[PATCH] Driver core: potentially fix use after free in class_device_attr_show
[linux-2.6.git] / drivers / base / class.c
1 /*
2  * class.c - basic device class management
3  *
4  * Copyright (c) 2002-3 Patrick Mochel
5  * Copyright (c) 2002-3 Open Source Development Labs
6  * Copyright (c) 2003-2004 Greg Kroah-Hartman
7  * Copyright (c) 2003-2004 IBM Corp.
8  *
9  * This file is released under the GPLv2
10  *
11  */
12
13 #include <linux/config.h>
14 #include <linux/device.h>
15 #include <linux/module.h>
16 #include <linux/init.h>
17 #include <linux/string.h>
18 #include <linux/kdev_t.h>
19 #include <linux/err.h>
20 #include "base.h"
21
22 #define to_class_attr(_attr) container_of(_attr, struct class_attribute, attr)
23 #define to_class(obj) container_of(obj, struct class, subsys.kset.kobj)
24
25 static ssize_t
26 class_attr_show(struct kobject * kobj, struct attribute * attr, char * buf)
27 {
28         struct class_attribute * class_attr = to_class_attr(attr);
29         struct class * dc = to_class(kobj);
30         ssize_t ret = -EIO;
31
32         if (class_attr->show)
33                 ret = class_attr->show(dc, buf);
34         return ret;
35 }
36
37 static ssize_t
38 class_attr_store(struct kobject * kobj, struct attribute * attr,
39                  const char * buf, size_t count)
40 {
41         struct class_attribute * class_attr = to_class_attr(attr);
42         struct class * dc = to_class(kobj);
43         ssize_t ret = -EIO;
44
45         if (class_attr->store)
46                 ret = class_attr->store(dc, buf, count);
47         return ret;
48 }
49
50 static void class_release(struct kobject * kobj)
51 {
52         struct class *class = to_class(kobj);
53
54         pr_debug("class '%s': release.\n", class->name);
55
56         if (class->class_release)
57                 class->class_release(class);
58         else
59                 pr_debug("class '%s' does not have a release() function, "
60                          "be careful\n", class->name);
61 }
62
63 static struct sysfs_ops class_sysfs_ops = {
64         .show   = class_attr_show,
65         .store  = class_attr_store,
66 };
67
68 static struct kobj_type ktype_class = {
69         .sysfs_ops      = &class_sysfs_ops,
70         .release        = class_release,
71 };
72
73 /* Hotplug events for classes go to the class_obj subsys */
74 static decl_subsys(class, &ktype_class, NULL);
75
76
77 int class_create_file(struct class * cls, const struct class_attribute * attr)
78 {
79         int error;
80         if (cls) {
81                 error = sysfs_create_file(&cls->subsys.kset.kobj, &attr->attr);
82         } else
83                 error = -EINVAL;
84         return error;
85 }
86
87 void class_remove_file(struct class * cls, const struct class_attribute * attr)
88 {
89         if (cls)
90                 sysfs_remove_file(&cls->subsys.kset.kobj, &attr->attr);
91 }
92
93 struct class * class_get(struct class * cls)
94 {
95         if (cls)
96                 return container_of(subsys_get(&cls->subsys), struct class, subsys);
97         return NULL;
98 }
99
100 void class_put(struct class * cls)
101 {
102         subsys_put(&cls->subsys);
103 }
104
105
106 static int add_class_attrs(struct class * cls)
107 {
108         int i;
109         int error = 0;
110
111         if (cls->class_attrs) {
112                 for (i = 0; attr_name(cls->class_attrs[i]); i++) {
113                         error = class_create_file(cls,&cls->class_attrs[i]);
114                         if (error)
115                                 goto Err;
116                 }
117         }
118  Done:
119         return error;
120  Err:
121         while (--i >= 0)
122                 class_remove_file(cls,&cls->class_attrs[i]);
123         goto Done;
124 }
125
126 static void remove_class_attrs(struct class * cls)
127 {
128         int i;
129
130         if (cls->class_attrs) {
131                 for (i = 0; attr_name(cls->class_attrs[i]); i++)
132                         class_remove_file(cls,&cls->class_attrs[i]);
133         }
134 }
135
136 int class_register(struct class * cls)
137 {
138         int error;
139
140         pr_debug("device class '%s': registering\n", cls->name);
141
142         INIT_LIST_HEAD(&cls->children);
143         INIT_LIST_HEAD(&cls->interfaces);
144         init_MUTEX(&cls->sem);
145         error = kobject_set_name(&cls->subsys.kset.kobj, "%s", cls->name);
146         if (error)
147                 return error;
148
