]> nv-tegra.nvidia Code Review - linux-2.6.git/blob - drivers/char/raw.c
[PATCH] raw: don't allow the creation of a raw device with minor number 0
[linux-2.6.git] / drivers / char / raw.c
1 /*
2  * linux/drivers/char/raw.c
3  *
4  * Front-end raw character devices.  These can be bound to any block
5  * devices to provide genuine Unix raw character device semantics.
6  *
7  * We reserve minor number 0 for a control interface.  ioctl()s on this
8  * device are used to bind the other minor numbers to block devices.
9  */
10
11 #include <linux/init.h>
12 #include <linux/fs.h>
13 #include <linux/major.h>
14 #include <linux/blkdev.h>
15 #include <linux/module.h>
16 #include <linux/raw.h>
17 #include <linux/capability.h>
18 #include <linux/uio.h>
19 #include <linux/cdev.h>
20 #include <linux/device.h>
21 #include <linux/mutex.h>
22
23 #include <asm/uaccess.h>
24
25 struct raw_device_data {
26         struct block_device *binding;
27         int inuse;
28 };
29
30 static struct class *raw_class;
31 static struct raw_device_data raw_devices[MAX_RAW_MINORS];
32 static DEFINE_MUTEX(raw_mutex);
33 static const struct file_operations raw_ctl_fops; /* forward declaration */
34
35 /*
36  * Open/close code for raw IO.
37  *
38  * We just rewrite the i_mapping for the /dev/raw/rawN file descriptor to
39  * point at the blockdev's address_space and set the file handle to use
40  * O_DIRECT.
41  *
42  * Set the device's soft blocksize to the minimum possible.  This gives the
43  * finest possible alignment and has no adverse impact on performance.
44  */
45 static int raw_open(struct inode *inode, struct file *filp)
46 {
47         const int minor = iminor(inode);
48         struct block_device *bdev;
49         int err;
50
51         if (minor == 0) {       /* It is the control device */
52                 filp->f_op = &raw_ctl_fops;
53                 return 0;
54         }
55
56         mutex_lock(&raw_mutex);
57
58         /*
59          * All we need to do on open is check that the device is bound.
60          */
61         bdev = raw_devices[minor].binding;
62         err = -ENODEV;
63         if (!bdev)
64                 goto out;
65         igrab(bdev->bd_inode);
66         err = blkdev_get(bdev, filp->f_mode, 0);
67         if (err)
68                 goto out;
69         err = bd_claim(bdev, raw_open);
70         if (err)
71                 goto out1;
72         err = set_blocksize(bdev, bdev_hardsect_size(bdev));
73         if (err)
74                 goto out2;
75         filp->f_flags |= O_DIRECT;
76         filp->f_mapping = bdev->bd_inode->i_mapping;
77         if (++raw_devices[minor].inuse == 1)
78                 filp->f_path.dentry->d_inode->i_mapping =
79                         bdev->bd_inode->i_mapping;
80         filp->private_data = bdev;
81         mutex_unlock(&raw_mutex);
82         return 0;
83
84 out2:
85         bd_release(bdev);
86 out1:
87         blkdev_put(bdev);
88 out:
89         mutex_unlock(&raw_mutex);
90         return err;
91 }
92
93 /*
94  * When the final fd which refers to this character-special node is closed, we
95  * make its ->mapping point back at its own i_data.
96  */
97 static int raw_release(struct inode *inode, struct file *filp)
98 {
99         const int minor= iminor(inode);
100         struct block_device *bdev;
101
102         mutex_lock(&raw_mutex);
103         bdev = raw_devices[minor].binding;
104         if (--raw_devices[minor].inuse == 0) {
105                 /* Here  inode->i_mapping == bdev->bd_inode->i_mapping  */
106                 inode->i_mapping = &inode->i_data;
107                 inode->i_mapping->backing_dev_info = &default_backing_dev_info;
108         }
109         mutex_unlock(&raw_mutex);
110
111         bd_release(bdev);
112         blkdev_put(bdev);
113         return 0;
114 }
115
116 /*
117  * Forward ioctls to the underlying block device.
118  */
119 static int
120 raw_ioctl(struct inode *inode, struct file *filp,
121                   unsigned int command, unsigned long arg)
122 {
123         struct block_device *bdev = filp->private_data;
124
125         return blkdev_ioctl(bdev->bd_inode, NULL, command, arg);
126 }
127
128 static void bind_device(struct raw_config_request *rq)
129 {
130         device_destroy(raw_class, MKDEV(RAW_MAJOR, rq->raw_minor));
131         device_create(raw_class, NULL, MKDEV(RAW_MAJOR, rq->raw_minor),
132                       "raw%d", rq->raw_minor);
133 }
134
135 /*
136  * Deal with ioctls against the raw-device control interface, to bind
137  * and unbind other raw devices.
