projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
staging: alarm-dev: information leak in alarm_ioctl()
[deliverable/linux.git] / drivers / staging / android / alarm-dev.c
1 /* drivers/rtc/alarm-dev.c
2 *
3 * Copyright (C) 2007-2009 Google, Inc.
4 *
5 * This software is licensed under the terms of the GNU General Public
6 * License version 2, as published by the Free Software Foundation, and
7 * may be copied, distributed, and modified under those terms.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 */
15
16 #include <linux/time.h>
17 #include <linux/module.h>
18 #include <linux/device.h>
19 #include <linux/miscdevice.h>
20 #include <linux/fs.h>
21 #include <linux/platform_device.h>
22 #include <linux/sched.h>
23 #include <linux/spinlock.h>
24 #include <linux/uaccess.h>
25 #include <linux/alarmtimer.h>
26 #include "android_alarm.h"
27
28 #define ANDROID_ALARM_PRINT_INFO (1U << 0)
29 #define ANDROID_ALARM_PRINT_IO (1U << 1)
30 #define ANDROID_ALARM_PRINT_INT (1U << 2)
31
32 static int debug_mask = ANDROID_ALARM_PRINT_INFO;
33 module_param_named(debug_mask, debug_mask, int, S_IRUGO | S_IWUSR | S_IWGRP);
34
35 #define alarm_dbg(debug_level_mask, fmt, ...) \
36 do { \
37 if (debug_mask & ANDROID_ALARM_PRINT_##debug_level_mask) \
38 pr_info(fmt, ##__VA_ARGS__); \
39 } while (0)
40
41 #define ANDROID_ALARM_WAKEUP_MASK ( \
42 ANDROID_ALARM_RTC_WAKEUP_MASK | \
43 ANDROID_ALARM_ELAPSED_REALTIME_WAKEUP_MASK)
44
45 static int alarm_opened;
46 static DEFINE_SPINLOCK(alarm_slock);
47 static struct wakeup_source alarm_wake_lock;
48 static DECLARE_WAIT_QUEUE_HEAD(alarm_wait_queue);
49 static uint32_t alarm_pending;
50 static uint32_t alarm_enabled;
51 static uint32_t wait_pending;
52
53 struct devalarm {
54 union {
55 struct hrtimer hrt;
56 struct alarm alrm;
57 } u;
58 enum android_alarm_type type;
59 };
60
61 static struct devalarm alarms[ANDROID_ALARM_TYPE_COUNT];
62
63
64 static int is_wakeup(enum android_alarm_type type)
65 {
66 return (type == ANDROID_ALARM_RTC_WAKEUP ||
67 type == ANDROID_ALARM_ELAPSED_REALTIME_WAKEUP);
68 }
69
70
71 static void devalarm_start(struct devalarm *alrm, ktime_t exp)
72 {
73 if (is_wakeup(alrm->type))
74 alarm_start(&alrm->u.alrm, exp);
75 else
76 hrtimer_start(&alrm->u.hrt, exp, HRTIMER_MODE_ABS);
77 }
78
79
80 static int devalarm_try_to_cancel(struct devalarm *alrm)
81 {
82 if (is_wakeup(alrm->type))
83 return alarm_try_to_cancel(&alrm->u.alrm);
84 return hrtimer_try_to_cancel(&alrm->u.hrt);
85 }
86
87 static void devalarm_cancel(struct devalarm *alrm)
88 {
89 if (is_wakeup(alrm->type))
90 alarm_cancel(&alrm->u.alrm);
91 else
92 hrtimer_cancel(&alrm->u.hrt);
93 }
94
95 static void alarm_clear(enum android_alarm_type alarm_type)
96 {
97 uint32_t alarm_type_mask = 1U << alarm_type;
98 unsigned long flags;
99
100 spin_lock_irqsave(&alarm_slock, flags);
101 alarm_dbg(IO, "alarm %d clear\n", alarm_type);
102 devalarm_try_to_cancel(&alarms[alarm_type]);
103 if (alarm_pending) {
