1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Copyright (C) 2003-2008 Takahiro Hirofuchi
4 */
5
6 #include <linux/device.h>
7 #include <linux/file.h>
8 #include <linux/kthread.h>
9 #include <linux/module.h>
10
11 #include "usbip_common.h"
12 #include "stub.h"
13
14 /*
15 * usbip_status shows the status of usbip-host as long as this driver is bound
16 * to the target device.
17 */
usbip_status_show(struct device * dev,struct device_attribute * attr,char * buf)18 static ssize_t usbip_status_show(struct device *dev,
19 struct device_attribute *attr, char *buf)
20 {
21 struct stub_device *sdev = dev_get_drvdata(dev);
22 int status;
23
24 if (!sdev) {
25 dev_err(dev, "sdev is null\n");
26 return -ENODEV;
27 }
28
29 spin_lock_irq(&sdev->ud.lock);
30 status = sdev->ud.status;
31 spin_unlock_irq(&sdev->ud.lock);
32
33 return snprintf(buf, PAGE_SIZE, "%d\n", status);
34 }
35 static DEVICE_ATTR_RO(usbip_status);
36
37 /*
38 * usbip_sockfd gets a socket descriptor of an established TCP connection that
39 * is used to transfer usbip requests by kernel threads. -1 is a magic number
40 * by which usbip connection is finished.
41 */
usbip_sockfd_store(struct device * dev,struct device_attribute * attr,const char * buf,size_t count)42 static ssize_t usbip_sockfd_store(struct device *dev, struct device_attribute *attr,
43 const char *buf, size_t count)
44 {
45 struct stub_device *sdev = dev_get_drvdata(dev);
46 int sockfd = 0;
47 struct socket *socket;
48 int rv;
49
50 if (!sdev) {
51 dev_err(dev, "sdev is null\n");
52 return -ENODEV;
53 }
54
55 rv = sscanf(buf, "%d", &sockfd);
56 if (rv != 1)
57 return -EINVAL;
58
59 if (sockfd != -1) {
60 int err;
61
62 dev_info(dev, "stub up\n");
63
64 spin_lock_irq(&sdev->ud.lock);
65
66 if (sdev->ud.status != SDEV_ST_AVAILABLE) {
67 dev_err(dev, "not ready\n");
68 goto err;
69 }
70
71 socket = sockfd_lookup(sockfd, &err);
72 if (!socket)
73 goto err;
74
75 sdev->ud.tcp_socket = socket;
76 sdev->ud.sockfd = sockfd;
77
78 spin_unlock_irq(&sdev->ud.lock);
79
80 sdev->ud.tcp_rx = kthread_get_run(stub_rx_loop, &sdev->ud,
81 "stub_rx");
82 sdev->ud.tcp_tx = kthread_get_run(stub_tx_loop, &sdev->ud,
83 "stub_tx");
84
85 spin_lock_irq(&sdev->ud.lock);
86 sdev->ud.status = SDEV_ST_USED;
87 spin_unlock_irq(&sdev->ud.lock);
88
89 } else {
90 dev_info(dev, "stub down\n");
91
92 spin_lock_irq(&sdev->ud.lock);
93 if (sdev->ud.status != SDEV_ST_USED)
94 goto err;
95
96 spin_unlock_irq(&sdev->ud.lock);
97
98 usbip_event_add(&sdev->ud, SDEV_EVENT_DOWN);
99 }
100
101 return count;
102
103 err:
104 spin_unlock_irq(&sdev->ud.lock);
105 return -EINVAL;
106 }
107 static DEVICE_ATTR_WO(usbip_sockfd);
108
109 static struct attribute *usbip_attrs[] = {
110 &dev_attr_usbip_status.attr,
111 &dev_attr_usbip_sockfd.attr,
112 &dev_attr_usbip_debug.attr,
113 NULL,
114 };
115 ATTRIBUTE_GROUPS(usbip);
116
stub_shutdown_connection(struct usbip_device * ud)117 static void stub_shutdown_connection(struct usbip_device *ud)
118 {
119 struct stub_device *sdev = container_of(ud, struct stub_device, ud);
120
121 /*
122 * When removing an exported device, kernel panic sometimes occurred
123 * and then EIP was sk_wait_data of stub_rx thread. Is this because
124 * sk_wait_data returned though stub_rx thread was already finished by
125 * step 1?
