devio.c 59.3 KB
Newer Older
Linus Torvalds's avatar
Linus Torvalds committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
/*****************************************************************************/

/*
 *      devio.c  --  User space communication with USB devices.
 *
 *      Copyright (C) 1999-2000  Thomas Sailer (sailer@ife.ee.ethz.ch)
 *
 *      This program is free software; you can redistribute it and/or modify
 *      it under the terms of the GNU General Public License as published by
 *      the Free Software Foundation; either version 2 of the License, or
 *      (at your option) any later version.
 *
 *      This program is distributed in the hope that it will be useful,
 *      but WITHOUT ANY WARRANTY; without even the implied warranty of
 *      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *      GNU General Public License for more details.
 *
 *      You should have received a copy of the GNU General Public License
 *      along with this program; if not, write to the Free Software
 *      Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 *
 *  This file implements the usbfs/x/y files, where
 *  x is the bus number and y the device number.
 *
 *  It allows user space programs/"drivers" to communicate directly
 *  with USB devices without intervening kernel driver.
 *
 *  Revision history
 *    22.12.1999   0.1   Initial release (split from proc_usb.c)
 *    04.01.2000   0.2   Turned into its own filesystem
31
32
 *    30.09.2005   0.3   Fix user-triggerable oops in async URB delivery
 *    			 (CAN-2005-3055)
Linus Torvalds's avatar
Linus Torvalds committed
33
34
35
36
37
38
39
40
41
42
 */

/*****************************************************************************/

#include <linux/fs.h>
#include <linux/mm.h>
#include <linux/slab.h>
#include <linux/signal.h>
#include <linux/poll.h>
#include <linux/module.h>
43
#include <linux/string.h>
Linus Torvalds's avatar
Linus Torvalds committed
44
45
#include <linux/usb.h>
#include <linux/usbdevice_fs.h>
46
#include <linux/usb/hcd.h>	/* for usbcore internals */
47
#include <linux/cdev.h>
48
#include <linux/notifier.h>
49
#include <linux/security.h>
50
#include <linux/user_namespace.h>
51
#include <linux/scatterlist.h>
52
#include <linux/uaccess.h>
Linus Torvalds's avatar
Linus Torvalds committed
53
54
55
56
57
#include <asm/byteorder.h>
#include <linux/moduleparam.h>

#include "usb.h"

58
#define USB_MAXBUS			64
59
#define USB_DEVICE_MAX			(USB_MAXBUS * 128)
60
#define USB_SG_SIZE			16384 /* split-size for large txs */
61

62
63
64
/* Mutual exclusion for removal, open, and release */
DEFINE_MUTEX(usbfs_mutex);

65
struct usb_dev_state {
66
67
68
69
70
71
72
73
74
	struct list_head list;      /* state list */
	struct usb_device *dev;
	struct file *file;
	spinlock_t lock;            /* protects the async urb lists */
	struct list_head async_pending;
	struct list_head async_completed;
	wait_queue_head_t wait;     /* wake up if a request completed */
	unsigned int discsignr;
	struct pid *disc_pid;
75
	const struct cred *cred;
76
77
78
	void __user *disccontext;
	unsigned long ifclaimed;
	u32 secid;
79
	u32 disabled_bulk_eps;
80
81
};

Linus Torvalds's avatar
Linus Torvalds committed
82
83
struct async {
	struct list_head asynclist;
84
	struct usb_dev_state *ps;
85
	struct pid *pid;
86
	const struct cred *cred;
Linus Torvalds's avatar
Linus Torvalds committed
87
88
89
90
91
	unsigned int signr;
	unsigned int ifnum;
	void __user *userbuffer;
	void __user *userurb;
	struct urb *urb;
92
	unsigned int mem_usage;
93
	int status;
94
	u32 secid;
95
96
	u8 bulk_addr;
	u8 bulk_status;
Linus Torvalds's avatar
Linus Torvalds committed
97
98
};

99
static bool usbfs_snoop;
100
101
module_param(usbfs_snoop, bool, S_IRUGO | S_IWUSR);
MODULE_PARM_DESC(usbfs_snoop, "true to log all usbfs traffic");
Linus Torvalds's avatar
Linus Torvalds committed
102
103
104
105

#define snoop(dev, format, arg...)				\
	do {							\
		if (usbfs_snoop)				\
106
			dev_info(dev , format , ## arg);	\
Linus Torvalds's avatar
Linus Torvalds committed
107
108
	} while (0)

109
110
111
enum snoop_when {
	SUBMIT, COMPLETE
};
112

113
#define USB_DEVICE_DEV		MKDEV(USB_DEVICE_MAJOR, 0)
Linus Torvalds's avatar
Linus Torvalds committed
114

115
/* Limit on the total amount of memory we can allocate for transfers */
116
117
118
119
120
static unsigned usbfs_memory_mb = 16;
module_param(usbfs_memory_mb, uint, 0644);
MODULE_PARM_DESC(usbfs_memory_mb,
		"maximum MB allowed for usbfs buffers (0 = no limit)");

121
/* Hard limit, necessary to avoid arithmetic overflow */
122
#define USBFS_XFER_MAX		(UINT_MAX / 2 - 1000000)
Linus Torvalds's avatar
Linus Torvalds committed
123

124
125
126
127
128
static atomic_t usbfs_memory_usage;	/* Total memory currently allocated */

/* Check whether it's okay to allocate more memory for a transfer */
static int usbfs_increase_memory_usage(unsigned amount)
{
129
130
131
132
133
134
135
136
137
138
139
140
	unsigned lim;

	/*
	 * Convert usbfs_memory_mb to bytes, avoiding overflows.
	 * 0 means use the hard limit (effectively unlimited).
	 */
	lim = ACCESS_ONCE(usbfs_memory_mb);
	if (lim == 0 || lim > (USBFS_XFER_MAX >> 20))
		lim = USBFS_XFER_MAX;
	else
		lim <<= 20;

141
	atomic_add(amount, &usbfs_memory_usage);
142
	if (atomic_read(&usbfs_memory_usage) <= lim)
143
144
145
146
147
148
149
150
151
152
		return 0;
	atomic_sub(amount, &usbfs_memory_usage);
	return -ENOMEM;
}

/* Memory for a transfer is being deallocated */
static void usbfs_decrease_memory_usage(unsigned amount)
{
	atomic_sub(amount, &usbfs_memory_usage);
}
153

154
static int connected(struct usb_dev_state *ps)
Linus Torvalds's avatar
Linus Torvalds committed
155
{
156
157
	return (!list_empty(&ps->list) &&
			ps->dev->state != USB_STATE_NOTATTACHED);
Linus Torvalds's avatar
Linus Torvalds committed
158
159
160
161
162
163
}

static loff_t usbdev_lseek(struct file *file, loff_t offset, int orig)
{
	loff_t ret;

