#
2b450e92 |
|
04-Oct-2023 |
Jeff Layton <jlayton@kernel.org> |
usb: convert to new timestamp accessors Convert to using the new inode timestamp accessor functions. Signed-off-by: Jeff Layton <jlayton@kernel.org> Link: https://lore.kernel.org/r/20231004185347.80880-12-jlayton@kernel.org Signed-off-by: Christian Brauner <brauner@kernel.org>
|
#
c7603adc |
|
05-Jul-2023 |
Jeff Layton <jlayton@kernel.org> |
usb: convert to ctime accessor functions In later patches, we're going to change how the inode's ctime field is used. Switch to using accessor functions instead of raw accesses of inode->i_ctime. Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Reviewed-by: Jan Kara <jack@suse.cz> Signed-off-by: Jeff Layton <jlayton@kernel.org> Message-Id: <20230705190309.579783-18-jlayton@kernel.org> Signed-off-by: Christian Brauner <brauner@kernel.org>
|
#
a053d9dc |
|
12-Jun-2023 |
Jeff Layton <jlayton@kernel.org> |
usb: update the ctime as well when updating mtime after an ioctl In general, POSIX requires that when the mtime is updated that the ctime be updated as well. Add the missing timestamp updates to the usb ioctls. Signed-off-by: Jeff Layton <jlayton@kernel.org> Message-ID: <20230612104524.17058-3-jlayton@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
8e6bd945 |
|
16-May-2023 |
Arnd Bergmann <arnd@arndb.de> |
usb: hide unused usbfs_notify_suspend/resume functions The declaration is in an #ifdef, which causes warnings when building with 'make W=1' and without CONFIG_PM: drivers/usb/core/devio.c:742:6: error: no previous prototype for 'usbfs_notify_suspend' drivers/usb/core/devio.c:747:6: error: no previous prototype for 'usbfs_notify_resume' Use the same #ifdef check around the function definitions to avoid the warnings and slightly shrink the USB core. Fixes: 7794f486ed0b ("usbfs: Add ioctls for runtime power management") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Sebastian Reichel <sebastian.reichel@collabora.com> Acked-by: Alan Stern <stern@rowland.harvard.edu> Link: https://lore.kernel.org/r/20230516202103.558301-1-arnd@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
d0b86165 |
|
15-May-2023 |
Ruihan Li <lrh2000@pku.edu.cn> |
usb: usbfs: Use consistent mmap functions When hcd->localmem_pool is non-null, localmem_pool is used to allocate DMA memory. In this case, the dma address will be properly returned (in dma_handle), and dma_mmap_coherent should be used to map this memory into the user space. However, the current implementation uses pfn_remap_range, which is supposed to map normal pages. Instead of repeating the logic in the memory allocation function, this patch introduces a more robust solution. Here, the type of allocated memory is checked by testing whether dma_handle is properly set. If dma_handle is properly returned, it means some DMA pages are allocated and dma_mmap_coherent should be used to map them. Otherwise, normal pages are allocated and pfn_remap_range should be called. This ensures that the correct mmap functions are used consistently, independently with logic details that determine which type of memory gets allocated. Fixes: a0e710a7def4 ("USB: usbfs: fix mmap dma mismatch") Cc: stable@vger.kernel.org Signed-off-by: Ruihan Li <lrh2000@pku.edu.cn> Link: https://lore.kernel.org/r/20230515130958.32471-3-lrh2000@pku.edu.cn Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
0143d148 |
|
15-May-2023 |
Ruihan Li <lrh2000@pku.edu.cn> |
usb: usbfs: Enforce page requirements for mmap The current implementation of usbdev_mmap uses usb_alloc_coherent to allocate memory pages that will later be mapped into the user space. Meanwhile, usb_alloc_coherent employs three different methods to allocate memory, as outlined below: * If hcd->localmem_pool is non-null, it uses gen_pool_dma_alloc to allocate memory; * If DMA is not available, it uses kmalloc to allocate memory; * Otherwise, it uses dma_alloc_coherent. However, it should be noted that gen_pool_dma_alloc does not guarantee that the resulting memory will be page-aligned. Furthermore, trying to map slab pages (i.e., memory allocated by kmalloc) into the user space is not resonable and can lead to problems, such as a type confusion bug when PAGE_TABLE_CHECK=y [1]. To address these issues, this patch introduces hcd_alloc_coherent_pages, which addresses the above two problems. Specifically, hcd_alloc_coherent_pages uses gen_pool_dma_alloc_align instead of gen_pool_dma_alloc to ensure that the memory is page-aligned. To replace kmalloc, hcd_alloc_coherent_pages directly allocates pages by calling __get_free_pages. Reported-by: syzbot+fcf1a817ceb50935ce99@syzkaller.appspotmail.comm Closes: https://lore.kernel.org/lkml/000000000000258e5e05fae79fc1@google.com/ [1] Fixes: f7d34b445abc ("USB: Add support for usbfs zerocopy.") Fixes: ff2437befd8f ("usb: host: Fix excessive alignment restriction for local memory allocations") Cc: stable@vger.kernel.org Signed-off-by: Ruihan Li <lrh2000@pku.edu.cn> Acked-by: Alan Stern <stern@rowland.harvard.edu> Link: https://lore.kernel.org/r/20230515130958.32471-2-lrh2000@pku.edu.cn Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
1c71222e |
|
26-Jan-2023 |
Suren Baghdasaryan <surenb@google.com> |
mm: replace vma->vm_flags direct modifications with modifier calls Replace direct modifications to vma->vm_flags with calls to modifier functions to be able to track flag changes and to keep vma locking correctness. [akpm@linux-foundation.org: fix drivers/misc/open-dice.c, per Hyeonggon Yoo] Link: https://lkml.kernel.org/r/20230126193752.297968-5-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Acked-by: Michal Hocko <mhocko@suse.com> Acked-by: Mel Gorman <mgorman@techsingularity.net> Acked-by: Mike Rapoport (IBM) <rppt@kernel.org> Acked-by: Sebastian Reichel <sebastian.reichel@collabora.com> Reviewed-by: Liam R. Howlett <Liam.Howlett@Oracle.com> Reviewed-by: Hyeonggon Yoo <42.hyeyoo@gmail.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Arjun Roy <arjunroy@google.com> Cc: Axel Rasmussen <axelrasmussen@google.com> Cc: David Hildenbrand <david@redhat.com> Cc: David Howells <dhowells@redhat.com> Cc: Davidlohr Bueso <dave@stgolabs.net> Cc: David Rientjes <rientjes@google.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Greg Thelen <gthelen@google.com> Cc: Hugh Dickins <hughd@google.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Jann Horn <jannh@google.com> Cc: Joel Fernandes <joelaf@google.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Kent Overstreet <kent.overstreet@linux.dev> Cc: Laurent Dufour <ldufour@linux.ibm.com> Cc: Lorenzo Stoakes <lstoakes@gmail.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: Minchan Kim <minchan@google.com> Cc: Paul E. McKenney <paulmck@kernel.org> Cc: Peter Oskolkov <posk@google.com> Cc: Peter Xu <peterx@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Cc: Shakeel Butt <shakeelb@google.com> Cc: Soheil Hassas Yeganeh <soheil@google.com> Cc: Song Liu <songliubraving@fb.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Will Deacon <will@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
|
#
b7db5733 |
|
18-Aug-2022 |
Wolfram Sang <wsa+renesas@sang-engineering.com> |
usb: move from strlcpy with unused retval to strscpy Follow the advice of the below link and prefer 'strscpy' in this subsystem. Conversion is 1:1 because the return value is not used. Generated by a coccinelle script. Link: https://lore.kernel.org/r/CAHk-=wgfRnXz0W3D37d01q3JFkr_i_uTL=V6A6G1oUZcprmknw@mail.gmail.com/ Reviewed-by: Richard Leitner <richard.leitner@skidata.com> Reviewed-by: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com> Acked-by: Shuah Khan <skhan@linuxfoundation.org> Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com> Link: https://lore.kernel.org/r/20220818210116.7517-1-wsa+renesas@sang-engineering.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
0543e4e8 |
|
31-Mar-2022 |
Tasos Sahanidis <tasos@tasossah.com> |
usb: core: Don't hold the device lock while sleeping in do_proc_control() Since commit ae8709b296d8 ("USB: core: Make do_proc_control() and do_proc_bulk() killable") if a device has the USB_QUIRK_DELAY_CTRL_MSG quirk set, it will temporarily block all other URBs (e.g. interrupts) while sleeping due to a control. This results in noticeable delays when, for example, a userspace usbfs application is sending URB interrupts at a high rate to a keyboard and simultaneously updates the lock indicators using controls. Interrupts with direction set to IN are also affected by this, meaning that delivery of HID reports (containing scancodes) to the usbfs application is delayed as well. This patch fixes the regression by calling msleep() while the device mutex is unlocked, as was the case originally with usb_control_msg(). Fixes: ae8709b296d8 ("USB: core: Make do_proc_control() and do_proc_bulk() killable") Cc: stable <stable@kernel.org> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Tasos Sahanidis <tasos@tasossah.com> Link: https://lore.kernel.org/r/3e299e2a-13b9-ddff-7fee-6845e868bc06@tasossah.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
6a3cd5be |
|
09-Feb-2022 |
Ingo Rohloff <ingo.rohloff@lauterbach.com> |
USB: usbfs: Use a spinlock instead of atomic accesses to tally used memory. While the existing code code imposes a limit on the used memory, it might be over pessimistic (even if this is unlikely). Example scenario: 8 threads running in parallel, all entering "usbfs_increase_memory_usage()" at the same time. The atomic accesses in "usbfs_increase_memory_usage()" could be serialized like this: 8 x "atomic64_add" 8 x "atomic64_read" If the 8 x "atomic64_add" raise "usbfs_memory_usage" above the limit, then all 8 calls of "usbfs_increase_memory_usage()" will return with -ENOMEM. If you instead serialize over the whole access to "usbfs_memory_usage" by using a spinlock, some of these calls will succeed. Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Ingo Rohloff <ingo.rohloff@lauterbach.com> Link: https://lore.kernel.org/r/20220209123303.103340-2-ingo.rohloff@lauterbach.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
ae8709b2 |
|
03-Sep-2021 |
Alan Stern <stern@rowland.harvard.edu> |
USB: core: Make do_proc_control() and do_proc_bulk() killable The USBDEVFS_CONTROL and USBDEVFS_BULK ioctls invoke usb_start_wait_urb(), which contains an uninterruptible wait with a user-specified timeout value. If timeout value is very large and the device being accessed does not respond in a reasonable amount of time, the kernel will complain about "Task X blocked for more than N seconds", as found in testing by syzbot: INFO: task syz-executor.0:8700 blocked for more than 143 seconds. Not tainted 5.14.0-rc7-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.0 state:D stack:23192 pid: 8700 ppid: 8455 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4681 [inline] __schedule+0xc07/0x11f0 kernel/sched/core.c:5938 schedule+0x14b/0x210 kernel/sched/core.c:6017 schedule_timeout+0x98/0x2f0 kernel/time/timer.c:1857 do_wait_for_common+0x2da/0x480 kernel/sched/completion.c:85 __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion_timeout+0x46/0x60 kernel/sched/completion.c:157 usb_start_wait_urb+0x167/0x550 drivers/usb/core/message.c:63 do_proc_bulk+0x978/0x1080 drivers/usb/core/devio.c:1236 proc_bulk drivers/usb/core/devio.c:1273 [inline] usbdev_do_ioctl drivers/usb/core/devio.c:2547 [inline] usbdev_ioctl+0x3441/0x6b10 drivers/usb/core/devio.c:2713 ... To fix this problem, this patch replaces usbfs's calls to usb_control_msg() and usb_bulk_msg() with special-purpose code that does essentially the same thing (as recommended in the comment for usb_start_wait_urb()), except that it always uses a killable wait and it uses GFP_KERNEL rather than GFP_NOIO. Reported-and-tested-by: syzbot+ada0f7d3d9fd2016d927@syzkaller.appspotmail.com Suggested-by: Oliver Neukum <oneukum@suse.com> Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Link: https://lore.kernel.org/r/20210903175312.GA468440@rowland.harvard.edu Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
b0863f19 |
|
12-Jul-2021 |
Alan Stern <stern@rowland.harvard.edu> |
USB: core: Fix incorrect pipe calculation in do_proc_control() When the user submits a control URB via usbfs, the user supplies the bRequestType value and the kernel uses it to compute the pipe value. However, do_proc_control() performs this computation incorrectly in the case where the bRequestType direction bit is set to USB_DIR_IN and the URB's transfer length is 0: The pipe's direction is also set to IN but it should be OUT, which is the direction the actual transfer will use regardless of bRequestType. Commit 5cc59c418fde ("USB: core: WARN if pipe direction != setup packet direction") added a check to compare the direction bit in the pipe value to a control URB's actual direction and to WARN if they are different. This can be triggered by the incorrect computation mentioned above, as found by syzbot. This patch fixes the computation, thus avoiding the WARNing. Reported-and-tested-by: syzbot+72af3105289dcb4c055b@syzkaller.appspotmail.com Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Link: https://lore.kernel.org/r/20210712185436.GB326369@rowland.harvard.edu Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
08377263 |
|
21-May-2021 |
Geoffrey D. Bennett <g@b4.vu> |
USB: usbfs: remove double evaluation of usb_sndctrlpipe() usb_sndctrlpipe() is evaluated in do_proc_control(), saved in a variable, then evaluated again. Use the saved variable instead, to match the use of usb_rcvctrlpipe(). Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Geoffrey D. Bennett <g@b4.vu> Link: https://lore.kernel.org/r/20210521174027.GA116484@m.b4.vu Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
4f2629ea |
|
18-May-2021 |
Alan Stern <stern@rowland.harvard.edu> |
USB: usbfs: Don't WARN about excessively large memory allocations Syzbot found that the kernel generates a WARNing if the user tries to submit a bulk transfer through usbfs with a buffer that is way too large. This isn't a bug in the kernel; it's merely an invalid request from the user and the usbfs code does handle it correctly. In theory the same thing can happen with async transfers, or with the packet descriptor table for isochronous transfers. To prevent the MM subsystem from complaining about these bad allocation requests, add the __GFP_NOWARN flag to the kmalloc calls for these buffers. CC: Andrew Morton <akpm@linux-foundation.org> CC: <stable@vger.kernel.org> Reported-and-tested-by: syzbot+882a85c0c8ec4a3e2281@syzkaller.appspotmail.com Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Link: https://lore.kernel.org/r/20210518201835.GA1140918@rowland.harvard.edu Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
f3bc432a |
|
18-Nov-2020 |
Alan Stern <stern@rowland.harvard.edu> |
USB: core: Change %pK for __user pointers to %px Commit 2f964780c03b ("USB: core: replace %p with %pK") used the %pK format specifier for a bunch of __user pointers. But as the 'K' in the specifier indicates, it is meant for kernel pointers. The reason for the %pK specifier is to avoid leaks of kernel addresses, but when the pointer is to an address in userspace the security implications are minimal. In particular, no kernel information is leaked. This patch changes the __user %pK specifiers (used in a bunch of debugging output lines) to %px, which will always print the actual address with no mangling. (Notably, there is no printk format specifier particularly intended for __user pointers.) Fixes: 2f964780c03b ("USB: core: replace %p with %pK") CC: Vamsi Krishna Samavedam <vskrishn@codeaurora.org> CC: <stable@vger.kernel.org> Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Link: https://lore.kernel.org/r/20201119170228.GB576844@rowland.harvard.edu Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
c17536d0 |
|
22-Jul-2020 |
Christoph Hellwig <hch@lst.de> |
usb: usbfs: stop using compat_alloc_user_space Just switch the low-level routines to take kernel structures, and do the conversion from the compat to the native structure on that. Signed-off-by: Christoph Hellwig <hch@lst.de> Link: https://lore.kernel.org/r/20200722073655.220011-1-hch@lst.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
fe6bb59f |
|
23-Apr-2020 |
Al Viro <viro@zeniv.linux.org.uk> |
usb: get rid of pointless access_ok() calls in all affected cases addresses are passed only to copy_from()_user or copy_to_user(). Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
a0e710a7 |
|
14-May-2020 |
Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
USB: usbfs: fix mmap dma mismatch In commit 2bef9aed6f0e ("usb: usbfs: correct kernel->user page attribute mismatch") we switched from always calling remap_pfn_range() to call dma_mmap_coherent() to handle issues with systems with non-coherent USB host controller drivers. Unfortunatly, as syzbot quickly told us, not all the world is host controllers with DMA support, so we need to check what host controller we are attempting to talk to before doing this type of allocation. Thanks to Christoph for the quick idea of how to fix this. Fixes: 2bef9aed6f0e ("usb: usbfs: correct kernel->user page attribute mismatch") Cc: Christoph Hellwig <hch@lst.de> Cc: Hillf Danton <hdanton@sina.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Jeremy Linton <jeremy.linton@arm.com> Cc: stable <stable@vger.kernel.org> Reported-by: syzbot+353be47c9ce21b68b7ed@syzkaller.appspotmail.com Reviewed-by: Jeremy Linton <jeremy.linton@arm.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Link: https://lore.kernel.org/r/20200514112711.1858252-1-gregkh@linuxfoundation.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
2bef9aed |
|
04-May-2020 |
Jeremy Linton <jeremy.linton@arm.com> |
usb: usbfs: correct kernel->user page attribute mismatch On some architectures (e.g. arm64) requests for IO coherent memory may use non-cachable attributes if the relevant device isn't cache coherent. If these pages are then remapped into userspace as cacheable, they may not be coherent with the non-cacheable mappings. In particular this happens with libusb, when it attempts to create zero-copy buffers for use by rtl-sdr (https://github.com/osmocom/rtl-sdr/). On low end arm devices with non-coherent USB ports, the application will be unexpectedly killed, while continuing to work fine on arm machines with coherent USB controllers. This bug has been discovered/reported a few times over the last few years. In the case of rtl-sdr a compile time option to enable/disable zero copy was implemented to work around it. Rather than relaying on application specific workarounds, dma_mmap_coherent() can be used instead of remap_pfn_range(). The page cache/etc attributes will then be correctly set in userspace to match the kernel mapping. Signed-off-by: Jeremy Linton <jeremy.linton@arm.com> Cc: stable <stable@vger.kernel.org> Link: https://lore.kernel.org/r/20200504201348.1183246-1-jeremy.linton@arm.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
fdd64df7 |
|
17-Jan-2020 |
Alan Stern <stern@rowland.harvard.edu> |
USB: usbfs: Always unlink URBs in reverse order When the kernel unlinks a bunch of URBs for a single endpoint, it should always unlink them in reverse order. This eliminates any possibility that some URB x will be unlinked before it can execute but the following URB x+1 will execute before it can be unlinked. Such an event would be bad, for obvious reasons. Chris Dickens pointed out that usbfs doesn't behave this way when it is unbound from an interface. All pending URBs are cancelled, but in the order of submission. This patch changes the behavior to make the unlinks occur in reverse order. It similarly changes the behavior when usbfs cancels the continuation URBs for a BULK endpoint. Suggested-by: Chris Dickens <christopher.a.dickens@gmail.com> Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Link: https://lore.kernel.org/r/Pine.LNX.4.44L0.2001171045380.1571-100000@iolanthe.rowland.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
407e9ef7 |
|
11-Sep-2018 |
Arnd Bergmann <arnd@arndb.de> |
compat_ioctl: move drivers to compat_ptr_ioctl Each of these drivers has a copy of the same trivial helper function to convert the pointer argument and then call the native ioctl handler. We now have a generic implementation of that, so use it. Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: David S. Miller <davem@davemloft.net> Acked-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Jason Gunthorpe <jgg@mellanox.com> Reviewed-by: Jiri Kosina <jkosina@suse.cz> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
#
abb0b3d9 |
|
11-Oct-2019 |
Ingo Rohloff <ingo.rohloff@lauterbach.com> |
usb: usbfs: Suppress problematic bind and unbind uevents. commit 1455cf8dbfd0 ("driver core: emit uevents when device is bound to a driver") added bind and unbind uevents when a driver is bound or unbound to a physical device. For USB devices which are handled via the generic usbfs layer (via libusb for example), this is problematic: Each time a user space program calls ioctl(usb_fd, USBDEVFS_CLAIMINTERFACE, &usb_intf_nr); and then later ioctl(usb_fd, USBDEVFS_RELEASEINTERFACE, &usb_intf_nr); The kernel will now produce a bind or unbind event, which does not really contain any useful information. This allows a user space program to run a DoS attack against programs which listen to uevents (in particular systemd/eudev/upowerd): A malicious user space program just has to call in a tight loop ioctl(usb_fd, USBDEVFS_CLAIMINTERFACE, &usb_intf_nr); ioctl(usb_fd, USBDEVFS_RELEASEINTERFACE, &usb_intf_nr); With this loop the malicious user space program floods the kernel and all programs listening to uevents with tons of bind and unbind events. This patch suppresses uevents for ioctls USBDEVFS_CLAIMINTERFACE and USBDEVFS_RELEASEINTERFACE. Signed-off-by: Ingo Rohloff <ingo.rohloff@lauterbach.com> Link: https://lore.kernel.org/r/20191011115518.2801-1-ingo.rohloff@lauterbach.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
71464db9 |
|
07-Oct-2019 |
Saurav Girepunje <saurav.girepunje@gmail.com> |
usb: core: devio.c: Fix assignment of 0/1 to bool variables Use true/false for is_in bool type in function proc_do_submiturb. Signed-off-by: Saurav Girepunje <saurav.girepunje@gmail.com> Link: https://lore.kernel.org/r/20191007182649.GA7068@saurav Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
