Attachment #44549 for bug #72006




#include <linux/delay.h>
#include <linux/interrupt.h>
#include <asm/uaccess.h>
#include <asm/semaphore.h>
#include "i2c.h"

#define D(x) 

  int adapt_state; /* 1 = To high , 0 = Even, -1 = To low */
  
  /* this one is to keep the read/write operations atomic */
  wait_queue_head_t wait_q;
  volatile int busy;
  int retry_cnt_addr; /* Used to keep track of number of retries for
                         adaptive timing adjustments */
  int retry_cnt_read;


/* chip description */
static struct eeprom_type eeprom;
static DECLARE_MUTEX(eeprom_mutex);

/* This is the exported file-operations structure for this device. */
struct file_operations eeprom_fops =


int __init eeprom_init(void)
{
  init_waitqueue_head(&eeprom.wait_q);
  eeprom.busy = 0;

#ifdef CONFIG_ETRAX_I2C_EEPROM_PROBE
#define EETEXT "Found"
#else


/* Changes the current file position. */

/* XXX - requires a lock as does the read etc side */

static loff_t eeprom_lseek(struct file * file, loff_t offset, int orig)
{
  loff_t pos;
/*
 *  orig 0: position from begning of eeprom
 *  orig 1: relative from current position
 *  orig 2: position from last eeprom address
 */
  down(&eeprom_lock);
  
  switch (orig)
  {
   case 0:
     pos = offset;
     break;
   case 1:
     pos = file->f_pos + offset;
     break;
   case 2:
     pos = eeprom.size - offset;
     break;
   default:
     return -EINVAL;
  }

  /* truncate position */
  if (pos < 0 || pos >= eeprom.size)
  {
    file->f_pos = 0;    
    return(-EOVERFLOW);
  }
  
  if (file->f_pos >= eeprom.size)
  {
    up(&eeprom_lock);
    return(-EOVERFLOW);
  }
  return ( file->f_pos = pos );
  return ( file->f_pos );
}

/* Reads data from eeprom. */

static ssize_t eeprom_read(struct file * file, char * buf, size_t count, loff_t *off)
{
  int read=0;
  loff_t p = *off;

  unsigned char page;

  if(p >= eeprom.size)  /* Address i 0 - (size-1) */
  {
    return -EFAULT;
  }
  
  while(eeprom.busy)
  {
    interruptible_sleep_on(&eeprom.wait_q);

  if(down_interruptible(&eeprom_lock))
  	return -EINTR;
      return -EINTR;
    
  }
  eeprom.busy++;

  if(p >= eeprom.size || count > eeprom.size - p)  /* Address i 0 - (size-1) */
  {
    up(&eeprom_lock);
    return -EINVAL;
  }
  page = (unsigned char) (p >> 8);
  
  if(!eeprom_address(p))

    i2c_stop();
    
    /* don't forget to wake them up */
    up(&eeprom_lock);
    wake_up_interruptible(&eeprom.wait_q);  
    return -EFAULT;
  }


  
  if(read > 0)
  {
    *off = p + read;
  }

  up(&eeprom_lock);
  wake_up_interruptible(&eeprom.wait_q);
  return read;
}


    return -EFAULT;
  }

  if(down_interruptible(&eeprom_lock))
  	return -EINTR;

    /* bail out if we get interrupted */
    if (signal_pending(current))
      return -EINTR;
  }
  eeprom.busy++;
  for(i = 0; (i < EEPROM_RETRIES) && (restart > 0); i++)
  {
    restart = 0;
    written = 0;
    p = *off;
   
    
    while( (written < count) && (p < eeprom.size))

        i2c_stop();
        
        /* don't forget to wake them up */
        up(&eeprom_lock);
        return -EIO;
        return -EFAULT;
      }
#ifdef EEPROM_ADAPTIVE_TIMING      
      /* Adaptive algorithm to adjust timing */

    } /* while */
  } /* for  */

  if (written == 0 && p >= eeprom.size){
    up(&eeprom_lock);
  if (written == 0 && file->f_pos >= eeprom.size){
    return -ENOSPC;
  }
  *off = p;
  up(&eeprom_lock);
  return written;
}


Lines 41-46 Link Here

(-)linux-2.6.7/arch/i386/kernel/cpuid.c (-8 / +21 lines)
41	#include <asm/msr.h>	41	#include <asm/msr.h>
42	#include <asm/uaccess.h>	42	#include <asm/uaccess.h>
43	#include <asm/system.h>	43	#include <asm/system.h>
		44	#include <asm/semaphore.h>
		45
		46	static DECLARE_MUTEX(cpuid_lock);
44		47
45	#ifdef CONFIG_SMP	48	#ifdef CONFIG_SMP
46		49
Lines 88-95 Link Here
88	{	91	{
89	loff_t ret;	92	loff_t ret;
90		93
91	lock_kernel();	94	down(&cpuid_lock);
92		95
93	switch (orig) {	96	switch (orig) {
94	case 0:	97	case 0:
95	file->f_pos = offset;	98	file->f_pos = offset;
Lines 102-109 Link Here
102	default:	105	default:
103	ret = -EINVAL;	106	ret = -EINVAL;
104	}	107	}
105		108	up(&cpuid_lock);
106	unlock_kernel();
107	return ret;	109	return ret;
108	}	110	}
109		111
Lines 113-133 Link Here
113	char __user *tmp = buf;	115	char __user *tmp = buf;
114	u32 data[4];	116	u32 data[4];
115	size_t rv;	117	size_t rv;
116	u32 reg = *ppos;	118	u32 reg;
117	int cpu = iminor(file->f_dentry->d_inode);	119	int cpu = iminor(file->f_dentry->d_inode);
		120	int err = -EINVAL;
118		121
119	if (count % 16)	122	if (count % 16)
120	return -EINVAL; /* Invalid chunk size */	123	return -EINVAL; /* Invalid chunk size */
121		124
		125	down(&cpuid_lock);
		126	if(*ppos > 0xFFFFFFFF)
		127	goto error;
		128	reg = *ppos;
		129	err = -EFAULT;
122	for (rv = 0; count; count -= 16) {	130	for (rv = 0; count; count -= 16) {
123	do_cpuid(cpu, reg, data);	131	do_cpuid(cpu, reg, data);
124	if (copy_to_user(tmp, &data, 16))	132	if (copy_to_user(tmp, &data, 16))
125	return -EFAULT;	133	goto error;
126	tmp += 16;	134	tmp += 16;
127	*ppos = reg++;	135	*ppos = reg++;
128	}	136	}
129		137	err = 0;
130	return tmp - buf;	138
		139	error:
		140	up(&cpuid_lock);
		141	if(tmp != buf)
		142	return tmp - buf;
		143	return err;
131	}	144	}
132		145
133	static int cpuid_open(struct inode inode, struct file file)	146	static int cpuid_open(struct inode inode, struct file file)

Lines 41-46 Link Here

(-)linux-2.6.7/arch/i386/kernel/msr.c (-14 / +45 lines)
41	#include <asm/uaccess.h>	41	#include <asm/uaccess.h>
42	#include <asm/system.h>	42	#include <asm/system.h>
43		43
		44	static DECLARE_MUTEX(msr_lock);
		45
44	/* Note: "err" is handled in a funny way below. Otherwise one version	46	/* Note: "err" is handled in a funny way below. Otherwise one version
45	of gcc or another breaks. */	47	of gcc or another breaks. */
46		48
Lines 167-173 Link Here
167	{	169	{
168	loff_t ret = -EINVAL;	170	loff_t ret = -EINVAL;
169		171
170	lock_kernel();	172	down(&msr_lock);
171	switch (orig) {	173	switch (orig) {
172	case 0:	174	case 0:
173	file->f_pos = offset;	175	file->f_pos = offset;
Lines 176-183 Link Here
176	case 1:	178	case 1:
177	file->f_pos += offset;	179	file->f_pos += offset;
178	ret = file->f_pos;	180	ret = file->f_pos;
		181	break;
		182	default:
		183	ret = -EINVAL;
179	}	184	}
180	unlock_kernel();	185	up(&msr_lock);
181	return ret;	186	return ret;
182	}	187	}
183		188
Lines 187-209 Link Here
187	u32 __user tmp = (u32 __user ) buf;	192	u32 __user tmp = (u32 __user ) buf;
188	u32 data[2];	193	u32 data[2];
189	size_t rv;	194	size_t rv;
190	u32 reg = *ppos;	195	u32 reg;
191	int cpu = iminor(file->f_dentry->d_inode);	196	int cpu = iminor(file->f_dentry->d_inode);
192	int err;	197	int err = -EINVAL;
193		198
194	if (count % 8)	199	if (count % 8)
195	return -EINVAL; /* Invalid chunk size */	200	return -EINVAL; /* Invalid chunk size */
196		201
		202	down(&msr_lock);
		203	if(*ppos > 0xFFFFFFFF)
		204	goto error;
		205
		206	reg = *ppos;
197	for (rv = 0; count; count -= 8) {	207	for (rv = 0; count; count -= 8) {
198	err = do_rdmsr(cpu, reg, &data[0], &data[1]);	208	err = do_rdmsr(cpu, reg, &data[0], &data[1]);
199	if (err)	209	if (err)
200	return err;	210	goto error;
201	if (copy_to_user(tmp, &data, 8))	211	if (copy_to_user(tmp, &data, 8))
202	return -EFAULT;	212	{
		213	err = -EFAULT;
		214	goto error;
		215	}
203	tmp += 2;	216	tmp += 2;
		217	/* XXX API - should seek on */
204	}	218	}
205		219	/* Invariant: err = 0 here */
206	return ((char __user *)tmp) - buf;	220	error:
		221	up(&msr_lock);
		222	if(tmp != buf)
		223	return ((char __user *)tmp) - buf;
		224	return err;
207	}	225	}
208		226
209	static ssize_t msr_write(struct file file, const char __user buf,	227	static ssize_t msr_write(struct file file, const char __user buf,
Lines 212-234 Link Here
212	const u32 __user tmp = (const u32 __user )buf;	230	const u32 __user tmp = (const u32 __user )buf;
213	u32 data[2];	231	u32 data[2];
214	size_t rv;	232	size_t rv;
215	u32 reg = *ppos;	233	u32 reg;
216	int cpu = iminor(file->f_dentry->d_inode);	234	int cpu = iminor(file->f_dentry->d_inode);
217	int err;	235	int err = -EINVAL;
218		236
219	if (count % 8)	237	if (count % 8)
220	return -EINVAL; /* Invalid chunk size */	238	return -EINVAL; /* Invalid chunk size */
221		239
		240	down(&msr_lock);
		241	if(*ppos > 0xFFFFFFFF)
		242	goto error;
		243	reg = *ppos;
		244
222	for (rv = 0; count; count -= 8) {	245	for (rv = 0; count; count -= 8) {
223	if (copy_from_user(&data, tmp, 8))	246	if (copy_from_user(&data, tmp, 8))
224	return -EFAULT;	247	{
		248	err = -EFAULT;
		249	goto error;
		250	}
225	err = do_wrmsr(cpu, reg, data[0], data[1]);	251	err = do_wrmsr(cpu, reg, data[0], data[1]);
226	if (err)	252	if (err)
227	return err;	253	goto error;
228	tmp += 2;	254	tmp += 2;
229	}	255	}
230		256	/* Invariant err = 0 here */
231	return ((char __user *)tmp) - buf;	257
		258	error:
		259	up(&msr_lock);
		260	if(tmp != buf)
		261	return ((char __user *)tmp) - buf;
		262	return err;
232	}	263	}
233		264
234	static int msr_open(struct inode inode, struct file file)	265	static int msr_open(struct inode inode, struct file file)

Lines 430-435 Link Here

(-)linux-2.6.7/arch/ia64/kernel/salinfo.c (-2 / +5 lines)
430	size_t size;	430	size_t size;
431	u8 *buf;	431	u8 *buf;
432	u64 bufsize;	432	u64 bufsize;
		433	loff_t pos = *ppos;
		434
		435	/* FIXME: needs seek/parallel-lock */
433		436
434	if (data->state == STATE_LOG_RECORD) {	437	if (data->state == STATE_LOG_RECORD) {
435	buf = data->log_buffer;	438	buf = data->log_buffer;
Lines 441-447 Link Here
441	buf = NULL;	444	buf = NULL;
442	bufsize = 0;	445	bufsize = 0;
443	}	446	}
444	if (*ppos >= bufsize)	447	if (pos >= bufsize)
445	return 0;	448	return 0;
446		449
447	saldata = buf + file->f_pos;	450	saldata = buf + file->f_pos;
Lines 451-457 Link Here
451	if (copy_to_user(buffer, saldata, size))	454	if (copy_to_user(buffer, saldata, size))
452	return -EFAULT;	455	return -EFAULT;
453		456
454	*ppos += size;	457	*ppos = pos + size;
455	return size;	458	return size;
456	}	459	}
457		460

Lines 300-305 Link Here

(-)linux-2.6.7/arch/mips/sibyte/sb1250/bcm1250_tbprof.c (+3 lines)
300	int count = 0;	300	int count = 0;
301	char *dest = buf;	301	char *dest = buf;
302	long cur_off = *offp;	302	long cur_off = *offp;
		303
		304	if(curr_off < 0)
		305	return -EINVAL;
303		306
304	count = 0;	307	count = 0;
305	cur_sample = cur_off / TB_SAMPLE_SIZE;	308	cur_sample = cur_off / TB_SAMPLE_SIZE;




	PTE *ptr;
#endif /* CONFIG_PPC_STD_MMU */
	char buffer[512];
	loff_t pos = *ppos;

	/* FIXME - needs seek/pos locking */
	
	if (pos < 0 || pos > 512)
		return -EINVAL;

	if (cur_cpu_spec[0]->cpu_features & CPU_FTR_604_PERF_MON) {

		      "Non-error misses: %lu\n"
		      "Error misses\t: %lu\n",
		      pte_misses, pte_errors);
	if (pos >= strlen(buffer))
		return 0;
	if (n > strlen(buffer) - pos)
		n = strlen(buffer) - pos;
	if (n > count)
		n = count;
	if (copy_to_user(buf, buffer + pos, n))
		return -EFAULT;
	*ppos = pos + n;
	return n;
}


Lines 265-282 Link Here

(-)linux-2.6.7/arch/ppc/platforms/proc_rtas.c (-22 / +40 lines)
265	size_t count, loff_t *ppos)	265	size_t count, loff_t *ppos)
266	{	266	{
267	int n;	267	int n;
		268	loff_t pos = *ppos;
		269
		270	/* XXX - needs seek locking */
268	if (power_on_time == 0)	271	if (power_on_time == 0)
269	n = sprintf(buf, "Power on time not set\n");	272	n = sprintf(buf, "Power on time not set\n");
270	else	273	else
271	n = sprintf(buf, "%lu\n", power_on_time);	274	n = sprintf(buf, "%lu\n", power_on_time);
272		275
273	if (*ppos >= strlen(buf))	276	if (pos != (unsigned int)pos \|\| pos >= strlen(buf))
274	return 0;	277	return 0;
275	if (n > strlen(buf) - *ppos)	278	if (n > strlen(buf) - pos)
276	n = strlen(buf) - *ppos;	279	n = strlen(buf) - pos;
277	if (n > count)	280	if (n > count)
278	n = count;	281	n = count;
279	*ppos += n;	282	*ppos = pos + n;
280	return n;	283	return n;
281	}	284	}
282		285
Lines 302-316 Link Here
302	size_t count, loff_t *ppos)	305	size_t count, loff_t *ppos)
303	{	306	{
304	int n = 0;	307	int n = 0;
		308	loff_t pos = *ppos;
		309
		310	/* XXX - needs seek locking */
		311
305	if (progress_led != NULL)	312	if (progress_led != NULL)
306	n = sprintf (buf, "%s\n", progress_led);	313	n = sprintf (buf, "%s\n", progress_led);
307	if (*ppos >= strlen(buf))	314	if (pos != (unsigned int)pos \|\| pos >= strlen(buf))
308	return 0;	315	return 0;
309	if (n > strlen(buf) - *ppos)	316	if (n > strlen(buf) - pos)
310	n = strlen(buf) - *ppos;	317	n = strlen(buf) - pos;
311	if (n > count)	318	if (n > count)
312	n = count;	319	n = count;
313	*ppos += n;	320	*ppos = pos + n;
314	return n;	321	return n;
315	}	322	}
316		323
Lines 346-352 Link Here
346	{	353	{
347	unsigned int year, mon, day, hour, min, sec;	354	unsigned int year, mon, day, hour, min, sec;
348	unsigned long ret = kmalloc(48, GFP_KERNEL);	355	unsigned long ret = kmalloc(48, GFP_KERNEL);
		356	loff_t pos = *ppos;
349	int n, error;	357	int n, error;
		358
		359	if(ret == NULL)
		360	return -ENOMEM;
		361
		362	/* Needs seek locking */
350		363
351	error = call_rtas("get-time-of-day", 0, 8, ret);	364	error = call_rtas("get-time-of-day", 0, 8, ret);
352		365
Lines 362-374 Link Here
362	}	375	}
363	kfree(ret);	376	kfree(ret);
364		377
365	if (*ppos >= strlen(buf))	378	if (pos != (unsigned int)pos \|\| pos >= strlen(buf))
366	return 0;	379	return 0;
367	if (n > strlen(buf) - *ppos)	380	if (n > strlen(buf) - pos)
368	n = strlen(buf) - *ppos;	381	n = strlen(buf) - pos;
369	if (n > count)	382	if (n > count)
370	n = count;	383	n = count;
371	*ppos += n;	384	*ppos = pos + n;
372	return n;	385	return n;
373	}	386	}
374		387
Lines 734-748 Link Here
734	size_t count, loff_t *ppos)	747	size_t count, loff_t *ppos)
735	{	748	{
736	int n;	749	int n;
		750	loff_t pos = *ppos;
		751
		752	/* XXX - needs seek locking */
		753
737	n = sprintf(buf, "%lu\n", rtas_tone_frequency);	754	n = sprintf(buf, "%lu\n", rtas_tone_frequency);
738		755
739	if (*ppos >= strlen(buf))	756	if (pos != (unsigned long)pos \|\| pos >= strlen(buf))
740	return 0;	757	return 0;
741	if (n > strlen(buf) - *ppos)	758	if (n > strlen(buf) - pos)
742	n = strlen(buf) - *ppos;	759	n = strlen(buf) - pos;
743	if (n > count)	760	if (n > count)
744	n = count;	761	n = count;
745	*ppos += n;	762	*ppos = pos + n;
746	return n;	763	return n;
747	}	764	}
748	/* ****************************************************************** */	765	/* ****************************************************************** */
Lines 774-788 Link Here
774	static ssize_t ppc_rtas_tone_volume_read(struct file * file, char * buf,	791	static ssize_t ppc_rtas_tone_volume_read(struct file * file, char * buf,
775	size_t count, loff_t *ppos)	792	size_t count, loff_t *ppos)
776	{	793	{
777	int n;	794	int n = sprintf(buf, "%lu\n", rtas_tone_volume);
778	n = sprintf(buf, "%lu\n", rtas_tone_volume);	795	loff_t pos = *ppos;
779		796
780	if (*ppos >= strlen(buf))	797	/* XXX - Needs locking - actual shouldnt these all have ONE helper */
		798	if (pos != (unsigned int) pos \|\| pos >= strlen(buf))
781	return 0;	799	return 0;
782	if (n > strlen(buf) - *ppos)	800	if (n > strlen(buf) - pos)
783	n = strlen(buf) - *ppos;	801	n = strlen(buf) - pos;
784	if (n > count)	802	if (n > count)
785	n = count;	803	n = count;
786	*ppos += n;	804	*ppos = pos + n;
787	return n;	805	return n;
788	}	806	}




static loff_t dev_nvram_llseek(struct file *file, loff_t offset, int origin)
{
	int size;
	/* XXX needs locking */

	if (ppc_md.nvram_size == NULL)
		return -ENODEV;

	ssize_t len;
	char *tmp_buffer;
	int size;
	loff_t pos = *ppos;

	if (ppc_md.nvram_size == NULL)
		return -ENODEV;


	if (verify_area(VERIFY_WRITE, buf, count))
		return -EFAULT;
	if (pos >= size || pos < 0)
		return 0;
	if (count > size) 
		count = size;

		return -ENOMEM;
	}

	len = ppc_md.nvram_read(tmp_buffer, count, &pos);
	*ppos = pos;
	
	if ((long)len <= 0) {
		kfree(tmp_buffer);
		return len;

	ssize_t len;
	char * tmp_buffer;
	int size;
	loff_t pos = *ppos;

	if (ppc_md.nvram_size == NULL)
		return -ENODEV;


	if (verify_area(VERIFY_READ, buf, count))
		return -EFAULT;
	if (pos >= size || pos < 0)
		return 0;
	if (count > size)
		count = size;

		return -EFAULT;
	}

	len = ppc_md.nvram_write(tmp_buffer, count, &pos);
	*ppos = pos;
	
	if ((long)len <= 0) {
		kfree(tmp_buffer);
		return len;





static loff_t page_map_seek( struct file *file, loff_t off, int whence)
{
	/* XXX - locking needed */
	loff_t new;
	struct proc_dir_entry *dp = PDE(file->f_dentry->d_inode);



static ssize_t page_map_read( struct file *file, char *buf, size_t nbytes, loff_t *ppos)
{
	loff_t pos = *ppos;
	struct proc_dir_entry *dp = PDE(file->f_dentry->d_inode);

	if ( pos < 0 || pos >= dp->size )
		return 0;
	if ( nbytes >= dp->size )
		nbytes = dp->size;




	if (msglen > count)
		msglen = count;

	if (*ppos != 0)
		return 0;	/* be cheap */

	error = verify_area(VERIFY_WRITE, buf, msglen);

	if (copy_to_user(buf, msg, msglen))
		return -EFAULT;

	*ppos = msglen;
		*ppos = msglen;
	return msglen;
}


	if (msglen > count)
		msglen = count;

	if (*ppos != 0)
		return 0;	/* be cheap */

	error = verify_area(VERIFY_WRITE, buf, msglen);

	if (copy_to_user(buf, msg, msglen))
		return -EFAULT;

	*ppos = msglen;
		*ppos = msglen;
	return msglen;
}



	args_buf = (struct rtas_validate_flash_t *) dp->data;

	if (*ppos != 0)
		return 0;	/* be cheap */
	
	msglen = get_validate_flash_msg(args_buf, msg);

	if (copy_to_user(buf, msg, msglen))
		return -EFAULT;

	*ppos = msglen;
		*ppos = msglen;
	return msglen;
}





{
	char stkbuf[40];  /* its small, its on stack */
	int n, sn;
	loff_t pos = *ppos;
	
	if (power_on_time == 0)
		n = scnprintf(stkbuf,sizeof(stkbuf),"Power on time not set\n");
	else
		n = scnprintf(stkbuf,sizeof(stkbuf),"%lu\n",power_on_time);

	sn = strlen (stkbuf) +1;
	if (pos != (unsigned int)pos || pos >= sn)
		return 0;
	if (n > sn - pos)
		n = sn - pos;
	if (n > count)
		n = count;
	if (copy_to_user (buf, stkbuf + pos, n)) {
		return -EFAULT;
	}
	*ppos = pos + n;
	return n;
}


{
	int sn, n = 0;
	char *tmpbuf;
	loff_t pos = *ppos;

	if (progress_led == NULL) return 0;


	n = sprintf (tmpbuf, "%s\n", progress_led);

	sn = strlen (tmpbuf) +1;
	if (pos != (unsigned int)pos || pos >= sn) {
		kfree (tmpbuf);
		return 0;
	}
	if (n > sn - pos)
		n = sn - pos;
	if (n > count)
		n = count;
	if (copy_to_user (buf, tmpbuf + pos, n)) {
		kfree (tmpbuf);
		return -EFAULT;
	}
	kfree (tmpbuf);
	*ppos = pos + n;
	return n;
}


	unsigned long *ret = kmalloc(4*8, GFP_KERNEL);
	int n, sn, error;
	char stkbuf[40];  /* its small, its on stack */
	loff_t pos = *ppos;

	if(ret == NULL)
		return -ENOMEM;
		
	error = rtas_call(rtas_token("get-time-of-day"), 0, 8, ret);
	
	year = ret[0]; mon  = ret[1]; day  = ret[2];

	kfree(ret);

	sn = strlen (stkbuf) +1;
	if (pos != (unsigned int)pos || pos >= sn)
		return 0;
	if (n > sn - pos)
		n = sn - pos;
	if (n > count)
		n = count;
	if (copy_to_user (buf, stkbuf + pos, n)) {
		return -EFAULT;
	}
	*ppos = pos + n;
	return n;
}


	char *dest;
	int error;

	if (39 < count)
		count = 39;
	if (copy_from_user (stkbuf, buf, count)) {
		return -EFAULT;
	}

{
	int n, sn;
	char stkbuf[40];  /* its small, its on stack */
	loff_t pos = *ppos;

	n = scnprintf(stkbuf, 40, "%lu\n", rtas_tone_frequency);

	sn = strlen (stkbuf) +1;
	if (pos != (unsigned int)pos || pos >= sn)
		return 0;
	if (n > sn - pos)
		n = sn - pos;
	if (n > count)
		n = count;
	if (copy_to_user (buf, stkbuf + pos, n)) {
		return -EFAULT;
	}
	*ppos = pos + n;
	return n;
}
/* ****************************************************************** */

{
	int n, sn;
	char stkbuf[40];  /* its small, its on stack */
	loff_t pos = *ppos;

	n = scnprintf(stkbuf, 40, "%lu\n", rtas_tone_volume);

	sn = strlen (stkbuf) +1;
	if (pos != (unsigned int)pos || pos >= sn)
		return 0;
	if (n > sn - pos)
		n = sn - pos;
	if (n > count)
		n = count;
	if (copy_to_user (buf, stkbuf + (*ppos), n)) {
		return -EFAULT;
	}
	*ppos = pos + n;
	return n;
}


	if (n > count)
		n = count;

	if (*ppos != 0)
		return 0;

	if (copy_to_user(buf, kbuf, n))
		return -EFAULT;

	*ppos = n;
		*ppos = n;
	
	return n;
}





	p_info = ((file_private_info_t *) file->private_data);
	if (*offset != p_info->offset) 
		return -ESPIPE;
	if(p_info->act_area >= p_info->debug_info_snap->nr_areas)
		return 0;


				goto out;
	}
out:
	p_info->offset           += count;
	p_info->act_entry_offset = size;	
	*offset = p_info->offset;
	return count;

		       input_buf[0]);
	}
      out:
	*offset = in_buf_size;
	return rc;		/* number of input characters */
}


        printk(KERN_INFO "debug: area `%c` is not valid\n", input_buf[0]);

      out:
        *offset = in_buf_size;
        return rc;              /* number of input characters */
}


Lines 94-109 Link Here

(-)linux-2.6.7/drivers/acpi/system.c (-8 / +19 lines)
94	struct acpi_buffer dsdt = {ACPI_ALLOCATE_BUFFER, NULL};	94	struct acpi_buffer dsdt = {ACPI_ALLOCATE_BUFFER, NULL};
95	void *data = 0;	95	void *data = 0;
96	size_t size = 0;	96	size_t size = 0;
		97	loff_t pos = *ppos;
97		98
98	ACPI_FUNCTION_TRACE("acpi_system_read_dsdt");	99	ACPI_FUNCTION_TRACE("acpi_system_read_dsdt");
		100
		101	/* XXX - seek locking required */
99		102
100	status = acpi_get_table(ACPI_TABLE_DSDT, 1, &dsdt);	103	status = acpi_get_table(ACPI_TABLE_DSDT, 1, &dsdt);
101	if (ACPI_FAILURE(status))	104	if (ACPI_FAILURE(status))
102	return_VALUE(-ENODEV);	105	return_VALUE(-ENODEV);
103		106
104	if (*ppos < dsdt.length) {	107	if (pos < 0)
105	data = dsdt.pointer + file->f_pos;	108	return -EINVAL;
106	size = dsdt.length - file->f_pos;	109
		110	if (pos < dsdt.length) {
		111	data = dsdt.pointer + pos;
		112	size = dsdt.length - pos;
107	if (size > count)	113	if (size > count)
108	size = count;	114	size = count;
109	if (copy_to_user(buffer, data, size)) {	115	if (copy_to_user(buffer, data, size)) {
Lines 114-120 Link Here
114		120
115	acpi_os_free(dsdt.pointer);	121	acpi_os_free(dsdt.pointer);
116		122
117	*ppos += size;	123	*ppos = pos + size;
118		124
119	return_VALUE(size);	125	return_VALUE(size);
120	}	126	}
Lines 137-142 Link Here
137	struct acpi_buffer fadt = {ACPI_ALLOCATE_BUFFER, NULL};	143	struct acpi_buffer fadt = {ACPI_ALLOCATE_BUFFER, NULL};
138	void *data = 0;	144	void *data = 0;
139	size_t size = 0;	145	size_t size = 0;
		146	loff_t pos = *ppos;
140		147
141	ACPI_FUNCTION_TRACE("acpi_system_read_fadt");	148	ACPI_FUNCTION_TRACE("acpi_system_read_fadt");
142		149
Lines 144-152 Link Here
144	if (ACPI_FAILURE(status))	151	if (ACPI_FAILURE(status))
145	return_VALUE(-ENODEV);	152	return_VALUE(-ENODEV);
146		153
147	if (*ppos < fadt.length) {	154	/* XXX - seek locking required */
148	data = fadt.pointer + file->f_pos;	155	if (pos < 0)
149	size = fadt.length - file->f_pos;	156	return -EINVAL;
		157
		158	if (pos < fadt.length) {
		159	data = fadt.pointer + pos;
		160	size = fadt.length - pos;
150	if (size > count)	161	if (size > count)
151	size = count;	162	size = count;
152	if (copy_to_user(buffer, data, size)) {	163	if (copy_to_user(buffer, data, size)) {
Lines 157-163 Link Here
157		168
158	acpi_os_free(fadt.pointer);	169	acpi_os_free(fadt.pointer);
159		170
160	*ppos += size;	171	*ppos = pos + size;
161		172
162	return_VALUE(size);	173	return_VALUE(size);
163	}	174	}




{
	struct inode *node = file->f_dentry->d_inode;
	unsigned long page;
	loff_t pos = *ppos;
	int length;
	int end;

	/* XXX - seek locking required */
	if (count < 0 || pos < 0)
		return( -EINVAL );
	if (!(page = __get_free_page( GFP_KERNEL )))
		return( -ENOMEM );

		count = length;
		goto out;
	}
	if (pos >= length) {
		count = 0;
		goto out;
	}
	if (count + pos > length)
		count = length - pos;
	end = count + pos;
	if (copy_to_user(buf, (char *)page + pos, count)) {
		count = -EFAULT;
		goto out;
	}
	*ppos = end;
out:	free_page( page );
	return( count );
}




