1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Copyright (C) 2003-2008 Takahiro Hirofuchi 4 */ 5 6 #include <linux/device.h> 7 #include <linux/file.h> 8 #include <linux/kthread.h> 9 #include <linux/module.h> 10 11 #include "usbip_common.h" 12 #include "stub.h" 13 14 /* 15 * usbip_status shows the status of usbip-host as long as this driver is bound 16 * to the target device. 17 */ 18 static ssize_t usbip_status_show(struct device *dev, 19 struct device_attribute *attr, char *buf) 20 { 21 struct stub_device *sdev = dev_get_drvdata(dev); 22 int status; 23 24 if (!sdev) { 25 dev_err(dev, "sdev is null\n"); 26 return -ENODEV; 27 } 28 29 spin_lock_irq(&sdev->ud.lock); 30 status = sdev->ud.status; 31 spin_unlock_irq(&sdev->ud.lock); 32 33 return snprintf(buf, PAGE_SIZE, "%d\n", status); 34 } 35 static DEVICE_ATTR_RO(usbip_status); 36 37 /* 38 * usbip_sockfd gets a socket descriptor of an established TCP connection that 39 * is used to transfer usbip requests by kernel threads. -1 is a magic number 40 * by which usbip connection is finished. 41 */ 42 static ssize_t usbip_sockfd_store(struct device *dev, struct device_attribute *attr, 43 const char *buf, size_t count) 44 { 45 struct stub_device *sdev = dev_get_drvdata(dev); 46 int sockfd = 0; 47 struct socket *socket; 48 int rv; 49 struct task_struct *tcp_rx = NULL; 50 struct task_struct *tcp_tx = NULL; 51 52 if (!sdev) { 53 dev_err(dev, "sdev is null\n"); 54 return -ENODEV; 55 } 56 57 rv = sscanf(buf, "%d", &sockfd); 58 if (rv != 1) 59 return -EINVAL; 60 61 if (sockfd != -1) { 62 int err; 63 64 dev_info(dev, "stub up\n"); 65 66 mutex_lock(&sdev->ud.sysfs_lock); 67 spin_lock_irq(&sdev->ud.lock); 68 69 if (sdev->ud.status != SDEV_ST_AVAILABLE) { 70 dev_err(dev, "not ready\n"); 71 goto err; 72 } 73 74 socket = sockfd_lookup(sockfd, &err); 75 if (!socket) { 76 dev_err(dev, "failed to lookup sock"); 77 goto err; 78 } 79 80 if (socket->type != SOCK_STREAM) { 81 dev_err(dev, "Expecting SOCK_STREAM - found %d", 82 socket->type); 83 goto sock_err; 84 } 85 86 /* unlock and create threads and get tasks */ 87 spin_unlock_irq(&sdev->ud.lock); 88 tcp_rx = kthread_create(stub_rx_loop, &sdev->ud, "stub_rx"); 89 if (IS_ERR(tcp_rx)) { 90 sockfd_put(socket); 91 goto unlock_mutex; 92 } 93 tcp_tx = kthread_create(stub_tx_loop, &sdev->ud, "stub_tx"); 94 if (IS_ERR(tcp_tx)) { 95 kthread_stop(tcp_rx); 96 sockfd_put(socket); 97 goto unlock_mutex; 98 } 99 100 /* get task structs now */ 101 get_task_struct(tcp_rx); 102 get_task_struct(tcp_tx); 103 104 /* lock and update sdev->ud state */ 105 spin_lock_irq(&sdev->ud.lock); 106 sdev->ud.tcp_socket = socket; 107 sdev->ud.sockfd = sockfd; 108 sdev->ud.tcp_rx = tcp_rx; 109 sdev->ud.tcp_tx = tcp_tx; 110 sdev->ud.status = SDEV_ST_USED; 111 spin_unlock_irq(&sdev->ud.lock); 112 113 wake_up_process(sdev->ud.tcp_rx); 114 wake_up_process(sdev->ud.tcp_tx); 115 116 mutex_unlock(&sdev->ud.sysfs_lock); 117 118 } else { 119 dev_info(dev, "stub down\n"); 120 121 spin_lock_irq(&sdev->ud.lock); 122 if (sdev->ud.status != SDEV_ST_USED) 123 goto err; 124 125 spin_unlock_irq(&sdev->ud.lock); 126 127 usbip_event_add(&sdev->ud, SDEV_EVENT_DOWN); 128 mutex_unlock(&sdev->ud.sysfs_lock); 129 } 130 131 return count; 132 133 sock_err: 134 sockfd_put(socket); 135 err: 136 spin_unlock_irq(&sdev->ud.lock); 137 unlock_mutex: 138 mutex_unlock(&sdev->ud.sysfs_lock); 139 return -EINVAL; 140 } 141 static