linux-stable.git/drivers/usb/core, branch linux-2.6.30.y Linux kernel stable tree USB: fix the clear_tt_buffer interface 2009-09-09T03:34:00+00:00 Alan Stern stern@rowland.harvard.edu 2009-06-29T14:43:32+00:00 d34b435e14c18f29e15660e6fa2121297fb50018 commit cb88a1b887bb8908f6e00ce29e893ea52b074940 upstream. This patch (as1255) updates the interface for calling usb_hub_clear_tt_buffer(). Even the name of the function is changed! When an async URB (i.e., Control or Bulk) going through a high-speed hub to a non-high-speed device is cancelled or fails, the hub's Transaction Translator buffer may be left busy still trying to complete the transaction. The buffer has to be cleared; that's what usb_hub_clear_tt_buffer() does. It isn't safe to send any more URBs to the same endpoint until the TT buffer is fully clear. Therefore the HCD needs to be told when the Clear-TT-Buffer request has finished. This patch adds a callback method to struct hc_driver for that purpose, and makes the hub driver invoke the callback at the proper time. The patch also changes a couple of names; "hub_tt_kevent" and "tt.kevent" now look rather antiquated. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
commit cb88a1b887bb8908f6e00ce29e893ea52b074940 upstream.

This patch (as1255) updates the interface for calling
usb_hub_clear_tt_buffer().  Even the name of the function is changed!

When an async URB (i.e., Control or Bulk) going through a high-speed
hub to a non-high-speed device is cancelled or fails, the hub's
Transaction Translator buffer may be left busy still trying to
complete the transaction.  The buffer has to be cleared; that's what
usb_hub_clear_tt_buffer() does.

It isn't safe to send any more URBs to the same endpoint until the TT
buffer is fully clear.  Therefore the HCD needs to be told when the
Clear-TT-Buffer request has finished.  This patch adds a callback
method to struct hc_driver for that purpose, and makes the hub driver
invoke the callback at the proper time.

The patch also changes a couple of names; "hub_tt_kevent" and
"tt.kevent" now look rather antiquated.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
USB: devio: Properly do access_ok() checks 2009-08-16T21:19:06+00:00 Michael Buesch mb@bu3sch.de 2009-07-29T09:39:03+00:00 128b24b2c26360981bc9e92e190a622d24a47af5 commit 18753ebc8a98efe0e8ff6167afb31cef220c8e50 upstream. access_ok() checks must be done on every part of the userspace structure that is accessed. If access_ok() on one part of the struct succeeded, it does not imply it will succeed on other parts of the struct. (Does depend on the architecture implementation of access_ok()). This changes the __get_user() users to first check access_ok() on the data structure. Signed-off-by: Michael Buesch <mb@bu3sch.de> Cc: Pete Zaitcev <zaitcev@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
commit 18753ebc8a98efe0e8ff6167afb31cef220c8e50 upstream.

access_ok() checks must be done on every part of the userspace structure
that is accessed. If access_ok() on one part of the struct succeeded, it
does not imply it will succeed on other parts of the struct. (Does
depend on the architecture implementation of access_ok()).

This changes the __get_user() users to first check access_ok() on the
data structure.

Signed-off-by: Michael Buesch <mb@bu3sch.de>
Cc: Pete Zaitcev <zaitcev@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
USB: usbfs: fix -ENOENT error code to be -ENODEV 2009-08-16T21:19:05+00:00 Alan Stern stern@rowland.harvard.edu 2009-07-30T19:28:14+00:00 3fbb95c9e3a18649a7d52f37f6150d2ce8545aa3 commit 01105a246345f011fde64d24a601090b646e9e4c upstream. This patch (as1272) changes the error code returned when an open call for a USB device node fails to locate the corresponding device. The appropriate error code is -ENODEV, not -ENOENT. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> CC: Kay Sievers <kay.sievers@vrfy.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
commit 01105a246345f011fde64d24a601090b646e9e4c upstream.