126 */
127 if (ud->tcp_socket) {
128 dev_dbg(&sdev->udev->dev, "shutdown sockfd %d\n", ud->sockfd);
129 kernel_sock_shutdown(ud->tcp_socket, SHUT_RDWR);
130 }
131
132 /* 1. stop threads */
133 if (ud->tcp_rx) {
134 kthread_stop_put(ud->tcp_rx);
135 ud->tcp_rx = NULL;
136 }
137 if (ud->tcp_tx) {
138 kthread_stop_put(ud->tcp_tx);
139 ud->tcp_tx = NULL;
140 }
141
142 /*
143 * 2. close the socket
144 *
145 * tcp_socket is freed after threads are killed so that usbip_xmit does
146 * not touch NULL socket.
147 */
148 if (ud->tcp_socket) {
149 sockfd_put(ud->tcp_socket);
150 ud->tcp_socket = NULL;
151 ud->sockfd = -1;
152 }
153
154 /* 3. free used data */
155 stub_device_cleanup_urbs(sdev);
156
157 /* 4. free stub_unlink */
158 {
159 unsigned long flags;
160 struct stub_unlink *unlink, *tmp;
161
162 spin_lock_irqsave(&sdev->priv_lock, flags);
163 list_for_each_entry_safe(unlink, tmp, &sdev->unlink_tx, list) {
164 list_del(&unlink->list);
165 kfree(unlink);
166 }
167 list_for_each_entry_safe(unlink, tmp, &sdev->unlink_free,
168 list) {
169 list_del(&unlink->list);
170 kfree(unlink);
171 }
172 spin_unlock_irqrestore(&sdev->priv_lock, flags);
173 }
174 }
175
stub_device_reset(struct usbip_device * ud)176 static void stub_device_reset(struct usbip_device *ud)
177 {
178 struct stub_device *sdev = container_of(ud, struct stub_device, ud);
179 struct usb_device *udev = sdev->udev;
180 int ret;
181
182 dev_dbg(&udev->dev, "device reset");
183
184 ret = usb_lock_device_for_reset(udev, NULL);
185 if (ret < 0) {
186 dev_err(&udev->dev, "lock for reset\n");
187 spin_lock_irq(&ud->lock);
188 ud->status = SDEV_ST_ERROR;
189 spin_unlock_irq(&ud->lock);
190 return;
191 }
192
193 /* try to reset the device */
194 ret = usb_reset_device(udev);
195 usb_unlock_device(udev);
196
197 spin_lock_irq(&ud->lock);
198 if (ret) {
199 dev_err(&udev->dev, "device reset\n");
200 ud->status = SDEV_ST_ERROR;
201 } else {
202 dev_info(&udev->dev, "device reset\n");
203 ud->status = SDEV_ST_AVAILABLE;
204 }
205 spin_unlock_irq(&ud->lock);
206 }
207
stub_device_unusable(struct usbip_device * ud)208 static void stub_device_unusable(struct usbip_device *ud)
209 {
210 spin_lock_irq(&ud->lock);
211 ud->status = SDEV_ST_ERROR;
212 spin_unlock_irq(&ud->lock);
213 }
214
215 /**
216 * stub_device_alloc - allocate a new stub_device struct
217 * @udev: usb_device of a new device
218 *
219 * Allocates and initializes a new stub_device struct.
220 */
stub_device_alloc(struct usb_device * udev)221 static struct stub_device *stub_device_alloc(struct usb_device *udev)
222 {
223 struct stub_device *sdev;
224 int busnum = udev->bus->busnum;
225 int devnum = udev->devnum;
226
227 dev_dbg(&udev->dev, "allocating stub device");
228
229 /* yes, it's a new device */
230 sdev = kzalloc(sizeof(struct stub_device), GFP_KERNEL);
231 if (!sdev)
232 return NULL;
233
234 sdev->udev = usb_get_dev(udev);
235
236 /*
237 * devid is defined with devnum when this driver is first allocated.
238 * devnum may change later if a device is reset. However, devid never
239 * changes during a usbip connection.
