1 // SPDX-License-Identifier: GPL-2.0+
2 /*****************************************************************************/
5 * devio.c -- User space communication with USB devices.
7 * Copyright (C) 1999-2000 Thomas Sailer (sailer@ife.ee.ethz.ch)
9 * This file implements the usbfs/x/y files, where
10 * x is the bus number and y the device number.
12 * It allows user space programs/"drivers" to communicate directly
13 * with USB devices without intervening kernel driver.
16 * 22.12.1999 0.1 Initial release (split from proc_usb.c)
17 * 04.01.2000 0.2 Turned into its own filesystem
18 * 30.09.2005 0.3 Fix user-triggerable oops in async URB delivery
22 /*****************************************************************************/
26 #include <linux/sched/signal.h>
27 #include <linux/slab.h>
28 #include <linux/signal.h>
29 #include <linux/poll.h>
30 #include <linux/module.h>
31 #include <linux/string.h>
32 #include <linux/usb.h>
33 #include <linux/usbdevice_fs.h>
34 #include <linux/usb/hcd.h> /* for usbcore internals */
35 #include <linux/cdev.h>
36 #include <linux/notifier.h>
37 #include <linux/security.h>
38 #include <linux/user_namespace.h>
39 #include <linux/scatterlist.h>
40 #include <linux/uaccess.h>
41 #include <linux/dma-mapping.h>
42 #include <asm/byteorder.h>
43 #include <linux/moduleparam.h>
48 #define MAYBE_CAP_SUSPEND USBDEVFS_CAP_SUSPEND
50 #define MAYBE_CAP_SUSPEND 0
54 #define USB_DEVICE_MAX (USB_MAXBUS * 128)
55 #define USB_SG_SIZE 16384 /* split-size for large txs */
57 /* Mutual exclusion for ps->list in resume vs. release and remove */
58 static DEFINE_MUTEX(usbfs_mutex);
60 struct usb_dev_state {
61 struct list_head list; /* state list */
62 struct usb_device *dev;
64 spinlock_t lock; /* protects the async urb lists */
65 struct list_head async_pending;
66 struct list_head async_completed;
67 struct list_head memory_list;
68 wait_queue_head_t wait; /* wake up if a request completed */
69 wait_queue_head_t wait_for_resume; /* wake up upon runtime resume */
70 unsigned int discsignr;
72 const struct cred *cred;
74 unsigned long ifclaimed;
75 u32 disabled_bulk_eps;
76 unsigned long interface_allowed_mask;
79 bool privileges_dropped;
83 struct list_head memlist;
88 dma_addr_t dma_handle;
89 unsigned long vm_start;
90 struct usb_dev_state *ps;
94 struct list_head asynclist;
95 struct usb_dev_state *ps;
97 const struct cred *cred;
100 void __user *userbuffer;
101 void __user *userurb;
102 sigval_t userurb_sigval;
104 struct usb_memory *usbm;
105 unsigned int mem_usage;
111 static bool usbfs_snoop;
112 module_param(usbfs_snoop, bool, S_IRUGO | S_IWUSR);
113 MODULE_PARM_DESC(usbfs_snoop, "true to log all usbfs traffic");
115 static unsigned usbfs_snoop_max = 65536;
116 module_param(usbfs_snoop_max, uint, S_IRUGO | S_IWUSR);
117 MODULE_PARM_DESC(usbfs_snoop_max,
118 "maximum number of bytes to print while snooping");
120 #define snoop(dev, format, arg...) \
123 dev_info(dev, format, ## arg); \
130 #define USB_DEVICE_DEV MKDEV(USB_DEVICE_MAJOR, 0)
132 /* Limit on the total amount of memory we can allocate for transfers */
133 static u32 usbfs_memory_mb = 16;
134 module_param(usbfs_memory_mb, uint, 0644);
135 MODULE_PARM_DESC(usbfs_memory_mb,
136 "maximum MB allowed for usbfs buffers (0 = no limit)");
138 /* Hard limit, necessary to avoid arithmetic overflow */
139 #define USBFS_XFER_MAX (UINT_MAX / 2 - 1000000)
141 static atomic64_t usbfs_memory_usage; /* Total memory currently allocated */
143 /* Check whether it's okay to allocate more memory for a transfer */
144 static int usbfs_increase_memory_usage(u64 amount)
148 lim = READ_ONCE(usbfs_memory_mb);
151 atomic64_add(amount, &usbfs_memory_usage);
153 if (lim > 0 && atomic64_read(&usbfs_memory_usage) > lim) {
154 atomic64_sub(amount, &usbfs_memory_usage);
161 /* Memory for a transfer is being deallocated */
162 static void usbfs_decrease_memory_usage(u64 amount)
164 atomic64_sub(amount, &usbfs_memory_usage);
167 static int connected(struct usb_dev_state *ps)
169 return (!list_empty(&ps->list) &&
170 ps->dev->state != USB_STATE_NOTATTACHED);
173 static void dec_usb_memory_use_count(struct usb_memory *usbm, int *count)
175 struct usb_dev_state *ps = usbm->ps;
176 struct usb_hcd *hcd = bus_to_hcd(ps->dev->bus);
179 spin_lock_irqsave(&ps->lock, flags);
181 if (usbm->urb_use_count == 0 && usbm->vma_use_count == 0) {
182 list_del(&usbm->memlist);
183 spin_unlock_irqrestore(&ps->lock, flags);
185 hcd_buffer_free_pages(hcd, usbm->size,
186 usbm->mem, usbm->dma_handle);
187 usbfs_decrease_memory_usage(
188 usbm->size + sizeof(struct usb_memory));
191 spin_unlock_irqrestore(&ps->lock, flags);
195 static void usbdev_vm_open(struct vm_area_struct *vma)
197 struct usb_memory *usbm = vma->vm_private_data;
200 spin_lock_irqsave(&usbm->ps->lock, flags);
201 ++usbm->vma_use_count;
202 spin_unlock_irqrestore(&usbm->ps->lock, flags);
205 static void usbdev_vm_close(struct vm_area_struct *vma)
207 struct usb_memory *usbm = vma->vm_private_data;
209 dec_usb_memory_use_count(usbm, &usbm->vma_use_count);
212 static const struct vm_operations_struct usbdev_vm_ops = {
213 .open = usbdev_vm_open,
214 .close = usbdev_vm_close
217 static int usbdev_mmap(struct file *file, struct vm_area_struct *vma)
219 struct usb_memory *usbm = NULL;
220 struct usb_dev_state *ps = file->private_data;
221 struct usb_hcd *hcd = bus_to_hcd(ps->dev->bus);
222 size_t size = vma->vm_end - vma->vm_start;
225 dma_addr_t dma_handle = DMA_MAPPING_ERROR;
228 ret = usbfs_increase_memory_usage(size + sizeof(struct usb_memory));
232 usbm = kzalloc(sizeof(struct usb_memory), GFP_KERNEL);
235 goto error_decrease_mem;
238 mem = hcd_buffer_alloc_pages(hcd,
239 size, GFP_USER | __GFP_NOWARN, &dma_handle);
242 goto error_free_usbm;
245 memset(mem, 0, size);
248 usbm->dma_handle = dma_handle;
251 usbm->vm_start = vma->vm_start;
252 usbm->vma_use_count = 1;
253 INIT_LIST_HEAD(&usbm->memlist);
256 * In DMA-unavailable cases, hcd_buffer_alloc_pages allocates
257 * normal pages and assigns DMA_MAPPING_ERROR to dma_handle. Check
258 * whether we are in such cases, and then use remap_pfn_range (or
259 * dma_mmap_coherent) to map normal (or DMA) pages into the user
260 * space, respectively.
262 if (dma_handle == DMA_MAPPING_ERROR) {
263 if (remap_pfn_range(vma, vma->vm_start,
264 virt_to_phys(usbm->mem) >> PAGE_SHIFT,
265 size, vma->vm_page_prot) < 0) {
266 dec_usb_memory_use_count(usbm, &usbm->vma_use_count);
270 if (dma_mmap_coherent(hcd->self.sysdev, vma, mem, dma_handle,
272 dec_usb_memory_use_count(usbm, &usbm->vma_use_count);
277 vma->vm_flags |= VM_IO;
278 vma->vm_flags |= (VM_DONTEXPAND | VM_DONTDUMP);
279 vma->vm_ops = &usbdev_vm_ops;
280 vma->vm_private_data = usbm;
282 spin_lock_irqsave(&ps->lock, flags);
283 list_add_tail(&usbm->memlist, &ps->memory_list);
284 spin_unlock_irqrestore(&ps->lock, flags);
291 usbfs_decrease_memory_usage(size + sizeof(struct usb_memory));
296 static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes,
299 struct usb_dev_state *ps = file->private_data;
300 struct usb_device *dev = ps->dev;
307 usb_lock_device(dev);
308 if (!connected(ps)) {
311 } else if (pos < 0) {
316 if (pos < sizeof(struct usb_device_descriptor)) {
317 /* 18 bytes - fits on the stack */
318 struct usb_device_descriptor temp_desc;
320 memcpy(&temp_desc, &dev->descriptor, sizeof(dev->descriptor));
321 le16_to_cpus(&temp_desc.bcdUSB);
322 le16_to_cpus(&temp_desc.idVendor);
323 le16_to_cpus(&temp_desc.idProduct);
324 le16_to_cpus(&temp_desc.bcdDevice);
326 len = sizeof(struct usb_device_descriptor) - pos;
329 if (copy_to_user(buf, ((char *)&temp_desc) + pos, len)) {
340 pos = sizeof(struct usb_device_descriptor);
341 for (i = 0; nbytes && i < dev->descriptor.bNumConfigurations; i++) {
342 struct usb_config_descriptor *config =
343 (struct usb_config_descriptor *)dev->rawdescriptors[i];
344 unsigned int length = le16_to_cpu(config->wTotalLength);
346 if (*ppos < pos + length) {
348 /* The descriptor may claim to be longer than it
349 * really is. Here is the actual allocated length. */
351 le16_to_cpu(dev->config[i].desc.wTotalLength);
353 len = length - (*ppos - pos);
357 /* Simply don't write (skip over) unallocated parts */
358 if (alloclen > (*ppos - pos)) {
359 alloclen -= (*ppos - pos);
360 if (copy_to_user(buf,
361 dev->rawdescriptors[i] + (*ppos - pos),
362 min(len, alloclen))) {
378 usb_unlock_device(dev);
383 * async list handling
386 static struct async *alloc_async(unsigned int numisoframes)
390 as = kzalloc(sizeof(struct async), GFP_KERNEL);
393 as->urb = usb_alloc_urb(numisoframes, GFP_KERNEL);
401 static void free_async(struct async *as)
408 for (i = 0; i < as->urb->num_sgs; i++) {
409 if (sg_page(&as->urb->sg[i]))
410 kfree(sg_virt(&as->urb->sg[i]));
414 if (as->usbm == NULL)
415 kfree(as->urb->transfer_buffer);
417 dec_usb_memory_use_count(as->usbm, &as->usbm->urb_use_count);
419 kfree(as->urb->setup_packet);
420 usb_free_urb(as->urb);
421 usbfs_decrease_memory_usage(as->mem_usage);
425 static void async_newpending(struct async *as)
427 struct usb_dev_state *ps = as->ps;
430 spin_lock_irqsave(&ps->lock, flags);
431 list_add_tail(&as->asynclist, &ps->async_pending);
432 spin_unlock_irqrestore(&ps->lock, flags);
435 static void async_removepending(struct async *as)
437 struct usb_dev_state *ps = as->ps;
440 spin_lock_irqsave(&ps->lock, flags);
441 list_del_init(&as->asynclist);
442 spin_unlock_irqrestore(&ps->lock, flags);
445 static struct async *async_getcompleted(struct usb_dev_state *ps)
448 struct async *as = NULL;
450 spin_lock_irqsave(&ps->lock, flags);
451 if (!list_empty(&ps->async_completed)) {
452 as = list_entry(ps->async_completed.next, struct async,
454 list_del_init(&as->asynclist);
456 spin_unlock_irqrestore(&ps->lock, flags);
460 static struct async *async_getpending(struct usb_dev_state *ps,
461 void __user *userurb)
465 list_for_each_entry(as, &ps->async_pending, asynclist)
466 if (as->userurb == userurb) {
467 list_del_init(&as->asynclist);
474 static void snoop_urb(struct usb_device *udev,
475 void __user *userurb, int pipe, unsigned length,
476 int timeout_or_status, enum snoop_when when,
477 unsigned char *data, unsigned data_len)
479 static const char *types[] = {"isoc", "int", "ctrl", "bulk"};
480 static const char *dirs[] = {"out", "in"};
487 ep = usb_pipeendpoint(pipe);
488 t = types[usb_pipetype(pipe)];
489 d = dirs[!!usb_pipein(pipe)];
491 if (userurb) { /* Async */
493 dev_info(&udev->dev, "userurb %px, ep%d %s-%s, "
495 userurb, ep, t, d, length);
497 dev_info(&udev->dev, "userurb %px, ep%d %s-%s, "
498 "actual_length %u status %d\n",
499 userurb, ep, t, d, length,
503 dev_info(&udev->dev, "ep%d %s-%s, length %u, "
505 ep, t, d, length, timeout_or_status);
507 dev_info(&udev->dev, "ep%d %s-%s, actual_length %u, "
509 ep, t, d, length, timeout_or_status);
512 data_len = min(data_len, usbfs_snoop_max);
513 if (data && data_len > 0) {
514 print_hex_dump(KERN_DEBUG, "data: ", DUMP_PREFIX_NONE, 32, 1,
519 static void snoop_urb_data(struct urb *urb, unsigned len)
523 len = min(len, usbfs_snoop_max);
524 if (!usbfs_snoop || len == 0)
527 if (urb->num_sgs == 0) {
528 print_hex_dump(KERN_DEBUG, "data: ", DUMP_PREFIX_NONE, 32, 1,
529 urb->transfer_buffer, len, 1);
533 for (i = 0; i < urb->num_sgs && len; i++) {
534 size = (len > USB_SG_SIZE) ? USB_SG_SIZE : len;
535 print_hex_dump(KERN_DEBUG, "data: ", DUMP_PREFIX_NONE, 32, 1,
536 sg_virt(&urb->sg[i]), size, 1);
541 static int copy_urb_data_to_user(u8 __user *userbuffer, struct urb *urb)
543 unsigned i, len, size;
545 if (urb->number_of_packets > 0) /* Isochronous */
546 len = urb->transfer_buffer_length;
548 len = urb->actual_length;
550 if (urb->num_sgs == 0) {
551 if (copy_to_user(userbuffer, urb->transfer_buffer, len))
556 for (i = 0; i < urb->num_sgs && len; i++) {
557 size = (len > USB_SG_SIZE) ? USB_SG_SIZE : len;
558 if (copy_to_user(userbuffer, sg_virt(&urb->sg[i]), size))
567 #define AS_CONTINUATION 1
570 static void cancel_bulk_urbs(struct usb_dev_state *ps, unsigned bulk_addr)
577 /* Mark all the pending URBs that match bulk_addr, up to but not
578 * including the first one without AS_CONTINUATION. If such an
579 * URB is encountered then a new transfer has already started so
580 * the endpoint doesn't need to be disabled; otherwise it does.
582 list_for_each_entry(as, &ps->async_pending, asynclist) {
583 if (as->bulk_addr == bulk_addr) {
584 if (as->bulk_status != AS_CONTINUATION)
586 as->bulk_status = AS_UNLINK;
590 ps->disabled_bulk_eps |= (1 << bulk_addr);
592 /* Now carefully unlink all the marked pending URBs */
594 list_for_each_entry_reverse(as, &ps->async_pending, asynclist) {
595 if (as->bulk_status == AS_UNLINK) {
596 as->bulk_status = 0; /* Only once */
599 spin_unlock(&ps->lock); /* Allow completions */
602 spin_lock(&ps->lock);
608 static void async_completed(struct urb *urb)
610 struct async *as = urb->context;
611 struct usb_dev_state *ps = as->ps;
612 struct pid *pid = NULL;
613 const struct cred *cred = NULL;
618 spin_lock_irqsave(&ps->lock, flags);
619 list_move_tail(&as->asynclist, &ps->async_completed);
620 as->status = urb->status;
624 addr = as->userurb_sigval;
625 pid = get_pid(as->pid);
626 cred = get_cred(as->cred);
628 snoop(&urb->dev->dev, "urb complete\n");
629 snoop_urb(urb->dev, as->userurb, urb->pipe, urb->actual_length,
630 as->status, COMPLETE, NULL, 0);
631 if (usb_urb_dir_in(urb))
632 snoop_urb_data(urb, urb->actual_length);
634 if (as->status < 0 && as->bulk_addr && as->status != -ECONNRESET &&
635 as->status != -ENOENT)
636 cancel_bulk_urbs(ps, as->bulk_addr);
639 spin_unlock_irqrestore(&ps->lock, flags);
642 kill_pid_usb_asyncio(signr, errno, addr, pid, cred);
648 static void destroy_async(struct usb_dev_state *ps, struct list_head *list)
654 spin_lock_irqsave(&ps->lock, flags);
655 while (!list_empty(list)) {
656 as = list_last_entry(list, struct async, asynclist);
657 list_del_init(&as->asynclist);
661 /* drop the spinlock so the completion handler can run */
662 spin_unlock_irqrestore(&ps->lock, flags);
665 spin_lock_irqsave(&ps->lock, flags);
667 spin_unlock_irqrestore(&ps->lock, flags);
670 static void destroy_async_on_interface(struct usb_dev_state *ps,
673 struct list_head *p, *q, hitlist;
676 INIT_LIST_HEAD(&hitlist);
677 spin_lock_irqsave(&ps->lock, flags);
678 list_for_each_safe(p, q, &ps->async_pending)
679 if (ifnum == list_entry(p, struct async, asynclist)->ifnum)
680 list_move_tail(p, &hitlist);
681 spin_unlock_irqrestore(&ps->lock, flags);
682 destroy_async(ps, &hitlist);
685 static void destroy_all_async(struct usb_dev_state *ps)
687 destroy_async(ps, &ps->async_pending);
691 * interface claims are made only at the request of user level code,
692 * which can also release them (explicitly or by closing files).
693 * they're also undone when devices disconnect.
696 static int driver_probe(struct usb_interface *intf,
697 const struct usb_device_id *id)
702 static void driver_disconnect(struct usb_interface *intf)
704 struct usb_dev_state *ps = usb_get_intfdata(intf);
705 unsigned int ifnum = intf->altsetting->desc.bInterfaceNumber;
710 /* NOTE: this relies on usbcore having canceled and completed
711 * all pending I/O requests; 2.6 does that.
714 if (likely(ifnum < 8*sizeof(ps->ifclaimed)))
715 clear_bit(ifnum, &ps->ifclaimed);
717 dev_warn(&intf->dev, "interface number %u out of range\n",
720 usb_set_intfdata(intf, NULL);
722 /* force async requests to complete */
723 destroy_async_on_interface(ps, ifnum);
726 /* We don't care about suspend/resume of claimed interfaces */
727 static int driver_suspend(struct usb_interface *intf, pm_message_t msg)
732 static int driver_resume(struct usb_interface *intf)
738 /* The following routines apply to the entire device, not interfaces */
739 void usbfs_notify_suspend(struct usb_device *udev)
741 /* We don't need to handle this */
744 void usbfs_notify_resume(struct usb_device *udev)
746 struct usb_dev_state *ps;
748 /* Protect against simultaneous remove or release */
749 mutex_lock(&usbfs_mutex);
750 list_for_each_entry(ps, &udev->filelist, list) {
751 WRITE_ONCE(ps->not_yet_resumed, 0);
752 wake_up_all(&ps->wait_for_resume);
754 mutex_unlock(&usbfs_mutex);
758 struct usb_driver usbfs_driver = {
760 .probe = driver_probe,
761 .disconnect = driver_disconnect,
762 .suspend = driver_suspend,
763 .resume = driver_resume,
764 .supports_autosuspend = 1,
767 static int claimintf(struct usb_dev_state *ps, unsigned int ifnum)
769 struct usb_device *dev = ps->dev;
770 struct usb_interface *intf;
773 if (ifnum >= 8*sizeof(ps->ifclaimed))
775 /* already claimed */
776 if (test_bit(ifnum, &ps->ifclaimed))
779 if (ps->privileges_dropped &&
780 !test_bit(ifnum, &ps->interface_allowed_mask))
783 intf = usb_ifnum_to_if(dev, ifnum);
787 unsigned int old_suppress;
789 /* suppress uevents while claiming interface */
790 old_suppress = dev_get_uevent_suppress(&intf->dev);
791 dev_set_uevent_suppress(&intf->dev, 1);
792 err = usb_driver_claim_interface(&usbfs_driver, intf, ps);
793 dev_set_uevent_suppress(&intf->dev, old_suppress);
796 set_bit(ifnum, &ps->ifclaimed);
800 static int releaseintf(struct usb_dev_state *ps, unsigned int ifnum)
802 struct usb_device *dev;
803 struct usb_interface *intf;
807 if (ifnum >= 8*sizeof(ps->ifclaimed))
810 intf = usb_ifnum_to_if(dev, ifnum);
813 else if (test_and_clear_bit(ifnum, &ps->ifclaimed)) {
814 unsigned int old_suppress;
816 /* suppress uevents while releasing interface */
817 old_suppress = dev_get_uevent_suppress(&intf->dev);
818 dev_set_uevent_suppress(&intf->dev, 1);
819 usb_driver_release_interface(&usbfs_driver, intf);
820 dev_set_uevent_suppress(&intf->dev, old_suppress);
826 static int checkintf(struct usb_dev_state *ps, unsigned int ifnum)
828 if (ps->dev->state != USB_STATE_CONFIGURED)
829 return -EHOSTUNREACH;
830 if (ifnum >= 8*sizeof(ps->ifclaimed))
832 if (test_bit(ifnum, &ps->ifclaimed))
834 /* if not yet claimed, claim it for the driver */
835 dev_warn(&ps->dev->dev, "usbfs: process %d (%s) did not claim "
836 "interface %u before use\n", task_pid_nr(current),
837 current->comm, ifnum);
838 return claimintf(ps, ifnum);
841 static int findintfep(struct usb_device *dev, unsigned int ep)
843 unsigned int i, j, e;
844 struct usb_interface *intf;
845 struct usb_host_interface *alts;
846 struct usb_endpoint_descriptor *endpt;
848 if (ep & ~(USB_DIR_IN|0xf))
852 for (i = 0; i < dev->actconfig->desc.bNumInterfaces; i++) {
853 intf = dev->actconfig->interface[i];
854 for (j = 0; j < intf->num_altsetting; j++) {
855 alts = &intf->altsetting[j];
856 for (e = 0; e < alts->desc.bNumEndpoints; e++) {
857 endpt = &alts->endpoint[e].desc;
858 if (endpt->bEndpointAddress == ep)
859 return alts->desc.bInterfaceNumber;
866 static int check_ctrlrecip(struct usb_dev_state *ps, unsigned int requesttype,
867 unsigned int request, unsigned int index)
870 struct usb_host_interface *alt_setting;
872 if (ps->dev->state != USB_STATE_UNAUTHENTICATED
873 && ps->dev->state != USB_STATE_ADDRESS
874 && ps->dev->state != USB_STATE_CONFIGURED)
875 return -EHOSTUNREACH;
876 if (USB_TYPE_VENDOR == (USB_TYPE_MASK & requesttype))
880 * check for the special corner case 'get_device_id' in the printer
881 * class specification, which we always want to allow as it is used
882 * to query things like ink level, etc.
884 if (requesttype == 0xa1 && request == 0) {
885 alt_setting = usb_find_alt_setting(ps->dev->actconfig,
886 index >> 8, index & 0xff);
888 && alt_setting->desc.bInterfaceClass == USB_CLASS_PRINTER)
893 switch (requesttype & USB_RECIP_MASK) {
894 case USB_RECIP_ENDPOINT:
895 if ((index & ~USB_DIR_IN) == 0)
897 ret = findintfep(ps->dev, index);
900 * Some not fully compliant Win apps seem to get
901 * index wrong and have the endpoint number here
902 * rather than the endpoint address (with the
903 * correct direction). Win does let this through,
904 * so we'll not reject it here but leave it to
905 * the device to not break KVM. But we warn.
907 ret = findintfep(ps->dev, index ^ 0x80);
909 dev_info(&ps->dev->dev,
910 "%s: process %i (%s) requesting ep %02x but needs %02x\n",
911 __func__, task_pid_nr(current),
912 current->comm, index, index ^ 0x80);
915 ret = checkintf(ps, ret);
918 case USB_RECIP_INTERFACE:
919 ret = checkintf(ps, index);
925 static struct usb_host_endpoint *ep_to_host_endpoint(struct usb_device *dev,
928 if (ep & USB_ENDPOINT_DIR_MASK)
929 return dev->ep_in[ep & USB_ENDPOINT_NUMBER_MASK];
931 return dev->ep_out[ep & USB_ENDPOINT_NUMBER_MASK];
934 static int parse_usbdevfs_streams(struct usb_dev_state *ps,
935 struct usbdevfs_streams __user *streams,
936 unsigned int *num_streams_ret,
937 unsigned int *num_eps_ret,
938 struct usb_host_endpoint ***eps_ret,
939 struct usb_interface **intf_ret)
941 unsigned int i, num_streams, num_eps;
942 struct usb_host_endpoint **eps;
943 struct usb_interface *intf = NULL;
947 if (get_user(num_streams, &streams->num_streams) ||
948 get_user(num_eps, &streams->num_eps))
951 if (num_eps < 1 || num_eps > USB_MAXENDPOINTS)
954 /* The XHCI controller allows max 2 ^ 16 streams */
955 if (num_streams_ret && (num_streams < 2 || num_streams > 65536))
958 eps = kmalloc_array(num_eps, sizeof(*eps), GFP_KERNEL);
962 for (i = 0; i < num_eps; i++) {
963 if (get_user(ep, &streams->eps[i])) {
967 eps[i] = ep_to_host_endpoint(ps->dev, ep);
973 /* usb_alloc/free_streams operate on an usb_interface */
974 ifnum = findintfep(ps->dev, ep);
981 ret = checkintf(ps, ifnum);
984 intf = usb_ifnum_to_if(ps->dev, ifnum);
986 /* Verify all eps belong to the same interface */
987 if (ifnum != intf->altsetting->desc.bInterfaceNumber) {
995 *num_streams_ret = num_streams;
996 *num_eps_ret = num_eps;
1007 static struct usb_device *usbdev_lookup_by_devt(dev_t devt)
1011 dev = bus_find_device_by_devt(&usb_bus_type, devt);
1014 return to_usb_device(dev);
1020 static int usbdev_open(struct inode *inode, struct file *file)
1022 struct usb_device *dev = NULL;
1023 struct usb_dev_state *ps;
1027 ps = kzalloc(sizeof(struct usb_dev_state), GFP_KERNEL);
1033 /* usbdev device-node */
1034 if (imajor(inode) == USB_DEVICE_MAJOR)
1035 dev = usbdev_lookup_by_devt(inode->i_rdev);
1039 usb_lock_device(dev);
1040 if (dev->state == USB_STATE_NOTATTACHED)
1041 goto out_unlock_device;
1043 ret = usb_autoresume_device(dev);
1045 goto out_unlock_device;
1049 ps->interface_allowed_mask = 0xFFFFFFFF; /* 32 bits */
1050 spin_lock_init(&ps->lock);
1051 INIT_LIST_HEAD(&ps->list);
1052 INIT_LIST_HEAD(&ps->async_pending);
1053 INIT_LIST_HEAD(&ps->async_completed);
1054 INIT_LIST_HEAD(&ps->memory_list);
1055 init_waitqueue_head(&ps->wait);
1056 init_waitqueue_head(&ps->wait_for_resume);
1057 ps->disc_pid = get_pid(task_pid(current));
1058 ps->cred = get_current_cred();
1061 /* Can't race with resume; the device is already active */
1062 list_add_tail(&ps->list, &dev->filelist);
1063 file->private_data = ps;
1064 usb_unlock_device(dev);
1065 snoop(&dev->dev, "opened by process %d: %s\n", task_pid_nr(current),
1070 usb_unlock_device(dev);
1077 static int usbdev_release(struct inode *inode, struct file *file)
1079 struct usb_dev_state *ps = file->private_data;
1080 struct usb_device *dev = ps->dev;
1084 usb_lock_device(dev);
1085 usb_hub_release_all_ports(dev, ps);
1087 /* Protect against simultaneous resume */
1088 mutex_lock(&usbfs_mutex);
1089 list_del_init(&ps->list);
1090 mutex_unlock(&usbfs_mutex);
1092 for (ifnum = 0; ps->ifclaimed && ifnum < 8*sizeof(ps->ifclaimed);
1094 if (test_bit(ifnum, &ps->ifclaimed))
1095 releaseintf(ps, ifnum);
1097 destroy_all_async(ps);
1098 if (!ps->suspend_allowed)
1099 usb_autosuspend_device(dev);
1100 usb_unlock_device(dev);
1102 put_pid(ps->disc_pid);
1105 as = async_getcompleted(ps);
1108 as = async_getcompleted(ps);
1115 static int do_proc_control(struct usb_dev_state *ps,
1116 struct usbdevfs_ctrltransfer *ctrl)
1118 struct usb_device *dev = ps->dev;
1120 unsigned char *tbuf;
1124 ret = check_ctrlrecip(ps, ctrl->bRequestType, ctrl->bRequest,
1128 wLength = ctrl->wLength; /* To suppress 64k PAGE_SIZE warning */
1129 if (wLength > PAGE_SIZE)
1131 ret = usbfs_increase_memory_usage(PAGE_SIZE + sizeof(struct urb) +
1132 sizeof(struct usb_ctrlrequest));
1135 tbuf = (unsigned char *)__get_free_page(GFP_KERNEL);
1140 tmo = ctrl->timeout;
1141 snoop(&dev->dev, "control urb: bRequestType=%02x "
1142 "bRequest=%02x wValue=%04x "
1143 "wIndex=%04x wLength=%04x\n",
1144 ctrl->bRequestType, ctrl->bRequest, ctrl->wValue,
1145 ctrl->wIndex, ctrl->wLength);
1146 if ((ctrl->bRequestType & USB_DIR_IN) && ctrl->wLength) {
1147 pipe = usb_rcvctrlpipe(dev, 0);
1148 snoop_urb(dev, NULL, pipe, ctrl->wLength, tmo, SUBMIT, NULL, 0);
1150 usb_unlock_device(dev);
1151 i = usb_control_msg(dev, pipe, ctrl->bRequest,
1152 ctrl->bRequestType, ctrl->wValue, ctrl->wIndex,
1153 tbuf, ctrl->wLength, tmo);
1154 usb_lock_device(dev);
1155 snoop_urb(dev, NULL, pipe, max(i, 0), min(i, 0), COMPLETE,
1157 if ((i > 0) && ctrl->wLength) {
1158 if (copy_to_user(ctrl->data, tbuf, i)) {
1164 if (ctrl->wLength) {
1165 if (copy_from_user(tbuf, ctrl->data, ctrl->wLength)) {
1170 pipe = usb_sndctrlpipe(dev, 0);
1171 snoop_urb(dev, NULL, pipe, ctrl->wLength, tmo, SUBMIT,
1172 tbuf, ctrl->wLength);
1174 usb_unlock_device(dev);
1175 i = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), ctrl->bRequest,
1176 ctrl->bRequestType, ctrl->wValue, ctrl->wIndex,
1177 tbuf, ctrl->wLength, tmo);
1178 usb_lock_device(dev);
1179 snoop_urb(dev, NULL, pipe, max(i, 0), min(i, 0), COMPLETE, NULL, 0);
1181 if (i < 0 && i != -EPIPE) {
1182 dev_printk(KERN_DEBUG, &dev->dev, "usbfs: USBDEVFS_CONTROL "
1183 "failed cmd %s rqt %u rq %u len %u ret %d\n",
1184 current->comm, ctrl->bRequestType, ctrl->bRequest,
1189 free_page((unsigned long) tbuf);
1190 usbfs_decrease_memory_usage(PAGE_SIZE + sizeof(struct urb) +
1191 sizeof(struct usb_ctrlrequest));
1195 static int proc_control(struct usb_dev_state *ps, void __user *arg)
1197 struct usbdevfs_ctrltransfer ctrl;
1199 if (copy_from_user(&ctrl, arg, sizeof(ctrl)))
1201 return do_proc_control(ps, &ctrl);
1204 static int do_proc_bulk(struct usb_dev_state *ps,
1205 struct usbdevfs_bulktransfer *bulk)
1207 struct usb_device *dev = ps->dev;
1208 unsigned int tmo, len1, pipe;
1210 unsigned char *tbuf;
1213 ret = findintfep(ps->dev, bulk->ep);
1216 ret = checkintf(ps, ret);
1219 if (bulk->ep & USB_DIR_IN)
1220 pipe = usb_rcvbulkpipe(dev, bulk->ep & 0x7f);
1222 pipe = usb_sndbulkpipe(dev, bulk->ep & 0x7f);
1223 if (!usb_maxpacket(dev, pipe, !(bulk->ep & USB_DIR_IN)))
1226 if (len1 >= (INT_MAX - sizeof(struct urb)))
1228 ret = usbfs_increase_memory_usage(len1 + sizeof(struct urb));
1233 * len1 can be almost arbitrarily large. Don't WARN if it's
1234 * too big, just fail the request.
1236 tbuf = kmalloc(len1, GFP_KERNEL | __GFP_NOWARN);
1241 tmo = bulk->timeout;
1242 if (bulk->ep & 0x80) {
1243 snoop_urb(dev, NULL, pipe, len1, tmo, SUBMIT, NULL, 0);
1245 usb_unlock_device(dev);
1246 i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo);
1247 usb_lock_device(dev);
1248 snoop_urb(dev, NULL, pipe, len2, i, COMPLETE, tbuf, len2);
1251 if (copy_to_user(bulk->data, tbuf, len2)) {
1258 if (copy_from_user(tbuf, bulk->data, len1)) {
1263 snoop_urb(dev, NULL, pipe, len1, tmo, SUBMIT, tbuf, len1);
1265 usb_unlock_device(dev);
1266 i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo);
1267 usb_lock_device(dev);
1268 snoop_urb(dev, NULL, pipe, len2, i, COMPLETE, NULL, 0);
1270 ret = (i < 0 ? i : len2);
1273 usbfs_decrease_memory_usage(len1 + sizeof(struct urb));
1277 static int proc_bulk(struct usb_dev_state *ps, void __user *arg)
1279 struct usbdevfs_bulktransfer bulk;
1281 if (copy_from_user(&bulk, arg, sizeof(bulk)))
1283 return do_proc_bulk(ps, &bulk);
1286 static void check_reset_of_active_ep(struct usb_device *udev,
1287 unsigned int epnum, char *ioctl_name)
1289 struct usb_host_endpoint **eps;
1290 struct usb_host_endpoint *ep;
1292 eps = (epnum & USB_DIR_IN) ? udev->ep_in : udev->ep_out;
1293 ep = eps[epnum & 0x0f];
1294 if (ep && !list_empty(&ep->urb_list))
1295 dev_warn(&udev->dev, "Process %d (%s) called USBDEVFS_%s for active endpoint 0x%02x\n",
1296 task_pid_nr(current), current->comm,
1300 static int proc_resetep(struct usb_dev_state *ps, void __user *arg)
1305 if (get_user(ep, (unsigned int __user *)arg))
1307 ret = findintfep(ps->dev, ep);
1310 ret = checkintf(ps, ret);
1313 check_reset_of_active_ep(ps->dev, ep, "RESETEP");
1314 usb_reset_endpoint(ps->dev, ep);
1318 static int proc_clearhalt(struct usb_dev_state *ps, void __user *arg)
1324 if (get_user(ep, (unsigned int __user *)arg))
1326 ret = findintfep(ps->dev, ep);
1329 ret = checkintf(ps, ret);
1332 check_reset_of_active_ep(ps->dev, ep, "CLEAR_HALT");
1333 if (ep & USB_DIR_IN)
1334 pipe = usb_rcvbulkpipe(ps->dev, ep & 0x7f);
1336 pipe = usb_sndbulkpipe(ps->dev, ep & 0x7f);
1338 return usb_clear_halt(ps->dev, pipe);
1341 static int proc_getdriver(struct usb_dev_state *ps, void __user *arg)
1343 struct usbdevfs_getdriver gd;
1344 struct usb_interface *intf;
1347 if (copy_from_user(&gd, arg, sizeof(gd)))
1349 intf = usb_ifnum_to_if(ps->dev, gd.interface);
1350 if (!intf || !intf->dev.driver)
1353 strlcpy(gd.driver, intf->dev.driver->name,
1355 ret = (copy_to_user(arg, &gd, sizeof(gd)) ? -EFAULT : 0);
1360 static int proc_connectinfo(struct usb_dev_state *ps, void __user *arg)
1362 struct usbdevfs_connectinfo ci;
1364 memset(&ci, 0, sizeof(ci));
1365 ci.devnum = ps->dev->devnum;
1366 ci.slow = ps->dev->speed == USB_SPEED_LOW;
1368 if (copy_to_user(arg, &ci, sizeof(ci)))
1373 static int proc_conninfo_ex(struct usb_dev_state *ps,
1374 void __user *arg, size_t size)
1376 struct usbdevfs_conninfo_ex ci;
1377 struct usb_device *udev = ps->dev;
1379 if (size < sizeof(ci.size))
1382 memset(&ci, 0, sizeof(ci));
1383 ci.size = sizeof(ci);
1384 ci.busnum = udev->bus->busnum;
1385 ci.devnum = udev->devnum;
1386 ci.speed = udev->speed;
1388 while (udev && udev->portnum != 0) {
1389 if (++ci.num_ports <= ARRAY_SIZE(ci.ports))
1390 ci.ports[ARRAY_SIZE(ci.ports) - ci.num_ports] =
1392 udev = udev->parent;
1395 if (ci.num_ports < ARRAY_SIZE(ci.ports))
1396 memmove(&ci.ports[0],
1397 &ci.ports[ARRAY_SIZE(ci.ports) - ci.num_ports],
1400 if (copy_to_user(arg, &ci, min(sizeof(ci), size)))
1406 static int proc_resetdevice(struct usb_dev_state *ps)
1408 struct usb_host_config *actconfig = ps->dev->actconfig;
1409 struct usb_interface *interface;
1412 /* Don't allow a device reset if the process has dropped the
1413 * privilege to do such things and any of the interfaces are
1414 * currently claimed.
1416 if (ps->privileges_dropped && actconfig) {
1417 for (i = 0; i < actconfig->desc.bNumInterfaces; ++i) {
1418 interface = actconfig->interface[i];
1419 number = interface->cur_altsetting->desc.bInterfaceNumber;
1420 if (usb_interface_claimed(interface) &&
1421 !test_bit(number, &ps->ifclaimed)) {
1422 dev_warn(&ps->dev->dev,
1423 "usbfs: interface %d claimed by %s while '%s' resets device\n",
1424 number, interface->dev.driver->name, current->comm);
1430 return usb_reset_device(ps->dev);
1433 static int proc_setintf(struct usb_dev_state *ps, void __user *arg)
1435 struct usbdevfs_setinterface setintf;
1438 if (copy_from_user(&setintf, arg, sizeof(setintf)))
1440 ret = checkintf(ps, setintf.interface);
1444 destroy_async_on_interface(ps, setintf.interface);
1446 return usb_set_interface(ps->dev, setintf.interface,
1447 setintf.altsetting);
1450 static int proc_setconfig(struct usb_dev_state *ps, void __user *arg)
1454 struct usb_host_config *actconfig;
1456 if (get_user(u, (int __user *)arg))
1459 actconfig = ps->dev->actconfig;
1461 /* Don't touch the device if any interfaces are claimed.
1462 * It could interfere with other drivers' operations, and if
1463 * an interface is claimed by usbfs it could easily deadlock.
1468 for (i = 0; i < actconfig->desc.bNumInterfaces; ++i) {
1469 if (usb_interface_claimed(actconfig->interface[i])) {
1470 dev_warn(&ps->dev->dev,
1471 "usbfs: interface %d claimed by %s "
1472 "while '%s' sets config #%d\n",
1473 actconfig->interface[i]
1475 ->desc.bInterfaceNumber,
1476 actconfig->interface[i]
1485 /* SET_CONFIGURATION is often abused as a "cheap" driver reset,
1486 * so avoid usb_set_configuration()'s kick to sysfs
1489 if (actconfig && actconfig->desc.bConfigurationValue == u)
1490 status = usb_reset_configuration(ps->dev);
1492 status = usb_set_configuration(ps->dev, u);
1498 static struct usb_memory *
1499 find_memory_area(struct usb_dev_state *ps, const struct usbdevfs_urb *uurb)
1501 struct usb_memory *usbm = NULL, *iter;
1502 unsigned long flags;
1503 unsigned long uurb_start = (unsigned long)uurb->buffer;
1505 spin_lock_irqsave(&ps->lock, flags);
1506 list_for_each_entry(iter, &ps->memory_list, memlist) {
1507 if (uurb_start >= iter->vm_start &&
1508 uurb_start < iter->vm_start + iter->size) {
1509 if (uurb->buffer_length > iter->vm_start + iter->size -
1511 usbm = ERR_PTR(-EINVAL);
1514 usbm->urb_use_count++;
1519 spin_unlock_irqrestore(&ps->lock, flags);
1523 static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb,
1524 struct usbdevfs_iso_packet_desc __user *iso_frame_desc,
1525 void __user *arg, sigval_t userurb_sigval)
1527 struct usbdevfs_iso_packet_desc *isopkt = NULL;
1528 struct usb_host_endpoint *ep;
1529 struct async *as = NULL;
1530 struct usb_ctrlrequest *dr = NULL;
1531 unsigned int u, totlen, isofrmlen;
1532 int i, ret, num_sgs = 0, ifnum = -1;
1533 int number_of_packets = 0;
1534 unsigned int stream_id = 0;
1537 bool allow_short = false;
1538 bool allow_zero = false;
1539 unsigned long mask = USBDEVFS_URB_SHORT_NOT_OK |
1540 USBDEVFS_URB_BULK_CONTINUATION |
1541 USBDEVFS_URB_NO_FSBR |
1542 USBDEVFS_URB_ZERO_PACKET |
1543 USBDEVFS_URB_NO_INTERRUPT;
1544 /* USBDEVFS_URB_ISO_ASAP is a special case */
1545 if (uurb->type == USBDEVFS_URB_TYPE_ISO)
1546 mask |= USBDEVFS_URB_ISO_ASAP;
1548 if (uurb->flags & ~mask)
1551 if ((unsigned int)uurb->buffer_length >= USBFS_XFER_MAX)
1553 if (uurb->buffer_length > 0 && !uurb->buffer)
1555 if (!(uurb->type == USBDEVFS_URB_TYPE_CONTROL &&
1556 (uurb->endpoint & ~USB_ENDPOINT_DIR_MASK) == 0)) {
1557 ifnum = findintfep(ps->dev, uurb->endpoint);
1560 ret = checkintf(ps, ifnum);
1564 ep = ep_to_host_endpoint(ps->dev, uurb->endpoint);
1567 is_in = (uurb->endpoint & USB_ENDPOINT_DIR_MASK) != 0;
1570 switch (uurb->type) {
1571 case USBDEVFS_URB_TYPE_CONTROL:
1572 if (!usb_endpoint_xfer_control(&ep->desc))
1574 /* min 8 byte setup packet */
1575 if (uurb->buffer_length < 8)
1577 dr = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
1580 if (copy_from_user(dr, uurb->buffer, 8)) {
1584 if (uurb->buffer_length < (le16_to_cpu(dr->wLength) + 8)) {
1588 ret = check_ctrlrecip(ps, dr->bRequestType, dr->bRequest,
1589 le16_to_cpu(dr->wIndex));
1592 uurb->buffer_length = le16_to_cpu(dr->wLength);
1594 if ((dr->bRequestType & USB_DIR_IN) && uurb->buffer_length) {
1596 uurb->endpoint |= USB_DIR_IN;
1599 uurb->endpoint &= ~USB_DIR_IN;
1603 snoop(&ps->dev->dev, "control urb: bRequestType=%02x "
1604 "bRequest=%02x wValue=%04x "
1605 "wIndex=%04x wLength=%04x\n",
1606 dr->bRequestType, dr->bRequest,
1607 __le16_to_cpu(dr->wValue),
1608 __le16_to_cpu(dr->wIndex),
1609 __le16_to_cpu(dr->wLength));
1610 u = sizeof(struct usb_ctrlrequest);
1613 case USBDEVFS_URB_TYPE_BULK:
1618 switch (usb_endpoint_type(&ep->desc)) {
1619 case USB_ENDPOINT_XFER_CONTROL:
1620 case USB_ENDPOINT_XFER_ISOC:
1622 case USB_ENDPOINT_XFER_INT:
1623 /* allow single-shot interrupt transfers */
1624 uurb->type = USBDEVFS_URB_TYPE_INTERRUPT;
1627 num_sgs = DIV_ROUND_UP(uurb->buffer_length, USB_SG_SIZE);
1628 if (num_sgs == 1 || num_sgs > ps->dev->bus->sg_tablesize)
1631 stream_id = uurb->stream_id;
1634 case USBDEVFS_URB_TYPE_INTERRUPT:
1635 if (!usb_endpoint_xfer_int(&ep->desc))
1644 case USBDEVFS_URB_TYPE_ISO:
1645 /* arbitrary limit */
1646 if (uurb->number_of_packets < 1 ||
1647 uurb->number_of_packets > 128)
1649 if (!usb_endpoint_xfer_isoc(&ep->desc))
1651 number_of_packets = uurb->number_of_packets;
1652 isofrmlen = sizeof(struct usbdevfs_iso_packet_desc) *
1654 isopkt = memdup_user(iso_frame_desc, isofrmlen);
1655 if (IS_ERR(isopkt)) {
1656 ret = PTR_ERR(isopkt);
1660 for (totlen = u = 0; u < number_of_packets; u++) {
1662 * arbitrary limit need for USB 3.1 Gen2
1663 * sizemax: 96 DPs at SSP, 96 * 1024 = 98304
1665 if (isopkt[u].length > 98304) {
1669 totlen += isopkt[u].length;
1671 u *= sizeof(struct usb_iso_packet_descriptor);
1672 uurb->buffer_length = totlen;
1679 if (uurb->buffer_length > 0 &&
1680 !access_ok(uurb->buffer, uurb->buffer_length)) {
1684 as = alloc_async(number_of_packets);
1690 as->usbm = find_memory_area(ps, uurb);
1691 if (IS_ERR(as->usbm)) {
1692 ret = PTR_ERR(as->usbm);
1697 /* do not use SG buffers when memory mapped segments
1703 u += sizeof(struct async) + sizeof(struct urb) +
1704 (as->usbm ? 0 : uurb->buffer_length) +
1705 num_sgs * sizeof(struct scatterlist);
1706 ret = usbfs_increase_memory_usage(u);
1712 as->urb->sg = kmalloc_array(num_sgs,
1713 sizeof(struct scatterlist),
1714 GFP_KERNEL | __GFP_NOWARN);
1719 as->urb->num_sgs = num_sgs;
1720 sg_init_table(as->urb->sg, as->urb->num_sgs);
1722 totlen = uurb->buffer_length;
1723 for (i = 0; i < as->urb->num_sgs; i++) {
1724 u = (totlen > USB_SG_SIZE) ? USB_SG_SIZE : totlen;
1725 buf = kmalloc(u, GFP_KERNEL);
1730 sg_set_buf(&as->urb->sg[i], buf, u);
1733 if (copy_from_user(buf, uurb->buffer, u)) {
1741 } else if (uurb->buffer_length > 0) {
1743 unsigned long uurb_start = (unsigned long)uurb->buffer;
1745 as->urb->transfer_buffer = as->usbm->mem +
1746 (uurb_start - as->usbm->vm_start);
1748 as->urb->transfer_buffer = kmalloc(uurb->buffer_length,
1749 GFP_KERNEL | __GFP_NOWARN);
1750 if (!as->urb->transfer_buffer) {
1755 if (copy_from_user(as->urb->transfer_buffer,
1757 uurb->buffer_length)) {
1761 } else if (uurb->type == USBDEVFS_URB_TYPE_ISO) {
1763 * Isochronous input data may end up being
1764 * discontiguous if some of the packets are
1765 * short. Clear the buffer so that the gaps
1766 * don't leak kernel data to userspace.
1768 memset(as->urb->transfer_buffer, 0,
1769 uurb->buffer_length);
1773 as->urb->dev = ps->dev;
1774 as->urb->pipe = (uurb->type << 30) |
1775 __create_pipe(ps->dev, uurb->endpoint & 0xf) |
1776 (uurb->endpoint & USB_DIR_IN);
1778 /* This tedious sequence is necessary because the URB_* flags
1779 * are internal to the kernel and subject to change, whereas
1780 * the USBDEVFS_URB_* flags are a user API and must not be changed.
