iommu/omap: fix NULL pointer dereference

[linux-2.6-microblaze.git] / drivers / iommu / omap-iommu-debug.c

diff --git a/drivers/iommu/omap-iommu-debug.c b/drivers/iommu/omap-iommu-debug.c
index 288da5c..103dbd9 100644 (file)
--- a/drivers/iommu/omap-iommu-debug.c
+++ b/drivers/iommu/omap-iommu-debug.c
@@ -44,7 +44,8 @@ static ssize_t debug_read_ver(struct file *file, char __user *userbuf,
 static ssize_t debug_read_regs(struct file *file, char __user *userbuf,
                               size_t count, loff_t *ppos)
 {
-       struct omap_iommu *obj = file->private_data;
+       struct device *dev = file->private_data;
+       struct omap_iommu *obj = dev_to_omap_iommu(dev);
        char *p, *buf;
        ssize_t bytes;
 
@@ -67,7 +68,8 @@ static ssize_t debug_read_regs(struct file *file, char __user *userbuf,
 static ssize_t debug_read_tlb(struct file *file, char __user *userbuf,
                              size_t count, loff_t *ppos)
 {
-       struct omap_iommu *obj = file->private_data;
+       struct device *dev = file->private_data;
+       struct omap_iommu *obj = dev_to_omap_iommu(dev);
        char *p, *buf;
        ssize_t bytes, rest;
 
@@ -97,7 +99,8 @@ static ssize_t debug_write_pagetable(struct file *file,
        struct iotlb_entry e;
        struct cr_regs cr;
        int err;
-       struct omap_iommu *obj = file->private_data;
+       struct device *dev = file->private_data;
+       struct omap_iommu *obj = dev_to_omap_iommu(dev);
        char buf[MAXCOLUMN], *p = buf;
 
        count = min(count, sizeof(buf));
@@ -184,7 +187,8 @@ out:
 static ssize_t debug_read_pagetable(struct file *file, char __user *userbuf,
                                    size_t count, loff_t *ppos)
 {
-       struct omap_iommu *obj = file->private_data;
+       struct device *dev = file->private_data;
+       struct omap_iommu *obj = dev_to_omap_iommu(dev);
        char *p, *buf;
        size_t bytes;
 
@@ -212,7 +216,8 @@ static ssize_t debug_read_pagetable(struct file *file, char __user *userbuf,
 static ssize_t debug_read_mmap(struct file *file, char __user *userbuf,
                               size_t count, loff_t *ppos)
 {
-       struct omap_iommu *obj = file->private_data;
+       struct device *dev = file->private_data;
+       struct omap_iommu *obj = dev_to_omap_iommu(dev);
        char *p, *buf;
        struct iovm_struct *tmp;
        int uninitialized_var(i);
@@ -254,7 +259,7 @@ static ssize_t debug_read_mmap(struct file *file, char __user *userbuf,
 static ssize_t debug_read_mem(struct file *file, char __user *userbuf,
                              size_t count, loff_t *ppos)
 {
-       struct omap_iommu *obj = file->private_data;
+       struct device *dev = file->private_data;
        char *p, *buf;
        struct iovm_struct *area;
        ssize_t bytes;
@@ -268,8 +273,8 @@ static ssize_t debug_read_mem(struct file *file, char __user *userbuf,
 
        mutex_lock(&iommu_debug_lock);
 
-       area = omap_find_iovm_area(obj, (u32)ppos);
-       if (IS_ERR(area)) {
+       area = omap_find_iovm_area(dev, (u32)ppos);
+       if (!area) {
                bytes = -EINVAL;
                goto err_out;
        }
@@ -287,7 +292,7 @@ err_out:
 static ssize_t debug_write_mem(struct file *file, const char __user *userbuf,
                               size_t count, loff_t *ppos)
 {
-       struct omap_iommu *obj = file->private_data;
+       struct device *dev = file->private_data;
        struct iovm_struct *area;
        char *p, *buf;
 
@@ -305,8 +310,8 @@ static ssize_t debug_write_mem(struct file *file, const char __user *userbuf,
                goto err_out;
        }
 
-       area = omap_find_iovm_area(obj, (u32)ppos);
-       if (IS_ERR(area)) {
+       area = omap_find_iovm_area(dev, (u32)ppos);
+       if (!area) {
                count = -EINVAL;
                goto err_out;
        }
@@ -350,7 +355,7 @@ DEBUG_FOPS(mem);
        {                                                               \
                struct dentry *dent;                                    \
                dent = debugfs_create_file(#attr, mode, parent,         \
-                                          obj, &debug_##attr##_fops);  \
+                                          dev, &debug_##attr##_fops);  \
                if (!dent)                                              \
                        return -ENOMEM;                                 \
        }
@@ -362,20 +367,29 @@ static int iommu_debug_register(struct device *dev, void *data)
 {
        struct platform_device *pdev = to_platform_device(dev);
        struct omap_iommu *obj = platform_get_drvdata(pdev);
+       struct omap_iommu_arch_data *arch_data;
        struct dentry *d, *parent;
 
        if (!obj || !obj->dev)
                return -EINVAL;
 
+       arch_data = kzalloc(sizeof(*arch_data), GFP_KERNEL);
+       if (!arch_data)
+               return -ENOMEM;
+
+       arch_data->iommu_dev = obj;
+
+       dev->archdata.iommu = arch_data;
+
        d = debugfs_create_dir(obj->name, iommu_debug_root);
        if (!d)
-               return -ENOMEM;
+               goto nomem;
        parent = d;
 
        d = debugfs_create_u8("nr_tlb_entries", 400, parent,
                              (u8 *)&obj->nr_tlb_entries);
        if (!d)
-               return -ENOMEM;
+               goto nomem;
 
        DEBUG_ADD_FILE_RO(ver);
        DEBUG_ADD_FILE_RO(regs);
@@ -384,6 +398,22 @@ static int iommu_debug_register(struct device *dev, void *data)
        DEBUG_ADD_FILE_RO(mmap);
        DEBUG_ADD_FILE(mem);
 
+       return 0;
+
+nomem:
+       kfree(arch_data);
+       return -ENOMEM;
+}
+
+static int iommu_debug_unregister(struct device *dev, void *data)
+{
+       if (!dev->archdata.iommu)
+               return 0;
+
+       kfree(dev->archdata.iommu);
+
+       dev->archdata.iommu = NULL;
+
        return 0;
 }
 
@@ -411,6 +441,7 @@ module_init(iommu_debug_init)
 static void __exit iommu_debugfs_exit(void)
 {
        debugfs_remove_recursive(iommu_debug_root);
+       omap_foreach_iommu_device(NULL, iommu_debug_unregister);
 }
 module_exit(iommu_debugfs_exit)