From: Stoyan Gaydarov <stoyboyker@xxxxxxxxx> Signed-off-by: Stoyan Gaydarov <stoyboyker@xxxxxxxxx> --- drivers/usb/mon/mon_bin.c | 53 ++++++++++++++++++++++++++++++++------------ 1 files changed, 38 insertions(+), 15 deletions(-) diff --git a/drivers/usb/mon/mon_bin.c b/drivers/usb/mon/mon_bin.c index 4cf27c7..7789b7b 100644 --- a/drivers/usb/mon/mon_bin.c +++ b/drivers/usb/mon/mon_bin.c @@ -836,9 +836,10 @@ static int mon_bin_queued(struct mon_reader_bin *rp) /* */ -static int mon_bin_ioctl(struct inode *inode, struct file *file, - unsigned int cmd, unsigned long arg) +static long mon_bin_ioctl(struct file *file, unsigned int cmd, + unsigned long arg) { + lock_kernel(); struct mon_reader_bin *rp = file->private_data; // struct mon_bus* mbus = rp->r.m_bus; int ret = 0; @@ -874,8 +875,10 @@ static int mon_bin_ioctl(struct inode *inode, struct file *file, int size; struct mon_pgmap *vec; - if (arg < BUFF_MIN || arg > BUFF_MAX) + if (arg < BUFF_MIN || arg > BUFF_MAX) { + unlock_kernel(); return -EINVAL; + } size = CHUNK_ALIGN(arg); if ((vec = kzalloc(sizeof(struct mon_pgmap) * (size/CHUNK_SIZE), @@ -912,11 +915,15 @@ static int mon_bin_ioctl(struct inode *inode, struct file *file, struct mon_bin_get getb; if (copy_from_user(&getb, (void __user *)arg, - sizeof(struct mon_bin_get))) + sizeof(struct mon_bin_get))) { + unlock_kernel(); return -EFAULT; + } - if (getb.alloc > 0x10000000) /* Want to cast to u32 */ + if (getb.alloc > 0x10000000) { /* Want to cast to u32 */ + unlock_kernel(); return -EINVAL; + } ret = mon_bin_get_event(file, rp, getb.hdr, getb.data, (unsigned int)getb.alloc); } @@ -929,21 +936,31 @@ static int mon_bin_ioctl(struct inode *inode, struct file *file, uptr = (struct mon_bin_mfetch __user *)arg; - if (copy_from_user(&mfetch, uptr, sizeof(mfetch))) + if (copy_from_user(&mfetch, uptr, sizeof(mfetch))) { + unlock_kernel(); return -EFAULT; + } if (mfetch.nflush) { ret = mon_bin_flush(rp, mfetch.nflush); - if (ret < 0) + if (ret < 0) { + unlock_kernel(); return ret; - if (put_user(ret, &uptr->nflush)) + } + if (put_user(ret, &uptr->nflush)) { + unlock_kernel(); return -EFAULT; + } } ret = mon_bin_fetch(file, rp, mfetch.offvec, mfetch.nfetch); - if (ret < 0) + if (ret < 0) { + unlock_kernel(); return ret; - if (put_user(ret, &uptr->nfetch)) + } + if (put_user(ret, &uptr->nfetch)) { + unlock_kernel(); return -EFAULT; + } ret = 0; } break; @@ -960,18 +977,24 @@ static int mon_bin_ioctl(struct inode *inode, struct file *file, nevents = mon_bin_queued(rp); sp = (struct mon_bin_stats __user *)arg; - if (put_user(rp->cnt_lost, &sp->dropped)) + if (put_user(rp->cnt_lost, &sp->dropped)) { + unlock_kernel(); return -EFAULT; - if (put_user(nevents, &sp->queued)) + } + if (put_user(nevents, &sp->queued)) { + unlock_kernel(); return -EFAULT; + } } break; default: + unlock_kernel(); return -ENOTTY; } + unlock_kernel(); return ret; } @@ -1026,14 +1049,14 @@ static long mon_bin_compat_ioctl(struct file *file, return 0; case MON_IOCG_STATS: - return mon_bin_ioctl(NULL, file, cmd, + return mon_bin_ioctl(file, cmd, (unsigned long) compat_ptr(arg)); case MON_IOCQ_URB_LEN: case MON_IOCQ_RING_SIZE: case MON_IOCT_RING_SIZE: case MON_IOCH_MFLUSH: - return mon_bin_ioctl(NULL, file, cmd, arg); + return mon_bin_ioctl(file, cmd, arg); default: ; @@ -1117,7 +1140,7 @@ static const struct file_operations mon_fops_binary = { .read = mon_bin_read, /* .write = mon_text_write, */ .poll = mon_bin_poll, - .ioctl = mon_bin_ioctl, + .unlocked_ioctl = mon_bin_ioctl, #ifdef CONFIG_COMPAT .compat_ioctl = mon_bin_compat_ioctl, #endif -- 1.6.2 -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html