Commit 9d02b42614149ebccf12c9c580601ed01bd83070

Authored by Michal Sojka
Committed by Greg Kroah-Hartman
1 parent 4bbba111d9

USB: Do not pass negative length to snoop_urb()

When `echo Y > /sys/module/usbcore/parameters/usbfs_snoop` and
usb_control_msg() returns error, a lot of kernel memory is dumped to dmesg
until unhandled kernel paging request occurs.

Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

Showing 1 changed file with 1 additions and 1 deletions Inline Diff

drivers/usb/core/devio.c
1 /*****************************************************************************/ 1 /*****************************************************************************/
2 2
3 /* 3 /*
4 * devio.c -- User space communication with USB devices. 4 * devio.c -- User space communication with USB devices.
5 * 5 *
6 * Copyright (C) 1999-2000 Thomas Sailer (sailer@ife.ee.ethz.ch) 6 * Copyright (C) 1999-2000 Thomas Sailer (sailer@ife.ee.ethz.ch)
7 * 7 *
8 * This program is free software; you can redistribute it and/or modify 8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by 9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or 10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version. 11 * (at your option) any later version.
12 * 12 *
13 * This program is distributed in the hope that it will be useful, 13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details. 16 * GNU General Public License for more details.
17 * 17 *
18 * You should have received a copy of the GNU General Public License 18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software 19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 20 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 * 21 *
22 * This file implements the usbfs/x/y files, where 22 * This file implements the usbfs/x/y files, where
23 * x is the bus number and y the device number. 23 * x is the bus number and y the device number.
24 * 24 *
25 * It allows user space programs/"drivers" to communicate directly 25 * It allows user space programs/"drivers" to communicate directly
26 * with USB devices without intervening kernel driver. 26 * with USB devices without intervening kernel driver.
27 * 27 *
28 * Revision history 28 * Revision history
29 * 22.12.1999 0.1 Initial release (split from proc_usb.c) 29 * 22.12.1999 0.1 Initial release (split from proc_usb.c)
30 * 04.01.2000 0.2 Turned into its own filesystem 30 * 04.01.2000 0.2 Turned into its own filesystem
31 * 30.09.2005 0.3 Fix user-triggerable oops in async URB delivery 31 * 30.09.2005 0.3 Fix user-triggerable oops in async URB delivery
32 * (CAN-2005-3055) 32 * (CAN-2005-3055)
33 */ 33 */
34 34
35 /*****************************************************************************/ 35 /*****************************************************************************/
36 36
37 #include <linux/fs.h> 37 #include <linux/fs.h>
38 #include <linux/mm.h> 38 #include <linux/mm.h>
39 #include <linux/slab.h> 39 #include <linux/slab.h>
40 #include <linux/signal.h> 40 #include <linux/signal.h>
41 #include <linux/poll.h> 41 #include <linux/poll.h>
42 #include <linux/module.h> 42 #include <linux/module.h>
43 #include <linux/usb.h> 43 #include <linux/usb.h>
44 #include <linux/usbdevice_fs.h> 44 #include <linux/usbdevice_fs.h>
45 #include <linux/usb/hcd.h> /* for usbcore internals */ 45 #include <linux/usb/hcd.h> /* for usbcore internals */
46 #include <linux/cdev.h> 46 #include <linux/cdev.h>
47 #include <linux/notifier.h> 47 #include <linux/notifier.h>
48 #include <linux/security.h> 48 #include <linux/security.h>
49 #include <asm/uaccess.h> 49 #include <asm/uaccess.h>
50 #include <asm/byteorder.h> 50 #include <asm/byteorder.h>
51 #include <linux/moduleparam.h> 51 #include <linux/moduleparam.h>
52 52
53 #include "usb.h" 53 #include "usb.h"
54 54
55 #define USB_MAXBUS 64 55 #define USB_MAXBUS 64
56 #define USB_DEVICE_MAX USB_MAXBUS * 128 56 #define USB_DEVICE_MAX USB_MAXBUS * 128
57 57
58 /* Mutual exclusion for removal, open, and release */ 58 /* Mutual exclusion for removal, open, and release */
59 DEFINE_MUTEX(usbfs_mutex); 59 DEFINE_MUTEX(usbfs_mutex);
60 60
61 struct dev_state { 61 struct dev_state {
62 struct list_head list; /* state list */ 62 struct list_head list; /* state list */
63 struct usb_device *dev; 63 struct usb_device *dev;
64 struct file *file; 64 struct file *file;
65 spinlock_t lock; /* protects the async urb lists */ 65 spinlock_t lock; /* protects the async urb lists */
66 struct list_head async_pending; 66 struct list_head async_pending;
67 struct list_head async_completed; 67 struct list_head async_completed;
68 wait_queue_head_t wait; /* wake up if a request completed */ 68 wait_queue_head_t wait; /* wake up if a request completed */
69 unsigned int discsignr; 69 unsigned int discsignr;
70 struct pid *disc_pid; 70 struct pid *disc_pid;
71 uid_t disc_uid, disc_euid; 71 uid_t disc_uid, disc_euid;
72 void __user *disccontext; 72 void __user *disccontext;
73 unsigned long ifclaimed; 73 unsigned long ifclaimed;
74 u32 secid; 74 u32 secid;
75 u32 disabled_bulk_eps; 75 u32 disabled_bulk_eps;
76 }; 76 };
77 77
78 struct async { 78 struct async {
79 struct list_head asynclist; 79 struct list_head asynclist;
80 struct dev_state *ps; 80 struct dev_state *ps;
81 struct pid *pid; 81 struct pid *pid;
82 uid_t uid, euid; 82 uid_t uid, euid;
83 unsigned int signr; 83 unsigned int signr;
84 unsigned int ifnum; 84 unsigned int ifnum;
85 void __user *userbuffer; 85 void __user *userbuffer;
86 void __user *userurb; 86 void __user *userurb;
87 struct urb *urb; 87 struct urb *urb;
88 int status; 88 int status;
89 u32 secid; 89 u32 secid;
90 u8 bulk_addr; 90 u8 bulk_addr;
91 u8 bulk_status; 91 u8 bulk_status;
92 }; 92 };
93 93
94 static int usbfs_snoop; 94 static int usbfs_snoop;
95 module_param(usbfs_snoop, bool, S_IRUGO | S_IWUSR); 95 module_param(usbfs_snoop, bool, S_IRUGO | S_IWUSR);
96 MODULE_PARM_DESC(usbfs_snoop, "true to log all usbfs traffic"); 96 MODULE_PARM_DESC(usbfs_snoop, "true to log all usbfs traffic");
97 97
98 #define snoop(dev, format, arg...) \ 98 #define snoop(dev, format, arg...) \
99 do { \ 99 do { \
100 if (usbfs_snoop) \ 100 if (usbfs_snoop) \
101 dev_info(dev , format , ## arg); \ 101 dev_info(dev , format , ## arg); \
102 } while (0) 102 } while (0)
103 103
104 enum snoop_when { 104 enum snoop_when {
105 SUBMIT, COMPLETE 105 SUBMIT, COMPLETE
106 }; 106 };
107 107
108 #define USB_DEVICE_DEV MKDEV(USB_DEVICE_MAJOR, 0) 108 #define USB_DEVICE_DEV MKDEV(USB_DEVICE_MAJOR, 0)
109 109
110 #define MAX_USBFS_BUFFER_SIZE 16384 110 #define MAX_USBFS_BUFFER_SIZE 16384
111 111
112 112
113 static int connected(struct dev_state *ps) 113 static int connected(struct dev_state *ps)
114 { 114 {
115 return (!list_empty(&ps->list) && 115 return (!list_empty(&ps->list) &&
116 ps->dev->state != USB_STATE_NOTATTACHED); 116 ps->dev->state != USB_STATE_NOTATTACHED);
117 } 117 }
118 118
119 static loff_t usbdev_lseek(struct file *file, loff_t offset, int orig) 119 static loff_t usbdev_lseek(struct file *file, loff_t offset, int orig)
120 { 120 {
121 loff_t ret; 121 loff_t ret;
122 122
123 mutex_lock(&file->f_dentry->d_inode->i_mutex); 123 mutex_lock(&file->f_dentry->d_inode->i_mutex);
124 124
125 switch (orig) { 125 switch (orig) {
126 case 0: 126 case 0:
127 file->f_pos = offset; 127 file->f_pos = offset;
128 ret = file->f_pos; 128 ret = file->f_pos;
129 break; 129 break;
130 case 1: 130 case 1:
131 file->f_pos += offset; 131 file->f_pos += offset;
132 ret = file->f_pos; 132 ret = file->f_pos;
133 break; 133 break;
134 case 2: 134 case 2:
135 default: 135 default:
136 ret = -EINVAL; 136 ret = -EINVAL;
137 } 137 }
138 138
139 mutex_unlock(&file->f_dentry->d_inode->i_mutex); 139 mutex_unlock(&file->f_dentry->d_inode->i_mutex);
140 return ret; 140 return ret;
141 } 141 }
142 142
143 static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes, 143 static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes,
144 loff_t *ppos) 144 loff_t *ppos)
145 { 145 {
146 struct dev_state *ps = file->private_data; 146 struct dev_state *ps = file->private_data;
147 struct usb_device *dev = ps->dev; 147 struct usb_device *dev = ps->dev;
148 ssize_t ret = 0; 148 ssize_t ret = 0;
149 unsigned len; 149 unsigned len;
150 loff_t pos; 150 loff_t pos;
151 int i; 151 int i;
152 152
153 pos = *ppos; 153 pos = *ppos;
154 usb_lock_device(dev); 154 usb_lock_device(dev);
155 if (!connected(ps)) { 155 if (!connected(ps)) {
156 ret = -ENODEV; 156 ret = -ENODEV;
157 goto err; 157 goto err;
158 } else if (pos < 0) { 158 } else if (pos < 0) {
159 ret = -EINVAL; 159 ret = -EINVAL;
160 goto err; 160 goto err;
161 } 161 }
162 162
163 if (pos < sizeof(struct usb_device_descriptor)) { 163 if (pos < sizeof(struct usb_device_descriptor)) {
164 /* 18 bytes - fits on the stack */ 164 /* 18 bytes - fits on the stack */
165 struct usb_device_descriptor temp_desc; 165 struct usb_device_descriptor temp_desc;
166 166
167 memcpy(&temp_desc, &dev->descriptor, sizeof(dev->descriptor)); 167 memcpy(&temp_desc, &dev->descriptor, sizeof(dev->descriptor));
168 le16_to_cpus(&temp_desc.bcdUSB); 168 le16_to_cpus(&temp_desc.bcdUSB);
169 le16_to_cpus(&temp_desc.idVendor); 169 le16_to_cpus(&temp_desc.idVendor);
170 le16_to_cpus(&temp_desc.idProduct); 170 le16_to_cpus(&temp_desc.idProduct);
171 le16_to_cpus(&temp_desc.bcdDevice); 171 le16_to_cpus(&temp_desc.bcdDevice);
172 172
173 len = sizeof(struct usb_device_descriptor) - pos; 173 len = sizeof(struct usb_device_descriptor) - pos;
174 if (len > nbytes) 174 if (len > nbytes)
175 len = nbytes; 175 len = nbytes;
176 if (copy_to_user(buf, ((char *)&temp_desc) + pos, len)) { 176 if (copy_to_user(buf, ((char *)&temp_desc) + pos, len)) {
177 ret = -EFAULT; 177 ret = -EFAULT;
178 goto err; 178 goto err;
179 } 179 }
180 180
181 *ppos += len; 181 *ppos += len;
182 buf += len; 182 buf += len;
183 nbytes -= len; 183 nbytes -= len;
184 ret += len; 184 ret += len;
185 } 185 }
186 186
187 pos = sizeof(struct usb_device_descriptor); 187 pos = sizeof(struct usb_device_descriptor);
188 for (i = 0; nbytes && i < dev->descriptor.bNumConfigurations; i++) { 188 for (i = 0; nbytes && i < dev->descriptor.bNumConfigurations; i++) {
189 struct usb_config_descriptor *config = 189 struct usb_config_descriptor *config =
190 (struct usb_config_descriptor *)dev->rawdescriptors[i]; 190 (struct usb_config_descriptor *)dev->rawdescriptors[i];
191 unsigned int length = le16_to_cpu(config->wTotalLength); 191 unsigned int length = le16_to_cpu(config->wTotalLength);
192 192
193 if (*ppos < pos + length) { 193 if (*ppos < pos + length) {
194 194
195 /* The descriptor may claim to be longer than it 195 /* The descriptor may claim to be longer than it
196 * really is. Here is the actual allocated length. */ 196 * really is. Here is the actual allocated length. */
197 unsigned alloclen = 197 unsigned alloclen =
198 le16_to_cpu(dev->config[i].desc.wTotalLength); 198 le16_to_cpu(dev->config[i].desc.wTotalLength);
199 199
200 len = length - (*ppos - pos); 200 len = length - (*ppos - pos);
201 if (len > nbytes) 201 if (len > nbytes)
202 len = nbytes; 202 len = nbytes;
203 203
204 /* Simply don't write (skip over) unallocated parts */ 204 /* Simply don't write (skip over) unallocated parts */
205 if (alloclen > (*ppos - pos)) { 205 if (alloclen > (*ppos - pos)) {
206 alloclen -= (*ppos - pos); 206 alloclen -= (*ppos - pos);
207 if (copy_to_user(buf, 207 if (copy_to_user(buf,
208 dev->rawdescriptors[i] + (*ppos - pos), 208 dev->rawdescriptors[i] + (*ppos - pos),
209 min(len, alloclen))) { 209 min(len, alloclen))) {
210 ret = -EFAULT; 210 ret = -EFAULT;
211 goto err; 211 goto err;
212 } 212 }
213 } 213 }
214 214
215 *ppos += len; 215 *ppos += len;
216 buf += len; 216 buf += len;
217 nbytes -= len; 217 nbytes -= len;
218 ret += len; 218 ret += len;
219 } 219 }
220 220
221 pos += length; 221 pos += length;
222 } 222 }
223 223
224 err: 224 err:
225 usb_unlock_device(dev); 225 usb_unlock_device(dev);
226 return ret; 226 return ret;
227 } 227 }
228 228
229 /* 229 /*
230 * async list handling 230 * async list handling
231 */ 231 */
232 232
233 static struct async *alloc_async(unsigned int numisoframes) 233 static struct async *alloc_async(unsigned int numisoframes)
234 { 234 {
235 struct async *as; 235 struct async *as;
236 236
237 as = kzalloc(sizeof(struct async), GFP_KERNEL); 237 as = kzalloc(sizeof(struct async), GFP_KERNEL);
238 if (!as) 238 if (!as)
239 return NULL; 239 return NULL;
240 as->urb = usb_alloc_urb(numisoframes, GFP_KERNEL); 240 as->urb = usb_alloc_urb(numisoframes, GFP_KERNEL);
241 if (!as->urb) { 241 if (!as->urb) {
242 kfree(as); 242 kfree(as);
243 return NULL; 243 return NULL;
244 } 244 }
245 return as; 245 return as;
246 } 246 }
247 247
248 static void free_async(struct async *as) 248 static void free_async(struct async *as)
249 { 249 {
250 put_pid(as->pid); 250 put_pid(as->pid);
251 kfree(as->urb->transfer_buffer); 251 kfree(as->urb->transfer_buffer);
252 kfree(as->urb->setup_packet); 252 kfree(as->urb->setup_packet);
253 usb_free_urb(as->urb); 253 usb_free_urb(as->urb);
254 kfree(as); 254 kfree(as);
255 } 255 }
256 256
257 static void async_newpending(struct async *as) 257 static void async_newpending(struct async *as)
258 { 258 {
259 struct dev_state *ps = as->ps; 259 struct dev_state *ps = as->ps;
260 unsigned long flags; 260 unsigned long flags;
261 261
262 spin_lock_irqsave(&ps->lock, flags); 262 spin_lock_irqsave(&ps->lock, flags);
263 list_add_tail(&as->asynclist, &ps->async_pending); 263 list_add_tail(&as->asynclist, &ps->async_pending);
264 spin_unlock_irqrestore(&ps->lock, flags); 264 spin_unlock_irqrestore(&ps->lock, flags);
265 } 265 }
266 266
267 static void async_removepending(struct async *as) 267 static void async_removepending(struct async *as)
268 { 268 {
269 struct dev_state *ps = as->ps; 269 struct dev_state *ps = as->ps;
270 unsigned long flags; 270 unsigned long flags;
271 271
272 spin_lock_irqsave(&ps->lock, flags); 272 spin_lock_irqsave(&ps->lock, flags);
273 list_del_init(&as->asynclist); 273 list_del_init(&as->asynclist);
274 spin_unlock_irqrestore(&ps->lock, flags); 274 spin_unlock_irqrestore(&ps->lock, flags);
275 } 275 }
276 276
277 static struct async *async_getcompleted(struct dev_state *ps) 277 static struct async *async_getcompleted(struct dev_state *ps)
278 { 278 {
279 unsigned long flags; 279 unsigned long flags;
280 struct async *as = NULL; 280 struct async *as = NULL;
281 281
282 spin_lock_irqsave(&ps->lock, flags); 282 spin_lock_irqsave(&ps->lock, flags);
283 if (!list_empty(&ps->async_completed)) { 283 if (!list_empty(&ps->async_completed)) {
284 as = list_entry(ps->async_completed.next, struct async, 284 as = list_entry(ps->async_completed.next, struct async,
285 asynclist); 285 asynclist);
286 list_del_init(&as->asynclist); 286 list_del_init(&as->asynclist);
287 } 287 }
288 spin_unlock_irqrestore(&ps->lock, flags); 288 spin_unlock_irqrestore(&ps->lock, flags);
289 return as; 289 return as;
290 } 290 }
291 291
292 static struct async *async_getpending(struct dev_state *ps, 292 static struct async *async_getpending(struct dev_state *ps,
293 void __user *userurb) 293 void __user *userurb)
294 { 294 {
295 unsigned long flags; 295 unsigned long flags;
296 struct async *as; 296 struct async *as;
297 297
298 spin_lock_irqsave(&ps->lock, flags); 298 spin_lock_irqsave(&ps->lock, flags);
299 list_for_each_entry(as, &ps->async_pending, asynclist) 299 list_for_each_entry(as, &ps->async_pending, asynclist)
300 if (as->userurb == userurb) { 300 if (as->userurb == userurb) {
301 list_del_init(&as->asynclist); 301 list_del_init(&as->asynclist);
302 spin_unlock_irqrestore(&ps->lock, flags); 302 spin_unlock_irqrestore(&ps->lock, flags);
303 return as; 303 return as;
304 } 304 }
305 spin_unlock_irqrestore(&ps->lock, flags); 305 spin_unlock_irqrestore(&ps->lock, flags);
306 return NULL; 306 return NULL;
307 } 307 }
308 308
309 static void snoop_urb(struct usb_device *udev, 309 static void snoop_urb(struct usb_device *udev,
310 void __user *userurb, int pipe, unsigned length, 310 void __user *userurb, int pipe, unsigned length,
311 int timeout_or_status, enum snoop_when when, 311 int timeout_or_status, enum snoop_when when,
312 unsigned char *data, unsigned data_len) 312 unsigned char *data, unsigned data_len)
313 { 313 {
314 static const char *types[] = {"isoc", "int", "ctrl", "bulk"}; 314 static const char *types[] = {"isoc", "int", "ctrl", "bulk"};
315 static const char *dirs[] = {"out", "in"}; 315 static const char *dirs[] = {"out", "in"};
316 int ep; 316 int ep;
317 const char *t, *d; 317 const char *t, *d;
318 318
319 if (!usbfs_snoop) 319 if (!usbfs_snoop)
320 return; 320 return;
321 321
322 ep = usb_pipeendpoint(pipe); 322 ep = usb_pipeendpoint(pipe);
323 t = types[usb_pipetype(pipe)]; 323 t = types[usb_pipetype(pipe)];
324 d = dirs[!!usb_pipein(pipe)]; 324 d = dirs[!!usb_pipein(pipe)];
325 325
326 if (userurb) { /* Async */ 326 if (userurb) { /* Async */
327 if (when == SUBMIT) 327 if (when == SUBMIT)
328 dev_info(&udev->dev, "userurb %p, ep%d %s-%s, " 328 dev_info(&udev->dev, "userurb %p, ep%d %s-%s, "
329 "length %u\n", 329 "length %u\n",
330 userurb, ep, t, d, length); 330 userurb, ep, t, d, length);
331 else 331 else
332 dev_info(&udev->dev, "userurb %p, ep%d %s-%s, " 332 dev_info(&udev->dev, "userurb %p, ep%d %s-%s, "
333 "actual_length %u status %d\n", 333 "actual_length %u status %d\n",
334 userurb, ep, t, d, length, 334 userurb, ep, t, d, length,
335 timeout_or_status); 335 timeout_or_status);
336 } else { 336 } else {
337 if (when == SUBMIT) 337 if (when == SUBMIT)
338 dev_info(&udev->dev, "ep%d %s-%s, length %u, " 338 dev_info(&udev->dev, "ep%d %s-%s, length %u, "
339 "timeout %d\n", 339 "timeout %d\n",
340 ep, t, d, length, timeout_or_status); 340 ep, t, d, length, timeout_or_status);
341 else 341 else
342 dev_info(&udev->dev, "ep%d %s-%s, actual_length %u, " 342 dev_info(&udev->dev, "ep%d %s-%s, actual_length %u, "
343 "status %d\n", 343 "status %d\n",
344 ep, t, d, length, timeout_or_status); 344 ep, t, d, length, timeout_or_status);
345 } 345 }
346 346
347 if (data && data_len > 0) { 347 if (data && data_len > 0) {
348 print_hex_dump(KERN_DEBUG, "data: ", DUMP_PREFIX_NONE, 32, 1, 348 print_hex_dump(KERN_DEBUG, "data: ", DUMP_PREFIX_NONE, 32, 1,
349 data, data_len, 1); 349 data, data_len, 1);
350 } 350 }
351 } 351 }
352 352
353 #define AS_CONTINUATION 1 353 #define AS_CONTINUATION 1
354 #define AS_UNLINK 2 354 #define AS_UNLINK 2
355 355
356 static void cancel_bulk_urbs(struct dev_state *ps, unsigned bulk_addr) 356 static void cancel_bulk_urbs(struct dev_state *ps, unsigned bulk_addr)
357 __releases(ps->lock) 357 __releases(ps->lock)
358 __acquires(ps->lock) 358 __acquires(ps->lock)
359 { 359 {
360 struct async *as; 360 struct async *as;
361 361
362 /* Mark all the pending URBs that match bulk_addr, up to but not 362 /* Mark all the pending URBs that match bulk_addr, up to but not
363 * including the first one without AS_CONTINUATION. If such an 363 * including the first one without AS_CONTINUATION. If such an
364 * URB is encountered then a new transfer has already started so 364 * URB is encountered then a new transfer has already started so
365 * the endpoint doesn't need to be disabled; otherwise it does. 365 * the endpoint doesn't need to be disabled; otherwise it does.
