1 // SPDX-License-Identifier: GPL-2.0+
2 /*****************************************************************************/
5 * devio.c -- User space communication with USB devices.
7 * Copyright (C) 1999-2000 Thomas Sailer (sailer@ife.ee.ethz.ch)
9 * This file implements the usbfs/x/y files, where
10 * x is the bus number and y the device number.
12 * It allows user space programs/"drivers" to communicate directly
13 * with USB devices without intervening kernel driver.
16 * 22.12.1999 0.1 Initial release (split from proc_usb.c)
17 * 04.01.2000 0.2 Turned into its own filesystem
18 * 30.09.2005 0.3 Fix user-triggerable oops in async URB delivery
22 /*****************************************************************************/
26 #include <linux/sched/signal.h>
27 #include <linux/slab.h>
28 #include <linux/signal.h>
29 #include <linux/poll.h>
30 #include <linux/module.h>
31 #include <linux/string.h>
32 #include <linux/usb.h>
33 #include <linux/usbdevice_fs.h>
34 #include <linux/usb/hcd.h> /* for usbcore internals */
35 #include <linux/usb/quirks.h>
36 #include <linux/cdev.h>
37 #include <linux/notifier.h>
38 #include <linux/security.h>
39 #include <linux/user_namespace.h>
40 #include <linux/scatterlist.h>
41 #include <linux/uaccess.h>
42 #include <linux/dma-mapping.h>
43 #include <asm/byteorder.h>
44 #include <linux/moduleparam.h>
49 #define MAYBE_CAP_SUSPEND USBDEVFS_CAP_SUSPEND
51 #define MAYBE_CAP_SUSPEND 0
55 #define USB_DEVICE_MAX (USB_MAXBUS * 128)
56 #define USB_SG_SIZE 16384 /* split-size for large txs */
58 /* Mutual exclusion for ps->list in resume vs. release and remove */
59 static DEFINE_MUTEX(usbfs_mutex);
61 struct usb_dev_state {
62 struct list_head list; /* state list */
63 struct usb_device *dev;
65 spinlock_t lock; /* protects the async urb lists */
66 struct list_head async_pending;
67 struct list_head async_completed;
68 struct list_head memory_list;
69 wait_queue_head_t wait; /* wake up if a request completed */
70 wait_queue_head_t wait_for_resume; /* wake up upon runtime resume */
71 unsigned int discsignr;
73 const struct cred *cred;
75 unsigned long ifclaimed;
76 u32 disabled_bulk_eps;
77 unsigned long interface_allowed_mask;
80 bool privileges_dropped;
84 struct list_head memlist;
89 dma_addr_t dma_handle;
90 unsigned long vm_start;
91 struct usb_dev_state *ps;
95 struct list_head asynclist;
96 struct usb_dev_state *ps;
98 const struct cred *cred;
101 void __user *userbuffer;
102 void __user *userurb;
103 sigval_t userurb_sigval;
105 struct usb_memory *usbm;
106 unsigned int mem_usage;
112 static bool usbfs_snoop;
113 module_param(usbfs_snoop, bool, S_IRUGO | S_IWUSR);
114 MODULE_PARM_DESC(usbfs_snoop, "true to log all usbfs traffic");
116 static unsigned usbfs_snoop_max = 65536;
117 module_param(usbfs_snoop_max, uint, S_IRUGO | S_IWUSR);
118 MODULE_PARM_DESC(usbfs_snoop_max,
119 "maximum number of bytes to print while snooping");
121 #define snoop(dev, format, arg...) \
124 dev_info(dev, format, ## arg); \
131 #define USB_DEVICE_DEV MKDEV(USB_DEVICE_MAJOR, 0)
133 /* Limit on the total amount of memory we can allocate for transfers */
134 static u32 usbfs_memory_mb = 16;
135 module_param(usbfs_memory_mb, uint, 0644);
136 MODULE_PARM_DESC(usbfs_memory_mb,
137 "maximum MB allowed for usbfs buffers (0 = no limit)");
139 /* Hard limit, necessary to avoid arithmetic overflow */
140 #define USBFS_XFER_MAX (UINT_MAX / 2 - 1000000)
142 static DEFINE_SPINLOCK(usbfs_memory_usage_lock);
143 static u64 usbfs_memory_usage; /* Total memory currently allocated */
145 /* Check whether it's okay to allocate more memory for a transfer */
146 static int usbfs_increase_memory_usage(u64 amount)
152 lim = READ_ONCE(usbfs_memory_mb);
156 spin_lock_irqsave(&usbfs_memory_usage_lock, flags);
157 total_mem = usbfs_memory_usage + amount;
158 if (lim > 0 && total_mem > lim)
161 usbfs_memory_usage = total_mem;
162 spin_unlock_irqrestore(&usbfs_memory_usage_lock, flags);
167 /* Memory for a transfer is being deallocated */
168 static void usbfs_decrease_memory_usage(u64 amount)
172 spin_lock_irqsave(&usbfs_memory_usage_lock, flags);
173 if (amount > usbfs_memory_usage)
174 usbfs_memory_usage = 0;
176 usbfs_memory_usage -= amount;
177 spin_unlock_irqrestore(&usbfs_memory_usage_lock, flags);
180 static int connected(struct usb_dev_state *ps)
182 return (!list_empty(&ps->list) &&
183 ps->dev->state != USB_STATE_NOTATTACHED);
186 static void dec_usb_memory_use_count(struct usb_memory *usbm, int *count)
188 struct usb_dev_state *ps = usbm->ps;
189 struct usb_hcd *hcd = bus_to_hcd(ps->dev->bus);
192 spin_lock_irqsave(&ps->lock, flags);
194 if (usbm->urb_use_count == 0 && usbm->vma_use_count == 0) {
195 list_del(&usbm->memlist);
196 spin_unlock_irqrestore(&ps->lock, flags);
198 hcd_buffer_free_pages(hcd, usbm->size,
199 usbm->mem, usbm->dma_handle);
200 usbfs_decrease_memory_usage(
201 usbm->size + sizeof(struct usb_memory));
204 spin_unlock_irqrestore(&ps->lock, flags);
208 static void usbdev_vm_open(struct vm_area_struct *vma)
210 struct usb_memory *usbm = vma->vm_private_data;
213 spin_lock_irqsave(&usbm->ps->lock, flags);
214 ++usbm->vma_use_count;
215 spin_unlock_irqrestore(&usbm->ps->lock, flags);
218 static void usbdev_vm_close(struct vm_area_struct *vma)
220 struct usb_memory *usbm = vma->vm_private_data;
222 dec_usb_memory_use_count(usbm, &usbm->vma_use_count);
225 static const struct vm_operations_struct usbdev_vm_ops = {
226 .open = usbdev_vm_open,
227 .close = usbdev_vm_close
230 static int usbdev_mmap(struct file *file, struct vm_area_struct *vma)
232 struct usb_memory *usbm = NULL;
233 struct usb_dev_state *ps = file->private_data;
234 struct usb_hcd *hcd = bus_to_hcd(ps->dev->bus);
235 size_t size = vma->vm_end - vma->vm_start;
238 dma_addr_t dma_handle = DMA_MAPPING_ERROR;
241 ret = usbfs_increase_memory_usage(size + sizeof(struct usb_memory));
245 usbm = kzalloc(sizeof(struct usb_memory), GFP_KERNEL);
248 goto error_decrease_mem;
251 mem = hcd_buffer_alloc_pages(hcd,
252 size, GFP_USER | __GFP_NOWARN, &dma_handle);
255 goto error_free_usbm;
258 memset(mem, 0, size);
261 usbm->dma_handle = dma_handle;
264 usbm->vm_start = vma->vm_start;
265 usbm->vma_use_count = 1;
266 INIT_LIST_HEAD(&usbm->memlist);
269 * In DMA-unavailable cases, hcd_buffer_alloc_pages allocates
270 * normal pages and assigns DMA_MAPPING_ERROR to dma_handle. Check
271 * whether we are in such cases, and then use remap_pfn_range (or
272 * dma_mmap_coherent) to map normal (or DMA) pages into the user
273 * space, respectively.
