Commit Graph

73 Commits

Author SHA1 Message Date
Felipe Balbi
0700faaf73 usb: gadget: only GPL drivers in the gadget and phy framework
We only support GPL drivers in the USB Gadget Framework,
it sounds correct to make all exported symbols GPL too.

Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2014-04-21 14:07:12 -05:00
Robert Baldyga
48968f8d5f usb: gadget: f_fs: add missing spinlock and mutex unlock
This patch adds missing spin_unlock and mutex_unlock calls in
error handling code.

Signed-off-by: Robert Baldyga <r.baldyga@samsung.com>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Acked-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-03-17 16:05:31 -07:00
Greg Kroah-Hartman
7338a06593 usb: patches for v3.15
another substantial pull request with new features all over
 the place.
 
 dwc3 got a bit closer towards hibernation support with after
 a few patches re-factoring code to be reused for hibernation.
 Also in dwc3 two new workarounds for known silicon bugs have
 been implemented, some randconfig build errors have been fixed,
 and it was taught about the new generic phy layer.
 
 MUSB on AM335x now supports isochronous transfers thanks to
 George Cherian's work.
 
 The atmel_usba driver got two crash fixes: one when no endpoint
 was specified in DeviceTree data and another when stopping the UDC
 in DEBUG builds.
 
 Function FS got a much needed fix to ffs_epfile_io() which was
 copying too much data to userspace in some cases.
 
 The printer gadget got a fix for a possible deadlock and plugged
 a memory leak.
 
 Ethernet drivers now use NAPI for RX which gives improved throughput.
 
 Other than that, the usual miscelaneous fixes, cleanups, and
 the like.
 
 Signed-of-by: Felipe Balbi <balbi@ti.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJTGmOyAAoJEIaOsuA1yqREVsQP/AjfOAuQJ7awaUVsJqBLGADW
 qmxc1rd+wKv7e9s4Jtu8z8PaZklAd4E3M8M378BsJIiMSbHZhb/KUFQPVgkp5Rnz
 Ps9k7k4P3+yoovWruR1YRk+/mx5ra//MdJ+FNMe6wa3Y57X7NRAfzSSQOOnmkJ5+
 3aSz2IRKXBmSqpcMZVTgn1j/YATfZxpCmrTPSOdgyIjeWs+8s1SjaEFsgCaVb4vH
 V1B3HsMPRCtrR0BV0f1FA1xp1pXdAU3UeRecuVibP5DDIKhMqB7N8BWTi2nu8c+1
 8wZ4S3BNJwBPmHU/XOkjLWnoZ6gZVIx2DEeCdh0hXF2lsbJYELCPptYEApDPyOvF
 zli6cCdPcM+bnWzmQyBXmu7uPVBOz3lv1HAkodOwhof1K556baZfXF+OpZ21+/oj
 l3I9Ebr86soVmxMzY1FyMN0F+klNCPTzmx4GS0GHJDCpMLvfX5rRVR0EXggIPGMC
 Lug/G8ySP0s+R1NTx+I6zJUV3BXkjp2KQmfjiMSzWzOAMSdaucRu4S71mgCvx1uN
 5T4tWAAtl90O/6V+d3Lx4PMOUiBXCv3ZboDKNdRXrX3/omd2JkOKqj4J8hxJ1F0w
 l6jb8IIXiO6xElC6fBQ7Dq54kD7cLzEnFBn5I4Fg5AjPatbHDEjerArL8I+Loe/u
 E+V2mp0qzoUxtqi5aMND
 =AAie
 -----END PGP SIGNATURE-----

Merge tag 'usb-for-v3.15' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-next

Felipe writes:

usb: patches for v3.15

another substantial pull request with new features all over
the place.

dwc3 got a bit closer towards hibernation support with after
a few patches re-factoring code to be reused for hibernation.
Also in dwc3 two new workarounds for known silicon bugs have
been implemented, some randconfig build errors have been fixed,
and it was taught about the new generic phy layer.

MUSB on AM335x now supports isochronous transfers thanks to
George Cherian's work.

The atmel_usba driver got two crash fixes: one when no endpoint
was specified in DeviceTree data and another when stopping the UDC
in DEBUG builds.

Function FS got a much needed fix to ffs_epfile_io() which was
copying too much data to userspace in some cases.

The printer gadget got a fix for a possible deadlock and plugged
a memory leak.

Ethernet drivers now use NAPI for RX which gives improved throughput.

Other than that, the usual miscelaneous fixes, cleanups, and
the like.

