1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37#include <linux/fs.h>
38#include <linux/mm.h>
39#include <linux/slab.h>
40#include <linux/signal.h>
41#include <linux/poll.h>
42#include <linux/module.h>
43#include <linux/string.h>
44#include <linux/usb.h>
45#include <linux/usbdevice_fs.h>
46#include <linux/usb/hcd.h>
47#include <linux/cdev.h>
48#include <linux/notifier.h>
49#include <linux/security.h>
50#include <linux/user_namespace.h>
51#include <linux/scatterlist.h>
52#include <linux/uaccess.h>
53#include <asm/byteorder.h>
54#include <linux/moduleparam.h>
55
56#include "usb.h"
57
58#define USB_MAXBUS 64
59#define USB_DEVICE_MAX (USB_MAXBUS * 128)
60#define USB_SG_SIZE 16384
61
62
63DEFINE_MUTEX(usbfs_mutex);
64
65struct dev_state {
66 struct list_head list;
67 struct usb_device *dev;
68 struct file *file;
69 spinlock_t lock;
70 struct list_head async_pending;
71 struct list_head async_completed;
72 wait_queue_head_t wait;
73 unsigned int discsignr;
74 struct pid *disc_pid;
75 const struct cred *cred;
76 void __user *disccontext;
77 unsigned long ifclaimed;
78 u32 secid;
79 u32 disabled_bulk_eps;
80};
81
82struct async {
83 struct list_head asynclist;
84 struct dev_state *ps;
85 struct pid *pid;
86 const struct cred *cred;
87 unsigned int signr;
88 unsigned int ifnum;
89 void __user *userbuffer;
90 void __user *userurb;
91 struct urb *urb;
92 unsigned int mem_usage;
93 int status;
94 u32 secid;
95 u8 bulk_addr;
96 u8 bulk_status;
97};
98
99static bool usbfs_snoop;
100module_param(usbfs_snoop, bool, S_IRUGO | S_IWUSR);
101MODULE_PARM_DESC(usbfs_snoop, "true to log all usbfs traffic");
102
103#define snoop(dev, format, arg...) \
104 do { \
105 if (usbfs_snoop) \
106 dev_info(dev , format , ## arg); \
107 } while (0)
108
109enum snoop_when {
110 SUBMIT, COMPLETE
111};
112
113#define USB_DEVICE_DEV MKDEV(USB_DEVICE_MAJOR, 0)
114
115
116static unsigned usbfs_memory_mb = 16;
117module_param(usbfs_memory_mb, uint, 0644);
118MODULE_PARM_DESC(usbfs_memory_mb,
119 "maximum MB allowed for usbfs buffers (0 = no limit)");
120
121
122#define USBFS_XFER_MAX (UINT_MAX / 2 - 1000000)
123
124static atomic_t usbfs_memory_usage;
125
126
127static int usbfs_increase_memory_usage(unsigned amount)
128{
129 unsigned lim;
130
131
132
133
134
135 lim = ACCESS_ONCE(usbfs_memory_mb);
136 if (lim == 0 || lim > (USBFS_XFER_MAX >> 20))
137 lim = USBFS_XFER_MAX;
138 else
139 lim <<= 20;
140
141 atomic_add(amount, &usbfs_memory_usage);
142 if (atomic_read(&usbfs_memory_usage) <= lim)
143 return 0;
144 atomic_sub(amount, &usbfs_memory_usage);
145 return -ENOMEM;
146}
147
148
149static void usbfs_decrease_memory_usage(unsigned amount)
150{
151 atomic_sub(amount, &usbfs_memory_usage);
152}
153
154static int connected(struct dev_state *ps)
155{
156 return (!list_empty(&ps->list) &&
157 ps->dev->state != USB_STATE_NOTATTACHED);
158}
159
160static loff_t usbdev_lseek(struct file *file, loff_t offset, int orig)
161{
162 loff_t ret;
163
164 mutex_lock(&file_inode(file)->i_mutex);
165
166 switch (orig) {
167 case 0:
168 file->f_pos = offset;
169 ret = file->f_pos;
170 break;
171 case 1:
172 file->f_pos += offset;
173 ret = file->f_pos;
174 break;
175 case 2:
176 default:
177 ret = -EINVAL;
178 }
179
180 mutex_unlock(&file_inode(file)->i_mutex);
181 return ret;
182}
183
184static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes,
185 loff_t *ppos)
186{
187 struct dev_state *ps = file->private_data;
188 struct usb_device *dev = ps->dev;
189 ssize_t ret = 0;
190 unsigned len;
191 loff_t pos;
192 int i;
193
194 pos = *ppos;
195 usb_lock_device(dev);
196 if (!connected(ps)) {
197 ret = -ENODEV;
198 goto err;
199 } else if (pos < 0) {
200 ret = -EINVAL;
201 goto err;
202 }
203
204 if (pos < sizeof(struct usb_device_descriptor)) {
205
206 struct usb_device_descriptor temp_desc;
207
208 memcpy(&temp_desc, &dev->descriptor, sizeof(dev->descriptor));
209 le16_to_cpus(&temp_desc.bcdUSB);
210 le16_to_cpus(&temp_desc.idVendor);
211 le16_to_cpus(&temp_desc.idProduct);
212 le16_to_cpus(&temp_desc.bcdDevice);
213
214 len = sizeof(struct usb_device_descriptor) - pos;
215 if (len > nbytes)
216 len = nbytes;
217 if (copy_to_user(buf, ((char *)&temp_desc) + pos, len)) {
218 ret = -EFAULT;
219 goto err;
220 }
221
222 *ppos += len;
223 buf += len;
224 nbytes -= len;
225 ret += len;
226 }
227
228 pos = sizeof(struct usb_device_descriptor);
229 for (i = 0; nbytes && i < dev->descriptor.bNumConfigurations; i++) {
230 struct usb_config_descriptor *config =
231 (struct usb_config_descriptor *)dev->rawdescriptors[i];
232 unsigned int length = le16_to_cpu(config->wTotalLength);
233
234 if (*ppos < pos + length) {
235
236
237
238 unsigned alloclen =
239 le16_to_cpu(dev->config[i].desc.wTotalLength);
240
241 len = length - (*ppos - pos);
242 if (len > nbytes)
243 len = nbytes;
244
245
246 if (alloclen > (*ppos - pos)) {
247 alloclen -= (*ppos - pos);
248 if (copy_to_user(buf,
249 dev->rawdescriptors[i] + (*ppos - pos),
250 min(len, alloclen))) {
251 ret = -EFAULT;
252 goto err;
253 }
254 }
255
256 *ppos += len;
257 buf += len;
258 nbytes -= len;
259 ret += len;
260 }
261
262 pos += length;
263 }
264
265err:
266 usb_unlock_device(dev);
267 return ret;
268}
269
270
271
272
273
274static struct async *alloc_async(unsigned int numisoframes)
275{
276 struct async *as;
277
278 as = kzalloc(sizeof(struct async), GFP_KERNEL);
279 if (!as)
280 return NULL;
281 as->urb = usb_alloc_urb(numisoframes, GFP_KERNEL);
282 if (!as->urb) {
283 kfree(as);
284 return NULL;
285 }
286 return as;
287}
288
289static void free_async(struct async *as)
290{
291 int i;
292
293 put_pid(as->pid);
294 if (as->cred)
295 put_cred(as->cred);
296 for (i = 0; i < as->urb->num_sgs; i++) {
297 if (sg_page(&as->urb->sg[i]))
298 kfree(sg_virt(&as->urb->sg[i]));
299 }
300 kfree(as->urb->sg);
301 kfree(as->urb->transfer_buffer);
302 kfree(as->urb->setup_packet);
303 usb_free_urb(as->urb);
304 usbfs_decrease_memory_usage(as->mem_usage);
305 kfree(as);
306}
307
308static void async_newpending(struct async *as)
309{
310 struct dev_state *ps = as->ps;
311 unsigned long flags;
312
313 spin_lock_irqsave(&ps->lock, flags);
314 list_add_tail(&as->asynclist, &ps->async_pending);
315 spin_unlock_irqrestore(&ps->lock, flags);
316}
317
318static void async_removepending(struct async *as)
319{
320 struct dev_state *ps = as->ps;
321 unsigned long flags;
322
323 spin_lock_irqsave(&ps->lock, flags);
324 list_del_init(&as->asynclist);
325 spin_unlock_irqrestore(&ps->lock, flags);
326}
327
328static struct async *async_getcompleted(struct dev_state *ps)
329{
330 unsigned long flags;
331 struct async *as = NULL;
332
333 spin_lock_irqsave(&ps->lock, flags);
334 if (!list_empty(&ps->async_completed)) {
335 as = list_entry(ps->async_completed.next, struct async,
336 asynclist);
337 list_del_init(&as->asynclist);
338 }
339 spin_unlock_irqrestore(&ps->lock, flags);
340 return as;
341}
342
343static struct async *async_getpending(struct dev_state *ps,
344 void __user *userurb)
345{
346 struct async *as;
347
348 list_for_each_entry(as, &ps->async_pending, asynclist)
349 if (as->userurb == userurb) {
350 list_del_init(&as->asynclist);
351 return as;
352 }
353
354 return NULL;
