- 03 9月, 2014 1 次提交
-
-
由 Robert Baldyga 提交于
Up to now, when endpoint addresses in descriptors were non-consecutive, there were created redundant files, which could cause problems in kernel, when user tried to read/write to them. It was result of fact that maximum endpoint address was taken as total number of endpoints in function. This patch adds endpoint descriptors counting and storing their addresses in eps_addrmap to verify their cohesion in each speed. Endpoint address map would be also useful for further features, just like vitual endpoint address mapping. Signed-off-by: NRobert Baldyga <r.baldyga@samsung.com> Acked-by: NMichal Nazarewicz <mina86@mina86.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
- 17 7月, 2014 1 次提交
-
-
由 Andrzej Pietrasiewicz 提交于
The drivers/usb/gadget directory contains many files. Files which are related can be distributed into separate directories. This patch moves the USB functions implementations into a separate directory. Signed-off-by: NAndrzej Pietrasiewicz <andrzej.p@samsung.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
- 10 7月, 2014 2 次提交
-
-
由 Andrzej Pietrasiewicz 提交于
Add support for OS descriptors. The new format of descriptors is used, because the "flags" field is required for extensions. os_count gives the number of OSDesc[] elements. The format of descriptors is given in include/uapi/linux/usb/functionfs.h. For extended properties descriptor the usb_ext_prop_desc structure covers only a part of a descriptor, because the wPropertyNameLength is unknown up front. Signed-off-by: NAndrzej Pietrasiewicz <andrzej.p@samsung.com> Acked-by: NMichal Nazarewicz <mina86@mina86.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
由 Andrzej Pietrasiewicz 提交于
ffs_do_desc() handles one descriptor, while ffs_do_descs() handles a number of descriptors. The tho names are so similar that it causes confusion. Rename to reflect their purpose better. Signed-off-by: NAndrzej Pietrasiewicz <andrzej.p@samsung.com> Acked-by: NMichal Nazarewicz <mina86@mina86.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
- 01 7月, 2014 1 次提交
-
-
由 Krzysztof Opasiak 提交于
Syscall mount returns -ENODEV error if requested FS type has not been found. Returning the same error from FFS mount callback makes value returned to userspace misleading. Other file systems returns -ENOENT if requested device has not been found. Adjust FFS to this convention to make error codes meaningfull. Acked-by: NMichal Nazarewicz <mina86@mina86.com> Signed-off-by: NKrzysztof Opasiak <k.opasiak@samsung.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
- 19 6月, 2014 1 次提交
-
-
由 Michal Nazarewicz 提交于
If the descriptors do not need any strings and user space sends empty set of strings, the ffs->stringtabs field remains NULL. Thus *ffs->stringtabs in functionfs_bind leads to a NULL pointer dereferenece. The bug was introduced by commit [fd7c9a00: “use usb_string_ids_n()”]. While at it, remove double initialisation of lang local variable in that function. ffs->strings_count does not need to be checked in any way since in the above scenario it will remain zero and usb_string_ids_n() is a no-operation when colled with 0 argument. Cc: <stable@vger.kernel.org> # v2.6.36+ Signed-off-by: NMichal Nazarewicz <mina86@mina86.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
- 14 5月, 2014 1 次提交
-
-
由 Andrzej Pietrasiewicz 提交于
Variable Length Array macros allow portable (compilable with both gcc and clang) way of allocating a number of structures using a single memory chunk. They can be useful for files other than f_fs.c, so move them to a header file. Signed-off-by: NAndrzej Pietrasiewicz <andrzej.p@samsung.com> Acked-by: NMichal Nazarewicz <mina86@mina86.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
- 22 4月, 2014 1 次提交
-
-
由 Felipe Balbi 提交于
We only support GPL drivers in the USB Gadget Framework, it sounds correct to make all exported symbols GPL too. Acked-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
- 16 4月, 2014 1 次提交
-
-
由 Chao Bi 提交于
ffs_epfile_io() is called from userspace, while ffs_func_eps_disable() might be called from USB disconnect interrupt, the two functions would run in parallel but they are not well protected, that epfile->ep would be removed by ffs_func_eps_disable() during ffs_epfile_io() is referring this pointer, then it leads to kernel PANIC. The scenario is as below: Thread 1 Thread 2 | | SyS_read dwc3_gadget_disconnect_interrupt | | ffs_epfile_read reset_config | | ffs_epfile_io ffs_func_eps_disable | | ----- usb_ep_disable(): epfile->ep->ep->desc = NULL | | usb_ep_align_maybe(): ----- it refers ep->desc->wMaxPacketSize ----- Signed-off-by: NChao Bi <chao.bi@intel.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