Signed-of-by: Felipe Balbi <balbi@ti.com>
2014-03-07 16:47:36 -08:00
Chuansheng Liu
cfe919b53b usb: gadget: return the right length in ffs_epfile_io()
When the request length is aligned to maxpacketsize, sometimes
the return length ret > the user space requested len.

At that time, we will use min_t(size_t, ret, len) to limit the
size in case of user data buffer overflow.

But we need return the min_t(size_t, ret, len) to tell the user
space rightly also.

[ balbi@ti.com: also fix comment's indentation ]

Acked-by: Michal Nazarewicz <mina86@mina86.com>
Reviewed-by: David Cohen <david.a.cohen@linux.intel.com>
Signed-off-by: Chuansheng Liu <chuansheng.liu@intel.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2014-03-07 10:03:25 -06:00
Michal Nazarewicz
ac8dde11f2 usb: gadget: f_fs: Add flags to descriptors block
This reworks the way SuperSpeed descriptors are added and instead of
having a magic after full and high speed descriptors, it reworks the
whole descriptors block to include a flags field which lists which
descriptors are present and makes future extensions possible.

Signed-off-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2014-03-05 14:40:11 -06:00
Manu Gautam
8d4e897bd0 usb: gadget: f_fs: Add support for SuperSpeed Mode
Allow userspace to pass SuperSpeed descriptors and
handle them in the driver accordingly.
This change doesn't modify existing desc_header and thereby
keeps the ABI changes backward compatible i.e. existing
userspace drivers compiled with old header (functionfs.h)
would continue to work with the updated kernel.

Signed-off-by: Manu Gautam <mgautam@codeaurora.org>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2014-03-05 14:40:10 -06:00
Andrzej Pietrasiewicz
f0f42204d0 usb: gadget: fix NULL pointer dereference
Fix possible NULL pointer dereference introduced in
commit 219580e (usb: f_fs: check quirk to pad epout
buf size when not aligned to maxpacketsize)

In cases we do wait with:

wait_event_interruptible(epfile->wait, (ep = epfile->ep));

for endpoint to be enabled, functionfs_bind() has not been called yet
and epfile->ffs->gadget is still NULL and the automatic variable 'gadget'
has been initialized with NULL at the point of its definition.
Later on it is used as a parameter to:

usb_ep_align_maybe(gadget, ep->ep, len)

which in turn dereferences it.

This patch fixes it by moving the actual assignment to the local 'gadget'
variable after the potential waiting has completed.

Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2014-02-20 09:17:23 -06:00
Robert Baldyga
2e4c7553cd usb: gadget: f_fs: add aio support
This patch adds asynchronous I/O support for FunctionFS endpoint files.
It adds ffs_epfile_aio_write() and ffs_epfile_aio_read() functions responsible
for preparing AIO operations.

It also modifies ffs_epfile_io() function, adding aio handling code. Instead
of extending list of parameters of this function, there is new struct
ffs_io_data which contains all information needed to perform I/O operation.
Pointer to this struct replaces "buf" and "len" parameters of ffs_epfile_io()
function. Allocated buffer is freed immediately only after sync operation,
because in async IO it's freed in complete funcion. For each async operation
an USB request is allocated, because it allows to have more than one request
queued on single endpoint.

According to changes in ffs_epfile_io() function, functions ffs_epfile_write()
and ffs_epfile_read() are updated to use new API.

For asynchronous I/O operations there is new request complete function named
ffs_epfile_async_io_complete(), which completes AIO operation, and frees
used memory.

Signed-off-by: Robert Baldyga <r.baldyga@samsung.com>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2014-02-18 10:53:02 -06:00
Robert Baldyga
23de91e970 usb: gadget: f_fs: add poll for endpoint 0
This patch adds poll function for file representing ep0.

Ability of read from or write to ep0 file is related with actual state of ffs:
- When desctiptors or strings are not written yet, POLLOUT flag is set.
- If there is any event to read, POLLIN flag is set.
- If setup request was read, POLLIN and POLLOUT flag is set, to allow
  send response (by performing I/O operation consistent with setup request
  direction) or set stall (by performing I/O operation opposite  setup
  request direction).

Signed-off-by: Robert Baldyga <r.baldyga@samsung.com>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2014-02-18 10:53:01 -06:00
Robert Baldyga
0a7b1f8a70 usb: gadget: f_fs: fix setup request handling
This patch fixes __ffs_ep0_queue_wait() function, which now returns number of
bytes transferred in USB request or error code in case of failure. This is
needed by ffs_ep0_read() function, when read data is copied to userspace.

It also cleans up code by removing usused variable ep0req_status.

