1 // SPDX-License-Identifier: GPL-2.0+
2 /*****************************************************************************/
5 * devio.c -- User space communication with USB devices.
7 * Copyright (C) 1999-2000 Thomas Sailer (sailer@ife.ee.ethz.ch)
9 * This file implements the usbfs/x/y files, where
10 * x is the bus number and y the device number.
12 * It allows user space programs/"drivers" to communicate directly
13 * with USB devices without intervening kernel driver.
16 * 22.12.1999 0.1 Initial release (split from proc_usb.c)
17 * 04.01.2000 0.2 Turned into its own filesystem
18 * 30.09.2005 0.3 Fix user-triggerable oops in async URB delivery
22 /*****************************************************************************/
26 #include <linux/sched/signal.h>
27 #include <linux/slab.h>
28 #include <linux/signal.h>
29 #include <linux/poll.h>
30 #include <linux/module.h>
31 #include <linux/string.h>
32 #include <linux/usb.h>
33 #include <linux/usbdevice_fs.h>
34 #include <linux/usb/hcd.h> /* for usbcore internals */
35 #include <linux/cdev.h>
36 #include <linux/notifier.h>
37 #include <linux/security.h>
38 #include <linux/user_namespace.h>
39 #include <linux/scatterlist.h>
40 #include <linux/uaccess.h>
41 #include <linux/dma-mapping.h>
42 #include <asm/byteorder.h>
43 #include <linux/moduleparam.h>
48 #define USB_DEVICE_MAX (USB_MAXBUS * 128)
49 #define USB_SG_SIZE 16384 /* split-size for large txs */
51 struct usb_dev_state {
52 struct list_head list; /* state list */
53 struct usb_device *dev;
55 spinlock_t lock; /* protects the async urb lists */
56 struct list_head async_pending;
57 struct list_head async_completed;
58 struct list_head memory_list;
59 wait_queue_head_t wait; /* wake up if a request completed */
60 unsigned int discsignr;
62 const struct cred *cred;
63 void __user *disccontext;
64 unsigned long ifclaimed;
65 u32 disabled_bulk_eps;
66 bool privileges_dropped;
67 unsigned long interface_allowed_mask;
71 struct list_head memlist;
76 dma_addr_t dma_handle;
77 unsigned long vm_start;
78 struct usb_dev_state *ps;
82 struct list_head asynclist;
83 struct usb_dev_state *ps;
85 const struct cred *cred;
88 void __user *userbuffer;
91 struct usb_memory *usbm;
92 unsigned int mem_usage;
98 static bool usbfs_snoop;
99 module_param(usbfs_snoop, bool, S_IRUGO | S_IWUSR);
100 MODULE_PARM_DESC(usbfs_snoop, "true to log all usbfs traffic");
102 static unsigned usbfs_snoop_max = 65536;
103 module_param(usbfs_snoop_max, uint, S_IRUGO | S_IWUSR);
104 MODULE_PARM_DESC(usbfs_snoop_max,
105 "maximum number of bytes to print while snooping");
107 #define snoop(dev, format, arg...) \
110 dev_info(dev, format, ## arg); \
117 #define USB_DEVICE_DEV MKDEV(USB_DEVICE_MAJOR, 0)
119 /* Limit on the total amount of memory we can allocate for transfers */
120 static u32 usbfs_memory_mb = 16;
121 module_param(usbfs_memory_mb, uint, 0644);
122 MODULE_PARM_DESC(usbfs_memory_mb,
123 "maximum MB allowed for usbfs buffers (0 = no limit)");
125 /* Hard limit, necessary to avoid arithmetic overflow */
126 #define USBFS_XFER_MAX (UINT_MAX / 2 - 1000000)
128 static atomic64_t usbfs_memory_usage; /* Total memory currently allocated */
130 /* Check whether it's okay to allocate more memory for a transfer */
131 static int usbfs_increase_memory_usage(u64 amount)
135 lim = READ_ONCE(usbfs_memory_mb);
138 atomic64_add(amount, &usbfs_memory_usage);
140 if (lim > 0 && atomic64_read(&usbfs_memory_usage) > lim) {
141 atomic64_sub(amount, &usbfs_memory_usage);
148 /* Memory for a transfer is being deallocated */
149 static void usbfs_decrease_memory_usage(u64 amount)
151 atomic64_sub(amount, &usbfs_memory_usage);
154 static int connected(struct usb_dev_state *ps)
156 return (!list_empty(&ps->list) &&
157 ps->dev->state != USB_STATE_NOTATTACHED);
160 static void dec_usb_memory_use_count(struct usb_memory *usbm, int *count)
162 struct usb_dev_state *ps = usbm->ps;
165 spin_lock_irqsave(&ps->lock, flags);
167 if (usbm->urb_use_count == 0 && usbm->vma_use_count == 0) {
168 list_del(&usbm->memlist);
169 spin_unlock_irqrestore(&ps->lock, flags);
171 usb_free_coherent(ps->dev, usbm->size, usbm->mem,
173 usbfs_decrease_memory_usage(
174 usbm->size + sizeof(struct usb_memory));
177 spin_unlock_irqrestore(&ps->lock, flags);
181 static void usbdev_vm_open(struct vm_area_struct *vma)
183 struct usb_memory *usbm = vma->vm_private_data;
186 spin_lock_irqsave(&usbm->ps->lock, flags);
187 ++usbm->vma_use_count;
188 spin_unlock_irqrestore(&usbm->ps->lock, flags);
191 static void usbdev_vm_close(struct vm_area_struct *vma)
193 struct usb_memory *usbm = vma->vm_private_data;
195 dec_usb_memory_use_count(usbm, &usbm->vma_use_count);
198 static const struct vm_operations_struct usbdev_vm_ops = {
199 .open = usbdev_vm_open,
200 .close = usbdev_vm_close
203 static int usbdev_mmap(struct file *file, struct vm_area_struct *vma)
205 struct usb_memory *usbm = NULL;
206 struct usb_dev_state *ps = file->private_data;
207 size_t size = vma->vm_end - vma->vm_start;
210 dma_addr_t dma_handle;
213 ret = usbfs_increase_memory_usage(size + sizeof(struct usb_memory));
217 usbm = kzalloc(sizeof(struct usb_memory), GFP_KERNEL);
220 goto error_decrease_mem;
223 mem = usb_alloc_coherent(ps->dev, size, GFP_USER | __GFP_NOWARN,
227 goto error_free_usbm;
230 memset(mem, 0, size);
233 usbm->dma_handle = dma_handle;
236 usbm->vm_start = vma->vm_start;
237 usbm->vma_use_count = 1;
238 INIT_LIST_HEAD(&usbm->memlist);
240 if (remap_pfn_range(vma, vma->vm_start,
241 virt_to_phys(usbm->mem) >> PAGE_SHIFT,
242 size, vma->vm_page_prot) < 0) {
243 dec_usb_memory_use_count(usbm, &usbm->vma_use_count);
247 vma->vm_flags |= VM_IO;
248 vma->vm_flags |= (VM_DONTEXPAND | VM_DONTDUMP);
249 vma->vm_ops = &usbdev_vm_ops;
250 vma->vm_private_data = usbm;
252 spin_lock_irqsave(&ps->lock, flags);
253 list_add_tail(&usbm->memlist, &ps->memory_list);
254 spin_unlock_irqrestore(&ps->lock, flags);
261 usbfs_decrease_memory_usage(size + sizeof(struct usb_memory));
266 static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes,
269 struct usb_dev_state *ps = file->private_data;
270 struct usb_device *dev = ps->dev;
277 usb_lock_device(dev);
278 if (!connected(ps)) {
281 } else if (pos < 0) {
286 if (pos < sizeof(struct usb_device_descriptor)) {
287 /* 18 bytes - fits on the stack */
288 struct usb_device_descriptor temp_desc;
290 memcpy(&temp_desc, &dev->descriptor, sizeof(dev->descriptor));
291 le16_to_cpus(&temp_desc.bcdUSB);
292 le16_to_cpus(&temp_desc.idVendor);
293 le16_to_cpus(&temp_desc.idProduct);
294 le16_to_cpus(&temp_desc.bcdDevice);
296 len = sizeof(struct usb_device_descriptor) - pos;
299 if (copy_to_user(buf, ((char *)&temp_desc) + pos, len)) {
310 pos = sizeof(struct usb_device_descriptor);
311 for (i = 0; nbytes && i < dev->descriptor.bNumConfigurations; i++) {
312 struct usb_config_descriptor *config =
313 (struct usb_config_descriptor *)dev->rawdescriptors[i];
314 unsigned int length = le16_to_cpu(config->wTotalLength);
316 if (*ppos < pos + length) {
318 /* The descriptor may claim to be longer than it
319 * really is. Here is the actual allocated length. */
321 le16_to_cpu(dev->config[i].desc.wTotalLength);
323 len = length - (*ppos - pos);
327 /* Simply don't write (skip over) unallocated parts */
328 if (alloclen > (*ppos - pos)) {
329 alloclen -= (*ppos - pos);
330 if (copy_to_user(buf,
331 dev->rawdescriptors[i] + (*ppos - pos),