- 18 3月, 2014 1 次提交
-
-
由 Robert Baldyga 提交于
This patch adds missing spin_unlock and mutex_unlock calls in error handling code. Signed-off-by: NRobert Baldyga <r.baldyga@samsung.com> Acked-by: NMichal Nazarewicz <mina86@mina86.com> Acked-by: NFelipe Balbi <balbi@ti.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 08 3月, 2014 1 次提交
-
-
由 Chuansheng Liu 提交于
When the request length is aligned to maxpacketsize, sometimes the return length ret > the user space requested len. At that time, we will use min_t(size_t, ret, len) to limit the size in case of user data buffer overflow. But we need return the min_t(size_t, ret, len) to tell the user space rightly also. [ balbi@ti.com: also fix comment's indentation ] Acked-by: NMichal Nazarewicz <mina86@mina86.com> Reviewed-by: NDavid Cohen <david.a.cohen@linux.intel.com> Signed-off-by: NChuansheng Liu <chuansheng.liu@intel.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
- 06 3月, 2014 2 次提交
-
-
由 Michal Nazarewicz 提交于
This reworks the way SuperSpeed descriptors are added and instead of having a magic after full and high speed descriptors, it reworks the whole descriptors block to include a flags field which lists which descriptors are present and makes future extensions possible. Signed-off-by: NMichal Nazarewicz <mina86@mina86.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
由 Manu Gautam 提交于
Allow userspace to pass SuperSpeed descriptors and handle them in the driver accordingly. This change doesn't modify existing desc_header and thereby keeps the ABI changes backward compatible i.e. existing userspace drivers compiled with old header (functionfs.h) would continue to work with the updated kernel. Signed-off-by: NManu Gautam <mgautam@codeaurora.org> Acked-by: NMichal Nazarewicz <mina86@mina86.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
- 20 2月, 2014 1 次提交
-
-
由 Andrzej Pietrasiewicz 提交于
Fix possible NULL pointer dereference introduced in commit 219580e6 (usb: f_fs: check quirk to pad epout buf size when not aligned to maxpacketsize) In cases we do wait with: wait_event_interruptible(epfile->wait, (ep = epfile->ep)); for endpoint to be enabled, functionfs_bind() has not been called yet and epfile->ffs->gadget is still NULL and the automatic variable 'gadget' has been initialized with NULL at the point of its definition. Later on it is used as a parameter to: usb_ep_align_maybe(gadget, ep->ep, len) which in turn dereferences it. This patch fixes it by moving the actual assignment to the local 'gadget' variable after the potential waiting has completed. Signed-off-by: NAndrzej Pietrasiewicz <andrzej.p@samsung.com> Acked-by: NMichal Nazarewicz <mina86@mina86.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
- 19 2月, 2014 9 次提交
-
-
由 Robert Baldyga 提交于
This patch adds asynchronous I/O support for FunctionFS endpoint files. It adds ffs_epfile_aio_write() and ffs_epfile_aio_read() functions responsible for preparing AIO operations. It also modifies ffs_epfile_io() function, adding aio handling code. Instead of extending list of parameters of this function, there is new struct ffs_io_data which contains all information needed to perform I/O operation. Pointer to this struct replaces "buf" and "len" parameters of ffs_epfile_io() function. Allocated buffer is freed immediately only after sync operation, because in async IO it's freed in complete funcion. For each async operation an USB request is allocated, because it allows to have more than one request queued on single endpoint. According to changes in ffs_epfile_io() function, functions ffs_epfile_write() and ffs_epfile_read() are updated to use new API. For asynchronous I/O operations there is new request complete function named ffs_epfile_async_io_complete(), which completes AIO operation, and frees used memory. Signed-off-by: NRobert Baldyga <r.baldyga@samsung.com> Acked-by: NMichal Nazarewicz <mina86@mina86.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
由 Robert Baldyga 提交于
This patch adds poll function for file representing ep0. Ability of read from or write to ep0 file is related with actual state of ffs: - When desctiptors or strings are not written yet, POLLOUT flag is set. - If there is any event to read, POLLIN flag is set. - If setup request was read, POLLIN and POLLOUT flag is set, to allow send response (by performing I/O operation consistent with setup request direction) or set stall (by performing I/O operation opposite setup request direction). Signed-off-by: NRobert Baldyga <r.baldyga@samsung.com> Acked-by: NMichal Nazarewicz <mina86@mina86.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
