summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Holzheu <holzheu@de.ibm.com>2007-08-10 14:32:34 +0200
committerMartin Schwidefsky <schwidefsky@de.ibm.com>2007-08-10 14:32:39 +0200
commit3eed13cc3beaa9ee07b126a662def88f7281394e (patch)
tree61a127b09b0c6ec7bace4a121a046a895710a77d
parent[S390] vmur: add "top of queue" sanity check for reader open (diff)
downloadlinux-3eed13cc3beaa9ee07b126a662def88f7281394e.tar.xz
linux-3eed13cc3beaa9ee07b126a662def88f7281394e.zip
[S390] vmur: diag14 only works with buffers below 2GB
If memory buffers above 2GB are used, diagnose 14 raises a specification exception. This fix ensures that buffer allocation is done below the 2GB boundary. Signed-off-by: Michael Holzheu <holzheu@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
-rw-r--r--drivers/s390/char/vmur.c106
1 files changed, 70 insertions, 36 deletions
diff --git a/drivers/s390/char/vmur.c b/drivers/s390/char/vmur.c
index a9d58629e795..04b19bdc09da 100644
--- a/drivers/s390/char/vmur.c
+++ b/drivers/s390/char/vmur.c
@@ -472,7 +472,7 @@ static ssize_t diag14_read(struct file *file, char __user *ubuf, size_t count,
return rc;
len = min((size_t) PAGE_SIZE, count);
- buf = kmalloc(PAGE_SIZE, GFP_KERNEL);
+ buf = (char *) __get_free_page(GFP_KERNEL | GFP_DMA);
if (!buf)
return -ENOMEM;
@@ -499,7 +499,7 @@ static ssize_t diag14_read(struct file *file, char __user *ubuf, size_t count,
*offs += copied;
rc = copied;
fail:
- kfree(buf);
+ free_page((unsigned long) buf);
return rc;
}
@@ -542,63 +542,97 @@ static int diag_read_next_file_info(struct file_control_block *buf, int spid)
}
}
-static int verify_device(struct urdev *urd)
+static int verify_uri_device(struct urdev *urd)
{
- struct file_control_block fcb;
+ struct file_control_block *fcb;
char *buf;
int rc;
+ fcb = kmalloc(sizeof(*fcb), GFP_KERNEL | GFP_DMA);
+ if (!fcb)
+ return -ENOMEM;
+
+ /* check for empty reader device (beginning of chain) */
+ rc = diag_read_next_file_info(fcb, 0);
+ if (rc)
+ goto fail_free_fcb;
+
+ /* if file is in hold status, we do not read it */
+ if (fcb->file_stat & (FLG_SYSTEM_HOLD | FLG_USER_HOLD)) {
+ rc = -EPERM;
+ goto fail_free_fcb;
+ }
+
+ /* open file on virtual reader */
+ buf = (char *) __get_free_page(GFP_KERNEL | GFP_DMA);
+ if (!buf) {
+ rc = -ENOMEM;
+ goto fail_free_fcb;
+ }
+ rc = diag_read_file(urd->dev_id.devno, buf);
+ if ((rc != 0) && (rc != -ENODATA)) /* EOF does not hurt */
+ goto fail_free_buf;
+
+ /* check if the file on top of the queue is open now */
+ rc = diag_read_next_file_info(fcb, 0);
+ if (rc)
+ goto fail_free_buf;
+ if (!(fcb->file_stat & FLG_IN_USE)) {
+ rc = -EMFILE;
+ goto fail_free_buf;
+ }
+ rc = 0;
+
+fail_free_buf:
+ free_page((unsigned long) buf);
+fail_free_fcb:
+ kfree(fcb);
+ return rc;
+}
+
+static int verify_device(struct urdev *urd)
+{
switch (urd->class) {
case DEV_CLASS_UR_O:
return 0; /* no check needed here */
case DEV_CLASS_UR_I:
- /* check for empty reader device (beginning of chain) */
- rc = diag_read_next_file_info(&fcb, 0);
- if (rc)
- return rc;
- /* if file is in hold status, we do not read it */
- if (fcb.file_stat & (FLG_SYSTEM_HOLD | FLG_USER_HOLD))
- return -EPERM;
- /* open file on virtual reader */
- buf = kmalloc(PAGE_SIZE, GFP_KERNEL);
- if (!buf)
- return -ENOMEM;
- rc = diag_read_file(urd->dev_id.devno, buf);
- kfree(buf);
- if ((rc != 0) && (rc != -ENODATA)) /* EOF does not hurt */
- return rc;
- /* check if the file on top of the queue is open now */
- rc = diag_read_next_file_info(&fcb, 0);
- if (rc)
- return rc;
- if (!(fcb.file_stat & FLG_IN_USE))
- return -EMFILE;
- return 0;
+ return verify_uri_device(urd);
default:
return -ENOTSUPP;
}
}
-static int get_file_reclen(struct urdev *urd)
+static int get_uri_file_reclen(struct urdev *urd)
{
- struct file_control_block fcb;
+ struct file_control_block *fcb;
int rc;
+ fcb = kmalloc(sizeof(*fcb), GFP_KERNEL | GFP_DMA);
+ if (!fcb)
+ return -ENOMEM;
+ rc = diag_read_next_file_info(fcb, 0);
+ if (rc)
+ goto fail_free;
+ if (fcb->file_stat & FLG_CP_DUMP)
+ rc = 0;
+ else
+ rc = fcb->rec_len;
+
+fail_free:
+ kfree(fcb);
+ return rc;
+}
+
+static int get_file_reclen(struct urdev *urd)
+{
switch (urd->class) {
case DEV_CLASS_UR_O:
return 0;
case DEV_CLASS_UR_I:
- rc = diag_read_next_file_info(&fcb, 0);
- if (rc)
- return rc;
- break;
+ return get_uri_file_reclen(urd);
default:
return -ENOTSUPP;
}
- if (fcb.file_stat & FLG_CP_DUMP)
- return 0;
-
- return fcb.rec_len;
}
static int ur_open(struct inode *inode, struct file *file)