tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / drivers / usb / core / devio.c
at v2.6.14 1565 lines 41 kB view raw
1/*****************************************************************************/ 2 3/* 4 * devio.c -- User space communication with USB devices. 5 * 6 * Copyright (C) 1999-2000 Thomas Sailer (sailer@ife.ee.ethz.ch) 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 21 * 22 * $Id: devio.c,v 1.7 2000/02/01 17:28:48 fliegl Exp $ 23 * 24 * This file implements the usbfs/x/y files, where 25 * x is the bus number and y the device number. 26 * 27 * It allows user space programs/"drivers" to communicate directly 28 * with USB devices without intervening kernel driver. 29 * 30 * Revision history 31 * 22.12.1999 0.1 Initial release (split from proc_usb.c) 32 * 04.01.2000 0.2 Turned into its own filesystem 33 * 30.09.2005 0.3 Fix user-triggerable oops in async URB delivery 34 * (CAN-2005-3055) 35 */ 36 37/*****************************************************************************/ 38 39#include <linux/fs.h> 40#include <linux/mm.h> 41#include <linux/slab.h> 42#include <linux/smp_lock.h> 43#include <linux/signal.h> 44#include <linux/poll.h> 45#include <linux/module.h> 46#include <linux/usb.h> 47#include <linux/usbdevice_fs.h> 48#include <linux/cdev.h> 49#include <asm/uaccess.h> 50#include <asm/byteorder.h> 51#include <linux/moduleparam.h> 52 53#include "hcd.h" /* for usbcore internals */ 54#include "usb.h" 55 56#define USB_MAXBUS 64 57#define USB_DEVICE_MAX USB_MAXBUS * 128 58static struct class *usb_device_class; 59 60struct async { 61 struct list_head asynclist; 62 struct dev_state *ps; 63 pid_t pid; 64 uid_t uid, euid; 65 unsigned int signr; 66 unsigned int ifnum; 67 void __user *userbuffer; 68 void __user *userurb; 69 struct urb *urb; 70}; 71 72static int usbfs_snoop = 0; 73module_param (usbfs_snoop, bool, S_IRUGO | S_IWUSR); 74MODULE_PARM_DESC (usbfs_snoop, "true to log all usbfs traffic"); 75 76#define snoop(dev, format, arg...) \ 77 do { \ 78 if (usbfs_snoop) \ 79 dev_info( dev , format , ## arg); \ 80 } while (0) 81 82#define USB_DEVICE_DEV MKDEV(USB_DEVICE_MAJOR, 0) 83 84 85#define MAX_USBFS_BUFFER_SIZE 16384 86 87static inline int connected (struct usb_device *dev) 88{ 89 return dev->state != USB_STATE_NOTATTACHED; 90} 91 92static loff_t usbdev_lseek(struct file *file, loff_t offset, int orig) 93{ 94 loff_t ret; 95 96 lock_kernel(); 97 98 switch (orig) { 99 case 0: 100 file->f_pos = offset; 101 ret = file->f_pos; 102 break; 103 case 1: 104 file->f_pos += offset; 105 ret = file->f_pos; 106 break; 107 case 2: 108 default: 109 ret = -EINVAL; 110 } 111 112 unlock_kernel(); 113 return ret; 114} 115 116static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos) 117{ 118 struct dev_state *ps = (struct dev_state *)file->private_data; 119 struct usb_device *dev = ps->dev; 120 ssize_t ret = 0; 121 unsigned len; 122 loff_t pos; 123 int i; 124 125 pos = *ppos; 126 usb_lock_device(dev); 127 if (!connected(dev)) { 128 ret = -ENODEV; 129 goto err; 130 } else if (pos < 0) { 131 ret = -EINVAL; 132 goto err; 133 } 134 135 if (pos < sizeof(struct usb_device_descriptor)) { 136 struct usb_device_descriptor *desc = kmalloc(sizeof(*desc), GFP_KERNEL); 137 if (!desc) { 138 ret = -ENOMEM; 139 goto err; 140 } 141 memcpy(desc, &dev->descriptor, sizeof(dev->descriptor)); 142 le16_to_cpus(&desc->bcdUSB); 143 le16_to_cpus(&desc->idVendor); 144 le16_to_cpus(&desc->idProduct); 145 le16_to_cpus(&desc->bcdDevice); 146 147 len = sizeof(struct usb_device_descriptor) - pos; 148 if (len > nbytes) 149 len = nbytes; 150 if (copy_to_user(buf, ((char *)desc) + pos, len)) { 151 kfree(desc); 152 ret = -EFAULT; 153 goto err; 154 } 155 kfree(desc); 156 157 *ppos += len; 158 buf += len; 159 nbytes -= len; 160 ret += len; 161 } 162 163 pos = sizeof(struct usb_device_descriptor); 164 for (i = 0; nbytes && i < dev->descriptor.bNumConfigurations; i++) { 165 struct usb_config_descriptor *config = 166 (struct usb_config_descriptor *)dev->rawdescriptors[i]; 167 unsigned int length = le16_to_cpu(config->wTotalLength); 168 169 if (*ppos < pos + length) { 170 171 /* The descriptor may claim to be longer than it 172 * really is. Here is the actual allocated length. */ 173 unsigned alloclen = 174 le16_to_cpu(dev->config[i].desc.wTotalLength); 175 176 len = length - (*ppos - pos); 177 if (len > nbytes) 178 len = nbytes; 179 180 /* Simply don't write (skip over) unallocated parts */ 181 if (alloclen > (*ppos - pos)) { 182 alloclen -= (*ppos - pos); 183 if (copy_to_user(buf, 184 dev->rawdescriptors[i] + (*ppos - pos), 185 min(len, alloclen))) { 186 ret = -EFAULT; 187 goto err; 188 } 189 } 190 191 *ppos += len; 192 buf += len; 193 nbytes -= len; 194 ret += len; 195 } 196 197 pos += length; 198 } 199 200err: 201 usb_unlock_device(dev); 202 return ret; 203} 204 205/* 206 * async list handling 207 */ 208 209static struct async *alloc_async(unsigned int numisoframes) 210{ 211 unsigned int assize = sizeof(struct async) + numisoframes * sizeof(struct usb_iso_packet_descriptor); 212 struct async *as = kmalloc(assize, GFP_KERNEL); 213 if (!as) 214 return NULL; 215 memset(as, 0, assize); 216 as->urb = usb_alloc_urb(numisoframes, GFP_KERNEL); 217 if (!as->urb) { 218 kfree(as); 219 return NULL; 220 } 221 return as; 222} 223 224static void free_async(struct async *as) 225{ 226 kfree(as->urb->transfer_buffer); 227 kfree(as->urb->setup_packet); 228 usb_free_urb(as->urb); 229 kfree(as); 230} 231 232static inline void async_newpending(struct async *as) 233{ 234 struct dev_state *ps = as->ps; 235 unsigned long flags; 236 237 spin_lock_irqsave(&ps->lock, flags); 238 list_add_tail(&as->asynclist, &ps->async_pending); 239 spin_unlock_irqrestore(&ps->lock, flags); 240} 241 242static inline void async_removepending(struct async *as) 243{ 244 struct dev_state *ps = as->ps; 245 unsigned long flags; 246 247 spin_lock_irqsave(&ps->lock, flags); 248 list_del_init(&as->asynclist); 249 spin_unlock_irqrestore(&ps->lock, flags); 250} 251 252static inline struct async *async_getcompleted(struct dev_state *ps) 253{ 254 unsigned long flags; 255 struct async *as = NULL; 256 257 spin_lock_irqsave(&ps->lock, flags); 258 if (!list_empty(&ps->async_completed)) { 259 as = list_entry(ps->async_completed.next, struct async, asynclist); 260 list_del_init(&as->asynclist); 261 } 262 spin_unlock_irqrestore(&ps->lock, flags); 263 return as; 264} 265 266static inline struct async *async_getpending(struct dev_state *ps, void __user *userurb) 267{ 268 unsigned long flags; 269 struct async *as; 270 271 spin_lock_irqsave(&ps->lock, flags); 272 list_for_each_entry(as, &ps->async_pending, asynclist) 273 if (as->userurb == userurb) { 274 list_del_init(&as->asynclist); 275 spin_unlock_irqrestore(&ps->lock, flags); 276 return as; 277 } 278 spin_unlock_irqrestore(&ps->lock, flags); 279 return NULL; 280} 281 282static void async_completed(struct urb *urb, struct pt_regs *regs) 283{ 284 struct async *as = (struct async *)urb->context; 285 struct dev_state *ps = as->ps; 286 struct siginfo sinfo; 287 288 spin_lock(&ps->lock); 289 list_move_tail(&as->asynclist, &ps->async_completed); 290 spin_unlock(&ps->lock); 291 if (as->signr) { 292 sinfo.si_signo = as->signr; 293 sinfo.si_errno = as->urb->status; 294 sinfo.si_code = SI_ASYNCIO; 295 sinfo.si_addr = as->userurb; 296 kill_proc_info_as_uid(as->signr, &sinfo, as->pid, as->uid, 297 as->euid); 298 } 299 wake_up(&ps->wait); 300} 301 302static void destroy_async (struct dev_state *ps, struct list_head *list) 303{ 304 struct async *as; 305 unsigned long flags; 306 307 spin_lock_irqsave(&ps->lock, flags); 308 while (!list_empty(list)) { 309 as = list_entry(list->next, struct async, asynclist); 310 list_del_init(&as->asynclist); 311 312 /* drop the spinlock so the completion handler can run */ 313 spin_unlock_irqrestore(&ps->lock, flags); 314 usb_kill_urb(as->urb); 315 spin_lock_irqsave(&ps->lock, flags); 316 } 317 spin_unlock_irqrestore(&ps->lock, flags); 318 as = async_getcompleted(ps); 319 while (as) { 320 free_async(as); 321 as = async_getcompleted(ps); 322 } 323} 324 325static void destroy_async_on_interface (struct dev_state *ps, unsigned int ifnum) 326{ 327 struct list_head *p, *q, hitlist; 328 unsigned long flags; 329 330 INIT_LIST_HEAD(&hitlist); 331 spin_lock_irqsave(&ps->lock, flags); 332 list_for_each_safe(p, q, &ps->async_pending) 333 if (ifnum == list_entry(p, struct async, asynclist)->ifnum) 334 list_move_tail(p, &hitlist); 335 spin_unlock_irqrestore(&ps->lock, flags); 336 destroy_async(ps, &hitlist); 337} 338 339static inline void destroy_all_async(struct dev_state *ps) 340{ 341 destroy_async(ps, &ps->async_pending); 342} 343 344/* 345 * interface claims are made only at the request of user level code, 346 * which can also release them (explicitly or by closing files). 347 * they're also undone when devices disconnect. 348 */ 349 350static int driver_probe (struct usb_interface *intf, 351 const struct usb_device_id *id) 352{ 353 return -ENODEV; 354} 355 356static void driver_disconnect(struct usb_interface *intf) 357{ 358 struct dev_state *ps = usb_get_intfdata (intf); 359 unsigned int ifnum = intf->altsetting->desc.bInterfaceNumber; 360 361 if (!ps) 362 return; 363 364 /* NOTE: this relies on usbcore having canceled and completed 365 * all pending I/O requests; 2.6 does that. 366 */ 367 368 if (likely(ifnum < 8*sizeof(ps->ifclaimed))) 369 clear_bit(ifnum, &ps->ifclaimed); 370 else 371 warn("interface number %u out of range", ifnum); 372 373 usb_set_intfdata (intf, NULL); 374 375 /* force async requests to complete */ 376 destroy_async_on_interface(ps, ifnum); 377} 378 379struct usb_driver usbfs_driver = { 380 .owner = THIS_MODULE, 381 .name = "usbfs", 382 .probe = driver_probe, 383 .disconnect = driver_disconnect, 384}; 385 386static int claimintf(struct dev_state *ps, unsigned int ifnum) 387{ 388 struct usb_device *dev = ps->dev; 389 struct usb_interface *intf; 390 int err; 391 392 if (ifnum >= 8*sizeof(ps->ifclaimed)) 393 return -EINVAL; 394 /* already claimed */ 395 if (test_bit(ifnum, &ps->ifclaimed)) 396 return 0; 397 398 /* lock against other changes to driver bindings */ 399 down_write(&usb_bus_type.subsys.rwsem); 400 intf = usb_ifnum_to_if(dev, ifnum); 401 if (!intf) 402 err = -ENOENT; 403 else 404 err = usb_driver_claim_interface(&usbfs_driver, intf, ps); 405 up_write(&usb_bus_type.subsys.rwsem); 406 if (err == 0) 407 set_bit(ifnum, &ps->ifclaimed); 408 return err; 409} 410 411static int releaseintf(struct dev_state *ps, unsigned int ifnum) 412{ 413 struct usb_device *dev; 414 struct usb_interface *intf; 415 int err; 416 417 err = -EINVAL; 418 if (ifnum >= 8*sizeof(ps->ifclaimed)) 419 return err; 420 dev = ps->dev; 421 /* lock against other changes to driver bindings */ 422 down_write(&usb_bus_type.subsys.rwsem); 423 intf = usb_ifnum_to_if(dev, ifnum); 424 if (!intf) 425 err = -ENOENT; 426 else if (test_and_clear_bit(ifnum, &ps->ifclaimed)) { 427 usb_driver_release_interface(&usbfs_driver, intf); 428 err = 0; 429 } 430 up_write(&usb_bus_type.subsys.rwsem); 431 return err; 432} 433 434static int checkintf(struct dev_state *ps, unsigned int ifnum) 435{ 436 if (ps->dev->state != USB_STATE_CONFIGURED) 437 return -EHOSTUNREACH; 438 if (ifnum >= 8*sizeof(ps->ifclaimed)) 439 return -EINVAL; 440 if (test_bit(ifnum, &ps->ifclaimed)) 441 return 0; 442 /* if not yet claimed, claim it for the driver */ 443 dev_warn(&ps->dev->dev, "usbfs: process %d (%s) did not claim interface %u before use\n", 444 current->pid, current->comm, ifnum); 445 return claimintf(ps, ifnum); 446} 447 448static int findintfep(struct usb_device *dev, unsigned int ep) 449{ 450 unsigned int i, j, e; 451 struct usb_interface *intf; 452 struct usb_host_interface *alts; 453 struct usb_endpoint_descriptor *endpt; 454 455 if (ep & ~(USB_DIR_IN|0xf)) 456 return -EINVAL; 457 if (!dev->actconfig) 458 return -ESRCH; 459 for (i = 0; i < dev->actconfig->desc.bNumInterfaces; i++) { 460 intf = dev->actconfig->interface[i]; 461 for (j = 0; j < intf->num_altsetting; j++) { 462 alts = &intf->altsetting[j]; 463 for (e = 0; e < alts->desc.bNumEndpoints; e++) { 464 endpt = &alts->endpoint[e].desc; 465 if (endpt->bEndpointAddress == ep) 466 return alts->desc.bInterfaceNumber; 467 } 468 } 469 } 470 return -ENOENT; 471} 472 473static int check_ctrlrecip(struct dev_state *ps, unsigned int requesttype, unsigned int index) 474{ 475 int ret = 0; 476 477 if (ps->dev->state != USB_STATE_CONFIGURED) 478 return -EHOSTUNREACH; 479 if (USB_TYPE_VENDOR == (USB_TYPE_MASK & requesttype)) 480 return 0; 481 482 index &= 0xff; 483 switch (requesttype & USB_RECIP_MASK) { 484 case USB_RECIP_ENDPOINT: 485 if ((ret = findintfep(ps->dev, index)) >= 0) 486 ret = checkintf(ps, ret); 487 break; 488 489 case USB_RECIP_INTERFACE: 490 ret = checkintf(ps, index); 491 break; 492 } 493 return ret; 494} 495 496/* 497 * file operations 498 */ 499static int usbdev_open(struct inode *inode, struct file *file) 500{ 501 struct usb_device *dev = NULL; 502 struct dev_state *ps; 503 int ret; 504 505 /* 506 * no locking necessary here, as chrdev_open has the kernel lock 507 * (still acquire the kernel lock for safety) 508 */ 509 ret = -ENOMEM; 510 if (!(ps = kmalloc(sizeof(struct dev_state), GFP_KERNEL))) 511 goto out_nolock; 512 513 lock_kernel(); 514 ret = -ENOENT; 515 /* check if we are called from a real node or usbfs */ 516 if (imajor(inode) == USB_DEVICE_MAJOR) 517 dev = usbdev_lookup_minor(iminor(inode)); 518 if (!dev) 519 dev = inode->u.generic_ip; 520 if (!dev) { 521 kfree(ps); 522 goto out; 523 } 524 usb_get_dev(dev); 525 ret = 0; 526 ps->dev = dev; 527 ps->file = file; 528 spin_lock_init(&ps->lock); 529 INIT_LIST_HEAD(&ps->async_pending); 530 INIT_LIST_HEAD(&ps->async_completed); 531 init_waitqueue_head(&ps->wait); 532 ps->discsignr = 0; 533 ps->disc_pid = current->pid; 534 ps->disc_uid = current->uid; 535 ps->disc_euid = current->euid; 536 ps->disccontext = NULL; 537 ps->ifclaimed = 0; 538 wmb(); 539 list_add_tail(&ps->list, &dev->filelist); 540 file->private_data = ps; 541 out: 542 unlock_kernel(); 543 out_nolock: 544 return ret; 545} 546 547static int usbdev_release(struct inode *inode, struct file *file) 548{ 549 struct dev_state *ps = (struct dev_state *)file->private_data; 550 struct usb_device *dev = ps->dev; 551 unsigned int ifnum; 552 553 usb_lock_device(dev); 554 list_del_init(&ps->list); 555 for (ifnum = 0; ps->ifclaimed && ifnum < 8*sizeof(ps->ifclaimed); 556 ifnum++) { 557 if (test_bit(ifnum, &ps->ifclaimed)) 558 releaseintf(ps, ifnum); 559 } 560 destroy_all_async(ps); 561 usb_unlock_device(dev); 562 usb_put_dev(dev); 563 ps->dev = NULL; 564 kfree(ps); 565 return 0; 566} 567 568static int proc_control(struct dev_state *ps, void __user *arg) 569{ 570 struct usb_device *dev = ps->dev; 571 struct usbdevfs_ctrltransfer ctrl; 572 unsigned int tmo; 573 unsigned char *tbuf; 574 int i, j, ret; 575 576 if (copy_from_user(&ctrl, arg, sizeof(ctrl))) 577 return -EFAULT; 578 if ((ret = check_ctrlrecip(ps, ctrl.bRequestType, ctrl.wIndex))) 579 return ret; 580 if (ctrl.wLength > PAGE_SIZE) 581 return -EINVAL; 582 if (!(tbuf = (unsigned char *)__get_free_page(GFP_KERNEL))) 583 return -ENOMEM; 584 tmo = ctrl.timeout; 585 if (ctrl.bRequestType & 0x80) { 586 if (ctrl.wLength && !access_ok(VERIFY_WRITE, ctrl.data, ctrl.wLength)) { 587 free_page((unsigned long)tbuf); 588 return -EINVAL; 589 } 590 snoop(&dev->dev, "control read: bRequest=%02x " 591 "bRrequestType=%02x wValue=%04x " 592 "wIndex=%04x wLength=%04x\n", 593 ctrl.bRequest, ctrl.bRequestType, ctrl.wValue, 594 ctrl.wIndex, ctrl.wLength); 595 596 usb_unlock_device(dev); 597 i = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0), ctrl.bRequest, ctrl.bRequestType, 598 ctrl.wValue, ctrl.wIndex, tbuf, ctrl.wLength, tmo); 599 usb_lock_device(dev); 600 if ((i > 0) && ctrl.wLength) { 601 if (usbfs_snoop) { 602 dev_info(&dev->dev, "control read: data "); 603 for (j = 0; j < i; ++j) 604 printk ("%02x ", (unsigned char)(tbuf)[j]); 605 printk("\n"); 606 } 607 if (copy_to_user(ctrl.data, tbuf, i)) { 608 free_page((unsigned long)tbuf); 609 return -EFAULT; 610 } 611 } 612 } else { 613 if (ctrl.wLength) { 614 if (copy_from_user(tbuf, ctrl.data, ctrl.wLength)) { 615 free_page((unsigned long)tbuf); 616 return -EFAULT; 617 } 618 } 619 snoop(&dev->dev, "control write: bRequest=%02x " 620 "bRrequestType=%02x wValue=%04x " 621 "wIndex=%04x wLength=%04x\n", 622 ctrl.bRequest, ctrl.bRequestType, ctrl.wValue, 623 ctrl.wIndex, ctrl.wLength); 624 if (usbfs_snoop) { 625 dev_info(&dev->dev, "control write: data: "); 626 for (j = 0; j < ctrl.wLength; ++j) 627 printk ("%02x ", (unsigned char)(tbuf)[j]); 628 printk("\n"); 629 } 630 usb_unlock_device(dev); 631 i = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), ctrl.bRequest, ctrl.bRequestType, 632 ctrl.wValue, ctrl.wIndex, tbuf, ctrl.wLength, tmo); 633 usb_lock_device(dev); 634 } 635 free_page((unsigned long)tbuf); 636 if (i<0 && i != -EPIPE) { 637 dev_printk(KERN_DEBUG, &dev->dev, "usbfs: USBDEVFS_CONTROL " 638 "failed cmd %s rqt %u rq %u len %u ret %d\n", 639 current->comm, ctrl.bRequestType, ctrl.bRequest, 640 ctrl.wLength, i); 641 } 642 return i; 643} 644 645static int proc_bulk(struct dev_state *ps, void __user *arg) 646{ 647 struct usb_device *dev = ps->dev; 648 struct usbdevfs_bulktransfer bulk; 649 unsigned int tmo, len1, pipe; 650 int len2; 651 unsigned char *tbuf; 652 int i, ret; 653 654 if (copy_from_user(&bulk, arg, sizeof(bulk))) 655 return -EFAULT; 656 if ((ret = findintfep(ps->dev, bulk.ep)) < 0) 657 return ret; 658 if ((ret = checkintf(ps, ret))) 659 return ret; 660 if (bulk.ep & USB_DIR_IN) 661 pipe = usb_rcvbulkpipe(dev, bulk.ep & 0x7f); 662 else 663 pipe = usb_sndbulkpipe(dev, bulk.ep & 0x7f); 664 if (!usb_maxpacket(dev, pipe, !(bulk.ep & USB_DIR_IN))) 665 return -EINVAL; 666 len1 = bulk.len; 667 if (len1 > MAX_USBFS_BUFFER_SIZE) 668 return -EINVAL; 669 if (!(tbuf = kmalloc(len1, GFP_KERNEL))) 670 return -ENOMEM; 671 tmo = bulk.timeout; 672 if (bulk.ep & 0x80) { 673 if (len1 && !access_ok(VERIFY_WRITE, bulk.data, len1)) { 674 kfree(tbuf); 675 return -EINVAL; 676 } 677 usb_unlock_device(dev); 678 i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo); 679 usb_lock_device(dev); 680 if (!i && len2) { 681 if (copy_to_user(bulk.data, tbuf, len2)) { 682 kfree(tbuf); 683 return -EFAULT; 684 } 685 } 686 } else { 687 if (len1) { 688 if (copy_from_user(tbuf, bulk.data, len1)) { 689 kfree(tbuf); 690 return -EFAULT; 691 } 692 } 693 usb_unlock_device(dev); 694 i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo); 695 usb_lock_device(dev); 696 } 697 kfree(tbuf); 698 if (i < 0) 699 return i; 700 return len2; 701} 702 703static int proc_resetep(struct dev_state *ps, void __user *arg) 704{ 705 unsigned int ep; 706 int ret; 707 708 if (get_user(ep, (unsigned int __user *)arg)) 709 return -EFAULT; 710 if ((ret = findintfep(ps->dev, ep)) < 0) 711 return ret; 712 if ((ret = checkintf(ps, ret))) 713 return ret; 714 usb_settoggle(ps->dev, ep & 0xf, !(ep & USB_DIR_IN), 0); 715 return 0; 716} 717 718static int proc_clearhalt(struct dev_state *ps, void __user *arg) 719{ 720 unsigned int ep; 721 int pipe; 722 int ret; 723 724 if (get_user(ep, (unsigned int __user *)arg)) 725 return -EFAULT; 726 if ((ret = findintfep(ps->dev, ep)) < 0) 727 return ret; 728 if ((ret = checkintf(ps, ret))) 729 return ret; 730 if (ep & USB_DIR_IN) 731 pipe = usb_rcvbulkpipe(ps->dev, ep & 0x7f); 732 else 733 pipe = usb_sndbulkpipe(ps->dev, ep & 0x7f); 734 735 return usb_clear_halt(ps->dev, pipe); 736} 737 738 739static int proc_getdriver(struct dev_state *ps, void __user *arg) 740{ 741 struct usbdevfs_getdriver gd; 742 struct usb_interface *intf; 743 int ret; 744 745 if (copy_from_user(&gd, arg, sizeof(gd))) 746 return -EFAULT; 747 down_read(&usb_bus_type.subsys.rwsem); 748 intf = usb_ifnum_to_if(ps->dev, gd.interface); 749 if (!intf || !intf->dev.driver) 750 ret = -ENODATA; 751 else { 752 strncpy(gd.driver, intf->dev.driver->name, 753 sizeof(gd.driver)); 754 ret = (copy_to_user(arg, &gd, sizeof(gd)) ? -EFAULT : 0); 755 } 756 up_read(&usb_bus_type.subsys.rwsem); 757 return ret; 758} 759 760static int proc_connectinfo(struct dev_state *ps, void __user *arg) 761{ 762 struct usbdevfs_connectinfo ci; 763 764 ci.devnum = ps->dev->devnum; 765 ci.slow = ps->dev->speed == USB_SPEED_LOW; 766 if (copy_to_user(arg, &ci, sizeof(ci))) 767 return -EFAULT; 768 return 0; 769} 770 771static int proc_resetdevice(struct dev_state *ps) 772{ 773 return usb_reset_device(ps->dev); 774 775} 776 777static int proc_setintf(struct dev_state *ps, void __user *arg) 778{ 779 struct usbdevfs_setinterface setintf; 780 int ret; 781 782 if (copy_from_user(&setintf, arg, sizeof(setintf))) 783 return -EFAULT; 784 if ((ret = checkintf(ps, setintf.interface))) 785 return ret; 786 return usb_set_interface(ps->dev, setintf.interface, 787 setintf.altsetting); 788} 789 790static int proc_setconfig(struct dev_state *ps, void __user *arg) 791{ 792 unsigned int u; 793 int status = 0; 794 struct usb_host_config *actconfig; 795 796 if (get_user(u, (unsigned int __user *)arg)) 797 return -EFAULT; 798 799 actconfig = ps->dev->actconfig; 800 801 /* Don't touch the device if any interfaces are claimed. 802 * It could interfere with other drivers' operations, and if 803 * an interface is claimed by usbfs it could easily deadlock. 804 */ 805 if (actconfig) { 806 int i; 807 808 for (i = 0; i < actconfig->desc.bNumInterfaces; ++i) { 809 if (usb_interface_claimed(actconfig->interface[i])) { 810 dev_warn (&ps->dev->dev, 811 "usbfs: interface %d claimed by %s " 812 "while '%s' sets config #%d\n", 813 actconfig->interface[i] 814 ->cur_altsetting 815 ->desc.bInterfaceNumber, 816 actconfig->interface[i] 817 ->dev.driver->name, 818 current->comm, u); 819 status = -EBUSY; 820 break; 821 } 822 } 823 } 824 825 /* SET_CONFIGURATION is often abused as a "cheap" driver reset, 826 * so avoid usb_set_configuration()'s kick to sysfs 827 */ 828 if (status == 0) { 829 if (actconfig && actconfig->desc.bConfigurationValue == u) 830 status = usb_reset_configuration(ps->dev); 831 else 832 status = usb_set_configuration(ps->dev, u); 833 } 834 835 return status; 836} 837 838 839static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb, 840 struct usbdevfs_iso_packet_desc __user *iso_frame_desc, 841 void __user *arg) 842{ 843 struct usbdevfs_iso_packet_desc *isopkt = NULL; 844 struct usb_host_endpoint *ep; 845 struct async *as; 846 struct usb_ctrlrequest *dr = NULL; 847 unsigned int u, totlen, isofrmlen; 848 int ret, interval = 0, ifnum = -1; 849 850 if (uurb->flags & ~(USBDEVFS_URB_ISO_ASAP|USBDEVFS_URB_SHORT_NOT_OK| 851 URB_NO_FSBR|URB_ZERO_PACKET)) 852 return -EINVAL; 853 if (!uurb->buffer) 854 return -EINVAL; 855 if (uurb->signr != 0 && (uurb->signr < SIGRTMIN || uurb->signr > SIGRTMAX)) 856 return -EINVAL; 857 if (!(uurb->type == USBDEVFS_URB_TYPE_CONTROL && (uurb->endpoint & ~USB_ENDPOINT_DIR_MASK) == 0)) { 858 if ((ifnum = findintfep(ps->dev, uurb->endpoint)) < 0) 859 return ifnum; 860 if ((ret = checkintf(ps, ifnum))) 861 return ret; 862 } 863 if ((uurb->endpoint & USB_ENDPOINT_DIR_MASK) != 0) 864 ep = ps->dev->ep_in [uurb->endpoint & USB_ENDPOINT_NUMBER_MASK]; 865 else 866 ep = ps->dev->ep_out [uurb->endpoint & USB_ENDPOINT_NUMBER_MASK]; 867 if (!ep) 868 return -ENOENT; 869 switch(uurb->type) { 870 case USBDEVFS_URB_TYPE_CONTROL: 871 if ((ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) 872 != USB_ENDPOINT_XFER_CONTROL) 873 return -EINVAL; 874 /* min 8 byte setup packet, max arbitrary */ 875 if (uurb->buffer_length < 8 || uurb->buffer_length > PAGE_SIZE) 876 return -EINVAL; 877 if (!(dr = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL))) 878 return -ENOMEM; 879 if (copy_from_user(dr, uurb->buffer, 8)) { 880 kfree(dr); 881 return -EFAULT; 882 } 883 if (uurb->buffer_length < (le16_to_cpup(&dr->wLength) + 8)) { 884 kfree(dr); 885 return -EINVAL; 886 } 887 if ((ret = check_ctrlrecip(ps, dr->bRequestType, le16_to_cpup(&dr->wIndex)))) { 888 kfree(dr); 889 return ret; 890 } 891 uurb->endpoint = (uurb->endpoint & ~USB_ENDPOINT_DIR_MASK) | (dr->bRequestType & USB_ENDPOINT_DIR_MASK); 892 uurb->number_of_packets = 0; 893 uurb->buffer_length = le16_to_cpup(&dr->wLength); 894 uurb->buffer += 8; 895 if (!access_ok((uurb->endpoint & USB_DIR_IN) ? VERIFY_WRITE : VERIFY_READ, uurb->buffer, uurb->buffer_length)) { 896 kfree(dr); 897 return -EFAULT; 898 } 899 break; 900 901 case USBDEVFS_URB_TYPE_BULK: 902 switch (ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) { 903 case USB_ENDPOINT_XFER_CONTROL: 904 case USB_ENDPOINT_XFER_ISOC: 905 return -EINVAL; 906 /* allow single-shot interrupt transfers, at bogus rates */ 907 } 908 uurb->number_of_packets = 0; 909 if (uurb->buffer_length > MAX_USBFS_BUFFER_SIZE) 910 return -EINVAL; 911 if (!access_ok((uurb->endpoint & USB_DIR_IN) ? VERIFY_WRITE : VERIFY_READ, uurb->buffer, uurb->buffer_length)) 912 return -EFAULT; 913 break; 914 915 case USBDEVFS_URB_TYPE_ISO: 916 /* arbitrary limit */ 917 if (uurb->number_of_packets < 1 || uurb->number_of_packets > 128) 918 return -EINVAL; 919 if ((ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) 920 != USB_ENDPOINT_XFER_ISOC) 921 return -EINVAL; 922 interval = 1 << min (15, ep->desc.bInterval - 1); 923 isofrmlen = sizeof(struct usbdevfs_iso_packet_desc) * uurb->number_of_packets; 924 if (!(isopkt = kmalloc(isofrmlen, GFP_KERNEL))) 925 return -ENOMEM; 926 if (copy_from_user(isopkt, iso_frame_desc, isofrmlen)) { 927 kfree(isopkt); 928 return -EFAULT; 929 } 930 for (totlen = u = 0; u < uurb->number_of_packets; u++) { 931 if (isopkt[u].length > 1023) { 932 kfree(isopkt); 933 return -EINVAL; 934 } 935 totlen += isopkt[u].length; 936 } 937 if (totlen > 32768) { 938 kfree(isopkt); 939 return -EINVAL; 940 } 941 uurb->buffer_length = totlen; 942 break; 943 944 case USBDEVFS_URB_TYPE_INTERRUPT: 945 uurb->number_of_packets = 0; 946 if ((ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) 947 != USB_ENDPOINT_XFER_INT) 948 return -EINVAL; 949 if (ps->dev->speed == USB_SPEED_HIGH) 950 interval = 1 << min (15, ep->desc.bInterval - 1); 951 else 952 interval = ep->desc.bInterval; 953 if (uurb->buffer_length > MAX_USBFS_BUFFER_SIZE) 954 return -EINVAL; 955 if (!access_ok((uurb->endpoint & USB_DIR_IN) ? VERIFY_WRITE : VERIFY_READ, uurb->buffer, uurb->buffer_length)) 956 return -EFAULT; 957 break; 958 959 default: 960 return -EINVAL; 961 } 962 if (!(as = alloc_async(uurb->number_of_packets))) { 963 kfree(isopkt); 964 kfree(dr); 965 return -ENOMEM; 966 } 967 if (!(as->urb->transfer_buffer = kmalloc(uurb->buffer_length, GFP_KERNEL))) { 968 kfree(isopkt); 969 kfree(dr); 970 free_async(as); 971 return -ENOMEM; 972 } 973 as->urb->dev = ps->dev; 974 as->urb->pipe = (uurb->type << 30) | __create_pipe(ps->dev, uurb->endpoint & 0xf) | (uurb->endpoint & USB_DIR_IN); 975 as->urb->transfer_flags = uurb->flags; 976 as->urb->transfer_buffer_length = uurb->buffer_length; 977 as->urb->setup_packet = (unsigned char*)dr; 978 as->urb->start_frame = uurb->start_frame; 979 as->urb->number_of_packets = uurb->number_of_packets; 980 as->urb->interval = interval; 981 as->urb->context = as; 982 as->urb->complete = async_completed; 983 for (totlen = u = 0; u < uurb->number_of_packets; u++) { 984 as->urb->iso_frame_desc[u].offset = totlen; 985 as->urb->iso_frame_desc[u].length = isopkt[u].length; 986 totlen += isopkt[u].length; 987 } 988 kfree(isopkt); 989 as->ps = ps; 990 as->userurb = arg; 991 if (uurb->endpoint & USB_DIR_IN) 992 as->userbuffer = uurb->buffer; 993 else 994 as->userbuffer = NULL; 995 as->signr = uurb->signr; 996 as->ifnum = ifnum; 997 as->pid = current->pid; 998 as->uid = current->uid; 999 as->euid = current->euid; 1000 if (!(uurb->endpoint & USB_DIR_IN)) { 1001 if (copy_from_user(as->urb->transfer_buffer, uurb->buffer, as->urb->transfer_buffer_length)) { 1002 free_async(as); 1003 return -EFAULT; 1004 } 1005 } 1006 async_newpending(as); 1007 if ((ret = usb_submit_urb(as->urb, GFP_KERNEL))) { 1008 dev_printk(KERN_DEBUG, &ps->dev->dev, "usbfs: usb_submit_urb returned %d\n", ret); 1009 async_removepending(as); 1010 free_async(as); 1011 return ret; 1012 } 1013 return 0; 1014} 1015 1016static int proc_submiturb(struct dev_state *ps, void __user *arg) 1017{ 1018 struct usbdevfs_urb uurb; 1019 1020 if (copy_from_user(&uurb, arg, sizeof(uurb))) 1021 return -EFAULT; 1022 1023 return proc_do_submiturb(ps, &uurb, (((struct usbdevfs_urb __user *)arg)->iso_frame_desc), arg); 1024} 1025 1026static int proc_unlinkurb(struct dev_state *ps, void __user *arg) 1027{ 1028 struct async *as; 1029 1030 as = async_getpending(ps, arg); 1031 if (!as) 1032 return -EINVAL; 1033 usb_kill_urb(as->urb); 1034 return 0; 1035} 1036 1037static int processcompl(struct async *as, void __user * __user *arg) 1038{ 1039 struct urb *urb = as->urb; 1040 struct usbdevfs_urb __user *userurb = as->userurb; 1041 void __user *addr = as->userurb; 1042 unsigned int i; 1043 1044 if (as->userbuffer) 1045 if (copy_to_user(as->userbuffer, urb->transfer_buffer, urb->transfer_buffer_length)) 1046 return -EFAULT; 1047 if (put_user(urb->status, &userurb->status)) 1048 return -EFAULT; 1049 if (put_user(urb->actual_length, &userurb->actual_length)) 1050 return -EFAULT; 1051 if (put_user(urb->error_count, &userurb->error_count)) 1052 return -EFAULT; 1053 1054 if (usb_pipeisoc(urb->pipe)) { 1055 for (i = 0; i < urb->number_of_packets; i++) { 1056 if (put_user(urb->iso_frame_desc[i].actual_length, 1057 &userurb->iso_frame_desc[i].actual_length)) 1058 return -EFAULT; 1059 if (put_user(urb->iso_frame_desc[i].status, 1060 &userurb->iso_frame_desc[i].status)) 1061 return -EFAULT; 1062 } 1063 } 1064 1065 free_async(as); 1066 1067 if (put_user(addr, (void __user * __user *)arg)) 1068 return -EFAULT; 1069 return 0; 1070} 1071 1072static struct async* reap_as(struct dev_state *ps) 1073{ 1074 DECLARE_WAITQUEUE(wait, current); 1075 struct async *as = NULL; 1076 struct usb_device *dev = ps->dev; 1077 1078 add_wait_queue(&ps->wait, &wait); 1079 for (;;) { 1080 __set_current_state(TASK_INTERRUPTIBLE); 1081 if ((as = async_getcompleted(ps))) 1082 break; 1083 if (signal_pending(current)) 1084 break; 1085 usb_unlock_device(dev); 1086 schedule(); 1087 usb_lock_device(dev); 1088 } 1089 remove_wait_queue(&ps->wait, &wait); 1090 set_current_state(TASK_RUNNING); 1091 return as; 1092} 1093 1094static int proc_reapurb(struct dev_state *ps, void __user *arg) 1095{ 1096 struct async *as = reap_as(ps); 1097 if (as) 1098 return processcompl(as, (void __user * __user *)arg); 1099 if (signal_pending(current)) 1100 return -EINTR; 1101 return -EIO; 1102} 1103 1104static int proc_reapurbnonblock(struct dev_state *ps, void __user *arg) 1105{ 1106 struct async *as; 1107 1108 if (!(as = async_getcompleted(ps))) 1109 return -EAGAIN; 1110 return processcompl(as, (void __user * __user *)arg); 1111} 1112 1113#ifdef CONFIG_COMPAT 1114 1115static int get_urb32(struct usbdevfs_urb *kurb, 1116 struct usbdevfs_urb32 __user *uurb) 1117{ 1118 __u32 uptr; 1119 if (get_user(kurb->type, &uurb->type) || 1120 __get_user(kurb->endpoint, &uurb->endpoint) || 1121 __get_user(kurb->status, &uurb->status) || 1122 __get_user(kurb->flags, &uurb->flags) || 1123 __get_user(kurb->buffer_length, &uurb->buffer_length) || 1124 __get_user(kurb->actual_length, &uurb->actual_length) || 1125 __get_user(kurb->start_frame, &uurb->start_frame) || 1126 __get_user(kurb->number_of_packets, &uurb->number_of_packets) || 1127 __get_user(kurb->error_count, &uurb->error_count) || 1128 __get_user(kurb->signr, &uurb->signr)) 1129 return -EFAULT; 1130 1131 if (__get_user(uptr, &uurb->buffer)) 1132 return -EFAULT; 1133 kurb->buffer = compat_ptr(uptr); 1134 if (__get_user(uptr, &uurb->buffer)) 1135 return -EFAULT; 1136 kurb->usercontext = compat_ptr(uptr); 1137 1138 return 0; 1139} 1140 1141static int proc_submiturb_compat(struct dev_state *ps, void __user *arg) 1142{ 1143 struct usbdevfs_urb uurb; 1144 1145 if (get_urb32(&uurb,(struct usbdevfs_urb32 *)arg)) 1146 return -EFAULT; 1147 1148 return proc_do_submiturb(ps, &uurb, ((struct usbdevfs_urb32 __user *)arg)->iso_frame_desc, arg); 1149} 1150 1151static int processcompl_compat(struct async *as, void __user * __user *arg) 1152{ 1153 struct urb *urb = as->urb; 1154 struct usbdevfs_urb32 __user *userurb = as->userurb; 1155 void __user *addr = as->userurb; 1156 unsigned int i; 1157 1158 if (as->userbuffer) 1159 if (copy_to_user(as->userbuffer, urb->transfer_buffer, urb->transfer_buffer_length)) 1160 return -EFAULT; 1161 if (put_user(urb->status, &userurb->status)) 1162 return -EFAULT; 1163 if (put_user(urb->actual_length, &userurb->actual_length)) 1164 return -EFAULT; 1165 if (put_user(urb->error_count, &userurb->error_count)) 1166 return -EFAULT; 1167 1168 if (usb_pipeisoc(urb->pipe)) { 1169 for (i = 0; i < urb->number_of_packets; i++) { 1170 if (put_user(urb->iso_frame_desc[i].actual_length, 1171 &userurb->iso_frame_desc[i].actual_length)) 1172 return -EFAULT; 1173 if (put_user(urb->iso_frame_desc[i].status, 1174 &userurb->iso_frame_desc[i].status)) 1175 return -EFAULT; 1176 } 1177 } 1178 1179 free_async(as); 1180 if (put_user((u32)(u64)addr, (u32 __user *)arg)) 1181 return -EFAULT; 1182 return 0; 1183} 1184 1185static int proc_reapurb_compat(struct dev_state *ps, void __user *arg) 1186{ 1187 struct async *as = reap_as(ps); 1188 if (as) 1189 return processcompl_compat(as, (void __user * __user *)arg); 1190 if (signal_pending(current)) 1191 return -EINTR; 1192 return -EIO; 1193} 1194 1195static int proc_reapurbnonblock_compat(struct dev_state *ps, void __user *arg) 1196{ 1197 struct async *as; 1198 1199 if (!(as = async_getcompleted(ps))) 1200 return -EAGAIN; 1201 return processcompl_compat(as, (void __user * __user *)arg); 1202} 1203 1204#endif 1205 1206static int proc_disconnectsignal(struct dev_state *ps, void __user *arg) 1207{ 1208 struct usbdevfs_disconnectsignal ds; 1209 1210 if (copy_from_user(&ds, arg, sizeof(ds))) 1211 return -EFAULT; 1212 if (ds.signr != 0 && (ds.signr < SIGRTMIN || ds.signr > SIGRTMAX)) 1213 return -EINVAL; 1214 ps->discsignr = ds.signr; 1215 ps->disccontext = ds.context; 1216 return 0; 1217} 1218 1219static int proc_claiminterface(struct dev_state *ps, void __user *arg) 1220{ 1221 unsigned int ifnum; 1222 1223 if (get_user(ifnum, (unsigned int __user *)arg)) 1224 return -EFAULT; 1225 return claimintf(ps, ifnum); 1226} 1227 1228static int proc_releaseinterface(struct dev_state *ps, void __user *arg) 1229{ 1230 unsigned int ifnum; 1231 int ret; 1232 1233 if (get_user(ifnum, (unsigned int __user *)arg)) 1234 return -EFAULT; 1235 if ((ret = releaseintf(ps, ifnum)) < 0) 1236 return ret; 1237 destroy_async_on_interface (ps, ifnum); 1238 return 0; 1239} 1240 1241static int proc_ioctl (struct dev_state *ps, void __user *arg) 1242{ 1243 struct usbdevfs_ioctl ctrl; 1244 int size; 1245 void *buf = NULL; 1246 int retval = 0; 1247 struct usb_interface *intf = NULL; 1248 struct usb_driver *driver = NULL; 1249 1250 /* get input parameters and alloc buffer */ 1251 if (copy_from_user(&ctrl, arg, sizeof (ctrl))) 1252 return -EFAULT; 1253 if ((size = _IOC_SIZE (ctrl.ioctl_code)) > 0) { 1254 if ((buf = kmalloc (size, GFP_KERNEL)) == NULL) 1255 return -ENOMEM; 1256 if ((_IOC_DIR(ctrl.ioctl_code) & _IOC_WRITE)) { 1257 if (copy_from_user (buf, ctrl.data, size)) { 1258 kfree(buf); 1259 return -EFAULT; 1260 } 1261 } else { 1262 memset (buf, 0, size); 1263 } 1264 } 1265 1266 if (!connected(ps->dev)) { 1267 kfree(buf); 1268 return -ENODEV; 1269 } 1270 1271 if (ps->dev->state != USB_STATE_CONFIGURED) 1272 retval = -EHOSTUNREACH; 1273 else if (!(intf = usb_ifnum_to_if (ps->dev, ctrl.ifno))) 1274 retval = -EINVAL; 1275 else switch (ctrl.ioctl_code) { 1276 1277 /* disconnect kernel driver from interface */ 1278 case USBDEVFS_DISCONNECT: 1279 1280 down_write(&usb_bus_type.subsys.rwsem); 1281 if (intf->dev.driver) { 1282 driver = to_usb_driver(intf->dev.driver); 1283 dev_dbg (&intf->dev, "disconnect by usbfs\n"); 1284 usb_driver_release_interface(driver, intf); 1285 } else 1286 retval = -ENODATA; 1287 up_write(&usb_bus_type.subsys.rwsem); 1288 break; 1289 1290 /* let kernel drivers try to (re)bind to the interface */ 1291 case USBDEVFS_CONNECT: 1292 usb_unlock_device(ps->dev); 1293 usb_lock_all_devices(); 1294 bus_rescan_devices(intf->dev.bus); 1295 usb_unlock_all_devices(); 1296 usb_lock_device(ps->dev); 1297 break; 1298 1299 /* talk directly to the interface's driver */ 1300 default: 1301 down_read(&usb_bus_type.subsys.rwsem); 1302 if (intf->dev.driver) 1303 driver = to_usb_driver(intf->dev.driver); 1304 if (driver == NULL || driver->ioctl == NULL) { 1305 retval = -ENOTTY; 1306 } else { 1307 retval = driver->ioctl (intf, ctrl.ioctl_code, buf); 1308 if (retval == -ENOIOCTLCMD) 1309 retval = -ENOTTY; 1310 } 1311 up_read(&usb_bus_type.subsys.rwsem); 1312 } 1313 1314 /* cleanup and return */ 1315 if (retval >= 0 1316 && (_IOC_DIR (ctrl.ioctl_code) & _IOC_READ) != 0 1317 && size > 0 1318 && copy_to_user (ctrl.data, buf, size) != 0) 1319 retval = -EFAULT; 1320 1321 kfree(buf); 1322 return retval; 1323} 1324 1325/* 1326 * NOTE: All requests here that have interface numbers as parameters 1327 * are assuming that somehow the configuration has been prevented from 1328 * changing. But there's no mechanism to ensure that... 1329 */ 1330static int usbdev_ioctl(struct inode *inode, struct file *file, unsigned int cmd, unsigned long arg) 1331{ 1332 struct dev_state *ps = (struct dev_state *)file->private_data; 1333 struct usb_device *dev = ps->dev; 1334 void __user *p = (void __user *)arg; 1335 int ret = -ENOTTY; 1336 1337 if (!(file->f_mode & FMODE_WRITE)) 1338 return -EPERM; 1339 usb_lock_device(dev); 1340 if (!connected(dev)) { 1341 usb_unlock_device(dev); 1342 return -ENODEV; 1343 } 1344 1345 switch (cmd) { 1346 case USBDEVFS_CONTROL: 1347 snoop(&dev->dev, "%s: CONTROL\n", __FUNCTION__); 1348 ret = proc_control(ps, p); 1349 if (ret >= 0) 1350 inode->i_mtime = CURRENT_TIME; 1351 break; 1352 1353 case USBDEVFS_BULK: 1354 snoop(&dev->dev, "%s: BULK\n", __FUNCTION__); 1355 ret = proc_bulk(ps, p); 1356 if (ret >= 0) 1357 inode->i_mtime = CURRENT_TIME; 1358 break; 1359 1360 case USBDEVFS_RESETEP: 1361 snoop(&dev->dev, "%s: RESETEP\n", __FUNCTION__); 1362 ret = proc_resetep(ps, p); 1363 if (ret >= 0) 1364 inode->i_mtime = CURRENT_TIME; 1365 break; 1366 1367 case USBDEVFS_RESET: 1368 snoop(&dev->dev, "%s: RESET\n", __FUNCTION__); 1369 ret = proc_resetdevice(ps); 1370 break; 1371 1372 case USBDEVFS_CLEAR_HALT: 1373 snoop(&dev->dev, "%s: CLEAR_HALT\n", __FUNCTION__); 1374 ret = proc_clearhalt(ps, p); 1375 if (ret >= 0) 1376 inode->i_mtime = CURRENT_TIME; 1377 break; 1378 1379 case USBDEVFS_GETDRIVER: 1380 snoop(&dev->dev, "%s: GETDRIVER\n", __FUNCTION__); 1381 ret = proc_getdriver(ps, p); 1382 break; 1383 1384 case USBDEVFS_CONNECTINFO: 1385 snoop(&dev->dev, "%s: CONNECTINFO\n", __FUNCTION__); 1386 ret = proc_connectinfo(ps, p); 1387 break; 1388 1389 case USBDEVFS_SETINTERFACE: 1390 snoop(&dev->dev, "%s: SETINTERFACE\n", __FUNCTION__); 1391 ret = proc_setintf(ps, p); 1392 break; 1393 1394 case USBDEVFS_SETCONFIGURATION: 1395 snoop(&dev->dev, "%s: SETCONFIGURATION\n", __FUNCTION__); 1396 ret = proc_setconfig(ps, p); 1397 break; 1398 1399 case USBDEVFS_SUBMITURB: 1400 snoop(&dev->dev, "%s: SUBMITURB\n", __FUNCTION__); 1401 ret = proc_submiturb(ps, p); 1402 if (ret >= 0) 1403 inode->i_mtime = CURRENT_TIME; 1404 break; 1405 1406#ifdef CONFIG_COMPAT 1407 1408 case USBDEVFS_SUBMITURB32: 1409 snoop(&dev->dev, "%s: SUBMITURB32\n", __FUNCTION__); 1410 ret = proc_submiturb_compat(ps, p); 1411 if (ret >= 0) 1412 inode->i_mtime = CURRENT_TIME; 1413 break; 1414 1415 case USBDEVFS_REAPURB32: 1416 snoop(&dev->dev, "%s: REAPURB32\n", __FUNCTION__); 1417 ret = proc_reapurb_compat(ps, p); 1418 break; 1419 1420 case USBDEVFS_REAPURBNDELAY32: 1421 snoop(&dev->dev, "%s: REAPURBDELAY32\n", __FUNCTION__); 1422 ret = proc_reapurbnonblock_compat(ps, p); 1423 break; 1424 1425#endif 1426 1427 case USBDEVFS_DISCARDURB: 1428 snoop(&dev->dev, "%s: DISCARDURB\n", __FUNCTION__); 1429 ret = proc_unlinkurb(ps, p); 1430 break; 1431 1432 case USBDEVFS_REAPURB: 1433 snoop(&dev->dev, "%s: REAPURB\n", __FUNCTION__); 1434 ret = proc_reapurb(ps, p); 1435 break; 1436 1437 case USBDEVFS_REAPURBNDELAY: 1438 snoop(&dev->dev, "%s: REAPURBDELAY\n", __FUNCTION__); 1439 ret = proc_reapurbnonblock(ps, p); 1440 break; 1441 1442 case USBDEVFS_DISCSIGNAL: 1443 snoop(&dev->dev, "%s: DISCSIGNAL\n", __FUNCTION__); 1444 ret = proc_disconnectsignal(ps, p); 1445 break; 1446 1447 case USBDEVFS_CLAIMINTERFACE: 1448 snoop(&dev->dev, "%s: CLAIMINTERFACE\n", __FUNCTION__); 1449 ret = proc_claiminterface(ps, p); 1450 break; 1451 1452 case USBDEVFS_RELEASEINTERFACE: 1453 snoop(&dev->dev, "%s: RELEASEINTERFACE\n", __FUNCTION__); 1454 ret = proc_releaseinterface(ps, p); 1455 break; 1456 1457 case USBDEVFS_IOCTL: 1458 snoop(&dev->dev, "%s: IOCTL\n", __FUNCTION__); 1459 ret = proc_ioctl(ps, p); 1460 break; 1461 } 1462 usb_unlock_device(dev); 1463 if (ret >= 0) 1464 inode->i_atime = CURRENT_TIME; 1465 return ret; 1466} 1467 1468/* No kernel lock - fine */ 1469static unsigned int usbdev_poll(struct file *file, struct poll_table_struct *wait) 1470{ 1471 struct dev_state *ps = (struct dev_state *)file->private_data; 1472 unsigned int mask = 0; 1473 1474 poll_wait(file, &ps->wait, wait); 1475 if (file->f_mode & FMODE_WRITE && !list_empty(&ps->async_completed)) 1476 mask |= POLLOUT | POLLWRNORM; 1477 if (!connected(ps->dev)) 1478 mask |= POLLERR | POLLHUP; 1479 return mask; 1480} 1481 1482struct file_operations usbfs_device_file_operations = { 1483 .llseek = usbdev_lseek, 1484 .read = usbdev_read, 1485 .poll = usbdev_poll, 1486 .ioctl = usbdev_ioctl, 1487 .open = usbdev_open, 1488 .release = usbdev_release, 1489}; 1490 1491struct usb_device *usbdev_lookup_minor(int minor) 1492{ 1493 struct class_device *class_dev; 1494 struct usb_device *dev = NULL; 1495 1496 down(&usb_device_class->sem); 1497 list_for_each_entry(class_dev, &usb_device_class->children, node) { 1498 if (class_dev->devt == MKDEV(USB_DEVICE_MAJOR, minor)) { 1499 dev = class_dev->class_data; 1500 break; 1501 } 1502 } 1503 up(&usb_device_class->sem); 1504 1505 return dev; 1506}; 1507 1508void usbdev_add(struct usb_device *dev) 1509{ 1510 int minor = ((dev->bus->busnum-1) * 128) + (dev->devnum-1); 1511 1512 dev->class_dev = class_device_create(usb_device_class, 1513 MKDEV(USB_DEVICE_MAJOR, minor), &dev->dev, 1514 "usbdev%d.%d", dev->bus->busnum, dev->devnum); 1515 1516 dev->class_dev->class_data = dev; 1517} 1518 1519void usbdev_remove(struct usb_device *dev) 1520{ 1521 class_device_unregister(dev->class_dev); 1522} 1523 1524static struct cdev usb_device_cdev = { 1525 .kobj = {.name = "usb_device", }, 1526 .owner = THIS_MODULE, 1527}; 1528 1529int __init usbdev_init(void) 1530{ 1531 int retval; 1532 1533 retval = register_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX, 1534 "usb_device"); 1535 if (retval) { 1536 err("unable to register minors for usb_device"); 1537 goto out; 1538 } 1539 cdev_init(&usb_device_cdev, &usbfs_device_file_operations); 1540 retval = cdev_add(&usb_device_cdev, USB_DEVICE_DEV, USB_DEVICE_MAX); 1541 if (retval) { 1542 err("unable to get usb_device major %d", USB_DEVICE_MAJOR); 1543 unregister_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX); 1544 goto out; 1545 } 1546 usb_device_class = class_create(THIS_MODULE, "usb_device"); 1547 if (IS_ERR(usb_device_class)) { 1548 err("unable to register usb_device class"); 1549 retval = PTR_ERR(usb_device_class); 1550 usb_device_class = NULL; 1551 cdev_del(&usb_device_cdev); 1552 unregister_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX); 1553 } 1554 1555out: 1556 return retval; 1557} 1558 1559void usbdev_cleanup(void) 1560{ 1561 class_destroy(usb_device_class); 1562 cdev_del(&usb_device_cdev); 1563 unregister_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX); 1564} 1565