Al Viro's avatar
Al Viro committed
164
	mutex_lock(&file_inode(file)->i_mutex);
Linus Torvalds's avatar
Linus Torvalds committed
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179

	switch (orig) {
	case 0:
		file->f_pos = offset;
		ret = file->f_pos;
		break;
	case 1:
		file->f_pos += offset;
		ret = file->f_pos;
		break;
	case 2:
	default:
		ret = -EINVAL;
	}

Al Viro's avatar
Al Viro committed
180
	mutex_unlock(&file_inode(file)->i_mutex);
Linus Torvalds's avatar
Linus Torvalds committed
181
182
183
	return ret;
}

184
185
static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes,
			   loff_t *ppos)
Linus Torvalds's avatar
Linus Torvalds committed
186
{
187
	struct usb_dev_state *ps = file->private_data;
Linus Torvalds's avatar
Linus Torvalds committed
188
189
190
191
192
193
194
195
	struct usb_device *dev = ps->dev;
	ssize_t ret = 0;
	unsigned len;
	loff_t pos;
	int i;

	pos = *ppos;
	usb_lock_device(dev);
196
	if (!connected(ps)) {
Linus Torvalds's avatar
Linus Torvalds committed
197
198
199
200
201
202
203
204
		ret = -ENODEV;
		goto err;
	} else if (pos < 0) {
		ret = -EINVAL;
		goto err;
	}

	if (pos < sizeof(struct usb_device_descriptor)) {
205
206
		/* 18 bytes - fits on the stack */
		struct usb_device_descriptor temp_desc;
207
208

		memcpy(&temp_desc, &dev->descriptor, sizeof(dev->descriptor));
209
210
211
212
		le16_to_cpus(&temp_desc.bcdUSB);
		le16_to_cpus(&temp_desc.idVendor);
		le16_to_cpus(&temp_desc.idProduct);
		le16_to_cpus(&temp_desc.bcdDevice);
Linus Torvalds's avatar
Linus Torvalds committed
213
214
215
216

		len = sizeof(struct usb_device_descriptor) - pos;
		if (len > nbytes)
			len = nbytes;
217
		if (copy_to_user(buf, ((char *)&temp_desc) + pos, len)) {
Linus Torvalds's avatar
Linus Torvalds committed
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
			ret = -EFAULT;
			goto err;
		}

		*ppos += len;
		buf += len;
		nbytes -= len;
		ret += len;
	}

	pos = sizeof(struct usb_device_descriptor);
	for (i = 0; nbytes && i < dev->descriptor.bNumConfigurations; i++) {
		struct usb_config_descriptor *config =
			(struct usb_config_descriptor *)dev->rawdescriptors[i];
		unsigned int length = le16_to_cpu(config->wTotalLength);

		if (*ppos < pos + length) {

			/* The descriptor may claim to be longer than it
			 * really is.  Here is the actual allocated length. */
			unsigned alloclen =
				le16_to_cpu(dev->config[i].desc.wTotalLength);

			len = length - (*ppos - pos);
			if (len > nbytes)
				len = nbytes;

			/* Simply don't write (skip over) unallocated parts */
			if (alloclen > (*ppos - pos)) {
				alloclen -= (*ppos - pos);
				if (copy_to_user(buf,
				    dev->rawdescriptors[i] + (*ppos - pos),
				    min(len, alloclen))) {
					ret = -EFAULT;
					goto err;
				}
			}

			*ppos += len;
			buf += len;
			nbytes -= len;
			ret += len;
		}

		pos += length;
	}

err:
	usb_unlock_device(dev);
	return ret;
}

/*
 * async list handling
 */

static struct async *alloc_async(unsigned int numisoframes)
{
276
	struct async *as;
277

278
	as = kzalloc(sizeof(struct async), GFP_KERNEL);
279
280
	if (!as)
		return NULL;
Linus Torvalds's avatar
Linus Torvalds committed
281
282
283
284
285
	as->urb = usb_alloc_urb(numisoframes, GFP_KERNEL);
	if (!as->urb) {
		kfree(as);
		return NULL;
	}
286
	return as;
Linus Torvalds's avatar
Linus Torvalds committed
287
288
289
290
}

static void free_async(struct async *as)
{
291
292
	int i;

293
	put_pid(as->pid);
294
295
	if (as->cred)
		put_cred(as->cred);
296
297
298
299
300
	for (i = 0; i < as->urb->num_sgs; i++) {
		if (sg_page(&as->urb->sg[i]))
			kfree(sg_virt(&as->urb->sg[i]));
	}
	kfree(as->urb->sg);
301
302
	kfree(as->urb->transfer_buffer);
	kfree(as->urb->setup_packet);
Linus Torvalds's avatar
Linus Torvalds committed
303
	usb_free_urb(as->urb);
304
	usbfs_decrease_memory_usage(as->mem_usage);
305
	kfree(as);
Linus Torvalds's avatar
Linus Torvalds committed
306
307
}

308
static void async_newpending(struct async *as)
Linus Torvalds's avatar
Linus Torvalds committed
309
{
310
	struct usb_dev_state *ps = as->ps;
311
312
313
314
315
	unsigned long flags;

	spin_lock_irqsave(&ps->lock, flags);
	list_add_tail(&as->asynclist, &ps->async_pending);
	spin_unlock_irqrestore(&ps->lock, flags);
Linus Torvalds's avatar
Linus Torvalds committed
316
317
}

318
static void async_removepending(struct async *as)
Linus Torvalds's avatar
Linus Torvalds committed
319
{
320
	struct usb_dev_state *ps = as->ps;
321
322
323
324
325
	unsigned long flags;

	spin_lock_irqsave(&ps->lock, flags);
	list_del_init(&as->asynclist);
	spin_unlock_irqrestore(&ps->lock, flags);
Linus Torvalds's avatar
Linus Torvalds committed
326
327
}

328
static struct async *async_getcompleted(struct usb_dev_state *ps)
Linus Torvalds's avatar
Linus Torvalds committed
329
{
330
331
332
333
334
335
336
337
338
339
340
	unsigned long flags;
	struct async *as = NULL;

	spin_lock_irqsave(&ps->lock, flags);
	if (!list_empty(&ps->async_completed)) {
		as = list_entry(ps->async_completed.next, struct async,
				asynclist);
		list_del_init(&as->asynclist);
	}
	spin_unlock_irqrestore(&ps->lock, flags);
	return as;
Linus Torvalds's avatar
Linus Torvalds committed
341
342
}

