LXR linux/drivers/usb/usbip/stub

   1// SPDX-License-Identifier: GPL-2.0+
   2/*
   3 * Copyright (C) 2003-2008 Takahiro Hirofuchi
   4 */
   5
   6#include <linux/kthread.h>
   7#include <linux/socket.h>
   8
   9#include "usbip_common.h"
  10#include "stub.h"
  11
  12static void stub_free_priv_and_urb(struct stub_priv *priv)
  13{
  14        struct urb *urb = priv->urb;
  15
  16        kfree(urb->setup_packet);
  17        urb->setup_packet = NULL;
  18
  19        kfree(urb->transfer_buffer);
  20        urb->transfer_buffer = NULL;
  21
  22        list_del(&priv->list);
  23        kmem_cache_free(stub_priv_cache, priv);
  24        usb_free_urb(urb);
  25}
  26
  27/* be in spin_lock_irqsave(&sdev->priv_lock, flags) */
  28void stub_enqueue_ret_unlink(struct stub_device *sdev, __u32 seqnum,
  29                             __u32 status)
  30{
  31        struct stub_unlink *unlink;
  32
  33        unlink = kzalloc(sizeof(struct stub_unlink), GFP_ATOMIC);
  34        if (!unlink) {
  35                usbip_event_add(&sdev->ud, VDEV_EVENT_ERROR_MALLOC);
  36                return;
  37        }
  38
  39        unlink->seqnum = seqnum;
  40        unlink->status = status;
  41
  42        list_add_tail(&unlink->list, &sdev->unlink_tx);
  43}
  44
  45/**
  46 * stub_complete - completion handler of a usbip urb
  47 * @urb: pointer to the urb completed
  48 *
  49 * When a urb has completed, the USB core driver calls this function mostly in
  50 * the interrupt context. To return the result of a urb, the completed urb is
  51 * linked to the pending list of returning.
  52 *
  53 */
  54void stub_complete(struct urb *urb)
  55{
  56        struct stub_priv *priv = (struct stub_priv *) urb->context;
  57        struct stub_device *sdev = priv->sdev;
  58        unsigned long flags;
  59
  60        usbip_dbg_stub_tx("complete! status %d\n", urb->status);
  61
  62        switch (urb->status) {
  63        case 0:
  64                /* OK */
  65                break;
  66        case -ENOENT:
  67                dev_info(&urb->dev->dev,
  68                         "stopped by a call to usb_kill_urb() because of cleaning up a virtual connection\n");
  69                return;
  70        case -ECONNRESET:
  71                dev_info(&urb->dev->dev,
  72                         "unlinked by a call to usb_unlink_urb()\n");
  73                break;
  74        case -EPIPE:
  75                dev_info(&urb->dev->dev, "endpoint %d is stalled\n",
  76                         usb_pipeendpoint(urb->pipe));
  77                break;
  78        case -ESHUTDOWN:
  79                dev_info(&urb->dev->dev, "device removed?\n");
  80                break;
  81        default:
  82                dev_info(&urb->dev->dev,
  83                         "urb completion with non-zero status %d\n",
  84                         urb->status);
  85                break;
  86        }
  87
  88        /* link a urb to the queue of tx. */
  89        spin_lock_irqsave(&sdev->priv_lock, flags);
  90        if (sdev->ud.tcp_socket == NULL) {
  91                usbip_dbg_stub_tx("ignore urb for closed connection\n");
  92                /* It will be freed in stub_device_cleanup_urbs(). */
  93        } else if (priv->unlinking) {
  94                stub_enqueue_ret_unlink(sdev, priv->seqnum, urb->status);
  95                stub_free_priv_and_urb(priv);
  96        } else {
  97                list_move_tail(&priv->list, &sdev->priv_tx);
  98        }
  99        spin_unlock_irqrestore(&sdev->priv_lock, flags);
 100
 101        /* wake up tx_thread */
 102        wake_up(&sdev->tx_waitq);
 103}
 104
 105static inline void setup_base_pdu(struct usbip_header_basic *base,
 106                                  __u32 command, __u32 seqnum)
 107{
 108        base->command   = command;
 109        base->seqnum    = seqnum;
 110        base->devid     = 0;
 111        base->ep        = 0;
 112        base->direction = 0;
 113}
 114
 115static void setup_ret_submit_pdu(struct usbip_header *rpdu, struct urb *urb)
 116{
 117        struct stub_priv *priv = (struct stub_priv *) urb->context;
 118
 119        setup_base_pdu(&rpdu->base, USBIP_RET_SUBMIT, priv->seqnum);
 120        usbip_pack_pdu(rpdu, urb, USBIP_RET_SUBMIT, 1);
 121}
 122
 123static void setup_ret_unlink_pdu(struct usbip_header *rpdu,
 124                                 struct stub_unlink *unlink)
 125{
 126        setup_base_pdu(&rpdu->base, USBIP_RET_UNLINK, unlink->seqnum);
 127        rpdu->u.ret_unlink.status = unlink->status;
 128}
 129
 130static struct stub_priv *dequeue_from_priv_tx(struct stub_device *sdev)
 131{
 132        unsigned long flags;
 133        struct stub_priv *priv, *tmp;
 134
 135        spin_lock_irqsave(&sdev->priv_lock, flags);
 136
 137        list_for_each_entry_safe(priv, tmp, &sdev->priv_tx, list) {
 138                list_move_tail(&priv->list, &sdev->priv_free);
 139                spin_unlock_irqrestore(&sdev->priv_lock, flags);
 140                return priv;
 141        }
 142
 143        spin_unlock_irqrestore(&sdev->priv_lock, flags);
 144
 145        return NULL;
 146}
 147
 148static int stub_send_ret_submit(struct stub_device *sdev)
 149{
 150        unsigned long flags;
 151        struct stub_priv *priv, *tmp;
 152
 153        struct msghdr msg;
 154        size_t txsize;
 155
 156        size_t total_size = 0;
 157
 158        while ((priv = dequeue_from_priv_tx(sdev)) != NULL) {
 159                int ret;
 160                struct urb *urb = priv->urb;
 161                struct usbip_header pdu_header;
 162                struct usbip_iso_packet_descriptor *iso_buffer = NULL;
 163                struct kvec *iov = NULL;
 164                int iovnum = 0;
 165
 166                txsize = 0;
 167                memset(&pdu_header, 0, sizeof(pdu_header));
 168                memset(&msg, 0, sizeof(msg));
 169
 170                if (urb->actual_length > 0 && !urb->transfer_buffer) {
 171                        dev_err(&sdev->udev->dev,
 172                                "urb: actual_length %d transfer_buffer null\n",
 173                                urb->actual_length);
 174                        return -1;
 175                }
 176
 177                if (usb_pipetype(urb->pipe) == PIPE_ISOCHRONOUS)
 178                        iovnum = 2 + urb->number_of_packets;
 179                else
 180                        iovnum = 2;
 181
 182                iov = kcalloc(iovnum, sizeof(struct kvec), GFP_KERNEL);
 183
 184                if (!iov) {
 185                        usbip_event_add(&sdev->ud, SDEV_EVENT_ERROR_MALLOC);
 186                        return -1;
 187                }
 188
 189                iovnum = 0;
 190
 191                /* 1. setup usbip_header */
 192                setup_ret_submit_pdu(&pdu_header, urb);
 193                usbip_dbg_stub_tx("setup txdata seqnum: %d\n",
 194                                  pdu_header.base.seqnum);
 195                usbip_header_correct_endian(&pdu_header, 1);
 196
 197                iov[iovnum].iov_base = &pdu_header;
 198                iov[iovnum].iov_len  = sizeof(pdu_header);
 199                iovnum++;
 200                txsize += sizeof(pdu_header);
 201
 202                /* 2. setup transfer buffer */
 203                if (usb_pipein(urb->pipe) &&
 204                    usb_pipetype(urb->pipe) != PIPE_ISOCHRONOUS &&
 205                    urb->actual_length > 0) {
 206                        iov[iovnum].iov_base = urb->transfer_buffer;
 207                        iov[iovnum].iov_len  = urb->actual_length;
 208                        iovnum++;
 209                        txsize += urb->actual_length;
 210                } else if (usb_pipein(urb->pipe) &&
 211                           usb_pipetype(urb->pipe) == PIPE_ISOCHRONOUS) {
 212                        /*
 213                         * For isochronous packets: actual length is the sum of
 214                         * the actual length of the individual, packets, but as
 215                         * the packet offsets are not changed there will be
 216                         * padding between the packets. To optimally use the
 217                         * bandwidth the padding is not transmitted.