366 */ 366 */
367 list_for_each_entry(as, &ps->async_pending, asynclist) { 367 list_for_each_entry(as, &ps->async_pending, asynclist) {
368 if (as->bulk_addr == bulk_addr) { 368 if (as->bulk_addr == bulk_addr) {
369 if (as->bulk_status != AS_CONTINUATION) 369 if (as->bulk_status != AS_CONTINUATION)
370 goto rescan; 370 goto rescan;
371 as->bulk_status = AS_UNLINK; 371 as->bulk_status = AS_UNLINK;
372 as->bulk_addr = 0; 372 as->bulk_addr = 0;
373 } 373 }
374 } 374 }
375 ps->disabled_bulk_eps |= (1 << bulk_addr); 375 ps->disabled_bulk_eps |= (1 << bulk_addr);
376 376
377 /* Now carefully unlink all the marked pending URBs */ 377 /* Now carefully unlink all the marked pending URBs */
378 rescan: 378 rescan:
379 list_for_each_entry(as, &ps->async_pending, asynclist) { 379 list_for_each_entry(as, &ps->async_pending, asynclist) {
380 if (as->bulk_status == AS_UNLINK) { 380 if (as->bulk_status == AS_UNLINK) {
381 as->bulk_status = 0; /* Only once */ 381 as->bulk_status = 0; /* Only once */
382 spin_unlock(&ps->lock); /* Allow completions */ 382 spin_unlock(&ps->lock); /* Allow completions */
383 usb_unlink_urb(as->urb); 383 usb_unlink_urb(as->urb);
384 spin_lock(&ps->lock); 384 spin_lock(&ps->lock);
385 goto rescan; 385 goto rescan;
386 } 386 }
387 } 387 }
388 } 388 }
389 389
390 static void async_completed(struct urb *urb) 390 static void async_completed(struct urb *urb)
391 { 391 {
392 struct async *as = urb->context; 392 struct async *as = urb->context;
393 struct dev_state *ps = as->ps; 393 struct dev_state *ps = as->ps;
394 struct siginfo sinfo; 394 struct siginfo sinfo;
395 struct pid *pid = NULL; 395 struct pid *pid = NULL;
396 uid_t uid = 0; 396 uid_t uid = 0;
397 uid_t euid = 0; 397 uid_t euid = 0;
398 u32 secid = 0; 398 u32 secid = 0;
399 int signr; 399 int signr;
400 400
401 spin_lock(&ps->lock); 401 spin_lock(&ps->lock);
402 list_move_tail(&as->asynclist, &ps->async_completed); 402 list_move_tail(&as->asynclist, &ps->async_completed);
403 as->status = urb->status; 403 as->status = urb->status;
404 signr = as->signr; 404 signr = as->signr;
405 if (signr) { 405 if (signr) {
406 sinfo.si_signo = as->signr; 406 sinfo.si_signo = as->signr;
407 sinfo.si_errno = as->status; 407 sinfo.si_errno = as->status;
408 sinfo.si_code = SI_ASYNCIO; 408 sinfo.si_code = SI_ASYNCIO;
409 sinfo.si_addr = as->userurb; 409 sinfo.si_addr = as->userurb;
410 pid = as->pid; 410 pid = as->pid;
411 uid = as->uid; 411 uid = as->uid;
412 euid = as->euid; 412 euid = as->euid;
413 secid = as->secid; 413 secid = as->secid;
414 } 414 }
415 snoop(&urb->dev->dev, "urb complete\n"); 415 snoop(&urb->dev->dev, "urb complete\n");
416 snoop_urb(urb->dev, as->userurb, urb->pipe, urb->actual_length, 416 snoop_urb(urb->dev, as->userurb, urb->pipe, urb->actual_length,
417 as->status, COMPLETE, 417 as->status, COMPLETE,
418 ((urb->transfer_flags & URB_DIR_MASK) == USB_DIR_OUT) ? 418 ((urb->transfer_flags & URB_DIR_MASK) == USB_DIR_OUT) ?
419 NULL : urb->transfer_buffer, urb->actual_length); 419 NULL : urb->transfer_buffer, urb->actual_length);
420 if (as->status < 0 && as->bulk_addr && as->status != -ECONNRESET && 420 if (as->status < 0 && as->bulk_addr && as->status != -ECONNRESET &&
421 as->status != -ENOENT) 421 as->status != -ENOENT)
422 cancel_bulk_urbs(ps, as->bulk_addr); 422 cancel_bulk_urbs(ps, as->bulk_addr);
423 spin_unlock(&ps->lock); 423 spin_unlock(&ps->lock);
424 424
425 if (signr) 425 if (signr)
426 kill_pid_info_as_uid(sinfo.si_signo, &sinfo, pid, uid, 426 kill_pid_info_as_uid(sinfo.si_signo, &sinfo, pid, uid,
427 euid, secid); 427 euid, secid);
428 428
429 wake_up(&ps->wait); 429 wake_up(&ps->wait);
430 } 430 }
431 431
432 static void destroy_async(struct dev_state *ps, struct list_head *list) 432 static void destroy_async(struct dev_state *ps, struct list_head *list)
433 { 433 {
434 struct async *as; 434 struct async *as;
435 unsigned long flags; 435 unsigned long flags;
436 436
437 spin_lock_irqsave(&ps->lock, flags); 437 spin_lock_irqsave(&ps->lock, flags);
438 while (!list_empty(list)) { 438 while (!list_empty(list)) {
439 as = list_entry(list->next, struct async, asynclist); 439 as = list_entry(list->next, struct async, asynclist);
440 list_del_init(&as->asynclist); 440 list_del_init(&as->asynclist);
441 441
442 /* drop the spinlock so the completion handler can run */ 442 /* drop the spinlock so the completion handler can run */
443 spin_unlock_irqrestore(&ps->lock, flags); 443 spin_unlock_irqrestore(&ps->lock, flags);
444 usb_kill_urb(as->urb); 444 usb_kill_urb(as->urb);
445 spin_lock_irqsave(&ps->lock, flags); 445 spin_lock_irqsave(&ps->lock, flags);
446 } 446 }
447 spin_unlock_irqrestore(&ps->lock, flags); 447 spin_unlock_irqrestore(&ps->lock, flags);
448 } 448 }
449 449
450 static void destroy_async_on_interface(struct dev_state *ps, 450 static void destroy_async_on_interface(struct dev_state *ps,
451 unsigned int ifnum) 451 unsigned int ifnum)
452 { 452 {
453 struct list_head *p, *q, hitlist; 453 struct list_head *p, *q, hitlist;
454 unsigned long flags; 454 unsigned long flags;
455 455
456 INIT_LIST_HEAD(&hitlist); 456 INIT_LIST_HEAD(&hitlist);
457 spin_lock_irqsave(&ps->lock, flags); 457 spin_lock_irqsave(&ps->lock, flags);
458 list_for_each_safe(p, q, &ps->async_pending) 458 list_for_each_safe(p, q, &ps->async_pending)
459 if (ifnum == list_entry(p, struct async, asynclist)->ifnum) 459 if (ifnum == list_entry(p, struct async, asynclist)->ifnum)
460 list_move_tail(p, &hitlist); 460 list_move_tail(p, &hitlist);
461 spin_unlock_irqrestore(&ps->lock, flags); 461 spin_unlock_irqrestore(&ps->lock, flags);
462 destroy_async(ps, &hitlist); 462 destroy_async(ps, &hitlist);
463 } 463 }
464 464
465 static void destroy_all_async(struct dev_state *ps) 465 static void destroy_all_async(struct dev_state *ps)
466 { 466 {
467 destroy_async(ps, &ps->async_pending); 467 destroy_async(ps, &ps->async_pending);
468 } 468 }
469 469
470 /* 470 /*
471 * interface claims are made only at the request of user level code, 471 * interface claims are made only at the request of user level code,
472 * which can also release them (explicitly or by closing files). 472 * which can also release them (explicitly or by closing files).
473 * they're also undone when devices disconnect. 473 * they're also undone when devices disconnect.
474 */ 474 */
475 475
476 static int driver_probe(struct usb_interface *intf, 476 static int driver_probe(struct usb_interface *intf,
477 const struct usb_device_id *id) 477 const struct usb_device_id *id)
478 { 478 {
479 return -ENODEV; 479 return -ENODEV;
480 } 480 }
481 481
482 static void driver_disconnect(struct usb_interface *intf) 482 static void driver_disconnect(struct usb_interface *intf)
483 { 483 {
484 struct dev_state *ps = usb_get_intfdata(intf); 484 struct dev_state *ps = usb_get_intfdata(intf);
485 unsigned int ifnum = intf->altsetting->desc.bInterfaceNumber; 485 unsigned int ifnum = intf->altsetting->desc.bInterfaceNumber;
486 486
487 if (!ps) 487 if (!ps)
488 return; 488 return;
489 489
490 /* NOTE: this relies on usbcore having canceled and completed 490 /* NOTE: this relies on usbcore having canceled and completed
491 * all pending I/O requests; 2.6 does that. 491 * all pending I/O requests; 2.6 does that.
492 */ 492 */
493 493
494 if (likely(ifnum < 8*sizeof(ps->ifclaimed))) 494 if (likely(ifnum < 8*sizeof(ps->ifclaimed)))
495 clear_bit(ifnum, &ps->ifclaimed); 495 clear_bit(ifnum, &ps->ifclaimed);
496 else 496 else
497 dev_warn(&intf->dev, "interface number %u out of range\n", 497 dev_warn(&intf->dev, "interface number %u out of range\n",
498 ifnum); 498 ifnum);
499 499
500 usb_set_intfdata(intf, NULL); 500 usb_set_intfdata(intf, NULL);
501 501
502 /* force async requests to complete */ 502 /* force async requests to complete */
503 destroy_async_on_interface(ps, ifnum); 503 destroy_async_on_interface(ps, ifnum);
504 } 504 }
505 505
506 /* The following routines are merely placeholders. There is no way 506 /* The following routines are merely placeholders. There is no way
507 * to inform a user task about suspend or resumes. 507 * to inform a user task about suspend or resumes.