275 if (dma_handle == DMA_MAPPING_ERROR) {
276 if (remap_pfn_range(vma, vma->vm_start,
277 virt_to_phys(usbm->mem) >> PAGE_SHIFT,
278 size, vma->vm_page_prot) < 0) {
279 dec_usb_memory_use_count(usbm, &usbm->vma_use_count);
283 if (dma_mmap_coherent(hcd->self.sysdev, vma, mem, dma_handle,
285 dec_usb_memory_use_count(usbm, &usbm->vma_use_count);
290 vm_flags_set(vma, VM_IO | VM_DONTEXPAND | VM_DONTDUMP);
291 vma->vm_ops = &usbdev_vm_ops;
292 vma->vm_private_data = usbm;
294 spin_lock_irqsave(&ps->lock, flags);
295 list_add_tail(&usbm->memlist, &ps->memory_list);
296 spin_unlock_irqrestore(&ps->lock, flags);
303 usbfs_decrease_memory_usage(size + sizeof(struct usb_memory));
308 static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes,
311 struct usb_dev_state *ps = file->private_data;
312 struct usb_device *dev = ps->dev;
319 usb_lock_device(dev);
320 if (!connected(ps)) {
323 } else if (pos < 0) {
328 if (pos < sizeof(struct usb_device_descriptor)) {
329 /* 18 bytes - fits on the stack */
330 struct usb_device_descriptor temp_desc;
332 memcpy(&temp_desc, &dev->descriptor, sizeof(dev->descriptor));
333 le16_to_cpus(&temp_desc.bcdUSB);
334 le16_to_cpus(&temp_desc.idVendor);
335 le16_to_cpus(&temp_desc.idProduct);
336 le16_to_cpus(&temp_desc.bcdDevice);
338 len = sizeof(struct usb_device_descriptor) - pos;
341 if (copy_to_user(buf, ((char *)&temp_desc) + pos, len)) {
352 pos = sizeof(struct usb_device_descriptor);
353 for (i = 0; nbytes && i < dev->descriptor.bNumConfigurations; i++) {
354 struct usb_config_descriptor *config =
355 (struct usb_config_descriptor *)dev->rawdescriptors[i];
356 unsigned int length = le16_to_cpu(config->wTotalLength);
358 if (*ppos < pos + length) {
360 /* The descriptor may claim to be longer than it
361 * really is. Here is the actual allocated length. */
363 le16_to_cpu(dev->config[i].desc.wTotalLength);
365 len = length - (*ppos - pos);
369 /* Simply don't write (skip over) unallocated parts */
370 if (alloclen > (*ppos - pos)) {
371 alloclen -= (*ppos - pos);
372 if (copy_to_user(buf,
373 dev->rawdescriptors[i] + (*ppos - pos),
374 min(len, alloclen))) {
390 usb_unlock_device(dev);
395 * async list handling
398 static struct async *alloc_async(unsigned int numisoframes)
402 as = kzalloc(sizeof(struct async), GFP_KERNEL);
405 as->urb = usb_alloc_urb(numisoframes, GFP_KERNEL);
413 static void free_async(struct async *as)
420 for (i = 0; i < as->urb->num_sgs; i++) {
421 if (sg_page(&as->urb->sg[i]))
422 kfree(sg_virt(&as->urb->sg[i]));
426 if (as->usbm == NULL)
427 kfree(as->urb->transfer_buffer);
429 dec_usb_memory_use_count(as->usbm, &as->usbm->urb_use_count);
431 kfree(as->urb->setup_packet);
432 usb_free_urb(as->urb);
433 usbfs_decrease_memory_usage(as->mem_usage);
437 static void async_newpending(struct async *as)
439 struct usb_dev_state *ps = as->ps;
442 spin_lock_irqsave(&ps->lock, flags);
443 list_add_tail(&as->asynclist, &ps->async_pending);
444 spin_unlock_irqrestore(&ps->lock, flags);
447 static void async_removepending(struct async *as)
449 struct usb_dev_state *ps = as->ps;
452 spin_lock_irqsave(&ps->lock, flags);
453 list_del_init(&as->asynclist);
454 spin_unlock_irqrestore(&ps->lock, flags);
457 static struct async *async_getcompleted(struct usb_dev_state *ps)
460 struct async *as = NULL;
462 spin_lock_irqsave(&ps->lock, flags);
463 if (!list_empty(&ps->async_completed)) {
464 as = list_entry(ps->async_completed.next, struct async,
466 list_del_init(&as->asynclist);
468 spin_unlock_irqrestore(&ps->lock, flags);
472 static struct async *async_getpending(struct usb_dev_state *ps,
473 void __user *userurb)
477 list_for_each_entry(as, &ps->async_pending, asynclist)
478 if (as->userurb == userurb) {
479 list_del_init(&as->asynclist);
486 static void snoop_urb(struct usb_device *udev,
487 void __user *userurb, int pipe, unsigned length,
488 int timeout_or_status, enum snoop_when when,
489 unsigned char *data, unsigned data_len)
491 static const char *types[] = {"isoc", "int", "ctrl", "bulk"};
492 static const char *dirs[] = {"out", "in"};
499 ep = usb_pipeendpoint(pipe);
500 t = types[usb_pipetype(pipe)];
501 d = dirs[!!usb_pipein(pipe)];
503 if (userurb) { /* Async */
505 dev_info(&udev->dev, "userurb %px, ep%d %s-%s, "
507 userurb, ep, t, d, length);
509 dev_info(&udev->dev, "userurb %px, ep%d %s-%s, "
510 "actual_length %u status %d\n",
511 userurb, ep, t, d, length,
515 dev_info(&udev->dev, "ep%d %s-%s, length %u, "
517 ep, t, d, length, timeout_or_status);
519 dev_info(&udev->dev, "ep%d %s-%s, actual_length %u, "
521 ep, t, d, length, timeout_or_status);
524 data_len = min(data_len, usbfs_snoop_max);
525 if (data && data_len > 0) {
526 print_hex_dump(KERN_DEBUG, "data: ", DUMP_PREFIX_NONE, 32, 1,
531 static void snoop_urb_data(struct urb *urb, unsigned len)
535 len = min(len, usbfs_snoop_max);
536 if (!usbfs_snoop || len == 0)
539 if (urb->num_sgs == 0) {
540 print_hex_dump(KERN_DEBUG, "data: ", DUMP_PREFIX_NONE, 32, 1,
541 urb->transfer_buffer, len, 1);
545 for (i = 0; i < urb->num_sgs && len; i++) {
546 size = (len > USB_SG_SIZE) ? USB_SG_SIZE : len;
547 print_hex_dump(KERN_DEBUG, "data: ", DUMP_PREFIX_NONE, 32, 1,
548 sg_virt(&urb->sg[i]), size, 1);
553 static int copy_urb_data_to_user(u8 __user *userbuffer, struct urb *urb)
555 unsigned i, len, size;
557 if (urb->number_of_packets > 0) /* Isochronous */
558 len = urb->transfer_buffer_length;
560 len = urb->actual_length;
562 if (urb->num_sgs == 0) {
563 if (copy_to_user(userbuffer, urb->transfer_buffer, len))
568 for (i = 0; i < urb->num_sgs && len; i++) {
569 size = (len > USB_SG_SIZE) ? USB_SG_SIZE : len;
570 if (copy_to_user(userbuffer, sg_virt(&urb->sg[i]), size))
579 #define AS_CONTINUATION 1
582 static void cancel_bulk_urbs(struct usb_dev_state *ps, unsigned bulk_addr)
589 /* Mark all the pending URBs that match bulk_addr, up to but not
590 * including the first one without AS_CONTINUATION. If such an
591 * URB is encountered then a new transfer has already started so
592 * the endpoint doesn't need to be disabled; otherwise it does.
594 list_for_each_entry(as, &ps->async_pending, asynclist) {
595 if (as->bulk_addr == bulk_addr) {
596 if (as->bulk_status != AS_CONTINUATION)
598 as->bulk_status = AS_UNLINK;
602 ps->disabled_bulk_eps |= (1 << bulk_addr);
604 /* Now carefully unlink all the marked pending URBs */
606 list_for_each_entry_reverse(as, &ps->async_pending, asynclist) {
607 if (as->bulk_status == AS_UNLINK) {
608 as->bulk_status = 0; /* Only once */
611 spin_unlock(&ps->lock); /* Allow completions */
614 spin_lock(&ps->lock);
620 static void async_completed(struct urb *urb)
622 struct async *as = urb->context;
623 struct usb_dev_state *ps = as->ps;
624 struct pid *pid = NULL;
625 const struct cred *cred = NULL;
630 spin_lock_irqsave(&ps->lock, flags);
631 list_move_tail(&as->asynclist, &ps->async_completed);
632 as->status = urb->status;
636 addr = as->userurb_sigval;
637 pid = get_pid(as->pid);
638 cred = get_cred(as->cred);
640 snoop(&urb->dev->dev, "urb complete\n");
641 snoop_urb(urb->dev, as->userurb, urb->pipe, urb->actual_length,
642 as->status, COMPLETE, NULL, 0);
643 if (usb_urb_dir_in(urb))
644 snoop_urb_data(urb, urb->actual_length);
646 if (as->status < 0 && as->bulk_addr && as->status != -ECONNRESET &&
647 as->status != -ENOENT)
648 cancel_bulk_urbs(ps, as->bulk_addr);
651 spin_unlock_irqrestore(&ps->lock, flags);
654 kill_pid_usb_asyncio(signr, errno, addr, pid, cred);
660 static void destroy_async(struct usb_dev_state *ps, struct list_head *list)
666 spin_lock_irqsave(&ps->lock, flags);
667 while (!list_empty(list)) {
668 as = list_last_entry(list, struct async, asynclist);
669 list_del_init(&as->asynclist);
673 /* drop the spinlock so the completion handler can run */
674 spin_unlock_irqrestore(&ps->lock, flags);
677 spin_lock_irqsave(&ps->lock, flags);
679 spin_unlock_irqrestore(&ps->lock, flags);
682 static void destroy_async_on_interface(struct usb_dev_state *ps,
685 struct list_head *p, *q, hitlist;
688 INIT_LIST_HEAD(&hitlist);
689 spin_lock_irqsave(&ps->lock, flags);
690 list_for_each_safe(p, q, &ps->async_pending)
691 if (ifnum == list_entry(p, struct async, asynclist)->ifnum)
692 list_move_tail(p, &hitlist);
693 spin_unlock_irqrestore(&ps->lock, flags);
694 destroy_async(ps, &hitlist);
697 static void destroy_all_async(struct usb_dev_state *ps)
699 destroy_async(ps, &ps->async_pending);
703 * interface claims are made only at the request of user level code,
704 * which can also release them (explicitly or by closing files).
705 * they're also undone when devices disconnect.
708 static int driver_probe(struct usb_interface *intf,
709 const struct usb_device_id *id)
714 static void driver_disconnect(struct usb_interface *intf)
716 struct usb_dev_state *ps = usb_get_intfdata(intf);
717 unsigned int ifnum = intf->altsetting->desc.bInterfaceNumber;
722 /* NOTE: this relies on usbcore having canceled and completed
723 * all pending I/O requests; 2.6 does that.