 218                         */
 219
 220                        int i;
 221
 222                        for (i = 0; i < urb->number_of_packets; i++) {
 223                                iov[iovnum].iov_base = urb->transfer_buffer +
 224                                        urb->iso_frame_desc[i].offset;
 225                                iov[iovnum].iov_len =
 226                                        urb->iso_frame_desc[i].actual_length;
 227                                iovnum++;
 228                                txsize += urb->iso_frame_desc[i].actual_length;
 229                        }
 230
 231                        if (txsize != sizeof(pdu_header) + urb->actual_length) {
 232                                dev_err(&sdev->udev->dev,
 233                                        "actual length of urb %d does not match iso packet sizes %zu\n",
 234                                        urb->actual_length,
 235                                        txsize-sizeof(pdu_header));
 236                                kfree(iov);
 237                                usbip_event_add(&sdev->ud,
 238                                                SDEV_EVENT_ERROR_TCP);
 239                           return -1;
 240                        }
 241                }
 242
 243                /* 3. setup iso_packet_descriptor */
 244                if (usb_pipetype(urb->pipe) == PIPE_ISOCHRONOUS) {
 245                        ssize_t len = 0;
 246
 247                        iso_buffer = usbip_alloc_iso_desc_pdu(urb, &len);
 248                        if (!iso_buffer) {
 249                                usbip_event_add(&sdev->ud,
 250                                                SDEV_EVENT_ERROR_MALLOC);
 251                                kfree(iov);
 252                                return -1;
 253                        }
 254
 255                        iov[iovnum].iov_base = iso_buffer;
 256                        iov[iovnum].iov_len  = len;
 257                        txsize += len;
 258                        iovnum++;
 259                }
 260
 261                ret = kernel_sendmsg(sdev->ud.tcp_socket, &msg,
 262                                                iov,  iovnum, txsize);
 263                if (ret != txsize) {
 264                        dev_err(&sdev->udev->dev,
 265                                "sendmsg failed!, retval %d for %zd\n",
 266                                ret, txsize);
 267                        kfree(iov);
 268                        kfree(iso_buffer);
 269                        usbip_event_add(&sdev->ud, SDEV_EVENT_ERROR_TCP);
 270                        return -1;
 271                }
 272
 273                kfree(iov);
 274                kfree(iso_buffer);
 275
 276                total_size += txsize;
 277        }
 278
 279        spin_lock_irqsave(&sdev->priv_lock, flags);
 280        list_for_each_entry_safe(priv, tmp, &sdev->priv_free, list) {
 281                stub_free_priv_and_urb(priv);
 282        }
 283        spin_unlock_irqrestore(&sdev->priv_lock, flags);
 284
 285        return total_size;
 286}
 287
 288static struct stub_unlink *dequeue_from_unlink_tx(struct stub_device *sdev)
 289{
 290        unsigned long flags;
 291        struct stub_unlink *unlink, *tmp;
 292
 293        spin_lock_irqsave(&sdev->priv_lock, flags);
 294
 295        list_for_each_entry_safe(unlink, tmp, &sdev->unlink_tx, list) {
 296                list_move_tail(&unlink->list, &sdev->unlink_free);
 297                spin_unlock_irqrestore(&sdev->priv_lock, flags);
 298                return unlink;
 299        }
 300
 301        spin_unlock_irqrestore(&sdev->priv_lock, flags);
 302
 303        return NULL;
 304}
 305
 306static int stub_send_ret_unlink(struct stub_device *sdev)
