2006-01-11 15:17:46 -05:00
|
|
|
#include <linux/capability.h>
|
2005-04-16 18:20:36 -04:00
|
|
|
#include <linux/blkdev.h>
|
|
|
|
#include <linux/blkpg.h>
|
2006-01-08 04:02:50 -05:00
|
|
|
#include <linux/hdreg.h>
|
2005-04-16 18:20:36 -04:00
|
|
|
#include <linux/backing-dev.h>
|
|
|
|
#include <linux/buffer_head.h>
|
|
|
|
#include <linux/smp_lock.h>
|
2006-03-23 14:00:26 -05:00
|
|
|
#include <linux/blktrace_api.h>
|
2005-04-16 18:20:36 -04:00
|
|
|
#include <asm/uaccess.h>
|
|
|
|
|
|
|
|
static int blkpg_ioctl(struct block_device *bdev, struct blkpg_ioctl_arg __user *arg)
|
|
|
|
{
|
|
|
|
struct block_device *bdevp;
|
|
|
|
struct gendisk *disk;
|
2008-09-03 03:03:02 -04:00
|
|
|
struct hd_struct *part;
|
2005-04-16 18:20:36 -04:00
|
|
|
struct blkpg_ioctl_arg a;
|
|
|
|
struct blkpg_partition p;
|
2008-09-03 03:03:02 -04:00
|
|
|
struct disk_part_iter piter;
|
2005-04-16 18:20:36 -04:00
|
|
|
long long start, length;
|
2008-09-03 03:01:09 -04:00
|
|
|
int partno;
|
2005-04-16 18:20:36 -04:00
|
|
|
|
|
|
|
if (!capable(CAP_SYS_ADMIN))
|
|
|
|
return -EACCES;
|
|
|
|
if (copy_from_user(&a, arg, sizeof(struct blkpg_ioctl_arg)))
|
|
|
|
return -EFAULT;
|
|
|
|
if (copy_from_user(&p, a.data, sizeof(struct blkpg_partition)))
|
|
|
|
return -EFAULT;
|
|
|
|
disk = bdev->bd_disk;
|
|
|
|
if (bdev != bdev->bd_contains)
|
|
|
|
return -EINVAL;
|
2008-09-03 03:01:09 -04:00
|
|
|
partno = p.pno;
|
2008-08-25 06:56:15 -04:00
|
|
|
if (partno <= 0)
|
2005-04-16 18:20:36 -04:00
|
|
|
return -EINVAL;
|
|
|
|
switch (a.op) {
|
|
|
|
case BLKPG_ADD_PARTITION:
|
|
|
|
start = p.start >> 9;
|
|
|
|
length = p.length >> 9;
|
|
|
|
/* check for fit in a hd_struct */
|
|
|
|
if (sizeof(sector_t) == sizeof(long) &&
|
|
|
|
sizeof(long long) > sizeof(long)) {
|
|
|
|
long pstart = start, plength = length;
|
|
|
|
if (pstart != start || plength != length
|
|
|
|
|| pstart < 0 || plength < 0)
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
2008-08-25 06:30:16 -04:00
|
|
|
|
2006-03-23 06:00:28 -05:00
|
|
|
mutex_lock(&bdev->bd_mutex);
|
2008-08-25 06:30:16 -04:00
|
|
|
|
2005-04-16 18:20:36 -04:00
|
|
|
/* overlap? */
|
2008-09-03 03:03:02 -04:00
|
|
|
disk_part_iter_init(&piter, disk,
|
|
|
|
DISK_PITER_INCL_EMPTY);
|
|
|
|
while ((part = disk_part_iter_next(&piter))) {
|
|
|
|
if (!(start + length <= part->start_sect ||
|
|
|
|
start >= part->start_sect + part->nr_sects)) {
|
|
|
|
disk_part_iter_exit(&piter);
|
2006-03-23 06:00:28 -05:00
|
|
|
mutex_unlock(&bdev->bd_mutex);
|
2005-04-16 18:20:36 -04:00
|
|
|
return -EBUSY;
|
|
|
|
}
|
|
|
|
}
|
2008-09-03 03:03:02 -04:00
|
|
|
disk_part_iter_exit(&piter);
|
|
|
|
|
2005-04-16 18:20:36 -04:00
|
|
|
/* all seems OK */
|
2008-11-10 01:29:58 -05:00
|
|
|
part = add_partition(disk, partno, start, length,
|
|
|
|
ADDPART_FLAG_NONE);
|
2006-03-23 06:00:28 -05:00
|
|
|
mutex_unlock(&bdev->bd_mutex);
|
2008-11-10 01:29:58 -05:00
|
|
|
return IS_ERR(part) ? PTR_ERR(part) : 0;
|
2005-04-16 18:20:36 -04:00
|
|
|
