2006-08-09 01:42:06 +04:00
/*
* adutux - driver for ADU devices from Ontrak Control Systems
* This is an experimental driver . Use at your own risk .
* This driver is not supported by Ontrak Control Systems .
*
* Copyright ( c ) 2003 John Homppi ( SCO , leave this notice here )
*
* This program is free software ; you can redistribute it and / or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation ; either version 2 of
* the License , or ( at your option ) any later version .
*
* derived from the Lego USB Tower driver 0.56 :
* Copyright ( c ) 2003 David Glance < davidgsf @ sourceforge . net >
* 2001 Juergen Stuber < stuber @ loria . fr >
* that was derived from USB Skeleton driver - 0.5
* Copyright ( c ) 2001 Greg Kroah - Hartman ( greg @ kroah . com )
*
*/
# include <linux/kernel.h>
# include <linux/errno.h>
# include <linux/init.h>
# include <linux/slab.h>
# include <linux/module.h>
# include <linux/usb.h>
2007-07-13 23:28:31 +04:00
# include <linux/mutex.h>
2006-08-09 01:42:06 +04:00
# include <asm/uaccess.h>
# ifdef CONFIG_USB_DEBUG
static int debug = 5 ;
# else
static int debug = 1 ;
# endif
/* Use our own dbg macro */
# undef dbg
# define dbg(lvl, format, arg...) \
do { \
if ( debug > = lvl ) \
2010-02-06 04:51:13 +03:00
printk ( KERN_DEBUG " %s: " format " \n " , __FILE__ , # # arg ) ; \
2006-08-09 01:42:06 +04:00
} while ( 0 )
/* Version Information */
# define DRIVER_VERSION "v0.0.13"
# define DRIVER_AUTHOR "John Homppi"
# define DRIVER_DESC "adutux (see www.ontrak.net)"
/* Module parameters */
module_param ( debug , int , S_IRUGO | S_IWUSR ) ;
MODULE_PARM_DESC ( debug , " Debug enabled or not " ) ;
/* Define these values to match your device */
# define ADU_VENDOR_ID 0x0a07
# define ADU_PRODUCT_ID 0x0064
/* table of devices that work with this driver */
2010-01-10 17:34:45 +03:00
static const struct usb_device_id device_table [ ] = {
2006-08-09 01:42:06 +04:00
{ USB_DEVICE ( ADU_VENDOR_ID , ADU_PRODUCT_ID ) } , /* ADU100 */
{ USB_DEVICE ( ADU_VENDOR_ID , ADU_PRODUCT_ID + 20 ) } , /* ADU120 */
{ USB_DEVICE ( ADU_VENDOR_ID , ADU_PRODUCT_ID + 30 ) } , /* ADU130 */
{ USB_DEVICE ( ADU_VENDOR_ID , ADU_PRODUCT_ID + 100 ) } , /* ADU200 */
{ USB_DEVICE ( ADU_VENDOR_ID , ADU_PRODUCT_ID + 108 ) } , /* ADU208 */
{ USB_DEVICE ( ADU_VENDOR_ID , ADU_PRODUCT_ID + 118 ) } , /* ADU218 */
{ } /* Terminating entry */
} ;
MODULE_DEVICE_TABLE ( usb , device_table ) ;
# ifdef CONFIG_USB_DYNAMIC_MINORS
# define ADU_MINOR_BASE 0
# else
# define ADU_MINOR_BASE 67
# endif
/* we can have up to this number of device plugged in at once */
# define MAX_DEVICES 16
# define COMMAND_TIMEOUT (2*HZ) /* 60 second timeout for a command */
2007-11-01 01:59:30 +03:00
/*
* The locking scheme is a vanilla 3 - lock :
* adu_device . buflock : A spinlock , covers what IRQs touch .
* adutux_mutex : A Static lock to cover open_count . It would also cover
* any globals , but we don ' t have them in 2.6 .
* adu_device . mtx : A mutex to hold across sleepers like copy_from_user .
* It covers all of adu_device , except the open_count
* and what . buflock covers .
*/
2006-08-09 01:42:06 +04:00
/* Structure to hold all of our device specific stuff */
struct adu_device {
2007-11-01 01:59:30 +03:00
struct mutex mtx ;
2006-08-09 01:42:06 +04:00
struct usb_device * udev ; /* save off the usb device pointer */
struct usb_interface * interface ;
2007-11-01 01:59:30 +03:00
unsigned int minor ; /* the starting minor number for this device */
2006-08-09 01:42:06 +04:00
char serial_number [ 8 ] ;
int open_count ; /* number of times this port has been opened */
char * read_buffer_primary ;
int read_buffer_length ;
char * read_buffer_secondary ;
int secondary_head ;
int secondary_tail ;
spinlock_t buflock ;
wait_queue_head_t read_wait ;
wait_queue_head_t write_wait ;
char * interrupt_in_buffer ;
struct usb_endpoint_descriptor * interrupt_in_endpoint ;
struct urb * interrupt_in_urb ;
int read_urb_finished ;
char * interrupt_out_buffer ;
struct usb_endpoint_descriptor * interrupt_out_endpoint ;
struct urb * interrupt_out_urb ;
2007-11-01 01:59:30 +03:00
int out_urb_finished ;
2006-08-09 01:42:06 +04:00
} ;
2007-11-01 01:59:30 +03:00
static DEFINE_MUTEX ( adutux_mutex ) ;
2006-08-09 01:42:06 +04:00
static struct usb_driver adu_driver ;
static void adu_debug_data ( int level , const char * function , int size ,
const unsigned char * data )
{
int i ;
if ( debug < level )
return ;
2010-02-06 04:51:13 +03:00
printk ( KERN_DEBUG " %s: %s - length = %d, data = " ,
__FILE__ , function , size ) ;
2006-08-09 01:42:06 +04:00
for ( i = 0 ; i < size ; + + i )
printk ( " %.2x " , data [ i ] ) ;
printk ( " \n " ) ;
}
/**
* adu_abort_transfers
* aborts transfers and frees associated data structures
*/
static void adu_abort_transfers ( struct adu_device * dev )
{
2007-11-01 01:59:30 +03:00
unsigned long flags ;
2006-08-09 01:42:06 +04:00
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : enter " , __func__ ) ;
2006-08-09 01:42:06 +04:00
if ( dev - > udev = = NULL ) {
2008-03-04 03:08:34 +03:00
dbg ( 1 , " %s : udev is null " , __func__ ) ;
2006-08-09 01:42:06 +04:00
goto exit ;
}
/* shutdown transfer */
2007-11-01 01:59:30 +03:00
/* XXX Anchor these instead */
spin_lock_irqsave ( & dev - > buflock , flags ) ;
if ( ! dev - > read_urb_finished ) {
spin_unlock_irqrestore ( & dev - > buflock , flags ) ;
usb_kill_urb ( dev - > interrupt_in_urb ) ;
} else
spin_unlock_irqrestore ( & dev - > buflock , flags ) ;
spin_lock_irqsave ( & dev - > buflock , flags ) ;
if ( ! dev - > out_urb_finished ) {
spin_unlock_irqrestore ( & dev - > buflock , flags ) ;
usb_kill_urb ( dev - > interrupt_out_urb ) ;
} else
spin_unlock_irqrestore ( & dev - > buflock , flags ) ;
2006-08-09 01:42:06 +04:00
exit :
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : leave " , __func__ ) ;
2006-08-09 01:42:06 +04:00
}
static void adu_delete ( struct adu_device * dev )
{
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s enter " , __func__ ) ;
2006-08-09 01:42:06 +04:00
/* free data structures */
usb_free_urb ( dev - > interrupt_in_urb ) ;
usb_free_urb ( dev - > interrupt_out_urb ) ;
kfree ( dev - > read_buffer_primary ) ;
kfree ( dev - > read_buffer_secondary ) ;
kfree ( dev - > interrupt_in_buffer ) ;
kfree ( dev - > interrupt_out_buffer ) ;
kfree ( dev ) ;
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : leave " , __func__ ) ;
2006-08-09 01:42:06 +04:00
}
IRQ: Maintain regs pointer globally rather than passing to IRQ handlers
Maintain a per-CPU global "struct pt_regs *" variable which can be used instead
of passing regs around manually through all ~1800 interrupt handlers in the
Linux kernel.