240 */
241 sdev->devid = (busnum << 16) | devnum;
242 sdev->ud.side = USBIP_STUB;
243 sdev->ud.status = SDEV_ST_AVAILABLE;
244 spin_lock_init(&sdev->ud.lock);
245 sdev->ud.tcp_socket = NULL;
246 sdev->ud.sockfd = -1;
247
248 INIT_LIST_HEAD(&sdev->priv_init);
249 INIT_LIST_HEAD(&sdev->priv_tx);
250 INIT_LIST_HEAD(&sdev->priv_free);
251 INIT_LIST_HEAD(&sdev->unlink_free);
252 INIT_LIST_HEAD(&sdev->unlink_tx);
253 spin_lock_init(&sdev->priv_lock);
254
255 init_waitqueue_head(&sdev->tx_waitq);
256
257 sdev->ud.eh_ops.shutdown = stub_shutdown_connection;
258 sdev->ud.eh_ops.reset = stub_device_reset;
259 sdev->ud.eh_ops.unusable = stub_device_unusable;
260
261 usbip_start_eh(&sdev->ud);
262
263 dev_dbg(&udev->dev, "register new device\n");
264
265 return sdev;
266 }
267
stub_device_free(struct stub_device * sdev)268 static void stub_device_free(struct stub_device *sdev)
269 {
270 kfree(sdev);
271 }
272
stub_probe(struct usb_device * udev)273 static int stub_probe(struct usb_device *udev)
274 {
275 struct stub_device *sdev = NULL;
276 const char *udev_busid = dev_name(&udev->dev);
277 struct bus_id_priv *busid_priv;
278 int rc = 0;
279 char save_status;
280
281 dev_dbg(&udev->dev, "Enter probe\n");
282
283 /* Not sure if this is our device. Allocate here to avoid
284 * calling alloc while holding busid_table lock.
285 */
286 sdev = stub_device_alloc(udev);
287 if (!sdev)
288 return -ENOMEM;
289
290 /* check we should claim or not by busid_table */
291 busid_priv = get_busid_priv(udev_busid);
292 if (!busid_priv || (busid_priv->status == STUB_BUSID_REMOV) ||
293 (busid_priv->status == STUB_BUSID_OTHER)) {
294 dev_info(&udev->dev,
295 "%s is not in match_busid table... skip!\n",
296 udev_busid);
297
298 /*
299 * Return value should be ENODEV or ENOXIO to continue trying
300 * other matched drivers by the driver core.
301 * See driver_probe_device() in driver/base/dd.c
302 */
303 rc = -ENODEV;
304 if (!busid_priv)
305 goto sdev_free;
306
307 goto call_put_busid_priv;
308 }
309
310 if (udev->descriptor.bDeviceClass == USB_CLASS_HUB) {
311 dev_dbg(&udev->dev, "%s is a usb hub device... skip!\n",
312 udev_busid);
313 rc = -ENODEV;
314 goto call_put_busid_priv;
315 }
316
317 if (!strcmp(udev->bus->bus_name, "vhci_hcd")) {
318 dev_dbg(&udev->dev,
319 "%s is attached on vhci_hcd... skip!\n",
320 udev_busid);
321
322 rc = -ENODEV;
323 goto call_put_busid_priv;
324 }
325
326
327 dev_info(&udev->dev,
328 "usbip-host: register new device (bus %u dev %u)\n",
329 udev->bus->busnum, udev->devnum);
330
331 busid_priv->shutdown_busid = 0;
332
333 /* set private data to usb_device */
334 dev_set_drvdata(&udev->dev, sdev);
335
336 busid_priv->sdev = sdev;
337 busid_priv->udev = udev;
338
339 save_status = busid_priv->status;
340 busid_priv->status = STUB_BUSID_ALLOC;
341
342 /* release the busid_lock */
343 put_busid_priv(busid_priv);
344
345 /*
346 * Claim this hub port.
347 * It doesn't matter what value we pass as owner
348 * (struct dev_state) as long as it is unique.
