Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
View | Details | Raw Unified | Return to bug 72006 | Differences between
and this patch

Collapse All | Expand All

(-)linux-2.6.7/arch/cris/arch-v10/drivers/eeprom.c (-54 / +33 lines)
Lines 95-100 Link Here
95
#include <linux/delay.h>
95
#include <linux/delay.h>
96
#include <linux/interrupt.h>
96
#include <linux/interrupt.h>
97
#include <asm/uaccess.h>
97
#include <asm/uaccess.h>
98
#include <asm/semaphore.h>
98
#include "i2c.h"
99
#include "i2c.h"
99
100
100
#define D(x) 
101
#define D(x) 
Lines 137-144 Link Here
137
  int adapt_state; /* 1 = To high , 0 = Even, -1 = To low */
138
  int adapt_state; /* 1 = To high , 0 = Even, -1 = To low */
138
  
139
  
139
  /* this one is to keep the read/write operations atomic */
140
  /* this one is to keep the read/write operations atomic */
140
  wait_queue_head_t wait_q;
141
  volatile int busy;
142
  int retry_cnt_addr; /* Used to keep track of number of retries for
141
  int retry_cnt_addr; /* Used to keep track of number of retries for
143
                         adaptive timing adjustments */
142
                         adaptive timing adjustments */
144
  int retry_cnt_read;
143
  int retry_cnt_read;
Lines 164-169 Link Here
164
163
165
/* chip description */
164
/* chip description */
166
static struct eeprom_type eeprom;
165
static struct eeprom_type eeprom;
166
static DECLARE_MUTEX(eeprom_mutex);
167
167
168
/* This is the exported file-operations structure for this device. */
168
/* This is the exported file-operations structure for this device. */
169
struct file_operations eeprom_fops =
169
struct file_operations eeprom_fops =
Lines 179-187 Link Here
179
179
180
int __init eeprom_init(void)
180
int __init eeprom_init(void)
181
{
181
{
182
  init_waitqueue_head(&eeprom.wait_q);
183
  eeprom.busy = 0;
184
185
#ifdef CONFIG_ETRAX_I2C_EEPROM_PROBE
182
#ifdef CONFIG_ETRAX_I2C_EEPROM_PROBE
186
#define EETEXT "Found"
183
#define EETEXT "Found"
187
#else
184
#else
Lines 461-503 Link Here
461
458
462
/* Changes the current file position. */
459
/* Changes the current file position. */
463
460
461
/* XXX - requires a lock as does the read etc side */
462
464
static loff_t eeprom_lseek(struct file * file, loff_t offset, int orig)
463
static loff_t eeprom_lseek(struct file * file, loff_t offset, int orig)
465
{
464
{
465
  loff_t pos;
466
/*
466
/*
467
 *  orig 0: position from begning of eeprom
467
 *  orig 0: position from begning of eeprom
468
 *  orig 1: relative from current position
468
 *  orig 1: relative from current position
469
 *  orig 2: position from last eeprom address
469
 *  orig 2: position from last eeprom address
470
 */
470
 */
471
  down(&eeprom_lock);
471
  
472
  
472
  switch (orig)
473
  switch (orig)
473
  {
474
  {
474
   case 0:
475
   case 0:
475
     file->f_pos = offset;
476
     pos = offset;
476
     break;
477
     break;
477
   case 1:
478
   case 1:
478
     file->f_pos += offset;
479
     pos = file->f_pos + offset;
479
     break;
480
     break;
480
   case 2:
481
   case 2:
481
     file->f_pos = eeprom.size - offset;
482
     pos = eeprom.size - offset;
482
     break;
483
     break;
483
   default:
484
   default:
484
     return -EINVAL;
485
     return -EINVAL;
485
  }
486
  }
486
487
487
  /* truncate position */
488
  /* truncate position */
488
  if (file->f_pos < 0)
489
  if (pos < 0 || pos >= eeprom.size)
489
  {
490
    file->f_pos = 0;    
491
    return(-EOVERFLOW);
492
  }
493
  
494
  if (file->f_pos >= eeprom.size)
495
  {
490
  {
496
    file->f_pos = eeprom.size - 1;
491
    up(&eeprom_lock);
497
    return(-EOVERFLOW);
492
    return(-EOVERFLOW);
498
  }
493
  }
499
494
  return ( file->f_pos = pos );
500
  return ( file->f_pos );
501
}
495
}
502
496
503
/* Reads data from eeprom. */
497
/* Reads data from eeprom. */
Lines 517-542 Link Here
517
static ssize_t eeprom_read(struct file * file, char * buf, size_t count, loff_t *off)
511
static ssize_t eeprom_read(struct file * file, char * buf, size_t count, loff_t *off)
518
{
512
{
519
  int read=0;
513
  int read=0;
520
  unsigned long p = file->f_pos;
514
  loff_t p = *off;
521
515
522
  unsigned char page;
516
  unsigned char page;
523
517
524
  if(p >= eeprom.size)  /* Address i 0 - (size-1) */
525
  {
526
    return -EFAULT;
527
  }
528
  
529
  while(eeprom.busy)
530
  {
531
    interruptible_sleep_on(&eeprom.wait_q);
532
518
533
    /* bail out if we get interrupted */
519
  if(down_interruptible(&eeprom_lock))
534
    if (signal_pending(current))
520
  	return -EINTR;
535
      return -EINTR;
536
    
537
  }
538
  eeprom.busy++;
539
521
522
  if(p >= eeprom.size || count > eeprom.size - p)  /* Address i 0 - (size-1) */
523
  {
524
    up(&eeprom_lock);
525
    return -EINVAL;
526
  }
540
  page = (unsigned char) (p >> 8);
527
  page = (unsigned char) (p >> 8);
541
  
528
  
542
  if(!eeprom_address(p))
529
  if(!eeprom_address(p))
Lines 546-553 Link Here
546
    i2c_stop();
533
    i2c_stop();
547
    
534
    
548
    /* don't forget to wake them up */
535
    /* don't forget to wake them up */
549
    eeprom.busy--;
536
    up(&eeprom_lock);
550
    wake_up_interruptible(&eeprom.wait_q);  
551
    return -EFAULT;
537
    return -EFAULT;
552
  }
538
  }
553
539
Lines 571-581 Link Here
571
  
557
  
572
  if(read > 0)
558
  if(read > 0)
573
  {
559
  {
574
    file->f_pos += read;
560
    *off = p + read;
575
  }
561
  }
576
562
577
  eeprom.busy--;
563
  up(&eeprom_lock);
578
  wake_up_interruptible(&eeprom.wait_q);
579
  return read;
564
  return read;
580
}
565
}
581
566
Lines 604-622 Link Here
604
    return -EFAULT;
589
    return -EFAULT;
605
  }
590
  }
606
591
607
  while(eeprom.busy)
592
  if(down_interruptible(&eeprom_lock))
608
  {
593
  	return -EINTR;
609
    interruptible_sleep_on(&eeprom.wait_q);
594
610
    /* bail out if we get interrupted */
611
    if (signal_pending(current))
612
      return -EINTR;
613
  }
614
  eeprom.busy++;
615
  for(i = 0; (i < EEPROM_RETRIES) && (restart > 0); i++)
595
  for(i = 0; (i < EEPROM_RETRIES) && (restart > 0); i++)
616
  {
596
  {
617
    restart = 0;
597
    restart = 0;
618
    written = 0;
598
    written = 0;
619
    p = file->f_pos;
599
    p = *off;
620
   
600
   
621
    
601
    
622
    while( (written < count) && (p < eeprom.size))
602
    while( (written < count) && (p < eeprom.size))
Lines 629-637 Link Here
629
        i2c_stop();
609
        i2c_stop();
630
        
610
        
631
        /* don't forget to wake them up */
611
        /* don't forget to wake them up */
632
        eeprom.busy--;
612
        up(&eeprom_lock);
633
        wake_up_interruptible(&eeprom.wait_q);
613
        return -EIO;
634
        return -EFAULT;
635
      }
614
      }
636
#ifdef EEPROM_ADAPTIVE_TIMING      
615
#ifdef EEPROM_ADAPTIVE_TIMING      
637
      /* Adaptive algorithm to adjust timing */
616
      /* Adaptive algorithm to adjust timing */
Lines 742-753 Link Here
742
    } /* while */
721
    } /* while */
743
  } /* for  */
722
  } /* for  */
744
723
745
  eeprom.busy--;
724
  if (written == 0 && p >= eeprom.size){
746
  wake_up_interruptible(&eeprom.wait_q);
725
    up(&eeprom_lock);
747
  if (written == 0 && file->f_pos >= eeprom.size){
748
    return -ENOSPC;
726
    return -ENOSPC;
749
  }
727
  }
750
  file->f_pos += written;
728
  *off = p;
729
  up(&eeprom_lock);
751
  return written;
730
  return written;
752
}
731
}
753
732
(-)linux-2.6.7/arch/i386/kernel/cpuid.c (-8 / +21 lines)
Lines 41-46 Link Here
41
#include <asm/msr.h>
41
#include <asm/msr.h>
42
#include <asm/uaccess.h>
42
#include <asm/uaccess.h>
43
#include <asm/system.h>
43
#include <asm/system.h>
44
#include <asm/semaphore.h>
45
46
static DECLARE_MUTEX(cpuid_lock);
44
47
45
#ifdef CONFIG_SMP
48
#ifdef CONFIG_SMP
46
49
Lines 88-95 Link Here
88
{
91
{
89
	loff_t ret;
92
	loff_t ret;
90
93
91
	lock_kernel();
94
	down(&cpuid_lock);
92
95
	
93
	switch (orig) {
96
	switch (orig) {
94
	case 0:
97
	case 0:
95
		file->f_pos = offset;
98
		file->f_pos = offset;
Lines 102-109 Link Here
102
	default:
105
	default:
103
		ret = -EINVAL;
106
		ret = -EINVAL;
104
	}
107
	}
105
108
	up(&cpuid_lock);
106
	unlock_kernel();
107
	return ret;
109
	return ret;
108
}
110
}
109
111
Lines 113-133 Link Here
113
	char __user *tmp = buf;
115
	char __user *tmp = buf;
114
	u32 data[4];
116
	u32 data[4];
115
	size_t rv;
117
	size_t rv;
116
	u32 reg = *ppos;
118
	u32 reg;
117
	int cpu = iminor(file->f_dentry->d_inode);
119
	int cpu = iminor(file->f_dentry->d_inode);
120
	int err = -EINVAL;
118
121
119
	if (count % 16)
122
	if (count % 16)
120
		return -EINVAL;	/* Invalid chunk size */
123
		return -EINVAL;	/* Invalid chunk size */
121
124
125
	down(&cpuid_lock);
126
	if(*ppos > 0xFFFFFFFF)
127
		goto error;
128
	reg = *ppos;
129
	err = -EFAULT;
122
	for (rv = 0; count; count -= 16) {
130
	for (rv = 0; count; count -= 16) {
123
		do_cpuid(cpu, reg, data);
131
		do_cpuid(cpu, reg, data);
124
		if (copy_to_user(tmp, &data, 16))
132
		if (copy_to_user(tmp, &data, 16))
125
			return -EFAULT;
133
			goto error;
126
		tmp += 16;
134
		tmp += 16;
127
		*ppos = reg++;
135
		*ppos = reg++;
128
	}
136
	}
129
137
	err = 0;
130
	return tmp - buf;
138
	
139
error:
140
	up(&cpuid_lock);
141
	if(tmp != buf)
142
		return tmp - buf;
143
	return err;
131
}
144
}
132
145
133
static int cpuid_open(struct inode *inode, struct file *file)
146
static int cpuid_open(struct inode *inode, struct file *file)
(-)linux-2.6.7/arch/i386/kernel/msr.c (-14 / +45 lines)
Lines 41-46 Link Here
41
#include <asm/uaccess.h>
41
#include <asm/uaccess.h>
42
#include <asm/system.h>
42
#include <asm/system.h>
43
43
44
static DECLARE_MUTEX(msr_lock);
45
44
/* Note: "err" is handled in a funny way below.  Otherwise one version
46
/* Note: "err" is handled in a funny way below.  Otherwise one version
45
   of gcc or another breaks. */
47
   of gcc or another breaks. */
46
48
Lines 167-173 Link Here
167
{
169
{
168
	loff_t ret = -EINVAL;
170
	loff_t ret = -EINVAL;
169
171
170
	lock_kernel();
172
	down(&msr_lock);
171
	switch (orig) {
173
	switch (orig) {
172
	case 0:
174
	case 0:
173
		file->f_pos = offset;
175
		file->f_pos = offset;
Lines 176-183 Link Here
176
	case 1:
178
	case 1:
177
		file->f_pos += offset;
179
		file->f_pos += offset;
178
		ret = file->f_pos;
180
		ret = file->f_pos;
181
		break;
182
	default:
183
		ret = -EINVAL;
179
	}
184
	}
180
	unlock_kernel();
185
	up(&msr_lock);
181
	return ret;
186
	return ret;
182
}
187
}
183
188
Lines 187-209 Link Here
187
	u32 __user *tmp = (u32 __user *) buf;
192
	u32 __user *tmp = (u32 __user *) buf;
188
	u32 data[2];
193
	u32 data[2];
189
	size_t rv;
194
	size_t rv;
190
	u32 reg = *ppos;
195
	u32 reg;
191
	int cpu = iminor(file->f_dentry->d_inode);
196
	int cpu = iminor(file->f_dentry->d_inode);
192
	int err;
197
	int err = -EINVAL;
193
198
194
	if (count % 8)
199
	if (count % 8)
195
		return -EINVAL;	/* Invalid chunk size */
200
		return -EINVAL;	/* Invalid chunk size */
196
201
202
	down(&msr_lock);
203
	if(*ppos > 0xFFFFFFFF)
204
		goto error;
205
206
	reg = *ppos;
197
	for (rv = 0; count; count -= 8) {
207
	for (rv = 0; count; count -= 8) {
198
		err = do_rdmsr(cpu, reg, &data[0], &data[1]);
208
		err = do_rdmsr(cpu, reg, &data[0], &data[1]);
199
		if (err)
209
		if (err)
200
			return err;
210
			goto error;
201
		if (copy_to_user(tmp, &data, 8))
211
		if (copy_to_user(tmp, &data, 8))
202
			return -EFAULT;
212
		{
213
			err = -EFAULT;
214
			goto error;
215
		}
203
		tmp += 2;
216
		tmp += 2;
217
		/* XXX API - should seek on */
204
	}
218
	}
205
219
	/* Invariant: err = 0 here */
206
	return ((char __user *)tmp) - buf;
220
error:
221
	up(&msr_lock);
222
	if(tmp != buf)
223
		return ((char __user *)tmp) - buf;
224
	return err;
207
}
225
}
208
226
209
static ssize_t msr_write(struct file *file, const char __user *buf,
227
static ssize_t msr_write(struct file *file, const char __user *buf,
Lines 212-234 Link Here
212
	const u32 __user *tmp = (const u32 __user *)buf;
230
	const u32 __user *tmp = (const u32 __user *)buf;
213
	u32 data[2];
231
	u32 data[2];
214
	size_t rv;
232
	size_t rv;
215
	u32 reg = *ppos;
233
	u32 reg;
216
	int cpu = iminor(file->f_dentry->d_inode);
234
	int cpu = iminor(file->f_dentry->d_inode);
217
	int err;
235
	int err = -EINVAL;
218
236
219
	if (count % 8)
237
	if (count % 8)
220
		return -EINVAL;	/* Invalid chunk size */
238
		return -EINVAL;	/* Invalid chunk size */
221
239
240
	down(&msr_lock);
241
	if(*ppos > 0xFFFFFFFF)
242
		goto error;
243
	reg = *ppos;
244
	
222
	for (rv = 0; count; count -= 8) {
245
	for (rv = 0; count; count -= 8) {
223
		if (copy_from_user(&data, tmp, 8))
246
		if (copy_from_user(&data, tmp, 8))
224
			return -EFAULT;
247
		{
248
			err = -EFAULT;
249
			goto error;
250
		}
225
		err = do_wrmsr(cpu, reg, data[0], data[1]);
251
		err = do_wrmsr(cpu, reg, data[0], data[1]);
226
		if (err)
252
		if (err)
227
			return err;
253
			goto error;
228
		tmp += 2;
254
		tmp += 2;
229
	}
255
	}
230
256
	/* Invariant err = 0 here */
231
	return ((char __user *)tmp) - buf;
257
	
258
error:
259
	up(&msr_lock);
260
	if(tmp != buf)
261
		return ((char __user *)tmp) - buf;
262
	return err;
232
}
263
}
233
264
234
static int msr_open(struct inode *inode, struct file *file)
265
static int msr_open(struct inode *inode, struct file *file)
(-)linux-2.6.7/arch/ia64/kernel/salinfo.c (-2 / +5 lines)
Lines 430-435 Link Here
430
	size_t size;
430
	size_t size;
431
	u8 *buf;
431
	u8 *buf;
432
	u64 bufsize;
432
	u64 bufsize;
433
	loff_t pos = *ppos;
434
	
435
	/* FIXME: needs seek/parallel-lock */
433
436
434
	if (data->state == STATE_LOG_RECORD) {
437
	if (data->state == STATE_LOG_RECORD) {
435
		buf = data->log_buffer;
438
		buf = data->log_buffer;
Lines 441-447 Link Here
441
		buf = NULL;
444
		buf = NULL;
442
		bufsize = 0;
445
		bufsize = 0;
443
	}
446
	}
444
	if (*ppos >= bufsize)
447
	if (pos >= bufsize)
445
		return 0;
448
		return 0;
446
449
447
	saldata = buf + file->f_pos;
450
	saldata = buf + file->f_pos;
Lines 451-457 Link Here
451
	if (copy_to_user(buffer, saldata, size))
454
	if (copy_to_user(buffer, saldata, size))
452
		return -EFAULT;
455
		return -EFAULT;
453
456
454
	*ppos += size;
457
	*ppos = pos + size;
455
	return size;
458
	return size;
456
}
459
}
457
460
(-)linux-2.6.7/arch/mips/sibyte/sb1250/bcm1250_tbprof.c (+3 lines)
Lines 300-305 Link Here
300
	int   count   =	 0;
300
	int   count   =	 0;
301
	char *dest    =	 buf;
301
	char *dest    =	 buf;
302
	long  cur_off = *offp;
302
	long  cur_off = *offp;
303
	
304
	if(curr_off < 0)
305
		return -EINVAL;
303
306
304
	count = 0;
307
	count = 0;
305
	cur_sample = cur_off / TB_SAMPLE_SIZE;
308
	cur_sample = cur_off / TB_SAMPLE_SIZE;
(-)linux-2.6.7/arch/ppc/kernel/ppc_htab.c (-6 / +9 lines)
Lines 106-113 Link Here
106
	PTE *ptr;
106
	PTE *ptr;
107
#endif /* CONFIG_PPC_STD_MMU */
107
#endif /* CONFIG_PPC_STD_MMU */
108
	char buffer[512];
108
	char buffer[512];
109
	loff_t pos = *ppos;
109
110
110
	if (count < 0)
111
	/* FIXME - needs seek/pos locking */
112
	
113
	if (pos < 0 || pos > 512)
111
		return -EINVAL;
114
		return -EINVAL;
112
115
113
	if (cur_cpu_spec[0]->cpu_features & CPU_FTR_604_PERF_MON) {
116
	if (cur_cpu_spec[0]->cpu_features & CPU_FTR_604_PERF_MON) {
Lines 188-202 Link Here
188
		      "Non-error misses: %lu\n"
191
		      "Non-error misses: %lu\n"
189
		      "Error misses\t: %lu\n",
192
		      "Error misses\t: %lu\n",
190
		      pte_misses, pte_errors);
193
		      pte_misses, pte_errors);
191
	if (*ppos >= strlen(buffer))
194
	if (pos >= strlen(buffer))
192
		return 0;
195
		return 0;
193
	if (n > strlen(buffer) - *ppos)
196
	if (n > strlen(buffer) - pos)
194
		n = strlen(buffer) - *ppos;
197
		n = strlen(buffer) - pos;
195
	if (n > count)
198
	if (n > count)
196
		n = count;
199
		n = count;
197
	if (copy_to_user(buf, buffer + *ppos, n))
200
	if (copy_to_user(buf, buffer + pos, n))
198
		return -EFAULT;
201
		return -EFAULT;
199
	*ppos += n;
202
	*ppos = pos + n;
200
	return n;
203
	return n;
201
}
204
}
202
205
(-)linux-2.6.7/arch/ppc/platforms/proc_rtas.c (-22 / +40 lines)
Lines 265-282 Link Here
265
		size_t count, loff_t *ppos)
265
		size_t count, loff_t *ppos)
266
{
266
{
267
	int n;
267
	int n;
268
	loff_t pos = *ppos;
269
	
270
	/* XXX - needs seek locking */
268
	if (power_on_time == 0)
271
	if (power_on_time == 0)
269
		n = sprintf(buf, "Power on time not set\n");
272
		n = sprintf(buf, "Power on time not set\n");
270
	else
273
	else
271
		n = sprintf(buf, "%lu\n", power_on_time);
274
		n = sprintf(buf, "%lu\n", power_on_time);
272
275
273
	if (*ppos >= strlen(buf))
276
	if (pos != (unsigned int)pos || pos >= strlen(buf))
274
		return 0;
277
		return 0;
275
	if (n > strlen(buf) - *ppos)
278
	if (n > strlen(buf) - pos)
276
		n = strlen(buf) - *ppos;
279
		n = strlen(buf) - pos;
277
	if (n > count)
280
	if (n > count)
278
		n = count;
281
		n = count;
279
	*ppos += n;
282
	*ppos = pos + n;
280
	return n;
283
	return n;
281
}
284
}
282
285
Lines 302-316 Link Here
302
		size_t count, loff_t *ppos)
305
		size_t count, loff_t *ppos)
303
{
306
{
304
	int n = 0;
307
	int n = 0;
308
	loff_t pos = *ppos;
309
	
310
	/* XXX - needs seek locking */
311
	
305
	if (progress_led != NULL)
312
	if (progress_led != NULL)
306
		n = sprintf (buf, "%s\n", progress_led);
313
		n = sprintf (buf, "%s\n", progress_led);
307
	if (*ppos >= strlen(buf))
314
	if (pos != (unsigned int)pos || pos >= strlen(buf))
308
		return 0;
315
		return 0;
309
	if (n > strlen(buf) - *ppos)
316
	if (n > strlen(buf) - pos)
310
		n = strlen(buf) - *ppos;
317
		n = strlen(buf) - pos;
311
	if (n > count)
318
	if (n > count)
312
		n = count;
319
		n = count;
313
	*ppos += n;
320
	*ppos = pos + n;
314
	return n;
321
	return n;
315
}
322
}
316
323
Lines 346-352 Link Here
346
{
353
{
347
	unsigned int year, mon, day, hour, min, sec;
354
	unsigned int year, mon, day, hour, min, sec;
348
	unsigned long *ret = kmalloc(4*8, GFP_KERNEL);
355
	unsigned long *ret = kmalloc(4*8, GFP_KERNEL);
356
	loff_t pos = *ppos;
349
	int n, error;
357
	int n, error;
358
	
359
	if(ret == NULL)
360
		return -ENOMEM;
361
		
362
	/* Needs seek locking */
350
363
351
	error = call_rtas("get-time-of-day", 0, 8, ret);
364
	error = call_rtas("get-time-of-day", 0, 8, ret);
352
365
Lines 362-374 Link Here
362
	}
375
	}
363
	kfree(ret);
376
	kfree(ret);
364
377
365
	if (*ppos >= strlen(buf))
378
	if (pos != (unsigned int)pos || pos >= strlen(buf))
366
		return 0;
379
		return 0;
367
	if (n > strlen(buf) - *ppos)
380
	if (n > strlen(buf) - pos)
368
		n = strlen(buf) - *ppos;
381
		n = strlen(buf) - pos;
369
	if (n > count)
382
	if (n > count)
370
		n = count;
383
		n = count;
371
	*ppos += n;
384
	*ppos = pos + n;
372
	return n;
385
	return n;
373
}
386
}
374
387
Lines 734-748 Link Here
734
		size_t count, loff_t *ppos)
747
		size_t count, loff_t *ppos)
735
{
748
{
736
	int n;
749
	int n;
750
	loff_t pos = *ppos;
751
	
752
	/* XXX - needs seek locking */
753
	
737
	n = sprintf(buf, "%lu\n", rtas_tone_frequency);
754
	n = sprintf(buf, "%lu\n", rtas_tone_frequency);
738
755
739
	if (*ppos >= strlen(buf))
756
	if (pos != (unsigned long)pos || pos >= strlen(buf))
740
		return 0;
757
		return 0;
741
	if (n > strlen(buf) - *ppos)
758
	if (n > strlen(buf) - pos)
742
		n = strlen(buf) - *ppos;
759
		n = strlen(buf) - pos;
743
	if (n > count)
760
	if (n > count)
744
		n = count;
761
		n = count;
745
	*ppos += n;
762
	*ppos = pos + n;
746
	return n;
763
	return n;
747
}
764
}
748
/* ****************************************************************** */
765
/* ****************************************************************** */
Lines 774-788 Link Here
774
static ssize_t ppc_rtas_tone_volume_read(struct file * file, char * buf,
791
static ssize_t ppc_rtas_tone_volume_read(struct file * file, char * buf,
775
		size_t count, loff_t *ppos)
792
		size_t count, loff_t *ppos)
776
{
793
{
777
	int n;
794
	int n = sprintf(buf, "%lu\n", rtas_tone_volume);
778
	n = sprintf(buf, "%lu\n", rtas_tone_volume);
795
	loff_t pos = *ppos;
779
796
780
	if (*ppos >= strlen(buf))
797
	/* XXX - Needs locking - actual shouldnt these all have ONE helper */
798
	if (pos != (unsigned int) pos || pos >= strlen(buf))
781
		return 0;
799
		return 0;
782
	if (n > strlen(buf) - *ppos)
800
	if (n > strlen(buf) - pos)
783
		n = strlen(buf) - *ppos;
801
		n = strlen(buf) - pos;
784
	if (n > count)
802
	if (n > count)
785
		n = count;
803
		n = count;
786
	*ppos += n;
804
	*ppos =  pos + n;
787
	return n;
805
	return n;
788
}
806
}
(-)linux-2.6.7/arch/ppc64/kernel/nvram.c (-4 / +11 lines)
Lines 57-62 Link Here
57
static loff_t dev_nvram_llseek(struct file *file, loff_t offset, int origin)
57
static loff_t dev_nvram_llseek(struct file *file, loff_t offset, int origin)
58
{
58
{
59
	int size;
59
	int size;
60
	/* XXX needs locking */
60
61
61
	if (ppc_md.nvram_size == NULL)
62
	if (ppc_md.nvram_size == NULL)
62
		return -ENODEV;
63
		return -ENODEV;
Lines 83-88 Link Here
83
	ssize_t len;
84
	ssize_t len;
84
	char *tmp_buffer;
85
	char *tmp_buffer;
85
	int size;
86
	int size;
87
	loff_t pos = *ppos;
86
88
87
	if (ppc_md.nvram_size == NULL)
89
	if (ppc_md.nvram_size == NULL)
88
		return -ENODEV;
90
		return -ENODEV;
Lines 90-96 Link Here
90
92
91
	if (verify_area(VERIFY_WRITE, buf, count))
93
	if (verify_area(VERIFY_WRITE, buf, count))
92
		return -EFAULT;
94
		return -EFAULT;
93
	if (*ppos >= size)
95
	if (pos >= size || pos < 0)
94
		return 0;
96
		return 0;
95
	if (count > size) 
97
	if (count > size) 
96
		count = size;
98
		count = size;
Lines 101-107 Link Here
101
		return -ENOMEM;
103
		return -ENOMEM;
102
	}
104
	}
103
105
104
	len = ppc_md.nvram_read(tmp_buffer, count, ppos);
106
	len = ppc_md.nvram_read(tmp_buffer, count, &pos);
107
	*ppos = pos;
108
	
105
	if ((long)len <= 0) {
109
	if ((long)len <= 0) {
106
		kfree(tmp_buffer);
110
		kfree(tmp_buffer);
107
		return len;
111
		return len;
Lines 123-128 Link Here
123
	ssize_t len;
127
	ssize_t len;
124
	char * tmp_buffer;
128
	char * tmp_buffer;
125
	int size;
129
	int size;
130
	loff_t pos = *ppos;
126
131
127
	if (ppc_md.nvram_size == NULL)
132
	if (ppc_md.nvram_size == NULL)
128
		return -ENODEV;
133
		return -ENODEV;
Lines 130-136 Link Here
130
135
131
	if (verify_area(VERIFY_READ, buf, count))
136
	if (verify_area(VERIFY_READ, buf, count))
132
		return -EFAULT;
137
		return -EFAULT;
133
	if (*ppos >= size)
138
	if (pos >= size || pos < 0)
134
		return 0;
139
		return 0;
135
	if (count > size)
140
	if (count > size)
136
		count = size;
141
		count = size;
Lines 146-152 Link Here
146
		return -EFAULT;
151
		return -EFAULT;
147
	}
152
	}
148
153
149
	len = ppc_md.nvram_write(tmp_buffer, count, ppos);
154
	len = ppc_md.nvram_write(tmp_buffer, count, &pos);
155
	*ppos = pos;
156
	
150
	if ((long)len <= 0) {
157
	if ((long)len <= 0) {
151
		kfree(tmp_buffer);
158
		kfree(tmp_buffer);
152
		return len;
159
		return len;
(-)linux-2.6.7/arch/ppc64/kernel/proc_ppc64.c (-2 / +3 lines)
Lines 140-145 Link Here
140
140
141
static loff_t page_map_seek( struct file *file, loff_t off, int whence)
141
static loff_t page_map_seek( struct file *file, loff_t off, int whence)
142
{
142
{
143
	/* XXX - locking needed */
143
	loff_t new;
144
	loff_t new;
144
	struct proc_dir_entry *dp = PDE(file->f_dentry->d_inode);
145
	struct proc_dir_entry *dp = PDE(file->f_dentry->d_inode);
145
146
Lines 163-172 Link Here
163
164
164
static ssize_t page_map_read( struct file *file, char *buf, size_t nbytes, loff_t *ppos)
165
static ssize_t page_map_read( struct file *file, char *buf, size_t nbytes, loff_t *ppos)
165
{
166
{
166
	unsigned pos = *ppos;
167
	loff_t pos = *ppos;
167
	struct proc_dir_entry *dp = PDE(file->f_dentry->d_inode);
168
	struct proc_dir_entry *dp = PDE(file->f_dentry->d_inode);
168
169
169
	if ( pos >= dp->size )
170
	if ( pos < 0 || pos >= dp->size )
170
		return 0;
171
		return 0;
171
	if ( nbytes >= dp->size )
172
	if ( nbytes >= dp->size )
172
		nbytes = dp->size;
173
		nbytes = dp->size;
(-)linux-2.6.7/arch/ppc64/kernel/rtas_flash.c (-9 / +6 lines)
Lines 238-244 Link Here
238
	if (msglen > count)
238
	if (msglen > count)
239
		msglen = count;
239
		msglen = count;
240
240
241
	if (ppos && *ppos != 0)
241
	if (*ppos != 0)
242
		return 0;	/* be cheap */
242
		return 0;	/* be cheap */
243
243
244
	error = verify_area(VERIFY_WRITE, buf, msglen);
244
	error = verify_area(VERIFY_WRITE, buf, msglen);
Lines 248-255 Link Here
248
	if (copy_to_user(buf, msg, msglen))
248
	if (copy_to_user(buf, msg, msglen))
249
		return -EFAULT;
249
		return -EFAULT;
250
250
251
	if (ppos)
251
	*ppos = msglen;
252
		*ppos = msglen;
253
	return msglen;
252
	return msglen;
254
}
253
}
255
254
Lines 375-381 Link Here
375
	if (msglen > count)
374
	if (msglen > count)
376
		msglen = count;
375
		msglen = count;
377
376
378
	if (ppos && *ppos != 0)
377
	if (*ppos != 0)
379
		return 0;	/* be cheap */
378
		return 0;	/* be cheap */
380
379
381
	error = verify_area(VERIFY_WRITE, buf, msglen);
380
	error = verify_area(VERIFY_WRITE, buf, msglen);
Lines 385-392 Link Here
385
	if (copy_to_user(buf, msg, msglen))
384
	if (copy_to_user(buf, msg, msglen))
386
		return -EFAULT;
385
		return -EFAULT;
387
386
388
	if (ppos)
387
	*ppos = msglen;
389
		*ppos = msglen;
390
	return msglen;
388
	return msglen;
391
}
389
}
392
390
Lines 481-487 Link Here
481
479
482
	args_buf = (struct rtas_validate_flash_t *) dp->data;
480
	args_buf = (struct rtas_validate_flash_t *) dp->data;
483
481
484
	if (ppos && *ppos != 0)
482
	if (*ppos != 0)
485
		return 0;	/* be cheap */
483
		return 0;	/* be cheap */
486
	
484
	
487
	msglen = get_validate_flash_msg(args_buf, msg);
485
	msglen = get_validate_flash_msg(args_buf, msg);
Lines 495-502 Link Here
495
	if (copy_to_user(buf, msg, msglen))
493
	if (copy_to_user(buf, msg, msglen))
496
		return -EFAULT;
494
		return -EFAULT;
497
495
498
	if (ppos)
496
	*ppos = msglen;
499
		*ppos = msglen;
500
	return msglen;
497
	return msglen;
501
}
498
}
502
499
(-)linux-2.6.7/arch/ppc64/kernel/rtas-proc.c (-28 / +37 lines)
Lines 282-303 Link Here
282
{
282
{
283
	char stkbuf[40];  /* its small, its on stack */
283
	char stkbuf[40];  /* its small, its on stack */
284
	int n, sn;
284
	int n, sn;
285
	loff_t pos = *ppos;
286
	
285
	if (power_on_time == 0)
287
	if (power_on_time == 0)
286
		n = scnprintf(stkbuf,sizeof(stkbuf),"Power on time not set\n");
288
		n = scnprintf(stkbuf,sizeof(stkbuf),"Power on time not set\n");
287
	else
289
	else
288
		n = scnprintf(stkbuf,sizeof(stkbuf),"%lu\n",power_on_time);
290
		n = scnprintf(stkbuf,sizeof(stkbuf),"%lu\n",power_on_time);
289
291
290
	sn = strlen (stkbuf) +1;
292
	sn = strlen (stkbuf) +1;
291
	if (*ppos >= sn)
293
	if (pos != (unsigned int)pos || pos >= sn)
292
		return 0;
294
		return 0;
293
	if (n > sn - *ppos)
295
	if (n > sn - pos)
294
		n = sn - *ppos;
296
		n = sn - pos;
295
	if (n > count)
297
	if (n > count)
296
		n = count;
298
		n = count;
297
	if (copy_to_user (buf, stkbuf + (*ppos), n)) {
299
	if (copy_to_user (buf, stkbuf + pos, n)) {
298
		return -EFAULT;
300
		return -EFAULT;
299
	}
301
	}
300
	*ppos += n;
302
	*ppos = pos + n;
301
	return n;
303
	return n;
302
}
304
}
303
305
Lines 329-334 Link Here
329
{
331
{
330
	int sn, n = 0;
332
	int sn, n = 0;
331
	char *tmpbuf;
333
	char *tmpbuf;
334
	loff_t pos = *ppos;
332
335
333
	if (progress_led == NULL) return 0;
336
	if (progress_led == NULL) return 0;
334
337
Lines 340-359 Link Here
340
	n = sprintf (tmpbuf, "%s\n", progress_led);
343
	n = sprintf (tmpbuf, "%s\n", progress_led);
341
344
342
	sn = strlen (tmpbuf) +1;
345
	sn = strlen (tmpbuf) +1;
343
	if (*ppos >= sn) {
346
	if (pos != (unsigned int)pos || pos >= sn) {
344
		kfree (tmpbuf);
347
		kfree (tmpbuf);
345
		return 0;
348
		return 0;
346
	}
349
	}
347
	if (n > sn - *ppos)
350
	if (n > sn - pos)
348
		n = sn - *ppos;
351
		n = sn - pos;
349
	if (n > count)
352
	if (n > count)
350
		n = count;
353
		n = count;
351
	if (copy_to_user (buf, tmpbuf + (*ppos), n)) {
354
	if (copy_to_user (buf, tmpbuf + pos, n)) {
352
		kfree (tmpbuf);
355
		kfree (tmpbuf);
353
		return -EFAULT;
356
		return -EFAULT;
354
	}
357
	}
355
	kfree (tmpbuf);
358
	kfree (tmpbuf);
356
	*ppos += n;
359
	*ppos = pos + n;
357
	return n;
360
	return n;
358
}
361
}
359
362
Lines 397-403 Link Here
397
	unsigned long *ret = kmalloc(4*8, GFP_KERNEL);
400
	unsigned long *ret = kmalloc(4*8, GFP_KERNEL);
398
	int n, sn, error;
401
	int n, sn, error;
399
	char stkbuf[40];  /* its small, its on stack */
402
	char stkbuf[40];  /* its small, its on stack */
403
	loff_t pos = *ppos;
400
404
405
	if(ret == NULL)
406
		return -ENOMEM;
407
		
401
	error = rtas_call(rtas_token("get-time-of-day"), 0, 8, ret);
408
	error = rtas_call(rtas_token("get-time-of-day"), 0, 8, ret);
402
	
409
	
403
	year = ret[0]; mon  = ret[1]; day  = ret[2];
410
	year = ret[0]; mon  = ret[1]; day  = ret[2];
Lines 414-429 Link Here
414
	kfree(ret);
421
	kfree(ret);
415
422
416
	sn = strlen (stkbuf) +1;
423
	sn = strlen (stkbuf) +1;
417
	if (*ppos >= sn)
424
	if (pos != (unsigned int)pos || pos >= sn)
418
		return 0;
425
		return 0;
419
	if (n > sn - *ppos)
426
	if (n > sn - pos)
420
		n = sn - *ppos;
427
		n = sn - pos;
421
	if (n > count)
428
	if (n > count)
422
		n = count;
429
		n = count;
423
	if (copy_to_user (buf, stkbuf + (*ppos), n)) {
430
	if (copy_to_user (buf, stkbuf + pos, n)) {
424
		return -EFAULT;
431
		return -EFAULT;
425
	}
432
	}
426
	*ppos += n;
433
	*ppos = pos + n;
427
	return n;
434
	return n;
428
}
435
}
429
436
Lines 834-840 Link Here
834
	char *dest;
841
	char *dest;
835
	int error;
842
	int error;
836
843
837
	if (39 < count) count = 39;
844
	if (39 < count)
845
		count = 39;
838
	if (copy_from_user (stkbuf, buf, count)) {
846
	if (copy_from_user (stkbuf, buf, count)) {
839
		return -EFAULT;
847
		return -EFAULT;
840
	}
848
	}
Lines 859-878 Link Here
859
{
867
{
860
	int n, sn;
868
	int n, sn;
861
	char stkbuf[40];  /* its small, its on stack */
869
	char stkbuf[40];  /* its small, its on stack */
870
	loff_t pos = *ppos;
862
871
863
	n = scnprintf(stkbuf, 40, "%lu\n", rtas_tone_frequency);
872
	n = scnprintf(stkbuf, 40, "%lu\n", rtas_tone_frequency);
864
873
865
	sn = strlen (stkbuf) +1;
874
	sn = strlen (stkbuf) +1;
866
	if (*ppos >= sn)
875
	if (pos != (unsigned int)pos || pos >= sn)
867
		return 0;
876
		return 0;
868
	if (n > sn - *ppos)
877
	if (n > sn - pos)
869
		n = sn - *ppos;
878
		n = sn - pos;
870
	if (n > count)
879
	if (n > count)
871
		n = count;
880
		n = count;
872
	if (copy_to_user (buf, stkbuf + (*ppos), n)) {
881
	if (copy_to_user (buf, stkbuf + pos, n)) {
873
		return -EFAULT;
882
		return -EFAULT;
874
	}
883
	}
875
	*ppos += n;
884
	*ppos = pos + n;
876
	return n;
885
	return n;
877
}
886
}
878
/* ****************************************************************** */
887
/* ****************************************************************** */
Lines 913-932 Link Here
913
{
922
{
914
	int n, sn;
923
	int n, sn;
915
	char stkbuf[40];  /* its small, its on stack */
924
	char stkbuf[40];  /* its small, its on stack */
925
	loff_t pos = *ppos;
916
926
917
	n = scnprintf(stkbuf, 40, "%lu\n", rtas_tone_volume);
927
	n = scnprintf(stkbuf, 40, "%lu\n", rtas_tone_volume);
918
928
919
	sn = strlen (stkbuf) +1;
929
	sn = strlen (stkbuf) +1;
920
	if (*ppos >= sn)
930
	if (pos != (unsigned int)pos || pos >= sn)
921
		return 0;
931
		return 0;
922
	if (n > sn - *ppos)
932
	if (n > sn - pos)
923
		n = sn - *ppos;
933
		n = sn - pos;
924
	if (n > count)
934
	if (n > count)
925
		n = count;
935
		n = count;
926
	if (copy_to_user (buf, stkbuf + (*ppos), n)) {
936
	if (copy_to_user (buf, stkbuf + (*ppos), n)) {
927
		return -EFAULT;
937
		return -EFAULT;
928
	}
938
	}
929
	*ppos += n;
939
	*ppos = pos + n;
930
	return n;
940
	return n;
931
}
941
}
932
942
Lines 943-956 Link Here
943
	if (n > count)
953
	if (n > count)
944
		n = count;
954
		n = count;
945
955
946
	if (ppos && *ppos != 0)
956
	if (*ppos != 0)
947
		return 0;
957
		return 0;
948
958
949
	if (copy_to_user(buf, kbuf, n))
959
	if (copy_to_user(buf, kbuf, n))
950
		return -EFAULT;
960
		return -EFAULT;
951
961
952
	if (ppos)
962
	*ppos = n;
953
		*ppos = n;
954
	
963
	
955
	return n;
964
	return n;
956
}
965
}
(-)linux-2.6.7/arch/s390/kernel/debug.c (-4 / +4 lines)
Lines 427-433 Link Here
427
427
428
	p_info = ((file_private_info_t *) file->private_data);
428
	p_info = ((file_private_info_t *) file->private_data);
429
	if (*offset != p_info->offset) 
429
	if (*offset != p_info->offset) 
430
		return -EPIPE;
430
		return -ESPIPE;
431
	if(p_info->act_area >= p_info->debug_info_snap->nr_areas)
431
	if(p_info->act_area >= p_info->debug_info_snap->nr_areas)
432
		return 0;
432
		return 0;
433
433
Lines 449-455 Link Here
449
				goto out;
449
				goto out;
450
	}
450
	}
451
out:
451
out:
452
	p_info->offset           = *offset + count;
452
	p_info->offset           += count;
453
	p_info->act_entry_offset = size;	
453
	p_info->act_entry_offset = size;	
454
	*offset = p_info->offset;
454
	*offset = p_info->offset;
455
	return count;
455
	return count;
Lines 964-970 Link Here
964
		       input_buf[0]);
964
		       input_buf[0]);
965
	}
965
	}
966
      out:
966
      out:
967
	*offset += in_buf_size;
967
	*offset = in_buf_size;
968
	return rc;		/* number of input characters */
968
	return rc;		/* number of input characters */
969
}
969
}
970
970
Lines 1031-1037 Link Here
1031
        printk(KERN_INFO "debug: area `%c` is not valid\n", input_buf[0]);
1031
        printk(KERN_INFO "debug: area `%c` is not valid\n", input_buf[0]);
1032
1032
1033
      out:
1033
      out:
1034
        *offset += in_buf_size;
1034
        *offset = in_buf_size;
1035
        return rc;              /* number of input characters */
1035
        return rc;              /* number of input characters */
1036
}
1036
}
1037
1037
(-)linux-2.6.7/drivers/acpi/system.c (-8 / +19 lines)
Lines 94-109 Link Here
94
	struct acpi_buffer	dsdt = {ACPI_ALLOCATE_BUFFER, NULL};
94
	struct acpi_buffer	dsdt = {ACPI_ALLOCATE_BUFFER, NULL};
95
	void			*data = 0;
95
	void			*data = 0;
96
	size_t			size = 0;
96
	size_t			size = 0;
97
	loff_t			pos = *ppos;
97
98
98
	ACPI_FUNCTION_TRACE("acpi_system_read_dsdt");
99
	ACPI_FUNCTION_TRACE("acpi_system_read_dsdt");
100
	
101
	/* XXX - seek locking required */
99
102
100
	status = acpi_get_table(ACPI_TABLE_DSDT, 1, &dsdt);
103
	status = acpi_get_table(ACPI_TABLE_DSDT, 1, &dsdt);
101
	if (ACPI_FAILURE(status))
104
	if (ACPI_FAILURE(status))
102
		return_VALUE(-ENODEV);
105
		return_VALUE(-ENODEV);
103
106
104
	if (*ppos < dsdt.length) {
107
	if (pos < 0)
105
		data = dsdt.pointer + file->f_pos;
108
		return -EINVAL;
106
		size = dsdt.length - file->f_pos;
109
		
110
	if (pos < dsdt.length) {
111
		data = dsdt.pointer + pos;
112
		size = dsdt.length - pos;
107
		if (size > count)
113
		if (size > count)
108
			size = count;
114
			size = count;
109
		if (copy_to_user(buffer, data, size)) {
115
		if (copy_to_user(buffer, data, size)) {
Lines 114-120 Link Here
114
120
115
	acpi_os_free(dsdt.pointer);
121
	acpi_os_free(dsdt.pointer);
116
122
117
	*ppos += size;
123
	*ppos = pos + size;
118
124
119
	return_VALUE(size);
125
	return_VALUE(size);
120
}
126
}
Lines 137-142 Link Here
137
	struct acpi_buffer	fadt = {ACPI_ALLOCATE_BUFFER, NULL};
143
	struct acpi_buffer	fadt = {ACPI_ALLOCATE_BUFFER, NULL};
138
	void			*data = 0;
144
	void			*data = 0;
139
	size_t			size = 0;
145
	size_t			size = 0;
146
	loff_t			pos = *ppos;
140
147
141
	ACPI_FUNCTION_TRACE("acpi_system_read_fadt");
148
	ACPI_FUNCTION_TRACE("acpi_system_read_fadt");
142
149
Lines 144-152 Link Here
144
	if (ACPI_FAILURE(status))
151
	if (ACPI_FAILURE(status))
145
		return_VALUE(-ENODEV);
152
		return_VALUE(-ENODEV);
146
153
147
	if (*ppos < fadt.length) {
154
	/* XXX - seek locking required */
148
		data = fadt.pointer + file->f_pos;
155
	if (pos < 0)
149
		size = fadt.length - file->f_pos;
156
		return -EINVAL;
157
		
158
	if (pos < fadt.length) {
159
		data = fadt.pointer + pos;
160
		size = fadt.length - pos;
150
		if (size > count)
161
		if (size > count)
151
			size = count;
162
			size = count;
152
		if (copy_to_user(buffer, data, size)) {
163
		if (copy_to_user(buffer, data, size)) {
Lines 157-163 Link Here
157
168
158
	acpi_os_free(fadt.pointer);
169
	acpi_os_free(fadt.pointer);
159
170
160
	*ppos += size;
171
	*ppos = pos + size;
161
172
162
	return_VALUE(size);
173
	return_VALUE(size);
163
}
174
}
(-)linux-2.6.7/drivers/block/acsi_slm.c (-7 / +9 lines)
Lines 366-375 Link Here
366
{
366
{
367
	struct inode *node = file->f_dentry->d_inode;
367
	struct inode *node = file->f_dentry->d_inode;
368
	unsigned long page;
368
	unsigned long page;
369
	loff_t pos = *ppos;
369
	int length;
370
	int length;
370
	int end;
371
	int end;
371
372
372
	if (count < 0)
373
	/* XXX - seek locking required */
374
	if (count < 0 || pos < 0)
373
		return( -EINVAL );
375
		return( -EINVAL );
374
	if (!(page = __get_free_page( GFP_KERNEL )))
376
	if (!(page = __get_free_page( GFP_KERNEL )))
375
		return( -ENOMEM );
377
		return( -ENOMEM );
Lines 379-396 Link Here
379
		count = length;
381
		count = length;
380
		goto out;
382
		goto out;
381
	}
383
	}
382
	if (file->f_pos >= length) {
384
	if (pos >= length) {
383
		count = 0;
385
		count = 0;
384
		goto out;
386
		goto out;
385
	}
387
	}
386
	if (count + file->f_pos > length)
388
	if (count + pos > length)
387
		count = length - file->f_pos;
389
		count = length - pos;
388
	end = count + file->f_pos;
390
	end = count + pos;
389
	if (copy_to_user(buf, (char *)page + file->f_pos, count)) {
391
	if (copy_to_user(buf, (char *)page + pos, count)) {
390
		count = -EFAULT;
392
		count = -EFAULT;
391
		goto out;
393
		goto out;
392
	}
394
	}
393
	file->f_pos = end;
395
	*ppos = end;
394
out:	free_page( page );
396
out:	free_page( page );
395
	return( count );
397
	return( count );
396
}
398
}
(-)linux-2.6.7/drivers/char/generic_nvram.c (-10 / +25 lines)
Lines 22-33 Link Here
22
#include <linux/smp_lock.h>
22
#include <linux/smp_lock.h>
23
#include <asm/uaccess.h>
23
#include <asm/uaccess.h>
24
#include <asm/nvram.h>
24
#include <asm/nvram.h>
25
#include <asm/semaphore.h>
25
26
26
#define NVRAM_SIZE	8192
27
#define NVRAM_SIZE	8192
27
28
29
static DECLARE_MUTEX(nvram_sem);
30
28
static loff_t nvram_llseek(struct file *file, loff_t offset, int origin)
31
static loff_t nvram_llseek(struct file *file, loff_t offset, int origin)
29
{
32
{
30
	lock_kernel();
33
	down(&nvram_sem);
34
     
31
	switch (origin) {
35
	switch (origin) {
32
	case 1:
36
	case 1:
33
		offset += file->f_pos;
37
		offset += file->f_pos;
Lines 37-84 Link Here
37
		break;
41
		break;
38
	}
42
	}
39
	if (offset < 0) {
43
	if (offset < 0) {
40
		unlock_kernel();
44
		up(&nvram_sem);
41
		return -EINVAL;
45
		return -EINVAL;
42
	}
46
	}
43
	file->f_pos = offset;
47
	file->f_pos = offset;
44
	unlock_kernel();
48
	up(&nvram_sem);
45
	return file->f_pos;
49
	return file->f_pos;
46
}
50
}
47
51
48
static ssize_t read_nvram(struct file *file, char __user *buf,
52
static ssize_t read_nvram(struct file *file, char __user *buf,
49
			  size_t count, loff_t *ppos)
53
			  size_t count, loff_t *ppos)
50
{
54
{
51
	unsigned int i;
55
	loff_t i;
52
	char __user *p = buf;
56
	char __user *p = buf;
53
57
	
54
	if (verify_area(VERIFY_WRITE, buf, count))
58
	if (verify_area(VERIFY_WRITE, buf, count))
55
		return -EFAULT;
59
		return -EFAULT;
56
	if (*ppos >= NVRAM_SIZE)
60
		
57
		return 0;
61
	down(&nvram_sem);
62
	/* If we are already off the end then we report 0 anyway .. */
58
	for (i = *ppos; count > 0 && i < NVRAM_SIZE; ++i, ++p, --count)
63
	for (i = *ppos; count > 0 && i < NVRAM_SIZE; ++i, ++p, --count)
59
		if (__put_user(nvram_read_byte(i), p))
64
		if (__put_user(nvram_read_byte(i), p))
65
		{
66
			up(&nvram_sem);
60
			return -EFAULT;
67
			return -EFAULT;
68
		}
61
	*ppos = i;
69
	*ppos = i;
70
	up(&nvram_sem);
62
	return p - buf;
71
	return p - buf;
63
}
72
}
64
73
65
static ssize_t write_nvram(struct file *file, const char __user *buf,
74
static ssize_t write_nvram(struct file *file, const char __user *buf,
66
			   size_t count, loff_t *ppos)
75
			   size_t count, loff_t *ppos)
67
{
76
{
68
	unsigned int i;
77
	loff_t i;
69
	const char __user *p = buf;
78
	const char __user *p = buf;
70
	char c;
79
	char c;
80
	struct semaphore *s = &file->f_dentry->d_inode->i_sem;
71
81
72
	if (verify_area(VERIFY_READ, buf, count))
82
	if (verify_area(VERIFY_READ, buf, count))
73
		return -EFAULT;
83
		return -EFAULT;
74
	if (*ppos >= NVRAM_SIZE)
84
		
75
		return 0;
85
	down(&nvram_sem);
86
	/* if *ppos > end then we return 0 anyway */
76
	for (i = *ppos; count > 0 && i < NVRAM_SIZE; ++i, ++p, --count) {
87
	for (i = *ppos; count > 0 && i < NVRAM_SIZE; ++i, ++p, --count) {
77
		if (__get_user(c, p))
88
		if (__get_user(c, p))
89
		{
90
			up(&nvram_sem);
78
			return -EFAULT;
91
			return -EFAULT;
92
		}
79
		nvram_write_byte(c, i);
93
		nvram_write_byte(c, i);
80
	}
94
	}
81
	*ppos = i;
95
	*ppos = i;
96
	up(&nvram_sem);
82
	return p - buf;
97
	return p - buf;
83
}
98
}
84
99
(-)linux-2.6.7/drivers/char/i8k.c (-6 / +11 lines)
Lines 464-490 Link Here
464
464
465
static ssize_t i8k_read(struct file *f, char __user *buffer, size_t len, loff_t *fpos)
465
static ssize_t i8k_read(struct file *f, char __user *buffer, size_t len, loff_t *fpos)
466
{
466
{
467
    loff_t pos = *fpos;
467
    int n;
468
    int n;
468
    char info[128];
469
    char info[128];
470
    
471
    /* XXX - seek locking required */
469
472
470
    n = i8k_get_info(info, NULL, 0, 128);
473
    n = i8k_get_info(info, NULL, 0, 128);
471
    if (n <= 0) {
474
    if (n <= 0)
472
	return n;
475
	return n;
473
    }
476
	
477
    if (pos < 0)
478
    	return -EINVAL;
474
479
475
    if (*fpos >= n) {
480
    if (pos >= n) {
476
	return 0;
481
	return 0;
477
    }
482
    }
478
483
479
    if ((*fpos + len) >= n) {
484
    if (pos + len >= n) {
480
	len = n - *fpos;
485
	len = n - pos;
481
    }
486
    }
482
487
483
    if (copy_to_user(buffer, info, len) != 0) {
488
    if (copy_to_user(buffer, info, len) != 0) {
484
	return -EFAULT;
489
	return -EFAULT;
485
    }
490
    }
486
491
487
    *fpos += len;
492
    *fpos = pos + len;
488
    return len;
493
    return len;
489
}
494
}
490
495
(-)linux-2.6.7/drivers/char/istallion.c (-10 / +14 lines)
Lines 4821-4826 Link Here
4821
	void		*memptr;
4821
	void		*memptr;
4822
	stlibrd_t	*brdp;
4822
	stlibrd_t	*brdp;
4823
	int		brdnr, size, n;
4823
	int		brdnr, size, n;
4824
	loff_t		pos = *offp;
4824
4825
4825
#if DEBUG
4826
#if DEBUG
4826
	printk(KERN_DEBUG "stli_memread(fp=%x,buf=%x,count=%x,offp=%x)\n",
4827
	printk(KERN_DEBUG "stli_memread(fp=%x,buf=%x,count=%x,offp=%x)\n",
Lines 4835-4860 Link Here
4835
		return(-ENODEV);
4836
		return(-ENODEV);
4836
	if (brdp->state == 0)
4837
	if (brdp->state == 0)
4837
		return(-ENODEV);
4838
		return(-ENODEV);
4838
	if (fp->f_pos >= brdp->memsize)
4839
	if (pos < 0 || pos >= brdp->memsize)
4839
		return(0);
4840
		return(0);
4840
4841
4841
	size = MIN(count, (brdp->memsize - fp->f_pos));
4842
	size = MIN(count, (brdp->memsize - pos));
4842
4843
4843
	save_flags(flags);
4844
	save_flags(flags);
4844
	cli();
4845
	cli();
4845
	EBRDENABLE(brdp);
4846
	EBRDENABLE(brdp);
4846
	while (size > 0) {
4847
	while (size > 0) {
4847
		memptr = (void *) EBRDGETMEMPTR(brdp, fp->f_pos);
4848
		memptr = (void *) EBRDGETMEMPTR(brdp, fp->f_pos);
4848
		n = MIN(size, (brdp->pagesize - (((unsigned long) fp->f_pos) % brdp->pagesize)));
4849
		n = MIN(size, (brdp->pagesize - (((unsigned long) pos) % brdp->pagesize)));
4849
		if (copy_to_user(buf, memptr, n)) {
4850
		if (copy_to_user(buf, memptr, n)) {
4850
			count = -EFAULT;
4851
			count = -EFAULT;
4851
			goto out;
4852
			goto out;
4852
		}
4853
		}
4853
		fp->f_pos += n;
4854
		pos += n;
4854
		buf += n;
4855
		buf += n;
4855
		size -= n;
4856
		size -= n;
4856
	}
4857
	}
4857
out:
4858
out:
4859
	*ppos = pos;
4858
	EBRDDISABLE(brdp);
4860
	EBRDDISABLE(brdp);
4859
	restore_flags(flags);
4861
	restore_flags(flags);
4860
4862
Lines 4876-4882 Link Here
4876
	stlibrd_t	*brdp;
4878
	stlibrd_t	*brdp;
4877
	char		*chbuf;
4879
	char		*chbuf;
4878
	int		brdnr, size, n;
4880
	int		brdnr, size, n;
4879
4881
	loff_t		pos = *ppos;
4882
	
4880
#if DEBUG
4883
#if DEBUG
4881
	printk(KERN_DEBUG "stli_memwrite(fp=%x,buf=%x,count=%x,offp=%x)\n",
4884
	printk(KERN_DEBUG "stli_memwrite(fp=%x,buf=%x,count=%x,offp=%x)\n",
4882
			(int) fp, (int) buf, count, (int) offp);
4885
			(int) fp, (int) buf, count, (int) offp);
Lines 4890-4915 Link Here
4890
		return(-ENODEV);
4893
		return(-ENODEV);
4891
	if (brdp->state == 0)
4894
	if (brdp->state == 0)
4892
		return(-ENODEV);
4895
		return(-ENODEV);
4893
	if (fp->f_pos >= brdp->memsize)
4896
	if (pos < 0 || pos >= brdp->memsize)
4894
		return(0);
4897
		return(0);
4895
4898
4896
	chbuf = (char *) buf;
4899
	chbuf = (char *) buf;
4897
	size = MIN(count, (brdp->memsize - fp->f_pos));
4900
	size = MIN(count, (brdp->memsize - pos));
4898
4901
4899
	save_flags(flags);
4902
	save_flags(flags);
4900
	cli();
4903
	cli();
4901
	EBRDENABLE(brdp);
4904
	EBRDENABLE(brdp);
4902
	while (size > 0) {
4905
	while (size > 0) {
4903
		memptr = (void *) EBRDGETMEMPTR(brdp, fp->f_pos);
4906
		memptr = (void *) EBRDGETMEMPTR(brdp, pos);
4904
		n = MIN(size, (brdp->pagesize - (((unsigned long) fp->f_pos) % brdp->pagesize)));
4907
		n = MIN(size, (brdp->pagesize - (((unsigned long) pos) % brdp->pagesize)));
4905
		if (copy_from_user(memptr, chbuf, n)) {
4908
		if (copy_from_user(memptr, chbuf, n)) {
4906
			count = -EFAULT;
4909
			count = -EFAULT;
4907
			goto out;
4910
			goto out;
4908
		}
4911
		}
4909
		fp->f_pos += n;
4912
		pos += n;
4910
		chbuf += n;
4913
		chbuf += n;
4911
		size -= n;
4914
		size -= n;
4912
	}
4915
	}
4916
	*ppos = pos;
4913
out:
4917
out:
4914
	EBRDDISABLE(brdp);
4918
	EBRDDISABLE(brdp);
4915
	restore_flags(flags);
4919
	restore_flags(flags);
(-)linux-2.6.7/drivers/char/mem.c (-2 / +2 lines)
Lines 143-149 Link Here
143
		return -EFAULT;
143
		return -EFAULT;
144
	}
144
	}
145
	written += count;
145
	written += count;
146
	*ppos += written;
146
	*ppos = realp + written;
147
	return written;
147
	return written;
148
}
148
}
149
149
Lines 180-186 Link Here
180
	if (copy_to_user(buf, __va(p), count))
180
	if (copy_to_user(buf, __va(p), count))
181
		return -EFAULT;
181
		return -EFAULT;
182
	read += count;
182
	read += count;
183
	*ppos += read;
183
	*ppos = p + read;
184
	return read;
184
	return read;
185
}
185
}
186
186
(-)linux-2.6.7/drivers/char/nvram.c (-16 / +26 lines)
Lines 233-239 Link Here
233
233
234
static loff_t nvram_llseek(struct file *file,loff_t offset, int origin )
234
static loff_t nvram_llseek(struct file *file,loff_t offset, int origin )
235
{
235
{
236
	lock_kernel();
236
	spin_lock_irq(&rtc_lock);
237
	switch (origin) {
237
	switch (origin) {
238
	case 0:
238
	case 0:
239
		/* nothing to do */
239
		/* nothing to do */
Lines 245-279 Link Here
245
		offset += NVRAM_BYTES;
245
		offset += NVRAM_BYTES;
246
		break;
246
		break;
247
	}
247
	}
248
	unlock_kernel();
248
	if(offset < 0 || offset > NVRAM_BYTES)
249
	return (offset >= 0) ? (file->f_pos = offset) : -EINVAL;
249
		offset = -EINVAL;
250
	else
251
		file->f_pos = offset;
252
	spin_unlock_irq(&rtc_lock);
253
	return offset;
250
}
254
}
251
255
252
static ssize_t
256
static ssize_t
253
nvram_read(struct file *file, char __user *buf, size_t count, loff_t *ppos)
257
nvram_read(struct file *file, char __user *buf, size_t count, loff_t *ppos)
254
{
258
{
255
	unsigned char contents[NVRAM_BYTES];
259
	unsigned char contents[NVRAM_BYTES];
256
	unsigned i = *ppos;
260
	loff_t i;
257
	unsigned char *tmp;
261
	unsigned char *tmp;
258
262
 	
259
	spin_lock_irq(&rtc_lock);
263
	spin_lock_irq(&rtc_lock);
260
261
	if (!__nvram_check_checksum())
264
	if (!__nvram_check_checksum())
262
		goto checksum_err;
265
		goto checksum_err;
266
		
267
	i = *ppos;
263
268
264
	for (tmp = contents; count-- > 0 && i < NVRAM_BYTES; ++i, ++tmp)
269
	for (tmp = contents; count-- > 0 && i < NVRAM_BYTES; ++i, ++tmp)
265
		*tmp = __nvram_read_byte(i);
270
		*tmp = __nvram_read_byte(i);
266
271
272
	*ppos = i;
267
	spin_unlock_irq(&rtc_lock);
273
	spin_unlock_irq(&rtc_lock);
268
274
269
	if (copy_to_user(buf, contents, tmp - contents))
275
	if (copy_to_user(buf, contents, tmp - contents))
270
		return -EFAULT;
276
		return -EFAULT;
271
277
272
	*ppos = i;
273
274
	return tmp - contents;
278
	return tmp - contents;
275
279
276
      checksum_err:
280
checksum_err:
277
	spin_unlock_irq(&rtc_lock);
281
	spin_unlock_irq(&rtc_lock);
278
	return -EIO;
282
	return -EIO;
279
}
283
}
Lines 282-312 Link Here
282
nvram_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos)
286
nvram_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos)
283
{
287
{
284
	unsigned char contents[NVRAM_BYTES];
288
	unsigned char contents[NVRAM_BYTES];
285
	unsigned i = *ppos;
289
	loff_t i;
286
	unsigned char *tmp;
290
	unsigned char *tmp;
287
	int len;
291
	int len = count;
288
292
289
	len = (NVRAM_BYTES - i) < count ? (NVRAM_BYTES - i) : count;
293
	if (len > NVRAM_BYTES)
294
		len = NVRAM_BYTES;
295
			
290
	if (copy_from_user(contents, buf, len))
296
	if (copy_from_user(contents, buf, len))
297
	{
298
291
		return -EFAULT;
299
		return -EFAULT;
300
	}
292
301
293
	spin_lock_irq(&rtc_lock);
302
	spin_lock_irq(&rtc_lock);
294
303
304
	i = *ppos;
305
		
295
	if (!__nvram_check_checksum())
306
	if (!__nvram_check_checksum())
296
		goto checksum_err;
307
		goto checksum_err;
297
308
298
	for (tmp = contents; count-- > 0 && i < NVRAM_BYTES; ++i, ++tmp)
309
	for (tmp = contents; len-- > 0 && i < NVRAM_BYTES; ++i, ++tmp)
299
		__nvram_write_byte(*tmp, i);
310
		__nvram_write_byte(*tmp, i);
300
311
301
	__nvram_set_checksum();
312
	__nvram_set_checksum();
302
313
303
	spin_unlock_irq(&rtc_lock);
304
305
	*ppos = i;
314
	*ppos = i;
315
	spin_unlock_irq(&rtc_lock);
306
316
307
	return tmp - contents;
317
	return tmp - contents;
308
318
309
      checksum_err:
319
checksum_err:
310
	spin_unlock_irq(&rtc_lock);
320
	spin_unlock_irq(&rtc_lock);
311
	return -EIO;
321
	return -EIO;
312
}
322
}
(-)linux-2.6.7/drivers/char/nwflash.c (-17 / +30 lines)
Lines 134-140 Link Here
134
134
135
static ssize_t flash_read(struct file *file, char *buf, size_t size, loff_t * ppos)
135
static ssize_t flash_read(struct file *file, char *buf, size_t size, loff_t * ppos)
136
{
136
{
137
	unsigned long p = *ppos;
137
	loff_t p;
138
	unsigned int count = size;
138
	unsigned int count = size;
139
	int ret = 0;
139
	int ret = 0;
140
140
Lines 145-150 Link Here
145
	if (count)
145
	if (count)
146
		ret = -ENXIO;
146
		ret = -ENXIO;
147
147
148
	if (down_interruptible(&nwflash_sem))
149
		return -ERESTARTSYS;
150
	p = *ppos;
151
	
148
	if (p < gbFlashSize) {
152
	if (p < gbFlashSize) {
149
		if (count > gbFlashSize - p)
153
		if (count > gbFlashSize - p)
150
			count = gbFlashSize - p;
154
			count = gbFlashSize - p;
Lines 152-159 Link Here
152
		/*
156
		/*
153
		 * We now lock against reads and writes. --rmk
157
		 * We now lock against reads and writes. --rmk
154
		 */
158
		 */
155
		if (down_interruptible(&nwflash_sem))
156
			return -ERESTARTSYS;
157
159
158
		ret = copy_to_user(buf, (void *)(FLASH_BASE + p), count);
160
		ret = copy_to_user(buf, (void *)(FLASH_BASE + p), count);
159
		if (ret == 0) {
161
		if (ret == 0) {
Lines 161-174 Link Here
161
			*ppos += count;
163
			*ppos += count;
162
		} else
164
		} else
163
			ret = -EFAULT;
165
			ret = -EFAULT;
164
		up(&nwflash_sem);
165
	}
166
	}
167
	up(&nwflash_sem);
166
	return ret;
168
	return ret;
167
}
169
}
168
170
169
static ssize_t flash_write(struct file *file, const char *buf, size_t size, loff_t * ppos)
171
static ssize_t flash_write(struct file *file, const char *buf, size_t size, loff_t * ppos)
170
{
172
{
171
	unsigned long p = *ppos;
173
	loff_t p;
172
	unsigned int count = size;
174
	unsigned int count = size;
173
	int written;
175
	int written;
174
	int nBlock, temp, rc;
176
	int nBlock, temp, rc;
Lines 181-206 Link Here
181
	if (!gbWriteEnable)
183
	if (!gbWriteEnable)
182
		return -EINVAL;
184
		return -EINVAL;
183
185
186
	/*
187
	 * We now lock against reads and writes. --rmk
188
	 */
189
	if (down_interruptible(&nwflash_sem))
190
		return -ERESTARTSYS;
191
	
192
193
	p = *ppos;
184
	if (p < 64 * 1024 && (!gbWriteBase64Enable))
194
	if (p < 64 * 1024 && (!gbWriteBase64Enable))
185
		return -EINVAL;
195
	{
196
		written = -EINVAL;
197
		goto error;
198
	}
186
199
187
	/*
200
	/*
188
	 * check for out of range pos or count
201
	 * check for out of range pos or count
189
	 */
202
	 */
190
	if (p >= gbFlashSize)
203
	if (p >= gbFlashSize)
191
		return count ? -ENXIO : 0;
204
	{
205
		written = 0;
206
		goto error;
207
	}
192
208
193
	if (count > gbFlashSize - p)
209
	if (count > gbFlashSize - p)
194
		count = gbFlashSize - p;
210
		count = gbFlashSize - p;
195
			
211
			
196
	if (verify_area(VERIFY_READ, buf, count))
212
	if (verify_area(VERIFY_READ, buf, count))
197
		return -EFAULT;
213
	{
214
		written = -EFAULT;
215
		goto error;
216
	}
198
217
199
	/*
200
	 * We now lock against reads and writes. --rmk
201
	 */
202
	if (down_interruptible(&nwflash_sem))
203
		return -ERESTARTSYS;
204
218
205
	written = 0;
219
	written = 0;
206
220
Lines 286-294 Link Here
286
	 * restore reg on exit
300
	 * restore reg on exit
287
	 */
301
	 */
288
	leds_event(led_release);
302
	leds_event(led_release);
289
303
error:
290
	up(&nwflash_sem);
304
	up(&nwflash_sem);
291
292
	return written;
305
	return written;
293
}
306
}
294
307
Lines 305-315 Link Here
305
{
318
{
306
	loff_t ret;
319
	loff_t ret;
307
320
308
	lock_kernel();
309
	if (flashdebug)
321
	if (flashdebug)
310
		printk(KERN_DEBUG "flash_llseek: offset=0x%X, orig=0x%X.\n",
322
		printk(KERN_DEBUG "flash_llseek: offset=0x%X, orig=0x%X.\n",
311
		       (unsigned int) offset, orig);
323
		       (unsigned int) offset, orig);
312
324
325
	down(&nwflash_sem);
313
	switch (orig) {
326
	switch (orig) {
314
	case 0:
327
	case 0:
315
		if (offset < 0) {
328
		if (offset < 0) {
Lines 340-346 Link Here
340
	default:
353
	default:
341
		ret = -EINVAL;
354
		ret = -EINVAL;
342
	}
355
	}
343
	unlock_kernel();
356
	up(&nwflash_sem);
344
	return ret;
357
	return ret;
345
}
358
}
346
359
(-)linux-2.6.7/drivers/ieee1394/pcilynx.c (-18 / +32 lines)
Lines 1052-1063 Link Here
1052
        ssize_t retval;
1052
        ssize_t retval;
1053
        void *membase;
1053
        void *membase;
1054
1054
1055
        if ((off + count) > PCILYNX_MAX_MEMORY+1) {
1055
	/* XXX - should do proper locking instead */
1056
                count = PCILYNX_MAX_MEMORY+1 - off;
1056
	if (off < 0)
1057
        }
1057
		return -EINVAL;
1058
        if (count == 0 || off > PCILYNX_MAX_MEMORY) {
1058
	if (off > PCILYNX_MAX_MEMORY)
1059
                return -ENOSPC;
1059
                return -ENOSPC;
1060
        }
1060
        if (count > PCILYNX_MAX_MEMORY + 1 - off)
1061
                count = PCILYNX_MAX_MEMORY + 1 - off;
1061
1062
1062
        switch (md->type) {
1063
        switch (md->type) {
1063
        case rom:
1064
        case rom:
Lines 1078-1083 Link Here
1078
1079
1079
        if (count < mem_mindma) {
1080
        if (count < mem_mindma) {
1080
                memcpy_fromio(md->lynx->mem_dma_buffer, membase+off, count);
1081
                memcpy_fromio(md->lynx->mem_dma_buffer, membase+off, count);
1082
                off += count;
1081
                goto out;
1083
                goto out;
1082
        }
1084
        }
1083
1085
Lines 1099-1105 Link Here
1099
        while (bcount >= 4) {
1101
        while (bcount >= 4) {
1100
                retval = mem_dmaread(md, md->lynx->mem_dma_buffer_dma
1102
                retval = mem_dmaread(md, md->lynx->mem_dma_buffer_dma
1101
                                     + count - bcount, bcount, off);
1103
                                     + count - bcount, bcount, off);
1102
                if (retval < 0) return retval;
1104
                if (retval < 0)
1105
                {
1106
                	/* FIXME - ought to report short read on error */
1107
		        up(&md->lynx->mem_dma_mutex);
1108
			return retval;
1109
                }
1103
1110
1104
                bcount -= retval;
1111
                bcount -= retval;
1105
                off += retval;
1112
                off += retval;
Lines 1108-1121 Link Here
1108
        if (bcount) {
1115
        if (bcount) {
1109
                memcpy_fromio(md->lynx->mem_dma_buffer + count - bcount,
1116
                memcpy_fromio(md->lynx->mem_dma_buffer + count - bcount,
1110
                              membase+off, bcount);
1117
                              membase+off, bcount);
1118
                off += bcount;
1111
        }
1119
        }
1112
1120
1113
 out:
1121
 out:
1114
        retval = copy_to_user(buffer, md->lynx->mem_dma_buffer, count);
1122
        retval = copy_to_user(buffer, md->lynx->mem_dma_buffer, count);
1115
        up(&md->lynx->mem_dma_mutex);
1123
        up(&md->lynx->mem_dma_mutex);
1116
1124
1117
	if (retval) return -EFAULT;
1125
	if (retval < 0)  
1118
        *offset += count;
1126
		return -EFAULT;
1127
        *offset = off;
1119
        return count;
1128
        return count;
1120
}
1129
}
1121
1130
Lines 1124-1155 Link Here
1124
                         loff_t *offset)
1133
                         loff_t *offset)
1125
{
1134
{
1126
        struct memdata *md = (struct memdata *)file->private_data;
1135
        struct memdata *md = (struct memdata *)file->private_data;
1136
        loff_t off = * offset;
1137
        
1127
1138
1128
        if (((*offset) + count) > PCILYNX_MAX_MEMORY+1) {
1139
	if (!count)
1129
                count = PCILYNX_MAX_MEMORY+1 - *offset;
1140
		return 0;
1130
        }
1141
	if (off < 0)
1131
        if (count == 0 || *offset > PCILYNX_MAX_MEMORY) {
1142
		return -EINVAL;
1132
                return -ENOSPC;
1143
	if (off > PCILYNX_MAX_MEMORY)
1133
        }
1144
		return -ENOSPC;
1145
1146
        if (count) > PCILYNX_MAX_MEMORY + 1 - off)
1147
                count = PCILYNX_MAX_MEMORY + 1 - off;
1134
1148
1135
        /* FIXME: dereferencing pointers to PCI mem doesn't work everywhere */
1149
        /* FIXME: dereferencing pointers to PCI mem doesn't work everywhere */
1136
        switch (md->type) {
1150
        switch (md->type) {
1137
        case aux:
1151
        case aux:
1138
		if (copy_from_user(md->lynx->aux_port+(*offset), buffer, count))
1152
		if (copy_from_user(md->lynx->aux_port+off, buffer, count))
1139
			return -EFAULT;
1153
			return -EFAULT;
1140
                break;
1154
                break;
1141
        case ram:
1155
        case ram:
1142
		if (copy_from_user(md->lynx->local_ram+(*offset), buffer, count))
1156
		if (copy_from_user(md->lynx->local_ram+off, buffer, count))
1143
			return -EFAULT;
1157
			return -EFAULT;
1144
                break;
1158
                break;
1145
        case rom:
1159
        case rom:
1146
                /* the ROM may be writeable */
1160
                /* the ROM may be writeable */
1147
		if (copy_from_user(md->lynx->local_rom+(*offset), buffer, count))
1161
		if (copy_from_user(md->lynx->local_rom+off, buffer, count))
1148
			return -EFAULT;
1162
			return -EFAULT;
1149
                break;
1163
                break;
1150
        }
1164
        }
1151
1165
1152
        file->f_pos += count;
1166
        *offset = off + count;
1153
        return count;
1167
        return count;
1154
}
1168
}
1155
#endif /* CONFIG_IEEE1394_PCILYNX_PORTS */
1169
#endif /* CONFIG_IEEE1394_PCILYNX_PORTS */
(-)linux-2.6.7/drivers/isdn/divert/divert_procfs.c (-2 / +3 lines)
Lines 79-84 Link Here
79
isdn_divert_read(struct file *file, char *buf, size_t count, loff_t * off)
79
isdn_divert_read(struct file *file, char *buf, size_t count, loff_t * off)
80
{
80
{
81
	struct divert_info *inf;
81
	struct divert_info *inf;
82
	loff_t pos = *off;
82
	int len;
83
	int len;
83
84
84
	if (!*((struct divert_info **) file->private_data)) {
85
	if (!*((struct divert_info **) file->private_data)) {
Lines 94-101 Link Here
94
	if ((len = strlen(inf->info_start)) <= count) {
95
	if ((len = strlen(inf->info_start)) <= count) {
95
		if (copy_to_user(buf, inf->info_start, len))
96
		if (copy_to_user(buf, inf->info_start, len))
96
			return -EFAULT;
97
			return -EFAULT;
97
		file->f_pos += len;
98
		*off = pos + len;
98
		return (len);
99
		return len;
99
	}
100
	}
100
	return (0);
101
	return (0);
101
}				/* isdn_divert_read */
102
}				/* isdn_divert_read */
(-)linux-2.6.7/drivers/isdn/hysdn/hysdn_procconf.c (-16 / +14 lines)
Lines 211-239 Link Here
211
static ssize_t
211
static ssize_t
212
hysdn_conf_read(struct file *file, char *buf, size_t count, loff_t * off)
212
hysdn_conf_read(struct file *file, char *buf, size_t count, loff_t * off)
213
{
213
{
214
	loff_t pos = *off;
214
	char *cp;
215
	char *cp;
215
	int i;
216
	int i;
216
217
217
	if (off != &file->f_pos)	/* fs error check */
218
	if (off != &file->f_pos)	/* fs error check */
218
		return -ESPIPE;
219
		return -ESPIPE;
219
220
220
	if (file->f_mode & FMODE_READ) {
221
	if (!(cp = file->private_data))
221
		if (!(cp = file->private_data))
222
		return (-EFAULT);	/* should never happen */
222
			return (-EFAULT);	/* should never happen */
223
	i = strlen(cp);	/* get total string length */
223
		i = strlen(cp);	/* get total string length */
224
	if (pos == (unsigned)pos && pos < i) {
224
		if (*off < i) {
225
		/* still bytes to transfer */
225
			/* still bytes to transfer */
226
		cp += pos;	/* point to desired data offset */
226
			cp += *off;	/* point to desired data offset */
227
		i -= pos;	/* remaining length */
227
			i -= *off;	/* remaining length */
228
		if (i > count)
228
			if (i > count)
229
			i = count;	/* limit length to transfer */
229
				i = count;	/* limit length to transfer */
230
		if (copy_to_user(buf, cp, i))
230
			if (copy_to_user(buf, cp, i))
231
			return (-EFAULT);	/* copy error */
231
				return (-EFAULT);	/* copy error */
232
		*off = pos + i;	/* adjust offset */
232
			*off += i;	/* adjust offset */
233
		} else
234
			return (0);
235
	} else
233
	} else
236
		return (-EPERM);	/* no permission to read */
234
		return 0;
237
235
238
	return (i);
236
	return (i);
239
}				/* hysdn_conf_read */
237
}				/* hysdn_conf_read */
(-)linux-2.6.7/drivers/isdn/hysdn/hysdn_proclog.c (-1 / +2 lines)
Lines 210-215 Link Here
210
	struct proc_dir_entry *pde = PDE(file->f_dentry->d_inode);
210
	struct proc_dir_entry *pde = PDE(file->f_dentry->d_inode);
211
	struct procdata *pd = NULL;
211
	struct procdata *pd = NULL;
212
	hysdn_card *card;
212
	hysdn_card *card;
213
	loff_t pos = *off;
213
214
214
	if (!*((struct log_data **) file->private_data)) {
215
	if (!*((struct log_data **) file->private_data)) {
215
		if (file->f_flags & O_NONBLOCK)
216
		if (file->f_flags & O_NONBLOCK)
Lines 237-243 Link Here
237
	if ((len = strlen(inf->log_start)) <= count) {
238
	if ((len = strlen(inf->log_start)) <= count) {
238
		if (copy_to_user(buf, inf->log_start, len))
239
		if (copy_to_user(buf, inf->log_start, len))
239
			return -EFAULT;
240
			return -EFAULT;
240
		file->f_pos += len;
241
		*off = pos + len;
241
		return (len);
242
		return (len);
242
	}
243
	}
243
	return (0);
244
	return (0);
(-)linux-2.6.7/drivers/isdn/i4l/isdn_common.c (-5 / +9 lines)
Lines 937-943 Link Here
937
}
937
}
938
938
939
static ssize_t
939
static ssize_t
940
isdn_read(struct file *file, char *buf, size_t count, loff_t * off)
940
isdn_read(struct file *file, char __user *buf, size_t count, loff_t * poff)
941
{
941
{
942
	uint minor = MINOR(file->f_dentry->d_inode->i_rdev);
942
	uint minor = MINOR(file->f_dentry->d_inode->i_rdev);
943
	int len = 0;
943
	int len = 0;
Lines 945-955 Link Here
945
	int chidx;
945
	int chidx;
946
	int retval;
946
	int retval;
947
	char *p;
947
	char *p;
948
	loff_t off;
948
949
949
	if (off != &file->f_pos)
950
	if (poff != &file->f_pos)
950
		return -ESPIPE;
951
		return -ESPIPE;
951
952
952
	lock_kernel();
953
	lock_kernel();
954
	off = *poff;
955
	
953
	if (minor == ISDN_MINOR_STATUS) {
956
	if (minor == ISDN_MINOR_STATUS) {
954
		if (!file->private_data) {
957
		if (!file->private_data) {
955
			if (file->f_flags & O_NONBLOCK) {
958
			if (file->f_flags & O_NONBLOCK) {
Lines 965-971 Link Here
965
				retval = -EFAULT;
968
				retval = -EFAULT;
966
				goto out;
969
				goto out;
967
			}
970
			}
968
			*off += len;
971
			off += len;
969
			retval = len;
972
			retval = len;
970
			goto out;
973
			goto out;
971
		}
974
		}
Lines 994-1000 Link Here
994
		}
997
		}
995
		len = isdn_readbchan(drvidx, chidx, p, 0, count,
998
		len = isdn_readbchan(drvidx, chidx, p, 0, count,
996
				     &dev->drv[drvidx]->rcv_waitq[chidx]);
999
				     &dev->drv[drvidx]->rcv_waitq[chidx]);
997
		*off += len;
1000
		off += len;
998
		if (copy_to_user(buf,p,len)) 
1001
		if (copy_to_user(buf,p,len)) 
999
			len = -EFAULT;
1002
			len = -EFAULT;
1000
		kfree(p);
1003
		kfree(p);
Lines 1027-1033 Link Here
1027
			dev->drv[drvidx]->stavail -= len;
1030
			dev->drv[drvidx]->stavail -= len;
1028
		else
1031
		else
1029
			dev->drv[drvidx]->stavail = 0;
1032
			dev->drv[drvidx]->stavail = 0;
1030
		*off += len;
1033
		off += len;
1031
		retval = len;
1034
		retval = len;
1032
		goto out;
1035
		goto out;
1033
	}
1036
	}
Lines 1039-1044 Link Here
1039
#endif
1042
#endif
1040
	retval = -ENODEV;
1043
	retval = -ENODEV;
1041
 out:
1044
 out:
1045
 	*poff = off;
1042
	unlock_kernel();
1046
	unlock_kernel();
1043
	return retval;
1047
	return retval;
1044
}
1048
}
(-)linux-2.6.7/drivers/macintosh/ans-lcd.c (-13 / +32 lines)
Lines 22-27 Link Here
22
static unsigned long anslcd_short_delay = 80;
22
static unsigned long anslcd_short_delay = 80;
23
static unsigned long anslcd_long_delay = 3280;
23
static unsigned long anslcd_long_delay = 3280;
24
static volatile unsigned char* anslcd_ptr;
24
static volatile unsigned char* anslcd_ptr;
25
static DECLARE_MUTEX(anslcd_lock);
25
26
26
#undef DEBUG
27
#undef DEBUG
27
28
Lines 61-73 Link Here
61
62
62
	if ( verify_area(VERIFY_READ, buf, count) )
63
	if ( verify_area(VERIFY_READ, buf, count) )
63
		return -EFAULT;
64
		return -EFAULT;
64
	for ( i = *ppos; count > 0; ++i, ++p, --count ) 
65
		
66
	down(&anslcd_lock);
67
	for (; count > 0; ++p, --count ) 
65
	{
68
	{
66
		char c;
69
		char c;
67
		__get_user(c, p);
70
		__get_user(c, p);
68
		anslcd_write_byte_data( c );
71
		anslcd_write_byte_data( c );
69
	}
72
	}
70
	*ppos = i;
73
	up(&anslcd_lock);
71
	return p - buf;
74
	return p - buf;
72
}
75
}
73
76
Lines 76-86 Link Here
76
				unsigned int cmd, unsigned long arg )
79
				unsigned int cmd, unsigned long arg )
77
{
80
{
78
	char ch, *temp;
81
	char ch, *temp;
79
82
	int ret = 0;
83
	
80
#ifdef DEBUG
84
#ifdef DEBUG
81
	printk(KERN_DEBUG "LCD: ioctl(%d,%d)\n",cmd,arg);
85
	printk(KERN_DEBUG "LCD: ioctl(%d,%d)\n",cmd,arg);
82
#endif
86
#endif
83
87
88
	down(&anslcd_lock);
89
	
84
	switch ( cmd )
90
	switch ( cmd )
85
	{
91
	{
86
	case ANSLCD_CLEAR:
92
	case ANSLCD_CLEAR:
Lines 89-95 Link Here
89
		anslcd_write_byte_ctrl ( 0x06 );
95
		anslcd_write_byte_ctrl ( 0x06 );
90
		anslcd_write_byte_ctrl ( 0x01 );
96
		anslcd_write_byte_ctrl ( 0x01 );
91
		anslcd_write_byte_ctrl ( 0x02 );
97
		anslcd_write_byte_ctrl ( 0x02 );
92
		return 0;
98
		break;
93
	case ANSLCD_SENDCTRL:
99
	case ANSLCD_SENDCTRL:
94
		temp = (char *) arg;
100
		temp = (char *) arg;
95
		__get_user(ch, temp);
101
		__get_user(ch, temp);
Lines 97-116 Link Here
97
			anslcd_write_byte_ctrl ( ch );
103
			anslcd_write_byte_ctrl ( ch );
98
			__get_user(ch, temp);
104
			__get_user(ch, temp);
99
		}
105
		}
100
		return 0;
106
		break;
101
	case ANSLCD_SETSHORTDELAY:
107
	case ANSLCD_SETSHORTDELAY:
102
		if (!capable(CAP_SYS_ADMIN))
108
		if (!capable(CAP_SYS_ADMIN))
103
			return -EACCES;
109
			ret = -EACCES;
104
		anslcd_short_delay=arg;
110
		else
105
		return 0;
111
			anslcd_short_delay=arg;
112
		break;
106
	case ANSLCD_SETLONGDELAY:
113
	case ANSLCD_SETLONGDELAY:
107
		if (!capable(CAP_SYS_ADMIN))
114
		if (!capable(CAP_SYS_ADMIN))
108
			return -EACCES;
115
			ret = -EACCES;
109
		anslcd_long_delay=arg;
116
		else
110
		return 0;
117
			anslcd_long_delay=arg;
118
		break;
111
	default:
119
	default:
112
		return -EINVAL;
120
		ret = -EINVAL;
113
	}
121
	}
122
	up(&anslcd_lock);
123
	return ret;
114
}
124
}
115
125
116
static int __pmac
126
static int __pmac
Lines 121-126 Link Here
121
131
122
struct file_operations anslcd_fops = {
132
struct file_operations anslcd_fops = {
123
	.write	= anslcd_write,
133
	.write	= anslcd_write,
134
	.llseek  = no_llseek,
124
	.ioctl	= anslcd_ioctl,
135
	.ioctl	= anslcd_ioctl,
125
	.open	= anslcd_open,
136
	.open	= anslcd_open,
126
};
137
};
Lines 150-158 Link Here
150
		return -ENODEV;
161
		return -ENODEV;
151
162
152
	anslcd_ptr = (volatile unsigned char*)ioremap(ANSLCD_ADDR, 0x20);
163
	anslcd_ptr = (volatile unsigned char*)ioremap(ANSLCD_ADDR, 0x20);
153
	
164
	if(anslcd_ptr == NULL)
165
		return -ENOMEM;
166
		
167
	down(&anslcd_lock);	
168
	/* Locked so that an opener cannot race the init writes to the
169
	   chip after misc_register */
170
	   
154
	retval = misc_register(&anslcd_dev);
171
	retval = misc_register(&anslcd_dev);
155
	if(retval < 0){
172
	if(retval < 0){
173
		up(&anslcd_lock);
156
		printk(KERN_INFO "LCD: misc_register failed\n");
174
		printk(KERN_INFO "LCD: misc_register failed\n");
157
		iounmap(anslcd_ptr);
175
		iounmap(anslcd_ptr);
158
		return retval;
176
		return retval;
Lines 170-175 Link Here
170
	for(a=0;a<80;a++) {
188
	for(a=0;a<80;a++) {
171
		anslcd_write_byte_data(anslcd_logo[a]);
189
		anslcd_write_byte_data(anslcd_logo[a]);
172
	}
190
	}
191
	up(&anslcd_lock);
173
	return 0;
192
	return 0;
174
}
193
}
175
194
(-)linux-2.6.7/drivers/macintosh/nvram.c (-8 / +19 lines)
Lines 16-27 Link Here
16
#include <linux/smp_lock.h>
16
#include <linux/smp_lock.h>
17
#include <asm/uaccess.h>
17
#include <asm/uaccess.h>
18
#include <asm/nvram.h>
18
#include <asm/nvram.h>
19
#include <asm/semaphore.h>
20
21
static DECLARE_MUTEX(nvram_mutex);
19
22
20
#define NVRAM_SIZE	8192
23
#define NVRAM_SIZE	8192
21
24
25
22
static loff_t nvram_llseek(struct file *file, loff_t offset, int origin)
26
static loff_t nvram_llseek(struct file *file, loff_t offset, int origin)
23
{
27
{
24
	lock_kernel();
28
	down(&nvram_mutex);
25
	switch (origin) {
29
	switch (origin) {
26
	case 1:
30
	case 1:
27
		offset += file->f_pos;
31
		offset += file->f_pos;
Lines 31-41 Link Here
31
		break;
35
		break;
32
	}
36
	}
33
	if (offset < 0) {
37
	if (offset < 0) {
34
		unlock_kernel();
38
		up(s);
35
		return -EINVAL;
39
		return -EINVAL;
36
	}
40
	}
37
	file->f_pos = offset;
41
	file->f_pos = offset;
38
	unlock_kernel();
42
	up(&nvram_mutex);
39
	return file->f_pos;
43
	return file->f_pos;
40
}
44
}
41
45
Lines 44-58 Link Here
44
{
48
{
45
	unsigned int i;
49
	unsigned int i;
46
	char __user *p = buf;
50
	char __user *p = buf;
47
48
	if (verify_area(VERIFY_WRITE, buf, count))
51
	if (verify_area(VERIFY_WRITE, buf, count))
49
		return -EFAULT;
52
		return -EFAULT;
50
	if (*ppos >= NVRAM_SIZE)
53
		
51
		return 0;
54
	down(&nvram_mutex);
52
	for (i = *ppos; count > 0 && i < NVRAM_SIZE; ++i, ++p, --count)
55
	for (i = *ppos; count > 0 && i < NVRAM_SIZE; ++i, ++p, --count)
53
		if (__put_user(nvram_read_byte(i), p))
56
		if (__put_user(nvram_read_byte(i), p))
57
		{
58
			up(&nvram_mutex);
54
			return -EFAULT;
59
			return -EFAULT;
60
		}
55
	*ppos = i;
61
	*ppos = i;
62
	up(&nvram_mutex);
56
	return p - buf;
63
	return p - buf;
57
}
64
}
58
65
Lines 65-78 Link Here
65
72
66
	if (verify_area(VERIFY_READ, buf, count))
73
	if (verify_area(VERIFY_READ, buf, count))
67
		return -EFAULT;
74
		return -EFAULT;
68
	if (*ppos >= NVRAM_SIZE)
75
		
69
		return 0;
76
	down(&nvram_mutex);
70
	for (i = *ppos; count > 0 && i < NVRAM_SIZE; ++i, ++p, --count) {
77
	for (i = *ppos; count > 0 && i < NVRAM_SIZE; ++i, ++p, --count) {
71
		if (__get_user(c, p))
78
		if (__get_user(c, p))
79
		{
80
			up(&nvram_mutex);
72
			return -EFAULT;
81
			return -EFAULT;
82
		}
73
		nvram_write_byte(c, i);
83
		nvram_write_byte(c, i);
74
	}
84
	}
75
	*ppos = i;
85
	*ppos = i;
86
	up(&nvram_mutex);
76
	return p - buf;
87
	return p - buf;
77
}
88
}
78
89
(-)linux-2.6.7/drivers/mtd/mtdcore.c (+1 lines)
Lines 59-64 Link Here
59
			mtd_table[i] = mtd;
59
			mtd_table[i] = mtd;
60
			mtd->index = i;
60
			mtd->index = i;
61
			mtd->usecount = 0;
61
			mtd->usecount = 0;
62
			init_MUTEX(&mtd->mutex);
62
63
63
			DEBUG(0, "mtd: Giving out device %d to %s\n",i, mtd->name);
64
			DEBUG(0, "mtd: Giving out device %d to %s\n",i, mtd->name);
64
			/* No need to get a refcount on the module containing
65
			/* No need to get a refcount on the module containing
(-)linux-2.6.7/drivers/mtd/mtdchar.c (-9 / +36 lines)
Lines 30-35 Link Here
30
{
30
{
31
	struct mtd_info *mtd=(struct mtd_info *)file->private_data;
31
	struct mtd_info *mtd=(struct mtd_info *)file->private_data;
32
32
33
34
	down(&mtd->mutex);
33
	switch (orig) {
35
	switch (orig) {
34
	case 0:
36
	case 0:
35
		/* SEEK_SET */
37
		/* SEEK_SET */
Lines 44-57 Link Here
44
		file->f_pos =mtd->size + offset;
46
		file->f_pos =mtd->size + offset;
45
		break;
47
		break;
46
	default:
48
	default:
49
		up(&mtd->mutex);
47
		return -EINVAL;
50
		return -EINVAL;
48
	}
51
	}
49
52
53
	/* XXX Should return -EINVAL surely ?? */
50
	if (file->f_pos < 0)
54
	if (file->f_pos < 0)
51
		file->f_pos = 0;
55
		file->f_pos = 0;
52
	else if (file->f_pos >= mtd->size)
56
	else if (file->f_pos >= mtd->size)
53
		file->f_pos = mtd->size - 1;
57
		file->f_pos = mtd->size - 1;
54
58
	up(&mtd->mutex);
55
	return file->f_pos;
59
	return file->f_pos;
56
}
60
}
57
61
Lines 127-137 Link Here
127
	
131
	
128
	DEBUG(MTD_DEBUG_LEVEL0,"MTD_read\n");
132
	DEBUG(MTD_DEBUG_LEVEL0,"MTD_read\n");
129
133
130
	if (*ppos + count > mtd->size)
134
	down(&mtd->mutex);
135
	
136
	if (count > mtd->size - *ppos)
131
		count = mtd->size - *ppos;
137
		count = mtd->size - *ppos;
132
138
133
	if (!count)
139
	if (!count)
140
	{
141
		up(&mtd->mutex);
134
		return 0;
142
		return 0;
143
	}
135
	
144
	
136
	/* FIXME: Use kiovec in 2.5 to lock down the user's buffers
145
	/* FIXME: Use kiovec in 2.5 to lock down the user's buffers
137
	   and pass them directly to the MTD functions */
146
	   and pass them directly to the MTD functions */
Lines 143-155 Link Here
143
152
144
		kbuf=kmalloc(len,GFP_KERNEL);
153
		kbuf=kmalloc(len,GFP_KERNEL);
145
		if (!kbuf)
154
		if (!kbuf)
155
		{
156
			up(&mtd->mutex);
157
			/* API error - should return I/O done so far if > 0 */
146
			return -ENOMEM;
158
			return -ENOMEM;
147
		
159
		}		
148
		ret = MTD_READ(mtd, *ppos, len, &retlen, kbuf);
160
		ret = MTD_READ(mtd, *ppos, len, &retlen, kbuf);
149
		if (!ret) {
161
		if (!ret) {
150
			*ppos += retlen;
162
			*ppos += retlen;
151
			if (copy_to_user(buf, kbuf, retlen)) {
163
			if (copy_to_user(buf, kbuf, retlen)) {
152
			        kfree(kbuf);
164
			        kfree(kbuf);
165
			        up(&mtd->mutex);
166
				/* API error - should return I/O done so far if > 0 */
153
				return -EFAULT;
167
				return -EFAULT;
154
			}
168
			}
155
			else
169
			else
Lines 160-171 Link Here
160
		}
174
		}
161
		else {
175
		else {
162
			kfree(kbuf);
176
			kfree(kbuf);
177
			up(&mtd->mutex);
163
			return ret;
178
			return ret;
164
		}
179
		}
165
		
180
		
166
		kfree(kbuf);
181
		kfree(kbuf);
167
	}
182
	}
168
	
183
	up(&mtd->mutex);	
169
	return total_retlen;
184
	return total_retlen;
170
} /* mtd_read */
185
} /* mtd_read */
171
186
Lines 179-193 Link Here
179
	int len;
194
	int len;
180
195
181
	DEBUG(MTD_DEBUG_LEVEL0,"MTD_write\n");
196
	DEBUG(MTD_DEBUG_LEVEL0,"MTD_write\n");
182
	
197
183
	if (*ppos == mtd->size)
198
	down(&mtd->mutex);	
199
	if (*ppos >= mtd->size)
200
	{
201
		up(&mtd->mutex);
184
		return -ENOSPC;
202
		return -ENOSPC;
203
	}
185
	
204
	
186
	if (*ppos + count > mtd->size)
205
	if (count > mtd->size - *ppos)
187
		count = mtd->size - *ppos;
206
		count = mtd->size - *ppos;
188
207
189
	if (!count)
208
	if (!count)
209
	{
210
		up(&mtd->mutex);
190
		return 0;
211
		return 0;
212
	}
191
213
192
	while (count) {
214
	while (count) {
193
		if (count > MAX_KMALLOC_SIZE) 
215
		if (count > MAX_KMALLOC_SIZE) 
Lines 197-207 Link Here
197
219
198
		kbuf=kmalloc(len,GFP_KERNEL);
220
		kbuf=kmalloc(len,GFP_KERNEL);
199
		if (!kbuf) {
221
		if (!kbuf) {
200
			printk("kmalloc is null\n");
222
//			printk("kmalloc is null\n");
223
			/* API bug should report I/O completed */
224
			up(&mtd->mutex);
201
			return -ENOMEM;
225
			return -ENOMEM;
202
		}
226
		}
203
227
204
		if (copy_from_user(kbuf, buf, len)) {
228
		if (copy_from_user(kbuf, buf, len)) {
229
			up(&mtd->mutex);
205
			kfree(kbuf);
230
			kfree(kbuf);
206
			return -EFAULT;
231
			return -EFAULT;
207
		}
232
		}
Lines 214-226 Link Here
214
			buf += retlen;
239
			buf += retlen;
215
		}
240
		}
216
		else {
241
		else {
242
			up(&mtd->mutex);
217
			kfree(kbuf);
243
			kfree(kbuf);
244
			/* API bug ?? */
218
			return ret;
245
			return ret;
219
		}
246
		}
220
		
247
		
221
		kfree(kbuf);
248
		kfree(kbuf);
222
	}
249
	}
223
250
	up(&mtd->mutex);
224
	return total_retlen;
251
	return total_retlen;
225
} /* mtd_write */
252
} /* mtd_write */
226
253
(-)linux-2.6.7/drivers/oprofile/oprofilefs.c (-10 / +20 lines)
Lines 48-67 Link Here
48
ssize_t oprofilefs_str_to_user(char const * str, char __user * buf, size_t count, loff_t * offset)
48
ssize_t oprofilefs_str_to_user(char const * str, char __user * buf, size_t count, loff_t * offset)
49
{
49
{
50
	size_t len = strlen(str);
50
	size_t len = strlen(str);
51
	loff_t pos = *offset;
52
	
53
	/* XXX - should do proper seek locking instead */
54
	if(pos < 0)
55
		return -EINVAL;
51
56
52
	if (!count)
57
	if (!count)
53
		return 0;
58
		return 0;
54
59
55
	if (*offset > len)
60
	if (pos > len)
56
		return 0;
61
		return 0;
57
62
58
	if (count > len - *offset)
63
	if (count > len - pos)
59
		count = len - *offset;
64
		count = len - pos;
60
65
61
	if (copy_to_user(buf, str + *offset, count))
66
	if (copy_to_user(buf, str + pos, count))
62
		return -EFAULT;
67
		return -EFAULT;
63
68
64
	*offset += count;
69
	*offset = pos + count;
65
70
66
	return count;
71
	return count;
67
}
72
}
Lines 73-81 Link Here
73
{
78
{
74
	char tmpbuf[TMPBUFSIZE];
79
	char tmpbuf[TMPBUFSIZE];
75
	size_t maxlen;
80
	size_t maxlen;
81
	loff_t pos = *offset;
76
82
77
	if (!count)
83
	if (!count)
78
		return 0;
84
		return 0;
85
	
86
	/* XXX - should do proper seek locking instead */
87
	if(pos < 0)
88
		return -EINVAL;
79
89
80
	spin_lock(&oprofilefs_lock);
90
	spin_lock(&oprofilefs_lock);
81
	maxlen = snprintf(tmpbuf, TMPBUFSIZE, "%lu\n", val);
91
	maxlen = snprintf(tmpbuf, TMPBUFSIZE, "%lu\n", val);
Lines 83-98 Link Here
83
	if (maxlen > TMPBUFSIZE)
93
	if (maxlen > TMPBUFSIZE)
84
		maxlen = TMPBUFSIZE;
94
		maxlen = TMPBUFSIZE;
85
95
86
	if (*offset > maxlen)
96
	if (pos > maxlen)
87
		return 0;
97
		return 0;
88
98
89
	if (count > maxlen - *offset)
99
	if (count > maxlen - pos)
90
		count = maxlen - *offset;
100
		count = maxlen - pos;
91
101
92
	if (copy_to_user(buf, tmpbuf + *offset, count))
102
	if (copy_to_user(buf, tmpbuf + pos, count))
93
		return -EFAULT;
103
		return -EFAULT;
94
104
95
	*offset += count;
105
	*offset = pos + count;
96
106
97
	return count;
107
	return count;
98
}
108
}
(-)linux-2.6.7/drivers/parisc/eisa_eeprom.c (-5 / +16 lines)
Lines 29-41 Link Here
29
#include <asm/io.h>
29
#include <asm/io.h>
30
#include <asm/uaccess.h>
30
#include <asm/uaccess.h>
31
#include <asm/eisa_eeprom.h>
31
#include <asm/eisa_eeprom.h>
32
#include <asm/semaphore.h>
32
33
33
#define 	EISA_EEPROM_MINOR 241
34
#define 	EISA_EEPROM_MINOR 241
34
35
35
static unsigned long eeprom_addr;
36
static unsigned long eeprom_addr;
37
static DECLARE_MUTEX(eeprom_mutex);
36
38
37
static loff_t eisa_eeprom_llseek(struct file *file, loff_t offset, int origin )
39
static loff_t eisa_eeprom_llseek(struct file *file, loff_t offset, int origin )
38
{
40
{
41
	down(&eeprom_mutex);	
39
	switch (origin) {
42
	switch (origin) {
40
	  case 0:
43
	  case 0:
41
		/* nothing to do */
44
		/* nothing to do */
Lines 47-64 Link Here
47
		offset += HPEE_MAX_LENGTH;
50
		offset += HPEE_MAX_LENGTH;
48
		break;
51
		break;
49
	}
52
	}
50
	return (offset >= 0 && offset < HPEE_MAX_LENGTH) ? (file->f_pos = offset) : -EINVAL;
53
	if(offset >= 0 && offset < HPEE_MAX_LENGTH)
54
		file->f_pos = offset;
55
	else
56
		offset = EINVAL;
57
	up(&eeprom_mutex);
58
	return offset;
51
}
59
}
52
60
53
static ssize_t eisa_eeprom_read(struct file * file,
61
static ssize_t eisa_eeprom_read(struct file * file,
54
			      char *buf, size_t count, loff_t *ppos )
62
			      char *buf, size_t count, loff_t *ppos )
55
{
63
{
56
	unsigned char *tmp;
64
	unsigned char *tmp;
57
	ssize_t ret;
65
	ssize_t ret = 0;
58
	int i;
66
	int i;
59
	
67
68
	down(&eeprom_mutex);	
60
	if (*ppos >= HPEE_MAX_LENGTH)
69
	if (*ppos >= HPEE_MAX_LENGTH)
61
		return 0;
70
		goto done;
62
	
71
	
63
	count = *ppos + count < HPEE_MAX_LENGTH ? count : HPEE_MAX_LENGTH - *ppos;
72
	count = *ppos + count < HPEE_MAX_LENGTH ? count : HPEE_MAX_LENGTH - *ppos;
64
	tmp = kmalloc(count, GFP_KERNEL);
73
	tmp = kmalloc(count, GFP_KERNEL);
Lines 73-79 Link Here
73
		kfree (tmp);
82
		kfree (tmp);
74
	} else
83
	} else
75
		ret = -ENOMEM;
84
		ret = -ENOMEM;
76
	
85
86
done:
87
	up(&eeprom_mutex);
77
	return ret;
88
	return ret;
78
}
89
}
79
90
(-)linux-2.6.7/drivers/pci/proc.c (-10 / +27 lines)
Lines 47-56 Link Here
47
static ssize_t
47
static ssize_t
48
proc_bus_pci_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos)
48
proc_bus_pci_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos)
49
{
49
{
50
	const struct inode *ino = file->f_dentry->d_inode;
50
	struct inode *ino = file->f_dentry->d_inode;
51
	const struct proc_dir_entry *dp = PDE(ino);
51
	const struct proc_dir_entry *dp = PDE(ino);
52
	struct pci_dev *dev = dp->data;
52
	struct pci_dev *dev = dp->data;
53
	unsigned int pos = *ppos;
53
	unsigned int pos;
54
	unsigned int cnt, size;
54
	unsigned int cnt, size;
55
55
56
	/*
56
	/*
Lines 66-73 Link Here
66
	else
66
	else
67
		size = 64;
67
		size = 64;
68
68
69
	if (pos >= size)
69
	down(&ino->i_sem);
70
	if (*ppos >= size)
71
	{
72
		up(&ino->i_sem);
70
		return 0;
73
		return 0;
74
	}
75
	pos = *ppos;
71
	if (nbytes >= size)
76
	if (nbytes >= size)
72
		nbytes = size;
77
		nbytes = size;
73
	if (pos + nbytes > size)
78
	if (pos + nbytes > size)
Lines 75-81 Link Here
75
	cnt = nbytes;
80
	cnt = nbytes;
76
81
77
	if (!access_ok(VERIFY_WRITE, buf, cnt))
82
	if (!access_ok(VERIFY_WRITE, buf, cnt))
78
		return -EINVAL;
83
	{
84
		up(&ino->i_sem);
85
		return -EFAULT;
86
	}
79
87
80
	if ((pos & 1) && cnt) {
88
	if ((pos & 1) && cnt) {
81
		unsigned char val;
89
		unsigned char val;
Lines 123-143 Link Here
123
	}
131
	}
124
132
125
	*ppos = pos;
133
	*ppos = pos;
134
	up(&ino->i_sem);
126
	return nbytes;
135
	return nbytes;
127
}
136
}
128
137
129
static ssize_t
138
static ssize_t
130
proc_bus_pci_write(struct file *file, const char __user *buf, size_t nbytes, loff_t *ppos)
139
proc_bus_pci_write(struct file *file, const char __user *buf, size_t nbytes, loff_t *ppos)
131
{
140
{
132
	const struct inode *ino = file->f_dentry->d_inode;
141
	struct inode *ino = file->f_dentry->d_inode;
133
	const struct proc_dir_entry *dp = PDE(ino);
142
	const struct proc_dir_entry *dp = PDE(ino);
134
	struct pci_dev *dev = dp->data;
143
	struct pci_dev *dev = dp->data;
135
	int pos = *ppos;
144
	unsigned int pos;
136
	int size = dev->cfg_size;
145
	int size = dev->cfg_size;
137
	int cnt;
146
	int cnt;
138
147
139
	if (pos >= size)
148
	down(&ino->i_sem);
149
	if (*ppos >= size)
150
	{
151
		up(&ino->i_sem);
140
		return 0;
152
		return 0;
153
	}
154
	pos = *ppos;
155
	
141
	if (nbytes >= size)
156
	if (nbytes >= size)
142
		nbytes = size;
157
		nbytes = size;
143
	if (pos + nbytes > size)
158
	if (pos + nbytes > size)
Lines 145-152 Link Here
145
	cnt = nbytes;
160
	cnt = nbytes;
146
161
147
	if (!access_ok(VERIFY_READ, buf, cnt))
162
	if (!access_ok(VERIFY_READ, buf, cnt))
148
		return -EINVAL;
163
	{
149
164
		up(&ino->i_sem);
165
		return -EFAULT;
166
	}
150
	if ((pos & 1) && cnt) {
167
	if ((pos & 1) && cnt) {
151
		unsigned char val;
168
		unsigned char val;
152
		__get_user(val, buf);
169
		__get_user(val, buf);
Lines 191-198 Link Here
191
		pos++;
208
		pos++;
192
		cnt--;
209
		cnt--;
193
	}
210
	}
194
195
	*ppos = pos;
211
	*ppos = pos;
212
	up(&ino->i_sem);
196
	return nbytes;
213
	return nbytes;
197
}
214
}
198
215
(-)linux-2.6.7/drivers/pnp/isapnp/proc.c (-6 / +19 lines)
Lines 26-31 Link Here
26
#include <linux/init.h>
26
#include <linux/init.h>
27
#include <linux/smp_lock.h>
27
#include <linux/smp_lock.h>
28
#include <asm/uaccess.h>
28
#include <asm/uaccess.h>
29
#include <asm/semaphore.h>
30
31
static DECLARE_MUTEX(isapnp_mutex);	/* Don't whack two things at once */
29
32
30
extern struct pnp_protocol isapnp_protocol;
33
extern struct pnp_protocol isapnp_protocol;
31
34
Lines 35-41 Link Here
35
{
38
{
36
	loff_t new = -1;
39
	loff_t new = -1;
37
40
38
	lock_kernel();
41
	down(&isapnp_mutex);
39
	switch (whence) {
42
	switch (whence) {
40
	case 0:
43
	case 0:
41
		new = off;
44
		new = off;
Lines 48-58 Link Here
48
		break;
51
		break;
49
	}
52
	}
50
	if (new < 0 || new > 256) {
53
	if (new < 0 || new > 256) {
51
		unlock_kernel();
54
		up(&isapnp_mutex);
52
		return -EINVAL;
55
		return -EINVAL;
53
	}
56
	}
54
	unlock_kernel();
57
	file->f_pos = new;
55
	return (file->f_pos = new);
58
	up(&isapnp_mutex);
59
	return new;
56
}
60
}
57
61
58
static ssize_t isapnp_proc_bus_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos)
62
static ssize_t isapnp_proc_bus_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos)
Lines 60-70 Link Here
60
	struct inode *ino = file->f_dentry->d_inode;
64
	struct inode *ino = file->f_dentry->d_inode;
61
	struct proc_dir_entry *dp = PDE(ino);
65
	struct proc_dir_entry *dp = PDE(ino);
62
	struct pnp_dev *dev = dp->data;
66
	struct pnp_dev *dev = dp->data;
63
	int pos = *ppos;
67
	loff_t pos;
64
	int cnt, size = 256;
68
	int cnt, size = 256;
65
69
70
	down(&isapnp_mutex);
71
	pos = *ppos;
66
	if (pos >= size)
72
	if (pos >= size)
73
	{
74
		up(&isapnp_mutex);
67
		return 0;
75
		return 0;
76
	}
68
	if (nbytes >= size)
77
	if (nbytes >= size)
69
		nbytes = size;
78
		nbytes = size;
70
	if (pos + nbytes > size)
79
	if (pos + nbytes > size)
Lines 72-78 Link Here
72
	cnt = nbytes;
81
	cnt = nbytes;
73
82
74
	if (!access_ok(VERIFY_WRITE, buf, cnt))
83
	if (!access_ok(VERIFY_WRITE, buf, cnt))
75
		return -EINVAL;
84
	{
85
		up(&isapnp_mutex);
86
		return -EFAULT;
87
	}
76
88
77
	isapnp_cfg_begin(dev->card->number, dev->number);
89
	isapnp_cfg_begin(dev->card->number, dev->number);
78
	for ( ; pos < 256 && cnt > 0; pos++, buf++, cnt--) {
90
	for ( ; pos < 256 && cnt > 0; pos++, buf++, cnt--) {
Lines 83-88 Link Here
83
	isapnp_cfg_end();
95
	isapnp_cfg_end();
84
96
85
	*ppos = pos;
97
	*ppos = pos;
98
	up(&isapnp_mutex);
86
	return nbytes;
99
	return nbytes;
87
}
100
}
88
101
(-)linux-2.6.7/drivers/s390/char/tape_char.c (-4 / +15 lines)
Lines 142-148 Link Here
142
	struct tape_request *request;
142
	struct tape_request *request;
143
	size_t block_size;
143
	size_t block_size;
144
	int rc;
144
	int rc;
145
	loff_t pos = *ppos;
145
146
147
	/* XXX - driver needs proper read/write/seek locks it seems */
148
	
146
	DBF_EVENT(6, "TCHAR:read\n");
149
	DBF_EVENT(6, "TCHAR:read\n");
147
	device = (struct tape_device *) filp->private_data;
150
	device = (struct tape_device *) filp->private_data;
148
	/* Check position. */
151
	/* Check position. */
Lines 153-159 Link Here
153
		 * read work...
156
		 * read work...
154
		 */
157
		 */
155
		DBF_EVENT(6, "TCHAR:ppos wrong\n");
158
		DBF_EVENT(6, "TCHAR:ppos wrong\n");
156
		return -EOVERFLOW;
159
		return -ESPIPE;
157
	}
160
	}
158
161
159
	/*
162
	/*
Lines 196-206 Link Here
196
	if (rc == 0) {
199
	if (rc == 0) {
197
		rc = block_size - request->rescnt;
200
		rc = block_size - request->rescnt;
198
		DBF_EVENT(6, "TCHAR:rbytes:  %x\n", rc);
201
		DBF_EVENT(6, "TCHAR:rbytes:  %x\n", rc);
199
		filp->f_pos += rc;
202
		pos += rc;
200
		/* Copy data from idal buffer to user space. */
203
		/* Copy data from idal buffer to user space. */
201
		if (idal_buffer_to_user(device->char_data.idal_buf,
204
		if (idal_buffer_to_user(device->char_data.idal_buf,
202
					data, rc) != 0)
205
					data, rc) != 0)
203
			rc = -EFAULT;
206
			rc = -EFAULT;
207
		else
208
			*ppos = pos;
204
	}
209
	}
205
	tape_free_request(request);
210
	tape_free_request(request);
206
	return rc;
211
	return rc;
Lines 218-223 Link Here
218
	size_t written;
223
	size_t written;
219
	int nblocks;
224
	int nblocks;
220
	int i, rc;
225
	int i, rc;
226
	loff_t pos = *ppos;
227
228
	/* XXX - driver needs proper read/write/seek locks it seems */
221
229
222
	DBF_EVENT(6, "TCHAR:write\n");
230
	DBF_EVENT(6, "TCHAR:write\n");
223
	device = (struct tape_device *) filp->private_data;
231
	device = (struct tape_device *) filp->private_data;
Lines 225-231 Link Here
225
	if (ppos != &filp->f_pos) {
233
	if (ppos != &filp->f_pos) {
226
		/* "A request was outside the capabilities of the device." */
234
		/* "A request was outside the capabilities of the device." */
227
		DBF_EVENT(6, "TCHAR:ppos wrong\n");
235
		DBF_EVENT(6, "TCHAR:ppos wrong\n");
228
		return -EOVERFLOW;
236
		return -ESPIPE;
229
	}
237
	}
230
	/* Find out block size and number of blocks */
238
	/* Find out block size and number of blocks */
231
	if (device->char_data.block_size != 0) {
239
	if (device->char_data.block_size != 0) {
Lines 270-276 Link Here
270
			break;
278
			break;
271
		DBF_EVENT(6, "TCHAR:wbytes: %lx\n",
279
		DBF_EVENT(6, "TCHAR:wbytes: %lx\n",
272
			  block_size - request->rescnt);
280
			  block_size - request->rescnt);
273
		filp->f_pos += block_size - request->rescnt;
281
		pos += block_size - request->rescnt;
274
		written += block_size - request->rescnt;
282
		written += block_size - request->rescnt;
275
		if (request->rescnt != 0)
283
		if (request->rescnt != 0)
276
			break;
284
			break;
Lines 297-303 Link Here
297
	 * tapemark it doesn't hurt to write two marks again.
305
	 * tapemark it doesn't hurt to write two marks again.
298
	 */
306
	 */
299
	if (!rc)
307
	if (!rc)
308
	{
300
		device->required_tapemarks = 2;
309
		device->required_tapemarks = 2;
310
		*ppos = pos;
311
	}
301
312
302
	return rc ? rc : written;
313
	return rc ? rc : written;
303
}
314
}
(-)linux-2.6.7/drivers/sbus/char/flash.c (-8 / +19 lines)
Lines 2-7 Link Here
2
 * flash.c: Allow mmap access to the OBP Flash, for OBP updates.
2
 * flash.c: Allow mmap access to the OBP Flash, for OBP updates.
3
 *
3
 *
4
 * Copyright (C) 1997  Eddie C. Dost  (ecd@skynet.be)
4
 * Copyright (C) 1997  Eddie C. Dost  (ecd@skynet.be)
5
 *
6
 * Added printk levels and locks for 2.6 (Alan Cox)
5
 */
7
 */
6
8
7
#include <linux/config.h>
9
#include <linux/config.h>
Lines 22-29 Link Here
22
#include <asm/io.h>
24
#include <asm/io.h>
23
#include <asm/sbus.h>
25
#include <asm/sbus.h>
24
#include <asm/ebus.h>
26
#include <asm/ebus.h>
27
#include <asm/semaphore.h>
25
28
26
static spinlock_t flash_lock = SPIN_LOCK_UNLOCKED;
29
static spinlock_t flash_lock = SPIN_LOCK_UNLOCKED;
30
static DECLARE_MUTEX(flash_mutex);
31
27
static struct {
32
static struct {
28
	unsigned long read_base;	/* Physical read address */
33
	unsigned long read_base;	/* Physical read address */
29
	unsigned long write_base;	/* Physical write address */
34
	unsigned long write_base;	/* Physical write address */
Lines 83-89 Link Here
83
static long long
88
static long long
84
flash_llseek(struct file *file, long long offset, int origin)
89
flash_llseek(struct file *file, long long offset, int origin)
85
{
90
{
86
	lock_kernel();
91
	down(&flash_mutex);
87
	switch (origin) {
92
	switch (origin) {
88
		case 0:
93
		case 0:
89
			file->f_pos = offset;
94
			file->f_pos = offset;
Lines 97-106 Link Here
97
			file->f_pos = flash.read_size;
102
			file->f_pos = flash.read_size;
98
			break;
103
			break;
99
		default:
104
		default:
100
			unlock_kernel();
105
			up(&flash_mutex);
101
			return -EINVAL;
106
			return -EINVAL;
102
	}
107
	}
103
	unlock_kernel();
108
	up(&flash_mutex);
104
	return file->f_pos;
109
	return file->f_pos;
105
}
110
}
106
111
Lines 108-127 Link Here
108
flash_read(struct file * file, char * buf,
113
flash_read(struct file * file, char * buf,
109
	   size_t count, loff_t *ppos)
114
	   size_t count, loff_t *ppos)
110
{
115
{
111
	unsigned long p = file->f_pos;
116
	loff_t p;
112
	int i;
117
	int i;
113
	
118
	
119
	down(&flash_mutex);
120
	p = *ppos;
114
	if (count > flash.read_size - p)
121
	if (count > flash.read_size - p)
115
		count = flash.read_size - p;
122
		count = flash.read_size - p;
116
123
117
	for (i = 0; i < count; i++) {
124
	for (i = 0; i < count; i++) {
118
		u8 data = readb(flash.read_base + p + i);
125
		u8 data = readb(flash.read_base + p + i);
119
		if (put_user(data, buf))
126
		if (put_user(data, buf))
127
		{
128
			up(&flash_mutex);
120
			return -EFAULT;
129
			return -EFAULT;
130
		}
121
		buf++;
131
		buf++;
122
	}
132
	}
123
133
124
	file->f_pos += count;
134
	*ppos = p + count;
135
	up(&flash_mutex);
125
	return count;
136
	return count;
126
}
137
}
127
138
Lines 204-210 Link Here
204
215
205
		len = prom_getproperty(edev->prom_node, "reg", (void *)regs, sizeof(regs));
216
		len = prom_getproperty(edev->prom_node, "reg", (void *)regs, sizeof(regs));
206
		if ((len % sizeof(regs[0])) != 0) {
217
		if ((len % sizeof(regs[0])) != 0) {
207
			printk("flash: Strange reg property size %d\n", len);
218
			printk(KERN_WARNING "flash: Strange reg property size %d\n", len);
208
			return -ENODEV;
219
			return -ENODEV;
209
		}
220
		}
210
221
Lines 220-226 Link Here
220
			flash.write_base = edev->resource[1].start;
231
			flash.write_base = edev->resource[1].start;
221
			flash.write_size = regs[1].reg_size;
232
			flash.write_size = regs[1].reg_size;
222
		} else {
233
		} else {
223
			printk("flash: Strange number of regs %d\n", nregs);
234
			printk(KERN_WARNING "flash: Strange number of regs %d\n", nregs);
224
			return -ENODEV;
235
			return -ENODEV;
225
		}
236
		}
226
237
Lines 231-237 Link Here
231
#endif
242
#endif
232
	}
243
	}
233
244
234
	printk("OBP Flash: RD %lx[%lx] WR %lx[%lx]\n",
245
	printk(KERN_INFO "OBP Flash: RD %lx[%lx] WR %lx[%lx]\n",
235
	       flash.read_base, flash.read_size,
246
	       flash.read_base, flash.read_size,
236
	       flash.write_base, flash.write_size);
247
	       flash.write_base, flash.write_size);
237
248
(-)linux-2.6.7/drivers/sbus/char/jsflash.c (-4 / +16 lines)
Lines 46-51 Link Here
46
#include <asm/io.h>
46
#include <asm/io.h>
47
#include <asm/pcic.h>
47
#include <asm/pcic.h>
48
#include <asm/oplib.h>
48
#include <asm/oplib.h>
49
#include <asm/semaphore.h>
49
50
50
#include <asm/jsflash.h>		/* ioctl arguments. <linux/> ?? */
51
#include <asm/jsflash.h>		/* ioctl arguments. <linux/> ?? */
51
#define JSFIDSZ		(sizeof(struct jsflash_ident_arg))
52
#define JSFIDSZ		(sizeof(struct jsflash_ident_arg))
Lines 72-77 Link Here
72
#define JSF_PART_BITS	 2	/* 2 bits of minors to cover JSF_NPART */
73
#define JSF_PART_BITS	 2	/* 2 bits of minors to cover JSF_NPART */
73
#define JSF_PART_MASK	 0x3	/* 2 bits mask */
74
#define JSF_PART_MASK	 0x3	/* 2 bits mask */
74
75
76
static DECLARE_MUTEX(jsflash_mutex);
75
/*
77
/*
76
 * Access functions.
78
 * Access functions.
77
 * We could ioremap(), but it's easier this way.
79
 * We could ioremap(), but it's easier this way.
Lines 229-235 Link Here
229
{
231
{
230
	loff_t ret;
232
	loff_t ret;
231
233
232
	lock_kernel();
234
	down(&jsflash_mutex);
233
	switch (orig) {
235
	switch (orig) {
234
		case 0:
236
		case 0:
235
			file->f_pos = offset;
237
			file->f_pos = offset;
Lines 242-248 Link Here
242
		default:
244
		default:
243
			ret = -EINVAL;
245
			ret = -EINVAL;
244
	}
246
	}
245
	unlock_kernel();
247
	up(&jsflash_mutex);
246
	return ret;
248
	return ret;
247
}
249
}
248
250
Lines 252-258 Link Here
252
static ssize_t jsf_read(struct file * file, char * buf, 
254
static ssize_t jsf_read(struct file * file, char * buf, 
253
    size_t togo, loff_t *ppos)
255
    size_t togo, loff_t *ppos)
254
{
256
{
255
	unsigned long p = *ppos;
257
	unsigned long p;
256
	char *tmp = buf;
258
	char *tmp = buf;
257
259
258
	union byte4 {
260
	union byte4 {
Lines 260-268 Link Here
260
		unsigned int n;
262
		unsigned int n;
261
	} b;
263
	} b;
262
264
263
	if (p < JSF_BASE_ALL || p >= JSF_BASE_TOP) {
265
	down(&jsflash_mutex);
266
	
267
	/* Range check in loff_t, then cut down for use */
268
	if (*ppos < JSF_BASE_ALL || *ppos >= JSF_BASE_TOP) {
269
		up(&jsflash_mutex);
264
		return 0;
270
		return 0;
265
	}
271
	}
272
	p = *ppos;
266
273
267
	if ((p + togo) < p	/* wrap */
274
	if ((p + togo) < p	/* wrap */
268
	   || (p + togo) >= JSF_BASE_TOP) {
275
	   || (p + togo) >= JSF_BASE_TOP) {
Lines 283-288 Link Here
283
		 * without regard to modversions,
290
		 * without regard to modversions,
284
		 * so we cannot build a module.
291
		 * so we cannot build a module.
285
		 */
292
		 */
293
		up(&jsflash_mutex);
286
		return 0;
294
		return 0;
287
#endif
295
#endif
288
	}
296
	}
Lines 291-297 Link Here
291
		togo -= 4;
299
		togo -= 4;
292
		b.n = jsf_inl(p);
300
		b.n = jsf_inl(p);
293
		if (copy_to_user(tmp, b.s, 4))
301
		if (copy_to_user(tmp, b.s, 4))
302
		{
303
			up(&jsflash_mutex);
294
			return -EFAULT;
304
			return -EFAULT;
305
		}
295
		tmp += 4;
306
		tmp += 4;
296
		p += 4;
307
		p += 4;
297
	}
308
	}
Lines 302-307 Link Here
302
	 */
313
	 */
303
314
304
	*ppos = p;
315
	*ppos = p;
316
	up(&jsflash_mutex);
305
	return tmp-buf;
317
	return tmp-buf;
306
}
318
}
307
319
(-)linux-2.6.7/drivers/scsi/osst.c (-2 / +3 lines)
Lines 3187-3193 Link Here
3187
	
3187
	
3188
	if (ppos != &filp->f_pos) {
3188
	if (ppos != &filp->f_pos) {
3189
	 	/* "A request was outside the capabilities of the device." */
3189
	 	/* "A request was outside the capabilities of the device." */
3190
		retval = (-ENXIO);
3190
		retval = (-ESPIPE);
3191
		goto out;
3191
		goto out;
3192
	}
3192
	}
3193
3193
Lines 3514-3520 Link Here
3514
	
3514
	
3515
	if (ppos != &filp->f_pos) {
3515
	if (ppos != &filp->f_pos) {
3516
		/* "A request was outside the capabilities of the device." */
3516
		/* "A request was outside the capabilities of the device." */
3517
		retval = (-ENXIO);
3517
		retval = (-ESPIPE);
3518
		goto out;
3518
		goto out;
3519
	}
3519
	}
3520
3520
Lines 5386-5391 Link Here
5386
	.owner =        THIS_MODULE,
5386
	.owner =        THIS_MODULE,
5387
	.read =         osst_read,
5387
	.read =         osst_read,
5388
	.write =        osst_write,
5388
	.write =        osst_write,
5389
	.llseek = 	no_llseek,
5389
	.ioctl =        osst_ioctl,
5390
	.ioctl =        osst_ioctl,
5390
	.open =         os_scsi_tape_open,
5391
	.open =         os_scsi_tape_open,
5391
	.flush =        os_scsi_tape_flush,
5392
	.flush =        os_scsi_tape_flush,
(-)linux-2.6.7/drivers/scsi/st.c (-1 / +2 lines)
Lines 1220-1226 Link Here
1220
1220
1221
	if (ppos != &filp->f_pos) {
1221
	if (ppos != &filp->f_pos) {
1222
		/* "A request was outside the capabilities of the device." */
1222
		/* "A request was outside the capabilities of the device." */
1223
		retval = (-ENXIO);
1223
		retval = (-ESPIPE);
1224
		goto out;
1224
		goto out;
1225
	}
1225
	}
1226
1226
Lines 3715-3720 Link Here
3715
	.read =		st_read,
3715
	.read =		st_read,
3716
	.write =	st_write,
3716
	.write =	st_write,
3717
	.ioctl =	st_ioctl,
3717
	.ioctl =	st_ioctl,
3718
	.llseek =	no_llseek,
3718
	.open =		st_open,
3719
	.open =		st_open,
3719
	.flush =	st_flush,
3720
	.flush =	st_flush,
3720
	.release =	st_release,
3721
	.release =	st_release,
(-)linux-2.6.7/drivers/telephony/ixj.c (-3 / +3 lines)
Lines 2857-2863 Link Here
2857
2857
2858
static ssize_t ixj_read(struct file * file_p, char *buf, size_t length, loff_t * ppos)
2858
static ssize_t ixj_read(struct file * file_p, char *buf, size_t length, loff_t * ppos)
2859
{
2859
{
2860
	unsigned long i = *ppos;
2860
	unsigned long i;
2861
	IXJ * j = get_ixj(NUM(file_p->f_dentry->d_inode));
2861
	IXJ * j = get_ixj(NUM(file_p->f_dentry->d_inode));
2862
2862
2863
	DECLARE_WAITQUEUE(wait, current);
2863
	DECLARE_WAITQUEUE(wait, current);
Lines 2937-2943 Link Here
2937
2937
2938
static ssize_t ixj_write(struct file *file_p, const char *buf, size_t count, loff_t * ppos)
2938
static ssize_t ixj_write(struct file *file_p, const char *buf, size_t count, loff_t * ppos)
2939
{
2939
{
2940
	unsigned long i = *ppos;
2940
	unsigned long i;
2941
	IXJ *j = file_p->private_data;
2941
	IXJ *j = file_p->private_data;
2942
2942
2943
	DECLARE_WAITQUEUE(wait, current);
2943
	DECLARE_WAITQUEUE(wait, current);
Lines 2983-2989 Link Here
2983
		j->flags.inwrite = 0;
2983
		j->flags.inwrite = 0;
2984
		return -EFAULT;
2984
		return -EFAULT;
2985
	}
2985
	}
2986
       if(j->play_codec == ALAW)
2986
        if(j->play_codec == ALAW)
2987
               alaw2ulaw(j->write_buffer_wp, min(count, j->write_buffer_size));
2987
               alaw2ulaw(j->write_buffer_wp, min(count, j->write_buffer_size));
2988
	j->flags.inwrite = 0;
2988
	j->flags.inwrite = 0;
2989
	return min(count, j->write_buffer_size);
2989
	return min(count, j->write_buffer_size);
(-)linux-2.6.7/drivers/usb/core/devices.c (-12 / +20 lines)
Lines 572-589 Link Here
572
{
572
{
573
	struct list_head *buslist;
573
	struct list_head *buslist;
574
	struct usb_bus *bus;
574
	struct usb_bus *bus;
575
	ssize_t ret, total_written = 0;
575
	ssize_t ret = 0, total_written = 0;
576
	loff_t skip_bytes = *ppos;
576
	loff_t skip_bytes = *ppos;
577
577
578
	if (*ppos < 0)
578
	down (&usb_bus_list_lock);
579
		return -EINVAL;
579
	
580
	if (skip_bytes < 0)
581
	{
582
		ret =  -EINVAL;
583
		goto error;
584
	}
580
	if (nbytes <= 0)
585
	if (nbytes <= 0)
581
		return 0;
586
		goto error;
582
	if (!access_ok(VERIFY_WRITE, buf, nbytes))
587
	if (!access_ok(VERIFY_WRITE, buf, nbytes))
583
		return -EFAULT;
588
	{
584
589
		ret =  -EFAULT;
590
		goto error;
591
	}
585
	/* enumerate busses */
592
	/* enumerate busses */
586
	down (&usb_bus_list_lock);
587
	for (buslist = usb_bus_list.next; buslist != &usb_bus_list; buslist = buslist->next) {
593
	for (buslist = usb_bus_list.next; buslist != &usb_bus_list; buslist = buslist->next) {
588
		/* print devices for this bus */
594
		/* print devices for this bus */
589
		bus = list_entry(buslist, struct usb_bus, bus_list);
595
		bus = list_entry(buslist, struct usb_bus, bus_list);
Lines 593-605 Link Here
593
		ret = usb_device_dump(&buf, &nbytes, &skip_bytes, ppos, bus->root_hub, bus, 0, 0, 0);
599
		ret = usb_device_dump(&buf, &nbytes, &skip_bytes, ppos, bus->root_hub, bus, 0, 0, 0);
594
		up(&bus->root_hub->serialize);
600
		up(&bus->root_hub->serialize);
595
		if (ret < 0) {
601
		if (ret < 0) {
596
			up(&usb_bus_list_lock);
602
			goto error;
597
			return ret;
598
		}
603
		}
599
		total_written += ret;
604
		total_written += ret;
600
	}
605
	}
606
	ret = total_written;
607
error:
601
	up (&usb_bus_list_lock);
608
	up (&usb_bus_list_lock);
602
	return total_written;
609
	return ret;
603
}
610
}
604
611
605
/* Kernel lock for "lastev" protection */
612
/* Kernel lock for "lastev" protection */
Lines 661-667 Link Here
661
{
668
{
662
	loff_t ret;
669
	loff_t ret;
663
670
664
	lock_kernel();
671
	/* This already guards the other users */
672
	down(&usb_bus_list_lock);
665
673
666
	switch (orig) {
674
	switch (orig) {
667
	case 0:
675
	case 0:
Lines 677-683 Link Here
677
		ret = -EINVAL;
685
		ret = -EINVAL;
678
	}
686
	}
679
687
680
	unlock_kernel();
688
	up(&usb_bus_list_lock);
681
	return ret;
689
	return ret;
682
}
690
}
683
691
(-)linux-2.6.7/drivers/usb/core/devio.c (-5 / +5 lines)
Lines 80-88 Link Here
80
static loff_t usbdev_lseek(struct file *file, loff_t offset, int orig)
80
static loff_t usbdev_lseek(struct file *file, loff_t offset, int orig)
81
{
81
{
82
	loff_t ret;
82
	loff_t ret;
83
	struct dev_state *ps = (struct dev_state *)file->private_data;
84
	struct usb_device *dev = ps->dev;
83
85
84
	lock_kernel();
86
	down(&dev->serialize);
85
86
	switch (orig) {
87
	switch (orig) {
87
	case 0:
88
	case 0:
88
		file->f_pos = offset;
89
		file->f_pos = offset;
Lines 96-103 Link Here
96
	default:
97
	default:
97
		ret = -EINVAL;
98
		ret = -EINVAL;
98
	}
99
	}
99
100
	up(&dev->serialize);
100
	unlock_kernel();
101
	return ret;
101
	return ret;
102
}
102
}
103
103
Lines 110-117 Link Here
110
	loff_t pos;
110
	loff_t pos;
111
	int i;
111
	int i;
112
112
113
	pos = *ppos;
114
	down(&dev->serialize);
113
	down(&dev->serialize);
114
	pos = *ppos;
115
	if (!connected(dev)) {
115
	if (!connected(dev)) {
116
		ret = -ENODEV;
116
		ret = -ENODEV;
117
		goto err;
117
		goto err;
(-)linux-2.6.7/drivers/usb/host/uhci-debug.c (-15 / +24 lines)
Lines 14-22 Link Here
14
#include <linux/proc_fs.h>
14
#include <linux/proc_fs.h>
15
#include <linux/smp_lock.h>
15
#include <linux/smp_lock.h>
16
#include <asm/io.h>
16
#include <asm/io.h>
17
#include <asm/semaphore.h>
17
18
18
#include "uhci-hcd.h"
19
#include "uhci-hcd.h"
19
20
21
DECLARE_MUTEX(uhci_debug_lock);
22
20
/* Handle REALLY large printk's so we don't overflow buffers */
23
/* Handle REALLY large printk's so we don't overflow buffers */
21
static inline void lprintk(char *buf)
24
static inline void lprintk(char *buf)
22
{
25
{
Lines 545-555 Link Here
545
548
546
static loff_t uhci_proc_lseek(struct file *file, loff_t off, int whence)
549
static loff_t uhci_proc_lseek(struct file *file, loff_t off, int whence)
547
{
550
{
548
	struct uhci_proc *up;
551
	struct uhci_proc *uproc;
549
	loff_t new = -1;
552
	loff_t new = -1;
550
553
551
	lock_kernel();
554
	down(&uhci_debug_lock);
552
	up = file->private_data;
555
	
556
	uproc = file->private_data;
553
557
554
	switch (whence) {
558
	switch (whence) {
555
	case 0:
559
	case 0:
Lines 559-591 Link Here
559
		new = file->f_pos + off;
563
		new = file->f_pos + off;
560
		break;
564
		break;
561
	}
565
	}
562
	if (new < 0 || new > up->size) {
566
	if (new < 0 || new > uproc->size) {
563
		unlock_kernel();
567
		up(&uhci_debug_lock);
564
		return -EINVAL;
568
		return -EINVAL;
565
	}
569
	}
566
	unlock_kernel();
570
	file->f_pos = new;
567
	return (file->f_pos = new);
571
	up(&uhci_debug_lock);
572
	return new;
568
}
573
}
569
574
570
static ssize_t uhci_proc_read(struct file *file, char __user *buf,
575
static ssize_t uhci_proc_read(struct file *file, char __user *buf,
571
				size_t nbytes, loff_t *ppos)
576
				size_t nbytes, loff_t *ppos)
572
{
577
{
573
	struct uhci_proc *up = file->private_data;
578
	struct uhci_proc *uproc = file->private_data;
574
	unsigned int pos;
579
	unsigned int pos;
575
	unsigned int size;
580
	unsigned int size;
576
581
582
	down(&uhci_debug_lock);
583
	
577
	pos = *ppos;
584
	pos = *ppos;
578
	size = up->size;
585
	size = uproc->size;
586
579
	if (pos >= size)
587
	if (pos >= size)
580
		return 0;
588
		nbytes = 0;
581
	if (nbytes > size - pos)
589
	else  if (nbytes > size - pos)
582
		nbytes = size - pos;
590
		nbytes = size - pos;
583
591
584
	if (copy_to_user(buf, up->data + pos, nbytes))
592
	if (copy_to_user(buf, uproc->data + pos, nbytes))
585
		return -EFAULT;
593
		nbytes = -EFAULT;
586
594
	else
587
	*ppos += nbytes;
595
		*ppos += nbytes;
588
596
597
	up(&uhci_debug_lock);
589
	return nbytes;
598
	return nbytes;
590
}
599
}
591
600
(-)linux-2.6.7/drivers/usb/media/pwc-if.c (-1 / +1 lines)
Lines 1140-1146 Link Here
1140
	int noblock = file->f_flags & O_NONBLOCK;
1140
	int noblock = file->f_flags & O_NONBLOCK;
1141
	DECLARE_WAITQUEUE(wait, current);
1141
	DECLARE_WAITQUEUE(wait, current);
1142
1142
1143
	Trace(TRACE_READ, "video_read(0x%p, %p, %d) called.\n", vdev, buf, count);
1143
	Trace(TRACE_READ, "video_read(0x%p, %p, %lu) called.\n", vdev, buf, count);
1144
	if (vdev == NULL)
1144
	if (vdev == NULL)
1145
		return -EFAULT;
1145
		return -EFAULT;
1146
	pdev = vdev->priv;
1146
	pdev = vdev->priv;
(-)linux-2.6.7/drivers/usb/media/vicam.c (-1 / +5 lines)
Lines 864-869 Link Here
864
{
864
{
865
	/* vicam_decode_color - Convert from Vicam Y-Cr-Cb to RGB
865
	/* vicam_decode_color - Convert from Vicam Y-Cr-Cb to RGB
866
	 * Copyright (C) 2002 Monroe Williams (monroe@pobox.com)
866
	 * Copyright (C) 2002 Monroe Williams (monroe@pobox.com)
867
	 *
868
	 * FIXME: camera should use V4L2 YCrCb return type now
867
	 */
869
	 */
868
870
869
	int i, prevY, nextY;
871
	int i, prevY, nextY;
Lines 1009-1016 Link Here
1009
1011
1010
	DBG("read %d bytes.\n", (int) count);
1012
	DBG("read %d bytes.\n", (int) count);
1011
1013
1014
	down(&cam->cam_lock);
1012
	if (*ppos >= VICAM_MAX_FRAME_SIZE) {
1015
	if (*ppos >= VICAM_MAX_FRAME_SIZE) {
1013
		*ppos = 0;
1016
		*ppos = 0;
1017
		up(&cam->cam_lock);
1014
		return 0;
1018
		return 0;
1015
	}
1019
	}
1016
1020
Lines 1032-1038 Link Here
1032
	if (count == VICAM_MAX_FRAME_SIZE) {
1036
	if (count == VICAM_MAX_FRAME_SIZE) {
1033
		*ppos = 0;
1037
		*ppos = 0;
1034
	}
1038
	}
1035
1039
	up(&cam->cam_lock);
1036
	return count;
1040
	return count;
1037
}
1041
}
1038
1042
(-)linux-2.6.7/drivers/usb/misc/auerswald.c (-3 / +3 lines)
Lines 1591-1597 Link Here
1591
	/* Error checking */
1591
	/* Error checking */
1592
	if (!ccp)
1592
	if (!ccp)
1593
		return -EIO;
1593
		return -EIO;
1594
	if (*ppos)
1594
	if (ppos != &file->f_pos)
1595
 		return -ESPIPE;
1595
 		return -ESPIPE;
1596
        if (count == 0)
1596
        if (count == 0)
1597
		return 0;
1597
		return 0;
Lines 1723-1730 Link Here
1723
	/* Error checking */
1723
	/* Error checking */
1724
	if (!ccp)
1724
	if (!ccp)
1725
		return -EIO;
1725
		return -EIO;
1726
        if (*ppos)
1726
	if (ppos != &file->f_pos)
1727
		return -ESPIPE;
1727
 		return -ESPIPE;
1728
        if (len == 0)
1728
        if (len == 0)
1729
                return 0;
1729
                return 0;
1730
1730
(-)linux-2.6.7/drivers/video/aty/radeon_base.c (-23 / +38 lines)
Lines 1698-1756 Link Here
1698
1698
1699
static ssize_t radeonfb_read(struct file *file, char *buf, size_t count, loff_t *ppos)
1699
static ssize_t radeonfb_read(struct file *file, char *buf, size_t count, loff_t *ppos)
1700
{
1700
{
1701
	unsigned long p = *ppos;
1701
	unsigned long p;
1702
	struct inode *inode = file->f_dentry->d_inode;
1702
	struct inode *inode = file->f_dentry->d_inode;
1703
	int fbidx = iminor(inode);
1703
	int fbidx = iminor(inode);
1704
	struct fb_info *info = registered_fb[fbidx];
1704
	struct fb_info *info = registered_fb[fbidx];
1705
	struct radeonfb_info *rinfo = info->par;
1705
	struct radeonfb_info *rinfo = info->par;
1706
	
1706
	
1707
	if (p >= rinfo->mapped_vram)
1707
	down(&info->mutex);
1708
	    return 0;
1708
	p = *ppos;
1709
	if (*ppos  >= rinfo->mapped_vram || p + count > p)
1710
	{
1711
		up(&info->mutex);
1712
		return 0;
1713
	}
1709
	if (count >= rinfo->mapped_vram)
1714
	if (count >= rinfo->mapped_vram)
1710
	    count = rinfo->mapped_vram;
1715
		count = rinfo->mapped_vram;
1711
	if (count + p > rinfo->mapped_vram)
1716
	if (count > rinfo->mapped_vram - p)
1712
		count = rinfo->mapped_vram - p;
1717
		count = rinfo->mapped_vram - p;
1713
	radeonfb_sync(info);
1718
	radeonfb_sync(info);
1719
	
1714
	if (count) {
1720
	if (count) {
1715
	    char *base_addr;
1721
		char *base_addr;
1716
1722
1717
	    base_addr = info->screen_base;
1723
		base_addr = info->screen_base;
1718
	    count -= copy_to_user(buf, base_addr+p, count);
1724
		count -= copy_to_user(buf, base_addr+p, count);
1719
	    if (!count)
1725
		if (!count)
1720
		return -EFAULT;
1726
			count = -EFAULT;
1721
	    *ppos += count;
1727
		else
1728
			*ppos += count;
1722
	}
1729
	}
1730
	up(&info->mutex);
1723
	return count;
1731
	return count;
1724
}
1732
}
1725
1733
1726
static ssize_t radeonfb_write(struct file *file, const char *buf, size_t count,
1734
static ssize_t radeonfb_write(struct file *file, const char *buf, size_t count,
1727
			      loff_t *ppos)
1735
			      loff_t *ppos)
1728
{
1736
{
1729
	unsigned long p = *ppos;
1737
	unsigned long p;
1730
	struct inode *inode = file->f_dentry->d_inode;
1738
	struct inode *inode = file->f_dentry->d_inode;
1731
	int fbidx = iminor(inode);
1739
	int fbidx = iminor(inode);
1732
	struct fb_info *info = registered_fb[fbidx];
1740
	struct fb_info *info = registered_fb[fbidx];
1733
	struct radeonfb_info *rinfo = info->par;
1741
	struct radeonfb_info *rinfo = info->par;
1734
	int err;
1742
	int err;
1735
1743
1736
	if (p > rinfo->mapped_vram)
1744
	down(&info->mutex);
1737
	    return -ENOSPC;
1745
	p = *ppos; /* truncated */
1746
	if (*ppos > rinfo->mapped_vram || p + count > p)
1747
	{
1748
		up(&info->mutex);
1749
		return -ENOSPC;
1750
	}
1738
	if (count >= rinfo->mapped_vram)
1751
	if (count >= rinfo->mapped_vram)
1739
	    count = rinfo->mapped_vram;
1752
		count = rinfo->mapped_vram;
1740
	err = 0;
1753
	err = 0;
1741
	if (count + p > rinfo->mapped_vram) {
1754
	if (count > p - rinfo->mapped_vram) {
1742
	    count = rinfo->mapped_vram - p;
1755
		count = rinfo->mapped_vram - p;
1743
	    err = -ENOSPC;
1756
		err = -ENOSPC;
1744
	}
1757
	}
1745
	radeonfb_sync(info);
1758
	radeonfb_sync(info);
1759
	
1746
	if (count) {
1760
	if (count) {
1747
	    char *base_addr;
1761
		char *base_addr;
1748
1762
1749
	    base_addr = info->screen_base;
1763
		base_addr = info->screen_base;
1750
	    count -= copy_from_user(base_addr+p, buf, count);
1764
		count -= copy_from_user(base_addr+p, buf, count);
1751
	    *ppos += count;
1765
		*ppos += count;
1752
	    err = -EFAULT;
1766
		err = -EFAULT;
1753
	}
1767
	}
1768
	up(&info->mutex);
1754
	if (count)
1769
	if (count)
1755
		return count;
1770
		return count;
1756
	return err;
1771
	return err;
(-)linux-2.6.7/drivers/video/fbmem.c (-27 / +62 lines)
Lines 804-810 Link Here
804
static ssize_t
804
static ssize_t
805
fb_read(struct file *file, char *buf, size_t count, loff_t *ppos)
805
fb_read(struct file *file, char *buf, size_t count, loff_t *ppos)
806
{
806
{
807
	unsigned long p = *ppos;
807
	loff_t p;
808
	struct inode *inode = file->f_dentry->d_inode;
808
	struct inode *inode = file->f_dentry->d_inode;
809
	int fbidx = iminor(inode);
809
	int fbidx = iminor(inode);
810
	struct fb_info *info = registered_fb[fbidx];
810
	struct fb_info *info = registered_fb[fbidx];
Lines 817-851 Link Here
817
817
818
	if (info->fbops->fb_read)
818
	if (info->fbops->fb_read)
819
		return info->fbops->fb_read(file, buf, count, ppos);
819
		return info->fbops->fb_read(file, buf, count, ppos);
820
821
	down(&info->mutex);	
822
	if (*ppos >= info->fix.smem_len)
823
	{
824
		count = 0;
825
		goto error;
826
	}
827
	p = *ppos;
820
	
828
	
821
	if (p >= info->fix.smem_len)
829
	if (count > info->fix.smem_len - p)
822
	    return 0;
823
	if (count >= info->fix.smem_len)
824
	    count = info->fix.smem_len;
825
	if (count + p > info->fix.smem_len)
826
		count = info->fix.smem_len - p;
830
		count = info->fix.smem_len - p;
827
	if (info->fbops->fb_sync)
831
	if (info->fbops->fb_sync)
828
		info->fbops->fb_sync(info);
832
		info->fbops->fb_sync(info);
829
	if (count) {
833
	if (count) {
830
	    char *base_addr;
834
		char *base_addr;
831
835
832
	    base_addr = info->screen_base;
836
		base_addr = info->screen_base;
833
	    count -= copy_to_user(buf, base_addr+p, count);
837
		count -= copy_to_user(buf, base_addr + p, count);
834
	    if (!count)
838
		if (!count)
835
		return -EFAULT;
839
			count = -EFAULT;
836
	    *ppos += count;
840
		else
841
			*ppos += count;
837
	}
842
	}
843
error:	
844
	up(&info->mutex);
838
	return count;
845
	return count;
839
}
846
}
840
847
841
static ssize_t
848
static ssize_t
842
fb_write(struct file *file, const char *buf, size_t count, loff_t *ppos)
849
fb_write(struct file *file, const char *buf, size_t count, loff_t *ppos)
843
{
850
{
844
	unsigned long p = *ppos;
851
	loff_t p;
845
	struct inode *inode = file->f_dentry->d_inode;
852
	struct inode *inode = file->f_dentry->d_inode;
846
	int fbidx = iminor(inode);
853
	int fbidx = iminor(inode);
847
	struct fb_info *info = registered_fb[fbidx];
854
	struct fb_info *info = registered_fb[fbidx];
848
	int err;
855
	int err = -ENOSPC;
849
856
850
	if (!info || !info->screen_base)
857
	if (!info || !info->screen_base)
851
		return -ENODEV;
858
		return -ENODEV;
Lines 856-885 Link Here
856
	if (info->fbops->fb_write)
863
	if (info->fbops->fb_write)
857
		return info->fbops->fb_write(file, buf, count, ppos);
864
		return info->fbops->fb_write(file, buf, count, ppos);
858
	
865
	
859
	if (p > info->fix.smem_len)
866
	down(&info->mutex);	
860
	    return -ENOSPC;
867
	if (*ppos >= info->fix.smem_len)
861
	if (count >= info->fix.smem_len)
868
		goto err;
862
	    count = info->fix.smem_len;
869
	p = *ppos;
870
	if (count > info->fix.smem_len - p)
871
		count = info->fix.smem_len - p;
872
		
863
	err = 0;
873
	err = 0;
864
	if (count + p > info->fix.smem_len) {
865
	    count = info->fix.smem_len - p;
866
	    err = -ENOSPC;
867
	}
868
	if (info->fbops->fb_sync)
874
	if (info->fbops->fb_sync)
869
		info->fbops->fb_sync(info);
875
		info->fbops->fb_sync(info);
870
	if (count) {
876
	if (count) {
871
	    char *base_addr;
877
	    char *base_addr = info->screen_base;
872
873
	    base_addr = info->screen_base;
874
	    count -= copy_from_user(base_addr+p, buf, count);
878
	    count -= copy_from_user(base_addr+p, buf, count);
875
	    *ppos += count;
879
	    *ppos += count;
876
	    err = -EFAULT;
880
	    err = -EFAULT;
881
	    if (count)
882
		err = count;
877
	}
883
	}
878
	if (count)
884
err:
879
		return count;
885
	up(&info->mutex);
880
	return err;
886
	return err;
881
}
887
}
882
888
889
loff_t fb_llseek(struct file *file, loff_t offset, int origin)
890
{
891
	struct inode *inode = file->f_dentry->d_inode;
892
	int fbidx = iminor(inode);
893
	struct fb_info *info = registered_fb[fbidx];
894
	loff_t retval;
895
	
896
	down(&info->mutex);
897
	switch (origin) {
898
		case 2:
899
			offset += i_size_read(file->f_dentry->d_inode);
900
			break;
901
		case 1:
902
			offset += file->f_pos;
903
	}
904
	retval = -EINVAL;
905
	if (offset >= 0) {
906
		if (offset != file->f_pos) {
907
			file->f_pos = offset;
908
			file->f_version = 0;
909
		}
910
		retval = offset;
911
	}
912
	up(&info->mutex);
913
	return retval;
914
}
915
883
#ifdef CONFIG_KMOD
916
#ifdef CONFIG_KMOD
884
static void try_to_load(int fb)
917
static void try_to_load(int fb)
885
{
918
{
Lines 1254-1259 Link Here
1254
	.owner =	THIS_MODULE,
1287
	.owner =	THIS_MODULE,
1255
	.read =		fb_read,
1288
	.read =		fb_read,
1256
	.write =	fb_write,
1289
	.write =	fb_write,
1290
	.llseek = 	fb_llseek,
1257
	.ioctl =	fb_ioctl,
1291
	.ioctl =	fb_ioctl,
1258
	.mmap =		fb_mmap,
1292
	.mmap =		fb_mmap,
1259
	.open =		fb_open,
1293
	.open =		fb_open,
Lines 1327-1332 Link Here
1327
	if (fb_info->sprite.inbuf == NULL)
1361
	if (fb_info->sprite.inbuf == NULL)
1328
		fb_info->sprite.inbuf = fb_sys_inbuf;
1362
		fb_info->sprite.inbuf = fb_sys_inbuf;
1329
1363
1364
	init_MUTEX(&fb_info->mutex);
1330
	registered_fb[i] = fb_info;
1365
	registered_fb[i] = fb_info;
1331
1366
1332
	devfs_mk_cdev(MKDEV(FB_MAJOR, i),
1367
	devfs_mk_cdev(MKDEV(FB_MAJOR, i),
(-)linux-2.6.7/drivers/video/pvr2fb.c (-3 / +9 lines)
Lines 678-683 Link Here
678
static ssize_t pvr2fb_write(struct file *file, const char *buf,
678
static ssize_t pvr2fb_write(struct file *file, const char *buf,
679
			    size_t count, loff_t *ppos)
679
			    size_t count, loff_t *ppos)
680
{
680
{
681
	struct inode *inode = file->f_dentry->d_inode;
682
	int fbidx = iminor(inode);
683
	struct fb_info *info = registered_fb[fbidx];
681
	unsigned long dst, start, end, len;
684
	unsigned long dst, start, end, len;
682
	unsigned int nr_pages;
685
	unsigned int nr_pages;
683
	struct page **pages;
686
	struct page **pages;
Lines 701-707 Link Here
701
	}
704
	}
702
705
703
	dma_configure_channel(shdma, 0x12c1);
706
	dma_configure_channel(shdma, 0x12c1);
704
	
707
708
	down(&info->mutex);	
705
	dst   = (unsigned long)fb_info->screen_base + *ppos;
709
	dst   = (unsigned long)fb_info->screen_base + *ppos;
706
	start = (unsigned long)page_address(pages[0]);
710
	start = (unsigned long)page_address(pages[0]);
707
	end   = (unsigned long)page_address(pages[nr_pages]);
711
	end   = (unsigned long)page_address(pages[nr_pages]);
Lines 712-718 Link Here
712
		/* As we do this in one shot, it's either all or nothing.. */
716
		/* As we do this in one shot, it's either all or nothing.. */
713
		if ((*ppos + len) > fb_info->fix.smem_len) {
717
		if ((*ppos + len) > fb_info->fix.smem_len) {
714
			ret = -ENOSPC;
718
			ret = -ENOSPC;
715
			goto out_unmap;
719
			goto out_unmap_unlock;
716
		}
720
		}
717
721
718
		dma_write(shdma, start, 0, len);
722
		dma_write(shdma, start, 0, len);
Lines 726-732 Link Here
726
	for (i = 0; i < nr_pages; i++, dst += PAGE_SIZE) {
730
	for (i = 0; i < nr_pages; i++, dst += PAGE_SIZE) {
727
		if ((*ppos + (i << PAGE_SHIFT)) > fb_info->fix.smem_len) {
731
		if ((*ppos + (i << PAGE_SHIFT)) > fb_info->fix.smem_len) {
728
			ret = -ENOSPC;
732
			ret = -ENOSPC;
729
			goto out_unmap;
733
			goto out_unmap_unlock;
730
		}
734
		}
731
735
732
		dma_write_page(shdma, (unsigned long)page_address(pages[i]), 0);
736
		dma_write_page(shdma, (unsigned long)page_address(pages[i]), 0);
Lines 738-743 Link Here
738
	*ppos += count;
742
	*ppos += count;
739
	ret = count;
743
	ret = count;
740
744
745
out_unmap_unlock:
746
	up(&info->mutex);	
741
out_unmap:
747
out_unmap:
742
	for (i = 0; i < nr_pages; i++)
748
	for (i = 0; i < nr_pages; i++)
743
		page_cache_release(pages[i]);
749
		page_cache_release(pages[i]);
(-)linux-2.6.7/drivers/video/stifb.c (-29 / +46 lines)
Lines 916-922 Link Here
916
static ssize_t
916
static ssize_t
917
stifb_read(struct file *file, char *buf, size_t count, loff_t *ppos)
917
stifb_read(struct file *file, char *buf, size_t count, loff_t *ppos)
918
{
918
{
919
	unsigned long p = *ppos;
919
	unsigned long p;
920
	struct inode *inode = file->f_dentry->d_inode;
920
	struct inode *inode = file->f_dentry->d_inode;
921
	int fbidx = iminor(inode);
921
	int fbidx = iminor(inode);
922
	struct fb_info *info = registered_fb[fbidx];
922
	struct fb_info *info = registered_fb[fbidx];
Lines 925-948 Link Here
925
	if (!info || ! info->screen_base)
925
	if (!info || ! info->screen_base)
926
		return -ENODEV;
926
		return -ENODEV;
927
927
928
	if (p >= info->fix.smem_len)
928
	down(&info->mutex);
929
	    return 0;
929
	
930
	p = *ppos;
931
	
932
	if (*ppos >= info->fix.smem_len || count + p > p)
933
	{
934
		up(&info->mutex);
935
		return 0;
936
	}
930
	if (count >= info->fix.smem_len)
937
	if (count >= info->fix.smem_len)
931
	    count = info->fix.smem_len;
938
		count = info->fix.smem_len;
932
	if (count + p > info->fix.smem_len)
939
	if (count + p > info->fix.smem_len)
933
		count = info->fix.smem_len - p;
940
		count = info->fix.smem_len - p;
934
	if (count > sizeof(tmpbuf))
941
	if (count > sizeof(tmpbuf))
935
		count = sizeof(tmpbuf);
942
		count = sizeof(tmpbuf);
936
	if (count) {
943
	if (count) {
937
	    char *base_addr;
944
		char *base_addr;
938
945
939
	    base_addr = info->screen_base;
946
		base_addr = info->screen_base;
940
	    memcpy_fromio(&tmpbuf, base_addr+p, count);
947
		memcpy_fromio(&tmpbuf, base_addr + p, count);
941
	    count -= copy_to_user(buf, &tmpbuf, count);
948
		count -= copy_to_user(buf, &tmpbuf, count);
942
	    if (!count)
949
		if (!count)
943
		return -EFAULT;
950
			count = -EFAULT;
944
	    *ppos += count;
951
		else
952
			*ppos += count;
945
	}
953
	}
954
	up(&info->mutex);
946
	return count;
955
	return count;
947
}
956
}
948
957
Lines 952-958 Link Here
952
	struct inode *inode = file->f_dentry->d_inode;
961
	struct inode *inode = file->f_dentry->d_inode;
953
	int fbidx = iminor(inode);
962
	int fbidx = iminor(inode);
954
	struct fb_info *info = registered_fb[fbidx];
963
	struct fb_info *info = registered_fb[fbidx];
955
	unsigned long p = *ppos;
964
	unsigned long p;
956
	size_t c;
965
	size_t c;
957
	int err;
966
	int err;
958
	char tmpbuf[TMPBUFLEN];
967
	char tmpbuf[TMPBUFLEN];
Lines 960-990 Link Here
960
	if (!info || !info->screen_base)
969
	if (!info || !info->screen_base)
961
		return -ENODEV;
970
		return -ENODEV;
962
971
963
	if (p > info->fix.smem_len)
972
	down(&info->mutex);
964
	    return -ENOSPC;
973
	p = *ppos;	/* Truncated version */
974
	
975
	if (*ppos  > info->fix.smem_len || p + count > p)
976
	{
977
		up(&info->mutex);
978
		return -ENOSPC;
979
	}
980
965
	if (count >= info->fix.smem_len)
981
	if (count >= info->fix.smem_len)
966
	    count = info->fix.smem_len;
982
		count = info->fix.smem_len;
967
	err = 0;
983
	err = 0;
968
	if (count + p > info->fix.smem_len) {
984
	if (count + p > info->fix.smem_len) {
969
	    count = info->fix.smem_len - p;
985
		count = info->fix.smem_len - p;
970
	    err = -ENOSPC;
986
		err = -ENOSPC;
971
	}
987
	}
972
988
973
	p += (unsigned long)info->screen_base;
989
	p += (unsigned long)info->screen_base;
974
	c = count;
990
	c = count;
975
	while (c) {
991
	while (c) {
976
	    int len = c > sizeof(tmpbuf) ? sizeof(tmpbuf) : c;
992
		int len = c > sizeof(tmpbuf) ? sizeof(tmpbuf) : c;
977
	    err = -EFAULT;
993
		err = -EFAULT;
978
	    if (copy_from_user(&tmpbuf, buf, len))
994
		if (copy_from_user(&tmpbuf, buf, len))
979
		    break;
995
			break;
980
	    memcpy_toio(p, &tmpbuf, len);
996
		memcpy_toio(p, &tmpbuf, len);
981
	    c -= len;
997
		c -= len;
982
	    p += len;
998
		p += len;
983
	    buf += len;
999
		buf += len;
984
	    *ppos += len;
1000
		*ppos += len;
985
	}
1001
	}
986
	if (count-c)
1002
	up(&info->mutex);
987
		return (count-c);
1003
	if (count - c)
1004
		return count - c;
988
	return err;
1005
	return err;
989
}
1006
}
990
1007
(-)linux-2.6.7/drivers/zorro/proc.c (-6 / +20 lines)
Lines 18-30 Link Here
18
#include <asm/uaccess.h>
18
#include <asm/uaccess.h>
19
#include <asm/amigahw.h>
19
#include <asm/amigahw.h>
20
#include <asm/setup.h>
20
#include <asm/setup.h>
21
#include <asm/semaphore.h>
22
23
static DECLARE_MUTEX(zorro_proc_lock);
21
24
22
static loff_t
25
static loff_t
23
proc_bus_zorro_lseek(struct file *file, loff_t off, int whence)
26
proc_bus_zorro_lseek(struct file *file, loff_t off, int whence)
24
{
27
{
25
	loff_t new = -1;
28
	loff_t new = -1;
26
29
27
	lock_kernel();
30
	down(&zorro_proc_lock);
31
	
28
	switch (whence) {
32
	switch (whence) {
29
	case 0:
33
	case 0:
30
		new = off;
34
		new = off;
Lines 37-47 Link Here
37
		break;
41
		break;
38
	}
42
	}
39
	if (new < 0 || new > sizeof(struct ConfigDev)) {
43
	if (new < 0 || new > sizeof(struct ConfigDev)) {
40
		unlock_kernel();
44
		up(&zorro_proc_lock);
41
		return -EINVAL;
45
		return -EINVAL;
42
	}
46
	}
43
	unlock_kernel();
47
	file->f_pos = new;
44
	return (file->f_pos = new);
48
	up(&zorro_proc_lock);
49
	return file->f_pos;
45
}
50
}
46
51
47
static ssize_t
52
static ssize_t
Lines 51-60 Link Here
51
	struct proc_dir_entry *dp = PDE(ino);
56
	struct proc_dir_entry *dp = PDE(ino);
52
	struct zorro_dev *z = dp->data;
57
	struct zorro_dev *z = dp->data;
53
	struct ConfigDev cd;
58
	struct ConfigDev cd;
54
	loff_t pos = *ppos;
59
	loff_t pos;
60
61
	down(&zorro_proc_lock);
55
62
63
	pos = *ppos;
56
	if (pos >= sizeof(struct ConfigDev))
64
	if (pos >= sizeof(struct ConfigDev))
65
	{
66
		up(&zorro_proc_lock);
57
		return 0;
67
		return 0;
68
	}
58
	if (nbytes >= sizeof(struct ConfigDev))
69
	if (nbytes >= sizeof(struct ConfigDev))
59
		nbytes = sizeof(struct ConfigDev);
70
		nbytes = sizeof(struct ConfigDev);
60
	if (pos + nbytes > sizeof(struct ConfigDev))
71
	if (pos + nbytes > sizeof(struct ConfigDev))
Lines 69-77 Link Here
69
	cd.cd_BoardSize = zorro_resource_len(z);
80
	cd.cd_BoardSize = zorro_resource_len(z);
70
81
71
	if (copy_to_user(buf, &cd, nbytes))
82
	if (copy_to_user(buf, &cd, nbytes))
83
	{
84
		up(&zorro_proc_lock);
72
		return -EFAULT;
85
		return -EFAULT;
86
	}
73
	*ppos += nbytes;
87
	*ppos += nbytes;
74
88
	up(&zorro_proc_lock);
75
	return nbytes;
89
	return nbytes;
76
}
90
}
77
91
(-)linux-2.6.7/fs/cifs/file.c (-5 / +10 lines)
Lines 584-589 Link Here
584
	struct cifsTconInfo *pTcon;
584
	struct cifsTconInfo *pTcon;
585
	int xid, long_op;
585
	int xid, long_op;
586
	struct cifsFileInfo * open_file;
586
	struct cifsFileInfo * open_file;
587
	loff_t offset = *poffset;
587
588
588
	if(file->f_dentry == NULL)
589
	if(file->f_dentry == NULL)
589
		return -EBADF;
590
		return -EBADF;
Lines 608-614 Link Here
608
		return -EBADF;
609
		return -EBADF;
609
	}
610
	}
610
611
611
	if (*poffset > file->f_dentry->d_inode->i_size)
612
	if (offset > file->f_dentry->d_inode->i_size)
612
		long_op = 2;  /* writes past end of file can take a long time */
613
		long_op = 2;  /* writes past end of file can take a long time */
613
	else
614
	else
614
		long_op = 1;
615
		long_op = 1;
Lines 649-656 Link Here
649
				FreeXid(xid);
650
				FreeXid(xid);
650
				return rc;
651
				return rc;
651
			}
652
			}
652
		} else
653
		} else {
653
			*poffset += bytes_written;
654
			offset += bytes_written;
655
			*poffset = offset;
656
		}
654
		long_op = FALSE; /* subsequent writes fast - 15 seconds is plenty */
657
		long_op = FALSE; /* subsequent writes fast - 15 seconds is plenty */
655
	}
658
	}
656
659
Lines 966-971 Link Here
966
	int xid;
969
	int xid;
967
	char * current_offset;
970
	char * current_offset;
968
	struct cifsFileInfo * open_file;
971
	struct cifsFileInfo * open_file;
972
	loff_t loffset = * poffset;
969
973
970
	xid = GetXid();
974
	xid = GetXid();
971
	cifs_sb = CIFS_SB(file->f_dentry->d_sb);
975
	cifs_sb = CIFS_SB(file->f_dentry->d_sb);
Lines 995-1001 Link Here
995
999
996
			rc = CIFSSMBRead(xid, pTcon,
1000
			rc = CIFSSMBRead(xid, pTcon,
997
				 open_file->netfid,
1001
				 open_file->netfid,
998
				 current_read_size, *poffset,
1002
				 current_read_size, loffset,
999
				 &bytes_read, &current_offset);
1003
				 &bytes_read, &current_offset);
1000
		}
1004
		}
1001
		if (rc || (bytes_read == 0)) {
1005
		if (rc || (bytes_read == 0)) {
Lines 1012-1018 Link Here
1012
			pTcon->bytes_read += total_read;
1016
			pTcon->bytes_read += total_read;
1013
			spin_unlock(&pTcon->stat_lock);
1017
			spin_unlock(&pTcon->stat_lock);
1014
#endif
1018
#endif
1015
			*poffset += bytes_read;
1019
			loffset += bytes_read;
1020
			*poffset = loffset;
1016
		}
1021
		}
1017
	}
1022
	}
1018
	FreeXid(xid);
1023
	FreeXid(xid);
(-)linux-2.6.7/fs/openpromfs/inode.c (-29 / +41 lines)
Lines 68-85 Link Here
68
			    size_t count, loff_t *ppos)
68
			    size_t count, loff_t *ppos)
69
{
69
{
70
	struct inode *inode = file->f_dentry->d_inode;
70
	struct inode *inode = file->f_dentry->d_inode;
71
	loff_t pos = *ppos;
71
	char buffer[10];
72
	char buffer[10];
72
	
73
	
74
	/* FIXME: add proper seek locking */
75
	if (pos != (unsigned int)pos || pos >= 9)
76
		return -0;
77
	
73
	if (count < 0 || !inode->u.generic_ip)
78
	if (count < 0 || !inode->u.generic_ip)
74
		return -EINVAL;
79
		return -EINVAL;
75
	sprintf (buffer, "%8.8x\n", (u32)(long)(inode->u.generic_ip));
80
	sprintf (buffer, "%8.8x\n", (u32)(long)(inode->u.generic_ip));
76
	if (file->f_pos >= 9)
81
	if (count > 9 - pos)
77
		return 0;
82
		count = 9 - pos;
78
	if (count > 9 - file->f_pos)
83
	if (copy_to_user(buf, buffer + pos, count))
79
		count = 9 - file->f_pos;
80
	if (copy_to_user(buf, buffer + file->f_pos, count))
81
		return -EFAULT;
84
		return -EFAULT;
82
	file->f_pos += count;
85
	*ppos = pos + count;
83
	return count;
86
	return count;
84
}
87
}
85
88
Lines 93-100 Link Here
93
	u32 *q;
96
	u32 *q;
94
	openprom_property *op;
97
	openprom_property *op;
95
	char buffer[64];
98
	char buffer[64];
99
	loff_t pos = *ppos;
96
	
100
	
97
	if (filp->f_pos >= 0xffffff || count >= 0xffffff)
101
	/* FIXME: add proper seek locking */
102
	
103
	if (pos < 0 || pos >= 0xffffff || count >= 0xffffff)
98
		return -EINVAL;
104
		return -EINVAL;
99
	if (!filp->private_data) {
105
	if (!filp->private_data) {
100
		node = nodes[(u16)((long)inode->u.generic_ip)].node;
106
		node = nodes[(u16)((long)inode->u.generic_ip)].node;
Lines 180-186 Link Here
180
	} else {
186
	} else {
181
		i = (op->len << 1) + 1;
187
		i = (op->len << 1) + 1;
182
	}
188
	}
183
	k = filp->f_pos;
189
	k = pos;
184
	if (k >= i) return 0;
190
	if (k >= i) return 0;
185
	if (count > i - k) count = i - k;
191
	if (count > i - k) count = i - k;
186
	if (op->flag & OPP_STRING) {
192
	if (op->flag & OPP_STRING) {
Lines 197-203 Link Here
197
			j = count;
203
			j = count;
198
204
199
		if (j >= 0) {
205
		if (j >= 0) {
200
			if (copy_to_user(buf + k - filp->f_pos,
206
			if (copy_to_user(buf + k - pos,
201
					 op->value + k - 1, j))
207
					 op->value + k - 1, j))
202
				return -EFAULT;
208
				return -EFAULT;
203
			count -= j;
209
			count -= j;
Lines 205-215 Link Here
205
		}
211
		}
206
212
207
		if (count) {
213
		if (count) {
208
			if (put_user('\'', &buf [k++ - filp->f_pos]))
214
			if (put_user('\'', &buf [k++ - pos]))
209
				return -EFAULT;
215
				return -EFAULT;
210
		}
216
		}
211
		if (count > 1) {
217
		if (count > 1) {
212
			if (put_user('\n', &buf [k++ - filp->f_pos]))
218
			if (put_user('\n', &buf [k++ - pos]))
213
				return -EFAULT;
219
				return -EFAULT;
214
		}
220
		}
215
	} else if (op->flag & OPP_STRINGLIST) {
221
	} else if (op->flag & OPP_STRINGLIST) {
Lines 287-293 Link Here
287
		if ((k < i - 1) && (k & 1)) {
293
		if ((k < i - 1) && (k & 1)) {
288
			sprintf (buffer, "%02x",
294
			sprintf (buffer, "%02x",
289
				 (unsigned char) *(op->value + (k >> 1)) & 0xff);
295
				 (unsigned char) *(op->value + (k >> 1)) & 0xff);
290
			if (put_user(buffer[1], &buf[k++ - filp->f_pos]))
296
			if (put_user(buffer[1], &buf[k++ - pos]))
291
				return -EFAULT;
297
				return -EFAULT;
292
			count--;
298
			count--;
293
		}
299
		}
Lines 295-301 Link Here
295
		for (; (count > 1) && (k < i - 1); k += 2) {
301
		for (; (count > 1) && (k < i - 1); k += 2) {
296
			sprintf (buffer, "%02x",
302
			sprintf (buffer, "%02x",
297
				 (unsigned char) *(op->value + (k >> 1)) & 0xff);
303
				 (unsigned char) *(op->value + (k >> 1)) & 0xff);
298
			if (copy_to_user(buf + k - filp->f_pos, buffer, 2))
304
			if (copy_to_user(buf + k - pos, buffer, 2))
299
				return -EFAULT;
305
				return -EFAULT;
300
			count -= 2;
306
			count -= 2;
301
		}
307
		}
Lines 303-340 Link Here
303
		if (count && (k < i - 1)) {
309
		if (count && (k < i - 1)) {
304
			sprintf (buffer, "%02x",
310
			sprintf (buffer, "%02x",
305
				 (unsigned char) *(op->value + (k >> 1)) & 0xff);
311
				 (unsigned char) *(op->value + (k >> 1)) & 0xff);
306
			if (put_user(buffer[0], &buf[k++ - filp->f_pos]))
312
			if (put_user(buffer[0], &buf[k++ - pos]))
307
				return -EFAULT;
313
				return -EFAULT;
308
			count--;
314
			count--;
309
		}
315
		}
310
316
311
		if (count) {
317
		if (count) {
312
			if (put_user('\n', &buf [k++ - filp->f_pos]))
318
			if (put_user('\n', &buf [k++ - pos]))
313
				return -EFAULT;
319
				return -EFAULT;
314
		}
320
		}
315
	}
321
	}
316
	count = k - filp->f_pos;
322
	count = k - pos;
317
	filp->f_pos = k;
323
	*ppos = k;
318
	return count;
324
	return count;
319
}
325
}
320
326
321
static ssize_t property_write(struct file *filp, const char *buf,
327
static ssize_t property_write(struct file *filp, const char *buf,
322
			      size_t count, loff_t *ppos)
328
			      size_t count, loff_t *ppos)
323
{
329
{
330
	loff_t pos = *ppos;
324
	int i, j, k;
331
	int i, j, k;
325
	char *p;
332
	char *p;
326
	u32 *q;
333
	u32 *q;
327
	void *b;
334
	void *b;
328
	openprom_property *op;
335
	openprom_property *op;
329
	
336
	
330
	if (filp->f_pos >= 0xffffff || count >= 0xffffff)
337
	/* FIXME: add proper seek locking */
338
	
339
	if (pos < 0 || pos >= 0xffffff || count >= 0xffffff)
331
		return -EINVAL;
340
		return -EINVAL;
332
	if (!filp->private_data) {
341
	if (!filp->private_data) {
333
		i = property_read (filp, NULL, 0, 0);
342
		i = property_read (filp, NULL, 0, 0);
334
		if (i)
343
		if (i)
335
			return i;
344
			return i;
336
	}
345
	}
337
	k = filp->f_pos;
346
	k = pos;
338
	op = (openprom_property *)filp->private_data;
347
	op = (openprom_property *)filp->private_data;
339
	if (!(op->flag & OPP_STRING)) {
348
	if (!(op->flag & OPP_STRING)) {
340
		u32 *first, *last;
349
		u32 *first, *last;
Lines 462-468 Link Here
462
				op->len = i;
471
				op->len = i;
463
		} else
472
		} else
464
			op->len = i;
473
			op->len = i;
465
		filp->f_pos += count;
474
		pos += count;
466
	}
475
	}
467
write_try_string:
476
write_try_string:
468
	if (!(op->flag & OPP_BINARY)) {
477
	if (!(op->flag & OPP_BINARY)) {
Lines 480-486 Link Here
480
				op->flag |= OPP_QUOTED;
489
				op->flag |= OPP_QUOTED;
481
				buf++;
490
				buf++;
482
				count--;
491
				count--;
483
				filp->f_pos++;
492
				pos++;
493
				*ppos = pos;
484
				if (!count) {
494
				if (!count) {
485
					op->flag |= OPP_STRING;
495
					op->flag |= OPP_STRING;
486
					return 1;
496
					return 1;
Lines 489-497 Link Here
489
				op->flag |= OPP_NOTQUOTED;
499
				op->flag |= OPP_NOTQUOTED;
490
		}
500
		}
491
		op->flag |= OPP_STRING;
501
		op->flag |= OPP_STRING;
492
		if (op->alloclen <= count + filp->f_pos) {
502
		if (op->alloclen <= count + pos) {
493
			b = kmalloc (sizeof (openprom_property)
503
			b = kmalloc (sizeof (openprom_property)
494
				     + 2 * (count + filp->f_pos), GFP_KERNEL);
504
				     + 2 * (count + pos), GFP_KERNEL);
495
			if (!b)
505
			if (!b)
496
				return -ENOMEM;
506
				return -ENOMEM;
497
			memcpy (b, filp->private_data,
507
			memcpy (b, filp->private_data,
Lines 499-512 Link Here
499
				+ strlen (op->name) + op->alloclen);
509
				+ strlen (op->name) + op->alloclen);
500
			memset (((char *)b) + sizeof (openprom_property)
510
			memset (((char *)b) + sizeof (openprom_property)
501
				+ strlen (op->name) + op->alloclen, 
511
				+ strlen (op->name) + op->alloclen, 
502
				0, 2*(count - filp->f_pos) - op->alloclen);
512
				0, 2*(count - pos) - op->alloclen);
503
			op = (openprom_property *)b;
513
			op = (openprom_property *)b;
504
			op->alloclen = 2*(count + filp->f_pos);
514
			op->alloclen = 2*(count + pos);
505
			b = filp->private_data;
515
			b = filp->private_data;
506
			filp->private_data = (void *)op;
516
			filp->private_data = (void *)op;
507
			kfree (b);
517
			kfree (b);
508
		}
518
		}
509
		p = op->value + filp->f_pos - ((op->flag & OPP_QUOTED) ? 1 : 0);
519
		p = op->value + pos - ((op->flag & OPP_QUOTED) ? 1 : 0);
510
		if (copy_from_user(p, buf, count))
520
		if (copy_from_user(p, buf, count))
511
			return -EFAULT;
521
			return -EFAULT;
512
		op->flag |= OPP_DIRTY;
522
		op->flag |= OPP_DIRTY;
Lines 517-533 Link Here
517
			}
527
			}
518
		if (i < count) {
528
		if (i < count) {
519
			op->len = p - op->value;
529
			op->len = p - op->value;
520
			filp->f_pos += i + 1;
530
			pos += i + 1;
531
			*ppos = pos;
521
			if ((p > op->value) && (op->flag & OPP_QUOTED)
532
			if ((p > op->value) && (op->flag & OPP_QUOTED)
522
			    && (*(p - 1) == '\''))
533
			    && (*(p - 1) == '\''))
523
				op->len--;
534
				op->len--;
524
		} else {
535
		} else {
525
			if (p - op->value > op->len)
536
			if (p - op->value > op->len)
526
				op->len = p - op->value;
537
				op->len = p - op->value;
527
			filp->f_pos += count;
538
			pos += count;
539
			*ppos = pos;
528
		}
540
		}
529
	}
541
	}
530
	return filp->f_pos - k;
542
	return pos - k;
531
}
543
}
532
544
533
int property_release (struct inode *inode, struct file *filp)
545
int property_release (struct inode *inode, struct file *filp)
(-)linux-2.6.7/fs/proc/base.c (-9 / +11 lines)
Lines 519-524 Link Here
519
	ssize_t length;
519
	ssize_t length;
520
	ssize_t end;
520
	ssize_t end;
521
	struct task_struct *task = proc_task(inode);
521
	struct task_struct *task = proc_task(inode);
522
	loff_t pos = *ppos;
522
523
523
	if (count > PROC_BLOCK_SIZE)
524
	if (count > PROC_BLOCK_SIZE)
524
		count = PROC_BLOCK_SIZE;
525
		count = PROC_BLOCK_SIZE;
Lines 532-545 Link Here
532
		return length;
533
		return length;
533
	}
534
	}
534
	/* Static 4kB (or whatever) block capacity */
535
	/* Static 4kB (or whatever) block capacity */
535
	if (*ppos >= length) {
536
	if (pos < 0 || pos >= length) {
536
		free_page(page);
537
		free_page(page);
537
		return 0;
538
		return 0;
538
	}
539
	}
539
	if (count + *ppos > length)
540
	if (count > length - pos)
540
		count = length - *ppos;
541
		count = length - pos;
541
	end = count + *ppos;
542
	end = count + pos;
542
	if (copy_to_user(buf, (char *) page + *ppos, count))
543
	if (copy_to_user(buf, (char *) page + pos, count))
543
		count = -EFAULT;
544
		count = -EFAULT;
544
	else
545
	else
545
		*ppos = end;
546
		*ppos = end;
Lines 1170-1175 Link Here
1170
	ssize_t length;
1171
	ssize_t length;
1171
	ssize_t end;
1172
	ssize_t end;
1172
	struct task_struct *task = proc_task(inode);
1173
	struct task_struct *task = proc_task(inode);
1174
	loff_t pos = *ppos;
1173
1175
1174
	if (count > PAGE_SIZE)
1176
	if (count > PAGE_SIZE)
1175
		count = PAGE_SIZE;
1177
		count = PAGE_SIZE;
Lines 1188-1197 Link Here
1188
		free_page(page);
1190
		free_page(page);
1189
		return 0;
1191
		return 0;
1190
	}
1192
	}
1191
	if (count + *ppos > length)
1193
	if (count > length - pos)
1192
		count = length - *ppos;
1194
		count = length - pos;
1193
	end = count + *ppos;
1195
	end = count + pos;
1194
	if (copy_to_user(buf, (char *) page + *ppos, count))
1196
	if (copy_to_user(buf, (char *) page + pos, count))
1195
		count = -EFAULT;
1197
		count = -EFAULT;
1196
	else
1198
	else
1197
		*ppos = end;
1199
		*ppos = end;
(-)linux-2.6.7/fs/proc/generic.c (-6 / +11 lines)
Lines 53-58 Link Here
53
	ssize_t	n, count;
53
	ssize_t	n, count;
54
	char	*start;
54
	char	*start;
55
	struct proc_dir_entry * dp;
55
	struct proc_dir_entry * dp;
56
	loff_t pos = *ppos;
56
57
57
	dp = PDE(inode);
58
	dp = PDE(inode);
58
	if (!(page = (char*) __get_free_page(GFP_KERNEL)))
59
	if (!(page = (char*) __get_free_page(GFP_KERNEL)))
Lines 60-70 Link Here
60
61
61
	while ((nbytes > 0) && !eof) {
62
	while ((nbytes > 0) && !eof) {
62
		count = min_t(ssize_t, PROC_BLOCK_SIZE, nbytes);
63
		count = min_t(ssize_t, PROC_BLOCK_SIZE, nbytes);
63
64
		if (pos != (unsigned) pos || pos > INT_MAX)
65
			break;
66
 
64
		start = NULL;
67
		start = NULL;
65
		if (dp->get_info) {
68
		if (dp->get_info) {
66
			/* Handle old net routines */
69
			/* Handle old net routines */
67
			n = dp->get_info(page, &start, *ppos, count);
70
			n = dp->get_info(page, &start, pos, count);
68
			if (n < count)
71
			if (n < count)
69
				eof = 1;
72
				eof = 1;
70
		} else if (dp->read_proc) {
73
		} else if (dp->read_proc) {
Lines 115-121 Link Here
115
			 *    requested offset advanced by the number of bytes
118
			 *    requested offset advanced by the number of bytes
116
			 *    absorbed.
119
			 *    absorbed.
117
			 */
120
			 */
118
			n = dp->read_proc(page, &start, *ppos,
121
			n = dp->read_proc(page, &start, pos,
119
					  count, &eof, dp->data);
122
					  count, &eof, dp->data);
120
		} else
123
		} else
121
			break;
124
			break;
Lines 134-145 Link Here
134
				       "proc_file_read: Apparent buffer overflow!\n");
137
				       "proc_file_read: Apparent buffer overflow!\n");
135
				n = PAGE_SIZE;
138
				n = PAGE_SIZE;
136
			}
139
			}
137
			n -= *ppos;
140
			n -= pos;
138
			if (n <= 0)
141
			if (n <= 0)
139
				break;
142
				break;
140
			if (n > count)
143
			if (n > count)
141
				n = count;
144
				n = count;
142
			start = page + *ppos;
145
			start = page + pos;
143
		} else if (start < page) {
146
		} else if (start < page) {
144
			if (n > PAGE_SIZE) {
147
			if (n > PAGE_SIZE) {
145
				printk(KERN_ERR
148
				printk(KERN_ERR
Lines 172-178 Link Here
172
			break;
175
			break;
173
		}
176
		}
174
177
175
		*ppos += start < page ? (unsigned long)start : n;
178
		pos += start < page ? (unsigned long)start : n;
179
		*ppos = pos;
176
		nbytes -= n;
180
		nbytes -= n;
177
		buf += n;
181
		buf += n;
178
		retval += n;
182
		retval += n;
Lines 202-207 Link Here
202
proc_file_lseek(struct file *file, loff_t offset, int orig)
206
proc_file_lseek(struct file *file, loff_t offset, int orig)
203
{
207
{
204
    lock_kernel();
208
    lock_kernel();
209
    /* FIXME - need proper locking for proc/generic */
205
210
206
    switch (orig) {
211
    switch (orig) {
207
    case 0:
212
    case 0:
(-)linux-2.6.7/fs/proc/kcore.c (-9 / +12 lines)
Lines 280-303 Link Here
280
	size_t elf_buflen;
280
	size_t elf_buflen;
281
	int nphdr;
281
	int nphdr;
282
	unsigned long start;
282
	unsigned long start;
283
	loff_t pos = *fpos;
283
284
284
	read_lock(&kclist_lock);
285
	read_lock(&kclist_lock);
285
	tsz =  get_kcore_size(&nphdr, &elf_buflen);
286
	tsz =  get_kcore_size(&nphdr, &elf_buflen);
286
	proc_root_kcore->size = size = tsz + elf_buflen;
287
	proc_root_kcore->size = size = tsz + elf_buflen;
287
	if (buflen == 0 || *fpos >= size) {
288
	if (buflen == 0 || pos < 0 || pos >= size) {
288
		read_unlock(&kclist_lock);
289
		read_unlock(&kclist_lock);
289
		return 0;
290
		return 0;
290
	}
291
	}
291
292
292
	/* trim buflen to not go beyond EOF */
293
	/* trim buflen to not go beyond EOF */
293
	if (buflen > size - *fpos)
294
	if (buflen > size - pos)
294
		buflen = size - *fpos;
295
		buflen = size - pos;
295
296
296
	/* construct an ELF core header if we'll need some of it */
297
	/* construct an ELF core header if we'll need some of it */
297
	if (*fpos < elf_buflen) {
298
	if (pos < elf_buflen) {
298
		char * elf_buf;
299
		char * elf_buf;
299
300
300
		tsz = elf_buflen - *fpos;
301
		tsz = elf_buflen - pos;
301
		if (buflen < tsz)
302
		if (buflen < tsz)
302
			tsz = buflen;
303
			tsz = buflen;
303
		elf_buf = kmalloc(elf_buflen, GFP_ATOMIC);
304
		elf_buf = kmalloc(elf_buflen, GFP_ATOMIC);
Lines 308-320 Link Here
308
		memset(elf_buf, 0, elf_buflen);
309
		memset(elf_buf, 0, elf_buflen);
309
		elf_kcore_store_hdr(elf_buf, nphdr, elf_buflen);
310
		elf_kcore_store_hdr(elf_buf, nphdr, elf_buflen);
310
		read_unlock(&kclist_lock);
311
		read_unlock(&kclist_lock);
311
		if (copy_to_user(buffer, elf_buf + *fpos, tsz)) {
312
		if (copy_to_user(buffer, elf_buf + pos, tsz)) {
312
			kfree(elf_buf);
313
			kfree(elf_buf);
313
			return -EFAULT;
314
			return -EFAULT;
314
		}
315
		}
315
		kfree(elf_buf);
316
		kfree(elf_buf);
316
		buflen -= tsz;
317
		buflen -= tsz;
317
		*fpos += tsz;
318
		pos += tsz;
319
		*fpos = pos;
318
		buffer += tsz;
320
		buffer += tsz;
319
		acc += tsz;
321
		acc += tsz;
320
322
Lines 328-334 Link Here
328
	 * Check to see if our file offset matches with any of
330
	 * Check to see if our file offset matches with any of
329
	 * the addresses in the elf_phdr on our list.
331
	 * the addresses in the elf_phdr on our list.
330
	 */
332
	 */
331
	start = kc_offset_to_vaddr(*fpos - elf_buflen);
333
	start = kc_offset_to_vaddr(pos - elf_buflen);
332
	if ((tsz = (PAGE_SIZE - (start & ~PAGE_MASK))) > buflen)
334
	if ((tsz = (PAGE_SIZE - (start & ~PAGE_MASK))) > buflen)
333
		tsz = buflen;
335
		tsz = buflen;
334
		
336
		
Lines 412-418 Link Here
412
			}
414
			}
413
		}
415
		}
414
		buflen -= tsz;
416
		buflen -= tsz;
415
		*fpos += tsz;
417
		pos += tsz;
418
		*fpos = pos;
416
		buffer += tsz;
419
		buffer += tsz;
417
		acc += tsz;
420
		acc += tsz;
418
		start += tsz;
421
		start += tsz;
(-)linux-2.6.7/fs/proc/proc_misc.c (-3 / +3 lines)
Lines 564-575 Link Here
564
static ssize_t
564
static ssize_t
565
read_profile(struct file *file, char __user *buf, size_t count, loff_t *ppos)
565
read_profile(struct file *file, char __user *buf, size_t count, loff_t *ppos)
566
{
566
{
567
	unsigned long p = *ppos;
567
	loff_t p = *ppos;
568
	ssize_t read;
568
	ssize_t read;
569
	char * pnt;
569
	char * pnt;
570
	unsigned int sample_step = 1 << prof_shift;
570
	unsigned int sample_step = 1 << prof_shift;
571
571
572
	if (p >= (prof_len+1)*sizeof(unsigned int))
572
	if (p < 0 || p >= (prof_len+1)*sizeof(unsigned int))
573
		return 0;
573
		return 0;
574
	if (count > (prof_len+1)*sizeof(unsigned int) - p)
574
	if (count > (prof_len+1)*sizeof(unsigned int) - p)
575
		count = (prof_len+1)*sizeof(unsigned int) - p;
575
		count = (prof_len+1)*sizeof(unsigned int) - p;
Lines 583-589 Link Here
583
	if (copy_to_user(buf,(void *)pnt,count))
583
	if (copy_to_user(buf,(void *)pnt,count))
584
		return -EFAULT;
584
		return -EFAULT;
585
	read += count;
585
	read += count;
586
	*ppos += read;
586
	*ppos = p;
587
	return read;
587
	return read;
588
}
588
}
589
589
(-)linux-2.6.7/fs/udf/file.c (-3 / +13 lines)
Lines 114-128 Link Here
114
{
114
{
115
	ssize_t retval;
115
	ssize_t retval;
116
	struct inode *inode = file->f_dentry->d_inode;
116
	struct inode *inode = file->f_dentry->d_inode;
117
	int err, pos;
117
	int err;
118
	loff_t pos;
118
119
119
	if (UDF_I_ALLOCTYPE(inode) == ICBTAG_FLAG_AD_IN_ICB)
120
	if (UDF_I_ALLOCTYPE(inode) == ICBTAG_FLAG_AD_IN_ICB)
120
	{
121
	{
122
		/* FIXME: locking checks needed */
121
		if (file->f_flags & O_APPEND)
123
		if (file->f_flags & O_APPEND)
122
			pos = inode->i_size;
124
			pos = inode->i_size;
123
		else
125
		else
124
			pos = *ppos;
126
			pos = *ppos;
125
127
128
		/* Check limit here, but actual limit is due to variable
129
		   types in lower order functions. These probaly need to
130
		   be fixed and pushed down the stack */
131
		if (pos < 0 || pos + count < pos || pos > 0x7FFFFFFF)
132
			return -EFBIG;;
133
		if (pos + count > 0x7FFFFFFF)
134
			count = 0x7FFFFFFF - pos;
135
126
		if (inode->i_sb->s_blocksize < (udf_file_entry_alloc_offset(inode) +
136
		if (inode->i_sb->s_blocksize < (udf_file_entry_alloc_offset(inode) +
127
			pos + count))
137
			pos + count))
128
		{
138
		{
Lines 142-151 Link Here
142
		}
152
		}
143
	}
153
	}
144
154
145
	retval = generic_file_write(file, buf, count, ppos);
155
	retval = generic_file_write(file, buf, count, &pos);
146
147
	if (retval > 0)
156
	if (retval > 0)
148
		mark_inode_dirty(inode);
157
		mark_inode_dirty(inode);
158
	*ppos = pos;
149
	return retval;
159
	return retval;
150
}
160
}
151
161
(-)linux-2.6.7/include/linux/fb.h (+1 lines)
Lines 522-527 Link Here
522
#define FBINFO_STATE_SUSPENDED	1
522
#define FBINFO_STATE_SUSPENDED	1
523
	u32 state;			/* Hardware state i.e suspend */
523
	u32 state;			/* Hardware state i.e suspend */
524
524
525
	struct semaphore mutex;		/* Fbmem mutex */
525
	/* From here on everything is device dependent */
526
	/* From here on everything is device dependent */
526
	void *par;	
527
	void *par;	
527
};
528
};
(-)linux-2.6.7/include/linux/mtd/mtd.h (+3 lines)
Lines 222-227 Link Here
222
	/* Power Management functions */
222
	/* Power Management functions */
223
	int (*suspend) (struct mtd_info *mtd);
223
	int (*suspend) (struct mtd_info *mtd);
224
	void (*resume) (struct mtd_info *mtd);
224
	void (*resume) (struct mtd_info *mtd);
225
	
226
	/* Semaphore */
227
	struct semaphore mutex;
225
228
226
	void *priv;
229
	void *priv;
227
230
(-)linux-2.6.7/net/atm/mpoa_proc.c (-6 / +7 lines)
Lines 98-103 Link Here
98
98
99
/*
99
/*
100
 * READING function - called when the /proc/atm/mpoa file is read from.
100
 * READING function - called when the /proc/atm/mpoa file is read from.
101
 * FIXME: needs seek locking
101
 */
102
 */
102
static ssize_t proc_mpc_read(struct file *file, char __user *buff,
103
static ssize_t proc_mpc_read(struct file *file, char __user *buff,
103
			     size_t count, loff_t *pos){
104
			     size_t count, loff_t *pos){
Lines 110-116 Link Here
110
	eg_cache_entry *eg_entry;
111
	eg_cache_entry *eg_entry;
111
	struct timeval now;
112
	struct timeval now;
112
	unsigned char ip_string[16];
113
	unsigned char ip_string[16];
113
	if(count == 0)
114
	loff_t n = *pos;
115
	
116
	if(count == 0 || n < 0)
114
	        return 0;
117
	        return 0;
115
	page = get_zeroed_page(GFP_KERNEL);
118
	page = get_zeroed_page(GFP_KERNEL);
116
	if(!page)
119
	if(!page)
Lines 151-164 Link Here
151
		mpc = mpc->next;
154
		mpc = mpc->next;
152
	}
155
	}
153
156
154
	if (*pos >= length) length = 0;
157
	if (n >= length) count = 0;
155
	else {
158
	else {
156
	  if ((count + *pos) > length) count = length - *pos;
159
	  if (count  > length - n) count = length - n;
157
	  if (copy_to_user(buff, (char *)page , count)) {
160
	  if (copy_to_user(buff, (char *)page , count)) {
158
 		  free_page(page);
161
 		  free_page(page);
159
		  return -EFAULT;
162
		  return -EFAULT;
160
          }
163
          }
161
	  *pos += count;
164
	  *pos = n + count;
162
	}
165
	}
163
166
164
 	free_page(page);
167
 	free_page(page);
Lines 196-203 Link Here
196
                return -EFAULT;
199
                return -EFAULT;
197
        }
200
        }
198
201
199
        *ppos += incoming;
200
201
        page[incoming] = '\0';
202
        page[incoming] = '\0';
202
	retval = parse_qos(page, incoming);
203
	retval = parse_qos(page, incoming);
203
        if (retval == 0)
204
        if (retval == 0)
(-)linux-2.6.7/net/sunrpc/cache.c (-3 / +3 lines)
Lines 1176-1189 Link Here
1176
1176
1177
	sprintf(tbuf, "%lu\n", cd->flush_time);
1177
	sprintf(tbuf, "%lu\n", cd->flush_time);
1178
	len = strlen(tbuf);
1178
	len = strlen(tbuf);
1179
	if (p >= len)
1179
	if (p != (unsigned int)p || p >= len)
1180
		return 0;
1180
		return 0;
1181
	len -= p;
1181
	len -= p;
1182
	if (len > count) len = count;
1182
	if (len > count) len = count;
1183
	if (copy_to_user(buf, (void*)(tbuf+p), len))
1183
	if (copy_to_user(buf, (void*)(tbuf+p), len))
1184
		len = -EFAULT;
1184
		len = -EFAULT;
1185
	else
1185
	else
1186
		*ppos += len;
1186
		*ppos = p + len;
1187
	return len;
1187
	return len;
1188
}
1188
}
1189
1189
Lines 1207-1213 Link Here
1207
	cd->nextcheck = get_seconds();
1207
	cd->nextcheck = get_seconds();
1208
	cache_flush();
1208
	cache_flush();
1209
1209
1210
	*ppos += count;
1210
	*ppos = count;
1211
	return count;
1211
	return count;
1212
}
1212
}
1213
1213
(-)linux-2.6.7/security/selinux/selinuxfs.c (-26 / +33 lines)
Lines 74-79 Link Here
74
	char *page;
74
	char *page;
75
	ssize_t length;
75
	ssize_t length;
76
	ssize_t end;
76
	ssize_t end;
77
	loff_t pos = *ppos;
77
78
78
	if (count < 0 || count > PAGE_SIZE)
79
	if (count < 0 || count > PAGE_SIZE)
79
		return -EINVAL;
80
		return -EINVAL;
Lines 87-99 Link Here
87
		return length;
88
		return length;
88
	}
89
	}
89
90
90
	if (*ppos >= length) {
91
	if (pos != (unsigned int)pos || pos >= length) {
91
		free_page((unsigned long)page);
92
		free_page((unsigned long)page);
92
		return 0;
93
		return 0;
93
	}
94
	}
94
	if (count + *ppos > length)
95
	if (count + pos > length)
95
		count = length - *ppos;
96
		count = length - pos;
96
	end = count + *ppos;
97
	end = count + pos;
97
	if (copy_to_user(buf, (char *) page + *ppos, count)) {
98
	if (copy_to_user(buf, (char *) page + *ppos, count)) {
98
		count = -EFAULT;
99
		count = -EFAULT;
99
		goto out;
100
		goto out;
Lines 141-146 Link Here
141
		selnl_notify_setenforce(selinux_enforcing);
142
		selnl_notify_setenforce(selinux_enforcing);
142
	}
143
	}
143
	length = count;
144
	length = count;
145
	*ppos = length;
144
out:
146
out:
145
	free_page((unsigned long) page);
147
	free_page((unsigned long) page);
146
	return length;
148
	return length;
Lines 189-194 Link Here
189
	}
191
	}
190
192
191
	length = count;
193
	length = count;
194
	*ppos = length;
192
out:
195
out:
193
	free_page((unsigned long) page);
196
	free_page((unsigned long) page);
194
	return length;
197
	return length;
Lines 207-212 Link Here
207
	char *page;
210
	char *page;
208
	ssize_t length;
211
	ssize_t length;
209
	ssize_t end;
212
	ssize_t end;
213
	loff_t pos = *ppos;
210
214
211
	if (count < 0 || count > PAGE_SIZE)
215
	if (count < 0 || count > PAGE_SIZE)
212
		return -EINVAL;
216
		return -EINVAL;
Lines 220-233 Link Here
220
		return length;
224
		return length;
221
	}
225
	}
222
226
223
	if (*ppos >= length) {
227
	if (pos < 0 || pos >= length) {
224
		free_page((unsigned long)page);
228
		free_page((unsigned long)page);
225
		return 0;
229
		return 0;
226
	}
230
	}
227
	if (count + *ppos > length)
231
	if (count + pos > length)
228
		count = length - *ppos;
232
		count = length - pos;
229
	end = count + *ppos;
233
	end = count + pos;
230
	if (copy_to_user(buf, (char *) page + *ppos, count)) {
234
	if (copy_to_user(buf, (char *) page + pos, count)) {
231
		count = -EFAULT;
235
		count = -EFAULT;
232
		goto out;
236
		goto out;
233
	}
237
	}
Lines 250-255 Link Here
250
	char *page;
254
	char *page;
251
	ssize_t length;
255
	ssize_t length;
252
	ssize_t end;
256
	ssize_t end;
257
	loff_t pos = *ppos;
253
258
254
	if (count < 0 || count > PAGE_SIZE)
259
	if (count < 0 || count > PAGE_SIZE)
255
		return -EINVAL;
260
		return -EINVAL;
Lines 263-276 Link Here
263
		return length;
268
		return length;
264
	}
269
	}
265
270
266
	if (*ppos >= length) {
271
	if (pos < 0 || pos >= length) {
267
		free_page((unsigned long)page);
272
		free_page((unsigned long)page);
268
		return 0;
273
		return 0;
269
	}
274
	}
270
	if (count + *ppos > length)
275
	if (count + pos > length)
271
		count = length - *ppos;
276
		count = length - pos;
272
	end = count + *ppos;
277
	end = count + pos;
273
	if (copy_to_user(buf, (char *) page + *ppos, count)) {
278
	if (copy_to_user(buf, (char *) page + pos, count)) {
274
		count = -EFAULT;
279
		count = -EFAULT;
275
		goto out;
280
		goto out;
276
	}
281
	}
Lines 445-454 Link Here
445
	return rv;
450
	return rv;
446
}
451
}
447
452
448
static ssize_t TA_read(struct file *file, char __user *buf, size_t size, loff_t *pos)
453
static ssize_t TA_read(struct file *file, char __user *buf, size_t size, loff_t *ppos)
449
{
454
{
450
	struct argresp *ar;
455
	struct argresp *ar;
451
	ssize_t rv = 0;
456
	ssize_t rv = 0;
457
	loff_t pos = *ppos;
452
458
453
	if (file->private_data == NULL)
459
	if (file->private_data == NULL)
454
		rv = TA_write(file, buf, 0, pos);
460
		rv = TA_write(file, buf, 0, pos);
Lines 458-470 Link Here
458
	ar = file->private_data;
464
	ar = file->private_data;
459
	if (!ar)
465
	if (!ar)
460
		return 0;
466
		return 0;
461
	if (*pos >= ar->size)
467
	if (pos < 0 || pos >= ar->size)
462
		return 0;
468
		return 0;
463
	if (*pos + size > ar->size)
469
	if (pos + size > ar->size)
464
		size = ar->size - *pos;
470
		size = ar->size - pos;
465
	if (copy_to_user(buf, ar->data + *pos, size))
471
	if (copy_to_user(buf, ar->data + pos, size))
466
		return -EFAULT;
472
		return -EFAULT;
467
	*pos += size;
473
	*ppos = pos + size;
468
	return size;
474
	return size;
469
}
475
}
470
476
Lines 753-759 Link Here
753
	ssize_t ret;
759
	ssize_t ret;
754
	int cur_enforcing;
760
	int cur_enforcing;
755
	struct inode *inode;
761
	struct inode *inode;
756
762
	loff_t pos = *ppos;
763
	
757
	down(&sel_sem);
764
	down(&sel_sem);
758
765
759
	ret = -EFAULT;
766
	ret = -EFAULT;
Lines 786-799 Link Here
786
		goto out;
793
		goto out;
787
	}
794
	}
788
795
789
	if (*ppos >= length) {
796
	if (pos < 0 || pos >= length) {
790
		ret = 0;
797
		ret = 0;
791
		goto out;
798
		goto out;
792
	}
799
	}
793
	if (count + *ppos > length)
800
	if (count + pos > length)
794
		count = length - *ppos;
801
		count = length - pos;
795
	end = count + *ppos;
802
	end = count + pos;
796
	if (copy_to_user(buf, (char *) page + *ppos, count)) {
803
	if (copy_to_user(buf, (char *) page + pos, count)) {
797
		ret = -EFAULT;
804
		ret = -EFAULT;
798
		goto out;
805
		goto out;
799
	}
806
	}
(-)linux-2.6.7/security/selinux/selinuxfs.c~ (-1 / +1 lines)
Lines 457-463 Link Here
457
	loff_t pos = *ppos;
457
	loff_t pos = *ppos;
458
458
459
	if (file->private_data == NULL)
459
	if (file->private_data == NULL)
460
		rv = TA_write(file, buf, 0, pos);
460
		rv = TA_write(file, buf, 0, ppos);
461
	if (rv < 0)
461
	if (rv < 0)
462
		return rv;
462
		return rv;
463
463

Return to bug 72006