parport_serial: fix array overflow
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / block / ioctl.c
blobd03985b04d6768bd0966c3c75f27b6a1336ede1b
1 #include <linux/capability.h>
2 #include <linux/blkdev.h>
3 #include <linux/blkpg.h>
4 #include <linux/hdreg.h>
5 #include <linux/backing-dev.h>
6 #include <linux/buffer_head.h>
7 #include <linux/smp_lock.h>
8 #include <linux/blktrace_api.h>
9 #include <asm/uaccess.h>
11 static int blkpg_ioctl(struct block_device *bdev, struct blkpg_ioctl_arg __user *arg)
13 struct block_device *bdevp;
14 struct gendisk *disk;
15 struct hd_struct *part;
16 struct blkpg_ioctl_arg a;
17 struct blkpg_partition p;
18 struct disk_part_iter piter;
19 long long start, length;
20 int partno;
22 if (!capable(CAP_SYS_ADMIN))
23 return -EACCES;
24 if (copy_from_user(&a, arg, sizeof(struct blkpg_ioctl_arg)))
25 return -EFAULT;
26 if (copy_from_user(&p, a.data, sizeof(struct blkpg_partition)))
27 return -EFAULT;
28 disk = bdev->bd_disk;
29 if (bdev != bdev->bd_contains)
30 return -EINVAL;
31 partno = p.pno;
32 if (partno <= 0)
33 return -EINVAL;
34 switch (a.op) {
35 case BLKPG_ADD_PARTITION:
36 start = p.start >> 9;
37 length = p.length >> 9;
38 /* check for fit in a hd_struct */
39 if (sizeof(sector_t) == sizeof(long) &&
40 sizeof(long long) > sizeof(long)) {
41 long pstart = start, plength = length;
42 if (pstart != start || plength != length
43 || pstart < 0 || plength < 0)
44 return -EINVAL;
47 mutex_lock(&bdev->bd_mutex);
49 /* overlap? */
50 disk_part_iter_init(&piter, disk,
51 DISK_PITER_INCL_EMPTY);
52 while ((part = disk_part_iter_next(&piter))) {
53 if (!(start + length <= part->start_sect ||
54 start >= part->start_sect + part->nr_sects)) {
55 disk_part_iter_exit(&piter);
56 mutex_unlock(&bdev->bd_mutex);
57 return -EBUSY;
60 disk_part_iter_exit(&piter);
62 /* all seems OK */
63 part = add_partition(disk, partno, start, length,
64 ADDPART_FLAG_NONE);
65 mutex_unlock(&bdev->bd_mutex);
66 return IS_ERR(part) ? PTR_ERR(part) : 0;
67 case BLKPG_DEL_PARTITION:
68 part = disk_get_part(disk, partno);
69 if (!part)
70 return -ENXIO;
72 bdevp = bdget(part_devt(part));
73 disk_put_part(part);
74 if (!bdevp)
75 return -ENOMEM;
77 mutex_lock(&bdevp->bd_mutex);
78 if (bdevp->bd_openers) {
79 mutex_unlock(&bdevp->bd_mutex);
80 bdput(bdevp);
81 return -EBUSY;
83 /* all seems OK */
84 fsync_bdev(bdevp);
85 invalidate_bdev(bdevp);
87 mutex_lock_nested(&bdev->bd_mutex, 1);
88 delete_partition(disk, partno);
89 mutex_unlock(&bdev->bd_mutex);
90 mutex_unlock(&bdevp->bd_mutex);
91 bdput(bdevp);
93 return 0;
94 default:
95 return -EINVAL;
99 static int blkdev_reread_part(struct block_device *bdev)
101 struct gendisk *disk = bdev->bd_disk;
102 int res;
104 if (!disk_partitionable(disk) || bdev != bdev->bd_contains)
105 return -EINVAL;
106 if (!capable(CAP_SYS_ADMIN))
107 return -EACCES;
108 if (!mutex_trylock(&bdev->bd_mutex))
109 return -EBUSY;
110 res = rescan_partitions(disk, bdev);
111 mutex_unlock(&bdev->bd_mutex);
112 return res;
115 static void blk_ioc_discard_endio(struct bio *bio, int err)
117 if (err) {
118 if (err == -EOPNOTSUPP)
119 set_bit(BIO_EOPNOTSUPP, &bio->bi_flags);
120 clear_bit(BIO_UPTODATE, &bio->bi_flags);
122 complete(bio->bi_private);
125 static int blk_ioctl_discard(struct block_device *bdev, uint64_t start,
126 uint64_t len)
128 struct request_queue *q = bdev_get_queue(bdev);
129 int ret = 0;
131 if (start & 511)
132 return -EINVAL;
133 if (len & 511)
134 return -EINVAL;
135 start >>= 9;
136 len >>= 9;
138 if (start + len > (bdev->bd_inode->i_size >> 9))