332 min(len, alloclen))) {
348 usb_unlock_device(dev);
353 * async list handling
356 static struct async *alloc_async(unsigned int numisoframes)
360 as = kzalloc(sizeof(struct async), GFP_KERNEL);
363 as->urb = usb_alloc_urb(numisoframes, GFP_KERNEL);
371 static void free_async(struct async *as)
378 for (i = 0; i < as->urb->num_sgs; i++) {
379 if (sg_page(&as->urb->sg[i]))
380 kfree(sg_virt(&as->urb->sg[i]));
384 if (as->usbm == NULL)
385 kfree(as->urb->transfer_buffer);
387 dec_usb_memory_use_count(as->usbm, &as->usbm->urb_use_count);
389 kfree(as->urb->setup_packet);
390 usb_free_urb(as->urb);
391 usbfs_decrease_memory_usage(as->mem_usage);
395 static void async_newpending(struct async *as)
397 struct usb_dev_state *ps = as->ps;
400 spin_lock_irqsave(&ps->lock, flags);
401 list_add_tail(&as->asynclist, &ps->async_pending);
402 spin_unlock_irqrestore(&ps->lock, flags);
405 static void async_removepending(struct async *as)
407 struct usb_dev_state *ps = as->ps;
410 spin_lock_irqsave(&ps->lock, flags);
411 list_del_init(&as->asynclist);
412 spin_unlock_irqrestore(&ps->lock, flags);
415 static struct async *async_getcompleted(struct usb_dev_state *ps)
418 struct async *as = NULL;
420 spin_lock_irqsave(&ps->lock, flags);
421 if (!list_empty(&ps->async_completed)) {
422 as = list_entry(ps->async_completed.next, struct async,
424 list_del_init(&as->asynclist);
426 spin_unlock_irqrestore(&ps->lock, flags);
430 static struct async *async_getpending(struct usb_dev_state *ps,
431 void __user *userurb)
435 list_for_each_entry(as, &ps->async_pending, asynclist)
436 if (as->userurb == userurb) {
437 list_del_init(&as->asynclist);
444 static void snoop_urb(struct usb_device *udev,
445 void __user *userurb, int pipe, unsigned length,
446 int timeout_or_status, enum snoop_when when,
447 unsigned char *data, unsigned data_len)
449 static const char *types[] = {"isoc", "int", "ctrl", "bulk"};
450 static const char *dirs[] = {"out", "in"};
457 ep = usb_pipeendpoint(pipe);
458 t = types[usb_pipetype(pipe)];
459 d = dirs[!!usb_pipein(pipe)];
461 if (userurb) { /* Async */
463 dev_info(&udev->dev, "userurb %pK, ep%d %s-%s, "
465 userurb, ep, t, d, length);
467 dev_info(&udev->dev, "userurb %pK, ep%d %s-%s, "
468 "actual_length %u status %d\n",
469 userurb, ep, t, d, length,
473 dev_info(&udev->dev, "ep%d %s-%s, length %u, "
475 ep, t, d, length, timeout_or_status);
477 dev_info(&udev->dev, "ep%d %s-%s, actual_length %u, "
479 ep, t, d, length, timeout_or_status);
482 data_len = min(data_len, usbfs_snoop_max);
483 if (data && data_len > 0) {
484 print_hex_dump(KERN_DEBUG, "data: ", DUMP_PREFIX_NONE, 32, 1,
489 static void snoop_urb_data(struct urb *urb, unsigned len)
493 len = min(len, usbfs_snoop_max);
494 if (!usbfs_snoop || len == 0)
497 if (urb->num_sgs == 0) {
498 print_hex_dump(KERN_DEBUG, "data: ", DUMP_PREFIX_NONE, 32, 1,
499 urb->transfer_buffer, len, 1);
503 for (i = 0; i < urb->num_sgs && len; i++) {
504 size = (len > USB_SG_SIZE) ? USB_SG_SIZE : len;
505 print_hex_dump(KERN_DEBUG, "data: ", DUMP_PREFIX_NONE, 32, 1,
506 sg_virt(&urb->sg[i]), size, 1);
511 static int copy_urb_data_to_user(u8 __user *userbuffer, struct urb *urb)
513 unsigned i, len, size;
515 if (urb->number_of_packets > 0) /* Isochronous */
516 len = urb->transfer_buffer_length;
518 len = urb->actual_length;
520 if (urb->num_sgs == 0) {
521 if (copy_to_user(userbuffer, urb->transfer_buffer, len))
526 for (i = 0; i < urb->num_sgs && len; i++) {
527 size = (len > USB_SG_SIZE) ? USB_SG_SIZE : len;
528 if (copy_to_user(userbuffer, sg_virt(&urb->sg[i]), size))
537 #define AS_CONTINUATION 1
540 static void cancel_bulk_urbs(struct usb_dev_state *ps, unsigned bulk_addr)
547 /* Mark all the pending URBs that match bulk_addr, up to but not
548 * including the first one without AS_CONTINUATION. If such an
549 * URB is encountered then a new transfer has already started so
550 * the endpoint doesn't need to be disabled; otherwise it does.
552 list_for_each_entry(as, &ps->async_pending, asynclist) {
553 if (as->bulk_addr == bulk_addr) {
554 if (as->bulk_status != AS_CONTINUATION)
556 as->bulk_status = AS_UNLINK;
560 ps->disabled_bulk_eps |= (1 << bulk_addr);
562 /* Now carefully unlink all the marked pending URBs */
564 list_for_each_entry(as, &ps->async_pending, asynclist) {
565 if (as->bulk_status == AS_UNLINK) {
566 as->bulk_status = 0; /* Only once */
569 spin_unlock(&ps->lock); /* Allow completions */
572 spin_lock(&ps->lock);
578 static void async_completed(struct urb *urb)
580 struct async *as = urb->context;
581 struct usb_dev_state *ps = as->ps;
582 struct kernel_siginfo sinfo;
583 struct pid *pid = NULL;
584 const struct cred *cred = NULL;
588 spin_lock_irqsave(&ps->lock, flags);
589 list_move_tail(&as->asynclist, &ps->async_completed);
590 as->status = urb->status;
593 clear_siginfo(&sinfo);
594 sinfo.si_signo = as->signr;
595 sinfo.si_errno = as->status;
596 sinfo.si_code = SI_ASYNCIO;
597 sinfo.si_addr = as->userurb;
598 pid = get_pid(as->pid);
599 cred = get_cred(as->cred);
601 snoop(&urb->dev->dev, "urb complete\n");
602 snoop_urb(urb->dev, as->userurb, urb->pipe, urb->actual_length,
603 as->status, COMPLETE, NULL, 0);
604 if (usb_urb_dir_in(urb))
605 snoop_urb_data(urb, urb->actual_length);
607 if (as->status < 0 && as->bulk_addr && as->status != -ECONNRESET &&
608 as->status != -ENOENT)
609 cancel_bulk_urbs(ps, as->bulk_addr);
612 spin_unlock_irqrestore(&ps->lock, flags);
615 kill_pid_info_as_cred(sinfo.si_signo, &sinfo, pid, cred);
621 static void destroy_async(struct usb_dev_state *ps, struct list_head *list)
627 spin_lock_irqsave(&ps->lock, flags);
628 while (!list_empty(list)) {
629 as = list_entry(list->next, struct async, asynclist);
630 list_del_init(&as->asynclist);
634 /* drop the spinlock so the completion handler can run */
635 spin_unlock_irqrestore(&ps->lock, flags);
638 spin_lock_irqsave(&ps->lock, flags);
640 spin_unlock_irqrestore(&ps->lock, flags);
643 static void destroy_async_on_interface(struct usb_dev_state *ps,
646 struct list_head *p, *q, hitlist;
649 INIT_LIST_HEAD(&hitlist);
650 spin_lock_irqsave(&ps->lock, flags);
651 list_for_each_safe(p, q, &ps->async_pending)
652 if (ifnum == list_entry(p, struct async, asynclist)->ifnum)
653 list_move_tail(p, &hitlist);
654 spin_unlock_irqrestore(&ps->lock, flags);
655 destroy_async(ps, &hitlist);
658 static void destroy_all_async(struct usb_dev_state *ps)
660 destroy_async(ps, &ps->async_pending);
664 * interface claims are made only at the request of user level code,
665 * which can also release them (explicitly or by closing files).
666 * they're also undone when devices disconnect.
669 static int driver_probe(struct usb_interface *intf,
670 const struct usb_device_id *id)
675 static void driver_disconnect(struct usb_interface *intf)
677 struct usb_dev_state *ps = usb_get_intfdata(intf);
678 unsigned int ifnum = intf->altsetting->desc.bInterfaceNumber;
683 /* NOTE: this relies on usbcore having canceled and completed
684 * all pending I/O requests; 2.6 does that.
687 if (likely(ifnum < 8*sizeof(ps->ifclaimed)))
688 clear_bit(ifnum, &ps->ifclaimed);
690 dev_warn(&intf->dev, "interface number %u out of range\n",
693 usb_set_intfdata(intf, NULL);
695 /* force async requests to complete */
696 destroy_async_on_interface(ps, ifnum);
699 /* The following routines are merely placeholders. There is no way
700 * to inform a user task about suspend or resumes.
