| Linux kernel & device driver programming |
| [ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] |
1 /********************************************* 1 /*****************************************************************************/
2 2
3 /* 3 /*
4 * devio.c -- User space communication 4 * devio.c -- User space communication with USB devices.
5 * 5 *
6 * Copyright (C) 1999-2000 Thomas Sailer 6 * Copyright (C) 1999-2000 Thomas Sailer (sailer@ife.ee.ethz.ch)
7 * 7 *
8 * This program is free software; you can 8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General 9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either v 10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version. 11 * (at your option) any later version.
12 * 12 *
13 * This program is distributed in the hop 13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTI 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more de 16 * GNU General Public License for more details.
17 * 17 *
18 * You should have received a copy of the 18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write 19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 675 Mass Ave, Cambri 20 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 * 21 *
22 * $Id: devio.c,v 1.7 2000/02/01 17:28:48 fli 22 * $Id: devio.c,v 1.7 2000/02/01 17:28:48 fliegl Exp $
23 * 23 *
24 * This file implements the usbfs/x/y files, 24 * This file implements the usbfs/x/y files, where
25 * x is the bus number and y the device numbe 25 * x is the bus number and y the device number.
26 * 26 *
27 * It allows user space programs/"drivers" to 27 * It allows user space programs/"drivers" to communicate directly
28 * with USB devices without intervening kerne 28 * with USB devices without intervening kernel driver.
29 * 29 *
30 * Revision history 30 * Revision history
31 * 22.12.1999 0.1 Initial release (spli 31 * 22.12.1999 0.1 Initial release (split from proc_usb.c)
32 * 04.01.2000 0.2 Turned into its own f 32 * 04.01.2000 0.2 Turned into its own filesystem
>> 33 * 30.09.2005 0.3 Fix user-triggerable oops in async URB delivery
>> 34 * (CAN-2005-3055)
33 */ 35 */
34 36
35 /********************************************* 37 /*****************************************************************************/
36 38
37 #include <linux/fs.h> 39 #include <linux/fs.h>
38 #include <linux/mm.h> 40 #include <linux/mm.h>
39 #include <linux/slab.h> 41 #include <linux/slab.h>
40 #include <linux/smp_lock.h> 42 #include <linux/smp_lock.h>
41 #include <linux/signal.h> 43 #include <linux/signal.h>
42 #include <linux/poll.h> 44 #include <linux/poll.h>
43 #include <linux/module.h> 45 #include <linux/module.h>
44 #include <linux/usb.h> 46 #include <linux/usb.h>
45 #include <linux/usbdevice_fs.h> 47 #include <linux/usbdevice_fs.h>
>> 48 #include <linux/cdev.h>
>> 49 #include <linux/notifier.h>
>> 50 #include <linux/security.h>
46 #include <asm/uaccess.h> 51 #include <asm/uaccess.h>
47 #include <asm/byteorder.h> 52 #include <asm/byteorder.h>
48 #include <linux/moduleparam.h> 53 #include <linux/moduleparam.h>
49 54
50 #include "hcd.h" /* for usbcore interna 55 #include "hcd.h" /* for usbcore internals */
51 #include "usb.h" 56 #include "usb.h"
52 57
>> 58 #define USB_MAXBUS 64
>> 59 #define USB_DEVICE_MAX USB_MAXBUS * 128
>> 60
>> 61 /* Mutual exclusion for removal, open, and release */
>> 62 DEFINE_MUTEX(usbfs_mutex);
>> 63
53 struct async { 64 struct async {
54 struct list_head asynclist; 65 struct list_head asynclist;
55 struct dev_state *ps; 66 struct dev_state *ps;
56 struct task_struct *task; !! 67 struct pid *pid;
>> 68 uid_t uid, euid;
57 unsigned int signr; 69 unsigned int signr;
58 unsigned int ifnum; 70 unsigned int ifnum;
59 void __user *userbuffer; 71 void __user *userbuffer;
60 void __user *userurb; 72 void __user *userurb;
61 struct urb *urb; 73 struct urb *urb;
>> 74 int status;
>> 75 u32 secid;
62 }; 76 };
63 77
64 static int usbfs_snoop = 0; !! 78 static int usbfs_snoop;
65 module_param (usbfs_snoop, bool, S_IRUGO | S_I !! 79 module_param(usbfs_snoop, bool, S_IRUGO | S_IWUSR);
66 MODULE_PARM_DESC (usbfs_snoop, "true to log al !! 80 MODULE_PARM_DESC(usbfs_snoop, "true to log all usbfs traffic");
67 81
68 #define snoop(dev, format, arg...) 82 #define snoop(dev, format, arg...) \
69 do { 83 do { \
70 if (usbfs_snoop) 84 if (usbfs_snoop) \
71 dev_info( dev , format !! 85 dev_info(dev , format , ## arg); \
72 } while (0) 86 } while (0)
73 87
>> 88 #define USB_DEVICE_DEV MKDEV(USB_DEVICE_MAJOR, 0)
>> 89
74 90
75 #define MAX_USBFS_BUFFER_SIZE 16384 91 #define MAX_USBFS_BUFFER_SIZE 16384
76 92
77 static inline int connected (struct usb_device !! 93 static inline int connected(struct dev_state *ps)
78 { 94 {
79 return dev->state != USB_STATE_NOTATTA !! 95 return (!list_empty(&ps->list) &&
>> 96 ps->dev->state != USB_STATE_NOTATTACHED);
80 } 97 }
81 98
82 static loff_t usbdev_lseek(struct file *file, 99 static loff_t usbdev_lseek(struct file *file, loff_t offset, int orig)
83 { 100 {
84 loff_t ret; 101 loff_t ret;
85 102
86 lock_kernel(); 103 lock_kernel();
87 104
88 switch (orig) { 105 switch (orig) {
89 case 0: 106 case 0:
90 file->f_pos = offset; 107 file->f_pos = offset;
91 ret = file->f_pos; 108 ret = file->f_pos;
92 break; 109 break;
93 case 1: 110 case 1:
94 file->f_pos += offset; 111 file->f_pos += offset;
95 ret = file->f_pos; 112 ret = file->f_pos;
96 break; 113 break;
97 case 2: 114 case 2:
98 default: 115 default:
99 ret = -EINVAL; 116 ret = -EINVAL;
100 } 117 }
101 118
102 unlock_kernel(); 119 unlock_kernel();
103 return ret; 120 return ret;
104 } 121 }
105 122
106 static ssize_t usbdev_read(struct file *file, !! 123 static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes,
>> 124 loff_t *ppos)
107 { 125 {
108 struct dev_state *ps = (struct dev_sta !! 126 struct dev_state *ps = file->private_data;
109 struct usb_device *dev = ps->dev; 127 struct usb_device *dev = ps->dev;
110 ssize_t ret = 0; 128 ssize_t ret = 0;
111 unsigned len; 129 unsigned len;
112 loff_t pos; 130 loff_t pos;
113 int i; 131 int i;
114 132
115 pos = *ppos; 133 pos = *ppos;
116 usb_lock_device(dev); 134 usb_lock_device(dev);
117 if (!connected(dev)) { !! 135 if (!connected(ps)) {
118 ret = -ENODEV; 136 ret = -ENODEV;
119 goto err; 137 goto err;
120 } else if (pos < 0) { 138 } else if (pos < 0) {
121 ret = -EINVAL; 139 ret = -EINVAL;
122 goto err; 140 goto err;
123 } 141 }
124 142
125 if (pos < sizeof(struct usb_device_des 143 if (pos < sizeof(struct usb_device_descriptor)) {
126 struct usb_device_descriptor * !! 144 /* 18 bytes - fits on the stack */
127 if (!desc) { !! 145 struct usb_device_descriptor temp_desc;
128 ret = -ENOMEM; !! 146
129 goto err; !! 147 memcpy(&temp_desc, &dev->descriptor, sizeof(dev->descriptor));
130 } !! 148 le16_to_cpus(&temp_desc.bcdUSB);
131 memcpy(desc, &dev->descriptor, !! 149 le16_to_cpus(&temp_desc.idVendor);
132 le16_to_cpus(&desc->bcdUSB); !! 150 le16_to_cpus(&temp_desc.idProduct);
133 le16_to_cpus(&desc->idVendor); !! 151 le16_to_cpus(&temp_desc.bcdDevice);
134 le16_to_cpus(&desc->idProduct) <<
135 le16_to_cpus(&desc->bcdDevice) <<
136 152
137 len = sizeof(struct usb_device 153 len = sizeof(struct usb_device_descriptor) - pos;
138 if (len > nbytes) 154 if (len > nbytes)
139 len = nbytes; 155 len = nbytes;
140 if (copy_to_user(buf, ((char * !! 156 if (copy_to_user(buf, ((char *)&temp_desc) + pos, len)) {
141 kfree(desc); <<
142 ret = -EFAULT; 157 ret = -EFAULT;
143 goto err; 158 goto err;
144 } 159 }
145 kfree(desc); <<
146 160
147 *ppos += len; 161 *ppos += len;
148 buf += len; 162 buf += len;
149 nbytes -= len; 163 nbytes -= len;
150 ret += len; 164 ret += len;
151 } 165 }
152 166
153 pos = sizeof(struct usb_device_descrip 167 pos = sizeof(struct usb_device_descriptor);
154 for (i = 0; nbytes && i < dev->descrip 168 for (i = 0; nbytes && i < dev->descriptor.bNumConfigurations; i++) {
155 struct usb_config_descriptor * 169 struct usb_config_descriptor *config =
156 (struct usb_config_des 170 (struct usb_config_descriptor *)dev->rawdescriptors[i];
157 unsigned int length = le16_to_ 171 unsigned int length = le16_to_cpu(config->wTotalLength);
158 172
159 if (*ppos < pos + length) { 173 if (*ppos < pos + length) {
160 174
161 /* The descriptor may 175 /* The descriptor may claim to be longer than it
162 * really is. Here is 176 * really is. Here is the actual allocated length. */
163 unsigned alloclen = 177 unsigned alloclen =
164 le16_to_cpu(de 178 le16_to_cpu(dev->config[i].desc.wTotalLength);
165 179
166 len = length - (*ppos 180 len = length - (*ppos - pos);
167 if (len > nbytes) 181 if (len > nbytes)
168 len = nbytes; 182 len = nbytes;
169 183
170 /* Simply don't write 184 /* Simply don't write (skip over) unallocated parts */
171 if (alloclen > (*ppos 185 if (alloclen > (*ppos - pos)) {
172 alloclen -= (* 186 alloclen -= (*ppos - pos);
173 if (copy_to_us 187 if (copy_to_user(buf,
174 dev->rawde 188 dev->rawdescriptors[i] + (*ppos - pos),
175 min(len, a 189 min(len, alloclen))) {
176 ret = 190 ret = -EFAULT;
177 goto e 191 goto err;
178 } 192 }
179 } 193 }
180 194
181 *ppos += len; 195 *ppos += len;
182 buf += len; 196 buf += len;
183 nbytes -= len; 197 nbytes -= len;
184 ret += len; 198 ret += len;
185 } 199 }
186 200
187 pos += length; 201 pos += length;
188 } 202 }
189 203
190 err: 204 err:
191 usb_unlock_device(dev); 205 usb_unlock_device(dev);
192 return ret; 206 return ret;
193 } 207 }
194 208
195 /* 209 /*
196 * async list handling 210 * async list handling
197 */ 211 */
198 212
199 static struct async *alloc_async(unsigned int 213 static struct async *alloc_async(unsigned int numisoframes)
200 { 214 {
201 unsigned int assize = sizeof(struct as !! 215 struct async *as;
202 struct async *as = kmalloc(assize, GFP !! 216