139 return -EINVAL;
141 if (!q->prepare_discard_fn)
142 return -EOPNOTSUPP;
144 while (len && !ret) {
145 DECLARE_COMPLETION_ONSTACK(wait);
146 struct bio *bio;
148 bio = bio_alloc(GFP_KERNEL, 0);
149 if (!bio)
150 return -ENOMEM;
152 bio->bi_end_io = blk_ioc_discard_endio;
153 bio->bi_bdev = bdev;
154 bio->bi_private = &wait;
155 bio->bi_sector = start;
157 if (len > q->max_hw_sectors) {
158 bio->bi_size = q->max_hw_sectors << 9;
159 len -= q->max_hw_sectors;
160 start += q->max_hw_sectors;
161 } else {
162 bio->bi_size = len << 9;
163 len = 0;
165 submit_bio(DISCARD_NOBARRIER, bio);
167 wait_for_completion(&wait);
169 if (bio_flagged(bio, BIO_EOPNOTSUPP))
170 ret = -EOPNOTSUPP;
171 else if (!bio_flagged(bio, BIO_UPTODATE))
172 ret = -EIO;
173 bio_put(bio);
175 return ret;
178 static int put_ushort(unsigned long arg, unsigned short val)
180 return put_user(val, (unsigned short __user *)arg);
183 static int put_int(unsigned long arg, int val)
185 return put_user(val, (int __user *)arg);
188 static int put_long(unsigned long arg, long val)
190 return put_user(val, (long __user *)arg);
193 static int put_ulong(unsigned long arg, unsigned long val)
195 return put_user(val, (unsigned long __user *)arg);
198 static int put_u64(unsigned long arg, u64 val)
200 return put_user(val, (u64 __user *)arg);
203 int __blkdev_driver_ioctl(struct block_device *bdev, fmode_t mode,
204 unsigned cmd, unsigned long arg)
206 struct gendisk *disk = bdev->bd_disk;
207 int ret;
209 if (disk->fops->ioctl)
210 return disk->fops->ioctl(bdev, mode, cmd, arg);
212 if (disk->fops->locked_ioctl) {
213 lock_kernel();
214 ret = disk->fops->locked_ioctl(bdev, mode, cmd, arg);
215 unlock_kernel();
216 return ret;
219 return -ENOTTY;
222 * For the record: _GPL here is only because somebody decided to slap it
223 * on the previous export. Sheer idiocy, since it wasn't copyrightable
224 * at all and could be open-coded without any exports by anybody who cares.
226 EXPORT_SYMBOL_GPL(__blkdev_driver_ioctl);
229 * always keep this in sync with compat_blkdev_ioctl() and
230 * compat_blkdev_locked_ioctl()
232 int blkdev_ioctl(struct block_device *bdev, fmode_t mode, unsigned cmd,
233 unsigned long arg)
235 struct gendisk *disk = bdev->bd_disk;
236 struct backing_dev_info *bdi;
237 loff_t size;
238 int ret, n;
240 switch(cmd) {
241 case BLKFLSBUF:
242 if (!capable(CAP_SYS_ADMIN))
243 return -EACCES;
245 ret = __blkdev_driver_ioctl(bdev, mode, cmd, arg);
246 /* -EINVAL to handle old uncorrected drivers */
247 if (ret != -EINVAL && ret != -ENOTTY)
248 return ret;
250 lock_kernel();
251 fsync_bdev(bdev);
252 invalidate_bdev(bdev);
253 unlock_kernel();
254 return 0;
256 case BLKROSET:
257 ret = __blkdev_driver_ioctl(bdev, mode, cmd, arg);
258 /* -EINVAL to handle old uncorrected drivers */
259 if (ret != -EINVAL && ret != -ENOTTY)
260 return ret;
261 if (!capable(CAP_SYS_ADMIN))
262 return -EACCES;
263 if (get_user(n, (int __user *)(arg)))
264 return -EFAULT;
265 lock_kernel();
266 set_device_ro(bdev, n);
267 unlock_kernel();
268 return 0;
270 case BLKDISCARD: {
271 uint64_t range[2];
273 if (!(mode & FMODE_WRITE))
274 return -EBADF;
276 if (copy_from_user(range, (void __user *)arg, sizeof(range)))
277 return -EFAULT;
279 return blk_ioctl_discard(bdev, range[0], range[1]);
282 case HDIO_GETGEO: {
283 struct hd_geometry geo;
285 if (!arg)
286 return -EINVAL;
287 if (!disk->fops->getgeo)
288 return -ENOTTY;
291 * We need to set the startsect first, the driver may
292 * want to override it.