149         subsys_set_kset(cls, class_subsys);
150
151         error = subsystem_register(&cls->subsys);
152         if (!error) {
153                 error = add_class_attrs(class_get(cls));
154                 class_put(cls);
155         }
156         return error;
157 }
158
159 void class_unregister(struct class * cls)
160 {
161         pr_debug("device class '%s': unregistering\n", cls->name);
162         remove_class_attrs(cls);
163         subsystem_unregister(&cls->subsys);
164 }
165
166 static void class_create_release(struct class *cls)
167 {
168         kfree(cls);
169 }
170
171 static void class_device_create_release(struct class_device *class_dev)
172 {
173         kfree(class_dev);
174 }
175
176 /**
177  * class_create - create a struct class structure
178  * @owner: pointer to the module that is to "own" this struct class
179  * @name: pointer to a string for the name of this class.
180  *
181  * This is used to create a struct class pointer that can then be used
182  * in calls to class_device_create().
183  *
184  * Note, the pointer created here is to be destroyed when finished by
185  * making a call to class_destroy().
186  */
187 struct class *class_create(struct module *owner, char *name)
188 {
189         struct class *cls;
190         int retval;
191
192         cls = kmalloc(sizeof(struct class), GFP_KERNEL);
193         if (!cls) {
194                 retval = -ENOMEM;
195                 goto error;
196         }
197         memset(cls, 0x00, sizeof(struct class));
198
199         cls->name = name;
200         cls->owner = owner;
201         cls->class_release = class_create_release;
202         cls->release = class_device_create_release;
203
204         retval = class_register(cls);
205         if (retval)
206                 goto error;
207
208         return cls;
209
210 error:
211         kfree(cls);
212         return ERR_PTR(retval);
213 }
214
215 /**
216  * class_destroy - destroys a struct class structure
217  * @cs: pointer to the struct class that is to be destroyed
218  *
219  * Note, the pointer to be destroyed must have been created with a call
220  * to class_create().
221  */
222 void class_destroy(struct class *cls)
223 {
224         if ((cls == NULL) || (IS_ERR(cls)))
225                 return;
226
227         class_unregister(cls);
228 }
229
230 /* Class Device Stuff */
231
232 int class_device_create_file(struct class_device * class_dev,
233                              const struct class_device_attribute * attr)
234 {
235         int error = -EINVAL;
236         if (class_dev)
237                 error = sysfs_create_file(&class_dev->kobj, &attr->attr);
238         return error;
239 }
240
241 void class_device_remove_file(struct class_device * class_dev,
242                               const struct class_device_attribute * attr)
243 {
244         if (class_dev)
245                 sysfs_remove_file(&class_dev->kobj, &attr->attr);
246 }
247
248 int class_device_create_bin_file(struct class_device *class_dev,
249                                  struct bin_attribute *attr)
250 {
251         int error = -EINVAL;
252         if (class_dev)
253                 error = sysfs_create_bin_file(&class_dev->kobj, attr);
254         return error;
255 }
256
257 void class_device_remove_bin_file(struct class_device *class_dev,
258                                   struct bin_attribute *attr)
259 {
260         if (class_dev)
261                 sysfs_remove_bin_file(&class_dev->kobj, attr);
262 }
263
264 static ssize_t
265 class_device_attr_show(struct kobject * kobj, struct attribute * attr,
266                        char * buf)
267 {
268         struct class_device_attribute * class_dev_attr = to_class_dev_attr(attr);
269         struct class_device * cd = to_class_dev(kobj);
270         ssize_t ret = 0;
271
272         if (class_dev_attr->show)
273                 ret = class_dev_attr->show(cd, buf);
274         return ret;
275 }
276
277 static ssize_t
278 class_device_attr_store(struct kobject * kobj, struct attribute * attr,
279                         const char * buf, size_t count)
280 {
281         struct class_device_attribute * class_dev_attr = to_class_dev_attr(attr);
282         struct class_device * cd = to_class_dev(kobj);
283         ssize_t ret = 0;
284
285         if (class_dev_attr->store)
286                 ret = class_dev_attr->store(cd, buf, count);
287         return ret;
288 }
289
290 static struct sysfs_ops class_dev_sysfs_ops = {