This patch (as1272) changes the error code returned when an open call
for a USB device node fails to locate the corresponding device.  The
appropriate error code is -ENODEV, not -ENOENT.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: Kay Sievers <kay.sievers@vrfy.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
USB: fix LANGID=0 regression 2009-07-30T21:39:19+00:00 Daniel Mack daniel@caiaq.de 2009-07-10T09:04:58+00:00 41a96a761e60c29e4b0ae6f62b66dc639fc611d7 commit 0cce2eda19923e5e5ccc8b042dec5af87b3ffad0 upstream. commit b7af0bb ("USB: allow malformed LANGID descriptors") broke support for devices without string descriptor support. Reporting string descriptors is optional to USB devices, and a device lets us know it can't deal with strings by responding to the LANGID request with a STALL token. The kernel handled that correctly before b7af0bb came in, but failed hard if the LANGID was reported but broken. More than that, if a device was not able to provide string descriptors, the LANGID was retrieved over and over again at each string read request. This patch changes the behaviour so that a) the LANGID is only queried once b) devices which can't handle string requests are not asked again c) devices with malformed LANGID values have a sane fallback to 0x0409 Signed-off-by: Daniel Mack <daniel@caiaq.de> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
commit 0cce2eda19923e5e5ccc8b042dec5af87b3ffad0 upstream.

commit b7af0bb ("USB: allow malformed LANGID descriptors") broke support
for devices without string descriptor support.

Reporting string descriptors is optional to USB devices, and a device
lets us know it can't deal with strings by responding to the LANGID
request with a STALL token.

The kernel handled that correctly before b7af0bb came in, but failed
hard if the LANGID was reported but broken. More than that, if a device
was not able to provide string descriptors, the LANGID was retrieved
over and over again at each string read request.

This patch changes the behaviour so that

 a) the LANGID is only queried once
 b) devices which can't handle string requests are not asked again
 c) devices with malformed LANGID values have a sane fallback to 0x0409

Signed-off-by: Daniel Mack <daniel@caiaq.de>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
USB: fix memleak in usbfs 2009-07-30T21:39:17+00:00 Oliver Neukum oliver@neukum.org 2009-06-28T21:34:14+00:00 928d6bb8eeeb78e8653aa908f93e0263c6f71ad2 commit d794a02111cd3393da69bc7d6dd2b6074bd037cc upstream. This patch fixes a memory leak in devio.c::processcompl If writing to user space fails the packet must be discarded, as it already has been removed from the queue of completed packets. Signed-off-by: Oliver Neukum <oliver@neukum.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
commit d794a02111cd3393da69bc7d6dd2b6074bd037cc upstream.

This patch fixes a memory leak in devio.c::processcompl

If writing to user space fails the packet must be discarded, as it
already has been removed from the queue of completed packets.

Signed-off-by: Oliver Neukum <oliver@neukum.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
USB: handle zero-length usbfs submissions correctly 2009-07-30T21:39:13+00:00 Alan Stern stern@rowland.harvard.edu 2009-06-29T15:04:54+00:00 dcf40b739ed328a82ef6620c7b505a8209c0f009 commit 9180135bc80ab11199d482b6111e23f74d65af4a upstream. This patch (as1262) fixes a bug in usbfs: It refuses to accept zero-length transfers, and it insists that the buffer pointer be valid even if there is no data being transferred. The patch also consolidates a bunch of repetitive access_ok() checks into a single check, which incidentally fixes the lack of such a check for Isochronous URBs. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
commit 9180135bc80ab11199d482b6111e23f74d65af4a upstream.

This patch (as1262) fixes a bug in usbfs: It refuses to accept
zero-length transfers, and it insists that the buffer pointer be valid
even if there is no data being transferred.

The patch also consolidates a bunch of repetitive access_ok() checks
into a single check, which incidentally fixes the lack of such a check
for Isochronous URBs.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
USB: pass mem_flags to dma_alloc_coherent 2009-04-23T21:15:28+00:00 Johannes Berg johannes@sipsolutions.net 2009-04-18T09:00:39+00:00 a8aa401f38cfb5fa26e970b48e93fb851d68fe64 When I want to use my webcam, I get: vvvvvvv cheese: page allocation failure. order:5, mode:0x8004 Pid: 8100, comm: cheese Not tainted 2.6.30-rc2-wl-dirty #102 Call Trace: [<ffffffff802c5d8e>] __alloc_pages_internal+0x3fe/0x520 [<ffffffff80210a20>] dma_generic_alloc_coherent+0x90/0x120 [<ffffffffa001c91e>] hcd_buffer_alloc+0xee/0x130 [usbcore] [<ffffffffa000d52d>] usb_buffer_alloc+0x2d/0x40 [usbcore] [<ffffffffa0160e14>] uvc_alloc_urb_buffers+0x84/0x140 [uvcvideo] [<ffffffffa0160ff6>] uvc_init_video+0x126/0x400 [uvcvideo] [...] Oddly, I remembered fixing this and putting in __GFP_NOWARN because uvcvideo retries a smaller allocation. However, the allocation function doesn't pass the gfp flags through to dma_alloc_coherent so we still get the warning! Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
When I want to use my webcam, I get:

                                 vvvvvvv
cheese: page allocation failure. order:5, mode:0x8004
Pid: 8100, comm: cheese Not tainted 2.6.30-rc2-wl-dirty #102
Call Trace:
 [<ffffffff802c5d8e>] __alloc_pages_internal+0x3fe/0x520
 [<ffffffff80210a20>] dma_generic_alloc_coherent+0x90/0x120
 [<ffffffffa001c91e>] hcd_buffer_alloc+0xee/0x130 [usbcore]
 [<ffffffffa000d52d>] usb_buffer_alloc+0x2d/0x40 [usbcore]
 [<ffffffffa0160e14>] uvc_alloc_urb_buffers+0x84/0x140 [uvcvideo]
 [<ffffffffa0160ff6>] uvc_init_video+0x126/0x400 [uvcvideo]
 [...]

Oddly, I remembered fixing this and putting in __GFP_NOWARN
because uvcvideo retries a smaller allocation. However, the
allocation function doesn't pass the gfp flags through to
dma_alloc_coherent so we still get the warning!

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
USB: add reset endpoint operations 2009-04-17T17:50:27+00:00 David Vrabel david.vrabel@csr.com 2009-04-08T17:36:28+00:00 3444b26afa145148951112534f298bdc554ec789 Wireless USB endpoint state has a sequence number and a current window and not just a single toggle bit. So allow HCDs to provide a endpoint_reset method and call this or clear the software toggles as required (after a clear halt, set configuration etc.). usb_settoggle() and friends are then HCD internal and are moved into core/hcd.h and all device drivers call usb_reset_endpoint() instead. If the device endpoint state has been reset (with a clear halt) but the host endpoint state has not then subsequent data transfers will not complete. The device will only work again after it is reset or disconnected. Signed-off-by: David Vrabel <david.vrabel@csr.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
Wireless USB endpoint state has a sequence number and a current
window and not just a single toggle bit.  So allow HCDs to provide a
endpoint_reset method and call this or clear the software toggles as
required (after a clear halt, set configuration etc.).

usb_settoggle() and friends are then HCD internal and are moved into
core/hcd.h and all device drivers call usb_reset_endpoint() instead.

If the device endpoint state has been reset (with a clear halt) but
the host endpoint state has not then subsequent data transfers will
not complete. The device will only work again after it is reset or
disconnected.

Signed-off-by: David Vrabel <david.vrabel@csr.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
USB: allow malformed LANGID descriptors 2009-03-24T23:20:45+00:00 Daniel Mack daniel@caiaq.de 2009-03-20T18:58:57+00:00 b7af0bb26899bb47ae16fb41d2296111b0784a56 When an USB hardware does not provide a valid LANGID, fall back to value zero which is still a reasonable default for most devices. Signed-off-by: Daniel Mack <daniel@caiaq.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
When an USB hardware does not provide a valid LANGID, fall back to value
zero which is still a reasonable default for most devices.

Signed-off-by: Daniel Mack <daniel@caiaq.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
USB: more u32 conversion after transfer_buffer_length and actual_length 2009-03-24T23:20:45+00:00 Roel Kluin roel.kluin@gmail.com 2009-03-13T11:19:18+00:00 71d2718f2507dc17501d04e2bdca7b8e694ce365 transfer_buffer_length and actual_length have become unsigned, therefore some additional conversion of local variables, function arguments and print specifications is desired. A test for a negative urb->transfer_buffer_length became obsolete; instead we ensure that it does not exceed INT_MAX. Also, urb->actual_length is always less than urb->transfer_buffer_length. rh_string() does no longer return -EPIPE in the case of an unsupported ID. Instead its only caller, rh_call_control() does the check. Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
transfer_buffer_length and actual_length have become unsigned, therefore some
additional conversion of local variables, function arguments and print
specifications is desired.

A test for a negative urb->transfer_buffer_length became obsolete; instead
we ensure that it does not exceed INT_MAX. Also, urb->actual_length is always
less than urb->transfer_buffer_length.

rh_string() does no longer return -EPIPE in the case of an unsupported ID.
Instead its only caller, rh_call_control() does the check.

Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>