104 alarm_pending &= ~alarm_type_mask;
105 if (!alarm_pending && !wait_pending)
106 __pm_relax(&alarm_wake_lock);
107 }
108 alarm_enabled &= ~alarm_type_mask;
109 spin_unlock_irqrestore(&alarm_slock, flags);
110
111 }
112
113 static void alarm_set(enum android_alarm_type alarm_type,
114 struct timespec *ts)
115 {
116 uint32_t alarm_type_mask = 1U << alarm_type;
117 unsigned long flags;
118
119 spin_lock_irqsave(&alarm_slock, flags);
120 alarm_dbg(IO, "alarm %d set %ld.%09ld\n",
121 alarm_type, ts->tv_sec, ts->tv_nsec);
122 alarm_enabled |= alarm_type_mask;
123 devalarm_start(&alarms[alarm_type], timespec_to_ktime(*ts));
124 spin_unlock_irqrestore(&alarm_slock, flags);
125 }
126
127 static int alarm_wait(void)
128 {
129 unsigned long flags;
130 int rv = 0;
131
132 spin_lock_irqsave(&alarm_slock, flags);
133 alarm_dbg(IO, "alarm wait\n");
134 if (!alarm_pending && wait_pending) {
135 __pm_relax(&alarm_wake_lock);
136 wait_pending = 0;
137 }
138 spin_unlock_irqrestore(&alarm_slock, flags);
139
140 rv = wait_event_interruptible(alarm_wait_queue, alarm_pending);
141 if (rv)
142 return rv;
143
144 spin_lock_irqsave(&alarm_slock, flags);
145 rv = alarm_pending;
146 wait_pending = 1;
147 alarm_pending = 0;
148 spin_unlock_irqrestore(&alarm_slock, flags);
149
150 return rv;
151 }
152
153 static int alarm_set_rtc(struct timespec *ts)
154 {
155 struct rtc_time new_rtc_tm;
156 struct rtc_device *rtc_dev;
157 unsigned long flags;
158 int rv = 0;
159
160 rtc_time_to_tm(ts->tv_sec, &new_rtc_tm);
161 rtc_dev = alarmtimer_get_rtcdev();
162 rv = do_settimeofday(ts);
163 if (rv < 0)
164 return rv;
165 if (rtc_dev)
166 rv = rtc_set_time(rtc_dev, &new_rtc_tm);
167
168 spin_lock_irqsave(&alarm_slock, flags);
169 alarm_pending |= ANDROID_ALARM_TIME_CHANGE_MASK;
170 wake_up(&alarm_wait_queue);
171 spin_unlock_irqrestore(&alarm_slock, flags);
172
173 return rv;
174 }
175
176 static int alarm_get_time(enum android_alarm_type alarm_type,
177 struct timespec *ts)
178 {
179 int rv = 0;
180
181 switch (alarm_type) {
182 case ANDROID_ALARM_RTC_WAKEUP:
183 case ANDROID_ALARM_RTC:
184 getnstimeofday(ts);
185 break;
186 case ANDROID_ALARM_ELAPSED_REALTIME_WAKEUP:
187 case ANDROID_ALARM_ELAPSED_REALTIME:
188 get_monotonic_boottime(ts);
189 break;
190 case ANDROID_ALARM_SYSTEMTIME:
191 ktime_get_ts(ts);
192 break;
193 default:
194 rv = -EINVAL;
195 }
196 return rv;
197 }
198
199 static long alarm_do_ioctl(struct file *file, unsigned int cmd,
200 struct timespec *ts)
201 {
202 int rv = 0;
203 unsigned long flags;
204 enum android_alarm_type alarm_type = ANDROID_ALARM_IOCTL_TO_TYPE(cmd);
205
206 if (alarm_type >= ANDROID_ALARM_TYPE_COUNT)
207 return -EINVAL;
208
209 if (ANDROID_ALARM_BASE_CMD(cmd) != ANDROID_ALARM_GET_TIME(0)) {
210 if ((file->f_flags & O_ACCMODE) == O_RDONLY)
211 return -EPERM;
212 if (file->private_data == NULL &&
213 cmd != ANDROID_ALARM_SET_RTC) {
214 spin_lock_irqsave(&alarm_slock, flags);
215 if (alarm_opened) {