#include <linux/smp_lock.h>
#include <asm/uaccess.h>
#include <asm/nvram.h>
#include <asm/semaphore.h>

#define NVRAM_SIZE	8192

static DECLARE_MUTEX(nvram_sem);

static loff_t nvram_llseek(struct file *file, loff_t offset, int origin)
{
	down(&nvram_sem);
     
	switch (origin) {
	case 1:
		offset += file->f_pos;

		break;
	}
	if (offset < 0) {
		up(&nvram_sem);
		return -EINVAL;
	}
	file->f_pos = offset;
	up(&nvram_sem);
	return file->f_pos;
}

static ssize_t read_nvram(struct file *file, char __user *buf,
			  size_t count, loff_t *ppos)
{
	loff_t i;
	char __user *p = buf;
	
	if (verify_area(VERIFY_WRITE, buf, count))
		return -EFAULT;
		
	down(&nvram_sem);
	/* If we are already off the end then we report 0 anyway .. */
	for (i = *ppos; count > 0 && i < NVRAM_SIZE; ++i, ++p, --count)
		if (__put_user(nvram_read_byte(i), p))
		{
			up(&nvram_sem);
			return -EFAULT;
		}
	*ppos = i;
	up(&nvram_sem);
	return p - buf;
}

static ssize_t write_nvram(struct file *file, const char __user *buf,
			   size_t count, loff_t *ppos)
{
	loff_t i;
	const char __user *p = buf;
	char c;
	struct semaphore *s = &file->f_dentry->d_inode->i_sem;

	if (verify_area(VERIFY_READ, buf, count))
		return -EFAULT;
		
	down(&nvram_sem);
	/* if *ppos > end then we return 0 anyway */
	for (i = *ppos; count > 0 && i < NVRAM_SIZE; ++i, ++p, --count) {
		if (__get_user(c, p))
		{
			up(&nvram_sem);
			return -EFAULT;
		}
		nvram_write_byte(c, i);
	}
	*ppos = i;
	up(&nvram_sem);
	return p - buf;
}


Lines 464-490 Link Here

(-)linux-2.6.7/drivers/char/i8k.c (-6 / +11 lines)
464		464
465	static ssize_t i8k_read(struct file f, char __user buffer, size_t len, loff_t *fpos)	465	static ssize_t i8k_read(struct file f, char __user buffer, size_t len, loff_t *fpos)
466	{	466	{
		467	loff_t pos = *fpos;
467	int n;	468	int n;
468	char info[128];	469	char info[128];
		470
		471	/* XXX - seek locking required */
469		472
470	n = i8k_get_info(info, NULL, 0, 128);	473	n = i8k_get_info(info, NULL, 0, 128);
471	if (n <= 0) {	474	if (n <= 0)
472	return n;	475	return n;
473	}	476
		477	if (pos < 0)
		478	return -EINVAL;
474		479
475	if (*fpos >= n) {	480	if (pos >= n) {
476	return 0;	481	return 0;
477	}	482	}
478		483
479	if ((*fpos + len) >= n) {	484	if (pos + len >= n) {
480	len = n - *fpos;	485	len = n - pos;
481	}	486	}
482		487
483	if (copy_to_user(buffer, info, len) != 0) {	488	if (copy_to_user(buffer, info, len) != 0) {
484	return -EFAULT;	489	return -EFAULT;
485	}	490	}
486		491
487	*fpos += len;	492	*fpos = pos + len;
488	return len;	493	return len;
489	}	494	}
490		495




	void		*memptr;
	stlibrd_t	*brdp;
	int		brdnr, size, n;
	loff_t		pos = *offp;

#if DEBUG
	printk(KERN_DEBUG "stli_memread(fp=%x,buf=%x,count=%x,offp=%x)\n",

		return(-ENODEV);
	if (brdp->state == 0)
		return(-ENODEV);
	if (pos < 0 || pos >= brdp->memsize)
		return(0);

	size = MIN(count, (brdp->memsize - pos));

	save_flags(flags);
	cli();
	EBRDENABLE(brdp);
	while (size > 0) {
		memptr = (void *) EBRDGETMEMPTR(brdp, fp->f_pos);
		n = MIN(size, (brdp->pagesize - (((unsigned long) pos) % brdp->pagesize)));
		if (copy_to_user(buf, memptr, n)) {
			count = -EFAULT;
			goto out;
		}
		pos += n;
		buf += n;
		size -= n;
	}
out:
	*ppos = pos;
	EBRDDISABLE(brdp);
	restore_flags(flags);


	stlibrd_t	*brdp;
	char		*chbuf;
	int		brdnr, size, n;
	loff_t		pos = *ppos;
	
#if DEBUG
	printk(KERN_DEBUG "stli_memwrite(fp=%x,buf=%x,count=%x,offp=%x)\n",
			(int) fp, (int) buf, count, (int) offp);

		return(-ENODEV);
	if (brdp->state == 0)
		return(-ENODEV);
	if (pos < 0 || pos >= brdp->memsize)
		return(0);

	chbuf = (char *) buf;
	size = MIN(count, (brdp->memsize - pos));

	save_flags(flags);
	cli();
	EBRDENABLE(brdp);
	while (size > 0) {
		memptr = (void *) EBRDGETMEMPTR(brdp, pos);
		n = MIN(size, (brdp->pagesize - (((unsigned long) pos) % brdp->pagesize)));
		if (copy_from_user(memptr, chbuf, n)) {
			count = -EFAULT;
			goto out;
		}
		pos += n;
		chbuf += n;
		size -= n;
	}
	*ppos = pos;
out:
	EBRDDISABLE(brdp);
	restore_flags(flags);

Lines 143-149 Link Here

(-)linux-2.6.7/drivers/char/mem.c (-2 / +2 lines)
143	return -EFAULT;	143	return -EFAULT;
144	}	144	}
145	written += count;	145	written += count;
146	*ppos += written;	146	*ppos = realp + written;
147	return written;	147	return written;
148	}	148	}
149		149
Lines 180-186 Link Here
180	if (copy_to_user(buf, __va(p), count))	180	if (copy_to_user(buf, __va(p), count))
181	return -EFAULT;	181	return -EFAULT;
182	read += count;	182	read += count;
183	*ppos += read;	183	*ppos = p + read;
184	return read;	184	return read;
185	}	185	}
186		186





static loff_t nvram_llseek(struct file *file,loff_t offset, int origin )
{
	spin_lock_irq(&rtc_lock);
	switch (origin) {
	case 0:
		/* nothing to do */

		offset += NVRAM_BYTES;
		break;
	}
	if(offset < 0 || offset > NVRAM_BYTES)
		offset = -EINVAL;
	else
		file->f_pos = offset;
	spin_unlock_irq(&rtc_lock);
	return offset;
}

static ssize_t
nvram_read(struct file *file, char __user *buf, size_t count, loff_t *ppos)
{
	unsigned char contents[NVRAM_BYTES];
	loff_t i;
	unsigned char *tmp;
 	
	spin_lock_irq(&rtc_lock);

	if (!__nvram_check_checksum())
		goto checksum_err;
		
	i = *ppos;

	for (tmp = contents; count-- > 0 && i < NVRAM_BYTES; ++i, ++tmp)
		*tmp = __nvram_read_byte(i);

	*ppos = i;
	spin_unlock_irq(&rtc_lock);

	if (copy_to_user(buf, contents, tmp - contents))
		return -EFAULT;

	*ppos = i;

	return tmp - contents;

checksum_err:
	spin_unlock_irq(&rtc_lock);
	return -EIO;
}

nvram_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos)
{
	unsigned char contents[NVRAM_BYTES];
	loff_t i;
	unsigned char *tmp;
	int len = count;

	if (len > NVRAM_BYTES)
		len = NVRAM_BYTES;
			
	if (copy_from_user(contents, buf, len))
	{

		return -EFAULT;
	}

	spin_lock_irq(&rtc_lock);

	i = *ppos;
		
	if (!__nvram_check_checksum())
		goto checksum_err;

	for (tmp = contents; len-- > 0 && i < NVRAM_BYTES; ++i, ++tmp)
		__nvram_write_byte(*tmp, i);

	__nvram_set_checksum();

	spin_unlock_irq(&rtc_lock);

	*ppos = i;
	spin_unlock_irq(&rtc_lock);

	return tmp - contents;

checksum_err:
	spin_unlock_irq(&rtc_lock);
	return -EIO;
}

Lines 134-140 Link Here

(-)linux-2.6.7/drivers/char/nwflash.c (-17 / +30 lines)
134		134
135	static ssize_t flash_read(struct file file, char buf, size_t size, loff_t * ppos)	135	static ssize_t flash_read(struct file file, char buf, size_t size, loff_t * ppos)
136	{	136	{
137	unsigned long p = *ppos;	137	loff_t p;
138	unsigned int count = size;	138	unsigned int count = size;
139	int ret = 0;	139	int ret = 0;
140		140
Lines 145-150 Link Here
145	if (count)	145	if (count)
146	ret = -ENXIO;	146	ret = -ENXIO;
147		147
		148	if (down_interruptible(&nwflash_sem))
		149	return -ERESTARTSYS;
		150	p = *ppos;
		151
148	if (p < gbFlashSize) {	152	if (p < gbFlashSize) {
149	if (count > gbFlashSize - p)	153	if (count > gbFlashSize - p)
150	count = gbFlashSize - p;	154	count = gbFlashSize - p;
Lines 152-159 Link Here
152	/*	156	/*
153	* We now lock against reads and writes. --rmk	157	* We now lock against reads and writes. --rmk
154	*/	158	*/
155	if (down_interruptible(&nwflash_sem))
156	return -ERESTARTSYS;
157		159
158	ret = copy_to_user(buf, (void *)(FLASH_BASE + p), count);	160	ret = copy_to_user(buf, (void *)(FLASH_BASE + p), count);
159	if (ret == 0) {	161	if (ret == 0) {
Lines 161-174 Link Here
161	*ppos += count;	163	*ppos += count;
162	} else	164	} else
163	ret = -EFAULT;	165	ret = -EFAULT;
164	up(&nwflash_sem);
165	}	166	}
		167	up(&nwflash_sem);
166	return ret;	168	return ret;
167	}	169	}
168		170
169	static ssize_t flash_write(struct file file, const char buf, size_t size, loff_t * ppos)	171	static ssize_t flash_write(struct file file, const char buf, size_t size, loff_t * ppos)
170	{	172	{
171	unsigned long p = *ppos;	173	loff_t p;
172	unsigned int count = size;	174	unsigned int count = size;
173	int written;	175	int written;
174	int nBlock, temp, rc;	176	int nBlock, temp, rc;
Lines 181-206 Link Here
181	if (!gbWriteEnable)	183	if (!gbWriteEnable)
182	return -EINVAL;	184	return -EINVAL;
183		185
		186	/*
		187	* We now lock against reads and writes. --rmk
		188	*/
		189	if (down_interruptible(&nwflash_sem))
		190	return -ERESTARTSYS;
		191
		192
		193	p = *ppos;
184	if (p < 64 * 1024 && (!gbWriteBase64Enable))	194	if (p < 64 * 1024 && (!gbWriteBase64Enable))
185	return -EINVAL;	195	{
		196	written = -EINVAL;
		197	goto error;
		198	}
186		199
187	/*	200	/*
188	* check for out of range pos or count	201	* check for out of range pos or count
189	*/	202	*/
190	if (p >= gbFlashSize)	203	if (p >= gbFlashSize)
191	return count ? -ENXIO : 0;	204	{
		205	written = 0;
		206	goto error;
		207	}
192		208
193	if (count > gbFlashSize - p)	209	if (count > gbFlashSize - p)
194	count = gbFlashSize - p;	210	count = gbFlashSize - p;
195		211
196	if (verify_area(VERIFY_READ, buf, count))	212	if (verify_area(VERIFY_READ, buf, count))
197	return -EFAULT;	213	{
		214	written = -EFAULT;
		215	goto error;
		216	}
198		217
199	/*
200	* We now lock against reads and writes. --rmk
201	*/
202	if (down_interruptible(&nwflash_sem))
203	return -ERESTARTSYS;
204		218
205	written = 0;	219	written = 0;
206		220
Lines 286-294 Link Here
286	* restore reg on exit	300	* restore reg on exit
287	*/	301	*/
288	leds_event(led_release);	302	leds_event(led_release);
289		303	error:
290	up(&nwflash_sem);	304	up(&nwflash_sem);
291
292	return written;	305	return written;
293	}	306	}
294		307
Lines 305-315 Link Here
305	{	318	{
306	loff_t ret;	319	loff_t ret;
307		320
308	lock_kernel();
309	if (flashdebug)	321	if (flashdebug)
310	printk(KERN_DEBUG "flash_llseek: offset=0x%X, orig=0x%X.\n",	322	printk(KERN_DEBUG "flash_llseek: offset=0x%X, orig=0x%X.\n",
311	(unsigned int) offset, orig);	323	(unsigned int) offset, orig);
312		324
		325	down(&nwflash_sem);
313	switch (orig) {	326	switch (orig) {
314	case 0:	327	case 0:
315	if (offset < 0) {	328	if (offset < 0) {
Lines 340-346 Link Here
340	default:	353	default:
341	ret = -EINVAL;	354	ret = -EINVAL;
342	}	355	}
343	unlock_kernel();	356	up(&nwflash_sem);
344	return ret;	357	return ret;
345	}	358	}
346		359




        ssize_t retval;
        void *membase;

	/* XXX - should do proper locking instead */
	if (off < 0)
		return -EINVAL;
	if (off > PCILYNX_MAX_MEMORY)
                return -ENOSPC;
        if (count > PCILYNX_MAX_MEMORY + 1 - off)
                count = PCILYNX_MAX_MEMORY + 1 - off;

        switch (md->type) {
        case rom:


        if (count < mem_mindma) {
                memcpy_fromio(md->lynx->mem_dma_buffer, membase+off, count);
                off += count;
                goto out;
        }


        while (bcount >= 4) {
                retval = mem_dmaread(md, md->lynx->mem_dma_buffer_dma
                                     + count - bcount, bcount, off);
                if (retval < 0)
                {
                	/* FIXME - ought to report short read on error */
		        up(&md->lynx->mem_dma_mutex);
			return retval;
                }

                bcount -= retval;
                off += retval;

        if (bcount) {
                memcpy_fromio(md->lynx->mem_dma_buffer + count - bcount,
                              membase+off, bcount);
                off += bcount;
        }

 out:
        retval = copy_to_user(buffer, md->lynx->mem_dma_buffer, count);
        up(&md->lynx->mem_dma_mutex);

	if (retval < 0)  
		return -EFAULT;
        *offset = off;
        return count;
}


                         loff_t *offset)
{
        struct memdata *md = (struct memdata *)file->private_data;
        loff_t off = * offset;
        

	if (!count)
		return 0;
	if (off < 0)
		return -EINVAL;
	if (off > PCILYNX_MAX_MEMORY)
		return -ENOSPC;

        if (count) > PCILYNX_MAX_MEMORY + 1 - off)
                count = PCILYNX_MAX_MEMORY + 1 - off;

        /* FIXME: dereferencing pointers to PCI mem doesn't work everywhere */
        switch (md->type) {
        case aux:
		if (copy_from_user(md->lynx->aux_port+off, buffer, count))
			return -EFAULT;
                break;
        case ram:
		if (copy_from_user(md->lynx->local_ram+off, buffer, count))
			return -EFAULT;
                break;
        case rom:
                /* the ROM may be writeable */
		if (copy_from_user(md->lynx->local_rom+off, buffer, count))
			return -EFAULT;
                break;
        }

        *offset = off + count;
        return count;
}
#endif /* CONFIG_IEEE1394_PCILYNX_PORTS */

Lines 79-84 Link Here

(-)linux-2.6.7/drivers/isdn/divert/divert_procfs.c (-2 / +3 lines)
79	isdn_divert_read(struct file file, char buf, size_t count, loff_t * off)	79	isdn_divert_read(struct file file, char buf, size_t count, loff_t * off)
80	{	80	{
81	struct divert_info *inf;	81	struct divert_info *inf;
		82	loff_t pos = *off;
82	int len;	83	int len;
83		84
84	if (!((struct divert_info *) file->private_data)) {	85	if (!((struct divert_info *) file->private_data)) {
Lines 94-101 Link Here
94	if ((len = strlen(inf->info_start)) <= count) {	95	if ((len = strlen(inf->info_start)) <= count) {
95	if (copy_to_user(buf, inf->info_start, len))	96	if (copy_to_user(buf, inf->info_start, len))
96	return -EFAULT;	97	return -EFAULT;
97	file->f_pos += len;	98	*off = pos + len;
98	return (len);	99	return len;
99	}	100	}
100	return (0);	101	return (0);
101	} /* isdn_divert_read */	102	} /* isdn_divert_read */




static ssize_t
hysdn_conf_read(struct file *file, char *buf, size_t count, loff_t * off)
{
	loff_t pos = *off;
	char *cp;
	int i;

	if (off != &file->f_pos)	/* fs error check */
		return -ESPIPE;

	if (!(cp = file->private_data))
		return (-EFAULT);	/* should never happen */
	i = strlen(cp);	/* get total string length */
	if (pos == (unsigned)pos && pos < i) {
		/* still bytes to transfer */
		cp += pos;	/* point to desired data offset */
		i -= pos;	/* remaining length */
		if (i > count)
			i = count;	/* limit length to transfer */
		if (copy_to_user(buf, cp, i))
			return (-EFAULT);	/* copy error */
		*off = pos + i;	/* adjust offset */
			*off += i;	/* adjust offset */
		} else
			return (0);
	} else
		return 0;

	return (i);
}				/* hysdn_conf_read */

Lines 210-215 Link Here

(-)linux-2.6.7/drivers/isdn/hysdn/hysdn_proclog.c (-1 / +2 lines)
210	struct proc_dir_entry *pde = PDE(file->f_dentry->d_inode);	210	struct proc_dir_entry *pde = PDE(file->f_dentry->d_inode);
211	struct procdata *pd = NULL;	211	struct procdata *pd = NULL;
212	hysdn_card *card;	212	hysdn_card *card;
		213	loff_t pos = *off;
213		214
214	if (!((struct log_data *) file->private_data)) {	215	if (!((struct log_data *) file->private_data)) {
215	if (file->f_flags & O_NONBLOCK)	216	if (file->f_flags & O_NONBLOCK)
Lines 237-243 Link Here
237	if ((len = strlen(inf->log_start)) <= count) {	238	if ((len = strlen(inf->log_start)) <= count) {
238	if (copy_to_user(buf, inf->log_start, len))	239	if (copy_to_user(buf, inf->log_start, len))
239	return -EFAULT;	240	return -EFAULT;
240	file->f_pos += len;	241	*off = pos + len;
241	return (len);	242	return (len);
242	}	243	}
243	return (0);	244	return (0);

Lines 937-943 Link Here

(-)linux-2.6.7/drivers/isdn/i4l/isdn_common.c (-5 / +9 lines)
937	}	937	}
938		938
939	static ssize_t	939	static ssize_t
940	isdn_read(struct file file, char buf, size_t count, loff_t * off)	940	isdn_read(struct file file, char __user buf, size_t count, loff_t * poff)
941	{	941	{
942	uint minor = MINOR(file->f_dentry->d_inode->i_rdev);	942	uint minor = MINOR(file->f_dentry->d_inode->i_rdev);
943	int len = 0;	943	int len = 0;
Lines 945-955 Link Here
945	int chidx;	945	int chidx;
946	int retval;	946	int retval;
947	char *p;	947	char *p;
		948	loff_t off;
948		949
949	if (off != &file->f_pos)	950	if (poff != &file->f_pos)
950	return -ESPIPE;	951	return -ESPIPE;
951		952
952	lock_kernel();	953	lock_kernel();
		954	off = *poff;
		955
953	if (minor == ISDN_MINOR_STATUS) {	956	if (minor == ISDN_MINOR_STATUS) {
954	if (!file->private_data) {	957	if (!file->private_data) {
955	if (file->f_flags & O_NONBLOCK) {	958	if (file->f_flags & O_NONBLOCK) {
Lines 965-971 Link Here
965	retval = -EFAULT;	968	retval = -EFAULT;
966	goto out;	969	goto out;
967	}	970	}
968	*off += len;	971	off += len;
969	retval = len;	972	retval = len;
970	goto out;	973	goto out;
971	}	974	}
Lines 994-1000 Link Here
994	}	997	}
995	len = isdn_readbchan(drvidx, chidx, p, 0, count,	998	len = isdn_readbchan(drvidx, chidx, p, 0, count,
996	&dev->drv[drvidx]->rcv_waitq[chidx]);	999	&dev->drv[drvidx]->rcv_waitq[chidx]);
997	*off += len;	1000	off += len;
998	if (copy_to_user(buf,p,len))	1001	if (copy_to_user(buf,p,len))
999	len = -EFAULT;	1002	len = -EFAULT;
1000	kfree(p);	1003	kfree(p);
Lines 1027-1033 Link Here
1027	dev->drv[drvidx]->stavail -= len;	1030	dev->drv[drvidx]->stavail -= len;
1028	else	1031	else
1029	dev->drv[drvidx]->stavail = 0;	1032	dev->drv[drvidx]->stavail = 0;
1030	*off += len;	1033	off += len;
1031	retval = len;	1034	retval = len;
1032	goto out;	1035	goto out;
1033	}	1036	}
Lines 1039-1044 Link Here
1039	#endif	1042	#endif
1040	retval = -ENODEV;	1043	retval = -ENODEV;
1041	out:	1044	out:
		1045	*poff = off;
1042	unlock_kernel();	1046	unlock_kernel();
1043	return retval;	1047	return retval;
1044	}	1048	}

Lines 22-27 Link Here

(-)linux-2.6.7/drivers/macintosh/ans-lcd.c (-13 / +32 lines)
22	static unsigned long anslcd_short_delay = 80;	22	static unsigned long anslcd_short_delay = 80;
23	static unsigned long anslcd_long_delay = 3280;	23	static unsigned long anslcd_long_delay = 3280;
24	static volatile unsigned char* anslcd_ptr;	24	static volatile unsigned char* anslcd_ptr;
		25	static DECLARE_MUTEX(anslcd_lock);
25		26
26	#undef DEBUG	27	#undef DEBUG
27		28
Lines 61-73 Link Here
61		62
62	if ( verify_area(VERIFY_READ, buf, count) )	63	if ( verify_area(VERIFY_READ, buf, count) )
63	return -EFAULT;	64	return -EFAULT;
64	for ( i = *ppos; count > 0; ++i, ++p, --count )	65
		66	down(&anslcd_lock);
		67	for (; count > 0; ++p, --count )
65	{	68	{
66	char c;	69	char c;
67	__get_user(c, p);	70	__get_user(c, p);
68	anslcd_write_byte_data( c );	71	anslcd_write_byte_data( c );
69	}	72	}
70	*ppos = i;	73	up(&anslcd_lock);
71	return p - buf;	74	return p - buf;
72	}	75	}
73		76
Lines 76-86 Link Here
76	unsigned int cmd, unsigned long arg )	79	unsigned int cmd, unsigned long arg )
77	{	80	{
78	char ch, *temp;	81	char ch, *temp;
79		82	int ret = 0;
		83
80	#ifdef DEBUG	84	#ifdef DEBUG
81	printk(KERN_DEBUG "LCD: ioctl(%d,%d)\n",cmd,arg);	85	printk(KERN_DEBUG "LCD: ioctl(%d,%d)\n",cmd,arg);
82	#endif	86	#endif
83		87
		88	down(&anslcd_lock);
		89
84	switch ( cmd )	90	switch ( cmd )
85	{	91	{
86	case ANSLCD_CLEAR:	92	case ANSLCD_CLEAR:
Lines 89-95 Link Here
89	anslcd_write_byte_ctrl ( 0x06 );	95	anslcd_write_byte_ctrl ( 0x06 );
90	anslcd_write_byte_ctrl ( 0x01 );	96	anslcd_write_byte_ctrl ( 0x01 );
91	anslcd_write_byte_ctrl ( 0x02 );	97	anslcd_write_byte_ctrl ( 0x02 );
92	return 0;	98	break;
93	case ANSLCD_SENDCTRL:	99	case ANSLCD_SENDCTRL:
94	temp = (char *) arg;	100	temp = (char *) arg;
95	__get_user(ch, temp);	101	__get_user(ch, temp);
Lines 97-116 Link Here
97	anslcd_write_byte_ctrl ( ch );	103	anslcd_write_byte_ctrl ( ch );
98	__get_user(ch, temp);	104	__get_user(ch, temp);
99	}	105	}
100	return 0;	106	break;
101	case ANSLCD_SETSHORTDELAY:	107	case ANSLCD_SETSHORTDELAY:
102	if (!capable(CAP_SYS_ADMIN))	108	if (!capable(CAP_SYS_ADMIN))
103	return -EACCES;	109	ret = -EACCES;
104	anslcd_short_delay=arg;	110	else
105	return 0;	111	anslcd_short_delay=arg;
		112	break;
106	case ANSLCD_SETLONGDELAY:	113	case ANSLCD_SETLONGDELAY:
107	if (!capable(CAP_SYS_ADMIN))	114	if (!capable(CAP_SYS_ADMIN))
108	return -EACCES;	115	ret = -EACCES;
109	anslcd_long_delay=arg;	116	else
110	return 0;	117	anslcd_long_delay=arg;
		118	break;
111	default:	119	default:
112	return -EINVAL;	120	ret = -EINVAL;
113	}	121	}
		122	up(&anslcd_lock);
		123	return ret;
114	}	124	}
115		125
116	static int __pmac	126	static int __pmac
Lines 121-126 Link Here
121		131
122	struct file_operations anslcd_fops = {	132	struct file_operations anslcd_fops = {
123	.write = anslcd_write,	133	.write = anslcd_write,
		134	.llseek = no_llseek,
124	.ioctl = anslcd_ioctl,	135	.ioctl = anslcd_ioctl,
125	.open = anslcd_open,	136	.open = anslcd_open,
126	};	137	};
Lines 150-158 Link Here
150	return -ENODEV;	161	return -ENODEV;
151		162
152	anslcd_ptr = (volatile unsigned char*)ioremap(ANSLCD_ADDR, 0x20);	163	anslcd_ptr = (volatile unsigned char*)ioremap(ANSLCD_ADDR, 0x20);
153		164	if(anslcd_ptr == NULL)
		165	return -ENOMEM;
		166
		167	down(&anslcd_lock);
		168	/* Locked so that an opener cannot race the init writes to the
		169	chip after misc_register */
		170
154	retval = misc_register(&anslcd_dev);	171	retval = misc_register(&anslcd_dev);
155	if(retval < 0){	172	if(retval < 0){
		173	up(&anslcd_lock);
156	printk(KERN_INFO "LCD: misc_register failed\n");	174	printk(KERN_INFO "LCD: misc_register failed\n");
157	iounmap(anslcd_ptr);	175	iounmap(anslcd_ptr);
158	return retval;	176	return retval;
Lines 170-175 Link Here
170	for(a=0;a<80;a++) {	188	for(a=0;a<80;a++) {
171	anslcd_write_byte_data(anslcd_logo[a]);	189	anslcd_write_byte_data(anslcd_logo[a]);
172	}	190	}
		191	up(&anslcd_lock);
173	return 0;	192	return 0;
174	}	193	}
175		194




#include <linux/smp_lock.h>
#include <asm/uaccess.h>
#include <asm/nvram.h>
#include <asm/semaphore.h>

static DECLARE_MUTEX(nvram_mutex);

#define NVRAM_SIZE	8192


static loff_t nvram_llseek(struct file *file, loff_t offset, int origin)
{
	down(&nvram_mutex);
	switch (origin) {
	case 1:
		offset += file->f_pos;

		break;
	}
	if (offset < 0) {
		up(s);
		return -EINVAL;
	}
	file->f_pos = offset;
	up(&nvram_mutex);
	return file->f_pos;
}


{
	unsigned int i;
	char __user *p = buf;

	if (verify_area(VERIFY_WRITE, buf, count))
		return -EFAULT;
		
	down(&nvram_mutex);
	for (i = *ppos; count > 0 && i < NVRAM_SIZE; ++i, ++p, --count)
		if (__put_user(nvram_read_byte(i), p))
		{
			up(&nvram_mutex);
			return -EFAULT;
		}
	*ppos = i;
	up(&nvram_mutex);
	return p - buf;
}



	if (verify_area(VERIFY_READ, buf, count))
		return -EFAULT;
		
	down(&nvram_mutex);
	for (i = *ppos; count > 0 && i < NVRAM_SIZE; ++i, ++p, --count) {
		if (__get_user(c, p))
		{
			up(&nvram_mutex);
			return -EFAULT;
		}
		nvram_write_byte(c, i);
	}
	*ppos = i;
	up(&nvram_mutex);
	return p - buf;
}


Lines 59-64 Link Here

(-)linux-2.6.7/drivers/mtd/mtdcore.c (+1 lines)
59	mtd_table[i] = mtd;	59	mtd_table[i] = mtd;
60	mtd->index = i;	60	mtd->index = i;
61	mtd->usecount = 0;	61	mtd->usecount = 0;
		62	init_MUTEX(&mtd->mutex);
62		63
63	DEBUG(0, "mtd: Giving out device %d to %s\n",i, mtd->name);	64	DEBUG(0, "mtd: Giving out device %d to %s\n",i, mtd->name);
64	/* No need to get a refcount on the module containing	65	/* No need to get a refcount on the module containing

