[PATCH] serport oops fix
serport - avoid calling serio_interrupt or serio_write_wakeup on unregistered port. Also fix memory leak which could happen if serport was left unused by moving serio allocation down to serport_ldisc_read. Signed-off-by: Dmitry Torokhov <dtor@mail.ru> Cc: Vojtech Pavlik <vojtech@suse.cz> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
parent
f3a5c73d5e
commit
1ff2c873ca
1 changed files with 69 additions and 31 deletions
|
@ -27,11 +27,15 @@ MODULE_LICENSE("GPL");
|
|||
MODULE_ALIAS_LDISC(N_MOUSE);
|
||||
|
||||
#define SERPORT_BUSY 1
|
||||
#define SERPORT_ACTIVE 2
|
||||
#define SERPORT_DEAD 3
|
||||
|
||||
struct serport {
|
||||
struct tty_struct *tty;
|
||||
wait_queue_head_t wait;
|
||||
struct serio *serio;
|
||||
struct serio_device_id id;
|
||||
spinlock_t lock;
|
||||
unsigned long flags;
|
||||
};
|
||||
|
||||
|
@ -45,11 +49,29 @@ static int serport_serio_write(struct serio *serio, unsigned char data)
|
|||
return -(serport->tty->driver->write(serport->tty, &data, 1) != 1);
|
||||
}
|
||||
|
||||
static int serport_serio_open(struct serio *serio)
|
||||
{
|
||||
struct serport *serport = serio->port_data;
|
||||
unsigned long flags;
|
||||
|
||||
spin_lock_irqsave(&serport->lock, flags);
|
||||
set_bit(SERPORT_ACTIVE, &serport->flags);
|
||||
spin_unlock_irqrestore(&serport->lock, flags);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
static void serport_serio_close(struct serio *serio)
|
||||
{
|
||||
struct serport *serport = serio->port_data;
|
||||
unsigned long flags;
|
||||
|
||||
spin_lock_irqsave(&serport->lock, flags);
|
||||
clear_bit(SERPORT_ACTIVE, &serport->flags);
|
||||
set_bit(SERPORT_DEAD, &serport->flags);
|
||||
spin_unlock_irqrestore(&serport->lock, flags);
|
||||
|
||||
serport->serio->id.type = 0;
|
||||
wake_up_interruptible(&serport->wait);
|
||||
}
|
||||
|
||||
|
@ -61,36 +83,21 @@ static void serport_serio_close(struct serio *serio)
|
|||
static int serport_ldisc_open(struct tty_struct *tty)
|
||||
{
|
||||
struct serport *serport;
|
||||
struct serio *serio;
|
||||
char name[64];
|
||||
|
||||
if (!capable(CAP_SYS_ADMIN))
|
||||
return -EPERM;
|
||||
|
||||
serport = kmalloc(sizeof(struct serport), GFP_KERNEL);
|
||||
serio = kmalloc(sizeof(struct serio), GFP_KERNEL);
|
||||
if (unlikely(!serport || !serio)) {
|
||||
kfree(serport);
|
||||
kfree(serio);
|
||||
serport = kcalloc(1, sizeof(struct serport), GFP_KERNEL);
|
||||
if (!serport)
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
memset(serport, 0, sizeof(struct serport));
|
||||
serport->serio = serio;
|
||||
set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
|
||||
serport->tty = tty;
|
||||
tty->disc_data = serport;
|
||||
|
||||
memset(serio, 0, sizeof(struct serio));
|
||||
strlcpy(serio->name, "Serial port", sizeof(serio->name));
|
||||
snprintf(serio->phys, sizeof(serio->phys), "%s/serio0", tty_name(tty, name));
|
||||
serio->id.type = SERIO_RS232;
|
||||
serio->write = serport_serio_write;
|
||||
serio->close = serport_serio_close;
|
||||
serio->port_data = serport;
|
||||
|
||||
spin_lock_init(&serport->lock);
|
||||
init_waitqueue_head(&serport->wait);
|
||||
|
||||
tty->disc_data = serport;
|
||||
set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -100,7 +107,8 @@ static int serport_ldisc_open(struct tty_struct *tty)
|
|||
|
||||
static void serport_ldisc_close(struct tty_struct *tty)
|
||||
{
|
||||
struct serport *serport = (struct serport*) tty->disc_data;
|
||||
struct serport *serport = (struct serport *) tty->disc_data;
|
||||
|
||||
kfree(serport);
|
||||
}
|
||||
|
||||
|
