(Sorry for the duplicate- I should know better than to try
sending patches from Outlook... This should fix the word
wrapping.)
This patch cleans up a few arbitrary limits in usbfs:
1. The data stage of a control request was being limited
to 4096-8 bytes, when in actuality a 4096-byte data stage
is legal. This is necessary to write userspace drivers
for some devices, such as ATI's USB TV-Wonder tuner.
2. The arbitrary limit on Isochronous packets was too small
to support writing userspace drivers for USB 2.0 devices
that require high-bandwidth isochronous transfers.
3. Isochronous transfers had a higher arbitrary buffer size
limit than bulk/interrupt transfers. Isochronous transfers
now use MAX_USBFS_BUFFER_SIZE, which has been raised to 32K.
These limits are in place not to enforce the USB spec, but
to prevent userspace applications from abusing kmalloc().
We might as well allow all transfers access to the higher
32K limit, since it was already possible for a malicious
userspace app to allocate 32K at a time using isochronous
URBs.
Signed-off-by: Micah Dowty <micah <at> vmware.com>
--- .pc/usbfs-limits/drivers/usb/core/devio.c 2005-01-19 14:57:04.000000000
-0800
+++ drivers/usb/core/devio.c 2005-01-19 15:10:04.000000000 -0800
@@ -83,7 +83,7 @@
#define USB_DEVICE_DEV MKDEV(USB_DEVICE_MAJOR, 0)
-#define MAX_USBFS_BUFFER_SIZE 16384
+#define MAX_USBFS_BUFFER_SIZE 32768
static inline int connected (struct usb_device *dev)
{
@@ -928,8 +928,8 @@
if ((ep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK)
!= USB_ENDPOINT_XFER_CONTROL)
return -EINVAL;
- /* min 8 byte setup packet, max arbitrary */
- if (uurb->buffer_length < 8 || uurb->buffer_length > PAGE_SIZE)
+ /* min 8 byte setup packet, max 8 byte setup plus 4K data */
+ if (uurb->buffer_length < 8 || uurb->buffer_length > (4096 + 8))
return -EINVAL;
if (!(dr = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL)))
return -ENOMEM;
@@ -987,13 +987,14 @@
return -EFAULT;
}
for (totlen = u = 0; u < uurb->number_of_packets; u++) {
- if (isopkt[u].length > 1023) {
+ /* arbitrary limit, sufficient for USB 2.0
high-bandwidth iso */
+ if (isopkt[u].length > 8192) {
kfree(isopkt);
return -EINVAL;
}
totlen += isopkt[u].length;
}
- if (totlen > 32768) {
+ if (totlen > MAX_USBFS_BUFFER_SIZE) {
kfree(isopkt);
return -EINVAL;
}
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
linux-usb-devel@lists.sourceforge.net
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