355}
356
357static void snoop_urb(struct usb_device *udev,
358 void __user *userurb, int pipe, unsigned length,
359 int timeout_or_status, enum snoop_when when,
360 unsigned char *data, unsigned data_len)
361{
362 static const char *types[] = {"isoc", "int", "ctrl", "bulk"};
363 static const char *dirs[] = {"out", "in"};
364 int ep;
365 const char *t, *d;
366
367 if (!usbfs_snoop)
368 return;
369
370 ep = usb_pipeendpoint(pipe);
371 t = types[usb_pipetype(pipe)];
372 d = dirs[!!usb_pipein(pipe)];
373
374 if (userurb) {
375 if (when == SUBMIT)
376 dev_info(&udev->dev, "userurb %p, ep%d %s-%s, "
377 "length %u\n",
378 userurb, ep, t, d, length);
379 else
380 dev_info(&udev->dev, "userurb %p, ep%d %s-%s, "
381 "actual_length %u status %d\n",
382 userurb, ep, t, d, length,
383 timeout_or_status);
384 } else {
385 if (when == SUBMIT)
386 dev_info(&udev->dev, "ep%d %s-%s, length %u, "
387 "timeout %d\n",
388 ep, t, d, length, timeout_or_status);
389 else
390 dev_info(&udev->dev, "ep%d %s-%s, actual_length %u, "
391 "status %d\n",
392 ep, t, d, length, timeout_or_status);
393 }
394
395 if (data && data_len > 0) {
396 print_hex_dump(KERN_DEBUG, "data: ", DUMP_PREFIX_NONE, 32, 1,
397 data, data_len, 1);
398 }
399}
400
401static void snoop_urb_data(struct urb *urb, unsigned len)
402{
403 int i, size;
404
405 if (!usbfs_snoop)
406 return;
407
408 if (urb->num_sgs == 0) {
409 print_hex_dump(KERN_DEBUG, "data: ", DUMP_PREFIX_NONE, 32, 1,
410 urb->transfer_buffer, len, 1);
411 return;
412 }
413
414 for (i = 0; i < urb->num_sgs && len; i++) {
415 size = (len > USB_SG_SIZE) ? USB_SG_SIZE : len;
416 print_hex_dump(KERN_DEBUG, "data: ", DUMP_PREFIX_NONE, 32, 1,
417 sg_virt(&urb->sg[i]), size, 1);
418 len -= size;
419 }
420}
421
422static int copy_urb_data_to_user(u8 __user *userbuffer, struct urb *urb)
423{
424 unsigned i, len, size;
425
426 if (urb->number_of_packets > 0)
427 len = urb->transfer_buffer_length;
428 else
429 len = urb->actual_length;
430
431 if (urb->num_sgs == 0) {
432 if (copy_to_user(userbuffer, urb->transfer_buffer, len))
433 return -EFAULT;
434 return 0;
435 }
436
437 for (i = 0; i < urb->num_sgs && len; i++) {
438 size = (len > USB_SG_SIZE) ? USB_SG_SIZE : len;
439 if (copy_to_user(userbuffer, sg_virt(&urb->sg[i]), size))
440 return -EFAULT;
441 userbuffer += size;
442 len -= size;
443 }
444
445 return 0;
446}
447
448#define AS_CONTINUATION 1
449#define AS_UNLINK 2
450
451static void cancel_bulk_urbs(struct dev_state *ps, unsigned bulk_addr)
452__releases(ps->lock)
453__acquires(ps->lock)
454{
455 struct urb *urb;
456 struct async *as;
457
458
459
460
461
462
463 list_for_each_entry(as, &ps->async_pending, asynclist) {
464 if (as->bulk_addr == bulk_addr) {
465 if (as->bulk_status != AS_CONTINUATION)
466 goto rescan;
467 as->bulk_status = AS_UNLINK;
468 as->bulk_addr = 0;
469 }
470 }
471 ps->disabled_bulk_eps |= (1 << bulk_addr);
472
473
474 rescan:
475 list_for_each_entry(as, &ps->async_pending, asynclist) {
476 if (as->bulk_status == AS_UNLINK) {
477 as->bulk_status = 0;
478 urb = as->urb;
479 usb_get_urb(urb);
480 spin_unlock(&ps->lock);
481 usb_unlink_urb(urb);
482 usb_put_urb(urb);
483 spin_lock(&ps->lock);
484 goto rescan;
485 }
486 }
487}
488
489static void async_completed(struct urb *urb)
490{
491 struct async *as = urb->context;
492 struct dev_state *ps = as->ps;
493 struct siginfo sinfo;
494 struct pid *pid = NULL;
495 u32 secid = 0;
496 const struct cred *cred = NULL;
497 int signr;
498
499 spin_lock(&ps->lock);
500 list_move_tail(&as->asynclist, &ps->async_completed);
501 as->status = urb->status;
502 signr = as->signr;
503 if (signr) {
504 sinfo.si_signo = as->signr;
505 sinfo.si_errno = as->status;
506 sinfo.si_code = SI_ASYNCIO;
507 sinfo.si_addr = as->userurb;
508 pid = get_pid(as->pid);
509 cred = get_cred(as->cred);
510 secid = as->secid;
511 }
512 snoop(&urb->dev->dev, "urb complete\n");
513 snoop_urb(urb->dev, as->userurb, urb->pipe, urb->actual_length,
514 as->status, COMPLETE, NULL, 0);
515 if ((urb->transfer_flags & URB_DIR_MASK) == USB_DIR_IN)
516 snoop_urb_data(urb, urb->actual_length);
517
518 if (as->status < 0 && as->bulk_addr && as->status != -ECONNRESET &&
519 as->status != -ENOENT)
520 cancel_bulk_urbs(ps, as->bulk_addr);
521 spin_unlock(&ps->lock);
522
523 if (signr) {
524 kill_pid_info_as_cred(sinfo.si_signo, &sinfo, pid, cred, secid);
525 put_pid(pid);
526 put_cred(cred);
527 }
528
529 wake_up(&ps->wait);
530}
531
532static void destroy_async(struct dev_state *ps, struct list_head *list)
533{
534 struct urb *urb;
535 struct async *as;
536 unsigned long flags;
537
538 spin_lock_irqsave(&ps->lock, flags);
539 while (!list_empty(list)) {
540 as = list_entry(list->next, struct async, asynclist);
541 list_del_init(&as->asynclist);
542 urb = as->urb;
543 usb_get_urb(urb);
544
545
546 spin_unlock_irqrestore(&ps->lock, flags);
547 usb_kill_urb(urb);
548 usb_put_urb(urb);
549 spin_lock_irqsave(&ps->lock, flags);
550 }
551 spin_unlock_irqrestore(&ps->lock, flags);
552}
553
554static void destroy_async_on_interface(struct dev_state *ps,
555 unsigned int ifnum)
556{
557 struct list_head *p, *q, hitlist;
558 unsigned long flags;
559
560 INIT_LIST_HEAD(&hitlist);
561 spin_lock_irqsave(&ps->lock, flags);
562 list_for_each_safe(p, q, &ps->async_pending)
563 if (ifnum == list_entry(p, struct async, asynclist)->ifnum)
564 list_move_tail(p, &hitlist);
565 spin_unlock_irqrestore(&ps->lock, flags);
566 destroy_async(ps, &hitlist);
567}
568
569static void destroy_all_async(struct dev_state *ps)
570{
571 destroy_async(ps, &ps->async_pending);
572}
573
574
575
576
577
578
579
580static int driver_probe(struct usb_interface *intf,
581 const struct usb_device_id *id)
582{
583 return -ENODEV;
584}
585
586static void driver_disconnect(struct usb_interface *intf)
587{
588 struct dev_state *ps = usb_get_intfdata(intf);
589 unsigned int ifnum = intf->altsetting->desc.bInterfaceNumber;
590
591 if (!ps)
592 return;
593
594
595
596
597
598 if (likely(ifnum < 8*sizeof(ps->ifclaimed)))
599 clear_bit(ifnum, &ps->ifclaimed);
600 else
601 dev_warn(&intf->dev, "interface number %u out of range\n",
602 ifnum);
603
604 usb_set_intfdata(intf, NULL);
605
606
607 destroy_async_on_interface(ps, ifnum);
608}
609
610
611
612
613static int driver_suspend(struct usb_interface *intf, pm_message_t msg)
614{
615 return 0;
616}
617
618static int driver_resume(struct usb_interface *intf)
619{
620 return 0;
621}
622
623struct usb_driver usbfs_driver = {
624 .name = "usbfs",
625 .probe = driver_probe,
626 .disconnect = driver_disconnect,
627 .suspend = driver_suspend,
628 .resume = driver_resume,
629};
630
631static int claimintf(struct dev_state *ps, unsigned int ifnum)
632{
633 struct usb_device *dev = ps->dev;
634 struct usb_interface *intf;
635 int err;
636
637 if (ifnum >= 8*sizeof(ps->ifclaimed))
638 return -EINVAL;
639
640 if (test_bit(ifnum, &ps->ifclaimed))
641 return 0;
642
643 intf = usb_ifnum_to_if(dev, ifnum);
644 if (!intf)
645 err = -ENOENT;
646 else
647 err = usb_driver_claim_interface(&usbfs_driver, intf, ps);
648 if (err == 0)
649 set_bit(ifnum, &ps->ifclaimed);
650 return err;
651}
652
653static int releaseintf(struct dev_state *ps, unsigned int ifnum)
