1 | // SPDX-License-Identifier: GPL-2.0+ |
2 | /* |
3 | * Copyright (C) 2003-2008 Takahiro Hirofuchi |
4 | */ |
5 | |
6 | #include <asm/byteorder.h> |
7 | #include <linux/kthread.h> |
8 | #include <linux/usb.h> |
9 | #include <linux/usb/hcd.h> |
10 | #include <linux/scatterlist.h> |
11 | |
12 | #include "usbip_common.h" |
13 | #include "stub.h" |
14 | |
15 | static int is_clear_halt_cmd(struct urb *urb) |
16 | { |
17 | struct usb_ctrlrequest *req; |
18 | |
19 | req = (struct usb_ctrlrequest *) urb->setup_packet; |
20 | |
21 | return (req->bRequest == USB_REQ_CLEAR_FEATURE) && |
22 | (req->bRequestType == USB_RECIP_ENDPOINT) && |
23 | (req->wValue == USB_ENDPOINT_HALT); |
24 | } |
25 | |
26 | static int is_set_interface_cmd(struct urb *urb) |
27 | { |
28 | struct usb_ctrlrequest *req; |
29 | |
30 | req = (struct usb_ctrlrequest *) urb->setup_packet; |
31 | |
32 | return (req->bRequest == USB_REQ_SET_INTERFACE) && |
33 | (req->bRequestType == USB_RECIP_INTERFACE); |
34 | } |
35 | |
36 | static int is_set_configuration_cmd(struct urb *urb) |
37 | { |
38 | struct usb_ctrlrequest *req; |
39 | |
40 | req = (struct usb_ctrlrequest *) urb->setup_packet; |
41 | |
42 | return (req->bRequest == USB_REQ_SET_CONFIGURATION) && |
43 | (req->bRequestType == USB_RECIP_DEVICE); |
44 | } |
45 | |
46 | static int is_reset_device_cmd(struct urb *urb) |
47 | { |
48 | struct usb_ctrlrequest *req; |
49 | __u16 value; |
50 | __u16 index; |
51 | |
52 | req = (struct usb_ctrlrequest *) urb->setup_packet; |
53 | value = le16_to_cpu(req->wValue); |
54 | index = le16_to_cpu(req->wIndex); |
55 | |
56 | if ((req->bRequest == USB_REQ_SET_FEATURE) && |
57 | (req->bRequestType == USB_RT_PORT) && |
58 | (value == USB_PORT_FEAT_RESET)) { |
59 | usbip_dbg_stub_rx("reset_device_cmd, port %u\n" , index); |
60 | return 1; |
61 | } else |
62 | return 0; |
63 | } |
64 | |
65 | static int tweak_clear_halt_cmd(struct urb *urb) |
66 | { |
67 | struct usb_ctrlrequest *req; |
68 | int target_endp; |
69 | int target_dir; |
70 | int target_pipe; |
71 | int ret; |
72 | |
73 | req = (struct usb_ctrlrequest *) urb->setup_packet; |
74 | |
75 | /* |
76 | * The stalled endpoint is specified in the wIndex value. The endpoint |
77 | * of the urb is the target of this clear_halt request (i.e., control |
78 | * endpoint). |
79 | */ |
80 | target_endp = le16_to_cpu(req->wIndex) & 0x000f; |
81 | |
82 | /* the stalled endpoint direction is IN or OUT?. USB_DIR_IN is 0x80. */ |
83 | target_dir = le16_to_cpu(req->wIndex) & 0x0080; |
84 | |
85 | if (target_dir) |
86 | target_pipe = usb_rcvctrlpipe(urb->dev, target_endp); |
87 | else |
88 | target_pipe = usb_sndctrlpipe(urb->dev, target_endp); |
89 | |
90 | ret = usb_clear_halt(dev: urb->dev, pipe: target_pipe); |
91 | if (ret < 0) |
92 | dev_err(&urb->dev->dev, |
93 | "usb_clear_halt error: devnum %d endp %d ret %d\n" , |
94 | urb->dev->devnum, target_endp, ret); |
95 | else |
96 | dev_info(&urb->dev->dev, |
97 | "usb_clear_halt done: devnum %d endp %d\n" , |
98 | urb->dev->devnum, target_endp); |
99 | |
100 | return ret; |
101 | } |
102 | |
