commit 04e482ffd81437e7f551373d56c72c237e163000 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

fork atom

USB: fix codingstyle issues in drivers/usb/core/devio.c

Fixes a number of coding style issues in the devio.c file.

Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

Greg Kroah-Hartman 18 years ago 04e482ff 376c0d3f

+187 -144

1 changed file

expand all

unified split

drivers

usb

core

devio.c

+187 -144

drivers/usb/core/devio.c

··· 75 u32 secid; 76 }; 77 78 - static int usbfs_snoop = 0; 79 - module_param (usbfs_snoop, bool, S_IRUGO | S_IWUSR); 80 - MODULE_PARM_DESC (usbfs_snoop, "true to log all usbfs traffic"); 81 82 #define snoop(dev, format, arg...) \ 83 do { \ 84 if (usbfs_snoop) \ 85 - dev_info( dev , format , ## arg); \ 86 } while (0) 87 88 #define USB_DEVICE_DEV MKDEV(USB_DEVICE_MAJOR, 0) ··· 90 91 #define MAX_USBFS_BUFFER_SIZE 16384 92 93 - static inline int connected (struct dev_state *ps) 94 { 95 return (!list_empty(&ps->list) && 96 ps->dev->state != USB_STATE_NOTATTACHED); ··· 120 return ret; 121 } 122 123 - static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos) 124 { 125 struct dev_state *ps = file->private_data; 126 struct usb_device *dev = ps->dev; ··· 141 } 142 143 if (pos < sizeof(struct usb_device_descriptor)) { 144 - struct usb_device_descriptor temp_desc ; /* 18 bytes - fits on the stack */ 145 146 memcpy(&temp_desc, &dev->descriptor, sizeof(dev->descriptor)); 147 le16_to_cpus(&temp_desc.bcdUSB); ··· 215 struct async *as; 216 217 as = kzalloc(sizeof(struct async), GFP_KERNEL); 218 - if (!as) 219 - return NULL; 220 as->urb = usb_alloc_urb(numisoframes, GFP_KERNEL); 221 if (!as->urb) { 222 kfree(as); 223 return NULL; 224 } 225 - return as; 226 } 227 228 static void free_async(struct async *as) ··· 236 237 static inline void async_newpending(struct async *as) 238 { 239 - struct dev_state *ps = as->ps; 240 - unsigned long flags; 241 - 242 - spin_lock_irqsave(&ps->lock, flags); 243 - list_add_tail(&as->asynclist, &ps->async_pending); 244 - spin_unlock_irqrestore(&ps->lock, flags); 245 } 246 247 static inline void async_removepending(struct async *as) 248 { 249 - struct dev_state *ps = as->ps; 250 - unsigned long flags; 251 - 252 - spin_lock_irqsave(&ps->lock, flags); 253 - list_del_init(&as->asynclist); 254 - spin_unlock_irqrestore(&ps->lock, flags); 255 } 256 257 static inline struct async *async_getcompleted(struct dev_state *ps) 258 { 259 - unsigned long flags; 260 - struct async *as = NULL; 261 262 - spin_lock_irqsave(&ps->lock, flags); 263 - if (!list_empty(&ps->async_completed)) { 264 - as = list_entry(ps->async_completed.next, struct async, asynclist); 265 - list_del_init(&as->asynclist); 266 - } 267 - spin_unlock_irqrestore(&ps->lock, flags); 268 - return as; 269 } 270 271 - static inline struct async *async_getpending(struct dev_state *ps, void __user *userurb) 272 { 273 - unsigned long flags; 274 - struct async *as; 275 276 - spin_lock_irqsave(&ps->lock, flags); 277 list_for_each_entry(as, &ps->async_pending, asynclist) 278 if (as->userurb == userurb) { 279 list_del_init(&as->asynclist); 280 spin_unlock_irqrestore(&ps->lock, flags); 281 return as; 282 } 283 - spin_unlock_irqrestore(&ps->lock, flags); 284 - return NULL; 285 } 286 287 static void snoop_urb(struct urb *urb, void __user *userurb) ··· 302 dev_info(&urb->dev->dev, "actual_length=%d\n", urb->actual_length); 303 dev_info(&urb->dev->dev, "data: "); 304 for (j = 0; j < urb->transfer_buffer_length; ++j) 305 - printk ("%02x ", data[j]); 306 printk("\n"); 307 } 308 309 static void async_completed(struct urb *urb) 310 { 311 - struct async *as = urb->context; 312 - struct dev_state *ps = as->ps; 313 struct siginfo sinfo; 314 315 - spin_lock(&ps->lock); 316 - list_move_tail(&as->asynclist, &ps->async_completed); 317 - spin_unlock(&ps->lock); 318 as->status = urb->status; 319 if (as->signr) { 320 sinfo.si_signo = as->signr; ··· 329 wake_up(&ps->wait); 330 } 331 332 - static void destroy_async (struct dev_state *ps, struct list_head *list) 333 { 334 struct async *as; 335 unsigned long flags; ··· 352 } 353 } 354 355 - static void destroy_async_on_interface (struct dev_state *ps, unsigned int ifnum) 356 { 357 struct list_head *p, *q, hitlist; 358 unsigned long flags; ··· 369 370 static inline void destroy_all_async(struct dev_state *ps) 371 { 372 - destroy_async(ps, &ps->async_pending); 373 } 374 375 /* ··· 378 * they're also undone when devices disconnect. 