search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update libata drive blacklist to the latest from 2.6.21
[linux/fpc-iii.git] / drivers / usb / core / devio.c
blob4b3a6ab29bd3e1a522b5051136627ff4813f3842
1 /*****************************************************************************/
2
3 /*
4 * devio.c -- User space communication with USB devices.
5 *
6 * Copyright (C) 1999-2000 Thomas Sailer (sailer@ife.ee.ethz.ch)
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 *
22 * $Id: devio.c,v 1.7 2000/02/01 17:28:48 fliegl Exp $
23 *
24 * This file implements the usbfs/x/y files, where
25 * x is the bus number and y the device number.
26 *
27 * It allows user space programs/"drivers" to communicate directly
28 * with USB devices without intervening kernel driver.
29 *
30 * Revision history
31 * 22.12.1999 0.1 Initial release (split from proc_usb.c)
32 * 04.01.2000 0.2 Turned into its own filesystem
33 * 30.09.2005 0.3 Fix user-triggerable oops in async URB delivery
34 * (CAN-2005-3055)
35 */
36
37 /*****************************************************************************/
38
39 #include <linux/fs.h>
40 #include <linux/mm.h>
41 #include <linux/slab.h>
42 #include <linux/smp_lock.h>
43 #include <linux/signal.h>
44 #include <linux/poll.h>
45 #include <linux/module.h>
46 #include <linux/usb.h>
47 #include <linux/usbdevice_fs.h>
48 #include <linux/cdev.h>
49 #include <linux/notifier.h>
50 #include <linux/security.h>
51 #include <asm/uaccess.h>
52 #include <asm/byteorder.h>
53 #include <linux/moduleparam.h>
54
55 #include "hcd.h" /* for usbcore internals */
56 #include "usb.h"
57
58 #define USB_MAXBUS 64
59 #define USB_DEVICE_MAX USB_MAXBUS * 128
60 static struct class *usb_device_class;
61
62 /* Mutual exclusion for removal, open, and release */
63 DEFINE_MUTEX(usbfs_mutex);
64
65 struct async {
66 struct list_head asynclist;
67 struct dev_state *ps;
68 struct pid *pid;
69 uid_t uid, euid;
70 unsigned int signr;
71 unsigned int ifnum;
72 void __user *userbuffer;
73 void __user *userurb;
74 struct urb *urb;
75 u32 secid;
76 };
77
78 static int usbfs_snoop = 0;
79 module_param (usbfs_snoop, bool, S_IRUGO | S_IWUSR);
80 MODULE_PARM_DESC (usbfs_snoop, "true to log all usbfs traffic");
81
82 #define snoop(dev, format, arg...) \
83 do { \
84 if (usbfs_snoop) \
85 dev_info( dev , format , ## arg); \
86 } while (0)
87
88 #define USB_DEVICE_DEV MKDEV(USB_DEVICE_MAJOR, 0)
89
90
91 #define MAX_USBFS_BUFFER_SIZE 16384
92
93 static inline int connected (struct dev_state *ps)
94 {
95 return (!list_empty(&ps->list) &&
96 ps->dev->state != USB_STATE_NOTATTACHED);
97 }
98
99 static loff_t usbdev_lseek(struct file *file, loff_t offset, int orig)
100 {
101 loff_t ret;
102
103 lock_kernel();
104
105 switch (orig) {
106 case 0:
107 file->f_pos = offset;
108 ret = file->f_pos;
109 break;
110 case 1:
111 file->f_pos += offset;
112 ret = file->f_pos;
113 break;
114 case 2:
115 default:
116 ret = -EINVAL;
117 }
118
119 unlock_kernel();
120 return ret;
121 }
122
123 static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos)
124 {
125 struct dev_state *ps = file->private_data;
126 struct usb_device *dev = ps->dev;
127 ssize_t ret = 0;
128 unsigned len;
129 loff_t pos;
130 int i;
131
132 pos = *ppos;
133 usb_lock_device(dev);
134 if (!connected(ps)) {
135 ret = -ENODEV;
136 goto err;
137 } else if (pos < 0) {
138 ret = -EINVAL;
139 goto err;
140 }
141
142 if (pos < sizeof(struct usb_device_descriptor)) {
143 struct usb_device_descriptor temp_desc ; /* 18 bytes - fits on the stack */
144
145 memcpy(&temp_desc, &dev->descriptor, sizeof(dev->descriptor));
146 le16_to_cpus(&temp_desc.bcdUSB);
147 le16_to_cpus(&temp_desc.idVendor);
148 le16_to_cpus(&temp_desc.idProduct);
149 le16_to_cpus(&temp_desc.bcdDevice);
150
151 len = sizeof(struct usb_device_descriptor) - pos;
152 if (len > nbytes)
153 len = nbytes;
154 if (copy_to_user(buf, ((char *)&temp_desc) + pos, len)) {
155 ret = -EFAULT;
156 goto err;
157 }
158
159 *ppos += len;
160 buf += len;
161 nbytes -= len;
162 ret += len;
163 }
164
165 pos = sizeof(struct usb_device_descriptor);
166 for (i = 0; nbytes && i < dev->descriptor.bNumConfigurations; i++) {
167 struct usb_config_descriptor *config =
168 (struct usb_config_descriptor *)dev->rawdescriptors[i];
169 unsigned int length = le16_to_cpu(config->wTotalLength);
170
171 if (*ppos < pos + length) {
172
173 /* The descriptor may claim to be longer than it
174 * really is. Here is the actual allocated length. */
175 unsigned alloclen =
176 le16_to_cpu(dev->config[i].desc.wTotalLength);
177
178 len = length - (*ppos - pos);
179 if (len > nbytes)
180 len = nbytes;
181
182 /* Simply don't write (skip over) unallocated parts */
183 if (alloclen > (*ppos - pos)) {
184 alloclen -= (*ppos - pos);
185 if (copy_to_user(buf,
186 dev->rawdescriptors[i] + (*ppos - pos),
187 min(len, alloclen))) {
188 ret = -EFAULT;
189 goto err;
190 }
191 }
192
193 *ppos += len;
194 buf += len;
195 nbytes -= len;
196 ret += len;
197 }
198
199 pos += length;
200 }
201
202 err:
203 usb_unlock_device(dev);
204 return ret;
205 }
206
207 /*
208 * async list handling
209 */
210
211 static struct async *alloc_async(unsigned int numisoframes)
212 {
213 unsigned int assize = sizeof(struct async) + numisoframes * sizeof(struct usb_iso_packet_descriptor);
214 struct async *as = kzalloc(assize, GFP_KERNEL);
215
216 if (!as)
217 return NULL;
218 as->urb = usb_alloc_urb(numisoframes, GFP_KERNEL);
219 if (!as->urb) {
220 kfree(as);
221 return NULL;
222 }
223 return as;
224 }
225
226 static void free_async(struct async *as)
227 {
228 put_pid(as->pid);
229 kfree(as->urb->transfer_buffer);
230 kfree(as->urb->setup_packet);
231 usb_free_urb(as->urb);
232 kfree(as);
233 }
234
235 static inline void async_newpending(struct async *as)
236 {
237 struct dev_state *ps = as->ps;
238 unsigned long flags;
239
240 spin_lock_irqsave(&ps->lock, flags);
241 list_add_tail(&as->asynclist, &ps->async_pending);
242 spin_unlock_irqrestore(&ps->lock, flags);
243 }
244
245 static inline void async_removepending(struct async *as)
246 {
247 struct dev_state *ps = as->ps;
248 unsigned long flags;
249
250 spin_lock_irqsave(&ps->lock, flags);
251 list_del_init(&as->asynclist);
252 spin_unlock_irqrestore(&ps->lock, flags);
253 }
254
255 static inline struct async *async_getcompleted(struct dev_state *ps)
256 {
257 unsigned long flags;
258 struct async *as = NULL;
259
260 spin_lock_irqsave(&ps->lock, flags);
261 if (!list_empty(&ps->async_completed)) {
262 as = list_entry(ps->async_completed.next, struct async, asynclist);
263 list_del_init(&as->asynclist);
264 }
265 spin_unlock_irqrestore(&ps->lock, flags);
266 return as;
267 }
268
269 static inline struct async *async_getpending(struct dev_state *ps, void __user *userurb)
270 {
271 unsigned long flags;
272 struct async *as;
273
274 spin_lock_irqsave(&ps->lock, flags);
275 list_for_each_entry(as, &ps->async_pending, asynclist)
276 if (as->userurb == userurb) {
277 list_del_init(&as->asynclist);
278 spin_unlock_irqrestore(&ps->lock, flags);
279 return as;
280 }
281 spin_unlock_irqrestore(&ps->lock, flags);
282 return NULL;
283 }
284
285 static void snoop_urb(struct urb *urb, void __user *userurb)
286 {
287 int j;
288 unsigned char *data = urb->transfer_buffer;
289
290 if (!usbfs_snoop)
291 return;
292
293 if (urb->pipe & USB_DIR_IN)
294 dev_info(&urb->dev->dev, "direction=IN\n");
295 else
296 dev_info(&urb->dev->dev, "direction=OUT\n");
297 dev_info(&urb->dev->dev, "userurb=%p\n", userurb);
298 dev_info(&urb->dev->dev, "transfer_buffer_length=%d\n",
299 urb->transfer_buffer_length);
300 dev_info(&urb->dev->dev, "actual_length=%d\n", urb->actual_length);
301 dev_info(&urb->dev->dev, "data: ");
302 for (j = 0; j < urb->transfer_buffer_length; ++j)
303 printk ("%02x ", data[j]);
304 printk("\n");
305 }
306
307 static void async_completed(struct urb *urb)
308 {
309 struct async *as = urb->context;
310 struct dev_state *ps = as->ps;
311 struct siginfo sinfo;
312
313 spin_lock(&ps->lock);
314 list_move_tail(&as->asynclist, &ps->async_completed);
315 spin_unlock(&ps->lock);
316 if (as->signr) {
317 sinfo.si_signo = as->signr;
318 sinfo.si_errno = as->urb->status;
319 sinfo.si_code = SI_ASYNCIO;
320 sinfo.si_addr = as->userurb;
321 kill_pid_info_as_uid(as->signr, &sinfo, as->pid, as->uid,
322 as->euid, as->secid);
323 }
324 snoop(&urb->dev->dev, "urb complete\n");
325 snoop_urb(urb, as->userurb);
326 wake_up(&ps->wait);
327 }
328
329 static void destroy_async (struct dev_state *ps, struct list_head *list)
330 {
331 struct async *as;
332 unsigned long flags;
333
334 spin_lock_irqsave(&ps->lock, flags);
335 while (!list_empty(list)) {
336 as = list_entry(list->next, struct async, asynclist);
337 list_del_init(&as->asynclist);
338
339 /* drop the spinlock so the completion handler can run */
340 spin_unlock_irqrestore(&ps->lock, flags);
341 usb_kill_urb(as->urb);
342 spin_lock_irqsave(&ps->lock, flags);
343 }
344 spin_unlock_irqrestore(&ps->lock, flags);
345 as = async_getcompleted(ps);
346 while (as) {
347 free_async(as);
348 as = async_getcompleted(ps);
349 }
350 }
351
352 static void destroy_async_on_interface (struct dev_state *ps, unsigned int ifnum)
353 {
354 struct list_head *p, *q, hitlist;
355 unsigned long flags;
356
357 INIT_LIST_HEAD(&hitlist);
358 spin_lock_irqsave(&ps->lock, flags);
359 list_for_each_safe(p, q, &ps->async_pending)
360 if (ifnum == list_entry(p, struct async, asynclist)->ifnum)
361 list_move_tail(p, &hitlist);
362 spin_unlock_irqrestore(&ps->lock, flags);
363 destroy_async(ps, &hitlist);
364 }
365
366 static inline void destroy_all_async(struct dev_state *ps)
367 {
368 destroy_async(ps, &ps->async_pending);
369 }
370
371 /*
372 * interface claims are made only at the request of user level code,
373 * which can also release them (explicitly or by closing files).
374 * they're also undone when devices disconnect.
375 */
376
377 static int driver_probe (struct usb_interface *intf,
378 const struct usb_device_id *id)
379 {
380 return -ENODEV;
381 }
382
383 static void driver_disconnect(struct usb_interface *intf)
384 {
385 struct dev_state *ps = usb_get_intfdata (intf);
386 unsigned int ifnum = intf->altsetting->desc.bInterfaceNumber;
387
388 if (!ps)
389 return;
390
391 /* NOTE: this relies on usbcore having canceled and completed
392 * all pending I/O requests; 2.6 does that.
393 */
394
395 if (likely(ifnum < 8*sizeof(ps->ifclaimed)))
396 clear_bit(ifnum, &ps->ifclaimed);
397 else
398 warn("interface number %u out of range", ifnum);
399
400 usb_set_intfdata (intf, NULL);
401
402 /* force async requests to complete */
403 destroy_async_on_interface(ps, ifnum);
404 }
405
406 struct usb_driver usbfs_driver = {
407 .name = "usbfs",
408 .probe = driver_probe,
409 .disconnect = driver_disconnect,
410 };
411
412 static int claimintf(struct dev_state *ps, unsigned int ifnum)
413 {
414 struct usb_device *dev = ps->dev;
415 struct usb_interface *intf;
416 int err;
417
418 if (ifnum >= 8*sizeof(ps->ifclaimed))
419 return -EINVAL;
420 /* already claimed */
421 if (test_bit(ifnum, &ps->ifclaimed))
422 return 0;
423
424 /* lock against other changes to driver bindings */
425 down_write(&usb_bus_type.subsys.rwsem);
426 intf = usb_ifnum_to_if(dev, ifnum);
427 if (!intf)
428 err = -ENOENT;
429 else
430 err = usb_driver_claim_interface(&usbfs_driver, intf, ps);
431 up_write(&usb_bus_type.subsys.rwsem);
432 if (err == 0)
433 set_bit(ifnum, &ps->ifclaimed);
434 return err;
435 }
436
437 static int releaseintf(struct dev_state *ps, unsigned int ifnum)
438 {
439 struct usb_device *dev;
440 struct usb_interface *intf;
441 int err;
442
443 err = -EINVAL;
444 if (ifnum >= 8*sizeof(ps->ifclaimed))
445 return err;
446 dev = ps->dev;
447 /* lock against other changes to driver bindings */
448 down_write(&usb_bus_type.subsys.rwsem);