Signed-off-by: Robert Baldyga <r.baldyga@samsung.com>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2014-02-18 10:53:01 -06:00
Michal Nazarewicz
a7ecf0544f usb: gadget: functionfs: replace FFS_SETUP_STATUS with an inline function
The FFS_SETUP_STATUS macro could be trivialy replaced with an static
inline function but more importantly its name was tad confusing.
The name suggested it was a simple accessor macro but it actually
did change the state of the ffs_data structure perfomring
a FFS_SETUP_CANCELLED -> FFS_NO_SETUP transition.  The name of the
function -- ffs_setup_state_clear_cancelled -- should better
describe what the function actually does.

Signed-off-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Robert Baldyga <r.baldyga@samsung.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2014-02-18 10:53:00 -06:00
Michal Nazarewicz
e46318a000 usb: gadget: functionfs: fix typo in the enum variable
Since “cancelled” is spelled with two “l”s, rename FFS_SETUP_CANCELED
to FFS_SETUP_CANCELLED.

Signed-off-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Robert Baldyga <r.baldyga@samsung.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2014-02-18 10:53:00 -06:00
Andrzej Pietrasiewicz
da13a7738e usb: gadget: FunctionFS: use consistent naming with regard to ffs_lock
Consistently prefix function name with underscore if the function has to
be called with ffs_lock taken.

Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2014-02-18 10:52:56 -06:00
Andrzej Pietrasiewicz
10b69ce08c usb: gadget: FunctionFS: staticize functions used only in f_fs.c
ffs_alloc_dev and ffs_free_dev are used only in f_fs.c,
so make them static.

Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2014-02-18 10:52:56 -06:00
Andrzej Pietrasiewicz
ab13cb0c0d usb: gadget: code cleanup
Remove trailing whitespace

Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2014-02-18 10:52:55 -06:00
Andrzej Pietrasiewicz
ea365922f9 usb: gadget: FunctionFS: dereference ffs_dev conditionally
ffs_dev->ffs_release_dev_callback should be accessed only if ffs_dev
is not NULL.

Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2014-02-18 10:52:55 -06:00
Felipe Balbi
f8800d47bc usb: gadget: f_fs: fix sparse warning
use NULL when returning NULL pointers, not 0.

Signed-off-by: Felipe Balbi <balbi@ti.com>
2013-12-12 13:43:40 -06:00
Andrzej Pietrasiewicz
b658499f0f usb: gadget: FunctionFS: add configfs support
Add support for using FunctionFS in configfs-based USB gadgets.

[ balbi@ti.com : removed redefinition of VERBOSE_DEBUG and few
	trailing whitespaces ]

Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2013-12-12 13:43:40 -06:00
Andrzej Pietrasiewicz
3d8d72a4c3 usb: gadget: FunctionFS: Remove compatibility layer
There are no old function interface users left, so the old interface can
be removed.

Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2013-12-12 13:43:40 -06:00
Andrzej Pietrasiewicz
5920cda627 usb: gadget: FunctionFS: convert to new function interface with backward compatibility
This is required in order to integrate configfs support.
f_fs needs to be a separately compiled module and so it needs to use the new
interface.

Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2013-12-12 13:43:39 -06:00
Andrzej Pietrasiewicz
4b187fceec usb: gadget: FunctionFS: add devices management code
This will be required in order to use the new function interface
(usb_get_function_instance/usb_put_function_instance)

Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Kyunmgin Park <kyungmin.park@samsung.com>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2013-12-12 13:43:39 -06:00
Andrzej Pietrasiewicz
e72c39c069 usb: gadget: FunctionFS: create utility file
A header file to be used by f_fs.c and g_ffs.c will be required when
f_fs.c is converted into a module.

Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2013-12-12 13:43:38 -06:00
Andrzej Pietrasiewicz
e6f3862fa1 usb: gadget: FunctionFS: Remove VLAIS usage from gadget code
The use of variable length arrays in structs (VLAIS) in the Linux Kernel code
precludes the use of compilers which don't implement VLAIS (for instance the
Clang compiler). This alternate patch calculates offsets into the kmalloc-ed
memory buffer using macros. The previous patch required multiple kmalloc and
kfree calls. This version uses "group" vs "struct" since it really is not a
struct and is essentially a group of VLA in a common allocated block. This
version also fixes the issues pointed out by Andrzej Pietrasiewicz and
Michal Nazarewicz.

