1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Copyright (C) 2003-2008 Takahiro Hirofuchi 4 */ 5 6 #include <linux/device.h> 7 #include <linux/file.h> 8 #include <linux/kthread.h> 9 #include <linux/module.h> 10 11 #include "usbip_common.h" 12 #include "stub.h" 13 14 /* 15 * usbip_status shows the status of usbip-host as long as this driver is bound 16 * to the target device. 17 */ 18 static ssize_t usbip_status_show(struct device *dev, 19 struct device_attribute *attr, char *buf) 20 { 21 struct stub_device *sdev = dev_get_drvdata(dev); 22 int status; 23 24 if (!sdev) { 25 dev_err(dev, "sdev is null\n"); 26 return -ENODEV; 27 } 28 29 spin_lock_irq(&sdev->ud.lock); 30 status = sdev->ud.status; 31 spin_unlock_irq(&sdev->ud.lock); 32 33 return snprintf(buf, PAGE_SIZE, "%d\n", status); 34 } 35 static DEVICE_ATTR_RO(usbip_status); 36 37 /* 38 * usbip_sockfd gets a socket descriptor of an established TCP connection that 39 * is used to transfer usbip requests by kernel threads. -1 is a magic number 40 * by which usbip connection is finished. 41 */ 42 static ssize_t usbip_sockfd_store(struct device *dev, struct device_attribute *attr, 43 const char *buf, size_t count) 44 { 45 struct stub_device *sdev = dev_get_drvdata(dev); 46 int sockfd = 0; 47 struct socket *socket; 48 int rv; 49 struct task_struct *tcp_rx = NULL; 50 struct task_struct *tcp_tx = NULL; 51 52 if (!sdev) { 53 dev_err(dev, "sdev is null\n"); 54 return -ENODEV; 55 } 56 57 rv = sscanf(buf, "%d", &sockfd); 58 if (rv != 1) 59 return -EINVAL; 60 61 if (sockfd != -1) { 62 int err; 63 64 dev_info(dev, "stub up\n"); 65 66 spin_lock_irq(&sdev->ud.lock); 67 68 if (sdev->ud.status != SDEV_ST_AVAILABLE) { 69 dev_err(dev, "not ready\n"); 70 goto err; 71 } 72 73 socket = sockfd_lookup(sockfd, &err); 74 if (!socket) { 75 dev_err(dev, "failed to lookup sock"); 76 goto err; 77 } 78 79 if (socket->type != SOCK_STREAM) { 80 dev_err(dev, "Expecting SOCK_STREAM - found %d", 81 socket->type); 82 goto sock_err; 83 } 84 85 /* unlock and create threads and get tasks */ 86 spin_unlock_irq(&sdev->ud.lock); 87 tcp_rx = kthread_create(stub_rx_loop, &sdev->ud, "stub_rx"); 88 if (IS_ERR(tcp_rx)) { 89 sockfd_put(socket); 90 return -EINVAL; 91 } 92 tcp_tx = kthread_create(stub_tx_loop, &sdev->ud, "stub_tx"); 93 if (IS_ERR(tcp_tx)) { 94 kthread_stop(tcp_rx); 95 sockfd_put(socket); 96 return -EINVAL; 97 } 98 99 /* get task structs now */ 100 get_task_struct(tcp_rx); 101 get_task_struct(tcp_tx); 102 103 /* lock and update sdev->ud state */ 104 spin_lock_irq(&sdev->ud.lock); 105 sdev->ud.tcp_socket = socket; 106 sdev->ud.sockfd = sockfd; 107 sdev->ud.tcp_rx = tcp_rx; 108 sdev->ud.tcp_tx = tcp_tx; 109 sdev->ud.status = SDEV_ST_USED; 110 spin_unlock_irq(&sdev->ud.lock); 111 112 wake_up_process(sdev->ud.tcp_rx); 113 wake_up_process(sdev->ud.tcp_tx); 114 115 } else { 116 dev_info(dev, "stub down\n"); 117 118 spin_lock_irq(&sdev->ud.lock); 119 if (sdev->ud.status != SDEV_ST_USED) 120 goto err; 121 122 spin_unlock_irq(&sdev->ud.lock); 123 124 usbip_event_add(&sdev->ud, SDEV_EVENT_DOWN); 125 } 126 127 return count; 128 129 sock_err: 130 sockfd_put(socket); 131 err: 132 spin_unlock_irq(&sdev->ud.lock); 133 return -EINVAL; 134 } 135 static DEVICE_ATTR_WO(usbip_sockfd); 136 137 static struct attribute *usbip_attrs[] = { 138 &dev_attr_usbip_status.attr, 139 &dev_attr_usbip_sockfd.attr, 140 &dev_attr_usbip_debug.attr, 141 NULL, 142 }; 143 ATTRIBUTE_GROUPS(usbip); 144 145 static void stub_shutdown_connection(struct usbip_device *ud) 146 { 147 struct stub_device *sdev = container_of(ud, struct stub_device, ud); 148 149 /* 150 * When removing an exported device, kernel panic sometimes occurred 151 * and then EIP was sk_wait_data of stub_rx thread. Is this because 152 * sk_wait_data returned though stub_rx thread was already finished by 153 * step 1? 