1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Copyright (C) 2003-2008 Takahiro Hirofuchi
4 */
5
6 #include <linux/device.h>
7 #include <linux/file.h>
8 #include <linux/kthread.h>
9 #include <linux/module.h>
10
11 #include "usbip_common.h"
12 #include "stub.h"
13
14 /*
15 * usbip_status shows the status of usbip-host as long as this driver is bound
16 * to the target device.
17 */
usbip_status_show(struct device * dev,struct device_attribute * attr,char * buf)18 static ssize_t usbip_status_show(struct device *dev,
19 struct device_attribute *attr, char *buf)
20 {
21 struct stub_device *sdev = dev_get_drvdata(dev);
22 int status;
23
24 if (!sdev) {
25 dev_err(dev, "sdev is null\n");
26 return -ENODEV;
27 }
28
29 spin_lock_irq(&sdev->ud.lock);
30 status = sdev->ud.status;
31 spin_unlock_irq(&sdev->ud.lock);
32
33 return snprintf(buf, PAGE_SIZE, "%d\n", status);
34 }
35 static DEVICE_ATTR_RO(usbip_status);
36
37 /*
38 * usbip_sockfd gets a socket descriptor of an established TCP connection that
39 * is used to transfer usbip requests by kernel threads. -1 is a magic number
40 * by which usbip connection is finished.
41 */
usbip_sockfd_store(struct device * dev,struct device_attribute * attr,const char * buf,size_t count)42 static ssize_t usbip_sockfd_store(struct device *dev, struct device_attribute *attr,
43 const char *buf, size_t count)
44 {
45 struct stub_device *sdev = dev_get_drvdata(dev);
46 int sockfd = 0;
47 struct socket *socket;
48 int rv;
49 struct task_struct *tcp_rx = NULL;
50 struct task_struct *tcp_tx = NULL;
51
52 if (!sdev) {
53 dev_err(dev, "sdev is null\n");
54 return -ENODEV;
55 }
56
57 rv = sscanf(buf, "%d", &sockfd);
58 if (rv != 1)
59 return -EINVAL;
60
61 if (sockfd != -1) {
62 int err;
63
64 dev_info(dev, "stub up\n");
65
66 mutex_lock(&sdev->ud.sysfs_lock);
67 spin_lock_irq(&sdev->ud.lock);
68
69 if (sdev->ud.status != SDEV_ST_AVAILABLE) {
70 dev_err(dev, "not ready\n");
71 goto err;
72 }
73
74 socket = sockfd_lookup(sockfd, &err);
75 if (!socket) {
76 dev_err(dev, "failed to lookup sock");
77 goto err;
78 }
79
80 if (socket->type != SOCK_STREAM) {
81 dev_err(dev, "Expecting SOCK_STREAM - found %d",
82 socket->type);
83 goto sock_err;
84 }
85
86 /* unlock and create threads and get tasks */
87 spin_unlock_irq(&sdev->ud.lock);
88 tcp_rx = kthread_create(stub_rx_loop, &sdev->ud, "stub_rx");
89 if (IS_ERR(tcp_rx)) {
90 sockfd_put(socket);
91 goto unlock_mutex;
92 }
93 tcp_tx = kthread_create(stub_tx_loop, &sdev->ud, "stub_tx");
94 if (IS_ERR(tcp_tx)) {
95 kthread_stop(tcp_rx);
96 sockfd_put(socket);
97 goto unlock_mutex;
98 }
99
100 /* get task structs now */
101 get_task_struct(tcp_rx);
102 get_task_struct(tcp_tx);
103
104 /* lock and update sdev->ud state */
105 spin_lock_irq(&sdev->ud.lock);
106 sdev->ud.tcp_socket = socket;
107 sdev->ud.sockfd = sockfd;
108 sdev->ud.tcp_rx = tcp_rx;
109 sdev->ud.tcp_tx = tcp_tx;
110 sdev->ud.status = SDEV_ST_USED;
111 spin_unlock_irq(&sdev->ud.lock);
112
113 wake_up_process(sdev->ud.tcp_rx);
114 wake_up_process(sdev->ud.tcp_tx);
115
116 mutex_unlock(&sdev->ud.sysfs_lock);
117
118 } else {
119 dev_info(dev, "stub down\n");
120
121 spin_lock_irq(&sdev->ud.lock);
122 if (sdev->ud.status != SDEV_ST_USED)
123 goto err;
124
125 spin_unlock_irq(&sdev->ud.lock);
126
127 usbip_event_add(&sdev->ud, SDEV_EVENT_DOWN);
128 mutex_unlock(&sdev->ud.sysfs_lock);
129 }
130
131 return count;
132
133 sock_err:
134 sockfd_put(socket);
135 err:
136 spin_unlock_irq(&sdev->ud.lock);
137 unlock_mutex:
138 mutex_unlock(&sdev->ud.sysfs_lock);
139 return -EINVAL;
140 }
141 static DEVICE_ATTR_WO(usbip_sockfd);
142
143 static struct attribute *usbip_attrs[] = {
144 &dev_attr_usbip_status.attr,
145 &dev_attr_usbip_sockfd.attr,
146 &dev_attr_usbip_debug.attr,
147 NULL,
148 };
149 ATTRIBUTE_GROUPS(usbip);
150
stub_shutdown_connection(struct usbip_device * ud)151 static void stub_shutdown_connection(struct usbip_device *ud)
152 {
153 struct stub_device *sdev = container_of(ud, struct stub_device, ud);
154
155 /*
156 * When removing an exported device, kernel panic sometimes occurred
157 * and then EIP was sk_wait_data of stub_rx thread. Is this because
158 * sk_wait_data returned though stub_rx thread was already finished by
159 * step 1?