b08a6259 |
|
14-Aug-2019 |
Gavin Li <git@thegavinli.com> |
usb: usbfs: only account once for mmap()'ed usb memory usage Memory usage for USB memory allocated via mmap() is already accounted for at mmap() time; no need to account for it again at submiturb time. Signed-off-by: Gavin Li <git@thegavinli.com> Acked-by: Alan Stern <stern@rowland.harvard.edu> Link: https://lore.kernel.org/r/20190814212924.10381-1-gavinli@thegavinli.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
4ed33505 |
|
13-Aug-2019 |
Alan Stern <stern@rowland.harvard.edu> |
USB: usbfs: Add a capability flag for runtime suspend The recent commit 7794f486ed0b ("usbfs: Add ioctls for runtime power management") neglected to add a corresponding capability flag. This patch rectifies the omission. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> CC: Mayuresh Kulkarni <mkulkarni@opensource.cirrus.com> Link: https://lore.kernel.org/r/Pine.LNX.4.44L0.1908131613490.1941-100000@iolanthe.rowland.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
7794f486 |
|
07-Aug-2019 |
Alan Stern <stern@rowland.harvard.edu> |
usbfs: Add ioctls for runtime power management It has been requested that usbfs should implement runtime power management, instead of forcing the device to remain at full power as long as the device file is open. This patch introduces that new feature. It does so by adding three new usbfs ioctls: USBDEVFS_FORBID_SUSPEND: Prevents the device from going into runtime suspend (and causes a resume if the device is already suspended). USBDEVFS_ALLOW_SUSPEND: Allows the device to go into runtime suspend. Some time may elapse before the device actually is suspended, depending on things like the autosuspend delay. USBDEVFS_WAIT_FOR_RESUME: Blocks until the call is interrupted by a signal or at least one runtime resume has occurred since the most recent ALLOW_SUSPEND ioctl call (which may mean immediately, even if the device is currently suspended). In the latter case, the device is prevented from suspending again just as if FORBID_SUSPEND was called before the ioctl returns. For backward compatibility, when the device file is first opened runtime suspends are forbidden. The userspace program can then allow suspends whenever it wants, and either resume the device directly (by forbidding suspends again) or wait for a resume from some other source (such as a remote wakeup). URBs submitted to a suspended device will fail or will complete with an appropriate error code. This combination of ioctls is sufficient for user programs to have nearly the same degree of control over a device's runtime power behavior as kernel drivers do. Still lacking is documentation for the new ioctls. I intend to add it later, after the existing documentation for the usbfs userspace API is straightened out into a reasonable form. Suggested-by: Mayuresh Kulkarni <mkulkarni@opensource.cirrus.com> Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Link: https://lore.kernel.org/r/Pine.LNX.4.44L0.1908071013220.1514-100000@iolanthe.rowland.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
c43f28df |
|
04-Aug-2019 |
Gavin Li <git@thegavinli.com> |
usb: usbfs: fix double-free of usb memory upon submiturb error Upon an error within proc_do_submiturb(), dec_usb_memory_use_count() gets called once by the error handling tail and again by free_async(). Remove the first call. Signed-off-by: Gavin Li <git@thegavinli.com> Acked-by: Alan Stern <stern@rowland.harvard.edu> Cc: stable <stable@vger.kernel.org> Link: https://lore.kernel.org/r/20190804235044.22327-1-gavinli@thegavinli.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
4495dfdd |
|
23-Jul-2019 |
Suzuki K Poulose <suzuki.poulose@arm.com> |
drivers: Introduce device lookup variants by device type Add a helper to match a device by its type and provide wrappers for {bus/class/driver}_find_device() APIs. Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Harald Freudenberger <freude@linux.ibm.com> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Cc: linux-usb@vger.kernel.org Cc: Oliver Neukum <oneukum@suse.com> Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Cc: Tomas Winkler <tomas.winkler@intel.com> Cc: "Rafael J. Wysocki" <rafael@kernel.org> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Ulf Hansson <ulf.hansson@linaro.org> Cc: Joe Perches <joe@perches.com> Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com> Link: https://lore.kernel.org/r/20190723221838.12024-5-suzuki.poulose@arm.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
257adc0f |
|
25-Jun-2019 |
Alan Stern <stern@rowland.harvard.edu> |
USB: core: Fix compiler warnings in devio.c In the current kernel, devio.c generates a number of compiler warnings about taking the address of a member of a packed structure. The warnings all look like this one: drivers/usb/core/devio.c: In function ‘proc_do_submiturb’: drivers/usb/core/devio.c:1489:43: warning: taking address of packed member of ‘struct usb_ctrlrequest’ may result in an unaligned pointer value [-Waddress-of-packed-member] 1489 | if (uurb->buffer_length < (le16_to_cpup(&dr->wLength) + 8)) { | ^~~~~~~~~~~~ These warnings can easily be eliminated by changing various le16_to_cpup() calls to use le16_to_cpu() instead. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
ffed6097 |
|
25-Jun-2019 |
Alan Stern <stern@rowland.harvard.edu> |
USB: core: Remove usbfs_mutex Commit 4a2a8a2cce86 ("usbfs: private mutex for open, release, and remove") is now obsolete. The commit was created back when we had to handle both usbfs device nodes and the old usbdevfs filesystem (/proc/bus/usb/), but usbdevfs no longer exists. This means there's no longer any need to hold a mutex during two separate removal operations (and thus during an entire notifier chain call). Furthermore, the one remaining remove/release pair doesn't race with open thanks to the synchronization provided by the device model core in bus_find_device(). Remove and release don't race with each other because they both run with the device lock held. The upshot is that usbfs_mutex isn't needed any more. This patch removes it entirely. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
418e3ea1 |
|
14-Jun-2019 |
Suzuki K Poulose <suzuki.poulose@arm.com> |
bus_find_device: Unify the match callback with class_find_device There is an arbitrary difference between the prototypes of bus_find_device() and class_find_device() preventing their callers from passing the same pair of data and match() arguments to both of them, which is the const qualifier used in the prototype of class_find_device(). If that qualifier is also used in the bus_find_device() prototype, it will be possible to pass the same match() callback function to both bus_find_device() and class_find_device(), which will allow some optimizations to be made in order to avoid code duplication going forward. Also with that, constify the "data" parameter as it is passed as a const to the match function. For this reason, change the prototype of bus_find_device() to match the prototype of class_find_device() and adjust its callers to use the const qualifier in accordance with the new prototype of it. Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Andrew Lunn <andrew@lunn.ch> Cc: Andreas Noever <andreas.noever@gmail.com> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Bjorn Helgaas <bhelgaas@google.com> Cc: Corey Minyard <minyard@acm.org> Cc: Christian Borntraeger <borntraeger@de.ibm.com> Cc: David Kershner <david.kershner@unisys.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: David Airlie <airlied@linux.ie> Cc: Felipe Balbi <balbi@kernel.org> Cc: Frank Rowand <frowand.list@gmail.com> Cc: Grygorii Strashko <grygorii.strashko@ti.com> Cc: Harald Freudenberger <freude@linux.ibm.com> Cc: Hartmut Knaack <knaack.h@gmx.de> Cc: Heiko Stuebner <heiko@sntech.de> Cc: Jason Gunthorpe <jgg@ziepe.ca> Cc: Jonathan Cameron <jic23@kernel.org> Cc: "James E.J. Bottomley" <jejb@linux.ibm.com> Cc: Len Brown <lenb@kernel.org> Cc: Mark Brown <broonie@kernel.org> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: Michael Jamet <michael.jamet@intel.com> Cc: "Martin K. Petersen" <martin.petersen@oracle.com> Cc: Peter Oberparleiter <oberpar@linux.ibm.com> Cc: Sebastian Ott <sebott@linux.ibm.com> Cc: Srinivas Kandagatla <srinivas.kandagatla@linaro.org> Cc: Yehezkel Bernat <YehezkelShB@gmail.com> Cc: rafael@kernel.org Acked-by: Corey Minyard <minyard@acm.org> Acked-by: David Kershner <david.kershner@unisys.com> Acked-by: Mark Brown <broonie@kernel.org> Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> Acked-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org> Acked-by: Wolfram Sang <wsa@the-dreams.de> # for the I2C parts Acked-by: Rob Herring <robh@kernel.org> Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
6d101f24 |
|
10-Jun-2019 |
Dmitry Torokhov <dmitry.torokhov@gmail.com> |
USB: add usbfs ioctl to retrieve the connection parameters Recently usfbs gained availability to retrieve device speed, but there is sill no way to determine the bus number or list of ports the device is connected to when using usbfs. While this information can be obtained from sysfs, not all environments allow sysfs access. In a jailed environment a program might be simply given an opened file descriptor to usbfs device, and it is really important that all data can be gathered from said file descriptor. This patch introduces a new ioctl, USBDEVFS_CONNINFO_EX, which return extended connection information for the device, including the bus number, address, port list and speed. The API allows kernel to extend amount of data returned by the ioctl and userspace has an option of adjusting the amount of data it is willing to consume. A new capability, USBDEVFS_CAP_CONNINFO_EX, is introduced to help userspace in determining whether the kernel supports this new ioctl. Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
086ebf92 |
|
23-May-2019 |
Weitao Hou <houweitaoo@gmail.com> |
usb: avoid redundant allocation and free of memory If usb is not attached, it's unnessary to allocate, copy and free memory Signed-off-by: Weitao Hou <houweitaoo@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
70f1b0d3 |
|
07-Feb-2019 |
Eric W. Biederman <ebiederm@xmission.com> |
signal/usb: Replace kill_pid_info_as_cred with kill_pid_usb_asyncio The usb support for asyncio encoded one of it's values in the wrong field. It should have used si_value but instead used si_addr which is not present in the _rt union member of struct siginfo. The practical result of this is that on a 64bit big endian kernel when delivering a signal to a 32bit process the si_addr field is set to NULL, instead of the expected pointer value. This issue can not be fixed in copy_siginfo_to_user32 as the usb usage of the the _sigfault (aka si_addr) member of the siginfo union when SI_ASYNCIO is set is incompatible with the POSIX and glibc usage of the _rt member of the siginfo union. Therefore replace kill_pid_info_as_cred with kill_pid_usb_asyncio a dedicated function for this one specific case. There are no other users of kill_pid_info_as_cred so this specialization should have no impact on the amount of code in the kernel. Have kill_pid_usb_asyncio take instead of a siginfo_t which is difficult and error prone, 3 arguments, a signal number, an errno value, and an address enconded as a sigval_t. The encoding of the address as a sigval_t allows the code that reads the userspace request for a signal to handle this compat issue along with all of the other compat issues. Add BUILD_BUG_ONs in kernel/signal.c to ensure that we can now place the pointer value at the in si_pid (instead of si_addr). That is the code now verifies that si_pid and si_addr always occur at the same location. Further the code veries that for native structures a value placed in si_pid and spilling into si_uid will appear in userspace in si_addr (on a byte by byte copy of siginfo or a field by field copy of siginfo). The code also verifies that for a 64bit kernel and a 32bit userspace the 32bit pointer will fit in si_pid. I have used the usbsig.c program below written by Alan Stern and slightly tweaked by me to run on a big endian machine to verify the issue exists (on sparc64) and to confirm the patch below fixes the issue. /* usbsig.c -- test USB async signal delivery */ #define _GNU_SOURCE #include <stdio.h> #include <fcntl.h> #include <signal.h> #include <string.h> #include <sys/ioctl.h> #include <unistd.h> #include <endian.h> #include <linux/usb/ch9.h> #include <linux/usbdevice_fs.h> static struct usbdevfs_urb urb; static struct usbdevfs_disconnectsignal ds; static volatile sig_atomic_t done = 0; void urb_handler(int sig, siginfo_t *info , void *ucontext) { printf("Got signal %d, signo %d errno %d code %d addr: %p urb: %p\n", sig, info->si_signo, info->si_errno, info->si_code, info->si_addr, &urb); printf("%s\n", (info->si_addr == &urb) ? "Good" : "Bad"); } void ds_handler(int sig, siginfo_t *info , void *ucontext) { printf("Got signal %d, signo %d errno %d code %d addr: %p ds: %p\n", sig, info->si_signo, info->si_errno, info->si_code, info->si_addr, &ds); printf("%s\n", (info->si_addr == &ds) ? "Good" : "Bad"); done = 1; } int main(int argc, char **argv) { char *devfilename; int fd; int rc; struct sigaction act; struct usb_ctrlrequest *req; void *ptr; char buf[80]; if (argc != 2) { fprintf(stderr, "Usage: usbsig device-file-name\n"); return 1; } devfilename = argv[1]; fd = open(devfilename, O_RDWR); if (fd == -1) { perror("Error opening device file"); return 1; } act.sa_sigaction = urb_handler; sigemptyset(&act.sa_mask); act.sa_flags = SA_SIGINFO; rc = sigaction(SIGUSR1, &act, NULL); if (rc == -1) { perror("Error in sigaction"); return 1; } act.sa_sigaction = ds_handler; sigemptyset(&act.sa_mask); act.sa_flags = SA_SIGINFO; rc = sigaction(SIGUSR2, &act, NULL); if (rc == -1) { perror("Error in sigaction"); return 1; } memset(&urb, 0, sizeof(urb)); urb.type = USBDEVFS_URB_TYPE_CONTROL; urb.endpoint = USB_DIR_IN | 0; urb.buffer = buf; urb.buffer_length = sizeof(buf); urb.signr = SIGUSR1; req = (struct usb_ctrlrequest *) buf; req->bRequestType = USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_DEVICE; req->bRequest = USB_REQ_GET_DESCRIPTOR; req->wValue = htole16(USB_DT_DEVICE << 8); req->wIndex = htole16(0); req->wLength = htole16(sizeof(buf) - sizeof(*req)); rc = ioctl(fd, USBDEVFS_SUBMITURB, &urb); if (rc == -1) { perror("Error in SUBMITURB ioctl"); return 1; } rc = ioctl(fd, USBDEVFS_REAPURB, &ptr); if (rc == -1) { perror("Error in REAPURB ioctl"); return 1; } memset(&ds, 0, sizeof(ds)); ds.signr = SIGUSR2; ds.context = &ds; rc = ioctl(fd, USBDEVFS_DISCSIGNAL, &ds); if (rc == -1) { perror("Error in DISCSIGNAL ioctl"); return 1; } printf("Waiting for usb disconnect\n"); while (!done) { sleep(1); } close(fd); return 0; } Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: linux-usb@vger.kernel.org Cc: Alan Stern <stern@rowland.harvard.edu> Cc: Oliver Neukum <oneukum@suse.com> Fixes: v2.3.39 Cc: stable@vger.kernel.org Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
#
79595a73 |
|
19-Feb-2019 |
Keyur Patel <iamkeyur96@gmail.com> |
usb: core: Replace hardcoded check with inline function from usb.h Expression (urb->transfer_flags & URB_DIR_MASK) == URB_DIR_IN can be replaced by usb_urb_dir_in(struct urb *urb) from usb.h for better readability. Signed-off-by: Keyur Patel <iamkeyur96@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
8a1dbc8d |
|
01-Jan-2019 |
Chunfeng Yun <chunfeng.yun@mediatek.com> |
usb: devio: update max count of DPs per interval for ISOC The failure happened when I tried to send up to 96DPs per an interval for SSP ISOC transations by libusb, this is used to verify SSP ISOC function of USB3 GEN2 controller, so update it as 96DPs. (refer usb3.1r1.0 section 8.12.6 Isochronous Transactions) Signed-off-by: Chunfeng Yun <chunfeng.yun@mediatek.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
96d4f267 |
|
03-Jan-2019 |
Linus Torvalds <torvalds@linux-foundation.org> |
Remove 'type' argument from access_ok() function Nobody has actually used the type (VERIFY_READ vs VERIFY_WRITE) argument of the user address range verification function since we got rid of the old racy i386-only code to walk page tables by hand. It existed because the original 80386 would not honor the write protect bit when in kernel mode, so you had to do COW by hand before doing any user access. But we haven't supported that in a long time, and these days the 'type' argument is a purely historical artifact. A discussion about extending 'user_access_begin()' to do the range checking resulted this patch, because there is no way we're going to move the old VERIFY_xyz interface to that model. And it's best done at the end of the merge window when I've done most of my merges, so let's just get this done once and for all. This patch was mostly done with a sed-script, with manual fix-ups for the cases that weren't of the trivial 'access_ok(VERIFY_xyz' form. There were a couple of notable cases: - csky still had the old "verify_area()" name as an alias. - the iter_iov code had magical hardcoded knowledge of the actual values of VERIFY_{READ,WRITE} (not that they mattered, since nothing really used it) - microblaze used the type argument for a debug printout but other than those oddities this should be a total no-op patch. I tried to fix up all architectures, did fairly extensive grepping for access_ok() uses, and the changes are trivial, but I may have missed something. Any missed conversion should be trivially fixable, though. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
665c365a |
|
15-Oct-2018 |
Alan Stern <stern@rowland.harvard.edu> |
USB: fix the usbfs flag sanitization for control transfers Commit 7a68d9fb8510 ("USB: usbdevfs: sanitize flags more") checks the transfer flags for URBs submitted from userspace via usbfs. However, the check for whether the USBDEVFS_URB_SHORT_NOT_OK flag should be allowed for a control transfer was added in the wrong place, before the code has properly determined the direction of the control transfer. (Control transfers are special because for them, the direction is set by the bRequestType byte of the Setup packet rather than direction bit of the endpoint address.) This patch moves code which sets up the allow_short flag for control transfers down after is_in has been set to the correct value. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Reported-and-tested-by: syzbot+24a30223a4b609bb802e@syzkaller.appspotmail.com Fixes: 7a68d9fb8510 ("USB: usbdevfs: sanitize flags more") CC: Oliver Neukum <oneukum@suse.com> CC: <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
ae7795bc |
|
25-Sep-2018 |
Eric W. Biederman <ebiederm@xmission.com> |
signal: Distinguish between kernel_siginfo and siginfo Linus recently observed that if we did not worry about the padding member in struct siginfo it is only about 48 bytes, and 48 bytes is much nicer than 128 bytes for allocating on the stack and copying around in the kernel. The obvious thing of only adding the padding when userspace is including siginfo.h won't work as there are sigframe definitions in the kernel that embed struct siginfo. So split siginfo in two; kernel_siginfo and siginfo. Keeping the traditional name for the userspace definition. While the version that is used internally to the kernel and ultimately will not be padded to 128 bytes is called kernel_siginfo. The definition of struct kernel_siginfo I have put in include/signal_types.h A set of buildtime checks has been added to verify the two structures have the same field offsets. To make it easy to verify the change kernel_siginfo retains the same size as siginfo. The reduction in size comes in a following change. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
#
81e0403b |
|
04-Sep-2018 |
Oliver Neukum <oneukum@suse.com> |
USB: usbdevfs: restore warning for nonsensical flags If we filter flags before they reach the core we need to generate our own warnings. Signed-off-by: Oliver Neukum <oneukum@suse.com> Fixes: 0cb54a3e47cb ("USB: debugging code shouldn't alter control flow") Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
7a68d9fb |
|
04-Sep-2018 |
Oliver Neukum <oneukum@suse.com> |
USB: usbdevfs: sanitize flags more Requesting a ZERO_PACKET or not is sensible only for output. In the input direction the device decides. Likewise accepting short packets makes sense only for input. This allows operation with panic_on_warn without opening up a local DOS. Signed-off-by: Oliver Neukum <oneukum@suse.com> Reported-by: syzbot+843efa30c8821bd69f53@syzkaller.appspotmail.com Fixes: 0cb54a3e47cb ("USB: debugging code shouldn't alter control flow") Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
3f38dace |
|
24-Jun-2018 |
Sebastian Andrzej Siewior <bigeasy@linutronix.de> |
usb: usbfs: use irqsave() in USB's complete callback The USB completion callback does not disable interrupts while acquiring the lock. We want to remove the local_irq_disable() invocation from __usb_hcd_giveback_urb() and therefore it is required for the callback handler to disable the interrupts while acquiring the lock. The callback may be invoked either in IRQ or BH context depending on the USB host controller. Use the _irqsave() variant of the locking primitives. Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
6da2ec56 |
|
12-Jun-2018 |
Kees Cook <keescook@chromium.org> |