379 */ 380 381 - static int driver_probe (struct usb_interface *intf, 382 - const struct usb_device_id *id) 383 { 384 return -ENODEV; 385 } 386 387 static void driver_disconnect(struct usb_interface *intf) 388 { 389 - struct dev_state *ps = usb_get_intfdata (intf); 390 unsigned int ifnum = intf->altsetting->desc.bInterfaceNumber; 391 392 if (!ps) ··· 401 else 402 warn("interface number %u out of range", ifnum); 403 404 - usb_set_intfdata (intf, NULL); 405 406 /* force async requests to complete */ 407 destroy_async_on_interface(ps, ifnum); ··· 479 if (test_bit(ifnum, &ps->ifclaimed)) 480 return 0; 481 /* if not yet claimed, claim it for the driver */ 482 - dev_warn(&ps->dev->dev, "usbfs: process %d (%s) did not claim interface %u before use\n", 483 - task_pid_nr(current), current->comm, ifnum); 484 return claimintf(ps, ifnum); 485 } 486 487 static int findintfep(struct usb_device *dev, unsigned int ep) 488 { 489 unsigned int i, j, e; 490 - struct usb_interface *intf; 491 struct usb_host_interface *alts; 492 struct usb_endpoint_descriptor *endpt; 493 ··· 499 for (i = 0; i < dev->actconfig->desc.bNumInterfaces; i++) { 500 intf = dev->actconfig->interface[i]; 501 for (j = 0; j < intf->num_altsetting; j++) { 502 - alts = &intf->altsetting[j]; 503 for (e = 0; e < alts->desc.bNumEndpoints; e++) { 504 endpt = &alts->endpoint[e].desc; 505 if (endpt->bEndpointAddress == ep) ··· 507 } 508 } 509 } 510 - return -ENOENT; 511 } 512 513 - static int check_ctrlrecip(struct dev_state *ps, unsigned int requesttype, unsigned int index) 514 { 515 int ret = 0; 516 ··· 524 index &= 0xff; 525 switch (requesttype & USB_RECIP_MASK) { 526 case USB_RECIP_ENDPOINT: 527 - if ((ret = findintfep(ps->dev, index)) >= 0) 528 ret = checkintf(ps, ret); 529 break; 530 ··· 569 mutex_lock(&usbfs_mutex); 570 571 ret = -ENOMEM; 572 - if (!(ps = kmalloc(sizeof(struct dev_state), GFP_KERNEL))) 573 goto out; 574 575 ret = -ENOENT; ··· 651 652 if (copy_from_user(&ctrl, arg, sizeof(ctrl))) 653 return -EFAULT; 654 - if ((ret = check_ctrlrecip(ps, ctrl.bRequestType, ctrl.wIndex))) 655 return ret; 656 if (ctrl.wLength > PAGE_SIZE) 657 return -EINVAL; 658 - if (!(tbuf = (unsigned char *)__get_free_page(GFP_KERNEL))) 659 return -ENOMEM; 660 tmo = ctrl.timeout; 661 if (ctrl.bRequestType & 0x80) { 662 - if (ctrl.wLength && !access_ok(VERIFY_WRITE, ctrl.data, ctrl.wLength)) { 663 free_page((unsigned long)tbuf); 664 return -EINVAL; 665 } ··· 673 ctrl.wIndex, ctrl.wLength); 674 675 usb_unlock_device(dev); 676 - i = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0), ctrl.bRequest, ctrl.bRequestType, 677 - ctrl.wValue, ctrl.wIndex, tbuf, ctrl.wLength, tmo); 678 usb_lock_device(dev); 679 if ((i > 0) && ctrl.wLength) { 680 if (usbfs_snoop) { 681 dev_info(&dev->dev, "control read: data "); 682 for (j = 0; j < i; ++j) 683 - printk("%02x ", (unsigned char)(tbuf)[j]); 684 printk("\n"); 685 } 686 if (copy_to_user(ctrl.data, tbuf, i)) { ··· 708 printk("\n"); 709 } 710 usb_unlock_device(dev); 711 - i = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), ctrl.bRequest, ctrl.bRequestType, 712 - ctrl.wValue, ctrl.wIndex, tbuf, ctrl.wLength, tmo); 713 usb_lock_device(dev); 714 } 715 free_page((unsigned long)tbuf); 716 - if (i<0 && i != -EPIPE) { 717 dev_printk(KERN_DEBUG, &dev->dev, "usbfs: USBDEVFS_CONTROL " 718 "failed cmd %s rqt %u rq %u len %u ret %d\n", 719 current->comm, ctrl.bRequestType, ctrl.bRequest, ··· 734 735 if (copy_from_user(&bulk, arg, sizeof(bulk))) 736 return -EFAULT; 737 - if ((ret = findintfep(ps->dev, bulk.ep)) < 0) 738 return ret; 739 - if ((ret = checkintf(ps, ret))) 740 return ret; 741 if (bulk.ep & USB_DIR_IN) 742 pipe = usb_rcvbulkpipe(dev, bulk.ep & 0x7f); ··· 766 if (usbfs_snoop) { 767 dev_info(&dev->dev, "bulk read: data "); 768 for (j = 0; j < len2; ++j) 769 - printk("%02x ", (unsigned char)(tbuf)[j]); 770 printk("\n"); 771 } 772 if (copy_to_user(bulk.data, tbuf, len2)) { ··· 806 807 if (get_user(ep, (unsigned int __user *)arg)) 808 return -EFAULT; 809 - if ((ret = findintfep(ps->dev, ep)) < 0) 810 return ret; 811 - if ((ret = checkintf(ps, ret))) 812 return ret; 813 usb_settoggle(ps->dev, ep & 0xf, !