160 */
161 if (ud->tcp_socket) {
162 dev_dbg(&sdev->udev->dev, "shutdown sockfd %d\n", ud->sockfd);
163 kernel_sock_shutdown(ud->tcp_socket, SHUT_RDWR);
164 }
165
166 /* 1. stop threads */
167 if (ud->tcp_rx) {
168 kthread_stop_put(ud->tcp_rx);
169 ud->tcp_rx = NULL;
170 }
171 if (ud->tcp_tx) {
172 kthread_stop_put(ud->tcp_tx);
173 ud->tcp_tx = NULL;
174 }
175
176 /*
177 * 2. close the socket
178 *
179 * tcp_socket is freed after threads are killed so that usbip_xmit does
180 * not touch NULL socket.
181 */
182 if (ud->tcp_socket) {
183 sockfd_put(ud->tcp_socket);
184 ud->tcp_socket = NULL;
185 ud->sockfd = -1;
186 }
187
188 /* 3. free used data */
189 stub_device_cleanup_urbs(sdev);
190
191 /* 4. free stub_unlink */
192 {
193 unsigned long flags;
194 struct stub_unlink *unlink, *tmp;
195
196 spin_lock_irqsave(&sdev->priv_lock, flags);
197 list_for_each_entry_safe(unlink, tmp, &sdev->unlink_tx, list) {
198 list_del(&unlink->list);
199 kfree(unlink);
200 }
201 list_for_each_entry_safe(unlink, tmp, &sdev->unlink_free,
202 list) {
203 list_del(&unlink->list);
204 kfree(unlink);
205 }
206 spin_unlock_irqrestore(&sdev->priv_lock, flags);
207 }
208 }
209
stub_device_reset(struct usbip_device * ud)210 static void stub_device_reset(struct usbip_device *ud)
211 {
212 struct stub_device *sdev = container_of(ud, struct stub_device, ud);
213 struct usb_device *udev = sdev->udev;
214 int ret;
215
216 dev_dbg(&udev->dev, "device reset");
217
218 ret = usb_lock_device_for_reset(udev, NULL);
219 if (ret < 0) {
220 dev_err(&udev->dev, "lock for reset\n");
221 spin_lock_irq(&ud->lock);
222 ud->status = SDEV_ST_ERROR;
223 spin_unlock_irq(&ud->lock);
224 return;
225 }
226
227 /* try to reset the device */
228 ret = usb_reset_device(udev);
229 usb_unlock_device(udev);
230
231 spin_lock_irq(&ud->lock);
232 if (ret) {
233 dev_err(&udev->dev, "device reset\n");
234 ud->status = SDEV_ST_ERROR;
235 } else {
236 dev_info(&udev->dev, "device reset\n");
237 ud->status = SDEV_ST_AVAILABLE;
238 }
239 spin_unlock_irq(&ud->lock);
240 }
241
stub_device_unusable(struct usbip_device * ud)242 static void stub_device_unusable(struct usbip_device *ud)
243 {
244 spin_lock_irq(&ud->lock);
245 ud->status = SDEV_ST_ERROR;
246 spin_unlock_irq(&ud->lock);
247 }
248
249 /**
250 * stub_device_alloc - allocate a new stub_device struct
251 * @udev: usb_device of a new device
252 *
253 * Allocates and initializes a new stub_device struct.