Signed-off-by: Mark Charlebois <charlebm@gmail.com>
Signed-off-by: Behan Webster <behanw@converseincode.com>

[elimination of miexed declaration and code, checkpatch cleanup]
[fixes after Michal's review]
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2013-12-12 13:43:38 -06:00
Michal Nazarewicz
219580e64f usb: f_fs: check quirk to pad epout buf size when not aligned to maxpacketsize
Check gadget.quirk_ep_out_aligned_size to decide if buffer size requires
to be aligned to maxpacketsize of an out endpoint.  ffs_epfile_io() needs
to pad epout buffer to match above condition if quirk is found.

Signed-off-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: David Cohen <david.a.cohen@linux.intel.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2013-12-09 22:44:07 -06:00
Michal Nazarewicz
7fa6803483 usb: gadget: f_fs: remove loop from I/O function
When endpoint changes (due to it being disabled or alt setting changed),
mimic the action as if the change happened after the request has been
queued, instead of retrying with the new endpoint.

Signed-off-by: Michal Nazarewicz <mina86@mina86.com>
Cc: David Cohen <david.a.cohen@linux.intel.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2013-12-09 22:44:06 -06:00
Wolfram Sang
16735d022f tree-wide: use reinit_completion instead of INIT_COMPLETION
Use this new function to make code more comprehensible, since we are
reinitialzing the completion, not initializing.

[akpm@linux-foundation.org: linux-next resyncs]
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Acked-by: Linus Walleij <linus.walleij@linaro.org> (personally at LCE13)
Cc: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-11-15 09:32:21 +09:00
Greg Kroah-Hartman
bdd78f22ff usb: fixes for v3.12-rc4
Here are some more fixes to musb's OTG support and a regression
 caused on latest merge window; pxa25x_udc and gpio-vbus learned
 to cope with deferred probe; s3c-hsotg got a fix for non-periodic
 endpoints write size and f_fs got an error handling fix for cases
 where ffs_do_descs() fail.
 
 Signed-of-by: Felipe Balbi <balbi@ti.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIcBAABAgAGBQJSStwTAAoJEIaOsuA1yqREpMgP/2BbaC0hCO3wA6NPul2drke2
 lb1yKU9bKhk3R0McRWhV9iJGjStpIBYLlbE66sjAvu2r53JktMysb6xPwnPwgNPK
 RabFpQnNiS/voyaAKyLq69WIPC9dfT/LwUXS4NouwTgEjPJuYs3La69NJRZlHx8A
 iFXsQtgS2h6gIKm2r71TYamgO/jYmwZsetpwOrjCz1AlTt/6wjy5ilQthHs+F0de
 iNFRsvRYyuMO2BEmqI286U7FWPK4FAO3bsqwP4EWZ7VqTLBBHqxFA3jscbeidbB4
 U6qRbekMfYCrYjYkKwuQAsFpvt6WHh8peCsWLxJ9SnyugwcXG4UwimP4qqkS6GhC
 VJpyYhE8AAHiPnXSigEFUPo3uwcylXdwg3viybezlSI/7X/NlQvhGWJZBDdSESS2
 ThieH2sFuqtk5XkG8lXySCeab/qp3NUNVVJf81G0sIjsgU2kmkTkE9913ird0kN8
 k+fkggtrK5YqbPoEIhhIdhwloyM6dxL3pLe3LHCwkyZ8Aeze8Wv1nd31OHWU1uVh
 ZjHA202MzpkHnj2gykzKS808h12S8czzIe5jTyiPPAwOz87DIxx64MqG2OGM8Rtv
 +/N+E3K/b0//Fg/GGFN2du+7SrRW4U8cAhBX9mh9j9eI2X9Yd3HclviSNM9lVTcN
 iCIY3ivMFg29aTVFIYFC
 =BQeb
 -----END PGP SIGNATURE-----

Merge tag 'fixes-for-v3.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-linus

Felipe writes:

usb: fixes for v3.12-rc4

Here are some more fixes to musb's OTG support and a regression
caused on latest merge window; pxa25x_udc and gpio-vbus learned
to cope with deferred probe; s3c-hsotg got a fix for non-periodic
endpoints write size and f_fs got an error handling fix for cases
where ffs_do_descs() fail.

Signed-of-by: Felipe Balbi <balbi@ti.com>
2013-10-01 14:22:05 -07:00
Robert Baldyga
8854894c04 usb: gadget: f_fs: fix error handling
This patch add missing error check in ffs_func_bind() function, after
ffs_do_descs() function call for high speed descriptors. Without this
check it's possible that the module will try dereference incorrect
pointer.

