Commit Graph

34 Commits

Author SHA1 Message Date
Shuah Khan (Samsung OSG)
81f7567c51 usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control()
vhci_hub_control() accesses port_status array with out of bounds port
value. Fix it to reference port_status[] only with a valid rhport value
when invalid_rhport flag is true.

The invalid_rhport flag is set early on after detecting in port value
is within the bounds or not.

The following is used reproduce the problem and verify the fix:
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=14ed8ab6400000

Reported-by: syzbot+bccc1fe10b70fadc78d0@syzkaller.appspotmail.com
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Shuah Khan (Samsung OSG) <shuah@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-10-09 16:13:42 +02:00
Shuah Khan
5b22f67611 usbip: vhci_hcd: check rhport before using in vhci_hub_control()
Validate !rhport < 0 before using it to access port_status array.

Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-04-22 14:45:11 +02:00
Shuah Khan
009f41aed4 usbip: keep usbip_device sockfd state in sync with tcp_socket
Keep usbip_device sockfd state in sync with tcp_socket. When tcp_socket
is reset to null, reset sockfd to -1 to keep it in sync.

Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-02-15 18:43:57 +01:00
Shuah Khan
90120d15f4 usbip: prevent leaking socket pointer address in messages
usbip driver is leaking socket pointer address in messages. Remove
the messages that aren't useful and print sockfd in the ones that
are useful for debugging.

Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-19 11:40:54 +01:00
Shuah Khan
8272d099d0 usbip: vhci: stop printing kernel pointer addresses in messages
Remove and/or change debug, info. and error messages to not print
kernel pointer addresses.

Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-19 11:40:54 +01:00
Yuyang Du
770b2edece usbip: Fix USB device hang due to wrong enabling of scatter-gather
The previous USB3 SuperSpeed enabling patches mistakenly enabled
URB scatter-gather chaining, which is actually not supported by
the VHCI HCD. This patch fixes that.

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=197867
Fixes: 03cd00d538 ("usbip: vhci-hcd: Set the vhci structure up to work")
Reported-by: Juan Zea <juan.zea@qindel.com>
Signed-off-by: Yuyang Du <yuyang.du@intel.com>
Cc: stable <stable@vger.kernel.org>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-11-30 16:40:01 +00:00
Greg Kroah-Hartman
7f2b019c8d USB: usbip: Remove redundant license text
Now that the SPDX tag is in all USB files, that identifies the license
in a specific and legally-defined manner.  So the extra GPL text wording
can be removed as it is no longer needed at all.

This is done on a quest to remove the 700+ different ways that files in
the kernel describe the GPL license text.  And there's unneeded stuff
like the address (sometimes incorrect) for the FSF which is never
needed.

No copyright headers or other non-license-description text was removed.

Cc: Valentina Manea <valentina.manea.m@gmail.com>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-11-07 15:45:01 +01:00
Greg Kroah-Hartman
5fd54ace47 USB: add SPDX identifiers to all remaining files in drivers/usb/
It's good to have SPDX identifiers in all files to make it easier to
audit the kernel tree for correct licenses.

Update the drivers/usb/ and include/linux/usb* files with the correct
SPDX license identifier based on the license text in the file itself.
The SPDX identifier is a legally binding shorthand, which can be used
instead of the full boiler plate text.

This work is based on a script and data from Thomas Gleixner, Philippe
Ombredanne, and Kate Stewart.

Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Kate Stewart <kstewart@linuxfoundation.org>
Cc: Philippe Ombredanne <pombredanne@nexb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Acked-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-11-04 11:48:02 +01:00
Bhumika Goyal
3a16191399 usbip: vhci-hcd: make vhci_hc_driver const
Make this const as it is not modified anywhere.

Signed-off-by: Bhumika Goyal <bhumirks@gmail.com>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-08-31 18:08:47 +02:00
Greg Kroah-Hartman
0c971edabb USB: usbip: remove unneeded MODULE_VERSION() usage
MODULE_VERSION is useless for in-kernel drivers, so just remove all
usage of it in the USB usbip drivers.  Along with this, the
USBIP_VERSION macros was removed as is was also pointless, as well as
printing out the driver version to the syslog at init time, which is not
necessary at all.

Cc: Valentina Manea <valentina.manea.m@gmail.com>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-07-22 15:56:53 +02:00
Yuyang Du
f0d657e80d usbip: Fix uninitialized variable bug in vhci
The patch 03cd00d538: "usbip: vhci-hcd: Set the vhci structure up
to work" introduced a bug which uses a vairable without initialization
in error handling code. Fix it.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Yuyang Du <yuyang.du@intel.com>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-27 17:57:50 +02:00
Yuyang Du
a5c7f019c7 usbip: vhci-hcd: Add USB3 port status bits
As USB3 has (slightly) different bit meanings in the port
status. Add a new status bit array for USB3.