103 | static int tweak_set_interface_cmd(struct urb *urb) |
104 | { |
105 | struct usb_ctrlrequest *req; |
106 | __u16 alternate; |
107 | __u16 interface; |
108 | int ret; |
109 | |
110 | req = (struct usb_ctrlrequest *) urb->setup_packet; |
111 | alternate = le16_to_cpu(req->wValue); |
112 | interface = le16_to_cpu(req->wIndex); |
113 | |
114 | usbip_dbg_stub_rx("set_interface: inf %u alt %u\n" , |
115 | interface, alternate); |
116 | |
117 | ret = usb_set_interface(dev: urb->dev, ifnum: interface, alternate); |
118 | if (ret < 0) |
119 | dev_err(&urb->dev->dev, |
120 | "usb_set_interface error: inf %u alt %u ret %d\n" , |
121 | interface, alternate, ret); |
122 | else |
123 | dev_info(&urb->dev->dev, |
124 | "usb_set_interface done: inf %u alt %u\n" , |
125 | interface, alternate); |
126 | |
127 | return ret; |
128 | } |
129 | |
130 | static int tweak_set_configuration_cmd(struct urb *urb) |
131 | { |
132 | struct stub_priv *priv = (struct stub_priv *) urb->context; |
133 | struct stub_device *sdev = priv->sdev; |
134 | struct usb_ctrlrequest *req; |
135 | __u16 config; |
136 | int err; |
137 | |
138 | req = (struct usb_ctrlrequest *) urb->setup_packet; |
139 | config = le16_to_cpu(req->wValue); |
140 | |
141 | usb_lock_device(sdev->udev); |
142 | err = usb_set_configuration(dev: sdev->udev, configuration: config); |
143 | usb_unlock_device(sdev->udev); |
144 | if (err && err != -ENODEV) |
145 | dev_err(&sdev->udev->dev, "can't set config #%d, error %d\n" , |
146 | config, err); |
147 | return 0; |
148 | } |
149 | |
150 | static int tweak_reset_device_cmd(struct urb *urb) |
151 | { |
152 | struct stub_priv *priv = (struct stub_priv *) urb->context; |
153 | struct stub_device *sdev = priv->sdev; |
154 | |
155 | dev_info(&urb->dev->dev, "usb_queue_reset_device\n" ); |
156 | |
157 | if (usb_lock_device_for_reset(udev: sdev->udev, NULL) < 0) { |
158 | dev_err(&urb->dev->dev, "could not obtain lock to reset device\n" ); |
159 | return 0; |
160 | } |
161 | usb_reset_device(dev: sdev->udev); |
162 | usb_unlock_device(sdev->udev); |
163 | |
164 | return 0; |
165 | } |
166 | |
167 | /* |
168 | * clear_halt, set_interface, and set_configuration require special tricks. |
169 | */ |
170 | static void tweak_special_requests(struct urb *urb) |
171 | { |
172 | if (!urb || !urb->setup_packet) |
173 | return; |
174 | |
175 | if (usb_pipetype(urb->pipe) != PIPE_CONTROL) |
176 | return; |
177 | |
178 | if (is_clear_halt_cmd(urb)) |
179 | /* tweak clear_halt */ |
180 | tweak_clear_halt_cmd(urb); |
181 | |
182 | else if (is_set_interface_cmd(urb)) |
183 | /* tweak set_interface */ |
184 | tweak_set_interface_cmd(urb); |
185 | |
186 | else if (is_set_configuration_cmd(urb)) |
187 | /* tweak set_configuration */ |
188 | tweak_set_configuration_cmd(urb); |
189 | |
190 | else if (is_reset_device_cmd(urb)) |
191 | tweak_reset_device_cmd(urb); |
192 | else |
193 | usbip_dbg_stub_rx("no need to tweak\n" ); |
194 | } |
195 | |
196 | /* |
197 | * stub_recv_unlink() unlinks the URB by a call to usb_unlink_urb(). |
198 | * By unlinking the urb asynchronously, stub_rx can continuously |
