tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge tag 'usb-serial-4.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-next

Johan writes:

USB-serial updates for v4.15-rc1

Here are the USB-serial updates for 4.15-rc1, including:

- three fixes for longstanding issues in garmin_gps and metro-usb which
could lead to NULL-pointer dereferences and memory leaks

- a workaround for broken f81534 firmware-handling of overruns

- f81534 break support, and

- conversion to timer_setup()

Included are also various clean ups and a new qcserial device id.

All have been in linux-next with no reported issues.

Signed-off-by: Johan Hovold <johan@kernel.org>

Greg Kroah-Hartman 29ce32ec dc586a60

+148 -76
+84 -6
drivers/usb/serial/f81534.c
··· 39 39 #define F81534_UART_OFFSET 0x10 40 40 #define F81534_DIVISOR_LSB_REG (0x00 + F81534_UART_BASE_ADDRESS) 41 41 #define F81534_DIVISOR_MSB_REG (0x01 + F81534_UART_BASE_ADDRESS) 42 + #define F81534_INTERRUPT_ENABLE_REG (0x01 + F81534_UART_BASE_ADDRESS) 42 43 #define F81534_FIFO_CONTROL_REG (0x02 + F81534_UART_BASE_ADDRESS) 43 44 #define F81534_LINE_CONTROL_REG (0x03 + F81534_UART_BASE_ADDRESS) 44 45 #define F81534_MODEM_CONTROL_REG (0x04 + F81534_UART_BASE_ADDRESS) 46 + #define F81534_LINE_STATUS_REG (0x05 + F81534_UART_BASE_ADDRESS) 45 47 #define F81534_MODEM_STATUS_REG (0x06 + F81534_UART_BASE_ADDRESS) 46 48 #define F81534_CONFIG1_REG (0x09 + F81534_UART_BASE_ADDRESS) 47 49 ··· 128 126 129 127 struct f81534_port_private { 130 128 struct mutex mcr_mutex; 129 + struct mutex lcr_mutex; 130 + struct work_struct lsr_work; 131 + struct usb_serial_port *port; 131 132 unsigned long tx_empty; 132 133 spinlock_t msr_lock; 133 134 u8 shadow_mcr; 135 + u8 shadow_lcr; 134 136 u8 shadow_msr; 135 137 u8 phy_num; 136 138 }; ··· 467 461 static int f81534_set_port_config(struct usb_serial_port *port, u32 baudrate, 468 462 u8 lcr) 469 463 { 464 + struct f81534_port_private *port_priv = usb_get_serial_port_data(port); 470 465 u32 divisor; 471 466 int status; 472 467 u8 value; ··· 496 489 } 497 490 498 491 divisor = f81534_calc_baud_divisor(baudrate, F81534_MAX_BAUDRATE); 492 + 493 + mutex_lock(&port_priv->lcr_mutex); 494 + 499 495 value = UART_LCR_DLAB; 500 496 status = f81534_set_port_register(port, F81534_LINE_CONTROL_REG, 501 497 value); 502 498 if (status) { 503 499 dev_err(&port->dev, "%s: set LCR failed\n", __func__); 504 - return status; 500 + goto out_unlock; 505 501 } 506 502 507 503 value = divisor & 0xff; 508 504 status = f81534_set_port_register(port, F81534_DIVISOR_LSB_REG, value); 509 505 if (status) { 510 506 dev_err(&port->dev, "%s: set DLAB LSB failed\n", __func__); 511 - return status; 507 + goto out_unlock; 512 508 } 513 509 514 510 value = (divisor >> 8) & 0xff; 515 511 status = f81534_set_port_register(port, F81534_DIVISOR_MSB_REG, value); 516 512 if (status) { 517 513 dev_err(&port->dev, "%s: set DLAB MSB failed\n", __func__); 518 - return status; 514 + goto out_unlock; 519 515 } 520 516 521 - status = f81534_set_port_register(port, F81534_LINE_CONTROL_REG, lcr); 517 + value = lcr | (port_priv->shadow_lcr & UART_LCR_SBC); 518 + status = f81534_set_port_register(port, F81534_LINE_CONTROL_REG, 519 + value); 522 520 if (status) { 523 521 dev_err(&port->dev, "%s: set LCR