Signed-off-by: Yuyang Du <yuyang.du@intel.com>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 10:51:10 +02:00
Yuyang Du
1c9de5bf42 usbip: vhci-hcd: Add USB3 SuperSpeed support
This patch adds a USB3 HCD to an existing USB2 HCD and provides
the support of SuperSpeed, in case the device can only be enumerated
with SuperSpeed.

The bulk of the added code in usb3_bos_desc and hub_control to support
SuperSpeed is borrowed from the commit 1cd8fd2887 ("usb: gadget:
dummy_hcd: add SuperSpeed support").

With this patch, each vhci will have VHCI_HC_PORTS HighSpeed ports
and VHCI_HC_PORTS SuperSpeed ports.

Suggested-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Signed-off-by: Yuyang Du <yuyang.du@intel.com>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 10:51:10 +02:00
Yuyang Du
03cd00d538 usbip: vhci-hcd: Set the vhci structure up to work
This patch enables the new vhci structure. Its lock protects
both the USB2 hub and the shared USB3 hub.

Signed-off-by: Yuyang Du <yuyang.du@intel.com>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 10:51:10 +02:00
Yuyang Du
dff3565b8e usbip: vhci-hcd: Rework vhci_hcd_init
A vhci struct is added as the platform-specific data to the vhci
platform device, in order to get the vhci by its platform device.
This is done in vhci_hcd_init().

Signed-off-by: Yuyang Du <yuyang.du@intel.com>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 10:51:10 +02:00
Yuyang Du
89a73d281f usbip: vhci-hcd: Move VHCI platform device into vhci struct
Every VHCI is a platform device, so move the platform_device struct
into the VHCI struct.

Signed-off-by: Yuyang Du <yuyang.du@intel.com>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 10:51:10 +02:00
Yuyang Du
5ec0edc965 usbip: vhci-hcd: Rename function names to reflect their struct names
These helper function names are renamed to have their full struct
names to avoid confusion:

 - hcd_to_vhci() -> hcd_to_vhci_hcd()
 - vhci_to_hcd() -> vhci_hcd_to_hcd()
 - vdev_to_vhci() -> vdev_to_vhci_hcd()

Signed-off-by: Yuyang Du <yuyang.du@intel.com>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-06-13 10:51:09 +02:00
Johan Hovold
ec963b412a USB: usbip: fix nonconforming hub descriptor
Fix up the root-hub descriptor to accommodate the variable-length
DeviceRemovable and PortPwrCtrlMask fields, while marking all ports as
removable (and leaving the reserved bit zero unset).

Also add a build-time constraint on VHCI_HC_PORTS which must never be
greater than USB_MAXCHILDREN (but this was only enforced through a
KConfig constant).

This specifically fixes the descriptor layout whenever VHCI_HC_PORTS is
greater than seven (default is 8).

Fixes: 04679b3489 ("Staging: USB/IP: add client driver")
Cc: Takahiro Hirofuchi <hirofuchi@users.sourceforge.net>
Cc: Valentina Manea <valentina.manea.m@gmail.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-17 11:53:02 +02:00
Yuyang Du
4eebed9a64 usb: usbip: Remove unnecessary get_vdev()
vhci_tx_urb() should be able to get the vhci_device from
its caller vhci_urb_enqueue(), instead of brutal-force
searching it.

Reviewed-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Signed-off-by: Yuyang Du <yuyang.du@intel.com>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-04-08 12:04:42 +02:00
Gustavo A. R. Silva
7c92e5fbf4 drivers: usb: usbip: Add missing break statement to switch
Add missing break statement to prevent the code for case
USB_PORT_FEAT_C_RESET falling through to the default case.

Addresses-Coverity-ID: 143155
Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-02-09 13:34:18 +01:00
Nobuo Iwata
d79cda045e usbip: fix possibility of dereference by NULLL pointer in vhci_hcd.c
This patch fixes possibility of dereference by NULLL pointer in "[PATCH
v5 1/3] usbip: vhci extension: modifications to vhci driver" which has
been merged to 4.9-rc1. It occurs when a URB with pointer to invalid
USB/IP device is enqueued in race condition against detach operation.

A pointer was passed to vdev_to_vhci() before NULL check.
In vdev_to_vhci(), there's a dereference by the pointer.

This patch moves vdev_to_vhci() after NULL check of the pointer.

Signed-off-by: Nobuo Iwata <nobuo.iwata@fujixerox.co.jp>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-11-07 10:19:49 +01:00
Wei Yongjun
6e958051cb usbip: vhci_hcd: fix return value check in add_platform_device()
In case of error, the function platform_device_register_simple() returns
ERR_PTR() and never returns NULL. The NULL test in the return value
check should be replaced with IS_ERR().

