (copy_from_user(pdata, buf, cnt)) { - lbs_deb_debugfs("Copy from user failed\n"); - kfree(pdata); - return 0; - } - pdata[cnt] = '\0'; + pdata = memdup_user_nul(buf, cnt); + if (IS_ERR(pdata)) + return PTR_ERR(pdata); p0 = pdata; for (i = 0; i < num_of_items; i++) { diff --git a/drivers/net/wireless/mwifiex/debugfs.c b/drivers/net/wireless/mwifiex/debugfs.c index 9824d8dd2b44..241e1c3fbf08 100644 --- a/drivers/net/wireless/mwifiex/debugfs.c +++ b/drivers/net/wireless/mwifiex/debugfs.c @@ -447,20 +447,13 @@ static ssize_t mwifiex_regrdwr_write(struct file *file, const char __user *ubuf, size_t count, loff_t *ppos) { - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *) addr; - size_t buf_size = min_t(size_t, count, PAGE_SIZE - 1); + char *buf; int ret; u32 reg_type = 0, reg_offset = 0, reg_value = UINT_MAX; - if (!buf) - return -ENOMEM; - - - if (copy_from_user(buf, ubuf, buf_size)) { - ret = -EFAULT; - goto done; - } + buf = memdup_user_nul(ubuf, min(count, (size_t)(PAGE_SIZE - 1))); + if (IS_ERR(buf)) + return PTR_ERR(buf); sscanf(buf, "%u %x %x", ®_type, ®_offset, ®_value); @@ -474,7 +467,7 @@ mwifiex_regrdwr_write(struct file *file, ret = count; } done: - free_page(addr); + kfree(buf); return ret; } @@ -572,17 +565,11 @@ mwifiex_debug_mask_write(struct file *file, const char __user *ubuf, int ret; unsigned long debug_mask; struct mwifiex_private *priv = (void *)file->private_data; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (void *)addr; - size_t buf_size = min(count, (size_t)(PAGE_SIZE - 1)); + char *buf; - if (!buf) - return -ENOMEM; - - if (copy_from_user(buf, ubuf, buf_size)) { - ret = -EFAULT; - goto done; - } + buf = memdup_user_nul(ubuf, min(count, (size_t)(PAGE_SIZE - 1))); + if (IS_ERR(buf)) + return PTR_ERR(buf); if (kstrtoul(buf, 0, &debug_mask)) { ret = -EINVAL; @@ -592,7 +579,7 @@ mwifiex_debug_mask_write(struct file *file, const char __user *ubuf, priv->adapter->debug_mask = debug_mask; ret = count; done: - free_page(addr); + kfree(buf); return ret; } @@ -609,17 +596,11 @@ mwifiex_memrw_write(struct file *file, const char __user *ubuf, size_t count, struct mwifiex_ds_mem_rw mem_rw; u16 cmd_action; struct mwifiex_private *priv = (void *)file->private_data; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (void *)addr; - size_t buf_size = min(count, (size_t)(PAGE_SIZE - 1)); - - if (!buf) - return -ENOMEM; + char *buf; - if (copy_from_user(buf, ubuf, buf_size)) { - ret = -EFAULT; - goto done; - } + buf = memdup_user_nul(ubuf, min(count, (size_t)(PAGE_SIZE - 1))); + if (IS_ERR(buf)) + return PTR_ERR(buf); ret = sscanf(buf, "%c %x %x", &cmd, &mem_rw.addr, &mem_rw.value); if (ret != 3) { @@ -645,7 +626,7 @@ mwifiex_memrw_write(struct file *file, const char __user *ubuf, size_t count, ret = count; done: - free_page(addr); + kfree(buf); return ret; } @@ -686,20 +667,13 @@ static ssize_t mwifiex_rdeeprom_write(struct file *file, const char __user *ubuf, size_t count, loff_t *ppos) { - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *) addr; - size_t buf_size = min_t(size_t, count, PAGE_SIZE - 1); + char *buf; int ret = 0; int offset = -1, bytes = -1; - if (!buf) - return -ENOMEM; - - - if (copy_from_user(buf, ubuf, buf_size)) { - ret = -EFAULT; - goto done; - } + buf = memdup_user_nul(ubuf, min(count, (size_t)(PAGE_SIZE - 1))); + if (IS_ERR(buf)) + return PTR_ERR(buf); sscanf(buf, "%d %d", &offset, &bytes); @@ -712,7 +686,7 @@ mwifiex_rdeeprom_write(struct file *file, ret = count; } done: - free_page(addr); + kfree(buf); return ret; } @@ -771,21 +745,15 @@ mwifiex_hscfg_write(struct file *file, const char __user *ubuf, size_t count, loff_t *ppos) { struct mwifiex_private *priv = (void *)file->private_data; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *)addr; - size_t buf_size = min_t(size_t, count, PAGE_SIZE - 1); + char *buf; int ret, arg_num; struct mwifiex_ds_hs_cfg hscfg; int conditions = HS_CFG_COND_DEF; u32 gpio = HS_CFG_GPIO_DEF, gap = HS_CFG_GAP_DEF; - if (!buf) - return -ENOMEM; - - if (copy_from_user(buf, ubuf, buf_size)) { - ret = -EFAULT; - goto done; - } + buf = memdup_user_nul(ubuf, min(count, (size_t)(PAGE_SIZE - 1))); + if (IS_ERR(buf)) + return PTR_ERR(buf); arg_num = sscanf(buf, "%d %x %x", &conditions, &gpio, &gap); @@ -823,7 +791,7 @@ mwifiex_hscfg_write(struct file *file, const char __user *ubuf, priv->adapter->hs_enabling = false; ret = count; done: - free_page(addr); + kfree(buf); return ret; } -- cgit v1.2.3 From e4e85bb091d13afef7b1a10b4bd209b442be8863 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 24 Dec 2015 00:12:09 -0500 Subject: cciss: switch to memdup_user_nul() all we do to buffer is strncmp()... Signed-off-by: Al Viro --- drivers/block/cciss.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) (limited to 'drivers') diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c index 0422c47261c3..b38bd06d564c 100644 --- a/drivers/block/cciss.c +++ b/drivers/block/cciss.c @@ -514,14 +514,9 @@ cciss_proc_write(struct file *file, const char __user *buf, if (!buf || length > PAGE_SIZE - 1) return -EINVAL; - buffer = (char *)__get_free_page(GFP_KERNEL); - if (!buffer) - return -ENOMEM; - - err = -EFAULT; - if (copy_from_user(buffer, buf, length)) - goto out; - buffer[length] = '\0'; + buffer = memdup_user_nul(buf, length); + if (IS_ERR(buffer)) + return PTR_ERR(buffer); #ifdef CONFIG_CISS_SCSI_TAPE if (strncmp(ENGAGE_SCSI, buffer, sizeof ENGAGE_SCSI - 1) == 0) { @@ -537,8 +532,7 @@ cciss_proc_write(struct file *file, const char __user *buf, /* might be nice to have "disengage" too, but it's not safely possible. (only 1 module use count, lock issues.) */ -out: - free_page((unsigned long)buffer); + kfree(buffer); return err; } -- cgit v1.2.3 From 4802c5919a70661d5022710d88e311c3880cd0fd Mon Sep 17 00:00:00 2001 From: Al Viro Date: Tue, 29 Dec 2015 14:55:33 -0500 Subject: drivers/mtd/maps/pcmciamtd.c: __iomem annotations Signed-off-by: Al Viro --- drivers/mtd/maps/pcmciamtd.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) (limited to 'drivers') diff --git a/drivers/mtd/maps/pcmciamtd.c b/drivers/mtd/maps/pcmciamtd.c index 3dad2111b7e3..70bb403f69f7 100644 --- a/drivers/mtd/maps/pcmciamtd.c +++ b/drivers/mtd/maps/pcmciamtd.c @@ -30,7 +30,7 @@ struct pcmciamtd_dev { struct pcmcia_device *p_dev; - caddr_t win_base; /* ioremapped address of PCMCIA window */ + void __iomem *win_base; /* ioremapped address of PCMCIA window */ unsigned int win_size; /* size of window */ unsigned int offset; /* offset into card the window currently points at */ struct