216 spin_unlock_irqrestore(&alarm_slock, flags);
217 return -EBUSY;
218 }
219 alarm_opened = 1;
220 file->private_data = (void *)1;
221 spin_unlock_irqrestore(&alarm_slock, flags);
222 }
223 }
224
225 switch (ANDROID_ALARM_BASE_CMD(cmd)) {
226 case ANDROID_ALARM_CLEAR(0):
227 alarm_clear(alarm_type);
228 break;
229 case ANDROID_ALARM_SET(0):
230 alarm_set(alarm_type, ts);
231 break;
232 case ANDROID_ALARM_SET_AND_WAIT(0):
233 alarm_set(alarm_type, ts);
234 /* fall though */
235 case ANDROID_ALARM_WAIT:
236 rv = alarm_wait();
237 break;
238 case ANDROID_ALARM_SET_RTC:
239 rv = alarm_set_rtc(ts);
240 break;
241 case ANDROID_ALARM_GET_TIME(0):
242 rv = alarm_get_time(alarm_type, ts);
243 break;
244
245 default:
246 rv = -EINVAL;
247 }
248 return rv;
249 }
250
251 static long alarm_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
252 {
253
254 struct timespec ts;
255 int rv;
256
257 switch (ANDROID_ALARM_BASE_CMD(cmd)) {
258 case ANDROID_ALARM_SET_AND_WAIT(0):
259 case ANDROID_ALARM_SET(0):
260 case ANDROID_ALARM_SET_RTC:
261 if (copy_from_user(&ts, (void __user *)arg, sizeof(ts)))
262 return -EFAULT;
263 break;
264 }
265
266 rv = alarm_do_ioctl(file, cmd, &ts);
267 if (rv)
268 return rv;
269
270 switch (ANDROID_ALARM_BASE_CMD(cmd)) {
271 case ANDROID_ALARM_GET_TIME(0):
272 if (copy_to_user((void __user *)arg, &ts, sizeof(ts)))
273 return -EFAULT;
274 break;
275 }
276
277 return 0;
278 }
279 #ifdef CONFIG_COMPAT
280 static long alarm_compat_ioctl(struct file *file, unsigned int cmd,
281 unsigned long arg)
282 {
283
284 struct timespec ts;
285 int rv;
286
287 switch (ANDROID_ALARM_BASE_CMD(cmd)) {
288 case ANDROID_ALARM_SET_AND_WAIT_COMPAT(0):
289 case ANDROID_ALARM_SET_COMPAT(0):
290 case ANDROID_ALARM_SET_RTC_COMPAT:
291 if (compat_get_timespec(&ts, (void __user *)arg))
292 return -EFAULT;
293 /* fall through */
294 case ANDROID_ALARM_GET_TIME_COMPAT(0):
295 cmd = ANDROID_ALARM_COMPAT_TO_NORM(cmd);
296 break;
297 }
298
299 rv = alarm_do_ioctl(file, cmd, &ts);
300
301 switch (ANDROID_ALARM_BASE_CMD(cmd)) {
302 case ANDROID_ALARM_GET_TIME(0): /* NOTE: we modified cmd above */
303 if (compat_put_timespec(&ts, (void __user *)arg))
304 return -EFAULT;
305 break;
306 }
307
308 return rv;
309 }
310 #endif
311
312 static int alarm_open(struct inode *inode, struct file *file)
313 {
314 file->private_data = NULL;
315 return 0;
316 }
317
318 static int alarm_release(struct inode *inode, struct file *file)
319 {
320 int i;
321 unsigned long flags;
322
323 spin_lock_irqsave(&alarm_slock, flags);
324 if (file->private_data) {
325 for (i = 0; i < ANDROID_ALARM_TYPE_COUNT; i++) {
326 uint32_t alarm_type_mask = 1U << i;
327 if (alarm_enabled & alarm_type_mask) {
328 alarm_dbg(INFO,
329 "%s: clear alarm, pending %d\n",
330 __func__,
331 !!(alarm_pending & alarm_type_mask));
332 alarm_enabled &= ~alarm_type_mask;
333 }
334 spin_unlock_irqrestore(&alarm_slock, flags);
335 devalarm_cancel(&alarms[i]);
336 spin_lock_irqsave(&alarm_slock, flags);