726 if (likely(ifnum < 8*sizeof(ps->ifclaimed)))
727 clear_bit(ifnum, &ps->ifclaimed);
729 dev_warn(&intf->dev, "interface number %u out of range\n",
732 usb_set_intfdata(intf, NULL);
734 /* force async requests to complete */
735 destroy_async_on_interface(ps, ifnum);
738 /* We don't care about suspend/resume of claimed interfaces */
739 static int driver_suspend(struct usb_interface *intf, pm_message_t msg)
744 static int driver_resume(struct usb_interface *intf)
749 /* The following routines apply to the entire device, not interfaces */
750 void usbfs_notify_suspend(struct usb_device *udev)
752 /* We don't need to handle this */
755 void usbfs_notify_resume(struct usb_device *udev)
757 struct usb_dev_state *ps;
759 /* Protect against simultaneous remove or release */
760 mutex_lock(&usbfs_mutex);
761 list_for_each_entry(ps, &udev->filelist, list) {
762 WRITE_ONCE(ps->not_yet_resumed, 0);
763 wake_up_all(&ps->wait_for_resume);
765 mutex_unlock(&usbfs_mutex);
768 struct usb_driver usbfs_driver = {
770 .probe = driver_probe,
771 .disconnect = driver_disconnect,
772 .suspend = driver_suspend,
773 .resume = driver_resume,
774 .supports_autosuspend = 1,
777 static int claimintf(struct usb_dev_state *ps, unsigned int ifnum)
779 struct usb_device *dev = ps->dev;
780 struct usb_interface *intf;
783 if (ifnum >= 8*sizeof(ps->ifclaimed))
785 /* already claimed */
786 if (test_bit(ifnum, &ps->ifclaimed))
789 if (ps->privileges_dropped &&
790 !test_bit(ifnum, &ps->interface_allowed_mask))
793 intf = usb_ifnum_to_if(dev, ifnum);
797 unsigned int old_suppress;
799 /* suppress uevents while claiming interface */
800 old_suppress = dev_get_uevent_suppress(&intf->dev);
801 dev_set_uevent_suppress(&intf->dev, 1);
802 err = usb_driver_claim_interface(&usbfs_driver, intf, ps);
803 dev_set_uevent_suppress(&intf->dev, old_suppress);
806 set_bit(ifnum, &ps->ifclaimed);
810 static int releaseintf(struct usb_dev_state *ps, unsigned int ifnum)
812 struct usb_device *dev;
813 struct usb_interface *intf;
817 if (ifnum >= 8*sizeof(ps->ifclaimed))
820 intf = usb_ifnum_to_if(dev, ifnum);
823 else if (test_and_clear_bit(ifnum, &ps->ifclaimed)) {
824 unsigned int old_suppress;
826 /* suppress uevents while releasing interface */
827 old_suppress = dev_get_uevent_suppress(&intf->dev);
828 dev_set_uevent_suppress(&intf->dev, 1);
829 usb_driver_release_interface(&usbfs_driver, intf);
830 dev_set_uevent_suppress(&intf->dev, old_suppress);
836 static int checkintf(struct usb_dev_state *ps, unsigned int ifnum)
838 if (ps->dev->state != USB_STATE_CONFIGURED)
839 return -EHOSTUNREACH;
840 if (ifnum >= 8*sizeof(ps->ifclaimed))
842 if (test_bit(ifnum, &ps->ifclaimed))
844 /* if not yet claimed, claim it for the driver */
845 dev_warn(&ps->dev->dev, "usbfs: process %d (%s) did not claim "
846 "interface %u before use\n", task_pid_nr(current),
847 current->comm, ifnum);
848 return claimintf(ps, ifnum);
851 static int findintfep(struct usb_device *dev, unsigned int ep)
853 unsigned int i, j, e;
854 struct usb_interface *intf;
855 struct usb_host_interface *alts;
856 struct usb_endpoint_descriptor *endpt;
858 if (ep & ~(USB_DIR_IN|0xf))
862 for (i = 0; i < dev->actconfig->desc.bNumInterfaces; i++) {
863 intf = dev->actconfig->interface[i];
864 for (j = 0; j < intf->num_altsetting; j++) {
865 alts = &intf->altsetting[j];
866 for (e = 0; e < alts->desc.bNumEndpoints; e++) {
867 endpt = &alts->endpoint[e].desc;
868 if (endpt->bEndpointAddress == ep)
869 return alts->desc.bInterfaceNumber;
876 static int check_ctrlrecip(struct usb_dev_state *ps, unsigned int requesttype,
877 unsigned int request, unsigned int index)
880 struct usb_host_interface *alt_setting;
882 if (ps->dev->state != USB_STATE_UNAUTHENTICATED
883 && ps->dev->state != USB_STATE_ADDRESS
884 && ps->dev->state != USB_STATE_CONFIGURED)
885 return -EHOSTUNREACH;
886 if (USB_TYPE_VENDOR == (USB_TYPE_MASK & requesttype))
890 * check for the special corner case 'get_device_id' in the printer
891 * class specification, which we always want to allow as it is used
892 * to query things like ink level, etc.
894 if (requesttype == 0xa1 && request == 0) {
895 alt_setting = usb_find_alt_setting(ps->dev->actconfig,
896 index >> 8, index & 0xff);
898 && alt_setting->desc.bInterfaceClass == USB_CLASS_PRINTER)
903 switch (requesttype & USB_RECIP_MASK) {
904 case USB_RECIP_ENDPOINT:
905 if ((index & ~USB_DIR_IN) == 0)
907 ret = findintfep(ps->dev, index);
910 * Some not fully compliant Win apps seem to get
911 * index wrong and have the endpoint number here
912 * rather than the endpoint address (with the
913 * correct direction). Win does let this through,
914 * so we'll not reject it here but leave it to
915 * the device to not break KVM. But we warn.
917 ret = findintfep(ps->dev, index ^ 0x80);
919 dev_info(&ps->dev->dev,
920 "%s: process %i (%s) requesting ep %02x but needs %02x\n",
921 __func__, task_pid_nr(current),
922 current->comm, index, index ^ 0x80);
925 ret = checkintf(ps, ret);
928 case USB_RECIP_INTERFACE:
929 ret = checkintf(ps, index);
935 static struct usb_host_endpoint *ep_to_host_endpoint(struct usb_device *dev,
938 if (ep & USB_ENDPOINT_DIR_MASK)
939 return dev->ep_in[ep & USB_ENDPOINT_NUMBER_MASK];
941 return dev->ep_out[ep & USB_ENDPOINT_NUMBER_MASK];
944 static int parse_usbdevfs_streams(struct usb_dev_state *ps,
945 struct usbdevfs_streams __user *streams,
946 unsigned int *num_streams_ret,
947 unsigned int *num_eps_ret,
948 struct usb_host_endpoint ***eps_ret,
949 struct usb_interface **intf_ret)
951 unsigned int i, num_streams, num_eps;
952 struct usb_host_endpoint **eps;
953 struct usb_interface *intf = NULL;
957 if (get_user(num_streams, &streams->num_streams) ||
958 get_user(num_eps, &streams->num_eps))
961 if (num_eps < 1 || num_eps > USB_MAXENDPOINTS)
964 /* The XHCI controller allows max 2 ^ 16 streams */
965 if (num_streams_ret && (num_streams < 2 || num_streams > 65536))
968 eps = kmalloc_array(num_eps, sizeof(*eps), GFP_KERNEL);
972 for (i = 0; i < num_eps; i++) {
973 if (get_user(ep, &streams->eps[i])) {
977 eps[i] = ep_to_host_endpoint(ps->dev, ep);
983 /* usb_alloc/free_streams operate on an usb_interface */
984 ifnum = findintfep(ps->dev, ep);
991 ret = checkintf(ps, ifnum);
994 intf = usb_ifnum_to_if(ps->dev, ifnum);
996 /* Verify all eps belong to the same interface */
997 if (ifnum != intf->altsetting->desc.bInterfaceNumber) {
1004 if (num_streams_ret)
1005 *num_streams_ret = num_streams;
1006 *num_eps_ret = num_eps;
1017 static struct usb_device *usbdev_lookup_by_devt(dev_t devt)
1021 dev = bus_find_device_by_devt(&usb_bus_type, devt);
1024 return to_usb_device(dev);
1030 static int usbdev_open(struct inode *inode, struct file *file)
1032 struct usb_device *dev = NULL;
1033 struct usb_dev_state *ps;
1037 ps = kzalloc(sizeof(struct usb_dev_state), GFP_KERNEL);
1043 /* usbdev device-node */
1044 if (imajor(inode) == USB_DEVICE_MAJOR)
1045 dev = usbdev_lookup_by_devt(inode->i_rdev);
1049 usb_lock_device(dev);
1050 if (dev->state == USB_STATE_NOTATTACHED)
1051 goto out_unlock_device;
1053 ret = usb_autoresume_device(dev);
1055 goto out_unlock_device;
1059 ps->interface_allowed_mask = 0xFFFFFFFF; /* 32 bits */
1060 spin_lock_init(&ps->lock);
1061 INIT_LIST_HEAD(&ps->list);
1062 INIT_LIST_HEAD(&ps->async_pending);
1063 INIT_LIST_HEAD(&ps->async_completed);
1064 INIT_LIST_HEAD(&ps->memory_list);
1065 init_waitqueue_head(&ps->wait);
1066 init_waitqueue_head(&ps->wait_for_resume);
1067 ps->disc_pid = get_pid(task_pid(current));
1068 ps->cred = get_current_cred();
1071 /* Can't race with resume; the device is already active */
1072 list_add_tail(&ps->list, &dev->filelist);
1073 file->private_data = ps;
1074 usb_unlock_device(dev);
1075 snoop(&dev->dev, "opened by process %d: %s\n", task_pid_nr(current),
1080 usb_unlock_device(dev);
1087 static int usbdev_release(struct inode *inode, struct file *file)
1089 struct usb_dev_state *ps = file->private_data;
1090 struct usb_device *dev = ps->dev;
1094 usb_lock_device(dev);
1095 usb_hub_release_all_ports(dev, ps);
1097 /* Protect against simultaneous resume */
1098 mutex_lock(&usbfs_mutex);
1099 list_del_init(&ps->list);
1100 mutex_unlock(&usbfs_mutex);
1102 for (ifnum = 0; ps->ifclaimed && ifnum < 8*sizeof(ps->ifclaimed);
1104 if (test_bit(ifnum, &ps->ifclaimed))
1105 releaseintf(ps, ifnum);
1107 destroy_all_async(ps);
1108 if (!ps->suspend_allowed)
1109 usb_autosuspend_device(dev);
1110 usb_unlock_device(dev);
1112 put_pid(ps->disc_pid);
1115 as = async_getcompleted(ps);
1118 as = async_getcompleted(ps);
1125 static void usbfs_blocking_completion(struct urb *urb)
1127 complete((struct completion *) urb->context);
1131 * Much like usb_start_wait_urb, but returns status separately from
1132 * actual_length and uses a killable wait.
