From patchwork Wed Nov 23 08:05:58 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Johan Rudholm X-Patchwork-Id: 5288 Return-Path: X-Original-To: patchwork@peony.canonical.com Delivered-To: patchwork@peony.canonical.com Received: from fiordland.canonical.com (fiordland.canonical.com [91.189.94.145]) by peony.canonical.com (Postfix) with ESMTP id CB54723E14 for ; Wed, 23 Nov 2011 08:07:24 +0000 (UTC) Received: from mail-dy0-f52.google.com (mail-dy0-f52.google.com [209.85.220.52]) by fiordland.canonical.com (Postfix) with ESMTP id 99CD1A18356 for ; Wed, 23 Nov 2011 08:07:24 +0000 (UTC) Received: by dyf4 with SMTP id 4so102081dyf.11 for ; Wed, 23 Nov 2011 00:07:24 -0800 (PST) Received: by 10.152.135.166 with SMTP id pt6mr14041362lab.26.1322035642497; Wed, 23 Nov 2011 00:07:22 -0800 (PST) X-Forwarded-To: linaro-patchwork@canonical.com X-Forwarded-For: patch@linaro.org linaro-patchwork@canonical.com Delivered-To: patches@linaro.org Received: by 10.152.41.198 with SMTP id h6cs219294lal; Wed, 23 Nov 2011 00:07:22 -0800 (PST) Received: by 10.14.12.78 with SMTP id 54mr1528650eey.150.1322035638635; Wed, 23 Nov 2011 00:07:18 -0800 (PST) Received: from eu1sys200aog116.obsmtp.com (eu1sys200aog116.obsmtp.com. [207.126.144.141]) by mx.google.com with SMTP id c11si3872541eei.123.2011.11.23.00.07.16 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 23 Nov 2011 00:07:18 -0800 (PST) Received-SPF: neutral (google.com: 207.126.144.141 is neither permitted nor denied by best guess record for domain of johan.rudholm@stericsson.com) client-ip=207.126.144.141; Authentication-Results: mx.google.com; spf=neutral (google.com: 207.126.144.141 is neither permitted nor denied by best guess record for domain of johan.rudholm@stericsson.com) smtp.mail=johan.rudholm@stericsson.com Received: from beta.dmz-us.st.com ([167.4.1.35]) (using TLSv1) by eu1sys200aob116.postini.com ([207.126.147.11]) with SMTP ID DSNKTsypsSRJrhIKB9YTUGIcQ4osKX71e6Ob@postini.com; Wed, 23 Nov 2011 08:07:18 UTC Received: from zeta.dmz-us.st.com (ns4.st.com [167.4.16.71]) by beta.dmz-us.st.com (STMicroelectronics) with ESMTP id 6E92764; Wed, 23 Nov 2011 08:06:30 +0000 (GMT) Received: from relay2.stm.gmessaging.net (unknown [10.230.100.18]) by zeta.dmz-us.st.com (STMicroelectronics) with ESMTP id 9AD4959; Wed, 23 Nov 2011 07:54:59 +0000 (GMT) Received: from exdcvycastm022.EQ1STM.local (alteon-source-exch [10.230.100.61]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (Client CN "exdcvycastm022", Issuer "exdcvycastm022" (not verified)) by relay2.stm.gmessaging.net (Postfix) with ESMTPS id 75D27A8088; Wed, 23 Nov 2011 09:06:27 +0100 (CET) Received: from localhost.localdomain (10.230.100.153) by smtp.stericsson.com (10.230.100.30) with Microsoft SMTP Server (TLS) id 8.3.83.0; Wed, 23 Nov 2011 09:06:30 +0100 From: Johan Rudholm To: , Chris Ball Cc: Per Forlin , Ulf Hansson , Johan Rudholm Subject: [PATCH] mmc: core: check for zero length ioctl data Date: Wed, 23 Nov 2011 09:05:58 +0100 Message-ID: <1322035558-1127-1-git-send-email-johan.rudholm@stericsson.com> X-Mailer: git-send-email 1.7.7 MIME-Version: 1.0 If the read or write buffer size associated with the command sent through the mmc_blk_ioctl is zero, do