449 intf = usb_ifnum_to_if(dev, ifnum);
450 if (!intf)
451 err = -ENOENT;
452 else if (test_and_clear_bit(ifnum, &ps->ifclaimed)) {
453 usb_driver_release_interface(&usbfs_driver, intf);
454 err = 0;
455 }
456 up_write(&usb_bus_type.subsys.rwsem);
457 return err;
458 }
459
460 static int checkintf(struct dev_state *ps, unsigned int ifnum)
461 {
462 if (ps->dev->state != USB_STATE_CONFIGURED)
463 return -EHOSTUNREACH;
464 if (ifnum >= 8*sizeof(ps->ifclaimed))
465 return -EINVAL;
466 if (test_bit(ifnum, &ps->ifclaimed))
467 return 0;
468 /* if not yet claimed, claim it for the driver */
469 dev_warn(&ps->dev->dev, "usbfs: process %d (%s) did not claim interface %u before use\n",
470 current->pid, current->comm, ifnum);
471 return claimintf(ps, ifnum);
472 }
473
474 static int findintfep(struct usb_device *dev, unsigned int ep)
475 {
476 unsigned int i, j, e;
477 struct usb_interface *intf;
478 struct usb_host_interface *alts;
479 struct usb_endpoint_descriptor *endpt;
480
481 if (ep & ~(USB_DIR_IN|0xf))
482 return -EINVAL;
483 if (!dev->actconfig)
484 return -ESRCH;
485 for (i = 0; i < dev->actconfig->desc.bNumInterfaces; i++) {
486 intf = dev->actconfig->interface[i];
487 for (j = 0; j < intf->num_altsetting; j++) {
488 alts = &intf->altsetting[j];
489 for (e = 0; e < alts->desc.bNumEndpoints; e++) {
490 endpt = &alts->endpoint[e].desc;
491 if (endpt->bEndpointAddress == ep)
492 return alts->desc.bInterfaceNumber;
493 }
494 }
495 }
496 return -ENOENT;
497 }
498
499 static int check_ctrlrecip(struct dev_state *ps, unsigned int requesttype, unsigned int index)
500 {
501 int ret = 0;
502
503 if (ps->dev->state != USB_STATE_ADDRESS
504 && ps->dev->state != USB_STATE_CONFIGURED)
505 return -EHOSTUNREACH;
506 if (USB_TYPE_VENDOR == (USB_TYPE_MASK & requesttype))
507 return 0;
508
509 index &= 0xff;
510 switch (requesttype & USB_RECIP_MASK) {
511 case USB_RECIP_ENDPOINT:
512 if ((ret = findintfep(ps->dev, index)) >= 0)
513 ret = checkintf(ps, ret);
514 break;
515
516 case USB_RECIP_INTERFACE:
517 ret = checkintf(ps, index);
518 break;
519 }
520 return ret;
521 }
522
523 static struct usb_device *usbdev_lookup_minor(int minor)
524 {
525 struct class_device *class_dev;
526 struct usb_device *dev = NULL;
527
528 down(&usb_device_class->sem);
529 list_for_each_entry(class_dev, &usb_device_class->children, node) {
530 if (class_dev->devt == MKDEV(USB_DEVICE_MAJOR, minor)) {
531 dev = class_dev->class_data;
532 break;
533 }
534 }
535 up(&usb_device_class->sem);
536
537 return dev;
538 };
539
540 /*
541 * file operations
542 */
543 static int usbdev_open(struct inode *inode, struct file *file)
544 {
545 struct usb_device *dev = NULL;
546 struct dev_state *ps;
547 int ret;
548
549 /* Protect against simultaneous removal or release */
550 mutex_lock(&usbfs_mutex);
551
552 ret = -ENOMEM;
553 if (!(ps = kmalloc(sizeof(struct dev_state), GFP_KERNEL)))
554 goto out;
555
556 ret = -ENOENT;
557 /* check if we are called from a real node or usbfs */
558 if (imajor(inode) == USB_DEVICE_MAJOR)
559 dev = usbdev_lookup_minor(iminor(inode));
560 if (!dev)
561 dev = inode->i_private;
562 if (!dev)
563 goto out;
564 ret = usb_autoresume_device(dev);
565 if (ret)
566 goto out;
567
568 usb_get_dev(dev);
569 ret = 0;
570 ps->dev = dev;
571 ps->file = file;
572 spin_lock_init(&ps->lock);
573 INIT_LIST_HEAD(&ps->async_pending);
574 INIT_LIST_HEAD(&ps->async_completed);
575 init_waitqueue_head(&ps->wait);
576 ps->discsignr = 0;
577 ps->disc_pid = get_pid(task_pid(current));
578 ps->disc_uid = current->uid;
579 ps->disc_euid = current->euid;
580 ps->disccontext = NULL;
581 ps->ifclaimed = 0;
582 security_task_getsecid(current, &ps->secid);
583 wmb();
584 list_add_tail(&ps->list, &dev->filelist);
585 file->private_data = ps;
586 out:
587 if (ret)
588 kfree(ps);
589 mutex_unlock(&usbfs_mutex);
590 return ret;
591 }
592
593 static int usbdev_release(struct inode *inode, struct file *file)
594 {
595 struct dev_state *ps = file->private_data;
596 struct usb_device *dev = ps->dev;
597 unsigned int ifnum;
598
599 usb_lock_device(dev);
600
601 /* Protect against simultaneous open */
602 mutex_lock(&usbfs_mutex);
603 list_del_init(&ps->list);
604 mutex_unlock(&usbfs_mutex);
605
606 for (ifnum = 0; ps->ifclaimed && ifnum < 8*sizeof(ps->ifclaimed);
607 ifnum++) {
608 if (test_bit(ifnum, &ps->ifclaimed))
609 releaseintf(ps, ifnum);
610 }
611 destroy_all_async(ps);
612 usb_autosuspend_device(dev);
613 usb_unlock_device(dev);
614 usb_put_dev(dev);
615 put_pid(ps->disc_pid);
616 kfree(ps);
617 return 0;
618 }
619
620 static int proc_control(struct dev_state *ps, void __user *arg)
621 {
622 struct usb_device *dev = ps->dev;
623 struct usbdevfs_ctrltransfer ctrl;
624 unsigned int tmo;
625 unsigned char *tbuf;
626 int i, j, ret;
627
628 if (copy_from_user(&ctrl, arg, sizeof(ctrl)))
629 return -EFAULT;
630 if ((ret = check_ctrlrecip(ps, ctrl.bRequestType, ctrl.wIndex)))
631 return ret;
632 if (ctrl.wLength > PAGE_SIZE)
633 return -EINVAL;
634 if (!(tbuf = (unsigned char *)__get_free_page(GFP_KERNEL)))
635 return -ENOMEM;
636 tmo = ctrl.timeout;
637 if (ctrl.bRequestType & 0x80) {
638 if (ctrl.wLength && !access_ok(VERIFY_WRITE, ctrl.data, ctrl.wLength)) {
639 free_page((unsigned long)tbuf);
640 return -EINVAL;
641 }
642 snoop(&dev->dev, "control read: bRequest=%02x "
643 "bRrequestType=%02x wValue=%04x "
644 "wIndex=%04x wLength=%04x\n",
645 ctrl.bRequest, ctrl.bRequestType, ctrl.wValue,
646 ctrl.wIndex, ctrl.wLength);
647
648 usb_unlock_device(dev);
649 i = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0), ctrl.bRequest, ctrl.bRequestType,
650 ctrl.wValue, ctrl.wIndex, tbuf, ctrl.wLength, tmo);
651 usb_lock_device(dev);
652 if ((i > 0) && ctrl.wLength) {
653 if (usbfs_snoop) {
654 dev_info(&dev->dev, "control read: data ");
655 for (j = 0; j < i; ++j)
656 printk("%02x ", (unsigned char)(tbuf)[j]);
657 printk("\n");
658 }