203 if (!as) !! 217 as = kzalloc(sizeof(struct async), GFP_KERNEL);
204 return NULL; !! 218 if (!as)
205 memset(as, 0, assize); !! 219 return NULL;
206 as->urb = usb_alloc_urb(numisoframes, 220 as->urb = usb_alloc_urb(numisoframes, GFP_KERNEL);
207 if (!as->urb) { 221 if (!as->urb) {
208 kfree(as); 222 kfree(as);
209 return NULL; 223 return NULL;
210 } 224 }
211 return as; !! 225 return as;
212 } 226 }
213 227
214 static void free_async(struct async *as) 228 static void free_async(struct async *as)
215 { 229 {
216 if (as->urb->transfer_buffer) !! 230 put_pid(as->pid);
217 kfree(as->urb->transfer_buffer !! 231 kfree(as->urb->transfer_buffer);
218 if (as->urb->setup_packet) !! 232 kfree(as->urb->setup_packet);
219 kfree(as->urb->setup_packet); <<
220 usb_free_urb(as->urb); 233 usb_free_urb(as->urb);
221 kfree(as); !! 234 kfree(as);
222 } 235 }
223 236
224 static inline void async_newpending(struct asy 237 static inline void async_newpending(struct async *as)
225 { 238 {
226 struct dev_state *ps = as->ps; !! 239 struct dev_state *ps = as->ps;
227 unsigned long flags; !! 240 unsigned long flags;
228 !! 241
229 spin_lock_irqsave(&ps->lock, flags); !! 242 spin_lock_irqsave(&ps->lock, flags);
230 list_add_tail(&as->asynclist, &ps->asy !! 243 list_add_tail(&as->asynclist, &ps->async_pending);
231 spin_unlock_irqrestore(&ps->lock, flag !! 244 spin_unlock_irqrestore(&ps->lock, flags);
232 } 245 }
233 246
234 static inline void async_removepending(struct 247 static inline void async_removepending(struct async *as)
235 { 248 {
236 struct dev_state *ps = as->ps; !! 249 struct dev_state *ps = as->ps;
237 unsigned long flags; !! 250 unsigned long flags;
238 !! 251
239 spin_lock_irqsave(&ps->lock, flags); !! 252 spin_lock_irqsave(&ps->lock, flags);
240 list_del_init(&as->asynclist); !! 253 list_del_init(&as->asynclist);
241 spin_unlock_irqrestore(&ps->lock, flag !! 254 spin_unlock_irqrestore(&ps->lock, flags);
242 } 255 }
243 256
244 static inline struct async *async_getcompleted 257 static inline struct async *async_getcompleted(struct dev_state *ps)
245 { 258 {
246 unsigned long flags; !! 259 unsigned long flags;
247 struct async *as = NULL; !! 260 struct async *as = NULL;
248 261
249 spin_lock_irqsave(&ps->lock, flags); !! 262 spin_lock_irqsave(&ps->lock, flags);
250 if (!list_empty(&ps->async_completed)) !! 263 if (!list_empty(&ps->async_completed)) {
251 as = list_entry(ps->async_comp !! 264 as = list_entry(ps->async_completed.next, struct async,
252 list_del_init(&as->asynclist); !! 265 asynclist);
253 } !! 266 list_del_init(&as->asynclist);
254 spin_unlock_irqrestore(&ps->lock, flag !! 267 }
255 return as; !! 268 spin_unlock_irqrestore(&ps->lock, flags);
>> 269 return as;
256 } 270 }
257 271
258 static inline struct async *async_getpending(s !! 272 static inline struct async *async_getpending(struct dev_state *ps,
>> 273 void __user *userurb)
259 { 274 {
260 unsigned long flags; !! 275 unsigned long flags;
261 struct async *as; !! 276 struct async *as;
262 277
263 spin_lock_irqsave(&ps->lock, flags); !! 278 spin_lock_irqsave(&ps->lock, flags);
264 list_for_each_entry(as, &ps->async_pen 279 list_for_each_entry(as, &ps->async_pending, asynclist)
265 if (as->userurb == userurb) { 280 if (as->userurb == userurb) {
266 list_del_init(&as->asy 281 list_del_init(&as->asynclist);
267 spin_unlock_irqrestore 282 spin_unlock_irqrestore(&ps->lock, flags);
268 return as; 283 return as;
269 } 284 }
270 spin_unlock_irqrestore(&ps->lock, flag !! 285 spin_unlock_irqrestore(&ps->lock, flags);
271 return NULL; !! 286 return NULL;
>> 287 }
>> 288
>> 289 static void snoop_urb(struct urb *urb, void __user *userurb)
>> 290 {
>> 291 int j;
>> 292 unsigned char *data = urb->transfer_buffer;
>> 293
>> 294 if (!usbfs_snoop)
>> 295 return;
>> 296
>> 297 dev_info(&urb->dev->dev, "direction=%s\n",
>> 298 usb_urb_dir_in(urb) ? "IN" : "OUT");
>> 299 dev_info(&urb->dev->dev, "userurb=%p\n", userurb);
>> 300 dev_info(&urb->dev->dev, "transfer_buffer_length=%d\n",
>> 301 urb->transfer_buffer_length);
>> 302 dev_info(&urb->dev->dev, "actual_length=%d\n", urb->actual_length);
>> 303 dev_info(&urb->dev->dev, "data: ");
>> 304 for (j = 0; j < urb->transfer_buffer_length; ++j)
>> 305 printk("%02x ", data[j]);
>> 306 printk("\n");
272 } 307 }
273 308
274 static void async_completed(struct urb *urb, s !! 309 static void async_completed(struct urb *urb)
275 { 310 {
276 struct async *as = (struct async *)urb !! 311 struct async *as = urb->context;
277 struct dev_state *ps = as->ps; !! 312 struct dev_state *ps = as->ps;
278 struct siginfo sinfo; 313 struct siginfo sinfo;
>> 314 unsigned long flags;
279 315
280 spin_lock(&ps->lock); !! 316 spin_lock_irqsave(&ps->lock, flags);
281 list_move_tail(&as->asynclist, &ps->as !! 317 list_move_tail(&as->asynclist, &ps->async_completed);
282 spin_unlock(&ps->lock); !! 318 spin_unlock_irqrestore(&ps->lock, flags);
>> 319 as->status = urb->status;
283 if (as->signr) { 320 if (as->signr) {
284 sinfo.si_signo = as->signr; 321 sinfo.si_signo = as->signr;
285 sinfo.si_errno = as->urb->stat !! 322 sinfo.si_errno = as->status;
286 sinfo.si_code = SI_ASYNCIO; 323 sinfo.si_code = SI_ASYNCIO;
287 sinfo.si_addr = as->userurb; 324 sinfo.si_addr = as->userurb;
288 send_sig_info(as->signr, &sinf !! 325 kill_pid_info_as_uid(as->signr, &sinfo, as->pid, as->uid,
>> 326 as->euid, as->secid);
289 } 327 }
290 wake_up(&ps->wait); !! 328 snoop(&urb->dev->dev, "urb complete\n");
>> 329 snoop_urb(urb, as->userurb);
>> 330 wake_up(&ps->wait);
291 } 331 }
292 332
293 static void destroy_async (struct dev_state *p !! 333 static void destroy_async(struct dev_state *ps, struct list_head *list)
294 { 334 {
295 struct async *as; 335 struct async *as;
296 unsigned long flags; 336 unsigned long flags;
297 337
298 spin_lock_irqsave(&ps->lock, flags); 338 spin_lock_irqsave(&ps->lock, flags);
299 while (!list_empty(list)) { 339 while (!list_empty(list)) {
300 as = list_entry(list->next, st 340 as = list_entry(list->next, struct async, asynclist);
301 list_del_init(&as->asynclist); 341 list_del_init(&as->asynclist);
302 342
303 /* drop the spinlock so the co 343 /* drop the spinlock so the completion handler can run */
304 spin_unlock_irqrestore(&ps->lo 344 spin_unlock_irqrestore(&ps->lock, flags);
305 usb_kill_urb(as->urb); 345 usb_kill_urb(as->urb);
306 spin_lock_irqsave(&ps->lock, f 346 spin_lock_irqsave(&ps->lock, flags);
307 } 347 }
308 spin_unlock_irqrestore(&ps->lock, flag 348 spin_unlock_irqrestore(&ps->lock, flags);
309 as = async_getcompleted(ps); 349 as = async_getcompleted(ps);
310 while (as) { 350 while (as) {
311 free_async(as); 351 free_async(as);
312 as = async_getcompleted(ps); 352 as = async_getcompleted(ps);
313 } 353 }
314 } 354 }
315 355
316 static void destroy_async_on_interface (struct !! 356 static void destroy_async_on_interface(struct dev_state *ps,
>> 357 unsigned int ifnum)
317 { 358 {
318 struct list_head *p, *q, hitlist; 359 struct list_head *p, *q, hitlist;
319 unsigned long flags; 360 unsigned long flags;
320 361
321 INIT_LIST_HEAD(&hitlist); 362 INIT_LIST_HEAD(&hitlist);
322 spin_lock_irqsave(&ps->lock, flags); 363 spin_lock_irqsave(&ps->lock, flags);
323 list_for_each_safe(p, q, &ps->async_pe 364 list_for_each_safe(p, q, &ps->async_pending)
324 if (ifnum == list_entry(p, str 365 if (ifnum == list_entry(p, struct async, asynclist)->ifnum)
325 list_move_tail(p, &hit 366 list_move_tail(p, &hitlist);
326 spin_unlock_irqrestore(&ps->lock, flag 367 spin_unlock_irqrestore(&ps->lock, flags);
327 destroy_async(ps, &hitlist); 368 destroy_async(ps, &hitlist);
328 } 369 }
329 370
330 static inline void destroy_all_async(struct de 371 static inline void destroy_all_async(struct dev_state *ps)
331 { 372 {
332 destroy_async(ps, &ps->async_p !! 373 destroy_async(ps, &ps->async_pending);
333 } 374 }
334 375
335 /* 376 /*
336 * interface claims are made only at the reque 377 * interface claims are made only at the request of user level code,
337 * which can also release them (explicitly or 378 * which can also release them (explicitly or by closing files).
338 * they're also undone when devices disconnect 379 * they're also undone when devices disconnect.
339 */ 380 */
340 381
341 static int driver_probe (struct usb_interface !! 382 static int driver_probe(struct usb_interface *intf,
342 const struct usb_devi !! 383 const struct usb_device_id *id)
343 { 384 {
344 return -ENODEV; 385 return -ENODEV;
345 } 386 }
346 387
347 static void driver_disconnect(struct usb_inter 388 static void driver_disconnect(struct usb_interface *intf)
348 { 389 {
349 struct dev_state *ps = usb_get_intfdat !! 390 struct dev_state *ps = usb_get_intfdata(intf);
350 unsigned int ifnum = intf->altsetting- 391 unsigned int ifnum = intf->altsetting->desc.bInterfaceNumber;
351 392
352 if (!ps) 393 if (!ps)
353 return; 394 return;
354 395
355 /* NOTE: this relies on usbcore havin 396 /* NOTE: this relies on usbcore having canceled and completed
356 * all pending I/O requests; 2.6 does 397 * all pending I/O requests; 2.6 does that.
357 */ 398 */
358 399
359 if (likely(ifnum < 8*sizeof(ps->ifclai 400 if (likely(ifnum < 8*sizeof(ps->ifclaimed)))
360 clear_bit(ifnum, &ps->ifclaime 401 clear_bit(ifnum, &ps->ifclaimed);
361 else 402 else
362 warn("interface number %u out 403 warn("interface number %u out of range", ifnum);
363 404
364 usb_set_intfdata (intf, NULL); !! 405 usb_set_intfdata(intf, NULL);
365 406
366 /* force async requests to complete */ 407 /* force async requests to complete */
367 destroy_async_on_interface(ps, ifnum); 408 destroy_async_on_interface(ps, ifnum);
368 } 409 }
369 410
>> 411 /* The following routines are merely placeholders. There is no way
>> 412 * to inform a user task about suspend or resumes.
>> 413 */
>> 414 static int driver_suspend(struct usb_interface *intf, pm_message_t msg)
>> 415 {
>> 416 return 0;
>> 417 }
>> 418
>> 419 static int driver_resume(struct usb_interface *intf)
>> 420 {
>> 421 return 0;
>> 422 }
>> 423
370 struct usb_driver usbfs_driver = { 424 struct usb_driver usbfs_driver = {
371 .owner = THIS_MODULE, <<
372 .name = "usbfs", 425 .name = "usbfs",
373 .probe = driver_probe, 426 .probe = driver_probe,
374 .disconnect = driver_disconnect, 427 .disconnect = driver_disconnect,
>> 428 .suspend = driver_suspend,
>> 429 .resume = driver_resume,
375 }; 430 };
376 431
377 static int claimintf(struct dev_state *ps, uns 432 static int claimintf(struct dev_state *ps, unsigned int ifnum)
378 { 433 {
379 struct usb_device *dev = ps->dev; 434 struct usb_device *dev = ps->dev;
380 struct usb_interface *intf; 435 struct usb_interface *intf;
381 int err; 436 int err;
382 437
383 if (ifnum >= 8*sizeof(ps->ifclaimed)) 438 if (ifnum >= 8*sizeof(ps->ifclaimed))
384 return -EINVAL; 439 return -EINVAL;
385 /* already claimed */ 440 /* already claimed */
386 if (test_bit(ifnum, &ps->ifclaimed)) 441 if (test_bit(ifnum, &ps->ifclaimed))
387 return 0; 442 return 0;
388 443
389 /* lock against other changes to drive <<
390 down_write(&usb_bus_type.subsys.rwsem) <<
391 intf = usb_ifnum_to_if(dev, ifnum); 444 intf = usb_ifnum_to_if(dev, ifnum);
392 if (!intf) 445 if (!intf)
393 err = -ENOENT; 446 err = -ENOENT;
394 else 447 else
395 err = usb_driver_claim_interfa 448 err = usb_driver_claim_interface(&usbfs_driver, intf, ps);
396 up_write(&usb_bus_type.subsys.rwsem); <<
397 if (err == 0) 449 if (err == 0)
398 set_bit(ifnum, &ps->ifclaimed) 450 set_bit(ifnum, &ps->ifclaimed);
399 return err; 451 return err;
400 } 452 }
401 453
402 static int releaseintf(struct dev_state *ps, u 454 static int releaseintf(struct dev_state *ps, unsigned int ifnum)
403 { 455 {
404 struct usb_device *dev; 456 struct usb_device *dev;
405 struct usb_interface *intf; 457 struct usb_interface *intf;
406 int err; 458 int err;
407 459
408 err = -EINVAL; 460 err = -EINVAL;
409 if (ifnum >= 8*sizeof(ps->ifclaimed)) 461 if (ifnum >= 8*sizeof(ps->ifclaimed))
410 return err; 462 return err;
411 dev = ps->dev; 463 dev = ps->dev;
412 /* lock against other changes to drive <<
413 down_write(&usb_bus_type.subsys.rwsem) <<
414 intf = usb_ifnum_to_if(dev, ifnum); 464 intf = usb_ifnum_to_if(dev, ifnum);
415 if (!intf) 465 if (!intf)
416 err = -ENOENT; 466 err = -ENOENT;
417 else if (test_and_clear_bit(ifnum, &ps 467 else if (test_and_clear_bit(ifnum, &ps->ifclaimed)) {
418 usb_driver_release_interface(& 468 usb_driver_release_interface(&usbfs_driver, intf);
419 err = 0; 469 err = 0;
420 } 470 }
421 up_write(&usb_bus_type.subsys.rwsem); <<
422 return err; 471 return err;
423 } 472 }
424 473
425 static int checkintf(struct dev_state *ps, uns 474 static int checkintf(struct dev_state *ps, unsigned int ifnum)
426 { 475 {
427 if (ps->dev->state != USB_STATE_CONFIG 476 if (ps->dev->state != USB_STATE_CONFIGURED)
428 return -EHOSTUNREACH; 477 return -EHOSTUNREACH;
429 if (ifnum >= 8*sizeof(ps->ifclaimed)) 478 if (ifnum >= 8*sizeof(ps->ifclaimed))
430 return -EINVAL; 479 return -EINVAL;
431 if (test_bit(ifnum, &ps->ifclaimed)) 480 if (test_bit(ifnum, &ps->ifclaimed))
432 return 0; 481 return 0;
433 /* if not yet claimed, claim it for th 482 /* if not yet claimed, claim it for the driver */
434 dev_warn(&ps->dev->dev, "usbfs: proces !! 483 dev_warn(&ps->dev->dev, "usbfs: process %d (%s) did not claim "
435 current->pid, current->comm, if !! 484 "interface %u before use\n", task_pid_nr(current),
>> 485 current->comm, ifnum);
436 return claimintf(ps, ifnum); 486 return claimintf(ps, ifnum);
437 } 487 }
438 488
439 static int findintfep(struct usb_device *dev, 489 static int findintfep(struct usb_device *dev, unsigned int ep)
440 { 490 {
441 unsigned int i, j, e; 491 unsigned int i, j, e;
442 struct usb_interface *intf; !! 492 struct usb_interface *intf;
443 struct usb_host_interface *alts; 493 struct usb_host_interface *alts;
444 struct usb_endpoint_descriptor *endpt; 494 struct usb_endpoint_descriptor *endpt;
445 495
446 if (ep & ~(USB_DIR_IN|0xf)) 496 if (ep & ~(USB_DIR_IN|0xf))
447 return -EINVAL; 497 return -EINVAL;
448 if (!dev->actconfig) 498 if (!dev->actconfig)
449 return -ESRCH; 499 return -ESRCH;
450 for (i = 0; i < dev->actconfig->desc.b 500 for (i = 0; i < dev->actconfig->desc.bNumInterfaces; i++) {
451 intf = dev->actconfig->interfa 501 intf = dev->actconfig->interface[i];
452 for (j = 0; j < intf->num_alts 502 for (j = 0; j < intf->num_altsetting; j++) {
453 alts = &intf->altsetti !! 503 alts = &intf->altsetting[j];
454 for (e = 0; e < alts-> 504 for (e = 0; e < alts->desc.bNumEndpoints; e++) {
455 endpt = &alts- 505 endpt = &alts->endpoint[e].desc;
456 if (endpt->bEn 506 if (endpt->bEndpointAddress == ep)
457 return 507 return alts->desc.bInterfaceNumber;
458 } 508 }
459 } 509 }
460 } 510 }
461 return -ENOENT; !! 511 return -ENOENT;
462 } 512 }
463 513
464 static int check_ctrlrecip(struct dev_state *p !! 514 static int check_ctrlrecip(struct dev_state *ps, unsigned int requesttype,
>> 515 unsigned int index)
465 { 516 {
466 int ret = 0; 517 int ret = 0;
467 518
468 if (ps->dev->state != USB_STATE_CONFIG !! 519 if (ps->dev->state != USB_STATE_ADDRESS
>> 520 && ps->dev->state != USB_STATE_CONFIGURED)
469 return -EHOSTUNREACH; 521 return -EHOSTUNREACH;
470 if (USB_TYPE_VENDOR == (USB_TYPE_MASK 522 if (USB_TYPE_VENDOR == (USB_TYPE_MASK & requesttype))
471 return 0; 523 return 0;
472 524
473 index &= 0xff; 525 index &= 0xff;
474 switch (requesttype & USB_RECIP_MASK) 526 switch (requesttype & USB_RECIP_MASK) {
475 case USB_RECIP_ENDPOINT: 527 case USB_RECIP_ENDPOINT:
476 if ((ret = findintfep(ps->dev, !! 528 ret = findintfep(ps->dev, index);
>> 529 if (ret >= 0)
477 ret = checkintf(ps, re 530 ret = checkintf(ps, ret);
478 break; 531 break;
479 532
480 case USB_RECIP_INTERFACE: 533 case USB_RECIP_INTERFACE:
481 ret = checkintf(ps, index); 534 ret = checkintf(ps, index);
482 break; 535 break;
483 } 536 }
484 return ret; 537 return ret;
485 } 538 }
486 539
>> 540 static int __match_minor(struct device *dev, void *data)
>> 541 {
>> 542 int minor = *((int *)data);
>> 543
>> 544 if (dev->devt == MKDEV(USB_DEVICE_MAJOR, minor))
>> 545 return 1;
>> 546 return 0;
>> 547 }
>> 548
>> 549 static struct usb_device *usbdev_lookup_by_minor(int minor)
>> 550 {
>> 551 struct device *dev;
>> 552
>> 553 dev = bus_find_device(&usb_bus_type, NULL, &minor, __match_minor);
>> 554 if (!dev)
>> 555 return NULL;
>> 556 put_device(dev);
>> 557 return container_of(dev, struct usb_device, dev);
>> 558 }
>> 559
487 /* 560 /*
488 * file operations 561 * file operations
489 */ 562 */
490 static int usbdev_open(struct inode *inode, st 563 static int usbdev_open(struct inode *inode, struct file *file)
491 { 564 {
492 struct usb_device *dev; !! 565 struct usb_device *dev = NULL;
493 struct dev_state *ps; 566 struct dev_state *ps;
494 int ret; 567 int ret;
495 568
496 /* !! 569 /* Protect against simultaneous removal or release */
497 * no locking necessary here, as chrde !! 570 mutex_lock(&usbfs_mutex);
498 * (still acquire the kernel lock for !! 571
499 */ <<
500 ret = -ENOMEM; 572 ret = -ENOMEM;
501 if (!(ps = kmalloc(sizeof(struct dev_s !! 573 ps = kmalloc(sizeof(struct dev_state), GFP_KERNEL);
502 goto out_nolock; !! 574 if (!ps)
>> 575 goto out;
503 576
504 lock_kernel(); <<
505 ret = -ENOENT; 577 ret = -ENOENT;
506 dev = usb_get_dev(inode->u.generic_ip) !! 578 /* usbdev device-node */
507 if (!dev) { !! 579 if (imajor(inode) == USB_DEVICE_MAJOR)
508 kfree(ps); !! 580 dev = usbdev_lookup_by_minor(iminor(inode));
>> 581 #ifdef CONFIG_USB_DEVICEFS
>> 582 /* procfs file */
>> 583 if (!dev)
>> 584 dev = inode->i_private;
>> 585 #endif
>> 586 if (!dev)
509 goto out; 587 goto out;
510 } !! 588 ret = usb_autoresume_device(dev);
>> 589 if (ret)
>> 590 goto out;
>> 591
>> 592 usb_get_dev(dev);
511 ret = 0; 593 ret = 0;
512 ps->dev = dev; 594 ps->dev = dev;
513 ps->file = file; 595 ps->file = file;
514 spin_lock_init(&ps->lock); 596 spin_lock_init(&ps->lock);
>> 597 INIT_LIST_HEAD(&ps->list);
515 INIT_LIST_HEAD(&ps->async_pending); 598 INIT_LIST_HEAD(&ps->async_pending);
516 INIT_LIST_HEAD(&ps->async_completed); 599 INIT_LIST_HEAD(&ps->async_completed);
517 init_waitqueue_head(&ps->wait); 600 init_waitqueue_head(&ps->wait);
518 ps->discsignr = 0; 601 ps->discsignr = 0;
519 ps->disctask = current; !! 602 ps->disc_pid = get_pid(task_pid(current));
>> 603 ps->disc_uid = current->uid;
>> 604 ps->disc_euid = current->euid;
520 ps->disccontext = NULL; 605 ps->disccontext = NULL;
521 ps->ifclaimed = 0; 606 ps->ifclaimed = 0;
522 wmb(); !! 607 security_task_getsecid(current, &ps->secid);
>> 608 smp_wmb();
523 list_add_tail(&ps->list, &dev->filelis 609 list_add_tail(&ps->list, &dev->filelist);
524 file->private_data = ps; 610 file->private_data = ps;
525 out: 611 out:
526 unlock_kernel(); !! 612 if (ret)
527 out_nolock: !! 613 kfree(ps);
528 return ret; !! 614 mutex_unlock(&usbfs_mutex);
>> 615 return ret;
529 } 616 }
530 617
531 static int usbdev_release(struct inode *inode, 618 static int usbdev_release(struct inode *inode, struct file *file)
532 { 619 {
533 struct dev_state *ps = (struct dev_sta !! 620 struct dev_state *ps = file->private_data;
534 struct usb_device *dev = ps->dev; 621 struct usb_device *dev = ps->dev;
535 unsigned int ifnum; 622 unsigned int ifnum;
536 623
537 usb_lock_device(dev); 624 usb_lock_device(dev);
>> 625
>> 626 /* Protect against simultaneous open */
>> 627 mutex_lock(&usbfs_mutex);
538 list_del_init(&ps->list); 628 list_del_init(&ps->list);
>> 629 mutex_unlock(&usbfs_mutex);
>> 630
539 for (ifnum = 0; ps->ifclaimed && ifnum 631 for (ifnum = 0; ps->ifclaimed && ifnum < 8*sizeof(ps->ifclaimed);
540 ifnum++) { 632 ifnum++) {
541 if (test_bit(ifnum, &ps->ifcla 633 if (test_bit(ifnum, &ps->ifclaimed))
542 releaseintf(ps, ifnum) 634 releaseintf(ps, ifnum);
543 } 635 }
544 destroy_all_async(ps); 636 destroy_all_async(ps);
>> 637 usb_autosuspend_device(dev);
545 usb_unlock_device(dev); 638 usb_unlock_device(dev);
546 usb_put_dev(dev); 639 usb_put_dev(dev);
547 ps->dev = NULL; !! 640 put_pid(ps->disc_pid);
548 kfree(ps); 641 kfree(ps);
549 return 0; !! 642 return 0;
550 } 643 }
551 644
552 static int proc_control(struct dev_state *ps, 645 static int proc_control(struct dev_state *ps, void __user *arg)
553 { 646 {
554 struct usb_device *dev = ps->dev; 647 struct usb_device *dev = ps->dev;
555 struct usbdevfs_ctrltransfer ctrl; 648 struct usbdevfs_ctrltransfer ctrl;
556 unsigned int tmo; 649 unsigned int tmo;
557 unsigned char *tbuf; 650 unsigned char *tbuf;
558 int i, j, ret; 651 int i, j, ret;
559 652
560 if (copy_from_user(&ctrl, arg, sizeof( 653 if (copy_from_user(&ctrl, arg, sizeof(ctrl)))
561 return -EFAULT; 654 return -EFAULT;
562 if ((ret = check_ctrlrecip(ps, ctrl.bR !! 655 ret = check_ctrlrecip(ps, ctrl.bRequestType, ctrl.wIndex);
>> 656 if (ret)
563 return ret; 657 return ret;
564 if (ctrl.wLength > PAGE_SIZE) 658 if (ctrl.wLength > PAGE_SIZE)
565 return -EINVAL; 659 return -EINVAL;
566 if (!(tbuf = (unsigned char *)__get_fr !! 660 tbuf = (unsigned char *)__get_free_page(GFP_KERNEL);
>> 661 if (!tbuf)
567 return -ENOMEM; 662 return -ENOMEM;
568 tmo = (ctrl.timeout * HZ + 999) / 1000 !! 663 tmo = ctrl.timeout;
569 if (ctrl.bRequestType & 0x80) { 664 if (ctrl.bRequestType & 0x80) {
570 if (ctrl.wLength && !access_ok !! 665 if (ctrl.wLength && !access_ok(VERIFY_WRITE, ctrl.data,
>> 666 ctrl.wLength)) {
571 free_page((unsigned lo 667 free_page((unsigned long)tbuf);
572 return -EINVAL; 668 return -EINVAL;
573 } 669 }
574 snoop(&dev->dev, "control read !! 670 snoop(&dev->dev, "control read: bRequest=%02x "
575 ctrl.bRequest, ctrl.bR !! 671 "bRrequestType=%02x wValue=%04x "
>> 672 "wIndex=%04x wLength=%04x\n",
>> 673 ctrl.bRequest, ctrl.bRequestType, ctrl.wValue,
>> 674 ctrl.wIndex, ctrl.wLength);
576 675
577 usb_unlock_device(dev); 676 usb_unlock_device(dev);
578 i = usb_control_msg(dev, usb_r !! 677 i = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0), ctrl.bRequest,
579 ctrl.wV !! 678 ctrl.bRequestType, ctrl.wValue, ctrl.wIndex,
>> 679 tbuf, ctrl.wLength, tmo);
580 usb_lock_device(dev); 680 usb_lock_device(dev);
581 if ((i > 0) && ctrl.wLength) { 681 if ((i > 0) && ctrl.wLength) {
582 if (usbfs_snoop) { 682 if (usbfs_snoop) {
583 dev_info(&dev- 683 dev_info(&dev->dev, "control read: data ");
584 for (j = 0; j !! 684 for (j = 0; j < i; ++j)
585 printk !! 685 printk("%02x ", (u8)(tbuf)[j]);
586 printk("\n"); 686 printk("\n");
587 } 687 }
588 if (copy_to_user(ctrl. !! 688 if (copy_to_user(ctrl.data, tbuf, i)) {
589 free_page((uns 689 free_page((unsigned long)tbuf);
590 return -EFAULT 690 return -EFAULT;
591 } 691 }
592 } 692 }
593 } else { 693 } else {
594 if (ctrl.wLength) { 694 if (ctrl.wLength) {
595 if (copy_from_user(tbu 695 if (copy_from_user(tbuf, ctrl.data, ctrl.wLength)) {
596 free_page((uns 696 free_page((unsigned long)tbuf);
597 return -EFAULT 697 return -EFAULT;
598 } 698 }
599 } 699 }
600 snoop(&dev->dev, "control writ !! 700 snoop(&dev->dev, "control write: bRequest=%02x "
601 ctrl.bRequest, ctrl.bR !! 701 "bRrequestType=%02x wValue=%04x "
>> 702 "wIndex=%04x wLength=%04x\n",
>> 703 ctrl.bRequest, ctrl.bRequestType, ctrl.wValue,
>> 704 ctrl.wIndex, ctrl.wLength);
602 if (usbfs_snoop) { 705 if (usbfs_snoop) {
603 dev_info(&dev->dev, "c 706 dev_info(&dev->dev, "control write: data: ");
604 for (j = 0; j < ctrl.w 707 for (j = 0; j < ctrl.wLength; ++j)
605 printk ("%02x !! 708 printk("%02x ", (unsigned char)(tbuf)[j]);
606 printk("\n"); 709 printk("\n");
607 } 710 }
608 usb_unlock_device(dev); 711 usb_unlock_device(dev);
609 i = usb_control_msg(dev, usb_s !! 712 i = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), ctrl.bRequest,
610 ctrl.wV !! 713 ctrl.bRequestType, ctrl.wValue, ctrl.wIndex,
>> 714 tbuf, ctrl.wLength, tmo);
611 usb_lock_device(dev); 715 usb_lock_device(dev);
612 } 716 }
613 free_page((unsigned long)tbuf); 717 free_page((unsigned long)tbuf);
614 if (i<0 && i != -EPIPE) { !! 718 if (i < 0 && i != -EPIPE) {
615 dev_printk(KERN_DEBUG, &dev->d 719 dev_printk(KERN_DEBUG, &dev->dev, "usbfs: USBDEVFS_CONTROL "
616 "failed cmd %s rqt 720 "failed cmd %s rqt %u rq %u len %u ret %d\n",
617 current->comm, ctrl 721 current->comm, ctrl.bRequestType, ctrl.bRequest,
618 ctrl.wLength, i); 722 ctrl.wLength, i);
619 } 723 }
620 return i; 724 return i;
621 } 725 }
622 726
623 static int proc_bulk(struct dev_state *ps, voi 727 static int proc_bulk(struct dev_state *ps, void __user *arg)
624 { 728 {
625 struct usb_device *dev = ps->dev; 729 struct usb_device *dev = ps->dev;
626 struct usbdevfs_bulktransfer bulk; 730 struct usbdevfs_bulktransfer bulk;
627 unsigned int tmo, len1, pipe; 731 unsigned int tmo, len1, pipe;
628 int len2; 732 int len2;
629 unsigned char *tbuf; 733 unsigned char *tbuf;
630 int i, ret; !! 734 int i, j, ret;
631 735
632 if (copy_from_user(&bulk, arg, sizeof( 736 if (copy_from_user(&bulk, arg, sizeof(bulk)))
633 return -EFAULT; 737 return -EFAULT;
634 if ((ret = findintfep(ps->dev, bulk.ep !! 738 ret = findintfep(ps->dev, bulk.ep);
>> 739 if (ret < 0)
635 return ret; 740 return ret;
636 if ((ret = checkintf(ps, ret))) !! 741 ret = checkintf(ps, ret);
>> 742 if (ret)
637 return ret; 743 return ret;
638 if (bulk.ep & USB_DIR_IN) 744 if (bulk.ep & USB_DIR_IN)
639 pipe = usb_rcvbulkpipe(dev, bu 745 pipe = usb_rcvbulkpipe(dev, bulk.ep & 0x7f);
640 else 746 else
641 pipe = usb_sndbulkpipe(dev, bu 747 pipe = usb_sndbulkpipe(dev, bulk.ep & 0x7f);
642 if (!usb_maxpacket(dev, pipe, !(bulk.e 748 if (!usb_maxpacket(dev, pipe, !(bulk.ep & USB_DIR_IN)))
643 return -EINVAL; 749 return -EINVAL;
644 len1 = bulk.len; 750 len1 = bulk.len;
645 if (len1 > MAX_USBFS_BUFFER_SIZE) 751 if (len1 > MAX_USBFS_BUFFER_SIZE)
646 return -EINVAL; 752 return -EINVAL;
647 if (!(tbuf = kmalloc(len1, GFP_KERNEL) 753 if (!(tbuf = kmalloc(len1, GFP_KERNEL)))
648 return -ENOMEM; 754 return -ENOMEM;
649 tmo = (bulk.timeout * HZ + 999) / 1000 !! 755 tmo = bulk.timeout;
650 if (bulk.ep & 0x80) { 756 if (bulk.ep & 0x80) {
651 if (len1 && !access_ok(VERIFY_ 757 if (len1 && !access_ok(VERIFY_WRITE, bulk.data, len1)) {
652 kfree(tbuf); 758 kfree(tbuf);
653 return -EINVAL; 759 return -EINVAL;
654 } 760 }
>> 761 snoop(&dev->dev, "bulk read: len=0x%02x timeout=%04d\n",
>> 762 bulk.len, bulk.timeout);
655 usb_unlock_device(dev); 763 usb_unlock_device(dev);
656 i = usb_bulk_msg(dev, pipe, tb 764 i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo);
657 usb_lock_device(dev); 765 usb_lock_device(dev);
658 if (!i && len2) { 766 if (!i && len2) {
>> 767 if (usbfs_snoop) {
>> 768 dev_info(&dev->dev, "bulk read: data ");
>> 769 for (j = 0; j < len2; ++j)
>> 770 printk("%02x ", (u8)(tbuf)[j]);
>> 771 printk("\n");
>> 772 }
659 if (copy_to_user(bulk. 773 if (copy_to_user(bulk.data, tbuf, len2)) {
660 kfree(tbuf); 774 kfree(tbuf);
661 return -EFAULT 775 return -EFAULT;
662 } 776 }
663 } 777 }
664 } else { 778 } else {
665 if (len1) { 779 if (len1) {
666 if (copy_from_user(tbu 780 if (copy_from_user(tbuf, bulk.data, len1)) {
667 kfree(tbuf); 781 kfree(tbuf);
668 return -EFAULT 782 return -EFAULT;
669 } 783 }
670 } 784 }
>> 785 snoop(&dev->dev, "bulk write: len=0x%02x timeout=%04d\n",
>> 786 bulk.len, bulk.timeout);
>> 787 if (usbfs_snoop) {
>> 788 dev_info(&dev->dev, "bulk write: data: ");
>> 789 for (j = 0; j < len1; ++j)
>> 790 printk("%02x ", (unsigned char)(tbuf)[j]);
>> 791 printk("\n");
>> 792 }
671 usb_unlock_device(dev); 793 usb_unlock_device(dev);
672 i = usb_bulk_msg(dev, pipe, tb 794 i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo);
673 usb_lock_device(dev); 795 usb_lock_device(dev);
674 } 796 }
675 kfree(tbuf); 797 kfree(tbuf);
676 if (i < 0) { !! 798 if (i < 0)
677 dev_warn(&dev->dev, "usbfs: US <<
678 "ep 0x%x len %u ret % <<
679 return i; 799 return i;
680 } <<
681 return len2; 800 return len2;
682 } 801 }
683 802
684 static int proc_resetep(struct dev_state *ps, 803 static int proc_resetep(struct dev_state *ps, void __user *arg)
685 { 804 {
686 unsigned int ep; 805 unsigned int ep;
687 int ret; 806 int ret;
688 807
689 if (get_user(ep, (unsigned int __user 808 if (get_user(ep, (unsigned int __user *)arg))
690 return -EFAULT; 809 return -EFAULT;
691 if ((ret = findintfep(ps->dev, ep)) < !! 810 ret = findintfep(ps->dev, ep);
>> 811 if (ret < 0)
692 return ret; 812 return ret;
693 if ((ret = checkintf(ps, ret))) !! 813 ret = checkintf(ps, ret);
>> 814 if (ret)
694 return ret; 815 return ret;
695 usb_settoggle(ps->dev, ep & 0xf, !(ep 816 usb_settoggle(ps->dev, ep & 0xf, !(ep & USB_DIR_IN), 0);
696 return 0; 817 return 0;
697 } 818 }
698 819
699 static int proc_clearhalt(struct dev_state *ps 820 static int proc_clearhalt(struct dev_state *ps, void __user *arg)
700 { 821 {
701 unsigned int ep; 822 unsigned int ep;
702 int pipe; 823 int pipe;
703 int ret; 824 int ret;
704 825
705 if (get_user(ep, (unsigned int __user 826 if (get_user(ep, (unsigned int __user *)arg))
706 return -EFAULT; 827 return -EFAULT;
707 if ((ret = findintfep(ps->dev, ep)) < !! 828 ret = findintfep(ps->dev, ep);
>> 829 if (ret < 0)
708 return ret; 830 return ret;
709 if ((ret = checkintf(ps, ret))) !! 831 ret = checkintf(ps, ret);
>> 832 if (ret)
710 return ret; 833 return ret;
711 if (ep & USB_DIR_IN) 834 if (ep & USB_DIR_IN)
712 pipe = usb_rcvbulkpipe(ps->dev !! 835 pipe = usb_rcvbulkpipe(ps->dev, ep & 0x7f);
713 else !! 836 else
714 pipe = usb_sndbulkpipe(ps->dev !! 837 pipe = usb_sndbulkpipe(ps->dev, ep & 0x7f);
715 838
716 return usb_clear_halt(ps->dev, pipe); 839 return usb_clear_halt(ps->dev, pipe);
717 } 840 }
718 <<
719 841
720 static int proc_getdriver(struct dev_state *ps 842 static int proc_getdriver(struct dev_state *ps, void __user *arg)
721 { 843 {
722 struct usbdevfs_getdriver gd; 844 struct usbdevfs_getdriver gd;
723 struct usb_interface *intf; 845 struct usb_interface *intf;
724 int ret; 846 int ret;
725 847
726 if (copy_from_user(&gd, arg, sizeof(gd 848 if (copy_from_user(&gd, arg, sizeof(gd)))
727 return -EFAULT; 849 return -EFAULT;
728 down_read(&usb_bus_type.subsys.rwsem); <<
729 intf = usb_ifnum_to_if(ps->dev, gd.int 850 intf = usb_ifnum_to_if(ps->dev, gd.interface);
730 if (!intf || !intf->dev.driver) 851 if (!intf || !intf->dev.driver)
731 ret = -ENODATA; 852 ret = -ENODATA;
732 else { 853 else {
733 strncpy(gd.driver, intf->dev.d 854 strncpy(gd.driver, intf->dev.driver->name,
734 sizeof(gd.driv 855 sizeof(gd.driver));
735 ret = (copy_to_user(arg, &gd, 856 ret = (copy_to_user(arg, &gd, sizeof(gd)) ? -EFAULT : 0);
736 } 857 }
737 up_read(&usb_bus_type.subsys.rwsem); <<
738 return ret; 858 return ret;
739 } 859 }
740 860
741 static int proc_connectinfo(struct dev_state * 861 static int proc_connectinfo(struct dev_state *ps, void __user *arg)
742 { 862 {
743 struct usbdevfs_connectinfo ci; 863 struct usbdevfs_connectinfo ci;
744 864
745 ci.devnum = ps->dev->devnum; 865 ci.devnum = ps->dev->devnum;
746 ci.slow = ps->dev->speed == USB_SPEED_ 866 ci.slow = ps->dev->speed == USB_SPEED_LOW;
747 if (copy_to_user(arg, &ci, sizeof(ci)) 867 if (copy_to_user(arg, &ci, sizeof(ci)))
748 return -EFAULT; 868 return -EFAULT;
749 return 0; 869 return 0;
750 } 870 }
751 871
752 static int proc_resetdevice(struct dev_state * 872 static int proc_resetdevice(struct dev_state *ps)
753 { 873 {
754 return usb_reset_device(ps->dev); !! 874 return usb_reset_composite_device(ps->dev, NULL);
755 <<
756 } 875 }
757 876
758 static int proc_setintf(struct dev_state *ps, 877 static int proc_setintf(struct dev_state *ps, void __user *arg)
759 { 878 {
760 struct usbdevfs_setinterface setintf; 879 struct usbdevfs_setinterface setintf;
761 int ret; 880 int ret;
762 881
763 if (copy_from_user(&setintf, arg, size 882 if (copy_from_user(&setintf, arg, sizeof(setintf)))
764 return -EFAULT; 883 return -EFAULT;
765 if ((ret = checkintf(ps, setintf.inter 884 if ((ret = checkintf(ps, setintf.interface)))
766 return ret; 885 return ret;
767 return usb_set_interface(ps->dev, seti 886 return usb_set_interface(ps->dev, setintf.interface,
768 setintf.altsetting); 887 setintf.altsetting);
769 } 888 }
770 889
771 static int proc_setconfig(struct dev_state *ps 890 static int proc_setconfig(struct dev_state *ps, void __user *arg)
772 { 891 {
773 unsigned int u; !! 892 int u;
774 int status = 0; 893 int status = 0;
775 struct usb_host_config *actconfig; !! 894 struct usb_host_config *actconfig;
776 895
777 if (get_user(u, (unsigned int __user * !! 896 if (get_user(u, (int __user *)arg))
778 return -EFAULT; 897 return -EFAULT;
779 898
780 actconfig = ps->dev->actconfig; !! 899 actconfig = ps->dev->actconfig;
781 !! 900
782 /* Don't touch the device if any inter !! 901 /* Don't touch the device if any interfaces are claimed.
783 * It could interfere with other drive !! 902 * It could interfere with other drivers' operations, and if
784 * an interface is claimed by usbfs it 903 * an interface is claimed by usbfs it could easily deadlock.
785 */ 904 */
786 if (actconfig) { !! 905 if (actconfig) {
787 int i; !! 906 int i;
788 !! 907
789 for (i = 0; i < actconfig->des !! 908 for (i = 0; i < actconfig->desc.bNumInterfaces; ++i) {
790 if (usb_interface_clai !! 909 if (usb_interface_claimed(actconfig->interface[i])) {
791 dev_warn (&ps- !! 910 dev_warn(&ps->dev->dev,
792 "usbfs !! 911 "usbfs: interface %d claimed by %s "
793 "while 912 "while '%s' sets config #%d\n",
794 actcon 913 actconfig->interface[i]
795 914 ->cur_altsetting
796 915 ->desc.bInterfaceNumber,
>> 916 actconfig->interface[i]
>> 917 ->dev.driver->name,
797 curren 918 current->comm, u);
798 #if 0 /* FIXME: enable in 2.6.10 or so */ !! 919 status = -EBUSY;
799 status = -EBUS <<
800 break; 920 break;
801 #endif <<
802 } 921 }
803 } !! 922 }
804 } !! 923 }
805 924
806 /* SET_CONFIGURATION is often abused a 925 /* SET_CONFIGURATION is often abused as a "cheap" driver reset,
807 * so avoid usb_set_configuration()'s 926 * so avoid usb_set_configuration()'s kick to sysfs
808 */ 927 */
809 if (status == 0) { 928 if (status == 0) {
810 if (actconfig && actconfig->de 929 if (actconfig && actconfig->desc.bConfigurationValue == u)
811 status = usb_reset_con 930 status = usb_reset_configuration(ps->dev);
812 else 931 else
813 status = usb_set_confi 932 status = usb_set_configuration(ps->dev, u);
814 } 933 }
815 934
816 return status; 935 return status;
817 } 936 }
818 937
819 static int proc_submiturb(struct dev_state *ps !! 938 static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb,
>> 939 struct usbdevfs_iso_packet_desc __user *iso_frame_desc,
>> 940 void __user *arg)
820 { 941 {
821 struct usbdevfs_urb uurb; <<
822 struct usbdevfs_iso_packet_desc *isopk 942 struct usbdevfs_iso_packet_desc *isopkt = NULL;
823 struct usb_host_endpoint *ep; 943 struct usb_host_endpoint *ep;
824 struct async *as; 944 struct async *as;
825 struct usb_ctrlrequest *dr = NULL; 945 struct usb_ctrlrequest *dr = NULL;
826 unsigned int u, totlen, isofrmlen; 946 unsigned int u, totlen, isofrmlen;
827 int ret, interval = 0, ifnum = -1; !! 947 int ret, ifnum = -1;
>> 948 int is_in;
828 949
829 if (copy_from_user(&uurb, arg, sizeof( !! 950 if (uurb->flags & ~(USBDEVFS_URB_ISO_ASAP|USBDEVFS_URB_SHORT_NOT_OK|
830 return -EFAULT; <<
831 if (uurb.flags & ~(USBDEVFS_URB_ISO_AS <<
832 URB_NO_FSBR|URB_ZER 951 URB_NO_FSBR|URB_ZERO_PACKET))
833 return -EINVAL; 952 return -EINVAL;
834 if (!uurb.buffer) !! 953 if (!uurb->buffer)
835 return -EINVAL; 954 return -EINVAL;
836 if (uurb.signr != 0 && (uurb.signr < S !! 955 if (uurb->signr != 0 && (uurb->signr < SIGRTMIN ||
>> 956 uurb->signr > SIGRTMAX))
837 return -EINVAL; 957 return -EINVAL;
838 if (!(uurb.type == USBDEVFS_URB_TYPE_C !! 958 if (!(uurb->type == USBDEVFS_URB_TYPE_CONTROL &&
839 if ((ifnum = findintfep(ps->de !! 959 (uurb->endpoint & ~USB_ENDPOINT_DIR_MASK) == 0)) {
>> 960 ifnum = findintfep(ps->dev, uurb->endpoint);
>> 961 if (ifnum < 0)
840 return ifnum; 962 return ifnum;
841 if ((ret = checkintf(ps, ifnum !! 963 ret = checkintf(ps, ifnum);
>> 964 if (ret)
842 return ret; 965 return ret;
843 } 966 }
844 if ((uurb.endpoint & USB_ENDPOINT_DIR_ !! 967 if ((uurb->endpoint & USB_ENDPOINT_DIR_MASK) != 0) {
845 ep = ps->dev->ep_in [uurb.endp !! 968 is_in = 1;
846 else !! 969 ep = ps->dev->ep_in[uurb->endpoint & USB_ENDPOINT_NUMBER_MASK];
847 ep = ps->dev->ep_out [uurb.end !! 970 } else {
>> 971 is_in = 0;
>> 972 ep = ps->dev->ep_out[uurb->endpoint & USB_ENDPOINT_NUMBER_MASK];
>> 973 }
848 if (!ep) 974 if (!ep)
849 return -ENOENT; 975 return -ENOENT;
850 switch(uurb.type) { !! 976 switch(uurb->type) {
851 case USBDEVFS_URB_TYPE_CONTROL: 977 case USBDEVFS_URB_TYPE_CONTROL:
852 if ((ep->desc.bmAttributes & U !! 978 if (!usb_endpoint_xfer_control(&ep->desc))
853 != USB_ENDPOIN <<
854 return -EINVAL; 979 return -EINVAL;
855 /* min 8 byte setup packet, ma !! 980 /* min 8 byte setup packet,
856 if (uurb.buffer_length < 8 || !! 981 * max 8 byte setup plus an arbitrary data stage */
>> 982 if (uurb->buffer_length < 8 ||
>> 983 uurb->buffer_length > (8 + MAX_USBFS_BUFFER_SIZE))
857 return -EINVAL; 984 return -EINVAL;
858 if (!(dr = kmalloc(sizeof(stru !! 985 dr = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
>> 986 if (!dr)
859 return -ENOMEM; 987 return -ENOMEM;
860 if (copy_from_user(dr, uurb.bu !! 988 if (copy_from_user(dr, uurb->buffer, 8)) {
861 kfree(dr); 989 kfree(dr);
862 return -EFAULT; 990 return -EFAULT;
863 } 991 }
864 if (uurb.buffer_length < (le16 !! 992 if (uurb->buffer_length < (le16_to_cpup(&dr->wLength) + 8)) {
865 kfree(dr); 993 kfree(dr);
866 return -EINVAL; 994 return -EINVAL;
867 } 995 }
868 if ((ret = check_ctrlrecip(ps, !! 996 ret = check_ctrlrecip(ps, dr->bRequestType,
>> 997 le16_to_cpup(&dr->wIndex));
>> 998 if (ret) {
869 kfree(dr); 999 kfree(dr);
870 return ret; 1000 return ret;
871 } 1001 }
872 uurb.endpoint = (uurb.endpoint !! 1002 uurb->number_of_packets = 0;
873 uurb.number_of_packets = 0; !! 1003 uurb->buffer_length = le16_to_cpup(&dr->wLength);
874 uurb.buffer_length = le16_to_c !! 1004 uurb->buffer += 8;
875 uurb.buffer += 8; !! 1005 if ((dr->bRequestType & USB_DIR_IN) && uurb->buffer_length) {
876 if (!access_ok((uurb.endpoint !! 1006 is_in = 1;
>> 1007 uurb->endpoint |= USB_DIR_IN;
>> 1008 } else {
>> 1009 is_in = 0;
>> 1010 uurb->endpoint &= ~USB_DIR_IN;
>> 1011 }
>> 1012 if (!access_ok(is_in ? VERIFY_WRITE : VERIFY_READ,
>> 1013 uurb->buffer, uurb->buffer_length)) {
877 kfree(dr); 1014 kfree(dr);
878 return -EFAULT; 1015 return -EFAULT;
879 } 1016 }
>> 1017 snoop(&ps->dev->dev, "control urb: bRequest=%02x "
>> 1018 "bRrequestType=%02x wValue=%04x "
>> 1019 "wIndex=%04x wLength=%04x\n",
>> 1020 dr->bRequest, dr->bRequestType,
>> 1021 __le16_to_cpup(&dr->wValue),
>> 1022 __le16_to_cpup(&dr->wIndex),
>> 1023 __le16_to_cpup(&dr->wLength));
880 break; 1024 break;
881 1025
882 case USBDEVFS_URB_TYPE_BULK: 1026 case USBDEVFS_URB_TYPE_BULK:
883 switch (ep->desc.bmAttributes !! 1027 switch (usb_endpoint_type(&ep->desc)) {
884 case USB_ENDPOINT_XFER_CONTROL 1028 case USB_ENDPOINT_XFER_CONTROL:
885 case USB_ENDPOINT_XFER_ISOC: 1029 case USB_ENDPOINT_XFER_ISOC:
886 return -EINVAL; 1030 return -EINVAL;
887 /* allow single-shot interrupt 1031 /* allow single-shot interrupt transfers, at bogus rates */
888 } 1032 }
889 uurb.number_of_packets = 0; !! 1033 uurb->number_of_packets = 0;
890 if (uurb.buffer_length > MAX_U !! 1034 if (uurb->buffer_length > MAX_USBFS_BUFFER_SIZE)
891 return -EINVAL; 1035 return -EINVAL;
892 if (!access_ok((uurb.endpoint !! 1036 if (!access_ok(is_in ? VERIFY_WRITE : VERIFY_READ,
>> 1037 uurb->buffer, uurb->buffer_length))
893 return -EFAULT; 1038 return -EFAULT;
>> 1039 snoop(&ps->dev->dev, "bulk urb\n");
894 break; 1040 break;
895 1041
896 case USBDEVFS_URB_TYPE_ISO: 1042 case USBDEVFS_URB_TYPE_ISO:
897 /* arbitrary limit */ 1043 /* arbitrary limit */
898 if (uurb.number_of_packets < 1 !! 1044 if (uurb->number_of_packets < 1 ||
>> 1045 uurb->number_of_packets > 128)
899 return -EINVAL; 1046 return -EINVAL;
900 if ((ep->desc.bmAttributes & U !! 1047 if (!usb_endpoint_xfer_isoc(&ep->desc))
901 != USB_ENDPOIN <<
902 return -EINVAL; 1048 return -EINVAL;
903 interval = 1 << min (15, ep->d !! 1049 isofrmlen = sizeof(struct usbdevfs_iso_packet_desc) *
904 isofrmlen = sizeof(struct usbd !! 1050 uurb->number_of_packets;
905 if (!(isopkt = kmalloc(isofrml 1051 if (!(isopkt = kmalloc(isofrmlen, GFP_KERNEL)))
906 return -ENOMEM; 1052 return -ENOMEM;
907 if (copy_from_user(isopkt, &(( !! 1053 if (copy_from_user(isopkt, iso_frame_desc, isofrmlen)) {
908 kfree(isopkt); 1054 kfree(isopkt);
909 return -EFAULT; 1055 return -EFAULT;
910 } 1056 }
911 for (totlen = u = 0; u < uurb. !! 1057 for (totlen = u = 0; u < uurb->number_of_packets; u++) {
912 if (isopkt[u].length > !! 1058 /* arbitrary limit,
>> 1059 * sufficient for USB 2.0 high-bandwidth iso */
>> 1060 if (isopkt[u].length > 8192) {
913 kfree(isopkt); 1061 kfree(isopkt);
914 return -EINVAL 1062 return -EINVAL;
915 } 1063 }
916 totlen += isopkt[u].le 1064 totlen += isopkt[u].length;
917 } 1065 }
918 if (totlen > 32768) { 1066 if (totlen > 32768) {
919 kfree(isopkt); 1067 kfree(isopkt);
920 return -EINVAL; 1068 return -EINVAL;
921 } 1069 }
922 uurb.buffer_length = totlen; !! 1070 uurb->buffer_length = totlen;
>> 1071 snoop(&ps->dev->dev, "iso urb\n");
923 break; 1072 break;
924 1073
925 case USBDEVFS_URB_TYPE_INTERRUPT: 1074 case USBDEVFS_URB_TYPE_INTERRUPT:
926 uurb.number_of_packets = 0; !! 1075 uurb->number_of_packets = 0;
927 if ((ep->desc.bmAttributes & U !! 1076 if (!usb_endpoint_xfer_int(&ep->desc))
928 != USB_ENDPOIN <<
929 return -EINVAL; 1077 return -EINVAL;
930 if (ps->dev->speed == USB_SPEE !! 1078 if (uurb->buffer_length > MAX_USBFS_BUFFER_SIZE)
931 interval = 1 << min (1 <<
932 else <<
933 interval = ep->desc.bI <<
934 if (uurb.buffer_length > MAX_U <<
935 return -EINVAL; 1079 return -EINVAL;
936 if (!access_ok((uurb.endpoint !! 1080 if (!access_ok(is_in ? VERIFY_WRITE : VERIFY_READ,
>> 1081 uurb->buffer, uurb->buffer_length))
937 return -EFAULT; 1082 return -EFAULT;
>> 1083 snoop(&ps->dev->dev, "interrupt urb\n");
938 break; 1084 break;
939 1085
940 default: 1086 default:
941 return -EINVAL; 1087 return -EINVAL;
942 } 1088 }
943 if (!(as = alloc_async(uurb.number_of_ !! 1089 as = alloc_async(uurb->number_of_packets);
944 if (isopkt) !! 1090 if (!as) {
945 kfree(isopkt); !! 1091 kfree(isopkt);
946 if (dr) !! 1092 kfree(dr);
947 kfree(dr); <<
948 return -ENOMEM; 1093 return -ENOMEM;
949 } 1094 }
950 if (!(as->urb->transfer_buffer = kmall !! 1095 as->urb->transfer_buffer = kmalloc(uurb->buffer_length, GFP_KERNEL);
951 if (isopkt) !! 1096 if (!as->urb->transfer_buffer) {
952 kfree(isopkt); !! 1097 kfree(isopkt);
953 if (dr) !! 1098 kfree(dr);
954 kfree(dr); <<
955 free_async(as); 1099 free_async(as);
956 return -ENOMEM; 1100 return -ENOMEM;
957 } 1101 }
958 as->urb->dev = ps->dev; !! 1102 as->urb->dev = ps->dev;
959 as->urb->pipe = (uurb.type << 30) | __ !! 1103 as->urb->pipe = (uurb->type << 30) |
960 as->urb->transfer_flags = uurb.flags; !! 1104 __create_pipe(ps->dev, uurb->endpoint & 0xf) |
961 as->urb->transfer_buffer_length = uurb !! 1105 (uurb->endpoint & USB_DIR_IN);
962 as->urb->setup_packet = (unsigned char !! 1106 as->urb->transfer_flags = uurb->flags |
963 as->urb->start_frame = uurb.start_fram !! 1107 (is_in ? URB_DIR_IN : URB_DIR_OUT);
964 as->urb->number_of_packets = uurb.numb !! 1108 as->urb->transfer_buffer_length = uurb->buffer_length;
965 as->urb->interval = interval; !! 1109 as->urb->setup_packet = (unsigned char *)dr;
966 as->urb->context = as; !! 1110 as->urb->start_frame = uurb->start_frame;
967 as->urb->complete = async_completed; !! 1111 as->urb->number_of_packets = uurb->number_of_packets;
968 for (totlen = u = 0; u < uurb.number_o !! 1112 if (uurb->type == USBDEVFS_URB_TYPE_ISO ||
>> 1113 ps->dev->speed == USB_SPEED_HIGH)
>> 1114 as->urb->interval = 1 << min(15, ep->desc.bInterval - 1);
>> 1115 else
>> 1116 as->urb->interval = ep->desc.bInterval;
>> 1117 as->urb->context = as;
>> 1118 as->urb->complete = async_completed;
>> 1119 for (totlen = u = 0; u < uurb->number_of_packets; u++) {
969 as->urb->iso_frame_desc[u].off 1120 as->urb->iso_frame_desc[u].offset = totlen;
970 as->urb->iso_frame_desc[u].len 1121 as->urb->iso_frame_desc[u].length = isopkt[u].length;
971 totlen += isopkt[u].length; 1122 totlen += isopkt[u].length;
972 } 1123 }
973 if (isopkt) !! 1124 kfree(isopkt);
974 kfree(isopkt); <<
975 as->ps = ps; 1125 as->ps = ps;
976 as->userurb = arg; !! 1126 as->userurb = arg;
977 if (uurb.endpoint & USB_DIR_IN) !! 1127 if (uurb->endpoint & USB_DIR_IN)
978 as->userbuffer = uurb.buffer; !! 1128 as->userbuffer = uurb->buffer;
979 else 1129 else
980 as->userbuffer = NULL; 1130 as->userbuffer = NULL;
981 as->signr = uurb.signr; !! 1131 as->signr = uurb->signr;
982 as->ifnum = ifnum; 1132 as->ifnum = ifnum;
983 as->task = current; !! 1133 as->pid = get_pid(task_pid(current));
984 if (!(uurb.endpoint & USB_DIR_IN)) { !! 1134 as->uid = current->uid;
985 if (copy_from_user(as->urb->tr !! 1135 as->euid = current->euid;
>> 1136 security_task_getsecid(current, &as->secid);
>> 1137 if (!is_in) {
>> 1138 if (copy_from_user(as->urb->transfer_buffer, uurb->buffer,
>> 1139 as->urb->transfer_buffer_length)) {
986 free_async(as); 1140 free_async(as);
987 return -EFAULT; 1141 return -EFAULT;
988 } 1142 }
989 } 1143 }
990 async_newpending(as); !! 1144 snoop_urb(as->urb, as->userurb);
991 if ((ret = usb_submit_urb(as->urb, GFP !! 1145 async_newpending(as);
992 dev_printk(KERN_DEBUG, &ps->de !! 1146 if ((ret = usb_submit_urb(as->urb, GFP_KERNEL))) {
993 async_removepending(as); !! 1147 dev_printk(KERN_DEBUG, &ps->dev->dev,
994 free_async(as); !! 1148 "usbfs: usb_submit_urb returned %d\n", ret);
995 return ret; !! 1149 async_removepending(as);
996 } !! 1150 free_async(as);
997 return 0; !! 1151 return ret;
>> 1152 }
>> 1153 return 0;
>> 1154 }
>> 1155
>> 1156 static int proc_submiturb(struct dev_state *ps, void __user *arg)
>> 1157 {
>> 1158 struct usbdevfs_urb uurb;
>> 1159
>> 1160 if (copy_from_user(&uurb, arg, sizeof(uurb)))
>> 1161 return -EFAULT;
>> 1162
>> 1163 return proc_do_submiturb(ps, &uurb,
>> 1164 (((struct usbdevfs_urb __user *)arg)->iso_frame_desc),
>> 1165 arg);
998 } 1166 }
999 1167
1000 static int proc_unlinkurb(struct dev_state *p 1168 static int proc_unlinkurb(struct dev_state *ps, void __user *arg)
1001 { 1169 {
1002 struct async *as; 1170 struct async *as;
1003 1171
1004 as = async_getpending(ps, arg); 1172 as = async_getpending(ps, arg);
1005 if (!as) 1173 if (!as)
1006 return -EINVAL; 1174 return -EINVAL;
1007 usb_kill_urb(as->urb); 1175 usb_kill_urb(as->urb);
1008 return 0; 1176 return 0;
1009 } 1177 }
1010 1178
1011 static int processcompl(struct async *as) !! 1179 static int processcompl(struct async *as, void __user * __user *arg)
1012 { 1180 {
1013 struct urb *urb = as->urb; 1181 struct urb *urb = as->urb;
1014 struct usbdevfs_urb __user *userurb = 1182 struct usbdevfs_urb __user *userurb = as->userurb;
>> 1183 void __user *addr = as->userurb;
1015 unsigned int i; 1184 unsigned int i;
1016 1185
1017 if (as->userbuffer) 1186 if (as->userbuffer)
1018 if (copy_to_user(as->userbuff !! 1187 if (copy_to_user(as->userbuffer, urb->transfer_buffer,
>> 1188 urb->transfer_buffer_length))
1019 return -EFAULT; 1189 return -EFAULT;
1020 if (put_user(urb->status, &userurb->s !! 1190 if (put_user(as->status, &userurb->status))
1021 return -EFAULT; 1191 return -EFAULT;
1022 if (put_user(urb->actual_length, &use 1192 if (put_user(urb->actual_length, &userurb->actual_length))
1023 return -EFAULT; 1193 return -EFAULT;
1024 if (put_user(urb->error_count, &useru 1194 if (put_user(urb->error_count, &userurb->error_count))
1025 return -EFAULT; 1195 return -EFAULT;
1026 1196
1027 if (!(usb_pipeisoc(urb->pipe))) !! 1197 if (usb_endpoint_xfer_isoc(&urb->ep->desc)) {
1028 return 0; !! 1198 for (i = 0; i < urb->number_of_packets; i++) {
1029 for (i = 0; i < urb->number_of_packet !! 1199 if (put_user(urb->iso_frame_desc[i].actual_length,
1030 if (put_user(urb->iso_frame_d !! 1200 &userurb->iso_frame_desc[i].actual_length))
1031 &userurb->iso_fr !! 1201 return -EFAULT;
1032 return -EFAULT; !! 1202 if (put_user(urb->iso_frame_desc[i].status,
1033 if (put_user(urb->iso_frame_d !! 1203 &userurb->iso_frame_desc[i].status))
1034 &userurb->iso_fr !! 1204 return -EFAULT;
1035 return -EFAULT; !! 1205 }
1036 } 1206 }
>> 1207
>> 1208 free_async(as);
>> 1209
>> 1210 if (put_user(addr, (void __user * __user *)arg))
>> 1211 return -EFAULT;
1037 return 0; 1212 return 0;
1038 } 1213 }
1039 1214
1040 static int proc_reapurb(struct dev_state *ps, !! 1215 static struct async *reap_as(struct dev_state *ps)
1041 { 1216 {
1042 DECLARE_WAITQUEUE(wait, current); !! 1217 DECLARE_WAITQUEUE(wait, current);
1043 struct async *as = NULL; 1218 struct async *as = NULL;
1044 void __user *addr; <<
1045 struct usb_device *dev = ps->dev; 1219 struct usb_device *dev = ps->dev;
1046 int ret; <<
1047 1220
1048 add_wait_queue(&ps->wait, &wait); 1221 add_wait_queue(&ps->wait, &wait);
1049 for (;;) { 1222 for (;;) {
1050 __set_current_state(TASK_INTE 1223 __set_current_state(TASK_INTERRUPTIBLE);
1051 if ((as = async_getcompleted( !! 1224 as = async_getcompleted(ps);
>> 1225 if (as)
1052 break; 1226 break;
1053 if (signal_pending(current)) 1227 if (signal_pending(current))
1054 break; 1228 break;
1055 usb_unlock_device(dev); 1229 usb_unlock_device(dev);
1056 schedule(); 1230 schedule();
1057 usb_lock_device(dev); 1231 usb_lock_device(dev);
1058 } 1232 }
1059 remove_wait_queue(&ps->wait, &wait); 1233 remove_wait_queue(&ps->wait, &wait);
1060 set_current_state(TASK_RUNNING); 1234 set_current_state(TASK_RUNNING);
1061 if (as) { !! 1235 return as;
1062 ret = processcompl(as); !! 1236 }
1063 addr = as->userurb; !! 1237
1064 free_async(as); !! 1238 static int proc_reapurb(struct dev_state *ps, void __user *arg)
1065 if (ret) !! 1239 {
1066 return ret; !! 1240 struct async *as = reap_as(ps);
1067 if (put_user(addr, (void __us !! 1241 if (as)
1068 return -EFAULT; !! 1242 return processcompl(as, (void __user * __user *)arg);
1069 return 0; <<
1070 } <<
1071 if (signal_pending(current)) 1243 if (signal_pending(current))
1072 return -EINTR; 1244 return -EINTR;
1073 return -EIO; 1245 return -EIO;
1074 } 1246 }
1075 1247
1076 static int proc_reapurbnonblock(struct dev_st 1248 static int proc_reapurbnonblock(struct dev_state *ps, void __user *arg)
1077 { 1249 {
1078 struct async *as; 1250 struct async *as;
1079 void __user *addr; <<
1080 int ret; <<
1081 1251
1082 if (!(as = async_getcompleted(ps))) 1252 if (!(as = async_getcompleted(ps)))
1083 return -EAGAIN; 1253 return -EAGAIN;
1084 ret = processcompl(as); !! 1254 return processcompl(as, (void __user * __user *)arg);
1085 addr = as->userurb; !! 1255 }
>> 1256
>> 1257 #ifdef CONFIG_COMPAT
>> 1258
>> 1259 static int get_urb32(struct usbdevfs_urb *kurb,
>> 1260 struct usbdevfs_urb32 __user *uurb)
>> 1261 {
>> 1262 __u32 uptr;
>> 1263 if (get_user(kurb->type, &uurb->type) ||
>> 1264 __get_user(kurb->endpoint, &uurb->endpoint) ||
>> 1265 __get_user(kurb->status, &uurb->status) ||
>> 1266 __get_user(kurb->flags, &uurb->flags) ||
>> 1267 __get_user(kurb->buffer_length, &uurb->buffer_length) ||
>> 1268 __get_user(kurb->actual_length, &uurb->actual_length) ||
>> 1269 __get_user(kurb->start_frame, &uurb->start_frame) ||
>> 1270 __get_user(kurb->number_of_packets, &uurb->number_of_packets) ||
>> 1271 __get_user(kurb->error_count, &uurb->error_count) ||
>> 1272 __get_user(kurb->signr, &uurb->signr))
>> 1273 return -EFAULT;
>> 1274
>> 1275 if (__get_user(uptr, &uurb->buffer))
>> 1276 return -EFAULT;
>> 1277 kurb->buffer = compat_ptr(uptr);
>> 1278 if (__get_user(uptr, &uurb->buffer))
>> 1279 return -EFAULT;
>> 1280 kurb->usercontext = compat_ptr(uptr);
>> 1281
>> 1282 return 0;
>> 1283 }
>> 1284
>> 1285 static int proc_submiturb_compat(struct dev_state *ps, void __user *arg)
>> 1286 {
>> 1287 struct usbdevfs_urb uurb;
>> 1288
>> 1289 if (get_urb32(&uurb, (struct usbdevfs_urb32 __user *)arg))
>> 1290 return -EFAULT;
>> 1291
>> 1292 return proc_do_submiturb(ps, &uurb,
>> 1293 ((struct usbdevfs_urb32 __user *)arg)->iso_frame_desc,
>> 1294 arg);
>> 1295 }
>> 1296
>> 1297 static int processcompl_compat(struct async *as, void __user * __user *arg)
>> 1298 {
>> 1299 struct urb *urb = as->urb;
>> 1300 struct usbdevfs_urb32 __user *userurb = as->userurb;
>> 1301 void __user *addr = as->userurb;
>> 1302 unsigned int i;
>> 1303
>> 1304 if (as->userbuffer)
>> 1305 if (copy_to_user(as->userbuffer, urb->transfer_buffer,
>> 1306 urb->transfer_buffer_length))
>> 1307 return -EFAULT;
>> 1308 if (put_user(as->status, &userurb->status))
>> 1309 return -EFAULT;
>> 1310 if (put_user(urb->actual_length, &userurb->actual_length))
>> 1311 return -EFAULT;
>> 1312 if (put_user(urb->error_count, &userurb->error_count))
>> 1313 return -EFAULT;
>> 1314
>> 1315 if (usb_endpoint_xfer_isoc(&urb->ep->desc)) {
>> 1316 for (i = 0; i < urb->number_of_packets; i++) {
>> 1317 if (put_user(urb->iso_frame_desc[i].actual_length,
>> 1318 &userurb->iso_frame_desc[i].actual_length))
>> 1319 return -EFAULT;
>> 1320 if (put_user(urb->iso_frame_desc[i].status,
>> 1321 &userurb->iso_frame_desc[i].status))
>> 1322 return -EFAULT;
>> 1323 }
>> 1324 }
>> 1325
1086 free_async(as); 1326 free_async(as);
1087 if (ret) !! 1327 if (put_user(ptr_to_compat(addr), (u32 __user *)arg))
1088 return ret; <<
1089 if (put_user(addr, (void __user * __u <<
1090 return -EFAULT; 1328 return -EFAULT;
1091 return 0; 1329 return 0;
1092 } 1330 }
1093 1331
>> 1332 static int proc_reapurb_compat(struct dev_state *ps, void __user *arg)
>> 1333 {
>> 1334 struct async *as = reap_as(ps);
>> 1335 if (as)
>> 1336 return processcompl_compat(as, (void __user * __user *)arg);
>> 1337 if (signal_pending(current))
>> 1338 return -EINTR;
>> 1339 return -EIO;
>> 1340 }
>> 1341
>> 1342 static int proc_reapurbnonblock_compat(struct dev_state *ps, void __user *arg)
>> 1343 {
>> 1344 struct async *as;
>> 1345
>> 1346 if (!(as = async_getcompleted(ps)))
>> 1347 return -EAGAIN;
>> 1348 return processcompl_compat(as, (void __user * __user *)arg);
>> 1349 }
>> 1350
>> 1351 #endif
>> 1352
1094 static int proc_disconnectsignal(struct dev_s 1353 static int proc_disconnectsignal(struct dev_state *ps, void __user *arg)
1095 { 1354 {
1096 struct usbdevfs_disconnectsignal ds; 1355 struct usbdevfs_disconnectsignal ds;
1097 1356
1098 if (copy_from_user(&ds, arg, sizeof(d 1357 if (copy_from_user(&ds, arg, sizeof(ds)))
1099 return -EFAULT; 1358 return -EFAULT;
1100 if (ds.signr != 0 && (ds.signr < SIGR 1359 if (ds.signr != 0 && (ds.signr < SIGRTMIN || ds.signr > SIGRTMAX))
1101 return -EINVAL; 1360 return -EINVAL;
1102 ps->discsignr = ds.signr; 1361 ps->discsignr = ds.signr;
1103 ps->disccontext = ds.context; 1362 ps->disccontext = ds.context;
1104 return 0; 1363 return 0;
1105 } 1364 }
1106 1365
1107 static int proc_claiminterface(struct dev_sta 1366 static int proc_claiminterface(struct dev_state *ps, void __user *arg)
1108 { 1367 {
1109 unsigned int ifnum; 1368 unsigned int ifnum;
1110 1369
1111 if (get_user(ifnum, (unsigned int __u 1370 if (get_user(ifnum, (unsigned int __user *)arg))
1112 return -EFAULT; 1371 return -EFAULT;
1113 return claimintf(ps, ifnum); 1372 return claimintf(ps, ifnum);
1114 } 1373 }
1115 1374
1116 static int proc_releaseinterface(struct dev_s 1375 static int proc_releaseinterface(struct dev_state *ps, void __user *arg)
1117 { 1376 {
1118 unsigned int ifnum; 1377 unsigned int ifnum;
1119 int ret; 1378 int ret;
1120 1379
1121 if (get_user(ifnum, (unsigned int __u 1380 if (get_user(ifnum, (unsigned int __user *)arg))
1122 return -EFAULT; 1381 return -EFAULT;
1123 if ((ret = releaseintf(ps, ifnum)) < 1382 if ((ret = releaseintf(ps, ifnum)) < 0)
1124 return ret; 1383 return ret;
1125 destroy_async_on_interface (ps, ifnum 1384 destroy_async_on_interface (ps, ifnum);
1126 return 0; 1385 return 0;
1127 } 1386 }
1128 1387
1129 static int proc_ioctl (struct dev_state *ps, !! 1388 static int proc_ioctl(struct dev_state *ps, struct usbdevfs_ioctl *ctl)
1130 { 1389 {
1131 struct usbdevfs_ioctl ctrl; <<
1132 int size; 1390 int size;
1133 void *buf = NULL; 1391 void *buf = NULL;
1134 int retval = 0; 1392 int retval = 0;
1135 struct usb_interface *intf = NULL; 1393 struct usb_interface *intf = NULL;
1136 struct usb_driver *driver = NUL 1394 struct usb_driver *driver = NULL;
1137 int i; <<
1138 1395
1139 /* get input parameters and alloc buf !! 1396 /* alloc buffer */
1140 if (copy_from_user(&ctrl, arg, sizeof !! 1397 if ((size = _IOC_SIZE(ctl->ioctl_code)) > 0) {
1141 return -EFAULT; !! 1398 if ((buf = kmalloc(size, GFP_KERNEL)) == NULL)
1142 if ((size = _IOC_SIZE (ctrl.ioctl_cod <<
1143 if ((buf = kmalloc (size, GFP <<
1144 return -ENOMEM; 1399 return -ENOMEM;
1145 if ((_IOC_DIR(ctrl.ioctl_code !! 1400 if ((_IOC_DIR(ctl->ioctl_code) & _IOC_WRITE)) {
1146 if (copy_from_user (b !! 1401 if (copy_from_user(buf, ctl->data, size)) {
1147 kfree (buf); !! 1402 kfree(buf);
1148 return -EFAUL 1403 return -EFAULT;
1149 } 1404 }
1150 } else { 1405 } else {
1151 memset (buf, 0, size) !! 1406 memset(buf, 0, size);
1152 } 1407 }
1153 } 1408 }
1154 1409
1155 if (!connected(ps->dev)) { !! 1410 if (!connected(ps)) {
1156 if (buf) !! 1411 kfree(buf);
1157 kfree(buf); <<
1158 return -ENODEV; 1412 return -ENODEV;
1159 } 1413 }
1160 1414
1161 if (ps->dev->state != USB_STATE_CONFI 1415 if (ps->dev->state != USB_STATE_CONFIGURED)
1162 retval = -EHOSTUNREACH; 1416 retval = -EHOSTUNREACH;
1163 else if (!(intf = usb_ifnum_to_if (ps !! 1417 else if (!(intf = usb_ifnum_to_if(ps->dev, ctl->ifno)))
1164 retval = -EINVAL; !! 1418 retval = -EINVAL;
1165 else switch (ctrl.ioctl_code) { !! 1419 else switch (ctl->ioctl_code) {
1166 1420
1167 /* disconnect kernel driver from inte 1421 /* disconnect kernel driver from interface */
1168 case USBDEVFS_DISCONNECT: 1422 case USBDEVFS_DISCONNECT:
1169 <<
1170 /* don't allow the user to un <<
1171 * a hub with children to man <<
1172 for (i = 0; i < ps->dev->maxc <<
1173 if (ps->dev->children <<
1174 retval = -EBU <<
1175 } <<
1176 if (retval) <<
1177 break; <<
1178 <<
1179 down_write(&usb_bus_type.subs <<
1180 if (intf->dev.driver) { 1423 if (intf->dev.driver) {
1181 driver = to_usb_drive 1424 driver = to_usb_driver(intf->dev.driver);
1182 dev_dbg (&intf->dev, !! 1425 dev_dbg(&intf->dev, "disconnect by usbfs\n");
1183 usb_driver_release_in 1426 usb_driver_release_interface(driver, intf);
1184 } else 1427 } else
1185 retval = -ENODATA; 1428 retval = -ENODATA;
1186 up_write(&usb_bus_type.subsys <<
1187 break; 1429 break;
1188 1430
1189 /* let kernel drivers try to (re)bind 1431 /* let kernel drivers try to (re)bind to the interface */
1190 case USBDEVFS_CONNECT: 1432 case USBDEVFS_CONNECT:
1191 usb_unlock_device(ps->dev); !! 1433 if (!intf->dev.driver)
1192 usb_lock_all_devices(); !! 1434 retval = device_attach(&intf->dev);
1193 bus_rescan_devices(intf->dev. !! 1435 else
1194 usb_unlock_all_devices(); !! 1436 retval = -EBUSY;
1195 usb_lock_device(ps->dev); <<
1196 break; 1437 break;
1197 1438
1198 /* talk directly to the interface's d 1439 /* talk directly to the interface's driver */
1199 default: 1440 default:
1200 down_read(&usb_bus_type.subsy <<
1201 if (intf->dev.driver) 1441 if (intf->dev.driver)
1202 driver = to_usb_drive 1442 driver = to_usb_driver(intf->dev.driver);
1203 if (driver == NULL || driver- 1443 if (driver == NULL || driver->ioctl == NULL) {
1204 retval = -ENOTTY; 1444 retval = -ENOTTY;
1205 } else { 1445 } else {
1206 retval = driver->ioct !! 1446 retval = driver->ioctl(intf, ctl->ioctl_code, buf);
1207 if (retval == -ENOIOC 1447 if (retval == -ENOIOCTLCMD)
1208 retval = -ENO 1448 retval = -ENOTTY;
1209 } 1449 }
1210 up_read(&usb_bus_type.subsys. <<
1211 } 1450 }
1212 1451
1213 /* cleanup and return */ 1452 /* cleanup and return */
1214 if (retval >= 0 1453 if (retval >= 0
1215 && (_IOC_DIR (ctrl.io !! 1454 && (_IOC_DIR(ctl->ioctl_code) & _IOC_READ) != 0
1216 && size > 0 1455 && size > 0
1217 && copy_to_user (ctrl !! 1456 && copy_to_user(ctl->data, buf, size) != 0)
1218 retval = -EFAULT; 1457 retval = -EFAULT;
1219 if (buf != NULL) !! 1458
1220 kfree (buf); !! 1459 kfree(buf);
1221 return retval; 1460 return retval;
1222 } 1461 }
1223 1462
>> 1463 static int proc_ioctl_default(struct dev_state *ps, void __user *arg)
>> 1464 {
>> 1465 struct usbdevfs_ioctl ctrl;
>> 1466
>> 1467 if (copy_from_user(&ctrl, arg, sizeof(ctrl)))
>> 1468 return -EFAULT;
>> 1469 return proc_ioctl(ps, &ctrl);
>> 1470 }
>> 1471
>> 1472 #ifdef CONFIG_COMPAT
>> 1473 static int proc_ioctl_compat(struct dev_state *ps, compat_uptr_t arg)
>> 1474 {
>> 1475 struct usbdevfs_ioctl32 __user *uioc;
>> 1476 struct usbdevfs_ioctl ctrl;
>> 1477 u32 udata;
>> 1478
>> 1479 uioc = compat_ptr((long)arg);
>> 1480 if (get_user(ctrl.ifno, &uioc->ifno) ||
>> 1481 get_user(ctrl.ioctl_code, &uioc->ioctl_code) ||
>> 1482 __get_user(udata, &uioc->data))
>> 1483 return -EFAULT;
>> 1484 ctrl.data = compat_ptr(udata);
>> 1485
>> 1486 return proc_ioctl(ps, &ctrl);
>> 1487 }
>> 1488 #endif
>> 1489
1224 /* 1490 /*
1225 * NOTE: All requests here that have interfa 1491 * NOTE: All requests here that have interface numbers as parameters
1226 * are assuming that somehow the configuratio 1492 * are assuming that somehow the configuration has been prevented from
1227 * changing. But there's no mechanism to ens 1493 * changing. But there's no mechanism to ensure that...
1228 */ 1494 */
1229 static int usbdev_ioctl(struct inode *inode, !! 1495 static int usbdev_ioctl(struct inode *inode, struct file *file,
>> 1496 unsigned int cmd, unsigned long arg)
1230 { 1497 {
1231 struct dev_state *ps = (struct dev_st !! 1498 struct dev_state *ps = file->private_data;
1232 struct usb_device *dev = ps->dev; 1499 struct usb_device *dev = ps->dev;
1233 void __user *p = (void __user *)arg; 1500 void __user *p = (void __user *)arg;
1234 int ret = -ENOTTY; 1501 int ret = -ENOTTY;
1235 1502
1236 if (!(file->f_mode & FMODE_WRITE)) 1503 if (!(file->f_mode & FMODE_WRITE))
1237 return -EPERM; 1504 return -EPERM;
1238 usb_lock_device(dev); 1505 usb_lock_device(dev);
1239 if (!connected(dev)) { !! 1506 if (!connected(ps)) {
1240 usb_unlock_device(dev); 1507 usb_unlock_device(dev);
1241 return -ENODEV; 1508 return -ENODEV;
1242 } 1509 }
1243 1510
1244 switch (cmd) { 1511 switch (cmd) {
1245 case USBDEVFS_CONTROL: 1512 case USBDEVFS_CONTROL:
1246 snoop(&dev->dev, "%s: CONTROL 1513 snoop(&dev->dev, "%s: CONTROL\n", __FUNCTION__);
1247 ret = proc_control(ps, p); 1514 ret = proc_control(ps, p);
1248 if (ret >= 0) 1515 if (ret >= 0)
1249 inode->i_mtime = CURR 1516 inode->i_mtime = CURRENT_TIME;
1250 break; 1517 break;
1251 1518
1252 case USBDEVFS_BULK: 1519 case USBDEVFS_BULK:
1253 snoop(&dev->dev, "%s: BULK\n" 1520 snoop(&dev->dev, "%s: BULK\n", __FUNCTION__);
1254 ret = proc_bulk(ps, p); 1521 ret = proc_bulk(ps, p);
1255 if (ret >= 0) 1522 if (ret >= 0)
1256 inode->i_mtime = CURR 1523 inode->i_mtime = CURRENT_TIME;
1257 break; 1524 break;
1258 1525
1259 case USBDEVFS_RESETEP: 1526 case USBDEVFS_RESETEP:
1260 snoop(&dev->dev, "%s: RESETEP 1527 snoop(&dev->dev, "%s: RESETEP\n", __FUNCTION__);
1261 ret = proc_resetep(ps, p); 1528 ret = proc_resetep(ps, p);
1262 if (ret >= 0) 1529 if (ret >= 0)
1263 inode->i_mtime = CURR 1530 inode->i_mtime = CURRENT_TIME;
1264 break; 1531 break;
1265 1532
1266 case USBDEVFS_RESET: 1533 case USBDEVFS_RESET:
1267 snoop(&dev->dev, "%s: RESET\n 1534 snoop(&dev->dev, "%s: RESET\n", __FUNCTION__);
1268 ret = proc_resetdevice(ps); 1535 ret = proc_resetdevice(ps);
1269 break; 1536 break;
1270 1537
1271 case USBDEVFS_CLEAR_HALT: 1538 case USBDEVFS_CLEAR_HALT:
1272 snoop(&dev->dev, "%s: CLEAR_H 1539 snoop(&dev->dev, "%s: CLEAR_HALT\n", __FUNCTION__);
1273 ret = proc_clearhalt(ps, p); 1540 ret = proc_clearhalt(ps, p);
1274 if (ret >= 0) 1541 if (ret >= 0)
1275 inode->i_mtime = CURR 1542 inode->i_mtime = CURRENT_TIME;
1276 break; 1543 break;
1277 1544
1278 case USBDEVFS_GETDRIVER: 1545 case USBDEVFS_GETDRIVER:
1279 snoop(&dev->dev, "%s: GETDRIV 1546 snoop(&dev->dev, "%s: GETDRIVER\n", __FUNCTION__);
1280 ret = proc_getdriver(ps, p); 1547 ret = proc_getdriver(ps, p);
1281 break; 1548 break;
1282 1549
1283 case USBDEVFS_CONNECTINFO: 1550 case USBDEVFS_CONNECTINFO:
1284 snoop(&dev->dev, "%s: CONNECT 1551 snoop(&dev->dev, "%s: CONNECTINFO\n", __FUNCTION__);
1285 ret = proc_connectinfo(ps, p) 1552 ret = proc_connectinfo(ps, p);
1286 break; 1553 break;
1287 1554
1288 case USBDEVFS_SETINTERFACE: 1555 case USBDEVFS_SETINTERFACE:
1289 snoop(&dev->dev, "%s: SETINTE 1556 snoop(&dev->dev, "%s: SETINTERFACE\n", __FUNCTION__);
1290 ret = proc_setintf(ps, p); 1557 ret = proc_setintf(ps, p);
1291 break; 1558 break;
1292 1559
1293 case USBDEVFS_SETCONFIGURATION: 1560 case USBDEVFS_SETCONFIGURATION:
1294 snoop(&dev->dev, "%s: SETCONF 1561 snoop(&dev->dev, "%s: SETCONFIGURATION\n", __FUNCTION__);
1295 ret = proc_setconfig(ps, p); 1562 ret = proc_setconfig(ps, p);
1296 break; 1563 break;
1297 1564
1298 case USBDEVFS_SUBMITURB: 1565 case USBDEVFS_SUBMITURB:
1299 snoop(&dev->dev, "%s: SUBMITU 1566 snoop(&dev->dev, "%s: SUBMITURB\n", __FUNCTION__);
1300 ret = proc_submiturb(ps, p); 1567 ret = proc_submiturb(ps, p);
1301 if (ret >= 0) 1568 if (ret >= 0)
1302 inode->i_mtime = CURR 1569 inode->i_mtime = CURRENT_TIME;
1303 break; 1570 break;
1304 1571
>> 1572 #ifdef CONFIG_COMPAT
>> 1573
>> 1574 case USBDEVFS_SUBMITURB32:
>> 1575 snoop(&dev->dev, "%s: SUBMITURB32\n", __FUNCTION__);
>> 1576 ret = proc_submiturb_compat(ps, p);
>> 1577 if (ret >= 0)
>> 1578 inode->i_mtime = CURRENT_TIME;
>> 1579 break;
>> 1580
>> 1581 case USBDEVFS_REAPURB32:
>> 1582 snoop(&dev->dev, "%s: REAPURB32\n", __FUNCTION__);
>> 1583 ret = proc_reapurb_compat(ps, p);
>> 1584 break;
>> 1585
>> 1586 case USBDEVFS_REAPURBNDELAY32:
>> 1587 snoop(&dev->dev, "%s: REAPURBDELAY32\n", __FUNCTION__);
>> 1588 ret = proc_reapurbnonblock_compat(ps, p);
>> 1589 break;
>> 1590
>> 1591 case USBDEVFS_IOCTL32:
>> 1592 snoop(&dev->dev, "%s: IOCTL\n", __FUNCTION__);
>> 1593 ret = proc_ioctl_compat(ps, ptr_to_compat(p));
>> 1594 break;
>> 1595 #endif
>> 1596
1305 case USBDEVFS_DISCARDURB: 1597 case USBDEVFS_DISCARDURB:
1306 snoop(&dev->dev, "%s: DISCARD 1598 snoop(&dev->dev, "%s: DISCARDURB\n", __FUNCTION__);
1307 ret = proc_unlinkurb(ps, p); 1599 ret = proc_unlinkurb(ps, p);
1308 break; 1600 break;
1309 1601
1310 case USBDEVFS_REAPURB: 1602 case USBDEVFS_REAPURB:
1311 snoop(&dev->dev, "%s: REAPURB 1603 snoop(&dev->dev, "%s: REAPURB\n", __FUNCTION__);
1312 ret = proc_reapurb(ps, p); 1604 ret = proc_reapurb(ps, p);
1313 break; 1605 break;
1314 1606
1315 case USBDEVFS_REAPURBNDELAY: 1607 case USBDEVFS_REAPURBNDELAY:
1316 snoop(&dev->dev, "%s: REAPURB 1608 snoop(&dev->dev, "%s: REAPURBDELAY\n", __FUNCTION__);
1317 ret = proc_reapurbnonblock(ps 1609 ret = proc_reapurbnonblock(ps, p);
1318 break; 1610 break;
1319 1611
1320 case USBDEVFS_DISCSIGNAL: 1612 case USBDEVFS_DISCSIGNAL:
1321 snoop(&dev->dev, "%s: DISCSIG 1613 snoop(&dev->dev, "%s: DISCSIGNAL\n", __FUNCTION__);
1322 ret = proc_disconnectsignal(p 1614 ret = proc_disconnectsignal(ps, p);
1323 break; 1615 break;
1324 1616
1325 case USBDEVFS_CLAIMINTERFACE: 1617 case USBDEVFS_CLAIMINTERFACE:
1326 snoop(&dev->dev, "%s: CLAIMIN 1618 snoop(&dev->dev, "%s: CLAIMINTERFACE\n", __FUNCTION__);
1327 ret = proc_claiminterface(ps, 1619 ret = proc_claiminterface(ps, p);
1328 break; 1620 break;
1329 1621
1330 case USBDEVFS_RELEASEINTERFACE: 1622 case USBDEVFS_RELEASEINTERFACE:
1331 snoop(&dev->dev, "%s: RELEASE 1623 snoop(&dev->dev, "%s: RELEASEINTERFACE\n", __FUNCTION__);
1332 ret = proc_releaseinterface(p 1624 ret = proc_releaseinterface(ps, p);
1333 break; 1625 break;
1334 1626
1335 case USBDEVFS_IOCTL: 1627 case USBDEVFS_IOCTL:
1336 snoop(&dev->dev, "%s: IOCTL\n 1628 snoop(&dev->dev, "%s: IOCTL\n", __FUNCTION__);
1337 ret = proc_ioctl(ps, p); !! 1629 ret = proc_ioctl_default(ps, p);
1338 break; 1630 break;
1339 } 1631 }
1340 usb_unlock_device(dev); 1632 usb_unlock_device(dev);
1341 if (ret >= 0) 1633 if (ret >= 0)
1342 inode->i_atime = CURRENT_TIME 1634 inode->i_atime = CURRENT_TIME;
1343 return ret; 1635 return ret;
1344 } 1636 }
1345 1637
1346 /* No kernel lock - fine */ 1638 /* No kernel lock - fine */
1347 static unsigned int usbdev_poll(struct file * !! 1639 static unsigned int usbdev_poll(struct file *file,
>> 1640 struct poll_table_struct *wait)
1348 { 1641 {
1349 struct dev_state *ps = (struct dev_st !! 1642 struct dev_state *ps = file->private_data;
1350 unsigned int mask = 0; !! 1643 unsigned int mask = 0;
1351 1644
1352 poll_wait(file, &ps->wait, wait); 1645 poll_wait(file, &ps->wait, wait);
1353 if (file->f_mode & FMODE_WRITE && !li 1646 if (file->f_mode & FMODE_WRITE && !list_empty(&ps->async_completed))
1354 mask |= POLLOUT | POLLWRNORM; 1647 mask |= POLLOUT | POLLWRNORM;
1355 if (!connected(ps->dev)) !! 1648 if (!connected(ps))
1356 mask |= POLLERR | POLLHUP; 1649 mask |= POLLERR | POLLHUP;
1357 return mask; 1650 return mask;
1358 } 1651 }
1359 1652
1360 struct file_operations usbfs_device_file_oper !! 1653 const struct file_operations usbdev_file_operations = {
>> 1654 .owner = THIS_MODULE,
1361 .llseek = usbdev_lseek, 1655 .llseek = usbdev_lseek,
1362 .read = usbdev_read, 1656 .read = usbdev_read,
1363 .poll = usbdev_poll, 1657 .poll = usbdev_poll,
1364 .ioctl = usbdev_ioctl, 1658 .ioctl = usbdev_ioctl,
1365 .open = usbdev_open, 1659 .open = usbdev_open,
1366 .release = usbdev_release, 1660 .release = usbdev_release,
1367 }; 1661 };
>> 1662
>> 1663 #ifdef CONFIG_USB_DEVICE_CLASS
>> 1664 static struct class *usb_classdev_class;
>> 1665
>> 1666 static int usb_classdev_add(struct usb_device *dev)
>> 1667 {
>> 1668 int minor = ((dev->bus->busnum-1) * 128) + (dev->devnum-1);
>> 1669
>> 1670 dev->usb_classdev = device_create(usb_classdev_class, &dev->dev,
>> 1671 MKDEV(USB_DEVICE_MAJOR, minor),
>> 1672 "usbdev%d.%d", dev->bus->busnum, dev->devnum);
>> 1673 if (IS_ERR(dev->usb_classdev))
>> 1674 return PTR_ERR(dev->usb_classdev);
>> 1675
>> 1676 return 0;
>> 1677 }
>> 1678
>> 1679 static void usb_classdev_remove(struct usb_device *dev)
>> 1680 {
>> 1681 device_unregister(dev->usb_classdev);
>> 1682 }
>> 1683
>> 1684 static int usb_classdev_notify(struct notifier_block *self,
>> 1685 unsigned long action, void *dev)
>> 1686 {
>> 1687 switch (action) {
>> 1688 case USB_DEVICE_ADD:
>> 1689 if (usb_classdev_add(dev))
>> 1690 return NOTIFY_BAD;
>> 1691 break;
>> 1692 case USB_DEVICE_REMOVE:
>> 1693 usb_classdev_remove(dev);
>> 1694 break;
>> 1695 }
>> 1696 return NOTIFY_OK;
>> 1697 }
>> 1698
>> 1699 static struct notifier_block usbdev_nb = {
>> 1700 .notifier_call = usb_classdev_notify,
>> 1701 };
>> 1702 #endif
>> 1703
>> 1704 static struct cdev usb_device_cdev;
>> 1705
>> 1706 int __init usb_devio_init(void)
>> 1707 {
>> 1708 int retval;
>> 1709
>> 1710 retval = register_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX,
>> 1711 "usb_device");
>> 1712 if (retval) {
>> 1713 err("unable to register minors for usb_device");
>> 1714 goto out;
>> 1715 }
>> 1716 cdev_init(&usb_device_cdev, &usbdev_file_operations);
>> 1717 retval = cdev_add(&usb_device_cdev, USB_DEVICE_DEV, USB_DEVICE_MAX);
>> 1718 if (retval) {
>> 1719 err("unable to get usb_device major %d", USB_DEVICE_MAJOR);
>> 1720 goto error_cdev;
>> 1721 }
>> 1722 #ifdef CONFIG_USB_DEVICE_CLASS
>> 1723 usb_classdev_class = class_create(THIS_MODULE, "usb_device");
>> 1724 if (IS_ERR(usb_classdev_class)) {
>> 1725 err("unable to register usb_device class");
>> 1726 retval = PTR_ERR(usb_classdev_class);
>> 1727 cdev_del(&usb_device_cdev);
>> 1728 usb_classdev_class = NULL;
>> 1729 goto out;
>> 1730 }
>> 1731
>> 1732 usb_register_notify(&usbdev_nb);
>> 1733 #endif
>> 1734 out:
>> 1735 return retval;
>> 1736
>> 1737 error_cdev:
>> 1738 unregister_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX);
>> 1739 goto out;
>> 1740 }
>> 1741
>> 1742 void usb_devio_cleanup(void)
>> 1743 {
>> 1744 #ifdef CONFIG_USB_DEVICE_CLASS
>> 1745 usb_unregister_notify(&usbdev_nb);
>> 1746 class_destroy(usb_classdev_class);
>> 1747 #endif
>> 1748 cdev_del(&usb_device_cdev);
>> 1749 unregister_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX);
>> 1750 }
1368 1751
| This page was automatically generated by the LXR engine. |