1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  * Copyright (C) 2003-2008 Takahiro Hirofuchi
4  */
5 
6 #include <linux/device.h>
7 #include <linux/file.h>
8 #include <linux/kthread.h>
9 #include <linux/module.h>
10 
11 #include "usbip_common.h"
12 #include "stub.h"
13 
14 /*
15  * usbip_status shows the status of usbip-host as long as this driver is bound
16  * to the target device.
17  */
usbip_status_show(struct device * dev,struct device_attribute * attr,char * buf)18 static ssize_t usbip_status_show(struct device *dev,
19 				 struct device_attribute *attr, char *buf)
20 {
21 	struct stub_device *sdev = dev_get_drvdata(dev);
22 	int status;
23 
24 	if (!sdev) {
25 		dev_err(dev, "sdev is null\n");
26 		return -ENODEV;
27 	}
28 
29 	spin_lock_irq(&sdev->ud.lock);
30 	status = sdev->ud.status;
31 	spin_unlock_irq(&sdev->ud.lock);
32 
33 	return sysfs_emit(buf, "%d\n", status);
34 }
35 static DEVICE_ATTR_RO(usbip_status);
36 
37 /*
38  * usbip_sockfd gets a socket descriptor of an established TCP connection that
39  * is used to transfer usbip requests by kernel threads. -1 is a magic number
40  * by which usbip connection is finished.
41  */
usbip_sockfd_store(struct device * dev,struct device_attribute * attr,const char * buf,size_t count)42 static ssize_t usbip_sockfd_store(struct device *dev, struct device_attribute *attr,
43 			    const char *buf, size_t count)
44 {
45 	struct stub_device *sdev = dev_get_drvdata(dev);
46 	int sockfd = 0;
47 	struct socket *socket;
48 	int rv;
49 	struct task_struct *tcp_rx = NULL;
50 	struct task_struct *tcp_tx = NULL;
51 
52 	if (!sdev) {
53 		dev_err(dev, "sdev is null\n");
54 		return -ENODEV;
55 	}
56 
57 	rv = sscanf(buf, "%d", &sockfd);
58 	if (rv != 1)
59 		return -EINVAL;
60 
61 	if (sockfd != -1) {
62 		int err;
63 
64 		dev_info(dev, "stub up\n");
65 
66 		mutex_lock(&sdev->ud.sysfs_lock);
67 		spin_lock_irq(&sdev->ud.lock);
68 
69 		if (sdev->ud.status != SDEV_ST_AVAILABLE) {
70 			dev_err(dev, "not ready\n");
71 			goto err;
72 		}
73 
74 		socket = sockfd_lookup(sockfd, &err);
75 		if (!socket) {
76 			dev_err(dev, "failed to lookup sock");
77 			goto err;
78 		}
79 
80 		if (socket->type != SOCK_STREAM) {
81 			dev_err(dev, "Expecting SOCK_STREAM - found %d",
82 				socket->type);
83 			goto sock_err;
84 		}
85 
86 		/* unlock and create threads and get tasks */
87 		spin_unlock_irq(&sdev->ud.lock);
88 		tcp_rx = kthread_create(stub_rx_loop, &sdev->ud, "stub_rx");
89 		if (IS_ERR(tcp_rx)) {
90 			sockfd_put(socket);
