Commit graph

10 commits

Author SHA1 Message Date
Roel Kluin
749d00dbf1 Staging: rspiusb: Fix buffer overflow
usb_buffer_map_sg() may return -1. This will result in a read from
pdx->PixelUrb[frameInfo][-1]

Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-08-07 16:12:03 -07:00
Pete Zaitcev
aea0d43bde Staging: rspiusb: use NULL virtual address instead of a bogus one
The main problem here is that I just cannot see how this could ever
be correct:

	usb_fill_bulk_urb(pdx->PixelUrb[frameInfo][i], pdx->udev, epAddr,
		(dma_addr_t *) sg_dma_address(&pdx->sgl[frameInfo][i]),
 		sg_dma_len(&pdx->sgl[frameInfo][i]),

You cannot take a DMA address, cast it to a _pointer to_ a DMA address,
and then regard it as a virtual address of the transfer buffer.
However, finding the right virtual address was too hard for me,
so I just stubbed it with NULL. At least usbmon won't oops then
(it will not show any data but it's better than crashing).

Also, too big a buffer was allocated elsewhere.

And since we're at it, drop clearly unnecessary usb_buffer_alloc too,
leaving it where it may be useful.

Signed-off-by: Pete Zaitcev <zaitcev@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-07-12 13:21:44 -07:00
vibi sreenivasan
7a80bfcd1f Staging: rspiusb: copy_to/from_user related fixes
The patch does copy_to/from_user related fixes

*) __copy_from/to_user is enough for user space data buffer checked by access_ok.
*) return -EFAULT if __copy_from/to_user fails.
*) Do not use memcpy to copy from user space.

Signed-off-by: Vibi Sreenivasan <vibi_sreenivasan@cms.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-06-19 11:00:54 -07:00
vibi sreenivasan
8d2db5169d Staging: rspiusb: Fix a bunch of warnings.
The patch fixes the following warnings.

drivers/staging/rspiusb/rspiusb.c: In function ‘pixel_data’:
drivers/staging/rspiusb/rspiusb.c:267: warning: passing argument 1 of ‘SetPageDirty’ makes
pointer from integer without a cast
drivers/staging/rspiusb/rspiusb.c: In function ‘UnMapUserBuffer’:
drivers/staging/rspiusb/rspiusb.c:500: warning: passing argument 1 of ‘put_page’ makes
pointer from integer without a cast
drivers/staging/rspiusb/rspiusb.c: In function ‘MapUserBuffer’:
drivers/staging/rspiusb/rspiusb.c:662: warning: assignment makes integer from pointer without a cast
drivers/staging/rspiusb/rspiusb.c:670: warning: assignment makes integer from pointer without a cast

Signed-off-by: Vibi Sreenivasan <vibi_sreenivasan@cms.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-06-19 11:00:54 -07:00
Richard Genoud
14e8bcd086 Staging: rspiusb: duplicate code in pixis_io
It seems that pixis_io and pixis_io2 should do the same thing.


Signed-off-by: Richard Genoud <richard.genoud@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-06-19 11:00:54 -07:00
Richard Genoud
c854b5e58f Staging: rspiusb.c: break the huge piusb_ioctl function into several ones
This makes the code more readable, makes checkpatch really happy and factorize some code.

Signed-off-by: Richard Genoud <richard.genoud@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-06-19 11:00:54 -07:00
Richard Genoud
f2d46e248a Staging: rspiusb: clean rspiusb code
This first patch makes checkpatch happier

Signed-off-by: Richard Genoud <richard.genoud@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-06-19 11:00:54 -07:00
J.R. Mauro
6546f08d21 Staging: rspiusb: make driver compile
Convert undefined info() function calls to dev_err, making rspiusb compile

Signed-off-by: J.R. Mauro <jrm8005@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-06-19 11:00:54 -07:00
Julia Lawall
c62d8437aa Staging: rspiusb: use USB API functions rather than constants
This set of patches introduces calls to the following set of functions:

usb_endpoint_dir_in(epd)
usb_endpoint_dir_out(epd)
usb_endpoint_is_bulk_in(epd)
usb_endpoint_is_bulk_out(epd)
usb_endpoint_is_int_in(epd)
usb_endpoint_is_int_out(epd)
usb_endpoint_num(epd)
usb_endpoint_type(epd)
usb_endpoint_xfer_bulk(epd)
usb_endpoint_xfer_control(epd)
usb_endpoint_xfer_int(epd)
usb_endpoint_xfer_isoc(epd)

In some cases, introducing one of these functions is not possible, and it
just replaces an explicit integer value by one of the following constants:

USB_ENDPOINT_XFER_BULK
USB_ENDPOINT_XFER_CONTROL
USB_ENDPOINT_XFER_INT
USB_ENDPOINT_XFER_ISOC

An extract of the semantic patch that makes these changes is as follows:
(http://www.emn.fr/x-info/coccinelle/)

// <smpl>
@r1@ struct usb_endpoint_descriptor *epd; @@

- ((epd->bmAttributes & \(USB_ENDPOINT_XFERTYPE_MASK\|3\)) ==
- \(USB_ENDPOINT_XFER_CONTROL\|0\))
+ usb_endpoint_xfer_control(epd)

@r5@ struct usb_endpoint_descriptor *epd; @@

- ((epd->bEndpointAddress & \(USB_ENDPOINT_DIR_MASK\|0x80\)) ==
-  \(USB_DIR_IN\|0x80\))
+ usb_endpoint_dir_in(epd)

@inc@
@@

#include <linux/usb.h>

@depends on !inc && (r1||r5)@
@@

+ #include <linux/usb.h>
  #include <linux/usb/...>
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-04-03 14:53:28 -07:00
Greg Kroah-Hartman
28397ffef1 Staging: add princeton instruments usb camera driver
Adds the driver for the Princeton Instruments USB camera.

Needs a lot of work...

TODO:
	- make checkpatch.pl clean
	- coding style fixups (typedefs, etc.)
	- get it to build properly
	- audit ioctls
	- remove ioctls if possible
	- assign proper minor number
	- remove dbg() macro
	- lots of general cleanups
	- review locking

Cc: Judd Montgomery <judd@jpilot.org>
Cc: Jeff Frontz <jeff.frontz@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-01-06 13:52:34 -08:00