1134 static int usbfs_start_wait_urb(struct urb *urb, int timeout,
1135 unsigned int *actlen)
1137 DECLARE_COMPLETION_ONSTACK(ctx);
1138 unsigned long expire;
1141 urb->context = &ctx;
1142 urb->complete = usbfs_blocking_completion;
1144 rc = usb_submit_urb(urb, GFP_KERNEL);
1148 expire = (timeout ? msecs_to_jiffies(timeout) : MAX_SCHEDULE_TIMEOUT);
1149 rc = wait_for_completion_killable_timeout(&ctx, expire);
1152 *actlen = urb->actual_length;
1153 if (urb->status != -ENOENT)
1154 ; /* Completed before it was killed */
1160 *actlen = urb->actual_length;
1164 static int do_proc_control(struct usb_dev_state *ps,
1165 struct usbdevfs_ctrltransfer *ctrl)
1167 struct usb_device *dev = ps->dev;
1169 unsigned char *tbuf;
1170 unsigned int wLength, actlen;
1172 struct urb *urb = NULL;
1173 struct usb_ctrlrequest *dr = NULL;
1175 ret = check_ctrlrecip(ps, ctrl->bRequestType, ctrl->bRequest,
1179 wLength = ctrl->wLength; /* To suppress 64k PAGE_SIZE warning */
1180 if (wLength > PAGE_SIZE)
1182 ret = usbfs_increase_memory_usage(PAGE_SIZE + sizeof(struct urb) +
1183 sizeof(struct usb_ctrlrequest));
1188 tbuf = (unsigned char *)__get_free_page(GFP_KERNEL);
1191 urb = usb_alloc_urb(0, GFP_NOIO);
1194 dr = kmalloc(sizeof(struct usb_ctrlrequest), GFP_NOIO);
1198 dr->bRequestType = ctrl->bRequestType;
1199 dr->bRequest = ctrl->bRequest;
1200 dr->wValue = cpu_to_le16(ctrl->wValue);
1201 dr->wIndex = cpu_to_le16(ctrl->wIndex);
1202 dr->wLength = cpu_to_le16(ctrl->wLength);
1204 tmo = ctrl->timeout;
1205 snoop(&dev->dev, "control urb: bRequestType=%02x "
1206 "bRequest=%02x wValue=%04x "
1207 "wIndex=%04x wLength=%04x\n",
1208 ctrl->bRequestType, ctrl->bRequest, ctrl->wValue,
1209 ctrl->wIndex, ctrl->wLength);
1211 if ((ctrl->bRequestType & USB_DIR_IN) && wLength) {
1212 pipe = usb_rcvctrlpipe(dev, 0);
1213 usb_fill_control_urb(urb, dev, pipe, (unsigned char *) dr, tbuf,
1214 wLength, NULL, NULL);
1215 snoop_urb(dev, NULL, pipe, wLength, tmo, SUBMIT, NULL, 0);
1217 usb_unlock_device(dev);
1218 i = usbfs_start_wait_urb(urb, tmo, &actlen);
1220 /* Linger a bit, prior to the next control message. */
1221 if (dev->quirks & USB_QUIRK_DELAY_CTRL_MSG)
1223 usb_lock_device(dev);
1224 snoop_urb(dev, NULL, pipe, actlen, i, COMPLETE, tbuf, actlen);
1226 if (copy_to_user(ctrl->data, tbuf, actlen)) {
1233 if (copy_from_user(tbuf, ctrl->data, wLength)) {
1238 pipe = usb_sndctrlpipe(dev, 0);
1239 usb_fill_control_urb(urb, dev, pipe, (unsigned char *) dr, tbuf,
1240 wLength, NULL, NULL);
1241 snoop_urb(dev, NULL, pipe, wLength, tmo, SUBMIT, tbuf, wLength);
1243 usb_unlock_device(dev);
1244 i = usbfs_start_wait_urb(urb, tmo, &actlen);
1246 /* Linger a bit, prior to the next control message. */
1247 if (dev->quirks & USB_QUIRK_DELAY_CTRL_MSG)
1249 usb_lock_device(dev);
1250 snoop_urb(dev, NULL, pipe, actlen, i, COMPLETE, NULL, 0);
1252 if (i < 0 && i != -EPIPE) {
1253 dev_printk(KERN_DEBUG, &dev->dev, "usbfs: USBDEVFS_CONTROL "
1254 "failed cmd %s rqt %u rq %u len %u ret %d\n",
1255 current->comm, ctrl->bRequestType, ctrl->bRequest,
1258 ret = (i < 0 ? i : actlen);
1263 free_page((unsigned long) tbuf);
1264 usbfs_decrease_memory_usage(PAGE_SIZE + sizeof(struct urb) +
1265 sizeof(struct usb_ctrlrequest));
1269 static int proc_control(struct usb_dev_state *ps, void __user *arg)
1271 struct usbdevfs_ctrltransfer ctrl;
1273 if (copy_from_user(&ctrl, arg, sizeof(ctrl)))
1275 return do_proc_control(ps, &ctrl);
1278 static int do_proc_bulk(struct usb_dev_state *ps,
1279 struct usbdevfs_bulktransfer *bulk)
1281 struct usb_device *dev = ps->dev;
1282 unsigned int tmo, len1, len2, pipe;
1283 unsigned char *tbuf;
1285 struct urb *urb = NULL;
1286 struct usb_host_endpoint *ep;
1288 ret = findintfep(ps->dev, bulk->ep);
1291 ret = checkintf(ps, ret);
1296 if (len1 < 0 || len1 >= (INT_MAX - sizeof(struct urb)))
1299 if (bulk->ep & USB_DIR_IN)
1300 pipe = usb_rcvbulkpipe(dev, bulk->ep & 0x7f);
1302 pipe = usb_sndbulkpipe(dev, bulk->ep & 0x7f);
1303 ep = usb_pipe_endpoint(dev, pipe);
1304 if (!ep || !usb_endpoint_maxp(&ep->desc))
1306 ret = usbfs_increase_memory_usage(len1 + sizeof(struct urb));
1311 * len1 can be almost arbitrarily large. Don't WARN if it's
1312 * too big, just fail the request.
1315 tbuf = kmalloc(len1, GFP_KERNEL | __GFP_NOWARN);
1318 urb = usb_alloc_urb(0, GFP_KERNEL);
1322 if ((ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) ==
1323 USB_ENDPOINT_XFER_INT) {
1324 pipe = (pipe & ~(3 << 30)) | (PIPE_INTERRUPT << 30);
1325 usb_fill_int_urb(urb, dev, pipe, tbuf, len1,
1326 NULL, NULL, ep->desc.bInterval);
1328 usb_fill_bulk_urb(urb, dev, pipe, tbuf, len1, NULL, NULL);
1331 tmo = bulk->timeout;
1332 if (bulk->ep & 0x80) {
1333 snoop_urb(dev, NULL, pipe, len1, tmo, SUBMIT, NULL, 0);
1335 usb_unlock_device(dev);
1336 i = usbfs_start_wait_urb(urb, tmo, &len2);
1337 usb_lock_device(dev);
1338 snoop_urb(dev, NULL, pipe, len2, i, COMPLETE, tbuf, len2);
1341 if (copy_to_user(bulk->data, tbuf, len2)) {
1348 if (copy_from_user(tbuf, bulk->data, len1)) {
1353 snoop_urb(dev, NULL, pipe, len1, tmo, SUBMIT, tbuf, len1);
1355 usb_unlock_device(dev);
1356 i = usbfs_start_wait_urb(urb, tmo, &len2);
1357 usb_lock_device(dev);
1358 snoop_urb(dev, NULL, pipe, len2, i, COMPLETE, NULL, 0);
1360 ret = (i < 0 ? i : len2);
1364 usbfs_decrease_memory_usage(len1 + sizeof(struct urb));
1368 static int proc_bulk(struct usb_dev_state *ps, void __user *arg)
1370 struct usbdevfs_bulktransfer bulk;
1372 if (copy_from_user(&bulk, arg, sizeof(bulk)))
1374 return do_proc_bulk(ps, &bulk);
1377 static void check_reset_of_active_ep(struct usb_device *udev,
1378 unsigned int epnum, char *ioctl_name)
1380 struct usb_host_endpoint **eps;
1381 struct usb_host_endpoint *ep;
1383 eps = (epnum & USB_DIR_IN) ? udev->ep_in : udev->ep_out;
1384 ep = eps[epnum & 0x0f];
1385 if (ep && !list_empty(&ep->urb_list))
1386 dev_warn(&udev->dev, "Process %d (%s) called USBDEVFS_%s for active endpoint 0x%02x\n",
1387 task_pid_nr(current), current->comm,
1391 static int proc_resetep(struct usb_dev_state *ps, void __user *arg)
1396 if (get_user(ep, (unsigned int __user *)arg))
1398 ret = findintfep(ps->dev, ep);
1401 ret = checkintf(ps, ret);
1404 check_reset_of_active_ep(ps->dev, ep, "RESETEP");
1405 usb_reset_endpoint(ps->dev, ep);
1409 static int proc_clearhalt(struct usb_dev_state *ps, void __user *arg)
1415 if (get_user(ep, (unsigned int __user *)arg))
1417 ret = findintfep(ps->dev, ep);
1420 ret = checkintf(ps, ret);
1423 check_reset_of_active_ep(ps->dev, ep, "CLEAR_HALT");
1424 if (ep & USB_DIR_IN)
1425 pipe = usb_rcvbulkpipe(ps->dev, ep & 0x7f);
1427 pipe = usb_sndbulkpipe(ps->dev, ep & 0x7f);
1429 return usb_clear_halt(ps->dev, pipe);
1432 static int proc_getdriver(struct usb_dev_state *ps, void __user *arg)
1434 struct usbdevfs_getdriver gd;
1435 struct usb_interface *intf;
1438 if (copy_from_user(&gd, arg, sizeof(gd)))
1440 intf = usb_ifnum_to_if(ps->dev, gd.interface);
1441 if (!intf || !intf->dev.driver)
1444 strscpy(gd.driver, intf->dev.driver->name,
1446 ret = (copy_to_user(arg, &gd, sizeof(gd)) ? -EFAULT : 0);
1451 static int proc_connectinfo(struct usb_dev_state *ps, void __user *arg)
1453 struct usbdevfs_connectinfo ci;
1455 memset(&ci, 0, sizeof(ci));
1456 ci.devnum = ps->dev->devnum;
1457 ci.slow = ps->dev->speed == USB_SPEED_LOW;
1459 if (copy_to_user(arg, &ci, sizeof(ci)))
1464 static int proc_conninfo_ex(struct usb_dev_state *ps,
1465 void __user *arg, size_t size)
1467 struct usbdevfs_conninfo_ex ci;
1468 struct usb_device *udev = ps->dev;
1470 if (size < sizeof(ci.size))
1473 memset(&ci, 0, sizeof(ci));
1474 ci.size = sizeof(ci);
1475 ci.busnum = udev->bus->busnum;
1476 ci.devnum = udev->devnum;
1477 ci.speed = udev->speed;
1479 while (udev && udev->portnum != 0) {
1480 if (++ci.num_ports <= ARRAY_SIZE(ci.ports))
1481 ci.ports[ARRAY_SIZE(ci.ports) - ci.num_ports] =
1483 udev = udev->parent;
1486 if (ci.num_ports < ARRAY_SIZE(ci.ports))
1487 memmove(&ci.ports[0],
1488 &ci.ports[ARRAY_SIZE(ci.ports) - ci.num_ports],
1491 if (copy_to_user(arg, &ci, min(sizeof(ci), size)))
1497 static int proc_resetdevice(struct usb_dev_state *ps)
1499 struct usb_host_config *actconfig = ps->dev->actconfig;
1500 struct usb_interface *interface;
1503 /* Don't allow a device reset if the process has dropped the
1504 * privilege to do such things and any of the interfaces are
1505 * currently claimed.
