git: 82acd06d9ce5 - stable/13 - usb: add 32-bit compat for FIFOs
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 30 Apr 2023 06:57:42 UTC
The branch stable/13 has been updated by hselasky:
URL: https://cgit.FreeBSD.org/src/commit/?id=82acd06d9ce5e4133927b178d3b00d7f2c47f102
commit 82acd06d9ce5e4133927b178d3b00d7f2c47f102
Author: Brooks Davis <brooks@FreeBSD.org>
AuthorDate: 2021-12-17 21:28:14 +0000
Commit: Hans Petter Selasky <hselasky@FreeBSD.org>
CommitDate: 2023-04-30 06:56:15 +0000
usb: add 32-bit compat for FIFOs
Unlike most 32-bit compatability code, this isn't just a simple thunk
in the ioctl code. An ioctl (USB_FS_INIT) is used to install a
pointer to an array of usb_fs_endpoint structs which are then used
by the ugen fifo code. These struct contains an array of pointers
which requires translation. We change the interfaces around
struct usb_fs_endpoint as follows:
- We store the size of struct usb_fs_endpoint in struct usb_fifo
in the USB_FS_INIT handler so we know the ABI of the userspace
array.
- APIs to manipulate userspace struct usb_fs_endpoint objects now
take a struct usb_fifo and an index rather than a pointer to
the object. This allows most code to remain oblivious to the
different struct usb_fs_endpoint sizes.
- Add ugen_fs_copyin() which copies the struct usb_fs_endpoint
from userspace, thunking it to the native size if required.
- Uses of struct usb_fs_endpoint's ppBuffer member are now
via ugen_fs_getbuffer() which produces a native pointer.
- Updates to userspace are now handled by ugen_fs_update().
For clarity, single, fixed-sized members now are accessed with
fueword/suword rather than copyin/copyout.
Reviewed by: hselasky, jrtc27 (prior version)
(cherry picked from commit 0ec590d24e415dd36e38648630a0b963412ad87e)
(cherry picked from commit 8b60419b798ae9049988c529e6af3f313a5cce55)
---
sys/dev/usb/usb_dev.h | 1 +
sys/dev/usb/usb_generic.c | 235 +++++++++++++++++++++++++++++++++-------------
sys/dev/usb/usb_ioctl.h | 18 ++++
3 files changed, 188 insertions(+), 66 deletions(-)
diff --git a/sys/dev/usb/usb_dev.h b/sys/dev/usb/usb_dev.h
index ae851153efb1..1bdfa46d064f 100644
--- a/sys/dev/usb/usb_dev.h
+++ b/sys/dev/usb/usb_dev.h
@@ -123,6 +123,7 @@ struct usb_fifo {
void *priv_sc0; /* client data */
void *priv_sc1; /* client data */
void *queue_data;
+ usb_size_t fs_ep_sz;
usb_timeout_t timeout; /* timeout in milliseconds */
usb_frlength_t bufsize; /* BULK and INTERRUPT buffer size */
usb_frcount_t nframes; /* for isochronous mode */
diff --git a/sys/dev/usb/usb_generic.c b/sys/dev/usb/usb_generic.c
index b11168b6c81c..fdbc35d47169 100644
--- a/sys/dev/usb/usb_generic.c
+++ b/sys/dev/usb/usb_generic.c
@@ -119,6 +119,7 @@ static int ugen_re_enumerate(struct usb_fifo *);
static int ugen_iface_ioctl(struct usb_fifo *, u_long, void *, int);
