1 /*
2 * Copyright (C) 2003-2008 Takahiro Hirofuchi
3 *
4 * This is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
8 *
9 * This is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
17 * USA.
18 */
19
20 #include <linux/kthread.h>
21 #include <linux/socket.h>
22 #include <linux/scatterlist.h>
23
24 #include "usbip_common.h"
25 #include "stub.h"
26
27 /* be in spin_lock_irqsave(&sdev->priv_lock, flags) */
stub_enqueue_ret_unlink(struct stub_device * sdev,__u32 seqnum,__u32 status)28 void stub_enqueue_ret_unlink(struct stub_device *sdev, __u32 seqnum,
29 __u32 status)
30 {
31 struct stub_unlink *unlink;
32
33 unlink = kzalloc(sizeof(struct stub_unlink), GFP_ATOMIC);
34 if (!unlink) {
35 usbip_event_add(&sdev->ud, VDEV_EVENT_ERROR_MALLOC);
36 return;
37 }
38
39 unlink->seqnum = seqnum;
40 unlink->status = status;
41
42 list_add_tail(&unlink->list, &sdev->unlink_tx);
43 }
44
45 /**
46 * stub_complete - completion handler of a usbip urb
47 * @urb: pointer to the urb completed
48 *
49 * When a urb has completed, the USB core driver calls this function mostly in
50 * the interrupt context. To return the result of a urb, the completed urb is
51 * linked to the pending list of returning.
52 *
53 */
stub_complete(struct urb * urb)54 void stub_complete(struct urb *urb)
55 {
56 struct stub_priv *priv = (struct stub_priv *) urb->context;
57 struct stub_device *sdev = priv->sdev;
58 unsigned long flags;
59
60 usbip_dbg_stub_tx("complete! status %d\n", urb->status);
61
62 switch (urb->status) {
63 case 0:
64 /* OK */
65 break;
66 case -ENOENT:
67 dev_info(&urb->dev->dev,
68 "stopped by a call to usb_kill_urb() because of cleaning up a virtual connection\n");
69 return;
70 case -ECONNRESET:
71 dev_info(&urb->dev->dev,
72 "unlinked by a call to usb_unlink_urb()\n");
73 break;
74 case -EPIPE:
75 dev_info(&urb->dev->dev, "endpoint %d is stalled\n",
76 usb_pipeendpoint(urb->pipe));
77 break;
78 case -ESHUTDOWN:
79 dev_info(&urb->dev->dev, "device removed?\n");
80 break;
81 default:
82 dev_info(&urb->dev->dev,
83 "urb completion with non-zero status %d\n",
84 urb->status);
85 break;
86 }
87
88 /*
89 * If the server breaks single SG request into the several URBs, the
90 * URBs must be reassembled before sending completed URB to the vhci.
91 * Don't wake up the tx thread until all the URBs are completed.
92 */
93 if (priv->sgl) {
94 priv->completed_urbs++;
95
96 /* Only save the first error status */
97 if (urb->status && !priv->urb_status)
98 priv->urb_status = urb->status;
99
100 if (priv->completed_urbs < priv->num_urbs)
101 return;
102 }
103
104 /* link a urb to the queue of tx. */
105 spin_lock_irqsave(&sdev->priv_lock, flags);
106 if (sdev->ud.tcp_socket == NULL) {
107 usbip_dbg_stub_tx("ignore urb for closed connection\n");
108 /* It will be freed in stub_device_cleanup_urbs(). */
109 } else if (priv->unlinking) {
110 stub_enqueue_ret_unlink(sdev, priv->seqnum, urb->status);
111 stub_free_priv_and_urb(priv);
112 } else {
113 list_move_tail(&priv->list, &sdev->priv_tx);
114 }
115 spin_unlock_irqrestore(&sdev->priv_lock, flags);
116
117 /* wake up tx_thread */
118 wake_up(&sdev->tx_waitq);
119 }
120
setup_base_pdu(struct usbip_header_basic * base,__u32 command,__u32 seqnum)121 static inline void setup_base_pdu(struct usbip_header_basic *base,
122 __u32 command, __u32 seqnum)
123 {
124 base->command = command;
125 base->seqnum = seqnum;
126 base->devid = 0;
127 base->ep = 0;
128 base->direction = 0;
