1 | // SPDX-License-Identifier: GPL-2.0+ |
2 | /* |
3 | * Copyright (C) 2003-2008 Takahiro Hirofuchi |
4 | */ |
5 | |
6 | #include <linux/device.h> |
7 | #include <linux/file.h> |
8 | #include <linux/kthread.h> |
9 | #include <linux/module.h> |
10 | |
11 | #include "usbip_common.h" |
12 | #include "stub.h" |
13 | |
14 | /* |
15 | * usbip_status shows the status of usbip-host as long as this driver is bound |
16 | * to the target device. |
17 | */ |
18 | static ssize_t usbip_status_show(struct device *dev, |
19 | struct device_attribute *attr, char *buf) |
20 | { |
21 | struct stub_device *sdev = dev_get_drvdata(dev); |
22 | int status; |
23 | |
24 | if (!sdev) { |
25 | dev_err(dev, "sdev is null\n" ); |
26 | return -ENODEV; |
27 | } |
28 | |
29 | spin_lock_irq(lock: &sdev->ud.lock); |
30 | status = sdev->ud.status; |
31 | spin_unlock_irq(lock: &sdev->ud.lock); |
32 | |
33 | return sysfs_emit(buf, fmt: "%d\n" , status); |
34 | } |
35 | static DEVICE_ATTR_RO(usbip_status); |
36 | |
37 | /* |
38 | * usbip_sockfd gets a socket descriptor of an established TCP connection that |
39 | * is used to transfer usbip requests by kernel threads. -1 is a magic number |
40 | * by which usbip connection is finished. |
41 | */ |
42 | static ssize_t usbip_sockfd_store(struct device *dev, struct device_attribute *attr, |
43 | const char *buf, size_t count) |
44 | { |
45 | struct stub_device *sdev = dev_get_drvdata(dev); |
46 | int sockfd = 0; |
47 | struct socket *socket; |
48 | int rv; |
49 | struct task_struct *tcp_rx = NULL; |
50 | struct task_struct *tcp_tx = NULL; |
51 | |
52 | if (!sdev) { |
53 | dev_err(dev, "sdev is null\n" ); |
54 | return -ENODEV; |
55 | } |
56 | |
57 | rv = sscanf(buf, "%d" , &sockfd); |
58 | if (rv != 1) |
59 | return -EINVAL; |
60 | |
61 | if (sockfd != -1) { |
62 | int err; |
63 | |
64 | dev_info(dev, "stub up\n" ); |
65 | |
66 | mutex_lock(&sdev->ud.sysfs_lock); |
67 | spin_lock_irq(lock: &sdev->ud.lock); |
68 | |
69 | if (sdev->ud.status != SDEV_ST_AVAILABLE) { |
70 | dev_err(dev, "not ready\n" ); |
71 | goto err; |
72 | } |
73 | |
74 | socket = sockfd_lookup(fd: sockfd, err: &err); |
75 | if (!socket) { |
76 | dev_err(dev, "failed to lookup sock" ); |
77 | goto err; |
78 | } |
79 | |
80 | if (socket->type != SOCK_STREAM) { |
81 | dev_err(dev, "Expecting SOCK_STREAM - found %d" , |
82 | socket->type); |
83 | goto sock_err; |
84 | } |
85 | |
86 | /* unlock and create threads and get tasks */ |
87 | spin_unlock_irq(lock: &sdev->ud.lock); |
88 | tcp_rx = kthread_create(stub_rx_loop, &sdev->ud, "stub_rx" ); |
89 | if (IS_ERR(ptr: tcp_rx)) { |
90 | sockfd_put(socket); |
91 | goto unlock_mutex; |
92 | } |
93 | tcp_tx = kthread_create(stub_tx_loop, &sdev->ud, "stub_tx" ); |
94 | if (IS_ERR(ptr: tcp_tx)) { |
95 | kthread_stop(k: tcp_rx); |
96 | sockfd_put(socket); |
97 | goto unlock_mutex; |
98 | } |
99 | |
100 | /* get task structs now */ |
101 | get_task_struct(t: tcp_rx); |
102 | get_task_struct(t: tcp_tx); |
103 | |
104 | /* lock and update sdev->ud state */ |
105 | spin_lock_irq(lock: &sdev->ud.lock); |
106 | sdev->ud.tcp_socket = socket; |
107 | sdev->ud.sockfd = sockfd; |
108 | sdev->ud.tcp_rx = tcp_rx; |
109 | sdev->ud.tcp_tx = tcp_tx; |
110 | sdev->ud.status = SDEV_ST_USED; |
111 | spin_unlock_irq(lock: &sdev->ud.lock); |