199 | * process coming urbs. Even if the urb is unlinked, its completion |
200 | * handler will be called and stub_tx will send a return pdu. |
201 | * |
202 | * See also comments about unlinking strategy in vhci_hcd.c. |
203 | */ |
204 | static int stub_recv_cmd_unlink(struct stub_device *sdev, |
205 | struct usbip_header *pdu) |
206 | { |
207 | int ret, i; |
208 | unsigned long flags; |
209 | struct stub_priv *priv; |
210 | |
211 | spin_lock_irqsave(&sdev->priv_lock, flags); |
212 | |
213 | list_for_each_entry(priv, &sdev->priv_init, list) { |
214 | if (priv->seqnum != pdu->u.cmd_unlink.seqnum) |
215 | continue; |
216 | |
217 | /* |
218 | * This matched urb is not completed yet (i.e., be in |
219 | * flight in usb hcd hardware/driver). Now we are |
220 | * cancelling it. The unlinking flag means that we are |
221 | * now not going to return the normal result pdu of a |
222 | * submission request, but going to return a result pdu |
223 | * of the unlink request. |
224 | */ |
225 | priv->unlinking = 1; |
226 | |
227 | /* |
228 | * In the case that unlinking flag is on, prev->seqnum |
229 | * is changed from the seqnum of the cancelling urb to |
230 | * the seqnum of the unlink request. This will be used |
231 | * to make the result pdu of the unlink request. |
232 | */ |
233 | priv->seqnum = pdu->base.seqnum; |
234 | |
235 | spin_unlock_irqrestore(lock: &sdev->priv_lock, flags); |
236 | |
237 | /* |
238 | * usb_unlink_urb() is now out of spinlocking to avoid |
239 | * spinlock recursion since stub_complete() is |
240 | * sometimes called in this context but not in the |
241 | * interrupt context. If stub_complete() is executed |
242 | * before we call usb_unlink_urb(), usb_unlink_urb() |
243 | * will return an error value. In this case, stub_tx |
244 | * will return the result pdu of this unlink request |
245 | * though submission is completed and actual unlinking |
246 | * is not executed. OK? |
247 | */ |
248 | /* In the above case, urb->status is not -ECONNRESET, |
249 | * so a driver in a client host will know the failure |
250 | * of the unlink request ? |
251 | */ |
252 | for (i = priv->completed_urbs; i < priv->num_urbs; i++) { |
253 | ret = usb_unlink_urb(urb: priv->urbs[i]); |
254 | if (ret != -EINPROGRESS) |
255 | dev_err(&priv->urbs[i]->dev->dev, |
256 | "failed to unlink %d/%d urb of seqnum %lu, ret %d\n" , |
257 | i + 1, priv->num_urbs, |
258 | priv->seqnum, ret); |
259 | } |
260 | return 0; |
261 | } |
262 | |
263 | usbip_dbg_stub_rx("seqnum %d is not pending\n" , |
264 | pdu->u.cmd_unlink.seqnum); |
265 | |
266 | /* |
267 | * The urb of the unlink target is not found in priv_init queue. It was |
268 | * already completed and its results is/was going to be sent by a |
269 | * CMD_RET pdu. In this case, usb_unlink_urb() is not needed. We only |
270 | * return the completeness of this unlink request to vhci_hcd. |
271 | */ |
272 | stub_enqueue_ret_unlink(sdev, seqnum: pdu->base.seqnum, status: 0); |
273 | |
274 | spin_unlock_irqrestore(lock: &sdev->priv_lock, flags); |
275 | |
276 | return 0; |
277 | } |
278 | |