DEVICE_ATTR_WO(usbip_sockfd); 142 143 static struct attribute *usbip_attrs[] = { 144 &dev_attr_usbip_status.attr, 145 &dev_attr_usbip_sockfd.attr, 146 &dev_attr_usbip_debug.attr, 147 NULL, 148 }; 149 ATTRIBUTE_GROUPS(usbip); 150 151 static void stub_shutdown_connection(struct usbip_device *ud) 152 { 153 struct stub_device *sdev = container_of(ud, struct stub_device, ud); 154 155 /* 156 * When removing an exported device, kernel panic sometimes occurred 157 * and then EIP was sk_wait_data of stub_rx thread. Is this because 158 * sk_wait_data returned though stub_rx thread was already finished by 159 * step 1? 160 */ 161 if (ud->tcp_socket) { 162 dev_dbg(&sdev->udev->dev, "shutdown sockfd %d\n", ud->sockfd); 163 kernel_sock_shutdown(ud->tcp_socket, SHUT_RDWR); 164 } 165 166 /* 1. stop threads */ 167 if (ud->tcp_rx) { 168 kthread_stop_put(ud->tcp_rx); 169 ud->tcp_rx = NULL; 170 } 171 if (ud->tcp_tx) { 172 kthread_stop_put(ud->tcp_tx); 173 ud->tcp_tx = NULL; 174 } 175 176 /* 177 * 2. close the socket 178 * 179 * tcp_socket is freed after threads are killed so that usbip_xmit does 180 * not touch NULL socket. 181 */ 182 if (ud->tcp_socket) { 183 sockfd_put(ud->tcp_socket); 184 ud->tcp_socket = NULL; 185 ud->sockfd = -1; 186 } 187 188 /* 3. free used data */ 189 stub_device_cleanup_urbs(sdev); 190 191 /* 4. free stub_unlink */ 192 { 193 unsigned long flags; 194 struct stub_unlink *unlink, *tmp; 195 196 spin_lock_irqsave(&sdev->priv_lock, flags); 197 list_for_each_entry_safe(unlink, tmp, &sdev->unlink_tx, list) { 198 list_del(&unlink->list); 199 kfree(unlink); 200 } 201 list_for_each_entry_safe(unlink, tmp, &sdev->unlink_free, 202 list) { 203 list_del(&unlink->list); 204 kfree(unlink); 205 } 206 spin_unlock_irqrestore(&sdev->priv_lock, flags); 207 } 208 } 209 210 static void stub_device_reset(struct usbip_device *ud) 211 { 212 struct stub_device *sdev = container_of(ud, struct stub_device, ud); 213 struct usb_device *udev = sdev->udev; 214 int ret; 215 216 dev_dbg(&udev->dev, "device reset"); 217 218 ret = usb_lock_device_for_reset(udev, NULL); 219 if (ret < 0) { 220 dev_err(&udev->dev, "lock for reset\n"); 221 spin_lock_irq(&ud->lock); 222 ud->status = SDEV_ST_ERROR; 223 spin_unlock_irq(&ud->lock); 224 return; 225 } 226 227 /* try to reset the device */ 228 ret = usb_reset_device(udev); 229 usb_unlock_device(udev); 230 231 spin_lock_irq(&ud->lock); 232 if (ret) { 233 dev_err(&udev->dev, "device reset\n"); 234 ud->status = SDEV_ST_ERROR; 235 } else { 236 dev_info(&udev->dev, "device reset\n"); 237 ud->status = SDEV_ST_AVAILABLE; 238 } 239 spin_unlock_irq(&ud->lock); 240 } 241 242 static void stub_device_unusable(struct usbip_device *ud) 243 { 244 spin_lock_irq(&ud->lock); 245 ud->status = SDEV_ST_ERROR; 246 spin_unlock_irq(&ud->lock); 247 } 248 249 /** 250 * stub_device_alloc - allocate a new stub_device struct 251 * @udev: usb_device of a new device 252 * 253 * Allocates and initializes a new stub_device struct. 254 */ 255 static struct stub_device *stub_device_alloc(struct usb_device *udev) 256 { 257 struct stub_device *sdev; 258 int busnum = udev->bus->busnum; 259 int devnum = udev->devnum; 260 261 dev_dbg(&udev->dev, "allocating stub device"); 262 263 /* yes, it's a new device */ 264 sdev = kzalloc(sizeof(struct stub_device), GFP_KERNEL); 265 if (!sdev) 266 return NULL; 267 268 sdev->udev = usb_get_dev(udev); 269 270 /* 271 * devid is defined with devnum when this driver is first allocated. 