702 static int driver_suspend(struct usb_interface *intf, pm_message_t msg)
707 static int driver_resume(struct usb_interface *intf)
712 struct usb_driver usbfs_driver = {
714 .probe = driver_probe,
715 .disconnect = driver_disconnect,
716 .suspend = driver_suspend,
717 .resume = driver_resume,
720 static int claimintf(struct usb_dev_state *ps, unsigned int ifnum)
722 struct usb_device *dev = ps->dev;
723 struct usb_interface *intf;
726 if (ifnum >= 8*sizeof(ps->ifclaimed))
728 /* already claimed */
729 if (test_bit(ifnum, &ps->ifclaimed))
732 if (ps->privileges_dropped &&
733 !test_bit(ifnum, &ps->interface_allowed_mask))
736 intf = usb_ifnum_to_if(dev, ifnum);
740 err = usb_driver_claim_interface(&usbfs_driver, intf, ps);
742 set_bit(ifnum, &ps->ifclaimed);
746 static int releaseintf(struct usb_dev_state *ps, unsigned int ifnum)
748 struct usb_device *dev;
749 struct usb_interface *intf;
753 if (ifnum >= 8*sizeof(ps->ifclaimed))
756 intf = usb_ifnum_to_if(dev, ifnum);
759 else if (test_and_clear_bit(ifnum, &ps->ifclaimed)) {
760 usb_driver_release_interface(&usbfs_driver, intf);
766 static int checkintf(struct usb_dev_state *ps, unsigned int ifnum)
768 if (ps->dev->state != USB_STATE_CONFIGURED)
769 return -EHOSTUNREACH;
770 if (ifnum >= 8*sizeof(ps->ifclaimed))
772 if (test_bit(ifnum, &ps->ifclaimed))
774 /* if not yet claimed, claim it for the driver */
775 dev_warn(&ps->dev->dev, "usbfs: process %d (%s) did not claim "
776 "interface %u before use\n", task_pid_nr(current),
777 current->comm, ifnum);
778 return claimintf(ps, ifnum);
781 static int findintfep(struct usb_device *dev, unsigned int ep)
783 unsigned int i, j, e;
784 struct usb_interface *intf;
785 struct usb_host_interface *alts;
786 struct usb_endpoint_descriptor *endpt;
788 if (ep & ~(USB_DIR_IN|0xf))
792 for (i = 0; i < dev->actconfig->desc.bNumInterfaces; i++) {
793 intf = dev->actconfig->interface[i];
794 for (j = 0; j < intf->num_altsetting; j++) {
795 alts = &intf->altsetting[j];
796 for (e = 0; e < alts->desc.bNumEndpoints; e++) {
797 endpt = &alts->endpoint[e].desc;
798 if (endpt->bEndpointAddress == ep)
799 return alts->desc.bInterfaceNumber;
806 static int check_ctrlrecip(struct usb_dev_state *ps, unsigned int requesttype,
807 unsigned int request, unsigned int index)
810 struct usb_host_interface *alt_setting;
812 if (ps->dev->state != USB_STATE_UNAUTHENTICATED
813 && ps->dev->state != USB_STATE_ADDRESS
814 && ps->dev->state != USB_STATE_CONFIGURED)
815 return -EHOSTUNREACH;
816 if (USB_TYPE_VENDOR == (USB_TYPE_MASK & requesttype))
820 * check for the special corner case 'get_device_id' in the printer
821 * class specification, which we always want to allow as it is used
822 * to query things like ink level, etc.
824 if (requesttype == 0xa1 && request == 0) {
825 alt_setting = usb_find_alt_setting(ps->dev->actconfig,
826 index >> 8, index & 0xff);
828 && alt_setting->desc.bInterfaceClass == USB_CLASS_PRINTER)
833 switch (requesttype & USB_RECIP_MASK) {
834 case USB_RECIP_ENDPOINT:
835 if ((index & ~USB_DIR_IN) == 0)
837 ret = findintfep(ps->dev, index);
840 * Some not fully compliant Win apps seem to get
841 * index wrong and have the endpoint number here
842 * rather than the endpoint address (with the
843 * correct direction). Win does let this through,
844 * so we'll not reject it here but leave it to
845 * the device to not break KVM. But we warn.
847 ret = findintfep(ps->dev, index ^ 0x80);
849 dev_info(&ps->dev->dev,
850 "%s: process %i (%s) requesting ep %02x but needs %02x\n",
851 __func__, task_pid_nr(current),
852 current->comm, index, index ^ 0x80);
855 ret = checkintf(ps, ret);
858 case USB_RECIP_INTERFACE:
859 ret = checkintf(ps, index);
865 static struct usb_host_endpoint *ep_to_host_endpoint(struct usb_device *dev,
868 if (ep & USB_ENDPOINT_DIR_MASK)
869 return dev->ep_in[ep & USB_ENDPOINT_NUMBER_MASK];
871 return dev->ep_out[ep & USB_ENDPOINT_NUMBER_MASK];
874 static int parse_usbdevfs_streams(struct usb_dev_state *ps,
875 struct usbdevfs_streams __user *streams,
876 unsigned int *num_streams_ret,
877 unsigned int *num_eps_ret,
878 struct usb_host_endpoint ***eps_ret,
879 struct usb_interface **intf_ret)
881 unsigned int i, num_streams, num_eps;
882 struct usb_host_endpoint **eps;
883 struct usb_interface *intf = NULL;
887 if (get_user(num_streams, &streams->num_streams) ||
888 get_user(num_eps, &streams->num_eps))
891 if (num_eps < 1 || num_eps > USB_MAXENDPOINTS)
894 /* The XHCI controller allows max 2 ^ 16 streams */
895 if (num_streams_ret && (num_streams < 2 || num_streams > 65536))
898 eps = kmalloc_array(num_eps, sizeof(*eps), GFP_KERNEL);
902 for (i = 0; i < num_eps; i++) {
903 if (get_user(ep, &streams->eps[i])) {
907 eps[i] = ep_to_host_endpoint(ps->dev, ep);
913 /* usb_alloc/free_streams operate on an usb_interface */
914 ifnum = findintfep(ps->dev, ep);
921 ret = checkintf(ps, ifnum);
924 intf = usb_ifnum_to_if(ps->dev, ifnum);
926 /* Verify all eps belong to the same interface */
927 if (ifnum != intf->altsetting->desc.bInterfaceNumber) {
935 *num_streams_ret = num_streams;
936 *num_eps_ret = num_eps;
947 static int match_devt(struct device *dev, void *data)
949 return dev->devt == (dev_t) (unsigned long) data;
952 static struct usb_device *usbdev_lookup_by_devt(dev_t devt)
956 dev = bus_find_device(&usb_bus_type, NULL,
957 (void *) (unsigned long) devt, match_devt);
960 return to_usb_device(dev);
966 static int usbdev_open(struct inode *inode, struct file *file)
968 struct usb_device *dev = NULL;
969 struct usb_dev_state *ps;
973 ps = kzalloc(sizeof(struct usb_dev_state), GFP_KERNEL);
979 /* usbdev device-node */
980 if (imajor(inode) == USB_DEVICE_MAJOR)
981 dev = usbdev_lookup_by_devt(inode->i_rdev);
985 usb_lock_device(dev);
986 if (dev->state == USB_STATE_NOTATTACHED)
987 goto out_unlock_device;
989 ret = usb_autoresume_device(dev);
991 goto out_unlock_device;
995 ps->interface_allowed_mask = 0xFFFFFFFF; /* 32 bits */
996 spin_lock_init(&ps->lock);
997 INIT_LIST_HEAD(&ps->list);
998 INIT_LIST_HEAD(&ps->async_pending);
999 INIT_LIST_HEAD(&ps->async_completed);
1000 INIT_LIST_HEAD(&ps->memory_list);
1001 init_waitqueue_head(&ps->wait);
1002 ps->disc_pid = get_pid(task_pid(current));
1003 ps->cred = get_current_cred();
1005 list_add_tail(&ps->list, &dev->filelist);
1006 file->private_data = ps;
1007 usb_unlock_device(dev);
1008 snoop(&dev->dev, "opened by process %d: %s\n", task_pid_nr(current),
1013 usb_unlock_device(dev);
1020 static int usbdev_release(struct inode *inode, struct file *file)
1022 struct usb_dev_state *ps = file->private_data;
1023 struct usb_device *dev = ps->dev;
1027 usb_lock_device(dev);
1028 usb_hub_release_all_ports(dev, ps);
1030 list_del_init(&ps->list);
1032 for (ifnum = 0; ps->ifclaimed && ifnum < 8*sizeof(ps->ifclaimed);
1034 if (test_bit(ifnum, &ps->ifclaimed))
1035 releaseintf(ps, ifnum);
1037 destroy_all_async(ps);
1038 usb_autosuspend_device(dev);
1039 usb_unlock_device(dev);
1041 put_pid(ps->disc_pid);
1044 as = async_getcompleted(ps);
1047 as = async_getcompleted(ps);
1054 static int proc_control(struct usb_dev_state *ps, void __user *arg)
1056 struct usb_device *dev = ps->dev;
1057 struct usbdevfs_ctrltransfer ctrl;
1059 unsigned char *tbuf;
1063 if (copy_from_user(&ctrl, arg, sizeof(ctrl)))
1065 ret = check_ctrlrecip(ps, ctrl.bRequestType, ctrl.bRequest,
1069 wLength = ctrl.wLength; /* To suppress 64k PAGE_SIZE warning */
1070 if (wLength > PAGE_SIZE)
1072 ret = usbfs_increase_memory_usage(PAGE_SIZE + sizeof(struct urb) +
1073 sizeof(struct usb_ctrlrequest));
1076 tbuf = (unsigned char *)__get_free_page(GFP_KERNEL);
1082 snoop(&dev->dev, "control urb: bRequestType=%02x "
1083 "bRequest=%02x wValue=%04x "
1084 "wIndex=%04x wLength=%04x\n",
1085 ctrl.bRequestType, ctrl.bRequest, ctrl.wValue,
1086 ctrl.wIndex, ctrl.wLength);
1087 if (ctrl.bRequestType & 0x80) {
1088 if (ctrl.wLength && !access_ok(ctrl.data,
1093 pipe = usb_rcvctrlpipe(dev, 0);
1094 snoop_urb(dev, NULL, pipe, ctrl.wLength, tmo, SUBMIT, NULL, 0);
1096 usb_unlock_device(dev);
1097 i = usb_control_msg(dev, pipe, ctrl.bRequest,
1098 ctrl.bRequestType, ctrl.wValue, ctrl.wIndex,
1099 tbuf, ctrl.wLength, tmo);
1100 usb_lock_device(dev);
1101 snoop_urb(dev, NULL, pipe, max(i, 0), min(i, 0), COMPLETE,
1103 if ((i > 0) && ctrl.wLength) {
1104 if (copy_to_user(ctrl.data, tbuf, i)) {
1111 if (copy_from_user(tbuf, ctrl.data, ctrl.wLength)) {
1116 pipe = usb_sndctrlpipe(dev, 0);
1117 snoop_urb(dev, NULL, pipe, ctrl.wLength, tmo, SUBMIT,
1118 tbuf, ctrl.wLength);
1120 usb_unlock_device(dev);
1121 i = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), ctrl.bRequest,
1122 ctrl.bRequestType, ctrl.wValue, ctrl.wIndex,
1123 tbuf, ctrl.wLength, tmo);
1124 usb_lock_device(dev);
1125 snoop_urb(dev, NULL, pipe, max(i, 0), min(i, 0), COMPLETE, NULL, 0);
1127 if (i < 0 && i != -EPIPE) {
1128 dev_printk(KERN_DEBUG, &dev->dev, "usbfs: USBDEVFS_CONTROL "
1129 "failed cmd %s rqt %u rq %u len %u ret %d\n",
1130 current->comm, ctrl.bRequestType, ctrl.bRequest,
1135 free_page((unsigned long) tbuf);
1136 usbfs_decrease_memory_usage(PAGE_SIZE + sizeof(struct urb) +
1137 sizeof(struct usb_ctrlrequest));
1141 static int proc_bulk(struct usb_dev_state *ps, void __user *arg)
1143 struct usb_device *dev = ps->dev;
1144 struct usbdevfs_bulktransfer bulk;
1145 unsigned int tmo, len1, pipe;
1147 unsigned char *tbuf;
1150 if (copy_from_user(&bulk, arg, sizeof(bulk)))
1152 ret = findintfep(ps->dev, bulk.ep);
1155 ret = checkintf(ps, ret);
1158 if (bulk.ep & USB_DIR_IN)
1159 pipe = usb_rcvbulkpipe(dev, bulk.ep & 0x7f);
1161 pipe = usb_sndbulkpipe(dev, bulk.ep & 0x7f);
1162 if (!usb_maxpacket(dev, pipe, !(bulk.ep & USB_DIR_IN)))
1165 if (len1 >= (INT_MAX - sizeof(struct urb)))
1167 ret = usbfs_increase_memory_usage(len1 + sizeof(struct urb));
1170 tbuf = kmalloc(len1, GFP_KERNEL);
1176 if (bulk.ep & 0x80) {
1177 if (len1 && !access_ok(bulk.data, len1)) {
1181 snoop_urb(dev, NULL, pipe, len1, tmo, SUBMIT, NULL, 0);
1183 usb_unlock_device(dev);
1184 i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo);
1185 usb_lock_device(dev);
1186 snoop_urb(dev, NULL, pipe, len2, i, COMPLETE, tbuf, len2);
1189 if (copy_to_user(bulk.data, tbuf, len2)) {
1196 if (copy_from_user(tbuf, bulk.data, len1)) {
1201 snoop_urb(dev, NULL, pipe, len1, tmo, SUBMIT, tbuf, len1);
1203 usb_unlock_device(dev);
1204 i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo);
1205 usb_lock_device(dev);
1206 snoop_urb(dev, NULL, pipe, len2, i, COMPLETE, NULL, 0);
1208 ret = (i < 0 ? i : len2);
1211 usbfs_decrease_memory_usage(len1 + sizeof(struct urb));
1215 static void check_reset_of_active_ep(struct usb_device *udev,
1216 unsigned int epnum, char *ioctl_name)
1218 struct usb_host_endpoint **eps;
1219 struct usb_host_endpoint *ep;
1221 eps = (epnum & USB_DIR_IN) ? udev->ep_in : udev->ep_out;
1222 ep = eps[epnum & 0x0f];
1223 if (ep && !list_empty(&ep->urb_list))
1224 dev_warn(&udev->dev, "Process %d (%s) called USBDEVFS_%s for active endpoint 0x%02x\n",
1225 task_pid_nr(current), current->comm,
1229 static int proc_resetep(struct usb_dev_state *ps, void __user *arg)
1234 if (get_user(ep, (unsigned int __user *)arg))
1236 ret = findintfep(ps->dev, ep);
1239 ret = checkintf(ps, ret);
1242 check_reset_of_active_ep(ps->dev, ep, "RESETEP");
1243 usb_reset_endpoint(ps->dev, ep);
1247 static int proc_clearhalt(struct usb_dev_state *ps, void __user *arg)
1253 if (get_user(ep, (unsigned int __user *)arg))
1255 ret = findintfep(ps->dev, ep);
1258 ret = checkintf(ps, ret);
1261 check_reset_of_active_ep(ps->dev, ep, "CLEAR_HALT");
1262 if (ep & USB_DIR_IN)
1263 pipe = usb_rcvbulkpipe(ps->dev, ep & 0x7f);
1265 pipe = usb_sndbulkpipe(ps->dev, ep & 0x7f);
1267 return usb_clear_halt(ps->dev, pipe);
1270 static int proc_getdriver(struct usb_dev_state *ps, void __user *arg)
1272 struct usbdevfs_getdriver gd;
1273 struct usb_interface *intf;
1276 if (copy_from_user(&gd, arg, sizeof(gd)))
1278 intf = usb_ifnum_to_if(ps->dev, gd.interface);
1279 if (!intf || !intf->dev.driver)
1282 strlcpy(gd.driver, intf->dev.driver->name,
1284 ret = (copy_to_user(arg, &gd, sizeof(gd)) ? -EFAULT : 0);
1289 static int proc_connectinfo(struct usb_dev_state *ps, void __user *arg)
1291 struct usbdevfs_connectinfo ci;
1293 memset(&ci, 0, sizeof(ci));
1294 ci.devnum = ps->dev->devnum;
1295 ci.slow = ps->dev->speed == USB_SPEED_LOW;
1297 if (copy_to_user(arg, &ci, sizeof(ci)))
1302 static int proc_conninfo_ex(struct usb_dev_state *ps,
1303 void __user *arg, size_t size)
1305 struct usbdevfs_conninfo_ex ci;
1306 struct usb_device *udev = ps->dev;
1308 if (size < sizeof(ci.size))
1311 memset(&ci, 0, sizeof(ci));
1312 ci.size = sizeof(ci);
1313 ci.busnum = udev->bus->busnum;
1314 ci.devnum = udev->devnum;
1315 ci.speed = udev->speed;
1317 while (udev && udev->portnum != 0) {
1318 if (++ci.num_ports <= ARRAY_SIZE(ci.ports))
1319 ci.ports[ARRAY_SIZE(ci.ports) - ci.num_ports] =
1321 udev = udev->parent;
1324 if (ci.num_ports < ARRAY_SIZE(ci.ports))
1325 memmove(&ci.ports[0],
1326 &ci.ports[ARRAY_SIZE(ci.ports) - ci.num_ports],
1329 if (copy_to_user(arg, &ci, min(sizeof(ci), size)))
1335 static int proc_resetdevice(struct usb_dev_state *ps)
1337 struct usb_host_config *actconfig = ps->dev->actconfig;
1338 struct usb_interface *interface;
1341 /* Don't allow a device reset if the process has dropped the
1342 * privilege to do such things and any of the interfaces are
1343 * currently claimed.
1345 if (ps->privileges_dropped && actconfig) {
1346 for (i = 0; i < actconfig->desc.bNumInterfaces; ++i) {
1347 interface = actconfig->interface[i];
1348 number = interface->cur_altsetting->desc.bInterfaceNumber;
1349 if (usb_interface_claimed(interface) &&
1350 !test_bit(number, &ps->ifclaimed)) {
1351 dev_warn(&ps->dev->dev,
1352 "usbfs: interface %d claimed by %s while '%s' resets device\n",
1353 number, interface->dev.driver->name, current->comm);
1359 return usb_reset_device(ps->dev);
1362 static int proc_setintf(struct usb_dev_state *ps, void __user *arg)
1364 struct usbdevfs_setinterface setintf;
1367 if (copy_from_user(&setintf, arg, sizeof(setintf)))
1369 ret = checkintf(ps, setintf.interface);
1373 destroy_async_on_interface(ps, setintf.interface);
1375 return usb_set_interface(ps->dev, setintf.interface,
1376 setintf.altsetting);
1379 static int proc_setconfig(struct usb_dev_state *ps, void __user *arg)
1383 struct usb_host_config *actconfig;
1385 if (get_user(u, (int __user *)arg))
1388 actconfig = ps->dev->actconfig;
1390 /* Don't touch the device if any interfaces are claimed.
1391 * It could interfere with other drivers' operations, and if
1392 * an interface is claimed by usbfs it could easily deadlock.
