- 11 11月, 2010 1 次提交
-
-
由 Vasiliy Kulikov 提交于
Structure usbdevfs_connectinfo is copied to userland with padding byted after "slow" field uninitialized. It leads to leaking of contents of kernel stack memory. Signed-off-by: NVasiliy Kulikov <segooon@gmail.com> Cc: stable <stable@kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
- 11 8月, 2010 1 次提交
-
-
由 Andi Kleen 提交于
And audit all the users. None needed the BKL. That was easy because there was only very few around. Tested with allmodconfig build on x86-64 Signed-off-by: NAndi Kleen <ak@linux.intel.com> Cc: Arnd Bergmann <arnd@arndb.de> From: Andi Kleen <ak@linux.intel.com>
-
- 21 5月, 2010 1 次提交
-
-
由 Eric Lescouet 提交于
The usbcore headers: hcd.h and hub.h are shared between usbcore, HCDs and a couple of other drivers (e.g. USBIP modules). So, it makes sense to move them into a more public location and to cleanup dependency of those modules on kernel internal headers. This patch moves hcd.h from drivers/usb/core into include/linux/usb/ Signed-of-by: NEric Lescouet <eric@lescouet.org> Cc: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
- 19 3月, 2010 1 次提交
-
-
由 Alan Stern 提交于
This patch (as1352) fixes a bug in the way isochronous input data is returned to userspace for usbfs transfers. The entire buffer must be copied, not just the first actual_length bytes, because the individual packets will be discontiguous if any of them are short. Reported-by: NMarkus Rechberger <mrechberger@gmail.com> Signed-off-by: NAlan Stern <stern@rowland.harvard.edu> CC: stable <stable@kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
- 03 3月, 2010 7 次提交
-
-
由 Chris Frey 提交于
Uses the new snoop function from commit 4c6e8971, but includes the buffer data where appropriate, as before. Signed-off-by: NChris Frey <cdfrey@foursquare.net> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 Oliver Neukum 提交于
Total removal from the ioctl code path except for the outcall to external modules. Locking is ensured by the normal locks of usbfs. Signed-off-by: NOliver Neukum <oliver@neukum.org> Cc: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 Oliver Neukum 提交于
This pushes BKL down in ioctl handling and drops it for some important ioctls Signed-off-by: NOliver Neukum <oliver@neukum.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 Oliver Neukum 提交于
Replace it by mutex_lock(&file->f_dentry->d_inode->i_mutex); following the example of the generic method Signed-off-by: NOliver Neukum <oliver@neukum.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 Oliver Neukum 提交于
Locking had long been changed making BKL redundant. Simply remove it. Signed-off-by: NOliver Neukum <oliver@neukum.org> Cc: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 Alan Stern 提交于
This patch (as1323) changes the locking requirements for usb_autosuspend_device(), usb_autoresume_device(), and usb_try_autosuspend_device(). This isn't a very important change; mainly it's meant to make the locking more uniform. The most tricky part of the patch involves changes to usbdev_open(). To avoid an ABBA locking problem, it was necessary to reduce the region protected by usbfs_mutex. Since that mutex now protects only against simultaneous open and remove, this posed no difficulty -- its scope was larger than necessary. And it turns out that usbfs_mutex is no longer needed in usbdev_release() at all. The list of usbfs "ps" structures is now protected by the device lock instead of by usbfs_mutex. Signed-off-by: NAlan Stern <stern@rowland.harvard.edu> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 Alan Stern 提交于
This patch (as1316) adds some error checking to usb_submit_urb(). It's conditional on CONFIG_USB_DEBUG, so it won't affect normal users. The new check makes sure that the actual type of the endpoint described by urb->pipe agrees with the type encoded in the pipe value. The USB error code documentation is updated to include the code returned by the new check, and the usbfs SUBMITURB handler is updated to use the correct pipe type when legacy user code tries to submit a bulk transfer to an interrupt endpoint. Signed-off-by: NAlan Stern <stern@rowland.harvard.edu> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
- 17 2月, 2010 2 次提交
-
-
由 Linus Torvalds 提交于
