Gitiles
Code Review Sign In
nv-tegra.nvidia.com / linux-4.4 / 46113830a18847cff8da73005e57bc49c2f95a56 / . / drivers / usb / core / devio.c
blob: 6c35dcbea66444b6c37144276168c330cf40a865 [file] [log] [blame]
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1/*****************************************************************************/
2
3/*
4 * devio.c -- User space communication with USB devices.
5 *
6 * Copyright (C) 1999-2000 Thomas Sailer (sailer@ife.ee.ethz.ch)
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 *
22 * $Id: devio.c,v 1.7 2000/02/01 17:28:48 fliegl Exp $
23 *
24 * This file implements the usbfs/x/y files, where
25 * x is the bus number and y the device number.
26 *
27 * It allows user space programs/"drivers" to communicate directly
28 * with USB devices without intervening kernel driver.
29 *
30 * Revision history
31 * 22.12.1999 0.1 Initial release (split from proc_usb.c)
32 * 04.01.2000 0.2 Turned into its own filesystem
Harald Welte46113832005-10-10 19:44:29 +0200[diff] [blame^]33 * 30.09.2005 0.3 Fix user-triggerable oops in async URB delivery
34 * (CAN-2005-3055)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]35 */
36
37/*****************************************************************************/
38
39#include <linux/fs.h>
40#include <linux/mm.h>
41#include <linux/slab.h>
42#include <linux/smp_lock.h>
43#include <linux/signal.h>
44#include <linux/poll.h>
45#include <linux/module.h>
46#include <linux/usb.h>
47#include <linux/usbdevice_fs.h>
Kay Sieversfbf82fd2005-07-31 01:05:53 +0200[diff] [blame]48#include <linux/cdev.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]49#include <asm/uaccess.h>
50#include <asm/byteorder.h>
51#include <linux/moduleparam.h>
52
53#include "hcd.h" /* for usbcore internals */
54#include "usb.h"
55
Kay Sieversfbf82fd2005-07-31 01:05:53 +0200[diff] [blame]56#define USB_MAXBUS 64
57#define USB_DEVICE_MAX USB_MAXBUS * 128
58static struct class *usb_device_class;
59
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]60struct async {
61 struct list_head asynclist;
62 struct dev_state *ps;
Harald Welte46113832005-10-10 19:44:29 +0200[diff] [blame^]63 pid_t pid;
64 uid_t uid, euid;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]65 unsigned int signr;
66 unsigned int ifnum;
67 void __user *userbuffer;
68 void __user *userurb;
69 struct urb *urb;
70};
71
72static int usbfs_snoop = 0;
73module_param (usbfs_snoop, bool, S_IRUGO | S_IWUSR);
74MODULE_PARM_DESC (usbfs_snoop, "true to log all usbfs traffic");
75
76#define snoop(dev, format, arg...) \
77 do { \
78 if (usbfs_snoop) \
79 dev_info( dev , format , ## arg); \
80 } while (0)
81
Alan Sternfad21bd2005-08-10 15:15:57 -0400[diff] [blame]82#define USB_DEVICE_DEV MKDEV(USB_DEVICE_MAJOR, 0)
83
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]84
85#define MAX_USBFS_BUFFER_SIZE 16384
86
87static inline int connected (struct usb_device *dev)
88{
89 return dev->state != USB_STATE_NOTATTACHED;
90}
91
92static loff_t usbdev_lseek(struct file *file, loff_t offset, int orig)
93{
94 loff_t ret;
95
96 lock_kernel();
97
98 switch (orig) {
99 case 0:
100 file->f_pos = offset;
101 ret = file->f_pos;
102 break;
103 case 1:
104 file->f_pos += offset;
105 ret = file->f_pos;
106 break;
107 case 2:
108 default:
109 ret = -EINVAL;
110 }
111
112 unlock_kernel();
113 return ret;
114}
115
116static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos)
117{
118 struct dev_state *ps = (struct dev_state *)file->private_data;
119 struct usb_device *dev = ps->dev;
120 ssize_t ret = 0;
121 unsigned len;
122 loff_t pos;
123 int i;
124
125 pos = *ppos;
126 usb_lock_device(dev);
127 if (!connected(dev)) {
128 ret = -ENODEV;
129 goto err;
130 } else if (pos < 0) {
131 ret = -EINVAL;
132 goto err;
133 }
134
135 if (pos < sizeof(struct usb_device_descriptor)) {
136 struct usb_device_descriptor *desc = kmalloc(sizeof(*desc), GFP_KERNEL);
137 if (!desc) {
138 ret = -ENOMEM;
139 goto err;
140 }
141 memcpy(desc, &dev->descriptor, sizeof(dev->descriptor));
142 le16_to_cpus(&desc->bcdUSB);
143 le16_to_cpus(&desc->idVendor);
144 le16_to_cpus(&desc->idProduct);
145 le16_to_cpus(&desc->bcdDevice);
146
147 len = sizeof(struct usb_device_descriptor) - pos;
148 if (len > nbytes)
149 len = nbytes;
150 if (copy_to_user(buf, ((char *)desc) + pos, len)) {
151 kfree(desc);
152 ret = -EFAULT;
153 goto err;
154 }
155 kfree(desc);
156
157 *ppos += len;
158 buf += len;
159 nbytes -= len;
160 ret += len;
161 }
162
163 pos = sizeof(struct usb_device_descriptor);
164 for (i = 0; nbytes && i < dev->descriptor.bNumConfigurations; i++) {
165 struct usb_config_descriptor *config =
166 (struct usb_config_descriptor *)dev->rawdescriptors[i];
167 unsigned int length = le16_to_cpu(config->wTotalLength);
168
169 if (*ppos < pos + length) {
170
171 /* The descriptor may claim to be longer than it
172 * really is. Here is the actual allocated length. */
173 unsigned alloclen =
174 le16_to_cpu(dev->config[i].desc.wTotalLength);
175
176 len = length - (*ppos - pos);
177 if (len > nbytes)
178 len = nbytes;
179
180 /* Simply don't write (skip over) unallocated parts */
181 if (alloclen > (*ppos - pos)) {
182 alloclen -= (*ppos - pos);
183 if (copy_to_user(buf,
184 dev->rawdescriptors[i] + (*ppos - pos),
185 min(len, alloclen))) {
186 ret = -EFAULT;
187 goto err;
188 }
189 }
190
191 *ppos += len;
192 buf += len;
193 nbytes -= len;
194 ret += len;
195 }
196
197 pos += length;
198 }
199
200err:
201 usb_unlock_device(dev);
202 return ret;
203}
204
205/*
206 * async list handling
207 */
208
209static struct async *alloc_async(unsigned int numisoframes)
210{
211 unsigned int assize = sizeof(struct async) + numisoframes * sizeof(struct usb_iso_packet_descriptor);
212 struct async *as = kmalloc(assize, GFP_KERNEL);
213 if (!as)
214 return NULL;
215 memset(as, 0, assize);
216 as->urb = usb_alloc_urb(numisoframes, GFP_KERNEL);
217 if (!as->urb) {
218 kfree(as);
219 return NULL;
220 }
221 return as;
222}
223
224static void free_async(struct async *as)
225{
Jesper Juhl6fd19f42005-04-18 17:39:33 -0700[diff] [blame]226 kfree(as->urb->transfer_buffer);
227 kfree(as->urb->setup_packet);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]228 usb_free_urb(as->urb);
Jesper Juhl6fd19f42005-04-18 17:39:33 -0700[diff] [blame]229 kfree(as);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]230}
231
232static inline void async_newpending(struct async *as)
233{
234 struct dev_state *ps = as->ps;
235 unsigned long flags;
236
237 spin_lock_irqsave(&ps->lock, flags);
238 list_add_tail(&as->asynclist, &ps->async_pending);
239 spin_unlock_irqrestore(&ps->lock, flags);
240}
241
242static inline void async_removepending(struct async *as)
243{
244 struct dev_state *ps = as->ps;
245 unsigned long flags;
246
247 spin_lock_irqsave(&ps->lock, flags);
248 list_del_init(&as->asynclist);
249 spin_unlock_irqrestore(&ps->lock, flags);
250}
251
252static inline struct async *async_getcompleted(struct dev_state *ps)
253{
254 unsigned long flags;
255 struct async *as = NULL;
256
257 spin_lock_irqsave(&ps->lock, flags);
258 if (!list_empty(&ps->async_completed)) {
259 as = list_entry(ps->async_completed.next, struct async, asynclist);
260 list_del_init(&as->asynclist);
261 }
262 spin_unlock_irqrestore(&ps->lock, flags);
263 return as;
264}
265
266static inline struct async *async_getpending(struct dev_state *ps, void __user *userurb)
267{
268 unsigned long flags;
269 struct async *as;
270
271 spin_lock_irqsave(&ps->lock, flags);
272 list_for_each_entry(as, &ps->async_pending, asynclist)
273 if (as->userurb == userurb) {
274 list_del_init(&as->asynclist);
275 spin_unlock_irqrestore(&ps->lock, flags);
276 return as;
277 }
278 spin_unlock_irqrestore(&ps->lock, flags);
279 return NULL;
280}
281
282static void async_completed(struct urb *urb, struct pt_regs *regs)
283{
284 struct async *as = (struct async *)urb->context;
285 struct dev_state *ps = as->ps;
286 struct siginfo sinfo;
287
288 spin_lock(&ps->lock);
289 list_move_tail(&as->asynclist, &ps->async_completed);
290 spin_unlock(&ps->lock);
291 if (as->signr) {
292 sinfo.si_signo = as->signr;
293 sinfo.si_errno = as->urb->status;
294 sinfo.si_code = SI_ASYNCIO;
295 sinfo.si_addr = as->userurb;
Harald Welte46113832005-10-10 19:44:29 +0200[diff] [blame^]296 kill_proc_info_as_uid(as->signr, &sinfo, as->pid, as->uid,
297 as->euid);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]298 }
299 wake_up(&ps->wait);
300}
301
302static void destroy_async (struct dev_state *ps, struct list_head *list)
303{
304 struct async *as;
305 unsigned long flags;
306
307 spin_lock_irqsave(&ps->lock, flags);
308 while (!list_empty(list)) {
309 as = list_entry(list->next, struct async, asynclist);
310 list_del_init(&as->asynclist);
311
312 /* drop the spinlock so the completion handler can run */
313 spin_unlock_irqrestore(&ps->lock, flags);
314 usb_kill_urb(as->urb);
315 spin_lock_irqsave(&ps->lock, flags);
316 }
317 spin_unlock_irqrestore(&ps->lock, flags);
318 as = async_getcompleted(ps);
319 while (as) {
320 free_async(as);
321 as = async_getcompleted(ps);
322 }
323}
324
325static void destroy_async_on_interface (struct dev_state *ps, unsigned int ifnum)
326{
327 struct list_head *p, *q, hitlist;
328 unsigned long flags;
329
330 INIT_LIST_HEAD(&hitlist);
331 spin_lock_irqsave(&ps->lock, flags);
332 list_for_each_safe(p, q, &ps->async_pending)
333 if (ifnum == list_entry(p, struct async, asynclist)->ifnum)
334 list_move_tail(p, &hitlist);
335 spin_unlock_irqrestore(&ps->lock, flags);
336 destroy_async(ps, &hitlist);
337}
338
339static inline void destroy_all_async(struct dev_state *ps)
340{
341 destroy_async(ps, &ps->async_pending);
342}
343
344/*
345 * interface claims are made only at the request of user level code,
346 * which can also release them (explicitly or by closing files).
347 * they're also undone when devices disconnect.
348 */
349
350static int driver_probe (struct usb_interface *intf,
351 const struct usb_device_id *id)
352{
353 return -ENODEV;
354}
355
356static void driver_disconnect(struct usb_interface *intf)
357{
358 struct dev_state *ps = usb_get_intfdata (intf);
359 unsigned int ifnum = intf->altsetting->desc.bInterfaceNumber;
360
361 if (!ps)
362 return;
363
364 /* NOTE: this relies on usbcore having canceled and completed
365 * all pending I/O requests; 2.6 does that.
366 */
367
368 if (likely(ifnum < 8*sizeof(ps->ifclaimed)))
369 clear_bit(ifnum, &ps->ifclaimed);
370 else
371 warn("interface number %u out of range", ifnum);
372
373 usb_set_intfdata (intf, NULL);
374
375 /* force async requests to complete */
376 destroy_async_on_interface(ps, ifnum);
377}
378
379struct usb_driver usbfs_driver = {
380 .owner = THIS_MODULE,
381 .name = "usbfs",
382 .probe = driver_probe,
383 .disconnect = driver_disconnect,
384};
385
386static int claimintf(struct dev_state *ps, unsigned int ifnum)
387{
388 struct usb_device *dev = ps->dev;
389 struct usb_interface *intf;
390 int err;
391
392 if (ifnum >= 8*sizeof(ps->ifclaimed))
393 return -EINVAL;
394 /* already claimed */
395 if (test_bit(ifnum, &ps->ifclaimed))
396 return 0;
397
398 /* lock against other changes to driver bindings */
399 down_write(&usb_bus_type.subsys.rwsem);
400 intf = usb_ifnum_to_if(dev, ifnum);
401 if (!intf)
402 err = -ENOENT;
403 else
404 err = usb_driver_claim_interface(&usbfs_driver, intf, ps);
405 up_write(&usb_bus_type.subsys.rwsem);
406 if (err == 0)
407 set_bit(ifnum, &ps->ifclaimed);
408 return err;
409}
410
411static int releaseintf(struct dev_state *ps, unsigned int ifnum)
412{
413 struct usb_device *dev;
414 struct usb_interface *intf;
415 int err;
416
417 err = -EINVAL;
418 if (ifnum >= 8*sizeof(ps->ifclaimed))
419 return err;
420 dev = ps->dev;
421 /* lock against other changes to driver bindings */
422 down_write(&usb_bus_type.subsys.rwsem);
423 intf = usb_ifnum_to_if(dev, ifnum);
424 if (!intf)
425 err = -ENOENT;
426 else if (test_and_clear_bit(ifnum, &ps->ifclaimed)) {
427 usb_driver_release_interface(&usbfs_driver, intf);
428 err = 0;
429 }
430 up_write(&usb_bus_type.subsys.rwsem);
431 return err;
432}
433
434static int checkintf(struct dev_state *ps, unsigned int ifnum)
435{
436 if (ps->dev->state != USB_STATE_CONFIGURED)
437 return -EHOSTUNREACH;
438 if (ifnum >= 8*sizeof(ps->ifclaimed))
439 return -EINVAL;
440 if (test_bit(ifnum, &ps->ifclaimed))
441 return 0;
442 /* if not yet claimed, claim it for the driver */
443 dev_warn(&ps->dev->dev, "usbfs: process %d (%s) did not claim interface %u before use\n",
444 current->pid, current->comm, ifnum);
445 return claimintf(ps, ifnum);
446}
447
448static int findintfep(struct usb_device *dev, unsigned int ep)
449{
450 unsigned int i, j, e;
451 struct usb_interface *intf;
452 struct usb_host_interface *alts;
453 struct usb_endpoint_descriptor *endpt;
454
455 if (ep & ~(USB_DIR_IN|0xf))
456 return -EINVAL;
457 if (!dev->actconfig)
458 return -ESRCH;
459 for (i = 0; i < dev->actconfig->desc.bNumInterfaces; i++) {
460 intf = dev->actconfig->interface[i];
461 for (j = 0; j < intf->num_altsetting; j++) {
462 alts = &intf->altsetting[j];
463 for (e = 0; e < alts->desc.bNumEndpoints; e++) {
464 endpt = &alts->endpoint[e].desc;
465 if (endpt->bEndpointAddress == ep)
466 return alts->desc.bInterfaceNumber;
467 }
468 }
469 }
470 return -ENOENT;
471}
472
473static int check_ctrlrecip(struct dev_state *ps, unsigned int requesttype, unsigned int index)
474{
475 int ret = 0;
476
477 if (ps->dev->state != USB_STATE_CONFIGURED)
478 return -EHOSTUNREACH;
479 if (USB_TYPE_VENDOR == (USB_TYPE_MASK & requesttype))
480 return 0;
481
482 index &= 0xff;
483 switch (requesttype & USB_RECIP_MASK) {
484 case USB_RECIP_ENDPOINT:
485 if ((ret = findintfep(ps->dev, index)) >= 0)
486 ret = checkintf(ps, ret);
487 break;
488
489 case USB_RECIP_INTERFACE:
490 ret = checkintf(ps, index);
491 break;
492 }
493 return ret;
494}
495
496/*
497 * file operations
498 */
499static int usbdev_open(struct inode *inode, struct file *file)
500{
Kay Sieversfbf82fd2005-07-31 01:05:53 +0200[diff] [blame]501 struct usb_device *dev = NULL;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]502 struct dev_state *ps;
503 int ret;
504
505 /*
506 * no locking necessary here, as chrdev_open has the kernel lock
507 * (still acquire the kernel lock for safety)
508 */
509 ret = -ENOMEM;
510 if (!(ps = kmalloc(sizeof(struct dev_state), GFP_KERNEL)))
511 goto out_nolock;
512
513 lock_kernel();
514 ret = -ENOENT;
Kay Sieversfbf82fd2005-07-31 01:05:53 +0200[diff] [blame]515 /* check if we are called from a real node or usbfs */
516 if (imajor(inode) == USB_DEVICE_MAJOR)
517 dev = usbdev_lookup_minor(iminor(inode));
518 if (!dev)
519 dev = inode->u.generic_ip;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]520 if (!dev) {
521 kfree(ps);
522 goto out;
523 }
Kay Sieversfbf82fd2005-07-31 01:05:53 +0200[diff] [blame]524 usb_get_dev(dev);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]525 ret = 0;
526 ps->dev = dev;
527 ps->file = file;
528 spin_lock_init(&ps->lock);
529 INIT_LIST_HEAD(&ps->async_pending);
530 INIT_LIST_HEAD(&ps->async_completed);
531 init_waitqueue_head(&ps->wait);
532 ps->discsignr = 0;
533 ps->disctask = current;
534 ps->disccontext = NULL;
535 ps->ifclaimed = 0;
536 wmb();
537 list_add_tail(&ps->list, &dev->filelist);
538 file->private_data = ps;
539 out:
540 unlock_kernel();
541 out_nolock:
542 return ret;
543}
544
545static int usbdev_release(struct inode *inode, struct file *file)
546{
547 struct dev_state *ps = (struct dev_state *)file->private_data;
548 struct usb_device *dev = ps->dev;
549 unsigned int ifnum;
550
551 usb_lock_device(dev);
552 list_del_init(&ps->list);
553 for (ifnum = 0; ps->ifclaimed && ifnum < 8*sizeof(ps->ifclaimed);
554 ifnum++) {
555 if (test_bit(ifnum, &ps->ifclaimed))
556 releaseintf(ps, ifnum);
557 }
558 destroy_all_async(ps);
559 usb_unlock_device(dev);
560 usb_put_dev(dev);
561 ps->dev = NULL;
562 kfree(ps);
563 return 0;
564}
565
566static int proc_control(struct dev_state *ps, void __user *arg)
567{
568 struct usb_device *dev = ps->dev;
569 struct usbdevfs_ctrltransfer ctrl;
570 unsigned int tmo;
571 unsigned char *tbuf;
572 int i, j, ret;
573
574 if (copy_from_user(&ctrl, arg, sizeof(ctrl)))
575 return -EFAULT;
576 if ((ret = check_ctrlrecip(ps, ctrl.bRequestType, ctrl.wIndex)))
577 return ret;
578 if (ctrl.wLength > PAGE_SIZE)
579 return -EINVAL;
580 if (!(tbuf = (unsigned char *)__get_free_page(GFP_KERNEL)))
581 return -ENOMEM;
582 tmo = ctrl.timeout;
583 if (ctrl.bRequestType & 0x80) {
584 if (ctrl.wLength && !access_ok(VERIFY_WRITE, ctrl.data, ctrl.wLength)) {
585 free_page((unsigned long)tbuf);
586 return -EINVAL;
587 }
Alan Sternfe0410c2005-07-29 12:16:58 -0700[diff] [blame]588 snoop(&dev->dev, "control read: bRequest=%02x "
589 "bRrequestType=%02x wValue=%04x "
590 "wIndex=%04x wLength=%04x\n",
591 ctrl.bRequest, ctrl.bRequestType, ctrl.wValue,
592 ctrl.wIndex, ctrl.wLength);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]593
594 usb_unlock_device(dev);
595 i = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0), ctrl.bRequest, ctrl.bRequestType,
596 ctrl.wValue, ctrl.wIndex, tbuf, ctrl.wLength, tmo);
597 usb_lock_device(dev);
598 if ((i > 0) && ctrl.wLength) {
599 if (usbfs_snoop) {
600 dev_info(&dev->dev, "control read: data ");