254 */
stub_device_alloc(struct usb_device * udev)255 static struct stub_device *stub_device_alloc(struct usb_device *udev)
256 {
257 struct stub_device *sdev;
258 int busnum = udev->bus->busnum;
259 int devnum = udev->devnum;
260
261 dev_dbg(&udev->dev, "allocating stub device");
262
263 /* yes, it's a new device */
264 sdev = kzalloc(sizeof(struct stub_device), GFP_KERNEL);
265 if (!sdev)
266 return NULL;
267
268 sdev->udev = usb_get_dev(udev);
269
270 /*
271 * devid is defined with devnum when this driver is first allocated.
272 * devnum may change later if a device is reset. However, devid never
273 * changes during a usbip connection.
274 */
275 sdev->devid = (busnum << 16) | devnum;
276 sdev->ud.side = USBIP_STUB;
277 sdev->ud.status = SDEV_ST_AVAILABLE;
278 spin_lock_init(&sdev->ud.lock);
279 mutex_init(&sdev->ud.sysfs_lock);
280 sdev->ud.tcp_socket = NULL;
281 sdev->ud.sockfd = -1;
282
283 INIT_LIST_HEAD(&sdev->priv_init);
284 INIT_LIST_HEAD(&sdev->priv_tx);
285 INIT_LIST_HEAD(&sdev->priv_free);
286 INIT_LIST_HEAD(&sdev->unlink_free);
287 INIT_LIST_HEAD(&sdev->unlink_tx);
288 spin_lock_init(&sdev->priv_lock);
289
290 init_waitqueue_head(&sdev->tx_waitq);
291
292 sdev->ud.eh_ops.shutdown = stub_shutdown_connection;
293 sdev->ud.eh_ops.reset = stub_device_reset;
294 sdev->ud.eh_ops.unusable = stub_device_unusable;
295
296 usbip_start_eh(&sdev->ud);
297
298 dev_dbg(&udev->dev, "register new device\n");
299
300 return sdev;
301 }
302
stub_device_free(struct stub_device * sdev)303 static void stub_device_free(struct stub_device *sdev)
304 {
305 kfree(sdev);
306 }
307
stub_probe(struct usb_device * udev)308 static int stub_probe(struct usb_device *udev)
309 {
310 struct stub_device *sdev = NULL;
311 const char *udev_busid = dev_name(&udev->dev);
312 struct bus_id_priv *busid_priv;
313 int rc = 0;
314 char save_status;
315
316 dev_dbg(&udev->dev, "Enter probe\n");
317
318 /* Not sure if this is our device. Allocate here to avoid
319 * calling alloc while holding busid_table lock.
320 */
321 sdev = stub_device_alloc(udev);
322 if (!sdev)
323 return -ENOMEM;
324
325 /* check we should claim or not by busid_table */
326 busid_priv = get_busid_priv(udev_busid);
327 if (!busid_priv || (busid_priv->status == STUB_BUSID_REMOV) ||
328 (busid_priv->status == STUB_BUSID_OTHER)) {
329 dev_info(&udev->dev,
330 "%s is not in match_busid table... skip!\n",
331 udev_busid);
332
333 /*
334 * Return value should be ENODEV or ENOXIO to continue trying
335 * other matched drivers by the driver core.
336 * See driver_probe_device() in driver/base/dd.c
337 */
338 rc = -ENODEV;
339 if (!busid_priv)
340 goto sdev_free;
341
342 goto call_put_busid_priv;
343 }
344
345 if (udev->descriptor.bDeviceClass == USB_CLASS_HUB) {
346 dev_dbg(&udev->dev, "%s is a usb hub device... skip!\n",
347 udev_busid);
348 rc = -ENODEV;
349 goto call_put_busid_priv;
350 }
351
352 if (!strcmp(udev->bus->bus_name, "vhci_hcd")) {
353 dev_dbg(&udev->dev,
354 "%s is attached on vhci_hcd... skip!\n",
355 udev_busid);
356
357 rc = -ENODEV;
358 goto call_put_busid_priv;
359 }
360
361
362 dev_info(&udev->dev,
363 "usbip-host: register new device (bus %u dev %u)\n",
364 udev->bus->busnum, udev->devnum);
365
366 busid_priv->shutdown_busid = 0;
367
368 /* set private data to usb_device */
369 dev_set_drvdata(&udev->dev, sdev);
370
371 busid_priv->sdev = sdev;
372 busid_priv->udev = udev;
373
374 save_status = busid_priv->status;
375 busid_priv->status = STUB_BUSID_ALLOC;
376
377 /* release the busid_lock */
378 put_busid_priv(busid_priv);
379
380 /*
381 * Claim this hub port.
382 * It doesn't matter what value we pass as owner
383 * (struct dev_state) as long as it is unique.