291         .show   = class_device_attr_show,
292         .store  = class_device_attr_store,
293 };
294
295 static void class_dev_release(struct kobject * kobj)
296 {
297         struct class_device *cd = to_class_dev(kobj);
298         struct class * cls = cd->class;
299
300         pr_debug("device class '%s': release.\n", cd->class_id);
301
302         if (cd->devt_attr) {
303                 kfree(cd->devt_attr);
304                 cd->devt_attr = NULL;
305         }
306
307         if (cls->release)
308                 cls->release(cd);
309         else {
310                 printk(KERN_ERR "Device class '%s' does not have a release() function, "
311                         "it is broken and must be fixed.\n",
312                         cd->class_id);
313                 WARN_ON(1);
314         }
315 }
316
317 static struct kobj_type ktype_class_device = {
318         .sysfs_ops      = &class_dev_sysfs_ops,
319         .release        = class_dev_release,
320 };
321
322 static int class_hotplug_filter(struct kset *kset, struct kobject *kobj)
323 {
324         struct kobj_type *ktype = get_ktype(kobj);
325
326         if (ktype == &ktype_class_device) {
327                 struct class_device *class_dev = to_class_dev(kobj);
328                 if (class_dev->class)
329                         return 1;
330         }
331         return 0;
332 }
333
334 static const char *class_hotplug_name(struct kset *kset, struct kobject *kobj)
335 {
336         struct class_device *class_dev = to_class_dev(kobj);
337
338         return class_dev->class->name;
339 }
340
341 static int class_hotplug(struct kset *kset, struct kobject *kobj, char **envp,
342                          int num_envp, char *buffer, int buffer_size)
343 {
344         struct class_device *class_dev = to_class_dev(kobj);
345         int i = 0;
346         int length = 0;
347         int retval = 0;
348
349         pr_debug("%s - name = %s\n", __FUNCTION__, class_dev->class_id);
350
351         if (class_dev->dev) {
352                 /* add physical device, backing this device  */
353                 struct device *dev = class_dev->dev;
354                 char *path = kobject_get_path(&dev->kobj, GFP_KERNEL);
355
356                 add_hotplug_env_var(envp, num_envp, &i, buffer, buffer_size,
357                                     &length, "PHYSDEVPATH=%s", path);
358                 kfree(path);
359
360                 if (dev->bus)
361                         add_hotplug_env_var(envp, num_envp, &i,
362                                             buffer, buffer_size, &length,
363                                             "PHYSDEVBUS=%s", dev->bus->name);
364
365                 if (dev->driver)
366                         add_hotplug_env_var(envp, num_envp, &i,
367                                             buffer, buffer_size, &length,
368                                             "PHYSDEVDRIVER=%s", dev->driver->name);
369         }
370
371         if (MAJOR(class_dev->devt)) {
372                 add_hotplug_env_var(envp, num_envp, &i,
373                                     buffer, buffer_size, &length,
374                                     "MAJOR=%u", MAJOR(class_dev->devt));
375
376                 add_hotplug_env_var(envp, num_envp, &i,
377                                     buffer, buffer_size, &length,
378                                     "MINOR=%u", MINOR(class_dev->devt));
379         }
380
381         /* terminate, set to next free slot, shrink available space */
382         envp[i] = NULL;
383         envp = &envp[i];
384         num_envp -= i;
385         buffer = &buffer[length];
386         buffer_size -= length;
387
388         if (class_dev->class->hotplug) {
389                 /* have the bus specific function add its stuff */
390                 retval = class_dev->class->hotplug (class_dev, envp, num_envp,
391                                                     buffer, buffer_size);
392                         if (retval) {
393                         pr_debug ("%s - hotplug() returned %d\n",
394                                   __FUNCTION__, retval);
395                 }
396         }
397
398         return retval;
399 }
400
401 static struct kset_hotplug_ops class_hotplug_ops = {
402         .filter =       class_hotplug_filter,
403         .name =         class_hotplug_name,
404         .hotplug =      class_hotplug,
405 };
406
407 static decl_subsys(class_obj, &ktype_class_device, &class_hotplug_ops);
408
409