[ balbi@ti.com : removed trailing empty line ]

Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Robert Baldyga <r.baldyga@samsung.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2013-10-01 09:04:22 -05:00
Al Viro
2606b28aab USB: Fix breakage in ffs_fs_mount()
There's a bunch of failure exits in ffs_fs_mount() with
seriously broken recovery logics.  Most of that appears to stem
from misunderstanding of the ->kill_sb() semantics; unlike
->put_super() it is called for *all* superblocks of given type,
no matter how (in)complete the setup had been.  ->put_super()
is called only if ->s_root is not NULL; any failure prior to
setting ->s_root will have the call of ->put_super() skipped.
->kill_sb(), OTOH, awaits every superblock that has come from
sget().

Current behaviour of ffs_fs_mount():

We have struct ffs_sb_fill_data data on stack there.  We do
	ffs_dev = functionfs_acquire_dev_callback(dev_name);
and store that in data.private_data.  Then we call mount_nodev(),
passing it ffs_sb_fill() as a callback.  That will either fail
outright, or manage to call ffs_sb_fill().  There we allocate an
instance of struct ffs_data, slap the value of ffs_dev (picked
from data.private_data) into ffs->private_data and overwrite
data.private_data by storing ffs into an overlapping member
(data.ffs_data).  Then we store ffs into sb->s_fs_info and attempt
to set the rest of the things up (root inode, root dentry, then
create /ep0 there).  Any of those might fail.  Should that
happen, we get ffs_fs_kill_sb() called before mount_nodev()
returns.  If mount_nodev() fails for any reason whatsoever,
we proceed to
	functionfs_release_dev_callback(data.ffs_data);

That's broken in a lot of ways.  Suppose the thing has failed in
allocation of e.g. root inode or dentry.  We have
	functionfs_release_dev_callback(ffs);
	ffs_data_put(ffs);
done by ffs_fs_kill_sb() (ffs accessed via sb->s_fs_info), followed by
	functionfs_release_dev_callback(ffs);
from ffs_fs_mount() (via data.ffs_data).  Note that the second
functionfs_release_dev_callback() has every chance to be done to freed memory.

Suppose we fail *before* root inode allocation.  What happens then?
ffs_fs_kill_sb() doesn't do anything to ffs (it's either not called at all,
or it doesn't have a pointer to ffs stored in sb->s_fs_info).  And
	functionfs_release_dev_callback(data.ffs_data);
is called by ffs_fs_mount(), but here we are in nasal daemon country - we
are reading from a member of union we'd never stored into.  In practice,
we'll get what we used to store into the overlapping field, i.e. ffs_dev.
And then we get screwed, since we treat it (struct gfs_ffs_obj * in
disguise, returned by functionfs_acquire_dev_callback()) as struct
ffs_data *, pick what would've been ffs_data ->private_data from it
(*well* past the actual end of the struct gfs_ffs_obj - struct ffs_data
is much bigger) and poke in whatever it points to.

FWIW, there's a minor leak on top of all that in case if ffs_sb_fill()
fails on kstrdup() - ffs is obviously forgotten.

The thing is, there is no point in playing all those games with union.
Just allocate and initialize ffs_data *before* calling mount_nodev() and
pass a pointer to it via data.ffs_data.  And once it's stored in
sb->s_fs_info, clear data.ffs_data, so that ffs_fs_mount() knows that
it doesn't need to kill the sucker manually - from that point on
we'll have it done by ->kill_sb().

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Cc: stable <stable@vger.kernel.org> # 3.3+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-09-26 16:22:29 -07:00
Dan Carpenter
df4989954a usb: gadget: gadgetfs: potential use after free in unbind()
ffs_data_put() can sometimes free "ffs" so I have moved the call down
a line below the dereference.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2013-08-27 15:03:32 -05:00
Al Viro
3273097ee9 gadgetfs: don't bother with fops->owner
filesystem module as whole is pinned down by its superblock, no need
to have opened files on it to add anything to that.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-04-09 14:13:03 -04:00
Eric W. Biederman
7f78e03513 fs: Limit sys_mount to only request filesystem modules.
Modify the request_module to prefix the file system type with "fs-"
and add aliases to all of the filesystems that can be built as modules
to match.

A common practice is to build all of the kernel code and leave code
that is not commonly needed as modules, with the result that many
users are exposed to any bug anywhere in the kernel.

Looking for filesystems with a fs- prefix limits the pool of possible
modules that can be loaded by mount to just filesystems trivially
making things safer with no real cost.

Using aliases means user space can control the policy of which
filesystem modules are auto-loaded by editing /etc/modprobe.d/*.conf
with blacklist and alias directives.  Allowing simple, safe,
well understood work-arounds to known problematic software.