343
static struct async *async_getpending(struct usb_dev_state *ps,
344
					     void __user *userurb)
Linus Torvalds's avatar
Linus Torvalds committed
345
{
346
	struct async *as;
Linus Torvalds's avatar
Linus Torvalds committed
347
348
349
350
351
352

	list_for_each_entry(as, &ps->async_pending, asynclist)
		if (as->userurb == userurb) {
			list_del_init(&as->asynclist);
			return as;
		}
Huajun Li's avatar
Huajun Li committed
353

354
	return NULL;
Linus Torvalds's avatar
Linus Torvalds committed
355
356
}

357
358
static void snoop_urb(struct usb_device *udev,
		void __user *userurb, int pipe, unsigned length,
359
360
		int timeout_or_status, enum snoop_when when,
		unsigned char *data, unsigned data_len)
361
{
362
363
364
365
	static const char *types[] = {"isoc", "int", "ctrl", "bulk"};
	static const char *dirs[] = {"out", "in"};
	int ep;
	const char *t, *d;
366
367
368
369

	if (!usbfs_snoop)
		return;

370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
	ep = usb_pipeendpoint(pipe);
	t = types[usb_pipetype(pipe)];
	d = dirs[!!usb_pipein(pipe)];

	if (userurb) {		/* Async */
		if (when == SUBMIT)
			dev_info(&udev->dev, "userurb %p, ep%d %s-%s, "
					"length %u\n",
					userurb, ep, t, d, length);
		else
			dev_info(&udev->dev, "userurb %p, ep%d %s-%s, "
					"actual_length %u status %d\n",
					userurb, ep, t, d, length,
					timeout_or_status);
	} else {
		if (when == SUBMIT)
			dev_info(&udev->dev, "ep%d %s-%s, length %u, "
					"timeout %d\n",
					ep, t, d, length, timeout_or_status);
		else
			dev_info(&udev->dev, "ep%d %s-%s, actual_length %u, "
					"status %d\n",
					ep, t, d, length, timeout_or_status);
	}
394
395
396
397
398

	if (data && data_len > 0) {
		print_hex_dump(KERN_DEBUG, "data: ", DUMP_PREFIX_NONE, 32, 1,
			data, data_len, 1);
	}
399
400
}

401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
static void snoop_urb_data(struct urb *urb, unsigned len)
{
	int i, size;

	if (!usbfs_snoop)
		return;

	if (urb->num_sgs == 0) {
		print_hex_dump(KERN_DEBUG, "data: ", DUMP_PREFIX_NONE, 32, 1,
			urb->transfer_buffer, len, 1);
		return;
	}

	for (i = 0; i < urb->num_sgs && len; i++) {
		size = (len > USB_SG_SIZE) ? USB_SG_SIZE : len;
		print_hex_dump(KERN_DEBUG, "data: ", DUMP_PREFIX_NONE, 32, 1,
			sg_virt(&urb->sg[i]), size, 1);
		len -= size;
	}
}

static int copy_urb_data_to_user(u8 __user *userbuffer, struct urb *urb)
{
	unsigned i, len, size;

	if (urb->number_of_packets > 0)		/* Isochronous */
		len = urb->transfer_buffer_length;
	else					/* Non-Isoc */
		len = urb->actual_length;

	if (urb->num_sgs == 0) {
		if (copy_to_user(userbuffer, urb->transfer_buffer, len))
			return -EFAULT;
		return 0;
	}

	for (i = 0; i < urb->num_sgs && len; i++) {
		size = (len > USB_SG_SIZE) ? USB_SG_SIZE : len;
		if (copy_to_user(userbuffer, sg_virt(&urb->sg[i]), size))
			return -EFAULT;
		userbuffer += size;
		len -= size;
	}

	return 0;
}

448
449
450
#define AS_CONTINUATION	1
#define AS_UNLINK	2

451
static void cancel_bulk_urbs(struct usb_dev_state *ps, unsigned bulk_addr)
452
453
454
__releases(ps->lock)
__acquires(ps->lock)
{
Huajun Li's avatar
Huajun Li committed
455
	struct urb *urb;
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
	struct async *as;

	/* Mark all the pending URBs that match bulk_addr, up to but not
	 * including the first one without AS_CONTINUATION.  If such an
	 * URB is encountered then a new transfer has already started so
	 * the endpoint doesn't need to be disabled; otherwise it does.
	 */
	list_for_each_entry(as, &ps->async_pending, asynclist) {
		if (as->bulk_addr == bulk_addr) {
			if (as->bulk_status != AS_CONTINUATION)
				goto rescan;
			as->bulk_status = AS_UNLINK;
			as->bulk_addr = 0;
		}
	}
	ps->disabled_bulk_eps |= (1 << bulk_addr);

	/* Now carefully unlink all the marked pending URBs */
 rescan:
	list_for_each_entry(as, &ps->async_pending, asynclist) {
		if (as->bulk_status == AS_UNLINK) {
			as->bulk_status = 0;		/* Only once */
Huajun Li's avatar
Huajun Li committed
478
479
			urb = as->urb;
			usb_get_urb(urb);
480
			spin_unlock(&ps->lock);		/* Allow completions */
Huajun Li's avatar
Huajun Li committed
481
482
			usb_unlink_urb(urb);
			usb_put_urb(urb);
483
484
485
486
487
488
			spin_lock(&ps->lock);
			goto rescan;
		}
	}
}

489
static void async_completed(struct urb *urb)
Linus Torvalds's avatar
Linus Torvalds committed
490
{
491
	struct async *as = urb->context;
492
	struct usb_dev_state *ps = as->ps;
Linus Torvalds's avatar
Linus Torvalds committed
493
	struct siginfo sinfo;
494
495
	struct pid *pid = NULL;
	u32 secid = 0;
496
	const struct cred *cred = NULL;
497
	int signr;
Linus Torvalds's avatar
Linus Torvalds committed
498

499
500
	spin_lock(&ps->lock);
	list_move_tail(&as->asynclist, &ps->async_completed);
501
	as->status = urb->status;
502
503
	signr = as->signr;
	if (signr) {
Linus Torvalds's avatar
Linus Torvalds committed
504
		sinfo.si_signo = as->signr;
505
		sinfo.si_errno = as->status;
Linus Torvalds's avatar
Linus Torvalds committed
506
507
		sinfo.si_code = SI_ASYNCIO;
		sinfo.si_addr = as->userurb;
508
		pid = get_pid(as->pid);
509
		cred = get_cred(as->cred);
510
		secid = as->secid;
Linus Torvalds's avatar
Linus Torvalds committed
511
	}
512
	snoop(&urb->dev->dev, "urb complete\n");
513
	snoop_urb(urb->dev, as->userurb, urb->pipe, urb->actual_length,
514
515
516
517
			as->status, COMPLETE, NULL, 0);
	if ((urb->transfer_flags & URB_DIR_MASK) == USB_DIR_IN)
		snoop_urb_data(urb, urb->actual_length);

518
519
520
	if (as->status < 0 && as->bulk_addr && as->status != -ECONNRESET &&
			as->status != -ENOENT)
		cancel_bulk_urbs(ps, as->bulk_addr);
521
522
	spin_unlock(&ps->lock);

523
	if (signr) {
524
		kill_pid_info_as_cred(sinfo.si_signo, &sinfo, pid, cred, secid);
525
		put_pid(pid);
526
		put_cred(cred);
527
	}
528

529
	wake_up(&ps->wait);
Linus Torvalds's avatar
Linus Torvalds committed
530
531
}

532
static void destroy_async(struct usb_dev_state *ps, struct list_head *list)
Linus Torvalds's avatar
Linus Torvalds committed
533
{
Huajun Li's avatar
Huajun Li committed
534
	struct urb *urb;
Linus Torvalds's avatar
Linus Torvalds committed
535
536
537
538
539
540
541
	struct async *as;
	unsigned long flags;

	spin_lock_irqsave(&ps->lock, flags);
	while (!list_empty(list)) {
		as = list_entry(list->next, struct async, asynclist);
		list_del_init(&as->asynclist);
Huajun Li's avatar
Huajun Li committed
542
543
		urb = as->urb;
		usb_get_urb(urb);
Linus Torvalds's avatar
Linus Torvalds committed
544
545
546

		/* drop the spinlock so the completion handler can run */
		spin_unlock_irqrestore(&ps->lock, flags);
Huajun Li's avatar
Huajun Li committed
547
548
		usb_kill_urb(urb);
		usb_put_urb(urb);
Linus Torvalds's avatar
Linus Torvalds committed
549
550
551
552
553
		spin_lock_irqsave(&ps->lock, flags);
	}
	spin_unlock_irqrestore(&ps->lock, flags);
}

554
static void destroy_async_on_interface(struct usb_dev_state *ps,
555
				       unsigned int ifnum)
Linus Torvalds's avatar
Linus Torvalds committed
556
557
558
559
560
561
562
563
564
565
566
567
568
{
	struct list_head *p, *q, hitlist;
	unsigned long flags;

	INIT_LIST_HEAD(&hitlist);
	spin_lock_irqsave(&ps->lock, flags);
	list_for_each_safe(p, q, &ps->async_pending)
		if (ifnum == list_entry(p, struct async, asynclist)->ifnum)
			list_move_tail(p, &hitlist);
	spin_unlock_irqrestore(&ps->lock, flags);
	destroy_async(ps, &hitlist);
}

569
static void destroy_all_async(struct usb_dev_state *ps)
Linus Torvalds's avatar
Linus Torvalds committed
570
{
571
	destroy_async(ps, &ps->async_pending);
Linus Torvalds's avatar
Linus Torvalds committed
572
573
574
575
576
577
578
579
}

/*
 * interface claims are made only at the request of user level code,
 * which can also release them (explicitly or by closing files).
 * they're also undone when devices disconnect.
 */

580
581
static int driver_probe(struct usb_interface *intf,
			const struct usb_device_id *id)
Linus Torvalds's avatar
Linus Torvalds committed
582
583
584
585
586
587
{
	return -ENODEV;
}

static void driver_disconnect(struct usb_interface *intf)
{
588
	struct usb_dev_state *ps = usb_get_intfdata(intf);
Linus Torvalds's avatar
Linus Torvalds committed
589
590
591
592
593
594
595
596
597
598
599
600
	unsigned int ifnum = intf->altsetting->desc.bInterfaceNumber;

	if (!ps)
		return;

	/* NOTE:  this relies on usbcore having canceled and completed
	 * all pending I/O requests; 2.6 does that.
	 */

	if (likely(ifnum < 8*sizeof(ps->ifclaimed)))
		clear_bit(ifnum, &ps->ifclaimed);
	else
601
602
		dev_warn(&intf->dev, "interface number %u out of range\n",
			 ifnum);
Linus Torvalds's avatar
Linus Torvalds committed
603

604
	usb_set_intfdata(intf, NULL);
Linus Torvalds's avatar
Linus Torvalds committed
605
606
607
608
609

	/* force async requests to complete */
	destroy_async_on_interface(ps, ifnum);
}

610
611
612
613
614
615
616
617
618
619
620
621
622
/* The following routines are merely placeholders.  There is no way
 * to inform a user task about suspend or resumes.
 */
static int driver_suspend(struct usb_interface *intf, pm_message_t msg)
{
	return 0;
}

static int driver_resume(struct usb_interface *intf)
{
	return 0;
}

Linus Torvalds's avatar
Linus Torvalds committed
623
624
625
626
struct usb_driver usbfs_driver = {
	.name =		"usbfs",
	.probe =	driver_probe,
	.disconnect =	driver_disconnect,
627
628
	.suspend =	driver_suspend,
	.resume =	driver_resume,
Linus Torvalds's avatar
Linus Torvalds committed
629
630
};

631
static int claimintf(struct usb_dev_state *ps, unsigned int ifnum)
Linus Torvalds's avatar
Linus Torvalds committed
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
{
	struct usb_device *dev = ps->dev;
	struct usb_interface *intf;
	int err;

	if (ifnum >= 8*sizeof(ps->ifclaimed))
		return -EINVAL;
	/* already claimed */
	if (test_bit(ifnum, &ps->ifclaimed))
		return 0;

	intf = usb_ifnum_to_if(dev, ifnum);
	if (!intf)
		err = -ENOENT;
	else
		err = usb_driver_claim_interface(&usbfs_driver, intf, ps);
	if (err == 0)
		set_bit(ifnum, &ps->ifclaimed);
	return err;
}

653
static int releaseintf(struct usb_dev_state *ps, unsigned int ifnum)
Linus Torvalds's avatar
Linus Torvalds committed
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
{
	struct usb_device *dev;
	struct usb_interface *intf;
	int err;

	err = -EINVAL;
	if (ifnum >= 8*sizeof(ps->ifclaimed))
		return err;
	dev = ps->dev;
	intf = usb_ifnum_to_if(dev, ifnum);
	if (!intf)
		err = -ENOENT;
	else if (test_and_clear_bit(ifnum, &ps->ifclaimed)) {
		usb_driver_release_interface(&usbfs_driver, intf);
		err = 0;
	}
	return err;
}

673
static int checkintf(struct usb_dev_state *ps, unsigned int ifnum)
Linus Torvalds's avatar
Linus Torvalds committed
674
675
676
677
678
679
680
681
{
	if (ps->dev->state != USB_STATE_CONFIGURED)
		return -EHOSTUNREACH;
	if (ifnum >= 8*sizeof(ps->ifclaimed))
		return -EINVAL;
	if (test_bit(ifnum, &ps->ifclaimed))
		return 0;
	/* if not yet claimed, claim it for the driver */
682
683
684
	dev_warn(&ps->dev->dev, "usbfs: process %d (%s) did not claim "
		 "interface %u before use\n", task_pid_nr(current),
		 current->comm, ifnum);
Linus Torvalds's avatar
Linus Torvalds committed
685
686
687
688
689
690
	return claimintf(ps, ifnum);
}

static int findintfep(struct usb_device *dev, unsigned int ep)
{
	unsigned int i, j, e;
691
	struct usb_interface *intf;
Linus Torvalds's avatar
Linus Torvalds committed
692
693
694
695
696
697
698
699
700
701
	struct usb_host_interface *alts;
	struct usb_endpoint_descriptor *endpt;

	if (ep & ~(USB_DIR_IN|0xf))
		return -EINVAL;
	if (!dev->actconfig)
		return -ESRCH;
	for (i = 0; i < dev->actconfig->desc.bNumInterfaces; i++) {
		intf = dev->actconfig->interface[i];
		for (j = 0; j < intf->num_altsetting; j++) {
702
			alts = &intf->altsetting[j];
Linus Torvalds's avatar
Linus Torvalds committed
703
704
705
706
707
708
709
			for (e = 0; e < alts->desc.bNumEndpoints; e++) {
				endpt = &alts->endpoint[e].desc;
				if (endpt->bEndpointAddress == ep)
					return alts->desc.bInterfaceNumber;
			}
		}
	}
710
	return -ENOENT;
Linus Torvalds's avatar
Linus Torvalds committed
711
712
}

713
static int check_ctrlrecip(struct usb_dev_state *ps, unsigned int requesttype,
714
			   unsigned int request, unsigned int index)
Linus Torvalds's avatar
Linus Torvalds committed
715
716
{
	int ret = 0;
717
	struct usb_host_interface *alt_setting;
Linus Torvalds's avatar
Linus Torvalds committed
718

719
720
	if (ps->dev->state != USB_STATE_UNAUTHENTICATED
	 && ps->dev->state != USB_STATE_ADDRESS
721
	 && ps->dev->state != USB_STATE_CONFIGURED)
Linus Torvalds's avatar
Linus Torvalds committed
722
723
724
725
		return -EHOSTUNREACH;
	if (USB_TYPE_VENDOR == (USB_TYPE_MASK & requesttype))
		return 0;

726
727
	/*
	 * check for the special corner case 'get_device_id' in the printer
728
729
	 * class specification, which we always want to allow as it is used
	 * to query things like ink level, etc.
730
731
732
733
734
735
	 */
	if (requesttype == 0xa1 && request == 0) {
		alt_setting = usb_find_alt_setting(ps->dev->actconfig,
						   index >> 8, index & 0xff);
		if (alt_setting
		 && alt_setting->desc.bInterfaceClass == USB_CLASS_PRINTER)
736
			return 0;
737
738
	}

Linus Torvalds's avatar
Linus Torvalds committed
739
740
741
	index &= 0xff;
	switch (requesttype & USB_RECIP_MASK) {
	case USB_RECIP_ENDPOINT:
742
743
		if ((index & ~USB_DIR_IN) == 0)
			return 0;
744
		ret = findintfep(ps->dev, index);
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
		if (ret < 0) {
			/*
			 * Some not fully compliant Win apps seem to get
			 * index wrong and have the endpoint number here
			 * rather than the endpoint address (with the
			 * correct direction). Win does let this through,
			 * so we'll not reject it here but leave it to
			 * the device to not break KVM. But we warn.
			 */
			ret = findintfep(ps->dev, index ^ 0x80);
			if (ret >= 0)
				dev_info(&ps->dev->dev,
					"%s: process %i (%s) requesting ep %02x but needs %02x\n",
					__func__, task_pid_nr(current),
					current->comm, index, index ^ 0x80);
		}
761
		if (ret >= 0)
Linus Torvalds's avatar
Linus Torvalds committed
762
763
764
765
766
767
768
769
770
771
			ret = checkintf(ps, ret);
		break;

	case USB_RECIP_INTERFACE:
		ret = checkintf(ps, index);
		break;
	}
	return ret;
}

772
773
774
775
776
777
778
779
780
static struct usb_host_endpoint *ep_to_host_endpoint(struct usb_device *dev,
						     unsigned char ep)
{
	if (ep & USB_ENDPOINT_DIR_MASK)
		return dev->ep_in[ep & USB_ENDPOINT_NUMBER_MASK];
	else
		return dev->ep_out[ep & USB_ENDPOINT_NUMBER_MASK];
}

781
static int parse_usbdevfs_streams(struct usb_dev_state *ps,
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
				  struct usbdevfs_streams __user *streams,
				  unsigned int *num_streams_ret,
				  unsigned int *num_eps_ret,
				  struct usb_host_endpoint ***eps_ret,
				  struct usb_interface **intf_ret)
{
	unsigned int i, num_streams, num_eps;
	struct usb_host_endpoint **eps;
	struct usb_interface *intf = NULL;
	unsigned char ep;
	int ifnum, ret;

	if (get_user(num_streams, &streams->num_streams) ||
	    get_user(num_eps, &streams->num_eps))
		return -EFAULT;

	if (num_eps < 1 || num_eps > USB_MAXENDPOINTS)
		return -EINVAL;

	/* The XHCI controller allows max 2 ^ 16 streams */
	if (num_streams_ret && (num_streams < 2 || num_streams > 65536))
		return -EINVAL;

	eps = kmalloc(num_eps * sizeof(*eps), GFP_KERNEL);
	if (!eps)
		return -ENOMEM;

	for (i = 0; i < num_eps; i++) {
		if (get_user(ep, &streams->eps[i])) {
			ret = -EFAULT;
			goto error;
		}
		eps[i] = ep_to_host_endpoint(ps->dev, ep);
		if (!eps[i]) {
			ret = -EINVAL;
			goto error;
		}