The regs pointer is used in few places, but it potentially costs both stack
space and code to pass it around. On the FRV arch, removing the regs parameter
from all the genirq function results in a 20% speed up of the IRQ exit path
(ie: from leaving timer_interrupt() to leaving do_IRQ()).
Where appropriate, an arch may override the generic storage facility and do
something different with the variable. On FRV, for instance, the address is
maintained in GR28 at all times inside the kernel as part of general exception
handling.
Having looked over the code, it appears that the parameter may be handed down
through up to twenty or so layers of functions. Consider a USB character
device attached to a USB hub, attached to a USB controller that posts its
interrupts through a cascaded auxiliary interrupt controller. A character
device driver may want to pass regs to the sysrq handler through the input
layer which adds another few layers of parameter passing.
I've build this code with allyesconfig for x86_64 and i386. I've runtested the
main part of the code on FRV and i386, though I can't test most of the drivers.
I've also done partial conversion for powerpc and MIPS - these at least compile
with minimal configurations.
This will affect all archs. Mostly the changes should be relatively easy.
Take do_IRQ(), store the regs pointer at the beginning, saving the old one:
struct pt_regs *old_regs = set_irq_regs(regs);
And put the old one back at the end:
set_irq_regs(old_regs);
Don't pass regs through to generic_handle_irq() or __do_IRQ().
In timer_interrupt(), this sort of change will be necessary:
- update_process_times(user_mode(regs));
- profile_tick(CPU_PROFILING, regs);
+ update_process_times(user_mode(get_irq_regs()));
+ profile_tick(CPU_PROFILING);
I'd like to move update_process_times()'s use of get_irq_regs() into itself,
except that i386, alone of the archs, uses something other than user_mode().
Some notes on the interrupt handling in the drivers:
(*) input_dev() is now gone entirely. The regs pointer is no longer stored in
the input_dev struct.
(*) finish_unlinks() in drivers/usb/host/ohci-q.c needs checking. It does
something different depending on whether it's been supplied with a regs
pointer or not.
(*) Various IRQ handler function pointers have been moved to type
irq_handler_t.
Signed-Off-By: David Howells <dhowells@redhat.com>
(cherry picked from 1b16e7ac850969f38b375e511e3fa2f474a33867 commit)
2006-10-05 17:55:46 +04:00
static void adu_interrupt_in_callback ( struct urb * urb )
2006-08-09 01:42:06 +04:00
{
struct adu_device * dev = urb - > context ;
2007-07-18 21:58:02 +04:00
int status = urb - > status ;
2006-08-09 01:42:06 +04:00
2008-03-04 03:08:34 +03:00
dbg ( 4 , " %s : enter, status %d " , __func__ , status ) ;
adu_debug_data ( 5 , __func__ , urb - > actual_length ,
2006-08-09 01:42:06 +04:00
urb - > transfer_buffer ) ;
spin_lock ( & dev - > buflock ) ;
2007-07-18 21:58:02 +04:00
if ( status ! = 0 ) {
2007-08-16 18:02:08 +04:00
if ( ( status ! = - ENOENT ) & & ( status ! = - ECONNRESET ) & &
( status ! = - ESHUTDOWN ) ) {
2006-08-09 01:42:06 +04:00
dbg ( 1 , " %s : nonzero status received: %d " ,
2008-03-04 03:08:34 +03:00
__func__ , status ) ;
2006-08-09 01:42:06 +04:00
}
goto exit ;
}
if ( urb - > actual_length > 0 & & dev - > interrupt_in_buffer [ 0 ] ! = 0x00 ) {
if ( dev - > read_buffer_length <
( 4 * le16_to_cpu ( dev - > interrupt_in_endpoint - > wMaxPacketSize ) ) -
( urb - > actual_length ) ) {
memcpy ( dev - > read_buffer_primary +
dev - > read_buffer_length ,
dev - > interrupt_in_buffer , urb - > actual_length ) ;
dev - > read_buffer_length + = urb - > actual_length ;
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s reading %d " , __func__ ,
2006-08-09 01:42:06 +04:00
urb - > actual_length ) ;
} else {
2008-03-04 03:08:34 +03:00
dbg ( 1 , " %s : read_buffer overflow " , __func__ ) ;
2006-08-09 01:42:06 +04:00
}
}
exit :
dev - > read_urb_finished = 1 ;
spin_unlock ( & dev - > buflock ) ;
/* always wake up so we recover from errors */
wake_up_interruptible ( & dev - > read_wait ) ;
2008-03-04 03:08:34 +03:00
adu_debug_data ( 5 , __func__ , urb - > actual_length ,
2006-08-09 01:42:06 +04:00
urb - > transfer_buffer ) ;
2008-03-04 03:08:34 +03:00
dbg ( 4 , " %s : leave, status %d " , __func__ , status ) ;
2006-08-09 01:42:06 +04:00
}
IRQ: Maintain regs pointer globally rather than passing to IRQ handlers
Maintain a per-CPU global "struct pt_regs *" variable which can be used instead
of passing regs around manually through all ~1800 interrupt handlers in the
Linux kernel.