112 | |
113 | wake_up_process(tsk: sdev->ud.tcp_rx); |
114 | wake_up_process(tsk: sdev->ud.tcp_tx); |
115 | |
116 | mutex_unlock(lock: &sdev->ud.sysfs_lock); |
117 | |
118 | } else { |
119 | dev_info(dev, "stub down\n" ); |
120 | |
121 | mutex_lock(&sdev->ud.sysfs_lock); |
122 | |
123 | spin_lock_irq(lock: &sdev->ud.lock); |
124 | if (sdev->ud.status != SDEV_ST_USED) |
125 | goto err; |
126 | |
127 | spin_unlock_irq(lock: &sdev->ud.lock); |
128 | |
129 | usbip_event_add(ud: &sdev->ud, SDEV_EVENT_DOWN); |
130 | mutex_unlock(lock: &sdev->ud.sysfs_lock); |
131 | } |
132 | |
133 | return count; |
134 | |
135 | sock_err: |
136 | sockfd_put(socket); |
137 | err: |
138 | spin_unlock_irq(lock: &sdev->ud.lock); |
139 | unlock_mutex: |
140 | mutex_unlock(lock: &sdev->ud.sysfs_lock); |
141 | return -EINVAL; |
142 | } |
143 | static DEVICE_ATTR_WO(usbip_sockfd); |
144 | |
145 | static struct attribute *usbip_attrs[] = { |
146 | &dev_attr_usbip_status.attr, |
147 | &dev_attr_usbip_sockfd.attr, |
148 | &dev_attr_usbip_debug.attr, |
149 | NULL, |
150 | }; |
151 | ATTRIBUTE_GROUPS(usbip); |
152 | |
153 | static void stub_shutdown_connection(struct usbip_device *ud) |
154 | { |
155 | struct stub_device *sdev = container_of(ud, struct stub_device, ud); |
156 | |
157 | /* |
158 | * When removing an exported device, kernel panic sometimes occurred |
159 | * and then EIP was sk_wait_data of stub_rx thread. Is this because |
160 | * sk_wait_data returned though stub_rx thread was already finished by |
161 | * step 1? |
162 | */ |
163 | if (ud->tcp_socket) { |
164 | dev_dbg(&sdev->udev->dev, "shutdown sockfd %d\n" , ud->sockfd); |
165 | kernel_sock_shutdown(sock: ud->tcp_socket, how: SHUT_RDWR); |
166 | } |
167 | |
168 | /* 1. stop threads */ |
169 | if (ud->tcp_rx) { |
170 | kthread_stop_put(k: ud->tcp_rx); |
171 | ud->tcp_rx = NULL; |
172 | } |
173 | if (ud->tcp_tx) { |
174 | kthread_stop_put(k: ud->tcp_tx); |
175 | ud->tcp_tx = NULL; |
176 | } |
177 | |
178 | /* |
179 | * 2. close the socket |
180 | * |
181 | * tcp_socket is freed after threads are killed so that usbip_xmit does |
182 | * not touch NULL socket. |
183 | */ |
184 | if (ud->tcp_socket) { |
185 | sockfd_put(ud->tcp_socket); |
186 | ud->tcp_socket = NULL; |
187 | ud->sockfd = -1; |
188 | } |
189 | |
190 | /* 3. free used data */ |
191 | stub_device_cleanup_urbs(sdev); |
192 | |
193 | /* 4. free stub_unlink */ |
194 | { |
195 | unsigned long flags; |
196 | struct stub_unlink *unlink, *tmp; |
197 | |
198 | spin_lock_irqsave(&sdev->priv_lock, flags); |
199 | list_for_each_entry_safe(unlink, tmp, &sdev->unlink_tx, list) { |
200 | list_del(entry: &unlink->list); |
201 | kfree(objp: unlink); |
202 | } |
203 | list_for_each_entry_safe(unlink, tmp, &sdev->unlink_free, |
204 | list) { |
205 | list_del(entry: &unlink->list); |
206 | kfree(objp: unlink); |
207 | } |
208 | spin_unlock_irqrestore(lock: &sdev->priv_lock, flags); |
209 | } |
210 | } |
211 | |
212 | static void stub_device_reset(struct usbip_device *ud) |
213 | { |
214 | struct stub_device *sdev = container_of(ud, struct stub_device, ud); |
215 | struct usb_device *udev = sdev->udev; |
216 | int ret; |
217 | |
218 | dev_dbg(&udev->dev, "device reset" ); |
219 | |
220 | ret = usb_lock_device_for_reset(udev, NULL); |
221 | if (ret < 0) { |