case BLKPG_DEL_PARTITION:
|
2008-09-03 03:03:02 -04:00
|
|
|
part = disk_get_part(disk, partno);
|
|
|
|
if (!part)
|
2005-04-16 18:20:36 -04:00
|
|
|
return -ENXIO;
|
2008-09-03 03:03:02 -04:00
|
|
|
|
|
|
|
bdevp = bdget(part_devt(part));
|
|
|
|
disk_put_part(part);
|
2005-04-16 18:20:36 -04:00
|
|
|
if (!bdevp)
|
|
|
|
return -ENOMEM;
|
2008-09-03 03:03:02 -04:00
|
|
|
|
2006-12-08 05:36:13 -05:00
|
|
|
mutex_lock(&bdevp->bd_mutex);
|
2005-04-16 18:20:36 -04:00
|
|
|
if (bdevp->bd_openers) {
|
2006-03-23 06:00:28 -05:00
|
|
|
mutex_unlock(&bdevp->bd_mutex);
|
2005-04-16 18:20:36 -04:00
|
|
|
bdput(bdevp);
|
|
|
|
return -EBUSY;
|
|
|
|
}
|
|
|
|
/* all seems OK */
|
|
|
|
fsync_bdev(bdevp);
|
2007-05-06 17:49:54 -04:00
|
|
|
invalidate_bdev(bdevp);
|
2005-04-16 18:20:36 -04:00
|
|
|
|
2007-02-20 16:58:18 -05:00
|
|
|
mutex_lock_nested(&bdev->bd_mutex, 1);
|
2008-09-03 03:01:09 -04:00
|
|
|
delete_partition(disk, partno);
|
2006-03-23 06:00:28 -05:00
|
|
|
mutex_unlock(&bdev->bd_mutex);
|
|
|
|
mutex_unlock(&bdevp->bd_mutex);
|
2005-04-16 18:20:36 -04:00
|
|
|
bdput(bdevp);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
default:
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static int blkdev_reread_part(struct block_device *bdev)
|
|
|
|
{
|
|
|
|
struct gendisk *disk = bdev->bd_disk;
|
|
|
|
int res;
|
|
|
|
|
2008-09-03 03:06:42 -04:00
|
|
|
if (!disk_partitionable(disk) || bdev != bdev->bd_contains)
|
2005-04-16 18:20:36 -04:00
|
|
|
return -EINVAL;
|
|
|
|
if (!capable(CAP_SYS_ADMIN))
|
|
|
|
return -EACCES;
|
2006-03-23 06:00:28 -05:00
|
|
|
if (!mutex_trylock(&bdev->bd_mutex))
|
2005-04-16 18:20:36 -04:00
|
|
|
return -EBUSY;
|
|
|
|
res = rescan_partitions(disk, bdev);
|
2006-03-23 06:00:28 -05:00
|
|
|
mutex_unlock(&bdev->bd_mutex);
|
2005-04-16 18:20:36 -04:00
|
|
|
return res;
|
|
|
|
}
|
|
|
|
|
2008-08-11 10:58:42 -04:00
|
|
|
static void blk_ioc_discard_endio(struct bio *bio, int err)
|
|
|
|
{
|
|
|
|
if (err) {
|
|
|
|
if (err == -EOPNOTSUPP)
|
|
|
|
set_bit(BIO_EOPNOTSUPP, &bio->bi_flags);
|
|
|
|
clear_bit(BIO_UPTODATE, &bio->bi_flags);
|
|
|
|
}
|
|
|
|
complete(bio->bi_private);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int blk_ioctl_discard(struct block_device *bdev, uint64_t start,
|
|
|
|
uint64_t len)
|
|
|
|
{
|
|
|
|
struct request_queue *q = bdev_get_queue(bdev);
|
|
|
|
int ret = 0;
|
|
|
|
|
|
|
|
if (start & 511)
|
|
|
|
return -EINVAL;
|
|
|
|
if (len & 511)
|
|
|
|
return -EINVAL;
|
|
|
|
start >>= 9;
|
|
|
|
len >>= 9;
|
|
|
|
|
|
|
|
if (start + len > (bdev->bd_inode->i_size >> 9))
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
if (!q->prepare_discard_fn)
|
|
|
|
return -EOPNOTSUPP;
|
|
|
|
|
|
|
|
while (len && !ret) {
|
|
|
|
DECLARE_COMPLETION_ONSTACK(wait);
|
|
|
|
struct bio *bio;
|
|
|
|
|
|
|
|
bio = bio_alloc(GFP_KERNEL, 0);
|
|
|
|
|
|
|
|
bio->bi_end_io = blk_ioc_discard_endio;
|
|
|
|
bio->bi_bdev = bdev;
|
|
|
|
bio->bi_private = &wait;
|
|
|
|
bio->bi_sector = start;
|
|
|
|
|
|
|
|
if (len > q->max_hw_sectors) {
|
|
|
|
bio->bi_size = q->max_hw_sectors << 9;
|
|
|
|
len -= q->max_hw_sectors;
|
|
|
|
start += q->max_hw_sectors;
|
|
|
|
} else {
|
|
|
|
bio->bi_size = len << 9;
|
|
|
|
len = 0;
|
|
|
|
}
|
2008-08-09 11:42:20 -04:00
|
|
|
submit_bio(DISCARD_NOBARRIER, bio);
|
2008-08-11 10:58:42 -04:00
|
|
|
|
|
|
|
wait_for_completion(&wait);
|
|
|
|
|
|
|
|
if (bio_flagged(bio, BIO_EOPNOTSUPP))
|
|
|
|
ret = -EOPNOTSUPP;
|
|
|
|
else if (!bio_flagged(bio, BIO_UPTODATE))
|
|
|
|
ret = -EIO;
|
|
|
|
bio_put(bio);
|
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2005-04-16 18:20:36 -04:00
|
|
|
static int put_ushort(unsigned long arg, unsigned short val)
|
|
|
|
{
|
|
|
|
return put_user(val, (unsigned short __user *)arg);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int put_int(unsigned long arg, int val)
|
|
|
|
{
|
|
|
|
return put_user(val, (int __user *)arg);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int put_long(unsigned long arg, long val)
|
|
|
|
{
|
|
|
|
return put_user(val, (long __user *)arg);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int put_ulong(unsigned long arg, unsigned long val)
|
|
|
|
{
|
|
|
|
return put_user(val, (unsigned long __user *)arg);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int put_u64(unsigned long arg, u64 val)
|
|
|
|
{
|
|
|
|
return put_user(val, (u64 __user *)arg);
|
|
|
|
}
|
|
|
|
|
2007-08-29 20:34:12 -04:00
|
|
|
int __blkdev_driver_ioctl(struct block_device *bdev, fmode_t mode,
|
|
|
|
unsigned cmd, unsigned long arg)
|
|
|
|
{
|
|
|
|
struct gendisk *disk = bdev->bd_disk;
|
|
|
|
int ret;
|
[PATCH] beginning of methods conversion
To keep the size of changesets sane we split the switch by drivers;
to keep the damn thing bisectable we do the following:
1) rename the affected methods, add ones with correct
prototypes, make (few) callers handle both. That's this changeset.
2) for each driver convert to new methods. *ALL* drivers
are converted in this series.
3) kill the old (renamed) methods.
Note that it _is_ a flagday; all in-tree drivers are converted and by the
end of this series no trace of old methods remain. The only reason why
we do that this way is to keep the damn thing bisectable and allow per-driver
debugging if anything goes wrong.
New methods:
open(bdev, mode)
release(disk, mode)
ioctl(bdev, mode, cmd, arg) /* Called without BKL */
compat_ioctl(bdev, mode, cmd, arg)
locked_ioctl(bdev, mode, cmd, arg) /* Called with BKL, legacy */
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2008-03-02 09:09:22 -05:00
|
|
|
|
|
|
|
if (disk->fops->ioctl)
|
|
|
|
return disk->fops->ioctl(bdev, mode, cmd, arg);
|
2007-08-29 20:34:12 -04:00
|
|
|
|
[PATCH] beginning of methods conversion
To keep the size of changesets sane we split the switch by drivers;
to keep the damn thing bisectable we do the following:
1) rename the affected methods, add ones with correct
prototypes, make (few) callers handle both. That's this changeset.
2) for each driver convert to new methods. *ALL* drivers
are converted in this series.
3) kill the old (renamed) methods.
Note that it _is_ a flagday; all in-tree drivers are converted and by the
end of this series no trace of old methods remain. The only reason why
we do that this way is to keep the damn thing bisectable and allow per-driver
debugging if anything goes wrong.
New methods:
open(bdev, mode)
release(disk, mode)
ioctl(bdev, mode, cmd, arg) /* Called without BKL */
compat_ioctl(bdev, mode, cmd, arg)
locked_ioctl(bdev, mode, cmd, arg) /* Called with BKL, legacy */
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2008-03-02 09:09:22 -05:00
|
|
|
if (disk->fops->locked_ioctl) {
|
2007-08-29 20:34:12 -04:00
|
|
|
lock_kernel();
|
[PATCH] beginning of methods conversion
To keep the size of changesets sane we split the switch by drivers;
to keep the damn thing bisectable we do the following:
1) rename the affected methods, add ones with correct
prototypes, make (few) callers handle both. That's this changeset.
2) for each driver convert to new methods. *ALL* drivers
are converted in this series.
3) kill the old (renamed) methods.
Note that it _is_ a flagday; all in-tree drivers are converted and by the
end of this series no trace of old methods remain. The only reason why
we do that this way is to keep the damn thing bisectable and allow per-driver
debugging if anything goes wrong.
New methods:
open(bdev, mode)
release(disk, mode)
ioctl(bdev, mode, cmd, arg) /* Called without BKL */
compat_ioctl(bdev, mode, cmd, arg)
locked_ioctl(bdev, mode, cmd, arg) /* Called with BKL, legacy */
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2008-03-02 09:09:22 -05:00
|
|
|
ret = disk->fops->locked_ioctl(bdev, mode, cmd, arg);
|
2007-08-29 20:34:12 -04:00
|
|
|
unlock_kernel();
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
return -ENOTTY;
|
|
|
|
}
|
|
|
|
/*
|
|
|
|
* For the record: _GPL here is only because somebody decided to slap it
|
|
|
|
* on the previous export. Sheer idiocy, since it wasn't copyrightable
|
|
|
|
* at all and could be open-coded without any exports by anybody who cares.
|
|
|
|
*/
|
|
|
|
EXPORT_SYMBOL_GPL(__blkdev_driver_ioctl);
|
|
|
|
|
2007-10-09 07:23:51 -04:00
|
|
|
/*
|
|
|
|
* always keep this in sync with compat_blkdev_ioctl() and
|
|
|
|
* compat_blkdev_locked_ioctl()
|
|
|
|
*/
|
2008-09-19 03:17:36 -04:00
|
|
|
int blkdev_ioctl(struct block_device *bdev, fmode_t mode, unsigned cmd,
|
2005-06-23 03:10:15 -04:00
|
|
|
unsigned long arg)
|
|
|
|
{
|
|
|
|
struct gendisk *disk = bdev->bd_disk;
|
2008-09-18 15:53:24 -04:00
|
|
|
struct backing_dev_info *bdi;
|
|
|
|
loff_t size;
|
2005-06-23 03:10:15 -04:00
|
|
|
int ret, n;
|
|
|
|
|
|
|
|
switch(cmd) {
|
2005-04-16 18:20:36 -04:00
|
|
|
case BLKFLSBUF:
|
|
|
|
if (!capable(CAP_SYS_ADMIN))
|
|
|
|
return -EACCES;
|
2005-06-23 03:10:15 -04:00
|
|
|
|
2008-09-18 03:38:12 -04:00
|
|
|
ret = __blkdev_driver_ioctl(bdev, mode, cmd, arg);
|