map_info pcmcia_map; @@ -80,7 +80,7 @@ MODULE_PARM_DESC(mem_type, "Set Memory type (0=Flash, 1=RAM, 2=ROM, default=0)") /* read/write{8,16} copy_{from,to} routines with window remapping * to access whole card */ -static caddr_t remap_window(struct map_info *map, unsigned long to) +static void __iomem *remap_window(struct map_info *map, unsigned long to) { struct pcmciamtd_dev *dev = (struct pcmciamtd_dev *)map->map_priv_1; struct resource *win = (struct resource *) map->map_priv_2; @@ -107,7 +107,7 @@ static caddr_t remap_window(struct map_info *map, unsigned long to) static map_word pcmcia_read8_remap(struct map_info *map, unsigned long ofs) { - caddr_t addr; + void __iomem *addr; map_word d = {{0}}; addr = remap_window(map, ofs); @@ -122,7 +122,7 @@ static map_word pcmcia_read8_remap(struct map_info *map, unsigned long ofs) static map_word pcmcia_read16_remap(struct map_info *map, unsigned long ofs) { - caddr_t addr; + void __iomem *addr; map_word d = {{0}}; addr = remap_window(map, ofs); @@ -143,7 +143,7 @@ static void pcmcia_copy_from_remap(struct map_info *map, void *to, unsigned long pr_debug("to = %p from = %lu len = %zd\n", to, from, len); while(len) { int toread = win_size - (from & (win_size-1)); - caddr_t addr; + void __iomem *addr; if(toread > len) toread = len; @@ -163,7 +163,7 @@ static void pcmcia_copy_from_remap(struct map_info *map, void *to, unsigned long static void pcmcia_write8_remap(struct map_info *map, map_word d, unsigned long adr) { - caddr_t addr = remap_window(map, adr); + void __iomem *addr = remap_window(map, adr); if(!addr) return; @@ -175,7 +175,7 @@ static void pcmcia_write8_remap(struct map_info *map, map_word d, unsigned long static void pcmcia_write16_remap(struct map_info *map, map_word d, unsigned long adr) { - caddr_t addr = remap_window(map, adr); + void __iomem *addr = remap_window(map, adr); if(!addr) return; @@ -192,7 +192,7 @@ static void pcmcia_copy_to_remap(struct map_info *map, unsigned long to, const v pr_debug("to = %lu from = %p len = %zd\n", to, from, len); while(len) { int towrite = win_size - (to & (win_size-1)); - caddr_t addr; + void __iomem *addr; if(towrite > len) towrite = len; @@ -216,7 +216,7 @@ static void pcmcia_copy_to_remap(struct map_info *map, unsigned long to, const v static map_word pcmcia_read8(struct map_info *map, unsigned long ofs) { - caddr_t win_base = (caddr_t)map->map_priv_2; + void __iomem *win_base = (void __iomem *)map->map_priv_2; map_word d = {{0}}; if(DEV_REMOVED(map)) @@ -231,7 +231,7 @@ static map_word pcmcia_read8(struct map_info *map, unsigned long ofs) static map_word pcmcia_read16(struct map_info *map, unsigned long ofs) { - caddr_t win_base = (caddr_t)map->map_priv_2; + void __iomem *win_base = (void __iomem *)map->map_priv_2; map_word d = {{0}}; if(DEV_REMOVED(map)) @@ -246,7 +246,7 @@ static map_word pcmcia_read16(struct map_info *map, unsigned long ofs) static void pcmcia_copy_from(struct map_info *map, void *to, unsigned long from, ssize_t len) { - caddr_t win_base = (caddr_t)map->map_priv_2; + void __iomem *win_base = (void __iomem *)map->map_priv_2; if(DEV_REMOVED(map)) return; @@ -258,7 +258,7 @@ static void pcmcia_copy_from(struct map_info *map, void *to, unsigned long from, static void pcmcia_write8(struct map_info *map, map_word d, unsigned long adr) { - caddr_t win_base = (caddr_t)map->map_priv_2; + void __iomem *win_base = (void __iomem *)map->map_priv_2; if(DEV_REMOVED(map)) return; @@ -271,7 +271,7 @@ static void pcmcia_write8(struct map_info *map, map_word d, unsigned long adr) static void pcmcia_write16(struct map_info *map, map_word d, unsigned long adr) { - caddr_t win_base = (caddr_t)map->map_priv_2; + void __iomem *win_base = (void __iomem *)map->map_priv_2; if(DEV_REMOVED(map)) return; @@ -284,7 +284,7 @@ static void pcmcia_write16(struct map_info *map, map_word d, unsigned long adr) static void pcmcia_copy_to(struct map_info *map, unsigned long to, const void *from, ssize_t len) { - caddr_t win_base = (caddr_t)map->map_priv_2; + void __iomem *win_base = (void __iomem *)map->map_priv_2; if(DEV_REMOVED(map)) return; -- cgit v1.2.3 From 756d097b959aefe69a081496f84cfc14b1397a15 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Jan 2016 12:45:27 -0500 Subject: dm-bufio: virt_to_phys() doesn't change remainder modulo PAGE_SIZE ... so virt_to_phys(p) & (PAGE_SIZE - 1) is a very odd way to spell offset_in_page(p). Signed-off-by: Al Viro --- drivers/md/dm-bufio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'drivers') diff --git a/drivers/md/dm-bufio.c b/drivers/md/dm-bufio.c index 2dd33085b331..adeb8d0f8aad 100644 --- a/drivers/md/dm-bufio.c +++ b/drivers/md/dm-bufio.c @@ -630,7 +630,7 @@ static void use_inline_bio(struct dm_buffer *b, int rw, sector_t block, do { if (!bio_add_page(&b->bio, virt_to_page(ptr), len < PAGE_SIZE ? len : PAGE_SIZE, - virt_to_phys(ptr) & (PAGE_SIZE - 1))) { + offset_in_page(ptr))) { BUG_ON(b->c->block_size <= PAGE_SIZE); use_dmio(b, rw, block, end_io); return; -- cgit v1.2.3 From 93bbf5831dd1742a98c57b6415ee84ce35425067 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Jan 2016 13:30:54 -0500 Subject: md: more open-coded offset_in_page() Signed-off-by: Al Viro --- drivers/md/bcache/util.c | 2 +- drivers/md/dm-io.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'drivers') diff --git a/drivers/md/bcache/util.c b/drivers/md/bcache/util.c index db3ae4c2b223..dde6172f3f10 100644 --- a/drivers/md/bcache/util.c +++ b/drivers/md/bcache/util.c @@ -230,7 +230,7 @@ void bch_bio_map(struct bio *bio, void *base) BUG_ON(!bio->bi_iter.bi_size); BUG_ON(bio->bi_vcnt); - bv->bv_offset = base ? ((unsigned long) base) % PAGE_SIZE : 0; + bv->bv_offset = base ? offset_in_page(base) : 0; goto start; for (; size; bio->bi_vcnt++, bv++) { diff --git a/drivers/md/dm-io.c b/drivers/md/dm-io.c index 81c5e1a1f363..06d426eb5a30 100644 --- a/drivers/md/dm-io.c +++ b/drivers/md/dm-io.c @@ -246,7 +246,7 @@ static void vm_dp_init(struct dpages *dp, void *data) { dp->get_page = vm_get_page; dp->next_page = vm_next_page; - dp->context_u = ((unsigned long) data) & (PAGE_SIZE - 1); + dp->context_u = offset_in_page(data); dp->context_ptr = data; } @@ -271,7 +271,7 @@ static void km_dp_init(struct dpages *dp, void *data) { dp->get_page = km_get_page; dp->next_page = km_next_page; - dp->context_u = ((unsigned long) data) & (PAGE_SIZE - 1); + dp->context_u = offset_in_page(data); dp->context_ptr = data; } -- cgit v1.2.3 From 8ed6010d50ee010961ccecb4507470b244928603 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Jan 