I notice that the processcompl_compat() function seems to be leaking the 'struct async *as' in the error paths. I think that the calling convention is fundamentally buggered. The caller is the one that did the "reap_as()" to get the as thing, the caller should be the one to free it too. Freeing it in the caller also means that it very clearly always gets freed, and avoids the need for any "free in the error case too". From: Linus Torvalds <torvalds@linux-foundation.org> Cc: Alan Stern <stern@rowland.harvard.edu> Cc: Marcus Meissner <meissner@suse.de> Cc: stable <stable@kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 Greg KH 提交于
We need to only copy the data received by the device to userspace, not the whole kernel buffer, which can contain "stale" data. Thanks to Marcus Meissner for pointing this out and testing the fix. Reported-by: NMarcus Meissner <meissner@suse.de> Tested-by: NMarcus Meissner <meissner@suse.de> Cc: Alan Stern <stern@rowland.harvard.edu> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: stable <stable@kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
- 11 12月, 2009 1 次提交
-
-
由 Arnd Bergmann 提交于
Half the compat_ioctl handling is in devio.c, the other half is in fs/compat_ioctl.c. This moves everything into one place for consistency. As a positive side-effect, push down the BKL into the ioctl methods. Signed-off-by: NArnd Bergmann <arnd@arndb.de> Acked-by: NGreg Kroah-Hartman <gregkh@suse.de> Cc: Alan Stern <stern@rowland.harvard.edu> Cc: Oliver Neukum <oliver@neukum.org> Cc: Alon Bar-Lev <alon.barlev@gmail.com> Cc: David Vrabel <david.vrabel@csr.com> Cc: linux-usb@vger.kernel.org
-
- 23 9月, 2009 4 次提交
-
-
由 Alan Stern 提交于
This patch (as1283) adds a new flag, USBDEVFS_URB_BULK_CONTINUATION, to usbfs. It is intended for userspace libraries such as libusb and openusb. When they have to break up a single usbfs bulk transfer into multiple URBs, they will set the flag on all but the first URB of the series. If an error other than an unlink occurs, the kernel will automatically cancel all the following URBs for the same endpoint and refuse to accept new submissions, until an URB is encountered that is not marked as a BULK_CONTINUATION. Such an URB would indicate the start of a new transfer or the presence of an older library, so the kernel returns to normal operation. This enables libraries to delimit bulk transfers correctly, even in the presence of early termination as indicated by short packets. Signed-off-by: NAlan Stern <stern@rowland.harvard.edu> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 Markus Rechberger 提交于
The current limit only allows isochronous transfers up to 32kbyte/urb, updating this to 192 kbyte/urb improves the reliability of the transfer. USB 2.0 transfer is possible with 32kbyte but increases the chance of corrupted/incomplete data when the system is performing some other tasks in the background. http://www.spinics.net/lists/linux-usb/msg19955.htmlSigned-off-by: NMarkus Rechberger <mrechberger@gmail.com> Cc: Oliver Neukum <oliver@neukum.org> Cc: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 Alan Stern 提交于
This patch (as1261) reduces the amount of detailed URB information logged by usbfs when the usbfs_snoop parameter is enabled. Currently we don't display the final status value for a completed URB. But we do display the entire data buffer twice: both before submission and after completion. The after-completion display doesn't limit itself to the actual_length value. But since usbmon is readily available in virtually all distributions, there's no reason for usbfs to print out any buffer contents at all! So this patch restricts the information to: userspace buffer pointer, endpoint number, type, and direction, length or actual_length, and timeout value or status. Now everything fits neatly into a single line. Along with those changes, the patch also fixes the snoop output for the REAPURBNDELAY and REAPURBNDELAY32 ioctls. The current version omits the 'N' from the names. Signed-off-by: NAlan Stern <stern@rowland.harvard.edu> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 Alan Stern 提交于