349 */
350 rc = usb_hub_claim_port(udev->parent, udev->portnum,
351 (struct usb_dev_state *) udev);
352 if (rc) {
353 dev_dbg(&udev->dev, "unable to claim port\n");
354 goto err_port;
355 }
356
357 return 0;
358
359 err_port:
360 dev_set_drvdata(&udev->dev, NULL);
361 usb_put_dev(udev);
362
363 /* we already have busid_priv, just lock busid_lock */
364 spin_lock(&busid_priv->busid_lock);
365 busid_priv->sdev = NULL;
366 busid_priv->status = save_status;
367 spin_unlock(&busid_priv->busid_lock);
368 /* lock is released - go to free */
369 goto sdev_free;
370
371 call_put_busid_priv:
372 /* release the busid_lock */
373 put_busid_priv(busid_priv);
374
375 sdev_free:
376 stub_device_free(sdev);
377
378 return rc;
379 }
380
shutdown_busid(struct bus_id_priv * busid_priv)381 static void shutdown_busid(struct bus_id_priv *busid_priv)
382 {
383 usbip_event_add(&busid_priv->sdev->ud, SDEV_EVENT_REMOVED);
384
385 /* wait for the stop of the event handler */
386 usbip_stop_eh(&busid_priv->sdev->ud);
387 }
388
389 /*
390 * called in usb_disconnect() or usb_deregister()
391 * but only if actconfig(active configuration) exists
392 */
stub_disconnect(struct usb_device * udev)393 static void stub_disconnect(struct usb_device *udev)
394 {
395 struct stub_device *sdev;
396 const char *udev_busid = dev_name(&udev->dev);
397 struct bus_id_priv *busid_priv;
398 int rc;
399
400 dev_dbg(&udev->dev, "Enter disconnect\n");
401
402 busid_priv = get_busid_priv(udev_busid);
403 if (!busid_priv) {
404 BUG();
405 return;
406 }
407
408 sdev = dev_get_drvdata(&udev->dev);
409
410 /* get stub_device */
411 if (!sdev) {
412 dev_err(&udev->dev, "could not get device");
413 /* release busid_lock */
414 put_busid_priv(busid_priv);
415 return;
416 }
417
418 dev_set_drvdata(&udev->dev, NULL);
419
420 /* release busid_lock before call to remove device files */
421 put_busid_priv(busid_priv);
422
423 /*
424 * NOTE: rx/tx threads are invoked for each usb_device.
425 */
426
427 /* release port */
428 rc = usb_hub_release_port(udev->parent, udev->portnum,
429 (struct usb_dev_state *) udev);
430 if (rc) {
431 dev_dbg(&udev->dev, "unable to release port\n");
432 return;
433 }
434
435 /* If usb reset is called from event handler */
436 if (usbip_in_eh(current))
437 return;
438
439 /* we already have busid_priv, just lock busid_lock */
440 spin_lock(&busid_priv->busid_lock);
441 if (!busid_priv->shutdown_busid)
442 busid_priv->shutdown_busid = 1;
443 /* release busid_lock */
444 spin_unlock(&busid_priv->busid_lock);
445
446 /* shutdown the current connection */
447 shutdown_busid(busid_priv);
448
449 usb_put_dev(sdev->udev);
450
451 /* we already have busid_priv, just lock busid_lock */
452 spin_lock(&busid_priv->busid_lock);
453 /* free sdev */
454 busid_priv->sdev = NULL;
455 stub_device_free(sdev);
456
457 if (busid_priv->status == STUB_BUSID_ALLOC)
458 busid_priv->status = STUB_BUSID_ADDED;
459 /* release busid_lock */
460 spin_unlock(&busid_priv->busid_lock);
461 return;
462 }
463
464 #ifdef CONFIG_PM
465
466 /* These functions need usb_port_suspend and usb_port_resume,
467 * which reside in drivers/usb/core/usb.h. Skip for now. */
468
stub_suspend(struct usb_device * udev,pm_message_t message)469 static int stub_suspend(struct usb_device *udev, pm_message_t message)
470 {
471 dev_dbg(&udev->dev, "stub_suspend\n");
472
473 return 0;
474 }
475
stub_resume(struct usb_device * udev,pm_message_t message)476 static int stub_resume(struct usb_device *udev, pm_message_t message)
477 {
478 dev_dbg(&udev->dev, "stub_resume\n");
479
480 return 0;
481 }
482
483 #endif /* CONFIG_PM */
484
485 struct usb_device_driver stub_driver = {
486 .name = "usbip-host",
487 .probe = stub_probe,
488 .disconnect = stub_disconnect,
489 #ifdef CONFIG_PM
490 .suspend = stub_suspend,
491 .resume = stub_resume,
492 #endif
493 .supports_autosuspend = 0,
494 .dev_groups = usbip_groups,
495 };
496