Lines 30-35 Link Here

(-)linux-2.6.7/drivers/mtd/mtdchar.c (-9 / +36 lines)
30	{	30	{
31	struct mtd_info mtd=(struct mtd_info )file->private_data;	31	struct mtd_info mtd=(struct mtd_info )file->private_data;
32		32
		33
		34	down(&mtd->mutex);
33	switch (orig) {	35	switch (orig) {
34	case 0:	36	case 0:
35	/* SEEK_SET */	37	/* SEEK_SET */
Lines 44-57 Link Here
44	file->f_pos =mtd->size + offset;	46	file->f_pos =mtd->size + offset;
45	break;	47	break;
46	default:	48	default:
		49	up(&mtd->mutex);
47	return -EINVAL;	50	return -EINVAL;
48	}	51	}
49		52
		53	/* XXX Should return -EINVAL surely ?? */
50	if (file->f_pos < 0)	54	if (file->f_pos < 0)
51	file->f_pos = 0;	55	file->f_pos = 0;
52	else if (file->f_pos >= mtd->size)	56	else if (file->f_pos >= mtd->size)
53	file->f_pos = mtd->size - 1;	57	file->f_pos = mtd->size - 1;
54		58	up(&mtd->mutex);
55	return file->f_pos;	59	return file->f_pos;
56	}	60	}
57		61
Lines 127-137 Link Here
127		131
128	DEBUG(MTD_DEBUG_LEVEL0,"MTD_read\n");	132	DEBUG(MTD_DEBUG_LEVEL0,"MTD_read\n");
129		133
130	if (*ppos + count > mtd->size)	134	down(&mtd->mutex);
		135
		136	if (count > mtd->size - *ppos)
131	count = mtd->size - *ppos;	137	count = mtd->size - *ppos;
132		138
133	if (!count)	139	if (!count)
		140	{
		141	up(&mtd->mutex);
134	return 0;	142	return 0;
		143	}
135		144
136	/* FIXME: Use kiovec in 2.5 to lock down the user's buffers	145	/* FIXME: Use kiovec in 2.5 to lock down the user's buffers
137	and pass them directly to the MTD functions */	146	and pass them directly to the MTD functions */
Lines 143-155 Link Here
143		152
144	kbuf=kmalloc(len,GFP_KERNEL);	153	kbuf=kmalloc(len,GFP_KERNEL);
145	if (!kbuf)	154	if (!kbuf)
		155	{
		156	up(&mtd->mutex);
		157	/* API error - should return I/O done so far if > 0 */
146	return -ENOMEM;	158	return -ENOMEM;
147		159	}
148	ret = MTD_READ(mtd, *ppos, len, &retlen, kbuf);	160	ret = MTD_READ(mtd, *ppos, len, &retlen, kbuf);
149	if (!ret) {	161	if (!ret) {
150	*ppos += retlen;	162	*ppos += retlen;
151	if (copy_to_user(buf, kbuf, retlen)) {	163	if (copy_to_user(buf, kbuf, retlen)) {
152	kfree(kbuf);	164	kfree(kbuf);
		165	up(&mtd->mutex);
		166	/* API error - should return I/O done so far if > 0 */
153	return -EFAULT;	167	return -EFAULT;
154	}	168	}
155	else	169	else
Lines 160-171 Link Here
160	}	174	}
161	else {	175	else {
162	kfree(kbuf);	176	kfree(kbuf);
		177	up(&mtd->mutex);
163	return ret;	178	return ret;
164	}	179	}
165		180
166	kfree(kbuf);	181	kfree(kbuf);
167	}	182	}
168		183	up(&mtd->mutex);
169	return total_retlen;	184	return total_retlen;
170	} /* mtd_read */	185	} /* mtd_read */
171		186
Lines 179-193 Link Here
179	int len;	194	int len;
180		195
181	DEBUG(MTD_DEBUG_LEVEL0,"MTD_write\n");	196	DEBUG(MTD_DEBUG_LEVEL0,"MTD_write\n");
182		197
183	if (*ppos == mtd->size)	198	down(&mtd->mutex);
		199	if (*ppos >= mtd->size)
		200	{
		201	up(&mtd->mutex);
184	return -ENOSPC;	202	return -ENOSPC;
		203	}
185		204
186	if (*ppos + count > mtd->size)	205	if (count > mtd->size - *ppos)
187	count = mtd->size - *ppos;	206	count = mtd->size - *ppos;
188		207
189	if (!count)	208	if (!count)
		209	{
		210	up(&mtd->mutex);
190	return 0;	211	return 0;
		212	}
191		213
192	while (count) {	214	while (count) {
193	if (count > MAX_KMALLOC_SIZE)	215	if (count > MAX_KMALLOC_SIZE)
Lines 197-207 Link Here
197		219
198	kbuf=kmalloc(len,GFP_KERNEL);	220	kbuf=kmalloc(len,GFP_KERNEL);
199	if (!kbuf) {	221	if (!kbuf) {
200	printk("kmalloc is null\n");	222	// printk("kmalloc is null\n");
		223	/* API bug should report I/O completed */
		224	up(&mtd->mutex);
201	return -ENOMEM;	225	return -ENOMEM;
202	}	226	}
203		227
204	if (copy_from_user(kbuf, buf, len)) {	228	if (copy_from_user(kbuf, buf, len)) {
		229	up(&mtd->mutex);
205	kfree(kbuf);	230	kfree(kbuf);
206	return -EFAULT;	231	return -EFAULT;
207	}	232	}
Lines 214-226 Link Here
214	buf += retlen;	239	buf += retlen;
215	}	240	}
216	else {	241	else {
		242	up(&mtd->mutex);
217	kfree(kbuf);	243	kfree(kbuf);
		244	/* API bug ?? */
218	return ret;	245	return ret;
219	}	246	}
220		247
221	kfree(kbuf);	248	kfree(kbuf);
222	}	249	}
223		250	up(&mtd->mutex);
224	return total_retlen;	251	return total_retlen;
225	} /* mtd_write */	252	} /* mtd_write */
226		253




ssize_t oprofilefs_str_to_user(char const * str, char __user * buf, size_t count, loff_t * offset)
{
	size_t len = strlen(str);
	loff_t pos = *offset;
	
	/* XXX - should do proper seek locking instead */
	if(pos < 0)
		return -EINVAL;

	if (!count)
		return 0;

	if (pos > len)
		return 0;

	if (count > len - pos)
		count = len - pos;

	if (copy_to_user(buf, str + pos, count))
		return -EFAULT;

	*offset = pos + count;

	return count;
}

{
	char tmpbuf[TMPBUFSIZE];
	size_t maxlen;
	loff_t pos = *offset;

	if (!count)
		return 0;
	
	/* XXX - should do proper seek locking instead */
	if(pos < 0)
		return -EINVAL;

	spin_lock(&oprofilefs_lock);
	maxlen = snprintf(tmpbuf, TMPBUFSIZE, "%lu\n", val);

	if (maxlen > TMPBUFSIZE)
		maxlen = TMPBUFSIZE;

	if (pos > maxlen)
		return 0;

	if (count > maxlen - pos)
		count = maxlen - pos;

	if (copy_to_user(buf, tmpbuf + pos, count))
		return -EFAULT;

	*offset = pos + count;

	return count;
}




#include <asm/io.h>
#include <asm/uaccess.h>
#include <asm/eisa_eeprom.h>
#include <asm/semaphore.h>

#define 	EISA_EEPROM_MINOR 241

static unsigned long eeprom_addr;
static DECLARE_MUTEX(eeprom_mutex);

static loff_t eisa_eeprom_llseek(struct file *file, loff_t offset, int origin )
{
	down(&eeprom_mutex);	
	switch (origin) {
	  case 0:
		/* nothing to do */

		offset += HPEE_MAX_LENGTH;
		break;
	}
	if(offset >= 0 && offset < HPEE_MAX_LENGTH)
		file->f_pos = offset;
	else
		offset = EINVAL;
	up(&eeprom_mutex);
	return offset;
}

static ssize_t eisa_eeprom_read(struct file * file,
			      char *buf, size_t count, loff_t *ppos )
{
	unsigned char *tmp;
	ssize_t ret = 0;
	int i;

	down(&eeprom_mutex);	
	if (*ppos >= HPEE_MAX_LENGTH)
		goto done;
	
	count = *ppos + count < HPEE_MAX_LENGTH ? count : HPEE_MAX_LENGTH - *ppos;
	tmp = kmalloc(count, GFP_KERNEL);

		kfree (tmp);
	} else
		ret = -ENOMEM;

done:
	up(&eeprom_mutex);
	return ret;
}


Lines 47-56 Link Here

(-)linux-2.6.7/drivers/pci/proc.c (-10 / +27 lines)
47	static ssize_t	47	static ssize_t
48	proc_bus_pci_read(struct file file, char __user buf, size_t nbytes, loff_t *ppos)	48	proc_bus_pci_read(struct file file, char __user buf, size_t nbytes, loff_t *ppos)
49	{	49	{
50	const struct inode *ino = file->f_dentry->d_inode;	50	struct inode *ino = file->f_dentry->d_inode;
51	const struct proc_dir_entry *dp = PDE(ino);	51	const struct proc_dir_entry *dp = PDE(ino);
52	struct pci_dev *dev = dp->data;	52	struct pci_dev *dev = dp->data;
53	unsigned int pos = *ppos;	53	unsigned int pos;
54	unsigned int cnt, size;	54	unsigned int cnt, size;
55		55
56	/*	56	/*
Lines 66-73 Link Here
66	else	66	else
67	size = 64;	67	size = 64;
68		68
69	if (pos >= size)	69	down(&ino->i_sem);
		70	if (*ppos >= size)
		71	{
		72	up(&ino->i_sem);
70	return 0;	73	return 0;
		74	}
		75	pos = *ppos;
71	if (nbytes >= size)	76	if (nbytes >= size)
72	nbytes = size;	77	nbytes = size;
73	if (pos + nbytes > size)	78	if (pos + nbytes > size)
Lines 75-81 Link Here
75	cnt = nbytes;	80	cnt = nbytes;
76		81
77	if (!access_ok(VERIFY_WRITE, buf, cnt))	82	if (!access_ok(VERIFY_WRITE, buf, cnt))
78	return -EINVAL;	83	{
		84	up(&ino->i_sem);
		85	return -EFAULT;
		86	}
79		87
80	if ((pos & 1) && cnt) {	88	if ((pos & 1) && cnt) {
81	unsigned char val;	89	unsigned char val;
Lines 123-143 Link Here
123	}	131	}
124		132
125	*ppos = pos;	133	*ppos = pos;
		134	up(&ino->i_sem);
126	return nbytes;	135	return nbytes;
127	}	136	}
128		137
129	static ssize_t	138	static ssize_t
130	proc_bus_pci_write(struct file file, const char __user buf, size_t nbytes, loff_t *ppos)	139	proc_bus_pci_write(struct file file, const char __user buf, size_t nbytes, loff_t *ppos)
131	{	140	{
132	const struct inode *ino = file->f_dentry->d_inode;	141	struct inode *ino = file->f_dentry->d_inode;
133	const struct proc_dir_entry *dp = PDE(ino);	142	const struct proc_dir_entry *dp = PDE(ino);
134	struct pci_dev *dev = dp->data;	143	struct pci_dev *dev = dp->data;
135	int pos = *ppos;	144	unsigned int pos;
136	int size = dev->cfg_size;	145	int size = dev->cfg_size;
137	int cnt;	146	int cnt;
138		147
139	if (pos >= size)	148	down(&ino->i_sem);
		149	if (*ppos >= size)
		150	{
		151	up(&ino->i_sem);
140	return 0;	152	return 0;
		153	}
		154	pos = *ppos;
		155
141	if (nbytes >= size)	156	if (nbytes >= size)
142	nbytes = size;	157	nbytes = size;
143	if (pos + nbytes > size)	158	if (pos + nbytes > size)
Lines 145-152 Link Here
145	cnt = nbytes;	160	cnt = nbytes;
146		161
147	if (!access_ok(VERIFY_READ, buf, cnt))	162	if (!access_ok(VERIFY_READ, buf, cnt))
148	return -EINVAL;	163	{
149		164	up(&ino->i_sem);
		165	return -EFAULT;
		166	}
150	if ((pos & 1) && cnt) {	167	if ((pos & 1) && cnt) {
151	unsigned char val;	168	unsigned char val;
152	__get_user(val, buf);	169	__get_user(val, buf);
Lines 191-198 Link Here
191	pos++;	208	pos++;
192	cnt--;	209	cnt--;
193	}	210	}
194
195	*ppos = pos;	211	*ppos = pos;
		212	up(&ino->i_sem);
196	return nbytes;	213	return nbytes;
197	}	214	}
198		215

Lines 26-31 Link Here

(-)linux-2.6.7/drivers/pnp/isapnp/proc.c (-6 / +19 lines)
26	#include <linux/init.h>	26	#include <linux/init.h>
27	#include <linux/smp_lock.h>	27	#include <linux/smp_lock.h>
28	#include <asm/uaccess.h>	28	#include <asm/uaccess.h>
		29	#include <asm/semaphore.h>
		30
		31	static DECLARE_MUTEX(isapnp_mutex); /* Don't whack two things at once */
29		32
30	extern struct pnp_protocol isapnp_protocol;	33	extern struct pnp_protocol isapnp_protocol;
31		34
Lines 35-41 Link Here
35	{	38	{
36	loff_t new = -1;	39	loff_t new = -1;
37		40
38	lock_kernel();	41	down(&isapnp_mutex);
39	switch (whence) {	42	switch (whence) {
40	case 0:	43	case 0:
41	new = off;	44	new = off;
Lines 48-58 Link Here
48	break;	51	break;
49	}	52	}
50	if (new < 0 \|\| new > 256) {	53	if (new < 0 \|\| new > 256) {
51	unlock_kernel();	54	up(&isapnp_mutex);
52	return -EINVAL;	55	return -EINVAL;
53	}	56	}
54	unlock_kernel();	57	file->f_pos = new;
55	return (file->f_pos = new);	58	up(&isapnp_mutex);
		59	return new;
56	}	60	}
57		61
58	static ssize_t isapnp_proc_bus_read(struct file file, char __user buf, size_t nbytes, loff_t *ppos)	62	static ssize_t isapnp_proc_bus_read(struct file file, char __user buf, size_t nbytes, loff_t *ppos)
Lines 60-70 Link Here
60	struct inode *ino = file->f_dentry->d_inode;	64	struct inode *ino = file->f_dentry->d_inode;
61	struct proc_dir_entry *dp = PDE(ino);	65	struct proc_dir_entry *dp = PDE(ino);
62	struct pnp_dev *dev = dp->data;	66	struct pnp_dev *dev = dp->data;
63	int pos = *ppos;	67	loff_t pos;
64	int cnt, size = 256;	68	int cnt, size = 256;
65		69
		70	down(&isapnp_mutex);
		71	pos = *ppos;
66	if (pos >= size)	72	if (pos >= size)
		73	{
		74	up(&isapnp_mutex);
67	return 0;	75	return 0;
		76	}
68	if (nbytes >= size)	77	if (nbytes >= size)
69	nbytes = size;	78	nbytes = size;
70	if (pos + nbytes > size)	79	if (pos + nbytes > size)
Lines 72-78 Link Here
72	cnt = nbytes;	81	cnt = nbytes;
73		82
74	if (!access_ok(VERIFY_WRITE, buf, cnt))	83	if (!access_ok(VERIFY_WRITE, buf, cnt))
75	return -EINVAL;	84	{
		85	up(&isapnp_mutex);
		86	return -EFAULT;
		87	}
76		88
77	isapnp_cfg_begin(dev->card->number, dev->number);	89	isapnp_cfg_begin(dev->card->number, dev->number);
78	for ( ; pos < 256 && cnt > 0; pos++, buf++, cnt--) {	90	for ( ; pos < 256 && cnt > 0; pos++, buf++, cnt--) {
Lines 83-88 Link Here
83	isapnp_cfg_end();	95	isapnp_cfg_end();
84		96
85	*ppos = pos;	97	*ppos = pos;
		98	up(&isapnp_mutex);
86	return nbytes;	99	return nbytes;
87	}	100	}
88		101

Lines 142-148 Link Here

(-)linux-2.6.7/drivers/s390/char/tape_char.c (-4 / +15 lines)
142	struct tape_request *request;	142	struct tape_request *request;
143	size_t block_size;	143	size_t block_size;
144	int rc;	144	int rc;
		145	loff_t pos = *ppos;
145		146
		147	/* XXX - driver needs proper read/write/seek locks it seems */
		148
146	DBF_EVENT(6, "TCHAR:read\n");	149	DBF_EVENT(6, "TCHAR:read\n");
147	device = (struct tape_device *) filp->private_data;	150	device = (struct tape_device *) filp->private_data;
148	/* Check position. */	151	/* Check position. */
Lines 153-159 Link Here
153	* read work...	156	* read work...
154	*/	157	*/
155	DBF_EVENT(6, "TCHAR:ppos wrong\n");	158	DBF_EVENT(6, "TCHAR:ppos wrong\n");
156	return -EOVERFLOW;	159	return -ESPIPE;
157	}	160	}
158		161
159	/*	162	/*
Lines 196-206 Link Here
196	if (rc == 0) {	199	if (rc == 0) {
197	rc = block_size - request->rescnt;	200	rc = block_size - request->rescnt;
198	DBF_EVENT(6, "TCHAR:rbytes: %x\n", rc);	201	DBF_EVENT(6, "TCHAR:rbytes: %x\n", rc);
199	filp->f_pos += rc;	202	pos += rc;
200	/* Copy data from idal buffer to user space. */	203	/* Copy data from idal buffer to user space. */
201	if (idal_buffer_to_user(device->char_data.idal_buf,	204	if (idal_buffer_to_user(device->char_data.idal_buf,
202	data, rc) != 0)	205	data, rc) != 0)
203	rc = -EFAULT;	206	rc = -EFAULT;
		207	else
		208	*ppos = pos;
204	}	209	}
205	tape_free_request(request);	210	tape_free_request(request);
206	return rc;	211	return rc;
Lines 218-223 Link Here
218	size_t written;	223	size_t written;
219	int nblocks;	224	int nblocks;
220	int i, rc;	225	int i, rc;
		226	loff_t pos = *ppos;
		227
		228	/* XXX - driver needs proper read/write/seek locks it seems */
221		229
222	DBF_EVENT(6, "TCHAR:write\n");	230	DBF_EVENT(6, "TCHAR:write\n");
223	device = (struct tape_device *) filp->private_data;	231	device = (struct tape_device *) filp->private_data;
Lines 225-231 Link Here
225	if (ppos != &filp->f_pos) {	233	if (ppos != &filp->f_pos) {
226	/* "A request was outside the capabilities of the device." */	234	/* "A request was outside the capabilities of the device." */
227	DBF_EVENT(6, "TCHAR:ppos wrong\n");	235	DBF_EVENT(6, "TCHAR:ppos wrong\n");
228	return -EOVERFLOW;	236	return -ESPIPE;
229	}	237	}
230	/* Find out block size and number of blocks */	238	/* Find out block size and number of blocks */
231	if (device->char_data.block_size != 0) {	239	if (device->char_data.block_size != 0) {
Lines 270-276 Link Here
270	break;	278	break;
271	DBF_EVENT(6, "TCHAR:wbytes: %lx\n",	279	DBF_EVENT(6, "TCHAR:wbytes: %lx\n",
272	block_size - request->rescnt);	280	block_size - request->rescnt);
273	filp->f_pos += block_size - request->rescnt;	281	pos += block_size - request->rescnt;
274	written += block_size - request->rescnt;	282	written += block_size - request->rescnt;
275	if (request->rescnt != 0)	283	if (request->rescnt != 0)
276	break;	284	break;
Lines 297-303 Link Here
297	* tapemark it doesn't hurt to write two marks again.	305	* tapemark it doesn't hurt to write two marks again.
298	*/	306	*/
299	if (!rc)	307	if (!rc)
		308	{
300	device->required_tapemarks = 2;	309	device->required_tapemarks = 2;
		310	*ppos = pos;
		311	}
301		312
302	return rc ? rc : written;	313	return rc ? rc : written;
303	}	314	}

Lines 2-7 Link Here

(-)linux-2.6.7/drivers/sbus/char/flash.c (-8 / +19 lines)
2	* flash.c: Allow mmap access to the OBP Flash, for OBP updates.	2	* flash.c: Allow mmap access to the OBP Flash, for OBP updates.
3	*	3	*
4	* Copyright (C) 1997 Eddie C. Dost (ecd@skynet.be)	4	* Copyright (C) 1997 Eddie C. Dost (ecd@skynet.be)
		5	*
		6	* Added printk levels and locks for 2.6 (Alan Cox)
5	*/	7	*/
6		8
7	#include <linux/config.h>	9	#include <linux/config.h>
Lines 22-29 Link Here
22	#include <asm/io.h>	24	#include <asm/io.h>
23	#include <asm/sbus.h>	25	#include <asm/sbus.h>
24	#include <asm/ebus.h>	26	#include <asm/ebus.h>
		27	#include <asm/semaphore.h>
25		28
26	static spinlock_t flash_lock = SPIN_LOCK_UNLOCKED;	29	static spinlock_t flash_lock = SPIN_LOCK_UNLOCKED;
		30	static DECLARE_MUTEX(flash_mutex);
		31
27	static struct {	32	static struct {
28	unsigned long read_base; /* Physical read address */	33	unsigned long read_base; /* Physical read address */
29	unsigned long write_base; /* Physical write address */	34	unsigned long write_base; /* Physical write address */
Lines 83-89 Link Here
83	static long long	88	static long long
84	flash_llseek(struct file *file, long long offset, int origin)	89	flash_llseek(struct file *file, long long offset, int origin)
85	{	90	{
86	lock_kernel();	91	down(&flash_mutex);
87	switch (origin) {	92	switch (origin) {
88	case 0:	93	case 0:
89	file->f_pos = offset;	94	file->f_pos = offset;
Lines 97-106 Link Here
97	file->f_pos = flash.read_size;	102	file->f_pos = flash.read_size;
98	break;	103	break;
99	default:	104	default:
100	unlock_kernel();	105	up(&flash_mutex);
101	return -EINVAL;	106	return -EINVAL;
102	}	107	}
103	unlock_kernel();	108	up(&flash_mutex);
104	return file->f_pos;	109	return file->f_pos;
105	}	110	}
106		111
Lines 108-127 Link Here
108	flash_read(struct file * file, char * buf,	113	flash_read(struct file * file, char * buf,
109	size_t count, loff_t *ppos)	114	size_t count, loff_t *ppos)
110	{	115	{
111	unsigned long p = file->f_pos;	116	loff_t p;
112	int i;	117	int i;
113		118
		119	down(&flash_mutex);
		120	p = *ppos;
114	if (count > flash.read_size - p)	121	if (count > flash.read_size - p)
115	count = flash.read_size - p;	122	count = flash.read_size - p;
116		123
117	for (i = 0; i < count; i++) {	124	for (i = 0; i < count; i++) {
118	u8 data = readb(flash.read_base + p + i);	125	u8 data = readb(flash.read_base + p + i);
119	if (put_user(data, buf))	126	if (put_user(data, buf))
		127	{
		128	up(&flash_mutex);
120	return -EFAULT;	129	return -EFAULT;
		130	}
121	buf++;	131	buf++;
122	}	132	}
123		133
124	file->f_pos += count;	134	*ppos = p + count;
		135	up(&flash_mutex);
125	return count;	136	return count;
126	}	137	}
127		138
Lines 204-210 Link Here
204		215
205	len = prom_getproperty(edev->prom_node, "reg", (void *)regs, sizeof(regs));	216	len = prom_getproperty(edev->prom_node, "reg", (void *)regs, sizeof(regs));
206	if ((len % sizeof(regs[0])) != 0) {	217	if ((len % sizeof(regs[0])) != 0) {
207	printk("flash: Strange reg property size %d\n", len);	218	printk(KERN_WARNING "flash: Strange reg property size %d\n", len);
208	return -ENODEV;	219	return -ENODEV;
209	}	220	}
210		221
Lines 220-226 Link Here
220	flash.write_base = edev->resource[1].start;	231	flash.write_base = edev->resource[1].start;
221	flash.write_size = regs[1].reg_size;	232	flash.write_size = regs[1].reg_size;
222	} else {	233	} else {
223	printk("flash: Strange number of regs %d\n", nregs);	234	printk(KERN_WARNING "flash: Strange number of regs %d\n", nregs);
224	return -ENODEV;	235	return -ENODEV;
225	}	236	}
226		237
Lines 231-237 Link Here
231	#endif	242	#endif
232	}	243	}
233		244
234	printk("OBP Flash: RD %lx[%lx] WR %lx[%lx]\n",	245	printk(KERN_INFO "OBP Flash: RD %lx[%lx] WR %lx[%lx]\n",
235	flash.read_base, flash.read_size,	246	flash.read_base, flash.read_size,
236	flash.write_base, flash.write_size);	247	flash.write_base, flash.write_size);
237		248




#include <asm/io.h>
#include <asm/pcic.h>
#include <asm/oplib.h>
#include <asm/semaphore.h>

#include <asm/jsflash.h>		/* ioctl arguments. <linux/> ?? */
#define JSFIDSZ		(sizeof(struct jsflash_ident_arg))

#define JSF_PART_BITS	 2	/* 2 bits of minors to cover JSF_NPART */
#define JSF_PART_MASK	 0x3	/* 2 bits mask */

static DECLARE_MUTEX(jsflash_mutex);
/*
 * Access functions.
 * We could ioremap(), but it's easier this way.

{
	loff_t ret;

	down(&jsflash_mutex);
	switch (orig) {
		case 0:
			file->f_pos = offset;

		default:
			ret = -EINVAL;
	}
	up(&jsflash_mutex);
	return ret;
}


static ssize_t jsf_read(struct file * file, char * buf, 
    size_t togo, loff_t *ppos)
{
	unsigned long p;
	char *tmp = buf;

	union byte4 {

		unsigned int n;
	} b;

	down(&jsflash_mutex);
	
	/* Range check in loff_t, then cut down for use */
	if (*ppos < JSF_BASE_ALL || *ppos >= JSF_BASE_TOP) {
		up(&jsflash_mutex);
		return 0;
	}
	p = *ppos;

	if ((p + togo) < p	/* wrap */
	   || (p + togo) >= JSF_BASE_TOP) {

		 * without regard to modversions,
		 * so we cannot build a module.
		 */
		up(&jsflash_mutex);
		return 0;
#endif
	}

		togo -= 4;
		b.n = jsf_inl(p);
		if (copy_to_user(tmp, b.s, 4))
		{
			up(&jsflash_mutex);
			return -EFAULT;
		}
		tmp += 4;
		p += 4;
	}

	 */

	*ppos = p;
	up(&jsflash_mutex);
	return tmp-buf;
}





	
	if (ppos != &filp->f_pos) {
	 	/* "A request was outside the capabilities of the device." */
		retval = (-ESPIPE);
		goto out;
	}


	
	if (ppos != &filp->f_pos) {
		/* "A request was outside the capabilities of the device." */
		retval = (-ESPIPE);
		goto out;
	}


	.owner =        THIS_MODULE,
	.read =         osst_read,
	.write =        osst_write,
	.llseek = 	no_llseek,
	.ioctl =        osst_ioctl,
	.open =         os_scsi_tape_open,
	.flush =        os_scsi_tape_flush,

Lines 1220-1226 Link Here

(-)linux-2.6.7/drivers/scsi/st.c (-1 / +2 lines)
1220		1220
1221	if (ppos != &filp->f_pos) {	1221	if (ppos != &filp->f_pos) {
1222	/* "A request was outside the capabilities of the device." */	1222	/* "A request was outside the capabilities of the device." */
1223	retval = (-ENXIO);	1223	retval = (-ESPIPE);
1224	goto out;	1224	goto out;
1225	}	1225	}
1226		1226
Lines 3715-3720 Link Here
3715	.read = st_read,	3715	.read = st_read,
3716	.write = st_write,	3716	.write = st_write,
3717	.ioctl = st_ioctl,	3717	.ioctl = st_ioctl,
		3718	.llseek = no_llseek,
3718	.open = st_open,	3719	.open = st_open,
3719	.flush = st_flush,	3720	.flush = st_flush,
3720	.release = st_release,	3721	.release = st_release,





static ssize_t ixj_read(struct file * file_p, char *buf, size_t length, loff_t * ppos)
{
	unsigned long i;
	IXJ * j = get_ixj(NUM(file_p->f_dentry->d_inode));

	DECLARE_WAITQUEUE(wait, current);


static ssize_t ixj_write(struct file *file_p, const char *buf, size_t count, loff_t * ppos)
{
	unsigned long i;
	IXJ *j = file_p->private_data;

	DECLARE_WAITQUEUE(wait, current);

		j->flags.inwrite = 0;
		return -EFAULT;
	}
        if(j->play_codec == ALAW)
               alaw2ulaw(j->write_buffer_wp, min(count, j->write_buffer_size));
	j->flags.inwrite = 0;
	return min(count, j->write_buffer_size);

Lines 572-589 Link Here

(-)linux-2.6.7/drivers/usb/core/devices.c (-12 / +20 lines)
572	{	572	{
573	struct list_head *buslist;	573	struct list_head *buslist;
574	struct usb_bus *bus;	574	struct usb_bus *bus;
575	ssize_t ret, total_written = 0;	575	ssize_t ret = 0, total_written = 0;
576	loff_t skip_bytes = *ppos;	576	loff_t skip_bytes = *ppos;
577		577
578	if (*ppos < 0)	578	down (&usb_bus_list_lock);
579	return -EINVAL;	579
		580	if (skip_bytes < 0)
		581	{
		582	ret = -EINVAL;
		583	goto error;
		584	}
580	if (nbytes <= 0)	585	if (nbytes <= 0)
581	return 0;	586	goto error;
582	if (!access_ok(VERIFY_WRITE, buf, nbytes))	587	if (!access_ok(VERIFY_WRITE, buf, nbytes))
583	return -EFAULT;	588	{
584		589	ret = -EFAULT;
		590	goto error;
		591	}
585	/* enumerate busses */	592	/* enumerate busses */
586	down (&usb_bus_list_lock);
587	for (buslist = usb_bus_list.next; buslist != &usb_bus_list; buslist = buslist->next) {	593	for (buslist = usb_bus_list.next; buslist != &usb_bus_list; buslist = buslist->next) {
588	/* print devices for this bus */	594	/* print devices for this bus */
589	bus = list_entry(buslist, struct usb_bus, bus_list);	595	bus = list_entry(buslist, struct usb_bus, bus_list);
Lines 593-605 Link Here
593	ret = usb_device_dump(&buf, &nbytes, &skip_bytes, ppos, bus->root_hub, bus, 0, 0, 0);	599	ret = usb_device_dump(&buf, &nbytes, &skip_bytes, ppos, bus->root_hub, bus, 0, 0, 0);
594	up(&bus->root_hub->serialize);	600	up(&bus->root_hub->serialize);
595	if (ret < 0) {	601	if (ret < 0) {
596	up(&usb_bus_list_lock);	602	goto error;
597	return ret;
598	}	603	}
599	total_written += ret;	604	total_written += ret;
600	}	605	}
		606	ret = total_written;
		607	error:
601	up (&usb_bus_list_lock);	608	up (&usb_bus_list_lock);
602	return total_written;	609	return ret;
603	}	610	}
604		611
605	/* Kernel lock for "lastev" protection */	612	/* Kernel lock for "lastev" protection */
Lines 661-667 Link Here
661	{	668	{
662	loff_t ret;	669	loff_t ret;
663		670
664	lock_kernel();	671	/* This already guards the other users */
		672	down(&usb_bus_list_lock);
665		673
666	switch (orig) {	674	switch (orig) {
667	case 0:	675	case 0:
Lines 677-683 Link Here
677	ret = -EINVAL;	685	ret = -EINVAL;
678	}	686	}
679		687
680	unlock_kernel();	688	up(&usb_bus_list_lock);
681	return ret;	689	return ret;
682	}	690	}
683		691

