Commit db866e3d authored by Colin Cross's avatar Colin Cross Committed by Greg Kroah-Hartman

ion: clean up ioctls

Convert the ion ioctls to use _IOW instead of _IOWR where
appropriate, and factor out the copy_from_user and copy_to_user
based on the _IOC_DIR bits.  For the existing incorrect ioctls,
add a function to wrap _IOC_DIR to return the corrected value.
Signed-off-by: default avatarColin Cross <ccross@android.com>
Signed-off-by: default avatarJohn Stultz <john.stultz@linaro.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent a82130f4
...@@ -1157,41 +1157,65 @@ static int ion_sync_for_device(struct ion_client *client, int fd) ...@@ -1157,41 +1157,65 @@ static int ion_sync_for_device(struct ion_client *client, int fd)
return 0; return 0;
} }
/* fix up the cases where the ioctl direction bits are incorrect */
static unsigned int ion_ioctl_dir(unsigned int cmd)
{
switch (cmd) {
case ION_IOC_SYNC:
case ION_IOC_FREE:
case ION_IOC_CUSTOM:
return _IOC_WRITE;
default:
return _IOC_DIR(cmd);
}
}
static long ion_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) static long ion_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
{ {
struct ion_client *client = filp->private_data; struct ion_client *client = filp->private_data;
struct ion_device *dev = client->dev;
struct ion_handle *cleanup_handle = NULL;
int ret = 0;
unsigned int dir;
union {
struct ion_fd_data fd;
struct ion_allocation_data allocation;
struct ion_handle_data handle;
struct ion_custom_data custom;
} data;
dir = ion_ioctl_dir(cmd);
if (_IOC_SIZE(cmd) > sizeof(data))
return -EINVAL;
if (dir & _IOC_WRITE)
if (copy_from_user(&data, (void __user *)arg, _IOC_SIZE(cmd)))
return -EFAULT;
switch (cmd) { switch (cmd) {
case ION_IOC_ALLOC: case ION_IOC_ALLOC:
{ {
struct ion_allocation_data data;
struct ion_handle *handle; struct ion_handle *handle;
if (copy_from_user(&data, (void __user *)arg, sizeof(data))) handle = ion_alloc(client, data.allocation.len,
return -EFAULT; data.allocation.align,
handle = ion_alloc(client, data.len, data.align, data.allocation.heap_id_mask,
data.heap_id_mask, data.flags); data.allocation.flags);
if (IS_ERR(handle)) if (IS_ERR(handle))
return PTR_ERR(handle); return PTR_ERR(handle);
data.handle = handle->id; data.allocation.handle = handle->id;
if (copy_to_user((void __user *)arg, &data, sizeof(data))) { cleanup_handle = handle;
ion_free(client, handle);
return -EFAULT;
}
break; break;
} }
case ION_IOC_FREE: case ION_IOC_FREE:
{ {
struct ion_handle_data data;
struct ion_handle *handle; struct ion_handle *handle;
if (copy_from_user(&data, (void __user *)arg, handle = ion_handle_get_by_id(client, data.handle.handle);
sizeof(struct ion_handle_data)))
return -EFAULT;
handle = ion_handle_get_by_id(client, data.handle);
if (IS_ERR(handle)) if (IS_ERR(handle))
return PTR_ERR(handle); return PTR_ERR(handle);
ion_free(client, handle); ion_free(client, handle);
...@@ -1201,68 +1225,52 @@ static long ion_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) ...@@ -1201,68 +1225,52 @@ static long ion_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
case ION_IOC_SHARE: case ION_IOC_SHARE:
case ION_IOC_MAP: case ION_IOC_MAP:
{ {
struct ion_fd_data data;
struct ion_handle *handle; struct ion_handle *handle;
if (copy_from_user(&data, (void __user *)arg, sizeof(data))) handle = ion_handle_get_by_id(client, data.handle.handle);
return -EFAULT;
handle = ion_handle_get_by_id(client, data.handle);
if (IS_ERR(handle)) if (IS_ERR(handle))
return PTR_ERR(handle); return PTR_ERR(handle);
data.fd = ion_share_dma_buf_fd(client, handle); data.fd.fd = ion_share_dma_buf_fd(client, handle);
ion_handle_put(handle); ion_handle_put(handle);
if (copy_to_user((void __user *)arg, &data, sizeof(data))) if (data.fd.fd < 0)
return -EFAULT; ret = data.fd.fd;
if (data.fd < 0)
return data.fd;
break; break;
} }
case ION_IOC_IMPORT: case ION_IOC_IMPORT:
{ {
struct ion_fd_data data;
struct ion_handle *handle; struct ion_handle *handle;
int ret = 0; handle = ion_import_dma_buf(client, data.fd.fd);
if (copy_from_user(&data, (void __user *)arg,
sizeof(struct ion_fd_data)))
return -EFAULT;
handle = ion_import_dma_buf(client, data.fd);
if (IS_ERR(handle)) if (IS_ERR(handle))
ret = PTR_ERR(handle); ret = PTR_ERR(handle);
else else
data.handle = handle->id; data.handle.handle = handle->id;
if (copy_to_user((void __user *)arg, &data,
sizeof(struct ion_fd_data)))
return -EFAULT;
if (ret < 0)
return ret;
break; break;
} }
case ION_IOC_SYNC: case ION_IOC_SYNC:
{ {
struct ion_fd_data data; ret = ion_sync_for_device(client, data.fd.fd);
if (copy_from_user(&data, (void __user *)arg,
sizeof(struct ion_fd_data)))
return -EFAULT;
ion_sync_for_device(client, data.fd);
break; break;
} }
case ION_IOC_CUSTOM: case ION_IOC_CUSTOM:
{ {
struct ion_device *dev = client->dev;
struct ion_custom_data data;
if (!dev->custom_ioctl) if (!dev->custom_ioctl)
return -ENOTTY; return -ENOTTY;
if (copy_from_user(&data, (void __user *)arg, ret = dev->custom_ioctl(client, data.custom.cmd,
sizeof(struct ion_custom_data))) data.custom.arg);
return -EFAULT; break;
return dev->custom_ioctl(client, data.cmd, data.arg);
} }
default: default:
return -ENOTTY; return -ENOTTY;
} }
return 0;
if (dir & _IOC_READ) {
if (copy_to_user((void __user *)arg, &data, _IOC_SIZE(cmd))) {
if (cleanup_handle)
ion_free(client, cleanup_handle);
return -EFAULT;
}
}
return ret;
} }
static int ion_release(struct inode *inode, struct file *file) static int ion_release(struct inode *inode, struct file *file)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment