summaryrefslogtreecommitdiffstats
path: root/drivers/usb/mon/mon_text.c
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/usb/mon/mon_text.c')
-rw-r--r--drivers/usb/mon/mon_text.c36
1 files changed, 33 insertions, 3 deletions
diff --git a/drivers/usb/mon/mon_text.c b/drivers/usb/mon/mon_text.c
index ac043ec2b8dc..e02c1a30c4cd 100644
--- a/drivers/usb/mon/mon_text.c
+++ b/drivers/usb/mon/mon_text.c
@@ -26,10 +26,13 @@
/*
* This limit exists to prevent OOMs when the user process stops reading.
+ * If usbmon were available to unprivileged processes, it might be open
+ * to a local DoS. But we have to keep to root in order to prevent
+ * password sniffing from HID devices.
*/
-#define EVENT_MAX 25
+#define EVENT_MAX (2*PAGE_SIZE / sizeof(struct mon_event_text))
-#define PRINTF_DFL 130
+#define PRINTF_DFL 160
struct mon_event_text {
struct list_head e_link;
@@ -111,7 +114,7 @@ static inline char mon_text_get_data(struct mon_event_text *ep, struct urb *urb,
* number of corner cases, but it seems that the following is
* more or less safe.
*
- * We do not even try to look transfer_buffer, because it can
+ * We do not even try to look at transfer_buffer, because it can
* contain non-NULL garbage in case the upper level promised to
* set DMA for the HCD.
*/
@@ -179,6 +182,32 @@ static void mon_text_complete(void *data, struct urb *urb)
mon_text_event(rp, urb, 'C');
}
+static void mon_text_error(void *data, struct urb *urb, int error)
+{
+ struct mon_reader_text *rp = data;
+ struct mon_event_text *ep;
+
+ if (rp->nevents >= EVENT_MAX ||
+ (ep = kmem_cache_alloc(rp->e_slab, SLAB_ATOMIC)) == NULL) {
+ rp->r.m_bus->cnt_text_lost++;
+ return;
+ }
+
+ ep->type = 'E';
+ ep->pipe = urb->pipe;
+ ep->id = (unsigned long) urb;
+ ep->tstamp = 0;
+ ep->length = 0;
+ ep->status = error;
+
+ ep->setup_flag = '-';
+ ep->data_flag = 'E';
+
+ rp->nevents++;
+ list_add_tail(&ep->e_link, &rp->e_list);
+ wake_up(&rp->wait);
+}
+
/*
* Fetch next event from the circular buffer.
*/
@@ -232,6 +261,7 @@ static int mon_text_open(struct inode *inode, struct file *file)
rp->r.m_bus = mbus;
rp->r.r_data = rp;
rp->r.rnf_submit = mon_text_submit;
+ rp->r.rnf_error = mon_text_error;
rp->r.rnf_complete = mon_text_complete;
snprintf(rp->slab_name, SLAB_NAME_SZ, "mon%dt_%lx", ubus->busnum,
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-24 08:21:55 +0000