Lines 80-88 Link Here

(-)linux-2.6.7/drivers/usb/core/devio.c (-5 / +5 lines)
80	static loff_t usbdev_lseek(struct file *file, loff_t offset, int orig)	80	static loff_t usbdev_lseek(struct file *file, loff_t offset, int orig)
81	{	81	{
82	loff_t ret;	82	loff_t ret;
		83	struct dev_state ps = (struct dev_state )file->private_data;
		84	struct usb_device *dev = ps->dev;
83		85
84	lock_kernel();	86	down(&dev->serialize);
85
86	switch (orig) {	87	switch (orig) {
87	case 0:	88	case 0:
88	file->f_pos = offset;	89	file->f_pos = offset;
Lines 96-103 Link Here
96	default:	97	default:
97	ret = -EINVAL;	98	ret = -EINVAL;
98	}	99	}
99		100	up(&dev->serialize);
100	unlock_kernel();
101	return ret;	101	return ret;
102	}	102	}
103		103
Lines 110-117 Link Here
110	loff_t pos;	110	loff_t pos;
111	int i;	111	int i;
112		112
113	pos = *ppos;
114	down(&dev->serialize);	113	down(&dev->serialize);
		114	pos = *ppos;
115	if (!connected(dev)) {	115	if (!connected(dev)) {
116	ret = -ENODEV;	116	ret = -ENODEV;
117	goto err;	117	goto err;

Lines 14-22 Link Here

(-)linux-2.6.7/drivers/usb/host/uhci-debug.c (-15 / +24 lines)
14	#include <linux/proc_fs.h>	14	#include <linux/proc_fs.h>
15	#include <linux/smp_lock.h>	15	#include <linux/smp_lock.h>
16	#include <asm/io.h>	16	#include <asm/io.h>
		17	#include <asm/semaphore.h>
17		18
18	#include "uhci-hcd.h"	19	#include "uhci-hcd.h"
19		20
		21	DECLARE_MUTEX(uhci_debug_lock);
		22
20	/* Handle REALLY large printk's so we don't overflow buffers */	23	/* Handle REALLY large printk's so we don't overflow buffers */
21	static inline void lprintk(char *buf)	24	static inline void lprintk(char *buf)
22	{	25	{
Lines 545-555 Link Here
545		548
546	static loff_t uhci_proc_lseek(struct file *file, loff_t off, int whence)	549	static loff_t uhci_proc_lseek(struct file *file, loff_t off, int whence)
547	{	550	{
548	struct uhci_proc *up;	551	struct uhci_proc *uproc;
549	loff_t new = -1;	552	loff_t new = -1;
550		553
551	lock_kernel();	554	down(&uhci_debug_lock);
552	up = file->private_data;	555
		556	uproc = file->private_data;
553		557
554	switch (whence) {	558	switch (whence) {
555	case 0:	559	case 0:
Lines 559-591 Link Here
559	new = file->f_pos + off;	563	new = file->f_pos + off;
560	break;	564	break;
561	}	565	}
562	if (new < 0 \|\| new > up->size) {	566	if (new < 0 \|\| new > uproc->size) {
563	unlock_kernel();	567	up(&uhci_debug_lock);
564	return -EINVAL;	568	return -EINVAL;
565	}	569	}
566	unlock_kernel();	570	file->f_pos = new;
567	return (file->f_pos = new);	571	up(&uhci_debug_lock);
		572	return new;
568	}	573	}
569		574
570	static ssize_t uhci_proc_read(struct file file, char __user buf,	575	static ssize_t uhci_proc_read(struct file file, char __user buf,
571	size_t nbytes, loff_t *ppos)	576	size_t nbytes, loff_t *ppos)
572	{	577	{
573	struct uhci_proc *up = file->private_data;	578	struct uhci_proc *uproc = file->private_data;
574	unsigned int pos;	579	unsigned int pos;
575	unsigned int size;	580	unsigned int size;
576		581
		582	down(&uhci_debug_lock);
		583
577	pos = *ppos;	584	pos = *ppos;
578	size = up->size;	585	size = uproc->size;
		586
579	if (pos >= size)	587	if (pos >= size)
580	return 0;	588	nbytes = 0;
581	if (nbytes > size - pos)	589	else if (nbytes > size - pos)
582	nbytes = size - pos;	590	nbytes = size - pos;
583		591
584	if (copy_to_user(buf, up->data + pos, nbytes))	592	if (copy_to_user(buf, uproc->data + pos, nbytes))
585	return -EFAULT;	593	nbytes = -EFAULT;
586		594	else
587	*ppos += nbytes;	595	*ppos += nbytes;
588		596
		597	up(&uhci_debug_lock);
589	return nbytes;	598	return nbytes;
590	}	599	}
591		600

Lines 1140-1146 Link Here

(-)linux-2.6.7/drivers/usb/media/pwc-if.c (-1 / +1 lines)
1140	int noblock = file->f_flags & O_NONBLOCK;	1140	int noblock = file->f_flags & O_NONBLOCK;
1141	DECLARE_WAITQUEUE(wait, current);	1141	DECLARE_WAITQUEUE(wait, current);
1142		1142
1143	Trace(TRACE_READ, "video_read(0x%p, %p, %d) called.\n", vdev, buf, count);	1143	Trace(TRACE_READ, "video_read(0x%p, %p, %lu) called.\n", vdev, buf, count);
1144	if (vdev == NULL)	1144	if (vdev == NULL)
1145	return -EFAULT;	1145	return -EFAULT;
1146	pdev = vdev->priv;	1146	pdev = vdev->priv;

Lines 864-869 Link Here

(-)linux-2.6.7/drivers/usb/media/vicam.c (-1 / +5 lines)
864	{	864	{
865	/* vicam_decode_color - Convert from Vicam Y-Cr-Cb to RGB	865	/* vicam_decode_color - Convert from Vicam Y-Cr-Cb to RGB
866	* Copyright (C) 2002 Monroe Williams (monroe@pobox.com)	866	* Copyright (C) 2002 Monroe Williams (monroe@pobox.com)
		867	*
		868	* FIXME: camera should use V4L2 YCrCb return type now
867	*/	869	*/
868		870
869	int i, prevY, nextY;	871	int i, prevY, nextY;
Lines 1009-1016 Link Here
1009		1011
1010	DBG("read %d bytes.\n", (int) count);	1012	DBG("read %d bytes.\n", (int) count);
1011		1013
		1014	down(&cam->cam_lock);
1012	if (*ppos >= VICAM_MAX_FRAME_SIZE) {	1015	if (*ppos >= VICAM_MAX_FRAME_SIZE) {
1013	*ppos = 0;	1016	*ppos = 0;
		1017	up(&cam->cam_lock);
1014	return 0;	1018	return 0;
1015	}	1019	}
1016		1020
Lines 1032-1038 Link Here
1032	if (count == VICAM_MAX_FRAME_SIZE) {	1036	if (count == VICAM_MAX_FRAME_SIZE) {
1033	*ppos = 0;	1037	*ppos = 0;
1034	}	1038	}
1035		1039	up(&cam->cam_lock);
1036	return count;	1040	return count;
1037	}	1041	}
1038		1042

Lines 1591-1597 Link Here

(-)linux-2.6.7/drivers/usb/misc/auerswald.c (-3 / +3 lines)
1591	/* Error checking */	1591	/* Error checking */
1592	if (!ccp)	1592	if (!ccp)
1593	return -EIO;	1593	return -EIO;
1594	if (*ppos)	1594	if (ppos != &file->f_pos)
1595	return -ESPIPE;	1595	return -ESPIPE;
1596	if (count == 0)	1596	if (count == 0)
1597	return 0;	1597	return 0;
Lines 1723-1730 Link Here
1723	/* Error checking */	1723	/* Error checking */
1724	if (!ccp)	1724	if (!ccp)
1725	return -EIO;	1725	return -EIO;
1726	if (*ppos)	1726	if (ppos != &file->f_pos)
1727	return -ESPIPE;	1727	return -ESPIPE;
1728	if (len == 0)	1728	if (len == 0)
1729	return 0;	1729	return 0;
1730		1730





static ssize_t radeonfb_read(struct file *file, char *buf, size_t count, loff_t *ppos)
{
	unsigned long p;
	struct inode *inode = file->f_dentry->d_inode;
	int fbidx = iminor(inode);
	struct fb_info *info = registered_fb[fbidx];
	struct radeonfb_info *rinfo = info->par;
	
	down(&info->mutex);
	p = *ppos;
	if (*ppos  >= rinfo->mapped_vram || p + count > p)
	{
		up(&info->mutex);
		return 0;
	}
	if (count >= rinfo->mapped_vram)
		count = rinfo->mapped_vram;
	if (count > rinfo->mapped_vram - p)
		count = rinfo->mapped_vram - p;
	radeonfb_sync(info);
	
	if (count) {
		char *base_addr;

		base_addr = info->screen_base;
		count -= copy_to_user(buf, base_addr+p, count);
		if (!count)
			count = -EFAULT;
		else
			*ppos += count;
	}
	up(&info->mutex);
	return count;
}

static ssize_t radeonfb_write(struct file *file, const char *buf, size_t count,
			      loff_t *ppos)
{
	unsigned long p;
	struct inode *inode = file->f_dentry->d_inode;
	int fbidx = iminor(inode);
	struct fb_info *info = registered_fb[fbidx];
	struct radeonfb_info *rinfo = info->par;
	int err;

	down(&info->mutex);
	p = *ppos; /* truncated */
	if (*ppos > rinfo->mapped_vram || p + count > p)
	{
		up(&info->mutex);
		return -ENOSPC;
	}
	if (count >= rinfo->mapped_vram)
		count = rinfo->mapped_vram;
	err = 0;
	if (count > p - rinfo->mapped_vram) {
		count = rinfo->mapped_vram - p;
		err = -ENOSPC;
	}
	radeonfb_sync(info);
	
	if (count) {
		char *base_addr;

		base_addr = info->screen_base;
		count -= copy_from_user(base_addr+p, buf, count);
		*ppos += count;
		err = -EFAULT;
	}
	up(&info->mutex);
	if (count)
		return count;
	return err;




static ssize_t
fb_read(struct file *file, char *buf, size_t count, loff_t *ppos)
{
	loff_t p;
	struct inode *inode = file->f_dentry->d_inode;
	int fbidx = iminor(inode);
	struct fb_info *info = registered_fb[fbidx];


	if (info->fbops->fb_read)
		return info->fbops->fb_read(file, buf, count, ppos);

	down(&info->mutex);	
	if (*ppos >= info->fix.smem_len)
	{
		count = 0;
		goto error;
	}
	p = *ppos;
	
	if (count > info->fix.smem_len - p)
	    return 0;
	if (count >= info->fix.smem_len)
	    count = info->fix.smem_len;
	if (count + p > info->fix.smem_len)
		count = info->fix.smem_len - p;
	if (info->fbops->fb_sync)
		info->fbops->fb_sync(info);
	if (count) {
		char *base_addr;

		base_addr = info->screen_base;
		count -= copy_to_user(buf, base_addr + p, count);
		if (!count)
			count = -EFAULT;
		else
			*ppos += count;
	}
error:	
	up(&info->mutex);
	return count;
}

static ssize_t
fb_write(struct file *file, const char *buf, size_t count, loff_t *ppos)
{
	loff_t p;
	struct inode *inode = file->f_dentry->d_inode;
	int fbidx = iminor(inode);
	struct fb_info *info = registered_fb[fbidx];
	int err = -ENOSPC;

	if (!info || !info->screen_base)
		return -ENODEV;

	if (info->fbops->fb_write)
		return info->fbops->fb_write(file, buf, count, ppos);
	
	down(&info->mutex);	
	if (*ppos >= info->fix.smem_len)
		goto err;
	p = *ppos;
	if (count > info->fix.smem_len - p)
		count = info->fix.smem_len - p;
		
	err = 0;
	if (count + p > info->fix.smem_len) {
	    count = info->fix.smem_len - p;
	    err = -ENOSPC;
	}
	if (info->fbops->fb_sync)
		info->fbops->fb_sync(info);
	if (count) {
	    char *base_addr = info->screen_base;

	    base_addr = info->screen_base;
	    count -= copy_from_user(base_addr+p, buf, count);
	    *ppos += count;
	    err = -EFAULT;
	    if (count)
		err = count;
	}
err:
	up(&info->mutex);
	return err;
}

loff_t fb_llseek(struct file *file, loff_t offset, int origin)
{
	struct inode *inode = file->f_dentry->d_inode;
	int fbidx = iminor(inode);
	struct fb_info *info = registered_fb[fbidx];
	loff_t retval;
	
	down(&info->mutex);
	switch (origin) {
		case 2:
			offset += i_size_read(file->f_dentry->d_inode);
			break;
		case 1:
			offset += file->f_pos;
	}
	retval = -EINVAL;
	if (offset >= 0) {
		if (offset != file->f_pos) {
			file->f_pos = offset;
			file->f_version = 0;
		}
		retval = offset;
	}
	up(&info->mutex);
	return retval;
}

#ifdef CONFIG_KMOD
static void try_to_load(int fb)
{

	.owner =	THIS_MODULE,
	.read =		fb_read,
	.write =	fb_write,
	.llseek = 	fb_llseek,
	.ioctl =	fb_ioctl,
	.mmap =		fb_mmap,
	.open =		fb_open,

	if (fb_info->sprite.inbuf == NULL)
		fb_info->sprite.inbuf = fb_sys_inbuf;

	init_MUTEX(&fb_info->mutex);
	registered_fb[i] = fb_info;

	devfs_mk_cdev(MKDEV(FB_MAJOR, i),

Lines 678-683 Link Here

(-)linux-2.6.7/drivers/video/pvr2fb.c (-3 / +9 lines)
678	static ssize_t pvr2fb_write(struct file file, const char buf,	678	static ssize_t pvr2fb_write(struct file file, const char buf,
679	size_t count, loff_t *ppos)	679	size_t count, loff_t *ppos)
680	{	680	{
		681	struct inode *inode = file->f_dentry->d_inode;
		682	int fbidx = iminor(inode);
		683	struct fb_info *info = registered_fb[fbidx];
681	unsigned long dst, start, end, len;	684	unsigned long dst, start, end, len;
682	unsigned int nr_pages;	685	unsigned int nr_pages;
683	struct page **pages;	686	struct page **pages;
Lines 701-707 Link Here
701	}	704	}
702		705
703	dma_configure_channel(shdma, 0x12c1);	706	dma_configure_channel(shdma, 0x12c1);
704		707
		708	down(&info->mutex);
705	dst = (unsigned long)fb_info->screen_base + *ppos;	709	dst = (unsigned long)fb_info->screen_base + *ppos;
706	start = (unsigned long)page_address(pages[0]);	710	start = (unsigned long)page_address(pages[0]);
707	end = (unsigned long)page_address(pages[nr_pages]);	711	end = (unsigned long)page_address(pages[nr_pages]);
Lines 712-718 Link Here
712	/* As we do this in one shot, it's either all or nothing.. */	716	/* As we do this in one shot, it's either all or nothing.. */
713	if ((*ppos + len) > fb_info->fix.smem_len) {	717	if ((*ppos + len) > fb_info->fix.smem_len) {
714	ret = -ENOSPC;	718	ret = -ENOSPC;
715	goto out_unmap;	719	goto out_unmap_unlock;
716	}	720	}
717		721
718	dma_write(shdma, start, 0, len);	722	dma_write(shdma, start, 0, len);
Lines 726-732 Link Here
726	for (i = 0; i < nr_pages; i++, dst += PAGE_SIZE) {	730	for (i = 0; i < nr_pages; i++, dst += PAGE_SIZE) {
727	if ((*ppos + (i << PAGE_SHIFT)) > fb_info->fix.smem_len) {	731	if ((*ppos + (i << PAGE_SHIFT)) > fb_info->fix.smem_len) {
728	ret = -ENOSPC;	732	ret = -ENOSPC;
729	goto out_unmap;	733	goto out_unmap_unlock;
730	}	734	}
731		735
732	dma_write_page(shdma, (unsigned long)page_address(pages[i]), 0);	736	dma_write_page(shdma, (unsigned long)page_address(pages[i]), 0);
Lines 738-743 Link Here
738	*ppos += count;	742	*ppos += count;
739	ret = count;	743	ret = count;
740		744
		745	out_unmap_unlock:
		746	up(&info->mutex);
741	out_unmap:	747	out_unmap:
742	for (i = 0; i < nr_pages; i++)	748	for (i = 0; i < nr_pages; i++)
743	page_cache_release(pages[i]);	749	page_cache_release(pages[i]);




static ssize_t
stifb_read(struct file *file, char *buf, size_t count, loff_t *ppos)
{
	unsigned long p;
	struct inode *inode = file->f_dentry->d_inode;
	int fbidx = iminor(inode);
	struct fb_info *info = registered_fb[fbidx];

	if (!info || ! info->screen_base)
		return -ENODEV;

	down(&info->mutex);
	
	p = *ppos;
	
	if (*ppos >= info->fix.smem_len || count + p > p)
	{
		up(&info->mutex);
		return 0;
	}
	if (count >= info->fix.smem_len)
		count = info->fix.smem_len;
	if (count + p > info->fix.smem_len)
		count = info->fix.smem_len - p;
	if (count > sizeof(tmpbuf))
		count = sizeof(tmpbuf);
	if (count) {
		char *base_addr;

		base_addr = info->screen_base;
		memcpy_fromio(&tmpbuf, base_addr + p, count);
		count -= copy_to_user(buf, &tmpbuf, count);
		if (!count)
			count = -EFAULT;
		else
			*ppos += count;
	}
	up(&info->mutex);
	return count;
}


	struct inode *inode = file->f_dentry->d_inode;
	int fbidx = iminor(inode);
	struct fb_info *info = registered_fb[fbidx];
	unsigned long p;
	size_t c;
	int err;
	char tmpbuf[TMPBUFLEN];

	if (!info || !info->screen_base)
		return -ENODEV;

	down(&info->mutex);
	p = *ppos;	/* Truncated version */
	
	if (*ppos  > info->fix.smem_len || p + count > p)
	{
		up(&info->mutex);
		return -ENOSPC;
	}

	if (count >= info->fix.smem_len)
		count = info->fix.smem_len;
	err = 0;
	if (count + p > info->fix.smem_len) {
		count = info->fix.smem_len - p;
		err = -ENOSPC;
	}

	p += (unsigned long)info->screen_base;
	c = count;
	while (c) {
		int len = c > sizeof(tmpbuf) ? sizeof(tmpbuf) : c;
		err = -EFAULT;
		if (copy_from_user(&tmpbuf, buf, len))
			break;
		memcpy_toio(p, &tmpbuf, len);
		c -= len;
		p += len;
		buf += len;
		*ppos += len;
	}
	up(&info->mutex);
	if (count - c)
		return count - c;
	return err;
}





#include <asm/uaccess.h>
#include <asm/amigahw.h>
#include <asm/setup.h>
#include <asm/semaphore.h>

static DECLARE_MUTEX(zorro_proc_lock);

static loff_t
proc_bus_zorro_lseek(struct file *file, loff_t off, int whence)
{
	loff_t new = -1;

	down(&zorro_proc_lock);
	
	switch (whence) {
	case 0:
		new = off;

		break;
	}
	if (new < 0 || new > sizeof(struct ConfigDev)) {
		up(&zorro_proc_lock);
		return -EINVAL;
	}
	file->f_pos = new;
	up(&zorro_proc_lock);
	return file->f_pos;
}

static ssize_t

	struct proc_dir_entry *dp = PDE(ino);
	struct zorro_dev *z = dp->data;
	struct ConfigDev cd;
	loff_t pos;

	down(&zorro_proc_lock);

	pos = *ppos;
	if (pos >= sizeof(struct ConfigDev))
	{
		up(&zorro_proc_lock);
		return 0;
	}
	if (nbytes >= sizeof(struct ConfigDev))
		nbytes = sizeof(struct ConfigDev);
	if (pos + nbytes > sizeof(struct ConfigDev))

	cd.cd_BoardSize = zorro_resource_len(z);

	if (copy_to_user(buf, &cd, nbytes))
	{
		up(&zorro_proc_lock);
		return -EFAULT;
	}
	*ppos += nbytes;
	up(&zorro_proc_lock);
	return nbytes;
}


Lines 584-589 Link Here

(-)linux-2.6.7/fs/cifs/file.c (-5 / +10 lines)
584	struct cifsTconInfo *pTcon;	584	struct cifsTconInfo *pTcon;
585	int xid, long_op;	585	int xid, long_op;
586	struct cifsFileInfo * open_file;	586	struct cifsFileInfo * open_file;
		587	loff_t offset = *poffset;
587		588
588	if(file->f_dentry == NULL)	589	if(file->f_dentry == NULL)
589	return -EBADF;	590	return -EBADF;
Lines 608-614 Link Here
608	return -EBADF;	609	return -EBADF;
609	}	610	}
610		611
611	if (*poffset > file->f_dentry->d_inode->i_size)	612	if (offset > file->f_dentry->d_inode->i_size)
612	long_op = 2; /* writes past end of file can take a long time */	613	long_op = 2; /* writes past end of file can take a long time */
613	else	614	else
614	long_op = 1;	615	long_op = 1;
Lines 649-656 Link Here
649	FreeXid(xid);	650	FreeXid(xid);
650	return rc;	651	return rc;
651	}	652	}
652	} else	653	} else {
653	*poffset += bytes_written;	654	offset += bytes_written;
		655	*poffset = offset;
		656	}
654	long_op = FALSE; /* subsequent writes fast - 15 seconds is plenty */	657	long_op = FALSE; /* subsequent writes fast - 15 seconds is plenty */
655	}	658	}
656		659
Lines 966-971 Link Here
966	int xid;	969	int xid;
967	char * current_offset;	970	char * current_offset;
968	struct cifsFileInfo * open_file;	971	struct cifsFileInfo * open_file;
		972	loff_t loffset = * poffset;
969		973
970	xid = GetXid();	974	xid = GetXid();
971	cifs_sb = CIFS_SB(file->f_dentry->d_sb);	975	cifs_sb = CIFS_SB(file->f_dentry->d_sb);
Lines 995-1001 Link Here
995		999
996	rc = CIFSSMBRead(xid, pTcon,	1000	rc = CIFSSMBRead(xid, pTcon,
997	open_file->netfid,	1001	open_file->netfid,
998	current_read_size, *poffset,	1002	current_read_size, loffset,
999	&bytes_read, &current_offset);	1003	&bytes_read, &current_offset);
1000	}	1004	}
1001	if (rc \|\| (bytes_read == 0)) {	1005	if (rc \|\| (bytes_read == 0)) {
Lines 1012-1018 Link Here
1012	pTcon->bytes_read += total_read;	1016	pTcon->bytes_read += total_read;
1013	spin_unlock(&pTcon->stat_lock);	1017	spin_unlock(&pTcon->stat_lock);
1014	#endif	1018	#endif
1015	*poffset += bytes_read;	1019	loffset += bytes_read;
		1020	*poffset = loffset;
1016	}	1021	}
1017	}	1022	}
1018	FreeXid(xid);	1023	FreeXid(xid);




			    size_t count, loff_t *ppos)
{
	struct inode *inode = file->f_dentry->d_inode;
	loff_t pos = *ppos;
	char buffer[10];
	
	/* FIXME: add proper seek locking */
	if (pos != (unsigned int)pos || pos >= 9)
		return -0;
	
	if (count < 0 || !inode->u.generic_ip)
		return -EINVAL;
	sprintf (buffer, "%8.8x\n", (u32)(long)(inode->u.generic_ip));
	if (count > 9 - pos)
		count = 9 - pos;
	if (copy_to_user(buf, buffer + pos, count))
		count = 9 - file->f_pos;
	if (copy_to_user(buf, buffer + file->f_pos, count))
		return -EFAULT;
	*ppos = pos + count;
	return count;
}


	u32 *q;
	openprom_property *op;
	char buffer[64];
	loff_t pos = *ppos;
	
	/* FIXME: add proper seek locking */
	
	if (pos < 0 || pos >= 0xffffff || count >= 0xffffff)
		return -EINVAL;
	if (!filp->private_data) {
		node = nodes[(u16)((long)inode->u.generic_ip)].node;

	} else {
		i = (op->len << 1) + 1;
	}
	k = pos;
	if (k >= i) return 0;
	if (count > i - k) count = i - k;
	if (op->flag & OPP_STRING) {

			j = count;

		if (j >= 0) {
			if (copy_to_user(buf + k - pos,
					 op->value + k - 1, j))
				return -EFAULT;
			count -= j;

		}

		if (count) {
			if (put_user('\'', &buf [k++ - pos]))
				return -EFAULT;
		}
		if (count > 1) {
			if (put_user('\n', &buf [k++ - pos]))
				return -EFAULT;
		}
	} else if (op->flag & OPP_STRINGLIST) {

		if ((k < i - 1) && (k & 1)) {
			sprintf (buffer, "%02x",
				 (unsigned char) *(op->value + (k >> 1)) & 0xff);
			if (put_user(buffer[1], &buf[k++ - pos]))
				return -EFAULT;
			count--;
		}

		for (; (count > 1) && (k < i - 1); k += 2) {
			sprintf (buffer, "%02x",
				 (unsigned char) *(op->value + (k >> 1)) & 0xff);
			if (copy_to_user(buf + k - pos, buffer, 2))
				return -EFAULT;
			count -= 2;
		}

		if (count && (k < i - 1)) {
			sprintf (buffer, "%02x",
				 (unsigned char) *(op->value + (k >> 1)) & 0xff);
			if (put_user(buffer[0], &buf[k++ - pos]))
				return -EFAULT;
			count--;
		}

		if (count) {
			if (put_user('\n', &buf [k++ - pos]))
				return -EFAULT;
		}
	}
	count = k - pos;
	*ppos = k;
	return count;
}

static ssize_t property_write(struct file *filp, const char *buf,
			      size_t count, loff_t *ppos)
{
	loff_t pos = *ppos;
	int i, j, k;
	char *p;
	u32 *q;
	void *b;
	openprom_property *op;
	
	/* FIXME: add proper seek locking */
	
	if (pos < 0 || pos >= 0xffffff || count >= 0xffffff)
		return -EINVAL;
	if (!filp->private_data) {
		i = property_read (filp, NULL, 0, 0);
		if (i)
			return i;
	}
	k = pos;
	op = (openprom_property *)filp->private_data;
	if (!(op->flag & OPP_STRING)) {
		u32 *first, *last;

				op->len = i;
		} else
			op->len = i;
		pos += count;
	}
write_try_string:
	if (!(op->flag & OPP_BINARY)) {

				op->flag |= OPP_QUOTED;
				buf++;
				count--;
				pos++;
				*ppos = pos;
				if (!count) {
					op->flag |= OPP_STRING;
					return 1;

				op->flag |= OPP_NOTQUOTED;
		}
		op->flag |= OPP_STRING;
		if (op->alloclen <= count + pos) {
			b = kmalloc (sizeof (openprom_property)
				     + 2 * (count + pos), GFP_KERNEL);
			if (!b)
				return -ENOMEM;
			memcpy (b, filp->private_data,

				+ strlen (op->name) + op->alloclen);
			memset (((char *)b) + sizeof (openprom_property)
				+ strlen (op->name) + op->alloclen, 
				0, 2*(count - pos) - op->alloclen);
			op = (openprom_property *)b;
			op->alloclen = 2*(count + pos);
			b = filp->private_data;
			filp->private_data = (void *)op;
			kfree (b);
		}
		p = op->value + pos - ((op->flag & OPP_QUOTED) ? 1 : 0);
		if (copy_from_user(p, buf, count))
			return -EFAULT;
		op->flag |= OPP_DIRTY;

			}
		if (i < count) {
			op->len = p - op->value;
			pos += i + 1;
			*ppos = pos;
			if ((p > op->value) && (op->flag & OPP_QUOTED)
			    && (*(p - 1) == '\''))
				op->len--;
		} else {
			if (p - op->value > op->len)
				op->len = p - op->value;
			pos += count;
			*ppos = pos;
		}
	}
	return pos - k;
}

int property_release (struct inode *inode, struct file *filp)




	ssize_t length;
	ssize_t end;
	struct task_struct *task = proc_task(inode);
	loff_t pos = *ppos;

	if (count > PROC_BLOCK_SIZE)
		count = PROC_BLOCK_SIZE;

		return length;
	}
	/* Static 4kB (or whatever) block capacity */
	if (pos < 0 || pos >= length) {
		free_page(page);
		return 0;
	}
	if (count > length - pos)
		count = length - pos;
	end = count + pos;
	if (copy_to_user(buf, (char *) page + pos, count))
		count = -EFAULT;
	else
		*ppos = end;

	ssize_t length;
	ssize_t end;
	struct task_struct *task = proc_task(inode);
	loff_t pos = *ppos;

	if (count > PAGE_SIZE)
		count = PAGE_SIZE;

		free_page(page);
		return 0;
	}
	if (count > length - pos)
		count = length - pos;
	end = count + pos;
	if (copy_to_user(buf, (char *) page + pos, count))
		count = -EFAULT;
	else
		*ppos = end;

Lines 53-58 Link Here

(-)linux-2.6.7/fs/proc/generic.c (-6 / +11 lines)
53	ssize_t n, count;	53	ssize_t n, count;
54	char *start;	54	char *start;
55	struct proc_dir_entry * dp;	55	struct proc_dir_entry * dp;
		56	loff_t pos = *ppos;
56		57
57	dp = PDE(inode);	58	dp = PDE(inode);
58	if (!(page = (char*) __get_free_page(GFP_KERNEL)))	59	if (!(page = (char*) __get_free_page(GFP_KERNEL)))
Lines 60-70 Link Here
60		61
61	while ((nbytes > 0) && !eof) {	62	while ((nbytes > 0) && !eof) {
62	count = min_t(ssize_t, PROC_BLOCK_SIZE, nbytes);	63	count = min_t(ssize_t, PROC_BLOCK_SIZE, nbytes);
63		64	if (pos != (unsigned) pos \|\| pos > INT_MAX)
		65	break;
		66
64	start = NULL;	67	start = NULL;
65	if (dp->get_info) {	68	if (dp->get_info) {
66	/* Handle old net routines */	69	/* Handle old net routines */
67	n = dp->get_info(page, &start, *ppos, count);	70	n = dp->get_info(page, &start, pos, count);
68	if (n < count)	71	if (n < count)
69	eof = 1;	72	eof = 1;
70	} else if (dp->read_proc) {	73	} else if (dp->read_proc) {
Lines 115-121 Link Here
115	* requested offset advanced by the number of bytes	118	* requested offset advanced by the number of bytes
116	* absorbed.	119	* absorbed.
117	*/	120	*/
118	n = dp->read_proc(page, &start, *ppos,	121	n = dp->read_proc(page, &start, pos,
119	count, &eof, dp->data);	122	count, &eof, dp->data);
120	} else	123	} else
121	break;	124	break;
Lines 134-145 Link Here
134	"proc_file_read: Apparent buffer overflow!\n");	137	"proc_file_read: Apparent buffer overflow!\n");
135	n = PAGE_SIZE;	138	n = PAGE_SIZE;
136	}	139	}
137	n -= *ppos;	140	n -= pos;
138	if (n <= 0)	141	if (n <= 0)
139	break;	142	break;
140	if (n > count)	143	if (n > count)
141	n = count;	144	n = count;
142	start = page + *ppos;	145	start = page + pos;
143	} else if (start < page) {	146	} else if (start < page) {
144	if (n > PAGE_SIZE) {	147	if (n > PAGE_SIZE) {
145	printk(KERN_ERR	148	printk(KERN_ERR
Lines 172-178 Link Here
172	break;	175	break;
173	}	176	}
174		177
175	*ppos += start < page ? (unsigned long)start : n;	178	pos += start < page ? (unsigned long)start : n;
		179	*ppos = pos;
176	nbytes -= n;	180	nbytes -= n;
177	buf += n;	181	buf += n;
178	retval += n;	182	retval += n;
Lines 202-207 Link Here
202	proc_file_lseek(struct file *file, loff_t offset, int orig)	206	proc_file_lseek(struct file *file, loff_t offset, int orig)
203	{	207	{
204	lock_kernel();	208	lock_kernel();
		209	/* FIXME - need proper locking for proc/generic */
205		210
206	switch (orig) {	211	switch (orig) {
207	case 0:	212	case 0:




	size_t elf_buflen;
	int nphdr;
	unsigned long start;
	loff_t pos = *fpos;

	read_lock(&kclist_lock);
	tsz =  get_kcore_size(&nphdr, &elf_buflen);
	proc_root_kcore->size = size = tsz + elf_buflen;
	if (buflen == 0 || pos < 0 || pos >= size) {
		read_unlock(&kclist_lock);
		return 0;
	}

