| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Call flow control API when RNDIS packet filter control message is
received. This allows to call the registered flow control call back
from rndis clients supporting hw accelerated path.
CRs-Fixed: 1013824
Change-Id: I87793e31d4db10acf1103127a2d1ad942d253c67
Signed-off-by: Hemant Kumar <hemantk@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
USB DIAG function driver updates dload_cookie with USB PID and serial
number to avoid port-hopping for DIAG port with bootloader. Now
composite_driver doesn't get updated strings as android.c is
deprecated and configfs is used. Hence use composite device based
strings to find required serial number.
CRs-Fixed: 1010715
Change-Id: I076928436a8b1b4d1c3ee7e48db9b3314ec1fc05
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Without free_func call back config causes NULL pointer
dereference.
CRs-Fixed: 1003784
Change-Id: Idb7717315da20fa3331303136d7ba1d05696f063
Signed-off-by: Hemant Kumar <hemantk@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Driver is overriding the ep0 request context with gsi driver
context even if it does not intend to handle the setup completion.
This is causing flood of warnings when composite_setup_complete()
is type casting the function driver context as cdev and failing to
match ep0 request pointer with cdev->req. Hence only override
context when driver is overriding the complete call back.
CRs-Fixed: 1003784
Change-Id: I176671ae09f17d920643eeeec8262a6f97856712
Signed-off-by: Hemant Kumar <hemantk@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Use "gadget->dev.parent" instead of "&gadget->dev" in the first argument
of dma_zalloc_coherent() because the parent has a udc controller's device
pointer. Otherwise, iommu functions are not called in ARM environment and
allocation is failing.
CRs-Fixed: 1003784
Change-Id: I2ea75b533f857189856840e437a96891eea5699c
Signed-off-by: Hemant Kumar <hemantk@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In case gsi_update_function_bind_params() returns failure
before initializing spin lock for event queue, gsi_bind()
continues further by calling post_event() which acquires
the uninitialized spin lock causing BUG. Hence check for
return value of gsi_update_function_bind_params() before
calling post_event().
CRs-Fixed: 1003784
Change-Id: I0fcad2467d15f311feecf3b9cee9209f7453485c
Signed-off-by: Hemant Kumar <hemantk@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
User space function driver could always provide descriptors for all
speeds irrespective of USB speed supported with USB gadget. If USB
gadget is not high/super speed capable, f_fs driver doesn't parse
HS or SS descriptors which results into OS descriptors processing
fail due to checking against wrong offset within received descriptor
buffer. Fix this issue by always processing HS and SS descriptors
without checking USB gadget speed.
CRs-Fixed: 1003565
Change-Id: Icb6537271ce55e44f5fc3e1ef28dd4d6810b681f
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Since driver context f_cdev is not freed until the driver
is unloaded, port_usb remains available to be accessed for
driver operations. Hence there is no need to protect port_usb
using spin lock. Hence remove un-needed spin lock/unlock from
some of the APIs which prevents recursive spin lock. Also, make
sure char device is destroyed before f_cdev context is freed up.
Change-Id: Ib91f23c070065185da72387300304f2690d5a8b1
Signed-off-by: Hemant Kumar <hemantk@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
While performing USB composition switch or adb is being killed,
list_add corruption related crash is seen when SLUB_DEBUG is
enabled. diag_function_unbind() API decrements kref count and when
it becomes zero, it is calling diag_context_release() which frees
diag_context. This list corruption is seen from purge_configfs_funcs()
API which is trying to move function list as part of func->list. Fix
this issue by releasing diag_context with free_func() instead of
diag_function_unbind().
CRs-Fixed: 1002041
Change-Id: Ie49e47f2a0f26144e0107759fedc67c3af80032c
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This change adds required .h files to resolve below seen
compilation errors.
In function ‘gsi_update_function_bind_params’:
error: implicit declaration of function ‘msm_ep_config’
warning: ‘enum ipa_usb_notify_event’ declared inside parameter list
CRs-Fixed: 1001469
Change-Id: Ic62b4dae798726055beb778509e6b65e69f4db34
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Extended compat ID descriptor contains fixed-length header section and
one or more function section. Function section contains five fields as:
bFirstInterfaceNumber, Reserved1, compatibleID, subCompatibleID and
Reserved2. Specification suggests that Reserved1 needs to be set as 0x1
but f_fs driver fails processing descriptors if Reserved1 field is 0x1.
This results into USB enumeration issue due to incomplete descriptors.