2005-06-23 03:10:15 -04:00
|
|
|
/* -EINVAL to handle old uncorrected drivers */
|
|
|
|
if (ret != -EINVAL && ret != -ENOTTY)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
lock_kernel();
|
2005-04-16 18:20:36 -04:00
|
|
|
fsync_bdev(bdev);
|
2007-05-06 17:49:54 -04:00
|
|
|
invalidate_bdev(bdev);
|
2005-06-23 03:10:15 -04:00
|
|
|
unlock_kernel();
|
2005-04-16 18:20:36 -04:00
|
|
|
return 0;
|
2005-06-23 03:10:15 -04:00
|
|
|
|
2005-04-16 18:20:36 -04:00
|
|
|
case BLKROSET:
|
2008-09-18 03:38:12 -04:00
|
|
|
ret = __blkdev_driver_ioctl(bdev, mode, cmd, arg);
|
2005-06-23 03:10:15 -04:00
|
|
|
/* -EINVAL to handle old uncorrected drivers */
|
|
|
|
if (ret != -EINVAL && ret != -ENOTTY)
|
|
|
|
return ret;
|
2005-04-16 18:20:36 -04:00
|
|
|
if (!capable(CAP_SYS_ADMIN))
|
|
|
|
return -EACCES;
|
|
|
|
if (get_user(n, (int __user *)(arg)))
|
|
|
|
return -EFAULT;
|
2005-06-23 03:10:15 -04:00
|
|
|
lock_kernel();
|
2005-04-16 18:20:36 -04:00
|
|
|
set_device_ro(bdev, n);
|
2005-06-23 03:10:15 -04:00
|
|
|
unlock_kernel();
|
2005-04-16 18:20:36 -04:00
|
|
|
return 0;
|
2008-08-11 10:58:42 -04:00
|
|
|
|
|
|
|
case BLKDISCARD: {
|
|
|
|
uint64_t range[2];
|
|
|
|
|
2008-09-18 03:38:12 -04:00
|
|
|
if (!(mode & FMODE_WRITE))
|
2008-08-11 10:58:42 -04:00
|
|
|
return -EBADF;
|
|
|
|
|
|
|
|
if (copy_from_user(range, (void __user *)arg, sizeof(range)))
|
|
|
|
return -EFAULT;
|
|
|
|
|
|
|
|
return blk_ioctl_discard(bdev, range[0], range[1]);
|
|
|
|
}
|
|
|
|
|
2006-01-08 04:02:50 -05:00
|
|
|
case HDIO_GETGEO: {
|
|
|
|
struct hd_geometry geo;
|
|
|
|
|
|
|
|
if (!arg)
|
|
|
|
return -EINVAL;
|
|
|
|
if (!disk->fops->getgeo)
|
|
|
|
return -ENOTTY;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We need to set the startsect first, the driver may
|
|
|
|
* want to override it.
|
|
|
|
*/
|
|
|
|
geo.start = get_start_sect(bdev);
|
|
|
|
ret = disk->fops->getgeo(bdev, &geo);
|
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
if (copy_to_user((struct hd_geometry __user *)arg, &geo,
|
|
|
|
sizeof(geo)))
|
|
|
|
return -EFAULT;
|
|
|
|
return 0;
|
|
|
|
}
|
2008-09-18 15:53:24 -04:00
|
|
|
case BLKRAGET:
|
|
|
|
case BLKFRAGET:
|
|
|
|
if (!arg)
|
|
|
|
return -EINVAL;
|
|
|
|
bdi = blk_get_backing_dev_info(bdev);
|
|
|
|
if (bdi == NULL)
|
|
|
|
return -ENOTTY;
|
|
|
|
return put_long(arg, (bdi->ra_pages * PAGE_CACHE_SIZE) / 512);
|
|
|
|
case BLKROGET:
|
|
|
|
return put_int(arg, bdev_read_only(bdev) != 0);
|
|
|
|
case BLKBSZGET: /* get the logical block size (cf. BLKSSZGET) */
|
|
|
|
return put_int(arg, block_size(bdev));
|
|
|
|
case BLKSSZGET: /* get block device hardware sector size */
|
|
|
|
return put_int(arg, bdev_hardsect_size(bdev));
|
|
|
|
case BLKSECTGET:
|
|
|
|
return put_ushort(arg, bdev_get_queue(bdev)->max_sectors);
|
|
|
|
case BLKRASET:
|
|
|
|
case BLKFRASET:
|
|
|
|
if(!capable(CAP_SYS_ADMIN))
|
|
|
|
return -EACCES;
|
|
|
|
bdi = blk_get_backing_dev_info(bdev);
|
|
|
|
if (bdi == NULL)
|
|
|
|
return -ENOTTY;
|
|
|
|
