From e23ef227d10878ff3f323a1dfed10205a1825b71 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Sun, 29 May 2011 22:53:12 +0300 Subject: [PATCH 1/2] ptp: Return -EFAULT on copy_to_user() errors copy_to_user() returns the number of bytes remaining, but we want a negative error code in ptp_ioctl. Signed-off-by: Dan Carpenter Acked-by: Richard Cochran Signed-off-by: John Stultz --- drivers/ptp/ptp_chardev.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/ptp/ptp_chardev.c b/drivers/ptp/ptp_chardev.c index a8d03aeb4051..93fa22de5977 100644 --- a/drivers/ptp/ptp_chardev.c +++ b/drivers/ptp/ptp_chardev.c @@ -46,7 +46,8 @@ long ptp_ioctl(struct posix_clock *pc, unsigned int cmd, unsigned long arg) caps.n_ext_ts = ptp->info->n_ext_ts; caps.n_per_out = ptp->info->n_per_out; caps.pps = ptp->info->pps; - err = copy_to_user((void __user *)arg, &caps, sizeof(caps)); + if (copy_to_user((void __user *)arg, &caps, sizeof(caps))) + err = -EFAULT; break; case PTP_EXTTS_REQUEST: From fb5a18cf7c771a12c3f42a5eb4b476eed68b77cb Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Sun, 29 May 2011 22:54:07 +0300 Subject: [PATCH 2/2] ptp: Fix some locking bugs in ptp_read() In ptp_read there is an unlock missing on an error path, and a double unlock on another error path. Signed-off-by: Dan Carpenter Acked-by: Richard Cochran Signed-off-by: John Stultz --- drivers/ptp/ptp_chardev.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/ptp/ptp_chardev.c b/drivers/ptp/ptp_chardev.c index 93fa22de5977..e7f301da2902 100644 --- a/drivers/ptp/ptp_chardev.c +++ b/drivers/ptp/ptp_chardev.c @@ -130,8 +130,10 @@ ssize_t ptp_read(struct posix_clock *pc, return -ERESTARTSYS; } - if (ptp->defunct) + if (ptp->defunct) { + mutex_unlock(&ptp->tsevq_mux); return -ENODEV; + } spin_lock_irqsave(&queue->lock, flags); @@ -151,10 +153,8 @@ ssize_t ptp_read(struct posix_clock *pc, mutex_unlock(&ptp->tsevq_mux); - if (copy_to_user(buf, event, cnt)) { - mutex_unlock(&ptp->tsevq_mux); + if (copy_to_user(buf, event, cnt)) return -EFAULT; - } return cnt; }