508 */ 508 */
509 static int driver_suspend(struct usb_interface *intf, pm_message_t msg) 509 static int driver_suspend(struct usb_interface *intf, pm_message_t msg)
510 { 510 {
511 return 0; 511 return 0;
512 } 512 }
513 513
514 static int driver_resume(struct usb_interface *intf) 514 static int driver_resume(struct usb_interface *intf)
515 { 515 {
516 return 0; 516 return 0;
517 } 517 }
518 518
519 struct usb_driver usbfs_driver = { 519 struct usb_driver usbfs_driver = {
520 .name = "usbfs", 520 .name = "usbfs",
521 .probe = driver_probe, 521 .probe = driver_probe,
522 .disconnect = driver_disconnect, 522 .disconnect = driver_disconnect,
523 .suspend = driver_suspend, 523 .suspend = driver_suspend,
524 .resume = driver_resume, 524 .resume = driver_resume,
525 }; 525 };
526 526
527 static int claimintf(struct dev_state *ps, unsigned int ifnum) 527 static int claimintf(struct dev_state *ps, unsigned int ifnum)
528 { 528 {
529 struct usb_device *dev = ps->dev; 529 struct usb_device *dev = ps->dev;
530 struct usb_interface *intf; 530 struct usb_interface *intf;
531 int err; 531 int err;
532 532
533 if (ifnum >= 8*sizeof(ps->ifclaimed)) 533 if (ifnum >= 8*sizeof(ps->ifclaimed))
534 return -EINVAL; 534 return -EINVAL;
535 /* already claimed */ 535 /* already claimed */
536 if (test_bit(ifnum, &ps->ifclaimed)) 536 if (test_bit(ifnum, &ps->ifclaimed))
537 return 0; 537 return 0;
538 538
539 intf = usb_ifnum_to_if(dev, ifnum); 539 intf = usb_ifnum_to_if(dev, ifnum);
540 if (!intf) 540 if (!intf)
541 err = -ENOENT; 541 err = -ENOENT;
542 else 542 else
543 err = usb_driver_claim_interface(&usbfs_driver, intf, ps); 543 err = usb_driver_claim_interface(&usbfs_driver, intf, ps);
544 if (err == 0) 544 if (err == 0)
545 set_bit(ifnum, &ps->ifclaimed); 545 set_bit(ifnum, &ps->ifclaimed);
546 return err; 546 return err;
547 } 547 }
548 548
549 static int releaseintf(struct dev_state *ps, unsigned int ifnum) 549 static int releaseintf(struct dev_state *ps, unsigned int ifnum)
550 { 550 {
551 struct usb_device *dev; 551 struct usb_device *dev;
552 struct usb_interface *intf; 552 struct usb_interface *intf;
553 int err; 553 int err;
554 554
555 err = -EINVAL; 555 err = -EINVAL;
556 if (ifnum >= 8*sizeof(ps->ifclaimed)) 556 if (ifnum >= 8*sizeof(ps->ifclaimed))
557 return err; 557 return err;
558 dev = ps->dev; 558 dev = ps->dev;
559 intf = usb_ifnum_to_if(dev, ifnum); 559 intf = usb_ifnum_to_if(dev, ifnum);
560 if (!intf) 560 if (!intf)
561 err = -ENOENT; 561 err = -ENOENT;
562 else if (test_and_clear_bit(ifnum, &ps->ifclaimed)) { 562 else if (test_and_clear_bit(ifnum, &ps->ifclaimed)) {
563 usb_driver_release_interface(&usbfs_driver, intf); 563 usb_driver_release_interface(&usbfs_driver, intf);
564 err = 0; 564 err = 0;
565 } 565 }
566 return err; 566 return err;
567 } 567 }
568 568
569 static int checkintf(struct dev_state *ps, unsigned int ifnum) 569 static int checkintf(struct dev_state *ps, unsigned int ifnum)
570 { 570 {
571 if (ps->dev->state != USB_STATE_CONFIGURED) 571 if (ps->dev->state != USB_STATE_CONFIGURED)
572 return -EHOSTUNREACH; 572 return -EHOSTUNREACH;
573 if (ifnum >= 8*sizeof(ps->ifclaimed)) 573 if (ifnum >= 8*sizeof(ps->ifclaimed))
574 return -EINVAL; 574 return -EINVAL;
575 if (test_bit(ifnum, &ps->ifclaimed)) 575 if (test_bit(ifnum, &ps->ifclaimed))
576 return 0; 576 return 0;
577 /* if not yet claimed, claim it for the driver */ 577 /* if not yet claimed, claim it for the driver */
578 dev_warn(&ps->dev->dev, "usbfs: process %d (%s) did not claim " 578 dev_warn(&ps->dev->dev, "usbfs: process %d (%s) did not claim "
579 "interface %u before use\n", task_pid_nr(current), 579 "interface %u before use\n", task_pid_nr(current),
580 current->comm, ifnum); 580 current->comm, ifnum);
581 return claimintf(ps, ifnum); 581 return claimintf(ps, ifnum);
582 } 582 }
583 583
584 static int findintfep(struct usb_device *dev, unsigned int ep) 584 static int findintfep(struct usb_device *dev, unsigned int ep)
585 { 585 {
586 unsigned int i, j, e; 586 unsigned int i, j, e;
587 struct usb_interface *intf; 587 struct usb_interface *intf;
588 struct usb_host_interface *alts; 588 struct usb_host_interface *alts;
589 struct usb_endpoint_descriptor *endpt; 589 struct usb_endpoint_descriptor *endpt;
590 590
591 if (ep & ~(USB_DIR_IN|0xf)) 591 if (ep & ~(USB_DIR_IN|0xf))
592 return -EINVAL; 592 return -EINVAL;
593 if (!dev->actconfig) 593 if (!dev->actconfig)
594 return -ESRCH; 594 return -ESRCH;
595 for (i = 0; i < dev->actconfig->desc.bNumInterfaces; i++) { 595 for (i = 0; i < dev->actconfig->desc.bNumInterfaces; i++) {
596 intf = dev->actconfig->interface[i]; 596 intf = dev->actconfig->interface[i];
597 for (j = 0; j < intf->num_altsetting; j++) { 597 for (j = 0; j < intf->num_altsetting; j++) {
598 alts = &intf->altsetting[j]; 598 alts = &intf->altsetting[j];
599 for (e = 0; e < alts->desc.bNumEndpoints; e++) { 599 for (e = 0; e < alts->desc.bNumEndpoints; e++) {
600 endpt = &alts->endpoint[e].desc; 600 endpt = &alts->endpoint[e].desc;
601 if (endpt->bEndpointAddress == ep) 601 if (endpt->bEndpointAddress == ep)
602 return alts->desc.bInterfaceNumber; 602 return alts->desc.bInterfaceNumber;
603 } 603 }
604 } 604 }
605 } 605 }
606 return -ENOENT; 606 return -ENOENT;
607 } 607 }
608 608
609 static int check_ctrlrecip(struct dev_state *ps, unsigned int requesttype, 609 static int check_ctrlrecip(struct dev_state *ps, unsigned int requesttype,
610 unsigned int index) 610 unsigned int index)
611 { 611 {
612 int ret = 0; 612 int ret = 0;
613 613
614 if (ps->dev->state != USB_STATE_UNAUTHENTICATED 614 if (ps->dev->state != USB_STATE_UNAUTHENTICATED
615 && ps->dev->state != USB_STATE_ADDRESS 615 && ps->dev->state != USB_STATE_ADDRESS
616 && ps->dev->state != USB_STATE_CONFIGURED) 616 && ps->dev->state != USB_STATE_CONFIGURED)
617 return -EHOSTUNREACH; 617 return -EHOSTUNREACH;
618 if (USB_TYPE_VENDOR == (USB_TYPE_MASK & requesttype)) 618 if (USB_TYPE_VENDOR == (USB_TYPE_MASK & requesttype))
619 return 0; 619 return 0;
620 620
621 index &= 0xff; 621 index &= 0xff;
622 switch (requesttype & USB_RECIP_MASK) { 622 switch (requesttype & USB_RECIP_MASK) {
623 case USB_RECIP_ENDPOINT: 623 case USB_RECIP_ENDPOINT:
624 ret = findintfep(ps->dev, index); 624 ret = findintfep(ps->dev, index);
625 if (ret >= 0) 625 if (ret >= 0)
626 ret = checkintf(ps, ret); 626 ret = checkintf(ps, ret);
627 break; 627 break;
628 628
629 case USB_RECIP_INTERFACE: 629 case USB_RECIP_INTERFACE:
630 ret = checkintf(ps, index); 630 ret = checkintf(ps, index);
631 break; 631 break;
632 } 632 }
633 return ret; 633 return ret;
634 } 634 }
635 635
636 static int match_devt(struct device *dev, void *data) 636 static int match_devt(struct device *dev, void *data)
637 { 637 {
638 return dev->devt == (dev_t) (unsigned long) data; 638 return dev->devt == (dev_t) (unsigned long) data;
639 } 639 }
640 640
641 static struct usb_device *usbdev_lookup_by_devt(dev_t devt) 641 static struct usb_device *usbdev_lookup_by_devt(dev_t devt)
642 { 642 {
643 struct device *dev; 643 struct device *dev;
644 644
645 dev = bus_find_device(&usb_bus_type, NULL, 645 dev = bus_find_device(&usb_bus_type, NULL,
646 (void *) (unsigned long) devt, match_devt); 646 (void *) (unsigned long) devt, match_devt);
647 if (!dev) 647 if (!dev)
648 return NULL; 648 return NULL;
649 return container_of(dev, struct usb_device, dev); 649 return container_of(dev, struct usb_device, dev);
650 } 650 }
651 651
652 /* 652 /*
653 * file operations 653 * file operations
654 */ 654 */
655 static int usbdev_open(struct inode *inode, struct file *file) 655 static int usbdev_open(struct inode *inode, struct file *file)
656 { 656 {
657 struct usb_device *dev = NULL; 657 struct usb_device *dev = NULL;
658 struct dev_state *ps; 658 struct dev_state *ps;
659 const struct cred *cred = current_cred(); 659 const struct cred *cred = current_cred();
660 int ret; 660 int ret;
661 661
662 ret = -ENOMEM; 662 ret = -ENOMEM;
663 ps = kmalloc(sizeof(struct dev_state), GFP_KERNEL); 663 ps = kmalloc(sizeof(struct dev_state), GFP_KERNEL);
664 if (!ps) 664 if (!ps)
665 goto out_free_ps; 665 goto out_free_ps;
666 666
667 ret = -ENODEV; 667 ret = -ENODEV;
668 668
669 /* Protect against simultaneous removal or release */ 669 /* Protect against simultaneous removal or release */
670 mutex_lock(&usbfs_mutex); 670 mutex_lock(&usbfs_mutex);
671 671
672 /* usbdev device-node */ 672 /* usbdev device-node */
673 if (imajor(inode) == USB_DEVICE_MAJOR) 673 if (imajor(inode) == USB_DEVICE_MAJOR)
674 dev = usbdev_lookup_by_devt(inode->i_rdev); 674 dev = usbdev_lookup_by_devt(inode->i_rdev);
675 675
676 #ifdef CONFIG_USB_DEVICEFS 676 #ifdef CONFIG_USB_DEVICEFS
677 /* procfs file */ 677 /* procfs file */
678 if (!dev) { 678 if (!dev) {
679 dev = inode->i_private; 679 dev = inode->i_private;
680 if (dev && dev->usbfs_dentry && 680 if (dev && dev->usbfs_dentry &&
681 dev->usbfs_dentry->d_inode == inode) 681 dev->usbfs_dentry->d_inode == inode)
682 usb_get_dev(dev); 682 usb_get_dev(dev);
683 else 683 else
684 dev = NULL; 684 dev = NULL;
685 } 685 }
686 #endif 686 #endif
687 mutex_unlock(&usbfs_mutex); 687 mutex_unlock(&usbfs_mutex);
688 688
689 if (!dev) 689 if (!dev)
690 goto out_free_ps; 690 goto out_free_ps;
691 691
692 usb_lock_device(dev); 692 usb_lock_device(dev);
693 if (dev->state == USB_STATE_NOTATTACHED) 693 if (dev->state == USB_STATE_NOTATTACHED)
694 goto out_unlock_device; 694 goto out_unlock_device;
695 695
696 ret = usb_autoresume_device(dev); 696 ret = usb_autoresume_device(dev);
697 if (ret) 697 if (ret)
698 goto out_unlock_device; 698 goto out_unlock_device;
699 699
700 ps->dev = dev; 700 ps->dev = dev;
701 ps->file = file; 701 ps->file = file;
702 spin_lock_init(&ps->lock); 702 spin_lock_init(&ps->lock);
703 INIT_LIST_HEAD(&ps->list); 703 INIT_LIST_HEAD(&ps->list);
704 INIT_LIST_HEAD(&ps->async_pending); 704 INIT_LIST_HEAD(&ps->async_pending);
705 INIT_LIST_HEAD(&ps->async_completed); 705 INIT_LIST_HEAD(&ps->async_completed);
706 init_waitqueue_head(&ps->wait); 706 init_waitqueue_head(&ps->wait);
707 ps->discsignr = 0; 707 ps->discsignr = 0;
708 ps->disc_pid = get_pid(task_pid(current)); 708 ps->disc_pid = get_pid(task_pid(current));
709 ps->disc_uid = cred->uid; 709 ps->disc_uid = cred->uid;
710 ps->disc_euid = cred->euid; 710 ps->disc_euid = cred->euid;
711 ps->disccontext = NULL; 711 ps->disccontext = NULL;
712 ps->ifclaimed = 0; 712 ps->ifclaimed = 0;
713 security_task_getsecid(current, &ps->secid); 713 security_task_getsecid(current, &ps->secid);
714 smp_wmb(); 714 smp_wmb();
715 list_add_tail(&ps->list, &dev->filelist); 715 list_add_tail(&ps->list, &dev->filelist);
716 file->private_data = ps; 716 file->private_data = ps;
717 usb_unlock_device(dev); 717 usb_unlock_device(dev);
718 snoop(&dev->dev, "opened by process %d: %s\n", task_pid_nr(current), 718 snoop(&dev->dev, "opened by process %d: %s\n", task_pid_nr(current),
719 current->comm); 719 current->comm);
720 return ret; 720 return ret;
721 721
722 out_unlock_device: 722 out_unlock_device:
723 usb_unlock_device(dev); 723 usb_unlock_device(dev);
724 usb_put_dev(dev); 724 usb_put_dev(dev);
725 out_free_ps: 725 out_free_ps:
726 kfree(ps); 726 kfree(ps);
727 return ret; 727 return ret;
728 } 728 }
729 729
730 static int usbdev_release(struct inode *inode, struct file *file) 730 static int usbdev_release(struct inode *inode, struct file *file)
731 { 731 {
732 struct dev_state *ps = file->private_data; 732 struct dev_state *ps = file->private_data;
733 struct usb_device *dev = ps->dev; 733 struct usb_device *dev = ps->dev;
734 unsigned int ifnum; 734 unsigned int ifnum;
735 struct async *as; 735 struct async *as;
736 736
737 usb_lock_device(dev); 737 usb_lock_device(dev);
738 usb_hub_release_all_ports(dev, ps); 738 usb_hub_release_all_ports(dev, ps);
739 739
740 list_del_init(&ps->list); 740 list_del_init(&ps->list);
741 741
742 for (ifnum = 0; ps->ifclaimed && ifnum < 8*sizeof(ps->ifclaimed); 742 for (ifnum = 0; ps->ifclaimed && ifnum < 8*sizeof(ps->ifclaimed);
743 ifnum++) { 743 ifnum++) {
744 if (test_bit(ifnum, &ps->ifclaimed)) 744 if (test_bit(ifnum, &ps->ifclaimed))
745 releaseintf(ps, ifnum); 745 releaseintf(ps, ifnum);
746 } 746 }
747 destroy_all_async(ps); 747 destroy_all_async(ps);
748 usb_autosuspend_device(dev); 748 usb_autosuspend_device(dev);
749 usb_unlock_device(dev); 749 usb_unlock_device(dev);
750 usb_put_dev(dev); 750 usb_put_dev(dev);
751 put_pid(ps->disc_pid); 751 put_pid(ps->disc_pid);
752 752
753 as = async_getcompleted(ps); 753 as = async_getcompleted(ps);
754 while (as) { 754 while (as) {
755 free_async(as); 755 free_async(as);
756 as = async_getcompleted(ps); 756 as = async_getcompleted(ps);
757 } 757 }
758 kfree(ps); 758 kfree(ps);
759 return 0; 759 return 0;
760 } 760 }
761 761
762 static int proc_control(struct dev_state *ps, void __user *arg) 762 static int proc_control(struct dev_state *ps, void __user *arg)
763 { 763 {
764 struct usb_device *dev = ps->dev; 764 struct usb_device *dev = ps->dev;
765 struct usbdevfs_ctrltransfer ctrl; 765 struct usbdevfs_ctrltransfer ctrl;
766 unsigned int tmo; 766 unsigned int tmo;
767 unsigned char *tbuf; 767 unsigned char *tbuf;
768 unsigned wLength; 768 unsigned wLength;
769 int i, pipe, ret; 769 int i, pipe, ret;
770 770
771 if (copy_from_user(&ctrl, arg, sizeof(ctrl))) 771 if (copy_from_user(&ctrl, arg, sizeof(ctrl)))
772 return -EFAULT; 772 return -EFAULT;
773 ret = check_ctrlrecip(ps, ctrl.bRequestType, ctrl.wIndex); 773 ret = check_ctrlrecip(ps, ctrl.bRequestType, ctrl.wIndex);
774 if (ret) 774 if (ret)
775 return ret; 775 return ret;
776 wLength = ctrl.wLength; /* To suppress 64k PAGE_SIZE warning */ 776 wLength = ctrl.wLength; /* To suppress 64k PAGE_SIZE warning */
777 if (wLength > PAGE_SIZE) 777 if (wLength > PAGE_SIZE)
778 return -EINVAL; 778 return -EINVAL;
779 tbuf = (unsigned char *)__get_free_page(GFP_KERNEL); 779 tbuf = (unsigned char *)__get_free_page(GFP_KERNEL);
780 if (!tbuf) 780 if (!tbuf)
781 return -ENOMEM; 781 return -ENOMEM;
782 tmo = ctrl.timeout; 782 tmo = ctrl.timeout;
783 snoop(&dev->dev, "control urb: bRequestType=%02x " 783 snoop(&dev->dev, "control urb: bRequestType=%02x "
784 "bRequest=%02x wValue=%04x " 784 "bRequest=%02x wValue=%04x "
785 "wIndex=%04x wLength=%04x\n", 785 "wIndex=%04x wLength=%04x\n",
786 ctrl.bRequestType, ctrl.bRequest, 786 ctrl.bRequestType, ctrl.bRequest,
787 __le16_to_cpup(&ctrl.wValue), 787 __le16_to_cpup(&ctrl.wValue),
788 __le16_to_cpup(&ctrl.wIndex), 788 __le16_to_cpup(&ctrl.wIndex),
789 __le16_to_cpup(&ctrl.wLength)); 789 __le16_to_cpup(&ctrl.wLength));
790 if (ctrl.bRequestType & 0x80) { 790 if (ctrl.bRequestType & 0x80) {
791 if (ctrl.wLength && !access_ok(VERIFY_WRITE, ctrl.data, 791 if (ctrl.wLength && !access_ok(VERIFY_WRITE, ctrl.data,
792 ctrl.wLength)) { 792 ctrl.wLength)) {
793 free_page((unsigned long)tbuf); 793 free_page((unsigned long)tbuf);
794 return -EINVAL; 794 return -EINVAL;