(ep & USB_DIR_IN), 0); 814 return 0; ··· 824 825 if (get_user(ep, (unsigned int __user *)arg)) 826 return -EFAULT; 827 - if ((ret = findintfep(ps->dev, ep)) < 0) 828 return ret; 829 - if ((ret = checkintf(ps, ret))) 830 return ret; 831 if (ep & USB_DIR_IN) 832 - pipe = usb_rcvbulkpipe(ps->dev, ep & 0x7f); 833 - else 834 - pipe = usb_sndbulkpipe(ps->dev, ep & 0x7f); 835 836 return usb_clear_halt(ps->dev, pipe); 837 } 838 - 839 840 static int proc_getdriver(struct dev_state *ps, void __user *arg) 841 { ··· 890 { 891 int u; 892 int status = 0; 893 - struct usb_host_config *actconfig; 894 895 if (get_user(u, (int __user *)arg)) 896 return -EFAULT; 897 898 - actconfig = ps->dev->actconfig; 899 - 900 - /* Don't touch the device if any interfaces are claimed. 901 - * It could interfere with other drivers' operations, and if 902 * an interface is claimed by usbfs it could easily deadlock. 903 */ 904 - if (actconfig) { 905 - int i; 906 - 907 - for (i = 0; i < actconfig->desc.bNumInterfaces; ++i) { 908 - if (usb_interface_claimed(actconfig->interface[i])) { 909 - dev_warn (&ps->dev->dev, 910 "usbfs: interface %d claimed by %s " 911 "while '%s' sets config #%d\n", 912 actconfig->interface[i] ··· 915 actconfig->interface[i] 916 ->dev.driver->name, 917 current->comm, u); 918 - status = -EBUSY; 919 break; 920 } 921 - } 922 - } 923 924 /* SET_CONFIGURATION is often abused as a "cheap" driver reset, 925 * so avoid usb_set_configuration()'s kick to sysfs ··· 935 } 936 937 static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb, 938 - struct usbdevfs_iso_packet_desc __user *iso_frame_desc, 939 - void __user *arg) 940 { 941 struct usbdevfs_iso_packet_desc *isopkt = NULL; 942 struct usb_host_endpoint *ep; ··· 951 return -EINVAL; 952 if (!uurb->buffer) 953 return -EINVAL; 954 - if (uurb->signr != 0 && (uurb->signr < SIGRTMIN || uurb->signr > SIGRTMAX)) 955 return -EINVAL; 956 - if (!(uurb->type == USBDEVFS_URB_TYPE_CONTROL && (uurb->endpoint & ~USB_ENDPOINT_DIR_MASK) == 0)) { 957 - if ((ifnum = findintfep(ps->dev, uurb->endpoint)) < 0) 958 return ifnum; 959 - if ((ret = checkintf(ps, ifnum))) 960 return ret; 961 } 962 if ((uurb->endpoint & USB_ENDPOINT_DIR_MASK) != 0) { ··· 976 case USBDEVFS_URB_TYPE_CONTROL: 977 if (!usb_endpoint_xfer_control(&ep->desc)) 978 return -EINVAL; 979 - /* min 8 byte setup packet, max 8 byte setup plus an arbitrary data stage */ 980 - if (uurb->buffer_length < 8 || uurb->buffer_length > (8 + MAX_USBFS_BUFFER_SIZE)) 981 return -EINVAL; 982 - if (!(dr = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL))) 983 return -ENOMEM; 984 if (copy_from_user(dr, uurb->buffer, 8)) { 985 kfree(dr); ··· 992 kfree(dr); 993 return -EINVAL; 994 } 995 - if ((ret = check_ctrlrecip(ps, dr->bRequestType, le16_to_cpup(&dr->wIndex)))) { 996 kfree(dr); 997 return ret; 998 } ··· 1040 1041 case USBDEVFS_URB_TYPE_ISO: 1042 /* arbitrary limit */ 1043 - if (uurb->number_of_packets < 1 || uurb->number_of_packets > 128) 1044 return -EINVAL; 1045 if (!usb_endpoint_xfer_isoc(&ep->desc)) 1046 return -EINVAL; 1047 - isofrmlen = sizeof(struct usbdevfs_iso_packet_desc) * uurb->number_of_packets; 1048 if (!(isopkt = kmalloc(isofrmlen, GFP_KERNEL))) 1049 return -ENOMEM; 1050 if (copy_from_user(isopkt, iso_frame_desc, isofrmlen)) { ··· 1054 return -EFAULT; 1055 } 1056 for (totlen = u = 0; u < uurb->number_of_packets; u++) { 1057 - /* arbitrary limit, sufficient for USB 2.0 high-bandwidth iso */ 1058 if (isopkt[u].length > 8192) { 1059 kfree(isopkt); 1060 return -EINVAL; ··· 1085 default: 1086 return -EINVAL; 1087 } 1088 - if (!(as = alloc_async(uurb->number_of_packets))) { 1089 kfree(isopkt); 1090 kfree(dr); 1091 return -ENOMEM; 1092 } 1093 - if (!(as->urb->transfer_buffer = kmalloc(uurb->buffer_length, GFP_KERNEL))) { 1094 kfree(isopkt); 1095 kfree(dr); 1096 free_async(as); 1097 return -ENOMEM; 1098 } 1099 - as->urb->dev = ps->dev; 1100 - as->urb->pipe = (uurb->type << 30) | 1101 __create_pipe(ps->dev, uurb->endpoint & 0xf) | 1102 (uurb->endpoint & USB_DIR_IN); 1103 - as->urb->transfer_flags = uurb->flags | 1104 (is_in ? URB_DIR_IN : URB_DIR_OUT); 1105 as->urb->transfer_buffer_length = uurb->buffer_length; 1106 - as->urb->setup_packet = (unsigned char*)dr; 1107 as->urb->start_frame = uurb->start_frame; 1108 as->urb->number_of_packets = uurb->number_of_packets; 1109 if (uurb->type == USBDEVFS_URB_TYPE_ISO || ··· 1113 as->urb->interval = 1 << min(15, ep->desc.bInterval - 1); 1114 else 1115 as->urb->interval = ep->desc.bInterval; 1116 - as->urb->context = as; 1117 - as->urb->complete = async_completed; 1118 for (totlen = u = 0; u < uurb->number_of_packets; u++) { 1119 as->urb->iso_frame_desc[u].offset = totlen; 1120 as->urb->iso_frame_desc[u].length = isopkt[u].length; ··· 1122 } 1123 kfree(isopkt); 1124 as->ps = ps; 1125 - as->userurb = arg; 1126 if (uurb->endpoint & USB_DIR_IN) 1127 as->userbuffer = uurb->buffer; 1128 else ··· 1141 } 1142 } 1143 snoop_urb(as->urb, as->userurb); 1144 - async_newpending(as); 1145 - if ((ret = usb_submit_urb(as->urb, GFP_KERNEL))) { 1146 - dev_printk(KERN_DEBUG, &ps->dev->dev, "usbfs: usb_submit_urb returned %d\n", ret); 1147 - async_removepending(as); 1148 - free_async(as); 1149 - return ret; 1150 - } 1151 - return 0; 1152 } 1153 1154 static int proc_submiturb(struct dev_state *ps, void __user *arg) ··· 1159 if (copy_from_user(&uurb, arg, sizeof(uurb))) 1160 return -EFAULT; 1161 1162 - return proc_do_submiturb(ps, &uurb, (((struct usbdevfs_urb __user *)arg)->iso_frame_desc), arg); 1163 } 1164 1165 static int proc_unlinkurb(struct dev_state *ps, void __user *arg) ··· 1183 unsigned int i; 1184 1185 if (as->userbuffer) 1186 - if (copy_to_user(as->userbuffer, urb->transfer_buffer, urb->transfer_buffer_length)) 1187 return -EFAULT; 1188 if (put_user(as->status, &userurb->status)) 1189 return -EFAULT; ··· 1211 return 0; 1212 } 1213 1214 - static struct async* reap_as(struct dev_state *ps) 1215 { 1216 - DECLARE_WAITQUEUE(wait, current); 1217 struct async *as = NULL; 1218 struct usb_device *dev = ps->dev; 1219 1220 add_wait_queue(&ps->wait, &wait); 1221 for (;;) { 1222 __set_current_state(TASK_INTERRUPTIBLE); 1223 - if ((as = async_getcompleted(ps))) 1224 break; 1225 if (signal_pending(current)) 1226 break; ··· 1285 { 1286 struct usbdevfs_urb uurb; 1287 1288 - if (get_urb32(&uurb,(struct usbdevfs_urb32 __user *)arg)) 1289 return -EFAULT; 1290 1291 - return proc_do_submiturb(ps, &uurb, ((struct usbdevfs_urb32 __user *)arg)->iso_frame_desc, arg); 1292 } 1293 1294 static int processcompl_compat(struct async *as, void __user * __user *arg) ··· 1301 unsigned int i; 1302 1303 if (as->userbuffer) 1304 - if (copy_to_user(as->userbuffer, urb->transfer_buffer, urb->transfer_buffer_length)) 1305 return -EFAULT; 1306 if (put_user(as->status, &userurb->status)) 1307 return -EFAULT; ··· 1393 struct usb_driver *driver = NULL; 1394 1395 /* alloc buffer */ 1396 - if ((size = _IOC_SIZE (ctl->ioctl_code)) > 0) { 1397 - if ((buf = kmalloc (size, GFP_KERNEL)) == NULL) 1398 return -ENOMEM; 1399 if ((_IOC_DIR(ctl->ioctl_code) & _IOC_WRITE)) { 1400 - if (copy_from_user (buf, ctl->data, size)) { 1401 kfree(buf); 1402 return -EFAULT; 1403 } 1404 } else { 1405 - memset (buf, 0, size); 1406 } 1407 } 1408 ··· 1413 1414 if (ps->dev->state != USB_STATE_CONFIGURED) 1415 retval = -EHOSTUNREACH; 1416 - else if (!(intf = usb_ifnum_to_if (ps->dev, ctl->ifno))) 1417 - retval = -EINVAL; 1418 else switch (ctl->ioctl_code) { 1419 1420 /* disconnect kernel driver from interface */ 1421 case USBDEVFS_DISCONNECT: 1422 if (intf->dev.driver) { 1423 driver = to_usb_driver(intf->dev.driver); 1424 - dev_dbg (&intf->dev, "disconnect by usbfs\n"); 1425 usb_driver_release_interface(driver, intf); 1426 } else 1427 retval = -ENODATA; ··· 1442 if (driver == NULL || driver->ioctl == NULL) { 1443 retval = -ENOTTY; 1444 } else { 1445 - retval = driver->ioctl (intf, ctl->ioctl_code, buf); 1446 if (retval == -ENOIOCTLCMD) 1447 retval = -ENOTTY; 1448 } ··· 1450 1451 /* cleanup and return */ 1452 if (retval >= 0 1453 - && (_IOC_DIR (ctl->ioctl_code) & _IOC_READ) != 0 1454 && size > 0 1455 - && copy_to_user (ctl->data, buf, size) != 0) 1456 retval = -EFAULT; 1457 1458 kfree(buf); ··· 1463 { 1464 struct usbdevfs_ioctl ctrl; 1465 1466 - if (copy_from_user(&ctrl, arg, sizeof (ctrl))) 1467 return -EFAULT; 1468 return proc_ioctl(ps, &ctrl); 1469 } ··· 1491 * are assuming that somehow the configuration has been prevented from 1492 * changing. But there's no mechanism to ensure that... 1493 */ 1494 - static int usbdev_ioctl(struct inode *inode, struct file *file, unsigned int cmd, unsigned long arg) 1495 { 1496 struct dev_state *ps = file->private_data; 1497 struct usb_device *dev = ps->dev; ··· 1635 } 1636 1637 /* No kernel lock - fine */ 1638 - static unsigned int usbdev_poll(struct file *file, struct poll_table_struct *wait) 1639 { 1640 struct dev_state *ps = file->private_data; 1641 unsigned int mask = 0; ··· 1707 int retval; 1708 1709 retval = register_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX, 1710 - "usb_device"); 1711 if (retval) { 1712 err("unable to register minors for usb_device"); 1713 goto out;

