fix buffer overflow in the moxa driver (CVE-2005-0504)
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / fs / fifo.c
blobd13fcd3ec803bd52e335ef340d09c817421b05fb
1 /*
2 * linux/fs/fifo.c
4 * written by Paul H. Hargrove
6 * Fixes:
7 * 10-06-1999, AV: fixed OOM handling in fifo_open(), moved
8 * initialization there, switched to external
9 * allocation of pipe_inode_info.
12 #include <linux/mm.h>
13 #include <linux/slab.h>
14 #include <linux/smp_lock.h>
15 #include <linux/fs.h>
16 #include <linux/pipe_fs_i.h>
18 static void wait_for_partner(struct inode* inode, unsigned int* cnt)
20 int cur = *cnt;
21 while(cur == *cnt) {
22 pipe_wait(inode);
23 if(signal_pending(current))
24 break;
28 static void wake_up_partner(struct inode* inode)
30 wake_up_interruptible(PIPE_WAIT(*inode));
33 static int fifo_open(struct inode *inode, struct file *filp)
35 int ret;
37 mutex_lock(PIPE_MUTEX(*inode));
38 if (!inode->i_pipe) {
39 ret = -ENOMEM;
40 if(!pipe_new(inode))
41 goto err_nocleanup;
43 filp->f_version = 0;
45 /* We can only do regular read/write on fifos */
46 filp->f_mode &= (FMODE_READ | FMODE_WRITE);
48 switch (filp->f_mode) {
49 case 1:
51 * O_RDONLY
52 * POSIX.1 says that O_NONBLOCK means return with the FIFO
53 * opened, even when there is no process writing the FIFO.
55 filp->f_op = &read_fifo_fops;
56 PIPE_RCOUNTER(*inode)++;
57 if (PIPE_READERS(*inode)++ == 0)
58 wake_up_partner(inode);
60 if (!PIPE_WRITERS(*inode)) {
61 if ((filp->f_flags & O_NONBLOCK)) {
62 /* suppress POLLHUP until we have
63 * seen a writer */
64 filp->f_version = PIPE_WCOUNTER(*inode);
65 } else
67 wait_for_partner(inode, &PIPE_WCOUNTER(*inode));
68 if(signal_pending(current))
69 goto err_rd;
72 break;
74 case 2:
76 * O_WRONLY
77 * POSIX.1 says that O_NONBLOCK means return -1 with
78 * errno=ENXIO when there is no process reading the FIFO.
80 ret = -ENXIO;
81 if ((filp->f_flags & O_NONBLOCK) && !PIPE_READERS(*inode))
82 goto err;
84 filp->f_op = &write_fifo_fops;
85 PIPE_WCOUNTER(*inode)++;
86 if (!PIPE_WRITERS(*inode)++)
87 wake_up_partner(inode);
89 if (!PIPE_READERS(*inode)) {
90 wait_for_partner(inode, &PIPE_RCOUNTER(*inode));
91 if (signal_pending(current))
92 goto err_wr;
94 break;
96 case 3:
98 * O_RDWR
99 * POSIX.1 leaves this case "undefined" when O_NONBLOCK is set.
100 * This implementation will NEVER block on a O_RDWR open, since
101 * the process can at least talk to itself.
103 filp->f_op = &rdwr_fifo_fops;
105 PIPE_READERS(*inode)++;
106 PIPE_WRITERS(*inode)++;
107 PIPE_RCOUNTER(*inode)++;
108 PIPE_WCOUNTER(*inode)++;
109 if (PIPE_READERS(*inode) == 1 || PIPE_WRITERS(*inode) == 1)
110 wake_up_partner(inode);
111 break;
113 default:
114 ret = -EINVAL;
115 goto err;
118 /* Ok! */
119 mutex_unlock(PIPE_MUTEX(*inode));
120 return 0;
122 err_rd:
123 if (!--PIPE_READERS(*inode))
124 wake_up_interruptible(PIPE_WAIT(*inode));
125 ret = -ERESTARTSYS;
126 goto err;
128 err_wr:
129 if (!--PIPE_WRITERS(*inode))
130 wake_up_interruptible(PIPE_WAIT(*inode));
131 ret = -ERESTARTSYS;
132 goto err;
134 err:
135 if (!PIPE_READERS(*inode) && !PIPE_WRITERS(*inode))
136 free_pipe_info(inode);
138 err_nocleanup:
139 mutex_unlock(PIPE_MUTEX(*inode));
140 return ret;
144 * Dummy default file-operations: the only thing this does
145 * is contain the open that then fills in the correct operations
146 * depending on the access mode of the file...
148 struct file_operations def_fifo_fops = {
149 .open = fifo_open, /* will set read or write pipe_fops */