272 * devnum may change later if a device is reset. However, devid never 273 * changes during a usbip connection. 274 */ 275 sdev->devid = (busnum << 16) | devnum; 276 sdev->ud.side = USBIP_STUB; 277 sdev->ud.status = SDEV_ST_AVAILABLE; 278 spin_lock_init(&sdev->ud.lock); 279 mutex_init(&sdev->ud.sysfs_lock); 280 sdev->ud.tcp_socket = NULL; 281 sdev->ud.sockfd = -1; 282 283 INIT_LIST_HEAD(&sdev->priv_init); 284 INIT_LIST_HEAD(&sdev->priv_tx); 285 INIT_LIST_HEAD(&sdev->priv_free); 286 INIT_LIST_HEAD(&sdev->unlink_free); 287 INIT_LIST_HEAD(&sdev->unlink_tx); 288 spin_lock_init(&sdev->priv_lock); 289 290 init_waitqueue_head(&sdev->tx_waitq); 291 292 sdev->ud.eh_ops.shutdown = stub_shutdown_connection; 293 sdev->ud.eh_ops.reset = stub_device_reset; 294 sdev->ud.eh_ops.unusable = stub_device_unusable; 295 296 usbip_start_eh(&sdev->ud); 297 298 dev_dbg(&udev->dev, "register new device\n"); 299 300 return sdev; 301 } 302 303 static void stub_device_free(struct stub_device *sdev) 304 { 305 kfree(sdev); 306 } 307 308 static int stub_probe(struct usb_device *udev) 309 { 310 struct stub_device *sdev = NULL; 311 const char *udev_busid = dev_name(&udev->dev); 312 struct bus_id_priv *busid_priv; 313 int rc = 0; 314 char save_status; 315 316 dev_dbg(&udev->dev, "Enter probe\n"); 317 318 /* Not sure if this is our device. Allocate here to avoid 319 * calling alloc while holding busid_table lock. 320 */ 321 sdev = stub_device_alloc(udev); 322 if (!sdev) 323 return -ENOMEM; 324 325 /* check we should claim or not by busid_table */ 326 busid_priv = get_busid_priv(udev_busid); 327 if (!busid_priv || (busid_priv->status == STUB_BUSID_REMOV) || 328 (busid_priv->status == STUB_BUSID_OTHER)) { 329 dev_info(&udev->dev, 330 "%s is not in match_busid table... skip!\n", 331 udev_busid); 332 333 /* 334 * Return value should be ENODEV or ENOXIO to continue trying 335 * other matched drivers by the driver core. 336 * See driver_probe_device() in driver/base/dd.c 337 */ 338 rc = -ENODEV; 339 if (!busid_priv) 340 goto sdev_free; 341 342 goto call_put_busid_priv; 343 } 344 345 if (udev->descriptor.bDeviceClass == USB_CLASS_HUB) { 346 dev_dbg(&udev->dev, "%s is a usb hub device... skip!\n", 347 udev_busid); 348 rc = -ENODEV; 349 goto call_put_busid_priv; 350 } 351 352 if (!strcmp(udev->bus->bus_name, "vhci_hcd")) { 353 dev_dbg(&udev->dev, 354 "%s is attached on vhci_hcd... skip!\n", 355 udev_busid); 356 357 rc = -ENODEV; 358 goto call_put_busid_priv; 359 } 360 361 362 dev_info(&udev->dev, 363 "usbip-host: register new device (bus %u dev %u)\n", 364 udev->bus->busnum, udev->devnum); 365 366 busid_priv->shutdown_busid = 0; 367 368 /* set private data to usb_device */ 369 dev_set_drvdata(&udev->dev, sdev); 370 371 busid_priv->sdev = sdev; 372 busid_priv->udev = udev; 373 374 save_status = busid_priv->status; 375 busid_priv->status = STUB_BUSID_ALLOC; 376 377 /* release the busid_lock */ 378 put_busid_priv(busid_priv); 379 380 /* 381 * Claim this hub port. 382 * It doesn't matter what value we pass as owner 383 * (struct dev_state) as long as it is unique. 