··· 75 u32 secid; 76 }; 77 78 + static int usbfs_snoop; 79 + module_param(usbfs_snoop, bool, S_IRUGO | S_IWUSR); 80 + MODULE_PARM_DESC(usbfs_snoop, "true to log all usbfs traffic"); 81 82 #define snoop(dev, format, arg...) \ 83 do { \ 84 if (usbfs_snoop) \ 85 + dev_info(dev , format , ## arg); \ 86 } while (0) 87 88 #define USB_DEVICE_DEV MKDEV(USB_DEVICE_MAJOR, 0) ··· 90 91 #define MAX_USBFS_BUFFER_SIZE 16384 92 93 + static inline int connected(struct dev_state *ps) 94 { 95 return (!list_empty(&ps->list) && 96 ps->dev->state != USB_STATE_NOTATTACHED); ··· 120 return ret; 121 } 122 123 + static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes, 124 + loff_t *ppos) 125 { 126 struct dev_state *ps = file->private_data; 127 struct usb_device *dev = ps->dev; ··· 140 } 141 142 if (pos < sizeof(struct usb_device_descriptor)) { 143 + /* 18 bytes - fits on the stack */ 144 + struct usb_device_descriptor temp_desc; 145 146 memcpy(&temp_desc, &dev->descriptor, sizeof(dev->descriptor)); 147 le16_to_cpus(&temp_desc.bcdUSB); ··· 213 struct async *as; 214 215 as = kzalloc(sizeof(struct async), GFP_KERNEL); 216 + if (!as) 217 + return NULL; 218 as->urb = usb_alloc_urb(numisoframes, GFP_KERNEL); 219 if (!as->urb) { 220 kfree(as); 221 return NULL; 222 } 223 + return as; 224 } 225 226 static void free_async(struct async *as) ··· 234 235 static inline void async_newpending(struct async *as) 236 { 237 + struct dev_state *ps = as->ps; 238 + unsigned long flags; 239 + 240 + spin_lock_irqsave(&ps->lock, flags); 241 + list_add_tail(&as->asynclist, &ps->async_pending); 242 + spin_unlock_irqrestore(&ps->lock, flags); 243 } 244 245 static inline void async_removepending(struct async *as) 246 { 247 + struct dev_state *ps = as->ps; 248 + unsigned long flags; 249 + 250 + spin_lock_irqsave(&ps->lock, flags); 251 + list_del_init(&as->asynclist); 252 + spin_unlock_irqrestore(&ps->lock, flags); 253 } 254 255 static inline struct async *async_getcompleted(struct dev_state *ps) 256 { 257 + unsigned long flags; 258 + struct async *as = NULL; 259 260 + spin_lock_irqsave(&ps->lock, flags); 261 + if (!list_empty(&ps->async_completed)) { 262 + as = list_entry(ps->async_completed.next, struct async, 263 + asynclist); 264 + list_del_init(&as->asynclist); 265 + } 266 + spin_unlock_irqrestore(&ps->lock, flags); 267 + return as; 268 } 269 270 + static inline struct async *async_getpending(struct dev_state *ps, 271 + void __user *userurb) 272 { 273 + unsigned long flags; 274 + struct async *as; 275 276 + spin_lock_irqsave(&ps->lock, flags); 277 list_for_each_entry(as, &ps->async_pending, asynclist) 278 if (as->userurb == userurb) { 279 list_del_init(&as->asynclist); 280 spin_unlock_irqrestore(&ps->lock, flags); 281 return as; 282 } 283 + spin_unlock_irqrestore(&ps->lock, flags); 284 + return NULL; 285 } 286 287 static void snoop_urb(struct urb *urb, void __user *userurb) ··· 298 dev_info(&urb->dev->dev, "actual_length=%d\n", urb->actual_length); 299 dev_info(&urb->dev->dev, "data: "); 300 for (j = 0; j < urb->transfer_buffer_length; ++j) 301 + printk("%02x ", data[j]); 302 printk("\n"); 303 } 304 305 static void async_completed(struct urb *urb) 306 { 307 + struct async *as = urb->context; 308 + struct dev_state *ps = as->ps; 309 struct siginfo sinfo; 310 311 + spin_lock(&ps->lock); 312 + list_move_tail(&as->asynclist, &ps->async_completed); 313 + spin_unlock(&ps->lock); 314 as->status = urb->status; 315 if (as->signr) { 316 sinfo.si_signo = as->signr; ··· 325 wake_up(&ps->wait); 326 } 327 328 + static void destroy_async(struct dev_state *ps, struct list_head *list) 329 { 330 struct async *as; 331 unsigned long flags; ··· 348 } 349 } 350 351 + static void destroy_async_on_interface(struct dev_state *ps, 352 + unsigned int ifnum) 353 { 354 struct list_head *p, *q, hitlist; 355 unsigned long flags; ··· 364 365 static inline void destroy_all_async(struct dev_state *ps) 366 { 367 + destroy_async(ps, &ps->async_pending); 368 } 369 370 /* ··· 373 * they're also undone when devices disconnect. 