1/* 2 * Copyright (C) 2003-2008 Takahiro Hirofuchi 3 * 4 * This is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License as published by 6 * the Free Software Foundation; either version 2 of the License, or 7 * (at your option) any later version. 8 * 9 * This is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * 14 * You should have received a copy of the GNU General Public License 15 * along with this program; if not, write to the Free Software 16 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 17 * USA. 18 */ 19 20#include <linux/slab.h> 21 22#include "usbip_common.h" 23#include "stub.h" 24#include <linux/usb/hcd.h> 25 26 27static int is_clear_halt_cmd(struct urb *urb) 28{ 29 struct usb_ctrlrequest *req; 30 31 req = (struct usb_ctrlrequest *) urb->setup_packet; 32 33 return (req->bRequest == USB_REQ_CLEAR_FEATURE) && 34 (req->bRequestType == USB_RECIP_ENDPOINT) && 35 (req->wValue == USB_ENDPOINT_HALT); 36} 37 38static int is_set_interface_cmd(struct urb *urb) 39{ 40 struct usb_ctrlrequest *req; 41 42 req = (struct usb_ctrlrequest *) urb->setup_packet; 43 44 return (req->bRequest == USB_REQ_SET_INTERFACE) && 45 (req->bRequestType == USB_RECIP_INTERFACE); 46} 47 48static int is_set_configuration_cmd(struct urb *urb) 49{ 50 struct usb_ctrlrequest *req; 51 52 req = (struct usb_ctrlrequest *) urb->setup_packet; 53 54 return (req->bRequest == USB_REQ_SET_CONFIGURATION) && 55 (req->bRequestType == USB_RECIP_DEVICE); 56} 57 58static int is_reset_device_cmd(struct urb *urb) 59{ 60 struct usb_ctrlrequest *req; 61 __u16 value; 62 __u16 index; 63 64 req = (struct usb_ctrlrequest *) urb->setup_packet; 65 value = le16_to_cpu(req->wValue); 66 index = le16_to_cpu(req->wIndex); 67 68 if ((req->bRequest == USB_REQ_SET_FEATURE) && 69 (req->bRequestType == USB_RT_PORT) && 70 (value == USB_PORT_FEAT_RESET)) { 71 usbip_dbg_stub_rx("reset_device_cmd, port %u\n", index); 72 return 1; 73 } else 74 return 0; 75} 76 77static int tweak_clear_halt_cmd(struct urb *urb) 78{ 79 struct usb_ctrlrequest *req; 80 int target_endp; 81 int target_dir; 82 int target_pipe; 83 int ret; 84 85 req = (struct usb_ctrlrequest *) urb->setup_packet; 86 87 /* 88 * The stalled endpoint is specified in the wIndex value. The endpoint 89 * of the urb is the target of this clear_halt request (i.e., control 90 * endpoint). 91 */ 92 target_endp = le16_to_cpu(req->wIndex) & 0x000f; 93 94 /* the stalled endpoint direction is IN or OUT?. USB_DIR_IN is 0x80. */ 95 target_dir = le16_to_cpu(req->wIndex) & 0x0080; 96 97 if (target_dir) 98 target_pipe = usb_rcvctrlpipe(urb->dev, target_endp); 99 else 100 target_pipe = usb_sndctrlpipe(urb->dev, target_endp); 101 102 ret = usb_clear_halt(urb->dev, target_pipe); 103 if (ret < 0) 104 usbip_uinfo("clear_halt error: devnum %d endp %d, %d\n", 105 urb->dev->devnum, target_endp, ret); 106 else 107 usbip_uinfo("clear_halt done: devnum %d endp %d\n", 108 urb->dev->devnum, target_endp); 109 110 return ret; 111} 112 113static int tweak_set_interface_cmd(struct urb *urb) 114{ 115 struct usb_ctrlrequest *req; 116 __u16 alternate; 117 __u16 interface; 118 int ret; 119 120 req = (struct usb_ctrlrequest *) urb->setup_packet; 121 alternate = le16_to_cpu(req->wValue); 122 interface = le16_to_cpu(req->wIndex); 123 124 usbip_dbg_stub_rx("set_interface: inf %u alt %u\n", interface, 125 alternate); 126 127 ret = usb_set_interface(urb->dev, interface, alternate); 