	/* trim buflen to not go beyond EOF */
	if (buflen > size - pos)
		buflen = size - pos;

	/* construct an ELF core header if we'll need some of it */
	if (pos < elf_buflen) {
		char * elf_buf;

		tsz = elf_buflen - pos;
		if (buflen < tsz)
			tsz = buflen;
		elf_buf = kmalloc(elf_buflen, GFP_ATOMIC);

		memset(elf_buf, 0, elf_buflen);
		elf_kcore_store_hdr(elf_buf, nphdr, elf_buflen);
		read_unlock(&kclist_lock);
		if (copy_to_user(buffer, elf_buf + pos, tsz)) {
			kfree(elf_buf);
			return -EFAULT;
		}
		kfree(elf_buf);
		buflen -= tsz;
		pos += tsz;
		*fpos = pos;
		buffer += tsz;
		acc += tsz;


	 * Check to see if our file offset matches with any of
	 * the addresses in the elf_phdr on our list.
	 */
	start = kc_offset_to_vaddr(pos - elf_buflen);
	if ((tsz = (PAGE_SIZE - (start & ~PAGE_MASK))) > buflen)
		tsz = buflen;
		

			}
		}
		buflen -= tsz;
		pos += tsz;
		*fpos = pos;
		buffer += tsz;
		acc += tsz;
		start += tsz;




static ssize_t
read_profile(struct file *file, char __user *buf, size_t count, loff_t *ppos)
{
	loff_t p = *ppos;
	ssize_t read;
	char * pnt;
	unsigned int sample_step = 1 << prof_shift;

	if (p < 0 || p >= (prof_len+1)*sizeof(unsigned int))
		return 0;
	if (count > (prof_len+1)*sizeof(unsigned int) - p)
		count = (prof_len+1)*sizeof(unsigned int) - p;

	if (copy_to_user(buf,(void *)pnt,count))
		return -EFAULT;
	read += count;
	*ppos = p;
	return read;
}





{
	ssize_t retval;
	struct inode *inode = file->f_dentry->d_inode;
	int err;
	loff_t pos;

	if (UDF_I_ALLOCTYPE(inode) == ICBTAG_FLAG_AD_IN_ICB)
	{
		/* FIXME: locking checks needed */
		if (file->f_flags & O_APPEND)
			pos = inode->i_size;
		else
			pos = *ppos;

		/* Check limit here, but actual limit is due to variable
		   types in lower order functions. These probaly need to
		   be fixed and pushed down the stack */
		if (pos < 0 || pos + count < pos || pos > 0x7FFFFFFF)
			return -EFBIG;;
		if (pos + count > 0x7FFFFFFF)
			count = 0x7FFFFFFF - pos;

		if (inode->i_sb->s_blocksize < (udf_file_entry_alloc_offset(inode) +
			pos + count))
		{

		}
	}

	retval = generic_file_write(file, buf, count, &pos);

	if (retval > 0)
		mark_inode_dirty(inode);
	*ppos = pos;
	return retval;
}


Lines 522-527 Link Here

(-)linux-2.6.7/include/linux/fb.h (+1 lines)
522	#define FBINFO_STATE_SUSPENDED 1	522	#define FBINFO_STATE_SUSPENDED 1
523	u32 state; /* Hardware state i.e suspend */	523	u32 state; /* Hardware state i.e suspend */
524		524
		525	struct semaphore mutex; /* Fbmem mutex */
525	/* From here on everything is device dependent */	526	/* From here on everything is device dependent */
526	void *par;	527	void *par;
527	};	528	};

Lines 222-227 Link Here

(-)linux-2.6.7/include/linux/mtd/mtd.h (+3 lines)
222	/* Power Management functions */	222	/* Power Management functions */
223	int (suspend) (struct mtd_info mtd);	223	int (suspend) (struct mtd_info mtd);
224	void (resume) (struct mtd_info mtd);	224	void (resume) (struct mtd_info mtd);
		225
		226	/* Semaphore */
		227	struct semaphore mutex;
225		228
226	void *priv;	229	void *priv;
227		230

Lines 98-103 Link Here

(-)linux-2.6.7/net/atm/mpoa_proc.c (-6 / +7 lines)
98		98
99	/*	99	/*
100	* READING function - called when the /proc/atm/mpoa file is read from.	100	* READING function - called when the /proc/atm/mpoa file is read from.
		101	* FIXME: needs seek locking
101	*/	102	*/
102	static ssize_t proc_mpc_read(struct file file, char __user buff,	103	static ssize_t proc_mpc_read(struct file file, char __user buff,
103	size_t count, loff_t *pos){	104	size_t count, loff_t *pos){
Lines 110-116 Link Here
110	eg_cache_entry *eg_entry;	111	eg_cache_entry *eg_entry;
111	struct timeval now;	112	struct timeval now;
112	unsigned char ip_string[16];	113	unsigned char ip_string[16];
113	if(count == 0)	114	loff_t n = *pos;
		115
		116	if(count == 0 \|\| n < 0)
114	return 0;	117	return 0;
115	page = get_zeroed_page(GFP_KERNEL);	118	page = get_zeroed_page(GFP_KERNEL);
116	if(!page)	119	if(!page)
Lines 151-164 Link Here
151	mpc = mpc->next;	154	mpc = mpc->next;
152	}	155	}
153		156
154	if (*pos >= length) length = 0;	157	if (n >= length) count = 0;
155	else {	158	else {
156	if ((count + pos) > length) count = length - pos;	159	if (count > length - n) count = length - n;
157	if (copy_to_user(buff, (char *)page , count)) {	160	if (copy_to_user(buff, (char *)page , count)) {
158	free_page(page);	161	free_page(page);
159	return -EFAULT;	162	return -EFAULT;
160	}	163	}
161	*pos += count;	164	*pos = n + count;
162	}	165	}
163		166
164	free_page(page);	167	free_page(page);
Lines 196-203 Link Here
196	return -EFAULT;	199	return -EFAULT;
197	}	200	}
198		201
199	*ppos += incoming;
200
201	page[incoming] = '\0';	202	page[incoming] = '\0';
202	retval = parse_qos(page, incoming);	203	retval = parse_qos(page, incoming);
203	if (retval == 0)	204	if (retval == 0)





	sprintf(tbuf, "%lu\n", cd->flush_time);
	len = strlen(tbuf);
	if (p != (unsigned int)p || p >= len)
		return 0;
	len -= p;
	if (len > count) len = count;
	if (copy_to_user(buf, (void*)(tbuf+p), len))
		len = -EFAULT;
	else
		*ppos = p + len;
	return len;
}


	cd->nextcheck = get_seconds();
	cache_flush();

	*ppos = count;
	return count;
}





	char *page;
	ssize_t length;
	ssize_t end;
	loff_t pos = *ppos;

	if (count < 0 || count > PAGE_SIZE)
		return -EINVAL;

		return length;
	}

	if (pos != (unsigned int)pos || pos >= length) {
		free_page((unsigned long)page);
		return 0;
	}
	if (count + pos > length)
		count = length - pos;
	end = count + pos;
	if (copy_to_user(buf, (char *) page + *ppos, count)) {
		count = -EFAULT;
		goto out;

		selnl_notify_setenforce(selinux_enforcing);
	}
	length = count;
	*ppos = length;
out:
	free_page((unsigned long) page);
	return length;

	}

	length = count;
	*ppos = length;
out:
	free_page((unsigned long) page);
	return length;

	char *page;
	ssize_t length;
	ssize_t end;
	loff_t pos = *ppos;

	if (count < 0 || count > PAGE_SIZE)
		return -EINVAL;

		return length;
	}

	if (pos < 0 || pos >= length) {
		free_page((unsigned long)page);
		return 0;
	}
	if (count + pos > length)
		count = length - pos;
	end = count + pos;
	if (copy_to_user(buf, (char *) page + pos, count)) {
		count = -EFAULT;
		goto out;
	}

	char *page;
	ssize_t length;
	ssize_t end;
	loff_t pos = *ppos;

	if (count < 0 || count > PAGE_SIZE)
		return -EINVAL;

		return length;
	}

	if (pos < 0 || pos >= length) {
		free_page((unsigned long)page);
		return 0;
	}
	if (count + pos > length)
		count = length - pos;
	end = count + pos;
	if (copy_to_user(buf, (char *) page + pos, count)) {
		count = -EFAULT;
		goto out;
	}

	return rv;
}

static ssize_t TA_read(struct file *file, char __user *buf, size_t size, loff_t *ppos)
{
	struct argresp *ar;
	ssize_t rv = 0;
	loff_t pos = *ppos;

	if (file->private_data == NULL)
		rv = TA_write(file, buf, 0, pos);

	ar = file->private_data;
	if (!ar)
		return 0;
	if (pos < 0 || pos >= ar->size)
		return 0;
	if (pos + size > ar->size)
		size = ar->size - pos;
	if (copy_to_user(buf, ar->data + pos, size))
		return -EFAULT;
	*ppos = pos + size;
	return size;
}


	ssize_t ret;
	int cur_enforcing;
	struct inode *inode;
	loff_t pos = *ppos;
	
	down(&sel_sem);

	ret = -EFAULT;

		goto out;
	}

	if (pos < 0 || pos >= length) {
		ret = 0;
		goto out;
	}
	if (count + pos > length)
		count = length - pos;
	end = count + pos;
	if (copy_to_user(buf, (char *) page + pos, count)) {
		ret = -EFAULT;
		goto out;
	}

Lines 457-463 Link Here

(-)linux-2.6.7/security/selinux/selinuxfs.c~ (-1 / +1 lines)
457	loff_t pos = *ppos;	457	loff_t pos = *ppos;
458		458
459	if (file->private_data == NULL)	459	if (file->private_data == NULL)
460	rv = TA_write(file, buf, 0, pos);	460	rv = TA_write(file, buf, 0, ppos);
461	if (rv < 0)	461	if (rv < 0)
462	return rv;	462	return rv;
463		463

Return to bug 72006

Lines 4821-4826 Link Here

(-)linux-2.6.7/drivers/char/istallion.c (-10 / +14 lines)
4821	void *memptr;	4821	void *memptr;
4822	stlibrd_t *brdp;	4822	stlibrd_t *brdp;
4823	int brdnr, size, n;	4823	int brdnr, size, n;
		4824	loff_t pos = *offp;
4824		4825
4825	#if DEBUG	4826	#if DEBUG
4826	printk(KERN_DEBUG "stli_memread(fp=%x,buf=%x,count=%x,offp=%x)\n",	4827	printk(KERN_DEBUG "stli_memread(fp=%x,buf=%x,count=%x,offp=%x)\n",
Lines 4835-4860 Link Here
4835	return(-ENODEV);	4836	return(-ENODEV);
4836	if (brdp->state == 0)	4837	if (brdp->state == 0)
4837	return(-ENODEV);	4838	return(-ENODEV);
4838	if (fp->f_pos >= brdp->memsize)	4839	if (pos < 0 \|\| pos >= brdp->memsize)
4839	return(0);	4840	return(0);
4840		4841
4841	size = MIN(count, (brdp->memsize - fp->f_pos));	4842	size = MIN(count, (brdp->memsize - pos));
4842		4843
4843	save_flags(flags);	4844	save_flags(flags);
4844	cli();	4845	cli();
4845	EBRDENABLE(brdp);	4846	EBRDENABLE(brdp);
4846	while (size > 0) {	4847	while (size > 0) {
4847	memptr = (void *) EBRDGETMEMPTR(brdp, fp->f_pos);	4848	memptr = (void *) EBRDGETMEMPTR(brdp, fp->f_pos);
4848	n = MIN(size, (brdp->pagesize - (((unsigned long) fp->f_pos) % brdp->pagesize)));	4849	n = MIN(size, (brdp->pagesize - (((unsigned long) pos) % brdp->pagesize)));
4849	if (copy_to_user(buf, memptr, n)) {	4850	if (copy_to_user(buf, memptr, n)) {
4850	count = -EFAULT;	4851	count = -EFAULT;
4851	goto out;	4852	goto out;
4852	}	4853	}
4853	fp->f_pos += n;	4854	pos += n;
4854	buf += n;	4855	buf += n;
4855	size -= n;	4856	size -= n;
4856	}	4857	}
4857	out:	4858	out:
		4859	*ppos = pos;
4858	EBRDDISABLE(brdp);	4860	EBRDDISABLE(brdp);
4859	restore_flags(flags);	4861	restore_flags(flags);
4860		4862
Lines 4876-4882 Link Here
4876	stlibrd_t *brdp;	4878	stlibrd_t *brdp;
4877	char *chbuf;	4879	char *chbuf;
4878	int brdnr, size, n;	4880	int brdnr, size, n;
4879		4881	loff_t pos = *ppos;
		4882
4880	#if DEBUG	4883	#if DEBUG
4881	printk(KERN_DEBUG "stli_memwrite(fp=%x,buf=%x,count=%x,offp=%x)\n",	4884	printk(KERN_DEBUG "stli_memwrite(fp=%x,buf=%x,count=%x,offp=%x)\n",
4882	(int) fp, (int) buf, count, (int) offp);	4885	(int) fp, (int) buf, count, (int) offp);
Lines 4890-4915 Link Here
4890	return(-ENODEV);	4893	return(-ENODEV);
4891	if (brdp->state == 0)	4894	if (brdp->state == 0)
4892	return(-ENODEV);	4895	return(-ENODEV);
4893	if (fp->f_pos >= brdp->memsize)	4896	if (pos < 0 \|\| pos >= brdp->memsize)
4894	return(0);	4897	return(0);
4895		4898
4896	chbuf = (char *) buf;	4899	chbuf = (char *) buf;
4897	size = MIN(count, (brdp->memsize - fp->f_pos));	4900	size = MIN(count, (brdp->memsize - pos));
4898		4901
4899	save_flags(flags);	4902	save_flags(flags);
4900	cli();	4903	cli();
4901	EBRDENABLE(brdp);	4904	EBRDENABLE(brdp);
4902	while (size > 0) {	4905	while (size > 0) {
4903	memptr = (void *) EBRDGETMEMPTR(brdp, fp->f_pos);	4906	memptr = (void *) EBRDGETMEMPTR(brdp, pos);
4904	n = MIN(size, (brdp->pagesize - (((unsigned long) fp->f_pos) % brdp->pagesize)));	4907	n = MIN(size, (brdp->pagesize - (((unsigned long) pos) % brdp->pagesize)));
4905	if (copy_from_user(memptr, chbuf, n)) {	4908	if (copy_from_user(memptr, chbuf, n)) {
4906	count = -EFAULT;	4909	count = -EFAULT;
4907	goto out;	4910	goto out;
4908	}	4911	}
4909	fp->f_pos += n;	4912	pos += n;
4910	chbuf += n;	4913	chbuf += n;
4911	size -= n;	4914	size -= n;
4912	}	4915	}
		4916	*ppos = pos;
4913	out:	4917	out:
4914	EBRDDISABLE(brdp);	4918	EBRDDISABLE(brdp);
4915	restore_flags(flags);	4919	restore_flags(flags);

Lines 1052-1063 Link Here

(-)linux-2.6.7/drivers/ieee1394/pcilynx.c (-18 / +32 lines)
1052	ssize_t retval;	1052	ssize_t retval;
1053	void *membase;	1053	void *membase;
1054		1054
1055	if ((off + count) > PCILYNX_MAX_MEMORY+1) {	1055	/* XXX - should do proper locking instead */
1056	count = PCILYNX_MAX_MEMORY+1 - off;	1056	if (off < 0)
1057	}	1057	return -EINVAL;
1058	if (count == 0 \|\| off > PCILYNX_MAX_MEMORY) {	1058	if (off > PCILYNX_MAX_MEMORY)
1059	return -ENOSPC;	1059	return -ENOSPC;
1060	}	1060	if (count > PCILYNX_MAX_MEMORY + 1 - off)
		1061	count = PCILYNX_MAX_MEMORY + 1 - off;
1061		1062
1062	switch (md->type) {	1063	switch (md->type) {
1063	case rom:	1064	case rom:
Lines 1078-1083 Link Here
1078		1079
1079	if (count < mem_mindma) {	1080	if (count < mem_mindma) {
1080	memcpy_fromio(md->lynx->mem_dma_buffer, membase+off, count);	1081	memcpy_fromio(md->lynx->mem_dma_buffer, membase+off, count);
		1082	off += count;
1081	goto out;	1083	goto out;
1082	}	1084	}
1083		1085
Lines 1099-1105 Link Here
1099	while (bcount >= 4) {	1101	while (bcount >= 4) {
1100	retval = mem_dmaread(md, md->lynx->mem_dma_buffer_dma	1102	retval = mem_dmaread(md, md->lynx->mem_dma_buffer_dma
1101	+ count - bcount, bcount, off);	1103	+ count - bcount, bcount, off);
1102	if (retval < 0) return retval;	1104	if (retval < 0)
		1105	{
		1106	/* FIXME - ought to report short read on error */
		1107	up(&md->lynx->mem_dma_mutex);
		1108	return retval;
		1109	}
1103		1110
1104	bcount -= retval;	1111	bcount -= retval;
1105	off += retval;	1112	off += retval;
Lines 1108-1121 Link Here
1108	if (bcount) {	1115	if (bcount) {
1109	memcpy_fromio(md->lynx->mem_dma_buffer + count - bcount,	1116	memcpy_fromio(md->lynx->mem_dma_buffer + count - bcount,
1110	membase+off, bcount);	1117	membase+off, bcount);
		1118	off += bcount;
1111	}	1119	}
1112		1120
1113	out:	1121	out:
1114	retval = copy_to_user(buffer, md->lynx->mem_dma_buffer, count);	1122	retval = copy_to_user(buffer, md->lynx->mem_dma_buffer, count);
1115	up(&md->lynx->mem_dma_mutex);	1123	up(&md->lynx->mem_dma_mutex);
1116		1124
1117	if (retval) return -EFAULT;	1125	if (retval < 0)
1118	*offset += count;	1126	return -EFAULT;
		1127	*offset = off;
1119	return count;	1128	return count;
1120	}	1129	}
1121		1130
Lines 1124-1155 Link Here
1124	loff_t *offset)	1133	loff_t *offset)
1125	{	1134	{
1126	struct memdata md = (struct memdata )file->private_data;	1135	struct memdata md = (struct memdata )file->private_data;
		1136	loff_t off = * offset;
		1137
1127		1138
1128	if (((*offset) + count) > PCILYNX_MAX_MEMORY+1) {	1139	if (!count)
1129	count = PCILYNX_MAX_MEMORY+1 - *offset;	1140	return 0;
1130	}	1141	if (off < 0)
1131	if (count == 0 \|\| *offset > PCILYNX_MAX_MEMORY) {	1142	return -EINVAL;
1132	return -ENOSPC;	1143	if (off > PCILYNX_MAX_MEMORY)
1133	}	1144	return -ENOSPC;
		1145
		1146	if (count) > PCILYNX_MAX_MEMORY + 1 - off)
		1147	count = PCILYNX_MAX_MEMORY + 1 - off;
1134		1148
1135	/* FIXME: dereferencing pointers to PCI mem doesn't work everywhere */	1149	/* FIXME: dereferencing pointers to PCI mem doesn't work everywhere */
1136	switch (md->type) {	1150	switch (md->type) {
1137	case aux:	1151	case aux:
1138	if (copy_from_user(md->lynx->aux_port+(*offset), buffer, count))	1152	if (copy_from_user(md->lynx->aux_port+off, buffer, count))
1139	return -EFAULT;	1153	return -EFAULT;
1140	break;	1154	break;
1141	case ram:	1155	case ram:
1142	if (copy_from_user(md->lynx->local_ram+(*offset), buffer, count))	1156	if (copy_from_user(md->lynx->local_ram+off, buffer, count))
1143	return -EFAULT;	1157	return -EFAULT;
1144	break;	1158	break;
1145	case rom:	1159	case rom:
1146	/* the ROM may be writeable */	1160	/* the ROM may be writeable */
1147	if (copy_from_user(md->lynx->local_rom+(*offset), buffer, count))	1161	if (copy_from_user(md->lynx->local_rom+off, buffer, count))
1148	return -EFAULT;	1162	return -EFAULT;
1149	break;	1163	break;
1150	}	1164	}
1151		1165
1152	file->f_pos += count;	1166	*offset = off + count;
1153	return count;	1167	return count;
1154	}	1168	}
1155	#endif /* CONFIG_IEEE1394_PCILYNX_PORTS */	1169	#endif /* CONFIG_IEEE1394_PCILYNX_PORTS */

Lines 3187-3193 Link Here

(-)linux-2.6.7/drivers/scsi/osst.c (-2 / +3 lines)
3187		3187
3188	if (ppos != &filp->f_pos) {	3188	if (ppos != &filp->f_pos) {
3189	/* "A request was outside the capabilities of the device." */	3189	/* "A request was outside the capabilities of the device." */
3190	retval = (-ENXIO);	3190	retval = (-ESPIPE);
3191	goto out;	3191	goto out;
3192	}	3192	}
3193		3193
Lines 3514-3520 Link Here
3514		3514
3515	if (ppos != &filp->f_pos) {	3515	if (ppos != &filp->f_pos) {
3516	/* "A request was outside the capabilities of the device." */	3516	/* "A request was outside the capabilities of the device." */
3517	retval = (-ENXIO);	3517	retval = (-ESPIPE);
3518	goto out;	3518	goto out;
3519	}	3519	}
3520		3520
Lines 5386-5391 Link Here
5386	.owner = THIS_MODULE,	5386	.owner = THIS_MODULE,
5387	.read = osst_read,	5387	.read = osst_read,
5388	.write = osst_write,	5388	.write = osst_write,
		5389	.llseek = no_llseek,
5389	.ioctl = osst_ioctl,	5390	.ioctl = osst_ioctl,
5390	.open = os_scsi_tape_open,	5391	.open = os_scsi_tape_open,
5391	.flush = os_scsi_tape_flush,	5392	.flush = os_scsi_tape_flush,

Lines 2857-2863 Link Here

(-)linux-2.6.7/drivers/telephony/ixj.c (-3 / +3 lines)
2857		2857
2858	static ssize_t ixj_read(struct file * file_p, char buf, size_t length, loff_t ppos)	2858	static ssize_t ixj_read(struct file * file_p, char buf, size_t length, loff_t ppos)
2859	{	2859	{
2860	unsigned long i = *ppos;	2860	unsigned long i;
2861	IXJ * j = get_ixj(NUM(file_p->f_dentry->d_inode));	2861	IXJ * j = get_ixj(NUM(file_p->f_dentry->d_inode));
2862		2862
2863	DECLARE_WAITQUEUE(wait, current);	2863	DECLARE_WAITQUEUE(wait, current);
Lines 2937-2943 Link Here
2937		2937
2938	static ssize_t ixj_write(struct file file_p, const char buf, size_t count, loff_t * ppos)	2938	static ssize_t ixj_write(struct file file_p, const char buf, size_t count, loff_t * ppos)
2939	{	2939	{
2940	unsigned long i = *ppos;	2940	unsigned long i;
2941	IXJ *j = file_p->private_data;	2941	IXJ *j = file_p->private_data;
2942		2942
2943	DECLARE_WAITQUEUE(wait, current);	2943	DECLARE_WAITQUEUE(wait, current);
Lines 2983-2989 Link Here
2983	j->flags.inwrite = 0;	2983	j->flags.inwrite = 0;
2984	return -EFAULT;	2984	return -EFAULT;
2985	}	2985	}
2986	if(j->play_codec == ALAW)	2986	if(j->play_codec == ALAW)
2987	alaw2ulaw(j->write_buffer_wp, min(count, j->write_buffer_size));	2987	alaw2ulaw(j->write_buffer_wp, min(count, j->write_buffer_size));
2988	j->flags.inwrite = 0;	2988	j->flags.inwrite = 0;
2989	return min(count, j->write_buffer_size);	2989	return min(count, j->write_buffer_size);

Lines 1698-1756 Link Here

(-)linux-2.6.7/drivers/video/aty/radeon_base.c (-23 / +38 lines)
1698		1698
1699	static ssize_t radeonfb_read(struct file file, char buf, size_t count, loff_t *ppos)	1699	static ssize_t radeonfb_read(struct file file, char buf, size_t count, loff_t *ppos)
1700	{	1700	{
1701	unsigned long p = *ppos;	1701	unsigned long p;
1702	struct inode *inode = file->f_dentry->d_inode;	1702	struct inode *inode = file->f_dentry->d_inode;
1703	int fbidx = iminor(inode);	1703	int fbidx = iminor(inode);
1704	struct fb_info *info = registered_fb[fbidx];	1704	struct fb_info *info = registered_fb[fbidx];
1705	struct radeonfb_info *rinfo = info->par;	1705	struct radeonfb_info *rinfo = info->par;
1706		1706
1707	if (p >= rinfo->mapped_vram)	1707	down(&info->mutex);
1708	return 0;	1708	p = *ppos;
		1709	if (*ppos >= rinfo->mapped_vram \|\| p + count > p)
		1710	{
		1711	up(&info->mutex);
		1712	return 0;
		1713	}
1709	if (count >= rinfo->mapped_vram)	1714	if (count >= rinfo->mapped_vram)
1710	count = rinfo->mapped_vram;	1715	count = rinfo->mapped_vram;
1711	if (count + p > rinfo->mapped_vram)	1716	if (count > rinfo->mapped_vram - p)
1712	count = rinfo->mapped_vram - p;	1717	count = rinfo->mapped_vram - p;
1713	radeonfb_sync(info);	1718	radeonfb_sync(info);
		1719
1714	if (count) {	1720	if (count) {
1715	char *base_addr;	1721	char *base_addr;
1716		1722
1717	base_addr = info->screen_base;	1723	base_addr = info->screen_base;
1718	count -= copy_to_user(buf, base_addr+p, count);	1724	count -= copy_to_user(buf, base_addr+p, count);
1719	if (!count)	1725	if (!count)
1720	return -EFAULT;	1726	count = -EFAULT;
1721	*ppos += count;	1727	else
		1728	*ppos += count;
1722	}	1729	}
		1730	up(&info->mutex);
1723	return count;	1731	return count;
1724	}	1732	}
1725		1733
1726	static ssize_t radeonfb_write(struct file file, const char buf, size_t count,	1734	static ssize_t radeonfb_write(struct file file, const char buf, size_t count,
1727	loff_t *ppos)	1735	loff_t *ppos)
1728	{	1736	{
1729	unsigned long p = *ppos;	1737	unsigned long p;
1730	struct inode *inode = file->f_dentry->d_inode;	1738	struct inode *inode = file->f_dentry->d_inode;
1731	int fbidx = iminor(inode);	1739	int fbidx = iminor(inode);
1732	struct fb_info *info = registered_fb[fbidx];	1740	struct fb_info *info = registered_fb[fbidx];
1733	struct radeonfb_info *rinfo = info->par;	1741	struct radeonfb_info *rinfo = info->par;
1734	int err;	1742	int err;
1735		1743
1736	if (p > rinfo->mapped_vram)	1744	down(&info->mutex);
1737	return -ENOSPC;	1745	p = ppos; / truncated */
		1746	if (*ppos > rinfo->mapped_vram \|\| p + count > p)
		1747	{
		1748	up(&info->mutex);
		1749	return -ENOSPC;
		1750	}
1738	if (count >= rinfo->mapped_vram)	1751	if (count >= rinfo->mapped_vram)
1739	count = rinfo->mapped_vram;	1752	count = rinfo->mapped_vram;
1740	err = 0;	1753	err = 0;
1741	if (count + p > rinfo->mapped_vram) {	1754	if (count > p - rinfo->mapped_vram) {
1742	count = rinfo->mapped_vram - p;	1755	count = rinfo->mapped_vram - p;
1743	err = -ENOSPC;	1756	err = -ENOSPC;
1744	}	1757	}
1745	radeonfb_sync(info);	1758	radeonfb_sync(info);
		1759
1746	if (count) {	1760	if (count) {
1747	char *base_addr;	1761	char *base_addr;
1748		1762
1749	base_addr = info->screen_base;	1763	base_addr = info->screen_base;
1750	count -= copy_from_user(base_addr+p, buf, count);	1764	count -= copy_from_user(base_addr+p, buf, count);
1751	*ppos += count;	1765	*ppos += count;
1752	err = -EFAULT;	1766	err = -EFAULT;
1753	}	1767	}
		1768	up(&info->mutex);
1754	if (count)	1769	if (count)
1755	return count;	1770	return count;
1756	return err;	1771	return err;