		/* usb_alloc/free_streams operate on an usb_interface */
		ifnum = findintfep(ps->dev, ep);
		if (ifnum < 0) {
			ret = ifnum;
			goto error;
		}

		if (i == 0) {
			ret = checkintf(ps, ifnum);
			if (ret < 0)
				goto error;
			intf = usb_ifnum_to_if(ps->dev, ifnum);
		} else {
			/* Verify all eps belong to the same interface */
			if (ifnum != intf->altsetting->desc.bInterfaceNumber) {
				ret = -EINVAL;
				goto error;
			}
		}
	}

	if (num_streams_ret)
		*num_streams_ret = num_streams;
	*num_eps_ret = num_eps;
	*eps_ret = eps;
	*intf_ret = intf;

	return 0;

error:
	kfree(eps);
	return ret;
}

854
static int match_devt(struct device *dev, void *data)
855
{
856
	return dev->devt == (dev_t) (unsigned long) data;
857
}
858

859
static struct usb_device *usbdev_lookup_by_devt(dev_t devt)
860
861
862
{
	struct device *dev;

863
864
	dev = bus_find_device(&usb_bus_type, NULL,
			      (void *) (unsigned long) devt, match_devt);
865
866
867
868
	if (!dev)
		return NULL;
	return container_of(dev, struct usb_device, dev);
}
869

Linus Torvalds's avatar
Linus Torvalds committed
870
871
872
873
874
/*
 * file operations
 */
static int usbdev_open(struct inode *inode, struct file *file)
{
875
	struct usb_device *dev = NULL;
876
	struct usb_dev_state *ps;
Linus Torvalds's avatar
Linus Torvalds committed
877
878
879
	int ret;

	ret = -ENOMEM;
880
	ps = kmalloc(sizeof(struct usb_dev_state), GFP_KERNEL);
881
	if (!ps)
882
		goto out_free_ps;
Linus Torvalds's avatar
Linus Torvalds committed
883

884
	ret = -ENODEV;
885

886
887
888
	/* Protect against simultaneous removal or release */
	mutex_lock(&usbfs_mutex);

889
	/* usbdev device-node */
890
	if (imajor(inode) == USB_DEVICE_MAJOR)
891
		dev = usbdev_lookup_by_devt(inode->i_rdev);
892
893
894
895
896
897
898
899
900
901

	mutex_unlock(&usbfs_mutex);

	if (!dev)
		goto out_free_ps;

	usb_lock_device(dev);
	if (dev->state == USB_STATE_NOTATTACHED)
		goto out_unlock_device;

902
	ret = usb_autoresume_device(dev);
903
	if (ret)
904
		goto out_unlock_device;
905

Linus Torvalds's avatar
Linus Torvalds committed
906
907
908
	ps->dev = dev;
	ps->file = file;
	spin_lock_init(&ps->lock);
909
	INIT_LIST_HEAD(&ps->list);
Linus Torvalds's avatar
Linus Torvalds committed
910
911
912
913
	INIT_LIST_HEAD(&ps->async_pending);
	INIT_LIST_HEAD(&ps->async_completed);
	init_waitqueue_head(&ps->wait);
	ps->discsignr = 0;
914
	ps->disc_pid = get_pid(task_pid(current));
915
	ps->cred = get_current_cred();
Linus Torvalds's avatar
Linus Torvalds committed
916
917
	ps->disccontext = NULL;
	ps->ifclaimed = 0;
918
	security_task_getsecid(current, &ps->secid);
Oliver Neukum's avatar
Oliver Neukum committed
919
	smp_wmb();
Linus Torvalds's avatar
Linus Torvalds committed
920
921
	list_add_tail(&ps->list, &dev->filelist);
	file->private_data = ps;
922
	usb_unlock_device(dev);
923
924
	snoop(&dev->dev, "opened by process %d: %s\n", task_pid_nr(current),
			current->comm);
925
926
927
928
929
930
931
	return ret;

 out_unlock_device:
	usb_unlock_device(dev);
	usb_put_dev(dev);
 out_free_ps:
	kfree(ps);
932
	return ret;
Linus Torvalds's avatar
Linus Torvalds committed
933
934
935
936
}

static int usbdev_release(struct inode *inode, struct file *file)
{
937
	struct usb_dev_state *ps = file->private_data;
Linus Torvalds's avatar
Linus Torvalds committed
938
939
	struct usb_device *dev = ps->dev;
	unsigned int ifnum;
940
	struct async *as;
Linus Torvalds's avatar
Linus Torvalds committed
941
942

	usb_lock_device(dev);
943
	usb_hub_release_all_ports(dev, ps);
944

Linus Torvalds's avatar
Linus Torvalds committed
945
	list_del_init(&ps->list);
946

Linus Torvalds's avatar
Linus Torvalds committed
947
948
949
950
951
952
	for (ifnum = 0; ps->ifclaimed && ifnum < 8*sizeof(ps->ifclaimed);
			ifnum++) {
		if (test_bit(ifnum, &ps->ifclaimed))
			releaseintf(ps, ifnum);
	}
	destroy_all_async(ps);
953
	usb_autosuspend_device(dev);
Linus Torvalds's avatar
Linus Torvalds committed
954
955
	usb_unlock_device(dev);
	usb_put_dev(dev);
956
	put_pid(ps->disc_pid);
957
	put_cred(ps->cred);
958
959
960
961
962
963

	as = async_getcompleted(ps);
	while (as) {
		free_async(as);
		as = async_getcompleted(ps);
	}
Linus Torvalds's avatar
Linus Torvalds committed
964
	kfree(ps);
965
	return 0;
Linus Torvalds's avatar
Linus Torvalds committed
966
967
}

968
static int proc_control(struct usb_dev_state *ps, void __user *arg)
Linus Torvalds's avatar
Linus Torvalds committed
969
970
971
972
973
{
	struct usb_device *dev = ps->dev;
	struct usbdevfs_ctrltransfer ctrl;
	unsigned int tmo;
	unsigned char *tbuf;
974
	unsigned wLength;
975
	int i, pipe, ret;
Linus Torvalds's avatar
Linus Torvalds committed
976
977
978