128 if (ret < 0) 129 usbip_uinfo("set_interface error: inf %u alt %u, %d\n", 130 interface, alternate, ret); 131 else 132 usbip_uinfo("set_interface done: inf %u alt %u\n", 133 interface, 134 alternate); 135 136 return ret; 137} 138 139static int tweak_set_configuration_cmd(struct urb *urb) 140{ 141 struct usb_ctrlrequest *req; 142 __u16 config; 143 144 req = (struct usb_ctrlrequest *) urb->setup_packet; 145 config = le16_to_cpu(req->wValue); 146 147 /* 148 * I have never seen a multi-config device. Very rare. 149 * For most devices, this will be called to choose a default 150 * configuration only once in an initialization phase. 151 * 152 * set_configuration may change a device configuration and its device 153 * drivers will be unbound and assigned for a new device configuration. 154 * This means this usbip driver will be also unbound when called, then 155 * eventually reassigned to the device as far as driver matching 156 * condition is kept. 157 * 158 * Unfortunatelly, an existing usbip connection will be dropped 159 * due to this driver unbinding. So, skip here. 160 * A user may need to set a special configuration value before 161 * exporting the device. 162 */ 163 usbip_uinfo("set_configuration (%d) to %s\n", config, 164 dev_name(&urb->dev->dev)); 165 usbip_uinfo("but, skip!\n"); 166 167 return 0; 168 /* return usb_driver_set_configuration(urb->dev, config); */ 169} 170 171static int tweak_reset_device_cmd(struct urb *urb) 172{ 173 struct usb_ctrlrequest *req; 174 __u16 value; 175 __u16 index; 176 int ret; 177 178 req = (struct usb_ctrlrequest *) urb->setup_packet; 179 value = le16_to_cpu(req->wValue); 180 index = le16_to_cpu(req->wIndex); 181 182 usbip_uinfo("reset_device (port %d) to %s\n", index, 183 dev_name(&urb->dev->dev)); 184 185 /* all interfaces should be owned by usbip driver, so just reset it. */ 186 ret = usb_lock_device_for_reset(urb->dev, NULL); 187 if (ret < 0) { 188 dev_err(&urb->dev->dev, "lock for reset\n"); 189 return ret; 190 } 191 192 /* try to reset the device */ 193 ret = usb_reset_device(urb->dev); 194 if (ret < 0) 195 dev_err(&urb->dev->dev, "device reset\n"); 196 197 usb_unlock_device(urb->dev); 198 199 return ret; 200} 201 202/* 203 * clear_halt, set_interface, and set_configuration require special tricks. 204 */ 205static void tweak_special_requests(struct urb *urb) 206{ 207 if (!urb || !urb->setup_packet) 208 return; 209 210 if (usb_pipetype(urb->pipe) != PIPE_CONTROL) 211 return; 212 213 if (is_clear_halt_cmd(urb)) 214 /* tweak clear_halt */ 215 tweak_clear_halt_cmd(urb); 216 217 else if (is_set_interface_cmd(urb)) 218 /* tweak set_interface */ 219 tweak_set_interface_cmd(urb); 220 221 else if (is_set_configuration_cmd(urb)) 222 /* tweak set_configuration */ 223 tweak_set_configuration_cmd(urb); 224 225 else if (is_reset_device_cmd(urb)) 226 tweak_reset_device_cmd(urb); 227 else 228 usbip_dbg_stub_rx("no need to tweak\n"); 229} 230 231/* 232 * stub_recv_unlink() unlinks the URB by a call to usb_unlink_urb(). 