1507 if (ps->privileges_dropped && actconfig) {
1508 for (i = 0; i < actconfig->desc.bNumInterfaces; ++i) {
1509 interface = actconfig->interface[i];
1510 number = interface->cur_altsetting->desc.bInterfaceNumber;
1511 if (usb_interface_claimed(interface) &&
1512 !test_bit(number, &ps->ifclaimed)) {
1513 dev_warn(&ps->dev->dev,
1514 "usbfs: interface %d claimed by %s while '%s' resets device\n",
1515 number, interface->dev.driver->name, current->comm);
1521 return usb_reset_device(ps->dev);
1524 static int proc_setintf(struct usb_dev_state *ps, void __user *arg)
1526 struct usbdevfs_setinterface setintf;
1529 if (copy_from_user(&setintf, arg, sizeof(setintf)))
1531 ret = checkintf(ps, setintf.interface);
1535 destroy_async_on_interface(ps, setintf.interface);
1537 return usb_set_interface(ps->dev, setintf.interface,
1538 setintf.altsetting);
1541 static int proc_setconfig(struct usb_dev_state *ps, void __user *arg)
1545 struct usb_host_config *actconfig;
1547 if (get_user(u, (int __user *)arg))
1550 actconfig = ps->dev->actconfig;
1552 /* Don't touch the device if any interfaces are claimed.
1553 * It could interfere with other drivers' operations, and if
1554 * an interface is claimed by usbfs it could easily deadlock.
1559 for (i = 0; i < actconfig->desc.bNumInterfaces; ++i) {
1560 if (usb_interface_claimed(actconfig->interface[i])) {
1561 dev_warn(&ps->dev->dev,
1562 "usbfs: interface %d claimed by %s "
1563 "while '%s' sets config #%d\n",
1564 actconfig->interface[i]
1566 ->desc.bInterfaceNumber,
1567 actconfig->interface[i]
1576 /* SET_CONFIGURATION is often abused as a "cheap" driver reset,
1577 * so avoid usb_set_configuration()'s kick to sysfs
1580 if (actconfig && actconfig->desc.bConfigurationValue == u)
1581 status = usb_reset_configuration(ps->dev);
1583 status = usb_set_configuration(ps->dev, u);
1589 static struct usb_memory *
1590 find_memory_area(struct usb_dev_state *ps, const struct usbdevfs_urb *uurb)
1592 struct usb_memory *usbm = NULL, *iter;
1593 unsigned long flags;
1594 unsigned long uurb_start = (unsigned long)uurb->buffer;
1596 spin_lock_irqsave(&ps->lock, flags);
1597 list_for_each_entry(iter, &ps->memory_list, memlist) {
1598 if (uurb_start >= iter->vm_start &&
1599 uurb_start < iter->vm_start + iter->size) {
1600 if (uurb->buffer_length > iter->vm_start + iter->size -
1602 usbm = ERR_PTR(-EINVAL);
1605 usbm->urb_use_count++;
1610 spin_unlock_irqrestore(&ps->lock, flags);
1614 static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb,
1615 struct usbdevfs_iso_packet_desc __user *iso_frame_desc,
1616 void __user *arg, sigval_t userurb_sigval)
1618 struct usbdevfs_iso_packet_desc *isopkt = NULL;
1619 struct usb_host_endpoint *ep;
1620 struct async *as = NULL;
1621 struct usb_ctrlrequest *dr = NULL;
1622 unsigned int u, totlen, isofrmlen;
1623 int i, ret, num_sgs = 0, ifnum = -1;
1624 int number_of_packets = 0;
1625 unsigned int stream_id = 0;
1628 bool allow_short = false;
1629 bool allow_zero = false;
1630 unsigned long mask = USBDEVFS_URB_SHORT_NOT_OK |
1631 USBDEVFS_URB_BULK_CONTINUATION |
1632 USBDEVFS_URB_NO_FSBR |
1633 USBDEVFS_URB_ZERO_PACKET |
1634 USBDEVFS_URB_NO_INTERRUPT;
1635 /* USBDEVFS_URB_ISO_ASAP is a special case */
1636 if (uurb->type == USBDEVFS_URB_TYPE_ISO)
1637 mask |= USBDEVFS_URB_ISO_ASAP;
1639 if (uurb->flags & ~mask)
1642 if ((unsigned int)uurb->buffer_length >= USBFS_XFER_MAX)
1644 if (uurb->buffer_length > 0 && !uurb->buffer)
1646 if (!(uurb->type == USBDEVFS_URB_TYPE_CONTROL &&
1647 (uurb->endpoint & ~USB_ENDPOINT_DIR_MASK) == 0)) {
1648 ifnum = findintfep(ps->dev, uurb->endpoint);
1651 ret = checkintf(ps, ifnum);
1655 ep = ep_to_host_endpoint(ps->dev, uurb->endpoint);
1658 is_in = (uurb->endpoint & USB_ENDPOINT_DIR_MASK) != 0;
1661 switch (uurb->type) {
1662 case USBDEVFS_URB_TYPE_CONTROL:
1663 if (!usb_endpoint_xfer_control(&ep->desc))
1665 /* min 8 byte setup packet */
1666 if (uurb->buffer_length < 8)
1668 dr = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
1671 if (copy_from_user(dr, uurb->buffer, 8)) {
1675 if (uurb->buffer_length < (le16_to_cpu(dr->wLength) + 8)) {
1679 ret = check_ctrlrecip(ps, dr->bRequestType, dr->bRequest,
1680 le16_to_cpu(dr->wIndex));
1683 uurb->buffer_length = le16_to_cpu(dr->wLength);
1685 if ((dr->bRequestType & USB_DIR_IN) && uurb->buffer_length) {
1687 uurb->endpoint |= USB_DIR_IN;
1690 uurb->endpoint &= ~USB_DIR_IN;
1694 snoop(&ps->dev->dev, "control urb: bRequestType=%02x "
1695 "bRequest=%02x wValue=%04x "
1696 "wIndex=%04x wLength=%04x\n",
1697 dr->bRequestType, dr->bRequest,
1698 __le16_to_cpu(dr->wValue),
1699 __le16_to_cpu(dr->wIndex),
1700 __le16_to_cpu(dr->wLength));
1701 u = sizeof(struct usb_ctrlrequest);
1704 case USBDEVFS_URB_TYPE_BULK:
1709 switch (usb_endpoint_type(&ep->desc)) {
1710 case USB_ENDPOINT_XFER_CONTROL:
1711 case USB_ENDPOINT_XFER_ISOC:
1713 case USB_ENDPOINT_XFER_INT:
1714 /* allow single-shot interrupt transfers */
1715 uurb->type = USBDEVFS_URB_TYPE_INTERRUPT;
1718 num_sgs = DIV_ROUND_UP(uurb->buffer_length, USB_SG_SIZE);
1719 if (num_sgs == 1 || num_sgs > ps->dev->bus->sg_tablesize)
1722 stream_id = uurb->stream_id;
1725 case USBDEVFS_URB_TYPE_INTERRUPT:
1726 if (!usb_endpoint_xfer_int(&ep->desc))
1735 case USBDEVFS_URB_TYPE_ISO:
1736 /* arbitrary limit */
1737 if (uurb->number_of_packets < 1 ||
1738 uurb->number_of_packets > 128)
1740 if (!usb_endpoint_xfer_isoc(&ep->desc))
1742 number_of_packets = uurb->number_of_packets;
1743 isofrmlen = sizeof(struct usbdevfs_iso_packet_desc) *
1745 isopkt = memdup_user(iso_frame_desc, isofrmlen);
1746 if (IS_ERR(isopkt)) {
1747 ret = PTR_ERR(isopkt);
1751 for (totlen = u = 0; u < number_of_packets; u++) {
1753 * arbitrary limit need for USB 3.1 Gen2
1754 * sizemax: 96 DPs at SSP, 96 * 1024 = 98304
1756 if (isopkt[u].length > 98304) {
1760 totlen += isopkt[u].length;
1762 u *= sizeof(struct usb_iso_packet_descriptor);
1763 uurb->buffer_length = totlen;
1770 if (uurb->buffer_length > 0 &&
1771 !access_ok(uurb->buffer, uurb->buffer_length)) {
1775 as = alloc_async(number_of_packets);
1781 as->usbm = find_memory_area(ps, uurb);
1782 if (IS_ERR(as->usbm)) {
1783 ret = PTR_ERR(as->usbm);
1788 /* do not use SG buffers when memory mapped segments
1794 u += sizeof(struct async) + sizeof(struct urb) +
1795 (as->usbm ? 0 : uurb->buffer_length) +
1796 num_sgs * sizeof(struct scatterlist);
1797 ret = usbfs_increase_memory_usage(u);
1803 as->urb->sg = kmalloc_array(num_sgs,
1804 sizeof(struct scatterlist),
1805 GFP_KERNEL | __GFP_NOWARN);
1810 as->urb->num_sgs = num_sgs;
1811 sg_init_table(as->urb->sg, as->urb->num_sgs);
1813 totlen = uurb->buffer_length;
1814 for (i = 0; i < as->urb->num_sgs; i++) {
1815 u = (totlen > USB_SG_SIZE) ? USB_SG_SIZE : totlen;
1816 buf = kmalloc(u, GFP_KERNEL);
1821 sg_set_buf(&as->urb->sg[i], buf, u);
1824 if (copy_from_user(buf, uurb->buffer, u)) {
1832 } else if (uurb->buffer_length > 0) {
1834 unsigned long uurb_start = (unsigned long)uurb->buffer;
1836 as->urb->transfer_buffer = as->usbm->mem +
1837 (uurb_start - as->usbm->vm_start);
1839 as->urb->transfer_buffer = kmalloc(uurb->buffer_length,
1840 GFP_KERNEL | __GFP_NOWARN);
1841 if (!as->urb->transfer_buffer) {
1846 if (copy_from_user(as->urb->transfer_buffer,
1848 uurb->buffer_length)) {
1852 } else if (uurb->type == USBDEVFS_URB_TYPE_ISO) {
1854 * Isochronous input data may end up being
1855 * discontiguous if some of the packets are
1856 * short. Clear the buffer so that the gaps
1857 * don't leak kernel data to userspace.
1859 memset(as->urb->transfer_buffer, 0,
1860 uurb->buffer_length);
1864 as->urb->dev = ps->dev;
1865 as->urb->pipe = (uurb->type << 30) |
1866 __create_pipe(ps->dev, uurb->endpoint & 0xf) |
1867 (uurb->endpoint & USB_DIR_IN);
1869 /* This tedious sequence is necessary because the URB_* flags
1870 * are internal to the kernel and subject to change, whereas
1871 * the USBDEVFS_URB_* flags are a user API and must not be changed.
