From 071e179a4dabb59c72590fee3ea53ccbe7a69e72 Mon Sep 17 00:00:00 2001 From: "R. Steve McKown" Date: Tue, 18 May 2010 09:03:15 -0600 Subject: [PATCH] Various fixes proposed by Greg KH. --- src/cp210x.c | 66 +++++++++++++++++++++---------------------- src/cp210x.c.karmic | 68 ++++++++++++++++++++++----------------------- 2 files changed, 64 insertions(+), 70 deletions(-) diff --git a/src/cp210x.c b/src/cp210x.c index c670ea5..8c39dd1 100644 --- a/src/cp210x.c +++ b/src/cp210x.c @@ -147,14 +147,6 @@ static struct usb_serial_driver cp210x_device = { .shutdown = cp210x_shutdown, }; -/* Control request types */ -#define REQTYPE_CTL_TO_DEVICE USB_TYPE_VENDOR -#define REQTYPE_CTL_TO_HOST (USB_DIR_IN|REQTYPE_CTL_TO_DEVICE) - -/* Config request types */ -#define REQTYPE_HOST_TO_DEVICE (USB_TYPE_VENDOR|USB_RECIP_INTERFACE) -#define REQTYPE_DEVICE_TO_HOST (USB_DIR_IN|REQTYPE_HOST_TO_DEVICE) - /* Config SET requests. To GET, add 1 to the request number */ #define CP2101_UART 0x00 /* Enable / Disable */ #define CP2101_BAUDRATE 0x01 /* (BAUD_RATE_GEN_FREQ / baudrate) */ @@ -211,8 +203,10 @@ static struct usb_serial_driver cp210x_device = { #define CP210x_PART_CP2102 0x02 #define CP210x_PART_CP2103 0x03 -/* Helper to make usb string size */ -#define USBSTRLEN(x) (x * 2 + 2) +/* Return the size of the buffer needed to hold a string of len x formatted + * for send to CP210X, and its reverse. + */ +#define USBSTRLEN(strlen) (strlen * 2 + 2) /* Populates usbstr with: (len) + (0x03) + unicode(str). Each char in str * takes two bytes in unicode format. @@ -252,24 +246,22 @@ static int make_usb_string(char *usbstr, size_t usblen, char *src, * is the size of the buffer at kbuf. * Returns the number of bytes used in kbuf. */ -static size_t cp210x_usbstr_from_user(char *kbuf, unsigned long ubuf, - size_t klen) +static size_t cp210x_usbstr_from_user(char *kbuf, + struct cp210x_buffer __user *ubuf, size_t klen) { struct cp210x_buffer t; char *str; size_t slen; - if (!kbuf || !ubuf || !klen) - return 0; - if (copy_from_user(&t, (struct cp210x_buffer __user *)ubuf, sizeof(t))) - return 0; - if (!t.buf || !t.len || USBSTRLEN(t.len) > klen) + if (copy_from_user(&t, ubuf, sizeof(t))) return 0; slen = (klen - 2) / 2; + if (!t.buf || !t.len || t.len > slen) + return 0; if (t.len < slen) slen = t.len; str = kbuf + klen - slen; - if (copy_from_user(str, (u8 __user *)t.buf, slen)) + if (copy_from_user(str, (__u8 __user *)t.buf, slen)) return 0; return make_usb_string(kbuf, klen, str, slen); } @@ -317,7 +309,7 @@ static int cp210x_reset(struct usb_serial_port *port) /* Instructing the CP210X to reset seems to work more reliably than * calling usb_reset_device(). */ - cp210x_ctlmsg(port, 0xff, REQTYPE_CTL_TO_DEVICE, + cp210x_ctlmsg(port, 0xff, USB_TYPE_VENDOR, 0x0008, 0x00, NULL, 0); return 0; } @@ -335,7 +327,8 @@ static int cp210x_get_partnum(struct usb_serial_port *port) _partnum = CP210x_PART_CP2101; else if (addr == 0x01) { /* Must query part to determine part number */ - if (cp210x_ctlmsg(port, 0xff, REQTYPE_CTL_TO_HOST, + if (cp210x_ctlmsg(port, 0xff, + USB_DIR_IN|USB_TYPE_VENDOR, 0x370b, 0x00, &_partnum, 1) != 1) _partnum = CP210x_PART_UNKNOWN; } @@ -347,7 +340,7 @@ static int cp210x_get_partnum(struct usb_serial_port *port) static inline int cp210x_setu16(struct usb_serial_port *port, int cmd, unsigned int value) { - return cp210x_ctlmsg(port, 0xff, REQTYPE_CTL_TO_DEVICE, + return cp210x_ctlmsg(port, 0xff, USB_TYPE_VENDOR, 0x3700 | (cmd & 0xff), value, NULL, 0); } @@ -360,7 +353,7 @@ static inline int cp210x_setu16(struct usb_serial_port *port, int cmd, static int cp210x_setstr(struct usb_serial_port *port, int cmd, char *usbstr) { unsigned len = usbstr[0]; - int ret = cp210x_ctlmsg(port, 0xff, REQTYPE_CTL_TO_DEVICE, + int ret = cp210x_ctlmsg(port, 0xff, USB_TYPE_VENDOR, 0x3700 | (cmd & 0xff), 0, usbstr, len); dbg("%s - cmd 0x%02x len %d ret %d", __FUNCTION__, cmd, len, ret); return ret; @@ -371,7 +364,7 @@ static int cp210x_gpioset(struct usb_serial_port *port, u8 gpio) { dbg("%s - port %d, gpio = 0x%.2x", __FUNCTION__, port->number, gpio); - return cp210x_ctlmsg(port, 0xff, REQTYPE_CTL_TO_DEVICE, + return cp210x_ctlmsg(port, 0xff, USB_TYPE_VENDOR, 0x37e1, ((uint16_t)gpio << 8) | GPIO_MASK, NULL, 0); } @@ -400,7 +393,7 @@ static int cp210x_gpiosetb(struct usb_serial_port *port, u8 set, u8 clear) dbg("%s - port %d, gpiob = 0x%.4x", __FUNCTION__, port->number, gpio); - return cp210x_ctlmsg(port, 0xff, REQTYPE_CTL_TO_DEVICE, + return cp210x_ctlmsg(port, 0xff, USB_TYPE_VENDOR, 0x37e1, gpio, NULL, 0); } @@ -410,7 +403,7 @@ static int cp210x_gpioget(struct usb_serial_port *port, u8 *gpio) dbg("%s - port %d", __FUNCTION__, port->number); - ret = cp210x_ctlmsg(port, 0xff, REQTYPE_CTL_TO_HOST, + ret = cp210x_ctlmsg(port, 0xff, USB_DIR_IN|USB_TYPE_VENDOR, 0x00c2, 0, gpio, 1); dbg("%s - gpio = 0x%.2x (%d)", __FUNCTION__, *gpio, ret); @@ -437,7 +430,7 @@ static int cp210x_portconfset(struct usb_serial_port *port, lconfig.suspend.lowPower = 0; lconfig.reset.lowPower = 0; - ret = cp210x_ctlmsg(port, 0xff, REQTYPE_CTL_TO_DEVICE, 0x370c, + ret = cp210x_ctlmsg(port, 0xff, USB_TYPE_VENDOR, 0x370c, 0, &lconfig, sizeof(struct cp210x_port_config)); if (ret == sizeof(struct cp210x_port_config)) return 0; @@ -454,7 +447,7 @@ static int cp210x_portconfget(struct usb_serial_port *port, dbg("%s", __FUNCTION__); - ret = cp210x_ctlmsg(port, 0xff, REQTYPE_CTL_TO_HOST, + ret = cp210x_ctlmsg(port, 0xff, USB_DIR_IN|USB_TYPE_VENDOR, 0x370c, 0, config, sizeof(struct cp210x_port_config)); if (ret == sizeof(struct cp210x_port_config)) { /* Words from cp210x are MSB */ @@ -506,8 +499,9 @@ static int cp210x_get_config(struct usb_serial_port *port, u8 request, /* Issue the request, attempting to read 'size' bytes */ result = usb_control_msg(serial->dev, usb_rcvctrlpipe(serial->dev, 0), - request, REQTYPE_DEVICE_TO_HOST, 0x0000, - 0, buf, size, 300); + request, + USB_DIR_IN|USB_TYPE_VENDOR|USB_RECIP_INTERFACE, + 0x0000, 0, buf, size, 300); /* Convert data into an array of integers */ for (i = 0; i < length; i++) @@ -554,13 +548,13 @@ static int cp210x_set_config(struct usb_serial_port *port, u8 request, if (size > 2) { result = usb_control_msg(serial->dev, - usb_sndctrlpipe(serial->dev, 0), - request, REQTYPE_HOST_TO_DEVICE, 0x0000, + usb_sndctrlpipe(serial->dev, 0), request, + USB_TYPE_VENDOR|USB_RECIP_INTERFACE, 0x0000, 0, buf, size, 300); } else { result = usb_control_msg(serial->dev, - usb_sndctrlpipe(serial->dev, 0), - request, REQTYPE_HOST_TO_DEVICE, data[0], + usb_sndctrlpipe(serial->dev, 0), request, + USB_TYPE_VENDOR|USB_RECIP_INTERFACE, data[0], 0, NULL, 0, 300); } @@ -762,7 +756,8 @@ static int cp210x_ioctl(struct usb_serial_port *port, struct file *file, case CP210x_IOCTL_SETPRODUCT: { char usbstr[USBSTRLEN(CP210x_MAX_PRODUCT_STRLEN)]; - size_t len = cp210x_usbstr_from_user(usbstr, arg, + size_t len = cp210x_usbstr_from_user(usbstr, + (struct cp210x_buffer __user *)arg, sizeof(usbstr)); if (len && cp210x_setstr(port, 0x03, usbstr) == len) return 0; @@ -773,7 +768,8 @@ static int cp210x_ioctl(struct usb_serial_port *port, struct file *file, case CP210x_IOCTL_SETSERIAL: { char usbstr[USBSTRLEN(CP210x_MAX_SERIAL_STRLEN)]; - size_t len = cp210x_usbstr_from_user(usbstr, arg, + size_t len = cp210x_usbstr_from_user(usbstr, + (struct cp210x_buffer __user *)arg, sizeof(usbstr)); if (len && cp210x_setstr(port, 0x04, usbstr) == len) return 0; diff --git a/src/cp210x.c.karmic b/src/cp210x.c.karmic index 4f74b1b..764b8bb 100644 --- a/src/cp210x.c.karmic +++ b/src/cp210x.c.karmic @@ -151,14 +151,6 @@ static struct usb_serial_driver cp210x_device = { .disconnect = cp210x_disconnect, }; -/* Control request types */ -#define REQTYPE_CTL_TO_DEVICE USB_TYPE_VENDOR -#define REQTYPE_CTL_TO_HOST (USB_DIR_IN|REQTYPE_CTL_TO_DEVICE) - -/* Config request types */ -#define REQTYPE_HOST_TO_DEVICE (USB_TYPE_VENDOR|USB_RECIP_INTERFACE) -#define REQTYPE_DEVICE_TO_HOST (USB_DIR_IN|REQTYPE_HOST_TO_DEVICE) - /* Config request codes */ #define CP210X_IFC_ENABLE 0x00 #define CP210X_SET_BAUDDIV 0x01 @@ -232,8 +224,11 @@ static struct usb_serial_driver cp210x_device = { #define CP210x_PART_CP2102 0x02 #define CP210x_PART_CP2103 0x03 -/* Helper to make usb string size */ -#define USBSTRLEN(x) (x * 2 + 2) +/* Return the size of the buffer needed to hold a string of len x formatted + * for send to CP210X, and its reverse. + */ +#define USBSTRLEN(strlen) (strlen * 2 + 2) + /* Populates usbstr with: (len) + (0x03) + unicode(str). Each char in str * takes two bytes in unicode format. @@ -273,28 +268,27 @@ static int make_usb_string(char *usbstr, size_t usblen, char *src, * is the size of the buffer