384 */
385 rc = usb_hub_claim_port(udev->parent, udev->portnum,
386 (struct usb_dev_state *) udev);
387 if (rc) {
388 dev_dbg(&udev->dev, "unable to claim port\n");
389 goto err_port;
390 }
391
392 return 0;
393
394 err_port:
395 dev_set_drvdata(&udev->dev, NULL);
396
397 /* we already have busid_priv, just lock busid_lock */
398 spin_lock(&busid_priv->busid_lock);
399 busid_priv->sdev = NULL;
400 busid_priv->status = save_status;
401 spin_unlock(&busid_priv->busid_lock);
402 /* lock is released - go to free */
403 goto sdev_free;
404
405 call_put_busid_priv:
406 /* release the busid_lock */
407 put_busid_priv(busid_priv);
408
409 sdev_free:
410 usb_put_dev(udev);
411 stub_device_free(sdev);
412
413 return rc;
414 }
415
shutdown_busid(struct bus_id_priv * busid_priv)416 static void shutdown_busid(struct bus_id_priv *busid_priv)
417 {
418 usbip_event_add(&busid_priv->sdev->ud, SDEV_EVENT_REMOVED);
419
420 /* wait for the stop of the event handler */
421 usbip_stop_eh(&busid_priv->sdev->ud);
422 }
423
424 /*
425 * called in usb_disconnect() or usb_deregister()
426 * but only if actconfig(active configuration) exists
427 */
stub_disconnect(struct usb_device * udev)428 static void stub_disconnect(struct usb_device *udev)
429 {
430 struct stub_device *sdev;
431 const char *udev_busid = dev_name(&udev->dev);
432 struct bus_id_priv *busid_priv;
433 int rc;
434
435 dev_dbg(&udev->dev, "Enter disconnect\n");
436
437 busid_priv = get_busid_priv(udev_busid);
438 if (!busid_priv) {
439 BUG();
440 return;
441 }
442
443 sdev = dev_get_drvdata(&udev->dev);
444
445 /* get stub_device */
446 if (!sdev) {
447 dev_err(&udev->dev, "could not get device");
448 /* release busid_lock */
449 put_busid_priv(busid_priv);
450 return;
451 }
452
453 dev_set_drvdata(&udev->dev, NULL);
454
455 /* release busid_lock before call to remove device files */
456 put_busid_priv(busid_priv);
457
458 /*
459 * NOTE: rx/tx threads are invoked for each usb_device.
460 */
461
462 /* release port */
463 rc = usb_hub_release_port(udev->parent, udev->portnum,
464 (struct usb_dev_state *) udev);
465 if (rc) {
466 dev_dbg(&udev->dev, "unable to release port\n");
467 return;
468 }
469
470 /* If usb reset is called from event handler */
471 if (usbip_in_eh(current))
472 return;
473
474 /* we already have busid_priv, just lock busid_lock */
475 spin_lock(&busid_priv->busid_lock);
476 if (!busid_priv->shutdown_busid)
477 busid_priv->shutdown_busid = 1;
478 /* release busid_lock */
479 spin_unlock(&busid_priv->busid_lock);
480
481 /* shutdown the current connection */
482 shutdown_busid(busid_priv);
483
484 usb_put_dev(sdev->udev);
485
486 /* we already have busid_priv, just lock busid_lock */
487 spin_lock(&busid_priv->busid_lock);
488 /* free sdev */
489 busid_priv->sdev = NULL;
490 stub_device_free(sdev);
491
492 if (busid_priv->status == STUB_BUSID_ALLOC)
493 busid_priv->status = STUB_BUSID_ADDED;
494 /* release busid_lock */
495 spin_unlock(&busid_priv->busid_lock);
496 return;
497 }
498
499 #ifdef CONFIG_PM
500
501 /* These functions need usb_port_suspend and usb_port_resume,
502 * which reside in drivers/usb/core/usb.h. Skip for now. */
503
stub_suspend(struct usb_device * udev,pm_message_t message)504 static int stub_suspend(struct usb_device *udev, pm_message_t message)
505 {
506 dev_dbg(&udev->dev, "stub_suspend\n");
507
508 return 0;
509 }
510
stub_resume(struct usb_device * udev,pm_message_t message)511 static int stub_resume(struct usb_device *udev, pm_message_t message)
512 {
513 dev_dbg(&udev->dev, "stub_resume\n");
514
515 return 0;
516 }
517
518 #endif /* CONFIG_PM */
519
520 struct usb_device_driver stub_driver = {
521 .name = "usbip-host",
522 .probe = stub_probe,
523 .disconnect = stub_disconnect,
524 #ifdef CONFIG_PM
525 .suspend = stub_suspend,
526 .resume = stub_resume,
527 #endif
528 .supports_autosuspend = 0,
529 .dev_groups = usbip_groups,
530 };
531