0001
0002
0003
0004
0005
0006
0007
0008
0009
0010
0011
0012
0013
0014
0015
0016
0017
0018
0019
0020
0021
0022
0023
0024 #include <linux/fs.h>
0025 #include <linux/mm.h>
0026 #include <linux/sched/signal.h>
0027 #include <linux/slab.h>
0028 #include <linux/signal.h>
0029 #include <linux/poll.h>
0030 #include <linux/module.h>
0031 #include <linux/string.h>
0032 #include <linux/usb.h>
0033 #include <linux/usbdevice_fs.h>
0034 #include <linux/usb/hcd.h> /* for usbcore internals */
0035 #include <linux/usb/quirks.h>
0036 #include <linux/cdev.h>
0037 #include <linux/notifier.h>
0038 #include <linux/security.h>
0039 #include <linux/user_namespace.h>
0040 #include <linux/scatterlist.h>
0041 #include <linux/uaccess.h>
0042 #include <linux/dma-mapping.h>
0043 #include <asm/byteorder.h>
0044 #include <linux/moduleparam.h>
0045
0046 #include "usb.h"
0047
0048 #ifdef CONFIG_PM
0049 #define MAYBE_CAP_SUSPEND USBDEVFS_CAP_SUSPEND
0050 #else
0051 #define MAYBE_CAP_SUSPEND 0
0052 #endif
0053
0054 #define USB_MAXBUS 64
0055 #define USB_DEVICE_MAX (USB_MAXBUS * 128)
0056 #define USB_SG_SIZE 16384
0057
0058
0059 static DEFINE_MUTEX(usbfs_mutex);
0060
0061 struct usb_dev_state {
0062 struct list_head list;
0063 struct usb_device *dev;
0064 struct file *file;
0065 spinlock_t lock;
0066 struct list_head async_pending;
0067 struct list_head async_completed;
0068 struct list_head memory_list;
0069 wait_queue_head_t wait;
0070 wait_queue_head_t wait_for_resume;
0071 unsigned int discsignr;
0072 struct pid *disc_pid;
0073 const struct cred *cred;
0074 sigval_t disccontext;
0075 unsigned long ifclaimed;
0076 u32 disabled_bulk_eps;
0077 unsigned long interface_allowed_mask;
0078 int not_yet_resumed;
0079 bool suspend_allowed;
0080 bool privileges_dropped;
0081 };
0082
0083 struct usb_memory {
0084 struct list_head memlist;
0085 int vma_use_count;
0086 int urb_use_count;
0087 u32 size;
0088 void *mem;
0089 dma_addr_t dma_handle;
0090 unsigned long vm_start;
0091 struct usb_dev_state *ps;
0092 };
0093
0094 struct async {
0095 struct list_head asynclist;
0096 struct usb_dev_state *ps;
0097 struct pid *pid;
0098 const struct cred *cred;
0099 unsigned int signr;
0100 unsigned int ifnum;
0101 void __user *userbuffer;
0102 void __user *userurb;
0103 sigval_t userurb_sigval;
0104 struct urb *urb;
0105 struct usb_memory *usbm;
0106 unsigned int mem_usage;
0107 int status;
0108 u8 bulk_addr;
0109 u8 bulk_status;
0110 };
0111
0112 static bool usbfs_snoop;
0113 module_param(usbfs_snoop, bool, S_IRUGO | S_IWUSR);
0114 MODULE_PARM_DESC(usbfs_snoop, "true to log all usbfs traffic");
0115
0116 static unsigned usbfs_snoop_max = 65536;
0117 module_param(usbfs_snoop_max, uint, S_IRUGO | S_IWUSR);
0118 MODULE_PARM_DESC(usbfs_snoop_max,
0119 "maximum number of bytes to print while snooping");
0120
0121 #define snoop(dev, format, arg...) \
0122 do { \
0123 if (usbfs_snoop) \
0124 dev_info(dev, format, ## arg); \
0125 } while (0)
0126
0127 enum snoop_when {
0128 SUBMIT, COMPLETE
0129 };
0130
0131 #define USB_DEVICE_DEV MKDEV(USB_DEVICE_MAJOR, 0)
0132
0133
0134 static u32 usbfs_memory_mb = 16;
0135 module_param(usbfs_memory_mb, uint, 0644);
0136 MODULE_PARM_DESC(usbfs_memory_mb,
0137 "maximum MB allowed for usbfs buffers (0 = no limit)");
0138
0139
0140 #define USBFS_XFER_MAX (UINT_MAX / 2 - 1000000)
0141
0142 static DEFINE_SPINLOCK(usbfs_memory_usage_lock);
0143 static u64 usbfs_memory_usage;
0144
0145
0146 static int usbfs_increase_memory_usage(u64 amount)
0147 {
0148 u64 lim, total_mem;
0149 unsigned long flags;
0150 int ret;
0151
0152 lim = READ_ONCE(usbfs_memory_mb);
0153 lim <<= 20;
0154
0155 ret = 0;
0156 spin_lock_irqsave(&usbfs_memory_usage_lock, flags);
0157 total_mem = usbfs_memory_usage + amount;
0158 if (lim > 0 && total_mem > lim)
0159 ret = -ENOMEM;
0160 else
0161 usbfs_memory_usage = total_mem;
0162 spin_unlock_irqrestore(&usbfs_memory_usage_lock, flags);
0163
0164 return ret;
0165 }
0166
0167
0168 static void usbfs_decrease_memory_usage(u64 amount)
0169 {
0170 unsigned long flags;
0171
0172 spin_lock_irqsave(&usbfs_memory_usage_lock, flags);
0173 if (amount > usbfs_memory_usage)
0174 usbfs_memory_usage = 0;
0175 else
0176 usbfs_memory_usage -= amount;
0177 spin_unlock_irqrestore(&usbfs_memory_usage_lock, flags);
0178 }
0179
0180 static int connected(struct usb_dev_state *ps)
0181 {
0182 return (!list_empty(&ps->list) &&
0183 ps->dev->state != USB_STATE_NOTATTACHED);
0184 }
0185
0186 static void dec_usb_memory_use_count(struct usb_memory *usbm, int *count)
0187 {
0188 struct usb_dev_state *ps = usbm->ps;
0189 unsigned long flags;
0190
0191 spin_lock_irqsave(&ps->lock, flags);
0192 --*count;
0193 if (usbm->urb_use_count == 0 && usbm->vma_use_count == 0) {
0194 list_del(&usbm->memlist);
0195 spin_unlock_irqrestore(&ps->lock, flags);
0196
0197 usb_free_coherent(ps->dev, usbm->size, usbm->mem,
0198 usbm->dma_handle);
0199 usbfs_decrease_memory_usage(
0200 usbm->size + sizeof(struct usb_memory));
0201 kfree(usbm);
0202 } else {
0203 spin_unlock_irqrestore(&ps->lock, flags);
0204 }
0205 }
0206
0207 static void usbdev_vm_open(struct vm_area_struct *vma)
0208 {
0209 struct usb_memory *usbm = vma->vm_private_data;
0210 unsigned long flags;
0211
0212 spin_lock_irqsave(&usbm->ps->lock, flags);
0213 ++usbm->vma_use_count;
0214 spin_unlock_irqrestore(&usbm->ps->lock, flags);
0215 }
0216
0217 static void usbdev_vm_close(struct vm_area_struct *vma)
0218 {
0219 struct usb_memory *usbm = vma->vm_private_data;
0220
0221 dec_usb_memory_use_count(usbm, &usbm->vma_use_count);
0222 }
0223
0224 static const struct vm_operations_struct usbdev_vm_ops = {
0225 .open = usbdev_vm_open,
0226 .close = usbdev_vm_close
0227 };
0228
0229 static int usbdev_mmap(struct file *file, struct vm_area_struct *vma)
0230 {
0231 struct usb_memory *usbm = NULL;
0232 struct usb_dev_state *ps = file->private_data;
0233 struct usb_hcd *hcd = bus_to_hcd(ps->dev->bus);
0234 size_t size = vma->vm_end - vma->vm_start;
0235 void *mem;
0236 unsigned long flags;
0237 dma_addr_t dma_handle;
0238 int ret;
0239
0240 ret = usbfs_increase_memory_usage(size + sizeof(struct usb_memory));
0241 if (ret)
0242 goto error;
0243
0244 usbm = kzalloc(sizeof(struct usb_memory), GFP_KERNEL);
0245 if (!usbm) {
0246 ret = -ENOMEM;
0247 goto error_decrease_mem;
0248 }
0249
0250 mem = usb_alloc_coherent(ps->dev, size, GFP_USER | __GFP_NOWARN,
0251 &dma_handle);
0252 if (!mem) {
0253 ret = -ENOMEM;
0254 goto error_free_usbm;
0255 }
0256
0257 memset(mem, 0, size);
0258
0259 usbm->mem = mem;
0260 usbm->dma_handle = dma_handle;
0261 usbm->size = size;
0262 usbm->ps = ps;
0263 usbm->vm_start = vma->vm_start;
0264 usbm->vma_use_count = 1;
0265 INIT_LIST_HEAD(&usbm->memlist);
0266
0267 if (hcd->localmem_pool || !hcd_uses_dma(hcd)) {
0268 if (remap_pfn_range(vma, vma->vm_start,
0269 virt_to_phys(usbm->mem) >> PAGE_SHIFT,
0270 size, vma->vm_page_prot) < 0) {
0271 dec_usb_memory_use_count(usbm, &usbm->vma_use_count);
0272 return -EAGAIN;
0273 }
0274 } else {
0275 if (dma_mmap_coherent(hcd->self.sysdev, vma, mem, dma_handle,
0276 size)) {
0277 dec_usb_memory_use_count(usbm, &usbm->vma_use_count);
0278 return -EAGAIN;
0279 }
0280 }
0281
0282 vma->vm_flags |= VM_IO;
0283 vma->vm_flags |= (VM_DONTEXPAND | VM_DONTDUMP);
0284 vma->vm_ops = &usbdev_vm_ops;
0285 vma->vm_private_data = usbm;
0286
0287 spin_lock_irqsave(&ps->lock, flags);
0288 list_add_tail(&usbm->memlist, &ps->memory_list);
0289 spin_unlock_irqrestore(&ps->lock, flags);
0290
0291 return 0;
0292
0293 error_free_usbm:
0294 kfree(usbm);
0295 error_decrease_mem:
0296 usbfs_decrease_memory_usage(size + sizeof(struct usb_memory));
0297 error:
0298 return ret;
0299 }
0300
0301 static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes,
0302 loff_t *ppos)
0303 {
0304 struct usb_dev_state *ps = file->private_data;
0305 struct usb_device *dev = ps->dev;
0306 ssize_t ret = 0;
0307 unsigned len;
0308 loff_t pos;
0309 int i;
0310
0311 pos = *ppos;
0312 usb_lock_device(dev);
0313 if (!connected(ps)) {
0314 ret = -ENODEV;
0315 goto err;
0316 } else if (pos < 0) {
0317 ret = -EINVAL;
0318 goto err;
0319 }
0320
0321 if (pos < sizeof(struct usb_device_descriptor)) {
0322
0323 struct usb_device_descriptor temp_desc;
0324
0325 memcpy(&temp_desc, &dev->descriptor, sizeof(dev->descriptor));
0326 le16_to_cpus(&temp_desc.bcdUSB);
0327 le16_to_cpus(&temp_desc.idVendor);
0328 le16_to_cpus(&temp_desc.idProduct);
0329 le16_to_cpus(&temp_desc.bcdDevice);
0330
0331 len = sizeof(struct usb_device_descriptor) - pos;
0332 if (len > nbytes)
0333 len = nbytes;
0334 if (copy_to_user(buf, ((char *)&temp_desc) + pos, len)) {
0335 ret = -EFAULT;
0336 goto err;
0337 }
0338
0339 *ppos += len;
0340 buf += len;
0341 nbytes -= len;
0342 ret += len;
0343 }
0344
0345 pos = sizeof(struct usb_device_descriptor);
0346 for (i = 0; nbytes && i < dev->descriptor.bNumConfigurations; i++) {
0347 struct usb_config_descriptor *config =
0348 (struct usb_config_descriptor *)dev->rawdescriptors[i];
0349 unsigned int length = le16_to_cpu(config->wTotalLength);
0350
0351 if (*ppos < pos + length) {
0352
0353
0354
0355 unsigned alloclen =
0356 le16_to_cpu(dev->config[i].desc.wTotalLength);
0357
0358 len = length - (*ppos - pos);
0359 if (len > nbytes)
0360 len = nbytes;
0361
0362
0363 if (alloclen > (*ppos - pos)) {
0364 alloclen -= (*ppos - pos);
0365 if (copy_to_user(buf,
0366 dev->rawdescriptors[i] + (*ppos - pos),
0367 min(len, alloclen))) {
0368 ret = -EFAULT;
0369 goto err;
0370 }
0371 }
0372
0373 *ppos += len;
0374 buf += len;
0375 nbytes -= len;
0376 ret += len;
0377 }
0378
0379 pos += length;
