diff options
Diffstat (limited to 'drivers/char/mem.c')
| -rw-r--r-- | drivers/char/mem.c | 73 |
1 files changed, 38 insertions, 35 deletions
diff --git a/drivers/char/mem.c b/drivers/char/mem.c index a074fceb67d3..1270f6452e9a 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -35,6 +35,19 @@ # include <linux/efi.h> #endif +static inline unsigned long size_inside_page(unsigned long start, + unsigned long size) +{ + unsigned long sz; + + if (-start & (PAGE_SIZE - 1)) + sz = -start & (PAGE_SIZE - 1); + else + sz = PAGE_SIZE; + + return min_t(unsigned long, sz, size); +} + /* * Architectures vary in how they handle caching for addresses * outside of main memory. @@ -408,6 +421,7 @@ static ssize_t read_kmem(struct file *file, char __user *buf, unsigned long p = *ppos; ssize_t low_count, read, sz; char * kbuf; /* k-addr because vread() takes vmlist_lock rwlock */ + int err = 0; read = 0; if (p < (unsigned long) high_memory) { @@ -430,15 +444,7 @@ static ssize_t read_kmem(struct file *file, char __user *buf, } #endif while (low_count > 0) { - /* - * Handle first page in case it's not aligned - */ - if (-p & (PAGE_SIZE - 1)) - sz = -p & (PAGE_SIZE - 1); - else - sz = PAGE_SIZE; - - sz = min_t(unsigned long, sz, low_count); + sz = size_inside_page(p, low_count); /* * On ia64 if a page has been mapped somewhere as @@ -462,16 +468,18 @@ static ssize_t read_kmem(struct file *file, char __user *buf, if (!kbuf) return -ENOMEM; while (count > 0) { - int len = count; + int len = size_inside_page(p, count); - if (len > PAGE_SIZE) - len = PAGE_SIZE; + if (!is_vmalloc_or_module_addr((void *)p)) { + err = -ENXIO; + break; + } len = vread(kbuf, (char *)p, len); if (!len) break; if (copy_to_user(buf, kbuf, len)) { - free_page((unsigned long)kbuf); - return -EFAULT; + err = -EFAULT; + break; } count -= len; buf += len; @@ -480,8 +488,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, } free_page((unsigned long)kbuf); } - *ppos = p; - return read; + *ppos = p; + return read ? read : err; } @@ -510,15 +518,8 @@ do_write_kmem(void *p, unsigned long realp, const char __user * buf, while (count > 0) { char *ptr; - /* - * Handle first page in case it's not aligned - */ - if (-realp & (PAGE_SIZE - 1)) - sz = -realp & (PAGE_SIZE - 1); - else - sz = PAGE_SIZE; - sz = min_t(unsigned long, sz, count); + sz = size_inside_page(realp, count); /* * On ia64 if a page has been mapped somewhere as @@ -557,6 +558,7 @@ static ssize_t write_kmem(struct file * file, const char __user * buf, ssize_t virtr = 0; ssize_t written; char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */ + int err = 0; if (p < (unsigned long) high_memory) { @@ -578,20 +580,20 @@ static ssize_t write_kmem(struct file * file, const char __user * buf, if (!kbuf) return wrote ? wrote : -ENOMEM; while (count > 0) { - int len = count; + int len = size_inside_page(p, count); - if (len > PAGE_SIZE) - len = PAGE_SIZE; + if (!is_vmalloc_or_module_addr((void *)p)) { + err = -ENXIO; + break; + } if (len) { written = copy_from_user(kbuf, buf, len); if (written) { - if (wrote + virtr) - break; - free_page((unsigned long)kbuf); - return -EFAULT; + err = -EFAULT; + break; } } - len = vwrite(kbuf, (char *)p, len); + vwrite(kbuf, (char *)p, len); count -= len; buf += len; virtr += len; @@ -600,8 +602,8 @@ static ssize_t write_kmem(struct file * file, const char __user * buf, free_page((unsigned long)kbuf); } - *ppos = p; - return virtr + wrote; + *ppos = p; + return virtr + wrote ? : err; } #endif @@ -820,10 +822,11 @@ static const struct file_operations zero_fops = { /* * capabilities for /dev/zero * - permits private mappings, "copies" are taken of the source of zeros + * - no writeback happens */ static struct backing_dev_info zero_bdi = { .name = "char/mem", - .capabilities = BDI_CAP_MAP_COPY, + .capabilities = BDI_CAP_MAP_COPY | BDI_CAP_NO_ACCT_AND_WRITEBACK, }; static const struct file_operations full_fops = { |