treewide: kmalloc() -> kmalloc_array() The kmalloc() function has a 2-factor argument form, kmalloc_array(). This patch replaces cases of: kmalloc(a * b, gfp) with: kmalloc_array(a * b, gfp) as well as handling cases of: kmalloc(a * b * c, gfp) with: kmalloc(array3_size(a, b, c), gfp) as it's slightly less ugly than: kmalloc_array(array_size(a, b), c, gfp) This does, however, attempt to ignore constant size factors like: kmalloc(4 * 1024, gfp) though any constants defined via macros get caught up in the conversion. Any factors with a sizeof() of "unsigned char", "char", and "u8" were dropped, since they're redundant. The tools/ directory was manually excluded, since it has its own implementation of kmalloc(). The Coccinelle script used for this was: // Fix redundant parens around sizeof(). @@ type TYPE; expression THING, E; @@ ( kmalloc( - (sizeof(TYPE)) * E + sizeof(TYPE) * E , ...) | kmalloc( - (sizeof(THING)) * E + sizeof(THING) * E , ...) ) // Drop single-byte sizes and redundant parens. @@ expression COUNT; typedef u8; typedef __u8; @@ ( kmalloc( - sizeof(u8) * (COUNT) + COUNT , ...) | kmalloc( - sizeof(__u8) * (COUNT) + COUNT , ...) | kmalloc( - sizeof(char) * (COUNT) + COUNT , ...) | kmalloc( - sizeof(unsigned char) * (COUNT) + COUNT , ...) | kmalloc( - sizeof(u8) * COUNT + COUNT , ...) | kmalloc( - sizeof(__u8) * COUNT + COUNT , ...) | kmalloc( - sizeof(char) * COUNT + COUNT , ...) | kmalloc( - sizeof(unsigned char) * COUNT + COUNT , ...) ) // 2-factor product with sizeof(type/expression) and identifier or constant. @@ type TYPE; expression THING; identifier COUNT_ID; constant COUNT_CONST; @@ ( - kmalloc + kmalloc_array ( - sizeof(TYPE) * (COUNT_ID) + COUNT_ID, sizeof(TYPE) , ...) | - kmalloc + kmalloc_array ( - sizeof(TYPE) * COUNT_ID + COUNT_ID, sizeof(TYPE) , ...) | - kmalloc + kmalloc_array ( - sizeof(TYPE) * (COUNT_CONST) + COUNT_CONST, sizeof(TYPE) , ...) | - kmalloc + kmalloc_array ( - sizeof(TYPE) * COUNT_CONST + COUNT_CONST, sizeof(TYPE) , ...) | - kmalloc + kmalloc_array ( - sizeof(THING) * (COUNT_ID) + COUNT_ID, sizeof(THING) , ...) | - kmalloc + kmalloc_array ( - sizeof(THING) * COUNT_ID + COUNT_ID, sizeof(THING) , ...) | - kmalloc + kmalloc_array ( - sizeof(THING) * (COUNT_CONST) + COUNT_CONST, sizeof(THING) , ...) | - kmalloc + kmalloc_array ( - sizeof(THING) * COUNT_CONST + COUNT_CONST, sizeof(THING) , ...) ) // 2-factor product, only identifiers. @@ identifier SIZE, COUNT; @@ - kmalloc + kmalloc_array ( - SIZE * COUNT + COUNT, SIZE , ...) // 3-factor product with 1 sizeof(type) or sizeof(expression), with // redundant parens removed. @@ expression THING; identifier STRIDE, COUNT; type TYPE; @@ ( kmalloc( - sizeof(TYPE) * (COUNT) * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | kmalloc( - sizeof(TYPE) * (COUNT) * STRIDE + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | kmalloc( - sizeof(TYPE) * COUNT * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | kmalloc( - sizeof(TYPE) * COUNT * STRIDE + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | kmalloc( - sizeof(THING) * (COUNT) * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) | kmalloc( - sizeof(THING) * (COUNT) * STRIDE + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) | kmalloc( - sizeof(THING) * COUNT * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) | kmalloc( - sizeof(THING) * COUNT * STRIDE + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) ) // 3-factor product with 2 sizeof(variable), with redundant parens removed. @@ expression THING1, THING2; identifier COUNT; type TYPE1, TYPE2; @@ ( kmalloc( - sizeof(TYPE1) * sizeof(TYPE2) * COUNT + array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2)) , ...) | kmalloc( - sizeof(TYPE1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2)) , ...) | kmalloc( - sizeof(THING1) * sizeof(THING2) * COUNT + array3_size(COUNT, sizeof(THING1), sizeof(THING2)) , ...) | kmalloc( - sizeof(THING1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(THING1), sizeof(THING2)) , ...) | kmalloc( - sizeof(TYPE1) * sizeof(THING2) * COUNT + array3_size(COUNT, sizeof(TYPE1), sizeof(THING2)) , ...) | kmalloc( - sizeof(TYPE1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(TYPE1), sizeof(THING2)) , ...) ) // 3-factor product, only identifiers, with redundant parens removed. @@ identifier STRIDE, SIZE, COUNT; @@ ( kmalloc( - (COUNT) * STRIDE * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) | kmalloc( - COUNT * (STRIDE) * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) | kmalloc( - COUNT * STRIDE * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | kmalloc( - (COUNT) * (STRIDE) * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) | kmalloc( - COUNT * (STRIDE) * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | kmalloc( - (COUNT) * STRIDE * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | kmalloc( - (COUNT) * (STRIDE) * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | kmalloc( - COUNT * STRIDE * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) ) // Any remaining multi-factor products, first at least 3-factor products, // when they're not all constants... @@ expression E1, E2, E3; constant C1, C2, C3; @@ ( kmalloc(C1 * C2 * C3, ...) | kmalloc( - (E1) * E2 * E3 + array3_size(E1, E2, E3) , ...) | kmalloc( - (E1) * (E2) * E3 + array3_size(E1, E2, E3) , ...) | kmalloc( - (E1) * (E2) * (E3) + array3_size(E1, E2, E3) , ...) | kmalloc( - E1 * E2 * E3 + array3_size(E1, E2, E3) , ...) ) // And then all remaining 2 factors products when they're not all constants, // keeping sizeof() as the second factor argument. @@ expression THING, E1, E2; type TYPE; constant C1, C2, C3; @@ ( kmalloc(sizeof(THING) * C2, ...) | kmalloc(sizeof(TYPE) * C2, ...) | kmalloc(C1 * C2 * C3, ...) | kmalloc(C1 * C2, ...) | - kmalloc + kmalloc_array ( - sizeof(TYPE) * (E2) + E2, sizeof(TYPE) , ...) | - kmalloc + kmalloc_array ( - sizeof(TYPE) * E2 + E2, sizeof(TYPE) , ...) | - kmalloc + kmalloc_array ( - sizeof(THING) * (E2) + E2, sizeof(THING) , ...) | - kmalloc + kmalloc_array ( - sizeof(THING) * E2 + E2, sizeof(THING) , ...) | - kmalloc + kmalloc_array ( - (E1) * E2 + E1, E2 , ...) | - kmalloc + kmalloc_array ( - (E1) * (E2) + E1, E2 , ...) | - kmalloc + kmalloc_array ( - E1 * E2 + E1, E2 , ...) ) Signed-off-by: Kees Cook <keescook@chromium.org>
|
#
6b4f3d01 |
|
07-Sep-2017 |
Stephen Smalley <sds@tycho.nsa.gov> |
usb, signal, security: only pass the cred, not the secid, to kill_pid_info_as_cred and security_task_kill commit d178bc3a708f39cbfefc3fab37032d3f2511b4ec ("user namespace: usb: make usb urbs user namespace aware (v2)") changed kill_pid_info_as_uid to kill_pid_info_as_cred, saving and passing a cred structure instead of uids. Since the secid can be obtained from the cred, drop the secid fields from the usb_dev_state and async structures, and drop the secid argument to kill_pid_info_as_cred. Replace the secid argument to security_task_kill with the cred. Update SELinux, Smack, and AppArmor to use the cred, which avoids the need for Smack and AppArmor to use a secid at all in this hook. Further changes to Smack might still be required to take full advantage of this change, since it should now be possible to perform capability checking based on the supplied cred. The changes to Smack and AppArmor have only been compile-tested. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Paul Moore <paul@paul-moore.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <james.morris@microsoft.com>
|
#
a9a08845 |
|
11-Feb-2018 |
Linus Torvalds <torvalds@linux-foundation.org> |
vfs: do bulk POLL* -> EPOLL* replacement This is the mindless scripted replacement of kernel use of POLL* variables as described by Al, done by this script: for V in IN OUT PRI ERR RDNORM RDBAND WRNORM WRBAND HUP RDHUP NVAL MSG; do L=`git grep -l -w POLL$V | grep -v '^t' | grep -v /um/ | grep -v '^sa' | grep -v '/poll.h$'|grep -v '^D'` for f in $L; do sed -i "-es/^\([^\"]*\)\(\<POLL$V\>\)/\\1E\\2/" $f; done done with de-mangling cleanups yet to come. NOTE! On almost all architectures, the EPOLL* constants have the same values as the POLL* constants do. But they keyword here is "almost". For various bad reasons they aren't the same, and epoll() doesn't actually work quite correctly in some cases due to this on Sparc et al. The next patch from Al will sort out the final differences, and we should be all done. Scripted-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
3b10db2b |
|
18-Aug-2017 |
Eric W. Biederman <ebiederm@xmission.com> |
signal: Replace memset(info,...) with clear_siginfo for clarity The function clear_siginfo is just a nice wrapper around memset so this results in no functional change. This change makes mistakes a little more difficult and it makes it clearer what is going on. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
#
aa15d3d2 |
|
11-Dec-2017 |
Alan Stern <stern@rowland.harvard.edu> |
USB: remove the URB_NO_FSBR flag The URB_NO_FSBR flag has never really been used. It was introduced as a potential way for UHCI to minimize PCI bus usage (by not attempting full-speed bulk and control transfers more than once per frame), but the flag was not set by any drivers. There's no point in keeping it around. This patch simplifies the API by removing it. Unfortunately, it does have to be kept as part of the usbfs ABI, but at least we can document in include/uapi/linux/usbdevice_fs.h that it doesn't do anything. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Acked-by: Shuah Khan <shuahkh@osg.samsung.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
afc9a42b |
|
03-Jul-2017 |
Al Viro <viro@zeniv.linux.org.uk> |
the rest of drivers/*: annotate ->poll() instances Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
446f666d |
|
23-Nov-2017 |
Oliver Neukum <oneukum@suse.com> |
USB: usbfs: Filter flags passed in from user space USBDEVFS_URB_ISO_ASAP must be accepted only for ISO endpoints. Improve sanity checking. Reported-by: Andrey Konovalov <andreyknvl@google.com> Signed-off-by: Oliver Neukum <oneukum@suse.com> Cc: stable <stable@vger.kernel.org> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
2ef47001 |
|
07-Nov-2017 |
Alan Stern <stern@rowland.harvard.edu> |
USB: usbfs: compute urb->actual_length for isochronous The USB kerneldoc says that the actual_length field "is read in non-iso completion functions", but the usbfs driver uses it for all URB types in processcompl(). Since not all of the host controller drivers set actual_length for isochronous URBs, programs using usbfs with some host controllers don't work properly. For example, Minas reports that a USB camera controlled by libusb doesn't work properly with a dwc2 controller. It doesn't seem worthwhile to change the HCDs and the documentation, since the in-kernel USB class drivers evidently don't rely on actual_length for isochronous transfers. The easiest solution is for usbfs to calculate the actual_length value for itself, by adding up the lengths of the individual packets in an isochronous transfer. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> CC: Minas Harutyunyan <Minas.Harutyunyan@synopsys.com> Reported-and-tested-by: wlf <wulf@rock-chips.com> CC: <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
f9d4d453 |
|
02-Nov-2017 |
Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
USB: core: Remove redundant license text Now that the SPDX tag is in all USB files, that identifies the license in a specific and legally-defined manner. So the extra GPL text wording can be removed as it is no longer needed at all. This is done on a quest to remove the 700+ different ways that files in the kernel describe the GPL license text. And there's unneeded stuff like the address (sometimes incorrect) for the FSF which is never needed. No copyright headers or other non-license-description text was removed. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
5fd54ace |
|
03-Nov-2017 |
Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
USB: add SPDX identifiers to all remaining files in drivers/usb/ It's good to have SPDX identifiers in all files to make it easier to audit the kernel tree for correct licenses. Update the drivers/usb/ and include/linux/usb* files with the correct SPDX license identifier based on the license text in the file itself. The SPDX identifier is a legally binding shorthand, which can be used instead of the full boiler plate text. This work is based on a script and data from Thomas Gleixner, Philippe Ombredanne, and Kate Stewart. Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Kate Stewart <kstewart@linuxfoundation.org> Cc: Philippe Ombredanne <pombredanne@nexb.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: Felipe Balbi <felipe.balbi@linux.intel.com> Acked-by: Johan Hovold <johan@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
6aa7de05 |
|
23-Oct-2017 |
Mark Rutland <mark.rutland@arm.com> |
locking/atomics: COCCINELLE/treewide: Convert trivial ACCESS_ONCE() patterns to READ_ONCE()/WRITE_ONCE() Please do not apply this to mainline directly, instead please re-run the coccinelle script shown below and apply its output. For several reasons, it is desirable to use {READ,WRITE}_ONCE() in preference to ACCESS_ONCE(), and new code is expected to use one of the former. So far, there's been no reason to change most existing uses of ACCESS_ONCE(), as these aren't harmful, and changing them results in churn. However, for some features, the read/write distinction is critical to correct operation. To distinguish these cases, separate read/write accessors must be used. This patch migrates (most) remaining ACCESS_ONCE() instances to {READ,WRITE}_ONCE(), using the following coccinelle script: ---- // Convert trivial ACCESS_ONCE() uses to equivalent READ_ONCE() and // WRITE_ONCE() // $ make coccicheck COCCI=/home/mark/once.cocci SPFLAGS="--include-headers" MODE=patch virtual patch @ depends on patch @ expression E1, E2; @@ - ACCESS_ONCE(E1) = E2 + WRITE_ONCE(E1, E2) @ depends on patch @ expression E; @@ - ACCESS_ONCE(E) + READ_ONCE(E) ---- Signed-off-by: Mark Rutland <mark.rutland@arm.com> Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: davem@davemloft.net Cc: linux-arch@vger.kernel.org Cc: mpe@ellerman.id.au Cc: shuah@kernel.org Cc: snitzer@redhat.com Cc: thor.thayer@linux.intel.com Cc: tj@kernel.org Cc: viro@zeniv.linux.org.uk Cc: will.deacon@arm.com Link: http://lkml.kernel.org/r/1508792849-3115-19-git-send-email-paulmck@linux.vnet.ibm.com Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
#
845d584f |
|
16-Oct-2017 |
Hans de Goede <hdegoede@redhat.com> |
USB: devio: Revert "USB: devio: Don't corrupt user memory" Taking the uurb->buffer_length userspace passes in as a maximum for the actual urbs transfer_buffer_length causes 2 serious issues: 1) It breaks isochronous support for all userspace apps using libusb, as existing libusb versions pass in 0 for uurb->buffer_length, relying on the kernel using the lenghts of the usbdevfs_iso_packet_desc descriptors passed in added together as buffer length. This for example causes redirection of USB audio and Webcam's into virtual machines using qemu-kvm to no longer work. This is a userspace ABI break and as such must be reverted. Note that the original commit does not protect other users / the kernels memory, it only stops the userspace process making the call from shooting itself in the foot. 2) It may cause the kernel to program host controllers to DMA over random memory. Just as the devio code used to only look at the iso_packet_desc lenghts, the host drivers do the same, relying on the submitter of the urbs to make sure the entire buffer is large enough and not checking transfer_buffer_length. But the "USB: devio: Don't corrupt user memory" commit now takes the userspace provided uurb->buffer_length for the buffer-size while copying over the user-provided iso_packet_desc lengths 1:1, allowing the user to specify a small buffer size while programming the host controller to dma a lot more data. (Atleast the ohci, uhci, xhci and fhci drivers do not check transfer_buffer_length for isoc transfers.) This reverts commit fa1ed74eb1c2 ("USB: devio: Don't corrupt user memory") fixing both these issues. Cc: Dan Carpenter <dan.carpenter@oracle.com> Cc: stable@vger.kernel.org Signed-off-by: Hans de Goede <hdegoede@redhat.com> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
fa1ed74e |
|
22-Sep-2017 |
Dan Carpenter <dan.carpenter@oracle.com> |
USB: devio: Don't corrupt user memory The user buffer has "uurb->buffer_length" bytes. If the kernel has more information than that, we should truncate it instead of writing past the end of the user's buffer. I added a WARN_ONCE() to help the user debug the issue. Reported-by: Alan Stern <stern@rowland.harvard.edu> Cc: stable <stable@vger.kernel.org> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
57999d11 |
|
22-Sep-2017 |
Dan Carpenter <dan.carpenter@oracle.com> |
USB: devio: Prevent integer overflow in proc_do_submiturb() There used to be an integer overflow check in proc_do_submiturb() but we removed it. It turns out that it's still required. The uurb->buffer_length variable is a signed integer and it's controlled by the user. It can lead to an integer overflow when we do: num_sgs = DIV_ROUND_UP(uurb->buffer_length, USB_SG_SIZE); If we strip away the macro then that line looks like this: num_sgs = (uurb->buffer_length + USB_SG_SIZE - 1) / USB_SG_SIZE; ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ It's the first addition which can overflow. Fixes: 1129d270cbfb ("USB: Increase usbfs transfer limit") Cc: stable <stable@vger.kernel.org> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
b64d47ae |
|
24-Aug-2017 |
Arvind Yadav <arvind.yadav.cs@gmail.com> |
USB: core: constify vm_operations_struct vm_operations_struct are not supposed to change at runtime. All functions working with const vm_operations_struct. So mark the non-const structs as const. Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
ed62ca2f |
|
10-Aug-2017 |
Douglas Anderson <dianders@chromium.org> |
USB: core: Avoid race of async_completed() w/ usbdev_release() While running reboot tests w/ a specific set of USB devices (and slub_debug enabled), I found that once every few hours my device would be crashed with a stack that looked like this: [ 14.012445] BUG: spinlock bad magic on CPU#0, modprobe/2091 [ 14.012460] lock: 0xffffffc0cb055978, .magic: ffffffc0, .owner: cryption contexts: %lu/%lu [ 14.012460] /1025536097, .owner_cpu: 0 [ 14.012466] CPU: 0 PID: 2091 Comm: modprobe Not tainted 4.4.79 #352 [ 14.012468] Hardware name: Google Kevin (DT) [ 14.012471] Call trace: [ 14.012483] [<....>] dump_backtrace+0x0/0x160 [ 14.012487] [<....>] show_stack+0x20/0x28 [ 14.012494] [<....>] dump_stack+0xb4/0xf0 [ 14.012500] [<....>] spin_dump+0x8c/0x98 [ 14.012504] [<....>] spin_bug+0x30/0x3c [ 14.012508] [<....>] do_raw_spin_lock+0x40/0x164 [ 14.012515] [<....>] _raw_spin_lock_irqsave+0x64/0x74 [ 14.012521] [<....>] __wake_up+0x2c/0x60 [ 14.012528] [<....>] async_completed+0x2d0/0x300 [ 14.012534] [<....>] __usb_hcd_giveback_urb+0xc4/0x138 [ 14.012538] [<....>] usb_hcd_giveback_urb+0x54/0xf0 [ 14.012544] [<....>] xhci_irq+0x1314/0x1348 [ 14.012548] [<....>] usb_hcd_irq+0x40/0x50 [ 14.012553] [<....>] handle_irq_event_percpu+0x1b4/0x3f0 [ 14.012556] [<....>] handle_irq_event+0x4c/0x7c [ 14.012561] [<....>] handle_fasteoi_irq+0x158/0x1c8 [ 14.012564] [<....>] generic_handle_irq+0x30/0x44 [ 14.012568] [<....>] __handle_domain_irq+0x90/0xbc [ 14.012572] [<....>] gic_handle_irq+0xcc/0x18c Investigation using kgdb() found that the wait queue that was passed into wake_up() had been freed (it was filled with slub_debug poison). I analyzed and instrumented the code and reproduced. My current belief is that this is happening: 1. async_completed() is called (from IRQ). Moves "as" onto the completed list. 2. On another CPU, proc_reapurbnonblock_compat() calls async_getcompleted(). Blocks on spinlock. 3. async_completed() releases the lock; keeps running; gets blocked midway through wake_up(). 4. proc_reapurbnonblock_compat() => async_getcompleted() gets the lock; removes "as" from completed list and frees it. 5. usbdev_release() is called. Frees "ps". 6. async_completed() finally continues running wake_up(). ...but wake_up() has a pointer to the freed "ps". The instrumentation that led me to believe this was based on adding some trace_printk() calls in a select few functions and then using kdb's "ftdump" at crash time. The trace follows (NOTE: in the trace below I cheated a little bit and added a udelay(1000) in async_completed() after releasing the spinlock because I wanted it to trigger quicker): <...>-2104 0d.h2 13759034us!: async_completed at start: as=ffffffc0cc638200 mtpd-2055 3.... 13759356us : async_getcompleted before spin_lock_irqsave mtpd-2055 3d..1 13759362us : async_getcompleted after list_del_init: as=ffffffc0cc638200 mtpd-2055 3.... 13759371us+: proc_reapurbnonblock_compat: free_async(ffffffc0cc638200) mtpd-2055 3.... 13759422us+: async_getcompleted before spin_lock_irqsave mtpd-2055 3.... 13759479us : usbdev_release at start: ps=ffffffc0cc042080 mtpd-2055 3.... 13759487us : async_getcompleted before spin_lock_irqsave mtpd-2055 3.... 13759497us!: usbdev_release after kfree(ps): ps=ffffffc0cc042080 <...>-2104 0d.h2 13760294us : async_completed before wake_up(): as=ffffffc0cc638200 To fix this problem we can just move the wake_up() under the ps->lock. There should be no issues there that I'm aware of. Signed-off-by: Douglas Anderson <dianders@chromium.org> Acked-by: Alan Stern <stern@rowland.harvard.edu> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
cc1a7c4b |
|
27-Jun-2017 |
Al Viro <viro@zeniv.linux.org.uk> |
usbdevfs: get rid of field-by-field copyin Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
c01b244a |
|
05-Jun-2017 |
Alan Stern <stern@rowland.harvard.edu> |
USB: add usbfs ioctl to retrieve the connection speed The usbfs interface does not provide any way for the user to learn the speed at which a device is connected. The current API includes a USBDEVFS_CONNECTINFO ioctl, but all it provides is the device's address and a one-bit value indicating whether the connection is low speed. That may have sufficed in the era of USB-1.1, but it isn't good enough today. This patch introduces a new ioctl, USBDEVFS_GET_SPEED, which returns a numeric value indicating the speed of the connection: unknown, low, full, high, wireless, super, or super-plus. Similar information (not exactly the same) is available through sysfs, but it seems reasonable to provide the actual value in usbfs. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Reported-by: Reinhard Huck <reinhard.huck@thesycon.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
2f964780 |
|
16-May-2017 |
Vamsi Krishna Samavedam <vskrishn@codeaurora.org> |
USB: core: replace %p with %pK Format specifier %p can leak kernel addresses while not valuing the kptr_restrict system settings. When kptr_restrict is set to (1), kernel pointers printed using the %pK format specifier will be replaced with Zeros. Debugging Note : &pK prints only Zeros as address. If you need actual address information, write 0 to kptr_restrict. echo 0 > /proc/sys/kernel/kptr_restrict [Found by poking around in a random vendor kernel tree, it would be nice if someone would actually send these types of patches upstream - gkh] Signed-off-by: Vamsi Krishna Samavedam <vskrishn@codeaurora.org> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
3f07c014 |
|
08-Feb-2017 |
Ingo Molnar <mingo@kernel.org> |
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h> We are going to split <linux/sched/signal.h> out of <linux/sched.h>, which will have to be picked up from other headers and a couple of .c files. Create a trivial placeholder <linux/sched/signal.h> file that just maps to <linux/sched.h> to make this patch obviously correct and bisectable. Include the new header in the files that are going to need it. Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mike Galbraith <efault@gmx.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
#
0f5e1558 |
|
27-Feb-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
scripts/spelling.txt: add "an one" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: an one||a one I dropped the "an" before "one or more" in drivers/net/ethernet/sfc/mcdi_pcol.h. Link: http://lkml.kernel.org/r/1481573103-11329-6-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
1129d270 |
|
21-Dec-2016 |
Mateusz Berezecki <mateuszb@fastmail.fm> |
USB: Increase usbfs transfer limit Promote a variable keeping track of USB transfer memory usage to a wider data type and allow for higher bandwidth transfers from a large number of USB devices connected to a single host. Signed-off-by: Mateusz Berezecki <mateuszb@fastmail.fm> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
078cd827 |
|
14-Sep-2016 |
Deepa Dinamani <deepa.kernel@gmail.com> |
fs: Replace CURRENT_TIME with current_time() for inode timestamps CURRENT_TIME macro is not appropriate for filesystems as it doesn't use the right granularity for filesystem timestamps. Use current_time() instead. CURRENT_TIME is also not y2038 safe. This is also in preparation for the patch that transitions vfs timestamps to use 64 bit time and hence make them y2038 safe. As part of the effort current_time() will be extended to do range checks. Hence, it is necessary for all file system timestamps to use current_time(). Also, current_time() will be transitioned along with vfs to be y2038 safe. Note that whenever a single call to current_time() is used to change timestamps in different inodes, it is because they share the same time granularity. Signed-off-by: Deepa Dinamani <deepa.kernel@gmail.com> Reviewed-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Felipe Balbi <balbi@kernel.org> Acked-by: Steven Whitehouse <swhiteho@redhat.com> Acked-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp> Acked-by: David Sterba <dsterba@suse.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
53e5f36f |
|
23-Aug-2016 |
Alan Stern <stern@rowland.harvard.edu> |
USB: avoid left shift by -1 UBSAN complains about a left shift by -1 in proc_do_submiturb(). This can occur when an URB is submitted for a bulk or control endpoint on a high-speed device, since the code doesn't bother to check the endpoint type; normally only interrupt or isochronous endpoints have a nonzero bInterval value. Aside from the fact that the operation is illegal, it shouldn't matter because the result isn't used. Still, in theory it could cause a hardware exception or other problem, so we should work around it. This patch avoids doing the left shift unless the shift amount is >= 0. The same piece of code has another problem. When checking the device speed (the exponential encoding for interrupt endpoints is used only by high-speed or faster devices), we need to look for speed >= USB_SPEED_SUPER as well as speed == USB_SPEED HIGH. The patch adds this check. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Reported-by: Vittorio Zecca <zeccav@gmail.com> Tested-by: Vittorio Zecca <zeccav@gmail.com> Suggested-by: Bjørn Mork <bjorn@mork.no> CC: <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
5cce4382 |
|
10-Jun-2016 |
Alan Stern <stern@rowland.harvard.edu> |
USB: remove race condition in usbfs/libusb when using reap-after-disconnect Hans de Goede has reported a difficulty in the Linux port of libusb. When a device is removed, the poll() system call in usbfs starts returning POLLERR as soon as udev->state is set to USB_STATE_NOTATTACHED, but the outstanding URBs are not available for reaping until some time later (after usbdev_remove() has been called). This is awkward for libusb or other usbfs clients, although not an insuperable problem. At any rate, it's easy to change usbfs so that it returns POLLHUP as soon as the state becomes USB_STATE_NOTATTACHED but it doesn't return POLLERR until after the outstanding URBs have completed. That's what this patch does; it uses the fact that ps->list is always on the dev->filelist list until usbdev_remove() takes it off, which happens after all the outstanding URBs have been cancelled. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Reported-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
70f7ca9a |
|
15-Jun-2016 |
Jiri Slaby <jirislaby@kernel.org> |
usb: devio, do not warn when allocation fails usbdev_mmap allocates a buffer. The size of the buffer is determined by a user. So with this code (no need to be root): int fd = open("/dev/bus/usb/001/001", O_RDONLY); mmap(NULL, 0x800000, PROT_READ, MAP_SHARED, fd, 0); we can see a warning: WARNING: CPU: 0 PID: 21771 at ../mm/page_alloc.c:3563 __alloc_pages_slowpath+0x1036/0x16e0() ... Call Trace: [<ffffffff8117a3ae>] ? warn_slowpath_null+0x2e/0x40 [<ffffffff815178b6>] ? __alloc_pages_slowpath+0x1036/0x16e0 [<ffffffff81516880>] ? warn_alloc_failed+0x250/0x250 [<ffffffff8151226b>] ? get_page_from_freelist+0x75b/0x28b0 [<ffffffff815184e3>] ? __alloc_pages_nodemask+0x583/0x6b0 [<ffffffff81517f60>] ? __alloc_pages_slowpath+0x16e0/0x16e0 [<ffffffff810565d4>] ? dma_generic_alloc_coherent+0x104/0x220 [<ffffffffa0269e56>] ? hcd_buffer_alloc+0x1d6/0x3e0 [usbcore] [<ffffffffa0269c80>] ? hcd_buffer_destroy+0xa0/0xa0 [usbcore] [<ffffffffa0228f05>] ? usb_alloc_coherent+0x65/0x90 [usbcore] [<ffffffffa0275c05>] ? usbdev_mmap+0x1a5/0x770 [usbcore] ... Allocations like this one should be marked as __GFP_NOWARN. So do so. The size could be also clipped by something like: if (size >= (1 << (MAX_ORDER + PAGE_SHIFT - 1))) return -ENOMEM; But I think the overall limit of 16M (by usbfs_increase_memory_usage) is enough, so that we only silence the warning here. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Alan Stern <stern@rowland.harvard.edu> Cc: Steinar H. Gunderson <sesse@google.com> Cc: Markus Rechberger <mrechberger@gmail.com> Fixes: f7d34b445a (USB: Add support for usbfs zerocopy.) Cc: 4.6+ <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
681fef83 |
|
03-May-2016 |
Kangjie Lu <kangjielu@gmail.com> |
USB: usbfs: fix potential infoleak in devio The stack object “ci” has a total size of 8 bytes. Its last 3 bytes are padding bytes which are not initialized and leaked to userland via “copy_to_user”. Signed-off-by: Kangjie Lu <kjlu@gatech.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
10871c13 |
|
27-Apr-2016 |
Michele Curti <michele.curti@gmail.com> |
usb: devio: declare usbdev_vm_ops as static usbdev_vm_ops is used in devio.c only, so declare it as static Signed-off-by: Michele Curti <michele.curti@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
d883f52e |
|
21-Feb-2016 |
Reilly Grant <reillyg@chromium.org> |
usb: devio: Add ioctl to disallow detaching kernel USB drivers. The new USBDEVFS_DROP_PRIVILEGES ioctl allows a process to voluntarily relinquish the ability to issue other ioctls that may interfere with other processes and drivers that have claimed an interface on the device. This commit also includes a simple utility to be able to test the ioctl, located at Documentation/usb/usbdevfs-drop-permissions.c Example (with qemu-kvm's input device): $ lsusb ... Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd $ usb-devices ... C: #Ifs= 1 Cfg#= 1 Atr=a0 MxPwr=100mA I: If#= 0 Alt= 0 #EPs= 1 Cls=03(HID ) Sub=00 Prot=02 Driver=usbhid $ sudo ./usbdevfs-drop-permissions /dev/bus/usb/001/002 OK: privileges dropped! Available options: [0] Exit now [1] Reset device. Should fail if device is in use [2] Claim 4 interfaces. Should succeed where not in use [3] Narrow interface permission mask Which option shall I run?: 1 ERROR: USBDEVFS_RESET failed! (1 - Operation not permitted) Which test shall I run next?: 2 ERROR claiming if 0 (1 - Operation not permitted) ERROR claiming if 1 (1 - Operation not permitted) ERROR claiming if 2 (1 - Operation not permitted) ERROR claiming if 3 (1 - Operation not permitted) Which test shall I run next?: 0 After unbinding usbhid: $ usb-devices ... I: If#= 0 Alt= 0 #EPs= 1 Cls=03(HID ) Sub=00 Prot=02 Driver=(none) $ sudo ./usbdevfs-drop-permissions /dev/bus/usb/001/002 ... Which option shall I run?: 2 OK: claimed if 0 ERROR claiming if 1 (1 - Operation not permitted) ERROR claiming if 2 (1 - Operation not permitted) ERROR claiming if 3 (1 - Operation not permitted) Which test shall I run next?: 1 OK: USBDEVFS_RESET succeeded Which test shall I run next?: 0 After unbinding usbhid and restricting the mask: $ sudo ./usbdevfs-drop-permissions /dev/bus/usb/001/002 ... Which option shall I run?: 3 Insert new mask: 0 OK: privileges dropped! Which test shall I run next?: 2 ERROR claiming if 0 (1 - Operation not permitted) ERROR claiming if 1 (1 - Operation not permitted) ERROR claiming if 2 (1 - Operation not permitted) ERROR claiming if 3 (1 - Operation not permitted) Signed-off-by: Reilly Grant <reillyg@chromium.org> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Emilio López <emilio.lopez@collabora.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
f7d34b44 |
|
03-Feb-2016 |
Steinar H. Gunderson <sesse@google.com> |
USB: Add support for usbfs zerocopy. Add a new interface for userspace to preallocate memory that can be used with usbfs. This gives two primary benefits: - Zerocopy; data no longer needs to be copied between the userspace and the kernel, but can instead be read directly by the driver from userspace's buffers. This works for all kinds of transfers (even if nonsensical for control and interrupt transfers); isochronous also no longer need to memset() the buffer to zero to avoid leaking kernel data. - Once the buffers are allocated, USB transfers can no longer fail due to memory fragmentation; previously, long-running programs could run into problems finding a large enough contiguous memory chunk, especially on embedded systems or at high rates. Memory is allocated by using mmap() against the usbfs file descriptor, and similarly deallocated by munmap(). Once memory has been allocated, using it as pointers to a bulk or isochronous operation means you will automatically get zerocopy behavior. Note that this also means you cannot modify outgoing data until the transfer is complete. The same holds for data on the same cache lines as incoming data; DMA modifying them at the same time could lead to your changes being overwritten. There's a new capability USBDEVFS_CAP_MMAP that userspace can query to see if the running kernel supports this functionality, if just trying mmap() is not acceptable. Largely based on a patch by Markus Rechberger with some updates. The original patch can be found at: http://sundtek.de/support/devio_mmap_v0.4.diff Signed-off-by: Steinar H. Gunderson <sesse@google.com> Signed-off-by: Markus Rechberger <mrechberger@gmail.com> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
69ab55d7 |
|
23-Dec-2015 |
Geliang Tang <geliangtang@163.com> |
USB: core, devio: use to_usb_device Use to_usb_device() instead of open-coding it. Signed-off-by: Geliang Tang <geliangtang@163.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
73a02d32 |
|
10-Dec-2015 |
Rahul Pathak <rpathak@visteon.com> |
usb: Use memdup_user to reuse the code Fixing coccicheck warning which recommends to use memdup_user instead to reimplement its code, using memdup_user simplifies the code ./drivers/usb/core/devio.c:1398:11-18: WARNING opportunity for memdup_user Signed-off-by: Rahul Pathak <rpathak@visteon.com> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
64f10edf |
|
22-Dec-2015 |
Chase Metzger <chasemetzger15@gmail.com> |
usb: core: devio.c: Removed unnecessary space Removed an unnecessary space between a function name and arguments. Signed-off-by: Chase Metzger <chasemetzger15@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
b25472f9 |
|
05-Dec-2015 |
Al Viro <viro@zeniv.linux.org.uk> |
new helpers: no_seek_end_llseek{,_size}() Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
a016a816 |
|
20-Nov-2015 |
Alan Stern <stern@rowland.harvard.edu> |
USB: add usbfs snooping for REAP and DISCARD This patch improves the usbfs_snoop debugging facility by adding messages for a couple of significant events which, up to now, have not been logged. The events are reaping and discarding (i.e., cancelling) an URB. The debugging messages include the userspace address of the URB being reaped or discarded. The reaping messages have to be added in four places, in order to handle blocking and non-blocking reaps in both normal and 32-bit compatibility mode. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
0290cc9f |
|
20-Nov-2015 |
Alan Stern <stern@rowland.harvard.edu> |
USB: limit usbfs snooping of URB contents The usbfs_snoop facility can be very useful for debugging problems involving usbfs. However, it always prints out the entire contents of every URB. When dealing with large quantities of data, this can be less than helpful. This patch ameliorates the situation by adding a module parameter to usbcore for controlling the maximum number of bytes to print when snooping an URB. This makes debugging much easier. For backward compatibility, the default value is set unreasonably high. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
f355e830 |
|
07-Aug-2015 |
Kris Borer <kborer@gmail.com> |
usb: devio: fix spacing Fix two occurrences of the checkpatch.pl error: ERROR: space prohibited before that ',' (ctx:WxW) Fix one occurrence of the checkpatch error: ERROR: space required before the open parenthesis '(' Signed-off-by: Kris Borer <kborer@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
135551ea |
|
04-Aug-2015 |
Kris Borer <kborer@gmail.com> |
usb: devio: remove assignment from if condition Fix five occurrences of the checkpatch.pl error: ERROR: do not use assignment in if condition The semantic patch that makes this change is: // <smpl> @@ identifier i; expression E; statement S1, S2; @@ + i = E; if ( - (i = E) + i ) S1 else S2 @@ identifier i; expression E; statement S; constant c; binary operator b; @@ + i = E; if ( - (i = E) + i b c ) S // </smpl> Signed-off-by: Kris Borer <kborer@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
83ed07c5 |
|
18-May-2015 |
Dan Carpenter <dan.carpenter@oracle.com> |
USB: devio: fix a condition in async_completed() Static checkers complain that the current condition is never true. It seems pretty likely that it's a typo and "URB" was intended instead of "USB". Fixes: 3d97ff63f899 ('usbdevfs: Use scatter-gather lists for large bulk transfers') Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
00fe52de |
|
09-Apr-2015 |
Chase Metzger <chasemetzger15@gmail.com> |
drivers/usb/core: devio.c: Removed an uneeded space before tab Ran checkpatch.pl on file and removed a warning about an unwanted space before a tab. Signed-off-by: Chase Metzger <chasemetzger15@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
f0c2b681 |
|
13-Feb-2015 |
Alan Stern <stern@rowland.harvard.edu> |
USB: usbfs: don't leak kernel data in siginfo When a signal is delivered, the information in the siginfo structure is copied to userspace. Good security practice dicatates that the unused fields in this structure should be initialized to 0 so that random kernel stack data isn't exposed to the user. This patch adds such an initialization to the two places where usbfs raises signals. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Reported-by: Dave Mielke <dave@mielke.cc> CC: <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
3f2cee73 |
|
29-Jan-2015 |
Alan Stern <stern@rowland.harvard.edu> |
USB: usbfs: allow URBs to be reaped after disconnection The usbfs API has a peculiar hole: Users are not allowed to reap their URBs after the device has been disconnected. There doesn't seem to be any good reason for this; it is an ad-hoc inconsistency. The patch allows users to issue the USBDEVFS_REAPURB and USBDEVFS_REAPURBNDELAY ioctls (together with their 32-bit counterparts on 64-bit systems) even after the device is gone. If no URBs are pending for a disconnected device then the ioctls will return -ENODEV rather than -EAGAIN, because obviously no new URBs will ever be able to complete. The patch also adds a new capability flag for USBDEVFS_GET_CAPABILITIES to indicate that the reap-after-disconnect feature is supported. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Tested-by: Chris Dickens <christopher.a.dickens@gmail.com> Acked-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
|
#
d310d05f |
|
01-Aug-2014 |
Oliver Neukum <oneukum@suse.de> |
USB: devio: fix issue with log flooding usbfs allows user space to pass down an URB which sets URB_SHORT_NOT_OK for output URBs. That causes usbcore to log messages without limit for a nonsensical disallowed combination. The fix is to silently drop the attribute in usbfs. The problem is reported to exist since 3.14 https://www.virtualbox.org/ticket/13085 Signed-off-by: Oliver Neukum <oneukum@suse.de> CC: stable@vger.kernel.org Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
9b6f0c4b |
|
10-Mar-2014 |
Valentina Manea <valentina.manea.m@gmail.com> |
usbcore: rename struct dev_state to struct usb_dev_state Since it is needed outside usbcore and exposed in include/linux/usb.h, it conflicts with enum dev_state in rt2x00 wireless driver. Mark it as usb specific to avoid conflicts in the future. Signed-off-by: Valentina Manea <valentina.manea.m@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
bcf7f6e3 |
|
09-Oct-2013 |
Hans de Goede <hdegoede@redhat.com> |
usbfs: Add support for allocating / freeing streams This allows userspace to use bulk-streams, just like in kernel drivers, see Documentation/usb/bulk-streams.txt for details on the in kernel API. This is exported pretty much one on one to userspace. To use streams an app must first make a USBDEVFS_ALLOC_STREAMS ioctl, on success this will return the number of streams available (which may be less then requested). If there are n streams the app can then submit usbdevfs_urb-s with their stream_id member set to 1-n to use a specific stream. IE if USBDEVFS_ALLOC_STREAMS returns 4 then stream_id 1-4 can be used. When the app is done using streams it should call USBDEVFS_FREE_STREAMS Note applications are advised to use libusb rather then using the usbdevfs api directly. The latest version of libusb has support for streams. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
|
#
2fec32b0 |
|
09-Oct-2013 |
Hans de Goede <hdegoede@redhat.com> |
usbfs: Add ep_to_host_endpoint helper function Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
|
#
948cd8c1 |
|
09-Oct-2013 |
Hans de Goede <hdegoede@redhat.com> |
usbfs: Add support for bulk stream ids This patch makes it possible to specify a bulk stream id when submitting an urb using the async usbfs API. It overloads the number_of_packets usbdevfs_urb field for this. This is not pretty, but given other constraints it is the best we can do. The reasoning leading to this goes as follows: 1) We want to support bulk streams in the usbfs API 2) We do not want to extend the usbdevfs_urb struct with a new member, as that would mean defining new ioctl numbers for all async API ioctls + adding compat versions for the old ones (times 2 for 32 bit support) 3) 1 + 2 means we need to re-use an existing field 4) number_of_packets is only used for isoc urbs, and streams are bulk only so it is the best (and only) candidate for re-using Note that: 1) This patch only uses number_of_packets as stream_id if the app has actually allocated streams on the ep, so that old apps which may have garbage in there (as it was unused until now in the bulk case), will not break 2) This patch does not add support for allocating / freeing bulk-streams, that is done in a follow up patch Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
|
#
b2d03eb5 |
|
09-Oct-2013 |
Hans de Goede <hdegoede@redhat.com> |
usbfs: proc_do_submiturb use a local variable for number_of_packets This is a preparation patch for adding support for bulk streams. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
|
#
5ec9c177 |
|
09-Oct-2013 |
Hans de Goede <hdegoede@redhat.com> |
usbfs: Kill urbs on interface before doing a set_interface The usb_set_interface documentation says: * Also, drivers must not change altsettings while urbs are scheduled for * endpoints in that interface; all such urbs must first be completed * (perhaps forced by unlinking). For in kernel drivers we trust the drivers to get this right, but we cannot trust userspace to get this right, so enforce it by killing any urbs still pending on the interface. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
|
#
f080a51b |
|
20-Feb-2014 |
Alan Stern <stern@rowland.harvard.edu> |
USB: complain if userspace resets an active endpoint It is an error for a driver to call usb_clear_halt() or usb_reset_endpoint() while there are URBs queued for the endpoint, because the end result is not well defined. At the time the endpoint gets reset, it may or may not be actively running. As far as I know, no kernel drivers do this. But some userspace drivers do, and it seems like a good idea to bring this error to their attention. This patch adds a warning to the kernel log whenever a program invokes the USBDEVFS_CLEAR_HALT or USBDEVFS_RESETEP ioctls at an inappropriate time, and includes the name of the program. This will make it clear that any subsequent errors are not due to the misbehavior of a kernel driver. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Suggested-by: Bjørn Mork <bjorn@mork.no> CC: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