This issue is seen with newer adbd which is passing extended compat ID
descriptors.
CRs-Fixed: 994161
Change-Id: Id18261d76edd859ef078f4510dd82b8a6c1ca4bd
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We need to skip checking for link state being in U3
when we receive a Function Suspend. Pass in this information
to GSI EP OP that checks if we are good to suspend channels
with IPA. We skip the check for U3 if we are handling Function
Suspend and check for U3 when we are handling Bus Suspend.
CRs-Fixed: 966352
Change-Id: I29ee0326edbe33b02884495ddc89484bef21e7e0
Signed-off-by: Devdutt Patnaik <dpatnaik@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
IP address re-assignment fails when we disable and
enable RNDIS adaptor from device manager. This is
observed only in composite functions such as ADB + RNDIS.
In "RNDIS only" compositions the issue is not observed
as host typically sends a RESET when we re-enable the RNDIS
adaptor. Add support in the GSI state machine to connect channels
to IPA and enable GSI data path in response to PACKET FILTER
message with FLOW CONTROL DISABLE option when we are in the
INITIALIZED state. Previously we only treated the PACKET FILTER
message as a valid input when in the CONNECT_IN_PROGRESS state.
CRs-Fixed: 975930
Change-Id: I97471f128958a915001a5b49c98036076fb8c18c
Signed-off-by: Devdutt Patnaik <dpatnaik@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fixes EP configuration for DPL resume sequence.
Sets correct interrupter number for DPL composition
and also checks for NULL on notify EP in the
resume path.
CRs-Fixed: 983160
Change-Id: I7e9bf0aa839e63d8cfe801d3b81dd5f48a315575
Signed-off-by: Devdutt Patnaik <dpatnaik@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
compilation error seen with redefinition of usb_bam_alloc_fifos
and usb_bam_free_fifos APIs. Fix this issue by adding proper
check, removing usb_bam.h as part of f_qdss.h and fixing makefile.
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
This change fixes checker reported warning and errors messages.
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This change adds MSM specific USB function drivers and relevant glue
drivers providing RMNET, RNDIS, DPL, ECM and MBIM functionality with
BAM2BAM IPA mode. This snapshot is taken as of msm-3.18 kernel
'commit 8007444c107a ("Merge pinctrl: qcom: Update gcc_gp1_clk_b_groups
for msm8953")'.
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This change fixes below compilation warnings
f_fs.c:700:19: warning: unused variable 'ffs' [-Wunused-variable]
u_serial.c:1023:3: warning: 'return' with a value, in function returning
void
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This change adds attribute with USB QDSS instance to allow
enable/disable debug interface.
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
NULL pointer crash is seen when starting USB QDSS data transfer
from usb_qdss_connect_work() as cdev was not updated. Issue can
be fixed by updating cdev from qdss_bind(). It seems that cdev
has been used couple of places to provide gadget related information.
Hence removing usage of cdev from qdss data structure and use gadget
directly.
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- This change adds configfs usage with USB QDSS driver.
- It removes all different supported control and data transports
and assume BAM2BAM as default mode.
- It also removes supported DPL functionality from this driver.
Change-Id: I9678c9e9a397445f36272616e517bbb83a59e88a
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This change adds USB QDSS function driver which is used for
USB QDSS functionality. This snapshot is taken as of msm-3.18
kernel commit d5809484bb1b.
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
ADB function is mainly used for debugging, hence it is
not expected to allow USB LPM followed by system suspend
in device bus suspend. Driver also doesn't handle
usb_ep_dequeue failure in LPM when adbd is interrupted
by signal as buffer is left queued to the hardware after
usb_ep_dequeue failure and can cause memory corruption.
Change-Id: Ib89c80318dcdd0dbb35d122a2ab77fb61f83518e
Signed-off-by: Manu Gautam <mgautam@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Whenever data is transmitted from device to Host PC, MTP daemon sitting
in userspace writes to mtp driver through ioctl, which eventually
calls send_file_work to send data. Currently header length is not updated
properly to reflect correct length in case data file size is greater
than 4GB. Due to this, Host PC throws error when file of size > 4GB is
copied from device to Host PC. Hence fix the issue by updating header
length to (2 ^ 32 - 1) if length is greater than 4GB.
CRs-Fixed: 953737
Change-Id: I3840afb63f365c28bf3638b13b728800bc2419f4
Signed-off-by: Vijayavardhan Vennapusa <vvreddy@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Audio function driver (f_uac1.c) may call gaudio_cleanup back
to back without calling gaudio_setup. Handle this gracefully
by marking file pointer as NULL on file_close as gaudio_cleanup
routine already checks for NULL before file_close.
Change-Id: Ib6acb05578105d64cceaa766d0b0434d1a467c8f
Signed-off-by: Manu Gautam <mgautam@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Configfs framework expects to have free_func() supported with each
registered USB function. This change adds free_func() functionality
and also frees diag_context as part of it, otherwise there would be
memory leak for each composition switch when performing composition
switch having USB DIAG interface.
Change-Id: I1311cfd5265bd468dc62b6735596afb7cf36a7d2
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Instead of #ifdef, use the IS_ENABLED() macro which correctly
handles if the Kconfig symbol is built-in (=y) or a module (=m).
Also add missing MODULE_LICENSE and MODULE_DESCRIPTION to
f_diag.c to allow building as a module.
Signed-off-by: Jack Pham <jackp@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This change update dload cookie if cdev->desc.iSerialNumber is already
available instead of trying to get string descriptors. It also adds
check against possibility of string descriptors being NULL to avoid
device crash.
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This change adds below functionality:
1. Add USB serial driver functionality
2. Add configfS support
3. Enable USB character serial driver
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
To reduce depedency on f_serial.c, this change rename u_data_bridge.c
as f_cdev.c and USB serial functionality shall be added on this driver.
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
There is NULL pointer crash seen due to accessing port->port_usb from
gbridge_port_write() when port bridge application's write thread is
pre-empted and USB cable disconnect is being performed. Fix this issue
by adding check for USB cable is connected or not and handling USB
request accordingly.
Change-Id: Ide14de298b7186cbe7b7af1e99c8c47bc389130b
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When DUN call is operational and USB cable is being disconnected,
DTR is not being lowered with modem. This results into no DUN call
functionality on next USB cable connect case. Fix this issue by
lowering DTR to modem on USB cable disconnect.
This change also returns zero instead of -EAGAIN when there is no
write USB request available. Also it moves port open interrupted
message loglevel from pr_err() to pr_debug to reduce logging on
serial console.
Change-Id: I3259417aceee2713d7765c9de34ace4ea2d3ed96
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently gbridge_port_write() is not checking size of user space
provided data and directly copies buffer into USB request buffer
which is having size as 2KB. If user space application writes data
bigger than 2KB, copy_from_user() tries to copy data beyond allocated
USB request buffer size which results into memory corruption. Fix
this issue by checking allowable size with gbridge_port_write() and
making sure that it doesn't copy data beyond allocated buffer size.
Change-Id: I7a34e37f5d1609792374f07b70542b80edbe6944
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This change handles below cases and improves performance:
1. If USB OUT request buffer is bigger than provided read buffer
from application, then data equal to read buffer is copied. This
results into data loss. Handle this case by making sure that
whole USB OUT request buffer is provided to application across
multiple read() call.
2. If read buffer size is greater than available data as part of
one USB OUT request buffer, then copy data from other USB OUT
request buffers until read buffer is filled completely.
Change-Id: If2756ed82bd6e95650ebcc38c4042bfb593f8a2b
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In some cases, it has been observed that all USB TX requests are
queued with USB controller and port bridge is trying to write data.
gbridge_port_write() API is returning zero (success of data) instead
of error code which results into data loss. Hence return -EAGAIN
when there is no USB TX request available. Also mark this error as
non-fatal by using pr_debug() here.
Change-Id: Id56788b372b62a005448a729e5f00de6fb895e47
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently on USB composition switch or USB cable disconnect,
USB RX requests are being added as part of read_queued list
instead of read_pool. In some cases it is seen that if port
bridge is trying to read data, those requests are requeued
and fails with -ESHUTDOWN, and again it continues with results
into watchdog timeout due to error log coming from read request
completion handler. Fix this by adding proper check in read
request completion handler.
Also reduce USB Tx/RX buffer size from PAGE_SIZE to 2048 bytes.
It also fixes issue where USB RX requests are not being queued
after USB composition switch.
CRs-Fixed: 854301
Change-Id: I3616dc35c093cfa19865891f46e7b1ccc7302573
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This driver provides character device node (/dev/at_usb0)
to user space application for file operations like open,
close, read, write, poll and ioctl (for control signals).
This change also adds required support to use this new
character bridge driver with existing USB Serial driver
and android gadget driver.