Signed-off-by: Wei Yongjun <weiyj.lk@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-08-15 16:25:59 +02:00
Nobuo Iwata
0775a9cbc6 usbip: vhci extension: modifications to vhci driver
Modification to Kconfig, vhci_hc.c, vhci.h and vhci_sysfs.c.

1. kernel config

Followings are added.

USBIP_VHCI_HC_PORTS: Number of ports per USB/IP virtual host
controller. The default is 8 - same as current VHCI_NPORTS.
USBIP_VHCI_NR_HCS: Number of USB/IP virtual host controllers. The
default is 1. This paratmeter is replaced with USBIP_VHCI_INIT_HCS and
USBIP_VHCI_MAX_HCS included in succeeding dynamic extension patch.

2. the_controller to controllers

the_controller is changed to vhci_pdevs: array of struct
platform_device.

3. vhci_sysfs.c

Sysfs structure is changed as following.

BEFORE:
    /sys/devices/platform
        +-- vhci
            +-- status
            +-- attach
            +-- detach
            +-- usbip_debug

AFTER: example for CONFIG_USBIP_NR_HCS=4
    /sys/devices/platform
        +-- vhci
        |   +-- nports
        |   +-- status
        |   +-- status.1
        |   +-- status.2
        |   +-- status.3
        |   +-- attach
        |   +-- detach
        |   +-- usbip_debug
        +-- vhci.1
        +-- vhci.2
        +-- vhci.3

vhci[.N] is shown for each host controller kobj. vhch.1, vhci.2, ...
are shown only when CONFIG_USBIP_NR_HCS is more than 1. Only 'vhci'
(without number) has user space interfaces. 'nports' is newly added to
give ports-per-controller and number of controlles. Before that, number
of ports is acquired by reading status lines. Status is divided for
each controller to avoid page size (4KB) limitation.

Old userspace tool binaries work with the first status within the first
controller.

Inconsistency between status header and content is fixed.
4th and 5th column are
header:          "dev bus"
content(unused): "000 000"
content(used):   "%08x", devid
Only 1st and 2nd column are used by program. In old version, sscanf()
in parse_status expect no bus column. And bus_id string is shown in the
last column. Then bus in the header is removed and unused content is
replaced with 8 zeros. The sscanf() expects more than 5 columns and new
has 6 columns so there's no compatibility issue in this change.

Signed-off-by: Nobuo Iwata <nobuo.iwata@fujixerox.co.jp>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-08-09 16:21:05 +02:00
Greg Kroah-Hartman
083d5ad1a9 usbip: rate limit get_frame_number message
It's annoying to constantly see the same "Not yet implemented" message
over and over with nothing able to be done about it, so rate limit it
for now to keep user's logs "clean".

Reported-by: Lars Täuber <lars.taeuber@web.de>
Tested-by: Lars Täuber <lars.taeuber@web.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-06-17 18:00:46 -07:00
Andrew Goodbody
21619792d1 usb: usbip: Fix possible deadlocks reported by lockdep
Change spin_lock calls to spin_lock_irqsave to prevent
attmpted recursive lock taking in interrupt context.

This patch fixes Bug 109351
  https://bugzilla.kernel.org/show_bug.cgi?id=109351

Signed-off-by: Andrew Goodbody <andrew.goodbody@cambrionix.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-02-03 13:52:10 -08:00
Igor Kotrasinski
635e664a6b usbip: vhci_hcd: at unlink, return -EIDRM if vhci_rx took the urb
In a situation where the urb is about to be returned or was never
there, we should return -EIDRM (as per usb_hcd_check_unlink_urb).
This is exactly the situation when the urb is picked up by vhci_rx
before we access priv.

Return -EIDRM rather than 0 when this happens.

Signed-off-by: Igor Kotrasinski <i.kotrasinsk@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-10-04 10:59:03 +01:00
Igor Kotrasinski
03b0a52822 usbip: vhci_hcd: only return urb at enqueue when served
We handle USB_REQ_SET_ADDRESS at enqueue, so we want to perform
cleanup and giveback the urb. We should not call usb_hcd_giveback_urb
when we're cleaning up after a failed enqueue, though.

Only giveback the urb at cleanup when we claim to have served it.

Signed-off-by: Igor Kotrasinski <i.kotrasinsk@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-10-04 10:59:03 +01:00
Vaishali Thakkar
0c596336a8 usbip: vhci_hcd: Convert use of __constant_cpu_to_le16 to cpu_to_le16
In big endian cases, macro cpu_to_le16 unfolds to __swab16 which
provides special case for constants. In little endian cases,
__constant_cpu_to_le16 and cpu_to_le16 expand directly to the
same expression. So, replace __constant_cpu_to_le16 with
cpu_to_le16 with the goal of getting rid of the definition of
__constant_cpu_to_le16 completely.