The regs pointer is used in few places, but it potentially costs both stack
space and code to pass it around. On the FRV arch, removing the regs parameter
from all the genirq function results in a 20% speed up of the IRQ exit path
(ie: from leaving timer_interrupt() to leaving do_IRQ()).
Where appropriate, an arch may override the generic storage facility and do
something different with the variable. On FRV, for instance, the address is
maintained in GR28 at all times inside the kernel as part of general exception
handling.
Having looked over the code, it appears that the parameter may be handed down
through up to twenty or so layers of functions. Consider a USB character
device attached to a USB hub, attached to a USB controller that posts its
interrupts through a cascaded auxiliary interrupt controller. A character
device driver may want to pass regs to the sysrq handler through the input
layer which adds another few layers of parameter passing.
I've build this code with allyesconfig for x86_64 and i386. I've runtested the
main part of the code on FRV and i386, though I can't test most of the drivers.
I've also done partial conversion for powerpc and MIPS - these at least compile
with minimal configurations.
This will affect all archs. Mostly the changes should be relatively easy.
Take do_IRQ(), store the regs pointer at the beginning, saving the old one:
struct pt_regs *old_regs = set_irq_regs(regs);
And put the old one back at the end:
set_irq_regs(old_regs);
Don't pass regs through to generic_handle_irq() or __do_IRQ().
In timer_interrupt(), this sort of change will be necessary:
- update_process_times(user_mode(regs));
- profile_tick(CPU_PROFILING, regs);
+ update_process_times(user_mode(get_irq_regs()));
+ profile_tick(CPU_PROFILING);
I'd like to move update_process_times()'s use of get_irq_regs() into itself,
except that i386, alone of the archs, uses something other than user_mode().
Some notes on the interrupt handling in the drivers:
(*) input_dev() is now gone entirely. The regs pointer is no longer stored in
the input_dev struct.
(*) finish_unlinks() in drivers/usb/host/ohci-q.c needs checking. It does
something different depending on whether it's been supplied with a regs
pointer or not.
(*) Various IRQ handler function pointers have been moved to type
irq_handler_t.
Signed-Off-By: David Howells <dhowells@redhat.com>
(cherry picked from 1b16e7ac850969f38b375e511e3fa2f474a33867 commit)
2006-10-05 17:55:46 +04:00
static void adu_interrupt_out_callback ( struct urb * urb )
2006-08-09 01:42:06 +04:00
{
struct adu_device * dev = urb - > context ;
2007-07-18 21:58:02 +04:00
int status = urb - > status ;
2006-08-09 01:42:06 +04:00
2008-03-04 03:08:34 +03:00
dbg ( 4 , " %s : enter, status %d " , __func__ , status ) ;
adu_debug_data ( 5 , __func__ , urb - > actual_length , urb - > transfer_buffer ) ;
2006-08-09 01:42:06 +04:00
2007-07-18 21:58:02 +04:00
if ( status ! = 0 ) {
if ( ( status ! = - ENOENT ) & &
( status ! = - ECONNRESET ) ) {
2006-08-09 01:42:06 +04:00
dbg ( 1 , " %s :nonzero status received: %d " ,
2008-03-04 03:08:34 +03:00
__func__ , status ) ;
2006-08-09 01:42:06 +04:00
}
goto exit ;
}
2007-11-01 01:59:30 +03:00
spin_lock ( & dev - > buflock ) ;
dev - > out_urb_finished = 1 ;
wake_up ( & dev - > write_wait ) ;
spin_unlock ( & dev - > buflock ) ;
2006-08-09 01:42:06 +04:00
exit :
2008-03-04 03:08:34 +03:00
adu_debug_data ( 5 , __func__ , urb - > actual_length ,
2006-08-09 01:42:06 +04:00
urb - > transfer_buffer ) ;
2008-03-04 03:08:34 +03:00
dbg ( 4 , " %s : leave, status %d " , __func__ , status ) ;
2006-08-09 01:42:06 +04:00
}
static int adu_open ( struct inode * inode , struct file * file )
{
struct adu_device * dev = NULL ;
struct usb_interface * interface ;
int subminor ;
2007-11-01 01:59:30 +03:00
int retval ;
2006-08-09 01:42:06 +04:00
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : enter " , __func__ ) ;
2006-08-09 01:42:06 +04:00
subminor = iminor ( inode ) ;
2007-11-01 01:59:30 +03:00
if ( ( retval = mutex_lock_interruptible ( & adutux_mutex ) ) ) {
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : mutex lock failed " , __func__ ) ;
2007-11-01 01:59:30 +03:00
goto exit_no_lock ;
}
2006-08-09 01:42:06 +04:00
interface = usb_find_interface ( & adu_driver , subminor ) ;
if ( ! interface ) {
2008-08-14 20:37:34 +04:00
printk ( KERN_ERR " adutux: %s - error, can't find device for "
" minor %d \n " , __func__ , subminor ) ;
2006-08-09 01:42:06 +04:00
retval = - ENODEV ;
goto exit_no_device ;
}
dev = usb_get_intfdata ( interface ) ;
2007-11-01 01:59:30 +03:00
if ( ! dev | | ! dev - > udev ) {
2006-08-09 01:42:06 +04:00
retval = - ENODEV ;
goto exit_no_device ;
}
2007-11-01 01:59:30 +03:00
/* check that nobody else is using the device */
if ( dev - > open_count ) {
retval = - EBUSY ;
2006-08-09 01:42:06 +04:00
goto exit_no_device ;
}
+ + dev - > open_count ;
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : open count %d " , __func__ , dev - > open_count ) ;
2006-08-09 01:42:06 +04:00
/* save device in the file's private structure */