654{
655 struct usb_device *dev;
656 struct usb_interface *intf;
657 int err;
658
659 err = -EINVAL;
660 if (ifnum >= 8*sizeof(ps->ifclaimed))
661 return err;
662 dev = ps->dev;
663 intf = usb_ifnum_to_if(dev, ifnum);
664 if (!intf)
665 err = -ENOENT;
666 else if (test_and_clear_bit(ifnum, &ps->ifclaimed)) {
667 usb_driver_release_interface(&usbfs_driver, intf);
668 err = 0;
669 }
670 return err;
671}
672
673static int checkintf(struct dev_state *ps, unsigned int ifnum)
674{
675 if (ps->dev->state != USB_STATE_CONFIGURED)
676 return -EHOSTUNREACH;
677 if (ifnum >= 8*sizeof(ps->ifclaimed))
678 return -EINVAL;
679 if (test_bit(ifnum, &ps->ifclaimed))
680 return 0;
681
682 dev_warn(&ps->dev->dev, "usbfs: process %d (%s) did not claim "
683 "interface %u before use\n", task_pid_nr(current),
684 current->comm, ifnum);
685 return claimintf(ps, ifnum);
686}
687
688static int findintfep(struct usb_device *dev, unsigned int ep)
689{
690 unsigned int i, j, e;
691 struct usb_interface *intf;
692 struct usb_host_interface *alts;
693 struct usb_endpoint_descriptor *endpt;
694
695 if (ep & ~(USB_DIR_IN|0xf))
696 return -EINVAL;
697 if (!dev->actconfig)
698 return -ESRCH;
699 for (i = 0; i < dev->actconfig->desc.bNumInterfaces; i++) {
700 intf = dev->actconfig->interface[i];
701 for (j = 0; j < intf->num_altsetting; j++) {
702 alts = &intf->altsetting[j];
703 for (e = 0; e < alts->desc.bNumEndpoints; e++) {
704 endpt = &alts->endpoint[e].desc;
705 if (endpt->bEndpointAddress == ep)
706 return alts->desc.bInterfaceNumber;
707 }
708 }
709 }
710 return -ENOENT;
711}
712
713static int check_ctrlrecip(struct dev_state *ps, unsigned int requesttype,
714 unsigned int request, unsigned int index)
715{
716 int ret = 0;
717 struct usb_host_interface *alt_setting;
718
719 if (ps->dev->state != USB_STATE_UNAUTHENTICATED
720 && ps->dev->state != USB_STATE_ADDRESS
721 && ps->dev->state != USB_STATE_CONFIGURED)
722 return -EHOSTUNREACH;
723 if (USB_TYPE_VENDOR == (USB_TYPE_MASK & requesttype))
724 return 0;
725
726
727
728
729
730
731 if (requesttype == 0xa1 && request == 0) {
732 alt_setting = usb_find_alt_setting(ps->dev->actconfig,
733 index >> 8, index & 0xff);
734 if (alt_setting
735 && alt_setting->desc.bInterfaceClass == USB_CLASS_PRINTER)
736 index >>= 8;
737 }
738
739 index &= 0xff;
740 switch (requesttype & USB_RECIP_MASK) {
741 case USB_RECIP_ENDPOINT:
742 if ((index & ~USB_DIR_IN) == 0)
743 return 0;
744 ret = findintfep(ps->dev, index);
745 if (ret >= 0)
746 ret = checkintf(ps, ret);
747 break;
748
749 case USB_RECIP_INTERFACE:
750 ret = checkintf(ps, index);
751 break;
752 }
753 return ret;
754}
755
756static int match_devt(struct device *dev, void *data)
757{
758 return dev->devt == (dev_t) (unsigned long) data;
759}
760
761static struct usb_device *usbdev_lookup_by_devt(dev_t devt)
762{
763 struct device *dev;
764
765 dev = bus_find_device(&usb_bus_type, NULL,
766 (void *) (unsigned long) devt, match_devt);
767 if (!dev)
768 return NULL;
769 return container_of(dev, struct usb_device, dev);
770}
771
772
773
774
775static int usbdev_open(struct inode *inode, struct file *file)
776{
777 struct usb_device *dev = NULL;
778 struct dev_state *ps;
779 int ret;
780
781 ret = -ENOMEM;
782 ps = kmalloc(sizeof(struct dev_state), GFP_KERNEL);
783 if (!ps)
784 goto out_free_ps;
785
786 ret = -ENODEV;
787
788
789 mutex_lock(&usbfs_mutex);
790
791
792 if (imajor(inode) == USB_DEVICE_MAJOR)
793 dev = usbdev_lookup_by_devt(inode->i_rdev);
794
795 mutex_unlock(&usbfs_mutex);
796
797 if (!dev)
798 goto out_free_ps;
799
800 usb_lock_device(dev);
801 if (dev->state == USB_STATE_NOTATTACHED)
802 goto out_unlock_device;
803
804 ret = usb_autoresume_device(dev);
805 if (ret)
806 goto out_unlock_device;
807
808 ps->dev = dev;
809 ps->file = file;
810 spin_lock_init(&ps->lock);
811 INIT_LIST_HEAD(&ps->list);
812 INIT_LIST_HEAD(&ps->async_pending);
813 INIT_LIST_HEAD(&ps->async_completed);
814 init_waitqueue_head(&ps->wait);
815 ps->discsignr = 0;
816 ps->disc_pid = get_pid(task_pid(current));
817 ps->cred = get_current_cred();
818 ps->disccontext = NULL;
819 ps->ifclaimed = 0;
820 security_task_getsecid(current, &ps->secid);
821 smp_wmb();
822 list_add_tail(&ps->list, &dev->filelist);
823 file->private_data = ps;
824 usb_unlock_device(dev);
825 snoop(&dev->dev, "opened by process %d: %s\n", task_pid_nr(current),
826 current->comm);
827 return ret;
828
829 out_unlock_device:
830 usb_unlock_device(dev);
831 usb_put_dev(dev);
832 out_free_ps:
833 kfree(ps);
834 return ret;
835}
836
837static int usbdev_release(struct inode *inode, struct file *file)
838{
839 struct dev_state *ps = file->private_data;
840 struct usb_device *dev = ps->dev;
841 unsigned int ifnum;
842 struct async *as;
843
844 usb_lock_device(dev);
845 usb_hub_release_all_ports(dev, ps);
846
847 list_del_init(&ps->list);
848
849 for (ifnum = 0; ps->ifclaimed && ifnum < 8*sizeof(ps->ifclaimed);
850 ifnum++) {
851 if (test_bit(ifnum, &ps->ifclaimed))
852 releaseintf(ps, ifnum);
853 }
854 destroy_all_async(ps);
855 usb_autosuspend_device(dev);
856 usb_unlock_device(dev);
857 usb_put_dev(dev);
858 put_pid(ps->disc_pid);
859 put_cred(ps->cred);
860
861 as = async_getcompleted(ps);
862 while (as) {
863 free_async(as);
864 as = async_getcompleted(ps);
865 }
866 kfree(ps);
867 return 0;
868}
869
870static int proc_control(struct dev_state *ps, void __user *arg)
871{
872 struct usb_device *dev = ps->dev;
873 struct usbdevfs_ctrltransfer ctrl;
874 unsigned int tmo;
875 unsigned char *tbuf;
876 unsigned wLength;
877 int i, pipe, ret;
878
879 if (copy_from_user(&ctrl, arg, sizeof(ctrl)))
880 return -EFAULT;
881 ret = check_ctrlrecip(ps, ctrl.bRequestType, ctrl.bRequest,
882 ctrl.wIndex);
883 if (ret)
884 return ret;
885 wLength = ctrl.wLength;
886 if (wLength > PAGE_SIZE)
887 return -EINVAL;
888 ret = usbfs_increase_memory_usage(PAGE_SIZE + sizeof(struct urb) +
889 sizeof(struct usb_ctrlrequest));
890 if (ret)
891 return ret;
892 tbuf = (unsigned char *)__get_free_page(GFP_KERNEL);
893 if (!tbuf) {
894 ret = -ENOMEM;
895 goto done;
896 }
897 tmo = ctrl.timeout;
898 snoop(&dev->dev, "control urb: bRequestType=%02x "
899 "bRequest=%02x wValue=%04x "
900 "wIndex=%04x wLength=%04x\n",
901 ctrl.bRequestType, ctrl.bRequest,
902 __le16_to_cpup(&ctrl.wValue),
903 __le16_to_cpup(&ctrl.wIndex),
904 __le16_to_cpup(&ctrl.wLength));
905 if (ctrl.bRequestType & 0x80) {
906 if (ctrl.wLength && !access_ok(VERIFY_WRITE, ctrl.data,
907 ctrl.wLength)) {
908 ret = -EINVAL;
909 goto done;
910 }
911 pipe = usb_rcvctrlpipe(dev, 0);
912 snoop_urb(dev, NULL, pipe, ctrl.wLength, tmo, SUBMIT, NULL, 0);
913
914 usb_unlock_device(dev);
915 i = usb_control_msg(dev, pipe, ctrl.bRequest,
916 ctrl.bRequestType, ctrl.wValue, ctrl.wIndex,
917 tbuf, ctrl.wLength, tmo);
918 usb_lock_device(dev);
919 snoop_urb(dev, NULL, pipe, max(i, 0), min(i, 0), COMPLETE,
920 tbuf, max(i, 0));
921 if ((i > 0) && ctrl.wLength) {
922 if (copy_to_user(ctrl.data, tbuf, i)) {
923 ret = -EFAULT;
924 goto done;
925 }
926 }
927 } else {
928 if (ctrl.wLength) {
929 if (copy_from_user(tbuf, ctrl.data, ctrl.wLength)) {
930 ret = -EFAULT;
931 goto done;
932 }
933 }
934 pipe = usb_sndctrlpipe(dev, 0);