This also addresses a rare but unfortunate problem where the filesystem
name is not the same as it's module name and module auto-loading
would not work.  While writing this patch I saw a handful of such
cases.  The most significant being autofs that lives in the module
autofs4.

This is relevant to user namespaces because we can reach the request
module in get_fs_type() without having any special permissions, and
people get uncomfortable when a user specified string (in this case
the filesystem type) goes all of the way to request_module.

After having looked at this issue I don't think there is any
particular reason to perform any filtering or permission checks beyond
making it clear in the module request that we want a filesystem
module.  The common pattern in the kernel is to call request_module()
without regards to the users permissions.  In general all a filesystem
module does once loaded is call register_filesystem() and go to sleep.
Which means there is not much attack surface exposed by loading a
filesytem module unless the filesystem is mounted.  In a user
namespace filesystems are not mounted unless .fs_flags = FS_USERNS_MOUNT,
which most filesystems do not set today.

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Acked-by: Kees Cook <keescook@chromium.org>
Reported-by: Kees Cook <keescook@google.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-03-03 19:36:31 -08:00
Greg Kroah-Hartman
67635d397a Merge 3.8-rc5 into usb-next
This fixes up a conflict with drivers/usb/serial/io_ti.c that came up in
linux-next.

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-01-25 12:41:02 -08:00
Benoit Goby
b810075002 usb: gadget: FunctionFS: Fix missing braces in parse_opts
Add missing braces around an if block in ffs_fs_parse_opts. This broke
parsing the uid/gid mount options and causes mount to fail when using
uid/gid. This has been introduced by commit b9b73f7c (userns: Convert usb
functionfs to use kuid/kgid where appropriate) in 3.7.

Cc: <stable@vger.kernel.org>
Signed-off-by: Benoit Goby <benoit@android.com>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2013-01-18 14:11:11 +02:00
Michal Nazarewicz
afd2e186bd usb: gadget: FunctionFS: Use kstrtoul()
kstrtoul() checks for overflow which simple_strtoul() does not pluss
it has “*end == 0” check in it as well.  As a side effect, a new
line character is now accepted, but this should not be an issue.

Signed-off-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2013-01-10 12:42:14 +02:00
Sebastian Andrzej Siewior
10287baec7 usb: gadget: always update HS/SS descriptors and create a copy of them
HS and SS descriptors are staticaly created. They are updated during the
bind process with the endpoint address, string id or interface numbers.

After that, the descriptor chain is linked to struct usb_function which
is used by composite in order to serve the GET_DESCRIPTOR requests,
number of available configs and so on.

There is no need to assign the HS descriptor only if the UDC supports
HS speed because composite won't report those to the host if HS support
has not been reached. The same reasoning is valid for SS.

This patch makes sure each function updates HS/SS descriptors
unconditionally and uses the newly introduced helper function to create a
copy the descriptors for the speed which is supported by the UDC.

While at that, also rename f->descriptors to f->fs_descriptors in order
to make it more explicit what that means.

Cc: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2012-10-31 15:09:44 +02:00
Linus Torvalds
aab174f0df Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull vfs update from Al Viro:

 - big one - consolidation of descriptor-related logics; almost all of
   that is moved to fs/file.c

   (BTW, I'm seriously tempted to rename the result to fd.c.  As it is,
   we have a situation when file_table.c is about handling of struct
   file and file.c is about handling of descriptor tables; the reasons
   are historical - file_table.c used to be about a static array of
   struct file we used to have way back).

   A lot of stray ends got cleaned up and converted to saner primitives,
   disgusting mess in android/binder.c is still disgusting, but at least
   doesn't poke so much in descriptor table guts anymore.  A bunch of
   relatively minor races got fixed in process, plus an ext4 struct file
   leak.

 - related thing - fget_light() partially unuglified; see fdget() in
   there (and yes, it generates the code as good as we used to have).

 - also related - bits of Cyrill's procfs stuff that got entangled into
   that work; _not_ all of it, just the initial move to fs/proc/fd.c and
   switch of fdinfo to seq_file.

 - Alex's fs/coredump.c spiltoff - the same story, had been easier to
   take that commit than mess with conflicts.  The rest is a separate
   pile, this was just a mechanical code movement.

 - a few misc patches all over the place.  Not all for this cycle,
   there'll be more (and quite a few currently sit in akpm's tree)."