Alan Sternfe0410c2005-07-29 12:16:58 -0700[diff] [blame]601 for (j = 0; j < i; ++j)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]602 printk ("%02x ", (unsigned char)(tbuf)[j]);
603 printk("\n");
604 }
Alan Sternfe0410c2005-07-29 12:16:58 -0700[diff] [blame]605 if (copy_to_user(ctrl.data, tbuf, i)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]606 free_page((unsigned long)tbuf);
607 return -EFAULT;
608 }
609 }
610 } else {
611 if (ctrl.wLength) {
612 if (copy_from_user(tbuf, ctrl.data, ctrl.wLength)) {
613 free_page((unsigned long)tbuf);
614 return -EFAULT;
615 }
616 }
Alan Sternfe0410c2005-07-29 12:16:58 -0700[diff] [blame]617 snoop(&dev->dev, "control write: bRequest=%02x "
618 "bRrequestType=%02x wValue=%04x "
619 "wIndex=%04x wLength=%04x\n",
620 ctrl.bRequest, ctrl.bRequestType, ctrl.wValue,
621 ctrl.wIndex, ctrl.wLength);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]622 if (usbfs_snoop) {
623 dev_info(&dev->dev, "control write: data: ");
624 for (j = 0; j < ctrl.wLength; ++j)
625 printk ("%02x ", (unsigned char)(tbuf)[j]);
626 printk("\n");
627 }
628 usb_unlock_device(dev);
629 i = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), ctrl.bRequest, ctrl.bRequestType,
630 ctrl.wValue, ctrl.wIndex, tbuf, ctrl.wLength, tmo);
631 usb_lock_device(dev);
632 }
633 free_page((unsigned long)tbuf);
634 if (i<0 && i != -EPIPE) {
635 dev_printk(KERN_DEBUG, &dev->dev, "usbfs: USBDEVFS_CONTROL "
636 "failed cmd %s rqt %u rq %u len %u ret %d\n",
637 current->comm, ctrl.bRequestType, ctrl.bRequest,
638 ctrl.wLength, i);
639 }
640 return i;
641}
642
643static int proc_bulk(struct dev_state *ps, void __user *arg)
644{
645 struct usb_device *dev = ps->dev;
646 struct usbdevfs_bulktransfer bulk;
647 unsigned int tmo, len1, pipe;
648 int len2;
649 unsigned char *tbuf;
650 int i, ret;
651
652 if (copy_from_user(&bulk, arg, sizeof(bulk)))
653 return -EFAULT;
654 if ((ret = findintfep(ps->dev, bulk.ep)) < 0)
655 return ret;
656 if ((ret = checkintf(ps, ret)))
657 return ret;
658 if (bulk.ep & USB_DIR_IN)
659 pipe = usb_rcvbulkpipe(dev, bulk.ep & 0x7f);
660 else
661 pipe = usb_sndbulkpipe(dev, bulk.ep & 0x7f);
662 if (!usb_maxpacket(dev, pipe, !(bulk.ep & USB_DIR_IN)))
663 return -EINVAL;
664 len1 = bulk.len;
665 if (len1 > MAX_USBFS_BUFFER_SIZE)
666 return -EINVAL;
667 if (!(tbuf = kmalloc(len1, GFP_KERNEL)))
668 return -ENOMEM;
669 tmo = bulk.timeout;
670 if (bulk.ep & 0x80) {
671 if (len1 && !access_ok(VERIFY_WRITE, bulk.data, len1)) {
672 kfree(tbuf);
673 return -EINVAL;
674 }
675 usb_unlock_device(dev);
676 i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo);
677 usb_lock_device(dev);
678 if (!i && len2) {
679 if (copy_to_user(bulk.data, tbuf, len2)) {
680 kfree(tbuf);
681 return -EFAULT;
682 }
683 }
684 } else {
685 if (len1) {
686 if (copy_from_user(tbuf, bulk.data, len1)) {
687 kfree(tbuf);
688 return -EFAULT;
689 }
690 }
691 usb_unlock_device(dev);
692 i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo);
693 usb_lock_device(dev);
694 }
695 kfree(tbuf);
696 if (i < 0)
697 return i;
698 return len2;
699}
700
701static int proc_resetep(struct dev_state *ps, void __user *arg)
702{
703 unsigned int ep;
704 int ret;
705
706 if (get_user(ep, (unsigned int __user *)arg))
707 return -EFAULT;
708 if ((ret = findintfep(ps->dev, ep)) < 0)
709 return ret;
710 if ((ret = checkintf(ps, ret)))
711 return ret;
712 usb_settoggle(ps->dev, ep & 0xf, !(ep & USB_DIR_IN), 0);
713 return 0;
714}
715
716static int proc_clearhalt(struct dev_state *ps, void __user *arg)
717{
718 unsigned int ep;
719 int pipe;
720 int ret;
721
722 if (get_user(ep, (unsigned int __user *)arg))
723 return -EFAULT;
724 if ((ret = findintfep(ps->dev, ep)) < 0)
725 return ret;
726 if ((ret = checkintf(ps, ret)))
727 return ret;
728 if (ep & USB_DIR_IN)
729 pipe = usb_rcvbulkpipe(ps->dev, ep & 0x7f);
730 else
731 pipe = usb_sndbulkpipe(ps->dev, ep & 0x7f);
732
733 return usb_clear_halt(ps->dev, pipe);
734}
735
736
737static int proc_getdriver(struct dev_state *ps, void __user *arg)
738{
739 struct usbdevfs_getdriver gd;
740 struct usb_interface *intf;
741 int ret;
742
743 if (copy_from_user(&gd, arg, sizeof(gd)))
744 return -EFAULT;
745 down_read(&usb_bus_type.subsys.rwsem);
746 intf = usb_ifnum_to_if(ps->dev, gd.interface);
747 if (!intf || !intf->dev.driver)
748 ret = -ENODATA;
749 else {
750 strncpy(gd.driver, intf->dev.driver->name,
751 sizeof(gd.driver));
752 ret = (copy_to_user(arg, &gd, sizeof(gd)) ? -EFAULT : 0);
753 }
754 up_read(&usb_bus_type.subsys.rwsem);
755 return ret;
756}
757
758static int proc_connectinfo(struct dev_state *ps, void __user *arg)
759{
760 struct usbdevfs_connectinfo ci;
761
762 ci.devnum = ps->dev->devnum;
763 ci.slow = ps->dev->speed == USB_SPEED_LOW;
764 if (copy_to_user(arg, &ci, sizeof(ci)))
765 return -EFAULT;
766 return 0;
767}
768
769static int proc_resetdevice(struct dev_state *ps)
770{
771 return usb_reset_device(ps->dev);
772
773}
774
775static int proc_setintf(struct dev_state *ps, void __user *arg)
776{
777 struct usbdevfs_setinterface setintf;
778 int ret;
779
780 if (copy_from_user(&setintf, arg, sizeof(setintf)))
781 return -EFAULT;
782 if ((ret = checkintf(ps, setintf.interface)))
783 return ret;
784 return usb_set_interface(ps->dev, setintf.interface,
785 setintf.altsetting);
786}
787
788static int proc_setconfig(struct dev_state *ps, void __user *arg)
789{
790 unsigned int u;
791 int status = 0;
792 struct usb_host_config *actconfig;
793
794 if (get_user(u, (unsigned int __user *)arg))
795 return -EFAULT;
796
797 actconfig = ps->dev->actconfig;
798
799 /* Don't touch the device if any interfaces are claimed.
800 * It could interfere with other drivers' operations, and if
801 * an interface is claimed by usbfs it could easily deadlock.
