From: Dmitry Torokhov <dtor_core@ameritech.net>
To: Vojtech Pavlik <vojtech@suse.cz>
Cc: LKML <linux-kernel@vger.kernel.org>,
InputML <linux-input@atrey.karlin.mff.cuni.cz>,
Andrew Morton <akpm@osdl.org>
Subject: [PATCH 3/4] serport oops fix
Date: Mon, 4 Apr 2005 01:13:00 -0500 [thread overview]
Message-ID: <200504040113.01274.dtor_core@ameritech.net> (raw)
In-Reply-To: <200504040111.49402.dtor_core@ameritech.net>
===================================================================
Input: serport - avoid calling serio_interrupt or serio_write_wakeup
on unregistered port. Also fix memory leak which could happen
if serport was left unused by moving serio allocation down to
serport_ldisc_read.
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
serport.c | 98 +++++++++++++++++++++++++++++++++++++++++++-------------------
1 files changed, 68 insertions(+), 30 deletions(-)
Index: dtor/drivers/input/serio/serport.c
===================================================================
--- dtor.orig/drivers/input/serio/serport.c
+++ dtor/drivers/input/serio/serport.c
@@ -27,11 +27,15 @@ MODULE_LICENSE("GPL");
MODULE_ALIAS_LDISC(N_MOUSE);
#define SERPORT_BUSY 1
+#define SERPORT_ACTIVE 2
+#define SERPORT_DEAD 3
struct serport {
struct tty_struct *tty;
wait_queue_head_t wait;
struct serio *serio;
+ struct serio_device_id id;
+ spinlock_t lock;
unsigned long flags;
};
@@ -45,11 +49,29 @@ static int serport_serio_write(struct se
return -(serport->tty->driver->write(serport->tty, &data, 1) != 1);
}
+static int serport_serio_open(struct serio *serio)
+{
+ struct serport *serport = serio->port_data;
+ unsigned long flags;
+
+ spin_lock_irqsave(&serport->lock, flags);
+ set_bit(SERPORT_ACTIVE, &serport->flags);
+ spin_unlock_irqrestore(&serport->lock, flags);
+
+ return 0;
+}
+
+
static void serport_serio_close(struct serio *serio)
{
struct serport *serport = serio->port_data;
+ unsigned long flags;
+
+ spin_lock_irqsave(&serport->lock, flags);
+ clear_bit(SERPORT_ACTIVE, &serport->flags);
+ set_bit(SERPORT_DEAD, &serport->flags);
+ spin_unlock_irqrestore(&serport->lock, flags);
- serport->serio->id.type = 0;
wake_up_interruptible(&serport->wait);
}
@@ -61,36 +83,21 @@ static void serport_serio_close(struct s
static int serport_ldisc_open(struct tty_struct *tty)
{
struct serport *serport;
- struct serio *serio;
- char name[64];
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
- serport = kmalloc(sizeof(struct serport), GFP_KERNEL);
- serio = kmalloc(sizeof(struct serio), GFP_KERNEL);
- if (unlikely(!serport || !serio)) {
- kfree(serport);
- kfree(serio);
+ serport = kcalloc(1, sizeof(struct serport), GFP_KERNEL);
+ if (!serport)
return -ENOMEM;
- }
- memset(serport, 0, sizeof(struct serport));
- serport->serio = serio;
- set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
serport->tty = tty;
- tty->disc_data = serport;
-
- memset(serio, 0, sizeof(struct serio));
- strlcpy(serio->name, "Serial port", sizeof(serio->name));
- snprintf(serio->phys, sizeof(serio->phys), "%s/serio0", tty_name(tty, name));
- serio->id.type = SERIO_RS232;
- serio->write = serport_serio_write;
- serio->close = serport_serio_close;
- serio->port_data = serport;
-
+ spin_lock_init(&serport->lock);
init_waitqueue_head(&serport->wait);
+ tty->disc_data = serport;
+ set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
+
return 0;
}
@@ -100,7 +107,8 @@ static int serport_ldisc_open(struct tty
static void serport_ldisc_close(struct tty_struct *tty)
{
- struct serport *serport = (struct serport*) tty->disc_data;
+ struct serport *serport = (struct serport *) tty->disc_data;
+