2016 14:56:33 -0500 Subject: mtip32xx: don't open-code memdup_user() [folded a fix by Dan Carpenter] Signed-off-by: Al Viro --- drivers/block/mtip32xx/mtip32xx.c | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) (limited to 'drivers') diff --git a/drivers/block/mtip32xx/mtip32xx.c b/drivers/block/mtip32xx/mtip32xx.c index 3457ac8c03e2..34997d8ecd64 100644 --- a/drivers/block/mtip32xx/mtip32xx.c +++ b/drivers/block/mtip32xx/mtip32xx.c @@ -2029,13 +2029,10 @@ static int exec_drive_taskfile(struct driver_data *dd, } if (taskout) { - outbuf = kzalloc(taskout, GFP_KERNEL); - if (outbuf == NULL) { - err = -ENOMEM; - goto abort; - } - if (copy_from_user(outbuf, buf + outtotal, taskout)) { - err = -EFAULT; + outbuf = memdup_user(buf + outtotal, taskout); + if (IS_ERR(outbuf)) { + err = PTR_ERR(outbuf); + outbuf = NULL; goto abort; } outbuf_dma = pci_map_single(dd->pdev, @@ -2050,14 +2047,10 @@ static int exec_drive_taskfile(struct driver_data *dd, } if (taskin) { - inbuf = kzalloc(taskin, GFP_KERNEL); - if (inbuf == NULL) { - err = -ENOMEM; - goto abort; - } - - if (copy_from_user(inbuf, buf + intotal, taskin)) { - err = -EFAULT; + inbuf = memdup_user(buf + intotal, taskin); + if (IS_ERR(inbuf)) { + err = PTR_ERR(inbuf); + inbuf = NULL; goto abort; } inbuf_dma = pci_map_single(dd->pdev, -- cgit v1.2.3 From 820351f05be93623c6e71b5d618f90f0deebc134 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Jan 2016 14:58:07 -0500 Subject: rsxx: don't open-code memdup_user() Signed-off-by: Al Viro --- drivers/block/rsxx/core.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) (limited to 'drivers') diff --git a/drivers/block/rsxx/core.c b/drivers/block/rsxx/core.c index d8b2488aaade..34997df132e2 100644 --- a/drivers/block/rsxx/core.c +++ b/drivers/block/rsxx/core.c @@ -203,14 +203,11 @@ static ssize_t rsxx_cram_write(struct file *fp, const char __user *ubuf, char *buf; ssize_t st; - buf = kzalloc(cnt, GFP_KERNEL); - if (!buf) - return -ENOMEM; + buf = memdup_user(ubuf, cnt); + if (IS_ERR(buf)) + return PTR_ERR(buf); - st = copy_from_user(buf, ubuf, cnt); - if (!st) - st = rsxx_creg_write(card, CREG_ADD_CRAM + (u32)*ppos, cnt, - buf, 1); + st = rsxx_creg_write(card, CREG_ADD_CRAM + (u32)*ppos, cnt, buf, 1); kfree(buf); if (st) return st; -- cgit v1.2.3 From abb0f6a79fe8eba7982b73313b8623259d78c3f6 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Jan 2016 14:59:38 -0500 Subject: cdrom: don't open-code memdup_user() Signed-off-by: Al Viro --- drivers/cdrom/cdrom.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) (limited to 'drivers') diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c index c206ccda899b..1b257ea9776a 100644 --- a/drivers/cdrom/cdrom.c +++ b/drivers/cdrom/cdrom.c @@ -3186,15 +3186,11 @@ static noinline int mmc_ioctl_dvd_read_struct(struct cdrom_device_info *cdi, if (!CDROM_CAN(CDC_DVD)) return -ENOSYS; - s = kmalloc(size, GFP_KERNEL); - if (!s) - return -ENOMEM; + s = memdup_user(arg, size); + if (IS_ERR(s)) + return PTR_ERR(s); cd_dbg(CD_DO_IOCTL, "entering DVD_READ_STRUCT\n"); - if (copy_from_user(s, arg, size)) { - kfree(s); - return -EFAULT; - } ret = dvd_read_struct(cdi, s, cgc); if (ret) -- cgit v1.2.3 From 8f1d57c172482c9a1568ec647fc5c2e64c6c6a57 