025d4430 |
|
03-Jan-2014 |
Rahul Bedarkar <rahulbedarkar89@gmail.com> |
USB: core: correct spelling mistakes in comments and warning Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Acked-by: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
06793f2d |
|
14-Oct-2013 |
Matthias Beyer <mail@beyermatthias.de> |
drivers: usb: core: devio.c: Spaces to tabs for proc_control_compat() Replaced spaces by tabs for proc_control_compat() function. Signed-off-by: Matthias Beyer <mail@beyermatthias.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
5b32c385 |
|
14-Oct-2013 |
Matthias Beyer <mail@beyermatthias.de> |
drivers: usb: core: devio.c: Spaces to tabs for proc_reapurbnonblock() Replaced spaces by tabs for proc_reapurbnonblock() function. Signed-off-by: Matthias Beyer <mail@beyermatthias.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
831abf76 |
|
24-Sep-2013 |
Kurt Garloff <kurt@garloff.de> |
usb/core/devio.c: Don't reject control message to endpoint with wrong direction bit Trying to read data from the Pegasus Technologies NoteTaker (0e20:0101) [1] with the Windows App (EasyNote) works natively but fails when Windows is running under KVM (and the USB device handed to KVM). The reason is a USB control message usb 4-2.2: control urb: bRequestType=22 bRequest=09 wValue=0200 wIndex=0001 wLength=0008 This goes to endpoint address 0x01 (wIndex); however, endpoint address 0x01 does not exist. There is an endpoint 0x81 though (same number, but other direction); the app may have meant that endpoint instead. The kernel thus rejects the IO and thus we see the failure. Apparently, Linux is more strict here than Windows ... we can't change the Win app easily, so that's a problem. It seems that the Win app/driver is buggy here and the driver does not behave fully according to the USB HID class spec that it claims to belong to. The device seems to happily deal with that though (and seems to not really care about this value much). So the question is whether the Linux kernel should filter here. Rejecting has the risk that somewhat non-compliant userspace apps/ drivers (most likely in a virtual machine) are prevented from working. Not rejecting has the risk of confusing an overly sensitive device with such a transfer. Given the fact that Windows does not filter it makes this risk rather small though. The patch makes the kernel more tolerant: If the endpoint address in wIndex does not exist, but an endpoint with toggled direction bit does, it will let the transfer through. (It does NOT change the message.) With attached patch, the app in Windows in KVM works. usb 4-2.2: check_ctrlrecip: process 13073 (qemu-kvm) requesting ep 01 but needs 81 I suspect this will mostly affect apps in virtual environments; as on Linux the apps would have been adapted to the stricter handling of the kernel. I have done that for mine[2]. [1] http://www.pegatech.com/ [2] https://sourceforge.net/projects/notetakerpen/ Signed-off-by: Kurt Garloff <kurt@garloff.de> Acked-by: Alan Stern <stern@rowland.harvard.edu> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
c8f2efc8 |
|
31-Aug-2013 |
Xenia Ragiadakou <burzalodowa@gmail.com> |
usbcore: fix read of usbdevfs_ctrltransfer fields in proc_control() Urb fields are stored in struct usbdevfs_ctrltransfer in CPU byteorder and not in little endian, so there is no need to be converted. This bug was reported by sparse. Signed-off-by: Xenia Ragiadakou <burzalodowa@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
5dc50c35 |
|
12-Jul-2013 |
Hans de Goede <hdegoede@redhat.com> |
usbfs: Allow printer class 'get_device_id' without needing to claim the intf For certain (HP) printers the printer device_id does not only contain a static part identifying the printer, but it also contains a dynamic part giving printer status, ink level, etc. To get to this info various userspace utilities need to be able to make a printer class 'get_device_id' request without first claiming the interface (as that is in use for the actual printer driver). Since the printer class 'get_device_id' request does not change interface settings in anyway, allowing this without claiming the interface should not cause any issues. CC: Sanjay Kumar <sanjay.kumar14@hp.com> CC: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
e2e2f0ea |
|
24-May-2013 |
Federico Manzan <f.manzan@gmail.com> |
usbfs: Increase arbitrary limit for USB 3 isopkt length Increase the current arbitrary limit for isocronous packet size to a value large enough to account for USB 3.0 super bandwidth streams, bMaxBurst (0~15 allowed, 1~16 packets) bmAttributes (bit 1:0, mult 0~2, 1~3 packets) so the size max for one USB 3 isocronous transfer is 1024 byte * 16 * 3 = 49152 byte Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Federico Manzan <f.manzan@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
4baf0df7 |
|
17-May-2013 |
Tülin İzer <tulinizer@gmail.com> |
usb: devio: Fixed error: 'do not use assignment in if condition' This patch fixes error: 'do not use assignment in if condition' in USB/devio.c. Signed-off-by: Tülin İzer <tulinizer@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
fa86ad0b |
|
17-May-2013 |
Tülin İzer <tulinizer@gmail.com> |
usb: devio: Fixed macro parenthesis error This patch fixes error 'Macros with complex values should be enclosed in parenthesis' in USB/devio.c Signed-off-by: Tülin İzer <tulinizer@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
e6889b31 |
|
17-May-2013 |
Tülin İzer <tulinizer@gmail.com> |
usb: devio: Fixed warning: 'use <linux/uacces.h> instead <asm/uacces.h>' This patch fixes warning: 'use <linux/uacces.h> instead <asm/uacces.h>' found by checkpatch in usb/devio.c. Signed-off-by: Tülin İzer <tulinizer@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
1361bf4b |
|
16-Apr-2013 |
Hans de Goede <hdegoede@redhat.com> |
usbfs: Always allow ctrl requests with USB_RECIP_ENDPOINT on the ctrl ep When usbfs receives a ctrl-request from userspace it calls check_ctrlrecip, which for a request with USB_RECIP_ENDPOINT tries to map this to an interface to see if this interface is claimed, except for ctrl-requests with a type of USB_TYPE_VENDOR. When trying to use this device: http://www.akaipro.com/eiepro redirected to a Windows vm running on qemu on top of Linux. The windows driver makes a ctrl-req with USB_TYPE_CLASS and USB_RECIP_ENDPOINT with index 0, and the mapping of the endpoint (0) to the interface fails since ep 0 is the ctrl endpoint and thus never is part of an interface. This patch fixes this ctrl-req failing by skipping the checkintf call for USB_RECIP_ENDPOINT ctrl-reqs on the ctrl endpoint. Reported-by: Dave Stikkolorum <d.r.stikkolorum@hhs.nl> Tested-by: Dave Stikkolorum <d.r.stikkolorum@hhs.nl> Signed-off-by: Hans de Goede <hdegoede@redhat.com> Acked-by: Alan Stern <stern@rowland.harvard.edu> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
496ad9aa |
|
23-Jan-2013 |
Al Viro <viro@zeniv.linux.org.uk> |
new helper: file_inode(file) Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
b11b2e1b |
|
02-Feb-2013 |
Chen Gang <gang.chen@asianux.com> |
drivers/usb/core: using strlcpy instead of strncpy for NUL terminated string, better notice '\0' in the end. Signed-off-by: Chen Gang <gang.chen@asianux.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
01463900 |
|
12-Oct-2012 |
Henrik Rydberg <rydberg@euromail.se> |
usbdevfs: Fix broken scatter-gather transfer The handling of large output bulk transfers is broken; the same user page is read over and over again. Fixed with this patch. Cc: stable <stable@vger.kernel.org> Acked-by: Peter Stuge <peter@stuge.se> Acked-by: Hans de Goede <hdegoede@redhat.com> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Henrik Rydberg <rydberg@euromail.se> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
0837e7e5 |
|
08-Sep-2012 |
Hans de Goede <hdegoede@redhat.com> |
usbfs: Add a new disconnect-and-claim ioctl (v2) Apps which deal with devices which also have a kernel driver, need to do the following: 1) Check which driver is attached, so as to not detach the wrong driver (ie detaching usbfs while another instance of the app is using the device) 2) Detach the kernel driver 3) Claim the interface Where moving from one step to the next for both 1-2 and 2-3 consists of a (small) race window. So currently such apps are racy and people just live with it. This patch adds a new ioctl which makes it possible for apps to do this in a race free manner. For flexibility apps can choose to: 1) Specify the driver to disconnect 2) Specify to disconnect any driver except for the one named by the app 3) Disconnect any driver Note that if there is no driver attached, the ioctl will just act like the regular claim-interface ioctl, this is by design, as returning an error for this condition would open a new bag of race-conditions. Changes in v2: -Fix indentation of if blocks where the condition spans multiple lines Signed-off-by: Hans de Goede <hdegoede@redhat.com> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
3d97ff63 |
|
04-Jul-2012 |
Hans de Goede <hdegoede@redhat.com> |
usbdevfs: Use scatter-gather lists for large bulk transfers When using urb->transfer_buffer we need to allocate physical contiguous buffers for the entire transfer, which is pretty much guaranteed to fail with large transfers. Currently userspace works around this by breaking large transfers into multiple urbs. For large bulk transfers this leads to all kind of complications. This patch makes it possible for userspace to reliable submit large bulk transfers to scatter-gather capable host controllers in one go, by using a scatterlist to break the transfer up in managable chunks. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
19181bc5 |
|
04-Jul-2012 |
Hans de Goede <hdegoede@redhat.com> |
usbdevfs: Add a USBDEVFS_GET_CAPABILITIES ioctl There are a few (new) usbdevfs capabilities which an application cannot discover in any other way then checking the kernel version. There are 3 problems with this: 1) It is just not very pretty. 2) Given the tendency of enterprise distros to backport stuff it is not reliable. 3) As discussed in length on the mailinglist, USBDEVFS_URB_BULK_CONTINUATION does not work as it should when combined with USBDEVFS_URB_SHORT_NOT_OK (which is its intended use) on devices attached to an XHCI controller. So the availability of these features can be host controller dependent, making depending on them based on the kernel version not a good idea. This patch besides adding the new ioctl also adds flags for the following existing capabilities: USBDEVFS_CAP_ZERO_PACKET, available since 2.6.31 USBDEVFS_CAP_BULK_CONTINUATION, available since 2.6.32, except for XHCI USBDEVFS_CAP_NO_PACKET_SIZE_LIM, available since 3.3 Note that this patch only does not advertise the USBDEVFS_URB_BULK_CONTINUATION cap for XHCI controllers, bulk transfers with this flag set will still be accepted when submitted to XHCI controllers. Returning -EINVAL for them would break existing apps, and in most cases the troublesome scenario wrt USBDEVFS_URB_SHORT_NOT_OK urbs on XHCI controllers will never get hit, so this would break working use cases. The disadvantage of not returning -EINVAL is that cases were it is causing real trouble may go undetected / the cause of the trouble may be unclear, but this is the best we can do. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Acked-by: Alan Stern <stern@rowland.harvard.edu> Acked-by: Sarah Sharp <sarah.a.sharp@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
2102e06a |
|
04-Jul-2012 |
Hans de Goede <hdegoede@redhat.com> |
usbdevfs: Correct amount of data copied to user in processcompl_compat iso data buffers may have holes in them if some packets were short, so for iso urbs we should always copy the entire buffer, just like the regular processcompl does. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Acked-by: Alan Stern <stern@rowland.harvard.edu> CC: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
4e09dcf2 |
|
18-May-2012 |
Huajun Li <huajun.li.lee@gmail.com> |
USB: Remove races in devio.c There exist races in devio.c, below is one case, and there are similar races in destroy_async() and proc_unlinkurb(). Remove these races. cancel_bulk_urbs() async_completed() ------------------- ----------------------- spin_unlock(&ps->lock); list_move_tail(&as->asynclist, &ps->async_completed); wake_up(&ps->wait); Lead to free_async() be triggered, then urb and 'as' will be freed. usb_unlink_urb(as->urb); ===> refer to the freed 'as' Signed-off-by: Huajun Li <huajun.li.lee@gmail.com> Cc: Alan Stern <stern@rowland.harvard.edu> Cc: Oncaphillis <oncaphillis@snafu.de> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
007bab91 |
|
25-Apr-2012 |
Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
USB: remove CONFIG_USB_DEVICE_CLASS This option has been deprecated for many years now, and no userspace tools use it anymore, so it should be safe to finally remove it. Reported-by: Kay Sievers <kay@vrfy.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
fb28d58b |
|
25-Apr-2012 |
Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
USB: remove CONFIG_USB_DEVICEFS This option has been deprecated for many years now, and no userspace tools use it anymore, so it should be safe to finally remove it. Reported-by: Kay Sievers <kay@vrfy.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
90ab5ee9 |
|
12-Jan-2012 |
Rusty Russell <rusty@rustcorp.com.au> |
module_param: make bool parameters really bool (drivers & misc) module_param(bool) used to counter-intuitively take an int. In fddd5201 (mid-2009) we allowed bool or int/unsigned int using a messy trick. It's time to remove the int/unsigned int option. For this version it'll simply give a warning, but it'll break next kernel version. Acked-by: Mauro Carvalho Chehab <mchehab@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
#
1b41c832 |
|
16-Dec-2011 |
Sarah Sharp <sarah.a.sharp@linux.intel.com> |
usbfs: Fix oops related to user namespace conversion. When running the Point Grey "flycap" program for their USB 3.0 camera (which was running as a USB 2.0 device for some reason), I trigger this oops whenever I try to open a video stream: Dec 15 16:48:34 puck kernel: [ 1798.715559] BUG: unable to handle kernel NULL pointer dereference at (null) Dec 15 16:48:34 puck kernel: [ 1798.719153] IP: [<ffffffff8147841e>] free_async+0x1e/0x70 Dec 15 16:48:34 puck kernel: [ 1798.720991] PGD 6f833067 PUD 6fc56067 PMD 0 Dec 15 16:48:34 puck kernel: [ 1798.722815] Oops: 0002 [#1] SMP Dec 15 16:48:34 puck kernel: [ 1798.724627] CPU 0 Dec 15 16:48:34 puck kernel: [ 1798.724636] Modules linked in: ecryptfs encrypted_keys sha1_generic trusted binfmt_misc sha256_generic aesni_intel cryptd aes_x86_64 aes_generic parport_pc dm_crypt ppdev joydev snd_hda_codec_hdmi snd_hda_codec_conexant arc4 iwlwifi snd_hda_intel snd_hda_codec snd_hwdep snd_pcm thinkpad_acpi mac80211 snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer btusb uvcvideo snd_seq_device bluetooth videodev psmouse snd v4l2_compat_ioctl32 serio_raw tpm_tis cfg80211 tpm tpm_bios nvram soundcore snd_page_alloc lp parport i915 xhci_hcd ahci libahci drm_kms_helper drm sdhci_pci sdhci e1000e i2c_algo_bit video Dec 15 16:48:34 puck kernel: [ 1798.734212] Dec 15 16:48:34 puck kernel: [ 1798.736162] Pid: 2713, comm: FlyCap2 Not tainted 3.2.0-rc5+ #28 LENOVO 4286CTO/4286CTO Dec 15 16:48:34 puck kernel: [ 1798.738148] RIP: 0010:[<ffffffff8147841e>] [<ffffffff8147841e>] free_async+0x1e/0x70 Dec 15 16:48:34 puck kernel: [ 1798.740134] RSP: 0018:ffff88005715fd78 EFLAGS: 00010296 Dec 15 16:48:34 puck kernel: [ 1798.742118] RAX: 00000000fffffff4 RBX: ffff88006fe8f900 RCX: 0000000000004118 Dec 15 16:48:34 puck kernel: [ 1798.744116] RDX: 0000000001000000 RSI: 0000000000016390 RDI: 0000000000000000 Dec 15 16:48:34 puck kernel: [ 1798.746087] RBP: ffff88005715fd88 R08: 0000000000000000 R09: ffffffff8146f22e Dec 15 16:48:34 puck kernel: [ 1798.748018] R10: ffff88006e520ac0 R11: 0000000000000001 R12: ffff88005715fe28 Dec 15 16:48:34 puck kernel: [ 1798.749916] R13: ffff88005d31df00 R14: ffff88006fe8f900 R15: 00007f688c995cb8 Dec 15 16:48:34 puck kernel: [ 1798.751785] FS: 00007f68a366da40(0000) GS:ffff880100200000(0000) knlGS:0000000000000000 Dec 15 16:48:34 puck kernel: [ 1798.753659] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Dec 15 16:48:34 puck kernel: [ 1798.755509] CR2: 0000000000000000 CR3: 00000000706bb000 CR4: 00000000000406f0 Dec 15 16:48:34 puck kernel: [ 1798.757334] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 Dec 15 16:48:34 puck kernel: [ 1798.759124] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Dec 15 16:48:34 puck kernel: [ 1798.760871] Process FlyCap2 (pid: 2713, threadinfo ffff88005715e000, task ffff88006c675b80) Dec 15 16:48:34 puck kernel: [ 1798.762605] Stack: Dec 15 16:48:34 puck kernel: [ 1798.764297] ffff88005715fe28 0000000000000000 ffff88005715fe08 ffffffff81479058 Dec 15 16:48:34 puck kernel: [ 1798.766020] 0000000000000000 ffffea0000004000 ffff880000004118 0000000000000000 Dec 15 16:48:34 puck kernel: [ 1798.767750] ffff880000000001 ffff88006e520ac0 fffffff46fd81180 0000000000000000 Dec 15 16:48:34 puck kernel: [ 1798.769472] Call Trace: Dec 15 16:48:34 puck kernel: [ 1798.771147] [<ffffffff81479058>] proc_do_submiturb+0x778/0xa00 Dec 15 16:48:34 puck kernel: [ 1798.772798] [<ffffffff8147a5fd>] usbdev_do_ioctl+0x24d/0x1200 Dec 15 16:48:34 puck kernel: [ 1798.774410] [<ffffffff8147b5de>] usbdev_ioctl+0xe/0x20 Dec 15 16:48:34 puck kernel: [ 1798.775975] [<ffffffff81189259>] do_vfs_ioctl+0x99/0x600 Dec 15 16:48:34 puck kernel: [ 1798.777534] [<ffffffff81189851>] sys_ioctl+0x91/0xa0 Dec 15 16:48:34 puck kernel: [ 1798.779088] [<ffffffff816247c2>] system_call_fastpath+0x16/0x1b ec 15 16:48:34 puck kernel: [ 1798.780634] Code: 51 ff ff ff e9 29 ff ff ff 0f 1f 40 00 55 48 89 e5 53 48 83 ec 08 66 66 66 66 90 48 89 fb 48 8b 7f 18 e8 a6 ea c0 ff 4 8 8b 7b 20 <f0> ff 0f 0f 94 c0 84 c0 74 05 e8 d3 99 c1 ff 48 8b 43 40 48 8b Dec 15 16:48:34 puck kernel: [ 1798.783970] RIP [<ffffffff8147841e>] free_async+0x1e/0x70 Dec 15 16:48:34 puck kernel: [ 1798.785630] RSP <ffff88005715fd78> Dec 15 16:48:34 puck kernel: [ 1798.787274] CR2: 0000000000000000 Dec 15 16:48:34 puck kernel: [ 1798.794728] ---[ end trace 52894d3355f88d19 ]--- markup_oops.pl says the oops is in put_cred: ffffffff81478401: 48 89 e5 mov %rsp,%rbp ffffffff81478404: 53 push %rbx ffffffff81478405: 48 83 ec 08 sub $0x8,%rsp ffffffff81478409: e8 f2 c0 1a 00 callq ffffffff81624500 <mcount> ffffffff8147840e: 48 89 fb mov %rdi,%rbx | %ebx => ffff88006fe8f900 put_pid(as->pid); ffffffff81478411: 48 8b 7f 18 mov 0x18(%rdi),%rdi ffffffff81478415: e8 a6 ea c0 ff callq ffffffff81086ec0 <put_pid> put_cred(as->cred); ffffffff8147841a: 48 8b 7b 20 mov 0x20(%rbx),%rdi | %edi => 0 %ebx = ffff88006fe8f900 */ static inline int atomic_dec_and_test(atomic_t *v) { unsigned char c; asm volatile(LOCK_PREFIX "decl %0; sete %1" *ffffffff8147841e: f0 ff 0f lock decl (%rdi) | %edi = 0 <--- faulting instruction ffffffff81478421: 0f 94 c0 sete %al static inline void put_cred(const struct cred *_cred) { struct cred *cred = (struct cred *) _cred; validate_creds(cred); if (atomic_dec_and_test(&(cred)->usage)) ffffffff81478424: 84 c0 test %al,%al ffffffff81478426: 74 05 je ffffffff8147842d <free_async+0x2d> __put_cred(cred); ffffffff81478428: e8 d3 99 c1 ff callq ffffffff81091e00 <__put_cred> kfree(as->urb->transfer_buffer); ffffffff8147842d: 48 8b 43 40 mov 0x40(%rbx),%rax ffffffff81478431: 48 8b 78 68 mov 0x68(%rax),%rdi ffffffff81478435: e8 a6 e1 ce ff callq ffffffff811665e0 <kfree> kfree(as->urb->setup_packet); ffffffff8147843a: 48 8b 43 40 mov 0x40(%rbx),%rax ffffffff8147843e: 48 8b b8 90 00 00 00 mov 0x90(%rax),%rdi ffffffff81478445: e8 96 e1 ce ff callq ffffffff811665e0 <kfree> usb_free_urb(as->urb); ffffffff8147844a: 48 8b 7b 40 mov 0x40(%rbx),%rdi ffffffff8147844e: e8 0d 6b ff ff callq ffffffff8146ef60 <usb_free_urb> This bug seems to have been introduced by commit d178bc3a708f39cbfefc3fab37032d3f2511b4ec "user namespace: usb: make usb urbs user namespace aware (v2)" I'm not sure if this is right fix, but it does stop the oops. Unfortunately, the Point Grey software still refuses to work, but it's a closed source app, so I can't fix it. Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
3f5eb8d5 |
|
17-Nov-2011 |
Alan Stern <stern@rowland.harvard.edu> |
USB: make the usbfs memory limit configurable The 16-MB global limit on memory used by usbfs isn't suitable for all people. It's a reasonable default, but there are applications (especially for SuperSpeed devices) that need a lot more. This patch (as1498) creates a writable module parameter for usbcore to control the global limit. The default is still 16 MB, but users can change it at runtime, even after usbcore has been loaded. As a special case, setting the value to 0 is treated the same as the hard limit of 2047 MB. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
add1aaea |
|
17-Nov-2011 |
Alan Stern <stern@rowland.harvard.edu> |
USB: change the memory limits in usbfs URB submission For a long time people have complained about the limitations imposed by usbfs. URBs coming from userspace are not allowed to have transfer buffers larger than a more-or-less arbitrary maximum. While it is generally a good idea to avoid large transfer buffers (because the data has to be bounced to/from a contiguous kernel-space buffer), it's not the kernel's job to enforce such limits. Programs should be allowed to submit URBs as large as they like; if there isn't sufficient contiguous memory available then the submission will fail with a simple ENOMEM error. On the other hand, we would like to prevent programs from submitting a lot of small URBs and using up all the DMA-able kernel memory. To that end, this patch (as1497) replaces the old limits on individual transfer buffers with a single global limit on the total amount of memory in use by usbfs. The global limit is set to 16 MB as a nice compromise value: not too big, but large enough to hold about 300 ms of data for high-speed transfers. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
52fb743d |
|
17-Nov-2011 |
Alan Stern <stern@rowland.harvard.edu> |