294 geo.start = get_start_sect(bdev);
295 ret = disk->fops->getgeo(bdev, &geo);
296 if (ret)
297 return ret;
298 if (copy_to_user((struct hd_geometry __user *)arg, &geo,
299 sizeof(geo)))
300 return -EFAULT;
301 return 0;
303 case BLKRAGET:
304 case BLKFRAGET:
305 if (!arg)
306 return -EINVAL;
307 bdi = blk_get_backing_dev_info(bdev);
308 if (bdi == NULL)
309 return -ENOTTY;
310 return put_long(arg, (bdi->ra_pages * PAGE_CACHE_SIZE) / 512);
311 case BLKROGET:
312 return put_int(arg, bdev_read_only(bdev) != 0);
313 case BLKBSZGET: /* get the logical block size (cf. BLKSSZGET) */
314 return put_int(arg, block_size(bdev));
315 case BLKSSZGET: /* get block device hardware sector size */
316 return put_int(arg, bdev_hardsect_size(bdev));
317 case BLKSECTGET:
318 return put_ushort(arg, bdev_get_queue(bdev)->max_sectors);
319 case BLKRASET:
320 case BLKFRASET:
321 if(!capable(CAP_SYS_ADMIN))
322 return -EACCES;
323 bdi = blk_get_backing_dev_info(bdev);
324 if (bdi == NULL)
325 return -ENOTTY;
326 lock_kernel();
327 bdi->ra_pages = (arg * 512) / PAGE_CACHE_SIZE;
328 unlock_kernel();
329 return 0;
330 case BLKBSZSET:
331 /* set the logical block size */
332 if (!capable(CAP_SYS_ADMIN))
333 return -EACCES;
334 if (!arg)
335 return -EINVAL;
336 if (get_user(n, (int __user *) arg))
337 return -EFAULT;
338 if (!(mode & FMODE_EXCL) && bd_claim(bdev, &bdev) < 0)
339 return -EBUSY;
340 ret = set_blocksize(bdev, n);
341 if (!(mode & FMODE_EXCL))
342 bd_release(bdev);
343 return ret;
344 case BLKPG:
345 lock_kernel();
346 ret = blkpg_ioctl(bdev, (struct blkpg_ioctl_arg __user *) arg);
347 unlock_kernel();
348 break;
349 case BLKRRPART:
350 lock_kernel();
351 ret = blkdev_reread_part(bdev);
352 unlock_kernel();
353 break;
354 case BLKGETSIZE:
355 size = bdev->bd_inode->i_size;
356 if ((size >> 9) > ~0UL)
357 return -EFBIG;
358 return put_ulong(arg, size >> 9);
359 case BLKGETSIZE64:
360 return put_u64(arg, bdev->bd_inode->i_size);
361 case BLKTRACESTART:
362 case BLKTRACESTOP:
363 case BLKTRACESETUP:
364 case BLKTRACETEARDOWN:
365 lock_kernel();
366 ret = blk_trace_ioctl(bdev, cmd, (char __user *) arg);
367 unlock_kernel();
368 break;
369 default:
370 ret = __blkdev_driver_ioctl(bdev, mode, cmd, arg);
372 return ret;
374 EXPORT_SYMBOL_GPL(blkdev_ioctl);