129 }
130
setup_ret_submit_pdu(struct usbip_header * rpdu,struct urb * urb)131 static void setup_ret_submit_pdu(struct usbip_header *rpdu, struct urb *urb)
132 {
133 struct stub_priv *priv = (struct stub_priv *) urb->context;
134
135 setup_base_pdu(&rpdu->base, USBIP_RET_SUBMIT, priv->seqnum);
136 usbip_pack_pdu(rpdu, urb, USBIP_RET_SUBMIT, 1);
137 }
138
setup_ret_unlink_pdu(struct usbip_header * rpdu,struct stub_unlink * unlink)139 static void setup_ret_unlink_pdu(struct usbip_header *rpdu,
140 struct stub_unlink *unlink)
141 {
142 setup_base_pdu(&rpdu->base, USBIP_RET_UNLINK, unlink->seqnum);
143 rpdu->u.ret_unlink.status = unlink->status;
144 }
145
dequeue_from_priv_tx(struct stub_device * sdev)146 static struct stub_priv *dequeue_from_priv_tx(struct stub_device *sdev)
147 {
148 unsigned long flags;
149 struct stub_priv *priv, *tmp;
150
151 spin_lock_irqsave(&sdev->priv_lock, flags);
152
153 list_for_each_entry_safe(priv, tmp, &sdev->priv_tx, list) {
154 list_move_tail(&priv->list, &sdev->priv_free);
155 spin_unlock_irqrestore(&sdev->priv_lock, flags);
156 return priv;
157 }
158
159 spin_unlock_irqrestore(&sdev->priv_lock, flags);
160
161 return NULL;
162 }
163
stub_send_ret_submit(struct stub_device * sdev)164 static int stub_send_ret_submit(struct stub_device *sdev)
165 {
166 unsigned long flags;
167 struct stub_priv *priv, *tmp;
168
169 struct msghdr msg;
170 size_t txsize;
171
172 size_t total_size = 0;
173
174 while ((priv = dequeue_from_priv_tx(sdev)) != NULL) {
175 struct urb *urb = priv->urbs[0];
176 struct usbip_header pdu_header;
177 struct usbip_iso_packet_descriptor *iso_buffer = NULL;
178 struct kvec *iov = NULL;
179 struct scatterlist *sg;
180 u32 actual_length = 0;
181 int iovnum = 0;
182 int ret;
183 int i;
184
185 txsize = 0;
186 memset(&pdu_header, 0, sizeof(pdu_header));
187 memset(&msg, 0, sizeof(msg));
188
189 if (urb->actual_length > 0 && !urb->transfer_buffer &&
190 !urb->num_sgs) {
191 dev_err(&sdev->udev->dev,
192 "urb: actual_length %d transfer_buffer null\n",
193 urb->actual_length);
194 return -1;
195 }
196
197 if (usb_pipetype(urb->pipe) == PIPE_ISOCHRONOUS)
198 iovnum = 2 + urb->number_of_packets;
199 else if (usb_pipein(urb->pipe) && urb->actual_length > 0 &&
200 urb->num_sgs)
201 iovnum = 1 + urb->num_sgs;
202 else if (usb_pipein(urb->pipe) && priv->sgl)
203 iovnum = 1 + priv->num_urbs;
204 else
205 iovnum = 2;
206
207 iov = kcalloc(iovnum, sizeof(struct kvec), GFP_KERNEL);
208
209 if (!iov) {
210 usbip_event_add(&sdev->ud, SDEV_EVENT_ERROR_MALLOC);
211 return -1;
212 }
213
214 iovnum = 0;
215
216 /* 1. setup usbip_header */
217 setup_ret_submit_pdu(&pdu_header, urb);
218 usbip_dbg_stub_tx("setup txdata seqnum: %d\n",
219 pdu_header.base.seqnum);
220
221 if (priv->sgl) {
222 for (i = 0; i < priv->num_urbs; i++)
223 actual_length += priv->urbs[i]->actual_length;
224
225 pdu_header.u.ret_submit.status = priv->urb_status;
226 pdu_header.u.ret_submit.actual_length = actual_length;
227 }
228
229 usbip_header_correct_endian(&pdu_header, 1);
230
231 iov[iovnum].iov_base = &pdu_header;
232 iov[iovnum].iov_len = sizeof(pdu_header);
233 iovnum++;
234 txsize += sizeof(pdu_header);
235
236 /* 2. setup transfer buffer */
237 if (usb_pipein(urb->pipe) && priv->sgl) {
238 /* If the server split a single SG request into several
239 * URBs because the server's HCD doesn't support SG,
240 * reassemble the split URB buffers into a single
241 * return command.
242 */
243 for (i = 0; i < priv->num_urbs; i++) {
244 iov[iovnum].iov_base =
245 priv->urbs[i]->transfer_buffer;
246 iov[iovnum].iov_len =
247 priv->urbs[i]->actual_length;
248 iovnum++;
249 }
250 txsize += actual_length;
251 } else if (usb_pipein(urb->pipe) &&
252 usb_pipetype(urb->pipe) != PIPE_ISOCHRONOUS &&
253 urb->actual_length > 0) {
254 if (urb->num_sgs) {
255 unsigned int copy = urb->actual_length;
256 int size;
257
258 for_each_sg(urb->sg, sg, urb->num_sgs, i) {
259 if (copy == 0)
260 break;
261
262 if (copy < sg->length)
263 size = copy;
264 else
265 size = sg->length;
266
267 iov[iovnum].iov_base = sg_virt(sg);
268 iov[iovnum].iov_len = size;
269
270 iovnum++;
271 copy -= size;
272 }
273 } else {
274 iov[iovnum].iov_base = urb->transfer_buffer;
275 iov[iovnum].iov_len = urb->actual_length;
276 iovnum++;
277 }
278 txsize += urb->actual_length;
279 } else if (usb_pipein(urb->pipe) &&
280 usb_pipetype(urb->pipe) == PIPE_ISOCHRONOUS) {
281 /*
282 * For isochronous packets: actual length is the sum of
283 * the actual length of the individual, packets, but as
284 * the packet offsets are not changed there will be
285 * padding between the packets. To optimally use the
286 * bandwidth the padding is not transmitted.
287 */
288
289 int i;
290
291 for (i = 0; i < urb->number_of_packets; i++) {
292 iov[iovnum].iov_base = urb->transfer_buffer +
293 urb->iso_frame_desc[i].offset;
294 iov[iovnum].iov_len =
295 urb->iso_frame_desc[i].actual_length;
296 iovnum++;
297 txsize += urb->iso_frame_desc[i].actual_length;
298 }
299
300 if (txsize != sizeof(pdu_header) + urb->actual_length) {
301 dev_err(&sdev->udev->dev,
302 "actual length of urb %d does not match iso packet sizes %zu\n",
303 urb->actual_length,
304 txsize-sizeof(pdu_header));
305 kfree(iov);
306 usbip_event_add(&sdev->ud,
307 SDEV_EVENT_ERROR_TCP);
308 return -1;
309 }
310 }
311
312 /* 3. setup iso_packet_descriptor */
313 if (usb_pipetype(urb->pipe) == PIPE_ISOCHRONOUS) {
314 ssize_t len = 0;
315
316 iso_buffer = usbip_alloc_iso_desc_pdu(urb, &len);
317 if (!iso_buffer) {
318 usbip_event_add(&sdev->ud,
319 SDEV_EVENT_ERROR_MALLOC);
320 kfree(iov);
321 return -1;
322 }
323
324 iov[iovnum].iov_base = iso_buffer;
325 iov[iovnum].iov_len = len;
326 txsize += len;
327 iovnum++;
328 }
329
330 ret = kernel_sendmsg(sdev->ud.tcp_socket, &msg,
331 iov, iovnum, txsize);
332 if (ret != txsize) {
333 dev_err(&sdev->udev->dev,
334 "sendmsg failed!, retval %d for %zd\n",
335 ret, txsize);
336 kfree(iov);
337 kfree(iso_buffer);
338 usbip_event_add(&sdev->ud, SDEV_EVENT_ERROR_TCP);
339 return -1;
340 }
341
342 kfree(iov);
343 kfree(iso_buffer);
344
345 total_size += txsize;
346 }
347
348 spin_lock_irqsave(&sdev->priv_lock, flags);
349 list_for_each_entry_safe(priv, tmp, &sdev->priv_free, list) {
350 stub_free_priv_and_urb(priv);
351 }
352 spin_unlock_irqrestore(&sdev->priv_lock, flags);
353
354 return total_size;
355 }
356
dequeue_from_unlink_tx(struct stub_device * sdev)357 static struct stub_unlink *dequeue_from_unlink_tx(struct stub_device *sdev)
358 {
359 unsigned long flags;
360 struct stub_unlink *unlink, *tmp;
361
362 spin_lock_irqsave(&sdev->priv_lock, flags);
363
364 list_for_each_entry_safe(unlink, tmp, &sdev->unlink_tx, list) {
365 list_move_tail(&unlink->list, &sdev->unlink_free);
366 spin_unlock_irqrestore(&sdev->priv_lock, flags);
367 return unlink;
368 }
369
370 spin_unlock_irqrestore(&sdev->priv_lock, flags);
371
372 return NULL;
373 }
374
stub_send_ret_unlink(struct stub_device * sdev)375 static int stub_send_ret_unlink(struct stub_device *sdev)
376 {
377 unsigned long flags;
378 struct stub_unlink *unlink, *tmp;
379
380 struct msghdr msg;
381 struct kvec iov[1];
382 size_t txsize;
383
384 size_t total_size = 0;
385
386 while ((unlink = dequeue_from_unlink_tx(sdev)) != NULL) {
387 int ret;
388 struct usbip_header pdu_header;
389
390 txsize = 0;
391 memset(&pdu_header, 0, sizeof(pdu_header));
392 memset(&msg, 0, sizeof(msg));
393 memset(&iov, 0, sizeof(iov));
394
395 usbip_dbg_stub_tx("setup ret unlink %lu\n", unlink->seqnum);
396
397 /* 1. setup usbip_header */
398 setup_ret_unlink_pdu(&pdu_header, unlink);
399 usbip_header_correct_endian(&pdu_header, 1);
400
401 iov[0].iov_base = &pdu_header;
402 iov[0].iov_len = sizeof(pdu_header);
403 txsize += sizeof(pdu_header);
404
405 ret = kernel_sendmsg(sdev->ud.tcp_socket, &msg, iov,
406 1, txsize);
407 if (ret != txsize) {
408 dev_err(&sdev->udev->dev,
409 "sendmsg failed!, retval %d for %zd\n",
410 ret, txsize);
411 usbip_event_add(&sdev->ud, SDEV_EVENT_ERROR_TCP);
412 return -1;
413 }
414
415 usbip_dbg_stub_tx("send txdata\n");
416 total_size += txsize;
417 }
418
419 spin_lock_irqsave(&sdev->priv_lock, flags);
420
421 list_for_each_entry_safe(unlink, tmp, &sdev->unlink_free, list) {
422 list_del(&unlink->list);
423 kfree(unlink);
424 }
425
426 spin_unlock_irqrestore(&sdev->priv_lock, flags);
427
428 return total_size;
429 }
430
stub_tx_loop(void * data)431 int stub_tx_loop(void *data)
432 {
433 struct usbip_device *ud = data;
434 struct stub_device *sdev = container_of(ud, struct stub_device, ud);
435
436 while (!kthread_should_stop()) {
437 if (usbip_event_happened(ud))
438 break;
439
440 /*
441 * send_ret_submit comes earlier than send_ret_unlink. stub_rx
442 * looks at only priv_init queue. If the completion of a URB is
443 * earlier than the receive of CMD_UNLINK, priv is moved to
444 * priv_tx queue and stub_rx does not find the target priv. In
445 * this case, vhci_rx receives the result of the submit request
446 * and then receives the result of the unlink request. The
447 * result of the submit is given back to the usbcore as the
448 * completion of the unlink request. The request of the
449 * unlink is ignored. This is ok because a driver who calls
450 * usb_unlink_urb() understands the unlink was too late by
451 * getting the status of the given-backed URB which has the
452 * status of usb_submit_urb().
453 */
454 if (stub_send_ret_submit(sdev) < 0)
455 break;
456
457 if (stub_send_ret_unlink(sdev) < 0)
458 break;
459
460 wait_event_interruptible(sdev->tx_waitq,
461 (!list_empty(&sdev->priv_tx) ||
462 !list_empty(&sdev->unlink_tx) ||
463 kthread_should_stop()));
464 }
465
466 return 0;
467 }
468