935 snoop_urb(dev, NULL, pipe, ctrl.wLength, tmo, SUBMIT,
936 tbuf, ctrl.wLength);
937
938 usb_unlock_device(dev);
939 i = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), ctrl.bRequest,
940 ctrl.bRequestType, ctrl.wValue, ctrl.wIndex,
941 tbuf, ctrl.wLength, tmo);
942 usb_lock_device(dev);
943 snoop_urb(dev, NULL, pipe, max(i, 0), min(i, 0), COMPLETE, NULL, 0);
944 }
945 if (i < 0 && i != -EPIPE) {
946 dev_printk(KERN_DEBUG, &dev->dev, "usbfs: USBDEVFS_CONTROL "
947 "failed cmd %s rqt %u rq %u len %u ret %d\n",
948 current->comm, ctrl.bRequestType, ctrl.bRequest,
949 ctrl.wLength, i);
950 }
951 ret = i;
952 done:
953 free_page((unsigned long) tbuf);
954 usbfs_decrease_memory_usage(PAGE_SIZE + sizeof(struct urb) +
955 sizeof(struct usb_ctrlrequest));
956 return ret;
957}
958
959static int proc_bulk(struct dev_state *ps, void __user *arg)
960{
961 struct usb_device *dev = ps->dev;
962 struct usbdevfs_bulktransfer bulk;
963 unsigned int tmo, len1, pipe;
964 int len2;
965 unsigned char *tbuf;
966 int i, ret;
967
968 if (copy_from_user(&bulk, arg, sizeof(bulk)))
969 return -EFAULT;
970 ret = findintfep(ps->dev, bulk.ep);
971 if (ret < 0)
972 return ret;
973 ret = checkintf(ps, ret);
974 if (ret)
975 return ret;
976 if (bulk.ep & USB_DIR_IN)
977 pipe = usb_rcvbulkpipe(dev, bulk.ep & 0x7f);
978 else
979 pipe = usb_sndbulkpipe(dev, bulk.ep & 0x7f);
980 if (!usb_maxpacket(dev, pipe, !(bulk.ep & USB_DIR_IN)))
981 return -EINVAL;
982 len1 = bulk.len;
983 if (len1 >= USBFS_XFER_MAX)
984 return -EINVAL;
985 ret = usbfs_increase_memory_usage(len1 + sizeof(struct urb));
986 if (ret)
987 return ret;
988 if (!(tbuf = kmalloc(len1, GFP_KERNEL))) {
989 ret = -ENOMEM;
990 goto done;
991 }
992 tmo = bulk.timeout;
993 if (bulk.ep & 0x80) {
994 if (len1 && !access_ok(VERIFY_WRITE, bulk.data, len1)) {
995 ret = -EINVAL;
996 goto done;
997 }
998 snoop_urb(dev, NULL, pipe, len1, tmo, SUBMIT, NULL, 0);
999
1000 usb_unlock_device(dev);
1001 i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo);
1002 usb_lock_device(dev);
1003 snoop_urb(dev, NULL, pipe, len2, i, COMPLETE, tbuf, len2);
1004
1005 if (!i && len2) {
1006 if (copy_to_user(bulk.data, tbuf, len2)) {
1007 ret = -EFAULT;
1008 goto done;
1009 }
1010 }
1011 } else {
1012 if (len1) {
1013 if (copy_from_user(tbuf, bulk.data, len1)) {
1014 ret = -EFAULT;
1015 goto done;
1016 }
1017 }
1018 snoop_urb(dev, NULL, pipe, len1, tmo, SUBMIT, tbuf, len1);
1019
1020 usb_unlock_device(dev);
1021 i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo);
1022 usb_lock_device(dev);
1023 snoop_urb(dev, NULL, pipe, len2, i, COMPLETE, NULL, 0);
1024 }
1025 ret = (i < 0 ? i : len2);
1026 done:
1027 kfree(tbuf);
1028 usbfs_decrease_memory_usage(len1 + sizeof(struct urb));
1029 return ret;
1030}
1031
1032static int proc_resetep(struct dev_state *ps, void __user *arg)
1033{
1034 unsigned int ep;
1035 int ret;
1036
1037 if (get_user(ep, (unsigned int __user *)arg))
1038 return -EFAULT;
1039 ret = findintfep(ps->dev, ep);
1040 if (ret < 0)
1041 return ret;
1042 ret = checkintf(ps, ret);
1043 if (ret)
1044 return ret;
1045 usb_reset_endpoint(ps->dev, ep);
1046 return 0;
1047}
1048
1049static int proc_clearhalt(struct dev_state *ps, void __user *arg)
1050{
1051 unsigned int ep;
1052 int pipe;
1053 int ret;
1054
1055 if (get_user(ep, (unsigned int __user *)arg))
1056 return -EFAULT;
1057 ret = findintfep(ps->dev, ep);
1058 if (ret < 0)
1059 return ret;
1060 ret = checkintf(ps, ret);
1061 if (ret)
1062 return ret;
1063 if (ep & USB_DIR_IN)
1064 pipe = usb_rcvbulkpipe(ps->dev, ep & 0x7f);
1065 else
1066 pipe = usb_sndbulkpipe(ps->dev, ep & 0x7f);
1067
1068 return usb_clear_halt(ps->dev, pipe);
1069}
1070
1071static int proc_getdriver(struct dev_state *ps, void __user *arg)
1072{
1073 struct usbdevfs_getdriver gd;
1074 struct usb_interface *intf;
1075 int ret;
1076
1077 if (copy_from_user(&gd, arg, sizeof(gd)))
1078 return -EFAULT;
1079 intf = usb_ifnum_to_if(ps->dev, gd.interface);
1080 if (!intf || !intf->dev.driver)
1081 ret = -ENODATA;
1082 else {
1083 strlcpy(gd.driver, intf->dev.driver->name,
1084 sizeof(gd.driver));
1085 ret = (copy_to_user(arg, &gd, sizeof(gd)) ? -EFAULT : 0);
1086 }
1087 return ret;
1088}
1089
1090static int proc_connectinfo(struct dev_state *ps, void __user *arg)
1091{
1092 struct usbdevfs_connectinfo ci = {
1093 .devnum = ps->dev->devnum,
1094 .slow = ps->dev->speed == USB_SPEED_LOW
1095 };
1096
1097 if (copy_to_user(arg, &ci, sizeof(ci)))
1098 return -EFAULT;
1099 return 0;
1100}
1101
1102static int proc_resetdevice(struct dev_state *ps)
1103{
1104 return usb_reset_device(ps->dev);
1105}
1106
1107static int proc_setintf(struct dev_state *ps, void __user *arg)
1108{
1109 struct usbdevfs_setinterface setintf;
1110 int ret;
1111
1112 if (copy_from_user(&setintf, arg, sizeof(setintf)))
1113 return -EFAULT;
1114 if ((ret = checkintf(ps, setintf.interface)))
1115 return ret;
1116 return usb_set_interface(ps->dev, setintf.interface,
1117 setintf.altsetting);
1118}
1119
1120static int proc_setconfig(struct dev_state *ps, void __user *arg)
1121{
1122 int u;
1123 int status = 0;
1124 struct usb_host_config *actconfig;
1125
1126 if (get_user(u, (int __user *)arg))
1127 return -EFAULT;
1128
1129 actconfig = ps->dev->actconfig;
1130
1131
1132
1133
1134
1135 if (actconfig) {
1136 int i;
1137
1138 for (i = 0; i < actconfig->desc.bNumInterfaces; ++i) {
1139 if (usb_interface_claimed(actconfig->interface[i])) {
1140 dev_warn(&ps->dev->dev,
1141 "usbfs: interface %d claimed by %s "
1142 "while '%s' sets config #%d\n",
1143 actconfig->interface[i]
1144 ->cur_altsetting
1145 ->desc.bInterfaceNumber,
1146 actconfig->interface[i]
1147 ->dev.driver->name,
1148 current->comm, u);
1149 status = -EBUSY;
1150 break;
1151 }
1152 }
1153 }
1154
1155
1156
1157
1158 if (status == 0) {
1159 if (actconfig && actconfig->desc.bConfigurationValue == u)
1160 status = usb_reset_configuration(ps->dev);
1161 else
1162 status = usb_set_configuration(ps->dev, u);
1163 }
1164
1165 return status;
1166}
1167
1168static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb,
1169 struct usbdevfs_iso_packet_desc __user *iso_frame_desc,
1170 void __user *arg)
1171{
1172 struct usbdevfs_iso_packet_desc *isopkt = NULL;
1173 struct usb_host_endpoint *ep;
1174 struct async *as = NULL;
1175 struct usb_ctrlrequest *dr = NULL;
1176 unsigned int u, totlen, isofrmlen;
1177 int i, ret, is_in, num_sgs = 0, ifnum = -1;
1178 void *buf;
1179
1180 if (uurb->flags & ~(USBDEVFS_URB_ISO_ASAP |
1181 USBDEVFS_URB_SHORT_NOT_OK |
1182 USBDEVFS_URB_BULK_CONTINUATION |
1183 USBDEVFS_URB_NO_FSBR |
1184 USBDEVFS_URB_ZERO_PACKET |
1185 USBDEVFS_URB_NO_INTERRUPT))
1186 return -EINVAL;
1187 if (uurb->buffer_length > 0 && !uurb->buffer)
1188 return -EINVAL;
1189 if (!(uurb->type == USBDEVFS_URB_TYPE_CONTROL &&
1190 (uurb->endpoint & ~USB_ENDPOINT_DIR_MASK) == 0)) {
1191 ifnum = findintfep(ps->dev, uurb->endpoint);
1192 if (ifnum < 0)
1193 return ifnum;
1194 ret = checkintf(ps, ifnum);
1195 if (ret)
1196 return ret;
1197 }
1198 if ((uurb->endpoint & USB_ENDPOINT_DIR_MASK) != 0) {
1199 is_in = 1;
1200 ep = ps->dev->ep_in[uurb->endpoint & USB_ENDPOINT_NUMBER_MASK];
1201 } else {
1202 is_in = 0;