91 			goto unlock_mutex;
92 		}
93 		tcp_tx = kthread_create(stub_tx_loop, &sdev->ud, "stub_tx");
94 		if (IS_ERR(tcp_tx)) {
95 			kthread_stop(tcp_rx);
96 			sockfd_put(socket);
97 			goto unlock_mutex;
98 		}
99 
100 		/* get task structs now */
101 		get_task_struct(tcp_rx);
102 		get_task_struct(tcp_tx);
103 
104 		/* lock and update sdev->ud state */
105 		spin_lock_irq(&sdev->ud.lock);
106 		sdev->ud.tcp_socket = socket;
107 		sdev->ud.sockfd = sockfd;
108 		sdev->ud.tcp_rx = tcp_rx;
109 		sdev->ud.tcp_tx = tcp_tx;
110 		sdev->ud.status = SDEV_ST_USED;
111 		spin_unlock_irq(&sdev->ud.lock);
112 
113 		wake_up_process(sdev->ud.tcp_rx);
114 		wake_up_process(sdev->ud.tcp_tx);
115 
116 		mutex_unlock(&sdev->ud.sysfs_lock);
117 
118 	} else {
119 		dev_info(dev, "stub down\n");
120 
121 		mutex_lock(&sdev->ud.sysfs_lock);
122 
123 		spin_lock_irq(&sdev->ud.lock);
124 		if (sdev->ud.status != SDEV_ST_USED)
125 			goto err;
126 
127 		spin_unlock_irq(&sdev->ud.lock);
128 
129 		usbip_event_add(&sdev->ud, SDEV_EVENT_DOWN);
130 		mutex_unlock(&sdev->ud.sysfs_lock);
131 	}
132 
133 	return count;
134 
135 sock_err:
136 	sockfd_put(socket);
137 err:
138 	spin_unlock_irq(&sdev->ud.lock);
139 unlock_mutex:
140 	mutex_unlock(&sdev->ud.sysfs_lock);
141 	return -EINVAL;
142 }
143 static DEVICE_ATTR_WO(usbip_sockfd);
144 
145 static struct attribute *usbip_attrs[] = {
146 	&dev_attr_usbip_status.attr,
147 	&dev_attr_usbip_sockfd.attr,
148 	&dev_attr_usbip_debug.attr,
149 	NULL,
150 };
151 ATTRIBUTE_GROUPS(usbip);
152 
stub_shutdown_connection(struct usbip_device * ud)153 static void stub_shutdown_connection(struct usbip_device *ud)
154 {
155 	struct stub_device *sdev = container_of(ud, struct stub_device, ud);
156 
157 	/*
158 	 * When removing an exported device, kernel panic sometimes occurred
159 	 * and then EIP was sk_wait_data of stub_rx thread. Is this because
160 	 * sk_wait_data returned though stub_rx thread was already finished by
161 	 * step 1?
162 	 */
163 	if (ud->tcp_socket) {
164 		dev_dbg(&sdev->udev->dev, "shutdown sockfd %d\n", ud->sockfd);
165 		kernel_sock_shutdown(ud->tcp_socket, SHUT_RDWR);
166 	}
167 
168 	/* 1. stop threads */
169 	if (ud->tcp_rx) {
170 		kthread_stop_put(ud->tcp_rx);
171 		ud->tcp_rx = NULL;
172 	}
173 	if (ud->tcp_tx) {
174 		kthread_stop_put(ud->tcp_tx);
175 		ud->tcp_tx = NULL;
176 	}
177 
178 	/*
179 	 * 2. close the socket
180 	 *
181 	 * tcp_socket is freed after threads are killed so that usbip_xmit does
182 	 * not touch NULL socket.
