On Sun, 4 Sep 2011, Chris Furlough wrote:
> I'm seeing something REALLY weird that I hope someone can explain.
>
> Upon module insertion, I do a bus_for_each_dev to find my device if it's
> already plugged in, and note it's location on the bus.
>
> Using that info, I then open it via filp_open, and grab it's ioctl handler
> address like this:
>
> typedef int(theirIOCTL)(struct inode *, struct file *, unsigned int,
> unsigned long);
> static theirIOCTL *oldIoctl;
>
> // Get the original IOCTL function
> oldIoctl = file->f_op->ioctl;
>
> I print out the address I get, and when cross checked with kallsyms, it
> shows that it belongs to usbfs_ioctl. (As expected).
>
> I then call it a couple of times to take control of the device:
>
> // Send the disconnect command (building of the command buffer omitted here)
> retVal = oldIoctl(file->f_dentry->d_inode, file, IOCTL_USB_IOCTL, (unsigned
> long)&command);
>
> and
>
> // Send the CLAIM command
> retVal = oldIoctl(file->f_dentry->d_inode, file, IOCTL_USB_CLAIMINTF,
> (unsigned long)&interface);
>
>
> Both of these work FINE, telling me that my pointer to the function works.
>
> Then, I register MY fops, which contains my ioctl handler:
How do you do that?
> // This function gets called when someone calls IOCTL on a USBFS device.
> int my_usbdev_ioctl(struct inode *inode, struct file *file, unsigned int
> cmd, unsigned long arg)
>
> and when a libusb based app makes ioctl calls, I catch them in my function
> as expected.
>
> I print out the inode's i_ino, and it matches what I see on the open calls,
How do you see the open calls?
> so that's a sanity check, I print out the name from the file pointer, and it
> matches what I expect, and my switch on "cmd" doesn't hit the "default"
> case, showing me that the data that I'm getting is in the correct order, and
> that calling conventions are OK.
>
> The problem is, I only want to handle a couple of IOCTLs. The rest, I want
> to pass along to the regular handler like this:
>
> // Call the original handler
> ret = oldIoctl(inode, file, cmd, arg);
>
>
> This, of course calls usbfs_ioctl. And then, promptly crashes. On this
> line:
>
> struct dev_state *ps = file->private_data;
> struct usb_device *dev = ps->dev; // <---- crashes here
>
> Upon further investigation, I've determined that the REAL issue is that
> file->private_data is NULL.
>
> I added this check in my_usbdev_ioctl:
>
> // This should be a ptr to a usb_device struct.
> if(file->private_data == NULL)
> {
> printk("private data is NULL!\n");
> return 0;
> }
>
> And it gets called EVERYTIME an ioctl is issued after I take control.
>
> What am I doing wrong?
Does usbdev_open() get called when a usbfs file is opened?
Alan Stern
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