USB: unify some error pathways in usbfs This patch (as1496) unifies the error-return pathways of several functions in the usbfs driver. This is not a very important change by itself; it merely prepares the way for the next patch in this series. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
d178bc3a |
|
26-Sep-2011 |
Serge Hallyn <serge.hallyn@canonical.com> |
user namespace: usb: make usb urbs user namespace aware (v2) Add to the dev_state and alloc_async structures the user namespace corresponding to the uid and euid. Pass these to kill_pid_info_as_uid(), which can then implement a proper, user-namespace-aware uid check. Changelog: Sep 20: Per Oleg's suggestion: Instead of caching and passing user namespace, uid, and euid each separately, pass a struct cred. Sep 26: Address Alan Stern's comments: don't define a struct cred at usbdev_open(), and take and put a cred at async_completed() to ensure it lasts for the duration of kill_pid_info_as_cred(). Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com> Cc: Oleg Nesterov <oleg@redhat.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Tejun Heo <tj@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
393cbb51 |
|
25-Sep-2011 |
Matthias Dellweg <2500@gmx.de> |
usb/core/devio.c: Check for printer class specific request In the usb printer class specific request get_device_id the value of wIndex is (interface << 8 | altsetting) instead of just interface. This enables the detection of some printers with libusb. Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Matthias Dellweg <2500@gmx.de> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
aec01c58 |
|
26-Sep-2011 |
Serge Hallyn <serge.hallyn@canonical.com> |
USB: pid_ns: ensure pid is not freed during kill_pid_info_as_uid Alan Stern points out that after spin_unlock(&ps->lock) there is no guarantee that ps->pid won't be freed. Since kill_pid_info_as_uid() is called after the spin_unlock(), the pid passed to it must be pinned. Reported-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
9d02b426 |
|
15-Mar-2011 |
Michal Sojka <sojkam1@fel.cvut.cz> |
USB: Do not pass negative length to snoop_urb() When `echo Y > /sys/module/usbcore/parameters/usbfs_snoop` and usb_control_msg() returns error, a lot of kernel memory is dumped to dmesg until unhandled kernel paging request occurs. Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz> Cc: stable@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
451a3c24 |
|
17-Nov-2010 |
Arnd Bergmann <arnd@arndb.de> |
BKL: remove extraneous #include <smp_lock.h> The big kernel lock has been removed from all these files at some point, leaving only the #include. Remove this too as a cleanup. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
886ccd45 |
|
06-Nov-2010 |
Vasiliy Kulikov <segooon@gmail.com> |
usb: core: fix information leak to userland Structure usbdevfs_connectinfo is copied to userland with padding byted after "slow" field uninitialized. It leads to leaking of contents of kernel stack memory. Signed-off-by: Vasiliy Kulikov <segooon@gmail.com> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
c532b29a |
|
01-Jun-2010 |
Andi Kleen <ak@linux.intel.com> |
USB-BKL: Convert usb_driver ioctl to unlocked_ioctl And audit all the users. None needed the BKL. That was easy because there was only very few around. Tested with allmodconfig build on x86-64 Signed-off-by: Andi Kleen <ak@linux.intel.com> Cc: Arnd Bergmann <arnd@arndb.de> From: Andi Kleen <ak@linux.intel.com>
|
#
27729aad |
|
24-Apr-2010 |
Eric Lescouet <Eric.Lescouet@virtuallogix.com> |
USB: make hcd.h public (drivers dependency) The usbcore headers: hcd.h and hub.h are shared between usbcore, HCDs and a couple of other drivers (e.g. USBIP modules). So, it makes sense to move them into a more public location and to cleanup dependency of those modules on kernel internal headers. This patch moves hcd.h from drivers/usb/core into include/linux/usb/ Signed-of-by: Eric Lescouet <eric@lescouet.org> Cc: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
7152b592 |
|
06-Mar-2010 |
Alan Stern <stern@rowland.harvard.edu> |
USB: fix usbfs regression This patch (as1352) fixes a bug in the way isochronous input data is returned to userspace for usbfs transfers. The entire buffer must be copied, not just the first actual_length bytes, because the individual packets will be discontiguous if any of them are short. Reported-by: Markus Rechberger <mrechberger@gmail.com> Signed-off-by: Alan Stern <stern@rowland.harvard.edu> CC: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
0880aef4 |
|
26-Jan-2010 |
Chris Frey <cdfrey@foursquare.net> |
USB: usbfs_snoop: add data logging back in Uses the new snoop function from commit 4c6e8971cbe0148085, but includes the buffer data where appropriate, as before. Signed-off-by: Chris Frey <cdfrey@foursquare.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
2a9d0083 |
|
14-Jan-2010 |
Oliver Neukum <oliver@neukum.org> |
USB: BKL removal from ioctl path of usbfs Total removal from the ioctl code path except for the outcall to external modules. Locking is ensured by the normal locks of usbfs. Signed-off-by: Oliver Neukum <oliver@neukum.org> Cc: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
01412a21 |
|
13-Jan-2010 |
Oliver Neukum <oliver@neukum.org> |
USB: Reduce scope of BKL in usb ioctl handling This pushes BKL down in ioctl handling and drops it for some important ioctls Signed-off-by: Oliver Neukum <oliver@neukum.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
f9de332e |
|
13-Jan-2010 |
Oliver Neukum <oliver@neukum.org> |
USB: Remove BKL from lseek implementations Replace it by mutex_lock(&file->f_dentry->d_inode->i_mutex); following the example of the generic method Signed-off-by: Oliver Neukum <oliver@neukum.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
063e20eb |
|
13-Jan-2010 |
Oliver Neukum <oliver@neukum.org> |
USB: Remove BKL from usbdev_open() Locking had long been changed making BKL redundant. Simply remove it. Signed-off-by: Oliver Neukum <oliver@neukum.org> Cc: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
62e299e6 |
|
07-Jan-2010 |
Alan Stern <stern@rowland.harvard.edu> |
USB: change locking for device-level autosuspend This patch (as1323) changes the locking requirements for usb_autosuspend_device(), usb_autoresume_device(), and usb_try_autosuspend_device(). This isn't a very important change; mainly it's meant to make the locking more uniform. The most tricky part of the patch involves changes to usbdev_open(). To avoid an ABBA locking problem, it was necessary to reduce the region protected by usbfs_mutex. Since that mutex now protects only against simultaneous open and remove, this posed no difficulty -- its scope was larger than necessary. And it turns out that usbfs_mutex is no longer needed in usbdev_release() at all. The list of usbfs "ps" structures is now protected by the device lock instead of by usbfs_mutex. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
f661c6f8 |
|
11-Dec-2009 |
Alan Stern <stern@rowland.harvard.edu> |
USB: check the endpoint type against the pipe type This patch (as1316) adds some error checking to usb_submit_urb(). It's conditional on CONFIG_USB_DEBUG, so it won't affect normal users. The new check makes sure that the actual type of the endpoint described by urb->pipe agrees with the type encoded in the pipe value. The USB error code documentation is updated to include the code returned by the new check, and the usbfs SUBMITURB handler is updated to use the correct pipe type when legacy user code tries to submit a bulk transfer to an interrupt endpoint. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
ddeee0b2 |
|
16-Feb-2010 |
Linus Torvalds <torvalds@linux-foundation.org> |
USB: usbfs: properly clean up the as structure on error paths I notice that the processcompl_compat() function seems to be leaking the 'struct async *as' in the error paths. I think that the calling convention is fundamentally buggered. The caller is the one that did the "reap_as()" to get the as thing, the caller should be the one to free it too. Freeing it in the caller also means that it very clearly always gets freed, and avoids the need for any "free in the error case too". From: Linus Torvalds <torvalds@linux-foundation.org> Cc: Alan Stern <stern@rowland.harvard.edu> Cc: Marcus Meissner <meissner@suse.de> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
d4a4683c |
|
15-Feb-2010 |
Greg Kroah-Hartman <greg@kroah.com> |
USB: usbfs: only copy the actual data received We need to only copy the data received by the device to userspace, not the whole kernel buffer, which can contain "stale" data. Thanks to Marcus Meissner for pointing this out and testing the fix. Reported-by: Marcus Meissner <meissner@suse.de> Tested-by: Marcus Meissner <meissner@suse.de> Cc: Alan Stern <stern@rowland.harvard.edu> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
637e8a60 |
|
13-Nov-2009 |
Arnd Bergmann <arnd@arndb.de> |
usbdevfs: move compat_ioctl handling to devio.c Half the compat_ioctl handling is in devio.c, the other half is in fs/compat_ioctl.c. This moves everything into one place for consistency. As a positive side-effect, push down the BKL into the ioctl methods. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Greg Kroah-Hartman <gregkh@suse.de> Cc: Alan Stern <stern@rowland.harvard.edu> Cc: Oliver Neukum <oliver@neukum.org> Cc: Alon Bar-Lev <alon.barlev@gmail.com> Cc: David Vrabel <david.vrabel@csr.com> Cc: linux-usb@vger.kernel.org
|
#
01c6460f |
|
01-Sep-2009 |
Alan Stern <stern@rowland.harvard.edu> |
USB: usbfs: add USBDEVFS_URB_BULK_CONTINUATION flag This patch (as1283) adds a new flag, USBDEVFS_URB_BULK_CONTINUATION, to usbfs. It is intended for userspace libraries such as libusb and openusb. When they have to break up a single usbfs bulk transfer into multiple URBs, they will set the flag on all but the first URB of the series. If an error other than an unlink occurs, the kernel will automatically cancel all the following URBs for the same endpoint and refuse to accept new submissions, until an URB is encountered that is not marked as a BULK_CONTINUATION. Such an URB would indicate the start of a new transfer or the presence of an older library, so the kernel returns to normal operation. This enables libraries to delimit bulk transfers correctly, even in the presence of early termination as indicated by short packets. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
5971897f |
|
09-Aug-2009 |
Markus Rechberger <mrechberger@gmail.com> |
USB: increase usbdevfs max isoc buffer size The current limit only allows isochronous transfers up to 32kbyte/urb, updating this to 192 kbyte/urb improves the reliability of the transfer. USB 2.0 transfer is possible with 32kbyte but increases the chance of corrupted/incomplete data when the system is performing some other tasks in the background. http://www.spinics.net/lists/linux-usb/msg19955.html Signed-off-by: Markus Rechberger <mrechberger@gmail.com> Cc: Oliver Neukum <oliver@neukum.org> Cc: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
4c6e8971 |
|
29-Jun-2009 |
Alan Stern <stern@rowland.harvard.edu> |
USB: make the "usbfs_snoop" log more pertinent This patch (as1261) reduces the amount of detailed URB information logged by usbfs when the usbfs_snoop parameter is enabled. Currently we don't display the final status value for a completed URB. But we do display the entire data buffer twice: both before submission and after completion. The after-completion display doesn't limit itself to the actual_length value. But since usbmon is readily available in virtually all distributions, there's no reason for usbfs to print out any buffer contents at all! So this patch restricts the information to: userspace buffer pointer, endpoint number, type, and direction, length or actual_length, and timeout value or status. Now everything fits neatly into a single line. Along with those changes, the patch also fixes the snoop output for the REAPURBNDELAY and REAPURBNDELAY32 ioctls. The current version omits the 'N' from the names. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
7cbe5dca |
|
29-Jun-2009 |
Alan Stern <stern@rowland.harvard.edu> |
USB: add API for userspace drivers to "claim" ports This patch (as1258) implements a feature that users have been asking for: It gives programs the ability to "claim" a port on a hub, via a new usbfs ioctl. A device plugged into a "claimed" port will not be touched by the kernel beyond the immediate necessities of initialization and enumeration. In particular, when a device is plugged into a "claimed" port, the kernel will not select and install a configuration. And when a config is installed by usbfs or sysfs, the kernel will not probe any drivers for any of the interfaces. (However the kernel will fetch various string descriptors during enumeration. One could argue that this isn't really necessary, but the strings are exported in sysfs.) The patch does not guarantee exclusive access to these devices; it is still possible for more than one program to open the device file concurrently. Programs are responsible for coordinating access among themselves. A demonstration program showing how to use the new interface can be found in an attachment to http://marc.info/?l=linux-usb&m=124345857431452&w=2 The patch also makes a small simplification to the hub driver, replacing a bunch of more-or-less useless variants of "out of memory" with a single message. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
01105a24 |
|
30-Jul-2009 |
Alan Stern <stern@rowland.harvard.edu> |
USB: usbfs: fix -ENOENT error code to be -ENODEV This patch (as1272) changes the error code returned when an open call for a USB device node fails to locate the corresponding device. The appropriate error code is -ENODEV, not -ENOENT. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> CC: Kay Sievers <kay.sievers@vrfy.org> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
18753ebc |
|
29-Jul-2009 |
Michael Buesch <mb@bu3sch.de> |
USB: devio: Properly do access_ok() checks access_ok() checks must be done on every part of the userspace structure that is accessed. If access_ok() on one part of the struct succeeded, it does not imply it will succeed on other parts of the struct. (Does depend on the architecture implementation of access_ok()). This changes the __get_user() users to first check access_ok() on the data structure. Signed-off-by: Michael Buesch <mb@bu3sch.de> Cc: stable <stable@kernel.org> Cc: Pete Zaitcev <zaitcev@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
9180135b |
|
29-Jun-2009 |
Alan Stern <stern@rowland.harvard.edu> |
USB: handle zero-length usbfs submissions correctly This patch (as1262) fixes a bug in usbfs: It refuses to accept zero-length transfers, and it insists that the buffer pointer be valid even if there is no data being transferred. The patch also consolidates a bunch of repetitive access_ok() checks into a single check, which incidentally fixes the lack of such a check for Isochronous URBs. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
516a1a07 |
|
08-Jul-2009 |
Oliver Neukum <oliver@neukum.org> |
USB: fix race leading to a write after kfree in usbfs this fixes a race between async_completed() and proc_reapurbnonblock(). CPU A CPU B spin_lock(&ps->lock); list_move_tail(&as->asynclist, &ps->async_completed); spin_unlock(&ps->lock); if (!(as = async_getcompleted(ps))) return -EAGAIN; return processcompl(as, (void __user * __user *)arg); processcompl() calls free_async() which calls kfree(as) as->status = urb->status; if (as->signr) { sinfo.si_signo = as->signr; sinfo.si_errno = as->status; sinfo.si_code = SI_ASYNCIO; sinfo.si_addr = as->userurb; kill_pid_info_as_uid(as->signr, &sinfo, as->pid, as->uid, as->euid, as->secid); } snoop(&urb->dev->dev, "urb complete\n"); snoop_urb(urb, as->userurb); write after kfree Signed-off-by: Oliver Neukum <oliver@neukum.org>
|
#
d794a021 |
|
28-Jun-2009 |
Oliver Neukum <oliver@neukum.org> |
USB: fix memleak in usbfs This patch fixes a memory leak in devio.c::processcompl If writing to user space fails the packet must be discarded, as it already has been removed from the queue of completed packets. Signed-off-by: Oliver Neukum <oliver@neukum.org> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
3444b26a |
|
08-Apr-2009 |
David Vrabel <david.vrabel@csr.com> |
USB: add reset endpoint operations Wireless USB endpoint state has a sequence number and a current window and not just a single toggle bit. So allow HCDs to provide a endpoint_reset method and call this or clear the software toggles as required (after a clear halt, set configuration etc.). usb_settoggle() and friends are then HCD internal and are moved into core/hcd.h and all device drivers call usb_reset_endpoint() instead. If the device endpoint state has been reset (with a clear halt) but the host endpoint state has not then subsequent data transfers will not complete. The device will only work again after it is reset or disconnected. Signed-off-by: David Vrabel <david.vrabel@csr.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
71d2718f |
|
12-Mar-2009 |
Roel Kluin <roel.kluin@gmail.com> |
USB: more u32 conversion after transfer_buffer_length and actual_length transfer_buffer_length and actual_length have become unsigned, therefore some additional conversion of local variables, function arguments and print specifications is desired. A test for a negative urb->transfer_buffer_length became obsolete; instead we ensure that it does not exceed INT_MAX. Also, urb->actual_length is always less than urb->transfer_buffer_length. rh_string() does no longer return -EPIPE in the case of an unsupported ID. Instead its only caller, rh_call_control() does the check. Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
d34d9721 |
|
09-Mar-2009 |
Alan Stern <stern@rowland.harvard.edu> |
USB: usbfs: remove unneeded "inline" annotations This patch (as1223) removes a bunch of unnecessary "inline" annotations from the usbfs driver. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
6da9c990 |
|
18-Feb-2009 |
David Vrabel <david.vrabel@csr.com> |
USB: allow libusb to talk to unauthenticated WUSB devices To permit a userspace application to associate with WUSB devices using numeric association, control transfers to unauthenticated WUSB devices must be allowed. This requires that wusbcore correctly sets the device state to UNAUTHENTICATED, DEFAULT and ADDRESS and that control transfers can be performed to UNAUTHENTICATED devices. Signed-off-by: David Vrabel <david.vrabel@csr.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
6ff10464 |
|
09-Mar-2009 |
Alan Stern <stern@rowland.harvard.edu> |
USB: usbfs: keep async URBs until the device file is closed The usbfs driver manages a list of completed asynchronous URBs. But it is too eager to free the entries on this list: destroy_async() gets called whenever an interface is unbound or a device is removed, and it deallocates the outstanding struct async entries for all URBs on that interface or device. This is wrong; the user program should be able to reap an URB any time after it has completed, regardless of whether or not the interface is still bound or the device is still present. This patch (as1222) moves the code for deallocating the completed list entries from destroy_async() to usbdev_release(). The outstanding entries won't be freed until the user program has closed the device file, thereby eliminating any possibility that the remaining URBs might still be reaped. This fixes a bug in which a program can hang in the USBDEVFS_REAPURB ioctl when the device is unplugged. Reported-and-tested-by: Martin Poupe <martin.poupe@upek.com> Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
501950d8 |
|
13-Jan-2009 |
Alan Stern <stern@rowland.harvard.edu> |
USB: fix char-device disconnect handling This patch (as1198) fixes a conceptual bug: Somewhere along the line we managed to confuse USB class devices with USB char devices. As a result, the code to send a disconnect signal to userspace would not be built if both CONFIG_USB_DEVICE_CLASS and CONFIG_USB_DEVICEFS were disabled. The usb_fs_classdev_common_remove() routine has been renamed to usbdev_remove() and it is now called whenever any USB device is removed, not just when a class device is unregistered. The notifier registration and unregistration calls are no longer conditionally compiled. And since the common removal code will always be called as part of the char device interface, there's no need to call it again as part of the usbfs interface; thus the invocation of usb_fs_classdev_common_remove() has been taken out of usbfs_remove_device(). Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Reported-by: Alon Bar-Lev <alon.barlev@gmail.com> Tested-by: Alon Bar-Lev <alon.barlev@gmail.com> Cc: stable <stable@kernel.org>
|
#
ed0c7720 |
|
02-Jan-2009 |
Mark Lord <lkml@rtr.ca> |
USB: fix minor nit in usbfs checking One minor nit did show up, though. The patch below seems to make more sense than the code does without it. Signed-off-by: Mark Lord <mlord@pobox.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
ff8973d9 |
|
12-Nov-2008 |
Phil Endecott <phil_twuce_endecott@chezphil.org> |
USB: Remove restrictions on signal numbers in devio.c Just over a year ago (!) I had this brief exchange with Alan Stern: >> It seems that the signal that can be used with USBDEVFS_DISCSIGNAL and >> in usbdevfs_urb.signr is limited to the real-time signals SIGRTMIN to >> SIGRTMAX. What's the rationale for this restriction? I believe that a >> process can kill() itself with any signal number, can't it? I was >> planning to use SIGIO for usbdevfs_urb.signr and SIGTERM (uncaught) for >> USBDEVFS_DISCSIGNAL. I don't think I'll have a problem with using >> SIGRTMIN+n instead, but I'm curious to know if there's some subtle >> problem with the non-real-time signals that I should be aware of. > > I don't know of any reason for this restriction. Since no-one else could think of a reason either, I offer the following patch which allows any signal to be used with USBDEVFS_DISCSIGNAL and usbdevfs_urb.signr. Signed-off-by: Phil Endecott <usbpatch@chezphil.org> Cc: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
86a264ab |
|
13-Nov-2008 |
David Howells <dhowells@redhat.com> |
