Hi!
This should help prevent some oopses. [It is good chance that upper
layer will correctly recover from our error.]
Pavel
--- clean/drivers/usb/usb.c Sat Mar 25 22:47:36 2000
+++ linux/drivers/usb/usb.c Mon Mar 27 23:55:44 2000
@@ -27,6 +27,8 @@
#define DEBUG
#include <linux/usb.h>
+#define CHECK do { if ((!dev) || (pipe == -1)) { printk( KERN_CRIT "Someone passed
+NULL into usb core.\n" ); return -EINVAL; } } while(0)
+
/*
* Prototypes for the device driver probing/loading functions
*/
@@ -596,18 +598,20 @@
/*-------------------------------------------------------------------*/
// returns status (negative) or length (positive)
-int usb_internal_control_msg(struct usb_device *usb_dev, unsigned int pipe,
+int usb_internal_control_msg(struct usb_device *dev, unsigned int pipe,
devrequest *cmd, void *data, int len, int timeout)
{
urb_t *urb;
int retv;
int length;
+ CHECK;
+
urb = usb_alloc_urb(0);
if (!urb)
return -ENOMEM;
- FILL_CONTROL_URB(urb, usb_dev, pipe, (unsigned char*)cmd, data, len, /*
build urb */
+ FILL_CONTROL_URB(urb, dev, pipe, (unsigned char*)cmd, data, len, /* build
+urb */
(usb_complete_t)usb_api_blocking_completion,0);
retv = usb_start_wait_urb(urb, timeout, &length);
@@ -624,6 +628,8 @@
{
devrequest *dr = kmalloc(sizeof(devrequest), GFP_KERNEL);
int ret;
+
+ CHECK;
if (!dr)
return -ENOMEM;
@@ -647,11 +653,13 @@
/* compatibility wrapper, builds bulk urb, and waits for completion */
/* synchronous behavior */
-int usb_bulk_msg(struct usb_device *usb_dev, unsigned int pipe,
+int usb_bulk_msg(struct usb_device *dev, unsigned int pipe,
void *data, int len, int *actual_length, int timeout)
{
urb_t *urb;
+ CHECK;
+
if (len < 0)
return -EINVAL;
@@ -659,7 +667,7 @@
if (!urb)
return -ENOMEM;
- FILL_BULK_URB(urb,usb_dev,pipe,(unsigned char*)data,len, /* build urb */
+ FILL_BULK_URB(urb,dev,pipe,(unsigned char*)data,len, /* build urb */
(usb_complete_t)usb_api_blocking_completion,0);
return usb_start_wait_urb(urb,timeout,actual_length);
@@ -671,6 +679,11 @@
urb_t *urb;
api_wrapper_data *awd;
+ if ((!dev) || (pipe == -1)) {
+ printk(KERN_CRIT "Someone passed NULL to usb_request_bulk\n" );
+ return NULL;
+ }
+
if (!(urb=usb_alloc_urb(0)))
return NULL;
if (!(awd = kmalloc(sizeof(api_wrapper_data), in_interrupt() ? GFP_ATOMIC :
GFP_KERNEL))) {
@@ -699,6 +712,10 @@
int usb_terminate_bulk(struct usb_device *dev, void *first)
{
urb_t *urb=(urb_t*)first;
+
+ if (!dev)
+ return -EINVAL;
+
dbg("usb_terminate_bulk: urb:%p",urb);
if (!urb) // none found? there is nothing to remove!
return -ENODEV;
@@ -746,6 +763,7 @@
urb_t *urb;
unsigned int maxsze = usb_maxpacket(dev, pipe, usb_pipeout(pipe));
+ CHECK;
*handle = NULL;
//dbg("irq: dev:%p pipe:%08X handler:%p period:%d dev_id:%p max:%d", dev,
pipe, handler, period, dev_id, maxsze);
@@ -807,7 +825,7 @@
int err;
urb_t *urb = (urb_t*)handle;
- if (!urb)
+ if ((!urb) || (!dev))
return -EBADF;
err=usb_unlink_urb(urb);
kfree(urb->context);
@@ -1460,6 +1478,7 @@
__u16 status;
int endp=usb_pipeendpoint(pipe)|(usb_pipein(pipe)<<7);
+ CHECK;
/*
if (!usb_endpoint_halted(dev, endp & 0x0f, usb_endpoint_out(endp)))
return 0;
--- clean/include/linux/usb.h Sat Mar 25 22:47:44 2000
+++ linux/include/linux/usb.h Mon Mar 27 23:46:13 2000
@@ -688,11 +688,15 @@
static inline unsigned int __create_pipe(struct usb_device *dev, unsigned int
endpoint)
{
+ if (!dev)
+ return -1;
return (dev->devnum << 8) | (endpoint << 15) | (dev->slow << 26) |
dev->maxpacketsize;
}
static inline unsigned int __default_pipe(struct usb_device *dev)
{
+ if (!dev)
+ return -1;
return (dev->slow << 26);
}
--
I'm [EMAIL PROTECTED] "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents me at [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