file - > private_data = dev ;
2007-11-01 01:59:30 +03:00
/* initialize in direction */
dev - > read_buffer_length = 0 ;
2006-08-09 01:42:06 +04:00
2007-11-01 01:59:30 +03:00
/* fixup first read by having urb waiting for it */
usb_fill_int_urb ( dev - > interrupt_in_urb , dev - > udev ,
usb_rcvintpipe ( dev - > udev ,
dev - > interrupt_in_endpoint - > bEndpointAddress ) ,
dev - > interrupt_in_buffer ,
le16_to_cpu ( dev - > interrupt_in_endpoint - > wMaxPacketSize ) ,
adu_interrupt_in_callback , dev ,
dev - > interrupt_in_endpoint - > bInterval ) ;
dev - > read_urb_finished = 0 ;
if ( usb_submit_urb ( dev - > interrupt_in_urb , GFP_KERNEL ) )
dev - > read_urb_finished = 1 ;
/* we ignore failure */
/* end of fixup for first read */
/* initialize out direction */
dev - > out_urb_finished = 1 ;
retval = 0 ;
2006-08-09 01:42:06 +04:00
exit_no_device :
2007-11-01 01:59:30 +03:00
mutex_unlock ( & adutux_mutex ) ;
exit_no_lock :
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : leave, return value %d " , __func__ , retval ) ;
2006-08-09 01:42:06 +04:00
return retval ;
}
2007-11-01 01:59:30 +03:00
static void adu_release_internal ( struct adu_device * dev )
2006-08-09 01:42:06 +04:00
{
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : enter " , __func__ ) ;
2006-08-09 01:42:06 +04:00
/* decrement our usage count for the device */
- - dev - > open_count ;
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : open count %d " , __func__ , dev - > open_count ) ;
2006-08-09 01:42:06 +04:00
if ( dev - > open_count < = 0 ) {
adu_abort_transfers ( dev ) ;
dev - > open_count = 0 ;
}
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : leave " , __func__ ) ;
2006-08-09 01:42:06 +04:00
}
static int adu_release ( struct inode * inode , struct file * file )
{
2007-11-01 01:59:30 +03:00
struct adu_device * dev ;
2006-08-09 01:42:06 +04:00
int retval = 0 ;
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : enter " , __func__ ) ;
2006-08-09 01:42:06 +04:00
if ( file = = NULL ) {
2008-03-04 03:08:34 +03:00
dbg ( 1 , " %s : file is NULL " , __func__ ) ;
2006-08-09 01:42:06 +04:00
retval = - ENODEV ;
goto exit ;
}
dev = file - > private_data ;
if ( dev = = NULL ) {
2008-03-04 03:08:34 +03:00
dbg ( 1 , " %s : object is NULL " , __func__ ) ;
2006-08-09 01:42:06 +04:00
retval = - ENODEV ;
goto exit ;
}
2007-11-01 01:59:30 +03:00
mutex_lock ( & adutux_mutex ) ; /* not interruptible */
2006-08-09 01:42:06 +04:00
if ( dev - > open_count < = 0 ) {
2008-03-04 03:08:34 +03:00
dbg ( 1 , " %s : device not opened " , __func__ ) ;
2006-08-09 01:42:06 +04:00
retval = - ENODEV ;
2009-03-11 23:47:38 +03:00
goto unlock ;
2006-08-09 01:42:06 +04:00
}
2007-11-01 01:59:30 +03:00
adu_release_internal ( dev ) ;
USB: prevent char device open/deregister race
This patch (as908) adds central protection in usbcore for the
prototypical race between opening and unregistering a char device.
The spinlock used to protect the minor-numbers array is replaced with
an rwsem, which can remain locked across a call to a driver's open()
method. This guarantees that open() and deregister() will be mutually
exclusive.
The private locks currently used in several individual drivers for
this purpose are no longer necessary, and the patch removes them. The
following USB drivers are affected: usblcd, idmouse, auerswald,
legousbtower, sisusbvga/sisusb, ldusb, adutux, iowarrior, and
usb-skeleton.
As a side effect of this change, usb_deregister_dev() must not be
called while holding a lock that is acquired by open(). Unfortunately
a number of drivers do this, but luckily the solution is simple: call
usb_deregister_dev() before acquiring the lock.
In addition to these changes (and their consequent code
simplifications), the patch fixes a use-after-free bug in adutux and a
race between open() and release() in iowarrior.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-05-22 19:46:41 +04:00
if ( dev - > udev = = NULL ) {
/* the device was unplugged before the file was released */
2007-11-01 01:59:30 +03:00
if ( ! dev - > open_count ) /* ... and we're the last user */
adu_delete ( dev ) ;
USB: prevent char device open/deregister race
This patch (as908) adds central protection in usbcore for the
prototypical race between opening and unregistering a char device.
The spinlock used to protect the minor-numbers array is replaced with
an rwsem, which can remain locked across a call to a driver's open()
method. This guarantees that open() and deregister() will be mutually
exclusive.
The private locks currently used in several individual drivers for
this purpose are no longer necessary, and the patch removes them. The
following USB drivers are affected: usblcd, idmouse, auerswald,
legousbtower, sisusbvga/sisusb, ldusb, adutux, iowarrior, and
usb-skeleton.
As a side effect of this change, usb_deregister_dev() must not be
called while holding a lock that is acquired by open(). Unfortunately
a number of drivers do this, but luckily the solution is simple: call
usb_deregister_dev() before acquiring the lock.
