usb: gadget: f_mtp: Avoid race between mtp_read and mtp_function_disable
[GitHub/exynos8895/android_kernel_samsung_universal8895.git] / drivers / char / raw.c
... / ...
CommitLineData
1/*
2 * linux/drivers/char/raw.c
3 *
4 * Front-end raw character devices. These can be bound to any block
5 * devices to provide genuine Unix raw character device semantics.
6 *
7 * We reserve minor number 0 for a control interface. ioctl()s on this
8 * device are used to bind the other minor numbers to block devices.
9 */
10
11#include <linux/init.h>
12#include <linux/fs.h>
13#include <linux/major.h>
14#include <linux/blkdev.h>
15#include <linux/backing-dev.h>
16#include <linux/module.h>
17#include <linux/raw.h>
18#include <linux/capability.h>
19#include <linux/uio.h>
20#include <linux/cdev.h>
21#include <linux/device.h>
22#include <linux/mutex.h>
23#include <linux/gfp.h>
24#include <linux/compat.h>
25#include <linux/vmalloc.h>
26
27#include <asm/uaccess.h>
28
29struct raw_device_data {
30 struct block_device *binding;
31 int inuse;
32};
33
34static struct class *raw_class;
35static struct raw_device_data *raw_devices;
36static DEFINE_MUTEX(raw_mutex);
37static const struct file_operations raw_ctl_fops; /* forward declaration */
38
39static int max_raw_minors = MAX_RAW_MINORS;
40
41module_param(max_raw_minors, int, 0);
42MODULE_PARM_DESC(max_raw_minors, "Maximum number of raw devices (1-65536)");
43
44/*
45 * Open/close code for raw IO.
46 *
47 * We just rewrite the i_mapping for the /dev/raw/rawN file descriptor to
48 * point at the blockdev's address_space and set the file handle to use
49 * O_DIRECT.
50 *
51 * Set the device's soft blocksize to the minimum possible. This gives the
52 * finest possible alignment and has no adverse impact on performance.
53 */
54static int raw_open(struct inode *inode, struct file *filp)
55{
56 const int minor = iminor(inode);
57 struct block_device *bdev;
58 int err;
59
60 if (minor == 0) { /* It is the control device */
61 filp->f_op = &raw_ctl_fops;
62 return 0;
63 }
64
65 mutex_lock(&raw_mutex);
66
67 /*
68 * All we need to do on open is check that the device is bound.
69 */
70 bdev = raw_devices[minor].binding;
71 err = -ENODEV;
72 if (!bdev)
73 goto out;
74 igrab(bdev->bd_inode);
75 err = blkdev_get(bdev, filp->f_mode | FMODE_EXCL, raw_open);
76 if (err)
77 goto out;
78 err = set_blocksize(bdev, bdev_logical_block_size(bdev));
79 if (err)
80 goto out1;
81 filp->f_flags |= O_DIRECT;
82 filp->f_mapping = bdev->bd_inode->i_mapping;
83 if (++raw_devices[minor].inuse == 1)
84 file_inode(filp)->i_mapping =
85 bdev->bd_inode->i_mapping;
86 filp->private_data = bdev;
87 mutex_unlock(&raw_mutex);
88 return 0;
89
90out1:
91 blkdev_put(bdev, filp->f_mode | FMODE_EXCL);
92out:
93 mutex_unlock(&raw_mutex);
94 return err;
95}
96
97/*
98 * When the final fd which refers to this character-special node is closed, we
99 * make its ->mapping point back at its own i_data.
100 */
101static int raw_release(struct inode *inode, struct file *filp)
102{
103 const int minor= iminor(inode);
104 struct block_device *bdev;
105
106 mutex_lock(&raw_mutex);
107 bdev = raw_devices[minor].binding;
108 if (--raw_devices[minor].inuse == 0)
109 /* Here inode->i_mapping == bdev->bd_inode->i_mapping */
110 inode->i_mapping = &inode->i_data;
111 mutex_unlock(&raw_mutex);
112
113 blkdev_put(bdev, filp->f_mode | FMODE_EXCL);
114 return 0;
115}
116
117/*
118 * Forward ioctls to the underlying block device.
119 */
120static long
121raw_ioctl(struct file *filp, unsigned int command, unsigned long arg)
122{
123 struct block_device *bdev = filp->private_data;
124 return blkdev_ioctl(bdev, 0, command, arg);
125}
126
127static int bind_set(int number, u64 major, u64 minor)
128{
129 dev_t dev = MKDEV(major, minor);
130 struct raw_device_data *rawdev;
131 int err = 0;
132
133 if (number <= 0 || number >= max_raw_minors)
134 return -EINVAL;
135
136 if (MAJOR(dev) != major || MINOR(dev) != minor)
137 return -EINVAL;
138
139 rawdev = &raw_devices[number];
140
141 /*
142 * This is like making block devices, so demand the
143 * same capability
144 */
145 if (!capable(CAP_SYS_ADMIN))
146 return -EPERM;
147
148 /*
149 * For now, we don't need to check that the underlying
150 * block device is present or not: we can do that when
151 * the raw device is opened. Just check that the
152 * major/minor numbers make sense.
153 */
154
155 if (MAJOR(dev) == 0 && dev != 0)
156 return -EINVAL;
157
158 mutex_lock(&raw_mutex);
159 if (rawdev->inuse) {
160 mutex_unlock(&raw_mutex);
161 return -EBUSY;
162 }
163 if (rawdev->binding) {
164 bdput(rawdev->binding);
165 module_put(THIS_MODULE);
166 }
167 if (!dev) {
168 /* unbind */
169 rawdev->binding = NULL;
170 device_destroy(raw_class, MKDEV(RAW_MAJOR, number));
171 } else {
172 rawdev->binding = bdget(dev);
173 if (rawdev->binding == NULL) {
174 err = -ENOMEM;
175 } else {
176 dev_t raw = MKDEV(RAW_MAJOR, number);
177 __module_get(THIS_MODULE);
178 device_destroy(raw_class, raw);
179 device_create(raw_class, NULL, raw, NULL,
180 "raw%d", number);
181 }
182 }
183 mutex_unlock(&raw_mutex);
184 return err;
185}
186
187static int bind_get(int number, dev_t *dev)
188{
189 struct raw_device_data *rawdev;
190 struct block_device *bdev;
191
192 if (number <= 0 || number >= max_raw_minors)
193 return -EINVAL;
194
195 rawdev = &raw_devices[number];
196
197 mutex_lock(&raw_mutex);
198 bdev = rawdev->binding;
199 *dev = bdev ? bdev->bd_dev : 0;
200 mutex_unlock(&raw_mutex);
201 return 0;
202}
203
204/*
205 * Deal with ioctls against the raw-device control interface, to bind
206 * and unbind other raw devices.
207 */
208static long raw_ctl_ioctl(struct file *filp, unsigned int command,
209 unsigned long arg)
210{
211 struct raw_config_request rq;
212 dev_t dev;
213 int err;
214
215 switch (command) {
216 case RAW_SETBIND:
217 if (copy_from_user(&rq, (void __user *) arg, sizeof(rq)))
218 return -EFAULT;
219
220 return bind_set(rq.raw_minor, rq.block_major, rq.block_minor);
221
222 case RAW_GETBIND:
223 if (copy_from_user(&rq, (void __user *) arg, sizeof(rq)))
224 return -EFAULT;
225
226 err = bind_get(rq.raw_minor, &dev);
227 if (err)
228 return err;
229
230 rq.block_major = MAJOR(dev);
231 rq.block_minor = MINOR(dev);
232
233 if (copy_to_user((void __user *)arg, &rq, sizeof(rq)))
234 return -EFAULT;
235
236 return 0;
237 }
238
239 return -EINVAL;
240}
241
242#ifdef CONFIG_COMPAT
243struct raw32_config_request {
244 compat_int_t raw_minor;
245 compat_u64 block_major;
246 compat_u64 block_minor;
247};
248
249static long raw_ctl_compat_ioctl(struct file *file, unsigned int cmd,
250 unsigned long arg)
251{
252 struct raw32_config_request __user *user_req = compat_ptr(arg);
253 struct raw32_config_request rq;
254 dev_t dev;
255 int err = 0;
256
257 switch (cmd) {
258 case RAW_SETBIND:
259 if (copy_from_user(&rq, user_req, sizeof(rq)))
260 return -EFAULT;
261
262 return bind_set(rq.raw_minor, rq.block_major, rq.block_minor);
263
264 case RAW_GETBIND:
265 if (copy_from_user(&rq, user_req, sizeof(rq)))
266 return -EFAULT;
267
268 err = bind_get(rq.raw_minor, &dev);
269 if (err)
270 return err;
271
272 rq.block_major = MAJOR(dev);
273 rq.block_minor = MINOR(dev);
274
275 if (copy_to_user(user_req, &rq, sizeof(rq)))
276 return -EFAULT;
277
278 return 0;
279 }
280
281 return -EINVAL;
282}
283#endif
284
285static const struct file_operations raw_fops = {
286 .read_iter = blkdev_read_iter,
287 .write_iter = blkdev_write_iter,
288 .fsync = blkdev_fsync,
289 .open = raw_open,
290 .release = raw_release,
291 .unlocked_ioctl = raw_ioctl,
292 .llseek = default_llseek,
293 .owner = THIS_MODULE,
294};
295
296static const struct file_operations raw_ctl_fops = {
297 .unlocked_ioctl = raw_ctl_ioctl,
298#ifdef CONFIG_COMPAT
299 .compat_ioctl = raw_ctl_compat_ioctl,
300#endif
301 .open = raw_open,
302 .owner = THIS_MODULE,
303 .llseek = noop_llseek,
304};
305
306static struct cdev raw_cdev;
307
308static char *raw_devnode(struct device *dev, umode_t *mode)
309{
310 return kasprintf(GFP_KERNEL, "raw/%s", dev_name(dev));
311}
312
313static int __init raw_init(void)
314{
315 dev_t dev = MKDEV(RAW_MAJOR, 0);
316 int ret;
317
318 if (max_raw_minors < 1 || max_raw_minors > 65536) {
319 printk(KERN_WARNING "raw: invalid max_raw_minors (must be"
320 " between 1 and 65536), using %d\n", MAX_RAW_MINORS);
321 max_raw_minors = MAX_RAW_MINORS;
322 }
323
324 raw_devices = vzalloc(sizeof(struct raw_device_data) * max_raw_minors);
325 if (!raw_devices) {
326 printk(KERN_ERR "Not enough memory for raw device structures\n");
327 ret = -ENOMEM;
328 goto error;
329 }
330
331 ret = register_chrdev_region(dev, max_raw_minors, "raw");
332 if (ret)
333 goto error;
334
335 cdev_init(&raw_cdev, &raw_fops);
336 ret = cdev_add(&raw_cdev, dev, max_raw_minors);
337 if (ret) {
338 goto error_region;
339 }
340
341 raw_class = class_create(THIS_MODULE, "raw");
342 if (IS_ERR(raw_class)) {
343 printk(KERN_ERR "Error creating raw class.\n");
344 cdev_del(&raw_cdev);
345 ret = PTR_ERR(raw_class);
346 goto error_region;
347 }
348 raw_class->devnode = raw_devnode;
349 device_create(raw_class, NULL, MKDEV(RAW_MAJOR, 0), NULL, "rawctl");
350
351 return 0;
352
353error_region:
354 unregister_chrdev_region(dev, max_raw_minors);
355error:
356 vfree(raw_devices);
357 return ret;
358}
359
360static void __exit raw_exit(void)
361{
362 device_destroy(raw_class, MKDEV(RAW_MAJOR, 0));
363 class_destroy(raw_class);
364 cdev_del(&raw_cdev);
365 unregister_chrdev_region(MKDEV(RAW_MAJOR, 0), max_raw_minors);
366}
367
368module_init(raw_init);
369module_exit(raw_exit);
370MODULE_LICENSE("GPL");