1397 for (i = 0; i < actconfig->desc.bNumInterfaces; ++i) {
1398 if (usb_interface_claimed(actconfig->interface[i])) {
1399 dev_warn(&ps->dev->dev,
1400 "usbfs: interface %d claimed by %s "
1401 "while '%s' sets config #%d\n",
1402 actconfig->interface[i]
1404 ->desc.bInterfaceNumber,
1405 actconfig->interface[i]
1414 /* SET_CONFIGURATION is often abused as a "cheap" driver reset,
1415 * so avoid usb_set_configuration()'s kick to sysfs
1418 if (actconfig && actconfig->desc.bConfigurationValue == u)
1419 status = usb_reset_configuration(ps->dev);
1421 status = usb_set_configuration(ps->dev, u);
1427 static struct usb_memory *
1428 find_memory_area(struct usb_dev_state *ps, const struct usbdevfs_urb *uurb)
1430 struct usb_memory *usbm = NULL, *iter;
1431 unsigned long flags;
1432 unsigned long uurb_start = (unsigned long)uurb->buffer;
1434 spin_lock_irqsave(&ps->lock, flags);
1435 list_for_each_entry(iter, &ps->memory_list, memlist) {
1436 if (uurb_start >= iter->vm_start &&
1437 uurb_start < iter->vm_start + iter->size) {
1438 if (uurb->buffer_length > iter->vm_start + iter->size -
1440 usbm = ERR_PTR(-EINVAL);
1443 usbm->urb_use_count++;
1448 spin_unlock_irqrestore(&ps->lock, flags);
1452 static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb,
1453 struct usbdevfs_iso_packet_desc __user *iso_frame_desc,
1456 struct usbdevfs_iso_packet_desc *isopkt = NULL;
1457 struct usb_host_endpoint *ep;
1458 struct async *as = NULL;
1459 struct usb_ctrlrequest *dr = NULL;
1460 unsigned int u, totlen, isofrmlen;
1461 int i, ret, num_sgs = 0, ifnum = -1;
1462 int number_of_packets = 0;
1463 unsigned int stream_id = 0;
1466 bool allow_short = false;
1467 bool allow_zero = false;
1468 unsigned long mask = USBDEVFS_URB_SHORT_NOT_OK |
1469 USBDEVFS_URB_BULK_CONTINUATION |
1470 USBDEVFS_URB_NO_FSBR |
1471 USBDEVFS_URB_ZERO_PACKET |
1472 USBDEVFS_URB_NO_INTERRUPT;
1473 /* USBDEVFS_URB_ISO_ASAP is a special case */
1474 if (uurb->type == USBDEVFS_URB_TYPE_ISO)
1475 mask |= USBDEVFS_URB_ISO_ASAP;
1477 if (uurb->flags & ~mask)
1480 if ((unsigned int)uurb->buffer_length >= USBFS_XFER_MAX)
1482 if (uurb->buffer_length > 0 && !uurb->buffer)
1484 if (!(uurb->type == USBDEVFS_URB_TYPE_CONTROL &&
1485 (uurb->endpoint & ~USB_ENDPOINT_DIR_MASK) == 0)) {
1486 ifnum = findintfep(ps->dev, uurb->endpoint);
1489 ret = checkintf(ps, ifnum);
1493 ep = ep_to_host_endpoint(ps->dev, uurb->endpoint);
1496 is_in = (uurb->endpoint & USB_ENDPOINT_DIR_MASK) != 0;
1499 switch (uurb->type) {
1500 case USBDEVFS_URB_TYPE_CONTROL:
1501 if (!usb_endpoint_xfer_control(&ep->desc))
1503 /* min 8 byte setup packet */
1504 if (uurb->buffer_length < 8)
1506 dr = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
1509 if (copy_from_user(dr, uurb->buffer, 8)) {
1513 if (uurb->buffer_length < (le16_to_cpup(&dr->wLength) + 8)) {
1517 ret = check_ctrlrecip(ps, dr->bRequestType, dr->bRequest,
1518 le16_to_cpup(&dr->wIndex));
1521 uurb->buffer_length = le16_to_cpup(&dr->wLength);
1523 if ((dr->bRequestType & USB_DIR_IN) && uurb->buffer_length) {
1525 uurb->endpoint |= USB_DIR_IN;
1528 uurb->endpoint &= ~USB_DIR_IN;
1532 snoop(&ps->dev->dev, "control urb: bRequestType=%02x "
1533 "bRequest=%02x wValue=%04x "
1534 "wIndex=%04x wLength=%04x\n",
1535 dr->bRequestType, dr->bRequest,
1536 __le16_to_cpup(&dr->wValue),
1537 __le16_to_cpup(&dr->wIndex),
1538 __le16_to_cpup(&dr->wLength));
1539 u = sizeof(struct usb_ctrlrequest);
1542 case USBDEVFS_URB_TYPE_BULK:
1547 switch (usb_endpoint_type(&ep->desc)) {
1548 case USB_ENDPOINT_XFER_CONTROL:
1549 case USB_ENDPOINT_XFER_ISOC:
1551 case USB_ENDPOINT_XFER_INT:
1552 /* allow single-shot interrupt transfers */
1553 uurb->type = USBDEVFS_URB_TYPE_INTERRUPT;
1556 num_sgs = DIV_ROUND_UP(uurb->buffer_length, USB_SG_SIZE);
1557 if (num_sgs == 1 || num_sgs > ps->dev->bus->sg_tablesize)
1560 stream_id = uurb->stream_id;
1563 case USBDEVFS_URB_TYPE_INTERRUPT:
1564 if (!usb_endpoint_xfer_int(&ep->desc))
1573 case USBDEVFS_URB_TYPE_ISO:
1574 /* arbitrary limit */
1575 if (uurb->number_of_packets < 1 ||
1576 uurb->number_of_packets > 128)
1578 if (!usb_endpoint_xfer_isoc(&ep->desc))
1580 number_of_packets = uurb->number_of_packets;
1581 isofrmlen = sizeof(struct usbdevfs_iso_packet_desc) *
1583 isopkt = memdup_user(iso_frame_desc, isofrmlen);
1584 if (IS_ERR(isopkt)) {
1585 ret = PTR_ERR(isopkt);
1589 for (totlen = u = 0; u < number_of_packets; u++) {
1591 * arbitrary limit need for USB 3.1 Gen2
1592 * sizemax: 96 DPs at SSP, 96 * 1024 = 98304
1594 if (isopkt[u].length > 98304) {
1598 totlen += isopkt[u].length;
1600 u *= sizeof(struct usb_iso_packet_descriptor);
1601 uurb->buffer_length = totlen;
1608 if (uurb->buffer_length > 0 &&
1609 !access_ok(uurb->buffer, uurb->buffer_length)) {
1613 as = alloc_async(number_of_packets);
1619 as->usbm = find_memory_area(ps, uurb);
1620 if (IS_ERR(as->usbm)) {
1621 ret = PTR_ERR(as->usbm);
1626 /* do not use SG buffers when memory mapped segments
1632 u += sizeof(struct async) + sizeof(struct urb) + uurb->buffer_length +
1633 num_sgs * sizeof(struct scatterlist);
1634 ret = usbfs_increase_memory_usage(u);
1640 as->urb->sg = kmalloc_array(num_sgs,
1641 sizeof(struct scatterlist),
1647 as->urb->num_sgs = num_sgs;
1648 sg_init_table(as->urb->sg, as->urb->num_sgs);
1650 totlen = uurb->buffer_length;
1651 for (i = 0; i < as->urb->num_sgs; i++) {
1652 u = (totlen > USB_SG_SIZE) ? USB_SG_SIZE : totlen;
1653 buf = kmalloc(u, GFP_KERNEL);
1658 sg_set_buf(&as->urb->sg[i], buf, u);
1661 if (copy_from_user(buf, uurb->buffer, u)) {
1669 } else if (uurb->buffer_length > 0) {
1671 unsigned long uurb_start = (unsigned long)uurb->buffer;
1673 as->urb->transfer_buffer = as->usbm->mem +
1674 (uurb_start - as->usbm->vm_start);
1676 as->urb->transfer_buffer = kmalloc(uurb->buffer_length,
1678 if (!as->urb->transfer_buffer) {
1683 if (copy_from_user(as->urb->transfer_buffer,
1685 uurb->buffer_length)) {
1689 } else if (uurb->type == USBDEVFS_URB_TYPE_ISO) {
1691 * Isochronous input data may end up being
1692 * discontiguous if some of the packets are
1693 * short. Clear the buffer so that the gaps
1694 * don't leak kernel data to userspace.
1696 memset(as->urb->transfer_buffer, 0,
1697 uurb->buffer_length);
1701 as->urb->dev = ps->dev;
1702 as->urb->pipe = (uurb->type << 30) |
1703 __create_pipe(ps->dev, uurb->endpoint & 0xf) |
1704 (uurb->endpoint & USB_DIR_IN);
1706 /* This tedious sequence is necessary because the URB_* flags
1707 * are internal to the kernel and subject to change, whereas
1708 * the USBDEVFS_URB_* flags are a user API and must not be changed.