154 */ 155 if (ud->tcp_socket) { 156 dev_dbg(&sdev->udev->dev, "shutdown sockfd %d\n", ud->sockfd); 157 kernel_sock_shutdown(ud->tcp_socket, SHUT_RDWR); 158 } 159 160 /* 1. stop threads */ 161 if (ud->tcp_rx) { 162 kthread_stop_put(ud->tcp_rx); 163 ud->tcp_rx = NULL; 164 } 165 if (ud->tcp_tx) { 166 kthread_stop_put(ud->tcp_tx); 167 ud->tcp_tx = NULL; 168 } 169 170 /* 171 * 2. close the socket 172 * 173 * tcp_socket is freed after threads are killed so that usbip_xmit does 174 * not touch NULL socket. 175 */ 176 if (ud->tcp_socket) { 177 sockfd_put(ud->tcp_socket); 178 ud->tcp_socket = NULL; 179 ud->sockfd = -1; 180 } 181 182 /* 3. free used data */ 183 stub_device_cleanup_urbs(sdev); 184 185 /* 4. free stub_unlink */ 186 { 187 unsigned long flags; 188 struct stub_unlink *unlink, *tmp; 189 190 spin_lock_irqsave(&sdev->priv_lock, flags); 191 list_for_each_entry_safe(unlink, tmp, &sdev->unlink_tx, list) { 192 list_del(&unlink->list); 193 kfree(unlink); 194 } 195 list_for_each_entry_safe(unlink, tmp, &sdev->unlink_free, 196 list) { 197 list_del(&unlink->list); 198 kfree(unlink); 199 } 200 spin_unlock_irqrestore(&sdev->priv_lock, flags); 201 } 202 } 203 204 static void stub_device_reset(struct usbip_device *ud) 205 { 206 struct stub_device *sdev = container_of(ud, struct stub_device, ud); 207 struct usb_device *udev = sdev->udev; 208 int ret; 209 210 dev_dbg(&udev->dev, "device reset"); 211 212 ret = usb_lock_device_for_reset(udev, NULL); 213 if (ret < 0) { 214 dev_err(&udev->dev, "lock for reset\n"); 215 spin_lock_irq(&ud->lock); 216 ud->status = SDEV_ST_ERROR; 217 spin_unlock_irq(&ud->lock); 218 return; 219 } 220 221 /* try to reset the device */ 222 ret = usb_reset_device(udev); 223 usb_unlock_device(udev); 224 225 spin_lock_irq(&ud->lock); 226 if (ret) { 227 dev_err(&udev->dev, "device reset\n"); 228 ud->status = SDEV_ST_ERROR; 229 } else { 230 dev_info(&udev->dev, "device reset\n"); 231 ud->status = SDEV_ST_AVAILABLE; 232 } 233 spin_unlock_irq(&ud->lock); 234 } 235 236 static void stub_device_unusable(struct usbip_device *ud) 237 { 238 spin_lock_irq(&ud->lock); 239 ud->status = SDEV_ST_ERROR; 240 spin_unlock_irq(&ud->lock); 241 } 242 243 /** 244 * stub_device_alloc - allocate a new stub_device struct 245 * @udev: usb_device of a new device 246 * 247 * Allocates and initializes a new stub_device struct. 248 */ 249 static struct stub_device *stub_device_alloc(struct usb_device *udev) 250 { 251 struct stub_device *sdev; 252 int busnum = udev->bus->busnum; 253 int devnum = udev->devnum; 254 255 dev_dbg(&udev->dev, "allocating stub device"); 256 257 /* yes, it's a new device */ 258 sdev = kzalloc(sizeof(struct stub_device), GFP_KERNEL); 259 if (!sdev) 260 return NULL; 261 262 sdev->udev = usb_get_dev(udev); 263 264 /* 265 * devid is defined with devnum when this driver is first allocated. 