Fix up trivial conflicts in the android binder driver, and some fairly
simple conflicts due to two different changes to the sock_alloc_file()
interface ("take descriptor handling from sock_alloc_file() to callers"
vs "net: Providing protocol type via system.sockprotoname xattr of
/proc/PID/fd entries" adding a dentry name to the socket)

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (72 commits)
  MAX_LFS_FILESIZE should be a loff_t
  compat: fs: Generic compat_sys_sendfile implementation
  fs: push rcu_barrier() from deactivate_locked_super() to filesystems
  btrfs: reada_extent doesn't need kref for refcount
  coredump: move core dump functionality into its own file
  coredump: prevent double-free on an error path in core dumper
  usb/gadget: fix misannotations
  fcntl: fix misannotations
  ceph: don't abuse d_delete() on failure exits
  hypfs: ->d_parent is never NULL or negative
  vfs: delete surplus inode NULL check
  switch simple cases of fget_light to fdget
  new helpers: fdget()/fdput()
  switch o2hb_region_dev_write() to fget_light()
  proc_map_files_readdir(): don't bother with grabbing files
  make get_file() return its argument
  vhost_set_vring(): turn pollstart/pollstop into bool
  switch prctl_set_mm_exe_file() to fget_light()
  switch xfs_find_handle() to fget_light()
  switch xfs_swapext() to fget_light()
  ...
2012-10-02 20:25:04 -07:00
Linus Torvalds
437589a74b Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull user namespace changes from Eric Biederman:
 "This is a mostly modest set of changes to enable basic user namespace
  support.  This allows the code to code to compile with user namespaces
  enabled and removes the assumption there is only the initial user
  namespace.  Everything is converted except for the most complex of the
  filesystems: autofs4, 9p, afs, ceph, cifs, coda, fuse, gfs2, ncpfs,
  nfs, ocfs2 and xfs as those patches need a bit more review.

  The strategy is to push kuid_t and kgid_t values are far down into
  subsystems and filesystems as reasonable.  Leaving the make_kuid and
  from_kuid operations to happen at the edge of userspace, as the values
  come off the disk, and as the values come in from the network.
  Letting compile type incompatible compile errors (present when user
  namespaces are enabled) guide me to find the issues.

  The most tricky areas have been the places where we had an implicit
  union of uid and gid values and were storing them in an unsigned int.
  Those places were converted into explicit unions.  I made certain to
  handle those places with simple trivial patches.

  Out of that work I discovered we have generic interfaces for storing
  quota by projid.  I had never heard of the project identifiers before.
  Adding full user namespace support for project identifiers accounts
  for most of the code size growth in my git tree.

  Ultimately there will be work to relax privlige checks from
  "capable(FOO)" to "ns_capable(user_ns, FOO)" where it is safe allowing
  root in a user names to do those things that today we only forbid to
  non-root users because it will confuse suid root applications.

  While I was pushing kuid_t and kgid_t changes deep into the audit code
  I made a few other cleanups.  I capitalized on the fact we process
  netlink messages in the context of the message sender.  I removed
  usage of NETLINK_CRED, and started directly using current->tty.

  Some of these patches have also made it into maintainer trees, with no
  problems from identical code from different trees showing up in
  linux-next.

  After reading through all of this code I feel like I might be able to
  win a game of kernel trivial pursuit."

Fix up some fairly trivial conflicts in netfilter uid/git logging code.

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (107 commits)
  userns: Convert the ufs filesystem to use kuid/kgid where appropriate
  userns: Convert the udf filesystem to use kuid/kgid where appropriate
  userns: Convert ubifs to use kuid/kgid
  userns: Convert squashfs to use kuid/kgid where appropriate
  userns: Convert reiserfs to use kuid and kgid where appropriate
  userns: Convert jfs to use kuid/kgid where appropriate
  userns: Convert jffs2 to use kuid and kgid where appropriate
  userns: Convert hpfs to use kuid and kgid where appropriate
  userns: Convert btrfs to use kuid/kgid where appropriate
  userns: Convert bfs to use kuid/kgid where appropriate
  userns: Convert affs to use kuid/kgid wherwe appropriate
  userns: On alpha modify linux_to_osf_stat to use convert from kuids and kgids
  userns: On ia64 deal with current_uid and current_gid being kuid and kgid
  userns: On ppc convert current_uid from a kuid before printing.
  userns: Convert s390 getting uid and gid system calls to use kuid and kgid
  userns: Convert s390 hypfs to use kuid and kgid where appropriate
  userns: Convert binder ipc to use kuids
  userns: Teach security_path_chown to take kuids and kgids
  userns: Add user namespace support to IMA
  userns: Convert EVM to deal with kuids and kgids in it's hmac computation
  ...
2012-10-02 11:11:09 -07:00
Al Viro
260ef31135 usb/gadget: fix misannotations
__user * != * __user

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-09-26 22:20:21 -04:00
Eric W. Biederman
b9b73f7c4d userns: Convert usb functionfs to use kuid/kgid where appropriate
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Felipe Balbi <balbi@ti.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
2012-09-21 03:12:51 -07:00
Andrzej Pietrasiewicz
ea0e627623 usb: gadget: add multiple definition guards
If f_fs.c and u_serial.c are combined together using #include, which has
been a common practice so far, the pr_vdebug macro is defined multiple
times. Define it only once.

