1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Copyright (C) 2003-2008 Takahiro Hirofuchi 4 * 5 * This is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program; if not, write to the Free Software 17 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 18 * USA. 19 */ 20 21 #include <linux/kthread.h> 22 #include <linux/socket.h> 23 24 #include "usbip_common.h" 25 #include "stub.h" 26 27 static void stub_free_priv_and_urb(struct stub_priv *priv) 28 { 29 struct urb *urb = priv->urb; 30 31 kfree(urb->setup_packet); 32 urb->setup_packet = NULL; 33 34 kfree(urb->transfer_buffer); 35 urb->transfer_buffer = NULL; 36 37 list_del(&priv->list); 38 kmem_cache_free(stub_priv_cache, priv); 39 usb_free_urb(urb); 40 } 41 42 /* be in spin_lock_irqsave(&sdev->priv_lock, flags) */ 43 void stub_enqueue_ret_unlink(struct stub_device *sdev, __u32 seqnum, 44 __u32 status) 45 { 46 struct stub_unlink *unlink; 47 48 unlink = kzalloc(sizeof(struct stub_unlink), GFP_ATOMIC); 49 if (!unlink) { 50 usbip_event_add(&sdev->ud, VDEV_EVENT_ERROR_MALLOC); 51 return; 52 } 53 54 unlink->seqnum = seqnum; 55 unlink->status = status; 56 57 list_add_tail(&unlink->list, &sdev->unlink_tx); 58 } 59 60 /** 61 * stub_complete - completion handler of a usbip urb 62 * @urb: pointer to the urb completed 63 * 64 * When a urb has completed, the USB core driver calls this function mostly in 65 * the interrupt context. To return the result of a urb, the completed urb is 66 * linked to the pending list of returning. 67 * 68 */ 69 void stub_complete(struct urb *urb) 70 { 71 struct stub_priv *priv = (struct stub_priv *) urb->context; 72 struct stub_device *sdev = priv->sdev; 73 unsigned long flags; 74 75 usbip_dbg_stub_tx("complete! status %d\n", urb->status); 76 77 switch (urb->status) { 78 case 0: 79 /* OK */ 80 break; 81 case -ENOENT: 82 dev_info(&urb->dev->dev, 83 "stopped by a call to usb_kill_urb() because of cleaning up a virtual connection\n"); 84 return; 85 case -ECONNRESET: 86 dev_info(&urb->dev->dev, 87 "unlinked by a call to usb_unlink_urb()\n"); 88 break; 89 case -EPIPE: 90 dev_info(&urb->dev->dev, "endpoint %d is stalled\n", 91 usb_pipeendpoint(urb->pipe)); 92 break; 93 case -ESHUTDOWN: 94 dev_info(&urb->dev->dev, "device removed?\n"); 95 break; 96 default: 97 dev_info(&urb->dev->dev, 98 "urb completion with non-zero status %d\n", 99 urb->status); 100 break; 101 } 102 103 /* link a urb to the queue of tx. */ 104 spin_lock_irqsave(&sdev->priv_lock, flags); 105 if (sdev->ud.tcp_socket == NULL) { 106 usbip_dbg_stub_tx("ignore urb for closed connection %p", urb); 107 /* It will be freed in stub_device_cleanup_urbs(). */ 108 } else if (priv->unlinking) { 109 stub_enqueue_ret_unlink(sdev, priv->seqnum, urb->status); 110 stub_free_priv_and_urb(priv); 111 } else { 112 list_move_tail(&priv->list, &sdev->priv_tx); 113 } 114 spin_unlock_irqrestore(&sdev->priv_lock, flags); 115 116 /* wake up tx_thread */ 117 wake_up(&sdev->tx_waitq); 118 } 119 120 static inline void setup_base_pdu(struct usbip_header_basic *base, 121 __u32 command, __u32 seqnum) 122 { 123 base->command = command; 124 base->seqnum = seqnum; 125 base->devid = 0; 126 base->ep = 0; 127 base->direction = 0; 128 } 129 130 static void setup_ret_submit_pdu(struct usbip_header *rpdu, struct urb *urb) 131 { 132 struct stub_priv *priv = (struct stub_priv *) urb->context; 133 134 setup_base_pdu(&rpdu->base, USBIP_RET_SUBMIT, priv->seqnum); 135 usbip_pack_pdu(rpdu, urb, USBIP_RET_SUBMIT, 1); 136 } 137 138 static void setup_ret_unlink_pdu(struct usbip_header *rpdu, 139 struct stub_unlink *unlink) 140 { 141 setup_base_pdu(&rpdu->base, USBIP_RET_UNLINK, unlink->seqnum); 