410 static int class_device_add_attrs(struct class_device * cd)
411 {
412         int i;
413         int error = 0;
414         struct class * cls = cd->class;
415
416         if (cls->class_dev_attrs) {
417                 for (i = 0; attr_name(cls->class_dev_attrs[i]); i++) {
418                         error = class_device_create_file(cd,
419                                                          &cls->class_dev_attrs[i]);
420                         if (error)
421                                 goto Err;
422                 }
423         }
424  Done:
425         return error;
426  Err:
427         while (--i >= 0)
428                 class_device_remove_file(cd,&cls->class_dev_attrs[i]);
429         goto Done;
430 }
431
432 static void class_device_remove_attrs(struct class_device * cd)
433 {
434         int i;
435         struct class * cls = cd->class;
436
437         if (cls->class_dev_attrs) {
438                 for (i = 0; attr_name(cls->class_dev_attrs[i]); i++)
439                         class_device_remove_file(cd,&cls->class_dev_attrs[i]);
440         }
441 }
442
443 static ssize_t show_dev(struct class_device *class_dev, char *buf)
444 {
445         return print_dev_t(buf, class_dev->devt);
446 }
447
448 void class_device_initialize(struct class_device *class_dev)
449 {
450         kobj_set_kset_s(class_dev, class_obj_subsys);
451         kobject_init(&class_dev->kobj);
452         INIT_LIST_HEAD(&class_dev->node);
453 }
454
455 int class_device_add(struct class_device *class_dev)
456 {
457         struct class * parent = NULL;
458         struct class_interface * class_intf;
459         int error;
460
461         class_dev = class_device_get(class_dev);
462         if (!class_dev)
463                 return -EINVAL;
464
465         if (!strlen(class_dev->class_id)) {
466                 error = -EINVAL;
467                 goto register_done;
468         }
469
470         parent = class_get(class_dev->class);
471
472         pr_debug("CLASS: registering class device: ID = '%s'\n",
473                  class_dev->class_id);
474
475         /* first, register with generic layer. */
476         kobject_set_name(&class_dev->kobj, "%s", class_dev->class_id);
477         if (parent)
478                 class_dev->kobj.parent = &parent->subsys.kset.kobj;
479
480         if ((error = kobject_add(&class_dev->kobj)))
481                 goto register_done;
482
483         /* add the needed attributes to this device */
484         if (MAJOR(class_dev->devt)) {
485                 struct class_device_attribute *attr;
486                 attr = kmalloc(sizeof(*attr), GFP_KERNEL);
487                 if (!attr) {
488                         error = -ENOMEM;
489                         kobject_del(&class_dev->kobj);
490                         goto register_done;
491                 }
492                 memset(attr, sizeof(*attr), 0x00);
493                 attr->attr.name = "dev";
494                 attr->attr.mode = S_IRUGO;
495                 attr->attr.owner = parent->owner;
496                 attr->show = show_dev;
497                 attr->store = NULL;
498                 class_device_create_file(class_dev, attr);
499                 class_dev->devt_attr = attr;
500         }
501
502         class_device_add_attrs(class_dev);
503         if (class_dev->dev)
504                 sysfs_create_link(&class_dev->kobj,
505                                   &class_dev->dev->kobj, "device");
506
507         /* notify any interfaces this device is now here */
508         if (parent) {
509                 down(&parent->sem);
510                 list_add_tail(&class_dev->node, &parent->children);
511                 list_for_each_entry(class_intf, &parent->interfaces, node)
512                         if (class_intf->add)
513                                 class_intf->add(class_dev);
514                 up(&parent->sem);
515         }
516         kobject_hotplug(&class_dev->kobj, KOBJ_ADD);
517
518  register_done:
519         if (error && parent)
520                 class_put(parent);
521         class_device_put(class_dev);
522         return error;
523 }
524
525 int class_device_register(struct class_device *class_dev)
526 {
527         class_device_initialize(class_dev);
528         return class_device_add(class_dev);
529 }
530
531 /**
532  * class_device_create - creates a class device and registers it with sysfs
533  * @cs: pointer to the struct class that this device should be registered to.