kfree(serport);
}
@@ -116,9 +124,19 @@ static void serport_ldisc_close(struct t
static void serport_ldisc_receive(struct tty_struct *tty, const unsigned char *cp, char *fp, int count)
{
struct serport *serport = (struct serport*) tty->disc_data;
+ unsigned long flags;
int i;
+
+ spin_lock_irqsave(&serport->lock, flags);
+
+ if (!test_bit(SERPORT_ACTIVE, &serport->flags))
+ goto out;
+
for (i = 0; i < count; i++)
serio_interrupt(serport->serio, cp[i], 0, NULL);
+
+out:
+ spin_unlock_irqrestore(&serport->lock, flags);
}
/*
@@ -141,16 +159,33 @@ static int serport_ldisc_room(struct tty
static ssize_t serport_ldisc_read(struct tty_struct * tty, struct file * file, unsigned char __user * buf, size_t nr)
{
struct serport *serport = (struct serport*) tty->disc_data;
+ struct serio *serio;
char name[64];
if (test_and_set_bit(SERPORT_BUSY, &serport->flags))
return -EBUSY;
+ serport->serio = serio = kcalloc(1, sizeof(struct serio), GFP_KERNEL);
+ if (!serio)
+ return -ENOMEM;
+
+ strlcpy(serio->name, "Serial port", sizeof(serio->name));
+ snprintf(serio->phys, sizeof(serio->phys), "%s/serio0", tty_name(tty, name));
+ serio->id = serport->id;
+ serio->id.type = SERIO_RS232;
+ serio->write = serport_serio_write;
+ serio->open = serport_serio_open;
+ serio->close = serport_serio_close;
+ serio->port_data = serport;
+
serio_register_port(serport->serio);
printk(KERN_INFO "serio: Serial port %s\n", tty_name(tty, name));
- wait_event_interruptible(serport->wait, !serport->serio->id.type);
+
+ wait_event_interruptible(serport->wait, test_bit(SERPORT_DEAD, &serport->flags));
serio_unregister_port(serport->serio);
+ serport->serio = NULL;
+ clear_bit(SERPORT_DEAD, &serport->flags);
clear_bit(SERPORT_BUSY, &serport->flags);
return 0;
@@ -163,16 +198,15 @@ static ssize_t serport_ldisc_read(struct
static int serport_ldisc_ioctl(struct tty_struct * tty, struct file * file, unsigned int cmd, unsigned long arg)
{
struct serport *serport = (struct serport*) tty->disc_data;
- struct serio *serio = serport->serio;
unsigned long type;
if (cmd == SPIOCSTYPE) {
if (get_user(type, (unsigned long __user *) arg))
return -EFAULT;
- serio->id.proto = type & 0x000000ff;
- serio->id.id = (type & 0x0000ff00) >> 8;
- serio->id.extra = (type & 0x00ff0000) >> 16;
+ serport->id.proto = type & 0x000000ff;
+ serport->id.id = (type & 0x0000ff00) >> 8;
+ serport->id.extra = (type & 0x00ff0000) >> 16;
return 0;
}
@@ -182,9 +216,13 @@ static int serport_ldisc_ioctl(struct tt
static void serport_ldisc_write_wakeup(struct tty_struct * tty)
{
- struct serport *sp = (struct serport *) tty->disc_data;
+ struct serport *serport = (struct serport *) tty->disc_data;
+ unsigned long flags;
- serio_drv_write_wakeup(sp->serio);
+ spin_lock_irqsave(&serport->lock, flags);
+ if (test_bit(SERPORT_ACTIVE, &serport->flags))
+ serio_drv_write_wakeup(serport->serio);
+ spin_unlock_irqrestore(&serport->lock, flags);
}
/*
next prev parent reply other threads:[~2005-04-04 6:16 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-04 6:10 [PATCH 0/4] Input patches for 2.6.12 Dmitry Torokhov
2005-04-04 6:11 ` [PATCH 1/4] serio resume fix Dmitry Torokhov
2005-04-04 6:11 ` [PATCH 2/4] ALPS " Dmitry Torokhov
2005-04-04 6:13 ` Dmitry Torokhov [this message]
2005-04-04 6:13 ` [PATCH 4/4] serio 'id' attributes Dmitry Torokhov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200504040113.01274.dtor_core@ameritech.net \
--to=dtor_core@ameritech.net \
--cc=akpm@osdl.org \
--cc=linux-input@atrey.karlin.mff.cuni.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=vojtech@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox