If userspace ignores the POLLERR bit from poll(), and only attempts to
read() the device when POLLIN is set, it can still make ioctl() calls on
a device that has been removed from the system. The node_id and
generation returned by GET_INFO will be outdated, but INITIATE_BUS_RESET
would still cause a bus reset, and GET_CYCLE_TIMER will return data.
And if you guess the correct generation to use, you can send requests to
a different device on the bus, and get responses back.
This patch prevents open, ioctl, compat_ioctl, and mmap against shutdown
devices.
Signed-off-by: Jay Fenlason <fenlason@redhat.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
if (device == NULL)
return -ENODEV;
+ if (fw_device_is_shutdown(device)) {
+ fw_device_put(device);
+ return -ENODEV;
+ }
+
client = kzalloc(sizeof(*client), GFP_KERNEL);
if (client == NULL) {
fw_device_put(device);
{
struct client *client = file->private_data;
+ if (fw_device_is_shutdown(client->device))
+ return -ENODEV;
+
return dispatch_ioctl(client, cmd, (void __user *) arg);
}
{
struct client *client = file->private_data;
+ if (fw_device_is_shutdown(client->device))
+ return -ENODEV;
+
return dispatch_ioctl(client, cmd, compat_ptr(arg));
}
#endif
unsigned long size;
int page_count, retval;
+ if (fw_device_is_shutdown(client->device))
+ return -ENODEV;
+
/* FIXME: We could support multiple buffers, but we don't. */
if (client->buffer.pages != NULL)
return -EBUSY;
projects / linux-2.6 / commitdiff