Commit 9d02b42614149ebccf12c9c580601ed01bd83070
Committed by
Greg Kroah-Hartman
1 parent
4bbba111d9
Exists in
master
and in
39 other branches
USB: Do not pass negative length to snoop_urb()
When `echo Y > /sys/module/usbcore/parameters/usbfs_snoop` and usb_control_msg() returns error, a lot of kernel memory is dumped to dmesg until unhandled kernel paging request occurs. Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz> Cc: stable@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Showing 1 changed file with 1 additions and 1 deletions Inline Diff
drivers/usb/core/devio.c
1 | /*****************************************************************************/ | 1 | /*****************************************************************************/ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * devio.c -- User space communication with USB devices. | 4 | * devio.c -- User space communication with USB devices. |
5 | * | 5 | * |
6 | * Copyright (C) 1999-2000 Thomas Sailer (sailer@ife.ee.ethz.ch) | 6 | * Copyright (C) 1999-2000 Thomas Sailer (sailer@ife.ee.ethz.ch) |
7 | * | 7 | * |
8 | * This program is free software; you can redistribute it and/or modify | 8 | * This program is free software; you can redistribute it and/or modify |
9 | * it under the terms of the GNU General Public License as published by | 9 | * it under the terms of the GNU General Public License as published by |
10 | * the Free Software Foundation; either version 2 of the License, or | 10 | * the Free Software Foundation; either version 2 of the License, or |
11 | * (at your option) any later version. | 11 | * (at your option) any later version. |
12 | * | 12 | * |
13 | * This program is distributed in the hope that it will be useful, | 13 | * This program is distributed in the hope that it will be useful, |
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | * GNU General Public License for more details. | 16 | * GNU General Public License for more details. |
17 | * | 17 | * |
18 | * You should have received a copy of the GNU General Public License | 18 | * You should have received a copy of the GNU General Public License |
19 | * along with this program; if not, write to the Free Software | 19 | * along with this program; if not, write to the Free Software |
20 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. | 20 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
21 | * | 21 | * |
22 | * This file implements the usbfs/x/y files, where | 22 | * This file implements the usbfs/x/y files, where |
23 | * x is the bus number and y the device number. | 23 | * x is the bus number and y the device number. |
24 | * | 24 | * |
25 | * It allows user space programs/"drivers" to communicate directly | 25 | * It allows user space programs/"drivers" to communicate directly |
26 | * with USB devices without intervening kernel driver. | 26 | * with USB devices without intervening kernel driver. |
27 | * | 27 | * |
28 | * Revision history | 28 | * Revision history |
29 | * 22.12.1999 0.1 Initial release (split from proc_usb.c) | 29 | * 22.12.1999 0.1 Initial release (split from proc_usb.c) |
30 | * 04.01.2000 0.2 Turned into its own filesystem | 30 | * 04.01.2000 0.2 Turned into its own filesystem |
31 | * 30.09.2005 0.3 Fix user-triggerable oops in async URB delivery | 31 | * 30.09.2005 0.3 Fix user-triggerable oops in async URB delivery |
32 | * (CAN-2005-3055) | 32 | * (CAN-2005-3055) |
33 | */ | 33 | */ |
34 | 34 | ||
35 | /*****************************************************************************/ | 35 | /*****************************************************************************/ |
36 | 36 | ||
37 | #include <linux/fs.h> | 37 | #include <linux/fs.h> |
38 | #include <linux/mm.h> | 38 | #include <linux/mm.h> |
39 | #include <linux/slab.h> | 39 | #include <linux/slab.h> |
40 | #include <linux/signal.h> | 40 | #include <linux/signal.h> |
41 | #include <linux/poll.h> | 41 | #include <linux/poll.h> |
42 | #include <linux/module.h> | 42 | #include <linux/module.h> |
43 | #include <linux/usb.h> | 43 | #include <linux/usb.h> |
44 | #include <linux/usbdevice_fs.h> | 44 | #include <linux/usbdevice_fs.h> |
45 | #include <linux/usb/hcd.h> /* for usbcore internals */ | 45 | #include <linux/usb/hcd.h> /* for usbcore internals */ |
46 | #include <linux/cdev.h> | 46 | #include <linux/cdev.h> |
47 | #include <linux/notifier.h> | 47 | #include <linux/notifier.h> |
48 | #include <linux/security.h> | 48 | #include <linux/security.h> |
49 | #include <asm/uaccess.h> | 49 | #include <asm/uaccess.h> |
50 | #include <asm/byteorder.h> | 50 | #include <asm/byteorder.h> |
51 | #include <linux/moduleparam.h> | 51 | #include <linux/moduleparam.h> |
52 | 52 | ||
53 | #include "usb.h" | 53 | #include "usb.h" |
54 | 54 | ||
55 | #define USB_MAXBUS 64 | 55 | #define USB_MAXBUS 64 |
56 | #define USB_DEVICE_MAX USB_MAXBUS * 128 | 56 | #define USB_DEVICE_MAX USB_MAXBUS * 128 |
57 | 57 | ||
58 | /* Mutual exclusion for removal, open, and release */ | 58 | /* Mutual exclusion for removal, open, and release */ |
59 | DEFINE_MUTEX(usbfs_mutex); | 59 | DEFINE_MUTEX(usbfs_mutex); |
60 | 60 | ||
61 | struct dev_state { | 61 | struct dev_state { |
62 | struct list_head list; /* state list */ | 62 | struct list_head list; /* state list */ |
63 | struct usb_device *dev; | 63 | struct usb_device *dev; |
64 | struct file *file; | 64 | struct file *file; |
65 | spinlock_t lock; /* protects the async urb lists */ | 65 | spinlock_t lock; /* protects the async urb lists */ |
66 | struct list_head async_pending; | 66 | struct list_head async_pending; |
67 | struct list_head async_completed; | 67 | struct list_head async_completed; |
68 | wait_queue_head_t wait; /* wake up if a request completed */ | 68 | wait_queue_head_t wait; /* wake up if a request completed */ |
69 | unsigned int discsignr; | 69 | unsigned int discsignr; |
70 | struct pid *disc_pid; | 70 | struct pid *disc_pid; |
71 | uid_t disc_uid, disc_euid; | 71 | uid_t disc_uid, disc_euid; |
72 | void __user *disccontext; | 72 | void __user *disccontext; |
73 | unsigned long ifclaimed; | 73 | unsigned long ifclaimed; |
74 | u32 secid; | 74 | u32 secid; |
75 | u32 disabled_bulk_eps; | 75 | u32 disabled_bulk_eps; |
76 | }; | 76 | }; |
77 | 77 | ||
78 | struct async { | 78 | struct async { |
79 | struct list_head asynclist; | 79 | struct list_head asynclist; |
80 | struct dev_state *ps; | 80 | struct dev_state *ps; |
81 | struct pid *pid; | 81 | struct pid *pid; |
82 | uid_t uid, euid; | 82 | uid_t uid, euid; |
83 | unsigned int signr; | 83 | unsigned int signr; |
84 | unsigned int ifnum; | 84 | unsigned int ifnum; |
85 | void __user *userbuffer; | 85 | void __user *userbuffer; |
86 | void __user *userurb; | 86 | void __user *userurb; |
87 | struct urb *urb; | 87 | struct urb *urb; |
88 | int status; | 88 | int status; |
89 | u32 secid; | 89 | u32 secid; |
90 | u8 bulk_addr; | 90 | u8 bulk_addr; |
91 | u8 bulk_status; | 91 | u8 bulk_status; |
92 | }; | 92 | }; |
93 | 93 | ||
94 | static int usbfs_snoop; | 94 | static int usbfs_snoop; |
95 | module_param(usbfs_snoop, bool, S_IRUGO | S_IWUSR); | 95 | module_param(usbfs_snoop, bool, S_IRUGO | S_IWUSR); |
96 | MODULE_PARM_DESC(usbfs_snoop, "true to log all usbfs traffic"); | 96 | MODULE_PARM_DESC(usbfs_snoop, "true to log all usbfs traffic"); |
97 | 97 | ||
98 | #define snoop(dev, format, arg...) \ | 98 | #define snoop(dev, format, arg...) \ |
99 | do { \ | 99 | do { \ |
100 | if (usbfs_snoop) \ | 100 | if (usbfs_snoop) \ |
101 | dev_info(dev , format , ## arg); \ | 101 | dev_info(dev , format , ## arg); \ |
102 | } while (0) | 102 | } while (0) |
103 | 103 | ||
104 | enum snoop_when { | 104 | enum snoop_when { |
105 | SUBMIT, COMPLETE | 105 | SUBMIT, COMPLETE |
106 | }; | 106 | }; |
107 | 107 | ||
108 | #define USB_DEVICE_DEV MKDEV(USB_DEVICE_MAJOR, 0) | 108 | #define USB_DEVICE_DEV MKDEV(USB_DEVICE_MAJOR, 0) |
109 | 109 | ||
110 | #define MAX_USBFS_BUFFER_SIZE 16384 | 110 | #define MAX_USBFS_BUFFER_SIZE 16384 |
111 | 111 | ||
112 | 112 | ||
113 | static int connected(struct dev_state *ps) | 113 | static int connected(struct dev_state *ps) |
114 | { | 114 | { |
115 | return (!list_empty(&ps->list) && | 115 | return (!list_empty(&ps->list) && |
116 | ps->dev->state != USB_STATE_NOTATTACHED); | 116 | ps->dev->state != USB_STATE_NOTATTACHED); |
117 | } | 117 | } |
118 | 118 | ||
119 | static loff_t usbdev_lseek(struct file *file, loff_t offset, int orig) | 119 | static loff_t usbdev_lseek(struct file *file, loff_t offset, int orig) |
120 | { | 120 | { |
121 | loff_t ret; | 121 | loff_t ret; |
122 | 122 | ||
123 | mutex_lock(&file->f_dentry->d_inode->i_mutex); | 123 | mutex_lock(&file->f_dentry->d_inode->i_mutex); |
124 | 124 | ||
125 | switch (orig) { | 125 | switch (orig) { |
126 | case 0: | 126 | case 0: |
127 | file->f_pos = offset; | 127 | file->f_pos = offset; |
128 | ret = file->f_pos; | 128 | ret = file->f_pos; |
129 | break; | 129 | break; |
130 | case 1: | 130 | case 1: |
131 | file->f_pos += offset; | 131 | file->f_pos += offset; |
132 | ret = file->f_pos; | 132 | ret = file->f_pos; |
133 | break; | 133 | break; |
134 | case 2: | 134 | case 2: |
135 | default: | 135 | default: |
136 | ret = -EINVAL; | 136 | ret = -EINVAL; |
137 | } | 137 | } |
138 | 138 | ||
139 | mutex_unlock(&file->f_dentry->d_inode->i_mutex); | 139 | mutex_unlock(&file->f_dentry->d_inode->i_mutex); |
140 | return ret; | 140 | return ret; |
141 | } | 141 | } |
142 | 142 | ||
143 | static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes, | 143 | static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes, |
144 | loff_t *ppos) | 144 | loff_t *ppos) |
145 | { | 145 | { |
146 | struct dev_state *ps = file->private_data; | 146 | struct dev_state *ps = file->private_data; |
147 | struct usb_device *dev = ps->dev; | 147 | struct usb_device *dev = ps->dev; |
148 | ssize_t ret = 0; | 148 | ssize_t ret = 0; |
149 | unsigned len; | 149 | unsigned len; |
150 | loff_t pos; | 150 | loff_t pos; |
151 | int i; | 151 | int i; |
152 | 152 | ||
153 | pos = *ppos; | 153 | pos = *ppos; |
154 | usb_lock_device(dev); | 154 | usb_lock_device(dev); |
155 | if (!connected(ps)) { | 155 | if (!connected(ps)) { |
156 | ret = -ENODEV; | 156 | ret = -ENODEV; |
157 | goto err; | 157 | goto err; |
158 | } else if (pos < 0) { | 158 | } else if (pos < 0) { |
159 | ret = -EINVAL; | 159 | ret = -EINVAL; |
160 | goto err; | 160 | goto err; |
161 | } | 161 | } |
162 | 162 | ||
163 | if (pos < sizeof(struct usb_device_descriptor)) { | 163 | if (pos < sizeof(struct usb_device_descriptor)) { |
164 | /* 18 bytes - fits on the stack */ | 164 | /* 18 bytes - fits on the stack */ |
165 | struct usb_device_descriptor temp_desc; | 165 | struct usb_device_descriptor temp_desc; |
166 | 166 | ||
167 | memcpy(&temp_desc, &dev->descriptor, sizeof(dev->descriptor)); | 167 | memcpy(&temp_desc, &dev->descriptor, sizeof(dev->descriptor)); |
168 | le16_to_cpus(&temp_desc.bcdUSB); | 168 | le16_to_cpus(&temp_desc.bcdUSB); |
169 | le16_to_cpus(&temp_desc.idVendor); | 169 | le16_to_cpus(&temp_desc.idVendor); |
170 | le16_to_cpus(&temp_desc.idProduct); | 170 | le16_to_cpus(&temp_desc.idProduct); |
171 | le16_to_cpus(&temp_desc.bcdDevice); | 171 | le16_to_cpus(&temp_desc.bcdDevice); |
172 | 172 | ||
173 | len = sizeof(struct usb_device_descriptor) - pos; | 173 | len = sizeof(struct usb_device_descriptor) - pos; |
174 | if (len > nbytes) | 174 | if (len > nbytes) |
175 | len = nbytes; | 175 | len = nbytes; |
176 | if (copy_to_user(buf, ((char *)&temp_desc) + pos, len)) { | 176 | if (copy_to_user(buf, ((char *)&temp_desc) + pos, len)) { |
177 | ret = -EFAULT; | 177 | ret = -EFAULT; |
178 | goto err; | 178 | goto err; |
179 | } | 179 | } |
180 | 180 | ||
181 | *ppos += len; | 181 | *ppos += len; |
182 | buf += len; | 182 | buf += len; |
183 | nbytes -= len; | 183 | nbytes -= len; |
184 | ret += len; | 184 | ret += len; |
185 | } | 185 | } |
186 | 186 | ||
187 | pos = sizeof(struct usb_device_descriptor); | 187 | pos = sizeof(struct usb_device_descriptor); |
188 | for (i = 0; nbytes && i < dev->descriptor.bNumConfigurations; i++) { | 188 | for (i = 0; nbytes && i < dev->descriptor.bNumConfigurations; i++) { |
189 | struct usb_config_descriptor *config = | 189 | struct usb_config_descriptor *config = |
190 | (struct usb_config_descriptor *)dev->rawdescriptors[i]; | 190 | (struct usb_config_descriptor *)dev->rawdescriptors[i]; |
191 | unsigned int length = le16_to_cpu(config->wTotalLength); | 191 | unsigned int length = le16_to_cpu(config->wTotalLength); |
192 | 192 | ||
193 | if (*ppos < pos + length) { | 193 | if (*ppos < pos + length) { |
194 | 194 | ||
195 | /* The descriptor may claim to be longer than it | 195 | /* The descriptor may claim to be longer than it |
196 | * really is. Here is the actual allocated length. */ | 196 | * really is. Here is the actual allocated length. */ |
197 | unsigned alloclen = | 197 | unsigned alloclen = |
198 | le16_to_cpu(dev->config[i].desc.wTotalLength); | 198 | le16_to_cpu(dev->config[i].desc.wTotalLength); |
199 | 199 | ||
200 | len = length - (*ppos - pos); | 200 | len = length - (*ppos - pos); |
201 | if (len > nbytes) | 201 | if (len > nbytes) |
202 | len = nbytes; | 202 | len = nbytes; |
203 | 203 | ||
204 | /* Simply don't write (skip over) unallocated parts */ | 204 | /* Simply don't write (skip over) unallocated parts */ |
205 | if (alloclen > (*ppos - pos)) { | 205 | if (alloclen > (*ppos - pos)) { |
206 | alloclen -= (*ppos - pos); | 206 | alloclen -= (*ppos - pos); |
207 | if (copy_to_user(buf, | 207 | if (copy_to_user(buf, |
208 | dev->rawdescriptors[i] + (*ppos - pos), | 208 | dev->rawdescriptors[i] + (*ppos - pos), |
209 | min(len, alloclen))) { | 209 | min(len, alloclen))) { |
210 | ret = -EFAULT; | 210 | ret = -EFAULT; |
211 | goto err; | 211 | goto err; |
212 | } | 212 | } |
213 | } | 213 | } |
214 | 214 | ||
215 | *ppos += len; | 215 | *ppos += len; |
216 | buf += len; | 216 | buf += len; |
217 | nbytes -= len; | 217 | nbytes -= len; |
218 | ret += len; | 218 | ret += len; |
219 | } | 219 | } |
220 | 220 | ||
221 | pos += length; | 221 | pos += length; |
222 | } | 222 | } |
223 | 223 | ||
224 | err: | 224 | err: |
225 | usb_unlock_device(dev); | 225 | usb_unlock_device(dev); |
226 | return ret; | 226 | return ret; |
227 | } | 227 | } |
228 | 228 | ||
229 | /* | 229 | /* |
230 | * async list handling | 230 | * async list handling |
231 | */ | 231 | */ |
232 | 232 | ||
233 | static struct async *alloc_async(unsigned int numisoframes) | 233 | static struct async *alloc_async(unsigned int numisoframes) |
234 | { | 234 | { |
235 | struct async *as; | 235 | struct async *as; |
236 | 236 | ||
237 | as = kzalloc(sizeof(struct async), GFP_KERNEL); | 237 | as = kzalloc(sizeof(struct async), GFP_KERNEL); |
238 | if (!as) | 238 | if (!as) |
239 | return NULL; | 239 | return NULL; |
240 | as->urb = usb_alloc_urb(numisoframes, GFP_KERNEL); | 240 | as->urb = usb_alloc_urb(numisoframes, GFP_KERNEL); |
241 | if (!as->urb) { | 241 | if (!as->urb) { |
242 | kfree(as); | 242 | kfree(as); |
243 | return NULL; | 243 | return NULL; |
244 | } | 244 | } |
245 | return as; | 245 | return as; |
246 | } | 246 | } |
247 | 247 | ||
248 | static void free_async(struct async *as) | 248 | static void free_async(struct async *as) |
249 | { | 249 | { |
250 | put_pid(as->pid); | 250 | put_pid(as->pid); |
251 | kfree(as->urb->transfer_buffer); | 251 | kfree(as->urb->transfer_buffer); |
252 | kfree(as->urb->setup_packet); | 252 | kfree(as->urb->setup_packet); |
253 | usb_free_urb(as->urb); | 253 | usb_free_urb(as->urb); |
254 | kfree(as); | 254 | kfree(as); |
255 | } | 255 | } |
256 | 256 | ||
257 | static void async_newpending(struct async *as) | 257 | static void async_newpending(struct async *as) |
258 | { | 258 | { |
259 | struct dev_state *ps = as->ps; | 259 | struct dev_state *ps = as->ps; |
260 | unsigned long flags; | 260 | unsigned long flags; |
261 | 261 | ||
262 | spin_lock_irqsave(&ps->lock, flags); | 262 | spin_lock_irqsave(&ps->lock, flags); |
263 | list_add_tail(&as->asynclist, &ps->async_pending); | 263 | list_add_tail(&as->asynclist, &ps->async_pending); |
264 | spin_unlock_irqrestore(&ps->lock, flags); | 264 | spin_unlock_irqrestore(&ps->lock, flags); |
265 | } | 265 | } |
266 | 266 | ||
267 | static void async_removepending(struct async *as) | 267 | static void async_removepending(struct async *as) |
268 | { | 268 | { |
269 | struct dev_state *ps = as->ps; | 269 | struct dev_state *ps = as->ps; |
270 | unsigned long flags; | 270 | unsigned long flags; |
271 | 271 | ||
272 | spin_lock_irqsave(&ps->lock, flags); | 272 | spin_lock_irqsave(&ps->lock, flags); |