not prepare data buffer. This enables a ioctl(2) call to for instance send a MMC_SWITCH to set a byte in the ext_csd. Change-Id: Ieab8400ace1ba91bfb3d911377de557bf2d593d0 Signed-off-by: Johan Rudholm --- drivers/mmc/card/block.c | 82 +++++++++++++++++++++++++--------------------- 1 files changed, 45 insertions(+), 37 deletions(-) diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c index 12096cc..4d29b30 100644 --- a/drivers/mmc/card/block.c +++ b/drivers/mmc/card/block.c @@ -336,6 +336,9 @@ static struct mmc_blk_ioc_data *mmc_blk_ioctl_copy_from_user( goto idata_err; } + if (!idata->buf_bytes) + return idata; + idata->buf = kzalloc(idata->buf_bytes, GFP_KERNEL); if (!idata->buf) { err = -ENOMEM; @@ -382,25 +385,6 @@ static int mmc_blk_ioctl_cmd(struct block_device *bdev, if (IS_ERR(idata)) return PTR_ERR(idata); - cmd.opcode = idata->ic.opcode; - cmd.arg = idata->ic.arg; - cmd.flags = idata->ic.flags; - - data.sg = &sg; - data.sg_len = 1; - data.blksz = idata->ic.blksz; - data.blocks = idata->ic.blocks; - - sg_init_one(data.sg, idata->buf, idata->buf_bytes); - - if (idata->ic.write_flag) - data.flags = MMC_DATA_WRITE; - else - data.flags = MMC_DATA_READ; - - mrq.cmd = &cmd; - mrq.data = &data; - md = mmc_blk_get(bdev->bd_disk); if (!md) { err = -EINVAL; @@ -413,6 +397,48 @@ static int mmc_blk_ioctl_cmd(struct block_device *bdev, goto cmd_done; } + cmd.opcode = idata->ic.opcode; + cmd.arg = idata->ic.arg; + cmd.flags = idata->ic.flags; + + if (idata->buf_bytes) { + data.sg = &sg; + data.sg_len = 1; + data.blksz = idata->ic.blksz; + data.blocks = idata->ic.blocks; + + sg_init_one(data.sg, idata->buf, idata->buf_bytes); + + if (idata->ic.write_flag) + data.flags = MMC_DATA_WRITE; + else + data.flags = MMC_DATA_READ; + + /* data.flags must already be set before doing this. */ + mmc_set_data_timeout(&data, card); + + /* Allow overriding the timeout_ns for empirical tuning. */ + if (idata->ic.data_timeout_ns) + data.timeout_ns = idata->ic.data_timeout_ns; + + if ((cmd.flags & MMC_RSP_R1B) == MMC_RSP_R1B) { + /* + * Pretend this is a data transfer and rely on the + * host driver to compute timeout. When all host + * drivers support cmd.cmd_timeout for R1B, this + * can be changed to: + * + * mrq.data = NULL; + * cmd.cmd_timeout = idata->ic.cmd_timeout_ms; + */ + data.timeout_ns = idata->ic.cmd_timeout_ms * 1000000; + } + + mrq.data = &data; + } + + mrq.cmd = &cmd; + mmc_claim_host(card->host); if (idata->ic.is_acmd) { @@ -421,24 +447,6 @@ static int mmc_blk_ioctl_cmd(struct block_device *bdev, goto cmd_rel_host; } - /* data.flags must already be set before doing this. */ - mmc_set_data_timeout(&data, card); - /* Allow overriding the timeout_ns for empirical tuning. */ - if (idata->ic.data_timeout_ns) - data.timeout_ns = idata->ic.data_timeout_ns; - - if ((cmd.flags & MMC_RSP_R1B) == MMC_RSP_R1B) { - /* - * Pretend this is a data transfer and rely on the host driver - * to compute timeout. When all host drivers support - * cmd.cmd_timeout for R1B, this can be changed to: - * - * mrq.data = NULL; - * cmd.cmd_timeout = idata->ic.cmd_timeout_ms; - */ - data.timeout_ns = idata->ic.cmd_timeout_ms * 1000000; - } - mmc_wait_for_req(card->host, &mrq); if (cmd.error) {