由 Robert Baldyga 提交于
This patch fixes __ffs_ep0_queue_wait() function, which now returns number of bytes transferred in USB request or error code in case of failure. This is needed by ffs_ep0_read() function, when read data is copied to userspace. It also cleans up code by removing usused variable ep0req_status. Signed-off-by: NRobert Baldyga <r.baldyga@samsung.com> Acked-by: NMichal Nazarewicz <mina86@mina86.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
由 Michal Nazarewicz 提交于
The FFS_SETUP_STATUS macro could be trivialy replaced with an static inline function but more importantly its name was tad confusing. The name suggested it was a simple accessor macro but it actually did change the state of the ffs_data structure perfomring a FFS_SETUP_CANCELLED -> FFS_NO_SETUP transition. The name of the function -- ffs_setup_state_clear_cancelled -- should better describe what the function actually does. Signed-off-by: NMichal Nazarewicz <mina86@mina86.com> Signed-off-by: NRobert Baldyga <r.baldyga@samsung.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
由 Michal Nazarewicz 提交于
Since “cancelled” is spelled with two “l”s, rename FFS_SETUP_CANCELED to FFS_SETUP_CANCELLED. Signed-off-by: NMichal Nazarewicz <mina86@mina86.com> Signed-off-by: NRobert Baldyga <r.baldyga@samsung.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
由 Andrzej Pietrasiewicz 提交于
Consistently prefix function name with underscore if the function has to be called with ffs_lock taken. Acked-by: NMichal Nazarewicz <mina86@mina86.com> Signed-off-by: NAndrzej Pietrasiewicz <andrzej.p@samsung.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
由 Andrzej Pietrasiewicz 提交于
ffs_alloc_dev and ffs_free_dev are used only in f_fs.c, so make them static. Acked-by: NMichal Nazarewicz <mina86@mina86.com> Signed-off-by: NAndrzej Pietrasiewicz <andrzej.p@samsung.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
由 Andrzej Pietrasiewicz 提交于
Remove trailing whitespace Acked-by: NMichal Nazarewicz <mina86@mina86.com> Signed-off-by: NAndrzej Pietrasiewicz <andrzej.p@samsung.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
由 Andrzej Pietrasiewicz 提交于
ffs_dev->ffs_release_dev_callback should be accessed only if ffs_dev is not NULL. Acked-by: NMichal Nazarewicz <mina86@mina86.com> Signed-off-by: NAndrzej Pietrasiewicz <andrzej.p@samsung.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
- 13 12月, 2013 7 次提交
-
-
由 Felipe Balbi 提交于
use NULL when returning NULL pointers, not 0. Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
由 Andrzej Pietrasiewicz 提交于
Add support for using FunctionFS in configfs-based USB gadgets. [ balbi@ti.com : removed redefinition of VERBOSE_DEBUG and few trailing whitespaces ] Signed-off-by: NAndrzej Pietrasiewicz <andrzej.p@samsung.com> Signed-off-by: NKyungmin Park <kyungmin.park@samsung.com> Acked-by: NMichal Nazarewicz <mina86@mina86.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
由 Andrzej Pietrasiewicz 提交于
There are no old function interface users left, so the old interface can be removed. Signed-off-by: NAndrzej Pietrasiewicz <andrzej.p@samsung.com> Signed-off-by: NKyungmin Park <kyungmin.park@samsung.com> Acked-by: NMichal Nazarewicz <mina86@mina86.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
由 Andrzej Pietrasiewicz 提交于
This is required in order to integrate configfs support. f_fs needs to be a separately compiled module and so it needs to use the new interface. Signed-off-by: NAndrzej Pietrasiewicz <andrzej.p@samsung.com> Signed-off-by: NKyungmin Park <kyungmin.park@samsung.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
由 Andrzej Pietrasiewicz 提交于
This will be required in order to use the new function interface (usb_get_function_instance/usb_put_function_instance) Signed-off-by: NAndrzej Pietrasiewicz <andrzej.p@samsung.com> Signed-off-by: NKyunmgin Park <kyungmin.park@samsung.com> Acked-by: NMichal Nazarewicz <mina86@mina86.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
由 Andrzej Pietrasiewicz 提交于
A header file to be used by f_fs.c and g_ffs.c will be required when f_fs.c is converted into a module. Signed-off-by: NAndrzej Pietrasiewicz <andrzej.p@samsung.com> Signed-off-by: NKyungmin Park <kyungmin.park@samsung.com> Acked-by: NMichal Nazarewicz <mina86@mina86.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
由 Andrzej Pietrasiewicz 提交于