This patch (as1258) implements a feature that users have been asking for: It gives programs the ability to "claim" a port on a hub, via a new usbfs ioctl. A device plugged into a "claimed" port will not be touched by the kernel beyond the immediate necessities of initialization and enumeration. In particular, when a device is plugged into a "claimed" port, the kernel will not select and install a configuration. And when a config is installed by usbfs or sysfs, the kernel will not probe any drivers for any of the interfaces. (However the kernel will fetch various string descriptors during enumeration. One could argue that this isn't really necessary, but the strings are exported in sysfs.) The patch does not guarantee exclusive access to these devices; it is still possible for more than one program to open the device file concurrently. Programs are responsible for coordinating access among themselves. A demonstration program showing how to use the new interface can be found in an attachment to http://marc.info/?l=linux-usb&m=124345857431452&w=2 The patch also makes a small simplification to the hub driver, replacing a bunch of more-or-less useless variants of "out of memory" with a single message. Signed-off-by: NAlan Stern <stern@rowland.harvard.edu> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
- 08 8月, 2009 2 次提交
-
-
由 Alan Stern 提交于
This patch (as1272) changes the error code returned when an open call for a USB device node fails to locate the corresponding device. The appropriate error code is -ENODEV, not -ENOENT. Signed-off-by: NAlan Stern <stern@rowland.harvard.edu> CC: Kay Sievers <kay.sievers@vrfy.org> Cc: stable <stable@kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 Michael Buesch 提交于
access_ok() checks must be done on every part of the userspace structure that is accessed. If access_ok() on one part of the struct succeeded, it does not imply it will succeed on other parts of the struct. (Does depend on the architecture implementation of access_ok()). This changes the __get_user() users to first check access_ok() on the data structure. Signed-off-by: NMichael Buesch <mb@bu3sch.de> Cc: stable <stable@kernel.org> Cc: Pete Zaitcev <zaitcev@redhat.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
- 13 7月, 2009 3 次提交
-
-
由 Alan Stern 提交于
This patch (as1262) fixes a bug in usbfs: It refuses to accept zero-length transfers, and it insists that the buffer pointer be valid even if there is no data being transferred. The patch also consolidates a bunch of repetitive access_ok() checks into a single check, which incidentally fixes the lack of such a check for Isochronous URBs. Signed-off-by: NAlan Stern <stern@rowland.harvard.edu> Cc: stable <stable@kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 Oliver Neukum 提交于
this fixes a race between async_completed() and proc_reapurbnonblock(). CPU A CPU B spin_lock(&ps->lock); list_move_tail(&as->asynclist, &ps->async_completed); spin_unlock(&ps->lock); if (!(as = async_getcompleted(ps))) return -EAGAIN; return processcompl(as, (void __user * __user *)arg); processcompl() calls free_async() which calls kfree(as) as->status = urb->status; if (as->signr) { sinfo.si_signo = as->signr; sinfo.si_errno = as->status; sinfo.si_code = SI_ASYNCIO; sinfo.si_addr = as->userurb; kill_pid_info_as_uid(as->signr, &sinfo, as->pid, as->uid, as->euid, as->secid); } snoop(&urb->dev->dev, "urb complete\n"); snoop_urb(urb, as->userurb); write after kfree Signed-off-by: NOliver Neukum <oliver@neukum.org>
-
由 Oliver Neukum 提交于
This patch fixes a memory leak in devio.c::processcompl If writing to user space fails the packet must be discarded, as it already has been removed from the queue of completed packets. Signed-off-by: NOliver Neukum <oliver@neukum.org> Cc: stable <stable@kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
- 18 4月, 2009 1 次提交
-
-
由 David Vrabel 提交于
Wireless USB endpoint state has a sequence number and a current window and not just a single toggle bit. So allow HCDs to provide a endpoint_reset method and call this or clear the software toggles as required (after a clear halt, set configuration etc.). usb_settoggle() and friends are then HCD internal and are moved into core/hcd.h and all device drivers call usb_reset_endpoint() instead. If the device endpoint state has been reset (with a clear halt) but the host endpoint state has not then subsequent data transfers will not complete. The device will only work again after it is reset or disconnected. Signed-off-by: NDavid Vrabel <david.vrabel@csr.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
- 25 3月, 2009 3 次提交
-
-
由 Roel Kluin 提交于
transfer_buffer_length and actual_length have become unsigned, therefore some additional conversion of local variables, function arguments and print specifications is desired. A test for a negative urb->transfer_buffer_length became obsolete; instead we ensure that it does not exceed INT_MAX. Also, urb->actual_length is always less than urb->transfer_buffer_length. rh_string() does no longer return -EPIPE in the case of an unsupported ID. Instead its only caller, rh_call_control() does the check. Signed-off-by: NRoel Kluin <roel.kluin@gmail.com> Acked-by: NAlan Stern <stern@rowland.harvard.edu> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 Alan Stern 提交于