222 | dev_err(&udev->dev, "lock for reset\n" ); |
223 | spin_lock_irq(lock: &ud->lock); |
224 | ud->status = SDEV_ST_ERROR; |
225 | spin_unlock_irq(lock: &ud->lock); |
226 | return; |
227 | } |
228 | |
229 | /* try to reset the device */ |
230 | ret = usb_reset_device(dev: udev); |
231 | usb_unlock_device(udev); |
232 | |
233 | spin_lock_irq(lock: &ud->lock); |
234 | if (ret) { |
235 | dev_err(&udev->dev, "device reset\n" ); |
236 | ud->status = SDEV_ST_ERROR; |
237 | } else { |
238 | dev_info(&udev->dev, "device reset\n" ); |
239 | ud->status = SDEV_ST_AVAILABLE; |
240 | } |
241 | spin_unlock_irq(lock: &ud->lock); |
242 | } |
243 | |
244 | static void stub_device_unusable(struct usbip_device *ud) |
245 | { |
246 | spin_lock_irq(lock: &ud->lock); |
247 | ud->status = SDEV_ST_ERROR; |
248 | spin_unlock_irq(lock: &ud->lock); |
249 | } |
250 | |
251 | /** |
252 | * stub_device_alloc - allocate a new stub_device struct |
253 | * @udev: usb_device of a new device |
254 | * |
255 | * Allocates and initializes a new stub_device struct. |
256 | */ |
257 | static struct stub_device *stub_device_alloc(struct usb_device *udev) |
258 | { |
259 | struct stub_device *sdev; |
260 | int busnum = udev->bus->busnum; |
261 | int devnum = udev->devnum; |
262 | |
263 | dev_dbg(&udev->dev, "allocating stub device" ); |
264 | |
265 | /* yes, it's a new device */ |
266 | sdev = kzalloc(size: sizeof(struct stub_device), GFP_KERNEL); |
267 | if (!sdev) |
268 | return NULL; |
269 | |
270 | sdev->udev = usb_get_dev(dev: udev); |
271 | |
272 | /* |
273 | * devid is defined with devnum when this driver is first allocated. |
274 | * devnum may change later if a device is reset. However, devid never |
275 | * changes during a usbip connection. |
276 | */ |
277 | sdev->devid = (busnum << 16) | devnum; |
278 | sdev->ud.side = USBIP_STUB; |
279 | sdev->ud.status = SDEV_ST_AVAILABLE; |
280 | spin_lock_init(&sdev->ud.lock); |
281 | mutex_init(&sdev->ud.sysfs_lock); |
282 | sdev->ud.tcp_socket = NULL; |
283 | sdev->ud.sockfd = -1; |
284 | |
285 | INIT_LIST_HEAD(list: &sdev->priv_init); |
286 | INIT_LIST_HEAD(list: &sdev->priv_tx); |
287 | INIT_LIST_HEAD(list: &sdev->priv_free); |
288 | INIT_LIST_HEAD(list: &sdev->unlink_free); |
289 | INIT_LIST_HEAD(list: &sdev->unlink_tx); |
290 | spin_lock_init(&sdev->priv_lock); |
291 | |
292 | init_waitqueue_head(&sdev->tx_waitq); |
293 | |
294 | sdev->ud.eh_ops.shutdown = stub_shutdown_connection; |
295 | sdev->ud.eh_ops.reset = stub_device_reset; |
296 | sdev->ud.eh_ops.unusable = stub_device_unusable; |
297 | |
298 | usbip_start_eh(ud: &sdev->ud); |
299 | |
300 | dev_dbg(&udev->dev, "register new device\n" ); |
301 | |
302 | return sdev; |
303 | } |
304 | |
305 | static void stub_device_free(struct stub_device *sdev) |
306 | { |
307 | kfree(objp: sdev); |
308 | } |
309 | |
310 | static int stub_probe(struct usb_device *udev) |
311 | { |
312 | struct stub_device *sdev = NULL; |
313 | const char *udev_busid = dev_name(dev: &udev->dev); |
314 | struct bus_id_priv *busid_priv; |
315 | int rc = 0; |
316 | char save_status; |
317 | |
318 | dev_dbg(&udev->dev, "Enter probe\n" ); |
319 | |
320 | /* Not sure if this is our device. Allocate here to avoid |
321 | * calling alloc while holding busid_table lock. |
322 | */ |