0380 }
0381
0382 err:
0383 usb_unlock_device(dev);
0384 return ret;
0385 }
0386
0387
0388
0389
0390
0391 static struct async *alloc_async(unsigned int numisoframes)
0392 {
0393 struct async *as;
0394
0395 as = kzalloc(sizeof(struct async), GFP_KERNEL);
0396 if (!as)
0397 return NULL;
0398 as->urb = usb_alloc_urb(numisoframes, GFP_KERNEL);
0399 if (!as->urb) {
0400 kfree(as);
0401 return NULL;
0402 }
0403 return as;
0404 }
0405
0406 static void free_async(struct async *as)
0407 {
0408 int i;
0409
0410 put_pid(as->pid);
0411 if (as->cred)
0412 put_cred(as->cred);
0413 for (i = 0; i < as->urb->num_sgs; i++) {
0414 if (sg_page(&as->urb->sg[i]))
0415 kfree(sg_virt(&as->urb->sg[i]));
0416 }
0417
0418 kfree(as->urb->sg);
0419 if (as->usbm == NULL)
0420 kfree(as->urb->transfer_buffer);
0421 else
0422 dec_usb_memory_use_count(as->usbm, &as->usbm->urb_use_count);
0423
0424 kfree(as->urb->setup_packet);
0425 usb_free_urb(as->urb);
0426 usbfs_decrease_memory_usage(as->mem_usage);
0427 kfree(as);
0428 }
0429
0430 static void async_newpending(struct async *as)
0431 {
0432 struct usb_dev_state *ps = as->ps;
0433 unsigned long flags;
0434
0435 spin_lock_irqsave(&ps->lock, flags);
0436 list_add_tail(&as->asynclist, &ps->async_pending);
0437 spin_unlock_irqrestore(&ps->lock, flags);
0438 }
0439
0440 static void async_removepending(struct async *as)
0441 {
0442 struct usb_dev_state *ps = as->ps;
0443 unsigned long flags;
0444
0445 spin_lock_irqsave(&ps->lock, flags);
0446 list_del_init(&as->asynclist);
0447 spin_unlock_irqrestore(&ps->lock, flags);
0448 }
0449
0450 static struct async *async_getcompleted(struct usb_dev_state *ps)
0451 {
0452 unsigned long flags;
0453 struct async *as = NULL;
0454
0455 spin_lock_irqsave(&ps->lock, flags);
0456 if (!list_empty(&ps->async_completed)) {
0457 as = list_entry(ps->async_completed.next, struct async,
0458 asynclist);
0459 list_del_init(&as->asynclist);
0460 }
0461 spin_unlock_irqrestore(&ps->lock, flags);
0462 return as;
0463 }
0464
0465 static struct async *async_getpending(struct usb_dev_state *ps,
0466 void __user *userurb)
0467 {
0468 struct async *as;
0469
0470 list_for_each_entry(as, &ps->async_pending, asynclist)
0471 if (as->userurb == userurb) {
0472 list_del_init(&as->asynclist);
0473 return as;
0474 }
0475
0476 return NULL;
0477 }
0478
0479 static void snoop_urb(struct usb_device *udev,
0480 void __user *userurb, int pipe, unsigned length,
0481 int timeout_or_status, enum snoop_when when,
0482 unsigned char *data, unsigned data_len)
0483 {
0484 static const char *types[] = {"isoc", "int", "ctrl", "bulk"};
0485 static const char *dirs[] = {"out", "in"};
0486 int ep;
0487 const char *t, *d;
0488
0489 if (!usbfs_snoop)
0490 return;
0491
0492 ep = usb_pipeendpoint(pipe);
0493 t = types[usb_pipetype(pipe)];
0494 d = dirs[!!usb_pipein(pipe)];
0495
0496 if (userurb) {
0497 if (when == SUBMIT)
0498 dev_info(&udev->dev, "userurb %px, ep%d %s-%s, "
0499 "length %u\n",
0500 userurb, ep, t, d, length);
0501 else
0502 dev_info(&udev->dev, "userurb %px, ep%d %s-%s, "
0503 "actual_length %u status %d\n",
0504 userurb, ep, t, d, length,
0505 timeout_or_status);
0506 } else {
0507 if (when == SUBMIT)
0508 dev_info(&udev->dev, "ep%d %s-%s, length %u, "
0509 "timeout %d\n",
0510 ep, t, d, length, timeout_or_status);
0511 else
0512 dev_info(&udev->dev, "ep%d %s-%s, actual_length %u, "
0513 "status %d\n",
0514 ep, t, d, length, timeout_or_status);
0515 }
0516
0517 data_len = min(data_len, usbfs_snoop_max);
0518 if (data && data_len > 0) {
0519 print_hex_dump(KERN_DEBUG, "data: ", DUMP_PREFIX_NONE, 32, 1,
0520 data, data_len, 1);
0521 }
0522 }
0523
0524 static void snoop_urb_data(struct urb *urb, unsigned len)
0525 {
0526 int i, size;
0527
0528 len = min(len, usbfs_snoop_max);
0529 if (!usbfs_snoop || len == 0)
0530 return;
0531
0532 if (urb->num_sgs == 0) {
0533 print_hex_dump(KERN_DEBUG, "data: ", DUMP_PREFIX_NONE, 32, 1,
0534 urb->transfer_buffer, len, 1);
0535 return;
0536 }
0537
0538 for (i = 0; i < urb->num_sgs && len; i++) {
0539 size = (len > USB_SG_SIZE) ? USB_SG_SIZE : len;
0540 print_hex_dump(KERN_DEBUG, "data: ", DUMP_PREFIX_NONE, 32, 1,
0541 sg_virt(&urb->sg[i]), size, 1);
0542 len -= size;
0543 }
0544 }
0545
0546 static int copy_urb_data_to_user(u8 __user *userbuffer, struct urb *urb)
0547 {
0548 unsigned i, len, size;
0549
0550 if (urb->number_of_packets > 0)
0551 len = urb->transfer_buffer_length;
0552 else
0553 len = urb->actual_length;
0554
0555 if (urb->num_sgs == 0) {
0556 if (copy_to_user(userbuffer, urb->transfer_buffer, len))
0557 return -EFAULT;
0558 return 0;
0559 }
0560
0561 for (i = 0; i < urb->num_sgs && len; i++) {
0562 size = (len > USB_SG_SIZE) ? USB_SG_SIZE : len;
0563 if (copy_to_user(userbuffer, sg_virt(&urb->sg[i]), size))
0564 return -EFAULT;
0565 userbuffer += size;
0566 len -= size;
0567 }
0568
0569 return 0;
0570 }
0571
0572 #define AS_CONTINUATION 1
0573 #define AS_UNLINK 2
0574
0575 static void cancel_bulk_urbs(struct usb_dev_state *ps, unsigned bulk_addr)
0576 __releases(ps->lock)
0577 __acquires(ps->lock)
0578 {
0579 struct urb *urb;
0580 struct async *as;
0581
0582
0583
0584
0585
0586
0587 list_for_each_entry(as, &ps->async_pending, asynclist) {
0588 if (as->bulk_addr == bulk_addr) {
0589 if (as->bulk_status != AS_CONTINUATION)
0590 goto rescan;
0591 as->bulk_status = AS_UNLINK;
0592 as->bulk_addr = 0;
0593 }
0594 }
0595 ps->disabled_bulk_eps |= (1 << bulk_addr);
0596
0597
0598 rescan:
0599 list_for_each_entry_reverse(as, &ps->async_pending, asynclist) {
0600 if (as->bulk_status == AS_UNLINK) {
0601 as->bulk_status = 0;
0602 urb = as->urb;
0603 usb_get_urb(urb);
0604 spin_unlock(&ps->lock);
0605 usb_unlink_urb(urb);
0606 usb_put_urb(urb);
0607 spin_lock(&ps->lock);
0608 goto rescan;
0609 }
0610 }
0611 }
0612
0613 static void async_completed(struct urb *urb)
0614 {
0615 struct async *as = urb->context;
0616 struct usb_dev_state *ps = as->ps;
0617 struct pid *pid = NULL;
0618 const struct cred *cred = NULL;
0619 unsigned long flags;
0620 sigval_t addr;
0621 int signr, errno;
0622
0623 spin_lock_irqsave(&ps->lock, flags);
0624 list_move_tail(&as->asynclist, &ps->async_completed);
0625 as->status = urb->status;
0626 signr = as->signr;
0627 if (signr) {
0628 errno = as->status;
0629 addr = as->userurb_sigval;
0630 pid = get_pid(as->pid);
0631 cred = get_cred(as->cred);
0632 }
0633 snoop(&urb->dev->dev, "urb complete\n");
0634 snoop_urb(urb->dev, as->userurb, urb->pipe, urb->actual_length,
0635 as->status, COMPLETE, NULL, 0);
0636 if (usb_urb_dir_in(urb))
0637 snoop_urb_data(urb, urb->actual_length);
0638
0639 if (as->status < 0 && as->bulk_addr && as->status != -ECONNRESET &&
0640 as->status != -ENOENT)
0641 cancel_bulk_urbs(ps, as->bulk_addr);
0642
0643 wake_up(&ps->wait);
0644 spin_unlock_irqrestore(&ps->lock, flags);
0645
0646 if (signr) {
0647 kill_pid_usb_asyncio(signr, errno, addr, pid, cred);
0648 put_pid(pid);
0649 put_cred(cred);
0650 }
0651 }
0652
0653 static void destroy_async(struct usb_dev_state *ps, struct list_head *list)
0654 {
0655 struct urb *urb;
0656 struct async *as;
0657 unsigned long flags;
0658
0659 spin_lock_irqsave(&ps->lock, flags);
0660 while (!list_empty(list)) {
0661 as = list_last_entry(list, struct async, asynclist);
0662 list_del_init(&as->asynclist);
0663 urb = as->urb;
0664 usb_get_urb(urb);
0665
0666
0667 spin_unlock_irqrestore(&ps->lock, flags);
0668 usb_kill_urb(urb);
0669 usb_put_urb(urb);
0670 spin_lock_irqsave(&ps->lock, flags);
0671 }
0672 spin_unlock_irqrestore(&ps->lock, flags);
0673 }
0674
0675 static void destroy_async_on_interface(struct usb_dev_state *ps,
0676 unsigned int ifnum)
0677 {
0678 struct list_head *p, *q, hitlist;
0679 unsigned long flags;
0680
0681 INIT_LIST_HEAD(&hitlist);
0682 spin_lock_irqsave(&ps->lock, flags);
0683 list_for_each_safe(p, q, &ps->async_pending)
0684 if (ifnum == list_entry(p, struct async, asynclist)->ifnum)
0685 list_move_tail(p, &hitlist);
0686 spin_unlock_irqrestore(&ps->lock, flags);
0687 destroy_async(ps, &hitlist);
0688 }
0689
0690 static void destroy_all_async(struct usb_dev_state *ps)
0691 {
0692 destroy_async(ps, &ps->async_pending);
0693 }
0694
0695
0696
0697
0698
0699
0700
0701 static int driver_probe(struct usb_interface *intf,
0702 const struct usb_device_id *id)
0703 {
0704 return -ENODEV;
0705 }
0706
0707 static void driver_disconnect(struct usb_interface *intf)
0708 {
0709 struct usb_dev_state *ps = usb_get_intfdata(intf);
0710 unsigned int ifnum = intf->altsetting->desc.bInterfaceNumber;
0711
0712 if (!ps)
0713 return;
0714
0715
0716
0717
0718
0719 if (likely(ifnum < 8*sizeof(ps->ifclaimed)))
0720 clear_bit(ifnum, &ps->ifclaimed);
0721 else
0722 dev_warn(&intf->dev, "interface number %u out of range\n",
0723 ifnum);
0724
0725 usb_set_intfdata(intf, NULL);
0726
0727
0728 destroy_async_on_interface(ps, ifnum);
0729 }
0730
0731
0732 static int driver_suspend(struct usb_interface *intf, pm_message_t msg)
0733 {
0734 return 0;
0735 }
0736
0737 static int driver_resume(struct usb_interface *intf)
0738 {
0739 return 0;
0740 }
0741
0742
0743 void usbfs_notify_suspend(struct usb_device *udev)
0744 {
0745
0746 }
0747
0748 void usbfs_notify_resume(struct usb_device *udev)
0749 {
0750 struct usb_dev_state *ps;
0751
0752
0753 mutex_lock(&usbfs_mutex);
0754 list_for_each_entry(ps, &udev->filelist, list) {
0755 WRITE_ONCE(ps->not_yet_resumed, 0);
0756 wake_up_all(&ps->wait_for_resume);
0757 }
0758 mutex_unlock(&usbfs_mutex);
0759 }
0760
0761 struct usb_driver usbfs_driver = {
0762 .name = "usbfs",
0763 .probe = driver_probe,
0764 .disconnect = driver_disconnect,
0765 .suspend = driver_suspend,
0766 .resume = driver_resume,
0767 .supports_autosuspend = 1,
0768 };
0769
0770 static int claimintf(struct usb_dev_state *ps, unsigned int ifnum)
0771 {
0772 struct usb_device *dev = ps->dev;
0773 struct usb_interface *intf;
0774 int err;
0775
0776 if (ifnum >= 8*sizeof(ps->ifclaimed))
0777 return -EINVAL;
0778
0779 if (test_bit(ifnum, &ps->ifclaimed))
0780 return 0;
0781
0782 if (ps->privileges_dropped &&
0783 !test_bit(ifnum, &ps->interface_allowed_mask))
0784 return -EACCES;
0785
0786 intf = usb_ifnum_to_if(dev, ifnum);
0787 if (!intf)
0788 err = -ENOENT;
0789 else {
0790 unsigned int old_suppress;
0791
0792
0793 old_suppress = dev_get_uevent_suppress(&intf->dev);
0794 dev_set_uevent_suppress(&intf->dev, 1);
0795 err = usb_driver_claim_interface(&usbfs_driver, intf, ps);
0796 dev_set_uevent_suppress(&intf->dev, old_suppress);
0797 }
0798 if (err == 0)
0799 set_bit(ifnum, &ps->ifclaimed);
0800 return err;
0801 }
0802
0803 static int releaseintf(struct usb_dev_state *ps, unsigned int ifnum)
0804 {
0805 struct usb_device *dev;
0806 struct usb_interface *intf;
0807 int err;
0808
0809 err = -EINVAL;
0810 if (ifnum >= 8*sizeof(ps->ifclaimed))
0811 return err;
0812 dev = ps->dev;
0813 intf = usb_ifnum_to_if(dev, ifnum);
0814 if (!intf)
0815 err = -ENOENT;
0816 else if (test_and_clear_bit(ifnum, &ps->ifclaimed)) {
0817 unsigned int old_suppress;
0818
0819
0820 old_suppress = dev_get_uevent_suppress(&intf->dev);
0821 dev_set_uevent_suppress(&intf->dev, 1);
0822 usb_driver_release_interface(&usbfs_driver, intf);
0823 dev_set_uevent_suppress(&intf->dev, old_suppress);
0824 err = 0;
0825 }
0826 return err;
0827 }
0828
0829 static int checkintf(struct usb_dev_state *ps, unsigned int ifnum)
0830 {
0831 if (ps->dev->state != USB_STATE_CONFIGURED)
0832 return -EHOSTUNREACH;
0833 if (ifnum >= 8*sizeof(ps->ifclaimed))
0834 return -EINVAL;
0835 if (test_bit(ifnum, &ps->ifclaimed))
0836 return 0;
0837
0838 dev_warn(&ps->dev->dev, "usbfs: process %d (%s) did not claim "
0839 "interface %u before use\n", task_pid_nr(current),
0840 current->comm, ifnum);
0841 return claimintf(ps, ifnum);
0842 }
0843
0844 static int findintfep(struct usb_device *dev, unsigned int ep)
0845 {
0846 unsigned int i, j, e;
0847 struct usb_interface *intf;
0848 struct usb_host_interface *alts;
0849 struct usb_endpoint_descriptor *endpt;
0850
0851 if (ep & ~(USB_DIR_IN|0xf))
0852 return -EINVAL;
0853 if (!dev->actconfig)
0854 return -ESRCH;
0855 for (i = 0; i < dev->actconfig->desc.bNumInterfaces; i++) {
0856 intf = dev->actconfig->interface[i];
0857 for (j = 0; j < intf->num_altsetting; j++) {
0858 alts = &intf->altsetting[j];
0859 for (e = 0; e < alts->desc.bNumEndpoints; e++) {
0860 endpt = &alts->endpoint[e].desc;
0861 if (endpt->bEndpointAddress == ep)
0862 return alts->desc.bInterfaceNumber;
0863 }
0864 }
0865 }
0866 return -ENOENT;
0867 }
0868
0869 static int check_ctrlrecip(struct usb_dev_state *ps, unsigned int requesttype,
0870 unsigned int request, unsigned int index)
0871 {
0872 int ret = 0;
0873 struct usb_host_interface *alt_setting;
0874
0875 if (ps->dev->state != USB_STATE_UNAUTHENTICATED
0876 && ps->dev->state != USB_STATE_ADDRESS
0877 && ps->dev->state != USB_STATE_CONFIGURED)
0878 return -EHOSTUNREACH;
0879 if (USB_TYPE_VENDOR == (USB_TYPE_MASK & requesttype))
0880 return 0;
0881
0882
0883
0884
0885
0886
0887 if (requesttype == 0xa1 && request == 0) {
0888 alt_setting = usb_find_alt_setting(ps->dev->actconfig,
0889 index >> 8, index & 0xff);
0890 if (alt_setting
0891 && alt_setting->desc.bInterfaceClass == USB_CLASS_PRINTER)
0892 return 0;
0893 }
0894
0895 index &= 0xff;
0896 switch (requesttype & USB_RECIP_MASK) {
0897 case USB_RECIP_ENDPOINT:
0898 if ((index & ~USB_DIR_IN) == 0)
0899 return 0;
0900 ret = findintfep(ps->dev, index);
0901 if (ret < 0) {
0902
0903
0904
0905
0906
0907
0908
0909
0910 ret = findintfep(ps->dev, index ^ 0x80);
0911 if (ret >= 0)
0912 dev_info(&ps->dev->dev,
0913 "%s: process %i (%s) requesting ep %02x but needs %02x\n",
0914 __func__, task_pid_nr(current),
0915 current->comm, index, index ^ 0x80);
0916 }
0917 if (ret >= 0)
0918 ret = checkintf(ps, ret);
0919 break;
0920
0921 case USB_RECIP_INTERFACE:
0922 ret = checkintf(ps, index);
0923 break;
0924 }
0925 return ret;
0926 }
0927
0928 static struct usb_host_endpoint *ep_to_host_endpoint(struct usb_device *dev,
0929 unsigned char ep)
0930 {
0931 if (ep & USB_ENDPOINT_DIR_MASK)
0932 return dev->ep_in[ep & USB_ENDPOINT_NUMBER_MASK];
0933 else
0934 return dev->ep_out[ep & USB_ENDPOINT_NUMBER_MASK];
0935 }
0936
0937 static int parse_usbdevfs_streams(struct usb_dev_state *ps,
0938 struct usbdevfs_streams __user *streams,
0939 unsigned int *num_streams_ret,
0940 unsigned int *num_eps_ret,
0941 struct usb_host_endpoint ***eps_ret,
0942 struct usb_interface **intf_ret)
0943 {
0944 unsigned int i, num_streams, num_eps;
0945 struct usb_host_endpoint **eps;
0946 struct usb_interface *intf = NULL;
0947 unsigned char ep;
0948 int ifnum, ret;
0949
0950 if (get_user(num_streams, &streams->num_streams) ||
0951 get_user(num_eps, &streams->num_eps))
0952 return -EFAULT;
0953
0954 if (num_eps < 1 || num_eps > USB_MAXENDPOINTS)
0955 return -EINVAL;
0956
0957
0958 if (num_streams_ret && (num_streams < 2 || num_streams > 65536))
0959 return -EINVAL;
0960
0961 eps = kmalloc_array(num_eps, sizeof(*eps), GFP_KERNEL);
0962 if (!eps)
0963 return -ENOMEM;
0964
0965 for (i = 0; i < num_eps; i++) {
0966 if (get_user(ep, &streams->eps[i])) {
0967 ret = -EFAULT;
0968 goto error;
0969 }
0970 eps[i] = ep_to_host_endpoint(ps->dev, ep);
0971 if (!eps[i]) {
0972 ret = -EINVAL;
0973 goto error;
0974 }
0975
0976
0977 ifnum = findintfep(ps->dev, ep);
0978 if (ifnum < 0) {
0979 ret = ifnum;
0980 goto error;
0981 }
0982
0983 if (i == 0) {
0984 ret = checkintf(ps, ifnum);
0985 if (ret < 0)
0986 goto error;
0987 intf = usb_ifnum_to_if(ps->dev, ifnum);
0988 } else {
0989
0990 if (ifnum != intf->altsetting->desc.bInterfaceNumber) {
0991 ret = -EINVAL;
0992 goto error;
0993 }
0994 }
0995 }
0996
0997 if (num_streams_ret)
0998 *num_streams_ret = num_streams;
0999 *num_eps_ret = num_eps;
1000 *eps_ret = eps;
1001 *intf_ret = intf;
1002
1003 return 0;
1004
1005 error:
1006 kfree(eps);
1007 return ret;
1008 }
1009
1010 static struct usb_device *usbdev_lookup_by_devt(dev_t devt)
1011 {
1012 struct device *dev;
1013
1014 dev = bus_find_device_by_devt(&usb_bus_type, devt);
1015 if (!dev)
1016 return NULL;
1017 return to_usb_device(dev);
1018 }
1019
1020
1021
1022
1023 static int usbdev_open(struct inode *inode, struct file *file)
1024 {
1025 struct usb_device *dev = NULL;
1026 struct usb_dev_state *ps;
1027 int ret;
1028
1029 ret = -ENOMEM;
1030 ps = kzalloc(sizeof(struct usb_dev_state), GFP_KERNEL);
1031 if (!ps)
1032 goto out_free_ps;
1033
1034 ret = -ENODEV;
1035
1036
1037 if (imajor(inode) == USB_DEVICE_MAJOR)
1038 dev = usbdev_lookup_by_devt(inode->i_rdev);
1039 if (!dev)
1040 goto out_free_ps;
1041
1042 usb_lock_device(dev);
1043 if (dev->state == USB_STATE_NOTATTACHED)
1044 goto out_unlock_device;
1045
1046 ret = usb_autoresume_device(dev);
1047 if (ret)
1048 goto out_unlock_device;
1049
1050 ps->dev = dev;
1051 ps->file = file;
1052 ps->interface_allowed_mask = 0xFFFFFFFF;
1053 spin_lock_init(&ps->lock);
1054 INIT_LIST_HEAD(&ps->list);
1055 INIT_LIST_HEAD(&ps->async_pending);
1056 INIT_LIST_HEAD(&ps->async_completed);
1057 INIT_LIST_HEAD(&ps->memory_list);
1058 init_waitqueue_head(&ps->wait);
1059 init_waitqueue_head(&ps->wait_for_resume);
1060 ps->disc_pid = get_pid(task_pid(current));
1061 ps->cred = get_current_cred();
1062 smp_wmb();
1063
1064
1065 list_add_tail(&ps->list, &dev->filelist);
1066 file->private_data = ps;
1067 usb_unlock_device(dev);
1068 snoop(&dev->dev, "opened by process %d: %s\n", task_pid_nr(current),
1069 current->comm);
1070 return ret;
1071
1072 out_unlock_device:
1073 usb_unlock_device(dev);
1074 usb_put_dev(dev);
1075 out_free_ps:
1076 kfree(ps);
1077 return ret;
1078 }
1079
1080 static int usbdev_release(struct inode *inode, struct file *file)
1081 {
1082 struct usb_dev_state *ps = file->private_data;
1083 struct usb_device *dev = ps->dev;
1084 unsigned int ifnum;
1085 struct async *as;
1086
1087 usb_lock_device(dev);
1088 usb_hub_release_all_ports(dev, ps);
1089
1090
1091 mutex_lock(&usbfs_mutex);
1092 list_del_init(&ps->list);
1093 mutex_unlock(&usbfs_mutex);
1094
1095 for (ifnum = 0; ps->ifclaimed && ifnum < 8*sizeof(ps->ifclaimed);
1096 ifnum++) {
1097 if (test_bit(ifnum, &ps->ifclaimed))
1098 releaseintf(ps, ifnum);
1099 }
1100 destroy_all_async(ps);
1101 if (!ps->suspend_allowed)
1102 usb_autosuspend_device(dev);
1103 usb_unlock_device(dev);
1104 usb_put_dev(dev);
1105 put_pid(ps->disc_pid);
1106 put_cred(ps->cred);
1107
1108 as = async_getcompleted(ps);
1109 while (as) {
1110 free_async(as);
1111 as = async_getcompleted(ps);
1112 }
1113
1114 kfree(ps);
1115 return 0;
1116 }
1117
1118 static void usbfs_blocking_completion(struct urb *urb)
1119 {
1120 complete((struct completion *) urb->context);
1121 }
1122
1123
1124
1125
1126
1127 static int usbfs_start_wait_urb(struct urb *urb, int timeout,
1128 unsigned int *actlen)
1129 {
1130 DECLARE_COMPLETION_ONSTACK(ctx);
1131 unsigned long expire;
1132 int rc;
1133
1134 urb->context = &ctx;
1135 urb->complete = usbfs_blocking_completion;
1136 *actlen = 0;
1137 rc = usb_submit_urb(urb, GFP_KERNEL);
1138 if (unlikely(rc))
1139 return rc;
1140
1141 expire = (timeout ? msecs_to_jiffies(timeout) : MAX_SCHEDULE_TIMEOUT);
1142 rc = wait_for_completion_killable_timeout(&ctx, expire);
1143 if (rc <= 0) {
1144 usb_kill_urb(urb);
1145 *actlen = urb->actual_length;
1146 if (urb->status != -ENOENT)
1147 ;
1148 else if (rc < 0)
1149 return -EINTR;
1150 else
1151 return -ETIMEDOUT;
1152 }
1153 *actlen = urb->actual_length;
1154 return urb->status;
1155 }
1156
1157 static int do_proc_control(struct usb_dev_state *ps,
1158 struct usbdevfs_ctrltransfer *ctrl)
1159 {
1160 struct usb_device *dev = ps->dev;
1161 unsigned int tmo;
1162 unsigned char *tbuf;
1163 unsigned int wLength, actlen;
1164 int i, pipe, ret;
1165 struct urb *urb = NULL;
1166 struct usb_ctrlrequest *dr = NULL;
1167
1168 ret = check_ctrlrecip(ps, ctrl->bRequestType, ctrl->bRequest,
1169 ctrl->wIndex);
1170 if (ret)
1171 return ret;
1172 wLength = ctrl->wLength;
1173 if (wLength > PAGE_SIZE)
1174 return -EINVAL;
1175 ret = usbfs_increase_memory_usage(PAGE_SIZE + sizeof(struct urb) +
1176 sizeof(struct usb_ctrlrequest));
1177 if (ret)
1178 return ret;
1179
1180 ret = -ENOMEM;
1181 tbuf = (unsigned char *)__get_free_page(GFP_KERNEL);
1182 if (!tbuf)
1183 goto done;
1184 urb = usb_alloc_urb(0, GFP_NOIO);
1185 if (!urb)
1186 goto done;
1187 dr = kmalloc(sizeof(struct usb_ctrlrequest), GFP_NOIO);
1188 if (!dr)
1189 goto done;
1190
1191 dr->bRequestType = ctrl->bRequestType;
1192 dr->bRequest = ctrl->bRequest;
1193 dr->wValue = cpu_to_le16(ctrl->wValue);
1194 dr->wIndex = cpu_to_le16(ctrl->wIndex);
1195 dr->wLength = cpu_to_le16(ctrl->wLength);
1196
1197 tmo = ctrl->timeout;
1198 snoop(&dev->dev, "control urb: bRequestType=%02x "
1199 "bRequest=%02x wValue=%04x "
1200 "wIndex=%04x wLength=%04x\n",
1201 ctrl->bRequestType, ctrl->bRequest, ctrl->wValue,
1202 ctrl->wIndex, ctrl->wLength);
1203
1204 if ((ctrl->bRequestType & USB_DIR_IN) && wLength) {
1205 pipe = usb_rcvctrlpipe(dev, 0);
1206 usb_fill_control_urb(urb, dev, pipe, (unsigned char *) dr, tbuf,
1207 wLength, NULL, NULL);
1208 snoop_urb(dev, NULL, pipe, wLength, tmo, SUBMIT, NULL, 0);
1209
1210 usb_unlock_device(dev);
1211 i = usbfs_start_wait_urb(urb, tmo, &actlen);
1212
1213
1214 if (dev->quirks & USB_QUIRK_DELAY_CTRL_MSG)
1215 msleep(200);
1216 usb_lock_device(dev);
1217 snoop_urb(dev, NULL, pipe, actlen, i, COMPLETE, tbuf, actlen);
1218 if (!i && actlen) {
1219 if (copy_to_user(ctrl->data, tbuf, actlen)) {
1220 ret = -EFAULT;
1221 goto done;
1222 }
1223 }
1224 } else {
1225 if (wLength) {
1226 if (copy_from_user(tbuf, ctrl->data, wLength)) {
1227 ret = -EFAULT;
1228 goto done;
1229 }
1230 }
1231 pipe = usb_sndctrlpipe(dev, 0);
1232 usb_fill_control_urb(urb, dev, pipe, (unsigned char *) dr, tbuf,
1233 wLength, NULL, NULL);
1234 snoop_urb(dev, NULL, pipe, wLength, tmo, SUBMIT, tbuf, wLength);
1235
1236 usb_unlock_device(dev);
1237 i = usbfs_start_wait_urb(urb, tmo, &actlen);
1238
1239
1240 if (dev->quirks & USB_QUIRK_DELAY_CTRL_MSG)
1241 msleep(200);
1242 usb_lock_device(dev);
1243 snoop_urb(dev, NULL, pipe, actlen, i, COMPLETE, NULL, 0);
1244 }
1245 if (i < 0 && i != -EPIPE) {
1246 dev_printk(KERN_DEBUG, &dev->dev, "usbfs: USBDEVFS_CONTROL "
1247 "failed cmd %s rqt %u rq %u len %u ret %d\n",
1248 current->comm, ctrl->bRequestType, ctrl->bRequest,
1249 ctrl->wLength, i);
1250 }
1251 ret = (i < 0 ? i : actlen);
1252
1253 done:
1254 kfree(dr);
1255 usb_free_urb(urb);
1256 free_page((unsigned long) tbuf);
1257 usbfs_decrease_memory_usage(PAGE_SIZE + sizeof(struct urb) +
1258 sizeof(struct usb_ctrlrequest));
1259 return ret;
1260 }
1261
1262 static int proc_control(struct usb_dev_state *ps, void __user *arg)
1263 {
1264 struct usbdevfs_ctrltransfer ctrl;
1265
1266 if (copy_from_user(&ctrl, arg, sizeof(ctrl)))
1267 return -EFAULT;
1268 return do_proc_control(ps, &ctrl);
1269 }
1270
1271 static int do_proc_bulk(struct usb_dev_state *ps,
1272 struct usbdevfs_bulktransfer *bulk)
1273 {
1274 struct usb_device *dev = ps->dev;
1275 unsigned int tmo, len1, len2, pipe;
1276 unsigned char *tbuf;
1277 int i, ret;
1278 struct urb *urb = NULL;
1279 struct usb_host_endpoint *ep;
1280
1281 ret = findintfep(ps->dev, bulk->ep);
1282 if (ret < 0)
1283 return ret;
1284 ret = checkintf(ps, ret);
1285 if (ret)
1286 return ret;
1287
1288 len1 = bulk->len;
1289 if (len1 < 0 || len1 >= (INT_MAX - sizeof(struct urb)))
1290 return -EINVAL;
1291
1292 if (bulk->ep & USB_DIR_IN)
1293 pipe = usb_rcvbulkpipe(dev, bulk->ep & 0x7f);
1294 else
1295 pipe = usb_sndbulkpipe(dev, bulk->ep & 0x7f);
1296 ep = usb_pipe_endpoint(dev, pipe);
1297 if (!ep || !usb_endpoint_maxp(&ep->desc))
1298 return -EINVAL;
1299 ret = usbfs_increase_memory_usage(len1 + sizeof(struct urb));
1300 if (ret)
1301 return ret;
1302
1303
1304
1305
1306
1307 ret = -ENOMEM;
1308 tbuf = kmalloc(len1, GFP_KERNEL | __GFP_NOWARN);
1309 if (!tbuf)
1310 goto done;
1311 urb = usb_alloc_urb(0, GFP_KERNEL);
1312 if (!urb)
1313 goto done;
1314
1315 if ((ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) ==
1316 USB_ENDPOINT_XFER_INT) {
1317 pipe = (pipe & ~(3 << 30)) | (PIPE_INTERRUPT << 30);
1318 usb_fill_int_urb(urb, dev, pipe, tbuf, len1,
1319 NULL, NULL, ep->desc.bInterval);
1320 } else {
1321 usb_fill_bulk_urb(urb, dev, pipe, tbuf, len1, NULL, NULL);
1322 }
1323
1324 tmo = bulk->timeout;
1325 if (bulk->ep & 0x80) {
1326 snoop_urb(dev, NULL, pipe, len1, tmo, SUBMIT, NULL, 0);
1327
1328 usb_unlock_device(dev);
1329 i = usbfs_start_wait_urb(urb, tmo, &len2);
1330 usb_lock_device(dev);
1331 snoop_urb(dev, NULL, pipe, len2, i, COMPLETE, tbuf, len2);
1332
1333 if (!i && len2) {
1334 if (copy_to_user(bulk->data, tbuf, len2)) {
1335 ret = -EFAULT;
1336 goto done;
1337 }
1338 }
1339 } else {
1340 if (len1) {
1341 if (copy_from_user(tbuf, bulk->data, len1)) {
1342 ret = -EFAULT;
1343 goto done;
1344 }
1345 }
1346 snoop_urb(dev, NULL, pipe, len1, tmo, SUBMIT, tbuf, len1);
1347
1348 usb_unlock_device(dev);
1349 i = usbfs_start_wait_urb(urb, tmo, &len2);
1350 usb_lock_device(dev);
1351 snoop_urb(dev, NULL, pipe, len2, i, COMPLETE, NULL, 0);
1352 }
1353 ret = (i < 0 ? i : len2);
1354 done:
1355 usb_free_urb(urb);
1356 kfree(tbuf);
1357 usbfs_decrease_memory_usage(len1 + sizeof(struct urb));
1358 return ret;
1359 }
1360
1361 static int proc_bulk(struct usb_dev_state *ps, void __user *arg)
1362 {
1363 struct usbdevfs_bulktransfer bulk;
1364
1365 if (copy_from_user(&bulk, arg, sizeof(bulk)))
1366 return -EFAULT;
1367 return do_proc_bulk(ps, &bulk);
1368 }
1369
1370 static void check_reset_of_active_ep(struct usb_device *udev,
1371 unsigned int epnum, char *ioctl_name)
1372 {
1373 struct usb_host_endpoint **eps;
1374 struct usb_host_endpoint *ep;
1375
1376 eps = (epnum & USB_DIR_IN) ? udev->ep_in : udev->ep_out;
1377 ep = eps[epnum & 0x0f];
1378 if (ep && !list_empty(&ep->urb_list))
1379 dev_warn(&udev->dev, "Process %d (%s) called USBDEVFS_%s for active endpoint 0x%02x\n",
1380 task_pid_nr(current), current->comm,
1381 ioctl_name, epnum);
1382 }
1383
1384 static int proc_resetep(struct usb_dev_state *ps, void __user *arg)
1385 {
1386 unsigned int ep;
1387 int ret;
1388
1389 if (get_user(ep, (unsigned int __user *)arg))
1390 return -EFAULT;
1391 ret = findintfep(ps->dev, ep);
1392 if (ret < 0)
1393 return ret;
1394 ret = checkintf(ps, ret);
1395 if (ret)
1396 return ret;
1397 check_reset_of_active_ep(ps->dev, ep, "RESETEP");
1398 usb_reset_endpoint(ps->dev, ep);
1399 return 0;
1400 }
1401
1402 static int proc_clearhalt(struct usb_dev_state *ps, void __user *arg)
1403 {
1404 unsigned int ep;
1405 int pipe;
1406 int ret;
1407
1408 if (get_user(ep, (unsigned int __user *)arg))
1409 return -EFAULT;
1410 ret = findintfep(ps->dev, ep);
1411 if (ret < 0)
1412 return ret;
1413 ret = checkintf(ps, ret);
1414 if (ret)
1415 return ret;
1416 check_reset_of_active_ep(ps->dev, ep, "CLEAR_HALT");
1417 if (ep & USB_DIR_IN)
1418 pipe = usb_rcvbulkpipe(ps->dev, ep & 0x7f);
1419 else
1420 pipe = usb_sndbulkpipe(ps->dev, ep & 0x7f);
1421
1422 return usb_clear_halt(ps->dev, pipe);
1423 }
1424
1425 static int proc_getdriver(struct usb_dev_state *ps, void __user *arg)
1426 {
1427 struct usbdevfs_getdriver gd;
1428 struct usb_interface *intf;
1429 int ret;
1430
1431 if (copy_from_user(&gd, arg, sizeof(gd)))
1432 return -EFAULT;
1433 intf = usb_ifnum_to_if(ps->dev, gd.interface);
1434 if (!intf || !intf->dev.driver)
1435 ret = -ENODATA;
1436 else {
1437 strlcpy(gd.driver, intf->dev.driver->name,
1438 sizeof(gd.driver));
1439 ret = (copy_to_user(arg, &gd, sizeof(gd)) ? -EFAULT : 0);
1440 }
1441 return ret;
1442 }
1443
1444 static int proc_connectinfo(struct usb_dev_state *ps, void __user *arg)
1445 {
1446 struct usbdevfs_connectinfo ci;
1447
1448 memset(&ci, 0, sizeof(ci));
1449 ci.devnum = ps->dev->devnum;
1450 ci.slow = ps->dev->speed == USB_SPEED_LOW;
1451
1452 if (copy_to_user(arg, &ci, sizeof(ci)))
1453 return -EFAULT;
1454 return 0;
1455 }
1456
1457 static int proc_conninfo_ex(struct usb_dev_state *ps,
1458 void __user *arg, size_t size)
1459 {
1460 struct usbdevfs_conninfo_ex ci;
1461 struct usb_device *udev = ps->dev;
1462
1463 if (size < sizeof(ci.size))
1464 return -EINVAL;
1465
1466 memset(&ci, 0, sizeof(ci));
1467 ci.size = sizeof(ci);
1468 ci.busnum = udev->bus->busnum;
1469 ci.devnum = udev->devnum;
1470 ci.speed = udev->speed;
1471
1472 while (udev && udev->portnum != 0) {
1473 if (++ci.num_ports <= ARRAY_SIZE(ci.ports))
1474 ci.ports[ARRAY_SIZE(ci.ports) - ci.num_ports] =
1475 udev->portnum;
1476 udev = udev->parent;
1477 }
1478
1479 if (ci.num_ports < ARRAY_SIZE(ci.ports))
1480 memmove(&ci.ports[0],
1481 &ci.ports[ARRAY_SIZE(ci.ports) - ci.num_ports],
1482 ci.num_ports);
1483
1484 if (copy_to_user(arg, &ci, min(sizeof(ci), size)))
1485 return -EFAULT;
1486
1487 return 0;
1488 }
1489
1490 static int proc_resetdevice(struct usb_dev_state *ps)
1491 {
1492 struct usb_host_config *actconfig = ps->dev->actconfig;
1493 struct usb_interface *interface;
1494 int i, number;
1495
1496
1497
1498
1499
1500 if (ps->privileges_dropped && actconfig) {
1501 for (i = 0; i < actconfig->desc.bNumInterfaces; ++i) {
1502 interface = actconfig->interface[i];
1503 number = interface->cur_altsetting->desc.bInterfaceNumber;
1504 if (usb_interface_claimed(interface) &&
1505 !test_bit(number, &ps->ifclaimed)) {
1506 dev_warn(&ps->dev->dev,
1507 "usbfs: interface %d claimed by %s while '%s' resets device\n",
1508 number, interface->dev.driver->name, current->comm);
1509 return -EACCES;
1510 }
1511 }
1512 }
1513
1514 return usb_reset_device(ps->dev);
1515 }
1516
1517 static int proc_setintf(struct usb_dev_state *ps, void __user *arg)
1518 {
1519 struct usbdevfs_setinterface setintf;
1520 int ret;
1521
1522 if (copy_from_user(&setintf, arg, sizeof(setintf)))
1523 return -EFAULT;
1524 ret = checkintf(ps, setintf.interface);
1525 if (ret)
1526 return ret;
1527
1528 destroy_async_on_interface(ps, setintf.interface);
1529
1530 return usb_set_interface(ps->dev, setintf.interface,
1531 setintf.altsetting);
1532 }
1533
1534 static int proc_setconfig(struct usb_dev_state *ps, void __user *arg)
1535 {
1536 int u;
1537 int status = 0;
1538 struct usb_host_config *actconfig;
1539
1540 if (get_user(u, (int __user *)arg))
1541 return -EFAULT;
1542
1543 actconfig = ps->dev->actconfig;
1544
1545
1546
1547
1548
1549 if (actconfig) {
1550 int i;
1551
1552 for (i = 0; i < actconfig->desc.bNumInterfaces; ++i) {
1553 if (usb_interface_claimed(actconfig->interface[i])) {
1554 dev_warn(&ps->dev->dev,
1555 "usbfs: interface %d claimed by %s "
1556 "while '%s' sets config #%d\n",
1557 actconfig->interface[i]
1558 ->cur_altsetting
1559 ->desc.bInterfaceNumber,
1560 actconfig->interface[i]
1561 ->dev.driver->name,
1562 current->comm, u);
1563 status = -EBUSY;
1564 break;
1565 }
1566 }
1567 }
1568
1569
1570
1571
1572 if (status == 0) {
1573 if (actconfig && actconfig->desc.bConfigurationValue == u)
1574 status = usb_reset_configuration(ps->dev);
1575 else
1576 status = usb_set_configuration(ps->dev, u);
1577 }
1578
1579 return status;
1580 }
1581
1582 static struct usb_memory *
1583 find_memory_area(struct usb_dev_state *ps, const struct usbdevfs_urb *uurb)
1584 {
1585 struct usb_memory *usbm = NULL, *iter;
1586 unsigned long flags;
1587 unsigned long uurb_start = (unsigned long)uurb->buffer;
1588
1589 spin_lock_irqsave(&ps->lock, flags);
1590 list_for_each_entry(iter, &ps->memory_list, memlist) {
1591 if (uurb_start >= iter->vm_start &&
1592 uurb_start < iter->vm_start + iter->size) {
1593 if (uurb->buffer_length > iter->vm_start + iter->size -
1594 uurb_start) {
1595 usbm = ERR_PTR(-EINVAL);
1596 } else {
1597 usbm = iter;
1598 usbm->urb_use_count++;
1599 }
1600 break;
1601 }
1602 }
1603 spin_unlock_irqrestore(&ps->lock, flags);
1604 return usbm;
1605 }
1606
1607 static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb,
1608 struct usbdevfs_iso_packet_desc __user *iso_frame_desc,
1609 void __user *arg, sigval_t userurb_sigval)
1610 {
1611 struct usbdevfs_iso_packet_desc *isopkt = NULL;
1612 struct usb_host_endpoint *ep;
1613 struct async *as = NULL;
1614 struct usb_ctrlrequest *dr = NULL;
1615 unsigned int u, totlen, isofrmlen;
1616 int i, ret, num_sgs = 0, ifnum = -1;
1617 int number_of_packets = 0;
1618 unsigned int stream_id = 0;
1619 void *buf;
1620 bool is_in;
1621 bool allow_short = false;
1622 bool allow_zero = false;
1623 unsigned long mask = USBDEVFS_URB_SHORT_NOT_OK |
1624 USBDEVFS_URB_BULK_CONTINUATION |
1625 USBDEVFS_URB_NO_FSBR |
1626 USBDEVFS_URB_ZERO_PACKET |
1627 USBDEVFS_URB_NO_INTERRUPT;
1628
1629 if (uurb->type == USBDEVFS_URB_TYPE_ISO)
1630 mask |= USBDEVFS_URB_ISO_ASAP;
1631
1632 if (uurb->flags & ~mask)
1633 return -EINVAL;
1634
1635 if ((unsigned int)uurb->buffer_length >= USBFS_XFER_MAX)
1636 return -EINVAL;
1637 if (uurb->buffer_length > 0 && !uurb->buffer)
1638 return -EINVAL;
1639 if (!(uurb->type == USBDEVFS_URB_TYPE_CONTROL &&
1640 (uurb->endpoint & ~USB_ENDPOINT_DIR_MASK) == 0)) {
1641 ifnum = findintfep(ps->dev, uurb->endpoint);
1642 if (ifnum < 0)
1643 return ifnum;
1644 ret = checkintf(ps, ifnum);
1645 if (ret)
1646 return ret;
1647 }
1648 ep = ep_to_host_endpoint(ps->dev, uurb->endpoint);
1649 if (!ep)
1650 return -ENOENT;
1651 is_in = (uurb->endpoint & USB_ENDPOINT_DIR_MASK) != 0;
1652
1653 u = 0;
1654 switch (uurb->type) {
1655 case USBDEVFS_URB_TYPE_CONTROL:
1656 if (!usb_endpoint_xfer_control(&ep->desc))
1657 return -EINVAL;
1658
1659 if (uurb->buffer_length < 8)
1660 return -EINVAL;
1661 dr = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
1662 if (!dr)
1663 return -ENOMEM;
1664 if (copy_from_user(dr, uurb->buffer, 8)) {
1665 ret = -EFAULT;
1666 goto error;
1667 }
1668 if (uurb->buffer_length < (le16_to_cpu(dr->wLength) + 8)) {
1669 ret = -EINVAL;
1670 goto error;
1671 }
1672 ret = check_ctrlrecip(ps, dr->bRequestType, dr->bRequest,
1673 le16_to_cpu(dr->wIndex));
1674 if (ret)
1675 goto error;
1676 uurb->buffer_length = le16_to_cpu(dr->wLength);
1677 uurb->buffer += 8;
1678 if ((dr->bRequestType & USB_DIR_IN) && uurb->buffer_length) {
1679 is_in = true;
1680 uurb->endpoint |= USB_DIR_IN;
1681 } else {
1682 is_in = false;
1683 uurb->endpoint &= ~USB_DIR_IN;
1684 }
1685 if (is_in)
1686 allow_short = true;
1687 snoop(&ps->dev->dev, "control urb: bRequestType=%02x "
1688 "bRequest=%02x wValue=%04x "
1689 "wIndex=%04x wLength=%04x\n",
1690 dr->bRequestType, dr->bRequest,
1691 __le16_to_cpu(dr->wValue),
1692 __le16_to_cpu(dr->wIndex),
1693 __le16_to_cpu(dr->wLength));
1694 u = sizeof(struct usb_ctrlrequest);
1695 break;
1696
1697 case USBDEVFS_URB_TYPE_BULK:
1698 if (!is_in)
1699 allow_zero = true;
1700 else
1701 allow_short = true;
1702 switch (usb_endpoint_type(&ep->desc)) {
1703 case USB_ENDPOINT_XFER_CONTROL:
1704 case USB_ENDPOINT_XFER_ISOC:
1705 return -EINVAL;
1706 case USB_ENDPOINT_XFER_INT:
1707
1708 uurb->type = USBDEVFS_URB_TYPE_INTERRUPT;
1709 goto interrupt_urb;
1710 }
1711 num_sgs = DIV_ROUND_UP(uurb->buffer_length, USB_SG_SIZE);
1712 if (num_sgs == 1 || num_sgs > ps->dev->bus->sg_tablesize)
1713 num_sgs = 0;
1714 if (ep->streams)
1715 stream_id = uurb->stream_id;
1716 break;
1717
1718 case USBDEVFS_URB_TYPE_INTERRUPT:
1719 if (!usb_endpoint_xfer_int(&ep->desc))
1720 return -EINVAL;
1721 interrupt_urb:
1722 if (!is_in)
1723 allow_zero = true;
1724 else
1725 allow_short = true;
1726 break;
1727
1728 case USBDEVFS_URB_TYPE_ISO:
1729
1730 if (uurb->number_of_packets < 1 ||
1731 uurb->number_of_packets > 128)
1732 return -EINVAL;
1733 if (!usb_endpoint_xfer_isoc(&ep->desc))
1734 return -EINVAL;
1735 number_of_packets = uurb->number_of_packets;
1736 isofrmlen = sizeof(struct usbdevfs_iso_packet_desc) *
1737 number_of_packets;
1738 isopkt = memdup_user(iso_frame_desc, isofrmlen);
1739 if (IS_ERR(isopkt)) {
1740 ret = PTR_ERR(isopkt);
1741 isopkt = NULL;
1742 goto error;
1743 }
1744 for (totlen = u = 0; u < number_of_packets; u++) {
1745
1746
1747
1748
1749 if (isopkt[u].length > 98304) {
1750 ret = -EINVAL;
1751 goto error;
1752 }
1753 totlen += isopkt[u].length;
1754 }
1755 u *= sizeof(struct usb_iso_packet_descriptor);
1756 uurb->buffer_length = totlen;
1757 break;
1758
1759 default:
1760 return -EINVAL;
1761 }
1762
1763 if (uurb->buffer_length > 0 &&
1764 !access_ok(uurb->buffer, uurb->buffer_length)) {
1765 ret = -EFAULT;
1766 goto error;
1767 }
1768 as = alloc_async(number_of_packets);
1769 if (!as) {
1770 ret = -ENOMEM;
1771 goto error;
1772 }
1773
1774 as->usbm = find_memory_area(ps, uurb);
1775 if (IS_ERR(as->usbm)) {
1776 ret = PTR_ERR(as->usbm);
1777 as->usbm = NULL;
1778 goto error;
1779 }
1780
1781
1782
1783
1784 if (as->usbm)
1785 num_sgs = 0;
1786
1787 u += sizeof(struct async) + sizeof(struct urb) +
1788 (as->usbm ? 0 : uurb->buffer_length) +
1789 num_sgs * sizeof(struct scatterlist);
1790 ret = usbfs_increase_memory_usage(u);
1791 if (ret)
1792 goto error;
1793 as->mem_usage = u;
1794
1795 if (num_sgs) {
1796 as->urb->sg = kmalloc_array(num_sgs,
1797 sizeof(struct scatterlist),
1798 GFP_KERNEL | __GFP_NOWARN);
1799 if (!as->urb->sg) {
1800 ret = -ENOMEM;
1801 goto error;
1802 }
1803 as->urb->num_sgs = num_sgs;
1804 sg_init_table(as->urb->sg, as->urb->num_sgs);
1805
1806 totlen = uurb->buffer_length;
1807 for (i = 0; i < as->urb->num_sgs; i++) {
1808 u = (totlen > USB_SG_SIZE) ? USB_SG_SIZE : totlen;
1809 buf = kmalloc(u, GFP_KERNEL);
1810 if (!buf) {
1811 ret = -ENOMEM;
1812 goto error;
1813 }
1814 sg_set_buf(&as->urb->sg[i], buf, u);
1815
1816 if (!is_in) {
1817 if (copy_from_user(buf, uurb->buffer, u)) {
1818 ret = -EFAULT;
1819 goto error;
1820 }
1821 uurb->buffer += u;
1822 }
1823 totlen -= u;
1824 }
1825 } else if (uurb->buffer_length > 0) {
1826 if (as->usbm) {
1827 unsigned long uurb_start = (unsigned long)uurb->buffer;
1828
1829 as->urb->transfer_buffer = as->usbm->mem +
1830 (uurb_start - as->usbm->vm_start);
1831 } else {
1832 as->urb->transfer_buffer = kmalloc(uurb->buffer_length,
1833 GFP_KERNEL | __GFP_NOWARN);
1834 if (!as->urb->transfer_buffer) {
1835 ret = -ENOMEM;
1836 goto error;
1837 }
1838 if (!is_in) {
1839 if (copy_from_user(as->urb->transfer_buffer,
1840 uurb->buffer,
1841 uurb->buffer_length)) {
1842 ret = -EFAULT;
1843 goto error;
1844 }
1845 } else if (uurb->type == USBDEVFS_URB_TYPE_ISO) {
1846
1847
1848
1849
1850
1851
1852 memset(as->urb->transfer_buffer, 0,
1853 uurb->buffer_length);
1854 }
1855 }
1856 }
1857 as->urb->dev = ps->dev;
1858 as->urb->pipe = (uurb->type << 30) |
1859 __create_pipe(ps->dev, uurb->endpoint & 0xf) |
1860 (uurb->endpoint & USB_DIR_IN);
1861
1862
1863
1864
1865
1866 u = (is_in ? URB_DIR_IN : URB_DIR_OUT);
1867 if (uurb->flags & USBDEVFS_URB_ISO_ASAP)
1868 u |= URB_ISO_ASAP;
1869 if (allow_short && uurb->flags & USBDEVFS_URB_SHORT_NOT_OK)
1870 u |= URB_SHORT_NOT_OK;
1871 if (allow_zero && uurb->flags & USBDEVFS_URB_ZERO_PACKET)
1872 u |= URB_ZERO_PACKET;
1873 if (uurb->flags & USBDEVFS_URB_NO_INTERRUPT)
1874 u |= URB_NO_INTERRUPT;
1875 as->urb->transfer_flags = u;
1876
1877 if (!allow_short && uurb->flags & USBDEVFS_URB_SHORT_NOT_OK)
1878 dev_warn(&ps->dev->dev, "Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.\n");
1879 if (!allow_zero && uurb->flags & USBDEVFS_URB_ZERO_PACKET)
1880 dev_warn(&ps->dev->dev, "Requested nonsensical USBDEVFS_URB_ZERO_PACKET.\n");
1881
1882 as->urb->transfer_buffer_length = uurb->buffer_length;
1883 as->urb->setup_packet = (unsigned char *)dr;
1884 dr = NULL;
1885 as->urb->start_frame = uurb->start_frame;
1886 as->urb->number_of_packets = number_of_packets;
1887 as->urb->stream_id = stream_id;
1888
1889 if (ep->desc.bInterval) {
1890 if (uurb->type == USBDEVFS_URB_TYPE_ISO ||
1891 ps->dev->speed == USB_SPEED_HIGH ||
1892 ps->dev->speed >= USB_SPEED_SUPER)
1893 as->urb->interval = 1 <<
1894 min(15, ep->desc.bInterval - 1);
1895 else
1896 as->urb->interval = ep->desc.bInterval;
1897 }
1898
1899 as->urb->context = as;
1900 as->urb->complete = async_completed;
1901 for (totlen = u = 0; u < number_of_packets; u++) {
1902 as->urb->iso_frame_desc[u].offset = totlen;
1903 as->urb->iso_frame_desc[u].length = isopkt[u].length;
1904 totlen += isopkt[u].length;
1905 }
1906 kfree(isopkt);
1907 isopkt = NULL;
1908 as->ps = ps;
1909 as->userurb = arg;
1910 as->userurb_sigval = userurb_sigval;
1911 if (as->usbm) {
1912 unsigned long uurb_start = (unsigned long)uurb->buffer;
1913
1914 as->urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
1915 as->urb->transfer_dma = as->usbm->dma_handle +
1916 (uurb_start - as->usbm->vm_start);
1917 } else if (is_in && uurb->buffer_length > 0)
1918 as->userbuffer = uurb->buffer;
1919 as->signr = uurb->signr;
1920 as->ifnum = ifnum;
1921 as->pid = get_pid(task_pid(current));
1922 as->cred = get_current_cred();
1923 snoop_urb(ps->dev, as->userurb, as->urb->pipe,
1924 as->urb->transfer_buffer_length, 0, SUBMIT,
1925 NULL, 0);
1926 if (!is_in)
1927 snoop_urb_data(as->urb, as->urb->transfer_buffer_length);
1928
1929 async_newpending(as);
1930
1931 if (usb_endpoint_xfer_bulk(&ep->desc)) {
1932 spin_lock_irq(&ps->lock);
1933
1934
1935
1936
1937
1938 as->bulk_addr = usb_endpoint_num(&ep->desc) |
1939 ((ep->desc.bEndpointAddress & USB_ENDPOINT_DIR_MASK)
1940 >> 3);
1941
1942
1943
1944
1945 if (uurb->flags & USBDEVFS_URB_BULK_CONTINUATION)
1946 as->bulk_status = AS_CONTINUATION;
1947 else
1948 ps->disabled_bulk_eps &= ~(1 << as->bulk_addr);
1949
1950
1951
1952
1953 if (ps->disabled_bulk_eps & (1 << as->bulk_addr))
1954 ret = -EREMOTEIO;
1955 else
1956 ret = usb_submit_urb(as->urb, GFP_ATOMIC);
1957 spin_unlock_irq(&ps->lock);
1958 } else {
1959 ret = usb_submit_urb(as->urb, GFP_KERNEL);
1960 }
1961
1962 if (ret) {
1963 dev_printk(KERN_DEBUG, &ps->dev->dev,
1964 "usbfs: usb_submit_urb returned %d\n", ret);
1965 snoop_urb(ps->dev, as->userurb, as->urb->pipe,
1966 0, ret, COMPLETE, NULL, 0);
1967 async_removepending(as);
1968 goto error;
1969 }
1970 return 0;
1971
1972 error:
1973 kfree(isopkt);
1974 kfree(dr);
1975 if (as)
1976 free_async(as);
1977 return ret;
1978 }
1979
1980 static int proc_submiturb(struct usb_dev_state *ps, void __user *arg)
1981 {
1982 struct usbdevfs_urb uurb;
1983 sigval_t userurb_sigval;
1984
1985 if (copy_from_user(&uurb, arg, sizeof(uurb)))
1986 return -EFAULT;
1987
1988 memset(&userurb_sigval, 0, sizeof(userurb_sigval));
1989 userurb_sigval.sival_ptr = arg;
1990
1991 return proc_do_submiturb(ps, &uurb,
1992 (((struct usbdevfs_urb __user *)arg)->iso_frame_desc),
1993 arg, userurb_sigval);
1994 }
1995
1996 static int proc_unlinkurb(struct usb_dev_state *ps, void __user *arg)
1997 {
1998 struct urb *urb;
1999 struct async *as;
2000 unsigned long flags;
2001
2002 spin_lock_irqsave(&ps->lock, flags);
2003 as = async_getpending(ps, arg);
2004 if (!as) {
2005 spin_unlock_irqrestore(&ps->lock, flags);
2006 return -EINVAL;
2007 }
2008
2009 urb = as->urb;
2010 usb_get_urb(urb);
2011 spin_unlock_irqrestore(&ps->lock, flags);
2012
2013 usb_kill_urb(urb);
2014 usb_put_urb(urb);
2015
2016 return 0;
2017 }
2018
2019 static void compute_isochronous_actual_length(struct urb *urb)
2020 {
2021 unsigned int i;
2022
2023 if (urb->number_of_packets > 0) {
2024 urb->actual_length = 0;
2025 for (i = 0; i < urb->number_of_packets; i++)
2026 urb->actual_length +=
2027 urb->iso_frame_desc[i].actual_length;
2028 }
2029 }
2030
2031 static int processcompl(struct async *as, void __user * __user *arg)
2032 {
2033 struct urb *urb = as->urb;
2034 struct usbdevfs_urb __user *userurb = as->userurb;
2035 void __user *addr = as->userurb;
2036 unsigned int i;
2037
2038 compute_isochronous_actual_length(urb);
2039 if (as->userbuffer && urb->actual_length) {
2040 if (copy_urb_data_to_user(as->userbuffer, urb))
2041 goto err_out;
2042 }
2043 if (put_user(as->status, &userurb->status))
2044 goto err_out;
2045 if (put_user(urb->actual_length, &userurb->actual_length))
2046 goto err_out;
2047 if (put_user(urb->error_count, &userurb->error_count))
2048 goto err_out;
2049
2050 if (usb_endpoint_xfer_isoc(&urb->ep->desc)) {
2051 for (i = 0; i < urb->number_of_packets; i++) {
2052 if (put_user(urb->iso_frame_desc[i].actual_length,
2053 &userurb->iso_frame_desc[i].actual_length))
2054 goto err_out;
2055 if (put_user(urb->iso_frame_desc[i].status,
2056 &userurb->iso_frame_desc[i].status))
2057 goto err_out;
2058 }
2059 }
2060
2061 if (put_user(addr, (void __user * __user *)arg))
2062 return -EFAULT;
2063 return 0;
2064
2065 err_out:
2066 return -EFAULT;
2067 }
2068
2069 static struct async *reap_as(struct usb_dev_state *ps)
2070 {
2071 DECLARE_WAITQUEUE(wait, current);
2072 struct async *as = NULL;
2073 struct usb_device *dev = ps->dev;
2074
2075 add_wait_queue(&ps->wait, &wait);
2076 for (;;) {
2077 __set_current_state(TASK_INTERRUPTIBLE);
2078 as = async_getcompleted(ps);
2079 if (as || !connected(ps))
2080 break;
2081 if (signal_pending(current))
2082 break;
2083 usb_unlock_device(dev);
2084 schedule();
2085 usb_lock_device(dev);
2086 }
2087 remove_wait_queue(&ps->wait, &wait);
2088 set_current_state(TASK_RUNNING);
2089 return as;
2090 }
2091
2092 static int proc_reapurb(struct usb_dev_state *ps, void __user *arg)
2093 {
2094 struct async *as = reap_as(ps);
2095
2096 if (as) {
2097 int retval;
2098
2099 snoop(&ps->dev->dev, "reap %px\n", as->userurb);
2100 retval = processcompl(as, (void __user * __user *)arg);
2101 free_async(as);
2102 return retval;
2103 }
2104 if (signal_pending(current))
2105 return -EINTR;
2106 return -ENODEV;
2107 }
2108
2109 static int proc_reapurbnonblock(struct usb_dev_state *ps, void __user *arg)
2110 {
2111 int retval;
2112 struct async *as;
2113
2114 as = async_getcompleted(ps);
2115 if (as) {
2116 snoop(&ps->dev->dev, "reap %px\n", as->userurb);
2117 retval = processcompl(as, (void __user * __user *)arg);
2118 free_async(as);
2119 } else {
2120 retval = (connected(ps) ? -EAGAIN : -ENODEV);
2121 }
2122 return retval;
2123 }
2124
2125 #ifdef CONFIG_COMPAT
2126 static int proc_control_compat(struct usb_dev_state *ps,
2127 struct usbdevfs_ctrltransfer32 __user *p32)
2128 {
2129 struct usbdevfs_ctrltransfer ctrl;
2130 u32 udata;
2131
2132 if (copy_from_user(&ctrl, p32, sizeof(*p32) - sizeof(compat_caddr_t)) ||
2133 get_user(udata, &p32->data))
2134 return -EFAULT;
2135 ctrl.data = compat_ptr(udata);
2136 return do_proc_control(ps, &ctrl);
2137 }
2138
2139 static int proc_bulk_compat(struct usb_dev_state *ps,
2140 struct usbdevfs_bulktransfer32 __user *p32)
2141 {
2142 struct usbdevfs_bulktransfer bulk;
2143 compat_caddr_t addr;
2144
2145 if (get_user(bulk.ep, &p32->ep) ||
2146 get_user(bulk.len, &p32->len) ||
2147 get_user(bulk.timeout, &p32->timeout) ||
2148 get_user(addr, &p32->data))
2149 return -EFAULT;
2150 bulk.data = compat_ptr(addr);
2151 return do_proc_bulk(ps, &bulk);
2152 }
2153
2154 static int proc_disconnectsignal_compat(struct usb_dev_state *ps, void __user *arg)
2155 {
2156 struct usbdevfs_disconnectsignal32 ds;
2157
2158 if (copy_from_user(&ds, arg, sizeof(ds)))
2159 return -EFAULT;
2160 ps->discsignr = ds.signr;
2161 ps->disccontext.sival_int = ds.context;
2162 return 0;
2163 }
2164
2165 static int get_urb32(struct usbdevfs_urb *kurb,
2166 struct usbdevfs_urb32 __user *uurb)
2167 {
2168 struct usbdevfs_urb32 urb32;
2169 if (copy_from_user(&urb32, uurb, sizeof(*uurb)))
2170 return -EFAULT;
2171 kurb->type = urb32.type;
2172 kurb->endpoint = urb32.endpoint;
2173 kurb->status = urb32.status;
2174 kurb->flags = urb32.flags;
2175 kurb->buffer = compat_ptr(urb32.buffer);
2176 kurb->buffer_length = urb32.buffer_length;
2177 kurb->actual_length = urb32.actual_length;
2178 kurb->start_frame = urb32.start_frame;
2179 kurb->number_of_packets = urb32.number_of_packets;
2180 kurb->error_count = urb32.error_count;
2181 kurb->signr = urb32.signr;
2182 kurb->usercontext = compat_ptr(urb32.usercontext);
2183 return 0;
2184 }
2185
2186 static int proc_submiturb_compat(struct usb_dev_state *ps, void __user *arg)
2187 {
2188 struct usbdevfs_urb uurb;
2189 sigval_t userurb_sigval;
2190
2191 if (get_urb32(&uurb, (struct usbdevfs_urb32 __user *)arg))
2192 return -EFAULT;
2193
2194 memset(&userurb_sigval, 0, sizeof(userurb_sigval));
2195 userurb_sigval.sival_int = ptr_to_compat(arg);
2196
2197 return proc_do_submiturb(ps, &uurb,
2198 ((struct usbdevfs_urb32 __user *)arg)->iso_frame_desc,
2199 arg, userurb_sigval);
2200 }
2201
2202 static int processcompl_compat(struct async *as, void __user * __user *arg)
2203 {
2204 struct urb *urb = as->urb;
2205 struct usbdevfs_urb32 __user *userurb = as->userurb;
2206 void __user *addr = as->userurb;
2207 unsigned int i;
2208
2209 compute_isochronous_actual_length(urb);
2210 if (as->userbuffer && urb->actual_length) {
2211 if (copy_urb_data_to_user(as->userbuffer, urb))
2212 return -EFAULT;
2213 }
2214 if (put_user(as->status, &userurb->status))
2215 return -EFAULT;
2216 if (put_user(urb->actual_length, &userurb->actual_length))
2217 return -EFAULT;
2218 if (put_user(urb->error_count, &userurb->error_count))
2219 return -EFAULT;
2220
2221 if (usb_endpoint_xfer_isoc(&urb->ep->desc)) {
2222 for (i = 0; i < urb->number_of_packets; i++) {
2223 if (put_user(urb->iso_frame_desc[i].actual_length,
2224 &userurb->iso_frame_desc[i].actual_length))
2225 return -EFAULT;
2226 if (put_user(urb->iso_frame_desc[i].status,
2227 &userurb->iso_frame_desc[i].status))
2228 return -EFAULT;
2229 }
2230 }
2231
2232 if (put_user(ptr_to_compat(addr), (u32 __user *)arg))
2233 return -EFAULT;
2234 return 0;
2235 }
2236
2237 static int proc_reapurb_compat(struct usb_dev_state *ps, void __user *arg)
2238 {
2239 struct async *as = reap_as(ps);
2240
2241 if (as) {
2242 int retval;
2243
2244 snoop(&ps->dev->dev, "reap %px\n", as->userurb);
2245 retval = processcompl_compat(as, (void __user * __user *)arg);
2246 free_async(as);
2247 return retval;
2248 }
2249 if (signal_pending(current))
2250 return -EINTR;
2251 return -ENODEV;
2252 }
2253
2254 static int proc_reapurbnonblock_compat(struct usb_dev_state *ps, void __user *arg)
2255 {
2256 int retval;
2257 struct async *as;
2258
2259 as = async_getcompleted(ps);
2260 if (as) {
2261 snoop(&ps->dev->dev, "reap %px\n", as->userurb);
2262 retval = processcompl_compat(as, (void __user * __user *)arg);
2263 free_async(as);
2264 } else {
2265 retval = (connected(ps) ? -EAGAIN : -ENODEV);
2266 }
2267 return retval;
2268 }
2269
2270
2271 #endif
2272
2273 static int proc_disconnectsignal(struct usb_dev_state *ps, void __user *arg)
2274 {
2275 struct usbdevfs_disconnectsignal ds;
2276
2277 if (copy_from_user(&ds, arg, sizeof(ds)))
2278 return -EFAULT;
2279 ps->discsignr = ds.signr;
2280 ps->disccontext.sival_ptr = ds.context;
2281 return 0;
2282 }
2283
2284 static int proc_claiminterface(struct usb_dev_state *ps, void __user *arg)
2285 {
2286 unsigned int ifnum;
2287
2288 if (get_user(ifnum, (unsigned int __user *)arg))
2289 return -EFAULT;
2290 return claimintf(ps, ifnum);
2291 }
2292
2293 static int proc_releaseinterface(struct usb_dev_state *ps, void __user *arg)
2294 {
2295 unsigned int ifnum;
2296 int ret;
2297
2298 if (get_user(ifnum, (unsigned int __user *)arg))
2299 return -EFAULT;
2300 ret = releaseintf(ps, ifnum);
2301 if (ret < 0)
2302 return ret;
2303 destroy_async_on_interface(ps, ifnum);
2304 return 0;
2305 }
2306
2307 static int proc_ioctl(struct usb_dev_state *ps, struct usbdevfs_ioctl *ctl)
2308 {
2309 int size;
2310 void *buf = NULL;
2311 int retval = 0;
2312 struct usb_interface *intf = NULL;
2313 struct usb_driver *driver = NULL;
2314
2315 if (ps->privileges_dropped)
2316 return -EACCES;
2317
2318 if (!connected(ps))
2319 return -ENODEV;
2320
2321
2322 size = _IOC_SIZE(ctl->ioctl_code);
2323 if (size > 0) {
2324 buf = kmalloc(size, GFP_KERNEL);
2325 if (buf == NULL)
2326 return -ENOMEM;
2327 if ((_IOC_DIR(ctl->ioctl_code) & _IOC_WRITE)) {
2328 if (copy_from_user(buf, ctl->data, size)) {
2329 kfree(buf);
2330 return -EFAULT;
2331 }
2332 } else {
2333 memset(buf, 0, size);
2334 }
2335 }
2336
2337 if (ps->dev->state != USB_STATE_CONFIGURED)
2338 retval = -EHOSTUNREACH;
2339 else if (!(intf = usb_ifnum_to_if(ps->dev, ctl->ifno)))
2340 retval = -EINVAL;
2341 else switch (ctl->ioctl_code) {
2342
2343
2344 case USBDEVFS_DISCONNECT:
2345 if (intf->dev.driver) {
2346 driver = to_usb_driver(intf->dev.driver);
2347 dev_dbg(&intf->dev, "disconnect by usbfs\n");
2348 usb_driver_release_interface(driver, intf);
2349 } else
2350 retval = -ENODATA;
2351 break;
2352
2353
2354 case USBDEVFS_CONNECT:
2355 if (!intf->dev.driver)
2356 retval = device_attach(&intf->dev);
2357 else
2358 retval = -EBUSY;
2359 break;
2360
2361
2362 default:
2363 if (intf->dev.driver)
2364 driver = to_usb_driver(intf->dev.driver);
2365 if (driver == NULL || driver->unlocked_ioctl == NULL) {
2366 retval = -ENOTTY;
2367 } else {
2368 retval = driver->unlocked_ioctl(intf, ctl->ioctl_code, buf);
2369 if (retval == -ENOIOCTLCMD)
2370 retval = -ENOTTY;
2371 }
2372 }
2373
2374
2375 if (retval >= 0
2376 && (_IOC_DIR(ctl->ioctl_code) & _IOC_READ) != 0
2377 && size > 0
2378 && copy_to_user(ctl->data, buf, size) != 0)
2379 retval = -EFAULT;
2380
2381 kfree(buf);
2382 return retval;
2383 }
2384
2385 static int proc_ioctl_default(struct usb_dev_state *ps, void __user *arg)
2386 {
2387 struct usbdevfs_ioctl ctrl;
2388
2389 if (copy_from_user(&ctrl, arg, sizeof(ctrl)))
2390 return -EFAULT;
2391 return proc_ioctl(ps, &ctrl);
2392 }
2393
2394 #ifdef CONFIG_COMPAT
2395 static int proc_ioctl_compat(struct usb_dev_state *ps, compat_uptr_t arg)
2396 {
2397 struct usbdevfs_ioctl32 ioc32;
2398 struct usbdevfs_ioctl ctrl;
2399
2400 if (copy_from_user(&ioc32, compat_ptr(arg), sizeof(ioc32)))
2401 return -EFAULT;
2402 ctrl.ifno = ioc32.ifno;
2403 ctrl.ioctl_code = ioc32.ioctl_code;
2404 ctrl.data = compat_ptr(ioc32.data);
2405 return proc_ioctl(ps, &ctrl);
2406 }
2407 #endif
2408
2409 static int proc_claim_port(struct usb_dev_state *ps, void __user *arg)
2410 {
2411 unsigned portnum;
2412 int rc;
2413
2414 if (get_user(portnum, (unsigned __user *) arg))
2415 return -EFAULT;
2416 rc = usb_hub_claim_port(ps->dev, portnum, ps);
2417 if (rc == 0)
2418 snoop(&ps->dev->dev, "port %d claimed by process %d: %s\n",
2419 portnum, task_pid_nr(current), current->comm);
2420 return rc;
2421 }
2422
2423 static int proc_release_port(struct usb_dev_state *ps, void __user *arg)
2424 {
2425 unsigned portnum;
2426
2427 if (get_user(portnum, (unsigned __user *) arg))
2428 return -EFAULT;
2429 return usb_hub_release_port(ps->dev, portnum, ps);
2430 }
2431
2432 static int proc_get_capabilities(struct usb_dev_state *ps, void __user *arg)
2433 {
2434 __u32 caps;
2435
2436 caps = USBDEVFS_CAP_ZERO_PACKET | USBDEVFS_CAP_NO_PACKET_SIZE_LIM |
2437 USBDEVFS_CAP_REAP_AFTER_DISCONNECT | USBDEVFS_CAP_MMAP |
2438 USBDEVFS_CAP_DROP_PRIVILEGES |
2439 USBDEVFS_CAP_CONNINFO_EX | MAYBE_CAP_SUSPEND;
2440 if (!ps->dev->bus->no_stop_on_short)
2441 caps |= USBDEVFS_CAP_BULK_CONTINUATION;
2442 if (ps->dev->bus->sg_tablesize)
2443 caps |= USBDEVFS_CAP_BULK_SCATTER_GATHER;
2444
2445 if (put_user(caps, (__u32 __user *)arg))
2446 return -EFAULT;
2447
2448 return 0;
2449 }
2450
2451 static int proc_disconnect_claim(struct usb_dev_state *ps, void __user *arg)
2452 {
2453 struct usbdevfs_disconnect_claim dc;
2454 struct usb_interface *intf;
2455
2456 if (copy_from_user(&dc, arg, sizeof(dc)))
2457 return -EFAULT;
2458
2459 intf = usb_ifnum_to_if(ps->dev, dc.interface);
2460 if (!intf)
2461 return -EINVAL;
2462
2463 if (intf->dev.driver) {
2464 struct usb_driver *driver = to_usb_driver(intf->dev.driver);
2465
2466 if (ps->privileges_dropped)
2467 return -EACCES;
2468
2469 if ((dc.flags & USBDEVFS_DISCONNECT_CLAIM_IF_DRIVER) &&
2470 strncmp(dc.driver, intf->dev.driver->name,
2471 sizeof(dc.driver)) != 0)
2472 return -EBUSY;
2473
2474 if ((dc.flags & USBDEVFS_DISCONNECT_CLAIM_EXCEPT_DRIVER) &&
2475 strncmp(dc.driver, intf->dev.driver->name,
2476 sizeof(dc.driver)) == 0)
2477 return -EBUSY;
2478
2479 dev_dbg(&intf->dev, "disconnect by usbfs\n");
2480 usb_driver_release_interface(driver, intf);
2481 }
2482
2483 return claimintf(ps, dc.interface);
2484 }
2485
2486 static int proc_alloc_streams(struct usb_dev_state *ps, void __user *arg)
2487 {
2488 unsigned num_streams, num_eps;
2489 struct usb_host_endpoint **eps;
2490 struct usb_interface *intf;
2491 int r;
2492
2493 r = parse_usbdevfs_streams(ps, arg, &num_streams, &num_eps,
2494 &eps, &intf);
2495 if (r)
2496 return r;
2497
2498 destroy_async_on_interface(ps,
2499 intf->altsetting[0].desc.bInterfaceNumber);
2500
2501 r = usb_alloc_streams(intf, eps, num_eps, num_streams, GFP_KERNEL);
2502 kfree(eps);
2503 return r;
2504 }
2505
2506 static int proc_free_streams(struct usb_dev_state *ps, void __user *arg)
2507 {
2508 unsigned num_eps;
2509 struct usb_host_endpoint **eps;
2510 struct usb_interface *intf;
2511 int r;
2512
2513 r = parse_usbdevfs_streams(ps, arg, NULL, &num_eps, &eps, &intf);
2514 if (r)
2515 return r;
2516
2517 destroy_async_on_interface(ps,
2518 intf->altsetting[0].desc.bInterfaceNumber);
2519
2520 r = usb_free_streams(intf, eps, num_eps, GFP_KERNEL);
2521 kfree(eps);
2522 return r;
2523 }
2524
2525 static int proc_drop_privileges(struct usb_dev_state *ps, void __user *arg)
2526 {
2527 u32 data;
2528
2529 if (copy_from_user(&data, arg, sizeof(data)))
2530 return -EFAULT;
2531
2532
2533
2534
2535
2536 ps->interface_allowed_mask &= data;
2537 ps->privileges_dropped = true;
2538
2539 return 0;
2540 }
2541
2542 static int proc_forbid_suspend(struct usb_dev_state *ps)
2543 {
2544 int ret = 0;
2545
2546 if (ps->suspend_allowed) {
2547 ret = usb_autoresume_device(ps->dev);
2548 if (ret == 0)
2549 ps->suspend_allowed = false;
2550 else if (ret != -ENODEV)
2551 ret = -EIO;
2552 }
2553 return ret;
2554 }
2555
2556 static int proc_allow_suspend(struct usb_dev_state *ps)
2557 {
2558 if (!connected(ps))
2559 return -ENODEV;
2560
2561 WRITE_ONCE(ps->not_yet_resumed, 1);
2562 if (!ps->suspend_allowed) {
2563 usb_autosuspend_device(ps->dev);
2564 ps->suspend_allowed = true;
2565 }
2566 return 0;
2567 }
2568
2569 static int proc_wait_for_resume(struct usb_dev_state *ps)
2570 {
2571 int ret;
2572
2573 usb_unlock_device(ps->dev);
2574 ret = wait_event_interruptible(ps->wait_for_resume,
2575 READ_ONCE(ps->not_yet_resumed) == 0);
2576 usb_lock_device(ps->dev);
2577
2578 if (ret != 0)
2579 return -EINTR;
2580 return proc_forbid_suspend(ps);
2581 }
2582
2583
2584
2585
2586
2587
2588 static long usbdev_do_ioctl(struct file *file, unsigned int cmd,
2589 void __user *p)
2590 {
2591 struct usb_dev_state *ps = file->private_data;
2592 struct inode *inode = file_inode(file);
2593 struct usb_device *dev = ps->dev;
2594 int ret = -ENOTTY;
2595
2596 if (!(file->f_mode & FMODE_WRITE))
2597 return -EPERM;
2598
2599 usb_lock_device(dev);
2600
2601
2602 switch (cmd) {
2603 case USBDEVFS_REAPURB:
2604 snoop(&dev->dev, "%s: REAPURB\n", __func__);
2605 ret = proc_reapurb(ps, p);
2606 goto done;
2607
2608 case USBDEVFS_REAPURBNDELAY:
2609 snoop(&dev->dev, "%s: REAPURBNDELAY\n", __func__);
2610 ret = proc_reapurbnonblock(ps, p);
2611 goto done;
2612
2613 #ifdef CONFIG_COMPAT
2614 case USBDEVFS_REAPURB32:
2615 snoop(&dev->dev, "%s: REAPURB32\n", __func__);
2616 ret = proc_reapurb_compat(ps, p);
2617 goto done;
2618
2619 case USBDEVFS_REAPURBNDELAY32:
2620 snoop(&dev->dev, "%s: REAPURBNDELAY32\n", __func__);
2621 ret = proc_reapurbnonblock_compat(ps, p);
2622 goto done;
2623 #endif
2624 }
2625
2626 if (!connected(ps)) {
2627 usb_unlock_device(dev);
2628 return -ENODEV;
2629 }
2630
2631 switch (cmd) {
2632 case USBDEVFS_CONTROL:
2633 snoop(&dev->dev, "%s: CONTROL\n", __func__);
2634 ret = proc_control(ps, p);
2635 if (ret >= 0)
2636 inode->i_mtime = current_time(inode);
2637 break;
2638
2639 case USBDEVFS_BULK:
2640 snoop(&dev->dev, "%s: BULK\n", __func__);
2641 ret = proc_bulk(ps, p);
2642 if (ret >= 0)
2643 inode->i_mtime = current_time(inode);
2644 break;
2645
2646 case USBDEVFS_RESETEP:
2647 snoop(&dev->dev, "%s: RESETEP\n", __func__);
2648 ret = proc_resetep(ps, p);
2649 if (ret >= 0)
2650 inode->i_mtime = current_time(inode);
2651 break;
2652
2653 case USBDEVFS_RESET:
2654 snoop(&dev->dev, "%s: RESET\n", __func__);
2655 ret = proc_resetdevice(ps);
2656 break;
2657
2658 case USBDEVFS_CLEAR_HALT:
2659 snoop(&dev->dev, "%s: CLEAR_HALT\n", __func__);
2660 ret = proc_clearhalt(ps, p);
2661 if (ret >= 0)
2662 inode->i_mtime = current_time(inode);
2663 break;
2664
2665 case USBDEVFS_GETDRIVER:
2666 snoop(&dev->dev, "%s: GETDRIVER\n", __func__);
2667 ret = proc_getdriver(ps, p);
2668 break;
2669
2670 case USBDEVFS_CONNECTINFO:
2671 snoop(&dev->dev, "%s: CONNECTINFO\n", __func__);
2672 ret = proc_connectinfo(ps, p);
2673 break;
2674
2675 case USBDEVFS_SETINTERFACE:
2676 snoop(&dev->dev, "%s: SETINTERFACE\n", __func__);
2677 ret = proc_setintf(ps, p);
2678 break;
2679
2680 case USBDEVFS_SETCONFIGURATION:
2681 snoop(&dev->dev, "%s: SETCONFIGURATION\n", __func__);
2682 ret = proc_setconfig(ps, p);
2683 break;
2684
2685 case USBDEVFS_SUBMITURB:
2686 snoop(&dev->dev, "%s: SUBMITURB\n", __func__);
2687 ret = proc_submiturb(ps, p);
2688 if (ret >= 0)
2689 inode->i_mtime = current_time(inode);
2690 break;
2691
2692 #ifdef CONFIG_COMPAT
2693 case USBDEVFS_CONTROL32:
2694 snoop(&dev->dev, "%s: CONTROL32\n", __func__);
2695 ret = proc_control_compat(ps, p);
2696 if (ret >= 0)
2697 inode->i_mtime = current_time(inode);
2698 break;
2699
2700 case USBDEVFS_BULK32:
2701 snoop(&dev->dev, "%s: BULK32\n", __func__);
2702 ret = proc_bulk_compat(ps, p);
2703 if (ret >= 0)
2704 inode->i_mtime = current_time(inode);
2705 break;
2706
2707 case USBDEVFS_DISCSIGNAL32:
2708 snoop(&dev->dev, "%s: DISCSIGNAL32\n", __func__);
2709 ret = proc_disconnectsignal_compat(ps, p);
2710 break;
2711
2712 case USBDEVFS_SUBMITURB32:
2713 snoop(&dev->dev, "%s: SUBMITURB32\n", __func__);
2714 ret = proc_submiturb_compat(ps, p);
2715 if (ret >= 0)
2716 inode->i_mtime = current_time(inode);
2717 break;
2718
2719 case USBDEVFS_IOCTL32:
2720 snoop(&dev->dev, "%s: IOCTL32\n", __func__);
2721 ret = proc_ioctl_compat(ps, ptr_to_compat(p));
2722 break;
2723 #endif
2724
2725 case USBDEVFS_DISCARDURB:
2726 snoop(&dev->dev, "%s: DISCARDURB %px\n", __func__, p);
2727 ret = proc_unlinkurb(ps, p);
2728 break;
2729
2730 case USBDEVFS_DISCSIGNAL:
2731 snoop(&dev->dev, "%s: DISCSIGNAL\n", __func__);
2732 ret = proc_disconnectsignal(ps, p);
2733 break;
2734
2735 case USBDEVFS_CLAIMINTERFACE:
2736 snoop(&dev->dev, "%s: CLAIMINTERFACE\n", __func__);
2737 ret = proc_claiminterface(ps, p);
2738 break;
2739
2740 case USBDEVFS_RELEASEINTERFACE:
2741 snoop(&dev->dev, "%s: RELEASEINTERFACE\n", __func__);
2742 ret = proc_releaseinterface(ps, p);
2743 break;
2744
2745 case USBDEVFS_IOCTL:
2746 snoop(&dev->dev, "%s: IOCTL\n", __func__);
2747 ret = proc_ioctl_default(ps, p);
2748 break;
2749
2750 case USBDEVFS_CLAIM_PORT:
2751 snoop(&dev->dev, "%s: CLAIM_PORT\n", __func__);
2752 ret = proc_claim_port(ps, p);
2753 break;
2754
2755 case USBDEVFS_RELEASE_PORT:
2756 snoop(&dev->dev, "%s: RELEASE_PORT\n", __func__);
2757 ret = proc_release_port(ps, p);
2758 break;
2759 case USBDEVFS_GET_CAPABILITIES:
2760 ret = proc_get_capabilities(ps, p);
2761 break;
2762 case USBDEVFS_DISCONNECT_CLAIM:
2763 ret = proc_disconnect_claim(ps, p);
2764 break;
2765 case USBDEVFS_ALLOC_STREAMS:
2766 ret = proc_alloc_streams(ps, p);
2767 break;
2768 case USBDEVFS_FREE_STREAMS:
2769 ret = proc_free_streams(ps, p);
2770 break;
2771 case USBDEVFS_DROP_PRIVILEGES:
2772 ret = proc_drop_privileges(ps, p);
2773 break;
2774 case USBDEVFS_GET_SPEED:
2775 ret = ps->dev->speed;
2776 break;
2777 case USBDEVFS_FORBID_SUSPEND:
2778 ret = proc_forbid_suspend(ps);
2779 break;
2780 case USBDEVFS_ALLOW_SUSPEND:
2781 ret = proc_allow_suspend(ps);
2782 break;
2783 case USBDEVFS_WAIT_FOR_RESUME:
2784 ret = proc_wait_for_resume(ps);
2785 break;
2786 }
2787
2788
2789 switch (cmd & ~IOCSIZE_MASK) {
2790 case USBDEVFS_CONNINFO_EX(0):
2791 ret = proc_conninfo_ex(ps, p, _IOC_SIZE(cmd));
2792 break;
2793 }
2794
2795 done:
2796 usb_unlock_device(dev);
2797 if (ret >= 0)
2798 inode->i_atime = current_time(inode);
2799 return ret;
2800 }
2801
2802 static long usbdev_ioctl(struct file *file, unsigned int cmd,
2803 unsigned long arg)
2804 {
2805 int ret;
2806
2807 ret = usbdev_do_ioctl(file, cmd, (void __user *)arg);
2808
2809 return ret;
2810 }
2811
2812
2813 static __poll_t usbdev_poll(struct file *file,
2814 struct poll_table_struct *wait)
2815 {
2816 struct usb_dev_state *ps = file->private_data;
2817 __poll_t mask = 0;
2818
2819 poll_wait(file, &ps->wait, wait);
2820 if (file->f_mode & FMODE_WRITE && !list_empty(&ps->async_completed))
2821 mask |= EPOLLOUT | EPOLLWRNORM;
2822 if (!connected(ps))
2823 mask |= EPOLLHUP;
2824 if (list_empty(&ps->list))
2825 mask |= EPOLLERR;
2826 return mask;
2827 }
2828
2829 const struct file_operations usbdev_file_operations = {
2830 .owner = THIS_MODULE,
2831 .llseek = no_seek_end_llseek,
2832 .read = usbdev_read,
2833 .poll = usbdev_poll,
2834 .unlocked_ioctl = usbdev_ioctl,
2835 .compat_ioctl = compat_ptr_ioctl,
2836 .mmap = usbdev_mmap,
2837 .open = usbdev_open,
2838 .release = usbdev_release,
2839 };
2840
2841 static void usbdev_remove(struct usb_device *udev)
2842 {
2843 struct usb_dev_state *ps;
2844
2845
2846 mutex_lock(&usbfs_mutex);
2847 while (!list_empty(&udev->filelist)) {
2848 ps = list_entry(udev->filelist.next, struct usb_dev_state, list);
2849 destroy_all_async(ps);
2850 wake_up_all(&ps->wait);
2851 WRITE_ONCE(ps->not_yet_resumed, 0);
2852 wake_up_all(&ps->wait_for_resume);
2853 list_del_init(&ps->list);
2854 if (ps->discsignr)
2855 kill_pid_usb_asyncio(ps->discsignr, EPIPE, ps->disccontext,
2856 ps->disc_pid, ps->cred);
2857 }
2858 mutex_unlock(&usbfs_mutex);
2859 }
2860
2861 static int usbdev_notify(struct notifier_block *self,
2862 unsigned long action, void *dev)
2863 {
2864 switch (action) {
2865 case USB_DEVICE_ADD:
2866 break;
2867 case USB_DEVICE_REMOVE:
2868 usbdev_remove(dev);
2869 break;
2870 }
2871 return NOTIFY_OK;
2872 }
2873
2874 static struct notifier_block usbdev_nb = {
2875 .notifier_call = usbdev_notify,
2876 };
2877
2878 static struct cdev usb_device_cdev;
2879
2880 int __init usb_devio_init(void)
2881 {
2882 int retval;
2883
2884 retval = register_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX,
2885 "usb_device");
2886 if (retval) {
2887 printk(KERN_ERR "Unable to register minors for usb_device\n");
2888 goto out;
2889 }
2890 cdev_init(&usb_device_cdev, &usbdev_file_operations);
2891 retval = cdev_add(&usb_device_cdev, USB_DEVICE_DEV, USB_DEVICE_MAX);
2892 if (retval) {
2893 printk(KERN_ERR "Unable to get usb_device major %d\n",
2894 USB_DEVICE_MAJOR);
2895 goto error_cdev;
2896 }
2897 usb_register_notify(&usbdev_nb);
2898 out:
2899 return retval;
2900
2901 error_cdev:
2902 unregister_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX);
2903 goto out;
2904 }
2905
2906 void usb_devio_cleanup(void)
2907 {
2908 usb_unregister_notify(&usbdev_nb);
2909 cdev_del(&usb_device_cdev);
2910 unregister_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX);
2911 }