The semantic patch that performs this transformation is as follows:

@@expression x;@@

- __constant_cpu_to_le16(x)
+ cpu_to_le16(x)

Signed-off-by: Vaishali Thakkar <vthakkar1994@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-10-04 10:45:08 +01:00
Sergei Shtylyov
8f413d807b usbip: vhci_hcd: use USB_DT_HUB
Fix  using the  bare number to set the 'bDescriptorType' field of the Hub
Descriptor while the value  is #define'd in <linux/usb/ch11.h>.

Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Acked-by: Valentina Manea <valentina.manea.m@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-04-03 19:03:15 +02:00
Sergei Shtylyov
1cc9af8711 usbip: vhci_hcd: use HUB_CHAR_*
Fix  using the  bare number  to set the 'wHubCharacteristics' field of the Hub
Descriptor while the values are #define'd in <linux/usb/ch11.h>.

Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Acked-by: Valentina Manea <valentina.manea.m@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-01-25 21:02:33 +08:00
Linus Torvalds
e6b5be2be4 Driver core patches for 3.19-rc1
Here's the set of driver core patches for 3.19-rc1.
 
 They are dominated by the removal of the .owner field in platform
 drivers.  They touch a lot of files, but they are "simple" changes, just
 removing a line in a structure.
 
 Other than that, a few minor driver core and debugfs changes.  There are
 some ath9k patches coming in through this tree that have been acked by
 the wireless maintainers as they relied on the debugfs changes.
 
 Everything has been in linux-next for a while.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iEYEABECAAYFAlSOD20ACgkQMUfUDdst+ylLPACg2QrW1oHhdTMT9WI8jihlHVRM
 53kAoLeteByQ3iVwWurwwseRPiWa8+MI
 =OVRS
 -----END PGP SIGNATURE-----

Merge tag 'driver-core-3.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core

Pull driver core update from Greg KH:
 "Here's the set of driver core patches for 3.19-rc1.

  They are dominated by the removal of the .owner field in platform
  drivers.  They touch a lot of files, but they are "simple" changes,
  just removing a line in a structure.

  Other than that, a few minor driver core and debugfs changes.  There
  are some ath9k patches coming in through this tree that have been
  acked by the wireless maintainers as they relied on the debugfs
  changes.

  Everything has been in linux-next for a while"

* tag 'driver-core-3.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: (324 commits)
  Revert "ath: ath9k: use debugfs_create_devm_seqfile() helper for seq_file entries"
  fs: debugfs: add forward declaration for struct device type
  firmware class: Deletion of an unnecessary check before the function call "vunmap"
  firmware loader: fix hung task warning dump
  devcoredump: provide a one-way disable function
  device: Add dev_<level>_once variants
  ath: ath9k: use debugfs_create_devm_seqfile() helper for seq_file entries
  ath: use seq_file api for ath9k debugfs files
  debugfs: add helper function to create device related seq_file
  drivers/base: cacheinfo: remove noisy error boot message
  Revert "core: platform: add warning if driver has no owner"
  drivers: base: support cpu cache information interface to userspace via sysfs
  drivers: base: add cpu_device_create to support per-cpu devices
  topology: replace custom attribute macros with standard DEVICE_ATTR*
  cpumask: factor out show_cpumap into separate helper function
  driver core: Fix unbalanced device reference in drivers_probe
  driver core: fix race with userland in device_add()
  sysfs/kernfs: make read requests on pre-alloc files use the buffer.
  sysfs/kernfs: allow attributes to request write buffer be pre-allocated.
  fs: sysfs: return EGBIG on write if offset is larger than file size
  ...
2014-12-14 16:10:09 -08:00
Markus Elfring
03f3df817d USB-IP: Deletion of unnecessary checks before the function call "usb_put_dev"
The usb_put_dev() function tests whether its argument is NULL and then
returns immediately. Thus the test around the call is not needed.

This issue was detected by using the Coccinelle software.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Acked-by: Valentina Manea <valentina.manea.m@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-11-24 17:23:41 -08:00
Wolfram Sang
0ca4ac7fb3 usb: usbip: drop owner assignment from platform_drivers
A platform_driver does not need to set an owner, it will be populated by the
driver core.

Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
2014-10-20 16:21:51 +02:00
Valentina Manea
96c2737716 usbip: move usbip kernel code out of staging
At this point, USB/IP kernel code is fully functional
and can be moved out of staging.

Signed-off-by: Valentina Manea <valentina.manea.m@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-08-25 10:40:06 -07:00