802 */
803 if (actconfig) {
804 int i;
805
806 for (i = 0; i < actconfig->desc.bNumInterfaces; ++i) {
807 if (usb_interface_claimed(actconfig->interface[i])) {
808 dev_warn (&ps->dev->dev,
David Brownell72ebddb2005-04-11 18:34:17 -0700[diff] [blame]809 "usbfs: interface %d claimed by %s "
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]810 "while '%s' sets config #%d\n",
811 actconfig->interface[i]
812 ->cur_altsetting
813 ->desc.bInterfaceNumber,
David Brownell72ebddb2005-04-11 18:34:17 -0700[diff] [blame]814 actconfig->interface[i]
815 ->dev.driver->name,
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]816 current->comm, u);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]817 status = -EBUSY;
818 break;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]819 }
820 }
821 }
822
823 /* SET_CONFIGURATION is often abused as a "cheap" driver reset,
824 * so avoid usb_set_configuration()'s kick to sysfs
825 */
826 if (status == 0) {
827 if (actconfig && actconfig->desc.bConfigurationValue == u)
828 status = usb_reset_configuration(ps->dev);
829 else
830 status = usb_set_configuration(ps->dev, u);
831 }
832
833 return status;
834}
835
836
837static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb,
838 struct usbdevfs_iso_packet_desc __user *iso_frame_desc,
839 void __user *arg)
840{
841 struct usbdevfs_iso_packet_desc *isopkt = NULL;
842 struct usb_host_endpoint *ep;
843 struct async *as;
844 struct usb_ctrlrequest *dr = NULL;
845 unsigned int u, totlen, isofrmlen;
846 int ret, interval = 0, ifnum = -1;
847
848 if (uurb->flags & ~(USBDEVFS_URB_ISO_ASAP|USBDEVFS_URB_SHORT_NOT_OK|
849 URB_NO_FSBR|URB_ZERO_PACKET))
850 return -EINVAL;
851 if (!uurb->buffer)
852 return -EINVAL;
853 if (uurb->signr != 0 && (uurb->signr < SIGRTMIN || uurb->signr > SIGRTMAX))
854 return -EINVAL;
855 if (!(uurb->type == USBDEVFS_URB_TYPE_CONTROL && (uurb->endpoint & ~USB_ENDPOINT_DIR_MASK) == 0)) {
856 if ((ifnum = findintfep(ps->dev, uurb->endpoint)) < 0)
857 return ifnum;
858 if ((ret = checkintf(ps, ifnum)))
859 return ret;
860 }
861 if ((uurb->endpoint & USB_ENDPOINT_DIR_MASK) != 0)
862 ep = ps->dev->ep_in [uurb->endpoint & USB_ENDPOINT_NUMBER_MASK];
863 else
864 ep = ps->dev->ep_out [uurb->endpoint & USB_ENDPOINT_NUMBER_MASK];
865 if (!ep)
866 return -ENOENT;
867 switch(uurb->type) {
868 case USBDEVFS_URB_TYPE_CONTROL:
869 if ((ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK)
870 != USB_ENDPOINT_XFER_CONTROL)
871 return -EINVAL;
872 /* min 8 byte setup packet, max arbitrary */
873 if (uurb->buffer_length < 8 || uurb->buffer_length > PAGE_SIZE)
874 return -EINVAL;
875 if (!(dr = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL)))
876 return -ENOMEM;
877 if (copy_from_user(dr, uurb->buffer, 8)) {
878 kfree(dr);
879 return -EFAULT;
880 }
881 if (uurb->buffer_length < (le16_to_cpup(&dr->wLength) + 8)) {
882 kfree(dr);
883 return -EINVAL;
884 }
885 if ((ret = check_ctrlrecip(ps, dr->bRequestType, le16_to_cpup(&dr->wIndex)))) {
886 kfree(dr);
887 return ret;
888 }
889 uurb->endpoint = (uurb->endpoint & ~USB_ENDPOINT_DIR_MASK) | (dr->bRequestType & USB_ENDPOINT_DIR_MASK);
890 uurb->number_of_packets = 0;
891 uurb->buffer_length = le16_to_cpup(&dr->wLength);
892 uurb->buffer += 8;
893 if (!access_ok((uurb->endpoint & USB_DIR_IN) ? VERIFY_WRITE : VERIFY_READ, uurb->buffer, uurb->buffer_length)) {
894 kfree(dr);
895 return -EFAULT;
896 }
897 break;
898
899 case USBDEVFS_URB_TYPE_BULK:
900 switch (ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) {
901 case USB_ENDPOINT_XFER_CONTROL:
902 case USB_ENDPOINT_XFER_ISOC:
903 return -EINVAL;
904 /* allow single-shot interrupt transfers, at bogus rates */
905 }
906 uurb->number_of_packets = 0;
907 if (uurb->buffer_length > MAX_USBFS_BUFFER_SIZE)
908 return -EINVAL;
909 if (!access_ok((uurb->endpoint & USB_DIR_IN) ? VERIFY_WRITE : VERIFY_READ, uurb->buffer, uurb->buffer_length))
910 return -EFAULT;
911 break;
912
913 case USBDEVFS_URB_TYPE_ISO:
914 /* arbitrary limit */
915 if (uurb->number_of_packets < 1 || uurb->number_of_packets > 128)
916 return -EINVAL;
917 if ((ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK)
918 != USB_ENDPOINT_XFER_ISOC)
919 return -EINVAL;
920 interval = 1 << min (15, ep->desc.bInterval - 1);
921 isofrmlen = sizeof(struct usbdevfs_iso_packet_desc) * uurb->number_of_packets;
922 if (!(isopkt = kmalloc(isofrmlen, GFP_KERNEL)))
923 return -ENOMEM;
924 if (copy_from_user(isopkt, iso_frame_desc, isofrmlen)) {
925 kfree(isopkt);
926 return -EFAULT;
927 }
928 for (totlen = u = 0; u < uurb->number_of_packets; u++) {
929 if (isopkt[u].length > 1023) {
930 kfree(isopkt);
931 return -EINVAL;
932 }
933 totlen += isopkt[u].length;
934 }
935 if (totlen > 32768) {
936 kfree(isopkt);
937 return -EINVAL;
938 }
939 uurb->buffer_length = totlen;
940 break;
941
942 case USBDEVFS_URB_TYPE_INTERRUPT:
943 uurb->number_of_packets = 0;
944 if ((ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK)
945 != USB_ENDPOINT_XFER_INT)
946 return -EINVAL;
947 if (ps->dev->speed == USB_SPEED_HIGH)
948 interval = 1 << min (15, ep->desc.bInterval - 1);
949 else
950 interval = ep->desc.bInterval;
951 if (uurb->buffer_length > MAX_USBFS_BUFFER_SIZE)
952 return -EINVAL;
953 if (!access_ok((uurb->endpoint & USB_DIR_IN) ? VERIFY_WRITE : VERIFY_READ, uurb->buffer, uurb->buffer_length))
954 return -EFAULT;
955 break;
956
957 default:
958 return -EINVAL;
959 }
960 if (!(as = alloc_async(uurb->number_of_packets))) {
Jesper Juhl6fd19f42005-04-18 17:39:33 -0700[diff] [blame]961 kfree(isopkt);
962 kfree(dr);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]963 return -ENOMEM;
964 }
965 if (!(as->urb->transfer_buffer = kmalloc(uurb->buffer_length, GFP_KERNEL))) {
Jesper Juhl6fd19f42005-04-18 17:39:33 -0700[diff] [blame]966 kfree(isopkt);
967 kfree(dr);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]968 free_async(as);
969 return -ENOMEM;
970 }
971 as->urb->dev = ps->dev;
972 as->urb->pipe = (uurb->type << 30) | __create_pipe(ps->dev, uurb->endpoint & 0xf) | (uurb->endpoint & USB_DIR_IN);
973 as->urb->transfer_flags = uurb->flags;
974 as->urb->transfer_buffer_length = uurb->buffer_length;
975 as->urb->setup_packet = (unsigned char*)dr;