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Jan 2016 15:06:19 -0500 Subject: amdkfd: don't open-code memdup_user() Signed-off-by: Al Viro --- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 33 +++++++------------------------- 1 file changed, 7 insertions(+), 26 deletions(-) (limited to 'drivers') diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c index c6a1b4cc6458..d321222fd92e 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c @@ -559,19 +559,10 @@ static int kfd_ioctl_dbg_address_watch(struct file *filep, /* this is the actual buffer to work with */ - args_buff = kmalloc(args->buf_size_in_bytes - - sizeof(*args), GFP_KERNEL); - if (args_buff == NULL) - return -ENOMEM; - - status = copy_from_user(args_buff, cmd_from_user, + args_buff = memdup_user(args_buff, args->buf_size_in_bytes - sizeof(*args)); - - if (status != 0) { - pr_debug("Failed to copy address watch user data\n"); - kfree(args_buff); - return -EINVAL; - } + if (IS_ERR(args_buff)) + return PTR_ERR(args_buff); aw_info.process = p; @@ -677,22 +668,12 @@ static int kfd_ioctl_dbg_wave_control(struct file *filep, if (cmd_from_user == NULL) return -EINVAL; - /* this is the actual buffer to work with */ + /* copy the entire buffer from user */ - args_buff = kmalloc(args->buf_size_in_bytes - sizeof(*args), - GFP_KERNEL); - - if (args_buff == NULL) - return -ENOMEM; - - /* Now copy the entire buffer from user */ - status = copy_from_user(args_buff, cmd_from_user, + args_buff = memdup_user(cmd_from_user, args->buf_size_in_bytes - sizeof(*args)); - if (status != 0) { - pr_debug("Failed to copy wave control user data\n"); - kfree(args_buff); - return -EINVAL; - } + if (IS_ERR(args_buff)) + return PTR_ERR(args_buff); /* move ptr to the start of the "pay-load" area */ wac_info.process = p; -- cgit v1.2.3 From 263a3df18fa2c078ab3e8b14fece6cfa6053e86a Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 7 Jan 2016 10:04:37 -0500 Subject: nbd: use ->compat_ioctl() Signed-off-by: Al Viro --- drivers/block/nbd.c | 1 + fs/compat_ioctl.c | 11 ----------- 2 files changed, 1 insertion(+), 11 deletions(-) (limited to 'drivers') diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c index 93b3f99b6865..e4c5cc107934 100644 --- a/drivers/block/nbd.c +++ b/drivers/block/nbd.c @@ -827,6 +827,7 @@ static const struct block_device_operations nbd_fops = { .owner = THIS_MODULE, .ioctl = nbd_ioctl, + .compat_ioctl = nbd_ioctl, }; #if IS_ENABLED(CONFIG_DEBUG_FS) diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c index 9144b779d10e..c9fca9c33ff1 100644 --- a/fs/compat_ioctl.c +++ b/fs/compat_ioctl.c @@ -1305,12 +1305,6 @@ COMPATIBLE_IOCTL(PCIIOC_CONTROLLER) COMPATIBLE_IOCTL(PCIIOC_MMAP_IS_IO) COMPATIBLE_IOCTL(PCIIOC_MMAP_IS_MEM) COMPATIBLE_IOCTL(PCIIOC_WRITE_COMBINE) -/* NBD */ -COMPATIBLE_IOCTL(NBD_DO_IT) -COMPATIBLE_IOCTL(NBD_CLEAR_SOCK) -COMPATIBLE_IOCTL(NBD_CLEAR_QUE) -COMPATIBLE_IOCTL(NBD_PRINT_DEBUG) -COMPATIBLE_IOCTL(NBD_DISCONNECT) /* i2c */ COMPATIBLE_IOCTL(I2C_SLAVE) COMPATIBLE_IOCTL(I2C_SLAVE_FORCE) @@ -1529,11 +1523,6 @@ static long do_ioctl_trans(unsigned int cmd, case KDSKBMETA: case KDSKBLED: case KDSETLED: - /* NBD */ - case NBD_SET_SOCK: - case NBD_SET_BLKSIZE: - case NBD_SET_SIZE: - case NBD_SET_SIZE_BLOCKS: return vfs_ioctl(file, cmd, arg); } -- cgit v1.2.3