142 rpdu->u.ret_unlink.status = unlink->status; 143 } 144 145 static struct stub_priv *dequeue_from_priv_tx(struct stub_device *sdev) 146 { 147 unsigned long flags; 148 struct stub_priv *priv, *tmp; 149 150 spin_lock_irqsave(&sdev->priv_lock, flags); 151 152 list_for_each_entry_safe(priv, tmp, &sdev->priv_tx, list) { 153 list_move_tail(&priv->list, &sdev->priv_free); 154 spin_unlock_irqrestore(&sdev->priv_lock, flags); 155 return priv; 156 } 157 158 spin_unlock_irqrestore(&sdev->priv_lock, flags); 159 160 return NULL; 161 } 162 163 static int stub_send_ret_submit(struct stub_device *sdev) 164 { 165 unsigned long flags; 166 struct stub_priv *priv, *tmp; 167 168 struct msghdr msg; 169 size_t txsize; 170 171 size_t total_size = 0; 172 173 while ((priv = dequeue_from_priv_tx(sdev)) != NULL) { 174 int ret; 175 struct urb *urb = priv->urb; 176 struct usbip_header pdu_header; 177 struct usbip_iso_packet_descriptor *iso_buffer = NULL; 178 struct kvec *iov = NULL; 179 int iovnum = 0; 180 181 txsize = 0; 182 memset(&pdu_header, 0, sizeof(pdu_header)); 183 memset(&msg, 0, sizeof(msg)); 184 185 if (usb_pipetype(urb->pipe) == PIPE_ISOCHRONOUS) 186 iovnum = 2 + urb->number_of_packets; 187 else 188 iovnum = 2; 189 190 iov = kcalloc(iovnum, sizeof(struct kvec), GFP_KERNEL); 191 192 if (!iov) { 193 usbip_event_add(&sdev->ud, SDEV_EVENT_ERROR_MALLOC); 194 return -1; 195 } 196 197 iovnum = 0; 198 199 /* 1. setup usbip_header */ 200 setup_ret_submit_pdu(&pdu_header, urb); 201 usbip_dbg_stub_tx("setup txdata seqnum: %d urb: %p\n", 202 pdu_header.base.seqnum, urb); 203 usbip_header_correct_endian(&pdu_header, 1); 204 205 iov[iovnum].iov_base = &pdu_header; 206 iov[iovnum].iov_len = sizeof(pdu_header); 207 iovnum++; 208 txsize += sizeof(pdu_header); 209 210 /* 2. setup transfer buffer */ 211 if (usb_pipein(urb->pipe) && 212 usb_pipetype(urb->pipe) != PIPE_ISOCHRONOUS && 213 urb->actual_length > 0) { 214 iov[iovnum].iov_base = urb->transfer_buffer; 215 iov[iovnum].iov_len = urb->actual_length; 216 iovnum++; 217 txsize += urb->actual_length; 218 } else if (usb_pipein(urb->pipe) && 219 usb_pipetype(urb->pipe) == PIPE_ISOCHRONOUS) { 220 /* 221 * For isochronous packets: actual length is the sum of 222 * the actual length of the individual, packets, but as 223 * the packet offsets are not changed there will be 224 * padding between the packets. To optimally use the 225 * bandwidth the padding is not transmitted. 226 */ 227 228 int i; 229 230 for (i = 0; i < urb->number_of_packets; i++) { 231 iov[iovnum].iov_base = urb->transfer_buffer + 232 urb->iso_frame_desc[i].offset; 233 iov[iovnum].iov_len = 234 urb->iso_frame_desc[i].actual_length; 235 iovnum++; 236 txsize += urb->iso_frame_desc[i].actual_length; 237 } 238 239 if (txsize != sizeof(pdu_header) + urb->actual_length) { 240 dev_err(&sdev->udev->dev, 241 "actual length of urb %d does not match iso packet sizes %zu\n", 242 urb->actual_length, 243 txsize-sizeof(pdu_header)); 244 kfree(iov); 245 usbip_event_add(&sdev->ud, 246 SDEV_EVENT_ERROR_TCP); 247 return -1; 248 } 249 } 250 251 /* 3. setup iso_packet_descriptor */ 252 if (usb_pipetype(urb->pipe) == PIPE_ISOCHRONOUS) { 253 ssize_t len = 0; 254 255 iso_buffer = usbip_alloc_iso_desc_pdu(urb, &len); 256 if (!iso_buffer) { 257 usbip_event_add(&sdev->ud, 258 SDEV_EVENT_ERROR_MALLOC); 259 kfree(iov); 260 return -1; 261 } 262 263 iov[iovnum].iov_base = iso_buffer; 264 iov[iovnum].iov_len = len; 265 txsize += len; 266 iovnum++; 267 } 268 269 ret = kernel_sendmsg(sdev->ud.tcp_socket, &msg, 270 iov, iovnum, txsize); 271 if (ret != txsize) { 272 dev_err(&sdev->udev->dev, 273 "sendmsg failed!, retval %d for %zd\n", 