659 if (copy_to_user(ctrl.data, tbuf, i)) {
660 free_page((unsigned long)tbuf);
661 return -EFAULT;
662 }
663 }
664 } else {
665 if (ctrl.wLength) {
666 if (copy_from_user(tbuf, ctrl.data, ctrl.wLength)) {
667 free_page((unsigned long)tbuf);
668 return -EFAULT;
669 }
670 }
671 snoop(&dev->dev, "control write: bRequest=%02x "
672 "bRrequestType=%02x wValue=%04x "
673 "wIndex=%04x wLength=%04x\n",
674 ctrl.bRequest, ctrl.bRequestType, ctrl.wValue,
675 ctrl.wIndex, ctrl.wLength);
676 if (usbfs_snoop) {
677 dev_info(&dev->dev, "control write: data: ");
678 for (j = 0; j < ctrl.wLength; ++j)
679 printk("%02x ", (unsigned char)(tbuf)[j]);
680 printk("\n");
681 }
682 usb_unlock_device(dev);
683 i = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), ctrl.bRequest, ctrl.bRequestType,
684 ctrl.wValue, ctrl.wIndex, tbuf, ctrl.wLength, tmo);
685 usb_lock_device(dev);
686 }
687 free_page((unsigned long)tbuf);
688 if (i<0 && i != -EPIPE) {
689 dev_printk(KERN_DEBUG, &dev->dev, "usbfs: USBDEVFS_CONTROL "
690 "failed cmd %s rqt %u rq %u len %u ret %d\n",
691 current->comm, ctrl.bRequestType, ctrl.bRequest,
692 ctrl.wLength, i);
693 }
694 return i;
695 }
696
697 static int proc_bulk(struct dev_state *ps, void __user *arg)
698 {
699 struct usb_device *dev = ps->dev;
700 struct usbdevfs_bulktransfer bulk;
701 unsigned int tmo, len1, pipe;
702 int len2;
703 unsigned char *tbuf;
704 int i, j, ret;
705
706 if (copy_from_user(&bulk, arg, sizeof(bulk)))
707 return -EFAULT;
708 if ((ret = findintfep(ps->dev, bulk.ep)) < 0)
709 return ret;
710 if ((ret = checkintf(ps, ret)))
711 return ret;
712 if (bulk.ep & USB_DIR_IN)
713 pipe = usb_rcvbulkpipe(dev, bulk.ep & 0x7f);
714 else
715 pipe = usb_sndbulkpipe(dev, bulk.ep & 0x7f);
716 if (!usb_maxpacket(dev, pipe, !(bulk.ep & USB_DIR_IN)))
717 return -EINVAL;
718 len1 = bulk.len;
719 if (len1 > MAX_USBFS_BUFFER_SIZE)
720 return -EINVAL;
721 if (!(tbuf = kmalloc(len1, GFP_KERNEL)))
722 return -ENOMEM;
723 tmo = bulk.timeout;
724 if (bulk.ep & 0x80) {
725 if (len1 && !access_ok(VERIFY_WRITE, bulk.data, len1)) {
726 kfree(tbuf);
727 return -EINVAL;
728 }
729 snoop(&dev->dev, "bulk read: len=0x%02x timeout=%04d\n",
730 bulk.len, bulk.timeout);
731 usb_unlock_device(dev);
732 i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo);
733 usb_lock_device(dev);
734 if (!i && len2) {
735 if (usbfs_snoop) {
736 dev_info(&dev->dev, "bulk read: data ");
737 for (j = 0; j < len2; ++j)
738 printk("%02x ", (unsigned char)(tbuf)[j]);
739 printk("\n");
740 }
741 if (copy_to_user(bulk.data, tbuf, len2)) {
742 kfree(tbuf);
743 return -EFAULT;
744 }
745 }
746 } else {
747 if (len1) {
748 if (copy_from_user(tbuf, bulk.data, len1)) {
749 kfree(tbuf);
750 return -EFAULT;
751 }
752 }
753 snoop(&dev->dev, "bulk write: len=0x%02x timeout=%04d\n",
754 bulk.len, bulk.timeout);
755 if (usbfs_snoop) {
756 dev_info(&dev->dev, "bulk write: data: ");
757 for (j = 0; j < len1; ++j)
758 printk("%02x ", (unsigned char)(tbuf)[j]);
759 printk("\n");
760 }
761 usb_unlock_device(dev);
762 i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo);
763 usb_lock_device(dev);
764 }
765 kfree(tbuf);
766 if (i < 0)
767 return i;
768 return len2;
769 }
770
771 static int proc_resetep(struct dev_state *ps, void __user *arg)
772 {
773 unsigned int ep;
774 int ret;
775
776 if (get_user(ep, (unsigned int __user *)arg))
777 return -EFAULT;
778 if ((ret = findintfep(ps->dev, ep)) < 0)
779 return ret;
780 if ((ret = checkintf(ps, ret)))
781 return ret;
782 usb_settoggle(ps->dev, ep & 0xf, !(ep & USB_DIR_IN), 0);
783 return 0;
784 }
785
786 static int proc_clearhalt(struct dev_state *ps, void __user *arg)
787 {
788 unsigned int ep;
789 int pipe;
790 int ret;
791
792 if (get_user(ep, (unsigned int __user *)arg))
793 return -EFAULT;
794 if ((ret = findintfep(ps->dev, ep)) < 0)
795 return ret;
796 if ((ret = checkintf(ps, ret)))
797 return ret;
798 if (ep & USB_DIR_IN)
799 pipe = usb_rcvbulkpipe(ps->dev, ep & 0x7f);
800 else
801 pipe = usb_sndbulkpipe(ps->dev, ep & 0x7f);
802
803 return usb_clear_halt(ps->dev, pipe);
804 }
805
806
807 static int proc_getdriver(struct dev_state *ps, void __user *arg)
808 {
809 struct usbdevfs_getdriver gd;
810 struct usb_interface *intf;
811 int ret;
812
813 if (copy_from_user(&gd, arg, sizeof(gd)))
814 return -EFAULT;
815 down_read(&usb_bus_type.subsys.rwsem);
816 intf = usb_ifnum_to_if(ps->dev, gd.interface);
817 if (!intf || !intf->dev.driver)
818 ret = -ENODATA;
819 else {
820 strncpy(gd.driver, intf->dev.driver->name,
821 sizeof(gd.driver));
822 ret = (copy_to_user(arg, &gd, sizeof(gd)) ? -EFAULT : 0);
823 }
824 up_read(&usb_bus_type.subsys.rwsem);
825 return ret;
826 }
827
828 static int proc_connectinfo(struct dev_state *ps, void __user *arg)
829 {
830 struct usbdevfs_connectinfo ci;
831
832 ci.devnum = ps->dev->devnum;
833 ci.slow = ps->dev->speed == USB_SPEED_LOW;
834 if (copy_to_user(arg, &ci, sizeof(ci)))
835 return -EFAULT;
836 return 0;
837 }
838
839 static int proc_resetdevice(struct dev_state *ps)
840 {
841 return usb_reset_composite_device(ps->dev, NULL);
842 }
843
844 static int proc_setintf(struct dev_state *ps, void __user *arg)
845 {
846 struct usbdevfs_setinterface setintf;
847 int ret;
848
849 if (copy_from_user(&setintf, arg, sizeof(setintf)))
850 return -EFAULT;
851 if ((ret = checkintf(ps, setintf.interface)))
852 return ret;
853 return usb_set_interface(ps->dev, setintf.interface,
854 setintf.altsetting);
855 }
856
857 static int proc_setconfig(struct dev_state *ps, void __user *arg)
858 {
859 unsigned int u;
860 int status = 0;
861 struct usb_host_config *actconfig;
862
863 if (get_user(u, (unsigned int __user *)arg))
864 return -EFAULT;
865
866 actconfig = ps->dev->actconfig;
867
868 /* Don't touch the device if any interfaces are claimed.
869 * It could interfere with other drivers' operations, and if
870 * an interface is claimed by usbfs it could easily deadlock.
871 */
872 if (actconfig) {
873 int i;
874
875 for (i = 0; i < actconfig->desc.bNumInterfaces; ++i) {
876 if (usb_interface_claimed(actconfig->interface[i])) {
877 dev_warn (&ps->dev->dev,
878 "usbfs: interface %d claimed by %s "
879 "while '%s' sets config #%d\n",
880 actconfig->interface[i]
881 ->cur_altsetting
882 ->desc.bInterfaceNumber,
883 actconfig->interface[i]
884 ->dev.driver->name,
885 current->comm, u);
886 status = -EBUSY;
887 break;
888 }
889 }
890 }
891
892 /* SET_CONFIGURATION is often abused as a "cheap" driver reset,
893 * so avoid usb_set_configuration()'s kick to sysfs
894 */
895 if (status == 0) {
896 if (actconfig && actconfig->desc.bConfigurationValue == u)
897 status = usb_reset_configuration(ps->dev);
898 else
899 status = usb_set_configuration(ps->dev, u);
900 }
901
902 return status;
903 }
904
905 static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb,
906 struct usbdevfs_iso_packet_desc __user *iso_frame_desc,
907 void __user *arg)
908 {
909 struct usbdevfs_iso_packet_desc *isopkt = NULL;
910 struct usb_host_endpoint *ep;
911 struct async *as;
912 struct usb_ctrlrequest *dr = NULL;
913 unsigned int u, totlen, isofrmlen;
914 int ret, interval = 0, ifnum = -1;
915
916 if (uurb->flags & ~(USBDEVFS_URB_ISO_ASAP|USBDEVFS_URB_SHORT_NOT_OK|
917 URB_NO_FSBR|URB_ZERO_PACKET))
918 return -EINVAL;
919 if (!uurb->buffer)
920 return -EINVAL;
921 if (uurb->signr != 0 && (uurb->signr < SIGRTMIN || uurb->signr > SIGRTMAX))
922 return -EINVAL;
923 if (!(uurb->type == USBDEVFS_URB_TYPE_CONTROL && (uurb->endpoint & ~USB_ENDPOINT_DIR_MASK) == 0)) {
924 if ((ifnum = findintfep(ps->dev, uurb->endpoint)) < 0)
925 return ifnum;
926 if ((ret = checkintf(ps, ifnum)))
927 return ret;
928 }
929 if ((uurb->endpoint & USB_ENDPOINT_DIR_MASK) != 0)
930 ep = ps->dev->ep_in [uurb->endpoint & USB_ENDPOINT_NUMBER_MASK];
931 else
932 ep = ps->dev->ep_out [uurb->endpoint & USB_ENDPOINT_NUMBER_MASK];
933 if (!ep)
934 return -ENOENT;
935 switch(uurb->type) {
936 case USBDEVFS_URB_TYPE_CONTROL:
937 if ((ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK)
938 != USB_ENDPOINT_XFER_CONTROL)
939 return -EINVAL;
940 /* min 8 byte setup packet, max 8 byte setup plus an arbitrary data stage */
941 if (uurb->buffer_length < 8 || uurb->buffer_length > (8 + MAX_USBFS_BUFFER_SIZE))
942 return -EINVAL;
943 if (!(dr = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL)))
944 return -ENOMEM;
945 if (copy_from_user(dr, uurb->buffer, 8)) {
946 kfree(dr);
947 return -EFAULT;
948 }
949 if (uurb->buffer_length < (le16_to_cpup(&dr->wLength) + 8)) {
950 kfree(dr);
951 return -EINVAL;
952 }
953 if ((ret = check_ctrlrecip(ps, dr->bRequestType, le16_to_cpup(&dr->wIndex)))) {
954 kfree(dr);
955 return ret;
956 }
957 uurb->endpoint = (uurb->endpoint & ~USB_ENDPOINT_DIR_MASK) | (dr->bRequestType & USB_ENDPOINT_DIR_MASK);
958 uurb->number_of_packets = 0;
959 uurb->buffer_length = le16_to_cpup(&dr->wLength);
960 uurb->buffer += 8;
961 if (!access_ok((uurb->endpoint & USB_DIR_IN) ? VERIFY_WRITE : VERIFY_READ, uurb->buffer, uurb->buffer_length)) {
962 kfree(dr);
963 return -EFAULT;
964 }
965 snoop(&ps->dev->dev, "control urb: bRequest=%02x "
966 "bRrequestType=%02x wValue=%04x "
967 "wIndex=%04x wLength=%04x\n",
968 dr->bRequest, dr->bRequestType, dr->wValue,
969 dr->wIndex, dr->wLength);
970 break;
971
972 case USBDEVFS_URB_TYPE_BULK:
973 switch (ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) {
974 case USB_ENDPOINT_XFER_CONTROL:
975 case USB_ENDPOINT_XFER_ISOC:
976 return -EINVAL;
977 /* allow single-shot interrupt transfers, at bogus rates */
978 }
979 uurb->number_of_packets = 0;
980 if (uurb->buffer_length > MAX_USBFS_BUFFER_SIZE)
981 return -EINVAL;
982 if (!access_ok((uurb->endpoint & USB_DIR_IN) ? VERIFY_WRITE : VERIFY_READ, uurb->buffer, uurb->buffer_length))
983 return -EFAULT;
984 snoop(&ps->dev->dev, "bulk urb\n");
985 break;
986
987 case USBDEVFS_URB_TYPE_ISO:
988 /* arbitrary limit */
989 if (uurb->number_of_packets < 1 || uurb->number_of_packets > 128)
990 return -EINVAL;
991 if ((ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK)
992 != USB_ENDPOINT_XFER_ISOC)
993 return -EINVAL;
994 interval = 1 << min (15, ep->desc.bInterval - 1);
995 isofrmlen = sizeof(struct usbdevfs_iso_packet_desc) * uurb->number_of_packets;
996 if (!(isopkt = kmalloc(isofrmlen, GFP_KERNEL)))
997 return -ENOMEM;
998 if (copy_from_user(isopkt, iso_frame_desc, isofrmlen)) {
999 kfree(isopkt);
1000 return -EFAULT;
1001 }
1002 for (totlen = u = 0; u < uurb->number_of_packets; u++) {
1003 /* arbitrary limit, sufficient for USB 2.0 high-bandwidth iso */
1004 if (isopkt[u].length > 8192) {
1005 kfree(isopkt);
1006 return -EINVAL;
1007 }
1008 totlen += isopkt[u].length;
1009 }
1010 if (totlen > 32768) {
1011 kfree(isopkt);
1012 return -EINVAL;
1013 }
1014 uurb->buffer_length = totlen;
1015 snoop(&ps->dev->dev, "iso urb\n");
1016 break;
1017
1018 case USBDEVFS_URB_TYPE_INTERRUPT:
1019 uurb->number_of_packets = 0;
1020 if ((ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK)
1021 != USB_ENDPOINT_XFER_INT)
1022 return -EINVAL;
1023 if (ps->dev->speed == USB_SPEED_HIGH)
1024 interval = 1 << min (15, ep->desc.bInterval - 1);
1025 else
1026 interval = ep->desc.bInterval;
1027 if (uurb->buffer_length > MAX_USBFS_BUFFER_SIZE)
1028 return -EINVAL;
1029 if (!access_ok((uurb->endpoint & USB_DIR_IN) ? VERIFY_WRITE : VERIFY_READ, uurb->buffer, uurb->buffer_length))
1030 return -EFAULT;
1031 snoop(&ps->dev->dev, "interrupt urb\n");
1032 break;
1033
1034 default:
1035 return -EINVAL;
1036 }
1037 if (!(as = alloc_async(uurb->number_of_packets))) {
1038 kfree(isopkt);
1039 kfree(dr);
1040 return -ENOMEM;
1041 }
1042 if (!(as->urb->transfer_buffer = kmalloc(uurb->buffer_length, GFP_KERNEL))) {