@ -116,9 +124,19 @@ static void serport_ldisc_close(struct tty_struct *tty)
|
|||
static void serport_ldisc_receive(struct tty_struct *tty, const unsigned char *cp, char *fp, int count)
|
||||
{
|
||||
struct serport *serport = (struct serport*) tty->disc_data;
|
||||
unsigned long flags;
|
||||
int i;
|
||||
|
||||
spin_lock_irqsave(&serport->lock, flags);
|
||||
|
||||
if (!test_bit(SERPORT_ACTIVE, &serport->flags))
|
||||
goto out;
|
||||
|
||||
for (i = 0; i < count; i++)
|
||||
serio_interrupt(serport->serio, cp[i], 0, NULL);
|
||||
|
||||
out:
|
||||
spin_unlock_irqrestore(&serport->lock, flags);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -141,16 +159,33 @@ static int serport_ldisc_room(struct tty_struct *tty)
|
|||
static ssize_t serport_ldisc_read(struct tty_struct * tty, struct file * file, unsigned char __user * buf, size_t nr)
|
||||
{
|
||||
struct serport *serport = (struct serport*) tty->disc_data;
|
||||
struct serio *serio;
|
||||
char name[64];
|
||||
|
||||
if (test_and_set_bit(SERPORT_BUSY, &serport->flags))
|
||||
return -EBUSY;
|
||||
|
||||
serport->serio = serio = kcalloc(1, sizeof(struct serio), GFP_KERNEL);
|
||||
if (!serio)
|
||||
return -ENOMEM;
|
||||
|
||||
strlcpy(serio->name, "Serial port", sizeof(serio->name));
|
||||
snprintf(serio->phys, sizeof(serio->phys), "%s/serio0", tty_name(tty, name));
|
||||
serio->id = serport->id;
|
||||
serio->id.type = SERIO_RS232;
|
||||
serio->write = serport_serio_write;
|
||||
serio->open = serport_serio_open;
|
||||
serio->close = serport_serio_close;
|
||||
serio->port_data = serport;
|
||||
|
||||
serio_register_port(serport->serio);
|
||||
printk(KERN_INFO "serio: Serial port %s\n", tty_name(tty, name));
|
||||
wait_event_interruptible(serport->wait, !serport->serio->id.type);
|
||||
serio_unregister_port(serport->serio);
|
||||
|
||||
wait_event_interruptible(serport->wait, test_bit(SERPORT_DEAD, &serport->flags));
|
||||
serio_unregister_port(serport->serio);
|
||||
serport->serio = NULL;
|
||||
|
||||
clear_bit(SERPORT_DEAD, &serport->flags);
|
||||
clear_bit(SERPORT_BUSY, &serport->flags);
|
||||
|
||||
return 0;
|
||||
|
@ -163,16 +198,15 @@ static ssize_t serport_ldisc_read(struct tty_struct * tty, struct file * file, u
|
|||
static int serport_ldisc_ioctl(struct tty_struct * tty, struct file * file, unsigned int cmd, unsigned long arg)
|
||||
{
|
||||
struct serport *serport = (struct serport*) tty->disc_data;
|
||||
struct serio *serio = serport->serio;
|
||||
unsigned long type;
|
||||
|
||||
if (cmd == SPIOCSTYPE) {
|
||||
if (get_user(type, (unsigned long __user *) arg))
|
||||
return -EFAULT;
|
||||
|
||||
serio->id.proto = type & 0x000000ff;
|
||||
serio->id.id = (type & 0x0000ff00) >> 8;
|
||||
serio->id.extra = (type & 0x00ff0000) >> 16;
|
||||
serport->id.proto = type & 0x000000ff;
|
||||
serport->id.id = (type & 0x0000ff00) >> 8;
|
||||
serport->id.extra = (type & 0x00ff0000) >> 16;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -182,9 +216,13 @@ static int serport_ldisc_ioctl(struct tty_struct * tty, struct file * file, unsi
|
|||
|
||||
static void serport_ldisc_write_wakeup(struct tty_struct * tty)
|
||||
{
|
||||
struct serport *sp = (struct serport *) tty->disc_data;
|
||||
struct serport *serport = (struct serport *) tty->disc_data;
|
||||
unsigned long flags;
|
||||
|
||||
serio_drv_write_wakeup(sp->serio);
|
||||
spin_lock_irqsave(&serport->lock, flags);
|
||||
if (test_bit(SERPORT_ACTIVE, &serport->flags))
|
||||
serio_drv_write_wakeup(serport->serio);
|
||||
spin_unlock_irqrestore(&serport->lock, flags);
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
Loading…
Reference in a new issue