976 as->urb->start_frame = uurb->start_frame;
977 as->urb->number_of_packets = uurb->number_of_packets;
978 as->urb->interval = interval;
979 as->urb->context = as;
980 as->urb->complete = async_completed;
981 for (totlen = u = 0; u < uurb->number_of_packets; u++) {
982 as->urb->iso_frame_desc[u].offset = totlen;
983 as->urb->iso_frame_desc[u].length = isopkt[u].length;
984 totlen += isopkt[u].length;
985 }
Jesper Juhl6fd19f42005-04-18 17:39:33 -0700[diff] [blame]986 kfree(isopkt);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]987 as->ps = ps;
988 as->userurb = arg;
989 if (uurb->endpoint & USB_DIR_IN)
990 as->userbuffer = uurb->buffer;
991 else
992 as->userbuffer = NULL;
993 as->signr = uurb->signr;
994 as->ifnum = ifnum;
Harald Welte46113832005-10-10 19:44:29 +0200[diff] [blame^]995 as->pid = current->pid;
996 as->uid = current->uid;
997 as->euid = current->euid;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]998 if (!(uurb->endpoint & USB_DIR_IN)) {
999 if (copy_from_user(as->urb->transfer_buffer, uurb->buffer, as->urb->transfer_buffer_length)) {
1000 free_async(as);
1001 return -EFAULT;
1002 }
1003 }
1004 async_newpending(as);
1005 if ((ret = usb_submit_urb(as->urb, GFP_KERNEL))) {
1006 dev_printk(KERN_DEBUG, &ps->dev->dev, "usbfs: usb_submit_urb returned %d\n", ret);
1007 async_removepending(as);
1008 free_async(as);
1009 return ret;
1010 }
1011 return 0;
1012}
1013
1014static int proc_submiturb(struct dev_state *ps, void __user *arg)
1015{
1016 struct usbdevfs_urb uurb;
1017
1018 if (copy_from_user(&uurb, arg, sizeof(uurb)))
1019 return -EFAULT;
1020
1021 return proc_do_submiturb(ps, &uurb, (((struct usbdevfs_urb __user *)arg)->iso_frame_desc), arg);
1022}
1023
1024static int proc_unlinkurb(struct dev_state *ps, void __user *arg)
1025{
1026 struct async *as;
1027
1028 as = async_getpending(ps, arg);
1029 if (!as)
1030 return -EINVAL;
1031 usb_kill_urb(as->urb);
1032 return 0;
1033}
1034
1035static int processcompl(struct async *as, void __user * __user *arg)
1036{
1037 struct urb *urb = as->urb;
1038 struct usbdevfs_urb __user *userurb = as->userurb;
1039 void __user *addr = as->userurb;
1040 unsigned int i;
1041
1042 if (as->userbuffer)
1043 if (copy_to_user(as->userbuffer, urb->transfer_buffer, urb->transfer_buffer_length))
1044 return -EFAULT;
1045 if (put_user(urb->status, &userurb->status))
1046 return -EFAULT;
1047 if (put_user(urb->actual_length, &userurb->actual_length))
1048 return -EFAULT;
1049 if (put_user(urb->error_count, &userurb->error_count))
1050 return -EFAULT;
1051
Christopher Li668a9542005-04-18 17:39:26 -0700[diff] [blame]1052 if (usb_pipeisoc(urb->pipe)) {
1053 for (i = 0; i < urb->number_of_packets; i++) {
1054 if (put_user(urb->iso_frame_desc[i].actual_length,
1055 &userurb->iso_frame_desc[i].actual_length))
1056 return -EFAULT;
1057 if (put_user(urb->iso_frame_desc[i].status,
1058 &userurb->iso_frame_desc[i].status))
1059 return -EFAULT;
1060 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1061 }
1062
1063 free_async(as);
1064
1065 if (put_user(addr, (void __user * __user *)arg))
1066 return -EFAULT;
1067 return 0;
1068}
1069
1070static struct async* reap_as(struct dev_state *ps)
1071{
1072 DECLARE_WAITQUEUE(wait, current);
1073 struct async *as = NULL;
1074 struct usb_device *dev = ps->dev;
1075
1076 add_wait_queue(&ps->wait, &wait);
1077 for (;;) {
1078 __set_current_state(TASK_INTERRUPTIBLE);
1079 if ((as = async_getcompleted(ps)))
1080 break;
1081 if (signal_pending(current))
1082 break;
1083 usb_unlock_device(dev);
1084 schedule();
1085 usb_lock_device(dev);
1086 }
1087 remove_wait_queue(&ps->wait, &wait);
1088 set_current_state(TASK_RUNNING);
1089 return as;
1090}
1091
1092static int proc_reapurb(struct dev_state *ps, void __user *arg)
1093{
1094 struct async *as = reap_as(ps);
1095 if (as)
1096 return processcompl(as, (void __user * __user *)arg);
1097 if (signal_pending(current))
1098 return -EINTR;
1099 return -EIO;
1100}
1101
1102static int proc_reapurbnonblock(struct dev_state *ps, void __user *arg)
1103{
1104 struct async *as;
1105
1106 if (!(as = async_getcompleted(ps)))
1107 return -EAGAIN;
1108 return processcompl(as, (void __user * __user *)arg);
1109}
1110
1111#ifdef CONFIG_COMPAT
1112
1113static int get_urb32(struct usbdevfs_urb *kurb,
1114 struct usbdevfs_urb32 __user *uurb)
1115{
1116 __u32 uptr;
1117 if (get_user(kurb->type, &uurb->type) ||
1118 __get_user(kurb->endpoint, &uurb->endpoint) ||
1119 __get_user(kurb->status, &uurb->status) ||
1120 __get_user(kurb->flags, &uurb->flags) ||
1121 __get_user(kurb->buffer_length, &uurb->buffer_length) ||
1122 __get_user(kurb->actual_length, &uurb->actual_length) ||
1123 __get_user(kurb->start_frame, &uurb->start_frame) ||
1124 __get_user(kurb->number_of_packets, &uurb->number_of_packets) ||
1125 __get_user(kurb->error_count, &uurb->error_count) ||
1126 __get_user(kurb->signr, &uurb->signr))
1127 return -EFAULT;
1128
1129 if (__get_user(uptr, &uurb->buffer))
1130 return -EFAULT;
1131 kurb->buffer = compat_ptr(uptr);
1132 if (__get_user(uptr, &uurb->buffer))
1133 return -EFAULT;
1134 kurb->usercontext = compat_ptr(uptr);
1135
1136 return 0;
1137}
1138
1139static int proc_submiturb_compat(struct dev_state *ps, void __user *arg)
1140{
1141 struct usbdevfs_urb uurb;
1142
1143 if (get_urb32(&uurb,(struct usbdevfs_urb32 *)arg))
1144 return -EFAULT;
1145
Christopher Li668a9542005-04-18 17:39:26 -0700[diff] [blame]1146 return proc_do_submiturb(ps, &uurb, ((struct usbdevfs_urb32 __user *)arg)->iso_frame_desc, arg);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1147}
1148
1149static int processcompl_compat(struct async *as, void __user * __user *arg)
1150{
1151 struct urb *urb = as->urb;
1152 struct usbdevfs_urb32 __user *userurb = as->userurb;
1153 void __user *addr = as->userurb;
1154 unsigned int i;
1155
1156 if (as->userbuffer)
1157 if (copy_to_user(as->userbuffer, urb->transfer_buffer, urb->transfer_buffer_length))
1158 return -EFAULT;
1159 if (put_user(urb->status, &userurb->status))
1160 return -EFAULT;
1161 if (put_user(urb->actual_length, &userurb->actual_length))
1162 return -EFAULT;
1163 if (put_user(urb->error_count, &userurb->error_count))
1164 return -EFAULT;
1165