138  */
139 static int raw_ctl_ioctl(struct inode *inode, struct file *filp,
140                         unsigned int command, unsigned long arg)
141 {
142         struct raw_config_request rq;
143         struct raw_device_data *rawdev;
144         int err = 0;
145
146         switch (command) {
147         case RAW_SETBIND:
148         case RAW_GETBIND:
149
150                 /* First, find out which raw minor we want */
151
152                 if (copy_from_user(&rq, (void __user *) arg, sizeof(rq))) {
153                         err = -EFAULT;
154                         goto out;
155                 }
156
157                 if (rq.raw_minor <= 0 || rq.raw_minor >= MAX_RAW_MINORS) {
158                         err = -EINVAL;
159                         goto out;
160                 }
161                 rawdev = &raw_devices[rq.raw_minor];
162
163                 if (command == RAW_SETBIND) {
164                         dev_t dev;
165
166                         /*
167                          * This is like making block devices, so demand the
168                          * same capability
169                          */
170                         if (!capable(CAP_SYS_ADMIN)) {
171                                 err = -EPERM;
172                                 goto out;
173                         }
174
175                         /*
176                          * For now, we don't need to check that the underlying
177                          * block device is present or not: we can do that when
178                          * the raw device is opened.  Just check that the
179                          * major/minor numbers make sense.
180                          */
181
182                         dev = MKDEV(rq.block_major, rq.block_minor);
183                         if ((rq.block_major == 0 && rq.block_minor != 0) ||
184                                         MAJOR(dev) != rq.block_major ||
185                                         MINOR(dev) != rq.block_minor) {
186                                 err = -EINVAL;
187                                 goto out;
188                         }
189
190                         mutex_lock(&raw_mutex);
191                         if (rawdev->inuse) {
192                                 mutex_unlock(&raw_mutex);
193                                 err = -EBUSY;
194                                 goto out;
195                         }
196                         if (rawdev->binding) {
197                                 bdput(rawdev->binding);
198                                 module_put(THIS_MODULE);
199                         }
200                         if (rq.block_major == 0 && rq.block_minor == 0) {
201                                 /* unbind */
202                                 rawdev->binding = NULL;
203                                 device_destroy(raw_class,
204                                                 MKDEV(RAW_MAJOR, rq.raw_minor));
205                         } else {
206                                 rawdev->binding = bdget(dev);
207                                 if (rawdev->binding == NULL)
208                                         err = -ENOMEM;
209                                 else {
210                                         __module_get(THIS_MODULE);
211                                         bind_device(&rq);
212                                 }
213                         }
214                         mutex_unlock(&raw_mutex);
215                 } else {
216                         struct block_device *bdev;
217
218                         mutex_lock(&raw_mutex);
219                         bdev = rawdev->binding;
220                         if (bdev) {
221                                 rq.block_major = MAJOR(bdev->bd_dev);
222                                 rq.block_minor = MINOR(bdev->bd_dev);
223                         } else {
224                                 rq.block_major = rq.block_minor = 0;
225                         }
226                         mutex_unlock(&raw_mutex);
227                         if (copy_to_user((void __user *)arg, &rq, sizeof(rq))) {
228                                 err = -EFAULT;
229                                 goto out;
230                         }
231                 }
232                 break;
233         default:
234                 err = -EINVAL;
235                 break;
236         }
237 out:
238         return err;
239 }
240
241 static const struct file_operations raw_fops = {
242         .read   =       do_sync_read,
243         .aio_read =     generic_file_aio_read,
244         .write  =       do_sync_write,
245         .aio_write =    generic_file_aio_write_nolock,
246         .open   =       raw_open,
247         .release=       raw_release,
248         .ioctl  =       raw_ioctl,
249         .owner  =       THIS_MODULE,
250 };
251
252 static const struct file_operations raw_ctl_fops = {
253         .ioctl  =       raw_ctl_ioctl,
254         .open   =       raw_open,
255         .owner  =       THIS_MODULE,
256 };
257
258 static struct cdev raw_cdev = {
259         .kobj   =       {.name = "raw", },
260         .owner  =       THIS_MODULE,
261 };
262
263 static int __init raw_init(void)
264 {
265         dev_t dev = MKDEV(RAW_MAJOR, 0);
266         int ret;
267
268         ret = register_chrdev_region(dev, MAX_RAW_MINORS, "raw");
269         if (ret)
270                 goto error;
271
272         cdev_init(&raw_cdev, &raw_fops);
273         ret = cdev_add(&raw_cdev, dev, MAX_RAW_MINORS);
274         if (ret) {
275                 kobject_put(&raw_cdev.kobj);
276                 goto error_region;
277         }
278
279         raw_class = class_create(THIS_MODULE, "raw");
280         if (IS_ERR(raw_class)) {
281                 printk(KERN_ERR "Error creating raw class.\n");
282                 cdev_del(&raw_cdev);
283                 ret = PTR_ERR(raw_class);
284                 goto error_region;
285         }
286         device_create(raw_class, NULL, MKDEV(RAW_MAJOR, 0), "rawctl");
287
288         return 0;
289
290 error_region:
291         unregister_chrdev_region(dev, MAX_RAW_MINORS);
292 error:
293         return ret;
294 }
295
296 static void __exit raw_exit(void)
297 {
298         device_destroy(raw_class, MKDEV(RAW_MAJOR, 0));
299         class_destroy(raw_class);
300         cdev_del(&raw_cdev);
301         unregister_chrdev_region(MKDEV(RAW_MAJOR, 0), MAX_RAW_MINORS);
302 }
303
304 module_init(raw_init);
305 module_exit(raw_exit);
306 MODULE_LICENSE("GPL");