273 | list_del_init(&as->asynclist); | 273 | list_del_init(&as->asynclist); |
274 | spin_unlock_irqrestore(&ps->lock, flags); | 274 | spin_unlock_irqrestore(&ps->lock, flags); |
275 | } | 275 | } |
276 | 276 | ||
277 | static struct async *async_getcompleted(struct dev_state *ps) | 277 | static struct async *async_getcompleted(struct dev_state *ps) |
278 | { | 278 | { |
279 | unsigned long flags; | 279 | unsigned long flags; |
280 | struct async *as = NULL; | 280 | struct async *as = NULL; |
281 | 281 | ||
282 | spin_lock_irqsave(&ps->lock, flags); | 282 | spin_lock_irqsave(&ps->lock, flags); |
283 | if (!list_empty(&ps->async_completed)) { | 283 | if (!list_empty(&ps->async_completed)) { |
284 | as = list_entry(ps->async_completed.next, struct async, | 284 | as = list_entry(ps->async_completed.next, struct async, |
285 | asynclist); | 285 | asynclist); |
286 | list_del_init(&as->asynclist); | 286 | list_del_init(&as->asynclist); |
287 | } | 287 | } |
288 | spin_unlock_irqrestore(&ps->lock, flags); | 288 | spin_unlock_irqrestore(&ps->lock, flags); |
289 | return as; | 289 | return as; |
290 | } | 290 | } |
291 | 291 | ||
292 | static struct async *async_getpending(struct dev_state *ps, | 292 | static struct async *async_getpending(struct dev_state *ps, |
293 | void __user *userurb) | 293 | void __user *userurb) |
294 | { | 294 | { |
295 | unsigned long flags; | 295 | unsigned long flags; |
296 | struct async *as; | 296 | struct async *as; |
297 | 297 | ||
298 | spin_lock_irqsave(&ps->lock, flags); | 298 | spin_lock_irqsave(&ps->lock, flags); |
299 | list_for_each_entry(as, &ps->async_pending, asynclist) | 299 | list_for_each_entry(as, &ps->async_pending, asynclist) |
300 | if (as->userurb == userurb) { | 300 | if (as->userurb == userurb) { |
301 | list_del_init(&as->asynclist); | 301 | list_del_init(&as->asynclist); |
302 | spin_unlock_irqrestore(&ps->lock, flags); | 302 | spin_unlock_irqrestore(&ps->lock, flags); |
303 | return as; | 303 | return as; |
304 | } | 304 | } |
305 | spin_unlock_irqrestore(&ps->lock, flags); | 305 | spin_unlock_irqrestore(&ps->lock, flags); |
306 | return NULL; | 306 | return NULL; |
307 | } | 307 | } |
308 | 308 | ||
309 | static void snoop_urb(struct usb_device *udev, | 309 | static void snoop_urb(struct usb_device *udev, |
310 | void __user *userurb, int pipe, unsigned length, | 310 | void __user *userurb, int pipe, unsigned length, |
311 | int timeout_or_status, enum snoop_when when, | 311 | int timeout_or_status, enum snoop_when when, |
312 | unsigned char *data, unsigned data_len) | 312 | unsigned char *data, unsigned data_len) |
313 | { | 313 | { |
314 | static const char *types[] = {"isoc", "int", "ctrl", "bulk"}; | 314 | static const char *types[] = {"isoc", "int", "ctrl", "bulk"}; |
315 | static const char *dirs[] = {"out", "in"}; | 315 | static const char *dirs[] = {"out", "in"}; |
316 | int ep; | 316 | int ep; |
317 | const char *t, *d; | 317 | const char *t, *d; |
318 | 318 | ||
319 | if (!usbfs_snoop) | 319 | if (!usbfs_snoop) |
320 | return; | 320 | return; |
321 | 321 | ||
322 | ep = usb_pipeendpoint(pipe); | 322 | ep = usb_pipeendpoint(pipe); |
323 | t = types[usb_pipetype(pipe)]; | 323 | t = types[usb_pipetype(pipe)]; |
324 | d = dirs[!!usb_pipein(pipe)]; | 324 | d = dirs[!!usb_pipein(pipe)]; |
325 | 325 | ||
326 | if (userurb) { /* Async */ | 326 | if (userurb) { /* Async */ |
327 | if (when == SUBMIT) | 327 | if (when == SUBMIT) |
328 | dev_info(&udev->dev, "userurb %p, ep%d %s-%s, " | 328 | dev_info(&udev->dev, "userurb %p, ep%d %s-%s, " |
329 | "length %u\n", | 329 | "length %u\n", |
330 | userurb, ep, t, d, length); | 330 | userurb, ep, t, d, length); |
331 | else | 331 | else |
332 | dev_info(&udev->dev, "userurb %p, ep%d %s-%s, " | 332 | dev_info(&udev->dev, "userurb %p, ep%d %s-%s, " |
333 | "actual_length %u status %d\n", | 333 | "actual_length %u status %d\n", |
334 | userurb, ep, t, d, length, | 334 | userurb, ep, t, d, length, |
335 | timeout_or_status); | 335 | timeout_or_status); |
336 | } else { | 336 | } else { |
337 | if (when == SUBMIT) | 337 | if (when == SUBMIT) |
338 | dev_info(&udev->dev, "ep%d %s-%s, length %u, " | 338 | dev_info(&udev->dev, "ep%d %s-%s, length %u, " |
339 | "timeout %d\n", | 339 | "timeout %d\n", |
340 | ep, t, d, length, timeout_or_status); | 340 | ep, t, d, length, timeout_or_status); |
341 | else | 341 | else |
342 | dev_info(&udev->dev, "ep%d %s-%s, actual_length %u, " | 342 | dev_info(&udev->dev, "ep%d %s-%s, actual_length %u, " |
343 | "status %d\n", | 343 | "status %d\n", |
344 | ep, t, d, length, timeout_or_status); | 344 | ep, t, d, length, timeout_or_status); |
345 | } | 345 | } |
346 | 346 | ||
347 | if (data && data_len > 0) { | 347 | if (data && data_len > 0) { |
348 | print_hex_dump(KERN_DEBUG, "data: ", DUMP_PREFIX_NONE, 32, 1, | 348 | print_hex_dump(KERN_DEBUG, "data: ", DUMP_PREFIX_NONE, 32, 1, |
349 | data, data_len, 1); | 349 | data, data_len, 1); |
350 | } | 350 | } |
351 | } | 351 | } |
352 | 352 | ||
353 | #define AS_CONTINUATION 1 | 353 | #define AS_CONTINUATION 1 |
354 | #define AS_UNLINK 2 | 354 | #define AS_UNLINK 2 |
355 | 355 | ||
356 | static void cancel_bulk_urbs(struct dev_state *ps, unsigned bulk_addr) | 356 | static void cancel_bulk_urbs(struct dev_state *ps, unsigned bulk_addr) |
357 | __releases(ps->lock) | 357 | __releases(ps->lock) |
358 | __acquires(ps->lock) | 358 | __acquires(ps->lock) |
359 | { | 359 | { |
360 | struct async *as; | 360 | struct async *as; |
361 | 361 | ||
362 | /* Mark all the pending URBs that match bulk_addr, up to but not | 362 | /* Mark all the pending URBs that match bulk_addr, up to but not |
363 | * including the first one without AS_CONTINUATION. If such an | 363 | * including the first one without AS_CONTINUATION. If such an |
364 | * URB is encountered then a new transfer has already started so | 364 | * URB is encountered then a new transfer has already started so |
365 | * the endpoint doesn't need to be disabled; otherwise it does. | 365 | * the endpoint doesn't need to be disabled; otherwise it does. |
366 | */ | 366 | */ |
367 | list_for_each_entry(as, &ps->async_pending, asynclist) { | 367 | list_for_each_entry(as, &ps->async_pending, asynclist) { |
368 | if (as->bulk_addr == bulk_addr) { | 368 | if (as->bulk_addr == bulk_addr) { |
369 | if (as->bulk_status != AS_CONTINUATION) | 369 | if (as->bulk_status != AS_CONTINUATION) |
370 | goto rescan; | 370 | goto rescan; |
371 | as->bulk_status = AS_UNLINK; | 371 | as->bulk_status = AS_UNLINK; |
372 | as->bulk_addr = 0; | 372 | as->bulk_addr = 0; |
373 | } | 373 | } |
374 | } | 374 | } |
375 | ps->disabled_bulk_eps |= (1 << bulk_addr); | 375 | ps->disabled_bulk_eps |= (1 << bulk_addr); |
376 | 376 | ||
377 | /* Now carefully unlink all the marked pending URBs */ | 377 | /* Now carefully unlink all the marked pending URBs */ |
378 | rescan: | 378 | rescan: |
379 | list_for_each_entry(as, &ps->async_pending, asynclist) { | 379 | list_for_each_entry(as, &ps->async_pending, asynclist) { |
380 | if (as->bulk_status == AS_UNLINK) { | 380 | if (as->bulk_status == AS_UNLINK) { |
381 | as->bulk_status = 0; /* Only once */ | 381 | as->bulk_status = 0; /* Only once */ |
382 | spin_unlock(&ps->lock); /* Allow completions */ | 382 | spin_unlock(&ps->lock); /* Allow completions */ |
383 | usb_unlink_urb(as->urb); | 383 | usb_unlink_urb(as->urb); |
384 | spin_lock(&ps->lock); | 384 | spin_lock(&ps->lock); |
385 | goto rescan; | 385 | goto rescan; |
386 | } | 386 | } |
387 | } | 387 | } |
388 | } | 388 | } |
389 | 389 | ||
390 | static void async_completed(struct urb *urb) | 390 | static void async_completed(struct urb *urb) |
391 | { | 391 | { |
392 | struct async *as = urb->context; | 392 | struct async *as = urb->context; |
393 | struct dev_state *ps = as->ps; | 393 | struct dev_state *ps = as->ps; |
394 | struct siginfo sinfo; | 394 | struct siginfo sinfo; |
395 | struct pid *pid = NULL; | 395 | struct pid *pid = NULL; |
396 | uid_t uid = 0; | 396 | uid_t uid = 0; |
397 | uid_t euid = 0; | 397 | uid_t euid = 0; |
398 | u32 secid = 0; | 398 | u32 secid = 0; |
399 | int signr; | 399 | int signr; |
400 | 400 | ||
401 | spin_lock(&ps->lock); | 401 | spin_lock(&ps->lock); |
402 | list_move_tail(&as->asynclist, &ps->async_completed); | 402 | list_move_tail(&as->asynclist, &ps->async_completed); |
403 | as->status = urb->status; | 403 | as->status = urb->status; |
404 | signr = as->signr; | 404 | signr = as->signr; |
405 | if (signr) { | 405 | if (signr) { |
406 | sinfo.si_signo = as->signr; | 406 | sinfo.si_signo = as->signr; |
407 | sinfo.si_errno = as->status; | 407 | sinfo.si_errno = as->status; |
408 | sinfo.si_code = SI_ASYNCIO; | 408 | sinfo.si_code = SI_ASYNCIO; |
409 | sinfo.si_addr = as->userurb; | 409 | sinfo.si_addr = as->userurb; |
410 | pid = as->pid; | 410 | pid = as->pid; |
411 | uid = as->uid; | 411 | uid = as->uid; |
412 | euid = as->euid; | 412 | euid = as->euid; |
413 | secid = as->secid; | 413 | secid = as->secid; |
414 | } | 414 | } |
415 | snoop(&urb->dev->dev, "urb complete\n"); | 415 | snoop(&urb->dev->dev, "urb complete\n"); |
416 | snoop_urb(urb->dev, as->userurb, urb->pipe, urb->actual_length, | 416 | snoop_urb(urb->dev, as->userurb, urb->pipe, urb->actual_length, |
417 | as->status, COMPLETE, | 417 | as->status, COMPLETE, |
418 | ((urb->transfer_flags & URB_DIR_MASK) == USB_DIR_OUT) ? | 418 | ((urb->transfer_flags & URB_DIR_MASK) == USB_DIR_OUT) ? |
419 | NULL : urb->transfer_buffer, urb->actual_length); | 419 | NULL : urb->transfer_buffer, urb->actual_length); |
420 | if (as->status < 0 && as->bulk_addr && as->status != -ECONNRESET && | 420 | if (as->status < 0 && as->bulk_addr && as->status != -ECONNRESET && |
421 | as->status != -ENOENT) | 421 | as->status != -ENOENT) |
422 | cancel_bulk_urbs(ps, as->bulk_addr); | 422 | cancel_bulk_urbs(ps, as->bulk_addr); |
423 | spin_unlock(&ps->lock); | 423 | spin_unlock(&ps->lock); |
424 | 424 | ||
425 | if (signr) | 425 | if (signr) |
426 | kill_pid_info_as_uid(sinfo.si_signo, &sinfo, pid, uid, | 426 | kill_pid_info_as_uid(sinfo.si_signo, &sinfo, pid, uid, |
427 | euid, secid); | 427 | euid, secid); |
428 | 428 | ||
429 | wake_up(&ps->wait); | 429 | wake_up(&ps->wait); |
430 | } | 430 | } |
431 | 431 | ||
432 | static void destroy_async(struct dev_state *ps, struct list_head *list) | 432 | static void destroy_async(struct dev_state *ps, struct list_head *list) |
433 | { | 433 | { |
434 | struct async *as; | 434 | struct async *as; |
435 | unsigned long flags; | 435 | unsigned long flags; |
436 | 436 | ||
437 | spin_lock_irqsave(&ps->lock, flags); | 437 | spin_lock_irqsave(&ps->lock, flags); |
438 | while (!list_empty(list)) { | 438 | while (!list_empty(list)) { |
439 | as = list_entry(list->next, struct async, asynclist); | 439 | as = list_entry(list->next, struct async, asynclist); |
440 | list_del_init(&as->asynclist); | 440 | list_del_init(&as->asynclist); |
441 | 441 | ||
442 | /* drop the spinlock so the completion handler can run */ | 442 | /* drop the spinlock so the completion handler can run */ |
443 | spin_unlock_irqrestore(&ps->lock, flags); | 443 | spin_unlock_irqrestore(&ps->lock, flags); |
444 | usb_kill_urb(as->urb); | 444 | usb_kill_urb(as->urb); |
445 | spin_lock_irqsave(&ps->lock, flags); | 445 | spin_lock_irqsave(&ps->lock, flags); |
446 | } | 446 | } |
447 | spin_unlock_irqrestore(&ps->lock, flags); | 447 | spin_unlock_irqrestore(&ps->lock, flags); |
448 | } | 448 | } |
449 | 449 | ||
450 | static void destroy_async_on_interface(struct dev_state *ps, | 450 | static void destroy_async_on_interface(struct dev_state *ps, |
451 | unsigned int ifnum) | 451 | unsigned int ifnum) |
452 | { | 452 | { |
453 | struct list_head *p, *q, hitlist; | 453 | struct list_head *p, *q, hitlist; |
454 | unsigned long flags; | 454 | unsigned long flags; |
455 | 455 | ||
456 | INIT_LIST_HEAD(&hitlist); | 456 | INIT_LIST_HEAD(&hitlist); |
457 | spin_lock_irqsave(&ps->lock, flags); | 457 | spin_lock_irqsave(&ps->lock, flags); |
458 | list_for_each_safe(p, q, &ps->async_pending) | 458 | list_for_each_safe(p, q, &ps->async_pending) |
459 | if (ifnum == list_entry(p, struct async, asynclist)->ifnum) | 459 | if (ifnum == list_entry(p, struct async, asynclist)->ifnum) |
460 | list_move_tail(p, &hitlist); | 460 | list_move_tail(p, &hitlist); |
461 | spin_unlock_irqrestore(&ps->lock, flags); | 461 | spin_unlock_irqrestore(&ps->lock, flags); |
462 | destroy_async(ps, &hitlist); | 462 | destroy_async(ps, &hitlist); |
463 | } | 463 | } |
464 | 464 | ||
465 | static void destroy_all_async(struct dev_state *ps) | 465 | static void destroy_all_async(struct dev_state *ps) |
466 | { | 466 | { |
467 | destroy_async(ps, &ps->async_pending); | 467 | destroy_async(ps, &ps->async_pending); |
468 | } | 468 | } |
469 | 469 | ||
470 | /* | 470 | /* |
471 | * interface claims are made only at the request of user level code, | 471 | * interface claims are made only at the request of user level code, |
472 | * which can also release them (explicitly or by closing files). | 472 | * which can also release them (explicitly or by closing files). |
473 | * they're also undone when devices disconnect. | 473 | * they're also undone when devices disconnect. |
474 | */ | 474 | */ |
475 | 475 | ||
476 | static int driver_probe(struct usb_interface *intf, | 476 | static int driver_probe(struct usb_interface *intf, |
477 | const struct usb_device_id *id) | 477 | const struct usb_device_id *id) |
478 | { | 478 | { |
479 | return -ENODEV; | 479 | return -ENODEV; |
480 | } | 480 | } |
481 | 481 | ||
482 | static void driver_disconnect(struct usb_interface *intf) | 482 | static void driver_disconnect(struct usb_interface *intf) |
483 | { | 483 | { |
484 | struct dev_state *ps = usb_get_intfdata(intf); | 484 | struct dev_state *ps = usb_get_intfdata(intf); |
485 | unsigned int ifnum = intf->altsetting->desc.bInterfaceNumber; | 485 | unsigned int ifnum = intf->altsetting->desc.bInterfaceNumber; |
486 | 486 | ||
487 | if (!ps) | 487 | if (!ps) |
488 | return; | 488 | return; |
489 | 489 | ||
490 | /* NOTE: this relies on usbcore having canceled and completed | 490 | /* NOTE: this relies on usbcore having canceled and completed |
491 | * all pending I/O requests; 2.6 does that. | 491 | * all pending I/O requests; 2.6 does that. |
492 | */ | 492 | */ |
493 | 493 | ||
494 | if (likely(ifnum < 8*sizeof(ps->ifclaimed))) | 494 | if (likely(ifnum < 8*sizeof(ps->ifclaimed))) |
495 | clear_bit(ifnum, &ps->ifclaimed); | 495 | clear_bit(ifnum, &ps->ifclaimed); |
496 | else | 496 | else |
497 | dev_warn(&intf->dev, "interface number %u out of range\n", | 497 | dev_warn(&intf->dev, "interface number %u out of range\n", |
498 | ifnum); | 498 | ifnum); |
499 | 499 | ||
500 | usb_set_intfdata(intf, NULL); | 500 | usb_set_intfdata(intf, NULL); |
501 | 501 | ||
502 | /* force async requests to complete */ | 502 | /* force async requests to complete */ |
503 | destroy_async_on_interface(ps, ifnum); | 503 | destroy_async_on_interface(ps, ifnum); |
504 | } | 504 | } |
505 | 505 | ||
506 | /* The following routines are merely placeholders. There is no way | 506 | /* The following routines are merely placeholders. There is no way |
507 | * to inform a user task about suspend or resumes. | 507 | * to inform a user task about suspend or resumes. |
508 | */ | 508 | */ |
509 | static int driver_suspend(struct usb_interface *intf, pm_message_t msg) | 509 | static int driver_suspend(struct usb_interface *intf, pm_message_t msg) |
510 | { | 510 | { |
511 | return 0; | 511 | return 0; |
512 | } | 512 | } |
513 | 513 | ||
514 | static int driver_resume(struct usb_interface *intf) | 514 | static int driver_resume(struct usb_interface *intf) |
515 | { | 515 | { |
516 | return 0; | 516 | return 0; |
517 | } | 517 | } |
518 | 518 | ||
519 | struct usb_driver usbfs_driver = { | 519 | struct usb_driver usbfs_driver = { |
520 | .name = "usbfs", | 520 | .name = "usbfs", |
521 | .probe = driver_probe, | 521 | .probe = driver_probe, |
522 | .disconnect = driver_disconnect, | 522 | .disconnect = driver_disconnect, |
523 | .suspend = driver_suspend, | 523 | .suspend = driver_suspend, |
524 | .resume = driver_resume, | 524 | .resume = driver_resume, |
525 | }; | 525 | }; |
526 | 526 | ||
527 | static int claimintf(struct dev_state *ps, unsigned int ifnum) | 527 | static int claimintf(struct dev_state *ps, unsigned int ifnum) |
528 | { | 528 | { |
529 | struct usb_device *dev = ps->dev; | 529 | struct usb_device *dev = ps->dev; |
530 | struct usb_interface *intf; | 530 | struct usb_interface *intf; |
531 | int err; | 531 | int err; |