static uint8_t ugen_fs_get_complete(struct usb_fifo *, uint8_t *);
static int ugen_fs_uninit(struct usb_fifo *f);
+static int ugen_fs_copyin(struct usb_fifo *, uint8_t, struct usb_fs_endpoint*);
/* structures */
@@ -1018,6 +1019,38 @@ ugen_fs_set_complete(struct usb_fifo *f, uint8_t index)
usb_fifo_wakeup(f);
}
+static int
+ugen_fs_getbuffer(void **uptrp, struct usb_fifo *f, void *buffer,
+ usb_frcount_t n)
+{
+ union {
+ void **ppBuffer;
+#ifdef COMPAT_FREEBSD32
+ uint32_t *ppBuffer32;
+#endif
+ } u;
+#ifdef COMPAT_FREEBSD32
+ uint32_t uptr32;
+#endif
+
+ u.ppBuffer = buffer;
+ switch (f->fs_ep_sz) {
+ case sizeof(struct usb_fs_endpoint):
+ if (fueword(u.ppBuffer + n, (long *)uptrp) != 0)
+ return (EFAULT);
+ return (0);
+#ifdef COMPAT_FREEBSD32
+ case sizeof(struct usb_fs_endpoint32):
+ if (fueword32(u.ppBuffer32 + n, &uptr32) != 0)
+ return (EFAULT);
+ *uptrp = PTRIN(uptr32);
+ return (0);
+#endif
+ default:
+ panic("%s: unhandled fs_ep_sz %#x", __func__, f->fs_ep_sz);
+ }
+}
+
static int
ugen_fs_copy_in(struct usb_fifo *f, uint8_t ep_index)
{
@@ -1047,8 +1080,7 @@ ugen_fs_copy_in(struct usb_fifo *f, uint8_t ep_index)
}
mtx_unlock(f->priv_mtx);
- error = copyin(f->fs_ep_ptr +
- ep_index, &fs_ep, sizeof(fs_ep));
+ error = ugen_fs_copyin(f, ep_index, &fs_ep);
if (error) {
return (error);
}
@@ -1062,8 +1094,7 @@ ugen_fs_copy_in(struct usb_fifo *f, uint8_t ep_index)
xfer->error = USB_ERR_INVAL;
goto complete;
}
- error = copyin(fs_ep.ppBuffer,
- &uaddr, sizeof(uaddr));
+ error = ugen_fs_getbuffer(&uaddr, f, fs_ep.ppBuffer, 0);
if (error) {
return (error);
}
@@ -1073,10 +1104,8 @@ ugen_fs_copy_in(struct usb_fifo *f, uint8_t ep_index)
if (xfer->flags_int.control_xfr) {
req = xfer->frbuffers[0].buffer;
- error = copyin(fs_ep.pLength,
- &length, sizeof(length));
- if (error) {
- return (error);
+ if (fueword32(fs_ep.pLength, &length) != 0) {
+ return (EFAULT);
}
if (length != sizeof(*req)) {
xfer->error = USB_ERR_INVAL;
@@ -1142,9 +1171,7 @@ ugen_fs_copy_in(struct usb_fifo *f, uint8_t ep_index)
xfer->flags.stall_pipe = 0;
for (; n != xfer->nframes; n++) {
- error = copyin(fs_ep.pLength + n,
- &length, sizeof(length));
- if (error) {
+ if (fueword32(fs_ep.pLength + n, &length) != 0) {
break;
}
usbd_xfer_set_frame_len(xfer, n, length);
@@ -1157,8 +1184,7 @@ ugen_fs_copy_in(struct usb_fifo *f, uint8_t ep_index)
if (!isread) {
/* we need to know the source buffer */
- error = copyin(fs_ep.ppBuffer + n,
- &uaddr, sizeof(uaddr));
+ error = ugen_fs_getbuffer(&uaddr, f, fs_ep.ppBuffer, n);
if (error) {
break;
}
@@ -1191,13 +1217,109 @@ complete:
return (0);
}
+static struct usb_fs_endpoint *
+ugen_fs_ep_uptr(struct usb_fifo *f, uint8_t ep_index)
+{
+ return ((struct usb_fs_endpoint *)
+ ((char *)f->fs_ep_ptr + (ep_index * f->fs_ep_sz)));
+}
+
+static int
+ugen_fs_copyin(struct usb_fifo *f, uint8_t ep_index,
+ struct usb_fs_endpoint* fs_ep)
+{
+#ifdef COMPAT_FREEBSD32
+ struct usb_fs_endpoint32 fs_ep32;
+#endif
+ int error;
+
+ switch (f->fs_ep_sz) {
+ case sizeof(struct usb_fs_endpoint):
+ error = copyin(ugen_fs_ep_uptr(f, ep_index), fs_ep,
+ f->fs_ep_sz);
+ if (error != 0)
+ return (error);
+ break;
+
+#ifdef COMPAT_FREEBSD32
+ case sizeof(struct usb_fs_endpoint32):
+ error = copyin(ugen_fs_ep_uptr(f, ep_index), &fs_ep32,
+ f->fs_ep_sz);
+ if (error != 0)
+ return (error);
+ PTRIN_CP(fs_ep32, *fs_ep, ppBuffer);
+ PTRIN_CP(fs_ep32, *fs_ep, pLength);
+ CP(fs_ep32, *fs_ep, nFrames);
+ CP(fs_ep32, *fs_ep, aFrames);
+ CP(fs_ep32, *fs_ep, flags);
+ CP(fs_ep32, *fs_ep, timeout);
+ CP(fs_ep32, *fs_ep, isoc_time_complete);
+ CP(fs_ep32, *fs_ep, status);
+ break;
+#endif
+ default:
+ panic("%s: unhandled fs_ep_sz %#x", __func__, f->fs_ep_sz);
+ }
+
+ return (0);
+}
+
static int
-ugen_fs_copy_out_cancelled(struct usb_fs_endpoint *fs_ep_uptr)
+ugen_fs_update(const struct usb_fs_endpoint *fs_ep,
+ struct usb_fifo *f, uint8_t ep_index)
+{
+ union {
+ struct usb_fs_endpoint *fs_ep_uptr;
+#ifdef COMPAT_FREEBSD32
+ struct usb_fs_endpoint32 *fs_ep_uptr32;
+#endif
+ } u;
+ uint32_t *aFrames_uptr;
+ uint16_t *isoc_time_complete_uptr;
+ int *status_uptr;
+
+ switch (f->fs_ep_sz) {
+ case sizeof(struct usb_fs_endpoint):
+ u.fs_ep_uptr = ugen_fs_ep_uptr(f, ep_index);
+ aFrames_uptr = &u.fs_ep_uptr->aFrames;
+ isoc_time_complete_uptr = &u.fs_ep_uptr->isoc_time_complete;
+ status_uptr = &u.fs_ep_uptr->status;
+ break;
+#ifdef COMPAT_FREEBSD32
+ case sizeof(struct usb_fs_endpoint32):
+ u.fs_ep_uptr32 = (struct usb_fs_endpoint32 *)
+ ugen_fs_ep_uptr(f, ep_index);
+ aFrames_uptr = &u.fs_ep_uptr32->aFrames;
+ isoc_time_complete_uptr = &u.fs_ep_uptr32->isoc_time_complete;
+ status_uptr = &u.fs_ep_uptr32->status;
+ break;
+#endif
+ default:
+ panic("%s: unhandled fs_ep_sz %#x", __func__, f->fs_ep_sz);
+ }
+
+ /* update "aFrames" */
+ if (suword32(aFrames_uptr, fs_ep->aFrames) != 0)
+ return (EFAULT);
+
+ /* update "isoc_time_complete" */
+ if (suword16(isoc_time_complete_uptr, fs_ep->isoc_time_complete) != 0)
+ return (EFAULT);
+
+ /* update "status" */
+ if (suword32(status_uptr, fs_ep->status) != 0)
+ return (EFAULT);
+
+ return (0);
+}
+
+static int
+ugen_fs_copy_out_cancelled(struct usb_fifo *f, uint8_t ep_index)
{
struct usb_fs_endpoint fs_ep;
int error;
- error = copyin(fs_ep_uptr, &fs_ep, sizeof(fs_ep));
+ error = ugen_fs_copyin(f, ep_index, &fs_ep);
if (error)
return (error);
@@ -1205,24 +1327,7 @@ ugen_fs_copy_out_cancelled(struct usb_fs_endpoint *fs_ep_uptr)
fs_ep.aFrames = 0;
fs_ep.isoc_time_complete = 0;
- /* update "aFrames" */
- error = copyout(&fs_ep.aFrames, &fs_ep_uptr->aFrames,
- sizeof(fs_ep.aFrames));
- if (error)
- goto done;
-
- /* update "isoc_time_complete" */
- error = copyout(&fs_ep.isoc_time_complete,
- &fs_ep_uptr->isoc_time_complete,
- sizeof(fs_ep.isoc_time_complete));
- if (error)
- goto done;
-
- /* update "status" */
- error = copyout(&fs_ep.status, &fs_ep_uptr->status,
- sizeof(fs_ep.status));
-done:
- return (error);
+ return (ugen_fs_update(&fs_ep, f, ep_index));
}
static int
@@ -1231,7 +1336,6 @@ ugen_fs_copy_out(struct usb_fifo *f, uint8_t ep_index)
struct usb_device_request *req;
struct usb_xfer *xfer;
struct usb_fs_endpoint fs_ep;
- struct usb_fs_endpoint *fs_ep_uptr; /* userland ptr */
void *uaddr; /* userland ptr */
void *kaddr;
usb_frlength_t offset;
@@ -1254,18 +1358,18 @@ ugen_fs_copy_out(struct usb_fifo *f, uint8_t ep_index)
!xfer->flags_int.started) {
mtx_unlock(f->priv_mtx);
DPRINTF("Returning fake cancel event\n");
- return (ugen_fs_copy_out_cancelled(f->fs_ep_ptr + ep_index));
+ return (ugen_fs_copy_out_cancelled(f, ep_index));
} else if (usbd_transfer_pending(xfer)) {
mtx_unlock(f->priv_mtx);
return (EBUSY); /* should not happen */
}
mtx_unlock(f->priv_mtx);
- fs_ep_uptr = f->fs_ep_ptr + ep_index;
- error = copyin(fs_ep_uptr, &fs_ep, sizeof(fs_ep));
+ error = ugen_fs_copyin(f, ep_index, &fs_ep);
if (error) {
return (error);
}
+
fs_ep.status = xfer->error;
fs_ep.aFrames = xfer->aframes;
fs_ep.isoc_time_complete = xfer->isoc_time_complete;
@@ -1302,10 +1406,8 @@ ugen_fs_copy_out(struct usb_fifo *f, uint8_t ep_index)
for (; n != xfer->nframes; n++) {
/* get initial length into "temp" */
- error = copyin(fs_ep.pLength + n,
- &temp, sizeof(temp));
- if (error) {
- return (error);
+ if (fueword32(fs_ep.pLength + n, &temp) != 0) {
+ return (EFAULT);
}
if (temp > rem) {
/* the userland length has been corrupted */
@@ -1327,8 +1429,7 @@ ugen_fs_copy_out(struct usb_fifo *f, uint8_t ep_index)
}
if (isread) {
/* we need to know the destination buffer */
- error = copyin(fs_ep.ppBuffer + n,
- &uaddr, sizeof(uaddr));
+ error = ugen_fs_getbuffer(&uaddr, f, fs_ep.ppBuffer, n);
if (error) {
return (error);
}
@@ -1344,7 +1445,7 @@ ugen_fs_copy_out(struct usb_fifo *f, uint8_t ep_index)
/* move data */
error = copyout(kaddr, uaddr, length);
if (error) {
- return (error);
+ goto complete;
}
}
/*
@@ -1354,31 +1455,13 @@ ugen_fs_copy_out(struct usb_fifo *f, uint8_t ep_index)
offset += temp;
/* update length */
- error = copyout(&length,
- fs_ep.pLength + n, sizeof(length));
- if (error) {
- return (error);
- }
+ if (suword32(fs_ep.pLength + n, length) != 0)
+ goto complete;
}
complete:
- /* update "aFrames" */
- error = copyout(&fs_ep.aFrames, &fs_ep_uptr->aFrames,
- sizeof(fs_ep.aFrames));
- if (error)
- goto done;
-
- /* update "isoc_time_complete" */
- error = copyout(&fs_ep.isoc_time_complete,
- &fs_ep_uptr->isoc_time_complete,