534  * @dev: the dev_t for the char device to be added.
535  * @device: a pointer to a struct device that is assiociated with this class device.
536  * @fmt: string for the class device's name
537  *
538  * This function can be used by char device classes.  A struct
539  * class_device will be created in sysfs, registered to the specified
540  * class.  A "dev" file will be created, showing the dev_t for the
541  * device.  The pointer to the struct class_device will be returned from
542  * the call.  Any further sysfs files that might be required can be
543  * created using this pointer.
544  *
545  * Note: the struct class passed to this function must have previously
546  * been created with a call to class_create().
547  */
548 struct class_device *class_device_create(struct class *cls, dev_t devt,
549                                          struct device *device, char *fmt, ...)
550 {
551         va_list args;
552         struct class_device *class_dev = NULL;
553         int retval = -ENODEV;
554
555         if (cls == NULL || IS_ERR(cls))
556                 goto error;
557
558         class_dev = kmalloc(sizeof(struct class_device), GFP_KERNEL);
559         if (!class_dev) {
560                 retval = -ENOMEM;
561                 goto error;
562         }
563         memset(class_dev, 0x00, sizeof(struct class_device));
564
565         class_dev->devt = devt;
566         class_dev->dev = device;
567         class_dev->class = cls;
568
569         va_start(args, fmt);
570         vsnprintf(class_dev->class_id, BUS_ID_SIZE, fmt, args);
571         va_end(args);
572         retval = class_device_register(class_dev);
573         if (retval)
574                 goto error;
575
576         return class_dev;
577
578 error:
579         kfree(class_dev);
580         return ERR_PTR(retval);
581 }
582
583 void class_device_del(struct class_device *class_dev)
584 {
585         struct class * parent = class_dev->class;
586         struct class_interface * class_intf;
587
588         if (parent) {
589                 down(&parent->sem);
590                 list_del_init(&class_dev->node);
591                 list_for_each_entry(class_intf, &parent->interfaces, node)
592                         if (class_intf->remove)
593                                 class_intf->remove(class_dev);
594                 up(&parent->sem);
595         }
596
597         if (class_dev->dev)
598                 sysfs_remove_link(&class_dev->kobj, "device");
599         if (class_dev->devt_attr)
600                 class_device_remove_file(class_dev, class_dev->devt_attr);
601         class_device_remove_attrs(class_dev);
602
603         kobject_hotplug(&class_dev->kobj, KOBJ_REMOVE);
604         kobject_del(&class_dev->kobj);
605
606         if (parent)
607                 class_put(parent);
608 }
609
610 void class_device_unregister(struct class_device *class_dev)
611 {
612         pr_debug("CLASS: Unregistering class device. ID = '%s'\n",
613                  class_dev->class_id);
614         class_device_del(class_dev);
615         class_device_put(class_dev);
616 }
617
618 /**
619  * class_device_destroy - removes a class device that was created with class_device_create()
620  * @cls: the pointer to the struct class that this device was registered * with.
621  * @dev: the dev_t of the device that was previously registered.
