linux/drivers/staging/comedi
Ian Abbott af93da3163 staging: comedi: protect buffer from being freed while mmapped
If a comedi device is automatically detached by `comedi_auto_unconfig()`
any data buffers associated with subdevices that support asynchronous
commands will be freed.  If the buffer is mmapped at the time, bad
things are likely to happen!  Prevent this by moving some of the buffer
details from `struct comedi_async` into a new, dynamically allocated,
and kref-counted `struct comedi_buf_map`.  This holds a list of pages, a
reference count, and enough information to free the pages.  The new
member `buf_map` of `struct comedi_async` points to a `struct
comedi_buf_map` when the buffer size is non-zero.

Provide a new helper function `comedi_buf_is_mapped()` to check whether
an a buffer is mmapped.  If it is mmapped, the buffer is not allowed to
be resized and the device is not allowed to be manually detached by the
`COMEDI_DEVCONFIG` ioctl.  Provide helper functions
`comedi_buf_map_get()` and `comedi_buf_map_put()` to manipulate the
reference count of the `struct comedi_buf_map`, which will be freed
along with its contents via the 'release' callback of the `kref_put()`
call.  The reference count is manipulated by the vma operations and the
mmap file operation.

Now, when the comedi device is automatically detached, the buffer will
be effectively freed by calling `comedi_buf_alloc()` with a new buffer
size of 0.  That calls local function `__comedi_buf_free()` which calls
`comedi_buf_map_put()` on the `buf_map` member to free it.  It won't
actually be freed until the final 'put'.

Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-11-11 16:16:45 -08:00
..
drivers staging: comedi: protect buffer from being freed while mmapped 2013-11-11 16:16:45 -08:00
kcomedilib staging: comedi: kcomedilib: protect against device detachment 2013-11-11 16:16:45 -08:00
comedi_buf.c staging: comedi: protect buffer from being freed while mmapped 2013-11-11 16:16:45 -08:00
comedi_compat32.c staging: comedi: remove FSF address from boilerplate text 2013-05-13 17:34:22 -04:00
comedi_compat32.h staging: comedi: remove FSF address from boilerplate text 2013-05-13 17:34:22 -04:00
comedi_fops.c staging: comedi: protect buffer from being freed while mmapped 2013-11-11 16:16:45 -08:00
comedi_internal.h staging: comedi: protect buffer from being freed while mmapped 2013-11-11 16:16:45 -08:00
comedi_pci.c staging: comedi: remove FSF address from boilerplate text 2013-05-13 17:34:22 -04:00
comedi_pcmcia.c staging: comedi: remove FSF address from boilerplate text 2013-05-13 17:34:22 -04:00
comedi_usb.c staging: comedi: introduce comedi_to_usb_dev() 2013-05-21 10:59:10 -07:00
comedi.h staging: comedi: remove FSF address from boilerplate text 2013-05-13 17:34:22 -04:00
comedidev.h staging: comedi: protect buffer from being freed while mmapped 2013-11-11 16:16:45 -08:00
comedilib.h staging: comedi: comedi_bond: handle base channel for insn_bits 2013-08-26 06:41:56 -07:00
drivers.c staging: comedi: use refcount in comedi_driver_unregister() 2013-11-11 16:16:44 -08:00
Kconfig staging: comedi: ni_6527: remove COMEDI_MITE dependancy 2013-10-03 14:10:03 -07:00
Makefile staging: comedi: conditionally build in PCMCIA driver support 2013-01-31 10:38:10 +01:00
proc.c staging: comedi: use refcount while reading /proc/comedi 2013-11-11 16:16:44 -08:00
range.c staging: comedi: range: tidy up comedi_check_chanlist() 2013-07-25 13:20:17 -07:00
TODO MAINTAINERS: Update the list of maintainers for staging/comedi driver. 2013-07-24 09:51:18 -07:00