374 */ 375 376 + static int driver_probe(struct usb_interface *intf, 377 + const struct usb_device_id *id) 378 { 379 return -ENODEV; 380 } 381 382 static void driver_disconnect(struct usb_interface *intf) 383 { 384 + struct dev_state *ps = usb_get_intfdata(intf); 385 unsigned int ifnum = intf->altsetting->desc.bInterfaceNumber; 386 387 if (!ps) ··· 396 else 397 warn("interface number %u out of range", ifnum); 398 399 + usb_set_intfdata(intf, NULL); 400 401 /* force async requests to complete */ 402 destroy_async_on_interface(ps, ifnum); ··· 474 if (test_bit(ifnum, &ps->ifclaimed)) 475 return 0; 476 /* if not yet claimed, claim it for the driver */ 477 + dev_warn(&ps->dev->dev, "usbfs: process %d (%s) did not claim " 478 + "interface %u before use\n", task_pid_nr(current), 479 + current->comm, ifnum); 480 return claimintf(ps, ifnum); 481 } 482 483 static int findintfep(struct usb_device *dev, unsigned int ep) 484 { 485 unsigned int i, j, e; 486 + struct usb_interface *intf; 487 struct usb_host_interface *alts; 488 struct usb_endpoint_descriptor *endpt; 489 ··· 493 for (i = 0; i < dev->actconfig->desc.bNumInterfaces; i++) { 494 intf = dev->actconfig->interface[i]; 495 for (j = 0; j < intf->num_altsetting; j++) { 496 + alts = &intf->altsetting[j]; 497 for (e = 0; e < alts->desc.bNumEndpoints; e++) { 498 endpt = &alts->endpoint[e].desc; 499 if (endpt->bEndpointAddress == ep) ··· 501 } 502 } 503 } 504 + return -ENOENT; 505 } 506 507 + static int check_ctrlrecip(struct dev_state *ps, unsigned int requesttype, 508 + unsigned int index) 509 { 510 int ret = 0; 511 ··· 517 index &= 0xff; 518 switch (requesttype & USB_RECIP_MASK) { 519 case USB_RECIP_ENDPOINT: 520 + ret = findintfep(ps->dev, index); 521 + if (ret >= 0) 522 ret = checkintf(ps, ret); 523 break; 524 ··· 561 mutex_lock(&usbfs_mutex); 562 563 ret = -ENOMEM; 564 + ps = kmalloc(sizeof(struct dev_state), GFP_KERNEL); 565 + if (!ps) 566 goto out; 567 568 ret = -ENOENT; ··· 642 643 if (copy_from_user(&ctrl, arg, sizeof(ctrl))) 644 return -EFAULT; 645 + ret = check_ctrlrecip(ps, ctrl.bRequestType, ctrl.wIndex); 646 + if (ret) 647 return ret; 648 if (ctrl.wLength > PAGE_SIZE) 649 return -EINVAL; 650 + tbuf = (unsigned char *)__get_free_page(GFP_KERNEL); 651 + if (!tbuf) 652 return -ENOMEM; 653 tmo = ctrl.timeout; 654 if (ctrl.bRequestType & 0x80) { 655 + if (ctrl.wLength && !access_ok(VERIFY_WRITE, ctrl.data, 656 + ctrl.wLength)) { 657 free_page((unsigned long)tbuf); 658 return -EINVAL; 659 } ··· 661 ctrl.wIndex, ctrl.wLength); 662 663 usb_unlock_device(dev); 664 + i = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0), ctrl.bRequest, 665 + ctrl.bRequestType, ctrl.wValue, ctrl.wIndex, 666 + tbuf, ctrl.wLength, tmo); 667 usb_lock_device(dev); 668 if ((i > 0) && ctrl.wLength) { 669 if (usbfs_snoop) { 670 dev_info(&dev->dev, "control read: data "); 671 for (j = 0; j < i; ++j) 672 + printk("%02x ", (u8)(tbuf)[j]); 673 printk("\n"); 674 } 675 if (copy_to_user(ctrl.data, tbuf, i)) { ··· 695 printk("\n"); 696 } 697 usb_unlock_device(dev); 698 + i = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), ctrl.bRequest, 699 + ctrl.bRequestType, ctrl.wValue, ctrl.wIndex, 700 + tbuf, ctrl.wLength, tmo); 701 usb_lock_device(dev); 702 } 703 free_page((unsigned long)tbuf); 704 + if (i < 0 && i != -EPIPE) { 705 dev_printk(KERN_DEBUG, &dev->dev, "usbfs: USBDEVFS_CONTROL " 706 "failed cmd %s rqt %u rq %u len %u ret %d\n", 707 current->comm, ctrl.bRequestType, ctrl.bRequest, ··· 720 721 if (copy_from_user(&bulk, arg, sizeof(bulk))) 722 return -EFAULT; 723 + ret = findintfep(ps->dev, bulk.ep); 724 + if (ret < 0) 725 return ret; 726 + ret = checkintf(ps, ret); 727 + if (ret) 728 return ret; 729 if (bulk.ep & USB_DIR_IN) 730 pipe = usb_rcvbulkpipe(dev, bulk.ep & 0x7f); ··· 750 if (usbfs_snoop) { 751 dev_info(&dev->dev, "bulk read: data "); 752 for (j = 0; j < len2; ++j) 753 + printk("%02x ", (u8)(tbuf)[j]); 754 printk("\n"); 755 } 756 if (copy_to_user(bulk.data, tbuf, len2)) { ··· 790 791 if (get_user(ep, (unsigned int __user *)arg)) 792 return -EFAULT; 793 + ret = findintfep(ps->dev, ep); 794 + if (ret < 0) 795 return ret; 796 + ret = checkintf(ps, ret); 797 + if (ret) 798 return ret; 799 usb_settoggle(ps->dev, ep & 0xf, !(ep & USB_DIR_IN), 0); 800 return 0; ··· 806 807 if (get_user(ep, (unsigned int __user *)arg)) 808 return -EFAULT; 809 + ret = findintfep(ps->dev, ep); 810 + if (ret < 0) 811 return ret; 812 + ret = checkintf(ps, ret); 813 + if (ret) 814 return ret; 815 if (ep & USB_DIR_IN) 816 + pipe = usb_rcvbulkpipe(ps->dev, ep & 0x7f); 817 + else 818 + pipe = usb_sndbulkpipe(ps->dev, ep & 0x7f); 819 820 return usb_clear_halt(ps->dev, pipe); 821 } 822 823 static int proc_getdriver(struct dev_state *ps, void __user *arg) 824 { ··· 871 { 872 int u; 873 int status = 0; 874 + struct usb_host_config *actconfig; 875 876 if (get_user(u, (int __user *)arg)) 877 return -EFAULT; 878 879 + actconfig = ps->dev->actconfig; 880 + 881 + /* Don't touch the device if any interfaces are claimed. 