CRED: Wrap current->cred and a few other accessors Wrap current->cred and a few other accessors to hide their actual implementation. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: James Morris <jmorris@namei.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
|
#
cd80ca8a |
|
13-Nov-2008 |
David Howells <dhowells@redhat.com> |
CRED: Wrap task credential accesses in the USB driver Wrap access to task credentials so that they can be separated more easily from the task_struct during the introduction of COW creds. Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id(). Change some task->e?[ug]id to task_e?[ug]id(). In some places it makes more sense to use RCU directly rather than a convenient wrapper; these will be addressed by later patches. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: James Morris <jmorris@namei.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Cc: Greg Kroah-Hartman <gregkh@suse.de> Cc: linux-usb@vger.kernel.org Signed-off-by: James Morris <jmorris@namei.org>
|
#
69a85942 |
|
14-Aug-2008 |
Greg Kroah-Hartman <gregkh@suse.de> |
USB: remove err() macro from usb core code USB should not be having it's own printk macros, so remove err() and use the system-wide standard of dev_err() wherever possible. In the few places that will not work out, use a basic printk(). Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
3b6004f3 |
|
14-Aug-2008 |
Greg Kroah-Hartman <gregkh@suse.de> |
USB: remove warn() macro from usb drivers USB should not be having it's own printk macros, so remove warn() and use the system-wide standard of dev_warn() wherever possible. In the few places that will not work out, use a basic printk(). Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
2da41d5f |
|
06-Oct-2008 |
Alan Stern <stern@rowland.harvard.edu> |
USB: snoop processes opening usbfs device files This patch (as1148) adds a new "snoop" message to usbfs when a device file is opened, identifying the process responsible. This comes in extremely handy when trying to determine which program is doing some unwanted USB access. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
b0b090e5 |
|
21-Jul-2008 |
Greg Kroah-Hartman <gregkh@suse.de> |
device create: usb: convert device_create_drvdata to device_create Now that device_create() has been audited, rename things back to the original call to be sane. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
bc00bc92 |
|
21-May-2008 |
Greg Kroah-Hartman <gregkh@suse.de> |
device create: usb: convert device_create to device_create_drvdata device_create() is race-prone, so use the race-free device_create_drvdata() instead as device_create() is going away. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
e105b8bf |
|
21-Apr-2008 |
Dan Williams <dan.j.williams@intel.com> |
sysfs: add /sys/dev/{char,block} to lookup sysfs path by major:minor Why?: There are occasions where userspace would like to access sysfs attributes for a device but it may not know how sysfs has named the device or the path. For example what is the sysfs path for /dev/disk/by-id/ata-ST3160827AS_5MT004CK? With this change a call to stat(2) returns the major:minor then userspace can see that /sys/dev/block/8:32 links to /sys/block/sdc. What are the alternatives?: 1/ Add an ioctl to return the path: Doable, but sysfs is meant to reduce the need to proliferate ioctl interfaces into the kernel, so this seems counter productive. 2/ Use udev to create these symlinks: Also doable, but it adds a udev dependency to utilities that might be running in a limited environment like an initramfs. 3/ Do a full-tree search of sysfs. [kay.sievers@vrfy.org: fix duplicate registrations] [kay.sievers@vrfy.org: cleanup suggestions] Cc: Neil Brown <neilb@suse.de> Cc: Tejun Heo <htejun@gmail.com> Acked-by: Kay Sievers <kay.sievers@vrfy.org> Reviewed-by: SL Baur <steve@xemacs.org> Acked-by: Kay Sievers <kay.sievers@vrfy.org> Acked-by: Mark Lord <lkml@rtr.ca> Acked-by: H. Peter Anvin <hpa@zytor.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
a80d5ff0 |
|
01-Jul-2008 |
David Howells <dhowells@redhat.com> |
USB: Fix pointer/int cast in USB devio code Fix pointer/int cast in USB devio code, and thus avoid a compiler warning. A void* data argument passed to bus_find_device() and thence to match_devt() is used to carry a 32-bit datum. However, casting directly between a u32 and a pointer is not permitted - there must be an intermediate cast via (unsigned) long. This was introduced by the following patch: commit 94b1c9fa060ece2c8f080583beb6cc6008e41413 Author: Alan Stern <stern@rowland.harvard.edu> Date: Tue Jun 24 14:47:12 2008 -0400 usbfs: simplify the lookup-by-minor routines This patch (as1105) simplifies the lookup-by-minor-number code in usbfs. Instead of passing the minor number to the callback, which must then reconstruct the entire dev_t value, the patch passes the dev_t value directly. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: David Howells <dhowells@redhat.com> Cc: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
e04199b2 |
|
24-Jun-2008 |
Alan Stern <stern@rowland.harvard.edu> |
usbfs: don't store bad pointers in registration This patch (as1107) fixes a small bug in the usbfs registration and unregistration code. It avoids leaving an error value stored in the device's usb_classdev field and it avoids trying to unregister a NULL pointer. (It also fixes a rather extreme overuse of whitespace.) Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
d64aac36 |
|
24-Jun-2008 |
Alan Stern <stern@rowland.harvard.edu> |
usbfs: fix race between open and unregister This patch (as1106) fixes a race between opening and unregistering device files in usbfs. The current code drops its reference to the device and then reacquires it, ignoring the possibility that the device structure might have been removed in the meantime. It also doesn't check whether the device is already in the NOTATTACHED state when the file is opened. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
61ad04a8 |
|
24-Jun-2008 |
Alan Stern <stern@rowland.harvard.edu> |
usbfs: simplify the lookup-by-minor routines This patch (as1105) simplifies the lookup-by-minor-number code in usbfs. Instead of passing the minor number to the callback, which must then reconstruct the entire dev_t value, the patch passes the dev_t value directly. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
cd9f0375 |
|
24-Jun-2008 |
Alan Stern <stern@rowland.harvard.edu> |
usbfs: send disconnect signals when device is unregistered USB device files are accessible in two ways: as files in usbfs and as character device nodes. The two paths are supposed to behave identically, but they don't. When the underlying USB device is unplugged, disconnect signals are sent to processes with open usbfs files (if they requested these signals) but not to processes with open device node files. This patch (as1104) fixes the bug by moving the disconnect-signalling code into a common subroutine which is called from both paths. Putting this subroutine in devio.c removes the only out-of-file reference to struct dev_state, and so the structure's declaration can be moved from usb.h into devio.c. Finally, the new subroutine performs one extra action: It kills all the outstanding async URBs. (I'd kill the outstanding synchronous URBs too, if there was any way to do it.) In the past this hasn't mattered much, because devices were unregistered from usbfs only when they were disconnected. But now the unregistration can also occur whenever devices are unbound from the usb_generic driver. At any rate, killing URBs when a device is unregistered from usbfs seems like a good thing to do. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
742120c6 |
|
18-Jun-2008 |
Ming Lei <tom.leiming@gmail.com> |
USB: fix usb_reset_device and usb_reset_composite_device(take 3) This patch renames the existing usb_reset_device in hub.c to usb_reset_and_verify_device and renames the existing usb_reset_composite_device to usb_reset_device. Also the new usb_reset_and_verify_device does't need to be EXPORTED . The idea of the patch is that external interface driver should warn the other interfaces' driver of the same device before and after reseting the usb device. One interface driver shoud call _old_ usb_reset_composite_device instead of _old_ usb_reset_device since it can't assume the device contains only one interface. The _old_ usb_reset_composite_device is safe for single interface device also. we rename the two functions to make the change easily. This patch is under guideline from Alan Stern. Signed-off-by: Ming Lei <tom.leiming@gmail.com>
|
#
625f6949 |
|
14-Jun-2008 |
Ming Lei <tom.leiming@gmail.com> |
USB: remove interface parameter of usb_reset_composite_device From the current implementation of usb_reset_composite_device function, the iface parameter is no longer useful. This function doesn't do something special for the iface usb_interface,compared with other interfaces in the usb_device. So remove the parameter and fix the related caller. Signed-off-by: Ming Lei <tom.leiming@gmail.com> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
ea05af61 |
|
19-May-2008 |
Adrian Bunk <bunk@kernel.org> |
USB: remove CVS keywords This patch removes CVS keywords that weren't updated for a long time from comments. Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
b5b4aa67 |
|
16-May-2008 |
Jonathan Corbet <corbet@lwn.net> |
usbdev: BKL pushdown Add explicit lock_kernel() calls to usbdev_open() Signed-off-by: Jonathan Corbet <corbet@lwn.net>
|
#
441b62c1 |
|
03-Mar-2008 |
Harvey Harrison <harvey.harrison@gmail.com> |
USB: replace remaining __FUNCTION__ occurrences __FUNCTION__ is gcc-specific, use __func__ Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
14722ef4 |
|
17-Apr-2008 |
Alan Stern <stern@rowland.harvard.edu> |
USB: usbfs: export the URB_NO_INTERRUPT flag to userspace This patch (as1079) cleans up the way URB_* flags are exported in usbfs. The URB_NO_INTERRUPT flag is now exported (this is the only behavioral change). USBDEVFS_URB_* macros are added for URB_NO_FSBR, URB_ZERO_PACKET, and URB_NO_INTERRUPT, making explicit the fact that the kernel accepts them. The flag matching takes into account that the URB_* values may change as the kernel evolves, whereas the USBDEVFS_URB_* values must remain fixed since they are a user API. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
ff66e3ce |
|
12-Mar-2008 |
Andrew Morton <akpm@linux-foundation.org> |
drivers/usb/core/devio.c: suppress warning with 64k PAGE_SIZE drivers/usb/core/devio.c: In function 'proc_control': drivers/usb/core/devio.c:657: warning: comparison is always false due to limited range of data type Cc: Alan Stern <stern@rowland.harvard.edu> Cc: Pete Zaitcev <zaitcev@redhat.com> Cc: Oliver Neukum <oliver@neukum.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
04e482ff |
|
30-Jan-2008 |
Greg Kroah-Hartman <gregkh@suse.de> |
USB: fix codingstyle issues in drivers/usb/core/devio.c Fixes a number of coding style issues in the devio.c file. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
dd95b814 |
|
05-Jan-2008 |
Pete Zaitcev <zaitcev@redhat.com> |
USB: usbfs: struct async is a fixed size structure The ISO descriptors are allocated separately in proc_submiturb for a fetch from user mode, then tucked at the end of URB. This seems like a dead code. Signed-off-by: Pete Zaitcev <zaitcev@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
2e2eb83f |
|
04-Dec-2007 |
Alan Stern <stern@rowland.harvard.edu> |
USB: add usbfs stubs for suspend and resume This patch (as1022b) adds stub methods for suspend and resume to the usbfs driver. There isn't much they can do since there's no way to inform a user task about the events. But it's important to have the stubs, because an upcoming change to usbcore will automatically unbind drivers that don't have those methods when a suspend occurs. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
885e9747 |
|
03-Dec-2007 |
Alan Stern <stern@rowland.harvard.edu> |
USB: repair USBDEVFS_CONNECT ioctl For as long as I've known about it, the USBDEVFS_CONNECT ioctl hasn't done what it's supposed to. The current code reprobes _all_ the unbound USB interfaces; this patch (as1021) makes it reprobe only the interface for which it was called. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
ba25f9dc |
|
19-Oct-2007 |
Pavel Emelyanov <xemul@openvz.org> |
Use helpers to obtain task pid in printks The task_struct->pid member is going to be deprecated, so start using the helpers (task_pid_nr/task_pid_vnr/task_pid_nr_ns) in the kernel. The first thing to start with is the pid, printed to dmesg - in this case we may safely use task_pid_nr(). Besides, printks produce more (much more) than a half of all the explicit pid usage. [akpm@linux-foundation.org: git-drm went and changed lots of stuff] Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Cc: Dave Airlie <airlied@linux.ie> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
e015268d |
|
24-Aug-2007 |
Alan Stern <stern@rowland.harvard.edu> |
USB: remove traces of urb->status from usbcore This patch (as981) removes the remaining nontrivial usages of urb->status from usbcore. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
93cf9b90 |
|
30-Jul-2007 |
Alan Stern <stern@rowland.harvard.edu> |
USB: avoid urb->pipe in usbfs This patch (as948) removes most of the references to urb->pipe from the usbfs routines in devio.c. The one tricky aspect is in snoop_urb(), which can be called before the URB is submitted and which uses usb_urb_dir_in(). For this to work properly, the URB's direction flag must be set manually in proc_do_submiturb(). The patch also fixes a minor bug; the wValue, wIndex, and wLength fields were snooped in proc_do_submiturb() without conversion from le16 to CPU-byte-ordering. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
7e7654a9 |
|
12-Sep-2007 |
Greg Kroah-Hartman <gregkh@suse.de> |
cdev: remove unneeded setting of cdev names struct cdev does not need the kobject name to be set, as it is never used. This patch fixes up the few places it is set. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Acked-by: Mauro Carvalho Chehab <mchehab@infradead.org>
|
#
527660a8 |
|
20-Apr-2007 |
Oliver Neukum <oliver@neukum.org> |
usbfs micro optimitation the memory barrier is needed only with smp. Signed-off-by: Oliver Neukum <oneukum@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
9f8b17e6 |
|
13-Mar-2007 |
Kay Sievers <kay.sievers@vrfy.org> |
USB: make usbdevices export their device nodes instead of using a separate class o The "real" usb-devices export now a device node which can populate /dev/bus/usb. o The usb_device class is optional now and can be disabled in the kernel config. Major/minor of the "real" devices and class devices are the same. o The environment of the usb-device event contains DEVNUM and BUSNUM to help udev and get rid of the ugly udev rule we need for the class devices. o The usb-devices and usb-interfaces share the same bus, so I used the new "struct device_type" to let these devices identify themselves. This also removes the current logic of using a magic platform-pointer. The name of the device_type is also added to the environment which makes it easier to distinguish the different kinds of devices on the same subsystem. It looks like this: add@/devices/pci0000:00/0000:00:1d.1/usb2/2-1 ACTION=add DEVPATH=/devices/pci0000:00/0000:00:1d.1/usb2/2-1 SUBSYSTEM=usb SEQNUM=1533 MAJOR=189 MINOR=131 DEVTYPE=usb_device PRODUCT=46d/c03e/2000 TYPE=0/0/0 BUSNUM=002 DEVNUM=004 This udev rule works as a replacement for usb_device class devices: SUBSYSTEM=="usb", ACTION=="add", ENV{DEVTYPE}=="usb_device", \ NAME="bus/usb/$env{BUSNUM}/$env{DEVNUM}", MODE="0644" Updated patch, which needs the device_type patches in Greg's tree. I also got a bugzilla assigned for this. :) https://bugzilla.novell.com/show_bug.cgi?id=250659 Signed-off-by: Kay Sievers <kay.sievers@vrfy.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
341487a8 |
|
09-Apr-2007 |
Greg Kroah-Hartman <gregkh@suse.de> |
USB: remove use of the bus rwsem, as it doesn't really protect anything. The driver core stopped using the rwsem a long time ago, yet the USB core still grabbed the lock, thinking it protected something. This patch removes that useless use. Cc: Alan Stern <stern@rowland.harvard.edu> Cc: Oliver Neukum <oneukum@suse.de> Cc: David Brownell <david-b@pacbell.net> Cc: linux-usb-devel <linux-usb-devel@lists.sourceforge.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
97b9eb91 |
|
26-Feb-2007 |
Alan Stern <stern@rowland.harvard.edu> |
USB: set the correct interval for interrupt URBs This patch (as862) fixes a couple of bugs in the way usbcore handles intervals for interrupt URBs. usb_interrupt_msg (and usb_bulk_msg for backward compatibility) don't set the interval correctly for high-speed devices. proc_do_submiturb() doesn't set it correctly when a bulk URB is submitted to an interrupt endpoint. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
3f141e2a |
|
08-Feb-2007 |
Alan Stern <stern@rowland.harvard.edu> |
USB: unconfigure devices which have config 0 Some USB devices do have a configuration 0, in contravention of the USB spec. Normally 0 is supposed to indicate that a device is unconfigured. While we can't change what the device is doing, we can change usbcore. This patch (as852) allows usb_set_configuration() to accept a config value of -1 as indicating that the device should be unconfigured. The request actually sent to the device will still contain 0 as the value. But even if the device does have a configuration 0, dev->actconfig will be set to NULL and dev->state will be set to USB_STATE_ADDRESS. Without some sort of special-case handling like this, there is no way to unconfigure these non-compliant devices. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
316547fd |
|
13-Dec-2006 |
Dan Carpenter <error27@gmail.com> |
USB: devio.c add missing INIT_LIST_HEAD() It should hopefully fix the list corruption bug on: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214402 Add a missing INIT_LIST_HEAD() Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
7bc3d635 |
|
20-Jun-2006 |
Greg Kroah-Hartman <gregkh@suse.de> |
USB: move usb_device_class class devices to be real devices This moves the usb class devices that control the usbfs nodes to show up in the proper place in the larger device tree. Cc: Kay Sievers <kay.sievers@vrfy.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
df251b8b |
|
16-Dec-2006 |
Chris Frey <cdfrey@foursquare.net> |
USB: fix to usbfs_snoop logging of user defined control urbs When sending CONTROL URB's using the usual CONTROL ioctl, logging works fine, but when sending them via SUBMITURB, like VMWare does, the control fields are not logged. This patch fixes that. I didn't see any major changes to devio.c recently, so this patch should apply cleanly to even the latest kernel. I can resubmit if it doesn't. From: Chris Frey <cdfrey@foursquare.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
94fcda1f |
|
20-Nov-2006 |
Alan Stern <stern@rowland.harvard.edu> |
usbcore: remove unused argument in autosuspend Thanks to several earlier patches, usb_autosuspend_device() and usb_autoresume_device() are never called with a second argument other than 1. This patch (as819) removes the now-redundant argument. It also consolidates some common code between those two routines, putting it into a new subroutine called usb_autopm_do_device(). And it includes a sizable kerneldoc update for the affected functions. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
27d39e26 |
|
09-Oct-2006 |
Akinobu Mita <akinobu.mita@gmail.com> |
usb devio: handle class_device_create() error This patch adds missing class_device_create() error check, and makes notifier return NOTIFY_BAD. Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
c714de5d |
|
10-Oct-2006 |
Al Viro <viro@ftp.linux.org.uk> |
[PATCH] devio __user annotations Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
#
7d12e780 |
|
05-Oct-2006 |
David Howells <dhowells@redhat.com> |
IRQ: Maintain regs pointer globally rather than passing to IRQ handlers Maintain a per-CPU global "struct pt_regs *" variable which can be used instead of passing regs around manually through all ~1800 interrupt handlers in the Linux kernel. The regs pointer is used in few places, but it potentially costs both stack space and code to pass it around. On the FRV arch, removing the regs parameter from all the genirq function results in a 20% speed up of the IRQ exit path (ie: from leaving timer_interrupt() to leaving do_IRQ()). Where appropriate, an arch may override the generic storage facility and do something different with the variable. On FRV, for instance, the address is maintained in GR28 at all times inside the kernel as part of general exception handling. Having looked over the code, it appears that the parameter may be handed down through up to twenty or so layers of functions. Consider a USB character device attached to a USB hub, attached to a USB controller that posts its interrupts through a cascaded auxiliary interrupt controller. A character device driver may want to pass regs to the sysrq handler through the input layer which adds another few layers of parameter passing. I've build this code with allyesconfig for x86_64 and i386. I've runtested the main part of the code on FRV and i386, though I can't test most of the drivers. I've also done partial conversion for powerpc and MIPS - these at least compile with minimal configurations. This will affect all archs. Mostly the changes should be relatively easy. Take do_IRQ(), store the regs pointer at the beginning, saving the old one: struct pt_regs *old_regs = set_irq_regs(regs); And put the old one back at the end: set_irq_regs(old_regs); Don't pass regs through to generic_handle_irq() or __do_IRQ(). In timer_interrupt(), this sort of change will be necessary: - update_process_times(user_mode(regs)); - profile_tick(CPU_PROFILING, regs); + update_process_times(user_mode(get_irq_regs())); + profile_tick(CPU_PROFILING); I'd like to move update_process_times()'s use of get_irq_regs() into itself, except that i386, alone of the archs, uses something other than user_mode(). Some notes on the interrupt handling in the drivers: (*) input_dev() is now gone entirely. The regs pointer is no longer stored in the input_dev struct. (*) finish_unlinks() in drivers/usb/host/ohci-q.c needs checking. It does something different depending on whether it's been supplied with a regs pointer or not. (*) Various IRQ handler function pointers have been moved to type irq_handler_t. Signed-Off-By: David Howells <dhowells@redhat.com> (cherry picked from 1b16e7ac850969f38b375e511e3fa2f474a33867 commit)