323 | sdev = stub_device_alloc(udev); |
324 | if (!sdev) |
325 | return -ENOMEM; |
326 | |
327 | /* check we should claim or not by busid_table */ |
328 | busid_priv = get_busid_priv(busid: udev_busid); |
329 | if (!busid_priv || (busid_priv->status == STUB_BUSID_REMOV) || |
330 | (busid_priv->status == STUB_BUSID_OTHER)) { |
331 | dev_info(&udev->dev, |
332 | "%s is not in match_busid table... skip!\n" , |
333 | udev_busid); |
334 | |
335 | /* |
336 | * Return value should be ENODEV or ENOXIO to continue trying |
337 | * other matched drivers by the driver core. |
338 | * See driver_probe_device() in driver/base/dd.c |
339 | */ |
340 | rc = -ENODEV; |
341 | if (!busid_priv) |
342 | goto sdev_free; |
343 | |
344 | goto call_put_busid_priv; |
345 | } |
346 | |
347 | if (udev->descriptor.bDeviceClass == USB_CLASS_HUB) { |
348 | dev_dbg(&udev->dev, "%s is a usb hub device... skip!\n" , |
349 | udev_busid); |
350 | rc = -ENODEV; |
351 | goto call_put_busid_priv; |
352 | } |
353 | |
354 | if (!strcmp(udev->bus->bus_name, "vhci_hcd" )) { |
355 | dev_dbg(&udev->dev, |
356 | "%s is attached on vhci_hcd... skip!\n" , |
357 | udev_busid); |
358 | |
359 | rc = -ENODEV; |
360 | goto call_put_busid_priv; |
361 | } |
362 | |
363 | |
364 | dev_info(&udev->dev, |
365 | "usbip-host: register new device (bus %u dev %u)\n" , |
366 | udev->bus->busnum, udev->devnum); |
367 | |
368 | busid_priv->shutdown_busid = 0; |
369 | |
370 | /* set private data to usb_device */ |
371 | dev_set_drvdata(dev: &udev->dev, data: sdev); |
372 | |
373 | busid_priv->sdev = sdev; |
374 | busid_priv->udev = udev; |
375 | |
376 | save_status = busid_priv->status; |
377 | busid_priv->status = STUB_BUSID_ALLOC; |
378 | |
379 | /* release the busid_lock */ |
380 | put_busid_priv(bid: busid_priv); |
381 | |
382 | /* |
383 | * Claim this hub port. |
384 | * It doesn't matter what value we pass as owner |
385 | * (struct dev_state) as long as it is unique. |
386 | */ |
387 | rc = usb_hub_claim_port(hdev: udev->parent, port1: udev->portnum, |
388 | owner: (struct usb_dev_state *) udev); |
389 | if (rc) { |
390 | dev_dbg(&udev->dev, "unable to claim port\n" ); |
391 | goto err_port; |
392 | } |
393 | |
394 | return 0; |
395 | |
396 | err_port: |
397 | dev_set_drvdata(dev: &udev->dev, NULL); |
398 | |
399 | /* we already have busid_priv, just lock busid_lock */ |
400 | spin_lock(lock: &busid_priv->busid_lock); |
401 | busid_priv->sdev = NULL; |
402 | busid_priv->status = save_status; |
403 | spin_unlock(lock: &busid_priv->busid_lock); |
404 | /* lock is released - go to free */ |
405 | goto sdev_free; |
406 | |
407 | call_put_busid_priv: |
408 | /* release the busid_lock */ |
409 | put_busid_priv(bid: busid_priv); |
410 | |
411 | sdev_free: |
412 | usb_put_dev(dev: udev); |
413 | stub_device_free(sdev); |
414 | |
415 | return rc; |
416 | } |
417 | |
418 | static void shutdown_busid(struct bus_id_priv *busid_priv) |
419 | { |
420 | usbip_event_add(ud: &busid_priv->sdev->ud, SDEV_EVENT_REMOVED); |
421 | |
422 | /* wait for the stop of the event handler */ |
423 | usbip_stop_eh(ud: &busid_priv->sdev->ud); |
424 | } |
425 | |
426 | /* |
427 | * called in usb_disconnect() or usb_deregister() |
428 | * but only if actconfig(active configuration) exists |
429 | */ |
430 | static void stub_disconnect(struct usb_device *udev) |