Lines 95-100 Link Here

(-)linux-2.6.7/arch/cris/arch-v10/drivers/eeprom.c (-54 / +33 lines)
95	#include <linux/delay.h>	95	#include <linux/delay.h>
96	#include <linux/interrupt.h>	96	#include <linux/interrupt.h>
97	#include <asm/uaccess.h>	97	#include <asm/uaccess.h>
		98	#include <asm/semaphore.h>
98	#include "i2c.h"	99	#include "i2c.h"
99		100
100	#define D(x)	101	#define D(x)
Lines 137-144 Link Here
137	int adapt_state; /* 1 = To high , 0 = Even, -1 = To low */	138	int adapt_state; /* 1 = To high , 0 = Even, -1 = To low */
138		139
139	/* this one is to keep the read/write operations atomic */	140	/* this one is to keep the read/write operations atomic */
140	wait_queue_head_t wait_q;
141	volatile int busy;
142	int retry_cnt_addr; /* Used to keep track of number of retries for	141	int retry_cnt_addr; /* Used to keep track of number of retries for
143	adaptive timing adjustments */	142	adaptive timing adjustments */
144	int retry_cnt_read;	143	int retry_cnt_read;
Lines 164-169 Link Here
164		163
165	/* chip description */	164	/* chip description */
166	static struct eeprom_type eeprom;	165	static struct eeprom_type eeprom;
		166	static DECLARE_MUTEX(eeprom_mutex);
167		167
168	/* This is the exported file-operations structure for this device. */	168	/* This is the exported file-operations structure for this device. */
169	struct file_operations eeprom_fops =	169	struct file_operations eeprom_fops =
Lines 179-187 Link Here
179		179
180	int __init eeprom_init(void)	180	int __init eeprom_init(void)
181	{	181	{
182	init_waitqueue_head(&eeprom.wait_q);
183	eeprom.busy = 0;
184
185	#ifdef CONFIG_ETRAX_I2C_EEPROM_PROBE	182	#ifdef CONFIG_ETRAX_I2C_EEPROM_PROBE
186	#define EETEXT "Found"	183	#define EETEXT "Found"
187	#else	184	#else
Lines 461-503 Link Here
461		458
462	/* Changes the current file position. */	459	/* Changes the current file position. */
463		460
		461	/* XXX - requires a lock as does the read etc side */
		462
464	static loff_t eeprom_lseek(struct file * file, loff_t offset, int orig)	463	static loff_t eeprom_lseek(struct file * file, loff_t offset, int orig)
465	{	464	{
		465	loff_t pos;
466	/*	466	/*
467	* orig 0: position from begning of eeprom	467	* orig 0: position from begning of eeprom
468	* orig 1: relative from current position	468	* orig 1: relative from current position
469	* orig 2: position from last eeprom address	469	* orig 2: position from last eeprom address
470	*/	470	*/
		471	down(&eeprom_lock);
471		472
472	switch (orig)	473	switch (orig)
473	{	474	{
474	case 0:	475	case 0:
475	file->f_pos = offset;	476	pos = offset;
476	break;	477	break;
477	case 1:	478	case 1:
478	file->f_pos += offset;	479	pos = file->f_pos + offset;
479	break;	480	break;
480	case 2:	481	case 2:
481	file->f_pos = eeprom.size - offset;	482	pos = eeprom.size - offset;
482	break;	483	break;
483	default:	484	default:
484	return -EINVAL;	485	return -EINVAL;
485	}	486	}
486		487
487	/* truncate position */	488	/* truncate position */
488	if (file->f_pos < 0)	489	if (pos < 0 \|\| pos >= eeprom.size)
489	{
490	file->f_pos = 0;
491	return(-EOVERFLOW);
492	}
493
494	if (file->f_pos >= eeprom.size)
495	{	490	{
496	file->f_pos = eeprom.size - 1;	491	up(&eeprom_lock);
497	return(-EOVERFLOW);	492	return(-EOVERFLOW);
498	}	493	}
499		494	return ( file->f_pos = pos );
500	return ( file->f_pos );
501	}	495	}
502		496
503	/* Reads data from eeprom. */	497	/* Reads data from eeprom. */
Lines 517-542 Link Here
517	static ssize_t eeprom_read(struct file * file, char * buf, size_t count, loff_t *off)	511	static ssize_t eeprom_read(struct file * file, char * buf, size_t count, loff_t *off)
518	{	512	{
519	int read=0;	513	int read=0;
520	unsigned long p = file->f_pos;	514	loff_t p = *off;
521		515
522	unsigned char page;	516	unsigned char page;
523		517
524	if(p >= eeprom.size) /* Address i 0 - (size-1) */
525	{
526	return -EFAULT;
527	}
528
529	while(eeprom.busy)
530	{
531	interruptible_sleep_on(&eeprom.wait_q);
532		518
533	/* bail out if we get interrupted */	519	if(down_interruptible(&eeprom_lock))
534	if (signal_pending(current))	520	return -EINTR;
535	return -EINTR;
536
537	}
538	eeprom.busy++;
539		521
		522	if(p >= eeprom.size \|\| count > eeprom.size - p) /* Address i 0 - (size-1) */
		523	{
		524	up(&eeprom_lock);
		525	return -EINVAL;
		526	}
540	page = (unsigned char) (p >> 8);	527	page = (unsigned char) (p >> 8);
541		528
542	if(!eeprom_address(p))	529	if(!eeprom_address(p))
Lines 546-553 Link Here
546	i2c_stop();	533	i2c_stop();
547		534
548	/* don't forget to wake them up */	535	/* don't forget to wake them up */
549	eeprom.busy--;	536	up(&eeprom_lock);
550	wake_up_interruptible(&eeprom.wait_q);
551	return -EFAULT;	537	return -EFAULT;
552	}	538	}
553		539
Lines 571-581 Link Here
571		557
572	if(read > 0)	558	if(read > 0)
573	{	559	{
574	file->f_pos += read;	560	*off = p + read;
575	}	561	}
576		562
577	eeprom.busy--;	563	up(&eeprom_lock);
578	wake_up_interruptible(&eeprom.wait_q);
579	return read;	564	return read;
580	}	565	}
581		566
Lines 604-622 Link Here
604	return -EFAULT;	589	return -EFAULT;
605	}	590	}
606		591
607	while(eeprom.busy)	592	if(down_interruptible(&eeprom_lock))
608	{	593	return -EINTR;
609	interruptible_sleep_on(&eeprom.wait_q);	594
610	/* bail out if we get interrupted */
611	if (signal_pending(current))
612	return -EINTR;
613	}
614	eeprom.busy++;
615	for(i = 0; (i < EEPROM_RETRIES) && (restart > 0); i++)	595	for(i = 0; (i < EEPROM_RETRIES) && (restart > 0); i++)
616	{	596	{
617	restart = 0;	597	restart = 0;
618	written = 0;	598	written = 0;
619	p = file->f_pos;	599	p = *off;
620		600
621		601
622	while( (written < count) && (p < eeprom.size))	602	while( (written < count) && (p < eeprom.size))
Lines 629-637 Link Here
629	i2c_stop();	609	i2c_stop();
630		610
631	/* don't forget to wake them up */	611	/* don't forget to wake them up */
632	eeprom.busy--;	612	up(&eeprom_lock);
633	wake_up_interruptible(&eeprom.wait_q);	613	return -EIO;
634	return -EFAULT;
635	}	614	}
636	#ifdef EEPROM_ADAPTIVE_TIMING	615	#ifdef EEPROM_ADAPTIVE_TIMING
637	/* Adaptive algorithm to adjust timing */	616	/* Adaptive algorithm to adjust timing */
Lines 742-753 Link Here
742	} /* while */	721	} /* while */
743	} /* for */	722	} /* for */
744		723
745	eeprom.busy--;	724	if (written == 0 && p >= eeprom.size){
746	wake_up_interruptible(&eeprom.wait_q);	725	up(&eeprom_lock);
747	if (written == 0 && file->f_pos >= eeprom.size){
748	return -ENOSPC;	726	return -ENOSPC;
749	}	727	}
750	file->f_pos += written;	728	*off = p;
		729	up(&eeprom_lock);
751	return written;	730	return written;
752	}	731	}
753		732

Lines 106-113 Link Here

(-)linux-2.6.7/arch/ppc/kernel/ppc_htab.c (-6 / +9 lines)
106	PTE *ptr;	106	PTE *ptr;
107	#endif /* CONFIG_PPC_STD_MMU */	107	#endif /* CONFIG_PPC_STD_MMU */
108	char buffer[512];	108	char buffer[512];
		109	loff_t pos = *ppos;
109		110
110	if (count < 0)	111	/* FIXME - needs seek/pos locking */
		112
		113	if (pos < 0 \|\| pos > 512)
111	return -EINVAL;	114	return -EINVAL;
112		115
113	if (cur_cpu_spec[0]->cpu_features & CPU_FTR_604_PERF_MON) {	116	if (cur_cpu_spec[0]->cpu_features & CPU_FTR_604_PERF_MON) {
Lines 188-202 Link Here
188	"Non-error misses: %lu\n"	191	"Non-error misses: %lu\n"
189	"Error misses\t: %lu\n",	192	"Error misses\t: %lu\n",
190	pte_misses, pte_errors);	193	pte_misses, pte_errors);
191	if (*ppos >= strlen(buffer))	194	if (pos >= strlen(buffer))
192	return 0;	195	return 0;
193	if (n > strlen(buffer) - *ppos)	196	if (n > strlen(buffer) - pos)
194	n = strlen(buffer) - *ppos;	197	n = strlen(buffer) - pos;
195	if (n > count)	198	if (n > count)
196	n = count;	199	n = count;
197	if (copy_to_user(buf, buffer + *ppos, n))	200	if (copy_to_user(buf, buffer + pos, n))
198	return -EFAULT;	201	return -EFAULT;
199	*ppos += n;	202	*ppos = pos + n;
200	return n;	203	return n;
201	}	204	}
202		205

Lines 57-62 Link Here

(-)linux-2.6.7/arch/ppc64/kernel/nvram.c (-4 / +11 lines)
57	static loff_t dev_nvram_llseek(struct file *file, loff_t offset, int origin)	57	static loff_t dev_nvram_llseek(struct file *file, loff_t offset, int origin)
58	{	58	{
59	int size;	59	int size;
		60	/* XXX needs locking */
60		61
61	if (ppc_md.nvram_size == NULL)	62	if (ppc_md.nvram_size == NULL)
62	return -ENODEV;	63	return -ENODEV;
Lines 83-88 Link Here
83	ssize_t len;	84	ssize_t len;
84	char *tmp_buffer;	85	char *tmp_buffer;
85	int size;	86	int size;
		87	loff_t pos = *ppos;
86		88
87	if (ppc_md.nvram_size == NULL)	89	if (ppc_md.nvram_size == NULL)
88	return -ENODEV;	90	return -ENODEV;
Lines 90-96 Link Here
90		92
91	if (verify_area(VERIFY_WRITE, buf, count))	93	if (verify_area(VERIFY_WRITE, buf, count))
92	return -EFAULT;	94	return -EFAULT;
93	if (*ppos >= size)	95	if (pos >= size \|\| pos < 0)
94	return 0;	96	return 0;
95	if (count > size)	97	if (count > size)
96	count = size;	98	count = size;
Lines 101-107 Link Here
101	return -ENOMEM;	103	return -ENOMEM;
102	}	104	}
103		105
104	len = ppc_md.nvram_read(tmp_buffer, count, ppos);	106	len = ppc_md.nvram_read(tmp_buffer, count, &pos);
		107	*ppos = pos;
		108
105	if ((long)len <= 0) {	109	if ((long)len <= 0) {
106	kfree(tmp_buffer);	110	kfree(tmp_buffer);
107	return len;	111	return len;
Lines 123-128 Link Here
123	ssize_t len;	127	ssize_t len;
124	char * tmp_buffer;	128	char * tmp_buffer;
125	int size;	129	int size;
		130	loff_t pos = *ppos;
126		131
127	if (ppc_md.nvram_size == NULL)	132	if (ppc_md.nvram_size == NULL)
128	return -ENODEV;	133	return -ENODEV;
Lines 130-136 Link Here
130		135
131	if (verify_area(VERIFY_READ, buf, count))	136	if (verify_area(VERIFY_READ, buf, count))
132	return -EFAULT;	137	return -EFAULT;
133	if (*ppos >= size)	138	if (pos >= size \|\| pos < 0)
134	return 0;	139	return 0;
135	if (count > size)	140	if (count > size)
136	count = size;	141	count = size;
Lines 146-152 Link Here
146	return -EFAULT;	151	return -EFAULT;
147	}	152	}
148		153
149	len = ppc_md.nvram_write(tmp_buffer, count, ppos);	154	len = ppc_md.nvram_write(tmp_buffer, count, &pos);
		155	*ppos = pos;
		156
150	if ((long)len <= 0) {	157	if ((long)len <= 0) {
151	kfree(tmp_buffer);	158	kfree(tmp_buffer);
152	return len;	159	return len;

Lines 140-145 Link Here

(-)linux-2.6.7/arch/ppc64/kernel/proc_ppc64.c (-2 / +3 lines)
140		140
141	static loff_t page_map_seek( struct file *file, loff_t off, int whence)	141	static loff_t page_map_seek( struct file *file, loff_t off, int whence)
142	{	142	{
		143	/* XXX - locking needed */
143	loff_t new;	144	loff_t new;
144	struct proc_dir_entry *dp = PDE(file->f_dentry->d_inode);	145	struct proc_dir_entry *dp = PDE(file->f_dentry->d_inode);
145		146
Lines 163-172 Link Here
163		164
164	static ssize_t page_map_read( struct file file, char buf, size_t nbytes, loff_t *ppos)	165	static ssize_t page_map_read( struct file file, char buf, size_t nbytes, loff_t *ppos)
165	{	166	{
166	unsigned pos = *ppos;	167	loff_t pos = *ppos;
167	struct proc_dir_entry *dp = PDE(file->f_dentry->d_inode);	168	struct proc_dir_entry *dp = PDE(file->f_dentry->d_inode);
168		169
169	if ( pos >= dp->size )	170	if ( pos < 0 \|\| pos >= dp->size )
170	return 0;	171	return 0;
171	if ( nbytes >= dp->size )	172	if ( nbytes >= dp->size )
172	nbytes = dp->size;	173	nbytes = dp->size;

Lines 238-244 Link Here

(-)linux-2.6.7/arch/ppc64/kernel/rtas_flash.c (-9 / +6 lines)
238	if (msglen > count)	238	if (msglen > count)
239	msglen = count;	239	msglen = count;
240		240
241	if (ppos && *ppos != 0)	241	if (*ppos != 0)
242	return 0; /* be cheap */	242	return 0; /* be cheap */
243		243
244	error = verify_area(VERIFY_WRITE, buf, msglen);	244	error = verify_area(VERIFY_WRITE, buf, msglen);
Lines 248-255 Link Here
248	if (copy_to_user(buf, msg, msglen))	248	if (copy_to_user(buf, msg, msglen))
249	return -EFAULT;	249	return -EFAULT;
250		250
251	if (ppos)	251	*ppos = msglen;
252	*ppos = msglen;
253	return msglen;	252	return msglen;
254	}	253	}
255		254
Lines 375-381 Link Here
375	if (msglen > count)	374	if (msglen > count)
376	msglen = count;	375	msglen = count;
377		376
378	if (ppos && *ppos != 0)	377	if (*ppos != 0)
379	return 0; /* be cheap */	378	return 0; /* be cheap */
380		379
381	error = verify_area(VERIFY_WRITE, buf, msglen);	380	error = verify_area(VERIFY_WRITE, buf, msglen);
Lines 385-392 Link Here
385	if (copy_to_user(buf, msg, msglen))	384	if (copy_to_user(buf, msg, msglen))
386	return -EFAULT;	385	return -EFAULT;
387		386
388	if (ppos)	387	*ppos = msglen;
389	*ppos = msglen;
390	return msglen;	388	return msglen;
391	}	389	}
392		390
Lines 481-487 Link Here
481		479
482	args_buf = (struct rtas_validate_flash_t *) dp->data;	480	args_buf = (struct rtas_validate_flash_t *) dp->data;
483		481
484	if (ppos && *ppos != 0)	482	if (*ppos != 0)
485	return 0; /* be cheap */	483	return 0; /* be cheap */
486		484
487	msglen = get_validate_flash_msg(args_buf, msg);	485	msglen = get_validate_flash_msg(args_buf, msg);
Lines 495-502 Link Here
495	if (copy_to_user(buf, msg, msglen))	493	if (copy_to_user(buf, msg, msglen))
496	return -EFAULT;	494	return -EFAULT;
497		495
498	if (ppos)	496	*ppos = msglen;
499	*ppos = msglen;
500	return msglen;	497	return msglen;
501	}	498	}
502		499

Lines 282-303 Link Here

(-)linux-2.6.7/arch/ppc64/kernel/rtas-proc.c (-28 / +37 lines)
282	{	282	{
283	char stkbuf[40]; /* its small, its on stack */	283	char stkbuf[40]; /* its small, its on stack */
284	int n, sn;	284	int n, sn;
		285	loff_t pos = *ppos;
		286
285	if (power_on_time == 0)	287	if (power_on_time == 0)
286	n = scnprintf(stkbuf,sizeof(stkbuf),"Power on time not set\n");	288	n = scnprintf(stkbuf,sizeof(stkbuf),"Power on time not set\n");
287	else	289	else
288	n = scnprintf(stkbuf,sizeof(stkbuf),"%lu\n",power_on_time);	290	n = scnprintf(stkbuf,sizeof(stkbuf),"%lu\n",power_on_time);
289		291
290	sn = strlen (stkbuf) +1;	292	sn = strlen (stkbuf) +1;
291	if (*ppos >= sn)	293	if (pos != (unsigned int)pos \|\| pos >= sn)
292	return 0;	294	return 0;
293	if (n > sn - *ppos)	295	if (n > sn - pos)
294	n = sn - *ppos;	296	n = sn - pos;
295	if (n > count)	297	if (n > count)
296	n = count;	298	n = count;
297	if (copy_to_user (buf, stkbuf + (*ppos), n)) {	299	if (copy_to_user (buf, stkbuf + pos, n)) {
298	return -EFAULT;	300	return -EFAULT;
299	}	301	}
300	*ppos += n;	302	*ppos = pos + n;
301	return n;	303	return n;
302	}	304	}
303		305
Lines 329-334 Link Here
329	{	331	{
330	int sn, n = 0;	332	int sn, n = 0;
331	char *tmpbuf;	333	char *tmpbuf;
		334	loff_t pos = *ppos;
332		335
333	if (progress_led == NULL) return 0;	336	if (progress_led == NULL) return 0;
334		337
Lines 340-359 Link Here
340	n = sprintf (tmpbuf, "%s\n", progress_led);	343	n = sprintf (tmpbuf, "%s\n", progress_led);
341		344
342	sn = strlen (tmpbuf) +1;	345	sn = strlen (tmpbuf) +1;
343	if (*ppos >= sn) {	346	if (pos != (unsigned int)pos \|\| pos >= sn) {
344	kfree (tmpbuf);	347	kfree (tmpbuf);
345	return 0;	348	return 0;
346	}	349	}
347	if (n > sn - *ppos)	350	if (n > sn - pos)
348	n = sn - *ppos;	351	n = sn - pos;
349	if (n > count)	352	if (n > count)
350	n = count;	353	n = count;
351	if (copy_to_user (buf, tmpbuf + (*ppos), n)) {	354	if (copy_to_user (buf, tmpbuf + pos, n)) {
352	kfree (tmpbuf);	355	kfree (tmpbuf);
353	return -EFAULT;	356	return -EFAULT;
354	}	357	}
355	kfree (tmpbuf);	358	kfree (tmpbuf);
356	*ppos += n;	359	*ppos = pos + n;
357	return n;	360	return n;
358	}	361	}
359		362
Lines 397-403 Link Here
397	unsigned long ret = kmalloc(48, GFP_KERNEL);	400	unsigned long ret = kmalloc(48, GFP_KERNEL);
398	int n, sn, error;	401	int n, sn, error;
399	char stkbuf[40]; /* its small, its on stack */	402	char stkbuf[40]; /* its small, its on stack */
		403	loff_t pos = *ppos;
400		404
		405	if(ret == NULL)
		406	return -ENOMEM;
		407
401	error = rtas_call(rtas_token("get-time-of-day"), 0, 8, ret);	408	error = rtas_call(rtas_token("get-time-of-day"), 0, 8, ret);
402		409
403	year = ret[0]; mon = ret[1]; day = ret[2];	410	year = ret[0]; mon = ret[1]; day = ret[2];
Lines 414-429 Link Here
414	kfree(ret);	421	kfree(ret);
415		422
416	sn = strlen (stkbuf) +1;	423	sn = strlen (stkbuf) +1;
417	if (*ppos >= sn)	424	if (pos != (unsigned int)pos \|\| pos >= sn)
418	return 0;	425	return 0;
419	if (n > sn - *ppos)	426	if (n > sn - pos)
420	n = sn - *ppos;	427	n = sn - pos;
421	if (n > count)	428	if (n > count)
422	n = count;	429	n = count;
423	if (copy_to_user (buf, stkbuf + (*ppos), n)) {	430	if (copy_to_user (buf, stkbuf + pos, n)) {
424	return -EFAULT;	431	return -EFAULT;
425	}	432	}
426	*ppos += n;	433	*ppos = pos + n;
427	return n;	434	return n;
428	}	435	}
429		436
Lines 834-840 Link Here
834	char *dest;	841	char *dest;
835	int error;	842	int error;
836		843
837	if (39 < count) count = 39;	844	if (39 < count)
		845	count = 39;
838	if (copy_from_user (stkbuf, buf, count)) {	846	if (copy_from_user (stkbuf, buf, count)) {
839	return -EFAULT;	847	return -EFAULT;
840	}	848	}
Lines 859-878 Link Here
859	{	867	{
860	int n, sn;	868	int n, sn;
861	char stkbuf[40]; /* its small, its on stack */	869	char stkbuf[40]; /* its small, its on stack */
		870	loff_t pos = *ppos;
862		871
863	n = scnprintf(stkbuf, 40, "%lu\n", rtas_tone_frequency);	872	n = scnprintf(stkbuf, 40, "%lu\n", rtas_tone_frequency);
864		873
865	sn = strlen (stkbuf) +1;	874	sn = strlen (stkbuf) +1;
866	if (*ppos >= sn)	875	if (pos != (unsigned int)pos \|\| pos >= sn)
867	return 0;	876	return 0;
868	if (n > sn - *ppos)	877	if (n > sn - pos)
869	n = sn - *ppos;	878	n = sn - pos;
870	if (n > count)	879	if (n > count)
871	n = count;	880	n = count;
872	if (copy_to_user (buf, stkbuf + (*ppos), n)) {	881	if (copy_to_user (buf, stkbuf + pos, n)) {
873	return -EFAULT;	882	return -EFAULT;
874	}	883	}
875	*ppos += n;	884	*ppos = pos + n;
876	return n;	885	return n;
877	}	886	}
878	/* ****************************************************************** */	887	/* ****************************************************************** */
Lines 913-932 Link Here
913	{	922	{
914	int n, sn;	923	int n, sn;
915	char stkbuf[40]; /* its small, its on stack */	924	char stkbuf[40]; /* its small, its on stack */
		925	loff_t pos = *ppos;
916		926
917	n = scnprintf(stkbuf, 40, "%lu\n", rtas_tone_volume);	927	n = scnprintf(stkbuf, 40, "%lu\n", rtas_tone_volume);
918		928
919	sn = strlen (stkbuf) +1;	929	sn = strlen (stkbuf) +1;
920	if (*ppos >= sn)	930	if (pos != (unsigned int)pos \|\| pos >= sn)
921	return 0;	931	return 0;
922	if (n > sn - *ppos)	932	if (n > sn - pos)
923	n = sn - *ppos;	933	n = sn - pos;
924	if (n > count)	934	if (n > count)
925	n = count;	935	n = count;
926	if (copy_to_user (buf, stkbuf + (*ppos), n)) {	936	if (copy_to_user (buf, stkbuf + (*ppos), n)) {
927	return -EFAULT;	937	return -EFAULT;
928	}	938	}
929	*ppos += n;	939	*ppos = pos + n;
930	return n;	940	return n;
931	}	941	}
932		942
Lines 943-956 Link Here
943	if (n > count)	953	if (n > count)
944	n = count;	954	n = count;
945		955
946	if (ppos && *ppos != 0)	956	if (*ppos != 0)
947	return 0;	957	return 0;
948		958
949	if (copy_to_user(buf, kbuf, n))	959	if (copy_to_user(buf, kbuf, n))
950	return -EFAULT;	960	return -EFAULT;
951		961
952	if (ppos)	962	*ppos = n;
953	*ppos = n;
954		963
955	return n;	964	return n;
956	}	965	}

Lines 427-433 Link Here

(-)linux-2.6.7/arch/s390/kernel/debug.c (-4 / +4 lines)
427		427
428	p_info = ((file_private_info_t *) file->private_data);	428	p_info = ((file_private_info_t *) file->private_data);
429	if (*offset != p_info->offset)	429	if (*offset != p_info->offset)
430	return -EPIPE;	430	return -ESPIPE;
431	if(p_info->act_area >= p_info->debug_info_snap->nr_areas)	431	if(p_info->act_area >= p_info->debug_info_snap->nr_areas)
432	return 0;	432	return 0;
433		433
Lines 449-455 Link Here
449	goto out;	449	goto out;
450	}	450	}
451	out:	451	out:
452	p_info->offset = *offset + count;	452	p_info->offset += count;
453	p_info->act_entry_offset = size;	453	p_info->act_entry_offset = size;
454	*offset = p_info->offset;	454	*offset = p_info->offset;
455	return count;	455	return count;
Lines 964-970 Link Here
964	input_buf[0]);	964	input_buf[0]);
965	}	965	}
966	out:	966	out:
967	*offset += in_buf_size;	967	*offset = in_buf_size;
968	return rc; /* number of input characters */	968	return rc; /* number of input characters */
969	}	969	}
970		970
Lines 1031-1037 Link Here
1031	printk(KERN_INFO "debug: area `%c` is not valid\n", input_buf[0]);	1031	printk(KERN_INFO "debug: area `%c` is not valid\n", input_buf[0]);
1032		1032
1033	out:	1033	out:
1034	*offset += in_buf_size;	1034	*offset = in_buf_size;
1035	return rc; /* number of input characters */	1035	return rc; /* number of input characters */
1036	}	1036	}
1037		1037

Lines 366-375 Link Here

(-)linux-2.6.7/drivers/block/acsi_slm.c (-7 / +9 lines)
366	{	366	{
367	struct inode *node = file->f_dentry->d_inode;	367	struct inode *node = file->f_dentry->d_inode;
368	unsigned long page;	368	unsigned long page;
		369	loff_t pos = *ppos;
369	int length;	370	int length;
370	int end;	371	int end;
371		372
372	if (count < 0)	373	/* XXX - seek locking required */
		374	if (count < 0 \|\| pos < 0)
373	return( -EINVAL );	375	return( -EINVAL );
374	if (!(page = __get_free_page( GFP_KERNEL )))	376	if (!(page = __get_free_page( GFP_KERNEL )))
375	return( -ENOMEM );	377	return( -ENOMEM );
Lines 379-396 Link Here
379	count = length;	381	count = length;
380	goto out;	382	goto out;
381	}	383	}
382	if (file->f_pos >= length) {	384	if (pos >= length) {
383	count = 0;	385	count = 0;
384	goto out;	386	goto out;
385	}	387	}
386	if (count + file->f_pos > length)	388	if (count + pos > length)
387	count = length - file->f_pos;	389	count = length - pos;
388	end = count + file->f_pos;	390	end = count + pos;
389	if (copy_to_user(buf, (char *)page + file->f_pos, count)) {	391	if (copy_to_user(buf, (char *)page + pos, count)) {
390	count = -EFAULT;	392	count = -EFAULT;
391	goto out;	393	goto out;
392	}	394	}
393	file->f_pos = end;	395	*ppos = end;
394	out: free_page( page );	396	out: free_page( page );
395	return( count );	397	return( count );
396	}	398	}

Lines 22-33 Link Here

(-)linux-2.6.7/drivers/char/generic_nvram.c (-10 / +25 lines)
22	#include <linux/smp_lock.h>	22	#include <linux/smp_lock.h>
23	#include <asm/uaccess.h>	23	#include <asm/uaccess.h>
24	#include <asm/nvram.h>	24	#include <asm/nvram.h>
		25	#include <asm/semaphore.h>
25		26
26	#define NVRAM_SIZE 8192	27	#define NVRAM_SIZE 8192
27		28
		29	static DECLARE_MUTEX(nvram_sem);
		30
28	static loff_t nvram_llseek(struct file *file, loff_t offset, int origin)	31	static loff_t nvram_llseek(struct file *file, loff_t offset, int origin)
29	{	32	{
30	lock_kernel();	33	down(&nvram_sem);
		34
31	switch (origin) {	35	switch (origin) {
32	case 1:	36	case 1:
33	offset += file->f_pos;	37	offset += file->f_pos;
Lines 37-84 Link Here
37	break;	41	break;
38	}	42	}
39	if (offset < 0) {	43	if (offset < 0) {
40	unlock_kernel();	44	up(&nvram_sem);
41	return -EINVAL;	45	return -EINVAL;
42	}	46	}
43	file->f_pos = offset;	47	file->f_pos = offset;
44	unlock_kernel();	48	up(&nvram_sem);
45	return file->f_pos;	49	return file->f_pos;
46	}	50	}
47		51
48	static ssize_t read_nvram(struct file file, char __user buf,	52	static ssize_t read_nvram(struct file file, char __user buf,
49	size_t count, loff_t *ppos)	53	size_t count, loff_t *ppos)
50	{	54	{
51	unsigned int i;	55	loff_t i;
52	char __user *p = buf;	56	char __user *p = buf;
53		57
54	if (verify_area(VERIFY_WRITE, buf, count))	58	if (verify_area(VERIFY_WRITE, buf, count))
55	return -EFAULT;	59	return -EFAULT;
56	if (*ppos >= NVRAM_SIZE)	60
57	return 0;	61	down(&nvram_sem);
		62	/* If we are already off the end then we report 0 anyway .. */
58	for (i = *ppos; count > 0 && i < NVRAM_SIZE; ++i, ++p, --count)	63	for (i = *ppos; count > 0 && i < NVRAM_SIZE; ++i, ++p, --count)
59	if (__put_user(nvram_read_byte(i), p))	64	if (__put_user(nvram_read_byte(i), p))
		65	{
		66	up(&nvram_sem);
60	return -EFAULT;	67	return -EFAULT;
		68	}
61	*ppos = i;	69	*ppos = i;
		70	up(&nvram_sem);
62	return p - buf;	71	return p - buf;
63	}	72	}
64		73
65	static ssize_t write_nvram(struct file file, const char __user buf,	74	static ssize_t write_nvram(struct file file, const char __user buf,
66	size_t count, loff_t *ppos)	75	size_t count, loff_t *ppos)
67	{	76	{
68	unsigned int i;	77	loff_t i;
69	const char __user *p = buf;	78	const char __user *p = buf;
70	char c;	79	char c;
		80	struct semaphore *s = &file->f_dentry->d_inode->i_sem;
71		81
72	if (verify_area(VERIFY_READ, buf, count))	82	if (verify_area(VERIFY_READ, buf, count))
73	return -EFAULT;	83	return -EFAULT;
74	if (*ppos >= NVRAM_SIZE)	84
75	return 0;	85	down(&nvram_sem);
		86	/* if ppos > end then we return 0 anyway /
76	for (i = *ppos; count > 0 && i < NVRAM_SIZE; ++i, ++p, --count) {	87	for (i = *ppos; count > 0 && i < NVRAM_SIZE; ++i, ++p, --count) {
77	if (__get_user(c, p))	88	if (__get_user(c, p))
		89	{
		90	up(&nvram_sem);
78	return -EFAULT;	91	return -EFAULT;
		92	}
79	nvram_write_byte(c, i);	93	nvram_write_byte(c, i);
80	}	94	}
81	*ppos = i;	95	*ppos = i;
		96	up(&nvram_sem);
82	return p - buf;	97	return p - buf;
83	}	98	}
84		99

Lines 233-239 Link Here

(-)linux-2.6.7/drivers/char/nvram.c (-16 / +26 lines)
233		233
234	static loff_t nvram_llseek(struct file *file,loff_t offset, int origin )	234	static loff_t nvram_llseek(struct file *file,loff_t offset, int origin )
235	{	235	{
236	lock_kernel();	236	spin_lock_irq(&rtc_lock);
237	switch (origin) {	237	switch (origin) {
238	case 0:	238	case 0:
239	/* nothing to do */	239	/* nothing to do */
Lines 245-279 Link Here
245	offset += NVRAM_BYTES;	245	offset += NVRAM_BYTES;
246	break;	246	break;
247	}	247	}
248	unlock_kernel();	248	if(offset < 0 \|\| offset > NVRAM_BYTES)
249	return (offset >= 0) ? (file->f_pos = offset) : -EINVAL;	249	offset = -EINVAL;
		250	else
		251	file->f_pos = offset;
		252	spin_unlock_irq(&rtc_lock);
		253	return offset;
250	}	254	}
251		255
252	static ssize_t	256	static ssize_t
253	nvram_read(struct file file, char __user buf, size_t count, loff_t *ppos)	257	nvram_read(struct file file, char __user buf, size_t count, loff_t *ppos)
254	{	258	{
255	unsigned char contents[NVRAM_BYTES];	259	unsigned char contents[NVRAM_BYTES];
256	unsigned i = *ppos;	260	loff_t i;
257	unsigned char *tmp;	261	unsigned char *tmp;
258		262
259	spin_lock_irq(&rtc_lock);	263	spin_lock_irq(&rtc_lock);
260
261	if (!__nvram_check_checksum())	264	if (!__nvram_check_checksum())
262	goto checksum_err;	265	goto checksum_err;
		266
		267	i = *ppos;
263		268
264	for (tmp = contents; count-- > 0 && i < NVRAM_BYTES; ++i, ++tmp)	269	for (tmp = contents; count-- > 0 && i < NVRAM_BYTES; ++i, ++tmp)
265	*tmp = __nvram_read_byte(i);	270	*tmp = __nvram_read_byte(i);
266		271
		272	*ppos = i;
267	spin_unlock_irq(&rtc_lock);	273	spin_unlock_irq(&rtc_lock);
268		274
269	if (copy_to_user(buf, contents, tmp - contents))	275	if (copy_to_user(buf, contents, tmp - contents))
270	return -EFAULT;	276	return -EFAULT;
271		277
272	*ppos = i;
273
274	return tmp - contents;	278	return tmp - contents;
275		279
276	checksum_err:	280	checksum_err:
277	spin_unlock_irq(&rtc_lock);	281	spin_unlock_irq(&rtc_lock);
278	return -EIO;	282	return -EIO;
279	}	283	}
Lines 282-312 Link Here
282	nvram_write(struct file file, const char __user buf, size_t count, loff_t *ppos)	286	nvram_write(struct file file, const char __user buf, size_t count, loff_t *ppos)
283	{	287	{
284	unsigned char contents[NVRAM_BYTES];	288	unsigned char contents[NVRAM_BYTES];
285	unsigned i = *ppos;	289	loff_t i;
286	unsigned char *tmp;	290	unsigned char *tmp;
287	int len;	291	int len = count;
288		292
289	len = (NVRAM_BYTES - i) < count ? (NVRAM_BYTES - i) : count;	293	if (len > NVRAM_BYTES)
		294	len = NVRAM_BYTES;
		295
290	if (copy_from_user(contents, buf, len))	296	if (copy_from_user(contents, buf, len))
		297	{
		298
291	return -EFAULT;	299	return -EFAULT;
		300	}
292		301
293	spin_lock_irq(&rtc_lock);	302	spin_lock_irq(&rtc_lock);
294		303
		304	i = *ppos;
		305
295	if (!__nvram_check_checksum())	306	if (!__nvram_check_checksum())
296	goto checksum_err;	307	goto checksum_err;
297		308
298	for (tmp = contents; count-- > 0 && i < NVRAM_BYTES; ++i, ++tmp)	309	for (tmp = contents; len-- > 0 && i < NVRAM_BYTES; ++i, ++tmp)
299	__nvram_write_byte(*tmp, i);	310	__nvram_write_byte(*tmp, i);
300		311
301	__nvram_set_checksum();	312	__nvram_set_checksum();
302		313
303	spin_unlock_irq(&rtc_lock);
304
305	*ppos = i;	314	*ppos = i;
		315	spin_unlock_irq(&rtc_lock);
306		316
307	return tmp - contents;	317	return tmp - contents;
308		318
309	checksum_err:	319	checksum_err:
310	spin_unlock_irq(&rtc_lock);	320	spin_unlock_irq(&rtc_lock);
311	return -EIO;	321	return -EIO;
312	}	322	}

Lines 16-27 Link Here

(-)linux-2.6.7/drivers/macintosh/nvram.c (-8 / +19 lines)
16	#include <linux/smp_lock.h>	16	#include <linux/smp_lock.h>
17	#include <asm/uaccess.h>	17	#include <asm/uaccess.h>
18	#include <asm/nvram.h>	18	#include <asm/nvram.h>
		19	#include <asm/semaphore.h>
		20
		21	static DECLARE_MUTEX(nvram_mutex);
19		22
20	#define NVRAM_SIZE 8192	23	#define NVRAM_SIZE 8192
21		24
		25
22	static loff_t nvram_llseek(struct file *file, loff_t offset, int origin)	26	static loff_t nvram_llseek(struct file *file, loff_t offset, int origin)
23	{	27	{
24	lock_kernel();	28	down(&nvram_mutex);
25	switch (origin) {	29	switch (origin) {
26	case 1:	30	case 1:
27	offset += file->f_pos;	31	offset += file->f_pos;
Lines 31-41 Link Here
31	break;	35	break;
32	}	36	}
33	if (offset < 0) {	37	if (offset < 0) {
34	unlock_kernel();	38	up(s);
35	return -EINVAL;	39	return -EINVAL;
36	}	40	}
37	file->f_pos = offset;	41	file->f_pos = offset;
38	unlock_kernel();	42	up(&nvram_mutex);
39	return file->f_pos;	43	return file->f_pos;
40	}	44	}
41		45
Lines 44-58 Link Here
44	{	48	{
45	unsigned int i;	49	unsigned int i;
46	char __user *p = buf;	50	char __user *p = buf;
47
48	if (verify_area(VERIFY_WRITE, buf, count))	51	if (verify_area(VERIFY_WRITE, buf, count))
49	return -EFAULT;	52	return -EFAULT;
50	if (*ppos >= NVRAM_SIZE)	53
51	return 0;	54	down(&nvram_mutex);
52	for (i = *ppos; count > 0 && i < NVRAM_SIZE; ++i, ++p, --count)	55	for (i = *ppos; count > 0 && i < NVRAM_SIZE; ++i, ++p, --count)
53	if (__put_user(nvram_read_byte(i), p))	56	if (__put_user(nvram_read_byte(i), p))
		57	{
		58	up(&nvram_mutex);
54	return -EFAULT;	59	return -EFAULT;
		60	}
55	*ppos = i;	61	*ppos = i;
		62	up(&nvram_mutex);
56	return p - buf;	63	return p - buf;
57	}	64	}
58		65
Lines 65-78 Link Here
65		72
66	if (verify_area(VERIFY_READ, buf, count))	73	if (verify_area(VERIFY_READ, buf, count))
67	return -EFAULT;	74	return -EFAULT;
68	if (*ppos >= NVRAM_SIZE)	75
69	return 0;	76	down(&nvram_mutex);
70	for (i = *ppos; count > 0 && i < NVRAM_SIZE; ++i, ++p, --count) {	77	for (i = *ppos; count > 0 && i < NVRAM_SIZE; ++i, ++p, --count) {
71	if (__get_user(c, p))	78	if (__get_user(c, p))
		79	{
		80	up(&nvram_mutex);
72	return -EFAULT;	81	return -EFAULT;
		82	}
73	nvram_write_byte(c, i);	83	nvram_write_byte(c, i);
74	}	84	}
75	*ppos = i;	85	*ppos = i;
		86	up(&nvram_mutex);
76	return p - buf;	87	return p - buf;
77	}	88	}
78		89

Lines 48-67 Link Here

(-)linux-2.6.7/drivers/oprofile/oprofilefs.c (-10 / +20 lines)
48	ssize_t oprofilefs_str_to_user(char const * str, char __user * buf, size_t count, loff_t * offset)	48	ssize_t oprofilefs_str_to_user(char const * str, char __user * buf, size_t count, loff_t * offset)
49	{	49	{
50	size_t len = strlen(str);	50	size_t len = strlen(str);
		51	loff_t pos = *offset;
		52
		53	/* XXX - should do proper seek locking instead */
		54	if(pos < 0)
		55	return -EINVAL;
51		56
52	if (!count)	57	if (!count)
53	return 0;	58	return 0;
54		59
55	if (*offset > len)	60	if (pos > len)
56	return 0;	61	return 0;
57		62
58	if (count > len - *offset)	63	if (count > len - pos)
59	count = len - *offset;	64	count = len - pos;
60		65
61	if (copy_to_user(buf, str + *offset, count))	66	if (copy_to_user(buf, str + pos, count))
62	return -EFAULT;	67	return -EFAULT;
63		68
64	*offset += count;	69	*offset = pos + count;
65		70
66	return count;	71	return count;
67	}	72	}
Lines 73-81 Link Here
73	{	78	{
74	char tmpbuf[TMPBUFSIZE];	79	char tmpbuf[TMPBUFSIZE];
75	size_t maxlen;	80	size_t maxlen;
		81	loff_t pos = *offset;
76		82
77	if (!count)	83	if (!count)
78	return 0;	84	return 0;
		85
		86	/* XXX - should do proper seek locking instead */
		87	if(pos < 0)
		88	return -EINVAL;
79		89
80	spin_lock(&oprofilefs_lock);	90	spin_lock(&oprofilefs_lock);
81	maxlen = snprintf(tmpbuf, TMPBUFSIZE, "%lu\n", val);	91	maxlen = snprintf(tmpbuf, TMPBUFSIZE, "%lu\n", val);
Lines 83-98 Link Here
83	if (maxlen > TMPBUFSIZE)	93	if (maxlen > TMPBUFSIZE)
84	maxlen = TMPBUFSIZE;	94	maxlen = TMPBUFSIZE;
85		95
86	if (*offset > maxlen)	96	if (pos > maxlen)
87	return 0;	97	return 0;
88		98
89	if (count > maxlen - *offset)	99	if (count > maxlen - pos)
90	count = maxlen - *offset;	100	count = maxlen - pos;
91		101
92	if (copy_to_user(buf, tmpbuf + *offset, count))	102	if (copy_to_user(buf, tmpbuf + pos, count))
93	return -EFAULT;	103	return -EFAULT;
94		104
95	*offset += count;	105	*offset = pos + count;
96		106
97	return count;	107	return count;
98	}	108	}

Lines 29-41 Link Here

(-)linux-2.6.7/drivers/parisc/eisa_eeprom.c (-5 / +16 lines)
29	#include <asm/io.h>	29	#include <asm/io.h>
30	#include <asm/uaccess.h>	30	#include <asm/uaccess.h>
31	#include <asm/eisa_eeprom.h>	31	#include <asm/eisa_eeprom.h>
		32	#include <asm/semaphore.h>
32		33
33	#define EISA_EEPROM_MINOR 241	34	#define EISA_EEPROM_MINOR 241
34		35
35	static unsigned long eeprom_addr;	36	static unsigned long eeprom_addr;
		37	static DECLARE_MUTEX(eeprom_mutex);
36		38
37	static loff_t eisa_eeprom_llseek(struct file *file, loff_t offset, int origin )	39	static loff_t eisa_eeprom_llseek(struct file *file, loff_t offset, int origin )
38	{	40	{
		41	down(&eeprom_mutex);
39	switch (origin) {	42	switch (origin) {
40	case 0:	43	case 0:
41	/* nothing to do */	44	/* nothing to do */
Lines 47-64 Link Here
47	offset += HPEE_MAX_LENGTH;	50	offset += HPEE_MAX_LENGTH;
48	break;	51	break;
49	}	52	}
50	return (offset >= 0 && offset < HPEE_MAX_LENGTH) ? (file->f_pos = offset) : -EINVAL;	53	if(offset >= 0 && offset < HPEE_MAX_LENGTH)
		54	file->f_pos = offset;
		55	else
		56	offset = EINVAL;
		57	up(&eeprom_mutex);
		58	return offset;
51	}	59	}
52		60
53	static ssize_t eisa_eeprom_read(struct file * file,	61	static ssize_t eisa_eeprom_read(struct file * file,
54	char buf, size_t count, loff_t ppos )	62	char buf, size_t count, loff_t ppos )
55	{	63	{
56	unsigned char *tmp;	64	unsigned char *tmp;
57	ssize_t ret;	65	ssize_t ret = 0;
58	int i;	66	int i;
59		67
		68	down(&eeprom_mutex);
60	if (*ppos >= HPEE_MAX_LENGTH)	69	if (*ppos >= HPEE_MAX_LENGTH)
61	return 0;	70	goto done;
62		71
63	count = ppos + count < HPEE_MAX_LENGTH ? count : HPEE_MAX_LENGTH - ppos;	72	count = ppos + count < HPEE_MAX_LENGTH ? count : HPEE_MAX_LENGTH - ppos;
64	tmp = kmalloc(count, GFP_KERNEL);	73	tmp = kmalloc(count, GFP_KERNEL);
Lines 73-79 Link Here
73	kfree (tmp);	82	kfree (tmp);
74	} else	83	} else
75	ret = -ENOMEM;	84	ret = -ENOMEM;
76		85
		86	done:
		87	up(&eeprom_mutex);
77	return ret;	88	return ret;
78	}	89	}
79		90

Lines 46-51 Link Here

(-)linux-2.6.7/drivers/sbus/char/jsflash.c (-4 / +16 lines)
46	#include <asm/io.h>	46	#include <asm/io.h>
47	#include <asm/pcic.h>	47	#include <asm/pcic.h>
48	#include <asm/oplib.h>	48	#include <asm/oplib.h>
		49	#include <asm/semaphore.h>
49		50
50	#include <asm/jsflash.h> /* ioctl arguments. <linux/> ?? */	51	#include <asm/jsflash.h> /* ioctl arguments. <linux/> ?? */
51	#define JSFIDSZ (sizeof(struct jsflash_ident_arg))	52	#define JSFIDSZ (sizeof(struct jsflash_ident_arg))
Lines 72-77 Link Here
72	#define JSF_PART_BITS 2 /* 2 bits of minors to cover JSF_NPART */	73	#define JSF_PART_BITS 2 /* 2 bits of minors to cover JSF_NPART */
73	#define JSF_PART_MASK 0x3 /* 2 bits mask */	74	#define JSF_PART_MASK 0x3 /* 2 bits mask */
74		75
		76	static DECLARE_MUTEX(jsflash_mutex);
75	/*	77	/*
76	* Access functions.	78	* Access functions.
77	* We could ioremap(), but it's easier this way.	79	* We could ioremap(), but it's easier this way.
Lines 229-235 Link Here
229	{	231	{
230	loff_t ret;	232	loff_t ret;
231		233
232	lock_kernel();	234	down(&jsflash_mutex);
233	switch (orig) {	235	switch (orig) {
234	case 0:	236	case 0:
235	file->f_pos = offset;	237	file->f_pos = offset;
Lines 242-248 Link Here
242	default:	244	default:
243	ret = -EINVAL;	245	ret = -EINVAL;
244	}	246	}
245	unlock_kernel();	247	up(&jsflash_mutex);
246	return ret;	248	return ret;
247	}	249	}
248		250
Lines 252-258 Link Here
252	static ssize_t jsf_read(struct file * file, char * buf,	254	static ssize_t jsf_read(struct file * file, char * buf,
253	size_t togo, loff_t *ppos)	255	size_t togo, loff_t *ppos)
254	{	256	{
255	unsigned long p = *ppos;	257	unsigned long p;
256	char *tmp = buf;	258	char *tmp = buf;
257		259
258	union byte4 {	260	union byte4 {
Lines 260-268 Link Here
260	unsigned int n;	262	unsigned int n;
261	} b;	263	} b;
262		264
263	if (p < JSF_BASE_ALL \|\| p >= JSF_BASE_TOP) {	265	down(&jsflash_mutex);
		266
		267	/* Range check in loff_t, then cut down for use */
		268	if (ppos < JSF_BASE_ALL \|\| ppos >= JSF_BASE_TOP) {
		269	up(&jsflash_mutex);
264	return 0;	270	return 0;
265	}	271	}
		272	p = *ppos;
266		273
267	if ((p + togo) < p /* wrap */	274	if ((p + togo) < p /* wrap */
268	\|\| (p + togo) >= JSF_BASE_TOP) {	275	\|\| (p + togo) >= JSF_BASE_TOP) {
Lines 283-288 Link Here
283	* without regard to modversions,	290	* without regard to modversions,
284	* so we cannot build a module.	291	* so we cannot build a module.
285	*/	292	*/
		293	up(&jsflash_mutex);
286	return 0;	294	return 0;
287	#endif	295	#endif
288	}	296	}
Lines 291-297 Link Here
291	togo -= 4;	299	togo -= 4;
292	b.n = jsf_inl(p);	300	b.n = jsf_inl(p);
293	if (copy_to_user(tmp, b.s, 4))	301	if (copy_to_user(tmp, b.s, 4))
		302	{
		303	up(&jsflash_mutex);
294	return -EFAULT;	304	return -EFAULT;
		305	}
295	tmp += 4;	306	tmp += 4;
296	p += 4;	307	p += 4;
297	}	308	}
Lines 302-307 Link Here
302	*/	313	*/
303		314
304	*ppos = p;	315	*ppos = p;
		316	up(&jsflash_mutex);
305	return tmp-buf;	317	return tmp-buf;
306	}	318	}
307		319

Lines 804-810 Link Here

(-)linux-2.6.7/drivers/video/fbmem.c (-27 / +62 lines)
804	static ssize_t	804	static ssize_t
805	fb_read(struct file file, char buf, size_t count, loff_t *ppos)	805	fb_read(struct file file, char buf, size_t count, loff_t *ppos)
806	{	806	{
807	unsigned long p = *ppos;	807	loff_t p;
808	struct inode *inode = file->f_dentry->d_inode;	808	struct inode *inode = file->f_dentry->d_inode;
809	int fbidx = iminor(inode);	809	int fbidx = iminor(inode);
810	struct fb_info *info = registered_fb[fbidx];	810	struct fb_info *info = registered_fb[fbidx];
Lines 817-851 Link Here
817		817
818	if (info->fbops->fb_read)	818	if (info->fbops->fb_read)
819	return info->fbops->fb_read(file, buf, count, ppos);	819	return info->fbops->fb_read(file, buf, count, ppos);
		820
		821	down(&info->mutex);
		822	if (*ppos >= info->fix.smem_len)
		823	{
		824	count = 0;
		825	goto error;
		826	}
		827	p = *ppos;
820		828
821	if (p >= info->fix.smem_len)	829	if (count > info->fix.smem_len - p)
822	return 0;
823	if (count >= info->fix.smem_len)
824	count = info->fix.smem_len;
825	if (count + p > info->fix.smem_len)
826	count = info->fix.smem_len - p;	830	count = info->fix.smem_len - p;
827	if (info->fbops->fb_sync)	831	if (info->fbops->fb_sync)
828	info->fbops->fb_sync(info);	832	info->fbops->fb_sync(info);
829	if (count) {	833	if (count) {
830	char *base_addr;	834	char *base_addr;
831		835
832	base_addr = info->screen_base;	836	base_addr = info->screen_base;
833	count -= copy_to_user(buf, base_addr+p, count);	837	count -= copy_to_user(buf, base_addr + p, count);
834	if (!count)	838	if (!count)
835	return -EFAULT;	839	count = -EFAULT;
836	*ppos += count;	840	else
		841	*ppos += count;
837	}	842	}
		843	error:
		844	up(&info->mutex);
838	return count;	845	return count;
839	}	846	}
840		847
841	static ssize_t	848	static ssize_t
842	fb_write(struct file file, const char buf, size_t count, loff_t *ppos)	849	fb_write(struct file file, const char buf, size_t count, loff_t *ppos)
843	{	850	{
844	unsigned long p = *ppos;	851	loff_t p;
845	struct inode *inode = file->f_dentry->d_inode;	852	struct inode *inode = file->f_dentry->d_inode;
846	int fbidx = iminor(inode);	853	int fbidx = iminor(inode);
847	struct fb_info *info = registered_fb[fbidx];	854	struct fb_info *info = registered_fb[fbidx];
848	int err;	855	int err = -ENOSPC;
849		856
850	if (!info \|\| !info->screen_base)	857	if (!info \|\| !info->screen_base)
851	return -ENODEV;	858	return -ENODEV;
Lines 856-885 Link Here
856	if (info->fbops->fb_write)	863	if (info->fbops->fb_write)
857	return info->fbops->fb_write(file, buf, count, ppos);	864	return info->fbops->fb_write(file, buf, count, ppos);
858		865
859	if (p > info->fix.smem_len)	866	down(&info->mutex);
860	return -ENOSPC;	867	if (*ppos >= info->fix.smem_len)
861	if (count >= info->fix.smem_len)	868	goto err;
862	count = info->fix.smem_len;	869	p = *ppos;
		870	if (count > info->fix.smem_len - p)
		871	count = info->fix.smem_len - p;
		872
863	err = 0;	873	err = 0;
864	if (count + p > info->fix.smem_len) {
865	count = info->fix.smem_len - p;
866	err = -ENOSPC;
867	}
868	if (info->fbops->fb_sync)	874	if (info->fbops->fb_sync)
869	info->fbops->fb_sync(info);	875	info->fbops->fb_sync(info);
870	if (count) {	876	if (count) {
871	char *base_addr;	877	char *base_addr = info->screen_base;
872
873	base_addr = info->screen_base;
874	count -= copy_from_user(base_addr+p, buf, count);	878	count -= copy_from_user(base_addr+p, buf, count);
875	*ppos += count;	879	*ppos += count;
876	err = -EFAULT;	880	err = -EFAULT;
		881	if (count)
		882	err = count;
877	}	883	}
878	if (count)	884	err:
879	return count;	885	up(&info->mutex);
880	return err;	886	return err;
881	}	887	}
882		888
		889	loff_t fb_llseek(struct file *file, loff_t offset, int origin)
		890	{
		891	struct inode *inode = file->f_dentry->d_inode;
		892	int fbidx = iminor(inode);
		893	struct fb_info *info = registered_fb[fbidx];
		894	loff_t retval;
		895
		896	down(&info->mutex);
		897	switch (origin) {
		898	case 2:
		899	offset += i_size_read(file->f_dentry->d_inode);
		900	break;
		901	case 1:
		902	offset += file->f_pos;
		903	}
		904	retval = -EINVAL;
		905	if (offset >= 0) {
		906	if (offset != file->f_pos) {
		907	file->f_pos = offset;
		908	file->f_version = 0;
		909	}
		910	retval = offset;
		911	}
		912	up(&info->mutex);
		913	return retval;
		914	}
		915
883	#ifdef CONFIG_KMOD	916	#ifdef CONFIG_KMOD
884	static void try_to_load(int fb)	917	static void try_to_load(int fb)
885	{	918	{
Lines 1254-1259 Link Here
1254	.owner = THIS_MODULE,	1287	.owner = THIS_MODULE,
1255	.read = fb_read,	1288	.read = fb_read,
1256	.write = fb_write,	1289	.write = fb_write,
		1290	.llseek = fb_llseek,
1257	.ioctl = fb_ioctl,	1291	.ioctl = fb_ioctl,
1258	.mmap = fb_mmap,	1292	.mmap = fb_mmap,
1259	.open = fb_open,	1293	.open = fb_open,
Lines 1327-1332 Link Here
1327	if (fb_info->sprite.inbuf == NULL)	1361	if (fb_info->sprite.inbuf == NULL)
1328	fb_info->sprite.inbuf = fb_sys_inbuf;	1362	fb_info->sprite.inbuf = fb_sys_inbuf;
1329		1363
		1364	init_MUTEX(&fb_info->mutex);
1330	registered_fb[i] = fb_info;	1365	registered_fb[i] = fb_info;
1331		1366
1332	devfs_mk_cdev(MKDEV(FB_MAJOR, i),	1367	devfs_mk_cdev(MKDEV(FB_MAJOR, i),

Lines 916-922 Link Here

(-)linux-2.6.7/drivers/video/stifb.c (-29 / +46 lines)
916	static ssize_t	916	static ssize_t
917	stifb_read(struct file file, char buf, size_t count, loff_t *ppos)	917	stifb_read(struct file file, char buf, size_t count, loff_t *ppos)
918	{	918	{
919	unsigned long p = *ppos;	919	unsigned long p;
920	struct inode *inode = file->f_dentry->d_inode;	920	struct inode *inode = file->f_dentry->d_inode;
921	int fbidx = iminor(inode);	921	int fbidx = iminor(inode);
922	struct fb_info *info = registered_fb[fbidx];	922	struct fb_info *info = registered_fb[fbidx];
Lines 925-948 Link Here
925	if (!info \|\| ! info->screen_base)	925	if (!info \|\| ! info->screen_base)
926	return -ENODEV;	926	return -ENODEV;
927		927
928	if (p >= info->fix.smem_len)	928	down(&info->mutex);
929	return 0;	929
		930	p = *ppos;
		931
		932	if (*ppos >= info->fix.smem_len \|\| count + p > p)
		933	{
		934	up(&info->mutex);
		935	return 0;
		936	}
930	if (count >= info->fix.smem_len)	937	if (count >= info->fix.smem_len)
931	count = info->fix.smem_len;	938	count = info->fix.smem_len;
932	if (count + p > info->fix.smem_len)	939	if (count + p > info->fix.smem_len)
933	count = info->fix.smem_len - p;	940	count = info->fix.smem_len - p;
934	if (count > sizeof(tmpbuf))	941	if (count > sizeof(tmpbuf))
935	count = sizeof(tmpbuf);	942	count = sizeof(tmpbuf);
936	if (count) {	943	if (count) {
937	char *base_addr;	944	char *base_addr;
938		945
939	base_addr = info->screen_base;	946	base_addr = info->screen_base;
940	memcpy_fromio(&tmpbuf, base_addr+p, count);	947	memcpy_fromio(&tmpbuf, base_addr + p, count);
941	count -= copy_to_user(buf, &tmpbuf, count);	948	count -= copy_to_user(buf, &tmpbuf, count);
942	if (!count)	949	if (!count)
943	return -EFAULT;	950	count = -EFAULT;
944	*ppos += count;	951	else
		952	*ppos += count;
945	}	953	}
		954	up(&info->mutex);
946	return count;	955	return count;
947	}	956	}
948		957
Lines 952-958 Link Here
952	struct inode *inode = file->f_dentry->d_inode;	961	struct inode *inode = file->f_dentry->d_inode;
953	int fbidx = iminor(inode);	962	int fbidx = iminor(inode);
954	struct fb_info *info = registered_fb[fbidx];	963	struct fb_info *info = registered_fb[fbidx];
955	unsigned long p = *ppos;	964	unsigned long p;
956	size_t c;	965	size_t c;
957	int err;	966	int err;
958	char tmpbuf[TMPBUFLEN];	967	char tmpbuf[TMPBUFLEN];
Lines 960-990 Link Here
960	if (!info \|\| !info->screen_base)	969	if (!info \|\| !info->screen_base)
961	return -ENODEV;	970	return -ENODEV;
962		971
963	if (p > info->fix.smem_len)	972	down(&info->mutex);
964	return -ENOSPC;	973	p = ppos; / Truncated version */
		974
		975	if (*ppos > info->fix.smem_len \|\| p + count > p)
		976	{
		977	up(&info->mutex);
		978	return -ENOSPC;
		979	}
		980
965	if (count >= info->fix.smem_len)	981	if (count >= info->fix.smem_len)
966	count = info->fix.smem_len;	982	count = info->fix.smem_len;
967	err = 0;	983	err = 0;
968	if (count + p > info->fix.smem_len) {	984	if (count + p > info->fix.smem_len) {
969	count = info->fix.smem_len - p;	985	count = info->fix.smem_len - p;
970	err = -ENOSPC;	986	err = -ENOSPC;
971	}	987	}
972		988
973	p += (unsigned long)info->screen_base;	989	p += (unsigned long)info->screen_base;
974	c = count;	990	c = count;
975	while (c) {	991	while (c) {
976	int len = c > sizeof(tmpbuf) ? sizeof(tmpbuf) : c;	992	int len = c > sizeof(tmpbuf) ? sizeof(tmpbuf) : c;
977	err = -EFAULT;	993	err = -EFAULT;
978	if (copy_from_user(&tmpbuf, buf, len))	994	if (copy_from_user(&tmpbuf, buf, len))
979	break;	995	break;
980	memcpy_toio(p, &tmpbuf, len);	996	memcpy_toio(p, &tmpbuf, len);
981	c -= len;	997	c -= len;
982	p += len;	998	p += len;
983	buf += len;	999	buf += len;
984	*ppos += len;	1000	*ppos += len;
985	}	1001	}
986	if (count-c)	1002	up(&info->mutex);
987	return (count-c);	1003	if (count - c)
		1004	return count - c;
988	return err;	1005	return err;
989	}	1006	}
990		1007