Change-Id: I26f297636de585d3fd99d10fac76ecb71f852df3
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Squash and apply following u_serial driver changes taken from
msm-3.10 kernel as of commit
ec18e1c5aed (Merge "mmc: card: set dma_mask as the queue bounce limit")
feb56a3 usb: gadget: Fix bug in serial driver RX path
2ff1b9a USB: Gadget: u_serial: Debugfs for endpoint buffer monitoring
272d2fd USB: gadget: u_serial: free read/write requests upon queue failure
950a3a3 USB: Gadget: u_serial: Freeing usb requests as a part of gs_close
e4e6bc4 USB: u_serial: Don't allow UDC to append and send a zero length
packet
4bd2646 usb: gadget: serial: Limit write permissions to root
13e7219 USB: Fix multiple issues found by static analysis tool
505294c USB: Debugfs: Fix compilation issues when debugfs is disabled
0e7633e usb: gadget: Fix code quality issues when accessing port
607dbeb USB: u_serial: Don't free usb_requests in gs_close and reuse them
4aebedc usb: u_serial: Fix NULL pointer dereference in u_serial tty
callbacks
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Squash and apply following f_serial driver changes taken
from msm-3.10 kernel as of commit
ec18e1c5aed (Merge "mmc: card: set dma_mask as the queue bounce limit")
d98217e USB: android gadget: queue the request only when serial is online
b8bd483 USB: android gadget: Add interrupt ep and modem support in f_serial
7b56862 USB: Add super speed descriptors for android functions
c5a7f7f gadget: u_serial: Add tiocmset/tiocmget functionality
2a821c8 usb: gadget: Add debug message to print the control line state
information
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Due to USB cable disconnect, ADBD closes its epfiles and re-opens the same.
In normal operation the sequence is:
ffs_func_eps_disable() setting epfile->error to 1
ffs_epfile_release() setting epfile->error to 1
ffs_epfile_open() setting epfile->error to 0
In some cases when above sequeunce gets changed, epfile->error is set to 1.
Hence there is no data transfer happening on ep-IN endpoint. Fix this by
not allowing opening of epfiles until it has being successfully released.
Change-Id: I26b9ec1b6218d00cc0965ce3e71fcea49f9bf567
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
config_ep_by_speed() configures endpoint based on speed and
uses already available endpoint descriptors. Here it overrides
maxpacket field based on selected descriptor for endpoint. maxpacket
field is used by some of UDC driver to resize TXFIFO for IN endpoint.
Due to maxpacket is not being configured with selected endpoint
descriptor, UDC driver uses previously stale maxpacket value which
results into wrong TXFIFO calculated for used IN endpoint. Fix this
issue by calling config_ep_by_speed() for ADB endpoints to make sure
that proper value is updated with maxpacket field based on descriptor.
Change-Id: I9121f4df898de1455f9be4333ca8d0e744f4eb9e
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
f_fs uses only one request per ep and driver is trying to queue
same request again before it completed. This is seen in following
scenario, as part of system suspend wait_for_completion was
interrupted by -ERESTARTSYS, and driver tried to dequeue this
request, as USB was in LPM it was unable to dequeue this and
later on system resume ffs_epfile_read tried to queue same
request again which was never dequeued or completed. ep_queue
will return error if same request is queued again while it is in
progress. User space considers this ep_queue failure as halt and
try to clear halt condition that never happened. When User space
is trying to clear halt by that time USB has entered LPM again
leading to crash.
Avoid this by making sure same request is not queued again until
it is completed.
Change-Id: I6e9f357b9b8a47753b1323b4308e60844d7dec94
Signed-off-by: Tarun Gupta <tarung@codeaurora.org>
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In few instances, it is observed that multiple adbd instances are
running on device causing condition BUG_ON(ffs->gadget) to be true.
ffs->opened and ffs->ref atomic variables are used here to make
decision for checking ffs->gadget. These atomic variable operations
requires expilict memory barrier to make sure that update to
ffs->gadget is visible to other CPUs before updated atomic variable
based value is seen. This change also adds explicit memory barriers
before reading or modified any atomic varaiables.
Change-Id: I3c846eb6bbb53663892e05d51ebac8439aac957a
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As part of ffs_ep0_open(), atomic variable ffs.opened is set and as part
of ffs_ep0_release() it is cleared. Also as part of release operation, in
ffs_data_clear() ffs->gadget is set to NULL.
If two adb daemons are running in parallel, then BUG ON is observed as part
of release operation as ffs->gadget is not set to NULL.