1203 ep = ps->dev->ep_out[uurb->endpoint & USB_ENDPOINT_NUMBER_MASK];
1204 }
1205 if (!ep)
1206 return -ENOENT;
1207
1208 u = 0;
1209 switch(uurb->type) {
1210 case USBDEVFS_URB_TYPE_CONTROL:
1211 if (!usb_endpoint_xfer_control(&ep->desc))
1212 return -EINVAL;
1213
1214 if (uurb->buffer_length < 8)
1215 return -EINVAL;
1216 dr = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
1217 if (!dr)
1218 return -ENOMEM;
1219 if (copy_from_user(dr, uurb->buffer, 8)) {
1220 ret = -EFAULT;
1221 goto error;
1222 }
1223 if (uurb->buffer_length < (le16_to_cpup(&dr->wLength) + 8)) {
1224 ret = -EINVAL;
1225 goto error;
1226 }
1227 ret = check_ctrlrecip(ps, dr->bRequestType, dr->bRequest,
1228 le16_to_cpup(&dr->wIndex));
1229 if (ret)
1230 goto error;
1231 uurb->number_of_packets = 0;
1232 uurb->buffer_length = le16_to_cpup(&dr->wLength);
1233 uurb->buffer += 8;
1234 if ((dr->bRequestType & USB_DIR_IN) && uurb->buffer_length) {
1235 is_in = 1;
1236 uurb->endpoint |= USB_DIR_IN;
1237 } else {
1238 is_in = 0;
1239 uurb->endpoint &= ~USB_DIR_IN;
1240 }
1241 snoop(&ps->dev->dev, "control urb: bRequestType=%02x "
1242 "bRequest=%02x wValue=%04x "
1243 "wIndex=%04x wLength=%04x\n",
1244 dr->bRequestType, dr->bRequest,
1245 __le16_to_cpup(&dr->wValue),
1246 __le16_to_cpup(&dr->wIndex),
1247 __le16_to_cpup(&dr->wLength));
1248 u = sizeof(struct usb_ctrlrequest);
1249 break;
1250
1251 case USBDEVFS_URB_TYPE_BULK:
1252 switch (usb_endpoint_type(&ep->desc)) {
1253 case USB_ENDPOINT_XFER_CONTROL:
1254 case USB_ENDPOINT_XFER_ISOC:
1255 return -EINVAL;
1256 case USB_ENDPOINT_XFER_INT:
1257
1258 uurb->type = USBDEVFS_URB_TYPE_INTERRUPT;
1259 goto interrupt_urb;
1260 }
1261 uurb->number_of_packets = 0;
1262 num_sgs = DIV_ROUND_UP(uurb->buffer_length, USB_SG_SIZE);
1263 if (num_sgs == 1 || num_sgs > ps->dev->bus->sg_tablesize)
1264 num_sgs = 0;
1265 break;
1266
1267 case USBDEVFS_URB_TYPE_INTERRUPT:
1268 if (!usb_endpoint_xfer_int(&ep->desc))
1269 return -EINVAL;
1270 interrupt_urb:
1271 uurb->number_of_packets = 0;
1272 break;
1273
1274 case USBDEVFS_URB_TYPE_ISO:
1275
1276 if (uurb->number_of_packets < 1 ||
1277 uurb->number_of_packets > 128)
1278 return -EINVAL;
1279 if (!usb_endpoint_xfer_isoc(&ep->desc))
1280 return -EINVAL;
1281 isofrmlen = sizeof(struct usbdevfs_iso_packet_desc) *
1282 uurb->number_of_packets;
1283 if (!(isopkt = kmalloc(isofrmlen, GFP_KERNEL)))
1284 return -ENOMEM;
1285 if (copy_from_user(isopkt, iso_frame_desc, isofrmlen)) {
1286 ret = -EFAULT;
1287 goto error;
1288 }
1289 for (totlen = u = 0; u < uurb->number_of_packets; u++) {
1290
1291
1292
1293
1294
1295
1296 if (isopkt[u].length > 49152) {
1297 ret = -EINVAL;
1298 goto error;
1299 }
1300 totlen += isopkt[u].length;
1301 }
1302 u *= sizeof(struct usb_iso_packet_descriptor);
1303 uurb->buffer_length = totlen;
1304 break;
1305
1306 default:
1307 return -EINVAL;
1308 }
1309
1310 if (uurb->buffer_length >= USBFS_XFER_MAX) {
1311 ret = -EINVAL;
1312 goto error;
1313 }
1314 if (uurb->buffer_length > 0 &&
1315 !access_ok(is_in ? VERIFY_WRITE : VERIFY_READ,
1316 uurb->buffer, uurb->buffer_length)) {
1317 ret = -EFAULT;
1318 goto error;
1319 }
1320 as = alloc_async(uurb->number_of_packets);
1321 if (!as) {
1322 ret = -ENOMEM;
1323 goto error;
1324 }
1325
1326 u += sizeof(struct async) + sizeof(struct urb) + uurb->buffer_length +
1327 num_sgs * sizeof(struct scatterlist);
1328 ret = usbfs_increase_memory_usage(u);
1329 if (ret)
1330 goto error;
1331 as->mem_usage = u;
1332
1333 if (num_sgs) {
1334 as->urb->sg = kmalloc(num_sgs * sizeof(struct scatterlist),
1335 GFP_KERNEL);
1336 if (!as->urb->sg) {
1337 ret = -ENOMEM;
1338 goto error;
1339 }
1340 as->urb->num_sgs = num_sgs;
1341 sg_init_table(as->urb->sg, as->urb->num_sgs);
1342
1343 totlen = uurb->buffer_length;
1344 for (i = 0; i < as->urb->num_sgs; i++) {
1345 u = (totlen > USB_SG_SIZE) ? USB_SG_SIZE : totlen;
1346 buf = kmalloc(u, GFP_KERNEL);
1347 if (!buf) {
1348 ret = -ENOMEM;
1349 goto error;
1350 }
1351 sg_set_buf(&as->urb->sg[i], buf, u);
1352
1353 if (!is_in) {
1354 if (copy_from_user(buf, uurb->buffer, u)) {
1355 ret = -EFAULT;
1356 goto error;
1357 }
1358 uurb->buffer += u;
1359 }
1360 totlen -= u;
1361 }
1362 } else if (uurb->buffer_length > 0) {
1363 as->urb->transfer_buffer = kmalloc(uurb->buffer_length,
1364 GFP_KERNEL);
1365 if (!as->urb->transfer_buffer) {
1366 ret = -ENOMEM;
1367 goto error;
1368 }
1369
1370 if (!is_in) {
1371 if (copy_from_user(as->urb->transfer_buffer,
1372 uurb->buffer,
1373 uurb->buffer_length)) {
1374 ret = -EFAULT;
1375 goto error;
1376 }
1377 } else if (uurb->type == USBDEVFS_URB_TYPE_ISO) {
1378
1379
1380
1381
1382
1383
1384 memset(as->urb->transfer_buffer, 0,
1385 uurb->buffer_length);
1386 }
1387 }
1388 as->urb->dev = ps->dev;
1389 as->urb->pipe = (uurb->type << 30) |
1390 __create_pipe(ps->dev, uurb->endpoint & 0xf) |
1391 (uurb->endpoint & USB_DIR_IN);
1392
1393
1394
1395
1396
1397 u = (is_in ? URB_DIR_IN : URB_DIR_OUT);
1398 if (uurb->flags & USBDEVFS_URB_ISO_ASAP)
1399 u |= URB_ISO_ASAP;
1400 if (uurb->flags & USBDEVFS_URB_SHORT_NOT_OK)
1401 u |= URB_SHORT_NOT_OK;
1402 if (uurb->flags & USBDEVFS_URB_NO_FSBR)
1403 u |= URB_NO_FSBR;
1404 if (uurb->flags & USBDEVFS_URB_ZERO_PACKET)
1405 u |= URB_ZERO_PACKET;
1406 if (uurb->flags & USBDEVFS_URB_NO_INTERRUPT)
1407 u |= URB_NO_INTERRUPT;
1408 as->urb->transfer_flags = u;
1409
1410 as->urb->transfer_buffer_length = uurb->buffer_length;
1411 as->urb->setup_packet = (unsigned char *)dr;
1412 dr = NULL;
1413 as->urb->start_frame = uurb->start_frame;
1414 as->urb->number_of_packets = uurb->number_of_packets;
1415 if (uurb->type == USBDEVFS_URB_TYPE_ISO ||
1416 ps->dev->speed == USB_SPEED_HIGH)
1417 as->urb->interval = 1 << min(15, ep->desc.bInterval - 1);
1418 else
1419 as->urb->interval = ep->desc.bInterval;
1420 as->urb->context = as;
1421 as->urb->complete = async_completed;
1422 for (totlen = u = 0; u < uurb->number_of_packets; u++) {
1423 as->urb->iso_frame_desc[u].offset = totlen;
1424 as->urb->iso_frame_desc[u].length = isopkt[u].length;
1425 totlen += isopkt[u].length;
1426 }
1427 kfree(isopkt);
1428 isopkt = NULL;
1429 as->ps = ps;
1430 as->userurb = arg;
1431 if (is_in && uurb->buffer_length > 0)
1432 as->userbuffer = uurb->buffer;
1433 else
1434 as->userbuffer = NULL;
1435 as->signr = uurb->signr;
1436 as->ifnum = ifnum;
1437 as->pid = get_pid(task_pid(current));
1438 as->cred = get_current_cred();
1439 security_task_getsecid(current, &as->secid);
1440 snoop_urb(ps->dev, as->userurb, as->urb->pipe,
1441 as->urb->transfer_buffer_length, 0, SUBMIT,
1442 NULL, 0);
1443 if (!is_in)
1444 snoop_urb_data(as->urb, as->urb->transfer_buffer_length);
1445
1446 async_newpending(as);
1447
1448 if (usb_endpoint_xfer_bulk(&ep->desc)) {
1449 spin_lock_irq(&ps->lock);
1450
1451
1452
1453
1454
1455 as->bulk_addr = usb_endpoint_num(&ep->desc) |
1456 ((ep->desc.bEndpointAddress & USB_ENDPOINT_DIR_MASK)
1457 >> 3);
1458
1459
1460
1461
1462 if (uurb->flags & USBDEVFS_URB_BULK_CONTINUATION)
1463 as->bulk_status = AS_CONTINUATION;
1464 else
1465 ps->disabled_bulk_eps &= ~(1 << as->bulk_addr);
1466
1467
1468
1469
1470 if (ps->disabled_bulk_eps & (1 << as->bulk_addr))
1471 ret = -EREMOTEIO;