- sizeof(fs_ep.isoc_time_complete));
- if (error)
- goto done;
-
- /* update "status" */
- error = copyout(&fs_ep.status, &fs_ep_uptr->status,
- sizeof(fs_ep.status));
-done:
+ if (error == 0)
+ error = ugen_fs_update(&fs_ep, f, ep_index);
return (error);
}
@@ -2078,6 +2161,9 @@ ugen_iface_ioctl(struct usb_fifo *f, u_long cmd, void *addr, int fflags)
static int
ugen_ioctl_post(struct usb_fifo *f, u_long cmd, void *addr, int fflags)
{
+#ifdef COMPAT_FREEBSD32
+ struct usb_fs_init local_pinit;
+#endif
union {
struct usb_interface_descriptor *idesc;
struct usb_alt_interface *ai;
@@ -2085,6 +2171,9 @@ ugen_ioctl_post(struct usb_fifo *f, u_long cmd, void *addr, int fflags)
struct usb_config_descriptor *cdesc;
struct usb_device_stats *stat;
struct usb_fs_init *pinit;
+#ifdef COMPAT_FREEBSD32
+ struct usb_fs_init32 *pinit32;
+#endif
struct usb_fs_uninit *puninit;
struct usb_device_port_path *dpp;
uint32_t *ptime;
@@ -2094,6 +2183,7 @@ ugen_ioctl_post(struct usb_fifo *f, u_long cmd, void *addr, int fflags)
struct usb_device_descriptor *dtemp;
struct usb_config_descriptor *ctemp;
struct usb_interface *iface;
+ size_t usb_fs_endpoint_sz = sizeof(struct usb_fs_endpoint);
int error = 0;
uint8_t n;
@@ -2101,6 +2191,18 @@ ugen_ioctl_post(struct usb_fifo *f, u_long cmd, void *addr, int fflags)
DPRINTFN(6, "cmd=0x%08lx\n", cmd);
+#ifdef COMPAT_FREEBSD32
+ switch (cmd) {
+ case USB_FS_INIT32:
+ PTRIN_CP(*u.pinit32, local_pinit, pEndpoints);
+ CP(*u.pinit32, local_pinit, ep_index_max);
+ u.addr = &local_pinit;
+ cmd = _IOC_NEWTYPE(USB_FS_INIT, struct usb_fs_init);
+ usb_fs_endpoint_sz = sizeof(struct usb_fs_endpoint32);
+ break;
+ }
+#endif
+
switch (cmd) {
case USB_DISCOVER:
usb_needs_explore_all();
@@ -2328,6 +2430,7 @@ ugen_ioctl_post(struct usb_fifo *f, u_long cmd, void *addr, int fflags)
u.pinit->ep_index_max, M_USB, M_WAITOK | M_ZERO);
f->fs_ep_max = u.pinit->ep_index_max;
f->fs_ep_ptr = u.pinit->pEndpoints;
+ f->fs_ep_sz = usb_fs_endpoint_sz;
break;
case USB_FS_UNINIT:
diff --git a/sys/dev/usb/usb_ioctl.h b/sys/dev/usb/usb_ioctl.h
index 9d35588f1138..5a139d0653c5 100644
--- a/sys/dev/usb/usb_ioctl.h
+++ b/sys/dev/usb/usb_ioctl.h
@@ -400,6 +400,24 @@ void usb_gen_descriptor_from32(struct usb_gen_descriptor *ugd,
void update_usb_gen_descriptor32(struct usb_gen_descriptor32 *ugd32,
struct usb_gen_descriptor *ugd);
+struct usb_fs_endpoint32 {
+ uint32_t ppBuffer; /* void ** */
+ uint32_t pLength; /* uint32_t * */
+ uint32_t nFrames;
+ uint32_t aFrames;
+ uint16_t flags;
+ uint16_t timeout;
+ uint16_t isoc_time_complete;
+ int status;
+};
+
+struct usb_fs_init32 {
+ uint32_t pEndpoints; /* struct usb_fs_endpoint32 * */
+ uint8_t ep_index_max;
+};
+
+#define USB_FS_INIT32 _IOC_NEWTYPE(USB_FS_INIT, struct usb_fs_init32)
+
#endif /* COMPAT_FREEBSD32 */
#endif /* _KERNEL */