1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Copyright (C) 2003-2008 Takahiro Hirofuchi 4 */ 5 6 #include <linux/device.h> 7 #include <linux/file.h> 8 #include <linux/kthread.h> 9 #include <linux/module.h> 10 11 #include "usbip_common.h" 12 #include "stub.h" 13 14 /* 15 * usbip_status shows the status of usbip-host as long as this driver is bound 16 * to the target device. 17 */ 18 static ssize_t usbip_status_show(struct device *dev, 19 struct device_attribute *attr, char *buf) 20 { 21 struct stub_device *sdev = dev_get_drvdata(dev); 22 int status; 23 24 if (!sdev) { 25 dev_err(dev, "sdev is null\n"); 26 return -ENODEV; 27 } 28 29 spin_lock_irq(&sdev->ud.lock); 30 status = sdev->ud.status; 31 spin_unlock_irq(&sdev->ud.lock); 32 33 return sysfs_emit(buf, "%d\n", status); 34 } 35 static DEVICE_ATTR_RO(usbip_status); 36 37 /* 38 * usbip_sockfd gets a socket descriptor of an established TCP connection that 39 * is used to transfer usbip requests by kernel threads. -1 is a magic number 40 * by which usbip connection is finished. 41 */ 42 static ssize_t usbip_sockfd_store(struct device *dev, struct device_attribute *attr, 43 const char *buf, size_t count) 44 { 45 struct stub_device *sdev = dev_get_drvdata(dev); 46 int sockfd = 0; 47 struct socket *socket; 48 int rv; 49 struct task_struct *tcp_rx = NULL; 50 struct task_struct *tcp_tx = NULL; 51 52 if (!sdev) { 53 dev_err(dev, "sdev is null\n"); 54 return -ENODEV; 55 } 56 57 rv = sscanf(buf, "%d", &sockfd); 58 if (rv != 1) 59 return -EINVAL; 60 61 if (sockfd != -1) { 62 int err; 63 64 dev_info(dev, "stub up\n"); 65 66 mutex_lock(&sdev->ud.sysfs_lock); 67 spin_lock_irq(&sdev->ud.lock); 68 69 if (sdev->ud.status != SDEV_ST_AVAILABLE) { 70 dev_err(dev, "not ready\n"); 71 goto err; 72 } 73 74 socket = sockfd_lookup(sockfd, &err); 75 if (!socket) { 76 dev_err(dev, "failed to lookup sock"); 77 goto err; 78 } 79 80 if (socket->type != SOCK_STREAM) { 81 dev_err(dev, "Expecting SOCK_STREAM - found %d", 82 socket->type); 83 goto sock_err; 84 } 85 86 /* unlock and create threads and get tasks */ 87 spin_unlock_irq(&sdev->ud.lock); 88 tcp_rx = kthread_create(stub_rx_loop, &sdev->ud, "stub_rx"); 89 if (IS_ERR(tcp_rx)) { 90 sockfd_put(socket); 91 goto unlock_mutex; 92 } 93 tcp_tx = kthread_create(stub_tx_loop, &sdev->ud, "stub_tx"); 94 if (IS_ERR(tcp_tx)) { 95 kthread_stop(tcp_rx); 96 sockfd_put(socket); 97 goto unlock_mutex; 98 } 99 100 /* get task structs now */ 101 get_task_struct(tcp_rx); 102 get_task_struct(tcp_tx); 103 104 /* lock and update sdev->ud state */ 105 spin_lock_irq(&sdev->ud.lock); 106 sdev->ud.tcp_socket = socket; 107 sdev->ud.sockfd = sockfd; 108 sdev->ud.tcp_rx = tcp_rx; 109 sdev->ud.tcp_tx = tcp_tx; 110 sdev->ud.status = SDEV_ST_USED; 111 spin_unlock_irq(&sdev->ud.lock); 112 113 wake_up_process(sdev->ud.tcp_rx); 114 wake_up_process(sdev->ud.tcp_tx); 115 116 mutex_unlock(&sdev->ud.sysfs_lock); 117 118 } else { 119 dev_info(dev, "stub down\n"); 120 121 mutex_lock(&sdev->ud.sysfs_lock); 122 123 spin_lock_irq(&sdev->ud.lock); 124 if (sdev->ud.status != SDEV_ST_USED) 125 goto err; 126 127 spin_unlock_irq(&sdev->ud.lock); 128 129 usbip_event_add(&sdev->ud, SDEV_EVENT_DOWN); 130 mutex_unlock(&sdev->ud.sysfs_lock); 131 } 132 133 return count; 134 135 sock_err: 136 sockfd_put(socket); 137 err: 138 spin_unlock_irq(&sdev->ud.lock); 139 unlock_mutex: 140 mutex_unlock(&sdev->ud.sysfs_lock); 141 return -EINVAL; 142 } 143 static DEVICE_ATTR_WO(usbip_sockfd); 144 145 static struct attribute *usbip_attrs[] = { 146 &dev_attr_usbip_status.attr, 147 &dev_attr_usbip_sockfd.attr, 148 &dev_attr_usbip_debug.attr, 149 NULL, 150 }; 151 ATTRIBUTE_GROUPS(usbip); 152 153 static void stub_shutdown_connection(struct usbip_device *ud) 154 { 155 struct stub_device *sdev = container_of(ud, struct stub_device, ud); 156 157 /* 158 * When removing an exported device, kernel panic sometimes occurred 159 * and then EIP was sk_wait_data of stub_rx thread. Is this because 160 * sk_wait_data returned though stub_rx thread was already finished by 161 * step 1? 162 */ 163 if (ud->tcp_socket) { 164 dev_dbg(&sdev->udev->dev, "shutdown sockfd %d\n", ud->sockfd); 165 kernel_sock_shutdown(ud->tcp_socket, SHUT_RDWR); 166 } 167 168 /* 1. stop threads */ 169 if (ud->tcp_rx) { 170 kthread_stop_put(ud->tcp_rx); 171 ud->tcp_rx = NULL; 172 } 173 if (ud->tcp_tx) { 174 kthread_stop_put(ud->tcp_tx); 175 ud->tcp_tx = NULL; 176 } 177 178 /* 179 * 2. close the socket 180 * 181 * tcp_socket is freed after threads are killed so that usbip_xmit does 182 * not touch NULL socket. 183 */ 184 if (ud->tcp_socket) { 185 sockfd_put(ud->tcp_socket); 186 ud->tcp_socket = NULL; 187 ud->sockfd = -1; 188 } 189 190 /* 3. free used data */ 191 stub_device_cleanup_urbs(sdev); 192 193 /* 4. free stub_unlink */ 194 { 195 unsigned long flags; 196 struct stub_unlink *unlink, *tmp; 197 198 spin_lock_irqsave(&sdev->priv_lock, flags); 199 list_for_each_entry_safe(unlink, tmp, &sdev->unlink_tx, list) { 200 list_del(&unlink->list); 201 kfree(unlink); 202 } 203 list_for_each_entry_safe(unlink, tmp, &sdev->unlink_free, 204 list) { 205 list_del(&unlink->list); 206 kfree(unlink); 207 } 208 spin_unlock_irqrestore(&sdev->priv_lock, flags); 209 } 210 } 211 212 static void stub_device_reset(struct usbip_device *ud) 213 { 214 struct stub_device *sdev = container_of(ud, struct stub_device, ud); 215 struct usb_device *udev = sdev->udev; 216 int ret; 217 218 dev_dbg(&udev->dev, "device reset"); 219 220 ret = usb_lock_device_for_reset(udev, NULL); 221 if (ret < 0) { 222 dev_err(&udev->dev, "lock for reset\n"); 223 spin_lock_irq(&ud->lock); 224 ud->status = SDEV_ST_ERROR; 225 spin_unlock_irq(&ud->lock); 226 return; 227 } 228 229 /* try to reset the device */ 230 ret = usb_reset_device(udev); 231 usb_unlock_device(udev); 232 233 spin_lock_irq(&ud->lock); 234 if (ret) { 235 dev_err(&udev->dev, "device reset\n"); 236 ud->status = SDEV_ST_ERROR; 237 } else { 238 dev_info(&udev->dev, "device reset\n"); 239 ud->status = SDEV_ST_AVAILABLE; 240 } 241 spin_unlock_irq(&ud->lock); 242 } 243 244 static void stub_device_unusable(struct usbip_device *ud) 245 { 246 spin_lock_irq(&ud->lock); 247 ud->status = SDEV_ST_ERROR; 248 spin_unlock_irq(&ud->lock); 249 } 250 251 /** 252 * stub_device_alloc - allocate a new stub_device struct 253 * @udev: usb_device of a new device 254 * 255 * Allocates and initializes a new stub_device struct. 256 */ 257 static struct stub_device *stub_device_alloc(struct usb_device *udev) 258 { 259 struct stub_device *sdev; 260 int busnum = udev->bus->busnum; 261 int devnum = udev->devnum; 262 263 dev_dbg(&udev->dev, "allocating stub device"); 264 265 /* yes, it's a new device */ 266 sdev = kzalloc(sizeof(struct stub_device), GFP_KERNEL); 267 if (!sdev) 268 return NULL; 269 270 sdev->udev = usb_get_dev(udev); 271 272 /* 273 * devid is defined with devnum when this driver is first allocated. 