failed\n", __func__); 524 - return status; 522 + goto out_unlock; 525 523 } 526 524 527 - return 0; 525 + port_priv->shadow_lcr = value; 526 + out_unlock: 527 + mutex_unlock(&port_priv->lcr_mutex); 528 + 529 + return status; 530 + } 531 + 532 + static void f81534_break_ctl(struct tty_struct *tty, int break_state) 533 + { 534 + struct usb_serial_port *port = tty->driver_data; 535 + struct f81534_port_private *port_priv = usb_get_serial_port_data(port); 536 + int status; 537 + 538 + mutex_lock(&port_priv->lcr_mutex); 539 + 540 + if (break_state) 541 + port_priv->shadow_lcr |= UART_LCR_SBC; 542 + else 543 + port_priv->shadow_lcr &= ~UART_LCR_SBC; 544 + 545 + status = f81534_set_port_register(port, F81534_LINE_CONTROL_REG, 546 + port_priv->shadow_lcr); 547 + if (status) 548 + dev_err(&port->dev, "set break failed: %d\n", status); 549 + 550 + mutex_unlock(&port_priv->lcr_mutex); 528 551 } 529 552 530 553 static int f81534_update_mctrl(struct usb_serial_port *port, unsigned int set, ··· 1052 1015 tty_insert_flip_char(&port->port, 0, 1053 1016 TTY_OVERRUN); 1054 1017 } 1018 + 1019 + schedule_work(&port_priv->lsr_work); 1055 1020 } 1056 1021 1057 1022 if (port->port.console && port->sysrq) { ··· 1201 1162 return 0; 1202 1163 } 1203 1164 1165 + static void f81534_lsr_worker(struct work_struct *work) 1166 + { 1167 + struct f81534_port_private *port_priv; 1168 + struct usb_serial_port *port; 1169 + int status; 1170 + u8 tmp; 1171 + 1172 + port_priv = container_of(work, struct f81534_port_private, lsr_work); 1173 + port = port_priv->port; 1174 + 1175 + status = f81534_get_port_register(port, F81534_LINE_STATUS_REG, &tmp); 1176 + if (status) 1177 + dev_warn(&port->dev, "read LSR failed: %d\n", status); 1178 + } 1179 + 1204 1180 static int f81534_port_probe(struct usb_serial_port *port) 1205 1181 { 1206 1182 struct f81534_port_private *port_priv; ··· 1227 1173 1228 1174 spin_lock_init(&port_priv->msr_lock); 1229 1175 mutex_init(&port_priv->mcr_mutex); 1176 + mutex_init(&port_priv->lcr_mutex); 1177 + INIT_WORK(&port_priv->lsr_work, f81534_lsr_worker); 1230 1178 1231 1179 /* Assign logic-to-phy mapping */ 1232 1180 ret = f81534_logic_to_phy_port(port->serial, port); ··· 1236 1180 return ret; 1237 1181 1238 1182 port_priv->phy_num = ret; 1183 + port_priv->port = port; 1239 1184 usb_set_serial_port_data(port, port_priv); 1240 1185 dev_dbg(&port->dev, "%s: port_number: %d, phy_num: %d\n", __func__, 1241 1186 port->port_number, port_priv->phy_num); 1242 1187 1188 + /* 1189 + * The F81532/534 will hang-up when enable LSR interrupt in IER and 1190 + * occur data overrun. So we'll disable the LSR interrupt in probe() 1191 + * and submit the LSR worker to clear LSR state when reported LSR error 1192 + * bit with bulk-in data in f81534_process_per_serial_block(). 1193 + */ 1194 + ret = f81534_set_port_register(port, F81534_INTERRUPT_ENABLE_REG, 1195 + UART_IER_RDI | UART_IER_THRI | UART_IER_MSI); 1196 + if (ret) 1197 + return ret; 1198 + 1199 + return 0; 1200 + } 1201 + 1202 + static int f81534_port_remove(struct usb_serial_port *port) 1203 + { 1204 + struct f81534_port_private *port_priv = usb_get_serial_port_data(port); 1205 + 1206 + flush_work(&port_priv->lsr_work); 1243 1207 return 0; 1244 1208 } 1245 1209 ··· 1393 1317 .calc_num_ports = f81534_calc_num_ports, 1394 1318 .attach = f81534_attach, 1395 1319 .port_probe = f81534_port_probe, 1320 + .port_remove = f81534_port_remove, 1321 + .break_ctl = f81534_break_ctl, 1396 1322 .dtr_rts = f81534_dtr_rts, 1397 1323 .process_read_urb = f81534_process_read_urb, 1398 1324 .ioctl = f81534_ioctl,