233 * By unlinking the urb asynchronously, stub_rx can continuously 234 * process coming urbs. Even if the urb is unlinked, its completion 235 * handler will be called and stub_tx will send a return pdu. 236 * 237 * See also comments about unlinking strategy in vhci_hcd.c. 238 */ 239static int stub_recv_cmd_unlink(struct stub_device *sdev, 240 struct usbip_header *pdu) 241{ 242 unsigned long flags; 243 244 struct stub_priv *priv; 245 246 247 spin_lock_irqsave(&sdev->priv_lock, flags); 248 249 list_for_each_entry(priv, &sdev->priv_init, list) { 250 if (priv->seqnum == pdu->u.cmd_unlink.seqnum) { 251 int ret; 252 253 dev_info(&priv->urb->dev->dev, "unlink urb %p\n", 254 priv->urb); 255 256 /* 257 * This matched urb is not completed yet (i.e., be in 258 * flight in usb hcd hardware/driver). Now we are 259 * cancelling it. The unlinking flag means that we are 260 * now not going to return the normal result pdu of a 261 * submission request, but going to return a result pdu 262 * of the unlink request. 263 */ 264 priv->unlinking = 1; 265 266 /* 267 * In the case that unlinking flag is on, prev->seqnum 268 * is changed from the seqnum of the cancelling urb to 269 * the seqnum of the unlink request. This will be used 270 * to make the result pdu of the unlink request. 271 */ 272 priv->seqnum = pdu->base.seqnum; 273 274 spin_unlock_irqrestore(&sdev->priv_lock, flags); 275 276 /* 277 * usb_unlink_urb() is now out of spinlocking to avoid 278 * spinlock recursion since stub_complete() is 279 * sometimes called in this context but not in the 280 * interrupt context. If stub_complete() is executed 281 * before we call usb_unlink_urb(), usb_unlink_urb() 282 * will return an error value. In this case, stub_tx 283 * will return the result pdu of this unlink request 284 * though submission is completed and actual unlinking 285 * is not executed. OK? 286 */ 287 /* In the above case, urb->status is not -ECONNRESET, 288 * so a driver in a client host will know the failure 289 * of the unlink request ? 290 */ 291 ret = usb_unlink_urb(priv->urb); 292 if (ret != -EINPROGRESS) 293 dev_err(&priv->urb->dev->dev, 294 "failed to unlink a urb %p, ret %d\n", 295 priv->urb, ret); 296 return 0; 297 } 298 } 299 300 usbip_dbg_stub_rx("seqnum %d is not pending\n", 301 pdu->u.cmd_unlink.seqnum); 302 303 /* 304 * The urb of the unlink target is not found in priv_init queue. It was 305 * already completed and its results is/was going to be sent by a 306 * CMD_RET pdu. In this case, usb_unlink_urb() is not needed. We only 307 * return the completeness of this unlink request to vhci_hcd. 308 */ 309 stub_enqueue_ret_unlink(sdev, pdu->base.seqnum, 0); 310 311 spin_unlock_irqrestore(&sdev->priv_lock, flags); 312 313 314 return 0; 315} 316 317static int valid_request(struct stub_device *sdev, struct usbip_header *pdu) 318{ 319 struct usbip_device *ud = &sdev->ud; 320 321 if (pdu->base.devid == sdev->devid) { 322 spin_lock(&ud->lock); 323 if (ud->status == SDEV_ST_USED) { 324 /* A request is valid. */ 325 spin_unlock(&ud->lock); 326 return 1; 327 } 328 spin_unlock(&ud->lock); 329 } 330 331 return 0; 332} 333 334static struct stub_priv *stub_priv_alloc(struct stub_device *sdev, 335 struct usbip_header *pdu) 336{ 337 struct stub_priv *priv; 338 struct usbip_device *ud = &sdev->ud; 339 unsigned long flags; 340 341 spin_lock_irqsave(&sdev->priv_lock, flags); 342 343 priv = kmem_cache_zalloc(stub_priv_cache, GFP_ATOMIC); 344 if (!priv) { 345 dev_err(&sdev->interface->dev, "alloc stub_priv\n"); 346 spin_unlock_irqrestore(&sdev->priv_lock, flags); 347 usbip_event_add(ud, SDEV_EVENT_ERROR_MALLOC); 348 return NULL; 349 } 350 351 priv->seqnum = pdu->base.seqnum; 352 priv->sdev = sdev; 353 354 /* 355 * After a stub_priv is linked to a list_head, 356 * our error handler can