system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-10-07 20:05:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

mmc: core: check for zero length ioctl data

Browse source 
If the read or write buffer size associated with the command sent
through the mmc_blk_ioctl is zero, do not prepare data buffer.

This enables a ioctl(2) call to for instance send a MMC_SWITCH to set
a byte in the ext_csd.

Signed-off-by: Johan Rudholm <johan.rudholm@stericsson.com>
Signed-off-by: Chris Ball <cjb@laptop.org>
This commit is contained in:
Johan Rudholm 2011-11-23 09:05:58 +01:00 committed by Chris Ball
parent 4ee5ebaf74
commit 4d6144de8b
1 changed files with 45 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

64
drivers/mmc/card/block.c
View file

@ -266,6 +266,9 @@ static struct mmc_blk_ioc_data *mmc_blk_ioctl_copy_from_user(
goto idata_err; goto idata_err;
} }
if (!idata->buf_bytes)
return idata;
idata->buf = kzalloc(idata->buf_bytes, GFP_KERNEL); idata->buf = kzalloc(idata->buf_bytes, GFP_KERNEL);
if (!idata->buf) { if (!idata->buf) {
err = -ENOMEM; err = -ENOMEM;
@ -312,25 +315,6 @@ static int mmc_blk_ioctl_cmd(struct block_device *bdev,
if (IS_ERR(idata)) if (IS_ERR(idata))
return PTR_ERR(idata); return PTR_ERR(idata);
cmd.opcode = idata->ic.opcode;
cmd.arg = idata->ic.arg;
cmd.flags = idata->ic.flags;
data.sg = &sg;
data.sg_len = 1;
data.blksz = idata->ic.blksz;
data.blocks = idata->ic.blocks;
sg_init_one(data.sg, idata->buf, idata->buf_bytes);
if (idata->ic.write_flag)
data.flags = MMC_DATA_WRITE;
else
data.flags = MMC_DATA_READ;
mrq.cmd = &cmd;
mrq.data = &data;
md = mmc_blk_get(bdev->bd_disk); md = mmc_blk_get(bdev->bd_disk);
if (!md) { if (!md) {
err = -EINVAL; err = -EINVAL;
@ -343,25 +327,36 @@ static int mmc_blk_ioctl_cmd(struct block_device *bdev,
goto cmd_done; goto cmd_done;
} }
mmc_claim_host(card->host); cmd.opcode = idata->ic.opcode;
cmd.arg = idata->ic.arg;
cmd.flags = idata->ic.flags;
if (idata->ic.is_acmd) { if (idata->buf_bytes) {
err = mmc_app_cmd(card->host, card); data.sg = &sg;
if (err) data.sg_len = 1;
goto cmd_rel_host; data.blksz = idata->ic.blksz;
} data.blocks = idata->ic.blocks;
sg_init_one(data.sg, idata->buf, idata->buf_bytes);
if (idata->ic.write_flag)
data.flags = MMC_DATA_WRITE;
else
data.flags = MMC_DATA_READ;
/* data.flags must already be set before doing this. */ /* data.flags must already be set before doing this. */
mmc_set_data_timeout(&data, card); mmc_set_data_timeout(&data, card);
/* Allow overriding the timeout_ns for empirical tuning. */ /* Allow overriding the timeout_ns for empirical tuning. */
if (idata->ic.data_timeout_ns) if (idata->ic.data_timeout_ns)
data.timeout_ns = idata->ic.data_timeout_ns; data.timeout_ns = idata->ic.data_timeout_ns;
if ((cmd.flags & MMC_RSP_R1B) == MMC_RSP_R1B) { if ((cmd.flags & MMC_RSP_R1B) == MMC_RSP_R1B) {
/* /*
* Pretend this is a data transfer and rely on the host driver * Pretend this is a data transfer and rely on the
* to compute timeout. When all host drivers support * host driver to compute timeout. When all host
* cmd.cmd_timeout for R1B, this can be changed to: * drivers support cmd.cmd_timeout for R1B, this
* can be changed to:
* *
* mrq.data = NULL; * mrq.data = NULL;
* cmd.cmd_timeout = idata->ic.cmd_timeout_ms; * cmd.cmd_timeout = idata->ic.cmd_timeout_ms;
@ -369,6 +364,19 @@ static int mmc_blk_ioctl_cmd(struct block_device *bdev,
data.timeout_ns = idata->ic.cmd_timeout_ms * 1000000; data.timeout_ns = idata->ic.cmd_timeout_ms * 1000000;
} }
mrq.data = &data;
}
mrq.cmd = &cmd;
mmc_claim_host(card->host);
if (idata->ic.is_acmd) {
err = mmc_app_cmd(card->host, card);
if (err)
goto cmd_rel_host;
}
mmc_wait_for_req(card->host, &mrq); mmc_wait_for_req(card->host, &mrq);
if (cmd.error) { if (cmd.error) {