1472 else
1473 ret = usb_submit_urb(as->urb, GFP_ATOMIC);
1474 spin_unlock_irq(&ps->lock);
1475 } else {
1476 ret = usb_submit_urb(as->urb, GFP_KERNEL);
1477 }
1478
1479 if (ret) {
1480 dev_printk(KERN_DEBUG, &ps->dev->dev,
1481 "usbfs: usb_submit_urb returned %d\n", ret);
1482 snoop_urb(ps->dev, as->userurb, as->urb->pipe,
1483 0, ret, COMPLETE, NULL, 0);
1484 async_removepending(as);
1485 goto error;
1486 }
1487 return 0;
1488
1489 error:
1490 kfree(isopkt);
1491 kfree(dr);
1492 if (as)
1493 free_async(as);
1494 return ret;
1495}
1496
1497static int proc_submiturb(struct dev_state *ps, void __user *arg)
1498{
1499 struct usbdevfs_urb uurb;
1500
1501 if (copy_from_user(&uurb, arg, sizeof(uurb)))
1502 return -EFAULT;
1503
1504 return proc_do_submiturb(ps, &uurb,
1505 (((struct usbdevfs_urb __user *)arg)->iso_frame_desc),
1506 arg);
1507}
1508
1509static int proc_unlinkurb(struct dev_state *ps, void __user *arg)
1510{
1511 struct urb *urb;
1512 struct async *as;
1513 unsigned long flags;
1514
1515 spin_lock_irqsave(&ps->lock, flags);
1516 as = async_getpending(ps, arg);
1517 if (!as) {
1518 spin_unlock_irqrestore(&ps->lock, flags);
1519 return -EINVAL;
1520 }
1521
1522 urb = as->urb;
1523 usb_get_urb(urb);
1524 spin_unlock_irqrestore(&ps->lock, flags);
1525
1526 usb_kill_urb(urb);
1527 usb_put_urb(urb);
1528
1529 return 0;
1530}
1531
1532static int processcompl(struct async *as, void __user * __user *arg)
1533{
1534 struct urb *urb = as->urb;
1535 struct usbdevfs_urb __user *userurb = as->userurb;
1536 void __user *addr = as->userurb;
1537 unsigned int i;
1538
1539 if (as->userbuffer && urb->actual_length) {
1540 if (copy_urb_data_to_user(as->userbuffer, urb))
1541 goto err_out;
1542 }
1543 if (put_user(as->status, &userurb->status))
1544 goto err_out;
1545 if (put_user(urb->actual_length, &userurb->actual_length))
1546 goto err_out;
1547 if (put_user(urb->error_count, &userurb->error_count))
1548 goto err_out;
1549
1550 if (usb_endpoint_xfer_isoc(&urb->ep->desc)) {
1551 for (i = 0; i < urb->number_of_packets; i++) {
1552 if (put_user(urb->iso_frame_desc[i].actual_length,
1553 &userurb->iso_frame_desc[i].actual_length))
1554 goto err_out;
1555 if (put_user(urb->iso_frame_desc[i].status,
1556 &userurb->iso_frame_desc[i].status))
1557 goto err_out;
1558 }
1559 }
1560
1561 if (put_user(addr, (void __user * __user *)arg))
1562 return -EFAULT;
1563 return 0;
1564
1565err_out:
1566 return -EFAULT;
1567}
1568
1569static struct async *reap_as(struct dev_state *ps)
1570{
1571 DECLARE_WAITQUEUE(wait, current);
1572 struct async *as = NULL;
1573 struct usb_device *dev = ps->dev;
1574
1575 add_wait_queue(&ps->wait, &wait);
1576 for (;;) {
1577 __set_current_state(TASK_INTERRUPTIBLE);
1578 as = async_getcompleted(ps);
1579 if (as)
1580 break;
1581 if (signal_pending(current))
1582 break;
1583 usb_unlock_device(dev);
1584 schedule();
1585 usb_lock_device(dev);
1586 }
1587 remove_wait_queue(&ps->wait, &wait);
1588 set_current_state(TASK_RUNNING);
1589 return as;
1590}
1591
1592static int proc_reapurb(struct dev_state *ps, void __user *arg)
1593{
1594 struct async *as = reap_as(ps);
1595 if (as) {
1596 int retval = processcompl(as, (void __user * __user *)arg);
1597 free_async(as);
1598 return retval;
1599 }
1600 if (signal_pending(current))
1601 return -EINTR;
1602 return -EIO;
1603}
1604
1605static int proc_reapurbnonblock(struct dev_state *ps, void __user *arg)
1606{
1607 int retval;
1608 struct async *as;
1609
1610 as = async_getcompleted(ps);
1611 retval = -EAGAIN;
1612 if (as) {
1613 retval = processcompl(as, (void __user * __user *)arg);
1614 free_async(as);
1615 }
1616 return retval;
1617}
1618
1619#ifdef CONFIG_COMPAT
1620static int proc_control_compat(struct dev_state *ps,
1621 struct usbdevfs_ctrltransfer32 __user *p32)
1622{
1623 struct usbdevfs_ctrltransfer __user *p;
1624 __u32 udata;
1625 p = compat_alloc_user_space(sizeof(*p));
1626 if (copy_in_user(p, p32, (sizeof(*p32) - sizeof(compat_caddr_t))) ||
1627 get_user(udata, &p32->data) ||
1628 put_user(compat_ptr(udata), &p->data))
1629 return -EFAULT;
1630 return proc_control(ps, p);
1631}
1632
1633static int proc_bulk_compat(struct dev_state *ps,
1634 struct usbdevfs_bulktransfer32 __user *p32)
1635{
1636 struct usbdevfs_bulktransfer __user *p;
1637 compat_uint_t n;
1638 compat_caddr_t addr;
1639
1640 p = compat_alloc_user_space(sizeof(*p));
1641
1642 if (get_user(n, &p32->ep) || put_user(n, &p->ep) ||
1643 get_user(n, &p32->len) || put_user(n, &p->len) ||
1644 get_user(n, &p32->timeout) || put_user(n, &p->timeout) ||
1645 get_user(addr, &p32->data) || put_user(compat_ptr(addr), &p->data))
1646 return -EFAULT;
1647
1648 return proc_bulk(ps, p);
1649}
1650static int proc_disconnectsignal_compat(struct dev_state *ps, void __user *arg)
1651{
1652 struct usbdevfs_disconnectsignal32 ds;
1653
1654 if (copy_from_user(&ds, arg, sizeof(ds)))
1655 return -EFAULT;
1656 ps->discsignr = ds.signr;
1657 ps->disccontext = compat_ptr(ds.context);
1658 return 0;
1659}
1660
1661static int get_urb32(struct usbdevfs_urb *kurb,
1662 struct usbdevfs_urb32 __user *uurb)
1663{
1664 __u32 uptr;
1665 if (!access_ok(VERIFY_READ, uurb, sizeof(*uurb)) ||
1666 __get_user(kurb->type, &uurb->type) ||
1667 __get_user(kurb->endpoint, &uurb->endpoint) ||
1668 __get_user(kurb->status, &uurb->status) ||
1669 __get_user(kurb->flags, &uurb->flags) ||
1670 __get_user(kurb->buffer_length, &uurb->buffer_length) ||
1671 __get_user(kurb->actual_length, &uurb->actual_length) ||
1672 __get_user(kurb->start_frame, &uurb->start_frame) ||
1673 __get_user(kurb->number_of_packets, &uurb->number_of_packets) ||
1674 __get_user(kurb->error_count, &uurb->error_count) ||
1675 __get_user(kurb->signr, &uurb->signr))
1676 return -EFAULT;
1677
1678 if (__get_user(uptr, &uurb->buffer))
1679 return -EFAULT;
1680 kurb->buffer = compat_ptr(uptr);
1681 if (__get_user(uptr, &uurb->usercontext))
1682 return -EFAULT;
1683 kurb->usercontext = compat_ptr(uptr);
1684
1685 return 0;
1686}
1687
1688static int proc_submiturb_compat(struct dev_state *ps, void __user *arg)
1689{
1690 struct usbdevfs_urb uurb;
1691
1692 if (get_urb32(&uurb, (struct usbdevfs_urb32 __user *)arg))
1693 return -EFAULT;
1694
1695 return proc_do_submiturb(ps, &uurb,
1696 ((struct usbdevfs_urb32 __user *)arg)->iso_frame_desc,
1697 arg);
1698}
1699
1700static int processcompl_compat(struct async *as, void __user * __user *arg)
1701{
1702 struct urb *urb = as->urb;
1703 struct usbdevfs_urb32 __user *userurb = as->userurb;
1704 void __user *addr = as->userurb;
1705 unsigned int i;
1706
1707 if (as->userbuffer && urb->actual_length) {
1708 if (copy_urb_data_to_user(as->userbuffer, urb))
1709 return -EFAULT;
1710 }
1711 if (put_user(as->status, &userurb->status))
1712 return -EFAULT;
1713 if (put_user(urb->actual_length, &userurb->actual_length))
1714 return -EFAULT;
1715 if (put_user(urb->error_count, &userurb->error_count))
1716 return -EFAULT;
1717
1718 if (usb_endpoint_xfer_isoc(&urb->ep->desc)) {
1719 for (i = 0; i < urb->number_of_packets; i++) {
1720 if (put_user(urb->iso_frame_desc[i].actual_length,
1721 &userurb->iso_frame_desc[i].actual_length))
1722 return -EFAULT;
1723 if (put_user(urb->iso_frame_desc[i].status,