Lines 18-30 Link Here

(-)linux-2.6.7/drivers/zorro/proc.c (-6 / +20 lines)
18	#include <asm/uaccess.h>	18	#include <asm/uaccess.h>
19	#include <asm/amigahw.h>	19	#include <asm/amigahw.h>
20	#include <asm/setup.h>	20	#include <asm/setup.h>
		21	#include <asm/semaphore.h>
		22
		23	static DECLARE_MUTEX(zorro_proc_lock);
21		24
22	static loff_t	25	static loff_t
23	proc_bus_zorro_lseek(struct file *file, loff_t off, int whence)	26	proc_bus_zorro_lseek(struct file *file, loff_t off, int whence)
24	{	27	{
25	loff_t new = -1;	28	loff_t new = -1;
26		29
27	lock_kernel();	30	down(&zorro_proc_lock);
		31
28	switch (whence) {	32	switch (whence) {
29	case 0:	33	case 0:
30	new = off;	34	new = off;
Lines 37-47 Link Here
37	break;	41	break;
38	}	42	}
39	if (new < 0 \|\| new > sizeof(struct ConfigDev)) {	43	if (new < 0 \|\| new > sizeof(struct ConfigDev)) {
40	unlock_kernel();	44	up(&zorro_proc_lock);
41	return -EINVAL;	45	return -EINVAL;
42	}	46	}
43	unlock_kernel();	47	file->f_pos = new;
44	return (file->f_pos = new);	48	up(&zorro_proc_lock);
		49	return file->f_pos;
45	}	50	}
46		51
47	static ssize_t	52	static ssize_t
Lines 51-60 Link Here
51	struct proc_dir_entry *dp = PDE(ino);	56	struct proc_dir_entry *dp = PDE(ino);
52	struct zorro_dev *z = dp->data;	57	struct zorro_dev *z = dp->data;
53	struct ConfigDev cd;	58	struct ConfigDev cd;
54	loff_t pos = *ppos;	59	loff_t pos;
		60
		61	down(&zorro_proc_lock);
55		62
		63	pos = *ppos;
56	if (pos >= sizeof(struct ConfigDev))	64	if (pos >= sizeof(struct ConfigDev))
		65	{
		66	up(&zorro_proc_lock);
57	return 0;	67	return 0;
		68	}
58	if (nbytes >= sizeof(struct ConfigDev))	69	if (nbytes >= sizeof(struct ConfigDev))
59	nbytes = sizeof(struct ConfigDev);	70	nbytes = sizeof(struct ConfigDev);
60	if (pos + nbytes > sizeof(struct ConfigDev))	71	if (pos + nbytes > sizeof(struct ConfigDev))
Lines 69-77 Link Here
69	cd.cd_BoardSize = zorro_resource_len(z);	80	cd.cd_BoardSize = zorro_resource_len(z);
70		81
71	if (copy_to_user(buf, &cd, nbytes))	82	if (copy_to_user(buf, &cd, nbytes))
		83	{
		84	up(&zorro_proc_lock);
72	return -EFAULT;	85	return -EFAULT;
		86	}
73	*ppos += nbytes;	87	*ppos += nbytes;
74		88	up(&zorro_proc_lock);
75	return nbytes;	89	return nbytes;
76	}	90	}
77		91

Lines 68-85 Link Here

(-)linux-2.6.7/fs/openpromfs/inode.c (-29 / +41 lines)
68	size_t count, loff_t *ppos)	68	size_t count, loff_t *ppos)
69	{	69	{
70	struct inode *inode = file->f_dentry->d_inode;	70	struct inode *inode = file->f_dentry->d_inode;
		71	loff_t pos = *ppos;
71	char buffer[10];	72	char buffer[10];
72		73
		74	/* FIXME: add proper seek locking */
		75	if (pos != (unsigned int)pos \|\| pos >= 9)
		76	return -0;
		77
73	if (count < 0 \|\| !inode->u.generic_ip)	78	if (count < 0 \|\| !inode->u.generic_ip)
74	return -EINVAL;	79	return -EINVAL;
75	sprintf (buffer, "%8.8x\n", (u32)(long)(inode->u.generic_ip));	80	sprintf (buffer, "%8.8x\n", (u32)(long)(inode->u.generic_ip));
76	if (file->f_pos >= 9)	81	if (count > 9 - pos)
77	return 0;	82	count = 9 - pos;
78	if (count > 9 - file->f_pos)	83	if (copy_to_user(buf, buffer + pos, count))
79	count = 9 - file->f_pos;
80	if (copy_to_user(buf, buffer + file->f_pos, count))
81	return -EFAULT;	84	return -EFAULT;
82	file->f_pos += count;	85	*ppos = pos + count;
83	return count;	86	return count;
84	}	87	}
85		88
Lines 93-100 Link Here
93	u32 *q;	96	u32 *q;
94	openprom_property *op;	97	openprom_property *op;
95	char buffer[64];	98	char buffer[64];
		99	loff_t pos = *ppos;
96		100
97	if (filp->f_pos >= 0xffffff \|\| count >= 0xffffff)	101	/* FIXME: add proper seek locking */
		102
		103	if (pos < 0 \|\| pos >= 0xffffff \|\| count >= 0xffffff)
98	return -EINVAL;	104	return -EINVAL;
99	if (!filp->private_data) {	105	if (!filp->private_data) {
100	node = nodes[(u16)((long)inode->u.generic_ip)].node;	106	node = nodes[(u16)((long)inode->u.generic_ip)].node;
Lines 180-186 Link Here
180	} else {	186	} else {
181	i = (op->len << 1) + 1;	187	i = (op->len << 1) + 1;
182	}	188	}
183	k = filp->f_pos;	189	k = pos;
184	if (k >= i) return 0;	190	if (k >= i) return 0;
185	if (count > i - k) count = i - k;	191	if (count > i - k) count = i - k;
186	if (op->flag & OPP_STRING) {	192	if (op->flag & OPP_STRING) {
Lines 197-203 Link Here
197	j = count;	203	j = count;
198		204
199	if (j >= 0) {	205	if (j >= 0) {
200	if (copy_to_user(buf + k - filp->f_pos,	206	if (copy_to_user(buf + k - pos,
201	op->value + k - 1, j))	207	op->value + k - 1, j))
202	return -EFAULT;	208	return -EFAULT;
203	count -= j;	209	count -= j;
Lines 205-215 Link Here
205	}	211	}
206		212
207	if (count) {	213	if (count) {
208	if (put_user('\'', &buf [k++ - filp->f_pos]))	214	if (put_user('\'', &buf [k++ - pos]))
209	return -EFAULT;	215	return -EFAULT;
210	}	216	}
211	if (count > 1) {	217	if (count > 1) {
212	if (put_user('\n', &buf [k++ - filp->f_pos]))	218	if (put_user('\n', &buf [k++ - pos]))
213	return -EFAULT;	219	return -EFAULT;
214	}	220	}
215	} else if (op->flag & OPP_STRINGLIST) {	221	} else if (op->flag & OPP_STRINGLIST) {
Lines 287-293 Link Here
287	if ((k < i - 1) && (k & 1)) {	293	if ((k < i - 1) && (k & 1)) {
288	sprintf (buffer, "%02x",	294	sprintf (buffer, "%02x",
289	(unsigned char) *(op->value + (k >> 1)) & 0xff);	295	(unsigned char) *(op->value + (k >> 1)) & 0xff);
290	if (put_user(buffer[1], &buf[k++ - filp->f_pos]))	296	if (put_user(buffer[1], &buf[k++ - pos]))
291	return -EFAULT;	297	return -EFAULT;
292	count--;	298	count--;
293	}	299	}
Lines 295-301 Link Here
295	for (; (count > 1) && (k < i - 1); k += 2) {	301	for (; (count > 1) && (k < i - 1); k += 2) {
296	sprintf (buffer, "%02x",	302	sprintf (buffer, "%02x",
297	(unsigned char) *(op->value + (k >> 1)) & 0xff);	303	(unsigned char) *(op->value + (k >> 1)) & 0xff);
298	if (copy_to_user(buf + k - filp->f_pos, buffer, 2))	304	if (copy_to_user(buf + k - pos, buffer, 2))
299	return -EFAULT;	305	return -EFAULT;
300	count -= 2;	306	count -= 2;
301	}	307	}
Lines 303-340 Link Here
303	if (count && (k < i - 1)) {	309	if (count && (k < i - 1)) {
304	sprintf (buffer, "%02x",	310	sprintf (buffer, "%02x",
305	(unsigned char) *(op->value + (k >> 1)) & 0xff);	311	(unsigned char) *(op->value + (k >> 1)) & 0xff);
306	if (put_user(buffer[0], &buf[k++ - filp->f_pos]))	312	if (put_user(buffer[0], &buf[k++ - pos]))
307	return -EFAULT;	313	return -EFAULT;
308	count--;	314	count--;
309	}	315	}
310		316
311	if (count) {	317	if (count) {
312	if (put_user('\n', &buf [k++ - filp->f_pos]))	318	if (put_user('\n', &buf [k++ - pos]))
313	return -EFAULT;	319	return -EFAULT;
314	}	320	}
315	}	321	}
316	count = k - filp->f_pos;	322	count = k - pos;
317	filp->f_pos = k;	323	*ppos = k;
318	return count;	324	return count;
319	}	325	}
320		326
321	static ssize_t property_write(struct file filp, const char buf,	327	static ssize_t property_write(struct file filp, const char buf,
322	size_t count, loff_t *ppos)	328	size_t count, loff_t *ppos)
323	{	329	{
		330	loff_t pos = *ppos;
324	int i, j, k;	331	int i, j, k;
325	char *p;	332	char *p;
326	u32 *q;	333	u32 *q;
327	void *b;	334	void *b;
328	openprom_property *op;	335	openprom_property *op;
329		336
330	if (filp->f_pos >= 0xffffff \|\| count >= 0xffffff)	337	/* FIXME: add proper seek locking */
		338
		339	if (pos < 0 \|\| pos >= 0xffffff \|\| count >= 0xffffff)
331	return -EINVAL;	340	return -EINVAL;
332	if (!filp->private_data) {	341	if (!filp->private_data) {
333	i = property_read (filp, NULL, 0, 0);	342	i = property_read (filp, NULL, 0, 0);
334	if (i)	343	if (i)
335	return i;	344	return i;
336	}	345	}
337	k = filp->f_pos;	346	k = pos;
338	op = (openprom_property *)filp->private_data;	347	op = (openprom_property *)filp->private_data;
339	if (!(op->flag & OPP_STRING)) {	348	if (!(op->flag & OPP_STRING)) {
340	u32 first, last;	349	u32 first, last;
Lines 462-468 Link Here
462	op->len = i;	471	op->len = i;
463	} else	472	} else
464	op->len = i;	473	op->len = i;
465	filp->f_pos += count;	474	pos += count;
466	}	475	}
467	write_try_string:	476	write_try_string:
468	if (!(op->flag & OPP_BINARY)) {	477	if (!(op->flag & OPP_BINARY)) {
Lines 480-486 Link Here
480	op->flag \|= OPP_QUOTED;	489	op->flag \|= OPP_QUOTED;
481	buf++;	490	buf++;
482	count--;	491	count--;
483	filp->f_pos++;	492	pos++;
		493	*ppos = pos;
484	if (!count) {	494	if (!count) {
485	op->flag \|= OPP_STRING;	495	op->flag \|= OPP_STRING;
486	return 1;	496	return 1;
Lines 489-497 Link Here
489	op->flag \|= OPP_NOTQUOTED;	499	op->flag \|= OPP_NOTQUOTED;
490	}	500	}
491	op->flag \|= OPP_STRING;	501	op->flag \|= OPP_STRING;
492	if (op->alloclen <= count + filp->f_pos) {	502	if (op->alloclen <= count + pos) {
493	b = kmalloc (sizeof (openprom_property)	503	b = kmalloc (sizeof (openprom_property)
494	+ 2 * (count + filp->f_pos), GFP_KERNEL);	504	+ 2 * (count + pos), GFP_KERNEL);
495	if (!b)	505	if (!b)
496	return -ENOMEM;	506	return -ENOMEM;
497	memcpy (b, filp->private_data,	507	memcpy (b, filp->private_data,
Lines 499-512 Link Here
499	+ strlen (op->name) + op->alloclen);	509	+ strlen (op->name) + op->alloclen);
500	memset (((char *)b) + sizeof (openprom_property)	510	memset (((char *)b) + sizeof (openprom_property)
501	+ strlen (op->name) + op->alloclen,	511	+ strlen (op->name) + op->alloclen,
502	0, 2*(count - filp->f_pos) - op->alloclen);	512	0, 2*(count - pos) - op->alloclen);
503	op = (openprom_property *)b;	513	op = (openprom_property *)b;
504	op->alloclen = 2*(count + filp->f_pos);	514	op->alloclen = 2*(count + pos);
505	b = filp->private_data;	515	b = filp->private_data;
506	filp->private_data = (void *)op;	516	filp->private_data = (void *)op;
507	kfree (b);	517	kfree (b);
508	}	518	}
509	p = op->value + filp->f_pos - ((op->flag & OPP_QUOTED) ? 1 : 0);	519	p = op->value + pos - ((op->flag & OPP_QUOTED) ? 1 : 0);
510	if (copy_from_user(p, buf, count))	520	if (copy_from_user(p, buf, count))
511	return -EFAULT;	521	return -EFAULT;
512	op->flag \|= OPP_DIRTY;	522	op->flag \|= OPP_DIRTY;
Lines 517-533 Link Here
517	}	527	}
518	if (i < count) {	528	if (i < count) {
519	op->len = p - op->value;	529	op->len = p - op->value;
520	filp->f_pos += i + 1;	530	pos += i + 1;
		531	*ppos = pos;
521	if ((p > op->value) && (op->flag & OPP_QUOTED)	532	if ((p > op->value) && (op->flag & OPP_QUOTED)
522	&& (*(p - 1) == '\''))	533	&& (*(p - 1) == '\''))
523	op->len--;	534	op->len--;
524	} else {	535	} else {
525	if (p - op->value > op->len)	536	if (p - op->value > op->len)
526	op->len = p - op->value;	537	op->len = p - op->value;
527	filp->f_pos += count;	538	pos += count;
		539	*ppos = pos;
528	}	540	}
529	}	541	}
530	return filp->f_pos - k;	542	return pos - k;
531	}	543	}
532		544
533	int property_release (struct inode inode, struct file filp)	545	int property_release (struct inode inode, struct file filp)

Lines 519-524 Link Here

(-)linux-2.6.7/fs/proc/base.c (-9 / +11 lines)
519	ssize_t length;	519	ssize_t length;
520	ssize_t end;	520	ssize_t end;
521	struct task_struct *task = proc_task(inode);	521	struct task_struct *task = proc_task(inode);
		522	loff_t pos = *ppos;
522		523
523	if (count > PROC_BLOCK_SIZE)	524	if (count > PROC_BLOCK_SIZE)
524	count = PROC_BLOCK_SIZE;	525	count = PROC_BLOCK_SIZE;
Lines 532-545 Link Here
532	return length;	533	return length;
533	}	534	}
534	/* Static 4kB (or whatever) block capacity */	535	/* Static 4kB (or whatever) block capacity */
535	if (*ppos >= length) {	536	if (pos < 0 \|\| pos >= length) {
536	free_page(page);	537	free_page(page);
537	return 0;	538	return 0;
538	}	539	}
539	if (count + *ppos > length)	540	if (count > length - pos)
540	count = length - *ppos;	541	count = length - pos;
541	end = count + *ppos;	542	end = count + pos;
542	if (copy_to_user(buf, (char ) page + ppos, count))	543	if (copy_to_user(buf, (char *) page + pos, count))
543	count = -EFAULT;	544	count = -EFAULT;
544	else	545	else
545	*ppos = end;	546	*ppos = end;
Lines 1170-1175 Link Here
1170	ssize_t length;	1171	ssize_t length;
1171	ssize_t end;	1172	ssize_t end;
1172	struct task_struct *task = proc_task(inode);	1173	struct task_struct *task = proc_task(inode);
		1174	loff_t pos = *ppos;
1173		1175
1174	if (count > PAGE_SIZE)	1176	if (count > PAGE_SIZE)
1175	count = PAGE_SIZE;	1177	count = PAGE_SIZE;
Lines 1188-1197 Link Here
1188	free_page(page);	1190	free_page(page);
1189	return 0;	1191	return 0;
1190	}	1192	}
1191	if (count + *ppos > length)	1193	if (count > length - pos)
1192	count = length - *ppos;	1194	count = length - pos;
1193	end = count + *ppos;	1195	end = count + pos;
1194	if (copy_to_user(buf, (char ) page + ppos, count))	1196	if (copy_to_user(buf, (char *) page + pos, count))
1195	count = -EFAULT;	1197	count = -EFAULT;
1196	else	1198	else
1197	*ppos = end;	1199	*ppos = end;

Lines 280-303 Link Here

(-)linux-2.6.7/fs/proc/kcore.c (-9 / +12 lines)
280	size_t elf_buflen;	280	size_t elf_buflen;
281	int nphdr;	281	int nphdr;
282	unsigned long start;	282	unsigned long start;
		283	loff_t pos = *fpos;
283		284
284	read_lock(&kclist_lock);	285	read_lock(&kclist_lock);
285	tsz = get_kcore_size(&nphdr, &elf_buflen);	286	tsz = get_kcore_size(&nphdr, &elf_buflen);
286	proc_root_kcore->size = size = tsz + elf_buflen;	287	proc_root_kcore->size = size = tsz + elf_buflen;
287	if (buflen == 0 \|\| *fpos >= size) {	288	if (buflen == 0 \|\| pos < 0 \|\| pos >= size) {
288	read_unlock(&kclist_lock);	289	read_unlock(&kclist_lock);
289	return 0;	290	return 0;
290	}	291	}
291		292
292	/* trim buflen to not go beyond EOF */	293	/* trim buflen to not go beyond EOF */
293	if (buflen > size - *fpos)	294	if (buflen > size - pos)
294	buflen = size - *fpos;	295	buflen = size - pos;
295		296
296	/* construct an ELF core header if we'll need some of it */	297	/* construct an ELF core header if we'll need some of it */
297	if (*fpos < elf_buflen) {	298	if (pos < elf_buflen) {
298	char * elf_buf;	299	char * elf_buf;
299		300
300	tsz = elf_buflen - *fpos;	301	tsz = elf_buflen - pos;
301	if (buflen < tsz)	302	if (buflen < tsz)
302	tsz = buflen;	303	tsz = buflen;
303	elf_buf = kmalloc(elf_buflen, GFP_ATOMIC);	304	elf_buf = kmalloc(elf_buflen, GFP_ATOMIC);
Lines 308-320 Link Here
308	memset(elf_buf, 0, elf_buflen);	309	memset(elf_buf, 0, elf_buflen);
309	elf_kcore_store_hdr(elf_buf, nphdr, elf_buflen);	310	elf_kcore_store_hdr(elf_buf, nphdr, elf_buflen);
310	read_unlock(&kclist_lock);	311	read_unlock(&kclist_lock);
311	if (copy_to_user(buffer, elf_buf + *fpos, tsz)) {	312	if (copy_to_user(buffer, elf_buf + pos, tsz)) {
312	kfree(elf_buf);	313	kfree(elf_buf);
313	return -EFAULT;	314	return -EFAULT;
314	}	315	}
315	kfree(elf_buf);	316	kfree(elf_buf);
316	buflen -= tsz;	317	buflen -= tsz;
317	*fpos += tsz;	318	pos += tsz;
		319	*fpos = pos;
318	buffer += tsz;	320	buffer += tsz;
319	acc += tsz;	321	acc += tsz;
320		322
Lines 328-334 Link Here
328	* Check to see if our file offset matches with any of	330	* Check to see if our file offset matches with any of
329	* the addresses in the elf_phdr on our list.	331	* the addresses in the elf_phdr on our list.
330	*/	332	*/
331	start = kc_offset_to_vaddr(*fpos - elf_buflen);	333	start = kc_offset_to_vaddr(pos - elf_buflen);
332	if ((tsz = (PAGE_SIZE - (start & ~PAGE_MASK))) > buflen)	334	if ((tsz = (PAGE_SIZE - (start & ~PAGE_MASK))) > buflen)
333	tsz = buflen;	335	tsz = buflen;
334		336
Lines 412-418 Link Here
412	}	414	}
413	}	415	}
414	buflen -= tsz;	416	buflen -= tsz;
415	*fpos += tsz;	417	pos += tsz;
		418	*fpos = pos;
416	buffer += tsz;	419	buffer += tsz;
417	acc += tsz;	420	acc += tsz;
418	start += tsz;	421	start += tsz;

Lines 564-575 Link Here

(-)linux-2.6.7/fs/proc/proc_misc.c (-3 / +3 lines)
564	static ssize_t	564	static ssize_t
565	read_profile(struct file file, char __user buf, size_t count, loff_t *ppos)	565	read_profile(struct file file, char __user buf, size_t count, loff_t *ppos)
566	{	566	{
567	unsigned long p = *ppos;	567	loff_t p = *ppos;
568	ssize_t read;	568	ssize_t read;
569	char * pnt;	569	char * pnt;
570	unsigned int sample_step = 1 << prof_shift;	570	unsigned int sample_step = 1 << prof_shift;
571		571
572	if (p >= (prof_len+1)*sizeof(unsigned int))	572	if (p < 0 \|\| p >= (prof_len+1)*sizeof(unsigned int))
573	return 0;	573	return 0;
574	if (count > (prof_len+1)*sizeof(unsigned int) - p)	574	if (count > (prof_len+1)*sizeof(unsigned int) - p)
575	count = (prof_len+1)*sizeof(unsigned int) - p;	575	count = (prof_len+1)*sizeof(unsigned int) - p;
Lines 583-589 Link Here
583	if (copy_to_user(buf,(void *)pnt,count))	583	if (copy_to_user(buf,(void *)pnt,count))
584	return -EFAULT;	584	return -EFAULT;
585	read += count;	585	read += count;
586	*ppos += read;	586	*ppos = p;
587	return read;	587	return read;
588	}	588	}
589		589

Lines 114-128 Link Here

(-)linux-2.6.7/fs/udf/file.c (-3 / +13 lines)
114	{	114	{
115	ssize_t retval;	115	ssize_t retval;
116	struct inode *inode = file->f_dentry->d_inode;	116	struct inode *inode = file->f_dentry->d_inode;
117	int err, pos;	117	int err;
		118	loff_t pos;
118		119
119	if (UDF_I_ALLOCTYPE(inode) == ICBTAG_FLAG_AD_IN_ICB)	120	if (UDF_I_ALLOCTYPE(inode) == ICBTAG_FLAG_AD_IN_ICB)
120	{	121	{
		122	/* FIXME: locking checks needed */
121	if (file->f_flags & O_APPEND)	123	if (file->f_flags & O_APPEND)
122	pos = inode->i_size;	124	pos = inode->i_size;
123	else	125	else
124	pos = *ppos;	126	pos = *ppos;
125		127
		128	/* Check limit here, but actual limit is due to variable
		129	types in lower order functions. These probaly need to
		130	be fixed and pushed down the stack */
		131	if (pos < 0 \|\| pos + count < pos \|\| pos > 0x7FFFFFFF)
		132	return -EFBIG;;
		133	if (pos + count > 0x7FFFFFFF)
		134	count = 0x7FFFFFFF - pos;
		135
126	if (inode->i_sb->s_blocksize < (udf_file_entry_alloc_offset(inode) +	136	if (inode->i_sb->s_blocksize < (udf_file_entry_alloc_offset(inode) +
127	pos + count))	137	pos + count))
128	{	138	{
Lines 142-151 Link Here
142	}	152	}
143	}	153	}
144		154
145	retval = generic_file_write(file, buf, count, ppos);	155	retval = generic_file_write(file, buf, count, &pos);
146
147	if (retval > 0)	156	if (retval > 0)
148	mark_inode_dirty(inode);	157	mark_inode_dirty(inode);
		158	*ppos = pos;
149	return retval;	159	return retval;
150	}	160	}
151		161

Lines 1176-1189 Link Here

(-)linux-2.6.7/net/sunrpc/cache.c (-3 / +3 lines)
1176		1176
1177	sprintf(tbuf, "%lu\n", cd->flush_time);	1177	sprintf(tbuf, "%lu\n", cd->flush_time);
1178	len = strlen(tbuf);	1178	len = strlen(tbuf);
1179	if (p >= len)	1179	if (p != (unsigned int)p \|\| p >= len)
1180	return 0;	1180	return 0;
1181	len -= p;	1181	len -= p;
1182	if (len > count) len = count;	1182	if (len > count) len = count;
1183	if (copy_to_user(buf, (void*)(tbuf+p), len))	1183	if (copy_to_user(buf, (void*)(tbuf+p), len))
1184	len = -EFAULT;	1184	len = -EFAULT;
1185	else	1185	else
1186	*ppos += len;	1186	*ppos = p + len;
1187	return len;	1187	return len;
1188	}	1188	}
1189		1189
Lines 1207-1213 Link Here
1207	cd->nextcheck = get_seconds();	1207	cd->nextcheck = get_seconds();
1208	cache_flush();	1208	cache_flush();
1209		1209
1210	*ppos += count;	1210	*ppos = count;
1211	return count;	1211	return count;
1212	}	1212	}
1213		1213

Lines 74-79 Link Here

(-)linux-2.6.7/security/selinux/selinuxfs.c (-26 / +33 lines)
74	char *page;	74	char *page;
75	ssize_t length;	75	ssize_t length;
76	ssize_t end;	76	ssize_t end;
		77	loff_t pos = *ppos;
77		78
78	if (count < 0 \|\| count > PAGE_SIZE)	79	if (count < 0 \|\| count > PAGE_SIZE)
79	return -EINVAL;	80	return -EINVAL;
Lines 87-99 Link Here
87	return length;	88	return length;
88	}	89	}
89		90
90	if (*ppos >= length) {	91	if (pos != (unsigned int)pos \|\| pos >= length) {
91	free_page((unsigned long)page);	92	free_page((unsigned long)page);
92	return 0;	93	return 0;
93	}	94	}
94	if (count + *ppos > length)	95	if (count + pos > length)
95	count = length - *ppos;	96	count = length - pos;
96	end = count + *ppos;	97	end = count + pos;
97	if (copy_to_user(buf, (char ) page + ppos, count)) {	98	if (copy_to_user(buf, (char ) page + ppos, count)) {
98	count = -EFAULT;	99	count = -EFAULT;
99	goto out;	100	goto out;
Lines 141-146 Link Here
141	selnl_notify_setenforce(selinux_enforcing);	142	selnl_notify_setenforce(selinux_enforcing);
142	}	143	}
143	length = count;	144	length = count;
		145	*ppos = length;
144	out:	146	out:
145	free_page((unsigned long) page);	147	free_page((unsigned long) page);
146	return length;	148	return length;
Lines 189-194 Link Here
189	}	191	}
190		192
191	length = count;	193	length = count;
		194	*ppos = length;
192	out:	195	out:
193	free_page((unsigned long) page);	196	free_page((unsigned long) page);
194	return length;	197	return length;
Lines 207-212 Link Here
207	char *page;	210	char *page;
208	ssize_t length;	211	ssize_t length;
209	ssize_t end;	212	ssize_t end;
		213	loff_t pos = *ppos;
210		214
211	if (count < 0 \|\| count > PAGE_SIZE)	215	if (count < 0 \|\| count > PAGE_SIZE)
212	return -EINVAL;	216	return -EINVAL;
Lines 220-233 Link Here
220	return length;	224	return length;
221	}	225	}
222		226
223	if (*ppos >= length) {	227	if (pos < 0 \|\| pos >= length) {
224	free_page((unsigned long)page);	228	free_page((unsigned long)page);
225	return 0;	229	return 0;
226	}	230	}
227	if (count + *ppos > length)	231	if (count + pos > length)
228	count = length - *ppos;	232	count = length - pos;
229	end = count + *ppos;	233	end = count + pos;
230	if (copy_to_user(buf, (char ) page + ppos, count)) {	234	if (copy_to_user(buf, (char *) page + pos, count)) {
231	count = -EFAULT;	235	count = -EFAULT;
232	goto out;	236	goto out;
233	}	237	}
Lines 250-255 Link Here
250	char *page;	254	char *page;
251	ssize_t length;	255	ssize_t length;
252	ssize_t end;	256	ssize_t end;
		257	loff_t pos = *ppos;
253		258
254	if (count < 0 \|\| count > PAGE_SIZE)	259	if (count < 0 \|\| count > PAGE_SIZE)
255	return -EINVAL;	260	return -EINVAL;
Lines 263-276 Link Here
263	return length;	268	return length;
264	}	269	}
265		270
266	if (*ppos >= length) {	271	if (pos < 0 \|\| pos >= length) {
267	free_page((unsigned long)page);	272	free_page((unsigned long)page);
268	return 0;	273	return 0;
269	}	274	}
270	if (count + *ppos > length)	275	if (count + pos > length)
271	count = length - *ppos;	276	count = length - pos;
272	end = count + *ppos;	277	end = count + pos;
273	if (copy_to_user(buf, (char ) page + ppos, count)) {	278	if (copy_to_user(buf, (char *) page + pos, count)) {
274	count = -EFAULT;	279	count = -EFAULT;
275	goto out;	280	goto out;
276	}	281	}
Lines 445-454 Link Here
445	return rv;	450	return rv;
446	}	451	}
447		452
448	static ssize_t TA_read(struct file file, char __user buf, size_t size, loff_t *pos)	453	static ssize_t TA_read(struct file file, char __user buf, size_t size, loff_t *ppos)
449	{	454	{
450	struct argresp *ar;	455	struct argresp *ar;
451	ssize_t rv = 0;	456	ssize_t rv = 0;
		457	loff_t pos = *ppos;
452		458
453	if (file->private_data == NULL)	459	if (file->private_data == NULL)
454	rv = TA_write(file, buf, 0, pos);	460	rv = TA_write(file, buf, 0, pos);
Lines 458-470 Link Here
458	ar = file->private_data;	464	ar = file->private_data;
459	if (!ar)	465	if (!ar)
460	return 0;	466	return 0;
461	if (*pos >= ar->size)	467	if (pos < 0 \|\| pos >= ar->size)
462	return 0;	468	return 0;
463	if (*pos + size > ar->size)	469	if (pos + size > ar->size)
464	size = ar->size - *pos;	470	size = ar->size - pos;
465	if (copy_to_user(buf, ar->data + *pos, size))	471	if (copy_to_user(buf, ar->data + pos, size))
466	return -EFAULT;	472	return -EFAULT;
467	*pos += size;	473	*ppos = pos + size;
468	return size;	474	return size;
469	}	475	}
470		476
Lines 753-759 Link Here
753	ssize_t ret;	759	ssize_t ret;
754	int cur_enforcing;	760	int cur_enforcing;
755	struct inode *inode;	761	struct inode *inode;
756		762	loff_t pos = *ppos;
		763
757	down(&sel_sem);	764	down(&sel_sem);
758		765
759	ret = -EFAULT;	766	ret = -EFAULT;
Lines 786-799 Link Here
786	goto out;	793	goto out;
787	}	794	}
788		795
789	if (*ppos >= length) {	796	if (pos < 0 \|\| pos >= length) {
790	ret = 0;	797	ret = 0;
791	goto out;	798	goto out;
792	}	799	}
793	if (count + *ppos > length)	800	if (count + pos > length)
794	count = length - *ppos;	801	count = length - pos;
795	end = count + *ppos;	802	end = count + pos;
796	if (copy_to_user(buf, (char ) page + ppos, count)) {	803	if (copy_to_user(buf, (char *) page + pos, count)) {
797	ret = -EFAULT;	804	ret = -EFAULT;
798	goto out;	805	goto out;
799	}	806	}