882 + * It could interfere with other drivers' operations, and if 883 * an interface is claimed by usbfs it could easily deadlock. 884 */ 885 + if (actconfig) { 886 + int i; 887 + 888 + for (i = 0; i < actconfig->desc.bNumInterfaces; ++i) { 889 + if (usb_interface_claimed(actconfig->interface[i])) { 890 + dev_warn(&ps->dev->dev, 891 "usbfs: interface %d claimed by %s " 892 "while '%s' sets config #%d\n", 893 actconfig->interface[i] ··· 896 actconfig->interface[i] 897 ->dev.driver->name, 898 current->comm, u); 899 + status = -EBUSY; 900 break; 901 } 902 + } 903 + } 904 905 /* SET_CONFIGURATION is often abused as a "cheap" driver reset, 906 * so avoid usb_set_configuration()'s kick to sysfs ··· 916 } 917 918 static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb, 919 + struct usbdevfs_iso_packet_desc __user *iso_frame_desc, 920 + void __user *arg) 921 { 922 struct usbdevfs_iso_packet_desc *isopkt = NULL; 923 struct usb_host_endpoint *ep; ··· 932 return -EINVAL; 933 if (!uurb->buffer) 934 return -EINVAL; 935 + if (uurb->signr != 0 && (uurb->signr < SIGRTMIN || 936 + uurb->signr > SIGRTMAX)) 937 return -EINVAL; 938 + if (!(uurb->type == USBDEVFS_URB_TYPE_CONTROL && 939 + (uurb->endpoint & ~USB_ENDPOINT_DIR_MASK) == 0)) { 940 + ifnum = findintfep(ps->dev, uurb->endpoint); 941 + if (ifnum < 0) 942 return ifnum; 943 + ret = checkintf(ps, ifnum); 944 + if (ret) 945 return ret; 946 } 947 if ((uurb->endpoint & USB_ENDPOINT_DIR_MASK) != 0) { ··· 953 case USBDEVFS_URB_TYPE_CONTROL: 954 if (!usb_endpoint_xfer_control(&ep->desc)) 955 return -EINVAL; 956 + /* min 8 byte setup packet, 957 + * max 8 byte setup plus an arbitrary data stage */ 958 + if (uurb->buffer_length < 8 || 959 + uurb->buffer_length > (8 + MAX_USBFS_BUFFER_SIZE)) 960 return -EINVAL; 961 + dr = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL); 962 + if (!dr) 963 return -ENOMEM; 964 if (copy_from_user(dr, uurb->buffer, 8)) { 965 kfree(dr); ··· 966 kfree(dr); 967 return -EINVAL; 968 } 969 + ret = check_ctrlrecip(ps, dr->bRequestType, 970 + le16_to_cpup(&dr->wIndex)); 971 + if (ret) { 972 kfree(dr); 973 return ret; 974 } ··· 1012 1013 case USBDEVFS_URB_TYPE_ISO: 1014 /* arbitrary limit */ 1015 + if (uurb->number_of_packets < 1 || 1016 + uurb->number_of_packets > 128) 1017 return -EINVAL; 1018 if (!usb_endpoint_xfer_isoc(&ep->desc)) 1019 return -EINVAL; 1020 + isofrmlen = sizeof(struct usbdevfs_iso_packet_desc) * 1021 + uurb->number_of_packets; 1022 if (!(isopkt = kmalloc(isofrmlen, GFP_KERNEL))) 1023 return -ENOMEM; 1024 if (copy_from_user(isopkt, iso_frame_desc, isofrmlen)) { ··· 1024 return -EFAULT; 1025 } 1026 for (totlen = u = 0; u < uurb->number_of_packets; u++) { 1027 + /* arbitrary limit, 1028 + * sufficient for USB 2.0 high-bandwidth iso */ 1029 if (isopkt[u].length > 8192) { 1030 kfree(isopkt); 1031 return -EINVAL; ··· 1054 default: 1055 return -EINVAL; 1056 } 1057 + as = alloc_async(uurb->number_of_packets); 1058 + if (!as) { 1059 kfree(isopkt); 1060 kfree(dr); 1061 return -ENOMEM; 1062 } 1063 + as->urb->transfer_buffer = kmalloc(uurb->buffer_length, GFP_KERNEL); 1064 + if (!as->urb->transfer_buffer) { 1065 kfree(isopkt); 1066 kfree(dr); 1067 free_async(as); 1068 return -ENOMEM; 1069 } 1070 + as->urb->dev = ps->dev; 1071 + as->urb->pipe = (uurb->type << 30) | 1072 __create_pipe(ps->dev, uurb->endpoint & 0xf) | 1073 (uurb->endpoint & USB_DIR_IN); 1074 + as->urb->transfer_flags = uurb->flags | 1075 (is_in ? URB_DIR_IN : URB_DIR_OUT); 1076 as->urb->transfer_buffer_length = uurb->buffer_length; 1077 + as->urb->setup_packet = (unsigned char *)dr; 1078 as->urb->start_frame = uurb->start_frame; 1079 as->urb->number_of_packets = uurb->number_of_packets; 1080 if (uurb->type == USBDEVFS_URB_TYPE_ISO || ··· 1080 as->urb->interval = 1 << min(15, ep->desc.bInterval - 1); 1081 else 1082 as->urb->interval = ep->desc.bInterval; 1083 + as->urb->context = as; 1084 + as->urb->complete = async_completed; 1085 for (totlen = u = 0; u < uurb->number_of_packets; u++) { 1086 as->urb->iso_frame_desc[u].offset = totlen; 1087 as->urb->iso_frame_desc[u].length = isopkt[u].length; ··· 1089 } 1090 kfree(isopkt); 1091 as->ps = ps; 1092 + as->userurb = arg; 1093 if (uurb->endpoint & USB_DIR_IN) 1094 as->userbuffer = uurb->buffer; 1095 else ··· 1108 } 1109 } 1110 snoop_urb(as->urb, as->userurb); 1111 + async_newpending(as); 1112 + if ((ret = usb_submit_urb(as->urb, GFP_KERNEL))) { 1113 + dev_printk(KERN_DEBUG, &ps->dev->dev, 1114 + "usbfs: usb_submit_urb returned %d\n", ret); 1115 + async_removepending(as); 1116 + free_async(as); 1117 + return ret; 1118 + } 1119 + return 0; 1120 } 1121 1122 static int proc_submiturb(struct dev_state *ps, void __user *arg) ··· 1125 if (copy_from_user(&uurb, arg, sizeof(uurb))) 1126 return -EFAULT; 1127 1128 + return proc_do_submiturb(ps, &uurb, 1129 + (((struct usbdevfs_urb __user *)arg)->iso_frame_desc), 1130 + arg); 1131 } 1132 1133 static int proc_unlinkurb(struct dev_state *ps, void __user *arg) ··· 1147 unsigned int i; 1148 1149 if (as->userbuffer) 1150 + if (copy_to_user(as->userbuffer, urb->transfer_buffer, 1151 + urb->transfer_buffer_length)) 1152 return -EFAULT; 1153 if (put_user(as->status, &userurb->status)) 1154 return -EFAULT; ··· 1174 return 0; 1175 } 1176 1177 + static struct async *reap_as(struct dev_state *ps) 1178 { 1179 + DECLARE_WAITQUEUE(wait, current); 1180 struct async *as = NULL; 1181 struct usb_device *dev = ps->dev; 1182 1183 add_wait_queue(&ps->wait, &wait); 1184 for (;;) { 1185 __set_current_state(TASK_INTERRUPTIBLE); 1186 + as = async_getcompleted(ps); 1187 + if (as) 1188 break; 1189 if (signal_pending(current)) 1190 break; ··· 1247 { 1248 struct usbdevfs_urb uurb; 1249 1250 + if (get_urb32(&uurb, (struct usbdevfs_urb32 __user *)arg)) 1251 return -EFAULT; 1252 1253 + return proc_do_submiturb(ps, &uurb, 1254 + ((struct usbdevfs_urb32 __user *)arg)->iso_frame_desc, 1255 + arg); 1256 } 1257 1258 static int processcompl_compat(struct async *as, void __user * __user *arg) ··· 1261 unsigned int i; 1262 1263 if (as->userbuffer) 1264 + if (copy_to_user(as->userbuffer, urb->transfer_buffer, 1265 + urb->transfer_buffer_length)) 1266 return -EFAULT; 1267 if (put_user(as->status, &userurb->status)) 1268 return -EFAULT; ··· 1352 struct usb_driver *driver = NULL; 1353 1354 /* alloc buffer */ 1355 + if ((size = _IOC_SIZE(ctl->ioctl_code)) > 0) { 1356 + if ((buf = kmalloc(size, GFP_KERNEL)) == NULL) 1357 return -ENOMEM; 1358 if ((_IOC_DIR(ctl->ioctl_code) & _IOC_WRITE)) { 1359 + if (copy_from_user(buf, ctl->data, size)) { 1360 kfree(buf); 1361 return -EFAULT; 1362 } 1363 } else { 1364 + memset(buf, 0, size); 1365 } 1366 } 1367 ··· 1372 1373 if (ps->dev->state != USB_STATE_CONFIGURED) 1374 retval = -EHOSTUNREACH; 1375 + else if (!(intf = usb_ifnum_to_if(ps->dev, ctl->ifno))) 1376 + retval = -EINVAL; 1377 else switch (ctl->ioctl_code) { 1378 1379 /* disconnect kernel driver from interface */ 1380 case USBDEVFS_DISCONNECT: 1381 if (intf->dev.driver) { 1382 driver = to_usb_driver(intf->dev.driver); 1383 + dev_dbg(&intf->dev, "disconnect by usbfs\n"); 1384 usb_driver_release_interface(driver, intf); 1385 } else 1386 retval = -ENODATA; ··· 1401 if (driver == NULL || driver->ioctl == NULL) { 1402 retval = -ENOTTY; 1403 } else { 1404 + retval = driver->ioctl(intf, ctl->ioctl_code, buf); 1405 if (retval == -ENOIOCTLCMD) 1406 retval = -ENOTTY; 1407 } ··· 1409 1410 /* cleanup and return */ 1411 if (retval >= 0 1412 + && (_IOC_DIR(ctl->ioctl_code) & _IOC_READ) != 0 1413 && size > 0 1414 + && copy_to_user(ctl->data, buf, size) != 0) 1415 retval = -EFAULT; 1416 1417 kfree(buf); ··· 1422 { 1423 struct usbdevfs_ioctl ctrl; 1424 1425 + if (copy_from_user(&ctrl, arg, sizeof(ctrl))) 1426 return -EFAULT; 1427 return proc_ioctl(ps, &ctrl); 1428 } ··· 1450 * are assuming that somehow the configuration has been prevented from 1451 * changing. But there's no mechanism to ensure that... 1452 */ 1453 + static int usbdev_ioctl(struct inode *inode, struct file *file, 1454 + unsigned int cmd, unsigned long arg) 1455 { 1456 struct dev_state *ps = file->private_data; 1457 struct usb_device *dev = ps->dev; ··· 1593 } 1594 1595 /* No kernel lock - fine */ 1596 + static unsigned int usbdev_poll(struct file *file, 1597 + struct poll_table_struct *wait) 1598 { 1599 struct dev_state *ps = file->private_data; 1600 unsigned int mask = 0; ··· 1664 int retval; 1665 1666 retval = register_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX, 1667 + "usb_device"); 1668 if (retval) { 1669 err("unable to register minors for usb_device"); 1670 goto out;