337 }
338 if (alarm_pending | wait_pending) {
339 if (alarm_pending)
340 alarm_dbg(INFO, "%s: clear pending alarms %x\n",
341 __func__, alarm_pending);
342 __pm_relax(&alarm_wake_lock);
343 wait_pending = 0;
344 alarm_pending = 0;
345 }
346 alarm_opened = 0;
347 }
348 spin_unlock_irqrestore(&alarm_slock, flags);
349 return 0;
350 }
351
352 static void devalarm_triggered(struct devalarm *alarm)
353 {
354 unsigned long flags;
355 uint32_t alarm_type_mask = 1U << alarm->type;
356
357 alarm_dbg(INT, "%s: type %d\n", __func__, alarm->type);
358 spin_lock_irqsave(&alarm_slock, flags);
359 if (alarm_enabled & alarm_type_mask) {
360 __pm_wakeup_event(&alarm_wake_lock, 5000); /* 5secs */
361 alarm_enabled &= ~alarm_type_mask;
362 alarm_pending |= alarm_type_mask;
363 wake_up(&alarm_wait_queue);
364 }
365 spin_unlock_irqrestore(&alarm_slock, flags);
366 }
367
368
369 static enum hrtimer_restart devalarm_hrthandler(struct hrtimer *hrt)
370 {
371 struct devalarm *devalrm = container_of(hrt, struct devalarm, u.hrt);
372
373 devalarm_triggered(devalrm);
374 return HRTIMER_NORESTART;
375 }
376
377 static enum alarmtimer_restart devalarm_alarmhandler(struct alarm *alrm,
378 ktime_t now)
379 {
380 struct devalarm *devalrm = container_of(alrm, struct devalarm, u.alrm);
381
382 devalarm_triggered(devalrm);
383 return ALARMTIMER_NORESTART;
384 }
385
386
387 static const struct file_operations alarm_fops = {
388 .owner = THIS_MODULE,
389 .unlocked_ioctl = alarm_ioctl,
390 .open = alarm_open,
391 .release = alarm_release,
392 #ifdef CONFIG_COMPAT
393 .compat_ioctl = alarm_compat_ioctl,
394 #endif
395 };
396
397 static struct miscdevice alarm_device = {
398 .minor = MISC_DYNAMIC_MINOR,
399 .name = "alarm",
400 .fops = &alarm_fops,
401 };
402
403 static int __init alarm_dev_init(void)
404 {
405 int err;
406 int i;
407
408 err = misc_register(&alarm_device);
409 if (err)
410 return err;
411
412 alarm_init(&alarms[ANDROID_ALARM_RTC_WAKEUP].u.alrm,
413 ALARM_REALTIME, devalarm_alarmhandler);
414 hrtimer_init(&alarms[ANDROID_ALARM_RTC].u.hrt,
415 CLOCK_REALTIME, HRTIMER_MODE_ABS);
416 alarm_init(&alarms[ANDROID_ALARM_ELAPSED_REALTIME_WAKEUP].u.alrm,
417 ALARM_BOOTTIME, devalarm_alarmhandler);
418 hrtimer_init(&alarms[ANDROID_ALARM_ELAPSED_REALTIME].u.hrt,
419 CLOCK_BOOTTIME, HRTIMER_MODE_ABS);
420 hrtimer_init(&alarms[ANDROID_ALARM_SYSTEMTIME].u.hrt,
421 CLOCK_MONOTONIC, HRTIMER_MODE_ABS);
422
423 for (i = 0; i < ANDROID_ALARM_TYPE_COUNT; i++) {
424 alarms[i].type = i;
425 if (!is_wakeup(i))
426 alarms[i].u.hrt.function = devalarm_hrthandler;
427 }
428
429 wakeup_source_init(&alarm_wake_lock, "alarm");
430 return 0;
431 }
432
433 static void __exit alarm_dev_exit(void)
434 {
435 misc_deregister(&alarm_device);
436 wakeup_source_trash(&alarm_wake_lock);
437 }
438
439 module_init(alarm_dev_init);
440 module_exit(alarm_dev_exit);
441
Linux kernel - Deliverables
This page took 0.040636 seconds and 5 git commands to generate.