6910840 possible memory leaks in usbsacm driver
6919665 potential array overflow in usbsacm
6928965 broken links in SUNWcs on ipkg zone
6900875 usbvc driver can panic system
--- a/usr/src/pkg/manifests/SUNWcs.mf Sat Mar 27 14:31:59 2010 -0700
+++ b/usr/src/pkg/manifests/SUNWcs.mf Mon Mar 29 09:42:49 2010 +0800
@@ -587,6 +587,7 @@
file path=sbin/umount mode=0555
file path=sbin/umountall group=sys mode=0555
file path=sbin/uname mode=0555
+file path=sbin/wusbadm mode=0555
file path=sbin/zonename mode=0555
$(i386_ONLY)file path=usr/bin/$(ARCH32)/amt mode=0555
file path=usr/bin/$(ARCH32)/decrypt mode=0555
--- a/usr/src/pkg/manifests/driver-usb.mf Sat Mar 27 14:31:59 2010 -0700
+++ b/usr/src/pkg/manifests/driver-usb.mf Mon Mar 29 09:42:49 2010 +0800
@@ -134,7 +134,6 @@
$(i386_ONLY)file path=kernel/strmod/usbwcm group=sys mode=0755 \
reboot-needed=true
file path=lib/svc/method/svc-wusb mode=0555
-file path=sbin/wusbadm mode=0555
file path=lib/svc/manifest/system/wusb.xml group=sys mode=0444
legacy pkg=SUNWusb arch=$(ARCH) category=system \
desc="USBA (USB framework) and USB Device Drivers" \
--- a/usr/src/uts/common/io/usb/clients/usbser/usbsacm/usbsacm.c Sat Mar 27 14:31:59 2010 -0700
+++ b/usr/src/uts/common/io/usb/clients/usbser/usbsacm/usbsacm.c Mon Mar 29 09:42:49 2010 +0800
@@ -20,7 +20,7 @@
*/
/*
- * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -1454,14 +1454,12 @@
usb_if_data_t *cur_if;
int ep_num;
int if_num;
- int if_no;
USB_DPRINTF_L4(PRINT_MASK_ATTA, acmp->acm_lh,
"usbsacm_get_bulk_pipe_number: ");
cur_if = acmp->acm_dev_data->dev_curr_cfg->cfg_if;
if_num = acmp->acm_dev_data->dev_curr_cfg->cfg_n_if;
- if_no = acmp->acm_dev_data->dev_curr_if;
/* search each interface which have bulk endpoint */
for (i = 0; i < if_num; i++) {
@@ -1473,7 +1471,7 @@
*/
for (skip = 0; skip < ep_num; skip++) {
if (usb_lookup_ep_data(acmp->acm_dip,
- acmp->acm_dev_data, if_no + i, 0, skip,
+ acmp->acm_dev_data, i, 0, skip,
USB_EP_ATTR_BULK, dir) == NULL) {
/*
@@ -3196,6 +3194,8 @@
"usbsacm_parse_intr_data: unknown request type - 0x%x",
bmRequestType);
+ freemsg(data);
+
return;
}
--- a/usr/src/uts/common/io/usb/clients/video/usbvc/usbvc.c Sat Mar 27 14:31:59 2010 -0700
+++ b/usr/src/uts/common/io/usb/clients/video/usbvc/usbvc.c Mon Mar 29 09:42:49 2010 +0800
@@ -19,7 +19,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -2815,21 +2815,46 @@
usbvc_read_buf(usbvc_state_t *usbvcp, struct buf *bp)
{
usbvc_buf_t *buf;
+ int buf_residue;
+ int len_to_copy;
ASSERT(mutex_owned(&usbvcp->usbvc_mutex));
+ if (list_is_empty(&usbvcp->usbvc_curr_strm->buf_read.uv_buf_done)) {
+ USB_DPRINTF_L2(PRINT_MASK_OPEN, usbvcp->usbvc_log_handle,
+ "usbvc_read_buf: empty list(uv_buf_done)!");
+
+ return (USB_FAILURE);
+ }
+
/* read a buf from full list and then put it to free list */
buf = list_head(&usbvcp->usbvc_curr_strm->buf_read.uv_buf_done);
- USB_DPRINTF_L4(PRINT_MASK_OPEN, usbvcp->usbvc_log_handle,
- "usbvc_read_buf: buf=%p, buf->filled=%d, bfu->len=%d,"
- " bp->b_bcount=%ld, bp->b_resid=%lu",
- (void *)buf, buf->filled, buf->len, bp->b_bcount, bp->b_resid);
-
- list_remove(&usbvcp->usbvc_curr_strm->buf_read.uv_buf_done, buf);
- bcopy(buf->data, bp->b_un.b_addr, buf->filled);
+
+ USB_DPRINTF_L2(PRINT_MASK_OPEN, usbvcp->usbvc_log_handle,
+ "usbvc_read_buf: buf=%p, buf->filled=%d, buf->len=%d,"
+ " buf->len_read=%d bp->b_bcount=%ld, bp->b_resid=%lu",
+ (void *)buf, buf->filled, buf->len, buf->len_read,
+ bp->b_bcount, bp->b_resid);
+
+ ASSERT(buf->len_read <= buf->filled);
+
+ buf_residue = buf->filled - buf->len_read;
+ len_to_copy = min(bp->b_bcount, buf_residue);
+
+ if (len_to_copy == buf_residue) {
+ /*
+ * the bp can accommodate all the remaining bytes of
+ * the buf. Then we can reuse this buf.
+ */
+ list_remove(&usbvcp->usbvc_curr_strm->buf_read.uv_buf_done,
+ buf);
+ list_insert_tail(&usbvcp->usbvc_curr_strm->buf_read.uv_buf_free,
+ buf);
+ }
+ bcopy(buf->data + buf->len_read, bp->b_un.b_addr, len_to_copy);
bp->b_private = NULL;
- bp->b_resid = bp->b_bcount - buf->filled;
- list_insert_tail(&usbvcp->usbvc_curr_strm->buf_read.uv_buf_free, buf);
+ buf->len_read += len_to_copy;
+ bp->b_resid = bp->b_bcount - len_to_copy;
return (USB_SUCCESS);
}
--- a/usr/src/uts/common/sys/usb/clients/video/usbvc/usbvc_var.h Sat Mar 27 14:31:59 2010 -0700
+++ b/usr/src/uts/common/sys/usb/clients/video/usbvc/usbvc_var.h Mon Mar 29 09:42:49 2010 +0800
@@ -19,7 +19,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -63,6 +63,7 @@
uchar_t *data;
uint_t len; /* the length of the allocated memory of data */
uint_t filled; /* number of bytes filled */
+ uint_t len_read; /* bytes read */
uchar_t status; /* empty, filling done, read done */
/* cookie used for memory mapping */