	if (copy_from_user(&ctrl, arg, sizeof(ctrl)))
		return -EFAULT;
979
980
	ret = check_ctrlrecip(ps, ctrl.bRequestType, ctrl.bRequest,
			      ctrl.wIndex);
981
	if (ret)
Linus Torvalds's avatar
Linus Torvalds committed
982
		return ret;
983
984
	wLength = ctrl.wLength;		/* To suppress 64k PAGE_SIZE warning */
	if (wLength > PAGE_SIZE)
Linus Torvalds's avatar
Linus Torvalds committed
985
		return -EINVAL;
986
987
988
989
	ret = usbfs_increase_memory_usage(PAGE_SIZE + sizeof(struct urb) +
			sizeof(struct usb_ctrlrequest));
	if (ret)
		return ret;
990
	tbuf = (unsigned char *)__get_free_page(GFP_KERNEL);
991
992
993
994
	if (!tbuf) {
		ret = -ENOMEM;
		goto done;
	}
Linus Torvalds's avatar
Linus Torvalds committed
995
	tmo = ctrl.timeout;
996
997
998
	snoop(&dev->dev, "control urb: bRequestType=%02x "
		"bRequest=%02x wValue=%04x "
		"wIndex=%04x wLength=%04x\n",
999
1000
		ctrl.bRequestType, ctrl.bRequest, ctrl.wValue,
		ctrl.wIndex, ctrl.wLength);
Linus Torvalds's avatar
Linus Torvalds committed
1001
	if (ctrl.bRequestType & 0x80) {
1002
1003
		if (ctrl.wLength && !access_ok(VERIFY_WRITE, ctrl.data,
					       ctrl.wLength)) {
1004
1005
			ret = -EINVAL;
			goto done;
Linus Torvalds's avatar
Linus Torvalds committed
1006
		}
1007
		pipe = usb_rcvctrlpipe(dev, 0);
1008
		snoop_urb(dev, NULL, pipe, ctrl.wLength, tmo, SUBMIT, NULL, 0);
Linus Torvalds's avatar
Linus Torvalds committed
1009
1010

		usb_unlock_device(dev);
1011
		i = usb_control_msg(dev, pipe, ctrl.bRequest,
1012
1013
				    ctrl.bRequestType, ctrl.wValue, ctrl.wIndex,
				    tbuf, ctrl.wLength, tmo);
Linus Torvalds's avatar
Linus Torvalds committed
1014
		usb_lock_device(dev);
1015
		snoop_urb(dev, NULL, pipe, max(i, 0), min(i, 0), COMPLETE,
1016
			  tbuf, max(i, 0));
Linus Torvalds's avatar
Linus Torvalds committed
1017
		if ((i > 0) && ctrl.wLength) {
1018
			if (copy_to_user(ctrl.data, tbuf, i)) {
1019
1020
				ret = -EFAULT;
				goto done;
Linus Torvalds's avatar
Linus Torvalds committed
1021
1022
1023
1024
1025
			}
		}
	} else {
		if (ctrl.wLength) {
			if (copy_from_user(tbuf, ctrl.data, ctrl.wLength)) {
1026
1027
				ret = -EFAULT;
				goto done;
Linus Torvalds's avatar
Linus Torvalds committed
1028
1029
			}
		}
1030
		pipe = usb_sndctrlpipe(dev, 0);
1031
1032
		snoop_urb(dev, NULL, pipe, ctrl.wLength, tmo, SUBMIT,
			tbuf, ctrl.wLength);
1033

Linus Torvalds's avatar
Linus Torvalds committed
1034
		usb_unlock_device(dev);
1035
1036
1037
		i = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), ctrl.bRequest,
				    ctrl.bRequestType, ctrl.wValue, ctrl.wIndex,
				    tbuf, ctrl.wLength, tmo);
Linus Torvalds's avatar
Linus Torvalds committed
1038
		usb_lock_device(dev);
1039
		snoop_urb(dev, NULL, pipe, max(i, 0), min(i, 0), COMPLETE, NULL, 0);
Linus Torvalds's avatar
Linus Torvalds committed
1040
	}
1041
	if (i < 0 && i != -EPIPE) {
Linus Torvalds's avatar
Linus Torvalds committed
1042
1043
1044
1045
1046
		dev_printk(KERN_DEBUG, &dev->dev, "usbfs: USBDEVFS_CONTROL "
			   "failed cmd %s rqt %u rq %u len %u ret %d\n",
			   current->comm, ctrl.bRequestType, ctrl.bRequest,
			   ctrl.wLength, i);
	}
1047
1048
1049
	ret = i;
 done:
	free_page((unsigned long) tbuf);
1050
1051
	usbfs_decrease_memory_usage(PAGE_SIZE + sizeof(struct urb) +
			sizeof(struct usb_ctrlrequest));
1052
	return ret;
Linus Torvalds's avatar
Linus Torvalds committed
1053
1054
}

1055
static int proc_bulk(struct usb_dev_state *ps, void __user *arg)
Linus Torvalds's avatar
Linus Torvalds committed
1056
1057
1058
1059
1060
1061
{
	struct usb_device *dev = ps->dev;
	struct usbdevfs_bulktransfer bulk;
	unsigned int tmo, len1, pipe;
	int len2;
	unsigned char *tbuf;
1062
	int i, ret;
Linus Torvalds's avatar
Linus Torvalds committed
1063
1064
1065

	if (copy_from_user(&bulk, arg, sizeof(bulk)))
		return -EFAULT;
1066
1067
	ret = findintfep(ps->dev, bulk.ep);
	if (ret < 0)
Linus Torvalds's avatar
Linus Torvalds committed
1068
		return ret;
1069
1070
	ret = checkintf(ps, ret);
	if (ret)
Linus Torvalds's avatar
Linus Torvalds committed
1071
1072
1073
1074
1075
1076
1077
1078
		return ret;
	if (bulk.ep & USB_DIR_IN)
		pipe = usb_rcvbulkpipe(dev, bulk.ep & 0x7f);
	else
		pipe = usb_sndbulkpipe(dev, bulk.ep & 0x7f);
	if (!usb_maxpacket(dev, pipe, !(bulk.ep & USB_DIR_IN)))
		return -EINVAL;
	len1 = bulk.len;
1079
	if (len1 >= USBFS_XFER_MAX)
Linus Torvalds's avatar
Linus Torvalds committed
1080
		return -EINVAL;
1081
1082
1083
1084
1085
1086
1087
	ret = usbfs_increase_memory_usage(len1 + sizeof(struct urb));
	if (ret)
		return ret;
	if (!(tbuf = kmalloc(len1, GFP_KERNEL))) {
		ret = -ENOMEM;
		goto done;
	}
Linus Torvalds's avatar
Linus Torvalds committed
1088
1089
1090
	tmo = bulk.timeout;
	if (bulk.ep & 0x80) {
		if (len1 && !access_ok(VERIFY_WRITE, bulk.data, len1)) {
1091
1092
			ret = -EINVAL;
			goto done;
Linus Torvalds's avatar
Linus Torvalds committed
1093
		}
1094
		snoop_urb(dev, NULL, pipe, len1, tmo, SUBMIT, NULL, 0);
1095

Linus Torvalds's avatar
Linus Torvalds committed
1096
1097
1098
		usb_unlock_device(dev);
		i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo);
		usb_lock_device(dev);
1099
		snoop_urb(dev, NULL, pipe, len2, i, COMPLETE, tbuf, len2);
1100