1873 u = (is_in ? URB_DIR_IN : URB_DIR_OUT);
1874 if (uurb->flags & USBDEVFS_URB_ISO_ASAP)
1876 if (allow_short && uurb->flags & USBDEVFS_URB_SHORT_NOT_OK)
1877 u |= URB_SHORT_NOT_OK;
1878 if (allow_zero && uurb->flags & USBDEVFS_URB_ZERO_PACKET)
1879 u |= URB_ZERO_PACKET;
1880 if (uurb->flags & USBDEVFS_URB_NO_INTERRUPT)
1881 u |= URB_NO_INTERRUPT;
1882 as->urb->transfer_flags = u;
1884 if (!allow_short && uurb->flags & USBDEVFS_URB_SHORT_NOT_OK)
1885 dev_warn(&ps->dev->dev, "Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.\n");
1886 if (!allow_zero && uurb->flags & USBDEVFS_URB_ZERO_PACKET)
1887 dev_warn(&ps->dev->dev, "Requested nonsensical USBDEVFS_URB_ZERO_PACKET.\n");
1889 as->urb->transfer_buffer_length = uurb->buffer_length;
1890 as->urb->setup_packet = (unsigned char *)dr;
1892 as->urb->start_frame = uurb->start_frame;
1893 as->urb->number_of_packets = number_of_packets;
1894 as->urb->stream_id = stream_id;
1896 if (ep->desc.bInterval) {
1897 if (uurb->type == USBDEVFS_URB_TYPE_ISO ||
1898 ps->dev->speed == USB_SPEED_HIGH ||
1899 ps->dev->speed >= USB_SPEED_SUPER)
1900 as->urb->interval = 1 <<
1901 min(15, ep->desc.bInterval - 1);
1903 as->urb->interval = ep->desc.bInterval;
1906 as->urb->context = as;
1907 as->urb->complete = async_completed;
1908 for (totlen = u = 0; u < number_of_packets; u++) {
1909 as->urb->iso_frame_desc[u].offset = totlen;
1910 as->urb->iso_frame_desc[u].length = isopkt[u].length;
1911 totlen += isopkt[u].length;
1917 as->userurb_sigval = userurb_sigval;
1919 unsigned long uurb_start = (unsigned long)uurb->buffer;
1921 as->urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
1922 as->urb->transfer_dma = as->usbm->dma_handle +
1923 (uurb_start - as->usbm->vm_start);
1924 } else if (is_in && uurb->buffer_length > 0)
1925 as->userbuffer = uurb->buffer;
1926 as->signr = uurb->signr;
1928 as->pid = get_pid(task_pid(current));
1929 as->cred = get_current_cred();
1930 snoop_urb(ps->dev, as->userurb, as->urb->pipe,
1931 as->urb->transfer_buffer_length, 0, SUBMIT,
1934 snoop_urb_data(as->urb, as->urb->transfer_buffer_length);
1936 async_newpending(as);
1938 if (usb_endpoint_xfer_bulk(&ep->desc)) {
1939 spin_lock_irq(&ps->lock);
1941 /* Not exactly the endpoint address; the direction bit is
1942 * shifted to the 0x10 position so that the value will be
1945 as->bulk_addr = usb_endpoint_num(&ep->desc) |
1946 ((ep->desc.bEndpointAddress & USB_ENDPOINT_DIR_MASK)
1949 /* If this bulk URB is the start of a new transfer, re-enable
1950 * the endpoint. Otherwise mark it as a continuation URB.
1952 if (uurb->flags & USBDEVFS_URB_BULK_CONTINUATION)
1953 as->bulk_status = AS_CONTINUATION;
1955 ps->disabled_bulk_eps &= ~(1 << as->bulk_addr);
1957 /* Don't accept continuation URBs if the endpoint is
1958 * disabled because of an earlier error.
1960 if (ps->disabled_bulk_eps & (1 << as->bulk_addr))
1963 ret = usb_submit_urb(as->urb, GFP_ATOMIC);
1964 spin_unlock_irq(&ps->lock);
1966 ret = usb_submit_urb(as->urb, GFP_KERNEL);
1970 dev_printk(KERN_DEBUG, &ps->dev->dev,
1971 "usbfs: usb_submit_urb returned %d\n", ret);
1972 snoop_urb(ps->dev, as->userurb, as->urb->pipe,
1973 0, ret, COMPLETE, NULL, 0);
1974 async_removepending(as);
1987 static int proc_submiturb(struct usb_dev_state *ps, void __user *arg)
1989 struct usbdevfs_urb uurb;
1990 sigval_t userurb_sigval;
1992 if (copy_from_user(&uurb, arg, sizeof(uurb)))
1995 memset(&userurb_sigval, 0, sizeof(userurb_sigval));
1996 userurb_sigval.sival_ptr = arg;
1998 return proc_do_submiturb(ps, &uurb,
1999 (((struct usbdevfs_urb __user *)arg)->iso_frame_desc),
2000 arg, userurb_sigval);
2003 static int proc_unlinkurb(struct usb_dev_state *ps, void __user *arg)
2007 unsigned long flags;
2009 spin_lock_irqsave(&ps->lock, flags);
2010 as = async_getpending(ps, arg);
2012 spin_unlock_irqrestore(&ps->lock, flags);
2018 spin_unlock_irqrestore(&ps->lock, flags);
2026 static void compute_isochronous_actual_length(struct urb *urb)
2030 if (urb->number_of_packets > 0) {
2031 urb->actual_length = 0;
2032 for (i = 0; i < urb->number_of_packets; i++)
2033 urb->actual_length +=
2034 urb->iso_frame_desc[i].actual_length;
2038 static int processcompl(struct async *as, void __user * __user *arg)
2040 struct urb *urb = as->urb;
2041 struct usbdevfs_urb __user *userurb = as->userurb;
2042 void __user *addr = as->userurb;
2045 compute_isochronous_actual_length(urb);
2046 if (as->userbuffer && urb->actual_length) {
2047 if (copy_urb_data_to_user(as->userbuffer, urb))
2050 if (put_user(as->status, &userurb->status))
2052 if (put_user(urb->actual_length, &userurb->actual_length))
2054 if (put_user(urb->error_count, &userurb->error_count))
2057 if (usb_endpoint_xfer_isoc(&urb->ep->desc)) {
2058 for (i = 0; i < urb->number_of_packets; i++) {
2059 if (put_user(urb->iso_frame_desc[i].actual_length,
2060 &userurb->iso_frame_desc[i].actual_length))
2062 if (put_user(urb->iso_frame_desc[i].status,
2063 &userurb->iso_frame_desc[i].status))
2068 if (put_user(addr, (void __user * __user *)arg))
2076 static struct async *reap_as(struct usb_dev_state *ps)
2078 DECLARE_WAITQUEUE(wait, current);
2079 struct async *as = NULL;
2080 struct usb_device *dev = ps->dev;
2082 add_wait_queue(&ps->wait, &wait);
2084 __set_current_state(TASK_INTERRUPTIBLE);
2085 as = async_getcompleted(ps);
2086 if (as || !connected(ps))
2088 if (signal_pending(current))
2090 usb_unlock_device(dev);
2092 usb_lock_device(dev);
2094 remove_wait_queue(&ps->wait, &wait);
2095 set_current_state(TASK_RUNNING);
2099 static int proc_reapurb(struct usb_dev_state *ps, void __user *arg)
2101 struct async *as = reap_as(ps);
2106 snoop(&ps->dev->dev, "reap %px\n", as->userurb);
2107 retval = processcompl(as, (void __user * __user *)arg);
2111 if (signal_pending(current))
2116 static int proc_reapurbnonblock(struct usb_dev_state *ps, void __user *arg)
2121 as = async_getcompleted(ps);
2123 snoop(&ps->dev->dev, "reap %px\n", as->userurb);
2124 retval = processcompl(as, (void __user * __user *)arg);
2127 retval = (connected(ps) ? -EAGAIN : -ENODEV);
2132 #ifdef CONFIG_COMPAT
2133 static int proc_control_compat(struct usb_dev_state *ps,
2134 struct usbdevfs_ctrltransfer32 __user *p32)
2136 struct usbdevfs_ctrltransfer ctrl;
2139 if (copy_from_user(&ctrl, p32, sizeof(*p32) - sizeof(compat_caddr_t)) ||
2140 get_user(udata, &p32->data))
2142 ctrl.data = compat_ptr(udata);
2143 return do_proc_control(ps, &ctrl);
2146 static int proc_bulk_compat(struct usb_dev_state *ps,
2147 struct usbdevfs_bulktransfer32 __user *p32)
2149 struct usbdevfs_bulktransfer bulk;
2150 compat_caddr_t addr;
2152 if (get_user(bulk.ep, &p32->ep) ||
2153 get_user(bulk.len, &p32->len) ||
2154 get_user(bulk.timeout, &p32->timeout) ||
2155 get_user(addr, &p32->data))
2157 bulk.data = compat_ptr(addr);
2158 return do_proc_bulk(ps, &bulk);
2161 static int proc_disconnectsignal_compat(struct usb_dev_state *ps, void __user *arg)
2163 struct usbdevfs_disconnectsignal32 ds;
2165 if (copy_from_user(&ds, arg, sizeof(ds)))
2167 ps->discsignr = ds.signr;
2168 ps->disccontext.sival_int = ds.context;
2172 static int get_urb32(struct usbdevfs_urb *kurb,
2173 struct usbdevfs_urb32 __user *uurb)
2175 struct usbdevfs_urb32 urb32;
2176 if (copy_from_user(&urb32, uurb, sizeof(*uurb)))
2178 kurb->type = urb32.type;
2179 kurb->endpoint = urb32.endpoint;
2180 kurb->status = urb32.status;
2181 kurb->flags = urb32.flags;
2182 kurb->buffer = compat_ptr(urb32.buffer);
2183 kurb->buffer_length = urb32.buffer_length;
2184 kurb->actual_length = urb32.actual_length;
2185 kurb->start_frame = urb32.start_frame;
2186 kurb->number_of_packets = urb32.number_of_packets;
2187 kurb->error_count = urb32.error_count;
2188 kurb->signr = urb32.signr;
2189 kurb->usercontext = compat_ptr(urb32.usercontext);
2193 static int proc_submiturb_compat(struct usb_dev_state *ps, void __user *arg)
2195 struct usbdevfs_urb uurb;
2196 sigval_t userurb_sigval;
2198 if (get_urb32(&uurb, (struct usbdevfs_urb32 __user *)arg))
2201 memset(&userurb_sigval, 0, sizeof(userurb_sigval));
2202 userurb_sigval.sival_int = ptr_to_compat(arg);