795 } 795 }
796 pipe = usb_rcvctrlpipe(dev, 0); 796 pipe = usb_rcvctrlpipe(dev, 0);
797 snoop_urb(dev, NULL, pipe, ctrl.wLength, tmo, SUBMIT, NULL, 0); 797 snoop_urb(dev, NULL, pipe, ctrl.wLength, tmo, SUBMIT, NULL, 0);
798 798
799 usb_unlock_device(dev); 799 usb_unlock_device(dev);
800 i = usb_control_msg(dev, pipe, ctrl.bRequest, 800 i = usb_control_msg(dev, pipe, ctrl.bRequest,
801 ctrl.bRequestType, ctrl.wValue, ctrl.wIndex, 801 ctrl.bRequestType, ctrl.wValue, ctrl.wIndex,
802 tbuf, ctrl.wLength, tmo); 802 tbuf, ctrl.wLength, tmo);
803 usb_lock_device(dev); 803 usb_lock_device(dev);
804 snoop_urb(dev, NULL, pipe, max(i, 0), min(i, 0), COMPLETE, 804 snoop_urb(dev, NULL, pipe, max(i, 0), min(i, 0), COMPLETE,
805 tbuf, i); 805 tbuf, max(i, 0));
806 if ((i > 0) && ctrl.wLength) { 806 if ((i > 0) && ctrl.wLength) {
807 if (copy_to_user(ctrl.data, tbuf, i)) { 807 if (copy_to_user(ctrl.data, tbuf, i)) {
808 free_page((unsigned long)tbuf); 808 free_page((unsigned long)tbuf);
809 return -EFAULT; 809 return -EFAULT;
810 } 810 }
811 } 811 }
812 } else { 812 } else {
813 if (ctrl.wLength) { 813 if (ctrl.wLength) {
814 if (copy_from_user(tbuf, ctrl.data, ctrl.wLength)) { 814 if (copy_from_user(tbuf, ctrl.data, ctrl.wLength)) {
815 free_page((unsigned long)tbuf); 815 free_page((unsigned long)tbuf);
816 return -EFAULT; 816 return -EFAULT;
817 } 817 }
818 } 818 }
819 pipe = usb_sndctrlpipe(dev, 0); 819 pipe = usb_sndctrlpipe(dev, 0);
820 snoop_urb(dev, NULL, pipe, ctrl.wLength, tmo, SUBMIT, 820 snoop_urb(dev, NULL, pipe, ctrl.wLength, tmo, SUBMIT,
821 tbuf, ctrl.wLength); 821 tbuf, ctrl.wLength);
822 822
823 usb_unlock_device(dev); 823 usb_unlock_device(dev);
824 i = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), ctrl.bRequest, 824 i = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), ctrl.bRequest,
825 ctrl.bRequestType, ctrl.wValue, ctrl.wIndex, 825 ctrl.bRequestType, ctrl.wValue, ctrl.wIndex,
826 tbuf, ctrl.wLength, tmo); 826 tbuf, ctrl.wLength, tmo);
827 usb_lock_device(dev); 827 usb_lock_device(dev);
828 snoop_urb(dev, NULL, pipe, max(i, 0), min(i, 0), COMPLETE, NULL, 0); 828 snoop_urb(dev, NULL, pipe, max(i, 0), min(i, 0), COMPLETE, NULL, 0);
829 } 829 }
830 free_page((unsigned long)tbuf); 830 free_page((unsigned long)tbuf);
831 if (i < 0 && i != -EPIPE) { 831 if (i < 0 && i != -EPIPE) {
832 dev_printk(KERN_DEBUG, &dev->dev, "usbfs: USBDEVFS_CONTROL " 832 dev_printk(KERN_DEBUG, &dev->dev, "usbfs: USBDEVFS_CONTROL "
833 "failed cmd %s rqt %u rq %u len %u ret %d\n", 833 "failed cmd %s rqt %u rq %u len %u ret %d\n",
834 current->comm, ctrl.bRequestType, ctrl.bRequest, 834 current->comm, ctrl.bRequestType, ctrl.bRequest,
835 ctrl.wLength, i); 835 ctrl.wLength, i);
836 } 836 }
837 return i; 837 return i;
838 } 838 }
839 839
840 static int proc_bulk(struct dev_state *ps, void __user *arg) 840 static int proc_bulk(struct dev_state *ps, void __user *arg)
841 { 841 {
842 struct usb_device *dev = ps->dev; 842 struct usb_device *dev = ps->dev;
843 struct usbdevfs_bulktransfer bulk; 843 struct usbdevfs_bulktransfer bulk;
844 unsigned int tmo, len1, pipe; 844 unsigned int tmo, len1, pipe;
845 int len2; 845 int len2;
846 unsigned char *tbuf; 846 unsigned char *tbuf;
847 int i, ret; 847 int i, ret;
848 848
849 if (copy_from_user(&bulk, arg, sizeof(bulk))) 849 if (copy_from_user(&bulk, arg, sizeof(bulk)))
850 return -EFAULT; 850 return -EFAULT;
851 ret = findintfep(ps->dev, bulk.ep); 851 ret = findintfep(ps->dev, bulk.ep);
852 if (ret < 0) 852 if (ret < 0)
853 return ret; 853 return ret;
854 ret = checkintf(ps, ret); 854 ret = checkintf(ps, ret);
855 if (ret) 855 if (ret)
856 return ret; 856 return ret;
857 if (bulk.ep & USB_DIR_IN) 857 if (bulk.ep & USB_DIR_IN)
858 pipe = usb_rcvbulkpipe(dev, bulk.ep & 0x7f); 858 pipe = usb_rcvbulkpipe(dev, bulk.ep & 0x7f);
859 else 859 else
860 pipe = usb_sndbulkpipe(dev, bulk.ep & 0x7f); 860 pipe = usb_sndbulkpipe(dev, bulk.ep & 0x7f);
861 if (!usb_maxpacket(dev, pipe, !(bulk.ep & USB_DIR_IN))) 861 if (!usb_maxpacket(dev, pipe, !(bulk.ep & USB_DIR_IN)))
862 return -EINVAL; 862 return -EINVAL;
863 len1 = bulk.len; 863 len1 = bulk.len;
864 if (len1 > MAX_USBFS_BUFFER_SIZE) 864 if (len1 > MAX_USBFS_BUFFER_SIZE)
865 return -EINVAL; 865 return -EINVAL;
866 if (!(tbuf = kmalloc(len1, GFP_KERNEL))) 866 if (!(tbuf = kmalloc(len1, GFP_KERNEL)))
867 return -ENOMEM; 867 return -ENOMEM;
868 tmo = bulk.timeout; 868 tmo = bulk.timeout;
869 if (bulk.ep & 0x80) { 869 if (bulk.ep & 0x80) {
870 if (len1 && !access_ok(VERIFY_WRITE, bulk.data, len1)) { 870 if (len1 && !access_ok(VERIFY_WRITE, bulk.data, len1)) {
871 kfree(tbuf); 871 kfree(tbuf);
872 return -EINVAL; 872 return -EINVAL;
873 } 873 }
874 snoop_urb(dev, NULL, pipe, len1, tmo, SUBMIT, NULL, 0); 874 snoop_urb(dev, NULL, pipe, len1, tmo, SUBMIT, NULL, 0);
875 875
876 usb_unlock_device(dev); 876 usb_unlock_device(dev);
877 i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo); 877 i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo);
878 usb_lock_device(dev); 878 usb_lock_device(dev);
879 snoop_urb(dev, NULL, pipe, len2, i, COMPLETE, tbuf, len2); 879 snoop_urb(dev, NULL, pipe, len2, i, COMPLETE, tbuf, len2);
880 880
881 if (!i && len2) { 881 if (!i && len2) {
882 if (copy_to_user(bulk.data, tbuf, len2)) { 882 if (copy_to_user(bulk.data, tbuf, len2)) {
883 kfree(tbuf); 883 kfree(tbuf);
884 return -EFAULT; 884 return -EFAULT;
885 } 885 }
886 } 886 }
887 } else { 887 } else {
888 if (len1) { 888 if (len1) {
889 if (copy_from_user(tbuf, bulk.data, len1)) { 889 if (copy_from_user(tbuf, bulk.data, len1)) {
890 kfree(tbuf); 890 kfree(tbuf);
891 return -EFAULT; 891 return -EFAULT;
892 } 892 }
893 } 893 }
894 snoop_urb(dev, NULL, pipe, len1, tmo, SUBMIT, tbuf, len1); 894 snoop_urb(dev, NULL, pipe, len1, tmo, SUBMIT, tbuf, len1);
895 895
896 usb_unlock_device(dev); 896 usb_unlock_device(dev);
897 i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo); 897 i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo);
898 usb_lock_device(dev); 898 usb_lock_device(dev);
899 snoop_urb(dev, NULL, pipe, len2, i, COMPLETE, NULL, 0); 899 snoop_urb(dev, NULL, pipe, len2, i, COMPLETE, NULL, 0);
900 } 900 }
901 kfree(tbuf); 901 kfree(tbuf);
902 if (i < 0) 902 if (i < 0)
903 return i; 903 return i;
904 return len2; 904 return len2;
905 } 905 }
906 906
907 static int proc_resetep(struct dev_state *ps, void __user *arg) 907 static int proc_resetep(struct dev_state *ps, void __user *arg)
908 { 908 {
909 unsigned int ep; 909 unsigned int ep;
910 int ret; 910 int ret;
911 911
912 if (get_user(ep, (unsigned int __user *)arg)) 912 if (get_user(ep, (unsigned int __user *)arg))
913 return -EFAULT; 913 return -EFAULT;
914 ret = findintfep(ps->dev, ep); 914 ret = findintfep(ps->dev, ep);
915 if (ret < 0) 915 if (ret < 0)
916 return ret; 916 return ret;
917 ret = checkintf(ps, ret); 917 ret = checkintf(ps, ret);
918 if (ret) 918 if (ret)
919 return ret; 919 return ret;
920 usb_reset_endpoint(ps->dev, ep); 920 usb_reset_endpoint(ps->dev, ep);
921 return 0; 921 return 0;
922 } 922 }
923 923
924 static int proc_clearhalt(struct dev_state *ps, void __user *arg) 924 static int proc_clearhalt(struct dev_state *ps, void __user *arg)
925 { 925 {
926 unsigned int ep; 926 unsigned int ep;
927 int pipe; 927 int pipe;
928 int ret; 928 int ret;
929 929
930 if (get_user(ep, (unsigned int __user *)arg)) 930 if (get_user(ep, (unsigned int __user *)arg))
931 return -EFAULT; 931 return -EFAULT;
932 ret = findintfep(ps->dev, ep); 932 ret = findintfep(ps->dev, ep);
933 if (ret < 0) 933 if (ret < 0)
934 return ret; 934 return ret;
935 ret = checkintf(ps, ret); 935 ret = checkintf(ps, ret);
936 if (ret) 936 if (ret)
937 return ret; 937 return ret;
938 if (ep & USB_DIR_IN) 938 if (ep & USB_DIR_IN)
939 pipe = usb_rcvbulkpipe(ps->dev, ep & 0x7f); 939 pipe = usb_rcvbulkpipe(ps->dev, ep & 0x7f);
940 else 940 else
941 pipe = usb_sndbulkpipe(ps->dev, ep & 0x7f); 941 pipe = usb_sndbulkpipe(ps->dev, ep & 0x7f);
942 942
943 return usb_clear_halt(ps->dev, pipe); 943 return usb_clear_halt(ps->dev, pipe);
944 } 944 }
945 945
946 static int proc_getdriver(struct dev_state *ps, void __user *arg) 946 static int proc_getdriver(struct dev_state *ps, void __user *arg)
947 { 947 {
948 struct usbdevfs_getdriver gd; 948 struct usbdevfs_getdriver gd;
949 struct usb_interface *intf; 949 struct usb_interface *intf;
950 int ret; 950 int ret;
951 951
952 if (copy_from_user(&gd, arg, sizeof(gd))) 952 if (copy_from_user(&gd, arg, sizeof(gd)))
953 return -EFAULT; 953 return -EFAULT;
954 intf = usb_ifnum_to_if(ps->dev, gd.interface); 954 intf = usb_ifnum_to_if(ps->dev, gd.interface);
955 if (!intf || !intf->dev.driver) 955 if (!intf || !intf->dev.driver)
956 ret = -ENODATA; 956 ret = -ENODATA;
957 else { 957 else {
958 strncpy(gd.driver, intf->dev.driver->name, 958 strncpy(gd.driver, intf->dev.driver->name,
959 sizeof(gd.driver)); 959 sizeof(gd.driver));
960 ret = (copy_to_user(arg, &gd, sizeof(gd)) ? -EFAULT : 0); 960 ret = (copy_to_user(arg, &gd, sizeof(gd)) ? -EFAULT : 0);
961 } 961 }
962 return ret; 962 return ret;
963 } 963 }
964 964
965 static int proc_connectinfo(struct dev_state *ps, void __user *arg) 965 static int proc_connectinfo(struct dev_state *ps, void __user *arg)
966 { 966 {
967 struct usbdevfs_connectinfo ci = { 967 struct usbdevfs_connectinfo ci = {
968 .devnum = ps->dev->devnum, 968 .devnum = ps->dev->devnum,
969 .slow = ps->dev->speed == USB_SPEED_LOW 969 .slow = ps->dev->speed == USB_SPEED_LOW
970 }; 970 };
971 971
972 if (copy_to_user(arg, &ci, sizeof(ci))) 972 if (copy_to_user(arg, &ci, sizeof(ci)))
973 return -EFAULT; 973 return -EFAULT;
974 return 0; 974 return 0;
975 } 975 }
976 976
977 static int proc_resetdevice(struct dev_state *ps) 977 static int proc_resetdevice(struct dev_state *ps)
978 { 978 {
979 return usb_reset_device(ps->dev); 979 return usb_reset_device(ps->dev);
980 } 980 }
981 981
982 static int proc_setintf(struct dev_state *ps, void __user *arg) 982 static int proc_setintf(struct dev_state *ps, void __user *arg)
983 { 983 {
984 struct usbdevfs_setinterface setintf; 984 struct usbdevfs_setinterface setintf;
985 int ret; 985 int ret;
986 986
987 if (copy_from_user(&setintf, arg, sizeof(setintf))) 987 if (copy_from_user(&setintf, arg, sizeof(setintf)))
988 return -EFAULT; 988 return -EFAULT;
989 if ((ret = checkintf(ps, setintf.interface))) 989 if ((ret = checkintf(ps, setintf.interface)))
990 return ret; 990 return ret;
991 return usb_set_interface(ps->dev, setintf.interface, 991 return usb_set_interface(ps->dev, setintf.interface,
992 setintf.altsetting); 992 setintf.altsetting);
993 } 993 }
994 994
995 static int proc_setconfig(struct dev_state *ps, void __user *arg) 995 static int proc_setconfig(struct dev_state *ps, void __user *arg)
996 { 996 {
997 int u; 997 int u;
998 int status = 0; 998 int status = 0;
999 struct usb_host_config *actconfig; 999 struct usb_host_config *actconfig;
1000 1000
1001 if (get_user(u, (int __user *)arg)) 1001 if (get_user(u, (int __user *)arg))
1002 return -EFAULT; 1002 return -EFAULT;
1003 1003
1004 actconfig = ps->dev->actconfig; 1004 actconfig = ps->dev->actconfig;
1005 1005
1006 /* Don't touch the device if any interfaces are claimed. 1006 /* Don't touch the device if any interfaces are claimed.
1007 * It could interfere with other drivers' operations, and if 1007 * It could interfere with other drivers' operations, and if
1008 * an interface is claimed by usbfs it could easily deadlock. 1008 * an interface is claimed by usbfs it could easily deadlock.
1009 */ 1009 */
1010 if (actconfig) { 1010 if (actconfig) {
1011 int i; 1011 int i;
1012 1012
1013 for (i = 0; i < actconfig->desc.bNumInterfaces; ++i) { 1013 for (i = 0; i < actconfig->desc.bNumInterfaces; ++i) {
1014 if (usb_interface_claimed(actconfig->interface[i])) { 1014 if (usb_interface_claimed(actconfig->interface[i])) {
1015 dev_warn(&ps->dev->dev, 1015 dev_warn(&ps->dev->dev,
1016 "usbfs: interface %d claimed by %s " 1016 "usbfs: interface %d claimed by %s "
1017 "while '%s' sets config #%d\n", 1017 "while '%s' sets config #%d\n",
1018 actconfig->interface[i] 1018 actconfig->interface[i]
1019 ->cur_altsetting 1019 ->cur_altsetting
1020 ->desc.bInterfaceNumber, 1020 ->desc.bInterfaceNumber,
1021 actconfig->interface[i] 1021 actconfig->interface[i]
1022 ->dev.driver->name, 1022 ->dev.driver->name,
1023 current->comm, u); 1023 current->comm, u);
1024 status = -EBUSY; 1024 status = -EBUSY;
1025 break; 1025 break;
1026 } 1026 }
1027 } 1027 }
1028 } 1028 }
1029 1029
1030 /* SET_CONFIGURATION is often abused as a "cheap" driver reset, 1030 /* SET_CONFIGURATION is often abused as a "cheap" driver reset,
1031 * so avoid usb_set_configuration()'s kick to sysfs 1031 * so avoid usb_set_configuration()'s kick to sysfs
1032 */ 1032 */
1033 if (status == 0) { 1033 if (status == 0) {
1034 if (actconfig && actconfig->desc.bConfigurationValue == u) 1034 if (actconfig && actconfig->desc.bConfigurationValue == u)
1035 status = usb_reset_configuration(ps->dev); 1035 status = usb_reset_configuration(ps->dev);
1036 else 1036 else
1037 status = usb_set_configuration(ps->dev, u); 1037 status = usb_set_configuration(ps->dev, u);
1038 } 1038 }
1039 1039
1040 return status; 1040 return status;
1041 } 1041 }
1042 1042
1043 static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb, 1043 static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb,
1044 struct usbdevfs_iso_packet_desc __user *iso_frame_desc, 1044 struct usbdevfs_iso_packet_desc __user *iso_frame_desc,
1045 void __user *arg) 1045 void __user *arg)
1046 { 1046 {
1047 struct usbdevfs_iso_packet_desc *isopkt = NULL; 1047 struct usbdevfs_iso_packet_desc *isopkt = NULL;
1048 struct usb_host_endpoint *ep; 1048 struct usb_host_endpoint *ep;
1049 struct async *as; 1049 struct async *as;
1050 struct usb_ctrlrequest *dr = NULL; 1050 struct usb_ctrlrequest *dr = NULL;
1051 const struct cred *cred = current_cred(); 1051 const struct cred *cred = current_cred();
1052 unsigned int u, totlen, isofrmlen; 1052 unsigned int u, totlen, isofrmlen;
1053 int ret, ifnum = -1; 1053 int ret, ifnum = -1;
1054 int is_in; 1054 int is_in;
1055 1055
1056 if (uurb->flags & ~(USBDEVFS_URB_ISO_ASAP | 1056 if (uurb->flags & ~(USBDEVFS_URB_ISO_ASAP |
1057 USBDEVFS_URB_SHORT_NOT_OK | 1057 USBDEVFS_URB_SHORT_NOT_OK |
1058 USBDEVFS_URB_BULK_CONTINUATION | 1058 USBDEVFS_URB_BULK_CONTINUATION |
1059 USBDEVFS_URB_NO_FSBR | 1059 USBDEVFS_URB_NO_FSBR |
1060 USBDEVFS_URB_ZERO_PACKET | 1060 USBDEVFS_URB_ZERO_PACKET |
1061 USBDEVFS_URB_NO_INTERRUPT)) 1061 USBDEVFS_URB_NO_INTERRUPT))
1062 return -EINVAL; 1062 return -EINVAL;
1063 if (uurb->buffer_length > 0 && !uurb->buffer) 1063 if (uurb->buffer_length > 0 && !uurb->buffer)
1064 return -EINVAL; 1064 return -EINVAL;
1065 if (!(uurb->type == USBDEVFS_URB_TYPE_CONTROL && 1065 if (!(uurb->type == USBDEVFS_URB_TYPE_CONTROL &&
1066 (uurb->endpoint & ~USB_ENDPOINT_DIR_MASK) == 0)) { 1066 (uurb->endpoint & ~USB_ENDPOINT_DIR_MASK) == 0)) {
1067 ifnum = findintfep(ps->dev, uurb->endpoint); 1067 ifnum = findintfep(ps->dev, uurb->endpoint);
1068 if (ifnum < 0) 1068 if (ifnum < 0)
1069 return ifnum; 1069 return ifnum;
1070 ret = checkintf(ps, ifnum); 1070 ret = checkintf(ps, ifnum);
1071 if (ret) 1071 if (ret)
1072 return ret; 1072 return ret;
1073 } 1073 }
1074 if ((uurb->endpoint & USB_ENDPOINT_DIR_MASK) != 0) { 1074 if ((uurb->endpoint & USB_ENDPOINT_DIR_MASK) != 0) {
1075 is_in = 1; 1075 is_in = 1;
1076 ep = ps->dev->ep_in[uurb->endpoint & USB_ENDPOINT_NUMBER_MASK]; 1076 ep = ps->dev->ep_in[uurb->endpoint & USB_ENDPOINT_NUMBER_MASK];
1077 } else { 1077 } else {
1078 is_in = 0; 1078 is_in = 0;
1079 ep = ps->dev->ep_out[uurb->endpoint & USB_ENDPOINT_NUMBER_MASK]; 1079 ep = ps->dev->ep_out[uurb->endpoint & USB_ENDPOINT_NUMBER_MASK];
1080 } 1080 }
1081 if (!ep) 1081 if (!ep)
1082 return -ENOENT; 1082 return -ENOENT;
1083 switch(uurb->type) { 1083 switch(uurb->type) {
1084 case USBDEVFS_URB_TYPE_CONTROL: 1084 case USBDEVFS_URB_TYPE_CONTROL:
1085 if (!usb_endpoint_xfer_control(&ep->desc)) 1085 if (!usb_endpoint_xfer_control(&ep->desc))
1086 return -EINVAL; 1086 return -EINVAL;
1087 /* min 8 byte setup packet, 1087 /* min 8 byte setup packet,
1088 * max 8 byte setup plus an arbitrary data stage */ 1088 * max 8 byte setup plus an arbitrary data stage */
1089 if (uurb->buffer_length < 8 || 1089 if (uurb->buffer_length < 8 ||
1090 uurb->buffer_length > (8 + MAX_USBFS_BUFFER_SIZE)) 1090 uurb->buffer_length > (8 + MAX_USBFS_BUFFER_SIZE))
1091 return -EINVAL; 1091 return -EINVAL;
1092 dr = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL); 1092 dr = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
1093 if (!dr) 1093 if (!dr)
1094 return -ENOMEM; 1094 return -ENOMEM;
1095 if (copy_from_user(dr, uurb->buffer, 8)) { 1095 if (copy_from_user(dr, uurb->buffer, 8)) {
1096 kfree(dr); 1096 kfree(dr);
1097 return -EFAULT; 1097 return -EFAULT;
1098 } 1098 }
1099 if (uurb->buffer_length < (le16_to_cpup(&dr->wLength) + 8)) { 1099 if (uurb->buffer_length < (le16_to_cpup(&dr->wLength) + 8)) {
1100 kfree(dr); 1100 kfree(dr);
1101 return -EINVAL; 1101 return -EINVAL;
1102 } 1102 }
1103 ret = check_ctrlrecip(ps, dr->bRequestType, 1103 ret = check_ctrlrecip(ps, dr->bRequestType,
1104 le16_to_cpup(&dr->wIndex)); 1104 le16_to_cpup(&dr->wIndex));
1105 if (ret) { 1105 if (ret) {
1106 kfree(dr); 1106 kfree(dr);
1107 return ret; 1107 return ret;
1108 } 1108 }
1109 uurb->number_of_packets = 0; 1109 uurb->number_of_packets = 0;
1110 uurb->buffer_length = le16_to_cpup(&dr->wLength); 1110 uurb->buffer_length = le16_to_cpup(&dr->wLength);
1111 uurb->buffer += 8; 1111 uurb->buffer += 8;
1112 if ((dr->bRequestType & USB_DIR_IN) && uurb->buffer_length) { 1112 if ((dr->bRequestType & USB_DIR_IN) && uurb->buffer_length) {
1113 is_in = 1; 1113 is_in = 1;
1114 uurb->endpoint |= USB_DIR_IN; 1114 uurb->endpoint |= USB_DIR_IN;
1115 } else { 1115 } else {
1116 is_in = 0; 1116 is_in = 0;
1117 uurb->endpoint &= ~USB_DIR_IN; 1117 uurb->endpoint &= ~USB_DIR_IN;
1118 } 1118 }
1119 snoop(&ps->dev->dev, "control urb: bRequestType=%02x " 1119 snoop(&ps->dev->dev, "control urb: bRequestType=%02x "
1120 "bRequest=%02x wValue=%04x " 1120 "bRequest=%02x wValue=%04x "
1121 "wIndex=%04x wLength=%04x\n", 1121 "wIndex=%04x wLength=%04x\n",
1122 dr->bRequestType, dr->bRequest, 1122 dr->bRequestType, dr->bRequest,
1123 __le16_to_cpup(&dr->wValue), 1123 __le16_to_cpup(&dr->wValue),
1124 __le16_to_cpup(&dr->wIndex), 1124 __le16_to_cpup(&dr->wIndex),
1125 __le16_to_cpup(&dr->wLength)); 1125 __le16_to_cpup(&dr->wLength));
1126 break; 1126 break;
1127 1127
1128 case USBDEVFS_URB_TYPE_BULK: 1128 case USBDEVFS_URB_TYPE_BULK:
1129 switch (usb_endpoint_type(&ep->desc)) { 1129 switch (usb_endpoint_type(&ep->desc)) {
1130 case USB_ENDPOINT_XFER_CONTROL: 1130 case USB_ENDPOINT_XFER_CONTROL:
1131 case USB_ENDPOINT_XFER_ISOC: 1131 case USB_ENDPOINT_XFER_ISOC:
1132 return -EINVAL; 1132 return -EINVAL;
1133 case USB_ENDPOINT_XFER_INT: 1133 case USB_ENDPOINT_XFER_INT:
1134 /* allow single-shot interrupt transfers */ 1134 /* allow single-shot interrupt transfers */
1135 uurb->type = USBDEVFS_URB_TYPE_INTERRUPT; 1135 uurb->type = USBDEVFS_URB_TYPE_INTERRUPT;
1136 goto interrupt_urb; 1136 goto interrupt_urb;
1137 } 1137 }
1138 uurb->number_of_packets = 0; 1138 uurb->number_of_packets = 0;
1139 if (uurb->buffer_length > MAX_USBFS_BUFFER_SIZE) 1139 if (uurb->buffer_length > MAX_USBFS_BUFFER_SIZE)
1140 return -EINVAL; 1140 return -EINVAL;
1141 break; 1141 break;
1142 1142
1143 case USBDEVFS_URB_TYPE_INTERRUPT: 1143 case USBDEVFS_URB_TYPE_INTERRUPT:
1144 if (!usb_endpoint_xfer_int(&ep->desc)) 1144 if (!usb_endpoint_xfer_int(&ep->desc))
1145 return -EINVAL; 1145 return -EINVAL;
1146 interrupt_urb: 1146 interrupt_urb:
1147 uurb->number_of_packets = 0; 1147 uurb->number_of_packets = 0;
1148 if (uurb->buffer_length > MAX_USBFS_BUFFER_SIZE) 1148 if (uurb->buffer_length > MAX_USBFS_BUFFER_SIZE)
1149 return -EINVAL; 1149 return -EINVAL;
1150 break; 1150 break;
1151 1151
1152 case USBDEVFS_URB_TYPE_ISO: 1152 case USBDEVFS_URB_TYPE_ISO:
1153 /* arbitrary limit */ 1153 /* arbitrary limit */
1154 if (uurb->number_of_packets < 1 || 1154 if (uurb->number_of_packets < 1 ||
1155 uurb->number_of_packets > 128) 1155 uurb->number_of_packets > 128)
1156 return -EINVAL; 1156 return -EINVAL;
1157 if (!usb_endpoint_xfer_isoc(&ep->desc)) 1157 if (!usb_endpoint_xfer_isoc(&ep->desc))
1158 return -EINVAL; 1158 return -EINVAL;
1159 isofrmlen = sizeof(struct usbdevfs_iso_packet_desc) * 1159 isofrmlen = sizeof(struct usbdevfs_iso_packet_desc) *
1160 uurb->number_of_packets; 1160 uurb->number_of_packets;
1161 if (!(isopkt = kmalloc(isofrmlen, GFP_KERNEL))) 1161 if (!(isopkt = kmalloc(isofrmlen, GFP_KERNEL)))
1162 return -ENOMEM; 1162 return -ENOMEM;
1163 if (copy_from_user(isopkt, iso_frame_desc, isofrmlen)) { 1163 if (copy_from_user(isopkt, iso_frame_desc, isofrmlen)) {
1164 kfree(isopkt); 1164 kfree(isopkt);
1165 return -EFAULT; 1165 return -EFAULT;
1166 } 1166 }
1167 for (totlen = u = 0; u < uurb->number_of_packets; u++) { 1167 for (totlen = u = 0; u < uurb->number_of_packets; u++) {
1168 /* arbitrary limit, 1168 /* arbitrary limit,
1169 * sufficient for USB 2.0 high-bandwidth iso */ 1169 * sufficient for USB 2.0 high-bandwidth iso */
1170 if (isopkt[u].length > 8192) { 1170 if (isopkt[u].length > 8192) {
1171 kfree(isopkt); 1171 kfree(isopkt);
1172 return -EINVAL; 1172 return -EINVAL;
1173 } 1173 }
1174 totlen += isopkt[u].length; 1174 totlen += isopkt[u].length;
1175 } 1175 }
1176 /* 3072 * 64 microframes */ 1176 /* 3072 * 64 microframes */
1177 if (totlen > 196608) { 1177 if (totlen > 196608) {
1178 kfree(isopkt); 1178 kfree(isopkt);
1179 return -EINVAL; 1179 return -EINVAL;
1180 } 1180 }
1181 uurb->buffer_length = totlen; 1181 uurb->buffer_length = totlen;
1182 break; 1182 break;
1183 1183
1184 default: 1184 default:
1185 return -EINVAL; 1185 return -EINVAL;
1186 } 1186 }
1187 if (uurb->buffer_length > 0 && 1187 if (uurb->buffer_length > 0 &&
1188 !access_ok(is_in ? VERIFY_WRITE : VERIFY_READ, 1188 !access_ok(is_in ? VERIFY_WRITE : VERIFY_READ,
1189 uurb->buffer, uurb->buffer_length)) { 1189 uurb->buffer, uurb->buffer_length)) {
1190 kfree(isopkt); 1190 kfree(isopkt);
1191 kfree(dr); 1191 kfree(dr);
1192 return -EFAULT; 1192 return -EFAULT;
1193 } 1193 }
1194 as = alloc_async(uurb->number_of_packets); 1194 as = alloc_async(uurb->number_of_packets);
1195 if (!as) { 1195 if (!as) {
1196 kfree(isopkt); 1196 kfree(isopkt);
1197 kfree(dr); 1197 kfree(dr);
1198 return -ENOMEM; 1198 return -ENOMEM;
1199 } 1199 }
1200 if (uurb->buffer_length > 0) { 1200 if (uurb->buffer_length > 0) {
1201 as->urb->transfer_buffer = kmalloc(uurb->buffer_length, 1201 as->urb->transfer_buffer = kmalloc(uurb->buffer_length,
1202 GFP_KERNEL); 1202 GFP_KERNEL);
1203 if (!as->urb->transfer_buffer) { 1203 if (!as->urb->transfer_buffer) {
1204 kfree(isopkt); 1204 kfree(isopkt);
1205 kfree(dr); 1205 kfree(dr);
1206 free_async(as); 1206 free_async(as);
1207 return -ENOMEM; 1207 return -ENOMEM;
1208 } 1208 }
1209 /* Isochronous input data may end up being discontiguous 1209 /* Isochronous input data may end up being discontiguous
1210 * if some of the packets are short. Clear the buffer so 1210 * if some of the packets are short. Clear the buffer so
1211 * that the gaps don't leak kernel data to userspace. 1211 * that the gaps don't leak kernel data to userspace.
1212 */ 1212 */
1213 if (is_in && uurb->type == USBDEVFS_URB_TYPE_ISO) 1213 if (is_in && uurb->type == USBDEVFS_URB_TYPE_ISO)
1214 memset(as->urb->transfer_buffer, 0, 1214 memset(as->urb->transfer_buffer, 0,
1215 uurb->buffer_length); 1215 uurb->buffer_length);
1216 } 1216 }
1217 as->urb->dev = ps->dev; 1217 as->urb->dev = ps->dev;
1218 as->urb->pipe = (uurb->type << 30) | 1218 as->urb->pipe = (uurb->type << 30) |
1219 __create_pipe(ps->dev, uurb->endpoint & 0xf) | 1219 __create_pipe(ps->dev, uurb->endpoint & 0xf) |
1220 (uurb->endpoint & USB_DIR_IN); 1220 (uurb->endpoint & USB_DIR_IN);
1221 1221
1222 /* This tedious sequence is necessary because the URB_* flags 1222 /* This tedious sequence is necessary because the URB_* flags
1223 * are internal to the kernel and subject to change, whereas 1223 * are internal to the kernel and subject to change, whereas
1224 * the USBDEVFS_URB_* flags are a user API and must not be changed. 1224 * the USBDEVFS_URB_* flags are a user API and must not be changed.
1225 */ 1225 */
1226 u = (is_in ? URB_DIR_IN : URB_DIR_OUT); 1226 u = (is_in ? URB_DIR_IN : URB_DIR_OUT);
1227 if (uurb->flags & USBDEVFS_URB_ISO_ASAP) 1227 if (uurb->flags & USBDEVFS_URB_ISO_ASAP)
1228 u |= URB_ISO_ASAP; 1228 u |= URB_ISO_ASAP;
1229 if (uurb->flags & USBDEVFS_URB_SHORT_NOT_OK) 1229 if (uurb->flags & USBDEVFS_URB_SHORT_NOT_OK)
1230 u |= URB_SHORT_NOT_OK; 1230 u |= URB_SHORT_NOT_OK;
1231 if (uurb->flags & USBDEVFS_URB_NO_FSBR) 1231 if (uurb->flags & USBDEVFS_URB_NO_FSBR)
1232 u |= URB_NO_FSBR; 1232 u |= URB_NO_FSBR;
1233 if (uurb->flags & USBDEVFS_URB_ZERO_PACKET) 1233 if (uurb->flags & USBDEVFS_URB_ZERO_PACKET)
1234 u |= URB_ZERO_PACKET; 1234 u |= URB_ZERO_PACKET;
1235 if (uurb->flags & USBDEVFS_URB_NO_INTERRUPT) 1235 if (uurb->flags & USBDEVFS_URB_NO_INTERRUPT)
1236 u |= URB_NO_INTERRUPT; 1236 u |= URB_NO_INTERRUPT;
1237 as->urb->transfer_flags = u; 1237 as->urb->transfer_flags = u;
1238 1238
1239 as->urb->transfer_buffer_length = uurb->buffer_length; 1239 as->urb->transfer_buffer_length = uurb->buffer_length;
1240 as->urb->setup_packet = (unsigned char *)dr; 1240 as->urb->setup_packet = (unsigned char *)dr;
1241 as->urb->start_frame = uurb->start_frame; 1241 as->urb->start_frame = uurb->start_frame;
1242 as->urb->number_of_packets = uurb->number_of_packets; 1242 as->urb->number_of_packets = uurb->number_of_packets;
1243 if (uurb->type == USBDEVFS_URB_TYPE_ISO || 1243 if (uurb->type == USBDEVFS_URB_TYPE_ISO ||
1244 ps->dev->speed == USB_SPEED_HIGH) 1244 ps->dev->speed == USB_SPEED_HIGH)
1245 as->urb->interval = 1 << min(15, ep->desc.bInterval - 1); 1245 as->urb->interval = 1 << min(15, ep->desc.bInterval - 1);
1246 else 1246 else
1247 as->urb->interval = ep->desc.bInterval; 1247 as->urb->interval = ep->desc.bInterval;
1248 as->urb->context = as; 1248 as->urb->context = as;
1249 as->urb->complete = async_completed; 1249 as->urb->complete = async_completed;
1250 for (totlen = u = 0; u < uurb->number_of_packets; u++) { 1250 for (totlen = u = 0; u < uurb->number_of_packets; u++) {
1251 as->urb->iso_frame_desc[u].offset = totlen; 1251 as->urb->iso_frame_desc[u].offset = totlen;
1252 as->urb->iso_frame_desc[u].length = isopkt[u].length; 1252 as->urb->iso_frame_desc[u].length = isopkt[u].length;
1253 totlen += isopkt[u].length; 1253 totlen += isopkt[u].length;
1254 } 1254 }
1255 kfree(isopkt); 1255 kfree(isopkt);
1256 as->ps = ps; 1256 as->ps = ps;
1257 as->userurb = arg; 1257 as->userurb = arg;
1258 if (is_in && uurb->buffer_length > 0) 1258 if (is_in && uurb->buffer_length > 0)
1259 as->userbuffer = uurb->buffer; 1259 as->userbuffer = uurb->buffer;
1260 else 1260 else
1261 as->userbuffer = NULL; 1261 as->userbuffer = NULL;
1262 as->signr = uurb->signr; 1262 as->signr = uurb->signr;
1263 as->ifnum = ifnum; 1263 as->ifnum = ifnum;
1264 as->pid = get_pid(task_pid(current)); 1264 as->pid = get_pid(task_pid(current));
1265 as->uid = cred->uid; 1265 as->uid = cred->uid;
1266 as->euid = cred->euid; 1266 as->euid = cred->euid;
1267 security_task_getsecid(current, &as->secid); 1267 security_task_getsecid(current, &as->secid);
1268 if (!is_in && uurb->buffer_length > 0) { 1268 if (!is_in && uurb->buffer_length > 0) {
1269 if (copy_from_user(as->urb->transfer_buffer, uurb->buffer, 1269 if (copy_from_user(as->urb->transfer_buffer, uurb->buffer,
1270 uurb->buffer_length)) { 1270 uurb->buffer_length)) {
1271 free_async(as); 1271 free_async(as);
1272 return -EFAULT; 1272 return -EFAULT;
1273 } 1273 }
1274 } 1274 }
1275 snoop_urb(ps->dev, as->userurb, as->urb->pipe, 1275 snoop_urb(ps->dev, as->userurb, as->urb->pipe,
1276 as->urb->transfer_buffer_length, 0, SUBMIT, 1276 as->urb->transfer_buffer_length, 0, SUBMIT,
1277 is_in ? NULL : as->urb->transfer_buffer, 1277 is_in ? NULL : as->urb->transfer_buffer,
1278 uurb->buffer_length); 1278 uurb->buffer_length);
1279 async_newpending(as); 1279 async_newpending(as);
1280 1280
1281 if (usb_endpoint_xfer_bulk(&ep->desc)) { 1281 if (usb_endpoint_xfer_bulk(&ep->desc)) {
1282 spin_lock_irq(&ps->lock); 1282 spin_lock_irq(&ps->lock);
1283 1283
1284 /* Not exactly the endpoint address; the direction bit is 1284 /* Not exactly the endpoint address; the direction bit is
1285 * shifted to the 0x10 position so that the value will be 1285 * shifted to the 0x10 position so that the value will be
1286 * between 0 and 31. 1286 * between 0 and 31.
1287 */ 1287 */
1288 as->bulk_addr = usb_endpoint_num(&ep->desc) | 1288 as->bulk_addr = usb_endpoint_num(&ep->desc) |
1289 ((ep->desc.bEndpointAddress & USB_ENDPOINT_DIR_MASK) 1289 ((ep->desc.bEndpointAddress & USB_ENDPOINT_DIR_MASK)
1290 >> 3); 1290 >> 3);
1291 1291
1292 /* If this bulk URB is the start of a new transfer, re-enable 1292 /* If this bulk URB is the start of a new transfer, re-enable
1293 * the endpoint. Otherwise mark it as a continuation URB. 1293 * the endpoint. Otherwise mark it as a continuation URB.
1294 */ 1294 */
1295 if (uurb->flags & USBDEVFS_URB_BULK_CONTINUATION) 1295 if (uurb->flags & USBDEVFS_URB_BULK_CONTINUATION)
1296 as->bulk_status = AS_CONTINUATION; 1296 as->bulk_status = AS_CONTINUATION;
1297 else 1297 else
1298 ps->disabled_bulk_eps &= ~(1 << as->bulk_addr); 1298 ps->disabled_bulk_eps &= ~(1 << as->bulk_addr);
1299 1299
1300 /* Don't accept continuation URBs if the endpoint is 1300 /* Don't accept continuation URBs if the endpoint is
1301 * disabled because of an earlier error. 1301 * disabled because of an earlier error.
