floppy: don't write kernel-only members to FDRAWCMD ioctl output

[pandora-kernel.git] / drivers / block / floppy.c

diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c
index 9955a53..6d0f3e1 100644 (file)
--- a/drivers/block/floppy.c
+++ b/drivers/block/floppy.c
@@ -1032,37 +1032,6 @@ static int fd_wait_for_completion(unsigned long delay, timeout_fn function)
        return 0;
 }
 
-static DEFINE_SPINLOCK(floppy_hlt_lock);
-static int hlt_disabled;
-static void floppy_disable_hlt(void)
-{
-       unsigned long flags;
-
-       WARN_ONCE(1, "floppy_disable_hlt() scheduled for removal in 2012");
-       spin_lock_irqsave(&floppy_hlt_lock, flags);
-       if (!hlt_disabled) {
-               hlt_disabled = 1;
-#ifdef HAVE_DISABLE_HLT
-               disable_hlt();
-#endif
-       }
-       spin_unlock_irqrestore(&floppy_hlt_lock, flags);
-}
-
-static void floppy_enable_hlt(void)
-{
-       unsigned long flags;
-
-       spin_lock_irqsave(&floppy_hlt_lock, flags);
-       if (hlt_disabled) {
-               hlt_disabled = 0;
-#ifdef HAVE_DISABLE_HLT
-               enable_hlt();
-#endif
-       }
-       spin_unlock_irqrestore(&floppy_hlt_lock, flags);
-}
-
 static void setup_DMA(void)
 {
        unsigned long f;
@@ -1107,7 +1076,6 @@ static void setup_DMA(void)
        fd_enable_dma();
        release_dma_lock(f);
 #endif
-       floppy_disable_hlt();
 }
 
 static void show_floppy(void);
@@ -1709,7 +1677,6 @@ irqreturn_t floppy_interrupt(int irq, void *dev_id)
        fd_disable_dma();
        release_dma_lock(f);
 
-       floppy_enable_hlt();
        do_floppy = NULL;
        if (fdc >= N_FDC || FDCS->address == -1) {
                /* we don't even know which FDC is the culprit */
@@ -1858,8 +1825,6 @@ static void floppy_shutdown(unsigned long data)
                show_floppy();
        cancel_activity();
 
-       floppy_enable_hlt();
-
        flags = claim_dma_lock();
        fd_disable_dma();
        release_dma_lock(flags);
@@ -3095,7 +3060,10 @@ static int raw_cmd_copyout(int cmd, void __user *param,
        int ret;
 
        while (ptr) {
-               ret = copy_to_user(param, ptr, sizeof(*ptr));
+               struct floppy_raw_cmd cmd = *ptr;
+               cmd.next = NULL;
+               cmd.kernel_data = NULL;
+               ret = copy_to_user(param, &cmd, sizeof(cmd));
                if (ret)
                        return -EFAULT;
                param += sizeof(struct floppy_raw_cmd);
@@ -3149,10 +3117,11 @@ loop:
                return -ENOMEM;
        *rcmd = ptr;
        ret = copy_from_user(ptr, param, sizeof(*ptr));
-       if (ret)
-               return -EFAULT;
        ptr->next = NULL;
        ptr->buffer_length = 0;
+       ptr->kernel_data = NULL;
+       if (ret)
+               return -EFAULT;
        param += sizeof(struct floppy_raw_cmd);
        if (ptr->cmd_count > 33)
                        /* the command may now also take up the space
@@ -3168,7 +3137,6 @@ loop:
        for (i = 0; i < 16; i++)
                ptr->reply[i] = 0;
        ptr->resultcode = 0;
-       ptr->kernel_data = NULL;
 
        if (ptr->flags & (FD_RAW_READ | FD_RAW_WRITE)) {
                if (ptr->length <= 0)
@@ -4198,6 +4166,7 @@ static int __init floppy_init(void)
 
                disks[dr]->queue = blk_init_queue(do_fd_request, &floppy_lock);
                if (!disks[dr]->queue) {
+                       put_disk(disks[dr]);
                        err = -ENOMEM;
                        goto out_put_disk;
                }
@@ -4339,7 +4308,7 @@ static int __init floppy_init(void)
 
                err = platform_device_register(&floppy_device[drive]);
                if (err)
-                       goto out_flush_work;
+                       goto out_remove_drives;
 
                err = device_create_file(&floppy_device[drive].dev,
                                         &dev_attr_cmos);
@@ -4357,6 +4326,15 @@ static int __init floppy_init(void)
 
 out_unreg_platform_dev:
        platform_device_unregister(&floppy_device[drive]);
+out_remove_drives:
+       while (drive--) {
+               if ((allowed_drive_mask & (1 << drive)) &&
+                   fdc_state[FDC(drive)].version != FDC_NONE) {
+                       del_gendisk(disks[drive]);
+                       device_remove_file(&floppy_device[drive].dev, &dev_attr_cmos);
+                       platform_device_unregister(&floppy_device[drive]);
+               }
+       }
 out_flush_work:
        flush_work_sync(&floppy_work);
        if (atomic_read(&usage_count))
@@ -4369,8 +4347,14 @@ out_unreg_blkdev:
 out_put_disk:
        while (dr--) {
                del_timer_sync(&motor_off_timer[dr]);
-               if (disks[dr]->queue)
+               if (disks[dr]->queue) {
                        blk_cleanup_queue(disks[dr]->queue);
+                       /*
+                        * put_disk() is not paired with add_disk() and
+                        * will put queue reference one extra time. fix it.
+                        */
+                       disks[dr]->queue = NULL;
+               }
                put_disk(disks[dr]);
        }
        return err;
@@ -4504,7 +4488,6 @@ static void floppy_release_irq_and_dma(void)
 #if N_FDC > 1
        set_dor(1, ~8, 0);
 #endif
-       floppy_enable_hlt();
 
        if (floppy_track_buffer && max_buffer_sectors) {
                tmpsize = max_buffer_sectors * 1024;