Christopher Li668a9542005-04-18 17:39:26 -0700[diff] [blame]1166 if (usb_pipeisoc(urb->pipe)) {
1167 for (i = 0; i < urb->number_of_packets; i++) {
1168 if (put_user(urb->iso_frame_desc[i].actual_length,
1169 &userurb->iso_frame_desc[i].actual_length))
1170 return -EFAULT;
1171 if (put_user(urb->iso_frame_desc[i].status,
1172 &userurb->iso_frame_desc[i].status))
1173 return -EFAULT;
1174 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1175 }
1176
1177 free_async(as);
1178 if (put_user((u32)(u64)addr, (u32 __user *)arg))
1179 return -EFAULT;
1180 return 0;
1181}
1182
1183static int proc_reapurb_compat(struct dev_state *ps, void __user *arg)
1184{
1185 struct async *as = reap_as(ps);
1186 if (as)
1187 return processcompl_compat(as, (void __user * __user *)arg);
1188 if (signal_pending(current))
1189 return -EINTR;
1190 return -EIO;
1191}
1192
1193static int proc_reapurbnonblock_compat(struct dev_state *ps, void __user *arg)
1194{
1195 struct async *as;
1196
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1197 if (!(as = async_getcompleted(ps)))
1198 return -EAGAIN;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1199 return processcompl_compat(as, (void __user * __user *)arg);
1200}
1201
1202#endif
1203
1204static int proc_disconnectsignal(struct dev_state *ps, void __user *arg)
1205{
1206 struct usbdevfs_disconnectsignal ds;
1207
1208 if (copy_from_user(&ds, arg, sizeof(ds)))
1209 return -EFAULT;
1210 if (ds.signr != 0 && (ds.signr < SIGRTMIN || ds.signr > SIGRTMAX))
1211 return -EINVAL;
1212 ps->discsignr = ds.signr;
1213 ps->disccontext = ds.context;
1214 return 0;
1215}
1216
1217static int proc_claiminterface(struct dev_state *ps, void __user *arg)
1218{
1219 unsigned int ifnum;
1220
1221 if (get_user(ifnum, (unsigned int __user *)arg))
1222 return -EFAULT;
1223 return claimintf(ps, ifnum);
1224}
1225
1226static int proc_releaseinterface(struct dev_state *ps, void __user *arg)
1227{
1228 unsigned int ifnum;
1229 int ret;
1230
1231 if (get_user(ifnum, (unsigned int __user *)arg))
1232 return -EFAULT;
1233 if ((ret = releaseintf(ps, ifnum)) < 0)
1234 return ret;
1235 destroy_async_on_interface (ps, ifnum);
1236 return 0;
1237}
1238
1239static int proc_ioctl (struct dev_state *ps, void __user *arg)
1240{
1241 struct usbdevfs_ioctl ctrl;
1242 int size;
1243 void *buf = NULL;
1244 int retval = 0;
1245 struct usb_interface *intf = NULL;
1246 struct usb_driver *driver = NULL;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1247
1248 /* get input parameters and alloc buffer */
1249 if (copy_from_user(&ctrl, arg, sizeof (ctrl)))
1250 return -EFAULT;
1251 if ((size = _IOC_SIZE (ctrl.ioctl_code)) > 0) {
1252 if ((buf = kmalloc (size, GFP_KERNEL)) == NULL)
1253 return -ENOMEM;
1254 if ((_IOC_DIR(ctrl.ioctl_code) & _IOC_WRITE)) {
1255 if (copy_from_user (buf, ctrl.data, size)) {
Jesper Juhl6fd19f42005-04-18 17:39:33 -0700[diff] [blame]1256 kfree(buf);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1257 return -EFAULT;
1258 }
1259 } else {
1260 memset (buf, 0, size);
1261 }
1262 }
1263
1264 if (!connected(ps->dev)) {
Jesper Juhl6fd19f42005-04-18 17:39:33 -0700[diff] [blame]1265 kfree(buf);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1266 return -ENODEV;
1267 }
1268
1269 if (ps->dev->state != USB_STATE_CONFIGURED)
1270 retval = -EHOSTUNREACH;
1271 else if (!(intf = usb_ifnum_to_if (ps->dev, ctrl.ifno)))
1272 retval = -EINVAL;
1273 else switch (ctrl.ioctl_code) {
1274
1275 /* disconnect kernel driver from interface */
1276 case USBDEVFS_DISCONNECT:
1277
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1278 down_write(&usb_bus_type.subsys.rwsem);
1279 if (intf->dev.driver) {
1280 driver = to_usb_driver(intf->dev.driver);
1281 dev_dbg (&intf->dev, "disconnect by usbfs\n");
1282 usb_driver_release_interface(driver, intf);
1283 } else
1284 retval = -ENODATA;
1285 up_write(&usb_bus_type.subsys.rwsem);
1286 break;
1287
1288 /* let kernel drivers try to (re)bind to the interface */
1289 case USBDEVFS_CONNECT:
1290 usb_unlock_device(ps->dev);
1291 usb_lock_all_devices();
1292 bus_rescan_devices(intf->dev.bus);
1293 usb_unlock_all_devices();
1294 usb_lock_device(ps->dev);
1295 break;
1296
1297 /* talk directly to the interface's driver */
1298 default:
1299 down_read(&usb_bus_type.subsys.rwsem);
1300 if (intf->dev.driver)
1301 driver = to_usb_driver(intf->dev.driver);
1302 if (driver == NULL || driver->ioctl == NULL) {
1303 retval = -ENOTTY;
1304 } else {
1305 retval = driver->ioctl (intf, ctrl.ioctl_code, buf);
1306 if (retval == -ENOIOCTLCMD)
1307 retval = -ENOTTY;
1308 }
1309 up_read(&usb_bus_type.subsys.rwsem);
1310 }
1311
1312 /* cleanup and return */
1313 if (retval >= 0
1314 && (_IOC_DIR (ctrl.ioctl_code) & _IOC_READ) != 0
1315 && size > 0
1316 && copy_to_user (ctrl.data, buf, size) != 0)
1317 retval = -EFAULT;
Jesper Juhl6fd19f42005-04-18 17:39:33 -0700[diff] [blame]1318
1319 kfree(buf);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1320 return retval;
1321}
1322
1323/*
1324 * NOTE: All requests here that have interface numbers as parameters
1325 * are assuming that somehow the configuration has been prevented from
1326 * changing. But there's no mechanism to ensure that...
1327 */
1328static int usbdev_ioctl(struct inode *inode, struct file *file, unsigned int cmd, unsigned long arg)
1329{
1330 struct dev_state *ps = (struct dev_state *)file->private_data;
1331 struct usb_device *dev = ps->dev;
1332 void __user *p = (void __user *)arg;
1333 int ret = -ENOTTY;
1334
1335 if (!(file->f_mode & FMODE_WRITE))
1336 return -EPERM;
1337 usb_lock_device(dev);
1338 if (!connected(dev)) {
1339 usb_unlock_device(dev);
1340 return -ENODEV;
1341 }
1342
1343 switch (cmd) {
1344 case USBDEVFS_CONTROL:
1345 snoop(&dev->dev, "%s: CONTROL\n", __FUNCTION__);
1346 ret = proc_control(ps, p);
1347 if (ret >= 0)
1348 inode->i_mtime = CURRENT_TIME;
1349 break;
1350
1351 case USBDEVFS_BULK:
1352 snoop(&dev->dev, "%s: BULK\n", __FUNCTION__);
1353 ret = proc_bulk(ps, p);
1354 if (ret >= 0)
1355 inode->i_mtime = CURRENT_TIME;
1356 break;
1357
1358 case USBDEVFS_RESETEP:
1359 snoop(&dev->dev, "%s: RESETEP\n", __FUNCTION__);
1360 ret = proc_resetep(ps, p);
1361 if (ret >= 0)
1362 inode->i_mtime = CURRENT_TIME;
1363 break;
1364