+36 -33
drivers/usb/serial/garmin_gps.c
··· 138 138 __u8 privpkt[4*6]; 139 139 spinlock_t lock; 140 140 struct list_head pktlist; 141 + struct usb_anchor write_urbs; 141 142 }; 142 143 143 144 ··· 876 875 877 876 static int garmin_init_session(struct usb_serial_port *port) 878 877 { 879 - struct usb_serial *serial = port->serial; 880 878 struct garmin_data *garmin_data_p = usb_get_serial_port_data(port); 881 - int status = 0; 882 - int i = 0; 879 + int status; 880 + int i; 883 881 884 - if (status == 0) { 885 - usb_kill_urb(port->interrupt_in_urb); 882 + usb_kill_urb(port->interrupt_in_urb); 886 883 887 - dev_dbg(&serial->dev->dev, "%s - adding interrupt input\n", __func__); 888 - status = usb_submit_urb(port->interrupt_in_urb, GFP_KERNEL); 889 - if (status) 890 - dev_err(&serial->dev->dev, 891 - "%s - failed submitting interrupt urb, error %d\n", 892 - __func__, status); 884 + status = usb_submit_urb(port->interrupt_in_urb, GFP_KERNEL); 885 + if (status) { 886 + dev_err(&port->dev, "failed to submit interrupt urb: %d\n", 887 + status); 888 + return status; 893 889 } 894 890 895 891 /* 896 892 * using the initialization method from gpsbabel. See comments in 897 893 * gpsbabel/jeeps/gpslibusb.c gusb_reset_toggles() 898 894 */ 899 - if (status == 0) { 900 - dev_dbg(&serial->dev->dev, "%s - starting session ...\n", __func__); 901 - garmin_data_p->state = STATE_ACTIVE; 895 + dev_dbg(&port->dev, "%s - starting session ...\n", __func__); 896 + garmin_data_p->state = STATE_ACTIVE; 902 897 903 - for (i = 0; i < 3; i++) { 904 - status = garmin_write_bulk(port, 905 - GARMIN_START_SESSION_REQ, 906 - sizeof(GARMIN_START_SESSION_REQ), 0); 907 - 908 - if (status < 0) 909 - break; 910 - } 911 - 912 - if (status > 0) 913 - status = 0; 898 + for (i = 0; i < 3; i++) { 899 + status = garmin_write_bulk(port, GARMIN_START_SESSION_REQ, 900 + sizeof(GARMIN_START_SESSION_REQ), 0); 901 + if (status < 0) 902 + goto err_kill_urbs; 914 903 } 904 + 905 + return 0; 906 + 907 + err_kill_urbs: 908 + usb_kill_anchored_urbs(&garmin_data_p->write_urbs); 909 + usb_kill_urb(port->interrupt_in_urb); 915 910 916 911 return status; 917 912 } ··· 927 930 spin_unlock_irqrestore(&garmin_data_p->lock, flags); 928 931 929 932 /* shutdown any bulk reads that might be going on */ 930 - usb_kill_urb(port->write_urb); 931 933 usb_kill_urb(port->read_urb); 932 934 933 935 if (garmin_data_p->state == STATE_RESET) ··· 949 953 950 954 /* shutdown our urbs */ 951 955 usb_kill_urb(port->read_urb); 952 - usb_kill_urb(port->write_urb); 956 + usb_kill_anchored_urbs(&garmin_data_p->write_urbs); 953 957 954 958 /* keep reset state so we know that we must start a new session */ 955 959 if (garmin_data_p->state != STATE_RESET) ··· 1033 1037 } 1034 1038 1035 1039 /* send it down the pipe */ 1040 + usb_anchor_urb(urb, &garmin_data_p->write_urbs); 1036 1041 status = usb_submit_urb(urb, GFP_ATOMIC); 1037 1042 if (status) { 1038 1043 dev_err(&port->dev, 1039 1044 "%s - usb_submit_urb(write bulk) failed with status = %d\n", 1040 1045 __func__, status); 1041 1046 count = status; 1047 + usb_unanchor_urb(urb); 1042 1048 kfree(buffer); 1043 1049 } 1044 1050 ··· 1368 1370 * the tty in cases where the protocol provides no own handshaking 1369 1371 * to initiate the transfer. 