266 * devnum may change later if a device is reset. However, devid never 267 * changes during a usbip connection. 268 */ 269 sdev->devid = (busnum << 16) | devnum; 270 sdev->ud.side = USBIP_STUB; 271 sdev->ud.status = SDEV_ST_AVAILABLE; 272 spin_lock_init(&sdev->ud.lock); 273 sdev->ud.tcp_socket = NULL; 274 sdev->ud.sockfd = -1; 275 276 INIT_LIST_HEAD(&sdev->priv_init); 277 INIT_LIST_HEAD(&sdev->priv_tx); 278 INIT_LIST_HEAD(&sdev->priv_free); 279 INIT_LIST_HEAD(&sdev->unlink_free); 280 INIT_LIST_HEAD(&sdev->unlink_tx); 281 spin_lock_init(&sdev->priv_lock); 282 283 init_waitqueue_head(&sdev->tx_waitq); 284 285 sdev->ud.eh_ops.shutdown = stub_shutdown_connection; 286 sdev->ud.eh_ops.reset = stub_device_reset; 287 sdev->ud.eh_ops.unusable = stub_device_unusable; 288 289 usbip_start_eh(&sdev->ud); 290 291 dev_dbg(&udev->dev, "register new device\n"); 292 293 return sdev; 294 } 295 296 static void stub_device_free(struct stub_device *sdev) 297 { 298 kfree(sdev); 299 } 300 301 static int stub_probe(struct usb_device *udev) 302 { 303 struct stub_device *sdev = NULL; 304 const char *udev_busid = dev_name(&udev->dev); 305 struct bus_id_priv *busid_priv; 306 int rc = 0; 307 char save_status; 308 309 dev_dbg(&udev->dev, "Enter probe\n"); 310 311 /* Not sure if this is our device. Allocate here to avoid 312 * calling alloc while holding busid_table lock. 313 */ 314 sdev = stub_device_alloc(udev); 315 if (!sdev) 316 return -ENOMEM; 317 318 /* check we should claim or not by busid_table */ 319 busid_priv = get_busid_priv(udev_busid); 320 if (!busid_priv || (busid_priv->status == STUB_BUSID_REMOV) || 321 (busid_priv->status == STUB_BUSID_OTHER)) { 322 dev_info(&udev->dev, 323 "%s is not in match_busid table... skip!\n", 324 udev_busid); 325 326 /* 327 * Return value should be ENODEV or ENOXIO to continue trying 328 * other matched drivers by the driver core. 329 * See driver_probe_device() in driver/base/dd.c 330 */ 331 rc = -ENODEV; 332 if (!busid_priv) 333 goto sdev_free; 334 335 goto call_put_busid_priv; 336 } 337 338 if (udev->descriptor.bDeviceClass == USB_CLASS_HUB) { 339 dev_dbg(&udev->dev, "%s is a usb hub device... skip!\n", 340 udev_busid); 341 rc = -ENODEV; 342 goto call_put_busid_priv; 343 } 344 345 if (!strcmp(udev->bus->bus_name, "vhci_hcd")) { 346 dev_dbg(&udev->dev, 347 "%s is attached on vhci_hcd... skip!\n", 348 udev_busid); 349 350 rc = -ENODEV; 351 goto call_put_busid_priv; 352 } 353 354 355 dev_info(&udev->dev, 356 "usbip-host: register new device (bus %u dev %u)\n", 357 udev->bus->busnum, udev->devnum); 358 359 busid_priv->shutdown_busid = 0; 360 361 /* set private data to usb_device */ 362 dev_set_drvdata(&udev->dev, sdev); 363 364 busid_priv->sdev = sdev; 365 busid_priv->udev = udev; 366 367 save_status = busid_priv->status; 368 busid_priv->status = STUB_BUSID_ALLOC; 369 370 /* release the busid_lock */ 371 put_busid_priv(busid_priv); 372 373 /* 374 * Claim this hub port. 375 * It doesn't matter what value we pass as owner 376 * (struct dev_state) as long as it is unique. 377 */ 378 rc = usb_hub_claim_port(udev->parent, udev->portnum, 379 (struct usb_dev_state *) udev); 380 if (rc) { 381 dev_dbg(&udev->dev, "unable to claim port\n"); 382 goto err_port; 383 } 384 385 return 0; 386 387 err_port: 388 dev_set_drvdata(&udev->dev, NULL); 389 usb_put_dev(udev); 390 391 /* we already have busid_priv, just lock busid_lock */ 392 spin_lock(&busid_priv->busid_lock); 393 busid_priv->sdev = NULL; 394 busid_priv->status = save_status; 395 spin_unlock(&busid_priv->busid_lock); 396 /* lock is released - go to free */ 397 goto sdev_free; 398 399 call_put_busid_priv: 400 /* release the busid_lock */ 401 put_busid_priv(busid_priv); 402 403 sdev_free: 404 stub_device_free(sdev); 405 406 return rc; 407 } 408 409 static void shutdown_busid(struct bus_id_priv *busid_priv) 410 { 411 usbip_event_add(&busid_priv->sdev->ud, SDEV_EVENT_REMOVED); 412 413 /* wait for the stop of the event handler */ 414 usbip_stop_eh(&busid_priv->sdev->ud); 415 } 416 417 /* 418 * called in usb_disconnect() or usb_deregister() 419 * but only if actconfig(active configuration) exists 420 */ 421 static void stub_disconnect(struct usb_device *udev) 422 { 423 struct stub_device *sdev; 424 const char *udev_busid = dev_name(&udev->dev); 425 struct bus_id_priv *busid_priv; 426 int rc; 427 428 dev_dbg(&udev->dev, "Enter disconnect\n"); 429 430 busid_priv = get_busid_priv(udev_busid); 431 if (!busid_priv) { 432 BUG(); 433 return; 434 } 435 436 sdev = dev_get_drvdata(&udev->dev); 437 438 /* get stub_device */ 439 if (!sdev) { 440 dev_err(&udev->dev, "could not get device"); 441 /* release busid_lock */ 442 put_busid_priv(busid_priv); 443 return; 444 } 445 446 dev_set_drvdata(&udev->dev, NULL); 447 448 /* release busid_lock before call to remove device files */ 449 put_busid_priv(busid_priv); 450 451 /* 452 * NOTE: rx/tx threads are invoked for each usb_device. 453 */ 454 455 /* release port */ 456 rc = usb_hub_release_port(udev->parent, udev->portnum, 457 (struct usb_dev_state *) udev); 458 if (rc) { 459 dev_dbg(&udev->dev, "unable to release port\n"); 460 return; 461 } 462 463 /* If usb reset is called from event handler */ 464 if (usbip_in_eh(current)) 465 return; 466 467 /* we already have busid_priv, just lock busid_lock */ 468 spin_lock(&busid_priv->busid_lock); 469 if (!busid_priv->shutdown_busid) 470 busid_priv->shutdown_busid = 1; 471 /* release busid_lock */ 472 spin_unlock(&busid_priv->busid_lock); 473 474 /* shutdown the current connection */ 475 shutdown_busid(busid_priv); 476 477 usb_put_dev(sdev->udev); 478 479 /* we already have busid_priv, just lock busid_lock */ 480 spin_lock(&busid_priv->busid_lock); 481 /* free sdev */ 482 busid_priv->sdev = NULL; 483 stub_device_free(sdev); 484 485 if (busid_priv->status == STUB_BUSID_ALLOC) 486 busid_priv->status = STUB_BUSID_ADDED; 487 /* release busid_lock */ 488 spin_unlock(&busid_priv->busid_lock); 489 return; 490 } 491 492 #ifdef CONFIG_PM 493 494 /* These functions need usb_port_suspend and usb_port_resume, 495 * which reside in drivers/usb/core/usb.h. Skip for now. */ 496 497 static int stub_suspend(struct usb_device *udev, pm_message_t message) 498 { 499 dev_dbg(&udev->dev, "stub_suspend\n"); 500 501 return 0; 502 } 503 504 static int stub_resume(struct usb_device *udev, pm_message_t message) 505 { 506 dev_dbg(&udev->dev, "stub_resume\n"); 507 508 return 0; 509 } 510 511 #endif /* CONFIG_PM */ 512 513 struct usb_device_driver stub_driver = { 514 .name = "usbip-host", 515 .probe = stub_probe, 516 .disconnect = stub_disconnect, 517 #ifdef CONFIG_PM 518 .suspend = stub_suspend, 519 .resume = stub_resume, 520 #endif 521 .supports_autosuspend = 0, 522 .dev_groups = usbip_groups, 523 }; 524