1710 u = (is_in ? URB_DIR_IN : URB_DIR_OUT);
1711 if (uurb->flags & USBDEVFS_URB_ISO_ASAP)
1713 if (allow_short && uurb->flags & USBDEVFS_URB_SHORT_NOT_OK)
1714 u |= URB_SHORT_NOT_OK;
1715 if (allow_zero && uurb->flags & USBDEVFS_URB_ZERO_PACKET)
1716 u |= URB_ZERO_PACKET;
1717 if (uurb->flags & USBDEVFS_URB_NO_INTERRUPT)
1718 u |= URB_NO_INTERRUPT;
1719 as->urb->transfer_flags = u;
1721 if (!allow_short && uurb->flags & USBDEVFS_URB_SHORT_NOT_OK)
1722 dev_warn(&ps->dev->dev, "Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.\n");
1723 if (!allow_zero && uurb->flags & USBDEVFS_URB_ZERO_PACKET)
1724 dev_warn(&ps->dev->dev, "Requested nonsensical USBDEVFS_URB_ZERO_PACKET.\n");
1726 as->urb->transfer_buffer_length = uurb->buffer_length;
1727 as->urb->setup_packet = (unsigned char *)dr;
1729 as->urb->start_frame = uurb->start_frame;
1730 as->urb->number_of_packets = number_of_packets;
1731 as->urb->stream_id = stream_id;
1733 if (ep->desc.bInterval) {
1734 if (uurb->type == USBDEVFS_URB_TYPE_ISO ||
1735 ps->dev->speed == USB_SPEED_HIGH ||
1736 ps->dev->speed >= USB_SPEED_SUPER)
1737 as->urb->interval = 1 <<
1738 min(15, ep->desc.bInterval - 1);
1740 as->urb->interval = ep->desc.bInterval;
1743 as->urb->context = as;
1744 as->urb->complete = async_completed;
1745 for (totlen = u = 0; u < number_of_packets; u++) {
1746 as->urb->iso_frame_desc[u].offset = totlen;
1747 as->urb->iso_frame_desc[u].length = isopkt[u].length;
1748 totlen += isopkt[u].length;
1755 unsigned long uurb_start = (unsigned long)uurb->buffer;
1757 as->urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
1758 as->urb->transfer_dma = as->usbm->dma_handle +
1759 (uurb_start - as->usbm->vm_start);
1760 } else if (is_in && uurb->buffer_length > 0)
1761 as->userbuffer = uurb->buffer;
1762 as->signr = uurb->signr;
1764 as->pid = get_pid(task_pid(current));
1765 as->cred = get_current_cred();
1766 snoop_urb(ps->dev, as->userurb, as->urb->pipe,
1767 as->urb->transfer_buffer_length, 0, SUBMIT,
1770 snoop_urb_data(as->urb, as->urb->transfer_buffer_length);
1772 async_newpending(as);
1774 if (usb_endpoint_xfer_bulk(&ep->desc)) {
1775 spin_lock_irq(&ps->lock);
1777 /* Not exactly the endpoint address; the direction bit is
1778 * shifted to the 0x10 position so that the value will be
1781 as->bulk_addr = usb_endpoint_num(&ep->desc) |
1782 ((ep->desc.bEndpointAddress & USB_ENDPOINT_DIR_MASK)
1785 /* If this bulk URB is the start of a new transfer, re-enable
1786 * the endpoint. Otherwise mark it as a continuation URB.
1788 if (uurb->flags & USBDEVFS_URB_BULK_CONTINUATION)
1789 as->bulk_status = AS_CONTINUATION;
1791 ps->disabled_bulk_eps &= ~(1 << as->bulk_addr);
1793 /* Don't accept continuation URBs if the endpoint is
1794 * disabled because of an earlier error.
1796 if (ps->disabled_bulk_eps & (1 << as->bulk_addr))
1799 ret = usb_submit_urb(as->urb, GFP_ATOMIC);
1800 spin_unlock_irq(&ps->lock);
1802 ret = usb_submit_urb(as->urb, GFP_KERNEL);
1806 dev_printk(KERN_DEBUG, &ps->dev->dev,
1807 "usbfs: usb_submit_urb returned %d\n", ret);
1808 snoop_urb(ps->dev, as->userurb, as->urb->pipe,
1809 0, ret, COMPLETE, NULL, 0);
1810 async_removepending(as);
1817 dec_usb_memory_use_count(as->usbm, &as->usbm->urb_use_count);
1825 static int proc_submiturb(struct usb_dev_state *ps, void __user *arg)
1827 struct usbdevfs_urb uurb;
1829 if (copy_from_user(&uurb, arg, sizeof(uurb)))
1832 return proc_do_submiturb(ps, &uurb,
1833 (((struct usbdevfs_urb __user *)arg)->iso_frame_desc),
1837 static int proc_unlinkurb(struct usb_dev_state *ps, void __user *arg)
1841 unsigned long flags;
1843 spin_lock_irqsave(&ps->lock, flags);
1844 as = async_getpending(ps, arg);
1846 spin_unlock_irqrestore(&ps->lock, flags);
1852 spin_unlock_irqrestore(&ps->lock, flags);
1860 static void compute_isochronous_actual_length(struct urb *urb)
1864 if (urb->number_of_packets > 0) {
1865 urb->actual_length = 0;
1866 for (i = 0; i < urb->number_of_packets; i++)
1867 urb->actual_length +=
1868 urb->iso_frame_desc[i].actual_length;
1872 static int processcompl(struct async *as, void __user * __user *arg)
1874 struct urb *urb = as->urb;
1875 struct usbdevfs_urb __user *userurb = as->userurb;
1876 void __user *addr = as->userurb;
1879 compute_isochronous_actual_length(urb);
1880 if (as->userbuffer && urb->actual_length) {
1881 if (copy_urb_data_to_user(as->userbuffer, urb))
1884 if (put_user(as->status, &userurb->status))
1886 if (put_user(urb->actual_length, &userurb->actual_length))
1888 if (put_user(urb->error_count, &userurb->error_count))
1891 if (usb_endpoint_xfer_isoc(&urb->ep->desc)) {
1892 for (i = 0; i < urb->number_of_packets; i++) {
1893 if (put_user(urb->iso_frame_desc[i].actual_length,
1894 &userurb->iso_frame_desc[i].actual_length))
1896 if (put_user(urb->iso_frame_desc[i].status,
1897 &userurb->iso_frame_desc[i].status))
1902 if (put_user(addr, (void __user * __user *)arg))
1910 static struct async *reap_as(struct usb_dev_state *ps)
1912 DECLARE_WAITQUEUE(wait, current);
1913 struct async *as = NULL;
1914 struct usb_device *dev = ps->dev;
1916 add_wait_queue(&ps->wait, &wait);
1918 __set_current_state(TASK_INTERRUPTIBLE);
1919 as = async_getcompleted(ps);
1920 if (as || !connected(ps))
1922 if (signal_pending(current))
1924 usb_unlock_device(dev);
1926 usb_lock_device(dev);
1928 remove_wait_queue(&ps->wait, &wait);
1929 set_current_state(TASK_RUNNING);
1933 static int proc_reapurb(struct usb_dev_state *ps, void __user *arg)
1935 struct async *as = reap_as(ps);
1940 snoop(&ps->dev->dev, "reap %pK\n", as->userurb);
1941 retval = processcompl(as, (void __user * __user *)arg);
1945 if (signal_pending(current))
1950 static int proc_reapurbnonblock(struct usb_dev_state *ps, void __user *arg)
1955 as = async_getcompleted(ps);
1957 snoop(&ps->dev->dev, "reap %pK\n", as->userurb);
1958 retval = processcompl(as, (void __user * __user *)arg);
1961 retval = (connected(ps) ? -EAGAIN : -ENODEV);
1966 #ifdef CONFIG_COMPAT
1967 static int proc_control_compat(struct usb_dev_state *ps,
1968 struct usbdevfs_ctrltransfer32 __user *p32)
1970 struct usbdevfs_ctrltransfer __user *p;
1972 p = compat_alloc_user_space(sizeof(*p));
1973 if (copy_in_user(p, p32, (sizeof(*p32) - sizeof(compat_caddr_t))) ||
1974 get_user(udata, &p32->data) ||
1975 put_user(compat_ptr(udata), &p->data))
1977 return proc_control(ps, p);
1980 static int proc_bulk_compat(struct usb_dev_state *ps,
1981 struct usbdevfs_bulktransfer32 __user *p32)
1983 struct usbdevfs_bulktransfer __user *p;
1985 compat_caddr_t addr;
1987 p = compat_alloc_user_space(sizeof(*p));
1989 if (get_user(n, &p32->ep) || put_user(n, &p->ep) ||
1990 get_user(n, &p32->len) || put_user(n, &p->len) ||
1991 get_user(n, &p32->timeout) || put_user(n, &p->timeout) ||
1992 get_user(addr, &p32->data) || put_user(compat_ptr(addr), &p->data))
1995 return proc_bulk(ps, p);
1997 static int proc_disconnectsignal_compat(struct usb_dev_state *ps, void __user *arg)
1999 struct usbdevfs_disconnectsignal32 ds;
2001 if (copy_from_user(&ds, arg, sizeof(ds)))
2003 ps->discsignr = ds.signr;
2004 ps->disccontext = compat_ptr(ds.context);
2008 static int get_urb32(struct usbdevfs_urb *kurb,
2009 struct usbdevfs_urb32 __user *uurb)
2011 struct usbdevfs_urb32 urb32;
2012 if (copy_from_user(&urb32, uurb, sizeof(*uurb)))
2014 kurb->type = urb32.type;
2015 kurb->endpoint = urb32.endpoint;
2016 kurb->status = urb32.status;
2017 kurb->flags = urb32.flags;
2018 kurb->buffer = compat_ptr(urb32.buffer);
2019 kurb->buffer_length = urb32.buffer_length;
2020 kurb->actual_length = urb32.actual_length;
2021 kurb->start_frame = urb32.start_frame;
2022 kurb->number_of_packets = urb32.number_of_packets;