In addition to these changes (and their consequent code
simplifications), the patch fixes a use-after-free bug in adutux and a
race between open() and release() in iowarrior.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-05-22 19:46:41 +04:00
}
2009-03-11 23:47:38 +03:00
unlock :
2007-11-01 01:59:30 +03:00
mutex_unlock ( & adutux_mutex ) ;
2009-03-11 23:47:38 +03:00
exit :
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : leave, return value %d " , __func__ , retval ) ;
2006-08-09 01:42:06 +04:00
return retval ;
}
static ssize_t adu_read ( struct file * file , __user char * buffer , size_t count ,
loff_t * ppos )
{
struct adu_device * dev ;
size_t bytes_read = 0 ;
size_t bytes_to_read = count ;
int i ;
int retval = 0 ;
int timeout = 0 ;
int should_submit = 0 ;
unsigned long flags ;
DECLARE_WAITQUEUE ( wait , current ) ;
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : enter, count = %Zd, file=%p " , __func__ , count , file ) ;
2006-08-09 01:42:06 +04:00
dev = file - > private_data ;
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : dev=%p " , __func__ , dev ) ;
2007-11-01 01:59:30 +03:00
2007-07-13 23:28:31 +04:00
if ( mutex_lock_interruptible ( & dev - > mtx ) )
2006-08-09 01:42:06 +04:00
return - ERESTARTSYS ;
/* verify that the device wasn't unplugged */
2007-11-01 01:59:30 +03:00
if ( dev - > udev = = NULL ) {
2006-08-09 01:42:06 +04:00
retval = - ENODEV ;
2008-08-14 20:37:34 +04:00
printk ( KERN_ERR " adutux: No device or device unplugged %d \n " ,
retval ) ;
2006-08-09 01:42:06 +04:00
goto exit ;
}
/* verify that some data was requested */
if ( count = = 0 ) {
2008-03-04 03:08:34 +03:00
dbg ( 1 , " %s : read request of 0 bytes " , __func__ ) ;
2006-08-09 01:42:06 +04:00
goto exit ;
}
timeout = COMMAND_TIMEOUT ;
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : about to start looping " , __func__ ) ;
2006-08-09 01:42:06 +04:00
while ( bytes_to_read ) {
int data_in_secondary = dev - > secondary_tail - dev - > secondary_head ;
dbg ( 2 , " %s : while, data_in_secondary=%d, status=%d " ,
2008-03-04 03:08:34 +03:00
__func__ , data_in_secondary ,
2006-08-09 01:42:06 +04:00
dev - > interrupt_in_urb - > status ) ;
if ( data_in_secondary ) {
/* drain secondary buffer */
int amount = bytes_to_read < data_in_secondary ? bytes_to_read : data_in_secondary ;
i = copy_to_user ( buffer , dev - > read_buffer_secondary + dev - > secondary_head , amount ) ;
if ( i < 0 ) {
retval = - EFAULT ;
goto exit ;
}
dev - > secondary_head + = ( amount - i ) ;
bytes_read + = ( amount - i ) ;
bytes_to_read - = ( amount - i ) ;
if ( i ) {
retval = bytes_read ? bytes_read : - EFAULT ;
goto exit ;
}
} else {
/* we check the primary buffer */
spin_lock_irqsave ( & dev - > buflock , flags ) ;
if ( dev - > read_buffer_length ) {
/* we secure access to the primary */
char * tmp ;
dbg ( 2 , " %s : swap, read_buffer_length = %d " ,
2008-03-04 03:08:34 +03:00
__func__ , dev - > read_buffer_length ) ;
2006-08-09 01:42:06 +04:00
tmp = dev - > read_buffer_secondary ;
dev - > read_buffer_secondary = dev - > read_buffer_primary ;
dev - > read_buffer_primary = tmp ;
dev - > secondary_head = 0 ;
dev - > secondary_tail = dev - > read_buffer_length ;
dev - > read_buffer_length = 0 ;
spin_unlock_irqrestore ( & dev - > buflock , flags ) ;
/* we have a free buffer so use it */
should_submit = 1 ;
} else {
/* even the primary was empty - we may need to do IO */
2007-11-01 01:59:30 +03:00
if ( ! dev - > read_urb_finished ) {
2006-08-09 01:42:06 +04:00
/* somebody is doing IO */
spin_unlock_irqrestore ( & dev - > buflock , flags ) ;
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : submitted already " , __func__ ) ;
2006-08-09 01:42:06 +04:00
} else {
/* we must initiate input */
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : initiate input " , __func__ ) ;
2006-08-09 01:42:06 +04:00
dev - > read_urb_finished = 0 ;
2007-11-01 01:59:30 +03:00
spin_unlock_irqrestore ( & dev - > buflock , flags ) ;
2006-08-09 01:42:06 +04:00
usb_fill_int_urb ( dev - > interrupt_in_urb , dev - > udev ,
usb_rcvintpipe ( dev - > udev ,
dev - > interrupt_in_endpoint - > bEndpointAddress ) ,
dev - > interrupt_in_buffer ,
le16_to_cpu ( dev - > interrupt_in_endpoint - > wMaxPacketSize ) ,
adu_interrupt_in_callback ,
dev ,
dev - > interrupt_in_endpoint - > bInterval ) ;
2007-11-01 01:59:30 +03:00
retval = usb_submit_urb ( dev - > interrupt_in_urb , GFP_KERNEL ) ;
if ( retval ) {
dev - > read_urb_finished = 1 ;
2006-08-09 01:42:06 +04:00
if ( retval = = - ENOMEM ) {
retval = bytes_read ? bytes_read : - ENOMEM ;
}
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : submit failed " , __func__ ) ;
2006-08-09 01:42:06 +04:00
goto exit ;
}
}
/* we wait for I/O to complete */
set_current_state ( TASK_INTERRUPTIBLE ) ;
add_wait_queue ( & dev - > read_wait , & wait ) ;
2007-11-01 01:59:30 +03:00
spin_lock_irqsave ( & dev - > buflock , flags ) ;
if ( ! dev - > read_urb_finished ) {
spin_unlock_irqrestore ( & dev - > buflock , flags ) ;
2006-08-09 01:42:06 +04:00
timeout = schedule_timeout ( COMMAND_TIMEOUT ) ;
2007-11-01 01:59:30 +03:00
} else {
spin_unlock_irqrestore ( & dev - > buflock , flags ) ;
2006-08-09 01:42:06 +04:00
set_current_state ( TASK_RUNNING ) ;
2007-11-01 01:59:30 +03:00
}
2006-08-09 01:42:06 +04:00
remove_wait_queue ( & dev - > read_wait , & wait ) ;
if ( timeout < = 0 ) {
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : timeout " , __func__ ) ;
2006-08-09 01:42:06 +04:00
retval = bytes_read ? bytes_read : - ETIMEDOUT ;
goto exit ;
}
if ( signal_pending ( current ) ) {
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : signal pending " , __func__ ) ;
2006-08-09 01:42:06 +04:00
retval = bytes_read ? bytes_read : - EINTR ;
goto exit ;
}
}
}
}
retval = bytes_read ;
/* if the primary buffer is empty then use it */
2007-11-01 01:59:30 +03:00
spin_lock_irqsave ( & dev - > buflock , flags ) ;
if ( should_submit & & dev - > read_urb_finished ) {
dev - > read_urb_finished = 0 ;
spin_unlock_irqrestore ( & dev - > buflock , flags ) ;
2006-08-09 01:42:06 +04:00
usb_fill_int_urb ( dev - > interrupt_in_urb , dev - > udev ,
usb_rcvintpipe ( dev - > udev ,
dev - > interrupt_in_endpoint - > bEndpointAddress ) ,