1782 u = (is_in ? URB_DIR_IN : URB_DIR_OUT);
1783 if (uurb->flags & USBDEVFS_URB_ISO_ASAP)
1785 if (allow_short && uurb->flags & USBDEVFS_URB_SHORT_NOT_OK)
1786 u |= URB_SHORT_NOT_OK;
1787 if (allow_zero && uurb->flags & USBDEVFS_URB_ZERO_PACKET)
1788 u |= URB_ZERO_PACKET;
1789 if (uurb->flags & USBDEVFS_URB_NO_INTERRUPT)
1790 u |= URB_NO_INTERRUPT;
1791 as->urb->transfer_flags = u;
1793 if (!allow_short && uurb->flags & USBDEVFS_URB_SHORT_NOT_OK)
1794 dev_warn(&ps->dev->dev, "Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.\n");
1795 if (!allow_zero && uurb->flags & USBDEVFS_URB_ZERO_PACKET)
1796 dev_warn(&ps->dev->dev, "Requested nonsensical USBDEVFS_URB_ZERO_PACKET.\n");
1798 as->urb->transfer_buffer_length = uurb->buffer_length;
1799 as->urb->setup_packet = (unsigned char *)dr;
1801 as->urb->start_frame = uurb->start_frame;
1802 as->urb->number_of_packets = number_of_packets;
1803 as->urb->stream_id = stream_id;
1805 if (ep->desc.bInterval) {
1806 if (uurb->type == USBDEVFS_URB_TYPE_ISO ||
1807 ps->dev->speed == USB_SPEED_HIGH ||
1808 ps->dev->speed >= USB_SPEED_SUPER)
1809 as->urb->interval = 1 <<
1810 min(15, ep->desc.bInterval - 1);
1812 as->urb->interval = ep->desc.bInterval;
1815 as->urb->context = as;
1816 as->urb->complete = async_completed;
1817 for (totlen = u = 0; u < number_of_packets; u++) {
1818 as->urb->iso_frame_desc[u].offset = totlen;
1819 as->urb->iso_frame_desc[u].length = isopkt[u].length;
1820 totlen += isopkt[u].length;
1826 as->userurb_sigval = userurb_sigval;
1828 unsigned long uurb_start = (unsigned long)uurb->buffer;
1830 as->urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
1831 as->urb->transfer_dma = as->usbm->dma_handle +
1832 (uurb_start - as->usbm->vm_start);
1833 } else if (is_in && uurb->buffer_length > 0)
1834 as->userbuffer = uurb->buffer;
1835 as->signr = uurb->signr;
1837 as->pid = get_pid(task_pid(current));
1838 as->cred = get_current_cred();
1839 snoop_urb(ps->dev, as->userurb, as->urb->pipe,
1840 as->urb->transfer_buffer_length, 0, SUBMIT,
1843 snoop_urb_data(as->urb, as->urb->transfer_buffer_length);
1845 async_newpending(as);
1847 if (usb_endpoint_xfer_bulk(&ep->desc)) {
1848 spin_lock_irq(&ps->lock);
1850 /* Not exactly the endpoint address; the direction bit is
1851 * shifted to the 0x10 position so that the value will be
1854 as->bulk_addr = usb_endpoint_num(&ep->desc) |
1855 ((ep->desc.bEndpointAddress & USB_ENDPOINT_DIR_MASK)
1858 /* If this bulk URB is the start of a new transfer, re-enable
1859 * the endpoint. Otherwise mark it as a continuation URB.
1861 if (uurb->flags & USBDEVFS_URB_BULK_CONTINUATION)
1862 as->bulk_status = AS_CONTINUATION;
1864 ps->disabled_bulk_eps &= ~(1 << as->bulk_addr);
1866 /* Don't accept continuation URBs if the endpoint is
1867 * disabled because of an earlier error.
1869 if (ps->disabled_bulk_eps & (1 << as->bulk_addr))
1872 ret = usb_submit_urb(as->urb, GFP_ATOMIC);
1873 spin_unlock_irq(&ps->lock);
1875 ret = usb_submit_urb(as->urb, GFP_KERNEL);
1879 dev_printk(KERN_DEBUG, &ps->dev->dev,
1880 "usbfs: usb_submit_urb returned %d\n", ret);
1881 snoop_urb(ps->dev, as->userurb, as->urb->pipe,
1882 0, ret, COMPLETE, NULL, 0);
1883 async_removepending(as);
1896 static int proc_submiturb(struct usb_dev_state *ps, void __user *arg)
1898 struct usbdevfs_urb uurb;
1899 sigval_t userurb_sigval;
1901 if (copy_from_user(&uurb, arg, sizeof(uurb)))
1904 memset(&userurb_sigval, 0, sizeof(userurb_sigval));
1905 userurb_sigval.sival_ptr = arg;
1907 return proc_do_submiturb(ps, &uurb,
1908 (((struct usbdevfs_urb __user *)arg)->iso_frame_desc),
1909 arg, userurb_sigval);
1912 static int proc_unlinkurb(struct usb_dev_state *ps, void __user *arg)
1916 unsigned long flags;
1918 spin_lock_irqsave(&ps->lock, flags);
1919 as = async_getpending(ps, arg);
1921 spin_unlock_irqrestore(&ps->lock, flags);
1927 spin_unlock_irqrestore(&ps->lock, flags);
1935 static void compute_isochronous_actual_length(struct urb *urb)
1939 if (urb->number_of_packets > 0) {
1940 urb->actual_length = 0;
1941 for (i = 0; i < urb->number_of_packets; i++)
1942 urb->actual_length +=
1943 urb->iso_frame_desc[i].actual_length;
1947 static int processcompl(struct async *as, void __user * __user *arg)
1949 struct urb *urb = as->urb;
1950 struct usbdevfs_urb __user *userurb = as->userurb;
1951 void __user *addr = as->userurb;
1954 compute_isochronous_actual_length(urb);
1955 if (as->userbuffer && urb->actual_length) {
1956 if (copy_urb_data_to_user(as->userbuffer, urb))
1959 if (put_user(as->status, &userurb->status))
1961 if (put_user(urb->actual_length, &userurb->actual_length))
1963 if (put_user(urb->error_count, &userurb->error_count))
1966 if (usb_endpoint_xfer_isoc(&urb->ep->desc)) {
1967 for (i = 0; i < urb->number_of_packets; i++) {
1968 if (put_user(urb->iso_frame_desc[i].actual_length,
1969 &userurb->iso_frame_desc[i].actual_length))
1971 if (put_user(urb->iso_frame_desc[i].status,
1972 &userurb->iso_frame_desc[i].status))
1977 if (put_user(addr, (void __user * __user *)arg))
1985 static struct async *reap_as(struct usb_dev_state *ps)
1987 DECLARE_WAITQUEUE(wait, current);
1988 struct async *as = NULL;
1989 struct usb_device *dev = ps->dev;
1991 add_wait_queue(&ps->wait, &wait);
1993 __set_current_state(TASK_INTERRUPTIBLE);
1994 as = async_getcompleted(ps);
1995 if (as || !connected(ps))
1997 if (signal_pending(current))
1999 usb_unlock_device(dev);
2001 usb_lock_device(dev);
2003 remove_wait_queue(&ps->wait, &wait);
2004 set_current_state(TASK_RUNNING);
2008 static int proc_reapurb(struct usb_dev_state *ps, void __user *arg)
2010 struct async *as = reap_as(ps);
2015 snoop(&ps->dev->dev, "reap %px\n", as->userurb);
2016 retval = processcompl(as, (void __user * __user *)arg);
2020 if (signal_pending(current))
2025 static int proc_reapurbnonblock(struct usb_dev_state *ps, void __user *arg)
2030 as = async_getcompleted(ps);
2032 snoop(&ps->dev->dev, "reap %px\n", as->userurb);
2033 retval = processcompl(as, (void __user * __user *)arg);
2036 retval = (connected(ps) ? -EAGAIN : -ENODEV);
2041 #ifdef CONFIG_COMPAT
2042 static int proc_control_compat(struct usb_dev_state *ps,
2043 struct usbdevfs_ctrltransfer32 __user *p32)
2045 struct usbdevfs_ctrltransfer ctrl;
2048 if (copy_from_user(&ctrl, p32, sizeof(*p32) - sizeof(compat_caddr_t)) ||
2049 get_user(udata, &p32->data))
2051 ctrl.data = compat_ptr(udata);
2052 return do_proc_control(ps, &ctrl);
2055 static int proc_bulk_compat(struct usb_dev_state *ps,
2056 struct usbdevfs_bulktransfer32 __user *p32)
2058 struct usbdevfs_bulktransfer bulk;
2059 compat_caddr_t addr;
2061 if (get_user(bulk.ep, &p32->ep) ||
2062 get_user(bulk.len, &p32->len) ||
2063 get_user(bulk.timeout, &p32->timeout) ||
2064 get_user(addr, &p32->data))
2066 bulk.data = compat_ptr(addr);
2067 return do_proc_bulk(ps, &bulk);
2070 static int proc_disconnectsignal_compat(struct usb_dev_state *ps, void __user *arg)
2072 struct usbdevfs_disconnectsignal32 ds;
2074 if (copy_from_user(&ds, arg, sizeof(ds)))
2076 ps->discsignr = ds.signr;
2077 ps->disccontext.sival_int = ds.context;
2081 static int get_urb32(struct usbdevfs_urb *kurb,
2082 struct usbdevfs_urb32 __user *uurb)
2084 struct usbdevfs_urb32 urb32;
2085 if (copy_from_user(&urb32, uurb, sizeof(*uurb)))
2087 kurb->type = urb32.type;
2088 kurb->endpoint = urb32.endpoint;
2089 kurb->status = urb32.status;
2090 kurb->flags = urb32.flags;
2091 kurb->buffer = compat_ptr(urb32.buffer);
2092 kurb->buffer_length = urb32.buffer_length;
2093 kurb->actual_length = urb32.actual_length;
2094 kurb->start_frame = urb32.start_frame;
2095 kurb->number_of_packets = urb32.number_of_packets;
2096 kurb->error_count = urb32.error_count;
2097 kurb->signr = urb32.signr;
2098 kurb->usercontext = compat_ptr(urb32.usercontext);
2102 static int proc_submiturb_compat(struct usb_dev_state *ps, void __user *arg)
2104 struct usbdevfs_urb uurb;
2105 sigval_t userurb_sigval;
2107 if (get_urb32(&uurb, (struct usbdevfs_urb32 __user *)arg))
2110 memset(&userurb_sigval, 0, sizeof(userurb_sigval));
2111 userurb_sigval.sival_int = ptr_to_compat(arg);