This patch (as1223) removes a bunch of unnecessary "inline" annotations from the usbfs driver. Signed-off-by: NAlan Stern <stern@rowland.harvard.edu> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 David Vrabel 提交于
To permit a userspace application to associate with WUSB devices using numeric association, control transfers to unauthenticated WUSB devices must be allowed. This requires that wusbcore correctly sets the device state to UNAUTHENTICATED, DEFAULT and ADDRESS and that control transfers can be performed to UNAUTHENTICATED devices. Signed-off-by: NDavid Vrabel <david.vrabel@csr.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
- 18 3月, 2009 1 次提交
-
-
由 Alan Stern 提交于
The usbfs driver manages a list of completed asynchronous URBs. But it is too eager to free the entries on this list: destroy_async() gets called whenever an interface is unbound or a device is removed, and it deallocates the outstanding struct async entries for all URBs on that interface or device. This is wrong; the user program should be able to reap an URB any time after it has completed, regardless of whether or not the interface is still bound or the device is still present. This patch (as1222) moves the code for deallocating the completed list entries from destroy_async() to usbdev_release(). The outstanding entries won't be freed until the user program has closed the device file, thereby eliminating any possibility that the remaining URBs might still be reaped. This fixes a bug in which a program can hang in the USBDEVFS_REAPURB ioctl when the device is unplugged. Reported-and-tested-by: NMartin Poupe <martin.poupe@upek.com> Signed-off-by: NAlan Stern <stern@rowland.harvard.edu> Cc: stable <stable@kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
- 28 1月, 2009 1 次提交
-
-
由 Alan Stern 提交于
This patch (as1198) fixes a conceptual bug: Somewhere along the line we managed to confuse USB class devices with USB char devices. As a result, the code to send a disconnect signal to userspace would not be built if both CONFIG_USB_DEVICE_CLASS and CONFIG_USB_DEVICEFS were disabled. The usb_fs_classdev_common_remove() routine has been renamed to usbdev_remove() and it is now called whenever any USB device is removed, not just when a class device is unregistered. The notifier registration and unregistration calls are no longer conditionally compiled. And since the common removal code will always be called as part of the char device interface, there's no need to call it again as part of the usbfs interface; thus the invocation of usb_fs_classdev_common_remove() has been taken out of usbfs_remove_device(). Signed-off-by: NAlan Stern <stern@rowland.harvard.edu> Reported-by: NAlon Bar-Lev <alon.barlev@gmail.com> Tested-by: NAlon Bar-Lev <alon.barlev@gmail.com> Cc: stable <stable@kernel.org>
-
- 08 1月, 2009 2 次提交
-
-
由 Mark Lord 提交于
One minor nit did show up, though. The patch below seems to make more sense than the code does without it. Signed-off-by: NMark Lord <mlord@pobox.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 Phil Endecott 提交于
Just over a year ago (!) I had this brief exchange with Alan Stern: >> It seems that the signal that can be used with USBDEVFS_DISCSIGNAL and >> in usbdevfs_urb.signr is limited to the real-time signals SIGRTMIN to >> SIGRTMAX. What's the rationale for this restriction? I believe that a >> process can kill() itself with any signal number, can't it? I was >> planning to use SIGIO for usbdevfs_urb.signr and SIGTERM (uncaught) for >> USBDEVFS_DISCSIGNAL. I don't think I'll have a problem with using >> SIGRTMIN+n instead, but I'm curious to know if there's some subtle >> problem with the non-real-time signals that I should be aware of. > > I don't know of any reason for this restriction. Since no-one else could think of a reason either, I offer the following patch which allows any signal to be used with USBDEVFS_DISCSIGNAL and usbdevfs_urb.signr. Signed-off-by: NPhil Endecott <usbpatch@chezphil.org> Cc: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
- 14 11月, 2008 2 次提交
-
-
由 David Howells 提交于