1302 */ 1302 */
1303 if (ps->disabled_bulk_eps & (1 << as->bulk_addr)) 1303 if (ps->disabled_bulk_eps & (1 << as->bulk_addr))
1304 ret = -EREMOTEIO; 1304 ret = -EREMOTEIO;
1305 else 1305 else
1306 ret = usb_submit_urb(as->urb, GFP_ATOMIC); 1306 ret = usb_submit_urb(as->urb, GFP_ATOMIC);
1307 spin_unlock_irq(&ps->lock); 1307 spin_unlock_irq(&ps->lock);
1308 } else { 1308 } else {
1309 ret = usb_submit_urb(as->urb, GFP_KERNEL); 1309 ret = usb_submit_urb(as->urb, GFP_KERNEL);
1310 } 1310 }
1311 1311
1312 if (ret) { 1312 if (ret) {
1313 dev_printk(KERN_DEBUG, &ps->dev->dev, 1313 dev_printk(KERN_DEBUG, &ps->dev->dev,
1314 "usbfs: usb_submit_urb returned %d\n", ret); 1314 "usbfs: usb_submit_urb returned %d\n", ret);
1315 snoop_urb(ps->dev, as->userurb, as->urb->pipe, 1315 snoop_urb(ps->dev, as->userurb, as->urb->pipe,
1316 0, ret, COMPLETE, NULL, 0); 1316 0, ret, COMPLETE, NULL, 0);
1317 async_removepending(as); 1317 async_removepending(as);
1318 free_async(as); 1318 free_async(as);
1319 return ret; 1319 return ret;
1320 } 1320 }
1321 return 0; 1321 return 0;
1322 } 1322 }
1323 1323
1324 static int proc_submiturb(struct dev_state *ps, void __user *arg) 1324 static int proc_submiturb(struct dev_state *ps, void __user *arg)
1325 { 1325 {
1326 struct usbdevfs_urb uurb; 1326 struct usbdevfs_urb uurb;
1327 1327
1328 if (copy_from_user(&uurb, arg, sizeof(uurb))) 1328 if (copy_from_user(&uurb, arg, sizeof(uurb)))
1329 return -EFAULT; 1329 return -EFAULT;
1330 1330
1331 return proc_do_submiturb(ps, &uurb, 1331 return proc_do_submiturb(ps, &uurb,
1332 (((struct usbdevfs_urb __user *)arg)->iso_frame_desc), 1332 (((struct usbdevfs_urb __user *)arg)->iso_frame_desc),
1333 arg); 1333 arg);
1334 } 1334 }
1335 1335
1336 static int proc_unlinkurb(struct dev_state *ps, void __user *arg) 1336 static int proc_unlinkurb(struct dev_state *ps, void __user *arg)
1337 { 1337 {
1338 struct async *as; 1338 struct async *as;
1339 1339
1340 as = async_getpending(ps, arg); 1340 as = async_getpending(ps, arg);
1341 if (!as) 1341 if (!as)
1342 return -EINVAL; 1342 return -EINVAL;
1343 usb_kill_urb(as->urb); 1343 usb_kill_urb(as->urb);
1344 return 0; 1344 return 0;
1345 } 1345 }
1346 1346
1347 static int processcompl(struct async *as, void __user * __user *arg) 1347 static int processcompl(struct async *as, void __user * __user *arg)
1348 { 1348 {
1349 struct urb *urb = as->urb; 1349 struct urb *urb = as->urb;
1350 struct usbdevfs_urb __user *userurb = as->userurb; 1350 struct usbdevfs_urb __user *userurb = as->userurb;
1351 void __user *addr = as->userurb; 1351 void __user *addr = as->userurb;
1352 unsigned int i; 1352 unsigned int i;
1353 1353
1354 if (as->userbuffer && urb->actual_length) { 1354 if (as->userbuffer && urb->actual_length) {
1355 if (urb->number_of_packets > 0) /* Isochronous */ 1355 if (urb->number_of_packets > 0) /* Isochronous */
1356 i = urb->transfer_buffer_length; 1356 i = urb->transfer_buffer_length;
1357 else /* Non-Isoc */ 1357 else /* Non-Isoc */
1358 i = urb->actual_length; 1358 i = urb->actual_length;
1359 if (copy_to_user(as->userbuffer, urb->transfer_buffer, i)) 1359 if (copy_to_user(as->userbuffer, urb->transfer_buffer, i))
1360 goto err_out; 1360 goto err_out;
1361 } 1361 }
1362 if (put_user(as->status, &userurb->status)) 1362 if (put_user(as->status, &userurb->status))
1363 goto err_out; 1363 goto err_out;
1364 if (put_user(urb->actual_length, &userurb->actual_length)) 1364 if (put_user(urb->actual_length, &userurb->actual_length))
1365 goto err_out; 1365 goto err_out;
1366 if (put_user(urb->error_count, &userurb->error_count)) 1366 if (put_user(urb->error_count, &userurb->error_count))
1367 goto err_out; 1367 goto err_out;
1368 1368
1369 if (usb_endpoint_xfer_isoc(&urb->ep->desc)) { 1369 if (usb_endpoint_xfer_isoc(&urb->ep->desc)) {
1370 for (i = 0; i < urb->number_of_packets; i++) { 1370 for (i = 0; i < urb->number_of_packets; i++) {
1371 if (put_user(urb->iso_frame_desc[i].actual_length, 1371 if (put_user(urb->iso_frame_desc[i].actual_length,
1372 &userurb->iso_frame_desc[i].actual_length)) 1372 &userurb->iso_frame_desc[i].actual_length))
1373 goto err_out; 1373 goto err_out;
1374 if (put_user(urb->iso_frame_desc[i].status, 1374 if (put_user(urb->iso_frame_desc[i].status,
1375 &userurb->iso_frame_desc[i].status)) 1375 &userurb->iso_frame_desc[i].status))
1376 goto err_out; 1376 goto err_out;
1377 } 1377 }
1378 } 1378 }
1379 1379
1380 if (put_user(addr, (void __user * __user *)arg)) 1380 if (put_user(addr, (void __user * __user *)arg))
1381 return -EFAULT; 1381 return -EFAULT;
1382 return 0; 1382 return 0;
1383 1383
1384 err_out: 1384 err_out:
1385 return -EFAULT; 1385 return -EFAULT;
1386 } 1386 }
1387 1387
1388 static struct async *reap_as(struct dev_state *ps) 1388 static struct async *reap_as(struct dev_state *ps)
1389 { 1389 {
1390 DECLARE_WAITQUEUE(wait, current); 1390 DECLARE_WAITQUEUE(wait, current);
1391 struct async *as = NULL; 1391 struct async *as = NULL;
1392 struct usb_device *dev = ps->dev; 1392 struct usb_device *dev = ps->dev;
1393 1393
1394 add_wait_queue(&ps->wait, &wait); 1394 add_wait_queue(&ps->wait, &wait);
1395 for (;;) { 1395 for (;;) {
1396 __set_current_state(TASK_INTERRUPTIBLE); 1396 __set_current_state(TASK_INTERRUPTIBLE);
1397 as = async_getcompleted(ps); 1397 as = async_getcompleted(ps);
1398 if (as) 1398 if (as)
1399 break; 1399 break;
1400 if (signal_pending(current)) 1400 if (signal_pending(current))
1401 break; 1401 break;
1402 usb_unlock_device(dev); 1402 usb_unlock_device(dev);
1403 schedule(); 1403 schedule();
1404 usb_lock_device(dev); 1404 usb_lock_device(dev);
1405 } 1405 }
1406 remove_wait_queue(&ps->wait, &wait); 1406 remove_wait_queue(&ps->wait, &wait);
1407 set_current_state(TASK_RUNNING); 1407 set_current_state(TASK_RUNNING);
1408 return as; 1408 return as;
1409 } 1409 }
1410 1410
1411 static int proc_reapurb(struct dev_state *ps, void __user *arg) 1411 static int proc_reapurb(struct dev_state *ps, void __user *arg)
1412 { 1412 {
1413 struct async *as = reap_as(ps); 1413 struct async *as = reap_as(ps);
1414 if (as) { 1414 if (as) {
1415 int retval = processcompl(as, (void __user * __user *)arg); 1415 int retval = processcompl(as, (void __user * __user *)arg);
1416 free_async(as); 1416 free_async(as);
1417 return retval; 1417 return retval;
1418 } 1418 }
1419 if (signal_pending(current)) 1419 if (signal_pending(current))
1420 return -EINTR; 1420 return -EINTR;
1421 return -EIO; 1421 return -EIO;
1422 } 1422 }
1423 1423
1424 static int proc_reapurbnonblock(struct dev_state *ps, void __user *arg) 1424 static int proc_reapurbnonblock(struct dev_state *ps, void __user *arg)
1425 { 1425 {
1426 int retval; 1426 int retval;
1427 struct async *as; 1427 struct async *as;
1428 1428
1429 as = async_getcompleted(ps); 1429 as = async_getcompleted(ps);
1430 retval = -EAGAIN; 1430 retval = -EAGAIN;
1431 if (as) { 1431 if (as) {
1432 retval = processcompl(as, (void __user * __user *)arg); 1432 retval = processcompl(as, (void __user * __user *)arg);
1433 free_async(as); 1433 free_async(as);
1434 } 1434 }
1435 return retval; 1435 return retval;
1436 } 1436 }
1437 1437
1438 #ifdef CONFIG_COMPAT 1438 #ifdef CONFIG_COMPAT
1439 static int proc_control_compat(struct dev_state *ps, 1439 static int proc_control_compat(struct dev_state *ps,
1440 struct usbdevfs_ctrltransfer32 __user *p32) 1440 struct usbdevfs_ctrltransfer32 __user *p32)
1441 { 1441 {
1442 struct usbdevfs_ctrltransfer __user *p; 1442 struct usbdevfs_ctrltransfer __user *p;
1443 __u32 udata; 1443 __u32 udata;
1444 p = compat_alloc_user_space(sizeof(*p)); 1444 p = compat_alloc_user_space(sizeof(*p));
1445 if (copy_in_user(p, p32, (sizeof(*p32) - sizeof(compat_caddr_t))) || 1445 if (copy_in_user(p, p32, (sizeof(*p32) - sizeof(compat_caddr_t))) ||
1446 get_user(udata, &p32->data) || 1446 get_user(udata, &p32->data) ||
1447 put_user(compat_ptr(udata), &p->data)) 1447 put_user(compat_ptr(udata), &p->data))
1448 return -EFAULT; 1448 return -EFAULT;
1449 return proc_control(ps, p); 1449 return proc_control(ps, p);
1450 } 1450 }
1451 1451
1452 static int proc_bulk_compat(struct dev_state *ps, 1452 static int proc_bulk_compat(struct dev_state *ps,
1453 struct usbdevfs_bulktransfer32 __user *p32) 1453 struct usbdevfs_bulktransfer32 __user *p32)
1454 { 1454 {
1455 struct usbdevfs_bulktransfer __user *p; 1455 struct usbdevfs_bulktransfer __user *p;
1456 compat_uint_t n; 1456 compat_uint_t n;
1457 compat_caddr_t addr; 1457 compat_caddr_t addr;
1458 1458
1459 p = compat_alloc_user_space(sizeof(*p)); 1459 p = compat_alloc_user_space(sizeof(*p));
1460 1460
1461 if (get_user(n, &p32->ep) || put_user(n, &p->ep) || 1461 if (get_user(n, &p32->ep) || put_user(n, &p->ep) ||
1462 get_user(n, &p32->len) || put_user(n, &p->len) || 1462 get_user(n, &p32->len) || put_user(n, &p->len) ||
1463 get_user(n, &p32->timeout) || put_user(n, &p->timeout) || 1463 get_user(n, &p32->timeout) || put_user(n, &p->timeout) ||
1464 get_user(addr, &p32->data) || put_user(compat_ptr(addr), &p->data)) 1464 get_user(addr, &p32->data) || put_user(compat_ptr(addr), &p->data))
1465 return -EFAULT; 1465 return -EFAULT;
1466 1466
1467 return proc_bulk(ps, p); 1467 return proc_bulk(ps, p);
1468 } 1468 }
1469 static int proc_disconnectsignal_compat(struct dev_state *ps, void __user *arg) 1469 static int proc_disconnectsignal_compat(struct dev_state *ps, void __user *arg)
1470 { 1470 {
1471 struct usbdevfs_disconnectsignal32 ds; 1471 struct usbdevfs_disconnectsignal32 ds;
1472 1472
1473 if (copy_from_user(&ds, arg, sizeof(ds))) 1473 if (copy_from_user(&ds, arg, sizeof(ds)))
1474 return -EFAULT; 1474 return -EFAULT;
1475 ps->discsignr = ds.signr; 1475 ps->discsignr = ds.signr;
1476 ps->disccontext = compat_ptr(ds.context); 1476 ps->disccontext = compat_ptr(ds.context);
1477 return 0; 1477 return 0;
1478 } 1478 }
1479 1479
1480 static int get_urb32(struct usbdevfs_urb *kurb, 1480 static int get_urb32(struct usbdevfs_urb *kurb,
1481 struct usbdevfs_urb32 __user *uurb) 1481 struct usbdevfs_urb32 __user *uurb)
1482 { 1482 {
1483 __u32 uptr; 1483 __u32 uptr;
1484 if (!access_ok(VERIFY_READ, uurb, sizeof(*uurb)) || 1484 if (!access_ok(VERIFY_READ, uurb, sizeof(*uurb)) ||
1485 __get_user(kurb->type, &uurb->type) || 1485 __get_user(kurb->type, &uurb->type) ||
1486 __get_user(kurb->endpoint, &uurb->endpoint) || 1486 __get_user(kurb->endpoint, &uurb->endpoint) ||
1487 __get_user(kurb->status, &uurb->status) || 1487 __get_user(kurb->status, &uurb->status) ||
1488 __get_user(kurb->flags, &uurb->flags) || 1488 __get_user(kurb->flags, &uurb->flags) ||
1489 __get_user(kurb->buffer_length, &uurb->buffer_length) || 1489 __get_user(kurb->buffer_length, &uurb->buffer_length) ||
1490 __get_user(kurb->actual_length, &uurb->actual_length) || 1490 __get_user(kurb->actual_length, &uurb->actual_length) ||
1491 __get_user(kurb->start_frame, &uurb->start_frame) || 1491 __get_user(kurb->start_frame, &uurb->start_frame) ||
1492 __get_user(kurb->number_of_packets, &uurb->number_of_packets) || 1492 __get_user(kurb->number_of_packets, &uurb->number_of_packets) ||
1493 __get_user(kurb->error_count, &uurb->error_count) || 1493 __get_user(kurb->error_count, &uurb->error_count) ||
1494 __get_user(kurb->signr, &uurb->signr)) 1494 __get_user(kurb->signr, &uurb->signr))
1495 return -EFAULT; 1495 return -EFAULT;
1496 1496
1497 if (__get_user(uptr, &uurb->buffer)) 1497 if (__get_user(uptr, &uurb->buffer))
1498 return -EFAULT; 1498 return -EFAULT;
1499 kurb->buffer = compat_ptr(uptr); 1499 kurb->buffer = compat_ptr(uptr);
1500 if (__get_user(uptr, &uurb->usercontext)) 1500 if (__get_user(uptr, &uurb->usercontext))
1501 return -EFAULT; 1501 return -EFAULT;
1502 kurb->usercontext = compat_ptr(uptr); 1502 kurb->usercontext = compat_ptr(uptr);
1503 1503
1504 return 0; 1504 return 0;
1505 } 1505 }
1506 1506
1507 static int proc_submiturb_compat(struct dev_state *ps, void __user *arg) 1507 static int proc_submiturb_compat(struct dev_state *ps, void __user *arg)
1508 { 1508 {
1509 struct usbdevfs_urb uurb; 1509 struct usbdevfs_urb uurb;
1510 1510
1511 if (get_urb32(&uurb, (struct usbdevfs_urb32 __user *)arg)) 1511 if (get_urb32(&uurb, (struct usbdevfs_urb32 __user *)arg))
1512 return -EFAULT; 1512 return -EFAULT;
1513 1513
1514 return proc_do_submiturb(ps, &uurb, 1514 return proc_do_submiturb(ps, &uurb,
1515 ((struct usbdevfs_urb32 __user *)arg)->iso_frame_desc, 1515 ((struct usbdevfs_urb32 __user *)arg)->iso_frame_desc,
1516 arg); 1516 arg);
1517 } 1517 }
1518 1518
1519 static int processcompl_compat(struct async *as, void __user * __user *arg) 1519 static int processcompl_compat(struct async *as, void __user * __user *arg)
1520 { 1520 {
1521 struct urb *urb = as->urb; 1521 struct urb *urb = as->urb;
1522 struct usbdevfs_urb32 __user *userurb = as->userurb; 1522 struct usbdevfs_urb32 __user *userurb = as->userurb;
1523 void __user *addr = as->userurb; 1523 void __user *addr = as->userurb;
1524 unsigned int i; 1524 unsigned int i;
1525 1525
1526 if (as->userbuffer && urb->actual_length) 1526 if (as->userbuffer && urb->actual_length)
1527 if (copy_to_user(as->userbuffer, urb->transfer_buffer, 1527 if (copy_to_user(as->userbuffer, urb->transfer_buffer,
1528 urb->actual_length)) 1528 urb->actual_length))
1529 return -EFAULT; 1529 return -EFAULT;
1530 if (put_user(as->status, &userurb->status)) 1530 if (put_user(as->status, &userurb->status))
1531 return -EFAULT; 1531 return -EFAULT;
1532 if (put_user(urb->actual_length, &userurb->actual_length)) 1532 if (put_user(urb->actual_length, &userurb->actual_length))
1533 return -EFAULT; 1533 return -EFAULT;
1534 if (put_user(urb->error_count, &userurb->error_count)) 1534 if (put_user(urb->error_count, &userurb->error_count))
1535 return -EFAULT; 1535 return -EFAULT;
1536 1536
1537 if (usb_endpoint_xfer_isoc(&urb->ep->desc)) { 1537 if (usb_endpoint_xfer_isoc(&urb->ep->desc)) {
1538 for (i = 0; i < urb->number_of_packets; i++) { 1538 for (i = 0; i < urb->number_of_packets; i++) {
1539 if (put_user(urb->iso_frame_desc[i].actual_length, 1539 if (put_user(urb->iso_frame_desc[i].actual_length,
1540 &userurb->iso_frame_desc[i].actual_length)) 1540 &userurb->iso_frame_desc[i].actual_length))
1541 return -EFAULT; 1541 return -EFAULT;
1542 if (put_user(urb->iso_frame_desc[i].status, 1542 if (put_user(urb->iso_frame_desc[i].status,
1543 &userurb->iso_frame_desc[i].status)) 1543 &userurb->iso_frame_desc[i].status))
1544 return -EFAULT; 1544 return -EFAULT;
1545 } 1545 }
1546 } 1546 }
1547 1547
1548 if (put_user(ptr_to_compat(addr), (u32 __user *)arg)) 1548 if (put_user(ptr_to_compat(addr), (u32 __user *)arg))
1549 return -EFAULT; 1549 return -EFAULT;
1550 return 0; 1550 return 0;
1551 } 1551 }
1552 1552
1553 static int proc_reapurb_compat(struct dev_state *ps, void __user *arg) 1553 static int proc_reapurb_compat(struct dev_state *ps, void __user *arg)
1554 { 1554 {
1555 struct async *as = reap_as(ps); 1555 struct async *as = reap_as(ps);
1556 if (as) { 1556 if (as) {
1557 int retval = processcompl_compat(as, (void __user * __user *)arg); 1557 int retval = processcompl_compat(as, (void __user * __user *)arg);
1558 free_async(as); 1558 free_async(as);
1559 return retval; 1559 return retval;
1560 } 1560 }
1561 if (signal_pending(current)) 1561 if (signal_pending(current))
1562 return -EINTR; 1562 return -EINTR;
1563 return -EIO; 1563 return -EIO;
1564 } 1564 }
1565 1565
1566 static int proc_reapurbnonblock_compat(struct dev_state *ps, void __user *arg) 1566 static int proc_reapurbnonblock_compat(struct dev_state *ps, void __user *arg)
1567 { 1567 {
1568 int retval; 1568 int retval;
1569 struct async *as; 1569 struct async *as;
1570 1570
1571 retval = -EAGAIN; 1571 retval = -EAGAIN;
1572 as = async_getcompleted(ps); 1572 as = async_getcompleted(ps);
1573 if (as) { 1573 if (as) {
1574 retval = processcompl_compat(as, (void __user * __user *)arg); 1574 retval = processcompl_compat(as, (void __user * __user *)arg);
1575 free_async(as); 1575 free_async(as);
1576 } 1576 }
1577 return retval; 1577 return retval;
1578 } 1578 }
1579 1579
1580 1580
1581 #endif 1581 #endif
1582 1582
1583 static int proc_disconnectsignal(struct dev_state *ps, void __user *arg) 1583 static int proc_disconnectsignal(struct dev_state *ps, void __user *arg)
1584 { 1584 {
1585 struct usbdevfs_disconnectsignal ds; 1585 struct usbdevfs_disconnectsignal ds;
1586 1586
1587 if (copy_from_user(&ds, arg, sizeof(ds))) 1587 if (copy_from_user(&ds, arg, sizeof(ds)))
1588 return -EFAULT; 1588 return -EFAULT;
1589 ps->discsignr = ds.signr; 1589 ps->discsignr = ds.signr;
1590 ps->disccontext = ds.context; 1590 ps->disccontext = ds.context;
1591 return 0; 1591 return 0;
1592 } 1592 }
1593 1593
1594 static int proc_claiminterface(struct dev_state *ps, void __user *arg) 1594 static int proc_claiminterface(struct dev_state *ps, void __user *arg)
1595 { 1595 {
1596 unsigned int ifnum; 1596 unsigned int ifnum;
1597 1597
1598 if (get_user(ifnum, (unsigned int __user *)arg)) 1598 if (get_user(ifnum, (unsigned int __user *)arg))
1599 return -EFAULT; 1599 return -EFAULT;
1600 return claimintf(ps, ifnum); 1600 return claimintf(ps, ifnum);
1601 } 1601 }
1602 1602
1603 static int proc_releaseinterface(struct dev_state *ps, void __user *arg) 1603 static int proc_releaseinterface(struct dev_state *ps, void __user *arg)
1604 { 1604 {
1605 unsigned int ifnum; 1605 unsigned int ifnum;
1606 int ret; 1606 int ret;
1607 1607
1608 if (get_user(ifnum, (unsigned int __user *)arg)) 1608 if (get_user(ifnum, (unsigned int __user *)arg))
1609 return -EFAULT; 1609 return -EFAULT;
1610 if ((ret = releaseintf(ps, ifnum)) < 0) 1610 if ((ret = releaseintf(ps, ifnum)) < 0)
1611 return ret; 1611 return ret;
1612 destroy_async_on_interface (ps, ifnum); 1612 destroy_async_on_interface (ps, ifnum);
1613 return 0; 1613 return 0;
1614 } 1614 }
1615 1615
1616 static int proc_ioctl(struct dev_state *ps, struct usbdevfs_ioctl *ctl) 1616 static int proc_ioctl(struct dev_state *ps, struct usbdevfs_ioctl *ctl)
1617 { 1617 {
1618 int size; 1618 int size;
1619 void *buf = NULL; 1619 void *buf = NULL;
1620 int retval = 0; 1620 int retval = 0;
1621 struct usb_interface *intf = NULL; 1621 struct usb_interface *intf = NULL;
1622 struct usb_driver *driver = NULL; 1622 struct usb_driver *driver = NULL;
1623 1623
1624 /* alloc buffer */ 1624 /* alloc buffer */
1625 if ((size = _IOC_SIZE(ctl->ioctl_code)) > 0) { 1625 if ((size = _IOC_SIZE(ctl->ioctl_code)) > 0) {
1626 if ((buf = kmalloc(size, GFP_KERNEL)) == NULL) 1626 if ((buf = kmalloc(size, GFP_KERNEL)) == NULL)
1627 return -ENOMEM; 1627 return -ENOMEM;
1628 if ((_IOC_DIR(ctl->ioctl_code) & _IOC_WRITE)) { 1628 if ((_IOC_DIR(ctl->ioctl_code) & _IOC_WRITE)) {
1629 if (copy_from_user(buf, ctl->data, size)) { 1629 if (copy_from_user(buf, ctl->data, size)) {
1630 kfree(buf); 1630 kfree(buf);
1631 return -EFAULT; 1631 return -EFAULT;
1632 } 1632 }
1633 } else { 1633 } else {
1634 memset(buf, 0, size); 1634 memset(buf, 0, size);
1635 } 1635 }
1636 } 1636 }
1637 1637
1638 if (!connected(ps)) { 1638 if (!connected(ps)) {
1639 kfree(buf); 1639 kfree(buf);
1640 return -ENODEV; 1640 return -ENODEV;
1641 } 1641 }
1642 1642
1643 if (ps->dev->state != USB_STATE_CONFIGURED) 1643 if (ps->dev->state != USB_STATE_CONFIGURED)
1644 retval = -EHOSTUNREACH; 1644 retval = -EHOSTUNREACH;
1645 else if (!(intf = usb_ifnum_to_if(ps->dev, ctl->ifno))) 1645 else if (!(intf = usb_ifnum_to_if(ps->dev, ctl->ifno)))
1646 retval = -EINVAL; 1646 retval = -EINVAL;
1647 else switch (ctl->ioctl_code) { 1647 else switch (ctl->ioctl_code) {
1648 1648
1649 /* disconnect kernel driver from interface */ 1649 /* disconnect kernel driver from interface */
1650 case USBDEVFS_DISCONNECT: 1650 case USBDEVFS_DISCONNECT:
1651 if (intf->dev.driver) { 1651 if (intf->dev.driver) {
1652 driver = to_usb_driver(intf->dev.driver); 1652 driver = to_usb_driver(intf->dev.driver);
1653 dev_dbg(&intf->dev, "disconnect by usbfs\n"); 1653 dev_dbg(&intf->dev, "disconnect by usbfs\n");
1654 usb_driver_release_interface(driver, intf); 1654 usb_driver_release_interface(driver, intf);
1655 } else 1655 } else
1656 retval = -ENODATA; 1656 retval = -ENODATA;
1657 break; 1657 break;
1658 1658
1659 /* let kernel drivers try to (re)bind to the interface */ 1659 /* let kernel drivers try to (re)bind to the interface */
1660 case USBDEVFS_CONNECT: 1660 case USBDEVFS_CONNECT:
1661 if (!intf->dev.driver) 1661 if (!intf->dev.driver)
1662 retval = device_attach(&intf->dev); 1662 retval = device_attach(&intf->dev);
1663 else 1663 else
1664 retval = -EBUSY; 1664 retval = -EBUSY;
1665 break; 1665 break;
1666 1666
1667 /* talk directly to the interface's driver */ 1667 /* talk directly to the interface's driver */
1668 default: 1668 default:
1669 if (intf->dev.driver) 1669 if (intf->dev.driver)
1670 driver = to_usb_driver(intf->dev.driver); 1670 driver = to_usb_driver(intf->dev.driver);
1671 if (driver == NULL || driver->unlocked_ioctl == NULL) { 1671 if (driver == NULL || driver->unlocked_ioctl == NULL) {
1672 retval = -ENOTTY; 1672 retval = -ENOTTY;
1673 } else { 1673 } else {
1674 retval = driver->unlocked_ioctl(intf, ctl->ioctl_code, buf); 1674 retval = driver->unlocked_ioctl(intf, ctl->ioctl_code, buf);
1675 if (retval == -ENOIOCTLCMD) 1675 if (retval == -ENOIOCTLCMD)
1676 retval = -ENOTTY; 1676 retval = -ENOTTY;
1677 } 1677 }
1678 } 1678 }
1679 1679
1680 /* cleanup and return */ 1680 /* cleanup and return */
1681 if (retval >= 0 1681 if (retval >= 0
1682 && (_IOC_DIR(ctl->ioctl_code) & _IOC_READ) != 0 1682 && (_IOC_DIR(ctl->ioctl_code) & _IOC_READ) != 0
1683 && size > 0 1683 && size > 0
1684 && copy_to_user(ctl->data, buf, size) != 0) 1684 && copy_to_user(ctl->data, buf, size) != 0)
1685 retval = -EFAULT; 1685 retval = -EFAULT;
1686 1686
1687 kfree(buf); 1687 kfree(buf);
1688 return retval; 1688 return retval;
1689 } 1689 }
1690 1690
1691 static int proc_ioctl_default(struct dev_state *ps, void __user *arg) 1691 static int proc_ioctl_default(struct dev_state *ps, void __user *arg)
1692 { 1692 {
1693 struct usbdevfs_ioctl ctrl; 1693 struct usbdevfs_ioctl ctrl;
1694 1694
1695 if (copy_from_user(&ctrl, arg, sizeof(ctrl))) 1695 if (copy_from_user(&ctrl, arg, sizeof(ctrl)))
1696 return -EFAULT; 1696 return -EFAULT;
1697 return proc_ioctl(ps, &ctrl); 1697 return proc_ioctl(ps, &ctrl);
1698 } 1698 }
1699 1699
1700 #ifdef CONFIG_COMPAT 1700 #ifdef CONFIG_COMPAT
1701 static int proc_ioctl_compat(struct dev_state *ps, compat_uptr_t arg) 1701 static int proc_ioctl_compat(struct dev_state *ps, compat_uptr_t arg)
1702 { 1702 {
1703 struct usbdevfs_ioctl32 __user *uioc; 1703 struct usbdevfs_ioctl32 __user *uioc;
1704 struct usbdevfs_ioctl ctrl; 1704 struct usbdevfs_ioctl ctrl;
1705 u32 udata; 1705 u32 udata;
1706 1706
1707 uioc = compat_ptr((long)arg); 1707 uioc = compat_ptr((long)arg);
1708 if (!access_ok(VERIFY_READ, uioc, sizeof(*uioc)) || 1708 if (!access_ok(VERIFY_READ, uioc, sizeof(*uioc)) ||
1709 __get_user(ctrl.ifno, &uioc->ifno) || 1709 __get_user(ctrl.ifno, &uioc->ifno) ||
1710 __get_user(ctrl.ioctl_code, &uioc->ioctl_code) || 1710 __get_user(ctrl.ioctl_code, &uioc->ioctl_code) ||
1711 __get_user(udata, &uioc->data)) 1711 __get_user(udata, &uioc->data))
1712 return -EFAULT; 1712 return -EFAULT;
1713 ctrl.data = compat_ptr(udata); 1713 ctrl.data = compat_ptr(udata);
1714 1714
1715 return proc_ioctl(ps, &ctrl); 1715 return proc_ioctl(ps, &ctrl);
1716 } 1716 }
1717 #endif 1717 #endif
1718 1718
1719 static int proc_claim_port(struct dev_state *ps, void __user *arg) 1719 static int proc_claim_port(struct dev_state *ps, void __user *arg)
1720 { 1720 {
1721 unsigned portnum; 1721 unsigned portnum;
1722 int rc; 1722 int rc;
1723 1723
1724 if (get_user(portnum, (unsigned __user *) arg)) 1724 if (get_user(portnum, (unsigned __user *) arg))
1725 return -EFAULT; 1725 return -EFAULT;
1726 rc = usb_hub_claim_port(ps->dev, portnum, ps); 1726 rc = usb_hub_claim_port(ps->dev, portnum, ps);
1727 if (rc == 0) 1727 if (rc == 0)
1728 snoop(&ps->dev->dev, "port %d claimed by process %d: %s\n", 1728 snoop(&ps->dev->dev, "port %d claimed by process %d: %s\n",
1729 portnum, task_pid_nr(current), current->comm); 1729 portnum, task_pid_nr(current), current->comm);
1730 return rc; 1730 return rc;
1731 } 1731 }
1732 1732
1733 static int proc_release_port(struct dev_state *ps, void __user *arg) 1733 static int proc_release_port(struct dev_state *ps, void __user *arg)
1734 { 1734 {
1735 unsigned portnum; 1735 unsigned portnum;
1736 1736
1737 if (get_user(portnum, (unsigned __user *) arg)) 1737 if (get_user(portnum, (unsigned __user *) arg))
1738 return -EFAULT; 1738 return -EFAULT;
1739 return usb_hub_release_port(ps->dev, portnum, ps); 1739 return usb_hub_release_port(ps->dev, portnum, ps);
1740 } 1740 }
1741 1741
1742 /* 1742 /*
1743 * NOTE: All requests here that have interface numbers as parameters 1743 * NOTE: All requests here that have interface numbers as parameters
1744 * are assuming that somehow the configuration has been prevented from 1744 * are assuming that somehow the configuration has been prevented from
1745 * changing. But there's no mechanism to ensure that... 1745 * changing. But there's no mechanism to ensure that...
1746 */ 1746 */
1747 static long usbdev_do_ioctl(struct file *file, unsigned int cmd, 1747 static long usbdev_do_ioctl(struct file *file, unsigned int cmd,
1748 void __user *p) 1748 void __user *p)
1749 { 1749 {
1750 struct dev_state *ps = file->private_data; 1750 struct dev_state *ps = file->private_data;
1751 struct inode *inode = file->f_path.dentry->d_inode; 1751 struct inode *inode = file->f_path.dentry->d_inode;
1752 struct usb_device *dev = ps->dev; 1752 struct usb_device *dev = ps->dev;
1753 int ret = -ENOTTY; 1753 int ret = -ENOTTY;
1754 1754
1755 if (!(file->f_mode & FMODE_WRITE)) 1755 if (!(file->f_mode & FMODE_WRITE))
1756 return -EPERM; 1756 return -EPERM;
1757 1757
1758 usb_lock_device(dev); 1758 usb_lock_device(dev);
1759 if (!connected(ps)) { 1759 if (!connected(ps)) {
1760 usb_unlock_device(dev); 1760 usb_unlock_device(dev);
1761 return -ENODEV; 1761 return -ENODEV;
1762 } 1762 }
1763 1763
1764 switch (cmd) { 1764 switch (cmd) {
1765 case USBDEVFS_CONTROL: 1765 case USBDEVFS_CONTROL:
1766 snoop(&dev->dev, "%s: CONTROL\n", __func__); 1766 snoop(&dev->dev, "%s: CONTROL\n", __func__);
1767 ret = proc_control(ps, p); 1767 ret = proc_control(ps, p);
1768 if (ret >= 0) 1768 if (ret >= 0)
1769 inode->i_mtime = CURRENT_TIME; 1769 inode->i_mtime = CURRENT_TIME;
1770 break; 1770 break;
1771 1771
1772 case USBDEVFS_BULK: 1772 case USBDEVFS_BULK:
1773 snoop(&dev->dev, "%s: BULK\n", __func__); 1773 snoop(&dev->dev, "%s: BULK\n", __func__);
1774 ret = proc_bulk(ps, p); 1774 ret = proc_bulk(ps, p);
1775 if (ret >= 0) 1775 if (ret >= 0)
1776 inode->i_mtime = CURRENT_TIME; 1776 inode->i_mtime = CURRENT_TIME;
1777 break; 1777 break;
1778 1778
1779 case USBDEVFS_RESETEP: 1779 case USBDEVFS_RESETEP:
1780 snoop(&dev->dev, "%s: RESETEP\n", __func__); 1780 snoop(&dev->dev, "%s: RESETEP\n", __func__);
1781 ret = proc_resetep(ps, p); 1781 ret = proc_resetep(ps, p);
1782 if (ret >= 0) 1782 if (ret >= 0)
1783 inode->i_mtime = CURRENT_TIME; 1783 inode->i_mtime = CURRENT_TIME;
1784 break; 1784 break;
1785 1785
1786 case USBDEVFS_RESET: 1786 case USBDEVFS_RESET:
1787 snoop(&dev->dev, "%s: RESET\n", __func__); 1787 snoop(&dev->dev, "%s: RESET\n", __func__);
1788 ret = proc_resetdevice(ps); 1788 ret = proc_resetdevice(ps);
1789 break; 1789 break;
1790 1790
1791 case USBDEVFS_CLEAR_HALT: 1791 case USBDEVFS_CLEAR_HALT:
1792 snoop(&dev->dev, "%s: CLEAR_HALT\n", __func__); 1792 snoop(&dev->dev, "%s: CLEAR_HALT\n", __func__);
1793 ret = proc_clearhalt(ps, p); 1793 ret = proc_clearhalt(ps, p);
1794 if (ret >= 0) 1794 if (ret >= 0)
1795 inode->i_mtime = CURRENT_TIME; 1795 inode->i_mtime = CURRENT_TIME;
1796 break; 1796 break;
1797 1797
1798 case USBDEVFS_GETDRIVER: 1798 case USBDEVFS_GETDRIVER:
1799 snoop(&dev->dev, "%s: GETDRIVER\n", __func__); 1799 snoop(&dev->dev, "%s: GETDRIVER\n", __func__);
1800 ret = proc_getdriver(ps, p); 1800 ret = proc_getdriver(ps, p);
1801 break; 1801 break;
1802 1802
1803 case USBDEVFS_CONNECTINFO: 1803 case USBDEVFS_CONNECTINFO:
1804 snoop(&dev->dev, "%s: CONNECTINFO\n", __func__); 1804 snoop(&dev->dev, "%s: CONNECTINFO\n", __func__);
1805 ret = proc_connectinfo(ps, p); 1805 ret = proc_connectinfo(ps, p);
1806 break; 1806 break;
1807 1807
1808 case USBDEVFS_SETINTERFACE: 1808 case USBDEVFS_SETINTERFACE:
1809 snoop(&dev->dev, "%s: SETINTERFACE\n", __func__); 1809 snoop(&dev->dev, "%s: SETINTERFACE\n", __func__);
1810 ret = proc_setintf(ps, p); 1810 ret = proc_setintf(ps, p);
1811 break; 1811 break;
1812 1812
1813 case USBDEVFS_SETCONFIGURATION: 1813 case USBDEVFS_SETCONFIGURATION:
1814 snoop(&dev->dev, "%s: SETCONFIGURATION\n", __func__); 1814 snoop(&dev->dev, "%s: SETCONFIGURATION\n", __func__);
1815 ret = proc_setconfig(ps, p); 1815 ret = proc_setconfig(ps, p);
1816 break; 1816 break;
1817 1817
1818 case USBDEVFS_SUBMITURB: 1818 case USBDEVFS_SUBMITURB:
1819 snoop(&dev->dev, "%s: SUBMITURB\n", __func__); 1819 snoop(&dev->dev, "%s: SUBMITURB\n", __func__);
1820 ret = proc_submiturb(ps, p); 1820 ret = proc_submiturb(ps, p);
1821 if (ret >= 0) 1821 if (ret >= 0)
1822 inode->i_mtime = CURRENT_TIME; 1822 inode->i_mtime = CURRENT_TIME;
1823 break; 1823 break;
1824 1824
1825 #ifdef CONFIG_COMPAT 1825 #ifdef CONFIG_COMPAT
1826 case USBDEVFS_CONTROL32: 1826 case USBDEVFS_CONTROL32:
1827 snoop(&dev->dev, "%s: CONTROL32\n", __func__); 1827 snoop(&dev->dev, "%s: CONTROL32\n", __func__);
1828 ret = proc_control_compat(ps, p); 1828 ret = proc_control_compat(ps, p);
1829 if (ret >= 0) 1829 if (ret >= 0)
1830 inode->i_mtime = CURRENT_TIME; 1830 inode->i_mtime = CURRENT_TIME;
1831 break; 1831 break;
1832 1832
1833 case USBDEVFS_BULK32: 1833 case USBDEVFS_BULK32:
1834 snoop(&dev->dev, "%s: BULK32\n", __func__); 1834 snoop(&dev->dev, "%s: BULK32\n", __func__);
1835 ret = proc_bulk_compat(ps, p); 1835 ret = proc_bulk_compat(ps, p);
1836 if (ret >= 0) 1836 if (ret >= 0)
1837 inode->i_mtime = CURRENT_TIME; 1837 inode->i_mtime = CURRENT_TIME;
1838 break; 1838 break;
1839 1839
1840 case USBDEVFS_DISCSIGNAL32: 1840 case USBDEVFS_DISCSIGNAL32:
1841 snoop(&dev->dev, "%s: DISCSIGNAL32\n", __func__); 1841 snoop(&dev->dev, "%s: DISCSIGNAL32\n", __func__);
1842 ret = proc_disconnectsignal_compat(ps, p); 1842 ret = proc_disconnectsignal_compat(ps, p);
1843 break; 1843 break;
1844 1844
1845 case USBDEVFS_SUBMITURB32: 1845 case USBDEVFS_SUBMITURB32:
1846 snoop(&dev->dev, "%s: SUBMITURB32\n", __func__); 1846 snoop(&dev->dev, "%s: SUBMITURB32\n", __func__);
1847 ret = proc_submiturb_compat(ps, p); 1847 ret = proc_submiturb_compat(ps, p);
1848 if (ret >= 0) 1848 if (ret >= 0)
1849 inode->i_mtime = CURRENT_TIME; 1849 inode->i_mtime = CURRENT_TIME;
1850 break; 1850 break;
1851 1851
1852 case USBDEVFS_REAPURB32: 1852 case USBDEVFS_REAPURB32:
1853 snoop(&dev->dev, "%s: REAPURB32\n", __func__); 1853 snoop(&dev->dev, "%s: REAPURB32\n", __func__);
1854 ret = proc_reapurb_compat(ps, p); 1854 ret = proc_reapurb_compat(ps, p);
1855 break; 1855 break;
1856 1856
1857 case USBDEVFS_REAPURBNDELAY32: 1857 case USBDEVFS_REAPURBNDELAY32:
1858 snoop(&dev->dev, "%s: REAPURBNDELAY32\n", __func__); 1858 snoop(&dev->dev, "%s: REAPURBNDELAY32\n", __func__);
1859 ret = proc_reapurbnonblock_compat(ps, p); 1859 ret = proc_reapurbnonblock_compat(ps, p);
1860 break; 1860 break;
1861 1861
1862 case USBDEVFS_IOCTL32: 1862 case USBDEVFS_IOCTL32:
1863 snoop(&dev->dev, "%s: IOCTL32\n", __func__); 1863 snoop(&dev->dev, "%s: IOCTL32\n", __func__);
1864 ret = proc_ioctl_compat(ps, ptr_to_compat(p)); 1864 ret = proc_ioctl_compat(ps, ptr_to_compat(p));
1865 break; 1865 break;
1866 #endif 1866 #endif
1867 1867
1868 case USBDEVFS_DISCARDURB: 1868 case USBDEVFS_DISCARDURB:
1869 snoop(&dev->dev, "%s: DISCARDURB\n", __func__); 1869 snoop(&dev->dev, "%s: DISCARDURB\n", __func__);
1870 ret = proc_unlinkurb(ps, p); 1870 ret = proc_unlinkurb(ps, p);
1871 break; 1871 break;
1872 1872
1873 case USBDEVFS_REAPURB: 1873 case USBDEVFS_REAPURB:
1874 snoop(&dev->dev, "%s: REAPURB\n", __func__); 1874 snoop(&dev->dev, "%s: REAPURB\n", __func__);
1875 ret = proc_reapurb(ps, p); 1875 ret = proc_reapurb(ps, p);
1876 break; 1876 break;
1877 1877
1878 case USBDEVFS_REAPURBNDELAY: 1878 case USBDEVFS_REAPURBNDELAY:
1879 snoop(&dev->dev, "%s: REAPURBNDELAY\n", __func__); 1879 snoop(&dev->dev, "%s: REAPURBNDELAY\n", __func__);
1880 ret = proc_reapurbnonblock(ps, p); 1880 ret = proc_reapurbnonblock(ps, p);
1881 break; 1881 break;
1882 1882
1883 case USBDEVFS_DISCSIGNAL: 1883 case USBDEVFS_DISCSIGNAL:
1884 snoop(&dev->dev, "%s: DISCSIGNAL\n", __func__); 1884 snoop(&dev->dev, "%s: DISCSIGNAL\n", __func__);
1885 ret = proc_disconnectsignal(ps, p); 1885 ret = proc_disconnectsignal(ps, p);
1886 break; 1886 break;
1887 1887
1888 case USBDEVFS_CLAIMINTERFACE: 1888 case USBDEVFS_CLAIMINTERFACE:
1889 snoop(&dev->dev, "%s: CLAIMINTERFACE\n", __func__); 1889 snoop(&dev->dev, "%s: CLAIMINTERFACE\n", __func__);
1890 ret = proc_claiminterface(ps, p); 1890 ret = proc_claiminterface(ps, p);
1891 break; 1891 break;
1892 1892
1893 case USBDEVFS_RELEASEINTERFACE: 1893 case USBDEVFS_RELEASEINTERFACE:
1894 snoop(&dev->dev, "%s: RELEASEINTERFACE\n", __func__); 1894 snoop(&dev->dev, "%s: RELEASEINTERFACE\n", __func__);
1895 ret = proc_releaseinterface(ps, p); 1895 ret = proc_releaseinterface(ps, p);
1896 break; 1896 break;
1897 1897
1898 case USBDEVFS_IOCTL: 1898 case USBDEVFS_IOCTL:
1899 snoop(&dev->dev, "%s: IOCTL\n", __func__); 1899 snoop(&dev->dev, "%s: IOCTL\n", __func__);
1900 ret = proc_ioctl_default(ps, p); 1900 ret = proc_ioctl_default(ps, p);
1901 break; 1901 break;
1902 1902
1903 case USBDEVFS_CLAIM_PORT: 1903 case USBDEVFS_CLAIM_PORT:
1904 snoop(&dev->dev, "%s: CLAIM_PORT\n", __func__); 1904 snoop(&dev->dev, "%s: CLAIM_PORT\n", __func__);
1905 ret = proc_claim_port(ps, p); 1905 ret = proc_claim_port(ps, p);
1906 break; 1906 break;
1907 1907
1908 case USBDEVFS_RELEASE_PORT: 1908 case USBDEVFS_RELEASE_PORT:
1909 snoop(&dev->dev, "%s: RELEASE_PORT\n", __func__); 1909 snoop(&dev->dev, "%s: RELEASE_PORT\n", __func__);
1910 ret = proc_release_port(ps, p); 1910 ret = proc_release_port(ps, p);
1911 break; 1911 break;
1912 } 1912 }
1913 usb_unlock_device(dev); 1913 usb_unlock_device(dev);
1914 if (ret >= 0) 1914 if (ret >= 0)
1915 inode->i_atime = CURRENT_TIME; 1915 inode->i_atime = CURRENT_TIME;
1916 return ret; 1916 return ret;
1917 } 1917 }
1918 1918
1919 static long usbdev_ioctl(struct file *file, unsigned int cmd, 1919 static long usbdev_ioctl(struct file *file, unsigned int cmd,
1920 unsigned long arg) 1920 unsigned long arg)
1921 { 1921 {
1922 int ret; 1922 int ret;
1923 1923
1924 ret = usbdev_do_ioctl(file, cmd, (void __user *)arg); 1924 ret = usbdev_do_ioctl(file, cmd, (void __user *)arg);
1925 1925
1926 return ret; 1926 return ret;
1927 } 1927 }
1928 1928
1929 #ifdef CONFIG_COMPAT 1929 #ifdef CONFIG_COMPAT
1930 static long usbdev_compat_ioctl(struct file *file, unsigned int cmd, 1930 static long usbdev_compat_ioctl(struct file *file, unsigned int cmd,
1931 unsigned long arg) 1931 unsigned long arg)
1932 { 1932 {
1933 int ret; 1933 int ret;
1934 1934
1935 ret = usbdev_do_ioctl(file, cmd, compat_ptr(arg)); 1935 ret = usbdev_do_ioctl(file, cmd, compat_ptr(arg));
1936 1936
1937 return ret; 1937 return ret;
1938 } 1938 }
1939 #endif 1939 #endif
1940 1940
1941 /* No kernel lock - fine */ 1941 /* No kernel lock - fine */
1942 static unsigned int usbdev_poll(struct file *file, 1942 static unsigned int usbdev_poll(struct file *file,
1943 struct poll_table_struct *wait) 1943 struct poll_table_struct *wait)
1944 { 1944 {
1945 struct dev_state *ps = file->private_data; 1945 struct dev_state *ps = file->private_data;
1946 unsigned int mask = 0; 1946 unsigned int mask = 0;
1947 1947
1948 poll_wait(file, &ps->wait, wait); 1948 poll_wait(file, &ps->wait, wait);
1949 if (file->f_mode & FMODE_WRITE && !list_empty(&ps->async_completed)) 1949 if (file->f_mode & FMODE_WRITE && !list_empty(&ps->async_completed))
1950 mask |= POLLOUT | POLLWRNORM; 1950 mask |= POLLOUT | POLLWRNORM;
1951 if (!connected(ps)) 1951 if (!connected(ps))
1952 mask |= POLLERR | POLLHUP; 1952 mask |= POLLERR | POLLHUP;
1953 return mask; 1953 return mask;
1954 } 1954 }
1955 1955
1956 const struct file_operations usbdev_file_operations = { 1956 const struct file_operations usbdev_file_operations = {
1957 .owner = THIS_MODULE, 1957 .owner = THIS_MODULE,
1958 .llseek = usbdev_lseek, 1958 .llseek = usbdev_lseek,
1959 .read = usbdev_read, 1959 .read = usbdev_read,
1960 .poll = usbdev_poll, 1960 .poll = usbdev_poll,
1961 .unlocked_ioctl = usbdev_ioctl, 1961 .unlocked_ioctl = usbdev_ioctl,
1962 #ifdef CONFIG_COMPAT 1962 #ifdef CONFIG_COMPAT
1963 .compat_ioctl = usbdev_compat_ioctl, 1963 .compat_ioctl = usbdev_compat_ioctl,
1964 #endif 1964 #endif
1965 .open = usbdev_open, 1965 .open = usbdev_open,
1966 .release = usbdev_release, 1966 .release = usbdev_release,
1967 }; 1967 };
1968 1968
1969 static void usbdev_remove(struct usb_device *udev) 1969 static void usbdev_remove(struct usb_device *udev)
1970 { 1970 {
1971 struct dev_state *ps; 1971 struct dev_state *ps;
1972 struct siginfo sinfo; 1972 struct siginfo sinfo;
1973 1973
1974 while (!list_empty(&udev->filelist)) { 1974 while (!list_empty(&udev->filelist)) {
1975 ps = list_entry(udev->filelist.next, struct dev_state, list); 1975 ps = list_entry(udev->filelist.next, struct dev_state, list);
1976 destroy_all_async(ps); 1976 destroy_all_async(ps);
1977 wake_up_all(&ps->wait); 1977 wake_up_all(&ps->wait);
1978 list_del_init(&ps->list); 1978 list_del_init(&ps->list);
1979 if (ps->discsignr) { 1979 if (ps->discsignr) {
1980 sinfo.si_signo = ps->discsignr; 1980 sinfo.si_signo = ps->discsignr;
1981 sinfo.si_errno = EPIPE; 1981 sinfo.si_errno = EPIPE;
1982 sinfo.si_code = SI_ASYNCIO; 1982 sinfo.si_code = SI_ASYNCIO;
1983 sinfo.si_addr = ps->disccontext; 1983 sinfo.si_addr = ps->disccontext;
1984 kill_pid_info_as_uid(ps->discsignr, &sinfo, 1984 kill_pid_info_as_uid(ps->discsignr, &sinfo,
1985 ps->disc_pid, ps->disc_uid, 1985 ps->disc_pid, ps->disc_uid,
1986 ps->disc_euid, ps->secid); 1986 ps->disc_euid, ps->secid);
1987 } 1987 }
1988 } 1988 }
1989 } 1989 }
1990 1990
1991 #ifdef CONFIG_USB_DEVICE_CLASS 1991 #ifdef CONFIG_USB_DEVICE_CLASS
1992 static struct class *usb_classdev_class; 1992 static struct class *usb_classdev_class;
1993 1993
1994 static int usb_classdev_add(struct usb_device *dev) 1994 static int usb_classdev_add(struct usb_device *dev)
1995 { 1995 {
1996 struct device *cldev; 1996 struct device *cldev;
1997 1997
1998 cldev = device_create(usb_classdev_class, &dev->dev, dev->dev.devt, 1998 cldev = device_create(usb_classdev_class, &dev->dev, dev->dev.devt,
1999 NULL, "usbdev%d.%d", dev->bus->busnum, 1999 NULL, "usbdev%d.%d", dev->bus->busnum,
2000 dev->devnum); 2000 dev->devnum);
2001 if (IS_ERR(cldev)) 2001 if (IS_ERR(cldev))
2002 return PTR_ERR(cldev); 2002 return PTR_ERR(cldev);
2003 dev->usb_classdev = cldev; 2003 dev->usb_classdev = cldev;
2004 return 0; 2004 return 0;
2005 } 2005 }
2006 2006
2007 static void usb_classdev_remove(struct usb_device *dev) 2007 static void usb_classdev_remove(struct usb_device *dev)
2008 { 2008 {
2009 if (dev->usb_classdev) 2009 if (dev->usb_classdev)
2010 device_unregister(dev->usb_classdev); 2010 device_unregister(dev->usb_classdev);
2011 } 2011 }
2012 2012
2013 #else 2013 #else
2014 #define usb_classdev_add(dev) 0 2014 #define usb_classdev_add(dev) 0
2015 #define usb_classdev_remove(dev) do {} while (0) 2015 #define usb_classdev_remove(dev) do {} while (0)
2016 2016
2017 #endif 2017 #endif
2018 2018
2019 static int usbdev_notify(struct notifier_block *self, 2019 static int usbdev_notify(struct notifier_block *self,
2020 unsigned long action, void *dev) 2020 unsigned long action, void *dev)
2021 { 2021 {
2022 switch (action) { 2022 switch (action) {
2023 case USB_DEVICE_ADD: 2023 case USB_DEVICE_ADD:
2024 if (usb_classdev_add(dev)) 2024 if (usb_classdev_add(dev))
2025 return NOTIFY_BAD; 2025 return NOTIFY_BAD;
2026 break; 2026 break;
2027 case USB_DEVICE_REMOVE: 2027 case USB_DEVICE_REMOVE:
2028 usb_classdev_remove(dev); 2028 usb_classdev_remove(dev);
2029 usbdev_remove(dev); 2029 usbdev_remove(dev);
2030 break; 2030 break;
2031 } 2031 }
2032 return NOTIFY_OK; 2032 return NOTIFY_OK;
2033 } 2033 }
2034 2034
2035 static struct notifier_block usbdev_nb = { 2035 static struct notifier_block usbdev_nb = {
2036 .notifier_call = usbdev_notify, 2036 .notifier_call = usbdev_notify,
2037 }; 2037 };
2038 2038
2039 static struct cdev usb_device_cdev; 2039 static struct cdev usb_device_cdev;
2040 2040
2041 int __init usb_devio_init(void) 2041 int __init usb_devio_init(void)
2042 { 2042 {
2043 int retval; 2043 int retval;
2044 2044
2045 retval = register_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX, 2045 retval = register_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX,
2046 "usb_device"); 2046 "usb_device");
2047 if (retval) { 2047 if (retval) {
2048 printk(KERN_ERR "Unable to register minors for usb_device\n"); 2048 printk(KERN_ERR "Unable to register minors for usb_device\n");
2049 goto out; 2049 goto out;
2050 } 2050 }
2051 cdev_init(&usb_device_cdev, &usbdev_file_operations); 2051 cdev_init(&usb_device_cdev, &usbdev_file_operations);
2052 retval = cdev_add(&usb_device_cdev, USB_DEVICE_DEV, USB_DEVICE_MAX); 2052 retval = cdev_add(&usb_device_cdev, USB_DEVICE_DEV, USB_DEVICE_MAX);
2053 if (retval) { 2053 if (retval) {
2054 printk(KERN_ERR "Unable to get usb_device major %d\n", 2054 printk(KERN_ERR "Unable to get usb_device major %d\n",
2055 USB_DEVICE_MAJOR); 2055 USB_DEVICE_MAJOR);
2056 goto error_cdev; 2056 goto error_cdev;
2057 } 2057 }
2058 #ifdef CONFIG_USB_DEVICE_CLASS 2058 #ifdef CONFIG_USB_DEVICE_CLASS
2059 usb_classdev_class = class_create(THIS_MODULE, "usb_device"); 2059 usb_classdev_class = class_create(THIS_MODULE, "usb_device");
2060 if (IS_ERR(usb_classdev_class)) { 2060 if (IS_ERR(usb_classdev_class)) {
2061 printk(KERN_ERR "Unable to register usb_device class\n"); 2061 printk(KERN_ERR "Unable to register usb_device class\n");
2062 retval = PTR_ERR(usb_classdev_class); 2062 retval = PTR_ERR(usb_classdev_class);
2063 cdev_del(&usb_device_cdev); 2063 cdev_del(&usb_device_cdev);
2064 usb_classdev_class = NULL; 2064 usb_classdev_class = NULL;
2065 goto out; 2065 goto out;
2066 } 2066 }
2067 /* devices of this class shadow the major:minor of their parent 2067 /* devices of this class shadow the major:minor of their parent
2068 * device, so clear ->dev_kobj to prevent adding duplicate entries 2068 * device, so clear ->dev_kobj to prevent adding duplicate entries
2069 * to /sys/dev 2069 * to /sys/dev
2070 */ 2070 */
2071 usb_classdev_class->dev_kobj = NULL; 2071 usb_classdev_class->dev_kobj = NULL;
2072 #endif 2072 #endif
2073 usb_register_notify(&usbdev_nb); 2073 usb_register_notify(&usbdev_nb);
2074 out: 2074 out:
2075 return retval; 2075 return retval;
2076 2076
2077 error_cdev: 2077 error_cdev:
2078 unregister_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX); 2078 unregister_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX);
2079 goto out; 2079 goto out;
2080 } 2080 }
2081 2081
2082 void usb_devio_cleanup(void) 2082 void usb_devio_cleanup(void)
2083 { 2083 {
2084 usb_unregister_notify(&usbdev_nb); 2084 usb_unregister_notify(&usbdev_nb);
2085 #ifdef CONFIG_USB_DEVICE_CLASS 2085 #ifdef CONFIG_USB_DEVICE_CLASS
2086 class_destroy(usb_classdev_class); 2086 class_destroy(usb_classdev_class);
2087 #endif 2087 #endif
2088 cdev_del(&usb_device_cdev); 2088 cdev_del(&usb_device_cdev);
2089 unregister_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX); 2089 unregister_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX);
2090 } 2090 }
2091 2091