2023 kurb->error_count = urb32.error_count;
2024 kurb->signr = urb32.signr;
2025 kurb->usercontext = compat_ptr(urb32.usercontext);
2029 static int proc_submiturb_compat(struct usb_dev_state *ps, void __user *arg)
2031 struct usbdevfs_urb uurb;
2033 if (get_urb32(&uurb, (struct usbdevfs_urb32 __user *)arg))
2036 return proc_do_submiturb(ps, &uurb,
2037 ((struct usbdevfs_urb32 __user *)arg)->iso_frame_desc,
2041 static int processcompl_compat(struct async *as, void __user * __user *arg)
2043 struct urb *urb = as->urb;
2044 struct usbdevfs_urb32 __user *userurb = as->userurb;
2045 void __user *addr = as->userurb;
2048 compute_isochronous_actual_length(urb);
2049 if (as->userbuffer && urb->actual_length) {
2050 if (copy_urb_data_to_user(as->userbuffer, urb))
2053 if (put_user(as->status, &userurb->status))
2055 if (put_user(urb->actual_length, &userurb->actual_length))
2057 if (put_user(urb->error_count, &userurb->error_count))
2060 if (usb_endpoint_xfer_isoc(&urb->ep->desc)) {
2061 for (i = 0; i < urb->number_of_packets; i++) {
2062 if (put_user(urb->iso_frame_desc[i].actual_length,
2063 &userurb->iso_frame_desc[i].actual_length))
2065 if (put_user(urb->iso_frame_desc[i].status,
2066 &userurb->iso_frame_desc[i].status))
2071 if (put_user(ptr_to_compat(addr), (u32 __user *)arg))
2076 static int proc_reapurb_compat(struct usb_dev_state *ps, void __user *arg)
2078 struct async *as = reap_as(ps);
2083 snoop(&ps->dev->dev, "reap %pK\n", as->userurb);
2084 retval = processcompl_compat(as, (void __user * __user *)arg);
2088 if (signal_pending(current))
2093 static int proc_reapurbnonblock_compat(struct usb_dev_state *ps, void __user *arg)
2098 as = async_getcompleted(ps);
2100 snoop(&ps->dev->dev, "reap %pK\n", as->userurb);
2101 retval = processcompl_compat(as, (void __user * __user *)arg);
2104 retval = (connected(ps) ? -EAGAIN : -ENODEV);
2112 static int proc_disconnectsignal(struct usb_dev_state *ps, void __user *arg)
2114 struct usbdevfs_disconnectsignal ds;
2116 if (copy_from_user(&ds, arg, sizeof(ds)))
2118 ps->discsignr = ds.signr;
2119 ps->disccontext = ds.context;
2123 static int proc_claiminterface(struct usb_dev_state *ps, void __user *arg)
2127 if (get_user(ifnum, (unsigned int __user *)arg))
2129 return claimintf(ps, ifnum);
2132 static int proc_releaseinterface(struct usb_dev_state *ps, void __user *arg)
2137 if (get_user(ifnum, (unsigned int __user *)arg))
2139 ret = releaseintf(ps, ifnum);
2142 destroy_async_on_interface(ps, ifnum);
2146 static int proc_ioctl(struct usb_dev_state *ps, struct usbdevfs_ioctl *ctl)
2151 struct usb_interface *intf = NULL;
2152 struct usb_driver *driver = NULL;
2154 if (ps->privileges_dropped)
2161 size = _IOC_SIZE(ctl->ioctl_code);
2163 buf = kmalloc(size, GFP_KERNEL);
2166 if ((_IOC_DIR(ctl->ioctl_code) & _IOC_WRITE)) {
2167 if (copy_from_user(buf, ctl->data, size)) {
2172 memset(buf, 0, size);
2176 if (ps->dev->state != USB_STATE_CONFIGURED)
2177 retval = -EHOSTUNREACH;
2178 else if (!(intf = usb_ifnum_to_if(ps->dev, ctl->ifno)))
2180 else switch (ctl->ioctl_code) {
2182 /* disconnect kernel driver from interface */
2183 case USBDEVFS_DISCONNECT:
2184 if (intf->dev.driver) {
2185 driver = to_usb_driver(intf->dev.driver);
2186 dev_dbg(&intf->dev, "disconnect by usbfs\n");
2187 usb_driver_release_interface(driver, intf);
2192 /* let kernel drivers try to (re)bind to the interface */
2193 case USBDEVFS_CONNECT:
2194 if (!intf->dev.driver)
2195 retval = device_attach(&intf->dev);
2200 /* talk directly to the interface's driver */
2202 if (intf->dev.driver)
2203 driver = to_usb_driver(intf->dev.driver);
2204 if (driver == NULL || driver->unlocked_ioctl == NULL) {
2207 retval = driver->unlocked_ioctl(intf, ctl->ioctl_code, buf);
2208 if (retval == -ENOIOCTLCMD)
2213 /* cleanup and return */
2215 && (_IOC_DIR(ctl->ioctl_code) & _IOC_READ) != 0
2217 && copy_to_user(ctl->data, buf, size) != 0)
2224 static int proc_ioctl_default(struct usb_dev_state *ps, void __user *arg)
2226 struct usbdevfs_ioctl ctrl;
2228 if (copy_from_user(&ctrl, arg, sizeof(ctrl)))
2230 return proc_ioctl(ps, &ctrl);
2233 #ifdef CONFIG_COMPAT
2234 static int proc_ioctl_compat(struct usb_dev_state *ps, compat_uptr_t arg)
2236 struct usbdevfs_ioctl32 ioc32;
2237 struct usbdevfs_ioctl ctrl;
2239 if (copy_from_user(&ioc32, compat_ptr(arg), sizeof(ioc32)))
2241 ctrl.ifno = ioc32.ifno;
2242 ctrl.ioctl_code = ioc32.ioctl_code;
2243 ctrl.data = compat_ptr(ioc32.data);
2244 return proc_ioctl(ps, &ctrl);
2248 static int proc_claim_port(struct usb_dev_state *ps, void __user *arg)
2253 if (get_user(portnum, (unsigned __user *) arg))
2255 rc = usb_hub_claim_port(ps->dev, portnum, ps);
2257 snoop(&ps->dev->dev, "port %d claimed by process %d: %s\n",
2258 portnum, task_pid_nr(current), current->comm);
2262 static int proc_release_port(struct usb_dev_state *ps, void __user *arg)
2266 if (get_user(portnum, (unsigned __user *) arg))
2268 return usb_hub_release_port(ps->dev, portnum, ps);
2271 static int proc_get_capabilities(struct usb_dev_state *ps, void __user *arg)
2275 caps = USBDEVFS_CAP_ZERO_PACKET | USBDEVFS_CAP_NO_PACKET_SIZE_LIM |
2276 USBDEVFS_CAP_REAP_AFTER_DISCONNECT | USBDEVFS_CAP_MMAP |
2277 USBDEVFS_CAP_DROP_PRIVILEGES | USBDEVFS_CAP_CONNINFO_EX;
2278 if (!ps->dev->bus->no_stop_on_short)
2279 caps |= USBDEVFS_CAP_BULK_CONTINUATION;
2280 if (ps->dev->bus->sg_tablesize)
2281 caps |= USBDEVFS_CAP_BULK_SCATTER_GATHER;
2283 if (put_user(caps, (__u32 __user *)arg))
2289 static int proc_disconnect_claim(struct usb_dev_state *ps, void __user *arg)
2291 struct usbdevfs_disconnect_claim dc;
2292 struct usb_interface *intf;
2294 if (copy_from_user(&dc, arg, sizeof(dc)))
2297 intf = usb_ifnum_to_if(ps->dev, dc.interface);
2301 if (intf->dev.driver) {
2302 struct usb_driver *driver = to_usb_driver(intf->dev.driver);
2304 if (ps->privileges_dropped)
2307 if ((dc.flags & USBDEVFS_DISCONNECT_CLAIM_IF_DRIVER) &&
2308 strncmp(dc.driver, intf->dev.driver->name,
2309 sizeof(dc.driver)) != 0)
2312 if ((dc.flags & USBDEVFS_DISCONNECT_CLAIM_EXCEPT_DRIVER) &&
2313 strncmp(dc.driver, intf->dev.driver->name,
2314 sizeof(dc.driver)) == 0)
2317 dev_dbg(&intf->dev, "disconnect by usbfs\n");
2318 usb_driver_release_interface(driver, intf);
2321 return claimintf(ps, dc.interface);
2324 static int proc_alloc_streams(struct usb_dev_state *ps, void __user *arg)
2326 unsigned num_streams, num_eps;
2327 struct usb_host_endpoint **eps;
2328 struct usb_interface *intf;
2331 r = parse_usbdevfs_streams(ps, arg, &num_streams, &num_eps,
2336 destroy_async_on_interface(ps,
2337 intf->altsetting[0].desc.bInterfaceNumber);
2339 r = usb_alloc_streams(intf, eps, num_eps, num_streams, GFP_KERNEL);
2344 static int proc_free_streams(struct usb_dev_state *ps, void __user *arg)
2347 struct usb_host_endpoint **eps;
2348 struct usb_interface *intf;
2351 r = parse_usbdevfs_streams(ps, arg, NULL, &num_eps, &eps, &intf);
2355 destroy_async_on_interface(ps,
2356 intf->altsetting[0].desc.bInterfaceNumber);
2358 r = usb_free_streams(intf, eps, num_eps, GFP_KERNEL);
2363 static int proc_drop_privileges(struct usb_dev_state *ps, void __user *arg)
2367 if (copy_from_user(&data, arg, sizeof(data)))
2370 /* This is a one way operation. Once privileges are
2371 * dropped, you cannot regain them. You may however reissue
2372 * this ioctl to shrink the allowed interfaces mask.
2374 ps->interface_allowed_mask &= data;
2375 ps->privileges_dropped = true;
2381 * NOTE: All requests here that have interface numbers as parameters
2382 * are assuming that somehow the configuration has been prevented from
2383 * changing. But there's no mechanism to ensure that...