Wrap current->cred and a few other accessors to hide their actual implementation. Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NJames Morris <jmorris@namei.org> Acked-by: NSerge Hallyn <serue@us.ibm.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 David Howells 提交于
Wrap access to task credentials so that they can be separated more easily from the task_struct during the introduction of COW creds. Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id(). Change some task->e?[ug]id to task_e?[ug]id(). In some places it makes more sense to use RCU directly rather than a convenient wrapper; these will be addressed by later patches. Signed-off-by: NDavid Howells <dhowells@redhat.com> Reviewed-by: NJames Morris <jmorris@namei.org> Acked-by: NSerge Hallyn <serue@us.ibm.com> Cc: Greg Kroah-Hartman <gregkh@suse.de> Cc: linux-usb@vger.kernel.org Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 18 10月, 2008 3 次提交
-
-
由 Greg Kroah-Hartman 提交于
USB should not be having it's own printk macros, so remove err() and use the system-wide standard of dev_err() wherever possible. In the few places that will not work out, use a basic printk(). Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 Greg Kroah-Hartman 提交于
USB should not be having it's own printk macros, so remove warn() and use the system-wide standard of dev_warn() wherever possible. In the few places that will not work out, use a basic printk(). Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 Alan Stern 提交于
This patch (as1148) adds a new "snoop" message to usbfs when a device file is opened, identifying the process responsible. This comes in extremely handy when trying to determine which program is doing some unwanted USB access. Signed-off-by: NAlan Stern <stern@rowland.harvard.edu> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
- 17 10月, 2008 1 次提交
-
-
由 Greg Kroah-Hartman 提交于
Now that device_create() has been audited, rename things back to the original call to be sane. Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
- 22 7月, 2008 3 次提交
-
-
由 Greg Kroah-Hartman 提交于
device_create() is race-prone, so use the race-free device_create_drvdata() instead as device_create() is going away. Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 Dan Williams 提交于
Why?: There are occasions where userspace would like to access sysfs attributes for a device but it may not know how sysfs has named the device or the path. For example what is the sysfs path for /dev/disk/by-id/ata-ST3160827AS_5MT004CK? With this change a call to stat(2) returns the major:minor then userspace can see that /sys/dev/block/8:32 links to /sys/block/sdc. What are the alternatives?: 1/ Add an ioctl to return the path: Doable, but sysfs is meant to reduce the need to proliferate ioctl interfaces into the kernel, so this seems counter productive. 2/ Use udev to create these symlinks: Also doable, but it adds a udev dependency to utilities that might be running in a limited environment like an initramfs. 3/ Do a full-tree search of sysfs. [kay.sievers@vrfy.org: fix duplicate registrations] [kay.sievers@vrfy.org: cleanup suggestions] Cc: Neil Brown <neilb@suse.de> Cc: Tejun Heo <htejun@gmail.com> Acked-by: NKay Sievers <kay.sievers@vrfy.org> Reviewed-by: NSL Baur <steve@xemacs.org> Acked-by: NKay Sievers <kay.sievers@vrfy.org> Acked-by: NMark Lord <lkml@rtr.ca> Acked-by: NH. Peter Anvin <hpa@zytor.com> Signed-off-by: NDan Williams <dan.j.williams@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 David Howells 提交于
Fix pointer/int cast in USB devio code, and thus avoid a compiler warning. A void* data argument passed to bus_find_device() and thence to match_devt() is used to carry a 32-bit datum. However, casting directly between a u32 and a pointer is not permitted - there must be an intermediate cast via (unsigned) long. This was introduced by the following patch: commit 94b1c9fa060ece2c8f080583beb6cc6008e41413 Author: Alan Stern <stern@rowland.harvard.edu> Date: Tue Jun 24 14:47:12 2008 -0400 usbfs: simplify the lookup-by-minor routines This patch (as1105) simplifies the lookup-by-minor-number code in usbfs. Instead of passing the minor number to the callback, which must then reconstruct the entire dev_t value, the patch passes the dev_t value directly. Signed-off-by: NAlan Stern <stern@rowland.harvard.edu> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de> Signed-off-by: NDavid Howells <dhowells@redhat.com> Cc: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-