 307{
 308        unsigned long flags;
 309        struct stub_unlink *unlink, *tmp;
 310
 311        struct msghdr msg;
 312        struct kvec iov[1];
 313        size_t txsize;
 314
 315        size_t total_size = 0;
 316
 317        while ((unlink = dequeue_from_unlink_tx(sdev)) != NULL) {
 318                int ret;
 319                struct usbip_header pdu_header;
 320
 321                txsize = 0;
 322                memset(&pdu_header, 0, sizeof(pdu_header));
 323                memset(&msg, 0, sizeof(msg));
 324                memset(&iov, 0, sizeof(iov));
 325
 326                usbip_dbg_stub_tx("setup ret unlink %lu\n", unlink->seqnum);
 327
 328                /* 1. setup usbip_header */
 329                setup_ret_unlink_pdu(&pdu_header, unlink);
 330                usbip_header_correct_endian(&pdu_header, 1);
 331
 332                iov[0].iov_base = &pdu_header;
 333                iov[0].iov_len  = sizeof(pdu_header);
 334                txsize += sizeof(pdu_header);
 335
 336                ret = kernel_sendmsg(sdev->ud.tcp_socket, &msg, iov,
 337                                     1, txsize);
 338                if (ret != txsize) {
 339                        dev_err(&sdev->udev->dev,
 340                                "sendmsg failed!, retval %d for %zd\n",
 341                                ret, txsize);
 342                        usbip_event_add(&sdev->ud, SDEV_EVENT_ERROR_TCP);
 343                        return -1;
 344                }
 345
 346                usbip_dbg_stub_tx("send txdata\n");
 347                total_size += txsize;
 348        }
 349
 350        spin_lock_irqsave(&sdev->priv_lock, flags);
 351
 352        list_for_each_entry_safe(unlink, tmp, &sdev->unlink_free, list) {
 353                list_del(&unlink->list);
 354                kfree(unlink);
 355        }
 356
 357        spin_unlock_irqrestore(&sdev->priv_lock, flags);
 358
 359        return total_size;
 360}
 361
 362int stub_tx_loop(void *data)
 363{
 364        struct usbip_device *ud = data;
 365        struct stub_device *sdev = container_of(ud, struct stub_device, ud);
 366
 367        while (!kthread_should_stop()) {
 368                if (usbip_event_happened(ud))
 369                        break;
 370
 371                /*
 372                 * send_ret_submit comes earlier than send_ret_unlink.  stub_rx
 373                 * looks at only priv_init queue. If the completion of a URB is
 374                 * earlier than the receive of CMD_UNLINK, priv is moved to
 375                 * priv_tx queue and stub_rx does not find the target priv. In
 376                 * this case, vhci_rx receives the result of the submit request
 377                 * and then receives the result of the unlink request. The
 378                 * result of the submit is given back to the usbcore as the
 379                 * completion of the unlink request. The request of the
 380                 * unlink is ignored. This is ok because a driver who calls
 381                 * usb_unlink_urb() understands the unlink was too late by
 382                 * getting the status of the given-backed URB which has the
 383                 * status of usb_submit_urb().
 384                 */
 385                if (stub_send_ret_submit(sdev) < 0)
 386                        break;
 387
 388                if (stub_send_ret_unlink(sdev) < 0)
 389                        break;
 390
 391                wait_event_interruptible(sdev->tx_waitq,
 392                                         (!list_empty(&sdev->priv_tx) ||
 393                                          !list_empty(&sdev->unlink_tx) ||
 394                                          kthread_should_stop()));
 395        }
 396
 397        return 0;
 398}
 399