1365 case USBDEVFS_RESET:
1366 snoop(&dev->dev, "%s: RESET\n", __FUNCTION__);
1367 ret = proc_resetdevice(ps);
1368 break;
1369
1370 case USBDEVFS_CLEAR_HALT:
1371 snoop(&dev->dev, "%s: CLEAR_HALT\n", __FUNCTION__);
1372 ret = proc_clearhalt(ps, p);
1373 if (ret >= 0)
1374 inode->i_mtime = CURRENT_TIME;
1375 break;
1376
1377 case USBDEVFS_GETDRIVER:
1378 snoop(&dev->dev, "%s: GETDRIVER\n", __FUNCTION__);
1379 ret = proc_getdriver(ps, p);
1380 break;
1381
1382 case USBDEVFS_CONNECTINFO:
1383 snoop(&dev->dev, "%s: CONNECTINFO\n", __FUNCTION__);
1384 ret = proc_connectinfo(ps, p);
1385 break;
1386
1387 case USBDEVFS_SETINTERFACE:
1388 snoop(&dev->dev, "%s: SETINTERFACE\n", __FUNCTION__);
1389 ret = proc_setintf(ps, p);
1390 break;
1391
1392 case USBDEVFS_SETCONFIGURATION:
1393 snoop(&dev->dev, "%s: SETCONFIGURATION\n", __FUNCTION__);
1394 ret = proc_setconfig(ps, p);
1395 break;
1396
1397 case USBDEVFS_SUBMITURB:
1398 snoop(&dev->dev, "%s: SUBMITURB\n", __FUNCTION__);
1399 ret = proc_submiturb(ps, p);
1400 if (ret >= 0)
1401 inode->i_mtime = CURRENT_TIME;
1402 break;
1403
1404#ifdef CONFIG_COMPAT
1405
1406 case USBDEVFS_SUBMITURB32:
1407 snoop(&dev->dev, "%s: SUBMITURB32\n", __FUNCTION__);
1408 ret = proc_submiturb_compat(ps, p);
1409 if (ret >= 0)
1410 inode->i_mtime = CURRENT_TIME;
1411 break;
1412
1413 case USBDEVFS_REAPURB32:
1414 snoop(&dev->dev, "%s: REAPURB32\n", __FUNCTION__);
1415 ret = proc_reapurb_compat(ps, p);
1416 break;
1417
1418 case USBDEVFS_REAPURBNDELAY32:
1419 snoop(&dev->dev, "%s: REAPURBDELAY32\n", __FUNCTION__);
1420 ret = proc_reapurbnonblock_compat(ps, p);
1421 break;
1422
1423#endif
1424
1425 case USBDEVFS_DISCARDURB:
1426 snoop(&dev->dev, "%s: DISCARDURB\n", __FUNCTION__);
1427 ret = proc_unlinkurb(ps, p);
1428 break;
1429
1430 case USBDEVFS_REAPURB:
1431 snoop(&dev->dev, "%s: REAPURB\n", __FUNCTION__);
1432 ret = proc_reapurb(ps, p);
1433 break;
1434
1435 case USBDEVFS_REAPURBNDELAY:
1436 snoop(&dev->dev, "%s: REAPURBDELAY\n", __FUNCTION__);
1437 ret = proc_reapurbnonblock(ps, p);
1438 break;
1439
1440 case USBDEVFS_DISCSIGNAL:
1441 snoop(&dev->dev, "%s: DISCSIGNAL\n", __FUNCTION__);
1442 ret = proc_disconnectsignal(ps, p);
1443 break;
1444
1445 case USBDEVFS_CLAIMINTERFACE:
1446 snoop(&dev->dev, "%s: CLAIMINTERFACE\n", __FUNCTION__);
1447 ret = proc_claiminterface(ps, p);
1448 break;
1449
1450 case USBDEVFS_RELEASEINTERFACE:
1451 snoop(&dev->dev, "%s: RELEASEINTERFACE\n", __FUNCTION__);
1452 ret = proc_releaseinterface(ps, p);
1453 break;
1454
1455 case USBDEVFS_IOCTL:
1456 snoop(&dev->dev, "%s: IOCTL\n", __FUNCTION__);
1457 ret = proc_ioctl(ps, p);
1458 break;
1459 }
1460 usb_unlock_device(dev);
1461 if (ret >= 0)
1462 inode->i_atime = CURRENT_TIME;
1463 return ret;
1464}
1465
1466/* No kernel lock - fine */
1467static unsigned int usbdev_poll(struct file *file, struct poll_table_struct *wait)
1468{
1469 struct dev_state *ps = (struct dev_state *)file->private_data;
1470 unsigned int mask = 0;
1471
1472 poll_wait(file, &ps->wait, wait);
1473 if (file->f_mode & FMODE_WRITE && !list_empty(&ps->async_completed))
1474 mask |= POLLOUT | POLLWRNORM;
1475 if (!connected(ps->dev))
1476 mask |= POLLERR | POLLHUP;
1477 return mask;
1478}
1479
1480struct file_operations usbfs_device_file_operations = {
1481 .llseek = usbdev_lseek,
1482 .read = usbdev_read,
1483 .poll = usbdev_poll,
1484 .ioctl = usbdev_ioctl,
1485 .open = usbdev_open,
1486 .release = usbdev_release,
1487};
Kay Sieversfbf82fd2005-07-31 01:05:53 +0200[diff] [blame]1488
1489struct usb_device *usbdev_lookup_minor(int minor)
1490{
1491 struct class_device *class_dev;
1492 struct usb_device *dev = NULL;
1493
1494 down(&usb_device_class->sem);
1495 list_for_each_entry(class_dev, &usb_device_class->children, node) {
1496 if (class_dev->devt == MKDEV(USB_DEVICE_MAJOR, minor)) {
1497 dev = class_dev->class_data;
1498 break;
1499 }
1500 }
1501 up(&usb_device_class->sem);
1502
1503 return dev;
1504};
1505
1506void usbdev_add(struct usb_device *dev)
1507{
1508 int minor = ((dev->bus->busnum-1) * 128) + (dev->devnum-1);
1509
1510 dev->class_dev = class_device_create(usb_device_class,
1511 MKDEV(USB_DEVICE_MAJOR, minor), &dev->dev,
1512 "usbdev%d.%d", dev->bus->busnum, dev->devnum);
1513
1514 dev->class_dev->class_data = dev;
1515}
1516
1517void usbdev_remove(struct usb_device *dev)
1518{
1519 class_device_unregister(dev->class_dev);
1520}
1521
1522static struct cdev usb_device_cdev = {
1523 .kobj = {.name = "usb_device", },
1524 .owner = THIS_MODULE,
1525};
1526
1527int __init usbdev_init(void)
1528{
1529 int retval;
1530
Alan Sternfad21bd2005-08-10 15:15:57 -0400[diff] [blame]1531 retval = register_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX,
1532 "usb_device");
Kay Sieversfbf82fd2005-07-31 01:05:53 +0200[diff] [blame]1533 if (retval) {
1534 err("unable to register minors for usb_device");
1535 goto out;
1536 }
1537 cdev_init(&usb_device_cdev, &usbfs_device_file_operations);
Alan Sternfad21bd2005-08-10 15:15:57 -0400[diff] [blame]1538 retval = cdev_add(&usb_device_cdev, USB_DEVICE_DEV, USB_DEVICE_MAX);
Kay Sieversfbf82fd2005-07-31 01:05:53 +0200[diff] [blame]1539 if (retval) {
1540 err("unable to get usb_device major %d", USB_DEVICE_MAJOR);
Alan Sternfad21bd2005-08-10 15:15:57 -0400[diff] [blame]1541 unregister_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX);
Kay Sieversfbf82fd2005-07-31 01:05:53 +0200[diff] [blame]1542 goto out;
1543 }
1544 usb_device_class = class_create(THIS_MODULE, "usb_device");
1545 if (IS_ERR(usb_device_class)) {
1546 err("unable to register usb_device class");
1547 retval = PTR_ERR(usb_device_class);
1548 usb_device_class = NULL;
1549 cdev_del(&usb_device_cdev);
Alan Sternfad21bd2005-08-10 15:15:57 -0400[diff] [blame]1550 unregister_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX);
Kay Sieversfbf82fd2005-07-31 01:05:53 +0200[diff] [blame]1551 }
1552
1553out:
1554 return retval;
1555}
1556
1557void usbdev_cleanup(void)
1558{
1559 class_destroy(usb_device_class);
1560 cdev_del(&usb_device_cdev);
Alan Sternfad21bd2005-08-10 15:15:57 -0400[diff] [blame]1561 unregister_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX);
Kay Sieversfbf82fd2005-07-31 01:05:53 +0200[diff] [blame]1562}
1563