at kbuf. * Returns the number of bytes used in kbuf. */ -static size_t cp210x_usbstr_from_user(char *kbuf, unsigned long ubuf, - size_t klen) +static size_t cp210x_usbstr_from_user(char *kbuf, + struct cp210x_buffer __user *ubuf, size_t klen) { struct cp210x_buffer t; char *str; size_t slen; - if (!kbuf || !ubuf || !klen) - return 0; - if (copy_from_user(&t, (struct cp210x_buffer __user *)ubuf, sizeof(t))) - return 0; - if (!t.buf || !t.len || USBSTRLEN(t.len) > klen) + if (copy_from_user(&t, ubuf, sizeof(t))) return 0; slen = (klen - 2) / 2; + if (!t.buf || !t.len || t.len > slen) + return 0; if (t.len < slen) slen = t.len; str = kbuf + klen - slen; - if (copy_from_user(str, (u8 __user *)t.buf, slen)) + if (copy_from_user(str, (__u8 __user *)t.buf, slen)) return 0; return make_usb_string(kbuf, klen, str, slen); } + /* * cp210x_ctlmsg * A generic usb control message interface. @@ -338,7 +332,7 @@ static int cp210x_reset(struct usb_serial_port *port) /* Instructing the CP210X to reset seems to work more reliably than * calling usb_reset_device(). */ - cp210x_ctlmsg(port, 0xff, REQTYPE_CTL_TO_DEVICE, + cp210x_ctlmsg(port, 0xff, USB_TYPE_VENDOR, 0x0008, 0x00, NULL, 0); return 0; } @@ -356,7 +350,8 @@ static int cp210x_get_partnum(struct usb_serial_port *port) _partnum = CP210x_PART_CP2101; else if (addr == 0x01) { /* Must query part to determine part number */ - if (cp210x_ctlmsg(port, 0xff, REQTYPE_CTL_TO_HOST, + if (cp210x_ctlmsg(port, 0xff, + USB_DIR_IN|USB_TYPE_VENDOR, 0x370b, 0x00, &_partnum, 1) != 1) _partnum = CP210x_PART_UNKNOWN; } @@ -368,7 +363,7 @@ static int cp210x_get_partnum(struct usb_serial_port *port) static inline int cp210x_setu16(struct usb_serial_port *port, int cmd, unsigned int value) { - return cp210x_ctlmsg(port, 0xff, REQTYPE_CTL_TO_DEVICE, + return cp210x_ctlmsg(port, 0xff, USB_TYPE_VENDOR, 0x3700 | (cmd & 0xff), value, NULL, 0); } @@ -381,7 +376,7 @@ static inline int cp210x_setu16(struct usb_serial_port *port, int cmd, static int cp210x_setstr(struct usb_serial_port *port, int cmd, char *usbstr) { unsigned len = usbstr[0]; - int ret = cp210x_ctlmsg(port, 0xff, REQTYPE_CTL_TO_DEVICE, + int ret = cp210x_ctlmsg(port, 0xff, USB_TYPE_VENDOR, 0x3700 | (cmd & 0xff), 0, usbstr, len); dbg("%s - cmd 0x%02x len %d ret %d", __func__, cmd, len, ret); return ret; @@ -392,7 +387,7 @@ static int cp210x_gpioset(struct usb_serial_port *port, u8 gpio) { dbg("%s - port %d, gpio = 0x%.2x", __func__, port->number, gpio); - return cp210x_ctlmsg(port, 0xff, REQTYPE_CTL_TO_DEVICE, + return cp210x_ctlmsg(port, 0xff, USB_TYPE_VENDOR, 0x37e1, ((uint16_t)gpio << 8) | GPIO_MASK, NULL, 0); } @@ -421,7 +416,7 @@ static int cp210x_gpiosetb(struct usb_serial_port *port, u8 set, u8 clear) dbg("%s - port %d, gpiob = 0x%.4x", __func__, port->number, gpio); - return cp210x_ctlmsg(port, 0xff, REQTYPE_CTL_TO_DEVICE, + return cp210x_ctlmsg(port, 