274 ret, txsize); 275 kfree(iov); 276 kfree(iso_buffer); 277 usbip_event_add(&sdev->ud, SDEV_EVENT_ERROR_TCP); 278 return -1; 279 } 280 281 kfree(iov); 282 kfree(iso_buffer); 283 284 total_size += txsize; 285 } 286 287 spin_lock_irqsave(&sdev->priv_lock, flags); 288 list_for_each_entry_safe(priv, tmp, &sdev->priv_free, list) { 289 stub_free_priv_and_urb(priv); 290 } 291 spin_unlock_irqrestore(&sdev->priv_lock, flags); 292 293 return total_size; 294 } 295 296 static struct stub_unlink *dequeue_from_unlink_tx(struct stub_device *sdev) 297 { 298 unsigned long flags; 299 struct stub_unlink *unlink, *tmp; 300 301 spin_lock_irqsave(&sdev->priv_lock, flags); 302 303 list_for_each_entry_safe(unlink, tmp, &sdev->unlink_tx, list) { 304 list_move_tail(&unlink->list, &sdev->unlink_free); 305 spin_unlock_irqrestore(&sdev->priv_lock, flags); 306 return unlink; 307 } 308 309 spin_unlock_irqrestore(&sdev->priv_lock, flags); 310 311 return NULL; 312 } 313 314 static int stub_send_ret_unlink(struct stub_device *sdev) 315 { 316 unsigned long flags; 317 struct stub_unlink *unlink, *tmp; 318 319 struct msghdr msg; 320 struct kvec iov[1]; 321 size_t txsize; 322 323 size_t total_size = 0; 324 325 while ((unlink = dequeue_from_unlink_tx(sdev)) != NULL) { 326 int ret; 327 struct usbip_header pdu_header; 328 329 txsize = 0; 330 memset(&pdu_header, 0, sizeof(pdu_header)); 331 memset(&msg, 0, sizeof(msg)); 332 memset(&iov, 0, sizeof(iov)); 333 334 usbip_dbg_stub_tx("setup ret unlink %lu\n", unlink->seqnum); 335 336 /* 1. setup usbip_header */ 337 setup_ret_unlink_pdu(&pdu_header, unlink); 338 usbip_header_correct_endian(&pdu_header, 1); 339 340 iov[0].iov_base = &pdu_header; 341 iov[0].iov_len = sizeof(pdu_header); 342 txsize += sizeof(pdu_header); 343 344 ret = kernel_sendmsg(sdev->ud.tcp_socket, &msg, iov, 345 1, txsize); 346 if (ret != txsize) { 347 dev_err(&sdev->udev->dev, 348 "sendmsg failed!, retval %d for %zd\n", 349 ret, txsize); 350 usbip_event_add(&sdev->ud, SDEV_EVENT_ERROR_TCP); 351 return -1; 352 } 353 354 usbip_dbg_stub_tx("send txdata\n"); 355 total_size += txsize; 356 } 357 358 spin_lock_irqsave(&sdev->priv_lock, flags); 359 360 list_for_each_entry_safe(unlink, tmp, &sdev->unlink_free, list) { 361 list_del(&unlink->list); 362 kfree(unlink); 363 } 364 365 spin_unlock_irqrestore(&sdev->priv_lock, flags); 366 367 return total_size; 368 } 369 370 int stub_tx_loop(void *data) 371 { 372 struct usbip_device *ud = data; 373 struct stub_device *sdev = container_of(ud, struct stub_device, ud); 374 375 while (!kthread_should_stop()) { 376 if (usbip_event_happened(ud)) 377 break; 378 379 /* 380 * send_ret_submit comes earlier than send_ret_unlink. stub_rx 381 * looks at only priv_init queue. If the completion of a URB is 382 * earlier than the receive of CMD_UNLINK, priv is moved to 383 * priv_tx queue and stub_rx does not find the target priv. In 384 * this case, vhci_rx receives the result of the submit request 385 * and then receives the result of the unlink request. The 386 * result of the submit is given back to the usbcore as the 387 * completion of the unlink request. The request of the 388 * unlink is ignored. This is ok because a driver who calls 389 * usb_unlink_urb() understands the unlink was too late by 390 * getting the status of the given-backed URB which has the 391 * status of usb_submit_urb(). 392 */ 393 if (stub_send_ret_submit(sdev) < 0) 394 break; 395 396 if (stub_send_ret_unlink(sdev) < 0) 397 break; 398 399 wait_event_interruptible(sdev->tx_waitq, 400 (!list_empty(&sdev->priv_tx) || 401 !list_empty(&sdev->unlink_tx) || 402 kthread_should_stop())); 403 } 404 405 return 0; 406 } 407