1724 &userurb->iso_frame_desc[i].status))
1725 return -EFAULT;
1726 }
1727 }
1728
1729 if (put_user(ptr_to_compat(addr), (u32 __user *)arg))
1730 return -EFAULT;
1731 return 0;
1732}
1733
1734static int proc_reapurb_compat(struct dev_state *ps, void __user *arg)
1735{
1736 struct async *as = reap_as(ps);
1737 if (as) {
1738 int retval = processcompl_compat(as, (void __user * __user *)arg);
1739 free_async(as);
1740 return retval;
1741 }
1742 if (signal_pending(current))
1743 return -EINTR;
1744 return -EIO;
1745}
1746
1747static int proc_reapurbnonblock_compat(struct dev_state *ps, void __user *arg)
1748{
1749 int retval;
1750 struct async *as;
1751
1752 retval = -EAGAIN;
1753 as = async_getcompleted(ps);
1754 if (as) {
1755 retval = processcompl_compat(as, (void __user * __user *)arg);
1756 free_async(as);
1757 }
1758 return retval;
1759}
1760
1761
1762#endif
1763
1764static int proc_disconnectsignal(struct dev_state *ps, void __user *arg)
1765{
1766 struct usbdevfs_disconnectsignal ds;
1767
1768 if (copy_from_user(&ds, arg, sizeof(ds)))
1769 return -EFAULT;
1770 ps->discsignr = ds.signr;
1771 ps->disccontext = ds.context;
1772 return 0;
1773}
1774
1775static int proc_claiminterface(struct dev_state *ps, void __user *arg)
1776{
1777 unsigned int ifnum;
1778
1779 if (get_user(ifnum, (unsigned int __user *)arg))
1780 return -EFAULT;
1781 return claimintf(ps, ifnum);
1782}
1783
1784static int proc_releaseinterface(struct dev_state *ps, void __user *arg)
1785{
1786 unsigned int ifnum;
1787 int ret;
1788
1789 if (get_user(ifnum, (unsigned int __user *)arg))
1790 return -EFAULT;
1791 if ((ret = releaseintf(ps, ifnum)) < 0)
1792 return ret;
1793 destroy_async_on_interface (ps, ifnum);
1794 return 0;
1795}
1796
1797static int proc_ioctl(struct dev_state *ps, struct usbdevfs_ioctl *ctl)
1798{
1799 int size;
1800 void *buf = NULL;
1801 int retval = 0;
1802 struct usb_interface *intf = NULL;
1803 struct usb_driver *driver = NULL;
1804
1805
1806 if ((size = _IOC_SIZE(ctl->ioctl_code)) > 0) {
1807 buf = kmalloc(size, GFP_KERNEL);
1808 if (buf == NULL)
1809 return -ENOMEM;
1810 if ((_IOC_DIR(ctl->ioctl_code) & _IOC_WRITE)) {
1811 if (copy_from_user(buf, ctl->data, size)) {
1812 kfree(buf);
1813 return -EFAULT;
1814 }
1815 } else {
1816 memset(buf, 0, size);
1817 }
1818 }
1819
1820 if (!connected(ps)) {
1821 kfree(buf);
1822 return -ENODEV;
1823 }
1824
1825 if (ps->dev->state != USB_STATE_CONFIGURED)
1826 retval = -EHOSTUNREACH;
1827 else if (!(intf = usb_ifnum_to_if(ps->dev, ctl->ifno)))
1828 retval = -EINVAL;
1829 else switch (ctl->ioctl_code) {
1830
1831
1832 case USBDEVFS_DISCONNECT:
1833 if (intf->dev.driver) {
1834 driver = to_usb_driver(intf->dev.driver);
1835 dev_dbg(&intf->dev, "disconnect by usbfs\n");
1836 usb_driver_release_interface(driver, intf);
1837 } else
1838 retval = -ENODATA;
1839 break;
1840
1841
1842 case USBDEVFS_CONNECT:
1843 if (!intf->dev.driver)
1844 retval = device_attach(&intf->dev);
1845 else
1846 retval = -EBUSY;
1847 break;
1848
1849
1850 default:
1851 if (intf->dev.driver)
1852 driver = to_usb_driver(intf->dev.driver);
1853 if (driver == NULL || driver->unlocked_ioctl == NULL) {
1854 retval = -ENOTTY;
1855 } else {
1856 retval = driver->unlocked_ioctl(intf, ctl->ioctl_code, buf);
1857 if (retval == -ENOIOCTLCMD)
1858 retval = -ENOTTY;
1859 }
1860 }
1861
1862
1863 if (retval >= 0
1864 && (_IOC_DIR(ctl->ioctl_code) & _IOC_READ) != 0
1865 && size > 0
1866 && copy_to_user(ctl->data, buf, size) != 0)
1867 retval = -EFAULT;
1868
1869 kfree(buf);
1870 return retval;
1871}
1872
1873static int proc_ioctl_default(struct dev_state *ps, void __user *arg)
1874{
1875 struct usbdevfs_ioctl ctrl;
1876
1877 if (copy_from_user(&ctrl, arg, sizeof(ctrl)))
1878 return -EFAULT;
1879 return proc_ioctl(ps, &ctrl);
1880}
1881
1882#ifdef CONFIG_COMPAT
1883static int proc_ioctl_compat(struct dev_state *ps, compat_uptr_t arg)
1884{
1885 struct usbdevfs_ioctl32 __user *uioc;
1886 struct usbdevfs_ioctl ctrl;
1887 u32 udata;
1888
1889 uioc = compat_ptr((long)arg);
1890 if (!access_ok(VERIFY_READ, uioc, sizeof(*uioc)) ||
1891 __get_user(ctrl.ifno, &uioc->ifno) ||
1892 __get_user(ctrl.ioctl_code, &uioc->ioctl_code) ||
1893 __get_user(udata, &uioc->data))
1894 return -EFAULT;
1895 ctrl.data = compat_ptr(udata);
1896
1897 return proc_ioctl(ps, &ctrl);
1898}
1899#endif
1900
1901static int proc_claim_port(struct dev_state *ps, void __user *arg)
1902{
1903 unsigned portnum;
1904 int rc;
1905
1906 if (get_user(portnum, (unsigned __user *) arg))
1907 return -EFAULT;
1908 rc = usb_hub_claim_port(ps->dev, portnum, ps);
1909 if (rc == 0)
1910 snoop(&ps->dev->dev, "port %d claimed by process %d: %s\n",
1911 portnum, task_pid_nr(current), current->comm);
1912 return rc;
1913}
1914
1915static int proc_release_port(struct dev_state *ps, void __user *arg)
1916{
1917 unsigned portnum;
1918
1919 if (get_user(portnum, (unsigned __user *) arg))
1920 return -EFAULT;
1921 return usb_hub_release_port(ps->dev, portnum, ps);
1922}
1923
1924static int proc_get_capabilities(struct dev_state *ps, void __user *arg)
1925{
1926 __u32 caps;
1927
1928 caps = USBDEVFS_CAP_ZERO_PACKET | USBDEVFS_CAP_NO_PACKET_SIZE_LIM;
1929 if (!ps->dev->bus->no_stop_on_short)
1930 caps |= USBDEVFS_CAP_BULK_CONTINUATION;
1931 if (ps->dev->bus->sg_tablesize)
1932 caps |= USBDEVFS_CAP_BULK_SCATTER_GATHER;
1933
1934 if (put_user(caps, (__u32 __user *)arg))
1935 return -EFAULT;
1936
1937 return 0;
1938}
1939
1940static int proc_disconnect_claim(struct dev_state *ps, void __user *arg)
1941{
1942 struct usbdevfs_disconnect_claim dc;
1943 struct usb_interface *intf;
1944
1945 if (copy_from_user(&dc, arg, sizeof(dc)))
1946 return -EFAULT;
1947
1948 intf = usb_ifnum_to_if(ps->dev, dc.interface);
1949 if (!intf)
1950 return -EINVAL;
1951
1952 if (intf->dev.driver) {
1953 struct usb_driver *driver = to_usb_driver(intf->dev.driver);
1954
1955 if ((dc.flags & USBDEVFS_DISCONNECT_CLAIM_IF_DRIVER) &&
1956 strncmp(dc.driver, intf->dev.driver->name,
1957 sizeof(dc.driver)) != 0)
1958 return -EBUSY;
1959
1960 if ((dc.flags & USBDEVFS_DISCONNECT_CLAIM_EXCEPT_DRIVER) &&
1961 strncmp(dc.driver, intf->dev.driver->name,
1962 sizeof(dc.driver)) == 0)
1963 return -EBUSY;
1964
1965 dev_dbg(&intf->dev, "disconnect by usbfs\n");
1966 usb_driver_release_interface(driver, intf);
1967 }
1968
1969 return claimintf(ps, dc.interface);
1970}
1971
1972
1973
1974
1975
1976
1977static long usbdev_do_ioctl(struct file *file, unsigned int cmd,
1978 void __user *p)
1979{
1980 struct dev_state *ps = file->private_data;
1981 struct inode *inode = file_inode(file);
1982 struct usb_device *dev = ps->dev;
1983 int ret = -ENOTTY;
1984
1985 if (!(file->f_mode & FMODE_WRITE))
1986 return -EPERM;
1987
1988 usb_lock_device(dev);
1989 if (!connected(ps)) {
1990 usb_unlock_device(dev);
1991 return -ENODEV;
1992 }
1993
1994 switch (cmd) {
1995 case USBDEVFS_CONTROL:
1996 snoop(&dev->dev, "%s: CONTROL\n", __func__);
1997 ret = proc_control(ps, p);
1998 if (ret >= 0)
1999 inode->i_mtime = CURRENT_TIME;
2000 break;
2001
2002 case USBDEVFS_BULK:
2003 snoop(&dev->dev, "%s: BULK\n", __func__);
2004 ret = proc_bulk(ps, p);
2005 if (ret >= 0)
2006 inode->i_mtime = CURRENT_TIME;