free allocated data. 357 */ 358 list_add_tail(&priv->list, &sdev->priv_init); 359 360 spin_unlock_irqrestore(&sdev->priv_lock, flags); 361 362 return priv; 363} 364 365static int get_pipe(struct stub_device *sdev, int epnum, int dir) 366{ 367 struct usb_device *udev = interface_to_usbdev(sdev->interface); 368 struct usb_host_endpoint *ep; 369 struct usb_endpoint_descriptor *epd = NULL; 370 371 if (dir == USBIP_DIR_IN) 372 ep = udev->ep_in[epnum & 0x7f]; 373 else 374 ep = udev->ep_out[epnum & 0x7f]; 375 if (!ep) { 376 dev_err(&sdev->interface->dev, "no such endpoint?, %d\n", 377 epnum); 378 BUG(); 379 } 380 381 epd = &ep->desc; 382 383 384 385 if (usb_endpoint_xfer_control(epd)) { 386 if (dir == USBIP_DIR_OUT) 387 return usb_sndctrlpipe(udev, epnum); 388 else 389 return usb_rcvctrlpipe(udev, epnum); 390 } 391 392 if (usb_endpoint_xfer_bulk(epd)) { 393 if (dir == USBIP_DIR_OUT) 394 return usb_sndbulkpipe(udev, epnum); 395 else 396 return usb_rcvbulkpipe(udev, epnum); 397 } 398 399 if (usb_endpoint_xfer_int(epd)) { 400 if (dir == USBIP_DIR_OUT) 401 return usb_sndintpipe(udev, epnum); 402 else 403 return usb_rcvintpipe(udev, epnum); 404 } 405 406 if (usb_endpoint_xfer_isoc(epd)) { 407 if (dir == USBIP_DIR_OUT) 408 return usb_sndisocpipe(udev, epnum); 409 else 410 return usb_rcvisocpipe(udev, epnum); 411 } 412 413 /* NOT REACHED */ 414 dev_err(&sdev->interface->dev, "get pipe, epnum %d\n", epnum); 415 return 0; 416} 417 418static void masking_bogus_flags(struct urb *urb) 419{ 420 int xfertype; 421 struct usb_device *dev; 422 struct usb_host_endpoint *ep; 423 int is_out; 424 unsigned int allowed; 425 426 if (!urb || urb->hcpriv || !urb->complete) 427 return; 428 dev = urb->dev; 429 if ((!dev) || (dev->state < USB_STATE_UNAUTHENTICATED)) 430 return; 431 432 ep = (usb_pipein(urb->pipe) ? dev->ep_in : dev->ep_out) 433 [usb_pipeendpoint(urb->pipe)]; 434 if (!ep) 435 return; 436 437 xfertype = usb_endpoint_type(&ep->desc); 438 if (xfertype == USB_ENDPOINT_XFER_CONTROL) { 439 struct usb_ctrlrequest *setup = 440 (struct usb_ctrlrequest *) urb->setup_packet; 441 442 if (!setup) 443 return; 444 is_out = !(setup->bRequestType & USB_DIR_IN) || 445 !setup->wLength; 446 } else { 447 is_out = usb_endpoint_dir_out(&ep->desc); 448 } 449 450 /* enforce simple/standard policy */ 451 allowed = (URB_NO_TRANSFER_DMA_MAP | URB_NO_INTERRUPT | 452 URB_DIR_MASK | URB_FREE_BUFFER); 453 switch (xfertype) { 454 case USB_ENDPOINT_XFER_BULK: 455 if (is_out) 456 allowed |= URB_ZERO_PACKET; 457 /* FALLTHROUGH */ 458 case USB_ENDPOINT_XFER_CONTROL: 459 allowed |= URB_NO_FSBR; /* only affects UHCI */ 460 /* FALLTHROUGH */ 461 default: /* all non-iso endpoints */ 462 if (!is_out) 463 allowed |= URB_SHORT_NOT_OK; 464 break; 465 case USB_ENDPOINT_XFER_ISOC: 466 allowed |= URB_ISO_ASAP; 467 break; 468 } 469 urb->transfer_flags &= allowed; 470} 471 472static void stub_recv_cmd_submit(struct stub_device *sdev, 473 struct usbip_header *pdu) 474{ 475 int ret; 476 struct stub_priv *priv; 477 struct usbip_device *ud = &sdev->ud; 478 struct usb_device *udev = interface_to_usbdev(sdev->interface); 479 int pipe = get_pipe(sdev, pdu->base.ep, pdu->base.direction); 480 481 482 priv = stub_priv_alloc(sdev, pdu); 483 if (!priv) 484 return; 485 486 /* setup a urb */ 487 if (usb_pipeisoc(pipe)) 488 priv->urb = usb_alloc_urb(pdu->u.cmd_submit.number_of_packets, 489 GFP_KERNEL); 490 else 491 priv->urb = usb_alloc_urb(0, GFP_KERNEL); 492 493 if (!priv->urb) { 494 dev_err(&sdev->interface->dev, "malloc urb\n"); 495 usbip_event_add(ud, SDEV_EVENT_ERROR_MALLOC); 496 return; 497 } 498 499 /* set priv->urb->transfer_buffer */ 500 if (pdu->u.cmd_submit.transfer_buffer_length > 0) { 501 priv->urb->transfer_buffer = 502 kzalloc(pdu->u.cmd_submit.transfer_buffer_length, 503 GFP_KERNEL); 504 if (!priv->urb->transfer_buffer) { 505 dev_err(&sdev->interface->dev, "malloc x_buff\n"); 506 usbip_event_add(ud, SDEV_EVENT_ERROR_MALLOC); 507 return; 508 } 509 } 510 511 /* set priv->urb->setup_packet */ 512 priv->urb->setup_packet = kmemdup(&pdu->u.cmd_submit.setup, 8, 513 GFP_KERNEL); 514 if (!priv->urb->setup_packet) { 515 dev_err(&sdev->interface->dev, "allocate setup_packet\n"); 516 usbip_event_add(ud, SDEV_EVENT_ERROR_MALLOC); 517 return; 518 } 519 520 /* set other members from the base header of pdu */ 521 priv->urb->context = (void *) priv; 522 priv->urb->dev = udev; 523 priv->urb->pipe = pipe; 524 priv->urb->complete = stub_complete; 525 526 usbip_pack_pdu(pdu, priv->urb, USBIP_CMD_SUBMIT, 0); 527 528 529 if (usbip_recv_xbuff(ud, priv->urb) < 0) 530 return; 531 532 if (usbip_recv_iso(ud, priv->urb) < 0) 533 return; 534 535 /* no need to submit an intercepted request, but harmless? */ 536 tweak_special_requests(priv->urb); 537 538 masking_bogus_flags(priv->urb); 539 /* urb is now ready to submit */ 540 ret = usb_submit_urb(priv->urb, GFP_KERNEL); 541 542 if (ret == 0) 543 usbip_dbg_stub_rx("submit urb ok, seqnum %u\n", 544 pdu->base.seqnum); 545 else { 546 dev_err(&sdev->interface->dev, "submit_urb error, %d\n", ret); 547 usbip_dump_header(pdu); 548 usbip_dump_urb(priv->urb); 549 550 /* 551 * Pessimistic. 552 * This connection will be discarded. 553 */ 554 usbip_event_add(ud, SDEV_EVENT_ERROR_SUBMIT); 555 } 556 557 usbip_dbg_stub_rx("Leave\n"); 558 return; 559} 560 561/* recv a pdu */ 562static void stub_rx_pdu(struct usbip_device *ud) 563{ 564 int ret; 565 struct usbip_header pdu; 566 struct stub_device *sdev = container_of(ud, struct stub_device, ud); 567 struct device *dev = &sdev->interface->dev; 568 569 usbip_dbg_stub_rx("Enter\n"); 570 571 memset(&pdu, 0, sizeof(pdu)); 572 573 /* 1. receive a pdu header */ 574 ret = usbip_xmit(0, ud->tcp_socket, (char *) &pdu, sizeof(pdu), 0); 575 if (ret != sizeof(pdu)) { 576 dev_err(dev, "recv a header, %d\n", ret); 577 usbip_event_add(ud, SDEV_EVENT_ERROR_TCP); 578 return; 579 } 580 581 usbip_header_correct_endian(&pdu, 0); 582 583 if (usbip_dbg_flag_stub_rx) 584 usbip_dump_header(&pdu); 585 586 if (!valid_request(sdev, &pdu)) { 587 dev_err(dev, "recv invalid request\n"); 588 usbip_event_add(ud, SDEV_EVENT_ERROR_TCP); 589 return; 590 } 591 592 switch (pdu.base.command) { 593 case USBIP_CMD_UNLINK: 594 stub_recv_cmd_unlink(sdev, &pdu); 595 break; 596 597 case USBIP_CMD_SUBMIT: 598 stub_recv_cmd_submit(sdev, &pdu); 599 break; 600 601 default: 602 /* NOTREACHED */ 603 dev_err(dev, "unknown pdu\n"); 604 usbip_event_add(ud, SDEV_EVENT_ERROR_TCP); 605 return; 606 } 607 608} 609 610void stub_rx_loop(struct usbip_task *ut) 611{ 612 struct usbip_device *ud = container_of(ut, struct usbip_device, tcp_rx); 613 614 while (1) { 615 if (signal_pending(current)) { 616 usbip_dbg_stub_rx("signal caught!\n"); 617 break; 618 } 619 620 if (usbip_event_happened(ud)) 621 break; 622 623 stub_rx_pdu(ud); 624 } 625} 626