Acked-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2012-09-06 19:52:23 +03:00
Koen Beel
560f118799 usb: gadget: ffs: add HID descriptor support.
When writing the descriptors to the ep0 file of functionfs, the HID descriptors where not recognized which caused the initialization from user space to fail.

Signed-off-by: Koen Beel <koen.beel@barco.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2012-06-04 18:11:59 +03:00
Andrzej Pietrasiewicz
581791f5c7 FunctionFS: enable multiple functions
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Cc: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-05-14 09:25:44 -07:00
Peter Korsgaard
4f06539ffa f_fs: ffs_func_free: cleanup requests allocated by autoconfig
functionfs was leaking request objects created by autoconfig.

Signed-off-by: Peter Korsgaard <peter.korsgaard@barco.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2012-05-04 15:53:09 +03:00
Andrzej Pietrasiewicz
92b0abf80c usb: gadget: eliminate NULL pointer dereference (bugfix)
usb: gadget: eliminate NULL pointer dereference (bugfix)

This patch fixes a bug which causes NULL pointer dereference in
ffs_ep0_ioctl. The bug happens when the FunctionFS is not bound (either
has not been bound yet or has been bound and then unbound) and can be
reproduced with running the following commands:

$ insmod g_ffs.ko
$ mount -t functionfs func /dev/usbgadget
$ ./null

where null.c is:

#include <fcntl.h>
#include <linux/usb/functionfs.h>

int main(void)
{
	int fd = open("/dev/usbgadget/ep0", O_RDWR);
	ioctl(fd, FUNCTIONFS_CLEAR_HALT);

	return 0;
}

Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Cc: stable@vger.kernel.org
Signed-off-by: Felipe Balbi <balbi@ti.com>
2012-04-10 19:11:51 +03:00
Andrzej Pietrasiewicz
e2190a97c6 usb: gadget: FunctionFS: clear FFS_FL_BOUND flag on unbind (bugfix)
clear FFS_FL_BOUND flag on unbind (bugfix)

Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2012-04-10 19:11:47 +03:00
Linus Torvalds
e2a0883e40 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull vfs pile 1 from Al Viro:
 "This is _not_ all; in particular, Miklos' and Jan's stuff is not there
  yet."

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (64 commits)
  ext4: initialization of ext4_li_mtx needs to be done earlier
  debugfs-related mode_t whack-a-mole
  hfsplus: add an ioctl to bless files
  hfsplus: change finder_info to u32
  hfsplus: initialise userflags
  qnx4: new helper - try_extent()
  qnx4: get rid of qnx4_bread/qnx4_getblk
  take removal of PF_FORKNOEXEC to flush_old_exec()
  trim includes in inode.c
  um: uml_dup_mmap() relies on ->mmap_sem being held, but activate_mm() doesn't hold it
  um: embed ->stub_pages[] into mmu_context
  gadgetfs: list_for_each_safe() misuse
  ocfs2: fix leaks on failure exits in module_init
  ecryptfs: make register_filesystem() the last potential failure exit
  ntfs: forgets to unregister sysctls on register_filesystem() failure
  logfs: missing cleanup on register_filesystem() failure
  jfs: mising cleanup on register_filesystem() failure
  make configfs_pin_fs() return root dentry on success
  configfs: configfs_create_dir() has parent dentry in dentry->d_parent
  configfs: sanitize configfs_create()
  ...
2012-03-21 13:36:41 -07:00
Al Viro
48fde701af switch open-coded instances of d_make_root() to new helper
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-03-20 21:29:35 -04:00
Andi Kleen
647d558023 usb: gadget: f_fs: Remove lock is held before freeing checks
lock debugging already supports this, no need to do it explicitely.

Cc: balbi@ti.com
Cc: gregkh@linuxfoundation.org
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-03-16 13:30:10 -07:00
Michal Nazarewicz
54b8360ffd usb: gadget: update Michal Nazarewicz's email address
The m.nazarewicz@samsung.com email address is no longer valid,
so this commit replaces it with mina86@mina86.com which is
employer-agnostic and thus should be valid for foreseeable
feature.

Signed-off-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2012-01-24 11:45:11 +02:00