2007-11-01 01:59:30 +03:00
dev - > interrupt_in_buffer ,
le16_to_cpu ( dev - > interrupt_in_endpoint - > wMaxPacketSize ) ,
adu_interrupt_in_callback ,
dev ,
dev - > interrupt_in_endpoint - > bInterval ) ;
if ( usb_submit_urb ( dev - > interrupt_in_urb , GFP_KERNEL ) ! = 0 )
dev - > read_urb_finished = 1 ;
2006-08-09 01:42:06 +04:00
/* we ignore failure */
2007-11-01 01:59:30 +03:00
} else {
spin_unlock_irqrestore ( & dev - > buflock , flags ) ;
2006-08-09 01:42:06 +04:00
}
exit :
/* unlock the device */
2007-07-13 23:28:31 +04:00
mutex_unlock ( & dev - > mtx ) ;
2006-08-09 01:42:06 +04:00
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : leave, return value %d " , __func__ , retval ) ;
2006-08-09 01:42:06 +04:00
return retval ;
}
static ssize_t adu_write ( struct file * file , const __user char * buffer ,
size_t count , loff_t * ppos )
{
2007-11-01 01:59:30 +03:00
DECLARE_WAITQUEUE ( waita , current ) ;
2006-08-09 01:42:06 +04:00
struct adu_device * dev ;
size_t bytes_written = 0 ;
size_t bytes_to_write ;
size_t buffer_size ;
2007-11-01 01:59:30 +03:00
unsigned long flags ;
2007-04-02 17:16:36 +04:00
int retval ;
2006-08-09 01:42:06 +04:00
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : enter, count = %Zd " , __func__ , count ) ;
2006-08-09 01:42:06 +04:00
dev = file - > private_data ;
2007-07-13 23:28:31 +04:00
retval = mutex_lock_interruptible ( & dev - > mtx ) ;
2007-04-02 17:16:36 +04:00
if ( retval )
goto exit_nolock ;
2006-08-09 01:42:06 +04:00
/* verify that the device wasn't unplugged */
2007-11-01 01:59:30 +03:00
if ( dev - > udev = = NULL ) {
2006-08-09 01:42:06 +04:00
retval = - ENODEV ;
2008-08-14 20:37:34 +04:00
printk ( KERN_ERR " adutux: No device or device unplugged %d \n " ,
retval ) ;
2006-08-09 01:42:06 +04:00
goto exit ;
}
/* verify that we actually have some data to write */
if ( count = = 0 ) {
2008-03-04 03:08:34 +03:00
dbg ( 1 , " %s : write request of 0 bytes " , __func__ ) ;
2006-08-09 01:42:06 +04:00
goto exit ;
}
while ( count > 0 ) {
2007-11-01 01:59:30 +03:00
add_wait_queue ( & dev - > write_wait , & waita ) ;
set_current_state ( TASK_INTERRUPTIBLE ) ;
spin_lock_irqsave ( & dev - > buflock , flags ) ;
if ( ! dev - > out_urb_finished ) {
spin_unlock_irqrestore ( & dev - > buflock , flags ) ;
2006-08-09 01:42:06 +04:00
2007-11-01 01:59:30 +03:00
mutex_unlock ( & dev - > mtx ) ;
if ( signal_pending ( current ) ) {
2008-03-04 03:08:34 +03:00
dbg ( 1 , " %s : interrupted " , __func__ ) ;
2007-11-01 01:59:30 +03:00
set_current_state ( TASK_RUNNING ) ;
2006-08-09 01:42:06 +04:00
retval = - EINTR ;
2007-11-01 01:59:30 +03:00
goto exit_onqueue ;
2006-08-09 01:42:06 +04:00
}
2007-11-01 01:59:30 +03:00
if ( schedule_timeout ( COMMAND_TIMEOUT ) = = 0 ) {
2008-03-04 03:08:34 +03:00
dbg ( 1 , " %s - command timed out. " , __func__ ) ;
2007-11-01 01:59:30 +03:00
retval = - ETIMEDOUT ;
goto exit_onqueue ;
}
remove_wait_queue ( & dev - > write_wait , & waita ) ;
2007-07-13 23:28:31 +04:00
retval = mutex_lock_interruptible ( & dev - > mtx ) ;
2007-04-02 17:16:36 +04:00
if ( retval ) {
retval = bytes_written ? bytes_written : retval ;
goto exit_nolock ;
}
2006-08-09 01:42:06 +04:00
2008-03-04 03:08:34 +03:00
dbg ( 4 , " %s : in progress, count = %Zd " , __func__ , count ) ;
2006-08-09 01:42:06 +04:00
} else {
2007-11-01 01:59:30 +03:00
spin_unlock_irqrestore ( & dev - > buflock , flags ) ;
set_current_state ( TASK_RUNNING ) ;
remove_wait_queue ( & dev - > write_wait , & waita ) ;
2008-03-04 03:08:34 +03:00
dbg ( 4 , " %s : sending, count = %Zd " , __func__ , count ) ;
2006-08-09 01:42:06 +04:00
/* write the data into interrupt_out_buffer from userspace */
buffer_size = le16_to_cpu ( dev - > interrupt_out_endpoint - > wMaxPacketSize ) ;
bytes_to_write = count > buffer_size ? buffer_size : count ;
dbg ( 4 , " %s : buffer_size = %Zd, count = %Zd, bytes_to_write = %Zd " ,
2008-03-04 03:08:34 +03:00
__func__ , buffer_size , count , bytes_to_write ) ;
2006-08-09 01:42:06 +04:00
if ( copy_from_user ( dev - > interrupt_out_buffer , buffer , bytes_to_write ) ! = 0 ) {
retval = - EFAULT ;
goto exit ;
}
/* send off the urb */
usb_fill_int_urb (
dev - > interrupt_out_urb ,
dev - > udev ,
usb_sndintpipe ( dev - > udev , dev - > interrupt_out_endpoint - > bEndpointAddress ) ,
dev - > interrupt_out_buffer ,
bytes_to_write ,
adu_interrupt_out_callback ,
dev ,
2007-11-01 01:59:30 +03:00
dev - > interrupt_out_endpoint - > bInterval ) ;
2006-08-09 01:42:06 +04:00
dev - > interrupt_out_urb - > actual_length = bytes_to_write ;
2007-11-01 01:59:30 +03:00
dev - > out_urb_finished = 0 ;
2006-08-09 01:42:06 +04:00
retval = usb_submit_urb ( dev - > interrupt_out_urb , GFP_KERNEL ) ;
if ( retval < 0 ) {
2007-11-01 01:59:30 +03:00
dev - > out_urb_finished = 1 ;
2008-08-14 20:37:34 +04:00
dev_err ( & dev - > udev - > dev , " Couldn't submit "
" interrupt_out_urb %d \n " , retval ) ;
2006-08-09 01:42:06 +04:00
goto exit ;
}
buffer + = bytes_to_write ;
count - = bytes_to_write ;
bytes_written + = bytes_to_write ;
}
}
2007-11-01 01:59:30 +03:00
mutex_unlock ( & dev - > mtx ) ;
return bytes_written ;
2006-08-09 01:42:06 +04:00
exit :
2007-07-13 23:28:31 +04:00
mutex_unlock ( & dev - > mtx ) ;
2007-04-02 17:16:36 +04:00
exit_nolock :
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : leave, return value %d " , __func__ , retval ) ;
2007-11-01 01:59:30 +03:00
return retval ;
2006-08-09 01:42:06 +04:00
2007-11-01 01:59:30 +03:00
exit_onqueue :
remove_wait_queue ( & dev - > write_wait , & waita ) ;
2006-08-09 01:42:06 +04:00
return retval ;
}
/* file operations needed when we register this driver */
2007-02-12 11:55:34 +03:00
static const struct file_operations adu_fops = {
2006-08-09 01:42:06 +04:00
. owner = THIS_MODULE ,
. read = adu_read ,
. write = adu_write ,
. open = adu_open ,
. release = adu_release ,
} ;
/*
* usb class driver info in order to get a minor number from the usb core ,
* and to have the device registered with devfs and the driver core
*/
static struct usb_class_driver adu_class = {
. name = " usb/adutux%d " ,
. fops = & adu_fops ,
. minor_base = ADU_MINOR_BASE ,
} ;
/**
* adu_probe
*
* Called by the usb core when a new device is connected that it thinks
* this driver might be interested in .