274 * devnum may change later if a device is reset. However, devid never 275 * changes during a usbip connection. 276 */ 277 sdev->devid = (busnum << 16) | devnum; 278 sdev->ud.side = USBIP_STUB; 279 sdev->ud.status = SDEV_ST_AVAILABLE; 280 spin_lock_init(&sdev->ud.lock); 281 mutex_init(&sdev->ud.sysfs_lock); 282 sdev->ud.tcp_socket = NULL; 283 sdev->ud.sockfd = -1; 284 285 INIT_LIST_HEAD(&sdev->priv_init); 286 INIT_LIST_HEAD(&sdev->priv_tx); 287 INIT_LIST_HEAD(&sdev->priv_free); 288 INIT_LIST_HEAD(&sdev->unlink_free); 289 INIT_LIST_HEAD(&sdev->unlink_tx); 290 spin_lock_init(&sdev->priv_lock); 291 292 init_waitqueue_head(&sdev->tx_waitq); 293 294 sdev->ud.eh_ops.shutdown = stub_shutdown_connection; 295 sdev->ud.eh_ops.reset = stub_device_reset; 296 sdev->ud.eh_ops.unusable = stub_device_unusable; 297 298 usbip_start_eh(&sdev->ud); 299 300 dev_dbg(&udev->dev, "register new device\n"); 301 302 return sdev; 303 } 304 305 static void stub_device_free(struct stub_device *sdev) 306 { 307 kfree(sdev); 308 } 309 310 static int stub_probe(struct usb_device *udev) 311 { 312 struct stub_device *sdev = NULL; 313 const char *udev_busid = dev_name(&udev->dev); 314 struct bus_id_priv *busid_priv; 315 int rc = 0; 316 char save_status; 317 318 dev_dbg(&udev->dev, "Enter probe\n"); 319 320 /* Not sure if this is our device. Allocate here to avoid 321 * calling alloc while holding busid_table lock. 322 */ 323 sdev = stub_device_alloc(udev); 324 if (!sdev) 325 return -ENOMEM; 326 327 /* check we should claim or not by busid_table */ 328 busid_priv = get_busid_priv(udev_busid); 329 if (!busid_priv || (busid_priv->status == STUB_BUSID_REMOV) || 330 (busid_priv->status == STUB_BUSID_OTHER)) { 331 dev_info(&udev->dev, 332 "%s is not in match_busid table... skip!\n", 333 udev_busid); 334 335 /* 336 * Return value should be ENODEV or ENOXIO to continue trying 337 * other matched drivers by the driver core. 338 * See driver_probe_device() in driver/base/dd.c 339 */ 340 rc = -ENODEV; 341 if (!busid_priv) 342 goto sdev_free; 343 344 goto call_put_busid_priv; 345 } 346 347 if (udev->descriptor.bDeviceClass == USB_CLASS_HUB) { 348 dev_dbg(&udev->dev, "%s is a usb hub device... skip!\n", 349 udev_busid); 350 rc = -ENODEV; 351 goto call_put_busid_priv; 352 } 353 354 if (!strcmp(udev->bus->bus_name, "vhci_hcd")) { 355 dev_dbg(&udev->dev, 356 "%s is attached on vhci_hcd... skip!\n", 357 udev_busid); 358 359 rc = -ENODEV; 360 goto call_put_busid_priv; 361 } 362 363 364 dev_info(&udev->dev, 365 "usbip-host: register new device (bus %u dev %u)\n", 366 udev->bus->busnum, udev->devnum); 367 368 busid_priv->shutdown_busid = 0; 369 370 /* set private data to usb_device */ 371 dev_set_drvdata(&udev->dev, sdev); 372 373 busid_priv->sdev = sdev; 374 busid_priv->udev = udev; 375 376 save_status = busid_priv->status; 377 busid_priv->status = STUB_BUSID_ALLOC; 378 379 /* release the busid_lock */ 380 put_busid_priv(busid_priv); 381 382 /* 383 * Claim this hub port. 384 * It doesn't matter what value we pass as owner 385 * (struct dev_state) as long as it is unique. 386 */ 387 rc = usb_hub_claim_port(udev->parent, udev->portnum, 388 (struct usb_dev_state *) udev); 389 if (rc) { 390 dev_dbg(&udev->dev, "unable to claim port\n"); 391 goto err_port; 392 } 393 394 return 0; 395 396 err_port: 397 dev_set_drvdata(&udev->dev, NULL); 398 399 /* we already have busid_priv, just lock busid_lock */ 400 spin_lock(&busid_priv->busid_lock); 401 busid_priv->sdev = NULL; 402 busid_priv->status = save_status; 403 spin_unlock(&busid_priv->busid_lock); 404 /* lock is released - go to free */ 405 goto sdev_free; 406 407 call_put_busid_priv: 408 /* release the busid_lock */ 409 put_busid_priv(busid_priv); 410 411 sdev_free: 412 usb_put_dev(udev); 413 stub_device_free(sdev); 414 415 return rc; 416 } 417 418 static void shutdown_busid(struct bus_id_priv *busid_priv) 419 { 420 usbip_event_add(&busid_priv->sdev->ud, SDEV_EVENT_REMOVED); 421 422 /* wait for the stop of the event handler */ 423 usbip_stop_eh(&busid_priv->sdev->ud); 424 } 425 426 /* 427 * called in usb_disconnect() or usb_deregister() 428 * but only if actconfig(active configuration) exists 429 */ 430 static void stub_disconnect(struct usb_device *udev) 431 { 432 struct stub_device *sdev; 433 const char *udev_busid = dev_name(&udev->dev); 434 struct bus_id_priv *busid_priv; 435 int rc; 436 437 dev_dbg(&udev->dev, "Enter disconnect\n"); 438 439 busid_priv = get_busid_priv(udev_busid); 440 if (!busid_priv) { 441 BUG(); 442 return; 443 } 444 445 sdev = dev_get_drvdata(&udev->dev); 446 447 /* get stub_device */ 448 if (!sdev) { 449 dev_err(&udev->dev, "could not get device"); 450 /* release busid_lock */ 451 put_busid_priv(busid_priv); 452 return; 453 } 454 455 dev_set_drvdata(&udev->dev, NULL); 456 457 /* release busid_lock before call to remove device files */ 458 put_busid_priv(busid_priv); 459 460 /* 461 * NOTE: rx/tx threads are invoked for each usb_device. 462 */ 463 464 /* release port */ 465 rc = usb_hub_release_port(udev->parent, udev->portnum, 466 (struct usb_dev_state *) udev); 467 if (rc) { 468 dev_dbg(&udev->dev, "unable to release port\n"); 469 return; 470 } 471 472 /* If usb reset is called from event handler */ 473 if (usbip_in_eh(current)) 474 return; 475 476 /* we already have busid_priv, just lock busid_lock */ 477 spin_lock(&busid_priv->busid_lock); 478 if (!busid_priv->shutdown_busid) 479 busid_priv->shutdown_busid = 1; 480 /* release busid_lock */ 481 spin_unlock(&busid_priv->busid_lock); 482 483 /* shutdown the current connection */ 484 shutdown_busid(busid_priv); 485 486 usb_put_dev(sdev->udev); 487 488 /* we already have busid_priv, just lock busid_lock */ 489 spin_lock(&busid_priv->busid_lock); 490 /* free sdev */ 491 busid_priv->sdev = NULL; 492 stub_device_free(sdev); 493 494 if (busid_priv->status == STUB_BUSID_ALLOC) 495 busid_priv->status = STUB_BUSID_ADDED; 496 /* release busid_lock */ 497 spin_unlock(&busid_priv->busid_lock); 498 return; 499 } 500 501 #ifdef CONFIG_PM 502 503 /* These functions need usb_port_suspend and usb_port_resume, 504 * which reside in drivers/usb/core/usb.h. Skip for now. */ 505 506 static int stub_suspend(struct usb_device *udev, pm_message_t message) 507 { 508 dev_dbg(&udev->dev, "stub_suspend\n"); 509 510 return 0; 511 } 512 513 static int stub_resume(struct usb_device *udev, pm_message_t message) 514 { 515 dev_dbg(&udev->dev, "stub_resume\n"); 516 517 return 0; 518 } 519 520 #endif /* CONFIG_PM */ 521 522 struct usb_device_driver stub_driver = { 523 .name = "usbip-host", 524 .probe = stub_probe, 525 .disconnect = stub_disconnect, 526 #ifdef CONFIG_PM 527 .suspend = stub_suspend, 528 .resume = stub_resume, 529 #endif 530 .supports_autosuspend = 0, 531 .dev_groups = usbip_groups, 532 }; 533