431 | { |
432 | struct stub_device *sdev; |
433 | const char *udev_busid = dev_name(dev: &udev->dev); |
434 | struct bus_id_priv *busid_priv; |
435 | int rc; |
436 | |
437 | dev_dbg(&udev->dev, "Enter disconnect\n" ); |
438 | |
439 | busid_priv = get_busid_priv(busid: udev_busid); |
440 | if (!busid_priv) { |
441 | BUG(); |
442 | return; |
443 | } |
444 | |
445 | sdev = dev_get_drvdata(dev: &udev->dev); |
446 | |
447 | /* get stub_device */ |
448 | if (!sdev) { |
449 | dev_err(&udev->dev, "could not get device" ); |
450 | /* release busid_lock */ |
451 | put_busid_priv(bid: busid_priv); |
452 | return; |
453 | } |
454 | |
455 | dev_set_drvdata(dev: &udev->dev, NULL); |
456 | |
457 | /* release busid_lock before call to remove device files */ |
458 | put_busid_priv(bid: busid_priv); |
459 | |
460 | /* |
461 | * NOTE: rx/tx threads are invoked for each usb_device. |
462 | */ |
463 | |
464 | /* release port */ |
465 | rc = usb_hub_release_port(hdev: udev->parent, port1: udev->portnum, |
466 | owner: (struct usb_dev_state *) udev); |
467 | /* |
468 | * NOTE: If a HUB disconnect triggered disconnect of the down stream |
469 | * device usb_hub_release_port will return -ENODEV so we can safely ignore |
470 | * that error here. |
471 | */ |
472 | if (rc && (rc != -ENODEV)) { |
473 | dev_dbg(&udev->dev, "unable to release port (%i)\n" , rc); |
474 | return; |
475 | } |
476 | |
477 | /* If usb reset is called from event handler */ |
478 | if (usbip_in_eh(current)) |
479 | return; |
480 | |
481 | /* we already have busid_priv, just lock busid_lock */ |
482 | spin_lock(lock: &busid_priv->busid_lock); |
483 | if (!busid_priv->shutdown_busid) |
484 | busid_priv->shutdown_busid = 1; |
485 | /* release busid_lock */ |
486 | spin_unlock(lock: &busid_priv->busid_lock); |
487 | |
488 | /* shutdown the current connection */ |
489 | shutdown_busid(busid_priv); |
490 | |
491 | usb_put_dev(dev: sdev->udev); |
492 | |
493 | /* we already have busid_priv, just lock busid_lock */ |
494 | spin_lock(lock: &busid_priv->busid_lock); |
495 | /* free sdev */ |
496 | busid_priv->sdev = NULL; |
497 | stub_device_free(sdev); |
498 | |
499 | if (busid_priv->status == STUB_BUSID_ALLOC) |
500 | busid_priv->status = STUB_BUSID_ADDED; |
501 | /* release busid_lock */ |
502 | spin_unlock(lock: &busid_priv->busid_lock); |
503 | return; |
504 | } |
505 | |
506 | #ifdef CONFIG_PM |
507 | |
508 | /* These functions need usb_port_suspend and usb_port_resume, |
509 | * which reside in drivers/usb/core/usb.h. Skip for now. */ |
510 | |
511 | static int stub_suspend(struct usb_device *udev, pm_message_t message) |
512 | { |
513 | dev_dbg(&udev->dev, "stub_suspend\n" ); |
514 | |
515 | return 0; |
516 | } |
517 | |
518 | static int stub_resume(struct usb_device *udev, pm_message_t message) |
519 | { |
520 | dev_dbg(&udev->dev, "stub_resume\n" ); |
521 | |
522 | return 0; |
523 | } |
524 | |
525 | #endif /* CONFIG_PM */ |
526 | |
527 | struct usb_device_driver stub_driver = { |
528 | .name = "usbip-host" , |
529 | .probe = stub_probe, |
530 | .disconnect = stub_disconnect, |
531 | #ifdef CONFIG_PM |
532 | .suspend = stub_suspend, |
533 | .resume = stub_resume, |
534 | #endif |
535 | .supports_autosuspend = 0, |
536 | .dev_groups = usbip_groups, |
537 | }; |
538 | |