279 | static int valid_request(struct stub_device *sdev, struct usbip_header *pdu) |
280 | { |
281 | struct usbip_device *ud = &sdev->ud; |
282 | int valid = 0; |
283 | |
284 | if (pdu->base.devid == sdev->devid) { |
285 | spin_lock_irq(lock: &ud->lock); |
286 | if (ud->status == SDEV_ST_USED) { |
287 | /* A request is valid. */ |
288 | valid = 1; |
289 | } |
290 | spin_unlock_irq(lock: &ud->lock); |
291 | } |
292 | |
293 | return valid; |
294 | } |
295 | |
296 | static struct stub_priv *stub_priv_alloc(struct stub_device *sdev, |
297 | struct usbip_header *pdu) |
298 | { |
299 | struct stub_priv *priv; |
300 | struct usbip_device *ud = &sdev->ud; |
301 | unsigned long flags; |
302 | |
303 | spin_lock_irqsave(&sdev->priv_lock, flags); |
304 | |
305 | priv = kmem_cache_zalloc(k: stub_priv_cache, GFP_ATOMIC); |
306 | if (!priv) { |
307 | dev_err(&sdev->udev->dev, "alloc stub_priv\n" ); |
308 | spin_unlock_irqrestore(lock: &sdev->priv_lock, flags); |
309 | usbip_event_add(ud, SDEV_EVENT_ERROR_MALLOC); |
310 | return NULL; |
311 | } |
312 | |
313 | priv->seqnum = pdu->base.seqnum; |
314 | priv->sdev = sdev; |
315 | |
316 | /* |
317 | * After a stub_priv is linked to a list_head, |
318 | * our error handler can free allocated data. |
319 | */ |
320 | list_add_tail(new: &priv->list, head: &sdev->priv_init); |
321 | |
322 | spin_unlock_irqrestore(lock: &sdev->priv_lock, flags); |
323 | |
324 | return priv; |
325 | } |
326 | |
327 | static int get_pipe(struct stub_device *sdev, struct usbip_header *pdu) |
328 | { |
329 | struct usb_device *udev = sdev->udev; |
330 | struct usb_host_endpoint *ep; |
331 | struct usb_endpoint_descriptor *epd = NULL; |
332 | int epnum = pdu->base.ep; |
333 | int dir = pdu->base.direction; |
334 | |
335 | if (epnum < 0 || epnum > 15) |
336 | goto err_ret; |
337 | |
338 | if (dir == USBIP_DIR_IN) |
339 | ep = udev->ep_in[epnum & 0x7f]; |
340 | else |
341 | ep = udev->ep_out[epnum & 0x7f]; |
342 | if (!ep) |
343 | goto err_ret; |
344 | |
345 | epd = &ep->desc; |
346 | |
347 | if (usb_endpoint_xfer_control(epd)) { |
348 | if (dir == USBIP_DIR_OUT) |
349 | return usb_sndctrlpipe(udev, epnum); |
350 | else |
351 | return usb_rcvctrlpipe(udev, epnum); |
352 | } |
353 | |
354 | if (usb_endpoint_xfer_bulk(epd)) { |
355 | if (dir == USBIP_DIR_OUT) |
356 | return usb_sndbulkpipe(udev, epnum); |
357 | else |
358 | return usb_rcvbulkpipe(udev, epnum); |
359 | } |
360 | |
361 | if (usb_endpoint_xfer_int(epd)) { |
362 | if (dir == USBIP_DIR_OUT) |
363 | return usb_sndintpipe(udev, epnum); |
364 | else |
365 | return usb_rcvintpipe(udev, epnum); |
366 | } |
367 | |
368 | if (usb_endpoint_xfer_isoc(epd)) { |
369 | /* validate number of packets */ |
370 | if (pdu->u.cmd_submit.number_of_packets < 0 || |
371 | pdu->u.cmd_submit.number_of_packets > |
372 | USBIP_MAX_ISO_PACKETS) { |
373 | dev_err(&sdev->udev->dev, |
374 | "CMD_SUBMIT: isoc invalid num packets %d\n" , |
375 | pdu->u.cmd_submit.number_of_packets); |
376 | return -1; |
377 | } |
378 | if (dir == USBIP_DIR_OUT) |
379 | return usb_sndisocpipe(udev, epnum); |
380 | else |
381 | return usb_rcvisocpipe(udev, epnum); |
382 | } |
383 | |
384 | err_ret: |
385 | /* NOT REACHED */ |
386 | dev_err(&sdev->udev->dev, "CMD_SUBMIT: invalid epnum %d\n" , epnum); |
387 | return -1; |
388 | } |
389 | |
390 | static void masking_bogus_flags(struct urb *urb) |
391 | { |
392 | int xfertype; |
393 | struct usb_device *dev; |
394 | struct usb_host_endpoint *ep; |
395 | int is_out; |
396 | unsigned int allowed; |
397 | |
398 | if (!urb || urb->hcpriv || !urb->complete) |
399 | return; |
400 | dev = urb->dev; |
401 | if ((!dev) || (dev->state < USB_STATE_UNAUTHENTICATED)) |
402 | return; |
403 | |
404 | ep = (usb_pipein(urb->pipe) ? dev->ep_in : dev->ep_out) |
405 | [usb_pipeendpoint(urb->pipe)]; |
406 | if (!ep) |
407 | return; |
408 | |
409 | xfertype = usb_endpoint_type(epd: &ep->desc); |
410 | if (xfertype == USB_ENDPOINT_XFER_CONTROL) { |
411 | struct usb_ctrlrequest *setup = |
412 | (struct usb_ctrlrequest *) urb->setup_packet; |
413 | |
414 | if (!setup) |
415 | return; |
416 | is_out = !(setup->bRequestType & USB_DIR_IN) || |
417 | !setup->wLength; |
418 | } else { |
419 | is_out = usb_endpoint_dir_out(epd: &ep->desc); |
420 | } |
421 | |
422 | /* enforce simple/standard policy */ |
423 | allowed = (URB_NO_TRANSFER_DMA_MAP | URB_NO_INTERRUPT | |
424 | URB_DIR_MASK | URB_FREE_BUFFER); |
425 | switch (xfertype) { |
426 | case USB_ENDPOINT_XFER_BULK: |
427 | if (is_out) |
428 | allowed |= URB_ZERO_PACKET; |
429 | fallthrough; |
430 | default: /* all non-iso endpoints */ |
431 | if (!is_out) |
432 | allowed |= URB_SHORT_NOT_OK; |
433 | break; |
434 | case USB_ENDPOINT_XFER_ISOC: |
435 | allowed |= URB_ISO_ASAP; |
436 | break; |
437 | } |
438 | urb->transfer_flags &= allowed; |
439 | } |
440 | |
441 | static int stub_recv_xbuff(struct usbip_device *ud, struct stub_priv *priv) |
442 | { |
443 | int ret; |
444 | int i; |
445 | |
446 | for (i = 0; i < priv->num_urbs; i++) { |
447 | ret = usbip_recv_xbuff(ud, urb: priv->urbs[i]); |
448 | if (ret < 0) |
449 | break; |
450 | } |
451 | |
452 | return ret; |
453 | } |
454 | |
455 | static void stub_recv_cmd_submit(struct stub_device *sdev, |
456 | struct usbip_header *pdu) |
457 | { |
458 | struct stub_priv *priv; |
459 | struct usbip_device *ud = &sdev->ud; |
460 | struct usb_device *udev = sdev->udev; |
461 | struct scatterlist *sgl = NULL, *sg; |
462 | void *buffer = NULL; |
463 | unsigned long long buf_len; |
464 | int nents; |
465 | int num_urbs = 1; |
466 | int pipe = get_pipe(sdev, pdu); |
467 | int use_sg = pdu->u.cmd_submit.transfer_flags & USBIP_URB_DMA_MAP_SG; |
468 | int support_sg = 1; |
469 | int np = 0; |
470 | int ret, i; |
471 | |
472 | if (pipe == -1) |
473 | return; |
474 | |
475 | /* |
476 | * Smatch reported the error case where use_sg is true and buf_len is 0. |
477 | * In this case, It adds SDEV_EVENT_ERROR_MALLOC and stub_priv will be |
478 | * released by stub event handler and connection will be shut down. |
479 | */ |
480 | priv = stub_priv_alloc(sdev, pdu); |
481 | if (!priv) |
482 | return; |
483 | |
484 | buf_len = (unsigned long long)pdu->u.cmd_submit.transfer_buffer_length; |
485 | |
486 | if (use_sg && !buf_len) { |
487 | dev_err(&udev->dev, "sg buffer with zero length\n" ); |
488 | goto err_malloc; |
489 | } |
490 | |
491 | /* allocate urb transfer buffer, if needed */ |
492 | if (buf_len) { |
493 | if (use_sg) { |
494 | sgl = sgl_alloc(length: buf_len, GFP_KERNEL, nent_p: &nents); |
495 | if (!sgl) |
496 | goto err_malloc; |
497 | |
498 | /* Check if the server's HCD supports SG */ |
499 | if (!udev->bus->sg_tablesize) { |
500 | /* |
501 | * If the server's HCD doesn't support SG, break |
502 | * a single SG request into several URBs and map |
503 | * each SG list entry to corresponding URB |
504 | * buffer. The previously allocated SG list is |
505 | * stored in priv->sgl (If the server's HCD |
506 | * support SG, SG list is stored only in |
507 | * urb->sg) and it is used as an indicator that |
508 | * the server split single SG request into |
509 | * several URBs. Later, priv->sgl is used by |
510 | * stub_complete() and stub_send_ret_submit() to |
511 | * reassemble the divied URBs. |
512 | */ |
513 | support_sg = 0; |
514 | num_urbs = nents; |
515 | priv->completed_urbs = 0; |
516 | pdu->u.cmd_submit.transfer_flags &= |
517 | ~USBIP_URB_DMA_MAP_SG; |
518 | } |
519 | } else { |
520 | buffer = kzalloc(size: buf_len, GFP_KERNEL); |
521 | if (!buffer) |
522 | goto err_malloc; |
523 | } |
524 | } |
525 | |
526 | /* allocate urb array */ |
527 | priv->num_urbs = num_urbs; |
528 | priv->urbs = kmalloc_array(n: num_urbs, size: sizeof(*priv->urbs), GFP_KERNEL); |
529 | if (!priv->urbs) |
530 | goto err_urbs; |
531 | |
532 | /* setup a urb */ |
533 | if (support_sg) { |
534 | if (usb_pipeisoc(pipe)) |
535 | np = pdu->u.cmd_submit.number_of_packets; |
536 | |
537 | priv->urbs[0] = usb_alloc_urb(iso_packets: np, GFP_KERNEL); |
538 | if (!priv->urbs[0]) |
539 | goto err_urb; |
540 | |
541 | if (buf_len) { |
542 | if (use_sg) { |
543 | priv->urbs[0]->sg = sgl; |
544 | priv->urbs[0]->num_sgs = nents; |
545 | priv->urbs[0]->transfer_buffer = NULL; |
546 | } else { |
547 | priv->urbs[0]->transfer_buffer = buffer; |
548 | } |
549 | } |
550 | |
551 | /* copy urb setup packet */ |
552 | priv->urbs[0]->setup_packet = kmemdup(p: &pdu->u.cmd_submit.setup, |
553 | size: 8, GFP_KERNEL); |
554 | if (!priv->urbs[0]->setup_packet) { |
555 | usbip_event_add(ud, SDEV_EVENT_ERROR_MALLOC); |
556 | return; |
557 | } |
558 | |
559 | usbip_pack_pdu(pdu, urb: priv->urbs[0], USBIP_CMD_SUBMIT, pack: 0); |
560 | } else { |
561 | for_each_sg(sgl, sg, nents, i) { |
562 | priv->urbs[i] = usb_alloc_urb(iso_packets: 0, GFP_KERNEL); |
563 | /* The URBs which is previously allocated will be freed |
564 | * in stub_device_cleanup_urbs() if error occurs. |
565 | */ |
566 | if (!priv->urbs[i]) |
567 | goto err_urb; |
568 | |
569 | usbip_pack_pdu(pdu, urb: priv->urbs[i], USBIP_CMD_SUBMIT, pack: 0); |
570 | priv->urbs[i]->transfer_buffer = sg_virt(sg); |
571 | priv->urbs[i]->transfer_buffer_length = sg->length; |
572 | } |
573 | priv->sgl = sgl; |
574 | } |
575 | |
576 | for (i = 0; i < num_urbs; i++) { |
577 | /* set other members from the base header of pdu */ |