bdi->ra_pages = (arg * 512) / PAGE_CACHE_SIZE;
|
|
|
|
return 0;
|
|
|
|
case BLKBSZSET:
|
|
|
|
/* set the logical block size */
|
|
|
|
if (!capable(CAP_SYS_ADMIN))
|
|
|
|
return -EACCES;
|
|
|
|
if (!arg)
|
|
|
|
return -EINVAL;
|
|
|
|
if (get_user(n, (int __user *) arg))
|
|
|
|
return -EFAULT;
|
2008-09-19 03:08:13 -04:00
|
|
|
if (!(mode & FMODE_EXCL) && bd_claim(bdev, &bdev) < 0)
|
2008-09-18 15:53:24 -04:00
|
|
|
return -EBUSY;
|
|
|
|
ret = set_blocksize(bdev, n);
|
2008-09-19 03:08:13 -04:00
|
|
|
if (!(mode & FMODE_EXCL))
|
|
|
|
bd_release(bdev);
|
2005-06-23 03:10:15 -04:00
|
|
|
return ret;
|
2008-09-18 15:53:24 -04:00
|
|
|
case BLKPG:
|
|
|
|
lock_kernel();
|
|
|
|
ret = blkpg_ioctl(bdev, (struct blkpg_ioctl_arg __user *) arg);
|
|
|
|
unlock_kernel();
|
|
|
|
break;
|
|
|
|
case BLKRRPART:
|
|
|
|
lock_kernel();
|
|
|
|
ret = blkdev_reread_part(bdev);
|
|
|
|
unlock_kernel();
|
|
|
|
break;
|
|
|
|
case BLKGETSIZE:
|
|
|
|
size = bdev->bd_inode->i_size;
|
|
|
|
if ((size >> 9) > ~0UL)
|
|
|
|
return -EFBIG;
|
|
|
|
return put_ulong(arg, size >> 9);
|
|
|
|
case BLKGETSIZE64:
|
|
|
|
return put_u64(arg, bdev->bd_inode->i_size);
|
|
|
|
case BLKTRACESTART:
|
|
|
|
case BLKTRACESTOP:
|
|
|
|
case BLKTRACESETUP:
|
|
|
|
case BLKTRACETEARDOWN:
|
|
|
|
lock_kernel();
|
|
|
|
ret = blk_trace_ioctl(bdev, cmd, (char __user *) arg);
|
|
|
|
unlock_kernel();
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
ret = __blkdev_driver_ioctl(bdev, mode, cmd, arg);
|
|
|
|
}
|
|
|
|
return ret;
|
2005-04-16 18:20:36 -04:00
|
|
|
}
|
[PATCH] Fix root hole in raw device
[Patch] Fix raw device ioctl pass-through
Raw character devices are supposed to pass ioctls through to the block
devices they are bound to. Unfortunately, they are using the wrong
function for this: ioctl_by_bdev(), instead of blkdev_ioctl().
ioctl_by_bdev() performs a set_fs(KERNEL_DS) before calling the ioctl,
redirecting the user-space buffer access to the kernel address space.
This is, needless to say, a bad thing.
This was noticed first on s390, where raw IO was non-functioning. The
s390 driver config does not actually allow raw IO to be enabled, which
was the first part of the problem. Secondly, the s390 kernel address
space is distinct from user, causing legal raw ioctls to fail. I've
reproduced this on a kernel built with 4G:4G split on x86, which fails
in the same way (-EFAULT if the address does not exist kernel-side;
returns success without actually populating the user buffer if it does.)
The patch below fixes both the config and address-space problems. It's
based closely on a patch by Jan Glauber <jang@de.ibm.com>, which has
been tested on s390 at IBM. I've tested it on x86 4G:4G (split address
space) and x86_64 (common address space).
Kernel-address-space access has been assigned CAN-2005-1264.
Signed-off-by: Stephen Tweedie <sct@redhat.com>
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2005-05-13 23:31:19 -04:00
|
|
|
EXPORT_SYMBOL_GPL(blkdev_ioctl);
|