|
#
2425c08b |
|
02-Oct-2006 |
Eric W. Biederman <ebiederm@xmission.com> |
[PATCH] usb: fixup usb so it uses struct pid The problem with remembering a user space process by its pid is that it is possible that the process will exit, pid wrap around will occur. Converting to a struct pid avoid that problem, and paves the way for implementing a pid namespace. Also since usb is the only user of kill_proc_info_as_uid rename kill_proc_info_as_uid to kill_pid_info_as_uid and have the new version take a struct pid. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Acked-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
#
ec17cf1c |
|
13-Sep-2006 |
Tobias Klauser <tklauser@distanz.ch> |
USB: Remove unneeded void * casts in core files The patch removes unneeded casts for the following (void *) pointers: - struct file: private - struct urb: context - struct usb_bus: hcpriv - return value of kmalloc() The patch also contains some whitespace cleanup in the relevant areas. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
1b21d5e1 |
|
28-Aug-2006 |
Greg Kroah-Hartman <gregkh@suse.de> |
USB: fix __must_check warnings in drivers/usb/core/ Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
01d883d4 |
|
30-Aug-2006 |
Alan Stern <stern@rowland.harvard.edu> |
usbcore: non-hub-specific uses of autosuspend This patch (as741) makes the non-hub parts of usbcore actually use the autosuspend facilities added by an earlier patch. Devices opened through usbfs are autoresumed and then autosuspended upon close. Likewise for usb-skeleton. Devices are autoresumed for usb_set_configuration. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
066202dd |
|
05-Aug-2006 |
Luiz Fernando N. Capitulino <lcapitulino@mandriva.com.br> |
USB: Make file operations structs in drivers/usb const. Making structs const prevents accidental bugs and with the proper debug options they're protected against corruption. Signed-off-by: Luiz Fernando N. Capitulino <lcapitulino@mandriva.com.br> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
349710c3 |
|
01-Jul-2006 |
Alan Stern <stern@rowland.harvard.edu> |
usbfs: detect device unregistration This patch (as711b) is a revised version of an earlier submission. It modifies the usbfs code to detect when a device has been unregistered from usbfs, even if the device is still connected. Although this can't happen now, it will be able to happen after the upcoming changes to usb_generic. Nobody objected to this patch when it was submitted before, so it should be okay to apply this version. The revision is merely to take into account the changes introduced by as723, which touches the same driver. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
4a2a8a2c |
|
01-Jul-2006 |
Alan Stern <stern@rowland.harvard.edu> |
usbfs: private mutex for open, release, and remove The usbfs code doesn't provide sufficient mutual exclusion among open, release, and remove. Release vs. remove is okay because they both acquire the device lock, but open is not exclusive with either one. All three routines modify the udev->filelist linked list, so they must not run concurrently. Apparently someone gave this a minimum amount of thought in the past by explicitly acquiring the BKL at the start of the usbdev_open routine. Oddly enough, there's a comment pointing out that locking is unnecessary because chrdev_open already has acquired the BKL. But this ignores the point that the files in /proc/bus/usb/* are not char device files; they are regular files and so they don't get any special locking. Furthermore it's necessary to acquire the same lock in the release and remove routines, which the code does not do. Yet another problem arises because the same file_operations structure is accessible through both the /proc/bus/usb/* and /dev/usb/usbdev* file nodes. Even when one of them has been removed, it's still possible for userspace to open the other. So simple locking around the individual remove routines is insufficient; we need to lock the entire usb_notify_remove_device notifier chain. Rather than rely on the BKL, this patch (as723) introduces a new private mutex for the purpose. Holding the BKL while invoking a notifier chain doesn't seem like a good idea. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
8e18e294 |
|
27-Sep-2006 |
Theodore Ts'o <tytso@mit.edu> |
[PATCH] inode_diet: Replace inode.u.generic_ip with inode.i_private The following patches reduce the size of the VFS inode structure by 28 bytes on a UP x86. (It would be more on an x86_64 system). This is a 10% reduction in the inode size on a UP kernel that is configured in a production mode (i.e., with no spinlock or other debugging functions enabled; if you want to save memory taken up by in-core inodes, the first thing you should do is disable the debugging options; they are responsible for a huge amount of bloat in the VFS inode structure). This patch: The filesystem or device-specific pointer in the inode is inside a union, which is pretty pointless given that all 30+ users of this field have been using the void pointer. Get rid of the union and rename it to i_private, with a comment to explain who is allowed to use the void pointer. This is just a cleanup, but it allows us to reuse the union 'u' for something something where the union will actually be used. [judith@osdl.org: powerpc build fix] Signed-off-by: "Theodore Ts'o" <tytso@mit.edu> Signed-off-by: Judith Lebzelter <judith@osdl.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
#
cae74b30 |
|
02-Aug-2006 |
Greg Kroah-Hartman <gregkh@suse.de> |
Revert "[PATCH] USB: move usb_device_class class devices to be real devices" This reverts c182274ffe1277f4e7c564719a696a37cacf74ea commit because it required a newer version of udev to work properly than what is currently documented in Documentation/Changes. Cc: Kay Sievers <kay.sievers@vrfy.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
7a01955f |
|
30-Jun-2006 |
David Quigley <dpquigl@tycho.nsa.gov> |
[PATCH] SELinux: update USB code with new kill_proc_info_as_uid This patch updates the USB core to save and pass the sending task secid when sending signals upon AIO completion so that proper security checking can be applied by security modules. Signed-off-by: David Quigley <dpquigl@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
#
83626b01 |
|
24-Jun-2006 |
Linus Torvalds <torvalds@g5.osdl.org> |
Revert "[PATCH] usb: drivers/usb/core/devio.c dereferences a userspace pointer" This reverts commit 786dc1d3d7333f269e17d742886eac2188a2d9cc. As Al so eloquently points out, the patch is crap. The old code was fine, the new code was bogus. It never dereferenced a user pointer, the "->" operator was to an array member, which gives the _address_ of the member (in user space), not an actual dereference at all. Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
#
c182274f |
|
20-Jun-2006 |
Greg Kroah-Hartman <gregkh@suse.de> |
[PATCH] USB: move usb_device_class class devices to be real devices This moves the usb class devices that control the usbfs nodes to show up in the proper place in the larger device tree. No userspace changes is needed, this is compatible due to the symlinks generated by the driver core. Cc: Kay Sievers <kay.sievers@vrfy.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
786dc1d3 |
|
01-Jun-2006 |
Philippe Retornaz <couriousous@mandriva.org> |
[PATCH] usb: drivers/usb/core/devio.c dereferences a userspace pointer See http://bugzilla.kernel.org/show_bug.cgi?id=6617. This function dereference a __user pointer. Signed-off-by: Philippe Retornaz <couriousous@mandriva.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
79efa097 |
|
01-Jun-2006 |
Alan Stern <stern@rowland.harvard.edu> |
[PATCH] usbcore: port reset for composite devices This patch (as699) adds usb_reset_composite_device(), a routine for sending a USB port reset to a device with multiple interfaces owned by different drivers. Drivers are notified about impending and completed resets through two new methods in the usb_driver structure. The patch modifieds the usbfs ioctl code to make it use the new routine instead of usb_reset_device(). Follow-up patches will modify the hub, usb-storage, and usbhid drivers so they can utilize this new API. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
3612242e |
|
19-May-2006 |
Micah Dowty <micah@vmware.com> |
[PATCH] USB: Allow high-bandwidth isochronous packets via usbfs This patch increases an arbitrary limit on the size of individual isochronous packets submitted via usbfs. The limit is still arbitrary, but it's now large enough to support the maximum packet size used by high-bandwidth isochronous transfers. Signed-off-by: Micah Dowty <micah@vmware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
e016683d |
|
19-May-2006 |
Micah Dowty <micah@vmware.com> |
[PATCH] USB: Remove 4088-byte limit on usbfs control URBs This patch removes the artificial 4088-byte limit that usbfs currently places on Control transfers. The USB spec does not specify a strict limit on the size of an entire control transfer. It does, however, state that the data stage "follows the same protocol rules as bulk transfers." (USB 2, 8.5.3) The level of support for large control transfers in real host controllers varies, but it's important to support at least 4K transfers. Windows enforces a maximum control transfer size of 4K, so there exists some hardware that requires a full 4096 byte data stage. Without this patch, we fall short of that by 8 bytes on architectures with a 4K page size, and it becomes impossible to support such hardware with a user-space driver. Since any limit placed on control transfers by usbfs would be arbitrary, this patch replaces the PAGE_SIZE limit with the same arbitrary limit used by bulk transfers. Signed-off-by: Micah Dowty <micah@vmware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
24f8b116 |
|
11-Mar-2006 |
Horst Schirmeier <horst@schirmeier.com> |
[PATCH] USB: fix check_ctrlrecip to allow control transfers in state ADDRESS check_ctrlrecip() disallows any control transfers if the device is deconfigured (in configuration 0, ie. state ADDRESS). This for example makes it impossible to read the device descriptors without configuring the device, although most standard device requests are allowed in this state by the spec. This patch allows control transfers for the ADDRESS state, too. Signed-off-by: Horst Schirmeier <horst@schirmeier.com> Cc: Alan Stern <stern@rowland.harvard.edu> Cc: David Brownell <david-b@pacbell.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
9fcd5c32 |
|
19-Jan-2006 |
Andrew Morton <akpm@osdl.org> |
[PATCH] USB: optimise devio.c usbdev_read fix drivers/usb/core/devio.c: In function `usbdev_read': drivers/usb/core/devio.c:140: error: invalid type argument of `->' drivers/usb/core/devio.c:141: error: invalid type argument of `->' drivers/usb/core/devio.c:142: error: invalid type argument of `->' drivers/usb/core/devio.c:143: error: invalid type argument of `->' Cc: Oliver Neukum <oliver@neukum.org> Cc: Pete Zaitcev <zaitcev@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
8781ba0a |
|
06-Jan-2006 |
Oliver Neukum <oliver@neukum.org> |
[PATCH] USB: optimise devio.c::usbdev_read this is a small optimisation. It is ridiculous to do a kmalloc for 18 bytes. This puts it onto the stack. Signed-off-by: Oliver Neukum <oliver@neukum.name> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
9ad3d6cc |
|
17-Nov-2005 |
Alan Stern <stern@rowland.harvard.edu> |
[PATCH] USB: Remove USB private semaphore This patch (as605) removes the private udev->serialize semaphore, relying instead on the locking provided by the embedded struct device's semaphore. The changes are confined to the core, except that the usb_trylock_device routine now uses the return convention of down_trylock rather than down_read_trylock (they return opposite values for no good reason). A couple of other associated changes are included as well: Now that we aren't concerned about HCDs that avoid using the hcd glue layer, usb_disconnect no longer needs to acquire the usb_bus_lock -- that can be done by usb_remove_hcd where it belongs. Devices aren't locked over the same scope of code in usb_new_device and hub_port_connect_change as they used to be. This shouldn't cause any trouble. Along with the preceding driver core patch, this needs a lot of testing. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
75318d2d |
|
21-Nov-2005 |
Greg Kroah-Hartman <gregkh@suse.de> |
[PATCH] USB: remove .owner field from struct usb_driver It is no longer needed, so let's remove it, saving a bit of memory. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
058120d7 |
|
17-Nov-2005 |
Andrew Morton <akpm@osdl.org> |
[PATCH] usb devio warning fix drivers/usb/core/devio.c: In function `proc_ioctl_compat': drivers/usb/core/devio.c:1401: warning: passing arg 1 of `compat_ptr' makes integer from pointer without a cast Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
#
777da590 |
|
17-Nov-2005 |
Andrew Morton <akpm@osdl.org> |
[PATCH] USB: usbdevfs_ioctl 32bit fix drivers/usb/core/devio.c: In function `proc_ioctl_compat': drivers/usb/core/devio.c:1401: warning: passing arg 1 of `compat_ptr' makes integer from pointer without a cast NFI if this is correct... Cc: Pete Zaitcev <zaitcev@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
#
0a1ef3b5 |
|
24-Oct-2005 |
Alan Stern <stern@rowland.harvard.edu> |
[PATCH] usbcore: Use kzalloc instead of kmalloc/memset This patch (as590) fixes up all the remaining places where usbcore can use kzalloc rather than kmalloc/memset. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
c36fc889 |
|
17-Oct-2005 |
Pete Zaitcev <zaitcev@redhat.com> |
[PATCH] usb: Patch for USBDEVFS_IOCTL from 32-bit programs Dell supplied me with the following test: #include<stdio.h> #include<errno.h> #include<sys/ioctl.h> #include<fcntl.h> #include<linux/usbdevice_fs.h> main(int argc,char*argv[]) { struct usbdevfs_hub_portinfo hubPortInfo = {0}; struct usbdevfs_ioctl command = {0}; command.ifno = 0; command.ioctl_code = USBDEVFS_HUB_PORTINFO; command.data = (void*)&hubPortInfo; int fd, ret; if(argc != 2) { fprintf(stderr,"Usage: %s /proc/bus/usb/<BusNo>/<HubID>\n",argv[0]); fprintf(stderr,"Example: %s /proc/bus/usb/001/001\n",argv[0]); exit(1); } errno = 0; fd = open(argv[1],O_RDWR); if(fd < 0) { perror("open failed:"); exit(errno); } errno = 0; ret = ioctl(fd,USBDEVFS_IOCTL,&command); printf("IOCTL return status:%d\n",ret); if(ret<0) { perror("IOCTL failed:"); close(fd); exit(3); } else { printf("IOCTL passed:Num of ports %d\n",hubPortInfo.nports); close(fd); exit(0); } return 0; } I have verified that it breaks if built in 32 bit mode on x86_64 and that the patch below fixes it. Signed-off-by: Pete Zaitcev <zaitcev@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
a7b986b3 |
|
20-Jun-2005 |
Greg Kroah-Hartman <gregkh@suse.de> |
[PATCH] USB: convert usbfs/devio.c to use usb notifiers Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
4592bf5a |
|
20-Jun-2005 |
Greg Kroah-Hartman <gregkh@suse.de> |
[PATCH] USB: remove the global function usbdev_lookup_minor It's only used locally. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
e639dd3f |
|
20-Jun-2005 |
Greg Kroah-Hartman <gregkh@suse.de> |
[PATCH] USB: add more snooping hooks in devio.c Now we can log the urbs travelling through usbfs Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
53f46542 |
|
27-Oct-2005 |
Greg Kroah-Hartman <gregkh@suse.de> |
[PATCH] Driver Core: fix up all callers of class_device_create() The previous patch adding the ability to nest struct class_device changed the paramaters to the call class_device_create(). This patch fixes up all in-kernel users of the function. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
d7dd8a72 |
|
10-Oct-2005 |
Linus Torvalds <torvalds@g5.osdl.org> |
Use the new "kill_proc_info_as_uid()" for USB disconnect too All the same issues - we can't just save the pointer to the thread, we must save the pid/uid/euid combination. Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
#
46113830 |
|
10-Oct-2005 |
Harald Welte <laforge@gnumonks.org> |
[PATCH] Fix signal sending in usbdevio on async URB completion If a process issues an URB from userspace and (starts to) terminate before the URB comes back, we run into the issue described above. This is because the urb saves a pointer to "current" when it is posted to the device, but there's no guarantee that this pointer is still valid afterwards. In fact, there are three separate issues: 1) the pointer to "current" can become invalid, since the task could be completely gone when the URB completion comes back from the device. 2) Even if the saved task pointer is still pointing to a valid task_struct, task_struct->sighand could have gone meanwhile. 3) Even if the process is perfectly fine, permissions may have changed, and we can no longer send it a signal. So what we do instead, is to save the PID and uid's of the process, and introduce a new kill_proc_info_as_uid() function. Signed-off-by: Harald Welte <laforge@gnumonks.org> [ Fixed up types and added symbol exports ] Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
#
bf193d3c |
|
10-Aug-2005 |
Alan Stern <stern@rowland.harvard.edu> |
[PATCH] USB: Disconnect children when unbinding the hub driver This patch (as554) makes the hub driver disconnect any child USB devices when it is unbound from a hub. Normally this will never happen, but there are a few oddball ways to unbind the hub driver while leaving the children intact. For example, the new "unbind" sysfs attribute can be used for this purpose. Given that unbinding hubs with children is now safe, the patch also removes the code that prevented people from doing so using usbfs. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
fad21bdf |
|
10-Aug-2005 |
Alan Stern <stern@rowland.harvard.edu> |
[PATCH] USB: Fix regression in core/devio.c This patch (as551) fixes another little problem recently added to the USB core. Someone didn't fix the type of the first argument to unregister_chrdev_region. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
fbf82fd2 |
|
30-Jul-2005 |
Kay Sievers <kay.sievers@vrfy.org> |
[PATCH] USB: real nodes instead of usbfs This patch introduces a /sys/class/usb_device/ class where every connected usb-device will show up: tree /sys/class/usb_device/ /sys/class/usb_device/ |-- usb1.1 | |-- dev | `-- device -> ../../../devices/pci0000:00/0000:00:1d.0/usb1 |-- usb2.1 | |-- dev | `-- device -> ../../../devices/pci0000:00/0000:00:1d.1/usb2 ... The presence of the "dev" file lets udev create real device nodes. kay@pim:~/src/linux-2.6> tree /dev/bus/usb/ /dev/bus/usb/ |-- 1 | `-- 1 |-- 2 | `-- 1 ... udev rule: SUBSYSTEM="usb_device", PROGRAM="/sbin/usb_device %k", NAME="%c" (echo $1 | /bin/sed 's/usb\([0-9]*\)\.\([0-9]*\)/bus\/usb\/\1\/\2/') This makes libusb pick up the real nodes instead of the mounted usbfs: export USB_DEVFS_PATH=/dev/bus/usb Background: All this makes it possible to manage usb devices with udev instead of the devfs solution. We are currently working on a pam_console/resmgr replacement driven by udev and a pam-helper. It applies ACL's to device nodes, which is required for modern desktop functionalty like "Fast User Switching" or multiple local login support. New patch with its own major. I've succesfully disabled usbfs and use real nodes only on my box. With: "export USB_DEVFS_PATH=/dev/bus/usb" libusb picks up the udev managed nodes instead of reading usbfs files. This makes udev to provide symlinks for libusb to pick up: SUBSYSTEM="usb_device", PROGRAM="/sbin/usbdevice %k", SYMLINK="%c" /sbin/usbdevice: #!/bin/sh echo $1 | /bin/sed 's/usbdev\([0-9]*\)\.\([0-9]*\)/bus\/usb\/\1\/\2/' Signed-off-by: Kay Sievers <kay.sievers@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
fe0410c7 |
|
29-Jul-2005 |
Alan Stern <stern@rowland.harvard.edu> |
[PATCH] USB: usbfs: Don't leak uninitialized data This patch fixes an information leak in the usbfs snoop facility: uninitialized data from __get_free_page can be returned to userspace and written to the system log. It also improves the snoop output by printing the wLength value. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
#
72ebddb5 |
|
11-Apr-2005 |
David Brownell <david-b@pacbell.net> |
[PATCH] USB: turn a user mode driver error into a hard error This patch turns a user mode driver error into a hard error, and updates the relevant diagnostic slightly to help troubleshooting. gphoto was known to have this problem, hopefully it is now fixed (they have had plenty of warning...) This had been left as a soft error to give various user mode drivers a change to be properly fixed, with the statement that starting in about 2.6.10 it would be changed. It had been mostly safe as a soft error ... but that can not be guaranteed. Now that a year has passed, it's time to really insist that the user mode drivers finally fix their relevant bugs. Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
6fd19f4b |
|
18-Apr-2005 |
Jesper Juhl <juhl-lkml@dif.dk> |
[PATCH] usb: kfree() cleanups in drivers/usb/core/devio.c Checking for NULL before calling kfree() is redundant. This patch removes these redundant checks and also makes a few tiny whitespace changes. Signed-off-by: Jesper Juhl <juhl-lkml@dif.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
668a9541 |
|
18-Apr-2005 |
Christopher Li <chrisl@vmware.com> |
[PATCH] USB: bug fix in usbdevfs I am sorry that the last patch about 32 bit compat ioctl on 64 bit kernel actually breaks the usbdevfs. That is on the current BK tree. I am retarded. Here is the patch to fix it. Tested with USB hard disk and webcam in both 32bit compatible mode and native 64bit mode. Again, sorry about that. From: Christopher Li <chrisl@vmware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
#
1da177e4 |
|
16-Apr-2005 |
Linus Torvalds <torvalds@ppc970.osdl.org> |
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip!
|