2204 return proc_do_submiturb(ps, &uurb,
2205 ((struct usbdevfs_urb32 __user *)arg)->iso_frame_desc,
2206 arg, userurb_sigval);
2209 static int processcompl_compat(struct async *as, void __user * __user *arg)
2211 struct urb *urb = as->urb;
2212 struct usbdevfs_urb32 __user *userurb = as->userurb;
2213 void __user *addr = as->userurb;
2216 compute_isochronous_actual_length(urb);
2217 if (as->userbuffer && urb->actual_length) {
2218 if (copy_urb_data_to_user(as->userbuffer, urb))
2221 if (put_user(as->status, &userurb->status))
2223 if (put_user(urb->actual_length, &userurb->actual_length))
2225 if (put_user(urb->error_count, &userurb->error_count))
2228 if (usb_endpoint_xfer_isoc(&urb->ep->desc)) {
2229 for (i = 0; i < urb->number_of_packets; i++) {
2230 if (put_user(urb->iso_frame_desc[i].actual_length,
2231 &userurb->iso_frame_desc[i].actual_length))
2233 if (put_user(urb->iso_frame_desc[i].status,
2234 &userurb->iso_frame_desc[i].status))
2239 if (put_user(ptr_to_compat(addr), (u32 __user *)arg))
2244 static int proc_reapurb_compat(struct usb_dev_state *ps, void __user *arg)
2246 struct async *as = reap_as(ps);
2251 snoop(&ps->dev->dev, "reap %px\n", as->userurb);
2252 retval = processcompl_compat(as, (void __user * __user *)arg);
2256 if (signal_pending(current))
2261 static int proc_reapurbnonblock_compat(struct usb_dev_state *ps, void __user *arg)
2266 as = async_getcompleted(ps);
2268 snoop(&ps->dev->dev, "reap %px\n", as->userurb);
2269 retval = processcompl_compat(as, (void __user * __user *)arg);
2272 retval = (connected(ps) ? -EAGAIN : -ENODEV);
2280 static int proc_disconnectsignal(struct usb_dev_state *ps, void __user *arg)
2282 struct usbdevfs_disconnectsignal ds;
2284 if (copy_from_user(&ds, arg, sizeof(ds)))
2286 ps->discsignr = ds.signr;
2287 ps->disccontext.sival_ptr = ds.context;
2291 static int proc_claiminterface(struct usb_dev_state *ps, void __user *arg)
2295 if (get_user(ifnum, (unsigned int __user *)arg))
2297 return claimintf(ps, ifnum);
2300 static int proc_releaseinterface(struct usb_dev_state *ps, void __user *arg)
2305 if (get_user(ifnum, (unsigned int __user *)arg))
2307 ret = releaseintf(ps, ifnum);
2310 destroy_async_on_interface(ps, ifnum);
2314 static int proc_ioctl(struct usb_dev_state *ps, struct usbdevfs_ioctl *ctl)
2319 struct usb_interface *intf = NULL;
2320 struct usb_driver *driver = NULL;
2322 if (ps->privileges_dropped)
2329 size = _IOC_SIZE(ctl->ioctl_code);
2331 buf = kmalloc(size, GFP_KERNEL);
2334 if ((_IOC_DIR(ctl->ioctl_code) & _IOC_WRITE)) {
2335 if (copy_from_user(buf, ctl->data, size)) {
2340 memset(buf, 0, size);
2344 if (ps->dev->state != USB_STATE_CONFIGURED)
2345 retval = -EHOSTUNREACH;
2346 else if (!(intf = usb_ifnum_to_if(ps->dev, ctl->ifno)))
2348 else switch (ctl->ioctl_code) {
2350 /* disconnect kernel driver from interface */
2351 case USBDEVFS_DISCONNECT:
2352 if (intf->dev.driver) {
2353 driver = to_usb_driver(intf->dev.driver);
2354 dev_dbg(&intf->dev, "disconnect by usbfs\n");
2355 usb_driver_release_interface(driver, intf);
2360 /* let kernel drivers try to (re)bind to the interface */
2361 case USBDEVFS_CONNECT:
2362 if (!intf->dev.driver)
2363 retval = device_attach(&intf->dev);
2368 /* talk directly to the interface's driver */
2370 if (intf->dev.driver)
2371 driver = to_usb_driver(intf->dev.driver);
2372 if (driver == NULL || driver->unlocked_ioctl == NULL) {
2375 retval = driver->unlocked_ioctl(intf, ctl->ioctl_code, buf);
2376 if (retval == -ENOIOCTLCMD)
2381 /* cleanup and return */
2383 && (_IOC_DIR(ctl->ioctl_code) & _IOC_READ) != 0
2385 && copy_to_user(ctl->data, buf, size) != 0)
2392 static int proc_ioctl_default(struct usb_dev_state *ps, void __user *arg)
2394 struct usbdevfs_ioctl ctrl;
2396 if (copy_from_user(&ctrl, arg, sizeof(ctrl)))
2398 return proc_ioctl(ps, &ctrl);
2401 #ifdef CONFIG_COMPAT
2402 static int proc_ioctl_compat(struct usb_dev_state *ps, compat_uptr_t arg)
2404 struct usbdevfs_ioctl32 ioc32;
2405 struct usbdevfs_ioctl ctrl;
2407 if (copy_from_user(&ioc32, compat_ptr(arg), sizeof(ioc32)))
2409 ctrl.ifno = ioc32.ifno;
2410 ctrl.ioctl_code = ioc32.ioctl_code;
2411 ctrl.data = compat_ptr(ioc32.data);
2412 return proc_ioctl(ps, &ctrl);
2416 static int proc_claim_port(struct usb_dev_state *ps, void __user *arg)
2421 if (get_user(portnum, (unsigned __user *) arg))
2423 rc = usb_hub_claim_port(ps->dev, portnum, ps);
2425 snoop(&ps->dev->dev, "port %d claimed by process %d: %s\n",
2426 portnum, task_pid_nr(current), current->comm);
2430 static int proc_release_port(struct usb_dev_state *ps, void __user *arg)
2434 if (get_user(portnum, (unsigned __user *) arg))
2436 return usb_hub_release_port(ps->dev, portnum, ps);
2439 static int proc_get_capabilities(struct usb_dev_state *ps, void __user *arg)
2443 caps = USBDEVFS_CAP_ZERO_PACKET | USBDEVFS_CAP_NO_PACKET_SIZE_LIM |
2444 USBDEVFS_CAP_REAP_AFTER_DISCONNECT | USBDEVFS_CAP_MMAP |
2445 USBDEVFS_CAP_DROP_PRIVILEGES |
2446 USBDEVFS_CAP_CONNINFO_EX | MAYBE_CAP_SUSPEND;
2447 if (!ps->dev->bus->no_stop_on_short)
2448 caps |= USBDEVFS_CAP_BULK_CONTINUATION;
2449 if (ps->dev->bus->sg_tablesize)
2450 caps |= USBDEVFS_CAP_BULK_SCATTER_GATHER;
2452 if (put_user(caps, (__u32 __user *)arg))
2458 static int proc_disconnect_claim(struct usb_dev_state *ps, void __user *arg)
2460 struct usbdevfs_disconnect_claim dc;
2461 struct usb_interface *intf;
2463 if (copy_from_user(&dc, arg, sizeof(dc)))
2466 intf = usb_ifnum_to_if(ps->dev, dc.interface);
2470 if (intf->dev.driver) {
2471 struct usb_driver *driver = to_usb_driver(intf->dev.driver);
2473 if (ps->privileges_dropped)
2476 if ((dc.flags & USBDEVFS_DISCONNECT_CLAIM_IF_DRIVER) &&
2477 strncmp(dc.driver, intf->dev.driver->name,
2478 sizeof(dc.driver)) != 0)
2481 if ((dc.flags & USBDEVFS_DISCONNECT_CLAIM_EXCEPT_DRIVER) &&
2482 strncmp(dc.driver, intf->dev.driver->name,
2483 sizeof(dc.driver)) == 0)
2486 dev_dbg(&intf->dev, "disconnect by usbfs\n");
2487 usb_driver_release_interface(driver, intf);
2490 return claimintf(ps, dc.interface);
2493 static int proc_alloc_streams(struct usb_dev_state *ps, void __user *arg)
2495 unsigned num_streams, num_eps;
2496 struct usb_host_endpoint **eps;
2497 struct usb_interface *intf;
2500 r = parse_usbdevfs_streams(ps, arg, &num_streams, &num_eps,
2505 destroy_async_on_interface(ps,
2506 intf->altsetting[0].desc.bInterfaceNumber);
2508 r = usb_alloc_streams(intf, eps, num_eps, num_streams, GFP_KERNEL);
2513 static int proc_free_streams(struct usb_dev_state *ps, void __user *arg)
2516 struct usb_host_endpoint **eps;
2517 struct usb_interface *intf;
2520 r = parse_usbdevfs_streams(ps, arg, NULL, &num_eps, &eps, &intf);
2524 destroy_async_on_interface(ps,
2525 intf->altsetting[0].desc.bInterfaceNumber);
2527 r = usb_free_streams(intf, eps, num_eps, GFP_KERNEL);
2532 static int proc_drop_privileges(struct usb_dev_state *ps, void __user *arg)
2536 if (copy_from_user(&data, arg, sizeof(data)))
2539 /* This is a one way operation. Once privileges are
2540 * dropped, you cannot regain them. You may however reissue
2541 * this ioctl to shrink the allowed interfaces mask.
2543 ps->interface_allowed_mask &= data;
2544 ps->privileges_dropped = true;
2549 static int proc_forbid_suspend(struct usb_dev_state *ps)
2553 if (ps->suspend_allowed) {
2554 ret = usb_autoresume_device(ps->dev);
2556 ps->suspend_allowed = false;
2557 else if (ret != -ENODEV)
2563 static int proc_allow_suspend(struct usb_dev_state *ps)
2568 WRITE_ONCE(ps->not_yet_resumed, 1);
2569 if (!ps->suspend_allowed) {
2570 usb_autosuspend_device(ps->dev);
2571 ps->suspend_allowed = true;
2576 static int proc_wait_for_resume(struct usb_dev_state *ps)
2580 usb_unlock_device(ps->dev);
2581 ret = wait_event_interruptible(ps->wait_for_resume,
2582 READ_ONCE(ps->not_yet_resumed) == 0);
2583 usb_lock_device(ps->dev);
2587 return proc_forbid_suspend(ps);
2591 * NOTE: All requests here that have interface numbers as parameters
2592 * are assuming that somehow the configuration has been prevented from
2593 * changing. But there's no mechanism to ensure that...
