} while (0)
+#define MAX_USBFS_BUFFER_SIZE 16384
+
static inline int connected (struct usb_device *dev)
{
return dev->state != USB_STATE_NOTATTACHED;
sinfo.si_signo = as->signr;
sinfo.si_errno = as->urb->status;
sinfo.si_code = SI_ASYNCIO;
- sinfo.si_addr = (void *)as->userurb;
+ sinfo.si_addr = as->userurb;
send_sig_info(as->signr, &sinfo, as->task);
}
wake_up(&ps->wait);
spin_lock_irqsave(&ps->lock, flags);
}
spin_unlock_irqrestore(&ps->lock, flags);
- while ((as = async_getcompleted(ps)))
+ as = async_getcompleted(ps);
+ while (as) {
free_async(as);
+ as = async_getcompleted(ps);
+ }
}
static void destroy_async_on_interface (struct dev_state *ps, unsigned int ifnum)
snoop(&dev->dev, "control read: bRequest=%02x bRrequestType=%02x wValue=%04x wIndex=%04x\n",
ctrl.bRequest, ctrl.bRequestType, ctrl.wValue, ctrl.wIndex);
+ up(&dev->serialize);
i = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0), ctrl.bRequest, ctrl.bRequestType,
ctrl.wValue, ctrl.wIndex, tbuf, ctrl.wLength, tmo);
+ down(&dev->serialize);
if ((i > 0) && ctrl.wLength) {
if (usbfs_snoop) {
dev_info(&dev->dev, "control read: data ");
for (j = 0; j < ctrl.wLength; ++j)
- printk ("%02x ", (unsigned char)((char *)ctrl.data)[j]);
+ printk ("%02x ", (unsigned char)(tbuf)[j]);
printk("\n");
}
if (copy_to_user(ctrl.data, tbuf, ctrl.wLength)) {
if (usbfs_snoop) {
dev_info(&dev->dev, "control write: data: ");
for (j = 0; j < ctrl.wLength; ++j)
- printk ("%02x ", (unsigned char)((char *)ctrl.data)[j]);
+ printk ("%02x ", (unsigned char)(tbuf)[j]);
printk("\n");
}
+ up(&dev->serialize);
i = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), ctrl.bRequest, ctrl.bRequestType,
ctrl.wValue, ctrl.wIndex, tbuf, ctrl.wLength, tmo);
+ down(&dev->serialize);
}
free_page((unsigned long)tbuf);
if (i<0) {
if (!usb_maxpacket(dev, pipe, !(bulk.ep & USB_DIR_IN)))
return -EINVAL;
len1 = bulk.len;
+ if (len1 > MAX_USBFS_BUFFER_SIZE)
+ return -EINVAL;
if (!(tbuf = kmalloc(len1, GFP_KERNEL)))
return -ENOMEM;
tmo = (bulk.timeout * HZ + 999) / 1000;
kfree(tbuf);
return -EINVAL;
}
+ up(&dev->serialize);
i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo);
+ down(&dev->serialize);
if (!i && len2) {
if (copy_to_user(bulk.data, tbuf, len2)) {
kfree(tbuf);
return -EFAULT;
}
}
+ up(&dev->serialize);
i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo);
+ down(&dev->serialize);
}
kfree(tbuf);
if (i < 0) {
case USBDEVFS_URB_TYPE_BULK:
uurb.number_of_packets = 0;
- if (uurb.buffer_length > 16384)
+ if (uurb.buffer_length > MAX_USBFS_BUFFER_SIZE)
return -EINVAL;
if (!access_ok((uurb.endpoint & USB_DIR_IN) ? VERIFY_WRITE : VERIFY_READ, uurb.buffer, uurb.buffer_length))
return -EFAULT;
interval = 1 << min (15, ep_desc->bInterval - 1);
else
interval = ep_desc->bInterval;
- if (uurb.buffer_length > 16384)
+ if (uurb.buffer_length > MAX_USBFS_BUFFER_SIZE)
return -EINVAL;
if (!access_ok((uurb.endpoint & USB_DIR_IN) ? VERIFY_WRITE : VERIFY_READ, uurb.buffer, uurb.buffer_length))
return -EFAULT;
static int processcompl(struct async *as)
{
struct urb *urb = as->urb;
+ struct usbdevfs_urb __user *userurb = as->userurb;
unsigned int i;
if (as->userbuffer)
if (copy_to_user(as->userbuffer, urb->transfer_buffer, urb->transfer_buffer_length))
return -EFAULT;
- if (put_user(urb->status,
- &((struct usbdevfs_urb *)as->userurb)->status))
+ if (put_user(urb->status, &userurb->status))
return -EFAULT;
- if (put_user(urb->actual_length,
- &((struct usbdevfs_urb *)as->userurb)->actual_length))
+ if (put_user(urb->actual_length, &userurb->actual_length))
return -EFAULT;
- if (put_user(urb->error_count,
- &((struct usbdevfs_urb *)as->userurb)->error_count))
+ if (put_user(urb->error_count, &userurb->error_count))
return -EFAULT;
if (!(usb_pipeisoc(urb->pipe)))
return 0;
for (i = 0; i < urb->number_of_packets; i++) {
if (put_user(urb->iso_frame_desc[i].actual_length,
- &((struct usbdevfs_urb *)as->userurb)->iso_frame_desc[i].actual_length))
+ &userurb->iso_frame_desc[i].actual_length))
return -EFAULT;
if (put_user(urb->iso_frame_desc[i].status,
- &((struct usbdevfs_urb *)as->userurb)->iso_frame_desc[i].status))
+ &userurb->iso_frame_desc[i].status))
return -EFAULT;
}
return 0;
{
struct usbdevfs_ioctl ctrl;
int size;
- void *buf = 0;
+ void *buf = NULL;
int retval = 0;
- struct usb_interface *intf = 0;
- struct usb_driver *driver = 0;
+ struct usb_interface *intf = NULL;
+ struct usb_driver *driver = NULL;
/* get input parameters and alloc buffer */
if (copy_from_user(&ctrl, arg, sizeof (ctrl)))