*/
static int adu_probe ( struct usb_interface * interface ,
const struct usb_device_id * id )
{
struct usb_device * udev = interface_to_usbdev ( interface ) ;
struct adu_device * dev = NULL ;
struct usb_host_interface * iface_desc ;
struct usb_endpoint_descriptor * endpoint ;
int retval = - ENODEV ;
int in_end_size ;
int out_end_size ;
int i ;
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : enter " , __func__ ) ;
2006-08-09 01:42:06 +04:00
if ( udev = = NULL ) {
dev_err ( & interface - > dev , " udev is NULL. \n " ) ;
goto exit ;
}
/* allocate memory for our device state and intialize it */
dev = kzalloc ( sizeof ( struct adu_device ) , GFP_KERNEL ) ;
if ( dev = = NULL ) {
dev_err ( & interface - > dev , " Out of memory \n " ) ;
retval = - ENOMEM ;
goto exit ;
}
2007-07-13 23:28:31 +04:00
mutex_init ( & dev - > mtx ) ;
2006-08-09 01:42:06 +04:00
spin_lock_init ( & dev - > buflock ) ;
dev - > udev = udev ;
init_waitqueue_head ( & dev - > read_wait ) ;
init_waitqueue_head ( & dev - > write_wait ) ;
iface_desc = & interface - > altsetting [ 0 ] ;
/* set up the endpoint information */
for ( i = 0 ; i < iface_desc - > desc . bNumEndpoints ; + + i ) {
endpoint = & iface_desc - > endpoint [ i ] . desc ;
if ( usb_endpoint_is_int_in ( endpoint ) )
dev - > interrupt_in_endpoint = endpoint ;
if ( usb_endpoint_is_int_out ( endpoint ) )
dev - > interrupt_out_endpoint = endpoint ;
}
if ( dev - > interrupt_in_endpoint = = NULL ) {
dev_err ( & interface - > dev , " interrupt in endpoint not found \n " ) ;
goto error ;
}
if ( dev - > interrupt_out_endpoint = = NULL ) {
dev_err ( & interface - > dev , " interrupt out endpoint not found \n " ) ;
goto error ;
}
in_end_size = le16_to_cpu ( dev - > interrupt_in_endpoint - > wMaxPacketSize ) ;
out_end_size = le16_to_cpu ( dev - > interrupt_out_endpoint - > wMaxPacketSize ) ;
dev - > read_buffer_primary = kmalloc ( ( 4 * in_end_size ) , GFP_KERNEL ) ;
if ( ! dev - > read_buffer_primary ) {
dev_err ( & interface - > dev , " Couldn't allocate read_buffer_primary \n " ) ;
retval = - ENOMEM ;
goto error ;
}
/* debug code prime the buffer */
memset ( dev - > read_buffer_primary , ' a ' , in_end_size ) ;
memset ( dev - > read_buffer_primary + in_end_size , ' b ' , in_end_size ) ;
memset ( dev - > read_buffer_primary + ( 2 * in_end_size ) , ' c ' , in_end_size ) ;
memset ( dev - > read_buffer_primary + ( 3 * in_end_size ) , ' d ' , in_end_size ) ;
dev - > read_buffer_secondary = kmalloc ( ( 4 * in_end_size ) , GFP_KERNEL ) ;
if ( ! dev - > read_buffer_secondary ) {
dev_err ( & interface - > dev , " Couldn't allocate read_buffer_secondary \n " ) ;
retval = - ENOMEM ;
goto error ;
}
/* debug code prime the buffer */
memset ( dev - > read_buffer_secondary , ' e ' , in_end_size ) ;
memset ( dev - > read_buffer_secondary + in_end_size , ' f ' , in_end_size ) ;
memset ( dev - > read_buffer_secondary + ( 2 * in_end_size ) , ' g ' , in_end_size ) ;
memset ( dev - > read_buffer_secondary + ( 3 * in_end_size ) , ' h ' , in_end_size ) ;
dev - > interrupt_in_buffer = kmalloc ( in_end_size , GFP_KERNEL ) ;
if ( ! dev - > interrupt_in_buffer ) {
dev_err ( & interface - > dev , " Couldn't allocate interrupt_in_buffer \n " ) ;
goto error ;
}
/* debug code prime the buffer */
memset ( dev - > interrupt_in_buffer , ' i ' , in_end_size ) ;
dev - > interrupt_in_urb = usb_alloc_urb ( 0 , GFP_KERNEL ) ;
if ( ! dev - > interrupt_in_urb ) {
dev_err ( & interface - > dev , " Couldn't allocate interrupt_in_urb \n " ) ;
goto error ;
}
dev - > interrupt_out_buffer = kmalloc ( out_end_size , GFP_KERNEL ) ;
if ( ! dev - > interrupt_out_buffer ) {
dev_err ( & interface - > dev , " Couldn't allocate interrupt_out_buffer \n " ) ;
goto error ;
}
dev - > interrupt_out_urb = usb_alloc_urb ( 0 , GFP_KERNEL ) ;
if ( ! dev - > interrupt_out_urb ) {
dev_err ( & interface - > dev , " Couldn't allocate interrupt_out_urb \n " ) ;
goto error ;
}
if ( ! usb_string ( udev , udev - > descriptor . iSerialNumber , dev - > serial_number ,
sizeof ( dev - > serial_number ) ) ) {
dev_err ( & interface - > dev , " Could not retrieve serial number \n " ) ;
goto error ;
}
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : serial_number=%s " , __func__ , dev - > serial_number ) ;
2006-08-09 01:42:06 +04:00
/* we can register the device now, as it is ready */
usb_set_intfdata ( interface , dev ) ;
retval = usb_register_dev ( interface , & adu_class ) ;
if ( retval ) {
/* something prevented us from registering this driver */
dev_err ( & interface - > dev , " Not able to get a minor for this device. \n " ) ;
usb_set_intfdata ( interface , NULL ) ;
goto error ;
}