622  *
623  * This call unregisters and cleans up a class device that was created with a
624  * call to class_device_create()
625  */
626 void class_device_destroy(struct class *cls, dev_t devt)
627 {
628         struct class_device *class_dev = NULL;
629         struct class_device *class_dev_tmp;
630
631         down(&cls->sem);
632         list_for_each_entry(class_dev_tmp, &cls->children, node) {
633                 if (class_dev_tmp->devt == devt) {
634                         class_dev = class_dev_tmp;
635                         break;
636                 }
637         }
638         up(&cls->sem);
639
640         if (class_dev)
641                 class_device_unregister(class_dev);
642 }
643
644 int class_device_rename(struct class_device *class_dev, char *new_name)
645 {
646         int error = 0;
647
648         class_dev = class_device_get(class_dev);
649         if (!class_dev)
650                 return -EINVAL;
651
652         pr_debug("CLASS: renaming '%s' to '%s'\n", class_dev->class_id,
653                  new_name);
654
655         strlcpy(class_dev->class_id, new_name, KOBJ_NAME_LEN);
656
657         error = kobject_rename(&class_dev->kobj, new_name);
658
659         class_device_put(class_dev);
660
661         return error;
662 }
663
664 struct class_device * class_device_get(struct class_device *class_dev)
665 {
666         if (class_dev)
667                 return to_class_dev(kobject_get(&class_dev->kobj));
668         return NULL;
669 }
670
671 void class_device_put(struct class_device *class_dev)
672 {
673         kobject_put(&class_dev->kobj);
674 }
675
676
677 int class_interface_register(struct class_interface *class_intf)
678 {
679         struct class *parent;
680         struct class_device *class_dev;
681
682         if (!class_intf || !class_intf->class)
683                 return -ENODEV;
684
685         parent = class_get(class_intf->class);
686         if (!parent)
687                 return -EINVAL;
688
689         down(&parent->sem);
690         list_add_tail(&class_intf->node, &parent->interfaces);
691         if (class_intf->add) {
692                 list_for_each_entry(class_dev, &parent->children, node)
693                         class_intf->add(class_dev);
694         }
695         up(&parent->sem);
696
697         return 0;
698 }
699
700 void class_interface_unregister(struct class_interface *class_intf)
701 {
702         struct class * parent = class_intf->class;
703         struct class_device *class_dev;
704
705         if (!parent)
706                 return;
707
708         down(&parent->sem);
709         list_del_init(&class_intf->node);
710         if (class_intf->remove) {
711                 list_for_each_entry(class_dev, &parent->children, node)
712                         class_intf->remove(class_dev);
713         }
714         up(&parent->sem);
715
716         class_put(parent);
717 }
718
719
720
721 int __init classes_init(void)
722 {
723         int retval;
724
725         retval = subsystem_register(&class_subsys);
726         if (retval)
727                 return retval;
728
729         /* ick, this is ugly, the things we go through to keep from showing up
730          * in sysfs... */
731         subsystem_init(&class_obj_subsys);
732         if (!class_obj_subsys.kset.subsys)
733                         class_obj_subsys.kset.subsys = &class_obj_subsys;
734         return 0;
735 }
736
737 EXPORT_SYMBOL_GPL(class_create_file);
738 EXPORT_SYMBOL_GPL(class_remove_file);
739 EXPORT_SYMBOL_GPL(class_register);
740 EXPORT_SYMBOL_GPL(class_unregister);
741 EXPORT_SYMBOL_GPL(class_get);
742 EXPORT_SYMBOL_GPL(class_put);
743 EXPORT_SYMBOL_GPL(class_create);
744 EXPORT_SYMBOL_GPL(class_destroy);
745
746 EXPORT_SYMBOL_GPL(class_device_register);
747 EXPORT_SYMBOL_GPL(class_device_unregister);
748 EXPORT_SYMBOL_GPL(class_device_initialize);
749 EXPORT_SYMBOL_GPL(class_device_add);
750 EXPORT_SYMBOL_GPL(class_device_del);
751 EXPORT_SYMBOL_GPL(class_device_get);
752 EXPORT_SYMBOL_GPL(class_device_put);
753 EXPORT_SYMBOL_GPL(class_device_create);
754 EXPORT_SYMBOL_GPL(class_device_destroy);
755 EXPORT_SYMBOL_GPL(class_device_create_file);
756 EXPORT_SYMBOL_GPL(class_device_remove_file);
757 EXPORT_SYMBOL_GPL(class_device_create_bin_file);
758 EXPORT_SYMBOL_GPL(class_device_remove_bin_file);
759
760 EXPORT_SYMBOL_GPL(class_interface_register);
761 EXPORT_SYMBOL_GPL(class_interface_unregister);