183 	 */
184 	if (ud->tcp_socket) {
185 		sockfd_put(ud->tcp_socket);
186 		ud->tcp_socket = NULL;
187 		ud->sockfd = -1;
188 	}
189 
190 	/* 3. free used data */
191 	stub_device_cleanup_urbs(sdev);
192 
193 	/* 4. free stub_unlink */
194 	{
195 		unsigned long flags;
196 		struct stub_unlink *unlink, *tmp;
197 
198 		spin_lock_irqsave(&sdev->priv_lock, flags);
199 		list_for_each_entry_safe(unlink, tmp, &sdev->unlink_tx, list) {
200 			list_del(&unlink->list);
201 			kfree(unlink);
202 		}
203 		list_for_each_entry_safe(unlink, tmp, &sdev->unlink_free,
204 					 list) {
205 			list_del(&unlink->list);
206 			kfree(unlink);
207 		}
208 		spin_unlock_irqrestore(&sdev->priv_lock, flags);
209 	}
210 }
211 
stub_device_reset(struct usbip_device * ud)212 static void stub_device_reset(struct usbip_device *ud)
213 {
214 	struct stub_device *sdev = container_of(ud, struct stub_device, ud);
215 	struct usb_device *udev = sdev->udev;
216 	int ret;
217 
218 	dev_dbg(&udev->dev, "device reset");
219 
220 	ret = usb_lock_device_for_reset(udev, NULL);
221 	if (ret < 0) {
222 		dev_err(&udev->dev, "lock for reset\n");
223 		spin_lock_irq(&ud->lock);
224 		ud->status = SDEV_ST_ERROR;
225 		spin_unlock_irq(&ud->lock);
226 		return;
227 	}
228 
229 	/* try to reset the device */
230 	ret = usb_reset_device(udev);
231 	usb_unlock_device(udev);
232 
233 	spin_lock_irq(&ud->lock);
234 	if (ret) {
235 		dev_err(&udev->dev, "device reset\n");
236 		ud->status = SDEV_ST_ERROR;
237 	} else {
238 		dev_info(&udev->dev, "device reset\n");
239 		ud->status = SDEV_ST_AVAILABLE;
240 	}
241 	spin_unlock_irq(&ud->lock);
242 }
243 
stub_device_unusable(struct usbip_device * ud)244 static void stub_device_unusable(struct usbip_device *ud)
245 {
246 	spin_lock_irq(&ud->lock);
247 	ud->status = SDEV_ST_ERROR;
248 	spin_unlock_irq(&ud->lock);
249 }
250 
251 /**
252  * stub_device_alloc - allocate a new stub_device struct
253  * @udev: usb_device of a new device
254  *
255  * Allocates and initializes a new stub_device struct.
256  */
stub_device_alloc(struct usb_device * udev)257 static struct stub_device *stub_device_alloc(struct usb_device *udev)
258 {
259 	struct stub_device *sdev;
260 	int busnum = udev->bus->busnum;
261 	int devnum = udev->devnum;
262 
263 	dev_dbg(&udev->dev, "allocating stub device");
264 
265 	/* yes, it's a new device */
266 	sdev = kzalloc(sizeof(struct stub_device), GFP_KERNEL);
267 	if (!sdev)
268 		return NULL;
269 
270 	sdev->udev = usb_get_dev(udev);
271 
272 	/*
273 	 * devid is defined with devnum when this driver is first allocated.
274 	 * devnum may change later if a device is reset. However, devid never
275 	 * changes during a usbip connection.
276 	 */
277 	sdev->devid		= (busnum << 16) | devnum;
278 	sdev->ud.side		= USBIP_STUB;
279 	sdev->ud.status		= SDEV_ST_AVAILABLE;
280 	spin_lock_init(&sdev->ud.lock);
281 	mutex_init(&sdev->ud.sysfs_lock);
282 	sdev->ud.tcp_socket	= NULL;
283 	sdev->ud.sockfd		= -1;
284 
285 	INIT_LIST_HEAD(&sdev->priv_init);
286 	INIT_LIST_HEAD(&sdev->priv_tx);
287 	INIT_LIST_HEAD(&sdev->priv_free);
288 	INIT_LIST_HEAD(&sdev->unlink_free);
289 	INIT_LIST_HEAD(&sdev->unlink_tx);
290 	spin_lock_init(&sdev->priv_lock);
291 
292 	init_waitqueue_head(&sdev->tx_waitq);
293 
294 	sdev->ud.eh_ops.shutdown = stub_shutdown_connection;
295 	sdev->ud.eh_ops.reset    = stub_device_reset;
296 	sdev->ud.eh_ops.unusable = stub_device_unusable;
297 
298 	usbip_start_eh(&sdev->ud);
299 
300 	dev_dbg(&udev->dev, "register new device\n");
301 
302 	return sdev;
303 }
304 
stub_device_free(struct stub_device * sdev)305 static void stub_device_free(struct stub_device *sdev)
306 {
307 	kfree(sdev);
308 }
309 
stub_probe(struct usb_device * udev)310 static int stub_probe(struct usb_device *udev)
311 {
312 	struct stub_device *sdev = NULL;
313 	const char *udev_busid = dev_name(&udev->dev);
314 	struct bus_id_priv *busid_priv;
315 	int rc = 0;
316 	char save_status;
317 
318 	dev_dbg(&udev->dev, "Enter probe\n");
319 
320 	/* Not sure if this is our device. Allocate here to avoid
321 	 * calling alloc while holding busid_table lock.