2113 return proc_do_submiturb(ps, &uurb,
2114 ((struct usbdevfs_urb32 __user *)arg)->iso_frame_desc,
2115 arg, userurb_sigval);
2118 static int processcompl_compat(struct async *as, void __user * __user *arg)
2120 struct urb *urb = as->urb;
2121 struct usbdevfs_urb32 __user *userurb = as->userurb;
2122 void __user *addr = as->userurb;
2125 compute_isochronous_actual_length(urb);
2126 if (as->userbuffer && urb->actual_length) {
2127 if (copy_urb_data_to_user(as->userbuffer, urb))
2130 if (put_user(as->status, &userurb->status))
2132 if (put_user(urb->actual_length, &userurb->actual_length))
2134 if (put_user(urb->error_count, &userurb->error_count))
2137 if (usb_endpoint_xfer_isoc(&urb->ep->desc)) {
2138 for (i = 0; i < urb->number_of_packets; i++) {
2139 if (put_user(urb->iso_frame_desc[i].actual_length,
2140 &userurb->iso_frame_desc[i].actual_length))
2142 if (put_user(urb->iso_frame_desc[i].status,
2143 &userurb->iso_frame_desc[i].status))
2148 if (put_user(ptr_to_compat(addr), (u32 __user *)arg))
2153 static int proc_reapurb_compat(struct usb_dev_state *ps, void __user *arg)
2155 struct async *as = reap_as(ps);
2160 snoop(&ps->dev->dev, "reap %px\n", as->userurb);
2161 retval = processcompl_compat(as, (void __user * __user *)arg);
2165 if (signal_pending(current))
2170 static int proc_reapurbnonblock_compat(struct usb_dev_state *ps, void __user *arg)
2175 as = async_getcompleted(ps);
2177 snoop(&ps->dev->dev, "reap %px\n", as->userurb);
2178 retval = processcompl_compat(as, (void __user * __user *)arg);
2181 retval = (connected(ps) ? -EAGAIN : -ENODEV);
2189 static int proc_disconnectsignal(struct usb_dev_state *ps, void __user *arg)
2191 struct usbdevfs_disconnectsignal ds;
2193 if (copy_from_user(&ds, arg, sizeof(ds)))
2195 ps->discsignr = ds.signr;
2196 ps->disccontext.sival_ptr = ds.context;
2200 static int proc_claiminterface(struct usb_dev_state *ps, void __user *arg)
2204 if (get_user(ifnum, (unsigned int __user *)arg))
2206 return claimintf(ps, ifnum);
2209 static int proc_releaseinterface(struct usb_dev_state *ps, void __user *arg)
2214 if (get_user(ifnum, (unsigned int __user *)arg))
2216 ret = releaseintf(ps, ifnum);
2219 destroy_async_on_interface(ps, ifnum);
2223 static int proc_ioctl(struct usb_dev_state *ps, struct usbdevfs_ioctl *ctl)
2228 struct usb_interface *intf = NULL;
2229 struct usb_driver *driver = NULL;
2231 if (ps->privileges_dropped)
2238 size = _IOC_SIZE(ctl->ioctl_code);
2240 buf = kmalloc(size, GFP_KERNEL);
2243 if ((_IOC_DIR(ctl->ioctl_code) & _IOC_WRITE)) {
2244 if (copy_from_user(buf, ctl->data, size)) {
2249 memset(buf, 0, size);
2253 if (ps->dev->state != USB_STATE_CONFIGURED)
2254 retval = -EHOSTUNREACH;
2255 else if (!(intf = usb_ifnum_to_if(ps->dev, ctl->ifno)))
2257 else switch (ctl->ioctl_code) {
2259 /* disconnect kernel driver from interface */
2260 case USBDEVFS_DISCONNECT:
2261 if (intf->dev.driver) {
2262 driver = to_usb_driver(intf->dev.driver);
2263 dev_dbg(&intf->dev, "disconnect by usbfs\n");
2264 usb_driver_release_interface(driver, intf);
2269 /* let kernel drivers try to (re)bind to the interface */
2270 case USBDEVFS_CONNECT:
2271 if (!intf->dev.driver)
2272 retval = device_attach(&intf->dev);
2277 /* talk directly to the interface's driver */
2279 if (intf->dev.driver)
2280 driver = to_usb_driver(intf->dev.driver);
2281 if (driver == NULL || driver->unlocked_ioctl == NULL) {
2284 retval = driver->unlocked_ioctl(intf, ctl->ioctl_code, buf);
2285 if (retval == -ENOIOCTLCMD)
2290 /* cleanup and return */
2292 && (_IOC_DIR(ctl->ioctl_code) & _IOC_READ) != 0
2294 && copy_to_user(ctl->data, buf, size) != 0)
2301 static int proc_ioctl_default(struct usb_dev_state *ps, void __user *arg)
2303 struct usbdevfs_ioctl ctrl;
2305 if (copy_from_user(&ctrl, arg, sizeof(ctrl)))
2307 return proc_ioctl(ps, &ctrl);
2310 #ifdef CONFIG_COMPAT
2311 static int proc_ioctl_compat(struct usb_dev_state *ps, compat_uptr_t arg)
2313 struct usbdevfs_ioctl32 ioc32;
2314 struct usbdevfs_ioctl ctrl;
2316 if (copy_from_user(&ioc32, compat_ptr(arg), sizeof(ioc32)))
2318 ctrl.ifno = ioc32.ifno;
2319 ctrl.ioctl_code = ioc32.ioctl_code;
2320 ctrl.data = compat_ptr(ioc32.data);
2321 return proc_ioctl(ps, &ctrl);
2325 static int proc_claim_port(struct usb_dev_state *ps, void __user *arg)
2330 if (get_user(portnum, (unsigned __user *) arg))
2332 rc = usb_hub_claim_port(ps->dev, portnum, ps);
2334 snoop(&ps->dev->dev, "port %d claimed by process %d: %s\n",
2335 portnum, task_pid_nr(current), current->comm);
2339 static int proc_release_port(struct usb_dev_state *ps, void __user *arg)
2343 if (get_user(portnum, (unsigned __user *) arg))
2345 return usb_hub_release_port(ps->dev, portnum, ps);
2348 static int proc_get_capabilities(struct usb_dev_state *ps, void __user *arg)
2352 caps = USBDEVFS_CAP_ZERO_PACKET | USBDEVFS_CAP_NO_PACKET_SIZE_LIM |
2353 USBDEVFS_CAP_REAP_AFTER_DISCONNECT | USBDEVFS_CAP_MMAP |
2354 USBDEVFS_CAP_DROP_PRIVILEGES |
2355 USBDEVFS_CAP_CONNINFO_EX | MAYBE_CAP_SUSPEND;
2356 if (!ps->dev->bus->no_stop_on_short)
2357 caps |= USBDEVFS_CAP_BULK_CONTINUATION;
2358 if (ps->dev->bus->sg_tablesize)
2359 caps |= USBDEVFS_CAP_BULK_SCATTER_GATHER;
2361 if (put_user(caps, (__u32 __user *)arg))
2367 static int proc_disconnect_claim(struct usb_dev_state *ps, void __user *arg)
2369 struct usbdevfs_disconnect_claim dc;
2370 struct usb_interface *intf;
2372 if (copy_from_user(&dc, arg, sizeof(dc)))
2375 intf = usb_ifnum_to_if(ps->dev, dc.interface);
2379 if (intf->dev.driver) {
2380 struct usb_driver *driver = to_usb_driver(intf->dev.driver);
2382 if (ps->privileges_dropped)
2385 if ((dc.flags & USBDEVFS_DISCONNECT_CLAIM_IF_DRIVER) &&
2386 strncmp(dc.driver, intf->dev.driver->name,
2387 sizeof(dc.driver)) != 0)
2390 if ((dc.flags & USBDEVFS_DISCONNECT_CLAIM_EXCEPT_DRIVER) &&
2391 strncmp(dc.driver, intf->dev.driver->name,
2392 sizeof(dc.driver)) == 0)
2395 dev_dbg(&intf->dev, "disconnect by usbfs\n");
2396 usb_driver_release_interface(driver, intf);
2399 return claimintf(ps, dc.interface);
2402 static int proc_alloc_streams(struct usb_dev_state *ps, void __user *arg)
2404 unsigned num_streams, num_eps;
2405 struct usb_host_endpoint **eps;
2406 struct usb_interface *intf;
2409 r = parse_usbdevfs_streams(ps, arg, &num_streams, &num_eps,
2414 destroy_async_on_interface(ps,
2415 intf->altsetting[0].desc.bInterfaceNumber);
2417 r = usb_alloc_streams(intf, eps, num_eps, num_streams, GFP_KERNEL);
2422 static int proc_free_streams(struct usb_dev_state *ps, void __user *arg)
2425 struct usb_host_endpoint **eps;
2426 struct usb_interface *intf;
2429 r = parse_usbdevfs_streams(ps, arg, NULL, &num_eps, &eps, &intf);
2433 destroy_async_on_interface(ps,
2434 intf->altsetting[0].desc.bInterfaceNumber);
2436 r = usb_free_streams(intf, eps, num_eps, GFP_KERNEL);
2441 static int proc_drop_privileges(struct usb_dev_state *ps, void __user *arg)
2445 if (copy_from_user(&data, arg, sizeof(data)))
2448 /* This is a one way operation. Once privileges are
2449 * dropped, you cannot regain them. You may however reissue
2450 * this ioctl to shrink the allowed interfaces mask.
2452 ps->interface_allowed_mask &= data;
2453 ps->privileges_dropped = true;
2458 static int proc_forbid_suspend(struct usb_dev_state *ps)
2462 if (ps->suspend_allowed) {
2463 ret = usb_autoresume_device(ps->dev);
2465 ps->suspend_allowed = false;
2466 else if (ret != -ENODEV)
2472 static int proc_allow_suspend(struct usb_dev_state *ps)
2477 WRITE_ONCE(ps->not_yet_resumed, 1);
2478 if (!ps->suspend_allowed) {
2479 usb_autosuspend_device(ps->dev);
2480 ps->suspend_allowed = true;
2485 static int proc_wait_for_resume(struct usb_dev_state *ps)
2489 usb_unlock_device(ps->dev);
2490 ret = wait_event_interruptible(ps->wait_for_resume,
2491 READ_ONCE(ps->not_yet_resumed) == 0);
2492 usb_lock_device(ps->dev);
2496 return proc_forbid_suspend(ps);
2500 * NOTE: All requests here that have interface numbers as parameters
2501 * are assuming that somehow the configuration has been prevented from
2502 * changing. But there's no mechanism to ensure that...