578 | priv->urbs[i]->context = (void *) priv; |
579 | priv->urbs[i]->dev = udev; |
580 | priv->urbs[i]->pipe = pipe; |
581 | priv->urbs[i]->complete = stub_complete; |
582 | |
583 | /* no need to submit an intercepted request, but harmless? */ |
584 | tweak_special_requests(urb: priv->urbs[i]); |
585 | |
586 | masking_bogus_flags(urb: priv->urbs[i]); |
587 | } |
588 | |
589 | if (stub_recv_xbuff(ud, priv) < 0) |
590 | return; |
591 | |
592 | if (usbip_recv_iso(ud, urb: priv->urbs[0]) < 0) |
593 | return; |
594 | |
595 | /* urb is now ready to submit */ |
596 | for (i = 0; i < priv->num_urbs; i++) { |
597 | ret = usb_submit_urb(urb: priv->urbs[i], GFP_KERNEL); |
598 | |
599 | if (ret == 0) |
600 | usbip_dbg_stub_rx("submit urb ok, seqnum %u\n" , |
601 | pdu->base.seqnum); |
602 | else { |
603 | dev_err(&udev->dev, "submit_urb error, %d\n" , ret); |
604 | usbip_dump_header(pdu); |
605 | usbip_dump_urb(purb: priv->urbs[i]); |
606 | |
607 | /* |
608 | * Pessimistic. |
609 | * This connection will be discarded. |
610 | */ |
611 | usbip_event_add(ud, SDEV_EVENT_ERROR_SUBMIT); |
612 | break; |
613 | } |
614 | } |
615 | |
616 | usbip_dbg_stub_rx("Leave\n" ); |
617 | return; |
618 | |
619 | err_urb: |
620 | kfree(objp: priv->urbs); |
621 | err_urbs: |
622 | kfree(objp: buffer); |
623 | sgl_free(sgl); |
624 | err_malloc: |
625 | usbip_event_add(ud, SDEV_EVENT_ERROR_MALLOC); |
626 | } |
627 | |
628 | /* recv a pdu */ |
629 | static void stub_rx_pdu(struct usbip_device *ud) |
630 | { |
631 | int ret; |
632 | struct usbip_header pdu; |
633 | struct stub_device *sdev = container_of(ud, struct stub_device, ud); |
634 | struct device *dev = &sdev->udev->dev; |
635 | |
636 | usbip_dbg_stub_rx("Enter\n" ); |
637 | |
638 | memset(&pdu, 0, sizeof(pdu)); |
639 | |
640 | /* receive a pdu header */ |
641 | ret = usbip_recv(sock: ud->tcp_socket, buf: &pdu, size: sizeof(pdu)); |
642 | if (ret != sizeof(pdu)) { |
643 | dev_err(dev, "recv a header, %d\n" , ret); |
644 | usbip_event_add(ud, SDEV_EVENT_ERROR_TCP); |
645 | return; |
646 | } |
647 | |
648 | usbip_header_correct_endian(pdu: &pdu, send: 0); |
649 | |
650 | if (usbip_dbg_flag_stub_rx) |
651 | usbip_dump_header(pdu: &pdu); |
652 | |
653 | if (!valid_request(sdev, pdu: &pdu)) { |
654 | dev_err(dev, "recv invalid request\n" ); |
655 | usbip_event_add(ud, SDEV_EVENT_ERROR_TCP); |
656 | return; |
657 | } |
658 | |
659 | switch (pdu.base.command) { |
660 | case USBIP_CMD_UNLINK: |
661 | stub_recv_cmd_unlink(sdev, pdu: &pdu); |
662 | break; |
663 | |
664 | case USBIP_CMD_SUBMIT: |
665 | stub_recv_cmd_submit(sdev, pdu: &pdu); |
666 | break; |
667 | |
668 | default: |
669 | /* NOTREACHED */ |
670 | dev_err(dev, "unknown pdu\n" ); |
671 | usbip_event_add(ud, SDEV_EVENT_ERROR_TCP); |
672 | break; |
673 | } |
674 | } |
675 | |
676 | int stub_rx_loop(void *data) |
677 | { |
678 | struct usbip_device *ud = data; |
679 | |
680 | while (!kthread_should_stop()) { |
681 | if (usbip_event_happened(ud)) |
682 | break; |
683 | |
684 | stub_rx_pdu(ud); |
685 | } |
686 | |
687 | return 0; |
688 | } |
689 | |