The use of variable length arrays in structs (VLAIS) in the Linux Kernel code precludes the use of compilers which don't implement VLAIS (for instance the Clang compiler). This alternate patch calculates offsets into the kmalloc-ed memory buffer using macros. The previous patch required multiple kmalloc and kfree calls. This version uses "group" vs "struct" since it really is not a struct and is essentially a group of VLA in a common allocated block. This version also fixes the issues pointed out by Andrzej Pietrasiewicz and Michal Nazarewicz. Signed-off-by: NMark Charlebois <charlebm@gmail.com> Signed-off-by: NBehan Webster <behanw@converseincode.com> [elimination of miexed declaration and code, checkpatch cleanup] [fixes after Michal's review] Signed-off-by: NAndrzej Pietrasiewicz <andrzej.p@samsung.com> Signed-off-by: NKyungmin Park <kyungmin.park@samsung.com> Acked-by: NMichal Nazarewicz <mina86@mina86.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
- 10 12月, 2013 2 次提交
-
-
由 Michal Nazarewicz 提交于
Check gadget.quirk_ep_out_aligned_size to decide if buffer size requires to be aligned to maxpacketsize of an out endpoint. ffs_epfile_io() needs to pad epout buffer to match above condition if quirk is found. Signed-off-by: NMichal Nazarewicz <mina86@mina86.com> Signed-off-by: NDavid Cohen <david.a.cohen@linux.intel.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
由 Michal Nazarewicz 提交于
When endpoint changes (due to it being disabled or alt setting changed), mimic the action as if the change happened after the request has been queued, instead of retrying with the new endpoint. Signed-off-by: NMichal Nazarewicz <mina86@mina86.com> Cc: David Cohen <david.a.cohen@linux.intel.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
- 26 11月, 2013 1 次提交
-
-
由 Felipe Balbi 提交于
use NULL instead of 0 as pointer. Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
- 15 11月, 2013 1 次提交
-
-
由 Wolfram Sang 提交于
Use this new function to make code more comprehensible, since we are reinitialzing the completion, not initializing. [akpm@linux-foundation.org: linux-next resyncs] Signed-off-by: NWolfram Sang <wsa@the-dreams.de> Acked-by: Linus Walleij <linus.walleij@linaro.org> (personally at LCE13) Cc: Ingo Molnar <mingo@kernel.org> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 01 10月, 2013 1 次提交
-
-
由 Robert Baldyga 提交于
This patch add missing error check in ffs_func_bind() function, after ffs_do_descs() function call for high speed descriptors. Without this check it's possible that the module will try dereference incorrect pointer. [ balbi@ti.com : removed trailing empty line ] Acked-by: NMichal Nazarewicz <mina86@mina86.com> Signed-off-by: NRobert Baldyga <r.baldyga@samsung.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
- 27 9月, 2013 1 次提交
-
-
由 Al Viro 提交于
There's a bunch of failure exits in ffs_fs_mount() with seriously broken recovery logics. Most of that appears to stem from misunderstanding of the ->kill_sb() semantics; unlike ->put_super() it is called for *all* superblocks of given type, no matter how (in)complete the setup had been. ->put_super() is called only if ->s_root is not NULL; any failure prior to setting ->s_root will have the call of ->put_super() skipped. ->kill_sb(), OTOH, awaits every superblock that has come from sget(). Current behaviour of ffs_fs_mount(): We have struct ffs_sb_fill_data data on stack there. We do ffs_dev = functionfs_acquire_dev_callback(dev_name); and store that in data.private_data. Then we call mount_nodev(), passing it ffs_sb_fill() as a callback. That will either fail outright, or manage to call ffs_sb_fill(). There we allocate an instance of struct ffs_data, slap the value of ffs_dev (picked from data.private_data) into ffs->private_data and overwrite data.private_data by storing ffs into an overlapping member (data.ffs_data). Then we store ffs into sb->s_fs_info and attempt to set the rest of the things up (root inode, root dentry, then create /ep0 there). Any of those might fail. Should that happen, we get ffs_fs_kill_sb() called before mount_nodev() returns. If mount_nodev() fails for any reason whatsoever, we proceed to functionfs_release_dev_callback(data.ffs_data); That's broken in a lot of ways. Suppose the thing has failed in allocation of e.g. root inode or dentry. We have functionfs_release_dev_callback(ffs); ffs_data_put(ffs); done by ffs_fs_kill_sb() (ffs accessed via sb->s_fs_info), followed by functionfs_release_dev_callback(ffs); from ffs_fs_mount() (via data.ffs_data). Note that the second functionfs_release_dev_callback() has every chance to be done to freed memory. Suppose we fail *before* root inode allocation. What happens then? ffs_fs_kill_sb() doesn't do anything to ffs (it's either not called at all, or it doesn't have a pointer to ffs stored in sb->s_fs_info). And functionfs_release_dev_callback(data.ffs_data); is called by ffs_fs_mount(), but here we are in nasal daemon country - we are reading from a member of union we'd never stored into. In practice, we'll get what we used to store into the overlapping field, i.e. ffs_dev. And then we get screwed, since we treat it (struct gfs_ffs_obj * in disguise, returned by functionfs_acquire_dev_callback()) as struct ffs_data *, pick what would've been ffs_data ->private_data from it (*well* past the actual end of the struct gfs_ffs_obj - struct ffs_data is much bigger) and poke in whatever it points to. FWIW, there's a minor leak on top of all that in case if ffs_sb_fill() fails on kstrdup() - ffs is obviously forgotten. The thing is, there is no point in playing all those games with union. Just allocate and initialize ffs_data *before* calling mount_nodev() and pass a pointer to it via data.ffs_data. And once it's stored in sb->s_fs_info, clear data.ffs_data, so that ffs_fs_mount() knows that it doesn't need to kill the sucker manually - from that point on we'll have it done by ->kill_sb(). Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> Acked-by: NMichal Nazarewicz <mina86@mina86.com> Cc: stable <stable@vger.kernel.org> # 3.3+ Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 28 8月, 2013 1 次提交
-
-
由 Dan Carpenter 提交于
ffs_data_put() can sometimes free "ffs" so I have moved the call down a line below the dereference. Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-
- 10 4月, 2013 1 次提交
-
-
由 Al Viro 提交于
filesystem module as whole is pinned down by its superblock, no need to have opened files on it to add anything to that. Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
- 04 3月, 2013 1 次提交
-
-
由 Eric W. Biederman 提交于
Modify the request_module to prefix the file system type with "fs-" and add aliases to all of the filesystems that can be built as modules to match. A common practice is to build all of the kernel code and leave code that is not commonly needed as modules, with the result that many users are exposed to any bug anywhere in the kernel. Looking for filesystems with a fs- prefix limits the pool of possible modules that can be loaded by mount to just filesystems trivially making things safer with no real cost. Using aliases means user space can control the policy of which filesystem modules are auto-loaded by editing /etc/modprobe.d/*.conf with blacklist and alias directives. Allowing simple, safe, well understood work-arounds to known problematic software. This also addresses a rare but unfortunate problem where the filesystem name is not the same as it's module name and module auto-loading would not work. While writing this patch I saw a handful of such cases. The most significant being autofs that lives in the module autofs4. This is relevant to user namespaces because we can reach the request module in get_fs_type() without having any special permissions, and people get uncomfortable when a user specified string (in this case the filesystem type) goes all of the way to request_module. After having looked at this issue I don't think there is any particular reason to perform any filtering or permission checks beyond making it clear in the module request that we want a filesystem module. The common pattern in the kernel is to call request_module() without regards to the users permissions. In general all a filesystem module does once loaded is call register_filesystem() and go to sleep. Which means there is not much attack surface exposed by loading a filesytem module unless the filesystem is mounted. In a user namespace filesystems are not mounted unless .fs_flags = FS_USERNS_MOUNT, which most filesystems do not set today. Acked-by: NSerge Hallyn <serge.hallyn@canonical.com> Acked-by: NKees Cook <keescook@chromium.org> Reported-by: NKees Cook <keescook@google.com> Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
-
- 18 1月, 2013 1 次提交
-
-
由 Benoit Goby 提交于
Add missing braces around an if block in ffs_fs_parse_opts. This broke parsing the uid/gid mount options and causes mount to fail when using uid/gid. This has been introduced by commit b9b73f7c (userns: Convert usb functionfs to use kuid/kgid where appropriate) in 3.7. Cc: <stable@vger.kernel.org> Signed-off-by: NBenoit Goby <benoit@android.com> Acked-by: NMichal Nazarewicz <mina86@mina86.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
-