2595 static long usbdev_do_ioctl(struct file *file, unsigned int cmd,
2598 struct usb_dev_state *ps = file->private_data;
2599 struct inode *inode = file_inode(file);
2600 struct usb_device *dev = ps->dev;
2603 if (!(file->f_mode & FMODE_WRITE))
2606 usb_lock_device(dev);
2608 /* Reap operations are allowed even after disconnection */
2610 case USBDEVFS_REAPURB:
2611 snoop(&dev->dev, "%s: REAPURB\n", __func__);
2612 ret = proc_reapurb(ps, p);
2615 case USBDEVFS_REAPURBNDELAY:
2616 snoop(&dev->dev, "%s: REAPURBNDELAY\n", __func__);
2617 ret = proc_reapurbnonblock(ps, p);
2620 #ifdef CONFIG_COMPAT
2621 case USBDEVFS_REAPURB32:
2622 snoop(&dev->dev, "%s: REAPURB32\n", __func__);
2623 ret = proc_reapurb_compat(ps, p);
2626 case USBDEVFS_REAPURBNDELAY32:
2627 snoop(&dev->dev, "%s: REAPURBNDELAY32\n", __func__);
2628 ret = proc_reapurbnonblock_compat(ps, p);
2633 if (!connected(ps)) {
2634 usb_unlock_device(dev);
2639 case USBDEVFS_CONTROL:
2640 snoop(&dev->dev, "%s: CONTROL\n", __func__);
2641 ret = proc_control(ps, p);
2643 inode->i_mtime = current_time(inode);
2647 snoop(&dev->dev, "%s: BULK\n", __func__);
2648 ret = proc_bulk(ps, p);
2650 inode->i_mtime = current_time(inode);
2653 case USBDEVFS_RESETEP:
2654 snoop(&dev->dev, "%s: RESETEP\n", __func__);
2655 ret = proc_resetep(ps, p);
2657 inode->i_mtime = current_time(inode);
2660 case USBDEVFS_RESET:
2661 snoop(&dev->dev, "%s: RESET\n", __func__);
2662 ret = proc_resetdevice(ps);
2665 case USBDEVFS_CLEAR_HALT:
2666 snoop(&dev->dev, "%s: CLEAR_HALT\n", __func__);
2667 ret = proc_clearhalt(ps, p);
2669 inode->i_mtime = current_time(inode);
2672 case USBDEVFS_GETDRIVER:
2673 snoop(&dev->dev, "%s: GETDRIVER\n", __func__);
2674 ret = proc_getdriver(ps, p);
2677 case USBDEVFS_CONNECTINFO:
2678 snoop(&dev->dev, "%s: CONNECTINFO\n", __func__);
2679 ret = proc_connectinfo(ps, p);
2682 case USBDEVFS_SETINTERFACE:
2683 snoop(&dev->dev, "%s: SETINTERFACE\n", __func__);
2684 ret = proc_setintf(ps, p);
2687 case USBDEVFS_SETCONFIGURATION:
2688 snoop(&dev->dev, "%s: SETCONFIGURATION\n", __func__);
2689 ret = proc_setconfig(ps, p);
2692 case USBDEVFS_SUBMITURB:
2693 snoop(&dev->dev, "%s: SUBMITURB\n", __func__);
2694 ret = proc_submiturb(ps, p);
2696 inode->i_mtime = current_time(inode);
2699 #ifdef CONFIG_COMPAT
2700 case USBDEVFS_CONTROL32:
2701 snoop(&dev->dev, "%s: CONTROL32\n", __func__);
2702 ret = proc_control_compat(ps, p);
2704 inode->i_mtime = current_time(inode);
2707 case USBDEVFS_BULK32:
2708 snoop(&dev->dev, "%s: BULK32\n", __func__);
2709 ret = proc_bulk_compat(ps, p);
2711 inode->i_mtime = current_time(inode);
2714 case USBDEVFS_DISCSIGNAL32:
2715 snoop(&dev->dev, "%s: DISCSIGNAL32\n", __func__);
2716 ret = proc_disconnectsignal_compat(ps, p);
2719 case USBDEVFS_SUBMITURB32:
2720 snoop(&dev->dev, "%s: SUBMITURB32\n", __func__);
2721 ret = proc_submiturb_compat(ps, p);
2723 inode->i_mtime = current_time(inode);
2726 case USBDEVFS_IOCTL32:
2727 snoop(&dev->dev, "%s: IOCTL32\n", __func__);
2728 ret = proc_ioctl_compat(ps, ptr_to_compat(p));
2732 case USBDEVFS_DISCARDURB:
2733 snoop(&dev->dev, "%s: DISCARDURB %px\n", __func__, p);
2734 ret = proc_unlinkurb(ps, p);
2737 case USBDEVFS_DISCSIGNAL:
2738 snoop(&dev->dev, "%s: DISCSIGNAL\n", __func__);
2739 ret = proc_disconnectsignal(ps, p);
2742 case USBDEVFS_CLAIMINTERFACE:
2743 snoop(&dev->dev, "%s: CLAIMINTERFACE\n", __func__);
2744 ret = proc_claiminterface(ps, p);
2747 case USBDEVFS_RELEASEINTERFACE:
2748 snoop(&dev->dev, "%s: RELEASEINTERFACE\n", __func__);
2749 ret = proc_releaseinterface(ps, p);
2752 case USBDEVFS_IOCTL:
2753 snoop(&dev->dev, "%s: IOCTL\n", __func__);
2754 ret = proc_ioctl_default(ps, p);
2757 case USBDEVFS_CLAIM_PORT:
2758 snoop(&dev->dev, "%s: CLAIM_PORT\n", __func__);
2759 ret = proc_claim_port(ps, p);
2762 case USBDEVFS_RELEASE_PORT:
2763 snoop(&dev->dev, "%s: RELEASE_PORT\n", __func__);
2764 ret = proc_release_port(ps, p);
2766 case USBDEVFS_GET_CAPABILITIES:
2767 ret = proc_get_capabilities(ps, p);
2769 case USBDEVFS_DISCONNECT_CLAIM:
2770 ret = proc_disconnect_claim(ps, p);
2772 case USBDEVFS_ALLOC_STREAMS:
2773 ret = proc_alloc_streams(ps, p);
2775 case USBDEVFS_FREE_STREAMS:
2776 ret = proc_free_streams(ps, p);
2778 case USBDEVFS_DROP_PRIVILEGES:
2779 ret = proc_drop_privileges(ps, p);
2781 case USBDEVFS_GET_SPEED:
2782 ret = ps->dev->speed;
2784 case USBDEVFS_FORBID_SUSPEND:
2785 ret = proc_forbid_suspend(ps);
2787 case USBDEVFS_ALLOW_SUSPEND:
2788 ret = proc_allow_suspend(ps);
2790 case USBDEVFS_WAIT_FOR_RESUME:
2791 ret = proc_wait_for_resume(ps);
2795 /* Handle variable-length commands */
2796 switch (cmd & ~IOCSIZE_MASK) {
2797 case USBDEVFS_CONNINFO_EX(0):
2798 ret = proc_conninfo_ex(ps, p, _IOC_SIZE(cmd));
2803 usb_unlock_device(dev);
2805 inode->i_atime = current_time(inode);
2809 static long usbdev_ioctl(struct file *file, unsigned int cmd,
2814 ret = usbdev_do_ioctl(file, cmd, (void __user *)arg);
2819 /* No kernel lock - fine */
2820 static __poll_t usbdev_poll(struct file *file,
2821 struct poll_table_struct *wait)
2823 struct usb_dev_state *ps = file->private_data;
2826 poll_wait(file, &ps->wait, wait);
2827 if (file->f_mode & FMODE_WRITE && !list_empty(&ps->async_completed))
2828 mask |= EPOLLOUT | EPOLLWRNORM;
2831 if (list_empty(&ps->list))
2836 const struct file_operations usbdev_file_operations = {
2837 .owner = THIS_MODULE,
2838 .llseek = no_seek_end_llseek,
2839 .read = usbdev_read,
2840 .poll = usbdev_poll,
2841 .unlocked_ioctl = usbdev_ioctl,
2842 .compat_ioctl = compat_ptr_ioctl,
2843 .mmap = usbdev_mmap,
2844 .open = usbdev_open,
2845 .release = usbdev_release,
2848 static void usbdev_remove(struct usb_device *udev)
2850 struct usb_dev_state *ps;
2852 /* Protect against simultaneous resume */
2853 mutex_lock(&usbfs_mutex);
2854 while (!list_empty(&udev->filelist)) {
2855 ps = list_entry(udev->filelist.next, struct usb_dev_state, list);
2856 destroy_all_async(ps);
2857 wake_up_all(&ps->wait);
2858 WRITE_ONCE(ps->not_yet_resumed, 0);
2859 wake_up_all(&ps->wait_for_resume);
2860 list_del_init(&ps->list);
2862 kill_pid_usb_asyncio(ps->discsignr, EPIPE, ps->disccontext,
2863 ps->disc_pid, ps->cred);
2865 mutex_unlock(&usbfs_mutex);
2868 static int usbdev_notify(struct notifier_block *self,
2869 unsigned long action, void *dev)
2872 case USB_DEVICE_ADD:
2874 case USB_DEVICE_REMOVE:
2881 static struct notifier_block usbdev_nb = {
2882 .notifier_call = usbdev_notify,
2885 static struct cdev usb_device_cdev;
2887 int __init usb_devio_init(void)
2891 retval = register_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX,
2894 printk(KERN_ERR "Unable to register minors for usb_device\n");
2897 cdev_init(&usb_device_cdev, &usbdev_file_operations);
2898 retval = cdev_add(&usb_device_cdev, USB_DEVICE_DEV, USB_DEVICE_MAX);
2900 printk(KERN_ERR "Unable to get usb_device major %d\n",
2904 usb_register_notify(&usbdev_nb);
2909 unregister_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX);
2913 void usb_devio_cleanup(void)
2915 usb_unregister_notify(&usbdev_nb);
2916 cdev_del(&usb_device_cdev);
2917 unregister_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX);
projects / platform / kernel / linux-starfive.git / blob