2007 break;
2008
2009 case USBDEVFS_RESETEP:
2010 snoop(&dev->dev, "%s: RESETEP\n", __func__);
2011 ret = proc_resetep(ps, p);
2012 if (ret >= 0)
2013 inode->i_mtime = CURRENT_TIME;
2014 break;
2015
2016 case USBDEVFS_RESET:
2017 snoop(&dev->dev, "%s: RESET\n", __func__);
2018 ret = proc_resetdevice(ps);
2019 break;
2020
2021 case USBDEVFS_CLEAR_HALT:
2022 snoop(&dev->dev, "%s: CLEAR_HALT\n", __func__);
2023 ret = proc_clearhalt(ps, p);
2024 if (ret >= 0)
2025 inode->i_mtime = CURRENT_TIME;
2026 break;
2027
2028 case USBDEVFS_GETDRIVER:
2029 snoop(&dev->dev, "%s: GETDRIVER\n", __func__);
2030 ret = proc_getdriver(ps, p);
2031 break;
2032
2033 case USBDEVFS_CONNECTINFO:
2034 snoop(&dev->dev, "%s: CONNECTINFO\n", __func__);
2035 ret = proc_connectinfo(ps, p);
2036 break;
2037
2038 case USBDEVFS_SETINTERFACE:
2039 snoop(&dev->dev, "%s: SETINTERFACE\n", __func__);
2040 ret = proc_setintf(ps, p);
2041 break;
2042
2043 case USBDEVFS_SETCONFIGURATION:
2044 snoop(&dev->dev, "%s: SETCONFIGURATION\n", __func__);
2045 ret = proc_setconfig(ps, p);
2046 break;
2047
2048 case USBDEVFS_SUBMITURB:
2049 snoop(&dev->dev, "%s: SUBMITURB\n", __func__);
2050 ret = proc_submiturb(ps, p);
2051 if (ret >= 0)
2052 inode->i_mtime = CURRENT_TIME;
2053 break;
2054
2055#ifdef CONFIG_COMPAT
2056 case USBDEVFS_CONTROL32:
2057 snoop(&dev->dev, "%s: CONTROL32\n", __func__);
2058 ret = proc_control_compat(ps, p);
2059 if (ret >= 0)
2060 inode->i_mtime = CURRENT_TIME;
2061 break;
2062
2063 case USBDEVFS_BULK32:
2064 snoop(&dev->dev, "%s: BULK32\n", __func__);
2065 ret = proc_bulk_compat(ps, p);
2066 if (ret >= 0)
2067 inode->i_mtime = CURRENT_TIME;
2068 break;
2069
2070 case USBDEVFS_DISCSIGNAL32:
2071 snoop(&dev->dev, "%s: DISCSIGNAL32\n", __func__);
2072 ret = proc_disconnectsignal_compat(ps, p);
2073 break;
2074
2075 case USBDEVFS_SUBMITURB32:
2076 snoop(&dev->dev, "%s: SUBMITURB32\n", __func__);
2077 ret = proc_submiturb_compat(ps, p);
2078 if (ret >= 0)
2079 inode->i_mtime = CURRENT_TIME;
2080 break;
2081
2082 case USBDEVFS_REAPURB32:
2083 snoop(&dev->dev, "%s: REAPURB32\n", __func__);
2084 ret = proc_reapurb_compat(ps, p);
2085 break;
2086
2087 case USBDEVFS_REAPURBNDELAY32:
2088 snoop(&dev->dev, "%s: REAPURBNDELAY32\n", __func__);
2089 ret = proc_reapurbnonblock_compat(ps, p);
2090 break;
2091
2092 case USBDEVFS_IOCTL32:
2093 snoop(&dev->dev, "%s: IOCTL32\n", __func__);
2094 ret = proc_ioctl_compat(ps, ptr_to_compat(p));
2095 break;
2096#endif
2097
2098 case USBDEVFS_DISCARDURB:
2099 snoop(&dev->dev, "%s: DISCARDURB\n", __func__);
2100 ret = proc_unlinkurb(ps, p);
2101 break;
2102
2103 case USBDEVFS_REAPURB:
2104 snoop(&dev->dev, "%s: REAPURB\n", __func__);
2105 ret = proc_reapurb(ps, p);
2106 break;
2107
2108 case USBDEVFS_REAPURBNDELAY:
2109 snoop(&dev->dev, "%s: REAPURBNDELAY\n", __func__);
2110 ret = proc_reapurbnonblock(ps, p);
2111 break;
2112
2113 case USBDEVFS_DISCSIGNAL:
2114 snoop(&dev->dev, "%s: DISCSIGNAL\n", __func__);
2115 ret = proc_disconnectsignal(ps, p);
2116 break;
2117
2118 case USBDEVFS_CLAIMINTERFACE:
2119 snoop(&dev->dev, "%s: CLAIMINTERFACE\n", __func__);
2120 ret = proc_claiminterface(ps, p);
2121 break;
2122
2123 case USBDEVFS_RELEASEINTERFACE:
2124 snoop(&dev->dev, "%s: RELEASEINTERFACE\n", __func__);
2125 ret = proc_releaseinterface(ps, p);
2126 break;
2127
2128 case USBDEVFS_IOCTL:
2129 snoop(&dev->dev, "%s: IOCTL\n", __func__);
2130 ret = proc_ioctl_default(ps, p);
2131 break;
2132
2133 case USBDEVFS_CLAIM_PORT:
2134 snoop(&dev->dev, "%s: CLAIM_PORT\n", __func__);
2135 ret = proc_claim_port(ps, p);
2136 break;
2137
2138 case USBDEVFS_RELEASE_PORT:
2139 snoop(&dev->dev, "%s: RELEASE_PORT\n", __func__);
2140 ret = proc_release_port(ps, p);
2141 break;
2142 case USBDEVFS_GET_CAPABILITIES:
2143 ret = proc_get_capabilities(ps, p);
2144 break;
2145 case USBDEVFS_DISCONNECT_CLAIM:
2146 ret = proc_disconnect_claim(ps, p);
2147 break;
2148 }
2149 usb_unlock_device(dev);
2150 if (ret >= 0)
2151 inode->i_atime = CURRENT_TIME;
2152 return ret;
2153}
2154
2155static long usbdev_ioctl(struct file *file, unsigned int cmd,
2156 unsigned long arg)
2157{
2158 int ret;
2159
2160 ret = usbdev_do_ioctl(file, cmd, (void __user *)arg);
2161
2162 return ret;
2163}
2164
2165#ifdef CONFIG_COMPAT
2166static long usbdev_compat_ioctl(struct file *file, unsigned int cmd,
2167 unsigned long arg)
2168{
2169 int ret;
2170
2171 ret = usbdev_do_ioctl(file, cmd, compat_ptr(arg));
2172
2173 return ret;
2174}
2175#endif
2176
2177
2178static unsigned int usbdev_poll(struct file *file,
2179 struct poll_table_struct *wait)
2180{
2181 struct dev_state *ps = file->private_data;
2182 unsigned int mask = 0;
2183
2184 poll_wait(file, &ps->wait, wait);
2185 if (file->f_mode & FMODE_WRITE && !list_empty(&ps->async_completed))
2186 mask |= POLLOUT | POLLWRNORM;
2187 if (!connected(ps))
2188 mask |= POLLERR | POLLHUP;
2189 return mask;
2190}
2191
2192const struct file_operations usbdev_file_operations = {
2193 .owner = THIS_MODULE,
2194 .llseek = usbdev_lseek,
2195 .read = usbdev_read,
2196 .poll = usbdev_poll,
2197 .unlocked_ioctl = usbdev_ioctl,
2198#ifdef CONFIG_COMPAT
2199 .compat_ioctl = usbdev_compat_ioctl,
2200#endif
2201 .open = usbdev_open,
2202 .release = usbdev_release,
2203};
2204
2205static void usbdev_remove(struct usb_device *udev)
2206{
2207 struct dev_state *ps;
2208 struct siginfo sinfo;
2209
2210 while (!list_empty(&udev->filelist)) {
2211 ps = list_entry(udev->filelist.next, struct dev_state, list);
2212 destroy_all_async(ps);
2213 wake_up_all(&ps->wait);
2214 list_del_init(&ps->list);
2215 if (ps->discsignr) {
2216 sinfo.si_signo = ps->discsignr;
2217 sinfo.si_errno = EPIPE;
2218 sinfo.si_code = SI_ASYNCIO;
2219 sinfo.si_addr = ps->disccontext;
2220 kill_pid_info_as_cred(ps->discsignr, &sinfo,
2221 ps->disc_pid, ps->cred, ps->secid);
2222 }
2223 }
2224}
2225
2226static int usbdev_notify(struct notifier_block *self,
2227 unsigned long action, void *dev)
2228{
2229 switch (action) {
2230 case USB_DEVICE_ADD:
2231 break;
2232 case USB_DEVICE_REMOVE:
2233 usbdev_remove(dev);
2234 break;
2235 }
2236 return NOTIFY_OK;
2237}
2238
2239static struct notifier_block usbdev_nb = {
2240 .notifier_call = usbdev_notify,
2241};
2242
2243static struct cdev usb_device_cdev;
2244
2245int __init usb_devio_init(void)
2246{
2247 int retval;
2248
2249 retval = register_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX,
2250 "usb_device");
2251 if (retval) {
2252 printk(KERN_ERR "Unable to register minors for usb_device\n");
2253 goto out;
2254 }
2255 cdev_init(&usb_device_cdev, &usbdev_file_operations);
2256 retval = cdev_add(&usb_device_cdev, USB_DEVICE_DEV, USB_DEVICE_MAX);
2257 if (retval) {
2258 printk(KERN_ERR "Unable to get usb_device major %d\n",
2259 USB_DEVICE_MAJOR);
2260 goto error_cdev;
2261 }
2262 usb_register_notify(&usbdev_nb);
2263out:
2264 return retval;
2265
2266error_cdev:
2267 unregister_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX);
2268 goto out;
2269}
2270
2271void usb_devio_cleanup(void)
2272{
2273 usb_unregister_notify(&usbdev_nb);
2274 cdev_del(&usb_device_cdev);
2275 unregister_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX);
2276}
2277