Linus Torvalds's avatar
Linus Torvalds committed
1101
1102
		if (!i && len2) {
			if (copy_to_user(bulk.data, tbuf, len2)) {
1103
1104
				ret = -EFAULT;
				goto done;
Linus Torvalds's avatar
Linus Torvalds committed
1105
1106
1107
1108
1109
			}
		}
	} else {
		if (len1) {
			if (copy_from_user(tbuf, bulk.data, len1)) {
1110
1111
				ret = -EFAULT;
				goto done;
Linus Torvalds's avatar
Linus Torvalds committed
1112
1113
			}
		}
1114
		snoop_urb(dev, NULL, pipe, len1, tmo, SUBMIT, tbuf, len1);
1115

Linus Torvalds's avatar
Linus Torvalds committed
1116
1117
1118
		usb_unlock_device(dev);
		i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo);
		usb_lock_device(dev);
1119
		snoop_urb(dev, NULL, pipe, len2, i, COMPLETE, NULL, 0);
Linus Torvalds's avatar
Linus Torvalds committed
1120
	}
1121
1122
	ret = (i < 0 ? i : len2);
 done:
Linus Torvalds's avatar
Linus Torvalds committed
1123
	kfree(tbuf);
1124
	usbfs_decrease_memory_usage(len1 + sizeof(struct urb));
1125
	return ret;
Linus Torvalds's avatar
Linus Torvalds committed
1126
1127
}

1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
static void check_reset_of_active_ep(struct usb_device *udev,
		unsigned int epnum, char *ioctl_name)
{
	struct usb_host_endpoint **eps;
	struct usb_host_endpoint *ep;

	eps = (epnum & USB_DIR_IN) ? udev->ep_in : udev->ep_out;
	ep = eps[epnum & 0x0f];
	if (ep && !list_empty(&ep->urb_list))
		dev_warn(&udev->dev, "Process %d (%s) called USBDEVFS_%s for active endpoint 0x%02x\n",
				task_pid_nr(current), current->comm,
				ioctl_name, epnum);
}

1142
static int proc_resetep(struct usb_dev_state *ps, void __user *arg)
Linus Torvalds's avatar
Linus Torvalds committed
1143
1144
1145
1146
1147
1148
{
	unsigned int ep;
	int ret;

	if (get_user(ep, (unsigned int __user *)arg))
		return -EFAULT;
1149
1150
	ret = findintfep(ps->dev, ep);
	if (ret < 0)
Linus Torvalds's avatar
Linus Torvalds committed
1151
		return ret;
1152
1153
	ret = checkintf(ps, ret);
	if (ret)
Linus Torvalds's avatar
Linus Torvalds committed
1154
		return ret;
1155
	check_reset_of_active_ep(ps->dev, ep, "RESETEP");
1156
	usb_reset_endpoint(ps->dev, ep);
Linus Torvalds's avatar
Linus Torvalds committed
1157
1158
1159
	return 0;
}

1160
static int proc_clearhalt(struct usb_dev_state *ps, void __user *arg)
Linus Torvalds's avatar
Linus Torvalds committed
1161
1162
1163
1164
1165
1166
1167
{
	unsigned int ep;
	int pipe;
	int ret;

	if (get_user(ep, (unsigned int __user *)arg))
		return -EFAULT;
1168
1169
	ret = findintfep(ps->dev, ep);
	if (ret < 0)
Linus Torvalds's avatar
Linus Torvalds committed
1170
		return ret;
1171
1172
	ret = checkintf(ps, ret);
	if (ret)
Linus Torvalds's avatar
Linus Torvalds committed
1173
		return ret;
1174
	check_reset_of_active_ep(ps->dev, ep, "CLEAR_HALT");
Linus Torvalds's avatar
Linus Torvalds committed
1175
	if (ep & USB_DIR_IN)
1176
1177
1178
		pipe = usb_rcvbulkpipe(ps->dev, ep & 0x7f);
	else
		pipe = usb_sndbulkpipe(ps->dev, ep & 0x7f);
Linus Torvalds's avatar
Linus Torvalds committed
1179
1180
1181
1182

	return usb_clear_halt(ps->dev, pipe);
}

1183
static int proc_getdriver(struct usb_dev_state *ps, void __user *arg)
Linus Torvalds's avatar
Linus Torvalds committed
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
{
	struct usbdevfs_getdriver gd;
	struct usb_interface *intf;
	int ret;

	if (copy_from_user(&gd, arg, sizeof(gd)))
		return -EFAULT;
	intf = usb_ifnum_to_if(ps->dev, gd.interface);
	if (!intf || !intf->dev.driver)
		ret = -ENODATA;
	else {
1195
		strlcpy(gd.driver, intf->dev.driver->name,
Linus Torvalds's avatar
Linus Torvalds committed
1196
1197
1198
1199
1200
1201
				sizeof(gd.driver));
		ret = (copy_to_user(arg, &gd, sizeof(gd)) ? -EFAULT : 0);
	}
	return ret;
}

1202
static int proc_connectinfo(struct usb_dev_state *ps, void __user *arg)
Linus Torvalds's avatar
Linus Torvalds committed
1203
{
1204
1205
1206
1207
	struct usbdevfs_connectinfo ci = {
		.devnum = ps->dev->devnum,
		.slow = ps->dev->speed == USB_SPEED_LOW
	};
Linus Torvalds's avatar
Linus Torvalds committed
1208
1209
1210
1211
1212
1213

	if (copy_to_user(arg, &ci, sizeof(ci)))
		return -EFAULT;
	return 0;
}

1214
static int proc_resetdevice(struct usb_dev_state *ps)
Linus Torvalds's avatar
Linus Torvalds committed
1215
{
1216
	return usb_reset_device(ps->dev);
Linus Torvalds's avatar
Linus Torvalds committed
1217
1218
}

1219
static int proc_setintf(struct usb_dev_state *ps, void __user *arg)
Linus Torvalds's avatar
Linus Torvalds committed
1220
1221
1222
1223
1224
1225
1226
1227
{
	struct usbdevfs_setinterface setintf;
	int ret;

	if (copy_from_user(&setintf, arg, sizeof(setintf)))
		return -EFAULT;
	if ((ret = checkintf(ps, setintf.interface)))
		return ret;
1228
1229
1230

	destroy_async_on_interface(ps, setintf.interface);

Linus Torvalds's avatar
Linus Torvalds committed
1231
1232
1233
1234
	return usb_set_interface(ps->dev, setintf.interface,
			setintf.altsetting);
}

1235
static int proc_setconfig(struct usb_dev_state *ps, void __user *arg)
Linus Torvalds's avatar
Linus Torvalds committed
1236
{
1237
	int u;
Linus Torvalds's avatar
Linus Torvalds committed
1238
	int status = 0;
1239
	struct usb_host_config *actconfig;
Linus Torvalds's avatar
Linus Torvalds committed
1240