From: J Freyensee <[email protected]> This patch contains bug fixes made by Alan Cox in his 2.6.36 kernel.org tree (commit ID 00a84ad0f2c95d8e64baa6edfb67292a36c74d22) that got missed in the Meego tree. The changes mainly center around pti_char_write() and it's loop.
This patch will make both trees 'equal', which will allow the next patch to be applied on both trees to eliminate 3 bugs found in this code in both trees (irregardless of the current code inequality). Signed-off-by: J Freyensee <[email protected]> --- drivers/misc/pti.c | 69 +++++++++++++++++++++++++--------------------------- 1 files changed, 33 insertions(+), 36 deletions(-) diff --git a/drivers/misc/pti.c b/drivers/misc/pti.c index f9f33a2..9c31aef 100644 --- a/drivers/misc/pti.c +++ b/drivers/misc/pti.c @@ -29,9 +29,9 @@ #include <linux/init.h> #include <linux/sched.h> +#include <linux/interrupt.h> #include <linux/console.h> #include <linux/kernel.h> -#include <linux/hardirq.h> #include <linux/module.h> #include <linux/tty.h> #include <linux/tty_driver.h> @@ -40,18 +40,18 @@ #include <linux/miscdevice.h> #include <linux/pti.h> -#define DRIVERNAME "pti" -#define PCINAME "pciPTI" -#define TTYNAME "ttyPTI" -#define CHARNAME "pti" -#define MAX_APP_IDS 256 -#define MAX_OS_IDS 128 -#define CONTROL_ID 72 /* control master ID address */ -#define CONSOLE_ID 73 /* console master ID address */ -#define OS_BASE_ID 74 /* base OS master ID address */ -#define APP_BASE_ID 80 /* base App master ID address */ -#define USER_COPY_SIZE 8192 /* 8Kb buffer to copy data from user space */ -#define CONTROL_FRAME_LEN 32 /* PTI control frame maximum size */ +#define DRIVERNAME "pti" +#define PCINAME "pciPTI" +#define TTYNAME "ttyPTI" +#define CHARNAME "pti" +#define MAX_APP_IDS 256 +#define MAX_OS_IDS 128 +#define CONTROL_ID 72 /* control master ID address */ +#define CONSOLE_ID 73 /* console master ID address */ +#define OS_BASE_ID 74 /* base OS master ID address */ +#define APP_BASE_ID 80 /* base App master ID address */ +#define CONTROL_FRAME_LEN 32 /* PTI control frame maximum size */ +#define USER_COPY_SIZE 8192 /* 8Kb buffer to copy data from user space */ struct pti_tty { struct masterchannel *mc; @@ -103,7 +103,6 @@ static unsigned int pti_control_channel; static void pti_write_to_aperture(struct masterchannel *mc, u8 *buf, int len) { int dwordcnt, final, i; - u32 ptiword; u8 *p; u32 __iomem *aperture; @@ -134,11 +133,9 @@ static void pti_write_to_aperture(struct masterchannel *mc, u8 *buf, int len) iowrite32(ptiword, aperture); } - /* build final PTI word with trailing message bytes */ - aperture += DTS; /* adding DTS signals that is EOM */ - ptiword = 0; + ptiword = 0; for (i = 0; i < final; i++) ptiword |= *p++ << (24-(8*i)); @@ -168,13 +165,16 @@ static void pti_control_frame_built_and_sent(struct masterchannel *mc) struct masterchannel mccontrol = {.master = CONTROL_ID, .channel = 0}; const char *control_format = "%3d %3d %s"; - char comm[sizeof(current->comm)]; + char comm[sizeof(current->comm) + 1]; u8 control_frame[CONTROL_FRAME_LEN]; if (!in_interrupt()) get_task_comm(comm, current); else strcpy(comm, "Interrupt"); + + /* Ensure our buffer is zero terminated */ + comm[sizeof(current->comm)] = 0; mccontrol.channel = pti_control_channel; pti_control_channel = (pti_control_channel + 1) & 0x7f; @@ -393,8 +393,6 @@ static int pti_tty_driver_open(struct tty_struct *tty, struct file *filp) struct masterchannel *mc; int ret = 0; - pr_debug("%s %s(%d): Called.\n", __FILE__, __func__, __LINE__); - /* we actually want to allocate a new channel per open, per system arch. HW gives more than plenty channels for a single @@ -405,6 +403,8 @@ static int pti_tty_driver_open(struct tty_struct *tty, struct file *filp) ret = tty_port_open(&drv_data->port, tty, filp); pti_tty_data = tty->driver_data; mc = mipi_request_masterchannel(0); + if (mc == 0) + return -EBUSY; pti_tty_data->mc = mc; return ret; @@ -445,8 +445,6 @@ static int pti_tty_install(struct tty_driver *driver, struct tty_struct *tty) struct pti_tty *pti_tty_data; int ret = tty_init_termios(tty); - pr_debug("%s(%d): Called.\n", __func__, __LINE__); - if (ret == 0) { tty_driver_kref_get(driver); tty->count++; @@ -562,41 +560,40 @@ ssize_t pti_char_write(struct file *filp, const char *data, size_t len, struct masterchannel *mc; void *kbuf; const char *tmp = data; - size_t size; - if (len <= USER_COPY_SIZE) - kbuf = kmalloc(len, GFP_KERNEL); - else - kbuf = kmalloc(USER_COPY_SIZE, GFP_KERNEL); + size_t size = USER_COPY_SIZE, n = 0; + + mc = filp->private_data; + kbuf = kmalloc(size, GFP_KERNEL); if (kbuf == NULL) { pr_err("%s(%d): buf allocation failed\n", __func__, __LINE__); - return -ENOMEM; + return 0; } - mc = filp->private_data; - do { - if (len <= USER_COPY_SIZE) - size = len; - else + if (len - n > USER_COPY_SIZE) size = USER_COPY_SIZE; + else + size = len - n; if (copy_from_user(kbuf, tmp, size)) { kfree(kbuf); - return -EFAULT; + return n ? n : -EFAULT; } + pr_debug("%s(%d): writing %u bytes\n", __func__, __LINE__, size); pti_write_to_aperture(mc, kbuf, size); - len -= size; + n += size; tmp += size; - } while (len >= 0); + } while (len > n); kfree(kbuf); kbuf = 0; + return len; } -- 1.6.6.1 _______________________________________________ MeeGo-kernel mailing list [email protected] http://lists.meego.com/listinfo/meego-kernel