2504 static long usbdev_do_ioctl(struct file *file, unsigned int cmd,
2507 struct usb_dev_state *ps = file->private_data;
2508 struct inode *inode = file_inode(file);
2509 struct usb_device *dev = ps->dev;
2512 if (!(file->f_mode & FMODE_WRITE))
2515 usb_lock_device(dev);
2517 /* Reap operations are allowed even after disconnection */
2519 case USBDEVFS_REAPURB:
2520 snoop(&dev->dev, "%s: REAPURB\n", __func__);
2521 ret = proc_reapurb(ps, p);
2524 case USBDEVFS_REAPURBNDELAY:
2525 snoop(&dev->dev, "%s: REAPURBNDELAY\n", __func__);
2526 ret = proc_reapurbnonblock(ps, p);
2529 #ifdef CONFIG_COMPAT
2530 case USBDEVFS_REAPURB32:
2531 snoop(&dev->dev, "%s: REAPURB32\n", __func__);
2532 ret = proc_reapurb_compat(ps, p);
2535 case USBDEVFS_REAPURBNDELAY32:
2536 snoop(&dev->dev, "%s: REAPURBNDELAY32\n", __func__);
2537 ret = proc_reapurbnonblock_compat(ps, p);
2542 if (!connected(ps)) {
2543 usb_unlock_device(dev);
2548 case USBDEVFS_CONTROL:
2549 snoop(&dev->dev, "%s: CONTROL\n", __func__);
2550 ret = proc_control(ps, p);
2552 inode->i_mtime = current_time(inode);
2556 snoop(&dev->dev, "%s: BULK\n", __func__);
2557 ret = proc_bulk(ps, p);
2559 inode->i_mtime = current_time(inode);
2562 case USBDEVFS_RESETEP:
2563 snoop(&dev->dev, "%s: RESETEP\n", __func__);
2564 ret = proc_resetep(ps, p);
2566 inode->i_mtime = current_time(inode);
2569 case USBDEVFS_RESET:
2570 snoop(&dev->dev, "%s: RESET\n", __func__);
2571 ret = proc_resetdevice(ps);
2574 case USBDEVFS_CLEAR_HALT:
2575 snoop(&dev->dev, "%s: CLEAR_HALT\n", __func__);
2576 ret = proc_clearhalt(ps, p);
2578 inode->i_mtime = current_time(inode);
2581 case USBDEVFS_GETDRIVER:
2582 snoop(&dev->dev, "%s: GETDRIVER\n", __func__);
2583 ret = proc_getdriver(ps, p);
2586 case USBDEVFS_CONNECTINFO:
2587 snoop(&dev->dev, "%s: CONNECTINFO\n", __func__);
2588 ret = proc_connectinfo(ps, p);
2591 case USBDEVFS_SETINTERFACE:
2592 snoop(&dev->dev, "%s: SETINTERFACE\n", __func__);
2593 ret = proc_setintf(ps, p);
2596 case USBDEVFS_SETCONFIGURATION:
2597 snoop(&dev->dev, "%s: SETCONFIGURATION\n", __func__);
2598 ret = proc_setconfig(ps, p);
2601 case USBDEVFS_SUBMITURB:
2602 snoop(&dev->dev, "%s: SUBMITURB\n", __func__);
2603 ret = proc_submiturb(ps, p);
2605 inode->i_mtime = current_time(inode);
2608 #ifdef CONFIG_COMPAT
2609 case USBDEVFS_CONTROL32:
2610 snoop(&dev->dev, "%s: CONTROL32\n", __func__);
2611 ret = proc_control_compat(ps, p);
2613 inode->i_mtime = current_time(inode);
2616 case USBDEVFS_BULK32:
2617 snoop(&dev->dev, "%s: BULK32\n", __func__);
2618 ret = proc_bulk_compat(ps, p);
2620 inode->i_mtime = current_time(inode);
2623 case USBDEVFS_DISCSIGNAL32:
2624 snoop(&dev->dev, "%s: DISCSIGNAL32\n", __func__);
2625 ret = proc_disconnectsignal_compat(ps, p);
2628 case USBDEVFS_SUBMITURB32:
2629 snoop(&dev->dev, "%s: SUBMITURB32\n", __func__);
2630 ret = proc_submiturb_compat(ps, p);
2632 inode->i_mtime = current_time(inode);
2635 case USBDEVFS_IOCTL32:
2636 snoop(&dev->dev, "%s: IOCTL32\n", __func__);
2637 ret = proc_ioctl_compat(ps, ptr_to_compat(p));
2641 case USBDEVFS_DISCARDURB:
2642 snoop(&dev->dev, "%s: DISCARDURB %px\n", __func__, p);
2643 ret = proc_unlinkurb(ps, p);
2646 case USBDEVFS_DISCSIGNAL:
2647 snoop(&dev->dev, "%s: DISCSIGNAL\n", __func__);
2648 ret = proc_disconnectsignal(ps, p);
2651 case USBDEVFS_CLAIMINTERFACE:
2652 snoop(&dev->dev, "%s: CLAIMINTERFACE\n", __func__);
2653 ret = proc_claiminterface(ps, p);
2656 case USBDEVFS_RELEASEINTERFACE:
2657 snoop(&dev->dev, "%s: RELEASEINTERFACE\n", __func__);
2658 ret = proc_releaseinterface(ps, p);
2661 case USBDEVFS_IOCTL:
2662 snoop(&dev->dev, "%s: IOCTL\n", __func__);
2663 ret = proc_ioctl_default(ps, p);
2666 case USBDEVFS_CLAIM_PORT:
2667 snoop(&dev->dev, "%s: CLAIM_PORT\n", __func__);
2668 ret = proc_claim_port(ps, p);
2671 case USBDEVFS_RELEASE_PORT:
2672 snoop(&dev->dev, "%s: RELEASE_PORT\n", __func__);
2673 ret = proc_release_port(ps, p);
2675 case USBDEVFS_GET_CAPABILITIES:
2676 ret = proc_get_capabilities(ps, p);
2678 case USBDEVFS_DISCONNECT_CLAIM:
2679 ret = proc_disconnect_claim(ps, p);
2681 case USBDEVFS_ALLOC_STREAMS:
2682 ret = proc_alloc_streams(ps, p);
2684 case USBDEVFS_FREE_STREAMS:
2685 ret = proc_free_streams(ps, p);
2687 case USBDEVFS_DROP_PRIVILEGES:
2688 ret = proc_drop_privileges(ps, p);
2690 case USBDEVFS_GET_SPEED:
2691 ret = ps->dev->speed;
2693 case USBDEVFS_FORBID_SUSPEND:
2694 ret = proc_forbid_suspend(ps);
2696 case USBDEVFS_ALLOW_SUSPEND:
2697 ret = proc_allow_suspend(ps);
2699 case USBDEVFS_WAIT_FOR_RESUME:
2700 ret = proc_wait_for_resume(ps);
2704 /* Handle variable-length commands */
2705 switch (cmd & ~IOCSIZE_MASK) {
2706 case USBDEVFS_CONNINFO_EX(0):
2707 ret = proc_conninfo_ex(ps, p, _IOC_SIZE(cmd));
2712 usb_unlock_device(dev);
2714 inode->i_atime = current_time(inode);
2718 static long usbdev_ioctl(struct file *file, unsigned int cmd,
2723 ret = usbdev_do_ioctl(file, cmd, (void __user *)arg);
2728 /* No kernel lock - fine */
2729 static __poll_t usbdev_poll(struct file *file,
2730 struct poll_table_struct *wait)
2732 struct usb_dev_state *ps = file->private_data;
2735 poll_wait(file, &ps->wait, wait);
2736 if (file->f_mode & FMODE_WRITE && !list_empty(&ps->async_completed))
2737 mask |= EPOLLOUT | EPOLLWRNORM;
2740 if (list_empty(&ps->list))
2745 const struct file_operations usbdev_file_operations = {
2746 .owner = THIS_MODULE,
2747 .llseek = no_seek_end_llseek,
2748 .read = usbdev_read,
2749 .poll = usbdev_poll,
2750 .unlocked_ioctl = usbdev_ioctl,
2751 .compat_ioctl = compat_ptr_ioctl,
2752 .mmap = usbdev_mmap,
2753 .open = usbdev_open,
2754 .release = usbdev_release,
2757 static void usbdev_remove(struct usb_device *udev)
2759 struct usb_dev_state *ps;
2761 /* Protect against simultaneous resume */
2762 mutex_lock(&usbfs_mutex);
2763 while (!list_empty(&udev->filelist)) {
2764 ps = list_entry(udev->filelist.next, struct usb_dev_state, list);
2765 destroy_all_async(ps);
2766 wake_up_all(&ps->wait);
2767 WRITE_ONCE(ps->not_yet_resumed, 0);
2768 wake_up_all(&ps->wait_for_resume);
2769 list_del_init(&ps->list);
2771 kill_pid_usb_asyncio(ps->discsignr, EPIPE, ps->disccontext,
2772 ps->disc_pid, ps->cred);
2774 mutex_unlock(&usbfs_mutex);
2777 static int usbdev_notify(struct notifier_block *self,
2778 unsigned long action, void *dev)
2781 case USB_DEVICE_ADD:
2783 case USB_DEVICE_REMOVE:
2790 static struct notifier_block usbdev_nb = {
2791 .notifier_call = usbdev_notify,
2794 static struct cdev usb_device_cdev;
2796 int __init usb_devio_init(void)
2800 retval = register_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX,
2803 printk(KERN_ERR "Unable to register minors for usb_device\n");
2806 cdev_init(&usb_device_cdev, &usbdev_file_operations);
2807 retval = cdev_add(&usb_device_cdev, USB_DEVICE_DEV, USB_DEVICE_MAX);
2809 printk(KERN_ERR "Unable to get usb_device major %d\n",
2813 usb_register_notify(&usbdev_nb);
2818 unregister_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX);
2822 void usb_devio_cleanup(void)
2824 usb_unregister_notify(&usbdev_nb);
2825 cdev_del(&usb_device_cdev);
2826 unregister_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX);