Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4d6144de authored by Johan Rudholm's avatar Johan Rudholm Committed by Chris Ball
Browse files

mmc: core: check for zero length ioctl data 



If the read or write buffer size associated with the command sent
through the mmc_blk_ioctl is zero, do not prepare data buffer.

This enables a ioctl(2) call to for instance send a MMC_SWITCH to set
a byte in the ext_csd.

Signed-off-by: default avatarJohan Rudholm <johan.rudholm@stericsson.com>
Signed-off-by: default avatarChris Ball <cjb@laptop.org>
parent 4ee5ebaf

drivers/mmc/card/block.c

+45 −37
Original line number Diff line number Diff line
@@ -266,6 +266,9 @@ static struct mmc_blk_ioc_data *mmc_blk_ioctl_copy_from_user( 
		goto idata_err;

	}



	if (!idata->buf_bytes)

		return idata;



	idata->buf = kzalloc(idata->buf_bytes, GFP_KERNEL);

	if (!idata->buf) {

		err = -ENOMEM;
@@ -312,10 +315,23 @@ static int mmc_blk_ioctl_cmd(struct block_device *bdev, 
	if (IS_ERR(idata))

		return PTR_ERR(idata);



	md = mmc_blk_get(bdev->bd_disk);

	if (!md) {

		err = -EINVAL;

		goto cmd_done;

	}



	card = md->queue.card;

	if (IS_ERR(card)) {

		err = PTR_ERR(card);

		goto cmd_done;

	}



	cmd.opcode = idata->ic.opcode;

	cmd.arg = idata->ic.arg;

	cmd.flags = idata->ic.flags;



	if (idata->buf_bytes) {

		data.sg = &sg;

		data.sg_len = 1;

		data.blksz = idata->ic.blksz;
@@ -328,40 +344,19 @@ static int mmc_blk_ioctl_cmd(struct block_device *bdev, 
		else

			data.flags = MMC_DATA_READ;



	mrq.cmd = &cmd;

	mrq.data = &data;



	md = mmc_blk_get(bdev->bd_disk);

	if (!md) {

		err = -EINVAL;

		goto cmd_done;

	}



	card = md->queue.card;

	if (IS_ERR(card)) {

		err = PTR_ERR(card);

		goto cmd_done;

	}



	mmc_claim_host(card->host);



	if (idata->ic.is_acmd) {

		err = mmc_app_cmd(card->host, card);

		if (err)

			goto cmd_rel_host;

	}



		/* data.flags must already be set before doing this. */

		mmc_set_data_timeout(&data, card);



		/* Allow overriding the timeout_ns for empirical tuning. */

		if (idata->ic.data_timeout_ns)

			data.timeout_ns = idata->ic.data_timeout_ns;



		if ((cmd.flags & MMC_RSP_R1B) == MMC_RSP_R1B) {

			/*

		 * Pretend this is a data transfer and rely on the host driver

		 * to compute timeout.  When all host drivers support

		 * cmd.cmd_timeout for R1B, this can be changed to:

			 * Pretend this is a data transfer and rely on the

			 * host driver to compute timeout.  When all host

			 * drivers support cmd.cmd_timeout for R1B, this

			 * can be changed to:

			 *

			 *     mrq.data = NULL;

			 *     cmd.cmd_timeout = idata->ic.cmd_timeout_ms;
@@ -369,6 +364,19 @@ static int mmc_blk_ioctl_cmd(struct block_device *bdev, 
			data.timeout_ns = idata->ic.cmd_timeout_ms * 1000000;

		}



		mrq.data = &data;

	}



	mrq.cmd = &cmd;



	mmc_claim_host(card->host);



	if (idata->ic.is_acmd) {

		err = mmc_app_cmd(card->host, card);

		if (err)

			goto cmd_rel_host;

	}



	mmc_wait_for_req(card->host, &mrq);



	if (cmd.error) {