tx-only RC devices do not have a receive buffer.
Signed-off-by: NSean Young <sean@mess.org>
Signed-off-by: NMauro Carvalho Chehab <mchehab@s-opensource.com>

Since "273b902a [media] lirc_dev: use LIRC_CAN_REC() define" these
ioctls no longer work.
Signed-off-by: NSean Young <sean@mess.org>
Cc: <stable@vger.kernel.org> # v4.8+
Reviewed-by: NAndi Shyti <andi.shyti@samsung.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@s-opensource.com>

Drop the FSF's postal address from the source code files that typically
contain mostly the license text. Of the 628 removed instances, 578 are
outdated.

The patch has been created with the following command without manual edits:

git grep -l "675 Mass Ave\|59 Temple Place\|51 Franklin St" -- \
	drivers/media/ include/media|while read i; do i=$i perl -e '
open(F,"< $ENV{i}");
$a=join("", <F>);
$a =~ s/[ \t]*\*\n.*You should.*\n.*along with.*\n.*(\n.*USA.*$)?\n//m
	&& $a =~ s/(^.*)Or, (point your browser to) /$1To obtain the license, $2\n$1/m;
close(F);
open(F, "> $ENV{i}");
print F $a;
close(F);'; done
Signed-off-by: NSakari Ailus <sakari.ailus@linux.intel.com>

"c77d17c0 [media] lirc: use-after free" introduces two problems:
cdev_del() can be called with a NULL argument, and the kobject_put()
path will cause a double free.
Reported-by: NDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: NSean Young <sean@mess.org>
Signed-off-by: NMauro Carvalho Chehab <mchehab@s-opensource.com>

Many lirc drivers have their own receive buffers which are freed on
unplug (e.g. ir_lirc_unregister). This means that ir->buf->wait_poll
will be freed directly after unplug so do not remove yourself from the
wait queue.
Signed-off-by: NSean Young <sean@mess.org>
Signed-off-by: NMauro Carvalho Chehab <mchehab@s-opensource.com>

If you unplug an lirc device while reading from it, you will get an
use after free as the cdev is freed while still in use.
Signed-off-by: NSean Young <sean@mess.org>
Signed-off-by: NMauro Carvalho Chehab <mchehab@s-opensource.com>

[  101.457944] ------------[ cut here ]------------
[  101.457954] WARNING: CPU: 3 PID: 1819 at kernel/sched/core.c:7708 __might_sleep+0x7e/0x80
[  101.457960] do not call blocking ops when !TASK_RUNNING; state=1 set at [<ffffffffc0364bc2>] lirc_dev_fop_read+0x292/0x4e0 [lirc_dev]
Signed-off-by: NSean Young <sean@mess.org>
Signed-off-by: NMauro Carvalho Chehab <mchehab@s-opensource.com>

There is no need to check for CONFIG_COMPAT and consequently
assign the compat_ioctl.
Signed-off-by: NAndi Shyti <andi.shyti@samsung.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@s-opensource.com>

The LIRC_CAN_REC() returns a boolean "flag & LIRC_CAN_REC_MASK"
to check whether the device can receive data.
Signed-off-by: NAndi Shyti <andi.shyti@samsung.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@s-opensource.com>

When opening or closing a lirc character device, the framework
provides to the user the possibility to keep track of opening or
closing of the device by calling two functions:

 - set_use_inc() when opening the device
 - set_use_dec() when closing the device

if those are not set by the lirc user, the system segfaults.
Check the pointer value before calling the above functions.
Signed-off-by: NAndi Shyti <andi.shyti@samsung.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@s-opensource.com>

Signed-off-by: NAndi Shyti <andi.shyti@samsung.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@s-opensource.com>

If ioctl is called, it cannot be a case of invalid system call
number (ENOSYS), that is a ENOTTY case which means that the
device doesn't support that specific ioctl command.

So, replace ENOSYS with ENOTTY.
Signed-off-by: NAndi Shyti <andi.shyti@samsung.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@s-opensource.com>

When comparing a variable with a constant, the comparison should
start from the variable and not from the constant. It's also
written in the human DNA.

Swap the terms of comparisons whenever the constant comes first
and fix the following checkpatch warning:

  WARNING: Comparisons should place the constant on the right side of the test
Signed-off-by: NAndi Shyti <andi.shyti@samsung.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@s-opensource.com>

The three if statements check the same thing, merge them in only
one statement.
Signed-off-by: NAndi Shyti <andi.shyti@samsung.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@s-opensource.com>

There are two if ... else which check the same thing in different
part of the code, they can be merged in a single check.
Signed-off-by: NAndi Shyti <andi.shyti@samsung.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@s-opensource.com>

The whole function is inside an 'if' statement
("if (ir->d.add_to_buf)").

Check the opposite of that statement at the beginning and exit,
this way we can have one level less of indentation.
Signed-off-by: NAndi Shyti <andi.shyti@samsung.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@s-opensource.com>

... use "do .. while" instead.
Signed-off-by: NAndi Shyti <andi.shyti@samsung.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@s-opensource.com>

The code can be rearranged so that some goto paths can be removed
Signed-off-by: NAndi Shyti <andi.shyti@samsung.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@s-opensource.com>

This patch mutes also all the checkpatch warnings related to
printk.

Reword all the printouts so that the string doesn't need to be
split, which fixes the following checkpatch warning:

  WARNING: quoted string split across lines
Signed-off-by: NAndi Shyti <andi.shyti@samsung.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@s-opensource.com>

Signed-off-by: NAndi Shyti <andi.shyti@samsung.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@s-opensource.com>

Transmitters don't necessarily need to have a FIFO managed buffer
for their transfers.

When registering the driver, before allocating the buffer, check
whether the device is a transmitter or receiver. Allocate the
buffer only for receivers.
Signed-off-by: NAndi Shyti <andi.shyti@samsung.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@s-opensource.com>

During the driver registration, move the buffer allocation on a
separate function.
Signed-off-by: NAndi Shyti <andi.shyti@samsung.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@s-opensource.com>

We can only unlock if mutex_lock() succeeds.

Fixes the following warning:
	drivers/media/rc/lirc_dev.c:535 lirc_dev_fop_close() error: double unlock 'mutex:&lirc_dev_lock'
Signed-off-by: NMauro Carvalho Chehab <mchehab@osg.samsung.com>

We have to check pointer for NULL and then dereference it.
Signed-off-by: NAndy Shevchenko <andy.shevchenko@gmail.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@osg.samsung.com>

The functions input_free_device() and rc_close() test whether their argument
is NULL and then return immediately. Thus the test around the call
is not needed.

This issue was detected by using the Coccinelle software.
Signed-off-by: NMarkus Elfring <elfring@users.sourceforge.net>
Signed-off-by: NMauro Carvalho Chehab <mchehab@osg.samsung.com>

drivers/media/rc/lirc_dev.c:598:26: warning: incorrect type in argument 1 (different address spaces)
drivers/media/rc/lirc_dev.c:606:26: warning: incorrect type in argument 1 (different address spaces)
drivers/media/rc/lirc_dev.c:616:26: warning: incorrect type in argument 1 (different address spaces)
drivers/media/rc/lirc_dev.c:625:26: warning: incorrect type in argument 1 (different address spaces)
drivers/media/rc/lirc_dev.c:634:26: warning: incorrect type in argument 1 (different address spaces)
drivers/media/rc/lirc_dev.c:643:26: warning: incorrect type in argument 1 (different address spaces)
drivers/media/rc/lirc_dev.c:739:45: warning: cast removes address space of expression
drivers/media/rc/lirc_dev.c:739:58: warning: incorrect type in argument 1 (different address spaces)
Signed-off-by: NHans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: NMauro Carvalho Chehab <m.chehab@samsung.com>

The use case is simple, if any rc device has allowed protocols =
RC_TYPE_LIRC and map_name = RC_MAP_LIRC set, the driver open will be never
called. The reason for this is, all of the key maps except lirc have some
KEYS in there map, so during rc_register_device process these keys are
matched against the input drivers and open is performed, so for the case
of RC_MAP_EMPTY, a vt/keyboard is matched and the driver open is
performed.
In case of lirc, there is no match and result is that there is no open
performed, however the lirc-dev will go ahead and create a /dev/lirc0
node. Now when lircd/mode2 opens this device, no data is available
because the driver was never opened.
Other case pointed by Sean Young, As rc device gets opened via the
input interface. If the input device is never opened (e.g. embedded with
no console) then the rc open is never called and lirc will not work
either. So that's another case.
lirc_dev seems to have no link with actual rc device w.r.t open/close.
This patch adds rc_dev pointer to lirc_driver structure for cases like
this, so that it can do the open/close of the real driver in accordance
to lircd/mode2 open/close.
Without this patch its impossible to open a rc device which has
RC_TYPE_LIRC ad RC_MAP_LIRC set.
Signed-off-by: NSrinivas Kandagatla <srinivas.kandagatla@st.com>
Signed-off-by: NMauro Carvalho Chehab <m.chehab@samsung.com>

Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>

file argument is a struct file being passed to ->open() or
already opened; none of the checks in lirc_get_pdata()
can fail.
Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>

Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>

module_param(bool) used to counter-intuitively take an int.  In
fddd5201 (mid-2009) we allowed bool or int/unsigned int using a messy
trick.

It's time to remove the int/unsigned int option.  For this version
it'll simply give a warning, but it'll break next kernel version.
Acked-by: NMauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>

Store the cdev pointer in struct irctl, allocated dynamically as needed,
rather than having a static array. At the same time, recycle some of the
saved memory to nudge the maximum number of lirc devices supported up a
ways -- its not that uncommon these days, now that we have the rc-core
lirc bridge driver, to see a system with at least 4 raw IR receivers.
(consider a mythtv backend with several video capture devices and the
possible need for IR transmit hardware).
Signed-off-by: NJarod Wilson <jarod@redhat.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

kobject_set_name() may fail with -ENOMEM, check for it.
Signed-off-by: NVasiliy Kulikov <segoon@openwall.com>
Acked-by: NJarod Wilson <jarod@redhat.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

Sparse complains because there are no __user annotations.

drivers/media/rc/lirc_dev.c:156:27: warning:
	incorrect type in initializer (incompatible argument 2 (different address spaces))
drivers/media/rc/lirc_dev.c:156:27:    expected int ( *read )( ... )
drivers/media/rc/lirc_dev.c:156:27:    got int ( extern [toplevel] *<noident> )( ... )
Signed-off-by: NDan Carpenter <error27@gmail.com>
Acked-by: NJarod Wilson <jarod@redhat.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

This makes several changes but they're in one function and sort of
related:

"buf" was leaked on error.  The leak if we try to read an invalid
length is the main concern because it could be triggered over and
over.

If the copy_to_user() failed, then the original code returned the
number of bytes remaining.  read() is supposed to be the opposite way,
where we return the number of bytes copied.  I changed it to just return
-EFAULT on errors.

Also I changed the debug output from "-EFAULT" to just "<fail>" because
it isn't -EFAULT necessarily.  And since we go though that path if the
length is invalid now, there was another debug print that I removed.
Signed-off-by: NDan Carpenter <error27@gmail.com>
Reviewed-by: NJarod Wilson <jarod@redhat.com>
Acked-by: NJarod Wilson <jarod@redhat.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

We shouldn't unlock here.  I think this was a cut and paste error.
Signed-off-by: NDan Carpenter <error27@gmail.com>
Acked-by: NJarod Wilson <jarod@redhat.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

Signed-off-by: NZimny Lech <napohybelskurwysynom2010@gmail.com>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Fixes an oops when an lirc driver that doesn't provide its own fops is
unplugged while the lirc cdev is open. Tested with lirc_igorplugusb,
with a special thanks to Timo Boettcher for providing the test hardware.
Signed-off-by: NJarod Wilson <jarod@redhat.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

Signed-off-by: NJarod Wilson <jarod@redhat.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>