2385 static long usbdev_do_ioctl(struct file *file, unsigned int cmd,
2388 struct usb_dev_state *ps = file->private_data;
2389 struct inode *inode = file_inode(file);
2390 struct usb_device *dev = ps->dev;
2393 if (!(file->f_mode & FMODE_WRITE))
2396 usb_lock_device(dev);
2398 /* Reap operations are allowed even after disconnection */
2400 case USBDEVFS_REAPURB:
2401 snoop(&dev->dev, "%s: REAPURB\n", __func__);
2402 ret = proc_reapurb(ps, p);
2405 case USBDEVFS_REAPURBNDELAY:
2406 snoop(&dev->dev, "%s: REAPURBNDELAY\n", __func__);
2407 ret = proc_reapurbnonblock(ps, p);
2410 #ifdef CONFIG_COMPAT
2411 case USBDEVFS_REAPURB32:
2412 snoop(&dev->dev, "%s: REAPURB32\n", __func__);
2413 ret = proc_reapurb_compat(ps, p);
2416 case USBDEVFS_REAPURBNDELAY32:
2417 snoop(&dev->dev, "%s: REAPURBNDELAY32\n", __func__);
2418 ret = proc_reapurbnonblock_compat(ps, p);
2423 if (!connected(ps)) {
2424 usb_unlock_device(dev);
2429 case USBDEVFS_CONTROL:
2430 snoop(&dev->dev, "%s: CONTROL\n", __func__);
2431 ret = proc_control(ps, p);
2433 inode->i_mtime = current_time(inode);
2437 snoop(&dev->dev, "%s: BULK\n", __func__);
2438 ret = proc_bulk(ps, p);
2440 inode->i_mtime = current_time(inode);
2443 case USBDEVFS_RESETEP:
2444 snoop(&dev->dev, "%s: RESETEP\n", __func__);
2445 ret = proc_resetep(ps, p);
2447 inode->i_mtime = current_time(inode);
2450 case USBDEVFS_RESET:
2451 snoop(&dev->dev, "%s: RESET\n", __func__);
2452 ret = proc_resetdevice(ps);
2455 case USBDEVFS_CLEAR_HALT:
2456 snoop(&dev->dev, "%s: CLEAR_HALT\n", __func__);
2457 ret = proc_clearhalt(ps, p);
2459 inode->i_mtime = current_time(inode);
2462 case USBDEVFS_GETDRIVER:
2463 snoop(&dev->dev, "%s: GETDRIVER\n", __func__);
2464 ret = proc_getdriver(ps, p);
2467 case USBDEVFS_CONNECTINFO:
2468 snoop(&dev->dev, "%s: CONNECTINFO\n", __func__);
2469 ret = proc_connectinfo(ps, p);
2472 case USBDEVFS_SETINTERFACE:
2473 snoop(&dev->dev, "%s: SETINTERFACE\n", __func__);
2474 ret = proc_setintf(ps, p);
2477 case USBDEVFS_SETCONFIGURATION:
2478 snoop(&dev->dev, "%s: SETCONFIGURATION\n", __func__);
2479 ret = proc_setconfig(ps, p);
2482 case USBDEVFS_SUBMITURB:
2483 snoop(&dev->dev, "%s: SUBMITURB\n", __func__);
2484 ret = proc_submiturb(ps, p);
2486 inode->i_mtime = current_time(inode);
2489 #ifdef CONFIG_COMPAT
2490 case USBDEVFS_CONTROL32:
2491 snoop(&dev->dev, "%s: CONTROL32\n", __func__);
2492 ret = proc_control_compat(ps, p);
2494 inode->i_mtime = current_time(inode);
2497 case USBDEVFS_BULK32:
2498 snoop(&dev->dev, "%s: BULK32\n", __func__);
2499 ret = proc_bulk_compat(ps, p);
2501 inode->i_mtime = current_time(inode);
2504 case USBDEVFS_DISCSIGNAL32:
2505 snoop(&dev->dev, "%s: DISCSIGNAL32\n", __func__);
2506 ret = proc_disconnectsignal_compat(ps, p);
2509 case USBDEVFS_SUBMITURB32:
2510 snoop(&dev->dev, "%s: SUBMITURB32\n", __func__);
2511 ret = proc_submiturb_compat(ps, p);
2513 inode->i_mtime = current_time(inode);
2516 case USBDEVFS_IOCTL32:
2517 snoop(&dev->dev, "%s: IOCTL32\n", __func__);
2518 ret = proc_ioctl_compat(ps, ptr_to_compat(p));
2522 case USBDEVFS_DISCARDURB:
2523 snoop(&dev->dev, "%s: DISCARDURB %pK\n", __func__, p);
2524 ret = proc_unlinkurb(ps, p);
2527 case USBDEVFS_DISCSIGNAL:
2528 snoop(&dev->dev, "%s: DISCSIGNAL\n", __func__);
2529 ret = proc_disconnectsignal(ps, p);
2532 case USBDEVFS_CLAIMINTERFACE:
2533 snoop(&dev->dev, "%s: CLAIMINTERFACE\n", __func__);
2534 ret = proc_claiminterface(ps, p);
2537 case USBDEVFS_RELEASEINTERFACE:
2538 snoop(&dev->dev, "%s: RELEASEINTERFACE\n", __func__);
2539 ret = proc_releaseinterface(ps, p);
2542 case USBDEVFS_IOCTL:
2543 snoop(&dev->dev, "%s: IOCTL\n", __func__);
2544 ret = proc_ioctl_default(ps, p);
2547 case USBDEVFS_CLAIM_PORT:
2548 snoop(&dev->dev, "%s: CLAIM_PORT\n", __func__);
2549 ret = proc_claim_port(ps, p);
2552 case USBDEVFS_RELEASE_PORT:
2553 snoop(&dev->dev, "%s: RELEASE_PORT\n", __func__);
2554 ret = proc_release_port(ps, p);
2556 case USBDEVFS_GET_CAPABILITIES:
2557 ret = proc_get_capabilities(ps, p);
2559 case USBDEVFS_DISCONNECT_CLAIM:
2560 ret = proc_disconnect_claim(ps, p);
2562 case USBDEVFS_ALLOC_STREAMS:
2563 ret = proc_alloc_streams(ps, p);
2565 case USBDEVFS_FREE_STREAMS:
2566 ret = proc_free_streams(ps, p);
2568 case USBDEVFS_DROP_PRIVILEGES:
2569 ret = proc_drop_privileges(ps, p);
2571 case USBDEVFS_GET_SPEED:
2572 ret = ps->dev->speed;
2576 /* Handle variable-length commands */
2577 switch (cmd & ~IOCSIZE_MASK) {
2578 case USBDEVFS_CONNINFO_EX(0):
2579 ret = proc_conninfo_ex(ps, p, _IOC_SIZE(cmd));
2584 usb_unlock_device(dev);
2586 inode->i_atime = current_time(inode);
2590 static long usbdev_ioctl(struct file *file, unsigned int cmd,
2595 ret = usbdev_do_ioctl(file, cmd, (void __user *)arg);
2600 #ifdef CONFIG_COMPAT
2601 static long usbdev_compat_ioctl(struct file *file, unsigned int cmd,
2606 ret = usbdev_do_ioctl(file, cmd, compat_ptr(arg));
2612 /* No kernel lock - fine */
2613 static __poll_t usbdev_poll(struct file *file,
2614 struct poll_table_struct *wait)
2616 struct usb_dev_state *ps = file->private_data;
2619 poll_wait(file, &ps->wait, wait);
2620 if (file->f_mode & FMODE_WRITE && !list_empty(&ps->async_completed))
2621 mask |= EPOLLOUT | EPOLLWRNORM;
2624 if (list_empty(&ps->list))
2629 const struct file_operations usbdev_file_operations = {
2630 .owner = THIS_MODULE,
2631 .llseek = no_seek_end_llseek,
2632 .read = usbdev_read,
2633 .poll = usbdev_poll,
2634 .unlocked_ioctl = usbdev_ioctl,
2635 #ifdef CONFIG_COMPAT
2636 .compat_ioctl = usbdev_compat_ioctl,
2638 .mmap = usbdev_mmap,
2639 .open = usbdev_open,
2640 .release = usbdev_release,
2643 static void usbdev_remove(struct usb_device *udev)
2645 struct usb_dev_state *ps;
2646 struct kernel_siginfo sinfo;
2648 while (!list_empty(&udev->filelist)) {
2649 ps = list_entry(udev->filelist.next, struct usb_dev_state, list);
2650 destroy_all_async(ps);
2651 wake_up_all(&ps->wait);
2652 list_del_init(&ps->list);
2653 if (ps->discsignr) {
2654 clear_siginfo(&sinfo);
2655 sinfo.si_signo = ps->discsignr;
2656 sinfo.si_errno = EPIPE;
2657 sinfo.si_code = SI_ASYNCIO;
2658 sinfo.si_addr = ps->disccontext;
2659 kill_pid_info_as_cred(ps->discsignr, &sinfo,
2660 ps->disc_pid, ps->cred);
2665 static int usbdev_notify(struct notifier_block *self,
2666 unsigned long action, void *dev)
2669 case USB_DEVICE_ADD:
2671 case USB_DEVICE_REMOVE:
2678 static struct notifier_block usbdev_nb = {
2679 .notifier_call = usbdev_notify,
2682 static struct cdev usb_device_cdev;
2684 int __init usb_devio_init(void)
2688 retval = register_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX,
2691 printk(KERN_ERR "Unable to register minors for usb_device\n");
2694 cdev_init(&usb_device_cdev, &usbdev_file_operations);
2695 retval = cdev_add(&usb_device_cdev, USB_DEVICE_DEV, USB_DEVICE_MAX);
2697 printk(KERN_ERR "Unable to get usb_device major %d\n",
2701 usb_register_notify(&usbdev_nb);
2706 unregister_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX);
2710 void usb_devio_cleanup(void)
2712 usb_unregister_notify(&usbdev_nb);
2713 cdev_del(&usb_device_cdev);
2714 unregister_chrdev_region(USB_DEVICE_DEV, USB_DEVICE_MAX);