1043 kfree(isopkt);
1044 kfree(dr);
1045 free_async(as);
1046 return -ENOMEM;
1047 }
1048 as->urb->dev = ps->dev;
1049 as->urb->pipe = (uurb->type << 30) | __create_pipe(ps->dev, uurb->endpoint & 0xf) | (uurb->endpoint & USB_DIR_IN);
1050 as->urb->transfer_flags = uurb->flags;
1051 as->urb->transfer_buffer_length = uurb->buffer_length;
1052 as->urb->setup_packet = (unsigned char*)dr;
1053 as->urb->start_frame = uurb->start_frame;
1054 as->urb->number_of_packets = uurb->number_of_packets;
1055 as->urb->interval = interval;
1056 as->urb->context = as;
1057 as->urb->complete = async_completed;
1058 for (totlen = u = 0; u < uurb->number_of_packets; u++) {
1059 as->urb->iso_frame_desc[u].offset = totlen;
1060 as->urb->iso_frame_desc[u].length = isopkt[u].length;
1061 totlen += isopkt[u].length;
1062 }
1063 kfree(isopkt);
1064 as->ps = ps;
1065 as->userurb = arg;
1066 if (uurb->endpoint & USB_DIR_IN)
1067 as->userbuffer = uurb->buffer;
1068 else
1069 as->userbuffer = NULL;
1070 as->signr = uurb->signr;
1071 as->ifnum = ifnum;
1072 as->pid = get_pid(task_pid(current));
1073 as->uid = current->uid;
1074 as->euid = current->euid;
1075 security_task_getsecid(current, &as->secid);
1076 if (!(uurb->endpoint & USB_DIR_IN)) {
1077 if (copy_from_user(as->urb->transfer_buffer, uurb->buffer, as->urb->transfer_buffer_length)) {
1078 free_async(as);
1079 return -EFAULT;
1080 }
1081 }
1082 snoop(&as->urb->dev->dev, "submit urb\n");
1083 snoop_urb(as->urb, as->userurb);
1084 async_newpending(as);
1085 if ((ret = usb_submit_urb(as->urb, GFP_KERNEL))) {
1086 dev_printk(KERN_DEBUG, &ps->dev->dev, "usbfs: usb_submit_urb returned %d\n", ret);
1087 async_removepending(as);
1088 free_async(as);
1089 return ret;
1090 }
1091 return 0;
1092 }
1093
1094 static int proc_submiturb(struct dev_state *ps, void __user *arg)
1095 {
1096 struct usbdevfs_urb uurb;
1097
1098 if (copy_from_user(&uurb, arg, sizeof(uurb)))
1099 return -EFAULT;
1100
1101 return proc_do_submiturb(ps, &uurb, (((struct usbdevfs_urb __user *)arg)->iso_frame_desc), arg);
1102 }
1103
1104 static int proc_unlinkurb(struct dev_state *ps, void __user *arg)
1105 {
1106 struct async *as;
1107
1108 as = async_getpending(ps, arg);
1109 if (!as)
1110 return -EINVAL;
1111 usb_kill_urb(as->urb);
1112 return 0;
1113 }
1114
1115 static int processcompl(struct async *as, void __user * __user *arg)
1116 {
1117 struct urb *urb = as->urb;
1118 struct usbdevfs_urb __user *userurb = as->userurb;
1119 void __user *addr = as->userurb;
1120 unsigned int i;
1121
1122 if (as->userbuffer)
1123 if (copy_to_user(as->userbuffer, urb->transfer_buffer, urb->transfer_buffer_length))
1124 return -EFAULT;
1125 if (put_user(urb->status, &userurb->status))
1126 return -EFAULT;
1127 if (put_user(urb->actual_length, &userurb->actual_length))
1128 return -EFAULT;
1129 if (put_user(urb->error_count, &userurb->error_count))
1130 return -EFAULT;
1131
1132 if (usb_pipeisoc(urb->pipe)) {
1133 for (i = 0; i < urb->number_of_packets; i++) {
1134 if (put_user(urb->iso_frame_desc[i].actual_length,
1135 &userurb->iso_frame_desc[i].actual_length))
1136 return -EFAULT;
1137 if (put_user(urb->iso_frame_desc[i].status,
1138 &userurb->iso_frame_desc[i].status))
1139 return -EFAULT;
1140 }
1141 }
1142
1143 free_async(as);
1144
1145 if (put_user(addr, (void __user * __user *)arg))
1146 return -EFAULT;
1147 return 0;
1148 }
1149
1150 static struct async* reap_as(struct dev_state *ps)
1151 {
1152 DECLARE_WAITQUEUE(wait, current);
1153 struct async *as = NULL;
1154 struct usb_device *dev = ps->dev;
1155
1156 add_wait_queue(&ps->wait, &wait);
1157 for (;;) {
1158 __set_current_state(TASK_INTERRUPTIBLE);
1159 if ((as = async_getcompleted(ps)))
1160 break;
1161 if (signal_pending(current))
1162 break;
1163 usb_unlock_device(dev);
1164 schedule();
1165 usb_lock_device(dev);
1166 }
1167 remove_wait_queue(&ps->wait, &wait);
1168 set_current_state(TASK_RUNNING);
1169 return as;
1170 }
1171
1172 static int proc_reapurb(struct dev_state *ps, void __user *arg)
1173 {
1174 struct async *as = reap_as(ps);
1175 if (as)
1176 return processcompl(as, (void __user * __user *)arg);
1177 if (signal_pending(current))
1178 return -EINTR;
1179 return -EIO;
1180 }
1181
1182 static int proc_reapurbnonblock(struct dev_state *ps, void __user *arg)
1183 {
1184 struct async *as;
1185
1186 if (!(as = async_getcompleted(ps)))
1187 return -EAGAIN;
1188 return processcompl(as, (void __user * __user *)arg);
1189 }
1190
1191 #ifdef CONFIG_COMPAT
1192
1193 static int get_urb32(struct usbdevfs_urb *kurb,
1194 struct usbdevfs_urb32 __user *uurb)
1195 {
1196 __u32 uptr;
1197 if (get_user(kurb->type, &uurb->type) ||
1198 __get_user(kurb->endpoint, &uurb->endpoint) ||
1199 __get_user(kurb->status, &uurb->status) ||
1200 __get_user(kurb->flags, &uurb->flags) ||
1201 __get_user(kurb->buffer_length, &uurb->buffer_length) ||
1202 __get_user(kurb->actual_length, &uurb->actual_length) ||
1203 __get_user(kurb->start_frame, &uurb->start_frame) ||
1204 __get_user(kurb->number_of_packets, &uurb->number_of_packets) ||
1205 __get_user(kurb->error_count, &uurb->error_count) ||
1206 __get_user(kurb->signr, &uurb->signr))
1207 return -EFAULT;
1208
1209 if (__get_user(uptr, &uurb->buffer))
1210 return -EFAULT;
1211 kurb->buffer = compat_ptr(uptr);
1212 if (__get_user(uptr, &uurb->buffer))
1213 return -EFAULT;
1214 kurb->usercontext = compat_ptr(uptr);
1215
1216 return 0;
1217 }
1218
1219 static int proc_submiturb_compat(struct dev_state *ps, void __user *arg)
1220 {
1221 struct usbdevfs_urb uurb;
1222
1223 if (get_urb32(&uurb,(struct usbdevfs_urb32 __user *)arg))
1224 return -EFAULT;
1225
1226 return proc_do_submiturb(ps, &uurb, ((struct usbdevfs_urb32 __user *)arg)->iso_frame_desc, arg);
1227 }
1228
1229 static int processcompl_compat(struct async *as, void __user * __user *arg)
1230 {
1231 struct urb *urb = as->urb;
1232 struct usbdevfs_urb32 __user *userurb = as->userurb;
1233 void __user *addr = as->userurb;
1234 unsigned int i;
1235
1236 if (as->userbuffer)
1237 if (copy_to_user(as->userbuffer, urb->transfer_buffer, urb->transfer_buffer_length))
1238 return -EFAULT;
1239 if (put_user(urb->status, &userurb->status))
1240 return -EFAULT;
1241 if (put_user(urb->actual_length, &userurb->actual_length))
1242 return -EFAULT;
1243 if (put_user(urb->error_count, &userurb->error_count))
1244 return -EFAULT;
1245
1246 if (usb_pipeisoc(urb->pipe)) {
1247 for (i = 0; i < urb->number_of_packets; i++) {
1248 if (put_user(urb->iso_frame_desc[i].actual_length,
1249 &userurb->iso_frame_desc[i].actual_length))
1250 return -EFAULT;
1251 if (put_user(urb->iso_frame_desc[i].status,
1252 &userurb->iso_frame_desc[i].status))
1253 return -EFAULT;
1254 }
1255 }
1256
1257 free_async(as);
1258 if (put_user(ptr_to_compat(addr), (u32 __user *)arg))
1259 return -EFAULT;
1260 return 0;
1261 }
1262
1263 static int proc_reapurb_compat(struct dev_state *ps, void __user *arg)
1264 {
1265 struct async *as = reap_as(ps);
1266 if (as)
1267 return processcompl_compat(as, (void __user * __user *)arg);
1268 if (signal_pending(current))
1269 return -EINTR;
1270 return -EIO;
1271 }
1272
1273 static int proc_reapurbnonblock_compat(struct dev_state *ps, void __user *arg)
1274 {
1275 struct async *as;
1276
1277 if (!(as = async_getcompleted(ps)))
1278 return -EAGAIN;
1279 return processcompl_compat(as, (void __user * __user *)arg);
1280 }
1281
1282 #endif
1283
1284 static int proc_disconnectsignal(struct dev_state *ps, void __user *arg)
1285 {
1286 struct usbdevfs_disconnectsignal ds;
1287
1288 if (copy_from_user(&ds, arg, sizeof(ds)))
1289 return -EFAULT;
1290 if (ds.signr != 0 && (ds.signr < SIGRTMIN || ds.signr > SIGRTMAX))
1291 return -EINVAL;
1292 ps->discsignr = ds.signr;
1293 ps->disccontext = ds.context;
1294 return 0;
1295 }
1296
1297 static int proc_claiminterface(struct dev_state *ps, void __user *arg)
1298 {
1299 unsigned int ifnum;
1300
1301 if (get_user(ifnum, (unsigned int __user *)arg))
1302 return -EFAULT;
1303 return claimintf(ps, ifnum);
1304 }
1305
1306 static int proc_releaseinterface(struct dev_state *ps, void __user *arg)
1307 {
1308 unsigned int ifnum;
1309 int ret;
1310
1311 if (get_user(ifnum, (unsigned int __user *)arg))
1312 return -EFAULT;
1313 if ((ret = releaseintf(ps, ifnum)) < 0)
1314 return ret;
1315 destroy_async_on_interface (ps, ifnum);
1316 return 0;
1317 }
1318
1319 static int proc_ioctl(struct dev_state *ps, struct usbdevfs_ioctl *ctl)
1320 {
1321 int size;
1322 void *buf = NULL;
1323 int retval = 0;
1324 struct usb_interface *intf = NULL;
1325 struct usb_driver *driver = NULL;
1326
1327 /* alloc buffer */
1328 if ((size = _IOC_SIZE (ctl->ioctl_code)) > 0) {
1329 if ((buf = kmalloc (size, GFP_KERNEL)) == NULL)
1330 return -ENOMEM;
1331 if ((_IOC_DIR(ctl->ioctl_code) & _IOC_WRITE)) {
1332 if (copy_from_user (buf, ctl->data, size)) {
1333 kfree(buf);
1334 return -EFAULT;
1335 }
1336 } else {
1337 memset (buf, 0, size);
1338 }
1339 }
1340
1341 if (!connected(ps)) {
1342 kfree(buf);
1343 return -ENODEV;
1344 }
1345
1346 if (ps->dev->state != USB_STATE_CONFIGURED)
1347 retval = -EHOSTUNREACH;
1348 else if (!(intf = usb_ifnum_to_if (ps->dev, ctl->ifno)))
1349 retval = -EINVAL;
1350 else switch (ctl->ioctl_code) {
1351
1352 /* disconnect kernel driver from interface */
1353 case USBDEVFS_DISCONNECT:
1354
1355 down_write(&usb_bus_type.subsys.rwsem);
1356 if (intf->dev.driver) {
1357 driver = to_usb_driver(intf->dev.driver);
1358 dev_dbg (&intf->dev, "disconnect by usbfs\n");
1359 usb_driver_release_interface(driver, intf);
1360 } else
1361 retval = -ENODATA;
1362 up_write(&usb_bus_type.subsys.rwsem);
1363 break;
1364
1365 /* let kernel drivers try to (re)bind to the interface */
1366 case USBDEVFS_CONNECT:
1367 usb_unlock_device(ps->dev);
1368 retval = bus_rescan_devices(intf->dev.bus);
1369 usb_lock_device(ps->dev);
1370 break;
1371
1372 /* talk directly to the interface's driver */
1373 default:
1374 down_read(&usb_bus_type.subsys.rwsem);
1375 if (intf->dev.driver)
1376 driver = to_usb_driver(intf->dev.driver);
1377 if (driver == NULL || driver->ioctl == NULL) {
1378 retval = -ENOTTY;
1379 } else {
1380 retval = driver->ioctl (intf, ctl->ioctl_code, buf);
1381 if (retval == -ENOIOCTLCMD)
1382 retval = -ENOTTY;
1383 }
1384 up_read(&usb_bus_type.subsys.rwsem);
1385 }
1386
1387 /* cleanup and return */
1388 if (retval >= 0
1389 && (_IOC_DIR (ctl->ioctl_code) & _IOC_READ) != 0
1390 && size > 0
1391 && copy_to_user (ctl->data, buf, size) != 0)
1392 retval = -EFAULT;
1393
1394 kfree(buf);
1395 return retval;
1396 }
1397
1398 static int proc_ioctl_default(struct dev_state *ps, void __user *arg)
1399 {
1400 struct usbdevfs_ioctl ctrl;
1401
1402 if (copy_from_user(&ctrl, arg, sizeof (ctrl)))
1403 return -EFAULT;
1404 return proc_ioctl(ps, &ctrl);
1405 }
1406
1407 #ifdef CONFIG_COMPAT
1408 static int proc_ioctl_compat(struct dev_state *ps, compat_uptr_t arg)
1409 {
1410 struct usbdevfs_ioctl32 __user *uioc;
1411 struct usbdevfs_ioctl ctrl;
1412 u32 udata;
1413
1414 uioc = compat_ptr((long)arg);
1415 if (get_user(ctrl.ifno, &uioc->ifno) ||
1416 get_user(ctrl.ioctl_code, &uioc->ioctl_code) ||
1417 __get_user(udata, &uioc->data))
1418 return -EFAULT;
1419 ctrl.data = compat_ptr(udata);
1420
1421 return proc_ioctl(ps, &ctrl);
1422 }
1423 #endif
1424
1425 /*
1426 * NOTE: All requests here that have interface numbers as parameters
1427 * are assuming that somehow the configuration has been prevented from
1428 * changing. But there's no mechanism to ensure that...
1429 */
1430 static int usbdev_ioctl(struct inode *inode, struct file *file, unsigned int cmd, unsigned long arg)
1431 {
1432 struct dev_state *ps = file->private_data;
1433 struct usb_device *dev = ps->dev;
1434 void __user *p = (void __user *)arg;
1435 int ret = -ENOTTY;
1436
1437 if (!(file->f_mode & FMODE_WRITE))
1438 return -EPERM;
1439 usb_lock_device(dev);
1440 if (!connected(ps)) {
1441 usb_unlock_device(dev);
1442 return -ENODEV;
1443 }
1444
1445 switch (cmd) {
1446 case USBDEVFS_CONTROL:
1447 snoop(&dev->dev, "%s: CONTROL\n", __FUNCTION__);
1448 ret = proc_control(ps, p);
1449 if (ret >= 0)
1450 inode->i_mtime = CURRENT_TIME;
1451 break;
1452
1453 case USBDEVFS_BULK:
1454 snoop(&dev->dev, "%s: BULK\n", __FUNCTION__);
1455 ret = proc_bulk(ps, p);
1456 if (ret >= 0)
1457 inode->i_mtime = CURRENT_TIME;
1458 break;
1459
1460 case USBDEVFS_RESETEP:
1461 snoop(&dev->dev, "%s: RESETEP\n", __FUNCTION__);
1462 ret = proc_resetep(ps, p);
1463 if (ret >= 0)
1464 inode->i_mtime = CURRENT_TIME;
1465 break;
1466
1467 case USBDEVFS_RESET:
1468 snoop(&dev->dev, "%s: RESET\n", __FUNCTION__);
1469 ret = proc_resetdevice(ps);
1470 break;
1471
1472 case USBDEVFS_CLEAR_HALT:
1473 snoop(&dev->dev, "%s: CLEAR_HALT\n", __FUNCTION__);
1474 ret = proc_clearhalt(ps, p);
1475 if (ret >= 0)
1476 inode->i_mtime = CURRENT_TIME;
1477 break;
1478
1479 case USBDEVFS_GETDRIVER:
1480 snoop(&dev->dev, "%s: GETDRIVER\n", __FUNCTION__);
1481 ret = proc_getdriver(ps, p);
1482 break;
1483
1484 case USBDEVFS_CONNECTINFO:
1485 snoop(&dev->dev, "%s: CONNECTINFO\n", __FUNCTION__);
1486 ret = proc_connectinfo(ps, p);
1487 break;
1488
1489 case USBDEVFS_SETINTERFACE:
1490 snoop(&dev->dev, "%s: SETINTERFACE\n", __FUNCTION__);
1491 ret = proc_setintf(ps, p);
1492 break;
1493
1494 case USBDEVFS_SETCONFIGURATION:
1495 snoop(&dev->dev, "%s: SETCONFIGURATION\n", __FUNCTION__);
1496 ret = proc_setconfig(ps, p);
1497 break;
1498
1499 case USBDEVFS_SUBMITURB:
1500 snoop(&dev->dev, "%s: SUBMITURB\n", __FUNCTION__);
1501 ret = proc_submiturb(ps, p);
1502 if (ret >= 0)
1503 inode->i_mtime = CURRENT_TIME;
1504 break;
1505
1506 #ifdef CONFIG_COMPAT
1507
1508 case USBDEVFS_SUBMITURB32:
1509 snoop(&dev->dev, "%s: SUBMITURB32\n", __FUNCTION__);
1510 ret = proc_submiturb_compat(ps, p);
1511 if (ret >= 0)
1512 inode->i_mtime = CURRENT_TIME;
1513 break;
1514
1515 case USBDEVFS_REAPURB32:
1516 snoop(&dev->dev, "%s: REAPURB32\n", __FUNCTION__);
1517 ret = proc_reapurb_compat(ps, p);
1518 break;
1519
1520 case USBDEVFS_REAPURBNDELAY32:
1521 snoop(&dev->dev, "%s: REAPURBDELAY32\n", __FUNCTION__);
1522 ret = proc_reapurbnonblock_compat(ps, p);
1523 break;
1524
1525 case USBDEVFS_IOCTL32:
1526 snoop(&dev->dev, "%s: IOCTL\n", __FUNCTION__);
1527 ret = proc_ioctl_compat(ps, ptr_to_compat(p));
1528 break;
1529 #endif
1530
1531 case USBDEVFS_DISCARDURB:
1532 snoop(&dev->dev, "%s: DISCARDURB\n", __FUNCTION__);
1533 ret = proc_unlinkurb(ps, p);
1534 break;
1535
1536 case USBDEVFS_REAPURB:
1537 snoop(&dev->dev, "%s: REAPURB\n", __FUNCTION__);
1538 ret = proc_reapurb(ps, p);
1539 break;
1540
1541 case USBDEVFS_REAPURBNDELAY:
1542 snoop(&dev->dev, "%s: REAPURBDELAY\n", __FUNCTION__);
1543 ret = proc_reapurbnonblock(ps, p);
1544 break;
1545
1546 case USBDEVFS_DISCSIGNAL:
1547 snoop(&dev->dev, "%s: DISCSIGNAL\n", __FUNCTION__);
1548 ret = proc_disconnectsignal(ps, p);
1549 break;
1550
1551 case USBDEVFS_CLAIMINTERFACE:
1552 snoop(&dev->dev, "%s: CLAIMINTERFACE\n", __FUNCTION__);
1553 ret = proc_claiminterface(ps, p);
1554 break;
1555
1556 case USBDEVFS_RELEASEINTERFACE:
1557 snoop(&dev->dev, "%s: RELEASEINTERFACE\n", __FUNCTION__);
1558 ret = proc_releaseinterface(ps, p);
1559 break;
1560
1561 case USBDEVFS_IOCTL:
1562 snoop(&dev->dev, "%s: IOCTL\n", __FUNCTION__);
1563 ret = proc_ioctl_default(ps, p);
1564 break;
1565 }
1566 usb_unlock_device(dev);
1567 if (ret >= 0)
1568 inode->i_atime = CURRENT_TIME;
1569 return ret;
1570 }
1571
1572 /* No kernel lock - fine */
1573 static unsigned int usbdev_poll(struct file *file, struct poll_table_struct *wait)
1574 {
1575 struct dev_state *ps = file->private_data;
1576 unsigned int mask = 0;
1577
1578 poll_wait(file, &ps->wait, wait);
1579 if (file->f_mode & FMODE_WRITE && !list_empty(&ps->async_completed))
1580 mask |= POLLOUT | POLLWRNORM;
1581 if (!connected(ps))
1582 mask |= POLLERR | POLLHUP;
1583 return mask;
1584 }
1585
1586 const struct file_operations usbfs_device_file_operations = {
1587 .llseek = usbdev_lseek,
1588 .read = usbdev_read,
1589 .poll = usbdev_poll,
1590 .ioctl = usbdev_ioctl,
1591 .open = usbdev_open,
1592 .release = usbdev_release,
1593 };
1594
1595 static int usbdev_add(struct usb_device *dev)
1596 {
1597 int minor = ((dev->bus->busnum-1) * 128) + (dev->devnum-1);
1598
1599 dev->class_dev = class_device_create(usb_device_class, NULL,
1600 MKDEV(USB_DEVICE_MAJOR, minor), &dev->dev,
1601 "usbdev%d.%d", dev->bus->busnum, dev->devnum);
1602 if (IS_ERR(dev->class_dev))
1603 return PTR_ERR(dev->class_dev);
1604
1605 dev->class_dev->class_data = dev;
1606 return 0;
1607 }
1608
1609 static void usbdev_remove(struct usb_device *dev)
1610 {
1611 class_device_unregister(dev->class_dev);
1612 }
1613
1614 static int usbdev_notify(struct notifier_block *self, unsigned long action,
1615 void *dev)
1616 {
1617 switch (action) {
1618 case USB_DEVICE_ADD:
1619 if (usbdev_add(dev))
1620 return NOTIFY_BAD;
1621 break;
1622 case USB_DEVICE_REMOVE:
1623 usbdev_remove(dev);
1624 break;
1625 }
1626 return NOTIFY_OK;
1627 }
1628
1629 static struct notifier_block usbdev_nb = {
1630 .notifier_call = usbdev_notify,
1631 };
1632
1633 static struct cdev usb_device_cdev = {
1634 .kobj = {.name = "usb_device", },
1635 .owner = THIS_MODULE,
1636 };
1637
1638 int __init usbdev_init(void)
1639 {
1640 int retval;
1641
1642 retval = register_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX,
1643 "usb_device");
1644 if (retval) {
1645 err("unable to register minors for usb_device");
1646 goto out;
1647 }
1648 cdev_init(&usb_device_cdev, &usbfs_device_file_operations);
1649 retval = cdev_add(&usb_device_cdev, USB_DEVICE_DEV, USB_DEVICE_MAX);
1650 if (retval) {
1651 err("unable to get usb_device major %d", USB_DEVICE_MAJOR);
1652 goto error_cdev;
1653 }
1654 usb_device_class = class_create(THIS_MODULE, "usb_device");
1655 if (IS_ERR(usb_device_class)) {
1656 err("unable to register usb_device class");
1657 retval = PTR_ERR(usb_device_class);
1658 goto error_class;
1659 }
1660
1661 usb_register_notify(&usbdev_nb);
1662
1663 out:
1664 return retval;
1665
1666 error_class:
1667 usb_device_class = NULL;
1668 cdev_del(&usb_device_cdev);
1669
1670 error_cdev:
1671 unregister_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX);
1672 goto out;
1673 }
1674
1675 void usbdev_cleanup(void)
1676 {
1677 usb_unregister_notify(&usbdev_nb);
1678 class_destroy(usb_device_class);
1679 cdev_del(&usb_device_cdev);
1680 unregister_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX);
1681 }
1682
Linux with added FPC-III support