384 */ 385 rc = usb_hub_claim_port(udev->parent, udev->portnum, 386 (struct usb_dev_state *) udev); 387 if (rc) { 388 dev_dbg(&udev->dev, "unable to claim port\n"); 389 goto err_port; 390 } 391 392 return 0; 393 394 err_port: 395 dev_set_drvdata(&udev->dev, NULL); 396 usb_put_dev(udev); 397 398 /* we already have busid_priv, just lock busid_lock */ 399 spin_lock(&busid_priv->busid_lock); 400 busid_priv->sdev = NULL; 401 busid_priv->status = save_status; 402 spin_unlock(&busid_priv->busid_lock); 403 /* lock is released - go to free */ 404 goto sdev_free; 405 406 call_put_busid_priv: 407 /* release the busid_lock */ 408 put_busid_priv(busid_priv); 409 410 sdev_free: 411 stub_device_free(sdev); 412 413 return rc; 414 } 415 416 static void shutdown_busid(struct bus_id_priv *busid_priv) 417 { 418 usbip_event_add(&busid_priv->sdev->ud, SDEV_EVENT_REMOVED); 419 420 /* wait for the stop of the event handler */ 421 usbip_stop_eh(&busid_priv->sdev->ud); 422 } 423 424 /* 425 * called in usb_disconnect() or usb_deregister() 426 * but only if actconfig(active configuration) exists 427 */ 428 static void stub_disconnect(struct usb_device *udev) 429 { 430 struct stub_device *sdev; 431 const char *udev_busid = dev_name(&udev->dev); 432 struct bus_id_priv *busid_priv; 433 int rc; 434 435 dev_dbg(&udev->dev, "Enter disconnect\n"); 436 437 busid_priv = get_busid_priv(udev_busid); 438 if (!busid_priv) { 439 BUG(); 440 return; 441 } 442 443 sdev = dev_get_drvdata(&udev->dev); 444 445 /* get stub_device */ 446 if (!sdev) { 447 dev_err(&udev->dev, "could not get device"); 448 /* release busid_lock */ 449 put_busid_priv(busid_priv); 450 return; 451 } 452 453 dev_set_drvdata(&udev->dev, NULL); 454 455 /* release busid_lock before call to remove device files */ 456 put_busid_priv(busid_priv); 457 458 /* 459 * NOTE: rx/tx threads are invoked for each usb_device. 460 */ 461 462 /* release port */ 463 rc = usb_hub_release_port(udev->parent, udev->portnum, 464 (struct usb_dev_state *) udev); 465 if (rc) { 466 dev_dbg(&udev->dev, "unable to release port\n"); 467 return; 468 } 469 470 /* If usb reset is called from event handler */ 471 if (usbip_in_eh(current)) 472 return; 473 474 /* we already have busid_priv, just lock busid_lock */ 475 spin_lock(&busid_priv->busid_lock); 476 if (!busid_priv->shutdown_busid) 477 busid_priv->shutdown_busid = 1; 478 /* release busid_lock */ 479 spin_unlock(&busid_priv->busid_lock); 480 481 /* shutdown the current connection */ 482 shutdown_busid(busid_priv); 483 484 usb_put_dev(sdev->udev); 485 486 /* we already have busid_priv, just lock busid_lock */ 487 spin_lock(&busid_priv->busid_lock); 488 /* free sdev */ 489 busid_priv->sdev = NULL; 490 stub_device_free(sdev); 491 492 if (busid_priv->status == STUB_BUSID_ALLOC) 493 busid_priv->status = STUB_BUSID_ADDED; 494 /* release busid_lock */ 495 spin_unlock(&busid_priv->busid_lock); 496 return; 497 } 498 499 #ifdef CONFIG_PM 500 501 /* These functions need usb_port_suspend and usb_port_resume, 502 * which reside in drivers/usb/core/usb.h. Skip for now. */ 503 504 static int stub_suspend(struct usb_device *udev, pm_message_t message) 505 { 506 dev_dbg(&udev->dev, "stub_suspend\n"); 507 508 return 0; 509 } 510 511 static int stub_resume(struct usb_device *udev, pm_message_t message) 512 { 513 dev_dbg(&udev->dev, "stub_resume\n"); 514 515 return 0; 516 } 517 518 #endif /* CONFIG_PM */ 519 520 struct usb_device_driver stub_driver = { 521 .name = "usbip-host", 522 .probe = stub_probe, 523 .disconnect = stub_disconnect, 524 #ifdef CONFIG_PM 525 .suspend = stub_suspend, 526 .resume = stub_resume, 527 #endif 528 .supports_autosuspend = 0, 529 .dev_groups = usbip_groups, 530 }; 531