0xff, USB_TYPE_VENDOR, 0x37e1, gpio, NULL, 0); } @@ -431,7 +426,7 @@ static int cp210x_gpioget(struct usb_serial_port *port, u8 *gpio) dbg("%s - port %d", __func__, port->number); - ret = cp210x_ctlmsg(port, 0xff, REQTYPE_CTL_TO_HOST, + ret = cp210x_ctlmsg(port, 0xff, USB_DIR_IN|USB_TYPE_VENDOR, 0x00c2, 0, gpio, 1); dbg("%s - gpio = 0x%.2x (%d)", __func__, *gpio, ret); @@ -458,7 +453,7 @@ static int cp210x_portconfset(struct usb_serial_port *port, lconfig.suspend.lowPower = 0; lconfig.reset.lowPower = 0; - ret = cp210x_ctlmsg(port, 0xff, REQTYPE_CTL_TO_DEVICE, 0x370c, + ret = cp210x_ctlmsg(port, 0xff, USB_TYPE_VENDOR, 0x370c, 0, &lconfig, sizeof(struct cp210x_port_config)); if (ret == sizeof(struct cp210x_port_config)) return 0; @@ -475,7 +470,7 @@ static int cp210x_portconfget(struct usb_serial_port *port, dbg("%s", __func__); - ret = cp210x_ctlmsg(port, 0xff, REQTYPE_CTL_TO_HOST, + ret = cp210x_ctlmsg(port, 0xff, USB_DIR_IN|USB_TYPE_VENDOR, 0x370c, 0, config, sizeof(struct cp210x_port_config)); if (ret == sizeof(struct cp210x_port_config)) { /* Words from cp210x are MSB */ @@ -524,8 +519,9 @@ static int cp210x_get_config(struct usb_serial_port *port, u8 request, /* Issue the request, attempting to read 'size' bytes */ result = usb_control_msg(serial->dev, usb_rcvctrlpipe(serial->dev, 0), - request, REQTYPE_DEVICE_TO_HOST, 0x0000, - 0, buf, size, 300); + request, + USB_DIR_IN|USB_TYPE_VENDOR|USB_RECIP_INTERFACE, + 0x0000, 0, buf, size, 300); /* Convert data into an array of integers */ for (i = 0; i < length; i++) @@ -572,13 +568,13 @@ static int cp210x_set_config(struct usb_serial_port *port, u8 request, if (size > 2) { result = usb_control_msg(serial->dev, - usb_sndctrlpipe(serial->dev, 0), - request, REQTYPE_HOST_TO_DEVICE, 0x0000, + usb_sndctrlpipe(serial->dev, 0), request, + USB_TYPE_VENDOR|USB_RECIP_INTERFACE, 0x0000, 0, buf, size, 300); } else { result = usb_control_msg(serial->dev, - usb_sndctrlpipe(serial->dev, 0), - request, REQTYPE_HOST_TO_DEVICE, data[0], + usb_sndctrlpipe(serial->dev, 0), request, + USB_TYPE_VENDOR|USB_RECIP_INTERFACE, data[0], 0, NULL, 0, 300); } @@ -829,7 +825,8 @@ static int cp210x_ioctl(struct tty_struct *tty, struct file *file, case CP210x_IOCTL_SETPRODUCT: { char usbstr[USBSTRLEN(CP210x_MAX_PRODUCT_STRLEN)]; - size_t len = cp210x_usbstr_from_user(usbstr, arg, + size_t len = cp210x_usbstr_from_user(usbstr, + (struct cp210x_buffer __user *)arg, sizeof(usbstr)); if (len && cp210x_setstr(port, 0x03, usbstr) == len) return 0; @@ -840,7 +837,8 @@ static int cp210x_ioctl(struct tty_struct *tty, struct file *file, case CP210x_IOCTL_SETSERIAL: { char usbstr[USBSTRLEN(CP210x_MAX_SERIAL_STRLEN)]; - size_t len = cp210x_usbstr_from_user(usbstr, arg, + size_t len = cp210x_usbstr_from_user(usbstr, + (struct cp210x_buffer __user *)arg, sizeof(usbstr)); if (len && cp210x_setstr(port, 0x04, usbstr) == len) return 0; -- 2.39.2