dev - > minor = interface - > minor ;
/* let the user know what node this device is now attached to */
2007-10-18 14:06:30 +04:00
dev_info ( & interface - > dev , " ADU%d %s now attached to /dev/usb/adutux%d \n " ,
2006-08-09 01:42:06 +04:00
udev - > descriptor . idProduct , dev - > serial_number ,
( dev - > minor - ADU_MINOR_BASE ) ) ;
exit :
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : leave, return value %p (dev) " , __func__ , dev ) ;
2006-08-09 01:42:06 +04:00
return retval ;
error :
adu_delete ( dev ) ;
return retval ;
}
/**
* adu_disconnect
*
* Called by the usb core when the device is removed from the system .
*/
static void adu_disconnect ( struct usb_interface * interface )
{
struct adu_device * dev ;
int minor ;
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : enter " , __func__ ) ;
2006-08-09 01:42:06 +04:00
dev = usb_get_intfdata ( interface ) ;
2007-11-01 01:59:30 +03:00
mutex_lock ( & dev - > mtx ) ; /* not interruptible */
dev - > udev = NULL ; /* poison */
2006-08-09 01:42:06 +04:00
minor = dev - > minor ;
usb_deregister_dev ( interface , & adu_class ) ;
2007-11-01 01:59:30 +03:00
mutex_unlock ( & dev - > mtx ) ;
2006-08-09 01:42:06 +04:00
2007-11-01 01:59:30 +03:00
mutex_lock ( & adutux_mutex ) ;
usb_set_intfdata ( interface , NULL ) ;
USB: prevent char device open/deregister race
This patch (as908) adds central protection in usbcore for the
prototypical race between opening and unregistering a char device.
The spinlock used to protect the minor-numbers array is replaced with
an rwsem, which can remain locked across a call to a driver's open()
method. This guarantees that open() and deregister() will be mutually
exclusive.
The private locks currently used in several individual drivers for
this purpose are no longer necessary, and the patch removes them. The
following USB drivers are affected: usblcd, idmouse, auerswald,
legousbtower, sisusbvga/sisusb, ldusb, adutux, iowarrior, and
usb-skeleton.
As a side effect of this change, usb_deregister_dev() must not be
called while holding a lock that is acquired by open(). Unfortunately
a number of drivers do this, but luckily the solution is simple: call
usb_deregister_dev() before acquiring the lock.
In addition to these changes (and their consequent code
simplifications), the patch fixes a use-after-free bug in adutux and a
race between open() and release() in iowarrior.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-05-22 19:46:41 +04:00
2006-08-09 01:42:06 +04:00
/* if the device is not opened, then we clean up right now */
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : open count %d " , __func__ , dev - > open_count ) ;
2007-11-01 01:59:30 +03:00
if ( ! dev - > open_count )
2006-08-09 01:42:06 +04:00
adu_delete ( dev ) ;
2007-11-01 01:59:30 +03:00
mutex_unlock ( & adutux_mutex ) ;
2006-08-09 01:42:06 +04:00
2007-10-18 14:06:30 +04:00
dev_info ( & interface - > dev , " ADU device adutux%d now disconnected \n " ,
2006-08-09 01:42:06 +04:00
( minor - ADU_MINOR_BASE ) ) ;
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : leave " , __func__ ) ;
2006-08-09 01:42:06 +04:00
}
/* usb specific object needed to register this driver with the usb subsystem */
static struct usb_driver adu_driver = {
. name = " adutux " ,
. probe = adu_probe ,
. disconnect = adu_disconnect ,
. id_table = device_table ,
} ;
static int __init adu_init ( void )
{
int result ;
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : enter " , __func__ ) ;
2006-08-09 01:42:06 +04:00
/* register this driver with the USB subsystem */
result = usb_register ( & adu_driver ) ;
if ( result < 0 ) {
2008-08-14 20:37:34 +04:00
printk ( KERN_ERR " usb_register failed for the " __FILE__
" driver. Error number %d \n " , result ) ;
2006-08-09 01:42:06 +04:00
goto exit ;
}
2008-08-19 00:21:04 +04:00
printk ( KERN_INFO " adutux " DRIVER_DESC " " DRIVER_VERSION " \n " ) ;
printk ( KERN_INFO " adutux is an experimental driver. "
" Use at your own risk \n " ) ;
2006-08-09 01:42:06 +04:00
exit :
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : leave, return value %d " , __func__ , result ) ;
2006-08-09 01:42:06 +04:00
return result ;
}
static void __exit adu_exit ( void )
{
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : enter " , __func__ ) ;
2006-08-09 01:42:06 +04:00
/* deregister this driver with the USB subsystem */
usb_deregister ( & adu_driver ) ;
2008-03-04 03:08:34 +03:00
dbg ( 2 , " %s : leave " , __func__ ) ;
2006-08-09 01:42:06 +04:00
}
module_init ( adu_init ) ;
module_exit ( adu_exit ) ;
MODULE_AUTHOR ( DRIVER_AUTHOR ) ;
MODULE_DESCRIPTION ( DRIVER_DESC ) ;
MODULE_LICENSE ( " GPL " ) ;