To fix the issue add check for ffs->opened to allow only one adb daemon
perform device open. This ensures open and release operation are performed
in serialized way and avoids any race.
Also add debug print for dumping the ffs gadget.
Change-Id: Ifccdfa6068f506bb7dfdc9945b60591da530df8f
Signed-off-by: Saket Saurabh <ssaurabh@codeaurora.org>
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add print message in case of error scenarios which will
be useful for debugging adb offline issues.
Change-Id: I75bc136eab05151abb187c1fa1e5956b6f507297
Signed-off-by: Vijayavardhan Vennapusa <vvreddy@codeaurora.org>
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
done completion variable is local stack variable to ffs_epfile_io().
It is being used to unblock ffs_epfile_io() from USB request
completion context where done is accessed through req->context. If
ffs_epfile_io() is unblocked or interrupted due to epfile close or
any signal before USB request completion is handled, req->context is
having stale "done" reference causing invalid access. Fix this issue
by storing done completion reference with epfile structure instead of
having it on stack to have valid req->context in completion handler.
Change-Id: I15102538d1b5bee14dfa3c7b3fa1f8e3f767cf71
Signed-off-by: Sujeet Kumar <ksujeet@codeaurora.org>
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
F_FS function driver allocated ffs_eps and updates ffs_ep->ep
to corresponding usb_ep during func->bind and never clears it.
On bind it also saves ffs_ep context in epfile->ep.
During func->disable, it clears only ffs_ep context in epfile->ep
and on func->unbind it frees ffs_eps memory.
ffs_epfile_io routine currently relies on ffs_ep->ep (which is
never cleared and ffs_ep could be freed on unbind) to detect any
disconnect during active IO. This can result in various issues e.g.
use after free use of ffs_ep if unbind finished before epfile_io
could resume or "stop adbd" trying to dequeue a freed USB request
when epfile_io could execute only after F_FS got disabled as
'if (ep->ep)' check would be TRUE.
Fix this by checking stored ffs_ep context against latest epfile->ep
to figure out if endpoint got disabled or changed before acquiring
spin_lock.
Change-Id: I6bdcdf0dff0813ed7b2af8c24f544a22796b0369
Signed-off-by: Manu Gautam <mgautam@codeaurora.org>
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Set error status before disabling endpoint during function
disable and also check error status before handling I/O. If error
status is set, return error status to read/write calls made by
userspace. Also set file's private data to NULL during epfile
release.
Change-Id: I14b5ee541dfc18a7802ef4a8033878a7729d9adb
Signed-off-by: Vijayavardhan Vennapusa <vvreddy@codeaurora.org>
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
After a USB disconnect, endpoints for adb are disabled.
After this no IO is allowed on the endpoints.
Since, adbd is not aware of this disconnect, it may
still perform read/writes IO. For adb writes, IOs are
failed, but for adb reads kernel waits untill endpoints
are enabled.
When a USB disconnect and adb read still queued
a buffer to kernel, ffs_epfile_io simply waits for
endpoint to be enabled. A next connect happens
and endpoints are enabled after set_alt, the adb
read stale buffer from previous session continues
and queues to endpoint.
All this time, adb did not close the epfile because
it did not get return status on the IOs which it
queued. This is an issue, because a new session
is not established and both userspace and kernel
goes out of sync.
To fix this issue, when endpoints are disbled
set epfile error. This epfile error is only cleared
in epfile open. This will ensure that after a USB
disconnect and connect, new session is established.
Also, return ENODEV if endpoints not enabled rather
than EINTR as EINTR case, and simply retries the
request. Incase usb_ep_queue failed, return -EIO
inspite of depend on return status from usb_ep_queue.
Change-Id: I6e677e98ec28e5462b372ed290acdde251286f48
Signed-off-by: Sujeet Kumar <ksujeet@codeaurora.org>
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
epfile's ep pointer may be NULL during adb transfer
and composition switch happening in parallel. As part
of composition switch, first it is set to NONE. Setting
sys.usb.config to NONE stops adb and disables the composition.
stop adb is not blocking call and adb still might be doing
epfile read/write for some time when function unbind is
ongoing making the data structures NULL.
To fix this crash, call usb_ep_dequeue only if ep->ep is
valid. Similarly in success case, return ep->status only
if ep->ep is valid otherwise return -ENODEV.
Change-Id: Ic152fc1db31cad6f97b8d16d91350dad857a4bf9
Signed-off-by: Sujeet Kumar <ksujeet@codeaurora.org>
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
|