322 	 */
323 	sdev = stub_device_alloc(udev);
324 	if (!sdev)
325 		return -ENOMEM;
326 
327 	/* check we should claim or not by busid_table */
328 	busid_priv = get_busid_priv(udev_busid);
329 	if (!busid_priv || (busid_priv->status == STUB_BUSID_REMOV) ||
330 	    (busid_priv->status == STUB_BUSID_OTHER)) {
331 		dev_info(&udev->dev,
332 			"%s is not in match_busid table... skip!\n",
333 			udev_busid);
334 
335 		/*
336 		 * Return value should be ENODEV or ENOXIO to continue trying
337 		 * other matched drivers by the driver core.
338 		 * See driver_probe_device() in driver/base/dd.c
339 		 */
340 		rc = -ENODEV;
341 		if (!busid_priv)
342 			goto sdev_free;
343 
344 		goto call_put_busid_priv;
345 	}
346 
347 	if (udev->descriptor.bDeviceClass == USB_CLASS_HUB) {
348 		dev_dbg(&udev->dev, "%s is a usb hub device... skip!\n",
349 			 udev_busid);
350 		rc = -ENODEV;
351 		goto call_put_busid_priv;
352 	}
353 
354 	if (!strcmp(udev->bus->bus_name, "vhci_hcd")) {
355 		dev_dbg(&udev->dev,
356 			"%s is attached on vhci_hcd... skip!\n",
357 			udev_busid);
358 
359 		rc = -ENODEV;
360 		goto call_put_busid_priv;
361 	}
362 
363 
364 	dev_info(&udev->dev,
365 		"usbip-host: register new device (bus %u dev %u)\n",
366 		udev->bus->busnum, udev->devnum);
367 
368 	busid_priv->shutdown_busid = 0;
369 
370 	/* set private data to usb_device */
371 	dev_set_drvdata(&udev->dev, sdev);
372 
373 	busid_priv->sdev = sdev;
374 	busid_priv->udev = udev;
375 
376 	save_status = busid_priv->status;
377 	busid_priv->status = STUB_BUSID_ALLOC;
378 
379 	/* release the busid_lock */
380 	put_busid_priv(busid_priv);
381 
382 	/*
383 	 * Claim this hub port.
384 	 * It doesn't matter what value we pass as owner
385 	 * (struct dev_state) as long as it is unique.
386 	 */
387 	rc = usb_hub_claim_port(udev->parent, udev->portnum,
388 			(struct usb_dev_state *) udev);
389 	if (rc) {
390 		dev_dbg(&udev->dev, "unable to claim port\n");
391 		goto err_port;
392 	}
393 
394 	return 0;
395 
396 err_port:
397 	dev_set_drvdata(&udev->dev, NULL);
398 
399 	/* we already have busid_priv, just lock busid_lock */
400 	spin_lock(&busid_priv->busid_lock);
401 	busid_priv->sdev = NULL;
402 	busid_priv->status = save_status;
403 	spin_unlock(&busid_priv->busid_lock);
404 	/* lock is released - go to free */
405 	goto sdev_free;
406 
407 call_put_busid_priv:
408 	/* release the busid_lock */
409 	put_busid_priv(busid_priv);
410 
411 sdev_free:
412 	usb_put_dev(udev);
413 	stub_device_free(sdev);
414 
415 	return rc;
416 }
417 
shutdown_busid(struct bus_id_priv * busid_priv)418 static void shutdown_busid(struct bus_id_priv *busid_priv)
419 {
420 	usbip_event_add(&busid_priv->sdev->ud, SDEV_EVENT_REMOVED);
421 
422 	/* wait for the stop of the event handler */
423 	usbip_stop_eh(&busid_priv->sdev->ud);
424 }
425 
426 /*
427  * called in usb_disconnect() or usb_deregister()
428  * but only if actconfig(active configuration) exists
429  */
stub_disconnect(struct usb_device * udev)430 static void stub_disconnect(struct usb_device *udev)
431 {
432 	struct stub_device *sdev;
433 	const char *udev_busid = dev_name(&udev->dev);
434 	struct bus_id_priv *busid_priv;
435 	int rc;
436 
437 	dev_dbg(&udev->dev, "Enter disconnect\n");
438 
439 	busid_priv = get_busid_priv(udev_busid);
440 	if (!busid_priv) {
441 		BUG();
442 		return;
443 	}
444 
445 	sdev = dev_get_drvdata(&udev->dev);
446 
447 	/* get stub_device */
448 	if (!sdev) {
449 		dev_err(&udev->dev, "could not get device");
450 		/* release busid_lock */
451 		put_busid_priv(busid_priv);
452 		return;
453 	}
454 
455 	dev_set_drvdata(&udev->dev, NULL);
456 
457 	/* release busid_lock before call to remove device files */
458 	put_busid_priv(busid_priv);
459 
460 	/*
461 	 * NOTE: rx/tx threads are invoked for each usb_device.
462 	 */
463 
464 	/* release port */
465 	rc = usb_hub_release_port(udev->parent, udev->portnum,
466 				  (struct usb_dev_state *) udev);
467 	/*
468 	 * NOTE: If a HUB disconnect triggered disconnect of the down stream
469 	 * device usb_hub_release_port will return -ENODEV so we can safely ignore
470 	 * that error here.
471 	 */
472 	if (rc && (rc != -ENODEV)) {
473 		dev_dbg(&udev->dev, "unable to release port (%i)\n", rc);
474 		return;
475 	}
476 
477 	/* If usb reset is called from event handler */
478 	if (usbip_in_eh(current))
479 		return;
480 
481 	/* we already have busid_priv, just lock busid_lock */
482 	spin_lock(&busid_priv->busid_lock);
483 	if (!busid_priv->shutdown_busid)
484 		busid_priv->shutdown_busid = 1;
485 	/* release busid_lock */
486 	spin_unlock(&busid_priv->busid_lock);
487 
488 	/* shutdown the current connection */
489 	shutdown_busid(busid_priv);
490 
491 	usb_put_dev(sdev->udev);
492 
493 	/* we already have busid_priv, just lock busid_lock */
494 	spin_lock(&busid_priv->busid_lock);
495 	/* free sdev */
496 	busid_priv->sdev = NULL;
497 	stub_device_free(sdev);
498 
499 	if (busid_priv->status == STUB_BUSID_ALLOC)
500 		busid_priv->status = STUB_BUSID_ADDED;
501 	/* release busid_lock */
502 	spin_unlock(&busid_priv->busid_lock);
503 	return;
504 }
505 
506 #ifdef CONFIG_PM
507 
508 /* These functions need usb_port_suspend and usb_port_resume,
509  * which reside in drivers/usb/core/usb.h. Skip for now. */
510 
stub_suspend(struct usb_device * udev,pm_message_t message)511 static int stub_suspend(struct usb_device *udev, pm_message_t message)
512 {
513 	dev_dbg(&udev->dev, "stub_suspend\n");
514 
515 	return 0;
516 }
517 
stub_resume(struct usb_device * udev,pm_message_t message)518 static int stub_resume(struct usb_device *udev, pm_message_t message)
519 {
520 	dev_dbg(&udev->dev, "stub_resume\n");
521 
522 	return 0;
523 }
524 
525 #endif	/* CONFIG_PM */
526 
527 struct usb_device_driver stub_driver = {
528 	.name		= "usbip-host",
529 	.probe		= stub_probe,
530 	.disconnect	= stub_disconnect,
531 #ifdef CONFIG_PM
532 	.suspend	= stub_suspend,
533 	.resume		= stub_resume,
534 #endif
535 	.supports_autosuspend	=	0,
536 	.dev_groups	= usbip_groups,
537 };
538