532 | 532 | ||
533 | if (ifnum >= 8*sizeof(ps->ifclaimed)) | 533 | if (ifnum >= 8*sizeof(ps->ifclaimed)) |
534 | return -EINVAL; | 534 | return -EINVAL; |
535 | /* already claimed */ | 535 | /* already claimed */ |
536 | if (test_bit(ifnum, &ps->ifclaimed)) | 536 | if (test_bit(ifnum, &ps->ifclaimed)) |
537 | return 0; | 537 | return 0; |
538 | 538 | ||
539 | intf = usb_ifnum_to_if(dev, ifnum); | 539 | intf = usb_ifnum_to_if(dev, ifnum); |
540 | if (!intf) | 540 | if (!intf) |
541 | err = -ENOENT; | 541 | err = -ENOENT; |
542 | else | 542 | else |
543 | err = usb_driver_claim_interface(&usbfs_driver, intf, ps); | 543 | err = usb_driver_claim_interface(&usbfs_driver, intf, ps); |
544 | if (err == 0) | 544 | if (err == 0) |
545 | set_bit(ifnum, &ps->ifclaimed); | 545 | set_bit(ifnum, &ps->ifclaimed); |
546 | return err; | 546 | return err; |
547 | } | 547 | } |
548 | 548 | ||
549 | static int releaseintf(struct dev_state *ps, unsigned int ifnum) | 549 | static int releaseintf(struct dev_state *ps, unsigned int ifnum) |
550 | { | 550 | { |
551 | struct usb_device *dev; | 551 | struct usb_device *dev; |
552 | struct usb_interface *intf; | 552 | struct usb_interface *intf; |
553 | int err; | 553 | int err; |
554 | 554 | ||
555 | err = -EINVAL; | 555 | err = -EINVAL; |
556 | if (ifnum >= 8*sizeof(ps->ifclaimed)) | 556 | if (ifnum >= 8*sizeof(ps->ifclaimed)) |
557 | return err; | 557 | return err; |
558 | dev = ps->dev; | 558 | dev = ps->dev; |
559 | intf = usb_ifnum_to_if(dev, ifnum); | 559 | intf = usb_ifnum_to_if(dev, ifnum); |
560 | if (!intf) | 560 | if (!intf) |
561 | err = -ENOENT; | 561 | err = -ENOENT; |
562 | else if (test_and_clear_bit(ifnum, &ps->ifclaimed)) { | 562 | else if (test_and_clear_bit(ifnum, &ps->ifclaimed)) { |
563 | usb_driver_release_interface(&usbfs_driver, intf); | 563 | usb_driver_release_interface(&usbfs_driver, intf); |
564 | err = 0; | 564 | err = 0; |
565 | } | 565 | } |
566 | return err; | 566 | return err; |
567 | } | 567 | } |
568 | 568 | ||
569 | static int checkintf(struct dev_state *ps, unsigned int ifnum) | 569 | static int checkintf(struct dev_state *ps, unsigned int ifnum) |
570 | { | 570 | { |
571 | if (ps->dev->state != USB_STATE_CONFIGURED) | 571 | if (ps->dev->state != USB_STATE_CONFIGURED) |
572 | return -EHOSTUNREACH; | 572 | return -EHOSTUNREACH; |
573 | if (ifnum >= 8*sizeof(ps->ifclaimed)) | 573 | if (ifnum >= 8*sizeof(ps->ifclaimed)) |
574 | return -EINVAL; | 574 | return -EINVAL; |
575 | if (test_bit(ifnum, &ps->ifclaimed)) | 575 | if (test_bit(ifnum, &ps->ifclaimed)) |
576 | return 0; | 576 | return 0; |
577 | /* if not yet claimed, claim it for the driver */ | 577 | /* if not yet claimed, claim it for the driver */ |
578 | dev_warn(&ps->dev->dev, "usbfs: process %d (%s) did not claim " | 578 | dev_warn(&ps->dev->dev, "usbfs: process %d (%s) did not claim " |
579 | "interface %u before use\n", task_pid_nr(current), | 579 | "interface %u before use\n", task_pid_nr(current), |
580 | current->comm, ifnum); | 580 | current->comm, ifnum); |
581 | return claimintf(ps, ifnum); | 581 | return claimintf(ps, ifnum); |
582 | } | 582 | } |
583 | 583 | ||
584 | static int findintfep(struct usb_device *dev, unsigned int ep) | 584 | static int findintfep(struct usb_device *dev, unsigned int ep) |
585 | { | 585 | { |
586 | unsigned int i, j, e; | 586 | unsigned int i, j, e; |
587 | struct usb_interface *intf; | 587 | struct usb_interface *intf; |
588 | struct usb_host_interface *alts; | 588 | struct usb_host_interface *alts; |
589 | struct usb_endpoint_descriptor *endpt; | 589 | struct usb_endpoint_descriptor *endpt; |
590 | 590 | ||
591 | if (ep & ~(USB_DIR_IN|0xf)) | 591 | if (ep & ~(USB_DIR_IN|0xf)) |
592 | return -EINVAL; | 592 | return -EINVAL; |
593 | if (!dev->actconfig) | 593 | if (!dev->actconfig) |
594 | return -ESRCH; | 594 | return -ESRCH; |
595 | for (i = 0; i < dev->actconfig->desc.bNumInterfaces; i++) { | 595 | for (i = 0; i < dev->actconfig->desc.bNumInterfaces; i++) { |
596 | intf = dev->actconfig->interface[i]; | 596 | intf = dev->actconfig->interface[i]; |
597 | for (j = 0; j < intf->num_altsetting; j++) { | 597 | for (j = 0; j < intf->num_altsetting; j++) { |
598 | alts = &intf->altsetting[j]; | 598 | alts = &intf->altsetting[j]; |
599 | for (e = 0; e < alts->desc.bNumEndpoints; e++) { | 599 | for (e = 0; e < alts->desc.bNumEndpoints; e++) { |
600 | endpt = &alts->endpoint[e].desc; | 600 | endpt = &alts->endpoint[e].desc; |
601 | if (endpt->bEndpointAddress == ep) | 601 | if (endpt->bEndpointAddress == ep) |
602 | return alts->desc.bInterfaceNumber; | 602 | return alts->desc.bInterfaceNumber; |
603 | } | 603 | } |
604 | } | 604 | } |
605 | } | 605 | } |
606 | return -ENOENT; | 606 | return -ENOENT; |
607 | } | 607 | } |
608 | 608 | ||
609 | static int check_ctrlrecip(struct dev_state *ps, unsigned int requesttype, | 609 | static int check_ctrlrecip(struct dev_state *ps, unsigned int requesttype, |
610 | unsigned int index) | 610 | unsigned int index) |
611 | { | 611 | { |
612 | int ret = 0; | 612 | int ret = 0; |
613 | 613 | ||
614 | if (ps->dev->state != USB_STATE_UNAUTHENTICATED | 614 | if (ps->dev->state != USB_STATE_UNAUTHENTICATED |
615 | && ps->dev->state != USB_STATE_ADDRESS | 615 | && ps->dev->state != USB_STATE_ADDRESS |
616 | && ps->dev->state != USB_STATE_CONFIGURED) | 616 | && ps->dev->state != USB_STATE_CONFIGURED) |
617 | return -EHOSTUNREACH; | 617 | return -EHOSTUNREACH; |
618 | if (USB_TYPE_VENDOR == (USB_TYPE_MASK & requesttype)) | 618 | if (USB_TYPE_VENDOR == (USB_TYPE_MASK & requesttype)) |
619 | return 0; | 619 | return 0; |
620 | 620 | ||
621 | index &= 0xff; | 621 | index &= 0xff; |
622 | switch (requesttype & USB_RECIP_MASK) { | 622 | switch (requesttype & USB_RECIP_MASK) { |
623 | case USB_RECIP_ENDPOINT: | 623 | case USB_RECIP_ENDPOINT: |
624 | ret = findintfep(ps->dev, index); | 624 | ret = findintfep(ps->dev, index); |
625 | if (ret >= 0) | 625 | if (ret >= 0) |
626 | ret = checkintf(ps, ret); | 626 | ret = checkintf(ps, ret); |
627 | break; | 627 | break; |
628 | 628 | ||
629 | case USB_RECIP_INTERFACE: | 629 | case USB_RECIP_INTERFACE: |
630 | ret = checkintf(ps, index); | 630 | ret = checkintf(ps, index); |
631 | break; | 631 | break; |
632 | } | 632 | } |
633 | return ret; | 633 | return ret; |
634 | } | 634 | } |
635 | 635 | ||
636 | static int match_devt(struct device *dev, void *data) | 636 | static int match_devt(struct device *dev, void *data) |
637 | { | 637 | { |
638 | return dev->devt == (dev_t) (unsigned long) data; | 638 | return dev->devt == (dev_t) (unsigned long) data; |
639 | } | 639 | } |
640 | 640 | ||
641 | static struct usb_device *usbdev_lookup_by_devt(dev_t devt) | 641 | static struct usb_device *usbdev_lookup_by_devt(dev_t devt) |
642 | { | 642 | { |
643 | struct device *dev; | 643 | struct device *dev; |
644 | 644 | ||
645 | dev = bus_find_device(&usb_bus_type, NULL, | 645 | dev = bus_find_device(&usb_bus_type, NULL, |
646 | (void *) (unsigned long) devt, match_devt); | 646 | (void *) (unsigned long) devt, match_devt); |
647 | if (!dev) | 647 | if (!dev) |
648 | return NULL; | 648 | return NULL; |
649 | return container_of(dev, struct usb_device, dev); | 649 | return container_of(dev, struct usb_device, dev); |
650 | } | 650 | } |
651 | 651 | ||
652 | /* | 652 | /* |
653 | * file operations | 653 | * file operations |
654 | */ | 654 | */ |
655 | static int usbdev_open(struct inode *inode, struct file *file) | 655 | static int usbdev_open(struct inode *inode, struct file *file) |
656 | { | 656 | { |
657 | struct usb_device *dev = NULL; | 657 | struct usb_device *dev = NULL; |
658 | struct dev_state *ps; | 658 | struct dev_state *ps; |
659 | const struct cred *cred = current_cred(); | 659 | const struct cred *cred = current_cred(); |
660 | int ret; | 660 | int ret; |
661 | 661 | ||
662 | ret = -ENOMEM; | 662 | ret = -ENOMEM; |
663 | ps = kmalloc(sizeof(struct dev_state), GFP_KERNEL); | 663 | ps = kmalloc(sizeof(struct dev_state), GFP_KERNEL); |
664 | if (!ps) | 664 | if (!ps) |
665 | goto out_free_ps; | 665 | goto out_free_ps; |
666 | 666 | ||
667 | ret = -ENODEV; | 667 | ret = -ENODEV; |
668 | 668 | ||
669 | /* Protect against simultaneous removal or release */ | 669 | /* Protect against simultaneous removal or release */ |
670 | mutex_lock(&usbfs_mutex); | 670 | mutex_lock(&usbfs_mutex); |
671 | 671 | ||
672 | /* usbdev device-node */ | 672 | /* usbdev device-node */ |
673 | if (imajor(inode) == USB_DEVICE_MAJOR) | 673 | if (imajor(inode) == USB_DEVICE_MAJOR) |
674 | dev = usbdev_lookup_by_devt(inode->i_rdev); | 674 | dev = usbdev_lookup_by_devt(inode->i_rdev); |
675 | 675 | ||
676 | #ifdef CONFIG_USB_DEVICEFS | 676 | #ifdef CONFIG_USB_DEVICEFS |
677 | /* procfs file */ | 677 | /* procfs file */ |
678 | if (!dev) { | 678 | if (!dev) { |
679 | dev = inode->i_private; | 679 | dev = inode->i_private; |
680 | if (dev && dev->usbfs_dentry && | 680 | if (dev && dev->usbfs_dentry && |
681 | dev->usbfs_dentry->d_inode == inode) | 681 | dev->usbfs_dentry->d_inode == inode) |
682 | usb_get_dev(dev); | 682 | usb_get_dev(dev); |
683 | else | 683 | else |
684 | dev = NULL; | 684 | dev = NULL; |
685 | } | 685 | } |
686 | #endif | 686 | #endif |
687 | mutex_unlock(&usbfs_mutex); | 687 | mutex_unlock(&usbfs_mutex); |
688 | 688 | ||
689 | if (!dev) | 689 | if (!dev) |
690 | goto out_free_ps; | 690 | goto out_free_ps; |
691 | 691 | ||
692 | usb_lock_device(dev); | 692 | usb_lock_device(dev); |
693 | if (dev->state == USB_STATE_NOTATTACHED) | 693 | if (dev->state == USB_STATE_NOTATTACHED) |
694 | goto out_unlock_device; | 694 | goto out_unlock_device; |
695 | 695 | ||
696 | ret = usb_autoresume_device(dev); | 696 | ret = usb_autoresume_device(dev); |
697 | if (ret) | 697 | if (ret) |
698 | goto out_unlock_device; | 698 | goto out_unlock_device; |
699 | 699 | ||
700 | ps->dev = dev; | 700 | ps->dev = dev; |
701 | ps->file = file; | 701 | ps->file = file; |
702 | spin_lock_init(&ps->lock); | 702 | spin_lock_init(&ps->lock); |
703 | INIT_LIST_HEAD(&ps->list); | 703 | INIT_LIST_HEAD(&ps->list); |
704 | INIT_LIST_HEAD(&ps->async_pending); | 704 | INIT_LIST_HEAD(&ps->async_pending); |
705 | INIT_LIST_HEAD(&ps->async_completed); | 705 | INIT_LIST_HEAD(&ps->async_completed); |
706 | init_waitqueue_head(&ps->wait); | 706 | init_waitqueue_head(&ps->wait); |
707 | ps->discsignr = 0; | 707 | ps->discsignr = 0; |
708 | ps->disc_pid = get_pid(task_pid(current)); | 708 | ps->disc_pid = get_pid(task_pid(current)); |
709 | ps->disc_uid = cred->uid; | 709 | ps->disc_uid = cred->uid; |
710 | ps->disc_euid = cred->euid; | 710 | ps->disc_euid = cred->euid; |
711 | ps->disccontext = NULL; | 711 | ps->disccontext = NULL; |
712 | ps->ifclaimed = 0; | 712 | ps->ifclaimed = 0; |
713 | security_task_getsecid(current, &ps->secid); | 713 | security_task_getsecid(current, &ps->secid); |
714 | smp_wmb(); | 714 | smp_wmb(); |
715 | list_add_tail(&ps->list, &dev->filelist); | 715 | list_add_tail(&ps->list, &dev->filelist); |
716 | file->private_data = ps; | 716 | file->private_data = ps; |
717 | usb_unlock_device(dev); | 717 | usb_unlock_device(dev); |
718 | snoop(&dev->dev, "opened by process %d: %s\n", task_pid_nr(current), | 718 | snoop(&dev->dev, "opened by process %d: %s\n", task_pid_nr(current), |
719 | current->comm); | 719 | current->comm); |
720 | return ret; | 720 | return ret; |
721 | 721 | ||
722 | out_unlock_device: | 722 | out_unlock_device: |
723 | usb_unlock_device(dev); | 723 | usb_unlock_device(dev); |
724 | usb_put_dev(dev); | 724 | usb_put_dev(dev); |
725 | out_free_ps: | 725 | out_free_ps: |
726 | kfree(ps); | 726 | kfree(ps); |
727 | return ret; | 727 | return ret; |
728 | } | 728 | } |
729 | 729 | ||
730 | static int usbdev_release(struct inode *inode, struct file *file) | 730 | static int usbdev_release(struct inode *inode, struct file *file) |
731 | { | 731 | { |
732 | struct dev_state *ps = file->private_data; | 732 | struct dev_state *ps = file->private_data; |
733 | struct usb_device *dev = ps->dev; | 733 | struct usb_device *dev = ps->dev; |
734 | unsigned int ifnum; | 734 | unsigned int ifnum; |
735 | struct async *as; | 735 | struct async *as; |
736 | 736 | ||
737 | usb_lock_device(dev); | 737 | usb_lock_device(dev); |
738 | usb_hub_release_all_ports(dev, ps); | 738 | usb_hub_release_all_ports(dev, ps); |
739 | 739 | ||
740 | list_del_init(&ps->list); | 740 | list_del_init(&ps->list); |
741 | 741 | ||
742 | for (ifnum = 0; ps->ifclaimed && ifnum < 8*sizeof(ps->ifclaimed); | 742 | for (ifnum = 0; ps->ifclaimed && ifnum < 8*sizeof(ps->ifclaimed); |
743 | ifnum++) { | 743 | ifnum++) { |
744 | if (test_bit(ifnum, &ps->ifclaimed)) | 744 | if (test_bit(ifnum, &ps->ifclaimed)) |
745 | releaseintf(ps, ifnum); | 745 | releaseintf(ps, ifnum); |
746 | } | 746 | } |
747 | destroy_all_async(ps); | 747 | destroy_all_async(ps); |
748 | usb_autosuspend_device(dev); | 748 | usb_autosuspend_device(dev); |
749 | usb_unlock_device(dev); | 749 | usb_unlock_device(dev); |
750 | usb_put_dev(dev); | 750 | usb_put_dev(dev); |
751 | put_pid(ps->disc_pid); | 751 | put_pid(ps->disc_pid); |
752 | 752 | ||
753 | as = async_getcompleted(ps); | 753 | as = async_getcompleted(ps); |
754 | while (as) { | 754 | while (as) { |
755 | free_async(as); | 755 | free_async(as); |
756 | as = async_getcompleted(ps); | 756 | as = async_getcompleted(ps); |
757 | } | 757 | } |
758 | kfree(ps); | 758 | kfree(ps); |
759 | return 0; | 759 | return 0; |
760 | } | 760 | } |
761 | 761 | ||
762 | static int proc_control(struct dev_state *ps, void __user *arg) | 762 | static int proc_control(struct dev_state *ps, void __user *arg) |
763 | { | 763 | { |
764 | struct usb_device *dev = ps->dev; | 764 | struct usb_device *dev = ps->dev; |
765 | struct usbdevfs_ctrltransfer ctrl; | 765 | struct usbdevfs_ctrltransfer ctrl; |
766 | unsigned int tmo; | 766 | unsigned int tmo; |
767 | unsigned char *tbuf; | 767 | unsigned char *tbuf; |
768 | unsigned wLength; | 768 | unsigned wLength; |
769 | int i, pipe, ret; | 769 | int i, pipe, ret; |
770 | 770 | ||
771 | if (copy_from_user(&ctrl, arg, sizeof(ctrl))) | 771 | if (copy_from_user(&ctrl, arg, sizeof(ctrl))) |
772 | return -EFAULT; | 772 | return -EFAULT; |
773 | ret = check_ctrlrecip(ps, ctrl.bRequestType, ctrl.wIndex); | 773 | ret = check_ctrlrecip(ps, ctrl.bRequestType, ctrl.wIndex); |
774 | if (ret) | 774 | if (ret) |
775 | return ret; | 775 | return ret; |
776 | wLength = ctrl.wLength; /* To suppress 64k PAGE_SIZE warning */ | 776 | wLength = ctrl.wLength; /* To suppress 64k PAGE_SIZE warning */ |
777 | if (wLength > PAGE_SIZE) | 777 | if (wLength > PAGE_SIZE) |
778 | return -EINVAL; | 778 | return -EINVAL; |
779 | tbuf = (unsigned char *)__get_free_page(GFP_KERNEL); | 779 | tbuf = (unsigned char *)__get_free_page(GFP_KERNEL); |
780 | if (!tbuf) | 780 | if (!tbuf) |
781 | return -ENOMEM; | 781 | return -ENOMEM; |
782 | tmo = ctrl.timeout; | 782 | tmo = ctrl.timeout; |
783 | snoop(&dev->dev, "control urb: bRequestType=%02x " | 783 | snoop(&dev->dev, "control urb: bRequestType=%02x " |
784 | "bRequest=%02x wValue=%04x " | 784 | "bRequest=%02x wValue=%04x " |
785 | "wIndex=%04x wLength=%04x\n", | 785 | "wIndex=%04x wLength=%04x\n", |
786 | ctrl.bRequestType, ctrl.bRequest, | 786 | ctrl.bRequestType, ctrl.bRequest, |
787 | __le16_to_cpup(&ctrl.wValue), | 787 | __le16_to_cpup(&ctrl.wValue), |
788 | __le16_to_cpup(&ctrl.wIndex), | 788 | __le16_to_cpup(&ctrl.wIndex), |
789 | __le16_to_cpup(&ctrl.wLength)); | 789 | __le16_to_cpup(&ctrl.wLength)); |
790 | if (ctrl.bRequestType & 0x80) { | 790 | if (ctrl.bRequestType & 0x80) { |
791 | if (ctrl.wLength && !access_ok(VERIFY_WRITE, ctrl.data, | 791 | if (ctrl.wLength && !access_ok(VERIFY_WRITE, ctrl.data, |
792 | ctrl.wLength)) { | 792 | ctrl.wLength)) { |
793 | free_page((unsigned long)tbuf); | 793 | free_page((unsigned long)tbuf); |
794 | return -EINVAL; | 794 | return -EINVAL; |
795 | } | 795 | } |
796 | pipe = usb_rcvctrlpipe(dev, 0); | 796 | pipe = usb_rcvctrlpipe(dev, 0); |
797 | snoop_urb(dev, NULL, pipe, ctrl.wLength, tmo, SUBMIT, NULL, 0); | 797 | snoop_urb(dev, NULL, pipe, ctrl.wLength, tmo, SUBMIT, NULL, 0); |
798 | 798 | ||
799 | usb_unlock_device(dev); | 799 | usb_unlock_device(dev); |
800 | i = usb_control_msg(dev, pipe, ctrl.bRequest, | 800 | i = usb_control_msg(dev, pipe, ctrl.bRequest, |
801 | ctrl.bRequestType, ctrl.wValue, ctrl.wIndex, | 801 | ctrl.bRequestType, ctrl.wValue, ctrl.wIndex, |
802 | tbuf, ctrl.wLength, tmo); | 802 | tbuf, ctrl.wLength, tmo); |
803 | usb_lock_device(dev); | 803 | usb_lock_device(dev); |
804 | snoop_urb(dev, NULL, pipe, max(i, 0), min(i, 0), COMPLETE, | 804 | snoop_urb(dev, NULL, pipe, max(i, 0), min(i, 0), COMPLETE, |
805 | tbuf, i); | 805 | tbuf, max(i, 0)); |
806 | if ((i > 0) && ctrl.wLength) { | 806 | if ((i > 0) && ctrl.wLength) { |
807 | if (copy_to_user(ctrl.data, tbuf, i)) { | 807 | if (copy_to_user(ctrl.data, tbuf, i)) { |
808 | free_page((unsigned long)tbuf); | 808 | free_page((unsigned long)tbuf); |
809 | return -EFAULT; | 809 | return -EFAULT; |
810 | } | 810 | } |
811 | } | 811 | } |
812 | } else { | 812 | } else { |
813 | if (ctrl.wLength) { | 813 | if (ctrl.wLength) { |
814 | if (copy_from_user(tbuf, ctrl.data, ctrl.wLength)) { | 814 | if (copy_from_user(tbuf, ctrl.data, ctrl.wLength)) { |
815 | free_page((unsigned long)tbuf); | 815 | free_page((unsigned long)tbuf); |
816 | return -EFAULT; | 816 | return -EFAULT; |
817 | } | 817 | } |
818 | } | 818 | } |
819 | pipe = usb_sndctrlpipe(dev, 0); | 819 | pipe = usb_sndctrlpipe(dev, 0); |
820 | snoop_urb(dev, NULL, pipe, ctrl.wLength, tmo, SUBMIT, | 820 | snoop_urb(dev, NULL, pipe, ctrl.wLength, tmo, SUBMIT, |
821 | tbuf, ctrl.wLength); | 821 | tbuf, ctrl.wLength); |
822 | 822 | ||
823 | usb_unlock_device(dev); | 823 | usb_unlock_device(dev); |
824 | i = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), ctrl.bRequest, | 824 | i = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), ctrl.bRequest, |
825 | ctrl.bRequestType, ctrl.wValue, ctrl.wIndex, | 825 | ctrl.bRequestType, ctrl.wValue, ctrl.wIndex, |
826 | tbuf, ctrl.wLength, tmo); | 826 | tbuf, ctrl.wLength, tmo); |
827 | usb_lock_device(dev); | 827 | usb_lock_device(dev); |
828 | snoop_urb(dev, NULL, pipe, max(i, 0), min(i, 0), COMPLETE, NULL, 0); | 828 | snoop_urb(dev, NULL, pipe, max(i, 0), min(i, 0), COMPLETE, NULL, 0); |
829 | } | 829 | } |
830 | free_page((unsigned long)tbuf); | 830 | free_page((unsigned long)tbuf); |
831 | if (i < 0 && i != -EPIPE) { | 831 | if (i < 0 && i != -EPIPE) { |
832 | dev_printk(KERN_DEBUG, &dev->dev, "usbfs: USBDEVFS_CONTROL " | 832 | dev_printk(KERN_DEBUG, &dev->dev, "usbfs: USBDEVFS_CONTROL " |
833 | "failed cmd %s rqt %u rq %u len %u ret %d\n", | 833 | "failed cmd %s rqt %u rq %u len %u ret %d\n", |
834 | current->comm, ctrl.bRequestType, ctrl.bRequest, | 834 | current->comm, ctrl.bRequestType, ctrl.bRequest, |
835 | ctrl.wLength, i); | 835 | ctrl.wLength, i); |
836 | } | 836 | } |
837 | return i; | 837 | return i; |
838 | } | 838 | } |
839 | 839 | ||
840 | static int proc_bulk(struct dev_state *ps, void __user *arg) | 840 | static int proc_bulk(struct dev_state *ps, void __user *arg) |
841 | { | 841 | { |
842 | struct usb_device *dev = ps->dev; | 842 | struct usb_device *dev = ps->dev; |
843 | struct usbdevfs_bulktransfer bulk; | 843 | struct usbdevfs_bulktransfer bulk; |
844 | unsigned int tmo, len1, pipe; | 844 | unsigned int tmo, len1, pipe; |
845 | int len2; | 845 | int len2; |
846 | unsigned char *tbuf; | 846 | unsigned char *tbuf; |
847 | int i, ret; | 847 | int i, ret; |
848 | 848 | ||
849 | if (copy_from_user(&bulk, arg, sizeof(bulk))) | 849 | if (copy_from_user(&bulk, arg, sizeof(bulk))) |
850 | return -EFAULT; | 850 | return -EFAULT; |
851 | ret = findintfep(ps->dev, bulk.ep); | 851 | ret = findintfep(ps->dev, bulk.ep); |
852 | if (ret < 0) | 852 | if (ret < 0) |
853 | return ret; | 853 | return ret; |
854 | ret = checkintf(ps, ret); | 854 | ret = checkintf(ps, ret); |
855 | if (ret) | 855 | if (ret) |
856 | return ret; | 856 | return ret; |
857 | if (bulk.ep & USB_DIR_IN) | 857 | if (bulk.ep & USB_DIR_IN) |
858 | pipe = usb_rcvbulkpipe(dev, bulk.ep & 0x7f); | 858 | pipe = usb_rcvbulkpipe(dev, bulk.ep & 0x7f); |
859 | else | 859 | else |
860 | pipe = usb_sndbulkpipe(dev, bulk.ep & 0x7f); | 860 | pipe = usb_sndbulkpipe(dev, bulk.ep & 0x7f); |
861 | if (!usb_maxpacket(dev, pipe, !(bulk.ep & USB_DIR_IN))) | 861 | if (!usb_maxpacket(dev, pipe, !(bulk.ep & USB_DIR_IN))) |
862 | return -EINVAL; | 862 | return -EINVAL; |
863 | len1 = bulk.len; | 863 | len1 = bulk.len; |
864 | if (len1 > MAX_USBFS_BUFFER_SIZE) | 864 | if (len1 > MAX_USBFS_BUFFER_SIZE) |
865 | return -EINVAL; | 865 | return -EINVAL; |
866 | if (!(tbuf = kmalloc(len1, GFP_KERNEL))) | 866 | if (!(tbuf = kmalloc(len1, GFP_KERNEL))) |
867 | return -ENOMEM; | 867 | return -ENOMEM; |
868 | tmo = bulk.timeout; | 868 | tmo = bulk.timeout; |
869 | if (bulk.ep & 0x80) { | 869 | if (bulk.ep & 0x80) { |
870 | if (len1 && !access_ok(VERIFY_WRITE, bulk.data, len1)) { | 870 | if (len1 && !access_ok(VERIFY_WRITE, bulk.data, len1)) { |
871 | kfree(tbuf); | 871 | kfree(tbuf); |
872 | return -EINVAL; | 872 | return -EINVAL; |
873 | } | 873 | } |
874 | snoop_urb(dev, NULL, pipe, len1, tmo, SUBMIT, NULL, 0); | 874 | snoop_urb(dev, NULL, pipe, len1, tmo, SUBMIT, NULL, 0); |
875 | 875 | ||
876 | usb_unlock_device(dev); | 876 | usb_unlock_device(dev); |
877 | i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo); | 877 | i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo); |
878 | usb_lock_device(dev); | 878 | usb_lock_device(dev); |
879 | snoop_urb(dev, NULL, pipe, len2, i, COMPLETE, tbuf, len2); | 879 | snoop_urb(dev, NULL, pipe, len2, i, COMPLETE, tbuf, len2); |
880 | 880 | ||
881 | if (!i && len2) { | 881 | if (!i && len2) { |
882 | if (copy_to_user(bulk.data, tbuf, len2)) { | 882 | if (copy_to_user(bulk.data, tbuf, len2)) { |
883 | kfree(tbuf); | 883 | kfree(tbuf); |
884 | return -EFAULT; | 884 | return -EFAULT; |
885 | } | 885 | } |
886 | } | 886 | } |
887 | } else { | 887 | } else { |
888 | if (len1) { | 888 | if (len1) { |
889 | if (copy_from_user(tbuf, bulk.data, len1)) { | 889 | if (copy_from_user(tbuf, bulk.data, len1)) { |
890 | kfree(tbuf); | 890 | kfree(tbuf); |
891 | return -EFAULT; | 891 | return -EFAULT; |
892 | } | 892 | } |
893 | } | 893 | } |
894 | snoop_urb(dev, NULL, pipe, len1, tmo, SUBMIT, tbuf, len1); | 894 | snoop_urb(dev, NULL, pipe, len1, tmo, SUBMIT, tbuf, len1); |
895 | 895 | ||
896 | usb_unlock_device(dev); | 896 | usb_unlock_device(dev); |
897 | i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo); | 897 | i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo); |
898 | usb_lock_device(dev); | 898 | usb_lock_device(dev); |
899 | snoop_urb(dev, NULL, pipe, len2, i, COMPLETE, NULL, 0); | 899 | snoop_urb(dev, NULL, pipe, len2, i, COMPLETE, NULL, 0); |
900 | } | 900 | } |
901 | kfree(tbuf); | 901 | kfree(tbuf); |
902 | if (i < 0) | 902 | if (i < 0) |
903 | return i; | 903 | return i; |
904 | return len2; | 904 | return len2; |
905 | } | 905 | } |
906 | 906 | ||
907 | static int proc_resetep(struct dev_state *ps, void __user *arg) | 907 | static int proc_resetep(struct dev_state *ps, void __user *arg) |
908 | { | 908 | { |
909 | unsigned int ep; | 909 | unsigned int ep; |
910 | int ret; | 910 | int ret; |
911 | 911 | ||
912 | if (get_user(ep, (unsigned int __user *)arg)) | 912 | if (get_user(ep, (unsigned int __user *)arg)) |
913 | return -EFAULT; | 913 | return -EFAULT; |
914 | ret = findintfep(ps->dev, ep); | 914 | ret = findintfep(ps->dev, ep); |
915 | if (ret < 0) | 915 | if (ret < 0) |
916 | return ret; | 916 | return ret; |
917 | ret = checkintf(ps, ret); | 917 | ret = checkintf(ps, ret); |
918 | if (ret) | 918 | if (ret) |
919 | return ret; | 919 | return ret; |
920 | usb_reset_endpoint(ps->dev, ep); | 920 | usb_reset_endpoint(ps->dev, ep); |
921 | return 0; | 921 | return 0; |
922 | } | 922 | } |
923 | 923 | ||
924 | static int proc_clearhalt(struct dev_state *ps, void __user *arg) | 924 | static int proc_clearhalt(struct dev_state *ps, void __user *arg) |
925 | { | 925 | { |
926 | unsigned int ep; | 926 | unsigned int ep; |
927 | int pipe; | 927 | int pipe; |
928 | int ret; | 928 | int ret; |
929 | 929 | ||
930 | if (get_user(ep, (unsigned int __user *)arg)) | 930 | if (get_user(ep, (unsigned int __user *)arg)) |
931 | return -EFAULT; | 931 | return -EFAULT; |
932 | ret = findintfep(ps->dev, ep); | 932 | ret = findintfep(ps->dev, ep); |
933 | if (ret < 0) | 933 | if (ret < 0) |
934 | return ret; | 934 | return ret; |
935 | ret = checkintf(ps, ret); | 935 | ret = checkintf(ps, ret); |
936 | if (ret) | 936 | if (ret) |
937 | return ret; | 937 | return ret; |
938 | if (ep & USB_DIR_IN) | 938 | if (ep & USB_DIR_IN) |
939 | pipe = usb_rcvbulkpipe(ps->dev, ep & 0x7f); | 939 | pipe = usb_rcvbulkpipe(ps->dev, ep & 0x7f); |
940 | else | 940 | else |
941 | pipe = usb_sndbulkpipe(ps->dev, ep & 0x7f); | 941 | pipe = usb_sndbulkpipe(ps->dev, ep & 0x7f); |
942 | 942 | ||
943 | return usb_clear_halt(ps->dev, pipe); | 943 | return usb_clear_halt(ps->dev, pipe); |
944 | } | 944 | } |
945 | 945 | ||
946 | static int proc_getdriver(struct dev_state *ps, void __user *arg) | 946 | static int proc_getdriver(struct dev_state *ps, void __user *arg) |
947 | { | 947 | { |
948 | struct usbdevfs_getdriver gd; | 948 | struct usbdevfs_getdriver gd; |
949 | struct usb_interface *intf; | 949 | struct usb_interface *intf; |
950 | int ret; | 950 | int ret; |
951 | 951 | ||
952 | if (copy_from_user(&gd, arg, sizeof(gd))) | 952 | if (copy_from_user(&gd, arg, sizeof(gd))) |
953 | return -EFAULT; | 953 | return -EFAULT; |
954 | intf = usb_ifnum_to_if(ps->dev, gd.interface); | 954 | intf = usb_ifnum_to_if(ps->dev, gd.interface); |
955 | if (!intf || !intf->dev.driver) | 955 | if (!intf || !intf->dev.driver) |
956 | ret = -ENODATA; | 956 | ret = -ENODATA; |
957 | else { | 957 | else { |
958 | strncpy(gd.driver, intf->dev.driver->name, | 958 | strncpy(gd.driver, intf->dev.driver->name, |
959 | sizeof(gd.driver)); | 959 | sizeof(gd.driver)); |
960 | ret = (copy_to_user(arg, &gd, sizeof(gd)) ? -EFAULT : 0); | 960 | ret = (copy_to_user(arg, &gd, sizeof(gd)) ? -EFAULT : 0); |
961 | } | 961 | } |
962 | return ret; | 962 | return ret; |
963 | } | 963 | } |
964 | 964 | ||
965 | static int proc_connectinfo(struct dev_state *ps, void __user *arg) | 965 | static int proc_connectinfo(struct dev_state *ps, void __user *arg) |
966 | { | 966 | { |
967 | struct usbdevfs_connectinfo ci = { | 967 | struct usbdevfs_connectinfo ci = { |
968 | .devnum = ps->dev->devnum, | 968 | .devnum = ps->dev->devnum, |
969 | .slow = ps->dev->speed == USB_SPEED_LOW | 969 | .slow = ps->dev->speed == USB_SPEED_LOW |
970 | }; | 970 | }; |
971 | 971 | ||
972 | if (copy_to_user(arg, &ci, sizeof(ci))) | 972 | if (copy_to_user(arg, &ci, sizeof(ci))) |
973 | return -EFAULT; | 973 | return -EFAULT; |
974 | return 0; | 974 | return 0; |
975 | } | 975 | } |
976 | 976 | ||
977 | static int proc_resetdevice(struct dev_state *ps) | 977 | static int proc_resetdevice(struct dev_state *ps) |
978 | { | 978 | { |
979 | return usb_reset_device(ps->dev); | 979 | return usb_reset_device(ps->dev); |
980 | } | 980 | } |
981 | 981 | ||
982 | static int proc_setintf(struct dev_state *ps, void __user *arg) | 982 | static int proc_setintf(struct dev_state *ps, void __user *arg) |
983 | { | 983 | { |
984 | struct usbdevfs_setinterface setintf; | 984 | struct usbdevfs_setinterface setintf; |
985 | int ret; | 985 | int ret; |
986 | 986 | ||
987 | if (copy_from_user(&setintf, arg, sizeof(setintf))) | 987 | if (copy_from_user(&setintf, arg, sizeof(setintf))) |
988 | return -EFAULT; | 988 | return -EFAULT; |
989 | if ((ret = checkintf(ps, setintf.interface))) | 989 | if ((ret = checkintf(ps, setintf.interface))) |
990 | return ret; | 990 | return ret; |
991 | return usb_set_interface(ps->dev, setintf.interface, | 991 | return usb_set_interface(ps->dev, setintf.interface, |
992 | setintf.altsetting); | 992 | setintf.altsetting); |
993 | } | 993 | } |
994 | 994 | ||
995 | static int proc_setconfig(struct dev_state *ps, void __user *arg) | 995 | static int proc_setconfig(struct dev_state *ps, void __user *arg) |
996 | { | 996 | { |
997 | int u; | 997 | int u; |
998 | int status = 0; | 998 | int status = 0; |
999 | struct usb_host_config *actconfig; | 999 | struct usb_host_config *actconfig; |
1000 | 1000 | ||
1001 | if (get_user(u, (int __user *)arg)) | 1001 | if (get_user(u, (int __user *)arg)) |
1002 | return -EFAULT; | 1002 | return -EFAULT; |
1003 | 1003 | ||
1004 | actconfig = ps->dev->actconfig; | 1004 | actconfig = ps->dev->actconfig; |
1005 | 1005 | ||
1006 | /* Don't touch the device if any interfaces are claimed. | 1006 | /* Don't touch the device if any interfaces are claimed. |
1007 | * It could interfere with other drivers' operations, and if | 1007 | * It could interfere with other drivers' operations, and if |
1008 | * an interface is claimed by usbfs it could easily deadlock. | 1008 | * an interface is claimed by usbfs it could easily deadlock. |
1009 | */ | 1009 | */ |
1010 | if (actconfig) { | 1010 | if (actconfig) { |
1011 | int i; | 1011 | int i; |
1012 | 1012 | ||
1013 | for (i = 0; i < actconfig->desc.bNumInterfaces; ++i) { | 1013 | for (i = 0; i < actconfig->desc.bNumInterfaces; ++i) { |
1014 | if (usb_interface_claimed(actconfig->interface[i])) { | 1014 | if (usb_interface_claimed(actconfig->interface[i])) { |
1015 | dev_warn(&ps->dev->dev, | 1015 | dev_warn(&ps->dev->dev, |
1016 | "usbfs: interface %d claimed by %s " | 1016 | "usbfs: interface %d claimed by %s " |
1017 | "while '%s' sets config #%d\n", | 1017 | "while '%s' sets config #%d\n", |
1018 | actconfig->interface[i] | 1018 | actconfig->interface[i] |
1019 | ->cur_altsetting | 1019 | ->cur_altsetting |
1020 | ->desc.bInterfaceNumber, | 1020 | ->desc.bInterfaceNumber, |
1021 | actconfig->interface[i] | 1021 | actconfig->interface[i] |
1022 | ->dev.driver->name, | 1022 | ->dev.driver->name, |
1023 | current->comm, u); | 1023 | current->comm, u); |
1024 | status = -EBUSY; | 1024 | status = -EBUSY; |
1025 | break; | 1025 | break; |
1026 | } | 1026 | } |
1027 | } | 1027 | } |
1028 | } | 1028 | } |
1029 | 1029 | ||
1030 | /* SET_CONFIGURATION is often abused as a "cheap" driver reset, | 1030 | /* SET_CONFIGURATION is often abused as a "cheap" driver reset, |
1031 | * so avoid usb_set_configuration()'s kick to sysfs | 1031 | * so avoid usb_set_configuration()'s kick to sysfs |
1032 | */ | 1032 | */ |
1033 | if (status == 0) { | 1033 | if (status == 0) { |
1034 | if (actconfig && actconfig->desc.bConfigurationValue == u) | 1034 | if (actconfig && actconfig->desc.bConfigurationValue == u) |
1035 | status = usb_reset_configuration(ps->dev); | 1035 | status = usb_reset_configuration(ps->dev); |
1036 | else | 1036 | else |
1037 | status = usb_set_configuration(ps->dev, u); | 1037 | status = usb_set_configuration(ps->dev, u); |
1038 | } | 1038 | } |
1039 | 1039 | ||
1040 | return status; | 1040 | return status; |
1041 | } | 1041 | } |
1042 | 1042 | ||
1043 | static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb, | 1043 | static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb, |
1044 | struct usbdevfs_iso_packet_desc __user *iso_frame_desc, | 1044 | struct usbdevfs_iso_packet_desc __user *iso_frame_desc, |
1045 | void __user *arg) | 1045 | void __user *arg) |
1046 | { | 1046 | { |
1047 | struct usbdevfs_iso_packet_desc *isopkt = NULL; | 1047 | struct usbdevfs_iso_packet_desc *isopkt = NULL; |
1048 | struct usb_host_endpoint *ep; | 1048 | struct usb_host_endpoint *ep; |
1049 | struct async *as; | 1049 | struct async *as; |
1050 | struct usb_ctrlrequest *dr = NULL; | 1050 | struct usb_ctrlrequest *dr = NULL; |
1051 | const struct cred *cred = current_cred(); | 1051 | const struct cred *cred = current_cred(); |
1052 | unsigned int u, totlen, isofrmlen; | 1052 | unsigned int u, totlen, isofrmlen; |
1053 | int ret, ifnum = -1; | 1053 | int ret, ifnum = -1; |
1054 | int is_in; | 1054 | int is_in; |
1055 | 1055 | ||
1056 | if (uurb->flags & ~(USBDEVFS_URB_ISO_ASAP | | 1056 | if (uurb->flags & ~(USBDEVFS_URB_ISO_ASAP | |
1057 | USBDEVFS_URB_SHORT_NOT_OK | | 1057 | USBDEVFS_URB_SHORT_NOT_OK | |
1058 | USBDEVFS_URB_BULK_CONTINUATION | | 1058 | USBDEVFS_URB_BULK_CONTINUATION | |
1059 | USBDEVFS_URB_NO_FSBR | | 1059 | USBDEVFS_URB_NO_FSBR | |
1060 | USBDEVFS_URB_ZERO_PACKET | | 1060 | USBDEVFS_URB_ZERO_PACKET | |
1061 | USBDEVFS_URB_NO_INTERRUPT)) | 1061 | USBDEVFS_URB_NO_INTERRUPT)) |
1062 | return -EINVAL; | 1062 | return -EINVAL; |
1063 | if (uurb->buffer_length > 0 && !uurb->buffer) | 1063 | if (uurb->buffer_length > 0 && !uurb->buffer) |
1064 | return -EINVAL; | 1064 | return -EINVAL; |
1065 | if (!(uurb->type == USBDEVFS_URB_TYPE_CONTROL && | 1065 | if (!(uurb->type == USBDEVFS_URB_TYPE_CONTROL && |
1066 | (uurb->endpoint & ~USB_ENDPOINT_DIR_MASK) == 0)) { | 1066 | (uurb->endpoint & ~USB_ENDPOINT_DIR_MASK) == 0)) { |
1067 | ifnum = findintfep(ps->dev, uurb->endpoint); | 1067 | ifnum = findintfep(ps->dev, uurb->endpoint); |
1068 | if (ifnum < 0) | 1068 | if (ifnum < 0) |
1069 | return ifnum; | 1069 | return ifnum; |
1070 | ret = checkintf(ps, ifnum); | 1070 | ret = checkintf(ps, ifnum); |
1071 | if (ret) | 1071 | if (ret) |
1072 | return ret; | 1072 | return ret; |
1073 | } | 1073 | } |
1074 | if ((uurb->endpoint & USB_ENDPOINT_DIR_MASK) != 0) { | 1074 | if ((uurb->endpoint & USB_ENDPOINT_DIR_MASK) != 0) { |
1075 | is_in = 1; | 1075 | is_in = 1; |
1076 | ep = ps->dev->ep_in[uurb->endpoint & USB_ENDPOINT_NUMBER_MASK]; | 1076 | ep = ps->dev->ep_in[uurb->endpoint & USB_ENDPOINT_NUMBER_MASK]; |
1077 | } else { | 1077 | } else { |
1078 | is_in = 0; | 1078 | is_in = 0; |
1079 | ep = ps->dev->ep_out[uurb->endpoint & USB_ENDPOINT_NUMBER_MASK]; | 1079 | ep = ps->dev->ep_out[uurb->endpoint & USB_ENDPOINT_NUMBER_MASK]; |
1080 | } | 1080 | } |
1081 | if (!ep) | 1081 | if (!ep) |
1082 | return -ENOENT; | 1082 | return -ENOENT; |
1083 | switch(uurb->type) { | 1083 | switch(uurb->type) { |
1084 | case USBDEVFS_URB_TYPE_CONTROL: | 1084 | case USBDEVFS_URB_TYPE_CONTROL: |
1085 | if (!usb_endpoint_xfer_control(&ep->desc)) | 1085 | if (!usb_endpoint_xfer_control(&ep->desc)) |
1086 | return -EINVAL; | 1086 | return -EINVAL; |
1087 | /* min 8 byte setup packet, | 1087 | /* min 8 byte setup packet, |
1088 | * max 8 byte setup plus an arbitrary data stage */ | 1088 | * max 8 byte setup plus an arbitrary data stage */ |
1089 | if (uurb->buffer_length < 8 || | 1089 | if (uurb->buffer_length < 8 || |
1090 | uurb->buffer_length > (8 + MAX_USBFS_BUFFER_SIZE)) | 1090 | uurb->buffer_length > (8 + MAX_USBFS_BUFFER_SIZE)) |
1091 | return -EINVAL; | 1091 | return -EINVAL; |
1092 | dr = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL); | 1092 | dr = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL); |
1093 | if (!dr) | 1093 | if (!dr) |
1094 | return -ENOMEM; | 1094 | return -ENOMEM; |
1095 | if (copy_from_user(dr, uurb->buffer, 8)) { | 1095 | if (copy_from_user(dr, uurb->buffer, 8)) { |
1096 | kfree(dr); | 1096 | kfree(dr); |
1097 | return -EFAULT; | 1097 | return -EFAULT; |
1098 | } | 1098 | } |
1099 | if (uurb->buffer_length < (le16_to_cpup(&dr->wLength) + 8)) { | 1099 | if (uurb->buffer_length < (le16_to_cpup(&dr->wLength) + 8)) { |
1100 | kfree(dr); | 1100 | kfree(dr); |
1101 | return -EINVAL; | 1101 | return -EINVAL; |
1102 | } | 1102 | } |
1103 | ret = check_ctrlrecip(ps, dr->bRequestType, | 1103 | ret = check_ctrlrecip(ps, dr->bRequestType, |
1104 | le16_to_cpup(&dr->wIndex)); | 1104 | le16_to_cpup(&dr->wIndex)); |
1105 | if (ret) { | 1105 | if (ret) { |
1106 | kfree(dr); | 1106 | kfree(dr); |
1107 | return ret; | 1107 | return ret; |
1108 | } | 1108 | } |
1109 | uurb->number_of_packets = 0; | 1109 | uurb->number_of_packets = 0; |
1110 | uurb->buffer_length = le16_to_cpup(&dr->wLength); | 1110 | uurb->buffer_length = le16_to_cpup(&dr->wLength); |
1111 | uurb->buffer += 8; | 1111 | uurb->buffer += 8; |
1112 | if ((dr->bRequestType & USB_DIR_IN) && uurb->buffer_length) { | 1112 | if ((dr->bRequestType & USB_DIR_IN) && uurb->buffer_length) { |
1113 | is_in = 1; | 1113 | is_in = 1; |
1114 | uurb->endpoint |= USB_DIR_IN; | 1114 | uurb->endpoint |= USB_DIR_IN; |
1115 | } else { | 1115 | } else { |
1116 | is_in = 0; | 1116 | is_in = 0; |
1117 | uurb->endpoint &= ~USB_DIR_IN; | 1117 | uurb->endpoint &= ~USB_DIR_IN; |
1118 | } | 1118 | } |
1119 | snoop(&ps->dev->dev, "control urb: bRequestType=%02x " | 1119 | snoop(&ps->dev->dev, "control urb: bRequestType=%02x " |
1120 | "bRequest=%02x wValue=%04x " | 1120 | "bRequest=%02x wValue=%04x " |
1121 | "wIndex=%04x wLength=%04x\n", | 1121 | "wIndex=%04x wLength=%04x\n", |
1122 | dr->bRequestType, dr->bRequest, | 1122 | dr->bRequestType, dr->bRequest, |
1123 | __le16_to_cpup(&dr->wValue), | 1123 | __le16_to_cpup(&dr->wValue), |
1124 | __le16_to_cpup(&dr->wIndex), | 1124 | __le16_to_cpup(&dr->wIndex), |
1125 | __le16_to_cpup(&dr->wLength)); | 1125 | __le16_to_cpup(&dr->wLength)); |
1126 | break; | 1126 | break; |
1127 | 1127 | ||
1128 | case USBDEVFS_URB_TYPE_BULK: | 1128 | case USBDEVFS_URB_TYPE_BULK: |
1129 | switch (usb_endpoint_type(&ep->desc)) { | 1129 | switch (usb_endpoint_type(&ep->desc)) { |
1130 | case USB_ENDPOINT_XFER_CONTROL: | 1130 | case USB_ENDPOINT_XFER_CONTROL: |
1131 | case USB_ENDPOINT_XFER_ISOC: | 1131 | case USB_ENDPOINT_XFER_ISOC: |
1132 | return -EINVAL; | 1132 | return -EINVAL; |
1133 | case USB_ENDPOINT_XFER_INT: | 1133 | case USB_ENDPOINT_XFER_INT: |
1134 | /* allow single-shot interrupt transfers */ | 1134 | /* allow single-shot interrupt transfers */ |
1135 | uurb->type = USBDEVFS_URB_TYPE_INTERRUPT; | 1135 | uurb->type = USBDEVFS_URB_TYPE_INTERRUPT; |
1136 | goto interrupt_urb; | 1136 | goto interrupt_urb; |
1137 | } | 1137 | } |
1138 | uurb->number_of_packets = 0; | 1138 | uurb->number_of_packets = 0; |
1139 | if (uurb->buffer_length > MAX_USBFS_BUFFER_SIZE) | 1139 | if (uurb->buffer_length > MAX_USBFS_BUFFER_SIZE) |
1140 | return -EINVAL; | 1140 | return -EINVAL; |
1141 | break; | 1141 | break; |
1142 | 1142 | ||
1143 | case USBDEVFS_URB_TYPE_INTERRUPT: | 1143 | case USBDEVFS_URB_TYPE_INTERRUPT: |
1144 | if (!usb_endpoint_xfer_int(&ep->desc)) | 1144 | if (!usb_endpoint_xfer_int(&ep->desc)) |
1145 | return -EINVAL; | 1145 | return -EINVAL; |
1146 | interrupt_urb: | 1146 | interrupt_urb: |
1147 | uurb->number_of_packets = 0; | 1147 | uurb->number_of_packets = 0; |
1148 | if (uurb->buffer_length > MAX_USBFS_BUFFER_SIZE) | 1148 | if (uurb->buffer_length > MAX_USBFS_BUFFER_SIZE) |
1149 | return -EINVAL; | 1149 | return -EINVAL; |
1150 | break; | 1150 | break; |
1151 | 1151 | ||
1152 | case USBDEVFS_URB_TYPE_ISO: | 1152 | case USBDEVFS_URB_TYPE_ISO: |
1153 | /* arbitrary limit */ | 1153 | /* arbitrary limit */ |
1154 | if (uurb->number_of_packets < 1 || | 1154 | if (uurb->number_of_packets < 1 || |
1155 | uurb->number_of_packets > 128) | 1155 | uurb->number_of_packets > 128) |
1156 | return -EINVAL; | 1156 | return -EINVAL; |
1157 | if (!usb_endpoint_xfer_isoc(&ep->desc)) | 1157 | if (!usb_endpoint_xfer_isoc(&ep->desc)) |
1158 | return -EINVAL; | 1158 | return -EINVAL; |
1159 | isofrmlen = sizeof(struct usbdevfs_iso_packet_desc) * | 1159 | isofrmlen = sizeof(struct usbdevfs_iso_packet_desc) * |
1160 | uurb->number_of_packets; | 1160 | uurb->number_of_packets; |
1161 | if (!(isopkt = kmalloc(isofrmlen, GFP_KERNEL))) | 1161 | if (!(isopkt = kmalloc(isofrmlen, GFP_KERNEL))) |
1162 | return -ENOMEM; | 1162 | return -ENOMEM; |
1163 | if (copy_from_user(isopkt, iso_frame_desc, isofrmlen)) { | 1163 | if (copy_from_user(isopkt, iso_frame_desc, isofrmlen)) { |
1164 | kfree(isopkt); | 1164 | kfree(isopkt); |
1165 | return -EFAULT; | 1165 | return -EFAULT; |
1166 | } | 1166 | } |
1167 | for (totlen = u = 0; u < uurb->number_of_packets; u++) { | 1167 | for (totlen = u = 0; u < uurb->number_of_packets; u++) { |
1168 | /* arbitrary limit, | 1168 | /* arbitrary limit, |
1169 | * sufficient for USB 2.0 high-bandwidth iso */ | 1169 | * sufficient for USB 2.0 high-bandwidth iso */ |
1170 | if (isopkt[u].length > 8192) { | 1170 | if (isopkt[u].length > 8192) { |
1171 | kfree(isopkt); | 1171 | kfree(isopkt); |
1172 | return -EINVAL; | 1172 | return -EINVAL; |
1173 | } | 1173 | } |
1174 | totlen += isopkt[u].length; | 1174 | totlen += isopkt[u].length; |
1175 | } | 1175 | } |
1176 | /* 3072 * 64 microframes */ | 1176 | /* 3072 * 64 microframes */ |
1177 | if (totlen > 196608) { | 1177 | if (totlen > 196608) { |
1178 | kfree(isopkt); | 1178 | kfree(isopkt); |
1179 | return -EINVAL; | 1179 | return -EINVAL; |
1180 | } | 1180 | } |
1181 | uurb->buffer_length = totlen; | 1181 | uurb->buffer_length = totlen; |
1182 | break; | 1182 | break; |
1183 | 1183 | ||
1184 | default: | 1184 | default: |
1185 | return -EINVAL; | 1185 | return -EINVAL; |
1186 | } | 1186 | } |
1187 | if (uurb->buffer_length > 0 && | 1187 | if (uurb->buffer_length > 0 && |
1188 | !access_ok(is_in ? VERIFY_WRITE : VERIFY_READ, | 1188 | !access_ok(is_in ? VERIFY_WRITE : VERIFY_READ, |
1189 | uurb->buffer, uurb->buffer_length)) { | 1189 | uurb->buffer, uurb->buffer_length)) { |
1190 | kfree(isopkt); | 1190 | kfree(isopkt); |
1191 | kfree(dr); | 1191 | kfree(dr); |
1192 | return -EFAULT; | 1192 | return -EFAULT; |
1193 | } | 1193 | } |
1194 | as = alloc_async(uurb->number_of_packets); | 1194 | as = alloc_async(uurb->number_of_packets); |
1195 | if (!as) { | 1195 | if (!as) { |
1196 | kfree(isopkt); | 1196 | kfree(isopkt); |
1197 | kfree(dr); | 1197 | kfree(dr); |
1198 | return -ENOMEM; | 1198 | return -ENOMEM; |
1199 | } | 1199 | } |
1200 | if (uurb->buffer_length > 0) { | 1200 | if (uurb->buffer_length > 0) { |
1201 | as->urb->transfer_buffer = kmalloc(uurb->buffer_length, | 1201 | as->urb->transfer_buffer = kmalloc(uurb->buffer_length, |
1202 | GFP_KERNEL); | 1202 | GFP_KERNEL); |
1203 | if (!as->urb->transfer_buffer) { | 1203 | if (!as->urb->transfer_buffer) { |
1204 | kfree(isopkt); | 1204 | kfree(isopkt); |
1205 | kfree(dr); | 1205 | kfree(dr); |
1206 | free_async(as); | 1206 | free_async(as); |
1207 | return -ENOMEM; | 1207 | return -ENOMEM; |
1208 | } | 1208 | } |
1209 | /* Isochronous input data may end up being discontiguous | 1209 | /* Isochronous input data may end up being discontiguous |
1210 | * if some of the packets are short. Clear the buffer so | 1210 | * if some of the packets are short. Clear the buffer so |
1211 | * that the gaps don't leak kernel data to userspace. | 1211 | * that the gaps don't leak kernel data to userspace. |
1212 | */ | 1212 | */ |
1213 | if (is_in && uurb->type == USBDEVFS_URB_TYPE_ISO) | 1213 | if (is_in && uurb->type == USBDEVFS_URB_TYPE_ISO) |
1214 | memset(as->urb->transfer_buffer, 0, | 1214 | memset(as->urb->transfer_buffer, 0, |
1215 | uurb->buffer_length); | 1215 | uurb->buffer_length); |
1216 | } | 1216 | } |
1217 | as->urb->dev = ps->dev; | 1217 | as->urb->dev = ps->dev; |
1218 | as->urb->pipe = (uurb->type << 30) | | 1218 | as->urb->pipe = (uurb->type << 30) | |
1219 | __create_pipe(ps->dev, uurb->endpoint & 0xf) | | 1219 | __create_pipe(ps->dev, uurb->endpoint & 0xf) | |
1220 | (uurb->endpoint & USB_DIR_IN); | 1220 | (uurb->endpoint & USB_DIR_IN); |
1221 | 1221 | ||
1222 | /* This tedious sequence is necessary because the URB_* flags | 1222 | /* This tedious sequence is necessary because the URB_* flags |
1223 | * are internal to the kernel and subject to change, whereas | 1223 | * are internal to the kernel and subject to change, whereas |
1224 | * the USBDEVFS_URB_* flags are a user API and must not be changed. | 1224 | * the USBDEVFS_URB_* flags are a user API and must not be changed. |
1225 | */ | 1225 | */ |
1226 | u = (is_in ? URB_DIR_IN : URB_DIR_OUT); | 1226 | u = (is_in ? URB_DIR_IN : URB_DIR_OUT); |
1227 | if (uurb->flags & USBDEVFS_URB_ISO_ASAP) | 1227 | if (uurb->flags & USBDEVFS_URB_ISO_ASAP) |
1228 | u |= URB_ISO_ASAP; | 1228 | u |= URB_ISO_ASAP; |
1229 | if (uurb->flags & USBDEVFS_URB_SHORT_NOT_OK) | 1229 | if (uurb->flags & USBDEVFS_URB_SHORT_NOT_OK) |
1230 | u |= URB_SHORT_NOT_OK; | 1230 | u |= URB_SHORT_NOT_OK; |
1231 | if (uurb->flags & USBDEVFS_URB_NO_FSBR) | 1231 | if (uurb->flags & USBDEVFS_URB_NO_FSBR) |
1232 | u |= URB_NO_FSBR; | 1232 | u |= URB_NO_FSBR; |
1233 | if (uurb->flags & USBDEVFS_URB_ZERO_PACKET) | 1233 | if (uurb->flags & USBDEVFS_URB_ZERO_PACKET) |
1234 | u |= URB_ZERO_PACKET; | 1234 | u |= URB_ZERO_PACKET; |
1235 | if (uurb->flags & USBDEVFS_URB_NO_INTERRUPT) | 1235 | if (uurb->flags & USBDEVFS_URB_NO_INTERRUPT) |
1236 | u |= URB_NO_INTERRUPT; | 1236 | u |= URB_NO_INTERRUPT; |
1237 | as->urb->transfer_flags = u; | 1237 | as->urb->transfer_flags = u; |
1238 | 1238 | ||
1239 | as->urb->transfer_buffer_length = uurb->buffer_length; | 1239 | as->urb->transfer_buffer_length = uurb->buffer_length; |
1240 | as->urb->setup_packet = (unsigned char *)dr; | 1240 | as->urb->setup_packet = (unsigned char *)dr; |
1241 | as->urb->start_frame = uurb->start_frame; | 1241 | as->urb->start_frame = uurb->start_frame; |
1242 | as->urb->number_of_packets = uurb->number_of_packets; | 1242 | as->urb->number_of_packets = uurb->number_of_packets; |
1243 | if (uurb->type == USBDEVFS_URB_TYPE_ISO || | 1243 | if (uurb->type == USBDEVFS_URB_TYPE_ISO || |
1244 | ps->dev->speed == USB_SPEED_HIGH) | 1244 | ps->dev->speed == USB_SPEED_HIGH) |
1245 | as->urb->interval = 1 << min(15, ep->desc.bInterval - 1); | 1245 | as->urb->interval = 1 << min(15, ep->desc.bInterval - 1); |
1246 | else | 1246 | else |
1247 | as->urb->interval = ep->desc.bInterval; | 1247 | as->urb->interval = ep->desc.bInterval; |
1248 | as->urb->context = as; | 1248 | as->urb->context = as; |
1249 | as->urb->complete = async_completed; | 1249 | as->urb->complete = async_completed; |
1250 | for (totlen = u = 0; u < uurb->number_of_packets; u++) { | 1250 | for (totlen = u = 0; u < uurb->number_of_packets; u++) { |
1251 | as->urb->iso_frame_desc[u].offset = totlen; | 1251 | as->urb->iso_frame_desc[u].offset = totlen; |
1252 | as->urb->iso_frame_desc[u].length = isopkt[u].length; | 1252 | as->urb->iso_frame_desc[u].length = isopkt[u].length; |
1253 | totlen += isopkt[u].length; | 1253 | totlen += isopkt[u].length; |
1254 | } | 1254 | } |
1255 | kfree(isopkt); | 1255 | kfree(isopkt); |
1256 | as->ps = ps; | 1256 | as->ps = ps; |
1257 | as->userurb = arg; | 1257 | as->userurb = arg; |
1258 | if (is_in && uurb->buffer_length > 0) | 1258 | if (is_in && uurb->buffer_length > 0) |
1259 | as->userbuffer = uurb->buffer; | 1259 | as->userbuffer = uurb->buffer; |
1260 | else | 1260 | else |
1261 | as->userbuffer = NULL; | 1261 | as->userbuffer = NULL; |
1262 | as->signr = uurb->signr; | 1262 | as->signr = uurb->signr; |
1263 | as->ifnum = ifnum; | 1263 | as->ifnum = ifnum; |
1264 | as->pid = get_pid(task_pid(current)); | 1264 | as->pid = get_pid(task_pid(current)); |
1265 | as->uid = cred->uid; | 1265 | as->uid = cred->uid; |
1266 | as->euid = cred->euid; | 1266 | as->euid = cred->euid; |
1267 | security_task_getsecid(current, &as->secid); | 1267 | security_task_getsecid(current, &as->secid); |
1268 | if (!is_in && uurb->buffer_length > 0) { | 1268 | if (!is_in && uurb->buffer_length > 0) { |
1269 | if (copy_from_user(as->urb->transfer_buffer, uurb->buffer, | 1269 | if (copy_from_user(as->urb->transfer_buffer, uurb->buffer, |
1270 | uurb->buffer_length)) { | 1270 | uurb->buffer_length)) { |
1271 | free_async(as); | 1271 | free_async(as); |
1272 | return -EFAULT; | 1272 | return -EFAULT; |
1273 | } | 1273 | } |
1274 | } | 1274 | } |
1275 | snoop_urb(ps->dev, as->userurb, as->urb->pipe, | 1275 | snoop_urb(ps->dev, as->userurb, as->urb->pipe, |
1276 | as->urb->transfer_buffer_length, 0, SUBMIT, | 1276 | as->urb->transfer_buffer_length, 0, SUBMIT, |
1277 | is_in ? NULL : as->urb->transfer_buffer, | 1277 | is_in ? NULL : as->urb->transfer_buffer, |
1278 | uurb->buffer_length); | 1278 | uurb->buffer_length); |
1279 | async_newpending(as); | 1279 | async_newpending(as); |
1280 | 1280 | ||
1281 | if (usb_endpoint_xfer_bulk(&ep->desc)) { | 1281 | if (usb_endpoint_xfer_bulk(&ep->desc)) { |
1282 | spin_lock_irq(&ps->lock); | 1282 | spin_lock_irq(&ps->lock); |
1283 | 1283 | ||
1284 | /* Not exactly the endpoint address; the direction bit is | 1284 | /* Not exactly the endpoint address; the direction bit is |
1285 | * shifted to the 0x10 position so that the value will be | 1285 | * shifted to the 0x10 position so that the value will be |
1286 | * between 0 and 31. | 1286 | * between 0 and 31. |
1287 | */ | 1287 | */ |
1288 | as->bulk_addr = usb_endpoint_num(&ep->desc) | | 1288 | as->bulk_addr = usb_endpoint_num(&ep->desc) | |
1289 | ((ep->desc.bEndpointAddress & USB_ENDPOINT_DIR_MASK) | 1289 | ((ep->desc.bEndpointAddress & USB_ENDPOINT_DIR_MASK) |
1290 | >> 3); | 1290 | >> 3); |
1291 | 1291 | ||
1292 | /* If this bulk URB is the start of a new transfer, re-enable | 1292 | /* If this bulk URB is the start of a new transfer, re-enable |
1293 | * the endpoint. Otherwise mark it as a continuation URB. | 1293 | * the endpoint. Otherwise mark it as a continuation URB. |
1294 | */ | 1294 | */ |
1295 | if (uurb->flags & USBDEVFS_URB_BULK_CONTINUATION) | 1295 | if (uurb->flags & USBDEVFS_URB_BULK_CONTINUATION) |
1296 | as->bulk_status = AS_CONTINUATION; | 1296 | as->bulk_status = AS_CONTINUATION; |
1297 | else | 1297 | else |
1298 | ps->disabled_bulk_eps &= ~(1 << as->bulk_addr); | 1298 | ps->disabled_bulk_eps &= ~(1 << as->bulk_addr); |
1299 | 1299 | ||
1300 | /* Don't accept continuation URBs if the endpoint is | 1300 | /* Don't accept continuation URBs if the endpoint is |
1301 | * disabled because of an earlier error. | 1301 | * disabled because of an earlier error. |
1302 | */ | 1302 | */ |
1303 | if (ps->disabled_bulk_eps & (1 << as->bulk_addr)) | 1303 | if (ps->disabled_bulk_eps & (1 << as->bulk_addr)) |
1304 | ret = -EREMOTEIO; | 1304 | ret = -EREMOTEIO; |
1305 | else | 1305 | else |
1306 | ret = usb_submit_urb(as->urb, GFP_ATOMIC); | 1306 | ret = usb_submit_urb(as->urb, GFP_ATOMIC); |
1307 | spin_unlock_irq(&ps->lock); | 1307 | spin_unlock_irq(&ps->lock); |
1308 | } else { | 1308 | } else { |
1309 | ret = usb_submit_urb(as->urb, GFP_KERNEL); | 1309 | ret = usb_submit_urb(as->urb, GFP_KERNEL); |
1310 | } | 1310 | } |
1311 | 1311 | ||
1312 | if (ret) { | 1312 | if (ret) { |
1313 | dev_printk(KERN_DEBUG, &ps->dev->dev, | 1313 | dev_printk(KERN_DEBUG, &ps->dev->dev, |
1314 | "usbfs: usb_submit_urb returned %d\n", ret); | 1314 | "usbfs: usb_submit_urb returned %d\n", ret); |
1315 | snoop_urb(ps->dev, as->userurb, as->urb->pipe, | 1315 | snoop_urb(ps->dev, as->userurb, as->urb->pipe, |
1316 | 0, ret, COMPLETE, NULL, 0); | 1316 | 0, ret, COMPLETE, NULL, 0); |
1317 | async_removepending(as); | 1317 | async_removepending(as); |
1318 | free_async(as); | 1318 | free_async(as); |
1319 | return ret; | 1319 | return ret; |
1320 | } | 1320 | } |
1321 | return 0; | 1321 | return 0; |
1322 | } | 1322 | } |
1323 | 1323 | ||
1324 | static int proc_submiturb(struct dev_state *ps, void __user *arg) | 1324 | static int proc_submiturb(struct dev_state *ps, void __user *arg) |
1325 | { | 1325 | { |
1326 | struct usbdevfs_urb uurb; | 1326 | struct usbdevfs_urb uurb; |
1327 | 1327 | ||
1328 | if (copy_from_user(&uurb, arg, sizeof(uurb))) | 1328 | if (copy_from_user(&uurb, arg, sizeof(uurb))) |
1329 | return -EFAULT; | 1329 | return -EFAULT; |
1330 | 1330 | ||
1331 | return proc_do_submiturb(ps, &uurb, | 1331 | return proc_do_submiturb(ps, &uurb, |
1332 | (((struct usbdevfs_urb __user *)arg)->iso_frame_desc), | 1332 | (((struct usbdevfs_urb __user *)arg)->iso_frame_desc), |
1333 | arg); | 1333 | arg); |
1334 | } | 1334 | } |
1335 | 1335 | ||
1336 | static int proc_unlinkurb(struct dev_state *ps, void __user *arg) | 1336 | static int proc_unlinkurb(struct dev_state *ps, void __user *arg) |
1337 | { | 1337 | { |
1338 | struct async *as; | 1338 | struct async *as; |
1339 | 1339 | ||
1340 | as = async_getpending(ps, arg); | 1340 | as = async_getpending(ps, arg); |
1341 | if (!as) | 1341 | if (!as) |
1342 | return -EINVAL; | 1342 | return -EINVAL; |
1343 | usb_kill_urb(as->urb); | 1343 | usb_kill_urb(as->urb); |
1344 | return 0; | 1344 | return 0; |
1345 | } | 1345 | } |
1346 | 1346 | ||
1347 | static int processcompl(struct async *as, void __user * __user *arg) | 1347 | static int processcompl(struct async *as, void __user * __user *arg) |
1348 | { | 1348 | { |
1349 | struct urb *urb = as->urb; | 1349 | struct urb *urb = as->urb; |
1350 | struct usbdevfs_urb __user *userurb = as->userurb; | 1350 | struct usbdevfs_urb __user *userurb = as->userurb; |
1351 | void __user *addr = as->userurb; | 1351 | void __user *addr = as->userurb; |
1352 | unsigned int i; | 1352 | unsigned int i; |
1353 | 1353 | ||
1354 | if (as->userbuffer && urb->actual_length) { | 1354 | if (as->userbuffer && urb->actual_length) { |
1355 | if (urb->number_of_packets > 0) /* Isochronous */ | 1355 | if (urb->number_of_packets > 0) /* Isochronous */ |
1356 | i = urb->transfer_buffer_length; | 1356 | i = urb->transfer_buffer_length; |
1357 | else /* Non-Isoc */ | 1357 | else /* Non-Isoc */ |
1358 | i = urb->actual_length; | 1358 | i = urb->actual_length; |
1359 | if (copy_to_user(as->userbuffer, urb->transfer_buffer, i)) | 1359 | if (copy_to_user(as->userbuffer, urb->transfer_buffer, i)) |
1360 | goto err_out; | 1360 | goto err_out; |
1361 | } | 1361 | } |
1362 | if (put_user(as->status, &userurb->status)) | 1362 | if (put_user(as->status, &userurb->status)) |
1363 | goto err_out; | 1363 | goto err_out; |
1364 | if (put_user(urb->actual_length, &userurb->actual_length)) | 1364 | if (put_user(urb->actual_length, &userurb->actual_length)) |
1365 | goto err_out; | 1365 | goto err_out; |
1366 | if (put_user(urb->error_count, &userurb->error_count)) | 1366 | if (put_user(urb->error_count, &userurb->error_count)) |
1367 | goto err_out; | 1367 | goto err_out; |
1368 | 1368 | ||
1369 | if (usb_endpoint_xfer_isoc(&urb->ep->desc)) { | 1369 | if (usb_endpoint_xfer_isoc(&urb->ep->desc)) { |
1370 | for (i = 0; i < urb->number_of_packets; i++) { | 1370 | for (i = 0; i < urb->number_of_packets; i++) { |
1371 | if (put_user(urb->iso_frame_desc[i].actual_length, | 1371 | if (put_user(urb->iso_frame_desc[i].actual_length, |
1372 | &userurb->iso_frame_desc[i].actual_length)) | 1372 | &userurb->iso_frame_desc[i].actual_length)) |
1373 | goto err_out; | 1373 | goto err_out; |
1374 | if (put_user(urb->iso_frame_desc[i].status, | 1374 | if (put_user(urb->iso_frame_desc[i].status, |
1375 | &userurb->iso_frame_desc[i].status)) | 1375 | &userurb->iso_frame_desc[i].status)) |
1376 | goto err_out; | 1376 | goto err_out; |
1377 | } | 1377 | } |
1378 | } | 1378 | } |
1379 | 1379 | ||
1380 | if (put_user(addr, (void __user * __user *)arg)) | 1380 | if (put_user(addr, (void __user * __user *)arg)) |
1381 | return -EFAULT; | 1381 | return -EFAULT; |
1382 | return 0; | 1382 | return 0; |
1383 | 1383 | ||
1384 | err_out: | 1384 | err_out: |
1385 | return -EFAULT; | 1385 | return -EFAULT; |
1386 | } | 1386 | } |
1387 | 1387 | ||
1388 | static struct async *reap_as(struct dev_state *ps) | 1388 | static struct async *reap_as(struct dev_state *ps) |
1389 | { | 1389 | { |
1390 | DECLARE_WAITQUEUE(wait, current); | 1390 | DECLARE_WAITQUEUE(wait, current); |
1391 | struct async *as = NULL; | 1391 | struct async *as = NULL; |
1392 | struct usb_device *dev = ps->dev; | 1392 | struct usb_device *dev = ps->dev; |
1393 | 1393 | ||
1394 | add_wait_queue(&ps->wait, &wait); | 1394 | add_wait_queue(&ps->wait, &wait); |
1395 | for (;;) { | 1395 | for (;;) { |
1396 | __set_current_state(TASK_INTERRUPTIBLE); | 1396 | __set_current_state(TASK_INTERRUPTIBLE); |
1397 | as = async_getcompleted(ps); | 1397 | as = async_getcompleted(ps); |
1398 | if (as) | 1398 | if (as) |
1399 | break; | 1399 | break; |
1400 | if (signal_pending(current)) | 1400 | if (signal_pending(current)) |
1401 | break; | 1401 | break; |
1402 | usb_unlock_device(dev); | 1402 | usb_unlock_device(dev); |
1403 | schedule(); | 1403 | schedule(); |
1404 | usb_lock_device(dev); | 1404 | usb_lock_device(dev); |
1405 | } | 1405 | } |
1406 | remove_wait_queue(&ps->wait, &wait); | 1406 | remove_wait_queue(&ps->wait, &wait); |
1407 | set_current_state(TASK_RUNNING); | 1407 | set_current_state(TASK_RUNNING); |
1408 | return as; | 1408 | return as; |
1409 | } | 1409 | } |
1410 | 1410 | ||
1411 | static int proc_reapurb(struct dev_state *ps, void __user *arg) | 1411 | static int proc_reapurb(struct dev_state *ps, void __user *arg) |
1412 | { | 1412 | { |
1413 | struct async *as = reap_as(ps); | 1413 | struct async *as = reap_as(ps); |
1414 | if (as) { | 1414 | if (as) { |
1415 | int retval = processcompl(as, (void __user * __user *)arg); | 1415 | int retval = processcompl(as, (void __user * __user *)arg); |
1416 | free_async(as); | 1416 | free_async(as); |
1417 | return retval; | 1417 | return retval; |
1418 | } | 1418 | } |
1419 | if (signal_pending(current)) | 1419 | if (signal_pending(current)) |
1420 | return -EINTR; | 1420 | return -EINTR; |
1421 | return -EIO; | 1421 | return -EIO; |
1422 | } | 1422 | } |
1423 | 1423 | ||
1424 | static int proc_reapurbnonblock(struct dev_state *ps, void __user *arg) | 1424 | static int proc_reapurbnonblock(struct dev_state *ps, void __user *arg) |
1425 | { | 1425 | { |
1426 | int retval; | 1426 | int retval; |
1427 | struct async *as; | 1427 | struct async *as; |
1428 | 1428 | ||
1429 | as = async_getcompleted(ps); | 1429 | as = async_getcompleted(ps); |
1430 | retval = -EAGAIN; | 1430 | retval = -EAGAIN; |
1431 | if (as) { | 1431 | if (as) { |
1432 | retval = processcompl(as, (void __user * __user *)arg); | 1432 | retval = processcompl(as, (void __user * __user *)arg); |
1433 | free_async(as); | 1433 | free_async(as); |
1434 | } | 1434 | } |
1435 | return retval; | 1435 | return retval; |
1436 | } | 1436 | } |
1437 | 1437 | ||
1438 | #ifdef CONFIG_COMPAT | 1438 | #ifdef CONFIG_COMPAT |
1439 | static int proc_control_compat(struct dev_state *ps, | 1439 | static int proc_control_compat(struct dev_state *ps, |
1440 | struct usbdevfs_ctrltransfer32 __user *p32) | 1440 | struct usbdevfs_ctrltransfer32 __user *p32) |
1441 | { | 1441 | { |
1442 | struct usbdevfs_ctrltransfer __user *p; | 1442 | struct usbdevfs_ctrltransfer __user *p; |
1443 | __u32 udata; | 1443 | __u32 udata; |
1444 | p = compat_alloc_user_space(sizeof(*p)); | 1444 | p = compat_alloc_user_space(sizeof(*p)); |
1445 | if (copy_in_user(p, p32, (sizeof(*p32) - sizeof(compat_caddr_t))) || | 1445 | if (copy_in_user(p, p32, (sizeof(*p32) - sizeof(compat_caddr_t))) || |
1446 | get_user(udata, &p32->data) || | 1446 | get_user(udata, &p32->data) || |
1447 | put_user(compat_ptr(udata), &p->data)) | 1447 | put_user(compat_ptr(udata), &p->data)) |
1448 | return -EFAULT; | 1448 | return -EFAULT; |
1449 | return proc_control(ps, p); | 1449 | return proc_control(ps, p); |
1450 | } | 1450 | } |
1451 | 1451 | ||
1452 | static int proc_bulk_compat(struct dev_state *ps, | 1452 | static int proc_bulk_compat(struct dev_state *ps, |
1453 | struct usbdevfs_bulktransfer32 __user *p32) | 1453 | struct usbdevfs_bulktransfer32 __user *p32) |
1454 | { | 1454 | { |
1455 | struct usbdevfs_bulktransfer __user *p; | 1455 | struct usbdevfs_bulktransfer __user *p; |
1456 | compat_uint_t n; | 1456 | compat_uint_t n; |
1457 | compat_caddr_t addr; | 1457 | compat_caddr_t addr; |
1458 | 1458 | ||
1459 | p = compat_alloc_user_space(sizeof(*p)); | 1459 | p = compat_alloc_user_space(sizeof(*p)); |
1460 | 1460 | ||
1461 | if (get_user(n, &p32->ep) || put_user(n, &p->ep) || | 1461 | if (get_user(n, &p32->ep) || put_user(n, &p->ep) || |
1462 | get_user(n, &p32->len) || put_user(n, &p->len) || | 1462 | get_user(n, &p32->len) || put_user(n, &p->len) || |
1463 | get_user(n, &p32->timeout) || put_user(n, &p->timeout) || | 1463 | get_user(n, &p32->timeout) || put_user(n, &p->timeout) || |
1464 | get_user(addr, &p32->data) || put_user(compat_ptr(addr), &p->data)) | 1464 | get_user(addr, &p32->data) || put_user(compat_ptr(addr), &p->data)) |
1465 | return -EFAULT; | 1465 | return -EFAULT; |
1466 | 1466 | ||
1467 | return proc_bulk(ps, p); | 1467 | return proc_bulk(ps, p); |
1468 | } | 1468 | } |
1469 | static int proc_disconnectsignal_compat(struct dev_state *ps, void __user *arg) | 1469 | static int proc_disconnectsignal_compat(struct dev_state *ps, void __user *arg) |
1470 | { | 1470 | { |
1471 | struct usbdevfs_disconnectsignal32 ds; | 1471 | struct usbdevfs_disconnectsignal32 ds; |
1472 | 1472 | ||
1473 | if (copy_from_user(&ds, arg, sizeof(ds))) | 1473 | if (copy_from_user(&ds, arg, sizeof(ds))) |
1474 | return -EFAULT; | 1474 | return -EFAULT; |
1475 | ps->discsignr = ds.signr; | 1475 | ps->discsignr = ds.signr; |
1476 | ps->disccontext = compat_ptr(ds.context); | 1476 | ps->disccontext = compat_ptr(ds.context); |
1477 | return 0; | 1477 | return 0; |
1478 | } | 1478 | } |
1479 | 1479 | ||
1480 | static int get_urb32(struct usbdevfs_urb *kurb, | 1480 | static int get_urb32(struct usbdevfs_urb *kurb, |
1481 | struct usbdevfs_urb32 __user *uurb) | 1481 | struct usbdevfs_urb32 __user *uurb) |
1482 | { | 1482 | { |
1483 | __u32 uptr; | 1483 | __u32 uptr; |
1484 | if (!access_ok(VERIFY_READ, uurb, sizeof(*uurb)) || | 1484 | if (!access_ok(VERIFY_READ, uurb, sizeof(*uurb)) || |
1485 | __get_user(kurb->type, &uurb->type) || | 1485 | __get_user(kurb->type, &uurb->type) || |
1486 | __get_user(kurb->endpoint, &uurb->endpoint) || | 1486 | __get_user(kurb->endpoint, &uurb->endpoint) || |
1487 | __get_user(kurb->status, &uurb->status) || | 1487 | __get_user(kurb->status, &uurb->status) || |
1488 | __get_user(kurb->flags, &uurb->flags) || | 1488 | __get_user(kurb->flags, &uurb->flags) || |
1489 | __get_user(kurb->buffer_length, &uurb->buffer_length) || | 1489 | __get_user(kurb->buffer_length, &uurb->buffer_length) || |
1490 | __get_user(kurb->actual_length, &uurb->actual_length) || | 1490 | __get_user(kurb->actual_length, &uurb->actual_length) || |
1491 | __get_user(kurb->start_frame, &uurb->start_frame) || | 1491 | __get_user(kurb->start_frame, &uurb->start_frame) || |
1492 | __get_user(kurb->number_of_packets, &uurb->number_of_packets) || | 1492 | __get_user(kurb->number_of_packets, &uurb->number_of_packets) || |
1493 | __get_user(kurb->error_count, &uurb->error_count) || | 1493 | __get_user(kurb->error_count, &uurb->error_count) || |
1494 | __get_user(kurb->signr, &uurb->signr)) | 1494 | __get_user(kurb->signr, &uurb->signr)) |
1495 | return -EFAULT; | 1495 | return -EFAULT; |
1496 | 1496 | ||
1497 | if (__get_user(uptr, &uurb->buffer)) | 1497 | if (__get_user(uptr, &uurb->buffer)) |
1498 | return -EFAULT; | 1498 | return -EFAULT; |
1499 | kurb->buffer = compat_ptr(uptr); | 1499 | kurb->buffer = compat_ptr(uptr); |
1500 | if (__get_user(uptr, &uurb->usercontext)) | 1500 | if (__get_user(uptr, &uurb->usercontext)) |
1501 | return -EFAULT; | 1501 | return -EFAULT; |
1502 | kurb->usercontext = compat_ptr(uptr); | 1502 | kurb->usercontext = compat_ptr(uptr); |
1503 | 1503 | ||
1504 | return 0; | 1504 | return 0; |
1505 | } | 1505 | } |
1506 | 1506 | ||
1507 | static int proc_submiturb_compat(struct dev_state *ps, void __user *arg) | 1507 | static int proc_submiturb_compat(struct dev_state *ps, void __user *arg) |
1508 | { | 1508 | { |
1509 | struct usbdevfs_urb uurb; | 1509 | struct usbdevfs_urb uurb; |
1510 | 1510 | ||
1511 | if (get_urb32(&uurb, (struct usbdevfs_urb32 __user *)arg)) | 1511 | if (get_urb32(&uurb, (struct usbdevfs_urb32 __user *)arg)) |
1512 | return -EFAULT; | 1512 | return -EFAULT; |
1513 | 1513 | ||
1514 | return proc_do_submiturb(ps, &uurb, | 1514 | return proc_do_submiturb(ps, &uurb, |
1515 | ((struct usbdevfs_urb32 __user *)arg)->iso_frame_desc, | 1515 | ((struct usbdevfs_urb32 __user *)arg)->iso_frame_desc, |
1516 | arg); | 1516 | arg); |
1517 | } | 1517 | } |
1518 | 1518 | ||
1519 | static int processcompl_compat(struct async *as, void __user * __user *arg) | 1519 | static int processcompl_compat(struct async *as, void __user * __user *arg) |
1520 | { | 1520 | { |
1521 | struct urb *urb = as->urb; | 1521 | struct urb *urb = as->urb; |
1522 | struct usbdevfs_urb32 __user *userurb = as->userurb; | 1522 | struct usbdevfs_urb32 __user *userurb = as->userurb; |
1523 | void __user *addr = as->userurb; | 1523 | void __user *addr = as->userurb; |
1524 | unsigned int i; | 1524 | unsigned int i; |
1525 | 1525 | ||
1526 | if (as->userbuffer && urb->actual_length) | 1526 | if (as->userbuffer && urb->actual_length) |
1527 | if (copy_to_user(as->userbuffer, urb->transfer_buffer, | 1527 | if (copy_to_user(as->userbuffer, urb->transfer_buffer, |
1528 | urb->actual_length)) | 1528 | urb->actual_length)) |
1529 | return -EFAULT; | 1529 | return -EFAULT; |
1530 | if (put_user(as->status, &userurb->status)) | 1530 | if (put_user(as->status, &userurb->status)) |
1531 | return -EFAULT; | 1531 | return -EFAULT; |
1532 | if (put_user(urb->actual_length, &userurb->actual_length)) | 1532 | if (put_user(urb->actual_length, &userurb->actual_length)) |
1533 | return -EFAULT; | 1533 | return -EFAULT; |
1534 | if (put_user(urb->error_count, &userurb->error_count)) | 1534 | if (put_user(urb->error_count, &userurb->error_count)) |
1535 | return -EFAULT; | 1535 | return -EFAULT; |
1536 | 1536 | ||
1537 | if (usb_endpoint_xfer_isoc(&urb->ep->desc)) { | 1537 | if (usb_endpoint_xfer_isoc(&urb->ep->desc)) { |
1538 | for (i = 0; i < urb->number_of_packets; i++) { | 1538 | for (i = 0; i < urb->number_of_packets; i++) { |
1539 | if (put_user(urb->iso_frame_desc[i].actual_length, | 1539 | if (put_user(urb->iso_frame_desc[i].actual_length, |
1540 | &userurb->iso_frame_desc[i].actual_length)) | 1540 | &userurb->iso_frame_desc[i].actual_length)) |
1541 | return -EFAULT; | 1541 | return -EFAULT; |
1542 | if (put_user(urb->iso_frame_desc[i].status, | 1542 | if (put_user(urb->iso_frame_desc[i].status, |
1543 | &userurb->iso_frame_desc[i].status)) | 1543 | &userurb->iso_frame_desc[i].status)) |
1544 | return -EFAULT; | 1544 | return -EFAULT; |
1545 | } | 1545 | } |
1546 | } | 1546 | } |
1547 | 1547 | ||
1548 | if (put_user(ptr_to_compat(addr), (u32 __user *)arg)) | 1548 | if (put_user(ptr_to_compat(addr), (u32 __user *)arg)) |
1549 | return -EFAULT; | 1549 | return -EFAULT; |
1550 | return 0; | 1550 | return 0; |
1551 | } | 1551 | } |
1552 | 1552 | ||
1553 | static int proc_reapurb_compat(struct dev_state *ps, void __user *arg) | 1553 | static int proc_reapurb_compat(struct dev_state *ps, void __user *arg) |
1554 | { | 1554 | { |
1555 | struct async *as = reap_as(ps); | 1555 | struct async *as = reap_as(ps); |
1556 | if (as) { | 1556 | if (as) { |
1557 | int retval = processcompl_compat(as, (void __user * __user *)arg); | 1557 | int retval = processcompl_compat(as, (void __user * __user *)arg); |
1558 | free_async(as); | 1558 | free_async(as); |
1559 | return retval; | 1559 | return retval; |
1560 | } | 1560 | } |
1561 | if (signal_pending(current)) | 1561 | if (signal_pending(current)) |
1562 | return -EINTR; | 1562 | return -EINTR; |
1563 | return -EIO; | 1563 | return -EIO; |
1564 | } | 1564 | } |
1565 | 1565 | ||
1566 | static int proc_reapurbnonblock_compat(struct dev_state *ps, void __user *arg) | 1566 | static int proc_reapurbnonblock_compat(struct dev_state *ps, void __user *arg) |
1567 | { | 1567 | { |
1568 | int retval; | 1568 | int retval; |
1569 | struct async *as; | 1569 | struct async *as; |
1570 | 1570 | ||
1571 | retval = -EAGAIN; | 1571 | retval = -EAGAIN; |
1572 | as = async_getcompleted(ps); | 1572 | as = async_getcompleted(ps); |
1573 | if (as) { | 1573 | if (as) { |
1574 | retval = processcompl_compat(as, (void __user * __user *)arg); | 1574 | retval = processcompl_compat(as, (void __user * __user *)arg); |
1575 | free_async(as); | 1575 | free_async(as); |
1576 | } | 1576 | } |
1577 | return retval; | 1577 | return retval; |
1578 | } | 1578 | } |
1579 | 1579 | ||
1580 | 1580 | ||
1581 | #endif | 1581 | #endif |
1582 | 1582 | ||
1583 | static int proc_disconnectsignal(struct dev_state *ps, void __user *arg) | 1583 | static int proc_disconnectsignal(struct dev_state *ps, void __user *arg) |
1584 | { | 1584 | { |
1585 | struct usbdevfs_disconnectsignal ds; | 1585 | struct usbdevfs_disconnectsignal ds; |
1586 | 1586 | ||
1587 | if (copy_from_user(&ds, arg, sizeof(ds))) | 1587 | if (copy_from_user(&ds, arg, sizeof(ds))) |
1588 | return -EFAULT; | 1588 | return -EFAULT; |
1589 | ps->discsignr = ds.signr; | 1589 | ps->discsignr = ds.signr; |
1590 | ps->disccontext = ds.context; | 1590 | ps->disccontext = ds.context; |
1591 | return 0; | 1591 | return 0; |
1592 | } | 1592 | } |
1593 | 1593 | ||
1594 | static int proc_claiminterface(struct dev_state *ps, void __user *arg) | 1594 | static int proc_claiminterface(struct dev_state *ps, void __user *arg) |
1595 | { | 1595 | { |
1596 | unsigned int ifnum; | 1596 | unsigned int ifnum; |
1597 | 1597 | ||
1598 | if (get_user(ifnum, (unsigned int __user *)arg)) | 1598 | if (get_user(ifnum, (unsigned int __user *)arg)) |
1599 | return -EFAULT; | 1599 | return -EFAULT; |
1600 | return claimintf(ps, ifnum); | 1600 | return claimintf(ps, ifnum); |
1601 | } | 1601 | } |
1602 | 1602 | ||
1603 | static int proc_releaseinterface(struct dev_state *ps, void __user *arg) | 1603 | static int proc_releaseinterface(struct dev_state *ps, void __user *arg) |
1604 | { | 1604 | { |
1605 | unsigned int ifnum; | 1605 | unsigned int ifnum; |
1606 | int ret; | 1606 | int ret; |
1607 | 1607 | ||
1608 | if (get_user(ifnum, (unsigned int __user *)arg)) | 1608 | if (get_user(ifnum, (unsigned int __user *)arg)) |
1609 | return -EFAULT; | 1609 | return -EFAULT; |
1610 | if ((ret = releaseintf(ps, ifnum)) < 0) | 1610 | if ((ret = releaseintf(ps, ifnum)) < 0) |
1611 | return ret; | 1611 | return ret; |
1612 | destroy_async_on_interface (ps, ifnum); | 1612 | destroy_async_on_interface (ps, ifnum); |
1613 | return 0; | 1613 | return 0; |
1614 | } | 1614 | } |
1615 | 1615 | ||
1616 | static int proc_ioctl(struct dev_state *ps, struct usbdevfs_ioctl *ctl) | 1616 | static int proc_ioctl(struct dev_state *ps, struct usbdevfs_ioctl *ctl) |
1617 | { | 1617 | { |
1618 | int size; | 1618 | int size; |
1619 | void *buf = NULL; | 1619 | void *buf = NULL; |
1620 | int retval = 0; | 1620 | int retval = 0; |
1621 | struct usb_interface *intf = NULL; | 1621 | struct usb_interface *intf = NULL; |
1622 | struct usb_driver *driver = NULL; | 1622 | struct usb_driver *driver = NULL; |
1623 | 1623 | ||
1624 | /* alloc buffer */ | 1624 | /* alloc buffer */ |
1625 | if ((size = _IOC_SIZE(ctl->ioctl_code)) > 0) { | 1625 | if ((size = _IOC_SIZE(ctl->ioctl_code)) > 0) { |
1626 | if ((buf = kmalloc(size, GFP_KERNEL)) == NULL) | 1626 | if ((buf = kmalloc(size, GFP_KERNEL)) == NULL) |
1627 | return -ENOMEM; | 1627 | return -ENOMEM; |
1628 | if ((_IOC_DIR(ctl->ioctl_code) & _IOC_WRITE)) { | 1628 | if ((_IOC_DIR(ctl->ioctl_code) & _IOC_WRITE)) { |
1629 | if (copy_from_user(buf, ctl->data, size)) { | 1629 | if (copy_from_user(buf, ctl->data, size)) { |
1630 | kfree(buf); | 1630 | kfree(buf); |
1631 | return -EFAULT; | 1631 | return -EFAULT; |
1632 | } | 1632 | } |
1633 | } else { | 1633 | } else { |
1634 | memset(buf, 0, size); | 1634 | memset(buf, 0, size); |
1635 | } | 1635 | } |
1636 | } | 1636 | } |
1637 | 1637 | ||
1638 | if (!connected(ps)) { | 1638 | if (!connected(ps)) { |
1639 | kfree(buf); | 1639 | kfree(buf); |
1640 | return -ENODEV; | 1640 | return -ENODEV; |
1641 | } | 1641 | } |
1642 | 1642 | ||
1643 | if (ps->dev->state != USB_STATE_CONFIGURED) | 1643 | if (ps->dev->state != USB_STATE_CONFIGURED) |
1644 | retval = -EHOSTUNREACH; | 1644 | retval = -EHOSTUNREACH; |
1645 | else if (!(intf = usb_ifnum_to_if(ps->dev, ctl->ifno))) | 1645 | else if (!(intf = usb_ifnum_to_if(ps->dev, ctl->ifno))) |
1646 | retval = -EINVAL; | 1646 | retval = -EINVAL; |
1647 | else switch (ctl->ioctl_code) { | 1647 | else switch (ctl->ioctl_code) { |
1648 | 1648 | ||
1649 | /* disconnect kernel driver from interface */ | 1649 | /* disconnect kernel driver from interface */ |
1650 | case USBDEVFS_DISCONNECT: | 1650 | case USBDEVFS_DISCONNECT: |
1651 | if (intf->dev.driver) { | 1651 | if (intf->dev.driver) { |
1652 | driver = to_usb_driver(intf->dev.driver); | 1652 | driver = to_usb_driver(intf->dev.driver); |
1653 | dev_dbg(&intf->dev, "disconnect by usbfs\n"); | 1653 | dev_dbg(&intf->dev, "disconnect by usbfs\n"); |
1654 | usb_driver_release_interface(driver, intf); | 1654 | usb_driver_release_interface(driver, intf); |
1655 | } else | 1655 | } else |
1656 | retval = -ENODATA; | 1656 | retval = -ENODATA; |
1657 | break; | 1657 | break; |
1658 | 1658 | ||
1659 | /* let kernel drivers try to (re)bind to the interface */ | 1659 | /* let kernel drivers try to (re)bind to the interface */ |
1660 | case USBDEVFS_CONNECT: | 1660 | case USBDEVFS_CONNECT: |
1661 | if (!intf->dev.driver) | 1661 | if (!intf->dev.driver) |
1662 | retval = device_attach(&intf->dev); | 1662 | retval = device_attach(&intf->dev); |
1663 | else | 1663 | else |
1664 | retval = -EBUSY; | 1664 | retval = -EBUSY; |
1665 | break; | 1665 | break; |
1666 | 1666 | ||
1667 | /* talk directly to the interface's driver */ | 1667 | /* talk directly to the interface's driver */ |
1668 | default: | 1668 | default: |
1669 | if (intf->dev.driver) | 1669 | if (intf->dev.driver) |
1670 | driver = to_usb_driver(intf->dev.driver); | 1670 | driver = to_usb_driver(intf->dev.driver); |
1671 | if (driver == NULL || driver->unlocked_ioctl == NULL) { | 1671 | if (driver == NULL || driver->unlocked_ioctl == NULL) { |
1672 | retval = -ENOTTY; | 1672 | retval = -ENOTTY; |
1673 | } else { | 1673 | } else { |
1674 | retval = driver->unlocked_ioctl(intf, ctl->ioctl_code, buf); | 1674 | retval = driver->unlocked_ioctl(intf, ctl->ioctl_code, buf); |
1675 | if (retval == -ENOIOCTLCMD) | 1675 | if (retval == -ENOIOCTLCMD) |
1676 | retval = -ENOTTY; | 1676 | retval = -ENOTTY; |
1677 | } | 1677 | } |
1678 | } | 1678 | } |
1679 | 1679 | ||
1680 | /* cleanup and return */ | 1680 | /* cleanup and return */ |
1681 | if (retval >= 0 | 1681 | if (retval >= 0 |
1682 | && (_IOC_DIR(ctl->ioctl_code) & _IOC_READ) != 0 | 1682 | && (_IOC_DIR(ctl->ioctl_code) & _IOC_READ) != 0 |
1683 | && size > 0 | 1683 | && size > 0 |
1684 | && copy_to_user(ctl->data, buf, size) != 0) | 1684 | && copy_to_user(ctl->data, buf, size) != 0) |
1685 | retval = -EFAULT; | 1685 | retval = -EFAULT; |
1686 | 1686 | ||
1687 | kfree(buf); | 1687 | kfree(buf); |
1688 | return retval; | 1688 | return retval; |
1689 | } | 1689 | } |
1690 | 1690 | ||
1691 | static int proc_ioctl_default(struct dev_state *ps, void __user *arg) | 1691 | static int proc_ioctl_default(struct dev_state *ps, void __user *arg) |
1692 | { | 1692 | { |
1693 | struct usbdevfs_ioctl ctrl; | 1693 | struct usbdevfs_ioctl ctrl; |
1694 | 1694 | ||
1695 | if (copy_from_user(&ctrl, arg, sizeof(ctrl))) | 1695 | if (copy_from_user(&ctrl, arg, sizeof(ctrl))) |
1696 | return -EFAULT; | 1696 | return -EFAULT; |
1697 | return proc_ioctl(ps, &ctrl); | 1697 | return proc_ioctl(ps, &ctrl); |
1698 | } | 1698 | } |
1699 | 1699 | ||
1700 | #ifdef CONFIG_COMPAT | 1700 | #ifdef CONFIG_COMPAT |
1701 | static int proc_ioctl_compat(struct dev_state *ps, compat_uptr_t arg) | 1701 | static int proc_ioctl_compat(struct dev_state *ps, compat_uptr_t arg) |
1702 | { | 1702 | { |
1703 | struct usbdevfs_ioctl32 __user *uioc; | 1703 | struct usbdevfs_ioctl32 __user *uioc; |
1704 | struct usbdevfs_ioctl ctrl; | 1704 | struct usbdevfs_ioctl ctrl; |
1705 | u32 udata; | 1705 | u32 udata; |
1706 | 1706 | ||
1707 | uioc = compat_ptr((long)arg); | 1707 | uioc = compat_ptr((long)arg); |
1708 | if (!access_ok(VERIFY_READ, uioc, sizeof(*uioc)) || | 1708 | if (!access_ok(VERIFY_READ, uioc, sizeof(*uioc)) || |
1709 | __get_user(ctrl.ifno, &uioc->ifno) || | 1709 | __get_user(ctrl.ifno, &uioc->ifno) || |
1710 | __get_user(ctrl.ioctl_code, &uioc->ioctl_code) || | 1710 | __get_user(ctrl.ioctl_code, &uioc->ioctl_code) || |
1711 | __get_user(udata, &uioc->data)) | 1711 | __get_user(udata, &uioc->data)) |
1712 | return -EFAULT; | 1712 | return -EFAULT; |
1713 | ctrl.data = compat_ptr(udata); | 1713 | ctrl.data = compat_ptr(udata); |
1714 | 1714 | ||
1715 | return proc_ioctl(ps, &ctrl); | 1715 | return proc_ioctl(ps, &ctrl); |
1716 | } | 1716 | } |
1717 | #endif | 1717 | #endif |
1718 | 1718 | ||
1719 | static int proc_claim_port(struct dev_state *ps, void __user *arg) | 1719 | static int proc_claim_port(struct dev_state *ps, void __user *arg) |
1720 | { | 1720 | { |
1721 | unsigned portnum; | 1721 | unsigned portnum; |
1722 | int rc; | 1722 | int rc; |
1723 | 1723 | ||
1724 | if (get_user(portnum, (unsigned __user *) arg)) | 1724 | if (get_user(portnum, (unsigned __user *) arg)) |
1725 | return -EFAULT; | 1725 | return -EFAULT; |
1726 | rc = usb_hub_claim_port(ps->dev, portnum, ps); | 1726 | rc = usb_hub_claim_port(ps->dev, portnum, ps); |
1727 | if (rc == 0) | 1727 | if (rc == 0) |
1728 | snoop(&ps->dev->dev, "port %d claimed by process %d: %s\n", | 1728 | snoop(&ps->dev->dev, "port %d claimed by process %d: %s\n", |
1729 | portnum, task_pid_nr(current), current->comm); | 1729 | portnum, task_pid_nr(current), current->comm); |
1730 | return rc; | 1730 | return rc; |
1731 | } | 1731 | } |
1732 | 1732 | ||
1733 | static int proc_release_port(struct dev_state *ps, void __user *arg) | 1733 | static int proc_release_port(struct dev_state *ps, void __user *arg) |
1734 | { | 1734 | { |
1735 | unsigned portnum; | 1735 | unsigned portnum; |
1736 | 1736 | ||
1737 | if (get_user(portnum, (unsigned __user *) arg)) | 1737 | if (get_user(portnum, (unsigned __user *) arg)) |
1738 | return -EFAULT; | 1738 | return -EFAULT; |
1739 | return usb_hub_release_port(ps->dev, portnum, ps); | 1739 | return usb_hub_release_port(ps->dev, portnum, ps); |
1740 | } | 1740 | } |
1741 | 1741 | ||
1742 | /* | 1742 | /* |
1743 | * NOTE: All requests here that have interface numbers as parameters | 1743 | * NOTE: All requests here that have interface numbers as parameters |
1744 | * are assuming that somehow the configuration has been prevented from | 1744 | * are assuming that somehow the configuration has been prevented from |
1745 | * changing. But there's no mechanism to ensure that... | 1745 | * changing. But there's no mechanism to ensure that... |
1746 | */ | 1746 | */ |
1747 | static long usbdev_do_ioctl(struct file *file, unsigned int cmd, | 1747 | static long usbdev_do_ioctl(struct file *file, unsigned int cmd, |
1748 | void __user *p) | 1748 | void __user *p) |
1749 | { | 1749 | { |
1750 | struct dev_state *ps = file->private_data; | 1750 | struct dev_state *ps = file->private_data; |
1751 | struct inode *inode = file->f_path.dentry->d_inode; | 1751 | struct inode *inode = file->f_path.dentry->d_inode; |
1752 | struct usb_device *dev = ps->dev; | 1752 | struct usb_device *dev = ps->dev; |
1753 | int ret = -ENOTTY; | 1753 | int ret = -ENOTTY; |
1754 | 1754 | ||
1755 | if (!(file->f_mode & FMODE_WRITE)) | 1755 | if (!(file->f_mode & FMODE_WRITE)) |
1756 | return -EPERM; | 1756 | return -EPERM; |
1757 | 1757 | ||
1758 | usb_lock_device(dev); | 1758 | usb_lock_device(dev); |
1759 | if (!connected(ps)) { | 1759 | if (!connected(ps)) { |
1760 | usb_unlock_device(dev); | 1760 | usb_unlock_device(dev); |
1761 | return -ENODEV; | 1761 | return -ENODEV; |
1762 | } | 1762 | } |
1763 | 1763 | ||
1764 | switch (cmd) { | 1764 | switch (cmd) { |
1765 | case USBDEVFS_CONTROL: | 1765 | case USBDEVFS_CONTROL: |
1766 | snoop(&dev->dev, "%s: CONTROL\n", __func__); | 1766 | snoop(&dev->dev, "%s: CONTROL\n", __func__); |
1767 | ret = proc_control(ps, p); | 1767 | ret = proc_control(ps, p); |
1768 | if (ret >= 0) | 1768 | if (ret >= 0) |
1769 | inode->i_mtime = CURRENT_TIME; | 1769 | inode->i_mtime = CURRENT_TIME; |
1770 | break; | 1770 | break; |
1771 | 1771 | ||
1772 | case USBDEVFS_BULK: | 1772 | case USBDEVFS_BULK: |
1773 | snoop(&dev->dev, "%s: BULK\n", __func__); | 1773 | snoop(&dev->dev, "%s: BULK\n", __func__); |
1774 | ret = proc_bulk(ps, p); | 1774 | ret = proc_bulk(ps, p); |
1775 | if (ret >= 0) | 1775 | if (ret >= 0) |
1776 | inode->i_mtime = CURRENT_TIME; | 1776 | inode->i_mtime = CURRENT_TIME; |
1777 | break; | 1777 | break; |
1778 | 1778 | ||
1779 | case USBDEVFS_RESETEP: | 1779 | case USBDEVFS_RESETEP: |
1780 | snoop(&dev->dev, "%s: RESETEP\n", __func__); | 1780 | snoop(&dev->dev, "%s: RESETEP\n", __func__); |
1781 | ret = proc_resetep(ps, p); | 1781 | ret = proc_resetep(ps, p); |
1782 | if (ret >= 0) | 1782 | if (ret >= 0) |
1783 | inode->i_mtime = CURRENT_TIME; | 1783 | inode->i_mtime = CURRENT_TIME; |
1784 | break; | 1784 | break; |
1785 | 1785 | ||
1786 | case USBDEVFS_RESET: | 1786 | case USBDEVFS_RESET: |
1787 | snoop(&dev->dev, "%s: RESET\n", __func__); | 1787 | snoop(&dev->dev, "%s: RESET\n", __func__); |
1788 | ret = proc_resetdevice(ps); | 1788 | ret = proc_resetdevice(ps); |
1789 | break; | 1789 | break; |
1790 | 1790 | ||
1791 | case USBDEVFS_CLEAR_HALT: | 1791 | case USBDEVFS_CLEAR_HALT: |
1792 | snoop(&dev->dev, "%s: CLEAR_HALT\n", __func__); | 1792 | snoop(&dev->dev, "%s: CLEAR_HALT\n", __func__); |
1793 | ret = proc_clearhalt(ps, p); | 1793 | ret = proc_clearhalt(ps, p); |
1794 | if (ret >= 0) | 1794 | if (ret >= 0) |
1795 | inode->i_mtime = CURRENT_TIME; | 1795 | inode->i_mtime = CURRENT_TIME; |
1796 | break; | 1796 | break; |
1797 | 1797 | ||
1798 | case USBDEVFS_GETDRIVER: | 1798 | case USBDEVFS_GETDRIVER: |
1799 | snoop(&dev->dev, "%s: GETDRIVER\n", __func__); | 1799 | snoop(&dev->dev, "%s: GETDRIVER\n", __func__); |
1800 | ret = proc_getdriver(ps, p); | 1800 | ret = proc_getdriver(ps, p); |
1801 | break; | 1801 | break; |
1802 | 1802 | ||
1803 | case USBDEVFS_CONNECTINFO: | 1803 | case USBDEVFS_CONNECTINFO: |
1804 | snoop(&dev->dev, "%s: CONNECTINFO\n", __func__); | 1804 | snoop(&dev->dev, "%s: CONNECTINFO\n", __func__); |
1805 | ret = proc_connectinfo(ps, p); | 1805 | ret = proc_connectinfo(ps, p); |
1806 | break; | 1806 | break; |
1807 | 1807 | ||
1808 | case USBDEVFS_SETINTERFACE: | 1808 | case USBDEVFS_SETINTERFACE: |
1809 | snoop(&dev->dev, "%s: SETINTERFACE\n", __func__); | 1809 | snoop(&dev->dev, "%s: SETINTERFACE\n", __func__); |
1810 | ret = proc_setintf(ps, p); | 1810 | ret = proc_setintf(ps, p); |
1811 | break; | 1811 | break; |
1812 | 1812 | ||
1813 | case USBDEVFS_SETCONFIGURATION: | 1813 | case USBDEVFS_SETCONFIGURATION: |
1814 | snoop(&dev->dev, "%s: SETCONFIGURATION\n", __func__); | 1814 | snoop(&dev->dev, "%s: SETCONFIGURATION\n", __func__); |
1815 | ret = proc_setconfig(ps, p); | 1815 | ret = proc_setconfig(ps, p); |
1816 | break; | 1816 | break; |
1817 | 1817 | ||
1818 | case USBDEVFS_SUBMITURB: | 1818 | case USBDEVFS_SUBMITURB: |
1819 | snoop(&dev->dev, "%s: SUBMITURB\n", __func__); | 1819 | snoop(&dev->dev, "%s: SUBMITURB\n", __func__); |
1820 | ret = proc_submiturb(ps, p); | 1820 | ret = proc_submiturb(ps, p); |
1821 | if (ret >= 0) | 1821 | if (ret >= 0) |
1822 | inode->i_mtime = CURRENT_TIME; | 1822 | inode->i_mtime = CURRENT_TIME; |
1823 | break; | 1823 | break; |
1824 | 1824 | ||
1825 | #ifdef CONFIG_COMPAT | 1825 | #ifdef CONFIG_COMPAT |
1826 | case USBDEVFS_CONTROL32: | 1826 | case USBDEVFS_CONTROL32: |
1827 | snoop(&dev->dev, "%s: CONTROL32\n", __func__); | 1827 | snoop(&dev->dev, "%s: CONTROL32\n", __func__); |
1828 | ret = proc_control_compat(ps, p); | 1828 | ret = proc_control_compat(ps, p); |
1829 | if (ret >= 0) | 1829 | if (ret >= 0) |
1830 | inode->i_mtime = CURRENT_TIME; | 1830 | inode->i_mtime = CURRENT_TIME; |
1831 | break; | 1831 | break; |
1832 | 1832 | ||
1833 | case USBDEVFS_BULK32: | 1833 | case USBDEVFS_BULK32: |
1834 | snoop(&dev->dev, "%s: BULK32\n", __func__); | 1834 | snoop(&dev->dev, "%s: BULK32\n", __func__); |
1835 | ret = proc_bulk_compat(ps, p); | 1835 | ret = proc_bulk_compat(ps, p); |
1836 | if (ret >= 0) | 1836 | if (ret >= 0) |
1837 | inode->i_mtime = CURRENT_TIME; | 1837 | inode->i_mtime = CURRENT_TIME; |
1838 | break; | 1838 | break; |
1839 | 1839 | ||
1840 | case USBDEVFS_DISCSIGNAL32: | 1840 | case USBDEVFS_DISCSIGNAL32: |
1841 | snoop(&dev->dev, "%s: DISCSIGNAL32\n", __func__); | 1841 | snoop(&dev->dev, "%s: DISCSIGNAL32\n", __func__); |
1842 | ret = proc_disconnectsignal_compat(ps, p); | 1842 | ret = proc_disconnectsignal_compat(ps, p); |
1843 | break; | 1843 | break; |
1844 | 1844 | ||
1845 | case USBDEVFS_SUBMITURB32: | 1845 | case USBDEVFS_SUBMITURB32: |
1846 | snoop(&dev->dev, "%s: SUBMITURB32\n", __func__); | 1846 | snoop(&dev->dev, "%s: SUBMITURB32\n", __func__); |
1847 | ret = proc_submiturb_compat(ps, p); | 1847 | ret = proc_submiturb_compat(ps, p); |
1848 | if (ret >= 0) | 1848 | if (ret >= 0) |
1849 | inode->i_mtime = CURRENT_TIME; | 1849 | inode->i_mtime = CURRENT_TIME; |
1850 | break; | 1850 | break; |
1851 | 1851 | ||
1852 | case USBDEVFS_REAPURB32: | 1852 | case USBDEVFS_REAPURB32: |
1853 | snoop(&dev->dev, "%s: REAPURB32\n", __func__); | 1853 | snoop(&dev->dev, "%s: REAPURB32\n", __func__); |
1854 | ret = proc_reapurb_compat(ps, p); | 1854 | ret = proc_reapurb_compat(ps, p); |
1855 | break; | 1855 | break; |
1856 | 1856 | ||
1857 | case USBDEVFS_REAPURBNDELAY32: | 1857 | case USBDEVFS_REAPURBNDELAY32: |
1858 | snoop(&dev->dev, "%s: REAPURBNDELAY32\n", __func__); | 1858 | snoop(&dev->dev, "%s: REAPURBNDELAY32\n", __func__); |
1859 | ret = proc_reapurbnonblock_compat(ps, p); | 1859 | ret = proc_reapurbnonblock_compat(ps, p); |
1860 | break; | 1860 | break; |
1861 | 1861 | ||
1862 | case USBDEVFS_IOCTL32: | 1862 | case USBDEVFS_IOCTL32: |
1863 | snoop(&dev->dev, "%s: IOCTL32\n", __func__); | 1863 | snoop(&dev->dev, "%s: IOCTL32\n", __func__); |
1864 | ret = proc_ioctl_compat(ps, ptr_to_compat(p)); | 1864 | ret = proc_ioctl_compat(ps, ptr_to_compat(p)); |
1865 | break; | 1865 | break; |
1866 | #endif | 1866 | #endif |
1867 | 1867 | ||
1868 | case USBDEVFS_DISCARDURB: | 1868 | case USBDEVFS_DISCARDURB: |
1869 | snoop(&dev->dev, "%s: DISCARDURB\n", __func__); | 1869 | snoop(&dev->dev, "%s: DISCARDURB\n", __func__); |
1870 | ret = proc_unlinkurb(ps, p); | 1870 | ret = proc_unlinkurb(ps, p); |
1871 | break; | 1871 | break; |
1872 | 1872 | ||
1873 | case USBDEVFS_REAPURB: | 1873 | case USBDEVFS_REAPURB: |
1874 | snoop(&dev->dev, "%s: REAPURB\n", __func__); | 1874 | snoop(&dev->dev, "%s: REAPURB\n", __func__); |
1875 | ret = proc_reapurb(ps, p); | 1875 | ret = proc_reapurb(ps, p); |
1876 | break; | 1876 | break; |
1877 | 1877 | ||
1878 | case USBDEVFS_REAPURBNDELAY: | 1878 | case USBDEVFS_REAPURBNDELAY: |
1879 | snoop(&dev->dev, "%s: REAPURBNDELAY\n", __func__); | 1879 | snoop(&dev->dev, "%s: REAPURBNDELAY\n", __func__); |
1880 | ret = proc_reapurbnonblock(ps, p); | 1880 | ret = proc_reapurbnonblock(ps, p); |
1881 | break; | 1881 | break; |
1882 | 1882 | ||
1883 | case USBDEVFS_DISCSIGNAL: | 1883 | case USBDEVFS_DISCSIGNAL: |
1884 | snoop(&dev->dev, "%s: DISCSIGNAL\n", __func__); | 1884 | snoop(&dev->dev, "%s: DISCSIGNAL\n", __func__); |
1885 | ret = proc_disconnectsignal(ps, p); | 1885 | ret = proc_disconnectsignal(ps, p); |
1886 | break; | 1886 | break; |
1887 | 1887 | ||
1888 | case USBDEVFS_CLAIMINTERFACE: | 1888 | case USBDEVFS_CLAIMINTERFACE: |
1889 | snoop(&dev->dev, "%s: CLAIMINTERFACE\n", __func__); | 1889 | snoop(&dev->dev, "%s: CLAIMINTERFACE\n", __func__); |
1890 | ret = proc_claiminterface(ps, p); | 1890 | ret = proc_claiminterface(ps, p); |
1891 | break; | 1891 | break; |
1892 | 1892 | ||
1893 | case USBDEVFS_RELEASEINTERFACE: | 1893 | case USBDEVFS_RELEASEINTERFACE: |
1894 | snoop(&dev->dev, "%s: RELEASEINTERFACE\n", __func__); | 1894 | snoop(&dev->dev, "%s: RELEASEINTERFACE\n", __func__); |
1895 | ret = proc_releaseinterface(ps, p); | 1895 | ret = proc_releaseinterface(ps, p); |
1896 | break; | 1896 | break; |
1897 | 1897 | ||
1898 | case USBDEVFS_IOCTL: | 1898 | case USBDEVFS_IOCTL: |
1899 | snoop(&dev->dev, "%s: IOCTL\n", __func__); | 1899 | snoop(&dev->dev, "%s: IOCTL\n", __func__); |
1900 | ret = proc_ioctl_default(ps, p); | 1900 | ret = proc_ioctl_default(ps, p); |
1901 | break; | 1901 | break; |
1902 | 1902 | ||
1903 | case USBDEVFS_CLAIM_PORT: | 1903 | case USBDEVFS_CLAIM_PORT: |
1904 | snoop(&dev->dev, "%s: CLAIM_PORT\n", __func__); | 1904 | snoop(&dev->dev, "%s: CLAIM_PORT\n", __func__); |
1905 | ret = proc_claim_port(ps, p); | 1905 | ret = proc_claim_port(ps, p); |
1906 | break; | 1906 | break; |
1907 | 1907 | ||
1908 | case USBDEVFS_RELEASE_PORT: | 1908 | case USBDEVFS_RELEASE_PORT: |
1909 | snoop(&dev->dev, "%s: RELEASE_PORT\n", __func__); | 1909 | snoop(&dev->dev, "%s: RELEASE_PORT\n", __func__); |
1910 | ret = proc_release_port(ps, p); | 1910 | ret = proc_release_port(ps, p); |
1911 | break; | 1911 | break; |
1912 | } | 1912 | } |
1913 | usb_unlock_device(dev); | 1913 | usb_unlock_device(dev); |
1914 | if (ret >= 0) | 1914 | if (ret >= 0) |
1915 | inode->i_atime = CURRENT_TIME; | 1915 | inode->i_atime = CURRENT_TIME; |
1916 | return ret; | 1916 | return ret; |
1917 | } | 1917 | } |
1918 | 1918 | ||
1919 | static long usbdev_ioctl(struct file *file, unsigned int cmd, | 1919 | static long usbdev_ioctl(struct file *file, unsigned int cmd, |
1920 | unsigned long arg) | 1920 | unsigned long arg) |
1921 | { | 1921 | { |
1922 | int ret; | 1922 | int ret; |
1923 | 1923 | ||
1924 | ret = usbdev_do_ioctl(file, cmd, (void __user *)arg); | 1924 | ret = usbdev_do_ioctl(file, cmd, (void __user *)arg); |
1925 | 1925 | ||
1926 | return ret; | 1926 | return ret; |
1927 | } | 1927 | } |
1928 | 1928 | ||
1929 | #ifdef CONFIG_COMPAT | 1929 | #ifdef CONFIG_COMPAT |
1930 | static long usbdev_compat_ioctl(struct file *file, unsigned int cmd, | 1930 | static long usbdev_compat_ioctl(struct file *file, unsigned int cmd, |
1931 | unsigned long arg) | 1931 | unsigned long arg) |
1932 | { | 1932 | { |
1933 | int ret; | 1933 | int ret; |
1934 | 1934 | ||
1935 | ret = usbdev_do_ioctl(file, cmd, compat_ptr(arg)); | 1935 | ret = usbdev_do_ioctl(file, cmd, compat_ptr(arg)); |
1936 | 1936 | ||
1937 | return ret; | 1937 | return ret; |
1938 | } | 1938 | } |
1939 | #endif | 1939 | #endif |
1940 | 1940 | ||
1941 | /* No kernel lock - fine */ | 1941 | /* No kernel lock - fine */ |
1942 | static unsigned int usbdev_poll(struct file *file, | 1942 | static unsigned int usbdev_poll(struct file *file, |
1943 | struct poll_table_struct *wait) | 1943 | struct poll_table_struct *wait) |
1944 | { | 1944 | { |
1945 | struct dev_state *ps = file->private_data; | 1945 | struct dev_state *ps = file->private_data; |
1946 | unsigned int mask = 0; | 1946 | unsigned int mask = 0; |
1947 | 1947 | ||
1948 | poll_wait(file, &ps->wait, wait); | 1948 | poll_wait(file, &ps->wait, wait); |
1949 | if (file->f_mode & FMODE_WRITE && !list_empty(&ps->async_completed)) | 1949 | if (file->f_mode & FMODE_WRITE && !list_empty(&ps->async_completed)) |
1950 | mask |= POLLOUT | POLLWRNORM; | 1950 | mask |= POLLOUT | POLLWRNORM; |
1951 | if (!connected(ps)) | 1951 | if (!connected(ps)) |
1952 | mask |= POLLERR | POLLHUP; | 1952 | mask |= POLLERR | POLLHUP; |
1953 | return mask; | 1953 | return mask; |
1954 | } | 1954 | } |
1955 | 1955 | ||
1956 | const struct file_operations usbdev_file_operations = { | 1956 | const struct file_operations usbdev_file_operations = { |
1957 | .owner = THIS_MODULE, | 1957 | .owner = THIS_MODULE, |
1958 | .llseek = usbdev_lseek, | 1958 | .llseek = usbdev_lseek, |
1959 | .read = usbdev_read, | 1959 | .read = usbdev_read, |
1960 | .poll = usbdev_poll, | 1960 | .poll = usbdev_poll, |
1961 | .unlocked_ioctl = usbdev_ioctl, | 1961 | .unlocked_ioctl = usbdev_ioctl, |
1962 | #ifdef CONFIG_COMPAT | 1962 | #ifdef CONFIG_COMPAT |
1963 | .compat_ioctl = usbdev_compat_ioctl, | 1963 | .compat_ioctl = usbdev_compat_ioctl, |
1964 | #endif | 1964 | #endif |
1965 | .open = usbdev_open, | 1965 | .open = usbdev_open, |
1966 | .release = usbdev_release, | 1966 | .release = usbdev_release, |
1967 | }; | 1967 | }; |
1968 | 1968 | ||
1969 | static void usbdev_remove(struct usb_device *udev) | 1969 | static void usbdev_remove(struct usb_device *udev) |
1970 | { | 1970 | { |
1971 | struct dev_state *ps; | 1971 | struct dev_state *ps; |
1972 | struct siginfo sinfo; | 1972 | struct siginfo sinfo; |
1973 | 1973 | ||
1974 | while (!list_empty(&udev->filelist)) { | 1974 | while (!list_empty(&udev->filelist)) { |
1975 | ps = list_entry(udev->filelist.next, struct dev_state, list); | 1975 | ps = list_entry(udev->filelist.next, struct dev_state, list); |
1976 | destroy_all_async(ps); | 1976 | destroy_all_async(ps); |
1977 | wake_up_all(&ps->wait); | 1977 | wake_up_all(&ps->wait); |
1978 | list_del_init(&ps->list); | 1978 | list_del_init(&ps->list); |
1979 | if (ps->discsignr) { | 1979 | if (ps->discsignr) { |
1980 | sinfo.si_signo = ps->discsignr; | 1980 | sinfo.si_signo = ps->discsignr; |
1981 | sinfo.si_errno = EPIPE; | 1981 | sinfo.si_errno = EPIPE; |
1982 | sinfo.si_code = SI_ASYNCIO; | 1982 | sinfo.si_code = SI_ASYNCIO; |
1983 | sinfo.si_addr = ps->disccontext; | 1983 | sinfo.si_addr = ps->disccontext; |
1984 | kill_pid_info_as_uid(ps->discsignr, &sinfo, | 1984 | kill_pid_info_as_uid(ps->discsignr, &sinfo, |
1985 | ps->disc_pid, ps->disc_uid, | 1985 | ps->disc_pid, ps->disc_uid, |
1986 | ps->disc_euid, ps->secid); | 1986 | ps->disc_euid, ps->secid); |
1987 | } | 1987 | } |
1988 | } | 1988 | } |
1989 | } | 1989 | } |
1990 | 1990 | ||
1991 | #ifdef CONFIG_USB_DEVICE_CLASS | 1991 | #ifdef CONFIG_USB_DEVICE_CLASS |
1992 | static struct class *usb_classdev_class; | 1992 | static struct class *usb_classdev_class; |
1993 | 1993 | ||
1994 | static int usb_classdev_add(struct usb_device *dev) | 1994 | static int usb_classdev_add(struct usb_device *dev) |
1995 | { | 1995 | { |
1996 | struct device *cldev; | 1996 | struct device *cldev; |
1997 | 1997 | ||
1998 | cldev = device_create(usb_classdev_class, &dev->dev, dev->dev.devt, | 1998 | cldev = device_create(usb_classdev_class, &dev->dev, dev->dev.devt, |
1999 | NULL, "usbdev%d.%d", dev->bus->busnum, | 1999 | NULL, "usbdev%d.%d", dev->bus->busnum, |
2000 | dev->devnum); | 2000 | dev->devnum); |
2001 | if (IS_ERR(cldev)) | 2001 | if (IS_ERR(cldev)) |
2002 | return PTR_ERR(cldev); | 2002 | return PTR_ERR(cldev); |
2003 | dev->usb_classdev = cldev; | 2003 | dev->usb_classdev = cldev; |
2004 | return 0; | 2004 | return 0; |
2005 | } | 2005 | } |
2006 | 2006 | ||
2007 | static void usb_classdev_remove(struct usb_device *dev) | 2007 | static void usb_classdev_remove(struct usb_device *dev) |
2008 | { | 2008 | { |
2009 | if (dev->usb_classdev) | 2009 | if (dev->usb_classdev) |
2010 | device_unregister(dev->usb_classdev); | 2010 | device_unregister(dev->usb_classdev); |
2011 | } | 2011 | } |
2012 | 2012 | ||
2013 | #else | 2013 | #else |
2014 | #define usb_classdev_add(dev) 0 | 2014 | #define usb_classdev_add(dev) 0 |
2015 | #define usb_classdev_remove(dev) do {} while (0) | 2015 | #define usb_classdev_remove(dev) do {} while (0) |
2016 | 2016 | ||
2017 | #endif | 2017 | #endif |
2018 | 2018 | ||
2019 | static int usbdev_notify(struct notifier_block *self, | 2019 | static int usbdev_notify(struct notifier_block *self, |
2020 | unsigned long action, void *dev) | 2020 | unsigned long action, void *dev) |
2021 | { | 2021 | { |
2022 | switch (action) { | 2022 | switch (action) { |
2023 | case USB_DEVICE_ADD: | 2023 | case USB_DEVICE_ADD: |
2024 | if (usb_classdev_add(dev)) | 2024 | if (usb_classdev_add(dev)) |
2025 | return NOTIFY_BAD; | 2025 | return NOTIFY_BAD; |
2026 | break; | 2026 | break; |
2027 | case USB_DEVICE_REMOVE: | 2027 | case USB_DEVICE_REMOVE: |
2028 | usb_classdev_remove(dev); | 2028 | usb_classdev_remove(dev); |
2029 | usbdev_remove(dev); | 2029 | usbdev_remove(dev); |
2030 | break; | 2030 | break; |
2031 | } | 2031 | } |
2032 | return NOTIFY_OK; | 2032 | return NOTIFY_OK; |
2033 | } | 2033 | } |
2034 | 2034 | ||
2035 | static struct notifier_block usbdev_nb = { | 2035 | static struct notifier_block usbdev_nb = { |
2036 | .notifier_call = usbdev_notify, | 2036 | .notifier_call = usbdev_notify, |
2037 | }; | 2037 | }; |
2038 | 2038 | ||
2039 | static struct cdev usb_device_cdev; | 2039 | static struct cdev usb_device_cdev; |
2040 | 2040 | ||
2041 | int __init usb_devio_init(void) | 2041 | int __init usb_devio_init(void) |
2042 | { | 2042 | { |
2043 | int retval; | 2043 | int retval; |
2044 | 2044 | ||
2045 | retval = register_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX, | 2045 | retval = register_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX, |
2046 | "usb_device"); | 2046 | "usb_device"); |
2047 | if (retval) { | 2047 | if (retval) { |
2048 | printk(KERN_ERR "Unable to register minors for usb_device\n"); | 2048 | printk(KERN_ERR "Unable to register minors for usb_device\n"); |
2049 | goto out; | 2049 | goto out; |
2050 | } | 2050 | } |
2051 | cdev_init(&usb_device_cdev, &usbdev_file_operations); | 2051 | cdev_init(&usb_device_cdev, &usbdev_file_operations); |
2052 | retval = cdev_add(&usb_device_cdev, USB_DEVICE_DEV, USB_DEVICE_MAX); | 2052 | retval = cdev_add(&usb_device_cdev, USB_DEVICE_DEV, USB_DEVICE_MAX); |
2053 | if (retval) { | 2053 | if (retval) { |
2054 | printk(KERN_ERR "Unable to get usb_device major %d\n", | 2054 | printk(KERN_ERR "Unable to get usb_device major %d\n", |
2055 | USB_DEVICE_MAJOR); | 2055 | USB_DEVICE_MAJOR); |
2056 | goto error_cdev; | 2056 | goto error_cdev; |
2057 | } | 2057 | } |
2058 | #ifdef CONFIG_USB_DEVICE_CLASS | 2058 | #ifdef CONFIG_USB_DEVICE_CLASS |
2059 | usb_classdev_class = class_create(THIS_MODULE, "usb_device"); | 2059 | usb_classdev_class = class_create(THIS_MODULE, "usb_device"); |
2060 | if (IS_ERR(usb_classdev_class)) { | 2060 | if (IS_ERR(usb_classdev_class)) { |
2061 | printk(KERN_ERR "Unable to register usb_device class\n"); | 2061 | printk(KERN_ERR "Unable to register usb_device class\n"); |
2062 | retval = PTR_ERR(usb_classdev_class); | 2062 | retval = PTR_ERR(usb_classdev_class); |
2063 | cdev_del(&usb_device_cdev); | 2063 | cdev_del(&usb_device_cdev); |
2064 | usb_classdev_class = NULL; | 2064 | usb_classdev_class = NULL; |
2065 | goto out; | 2065 | goto out; |
2066 | } | 2066 | } |
2067 | /* devices of this class shadow the major:minor of their parent | 2067 | /* devices of this class shadow the major:minor of their parent |
2068 | * device, so clear ->dev_kobj to prevent adding duplicate entries | 2068 | * device, so clear ->dev_kobj to prevent adding duplicate entries |
2069 | * to /sys/dev | 2069 | * to /sys/dev |
2070 | */ | 2070 | */ |
2071 | usb_classdev_class->dev_kobj = NULL; | 2071 | usb_classdev_class->dev_kobj = NULL; |
2072 | #endif | 2072 | #endif |
2073 | usb_register_notify(&usbdev_nb); | 2073 | usb_register_notify(&usbdev_nb); |
2074 | out: | 2074 | out: |
2075 | return retval; | 2075 | return retval; |
2076 | 2076 | ||
2077 | error_cdev: | 2077 | error_cdev: |
2078 | unregister_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX); | 2078 | unregister_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX); |
2079 | goto out; | 2079 | goto out; |
2080 | } | 2080 | } |
2081 | 2081 | ||
2082 | void usb_devio_cleanup(void) | 2082 | void usb_devio_cleanup(void) |
2083 | { | 2083 | { |
2084 | usb_unregister_notify(&usbdev_nb); | 2084 | usb_unregister_notify(&usbdev_nb); |
2085 | #ifdef CONFIG_USB_DEVICE_CLASS | 2085 | #ifdef CONFIG_USB_DEVICE_CLASS |
2086 | class_destroy(usb_classdev_class); | 2086 | class_destroy(usb_classdev_class); |
2087 | #endif | 2087 | #endif |
2088 | cdev_del(&usb_device_cdev); | 2088 | cdev_del(&usb_device_cdev); |
2089 | unregister_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX); | 2089 | unregister_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX); |
2090 | } | 2090 | } |
2091 | 2091 |