1370 1372 */ 1371 - static void timeout_handler(unsigned long data) 1373 + static void timeout_handler(struct timer_list *t) 1372 1374 { 1373 - struct garmin_data *garmin_data_p = (struct garmin_data *) data; 1375 + struct garmin_data *garmin_data_p = from_timer(garmin_data_p, t, timer); 1374 1376 1375 1377 /* send the next queued packet to the tty port */ 1376 1378 if (garmin_data_p->mode == MODE_NATIVE) ··· 1389 1391 if (!garmin_data_p) 1390 1392 return -ENOMEM; 1391 1393 1392 - init_timer(&garmin_data_p->timer); 1394 + timer_setup(&garmin_data_p->timer, timeout_handler, 0); 1393 1395 spin_lock_init(&garmin_data_p->lock); 1394 1396 INIT_LIST_HEAD(&garmin_data_p->pktlist); 1395 - /* garmin_data_p->timer.expires = jiffies + session_timeout; */ 1396 - garmin_data_p->timer.data = (unsigned long)garmin_data_p; 1397 - garmin_data_p->timer.function = timeout_handler; 1398 1397 garmin_data_p->port = port; 1399 1398 garmin_data_p->state = 0; 1400 1399 garmin_data_p->flags = 0; 1401 1400 garmin_data_p->count = 0; 1401 + init_usb_anchor(&garmin_data_p->write_urbs); 1402 1402 usb_set_serial_port_data(port, garmin_data_p); 1403 1403 1404 1404 status = garmin_init_session(port); 1405 + if (status) 1406 + goto err_free; 1407 + 1408 + return 0; 1409 + err_free: 1410 + kfree(garmin_data_p); 1405 1411 1406 1412 return status; 1407 1413 } ··· 1415 1413 { 1416 1414 struct garmin_data *garmin_data_p = usb_get_serial_port_data(port); 1417 1415 1416 + usb_kill_anchored_urbs(&garmin_data_p->write_urbs); 1418 1417 usb_kill_urb(port->interrupt_in_urb); 1419 1418 del_timer_sync(&garmin_data_p->timer); 1420 1419 kfree(garmin_data_p);
+1
drivers/usb/serial/kobil_sct.c
··· 491 491 break; 492 492 default: 493 493 speed = 9600; 494 + /* fall through */ 494 495 case 9600: 495 496 urb_val = SUSBCR_SBR_9600; 496 497 break;
+26 -15
drivers/usb/serial/metro-usb.c
··· 54 54 #define UNI_CMD_OPEN 0x80 55 55 #define UNI_CMD_CLOSE 0xFF 56 56 57 - static inline int metrousb_is_unidirectional_mode(struct usb_serial_port *port) 57 + static int metrousb_is_unidirectional_mode(struct usb_serial *serial) 58 58 { 59 - __u16 product_id = le16_to_cpu( 60 - port->serial->dev->descriptor.idProduct); 59 + u16 product_id = le16_to_cpu(serial->dev->descriptor.idProduct); 61 60 62 61 return product_id == FOCUS_PRODUCT_ID_UNI; 62 + } 63 + 64 + static int metrousb_calc_num_ports(struct usb_serial *serial, 65 + struct usb_serial_endpoints *epds) 66 + { 67 + if (metrousb_is_unidirectional_mode(serial)) { 68 + if (epds->num_interrupt_out == 0) { 69 + dev_err(&serial->interface->dev, "interrupt-out endpoint missing\n"); 70 + return -ENODEV; 71 + } 72 + } 73 + 74 + return 1; 63 75 } 64 76 65 77 static int metrousb_send_unidirectional_cmd(u8 cmd, struct usb_serial_port *port) ··· 80 68 int actual_len; 81 69 u8 *buffer_cmd = NULL; 82 70 83 - if (!metrousb_is_unidirectional_mode(port)) 71 + if (!metrousb_is_unidirectional_mode(port->serial)) 84 72 return 0; 85 73 86 74 buffer_cmd = kzalloc(sizeof(cmd), GFP_KERNEL); ··· 173 161 unsigned long flags = 0; 174 162 int result = 0; 175 163 176 - /* Make sure the urb is initialized. */ 177 - if (!port->interrupt_in_urb) { 178 - dev_err(&port->dev, "%s - interrupt urb not initialized\n", 179 - __func__); 180 - return -ENODEV; 181 - } 182 - 183 164 /* Set the private data information for the port. */ 184 165 spin_lock_irqsave(&metro_priv->lock, flags); 185 166 metro_priv->control_state = 0; ··· 194 189 dev_err(&port->dev, 195 190 "%s - failed submitting interrupt in urb, error code=%d\n", 196 191 __func__, result); 197 - goto exit; 192 + return result; 198 193 } 199 194 200 195 /* Send activate cmd to device */ ··· 203 198 dev_err(&port->dev, 204 199 "%s - failed to configure device, error code=%d\n", 205 200 __func__, result); 206 - goto exit; 201 + goto err_kill_urb; 207 202 } 208 - exit: 203 + 204 + return 0; 205 + 206 + err_kill_urb: 207 + usb_kill_urb(port->interrupt_in_urb); 208 + 209 209 return result; 210 210 } 211 211 ··· 347 337 }, 348 338 .description = "Metrologic USB to Serial", 349 339 .id_table = id_table, 350 - .num_ports = 1, 340 + .num_interrupt_in = 1, 341 + .calc_num_ports = metrousb_calc_num_ports, 351 342 .open = metrousb_open, 352 343 .close = metrousb_cleanup, 353 344 .read_int_callback = metrousb_read_int_callback,
+1
drivers/usb/serial/qcserial.c
··· 148 148 {DEVICE_SWI(0x1199, 0x68a2)}, /* Sierra Wireless MC7710 */ 149 149 {DEVICE_SWI(0x1199, 0x68c0)}, /* Sierra Wireless MC7304/MC7354 */ 150 150 {DEVICE_SWI(0x1199, 0x901c)}, /* Sierra Wireless EM7700 */ 151 + {DEVICE_SWI(0x1199, 0x901e)}, /* Sierra Wireless EM7355 QDL */ 151 152 {DEVICE_SWI(0x1199, 0x901f)}, /* Sierra Wireless EM7355 */ 152 153 {DEVICE_SWI(0x1199, 0x9040)}, /* Sierra Wireless Modem */ 153 154 {DEVICE_SWI(0x1199, 0x9041)}, /* Sierra Wireless MC7305/MC7355 */
-22
drivers/usb/serial/usb-serial.c
··· 1201 1201 1202 1202 struct tty_driver *usb_serial_tty_driver; 1203 1203 1204 - /* Driver structure we register with the USB core */ 1205 - static struct usb_driver usb_serial_driver = { 1206 - .name = "usbserial", 1207 - .probe = usb_serial_probe, 1208 - .disconnect = usb_serial_disconnect, 1209 - .suspend = usb_serial_suspend, 1210 - .resume = usb_serial_resume, 1211 - .no_dynamic_id = 1, 1212 - .supports_autosuspend = 1, 1213 - }; 1214 - 1215 1204 static int __init usb_serial_init(void) 1216 1205 { 1217 1206 int result; ··· 1236 1247 goto exit_reg_driver; 1237 1248 } 1238 1249 1239 - /* register the USB driver */ 1240 - result = usb_register(&usb_serial_driver); 1241 - if (result < 0) { 1242 - pr_err("%s - usb_register failed\n", __func__); 1243 - goto exit_tty; 1244 - } 1245 - 1246 1250 /* register the generic driver, if we should */ 1247 1251 result = usb_serial_generic_register(); 1248 1252 if (result < 0) { ··· 1246 1264 return result; 1247 1265 1248 1266 exit_generic: 1249 - usb_deregister(&usb_serial_driver); 1250 - 1251 - exit_tty: 1252 1267 tty_unregister_driver(usb_serial_tty_driver); 1253 1268 1254 1269 exit_reg_driver: ··· 1264 1285 1265 1286 usb_serial_generic_deregister(); 1266 1287 1267 - usb_deregister(&usb_serial_driver); 1268 1288 tty_unregister_driver(usb_serial_tty_driver); 1269 1289 put_tty_driver(usb_serial_tty_driver); 1270 1290 bus_unregister(&usb_serial_bus_type);