1 // SPDX-License-Identifier: GPL-2.0+
3 * Copyright (C) 2003-2008 Takahiro Hirofuchi
6 #include <linux/kthread.h>
7 #include <linux/socket.h>
9 #include "usbip_common.h"
12 static void stub_free_priv_and_urb(struct stub_priv *priv)
14 struct urb *urb = priv->urb;
16 kfree(urb->setup_packet);
17 urb->setup_packet = NULL;
19 kfree(urb->transfer_buffer);
20 urb->transfer_buffer = NULL;
22 list_del(&priv->list);
23 kmem_cache_free(stub_priv_cache, priv);
27 /* be in spin_lock_irqsave(&sdev->priv_lock, flags) */
28 void stub_enqueue_ret_unlink(struct stub_device *sdev, __u32 seqnum,
31 struct stub_unlink *unlink;
33 unlink = kzalloc(sizeof(struct stub_unlink), GFP_ATOMIC);
35 usbip_event_add(&sdev->ud, VDEV_EVENT_ERROR_MALLOC);
39 unlink->seqnum = seqnum;
40 unlink->status = status;
42 list_add_tail(&unlink->list, &sdev->unlink_tx);
46 * stub_complete - completion handler of a usbip urb
47 * @urb: pointer to the urb completed
49 * When a urb has completed, the USB core driver calls this function mostly in
50 * the interrupt context. To return the result of a urb, the completed urb is
51 * linked to the pending list of returning.
54 void stub_complete(struct urb *urb)
56 struct stub_priv *priv = (struct stub_priv *) urb->context;
57 struct stub_device *sdev = priv->sdev;
60 usbip_dbg_stub_tx("complete! status %d\n", urb->status);
62 switch (urb->status) {
67 dev_info(&urb->dev->dev,
68 "stopped by a call to usb_kill_urb() because of cleaning up a virtual connection\n");
71 dev_info(&urb->dev->dev,
72 "unlinked by a call to usb_unlink_urb()\n");
75 dev_info(&urb->dev->dev, "endpoint %d is stalled\n",
76 usb_pipeendpoint(urb->pipe));
79 dev_info(&urb->dev->dev, "device removed?\n");
82 dev_info(&urb->dev->dev,
83 "urb completion with non-zero status %d\n",
88 /* link a urb to the queue of tx. */
89 spin_lock_irqsave(&sdev->priv_lock, flags);
90 if (sdev->ud.tcp_socket == NULL) {
91 usbip_dbg_stub_tx("ignore urb for closed connection %p", urb);
92 /* It will be freed in stub_device_cleanup_urbs(). */
93 } else if (priv->unlinking) {
94 stub_enqueue_ret_unlink(sdev, priv->seqnum, urb->status);
95 stub_free_priv_and_urb(priv);
97 list_move_tail(&priv->list, &sdev->priv_tx);
99 spin_unlock_irqrestore(&sdev->priv_lock, flags);
101 /* wake up tx_thread */
102 wake_up(&sdev->tx_waitq);
105 static inline void setup_base_pdu(struct usbip_header_basic *base,
106 __u32 command, __u32 seqnum)
108 base->command = command;
109 base->seqnum = seqnum;
115 static void setup_ret_submit_pdu(struct usbip_header *rpdu, struct urb *urb)
117 struct stub_priv *priv = (struct stub_priv *) urb->context;
119 setup_base_pdu(&rpdu->base, USBIP_RET_SUBMIT, priv->seqnum);
120 usbip_pack_pdu(rpdu, urb, USBIP_RET_SUBMIT, 1);
123 static void setup_ret_unlink_pdu(struct usbip_header *rpdu,
124 struct stub_unlink *unlink)
126 setup_base_pdu(&rpdu->base, USBIP_RET_UNLINK, unlink->seqnum);
127 rpdu->u.ret_unlink.status = unlink->status;
130 static struct stub_priv *dequeue_from_priv_tx(struct stub_device *sdev)
133 struct stub_priv *priv, *tmp;
135 spin_lock_irqsave(&sdev->priv_lock, flags);
137 list_for_each_entry_safe(priv, tmp, &sdev->priv_tx, list) {
138 list_move_tail(&priv->list, &sdev->priv_free);
139 spin_unlock_irqrestore(&sdev->priv_lock, flags);
143 spin_unlock_irqrestore(&sdev->priv_lock, flags);
148 static int stub_send_ret_submit(struct stub_device *sdev)
151 struct stub_priv *priv, *tmp;
156 size_t total_size = 0;
158 while ((priv = dequeue_from_priv_tx(sdev)) != NULL) {
160 struct urb *urb = priv->urb;
161 struct usbip_header pdu_header;
162 struct usbip_iso_packet_descriptor *iso_buffer = NULL;
163 struct kvec *iov = NULL;
167 memset(&pdu_header, 0, sizeof(pdu_header));
168 memset(&msg, 0, sizeof(msg));
170 if (usb_pipetype(urb->pipe) == PIPE_ISOCHRONOUS)
171 iovnum = 2 + urb->number_of_packets;
175 iov = kcalloc(iovnum, sizeof(struct kvec), GFP_KERNEL);
178 usbip_event_add(&sdev->ud, SDEV_EVENT_ERROR_MALLOC);
184 /* 1. setup usbip_header */
185 setup_ret_submit_pdu(&pdu_header, urb);
186 usbip_dbg_stub_tx("setup txdata seqnum: %d urb: %p\n",
187 pdu_header.base.seqnum, urb);
188 usbip_header_correct_endian(&pdu_header, 1);
190 iov[iovnum].iov_base = &pdu_header;
191 iov[iovnum].iov_len = sizeof(pdu_header);
193 txsize += sizeof(pdu_header);
195 /* 2. setup transfer buffer */
196 if (usb_pipein(urb->pipe) &&
197 usb_pipetype(urb->pipe) != PIPE_ISOCHRONOUS &&
198 urb->actual_length > 0) {
199 iov[iovnum].iov_base = urb->transfer_buffer;
200 iov[iovnum].iov_len = urb->actual_length;
202 txsize += urb->actual_length;
203 } else if (usb_pipein(urb->pipe) &&
204 usb_pipetype(urb->pipe) == PIPE_ISOCHRONOUS) {
206 * For isochronous packets: actual length is the sum of
207 * the actual length of the individual, packets, but as
208 * the packet offsets are not changed there will be
209 * padding between the packets. To optimally use the
210 * bandwidth the padding is not transmitted.
215 for (i = 0; i < urb->number_of_packets; i++) {
216 iov[iovnum].iov_base = urb->transfer_buffer +
217 urb->iso_frame_desc[i].offset;
218 iov[iovnum].iov_len =
219 urb->iso_frame_desc[i].actual_length;
221 txsize += urb->iso_frame_desc[i].actual_length;
224 if (txsize != sizeof(pdu_header) + urb->actual_length) {
225 dev_err(&sdev->udev->dev,
226 "actual length of urb %d does not match iso packet sizes %zu\n",
228 txsize-sizeof(pdu_header));
230 usbip_event_add(&sdev->ud,
231 SDEV_EVENT_ERROR_TCP);
236 /* 3. setup iso_packet_descriptor */
237 if (usb_pipetype(urb->pipe) == PIPE_ISOCHRONOUS) {
240 iso_buffer = usbip_alloc_iso_desc_pdu(urb, &len);
242 usbip_event_add(&sdev->ud,
243 SDEV_EVENT_ERROR_MALLOC);
248 iov[iovnum].iov_base = iso_buffer;
249 iov[iovnum].iov_len = len;
254 ret = kernel_sendmsg(sdev->ud.tcp_socket, &msg,
255 iov, iovnum, txsize);
257 dev_err(&sdev->udev->dev,
258 "sendmsg failed!, retval %d for %zd\n",
262 usbip_event_add(&sdev->ud, SDEV_EVENT_ERROR_TCP);
269 total_size += txsize;
272 spin_lock_irqsave(&sdev->priv_lock, flags);
273 list_for_each_entry_safe(priv, tmp, &sdev->priv_free, list) {
274 stub_free_priv_and_urb(priv);
276 spin_unlock_irqrestore(&sdev->priv_lock, flags);
281 static struct stub_unlink *dequeue_from_unlink_tx(struct stub_device *sdev)
284 struct stub_unlink *unlink, *tmp;
286 spin_lock_irqsave(&sdev->priv_lock, flags);
288 list_for_each_entry_safe(unlink, tmp, &sdev->unlink_tx, list) {
289 list_move_tail(&unlink->list, &sdev->unlink_free);
290 spin_unlock_irqrestore(&sdev->priv_lock, flags);
294 spin_unlock_irqrestore(&sdev->priv_lock, flags);
299 static int stub_send_ret_unlink(struct stub_device *sdev)
302 struct stub_unlink *unlink, *tmp;
308 size_t total_size = 0;
310 while ((unlink = dequeue_from_unlink_tx(sdev)) != NULL) {
312 struct usbip_header pdu_header;
315 memset(&pdu_header, 0, sizeof(pdu_header));
316 memset(&msg, 0, sizeof(msg));
317 memset(&iov, 0, sizeof(iov));
319 usbip_dbg_stub_tx("setup ret unlink %lu\n", unlink->seqnum);
321 /* 1. setup usbip_header */
322 setup_ret_unlink_pdu(&pdu_header, unlink);
323 usbip_header_correct_endian(&pdu_header, 1);
325 iov[0].iov_base = &pdu_header;
326 iov[0].iov_len = sizeof(pdu_header);
327 txsize += sizeof(pdu_header);
329 ret = kernel_sendmsg(sdev->ud.tcp_socket, &msg, iov,
332 dev_err(&sdev->udev->dev,
333 "sendmsg failed!, retval %d for %zd\n",
335 usbip_event_add(&sdev->ud, SDEV_EVENT_ERROR_TCP);
339 usbip_dbg_stub_tx("send txdata\n");
340 total_size += txsize;
343 spin_lock_irqsave(&sdev->priv_lock, flags);
345 list_for_each_entry_safe(unlink, tmp, &sdev->unlink_free, list) {
346 list_del(&unlink->list);
350 spin_unlock_irqrestore(&sdev->priv_lock, flags);
355 int stub_tx_loop(void *data)
357 struct usbip_device *ud = data;
358 struct stub_device *sdev = container_of(ud, struct stub_device, ud);
360 while (!kthread_should_stop()) {
361 if (usbip_event_happened(ud))
365 * send_ret_submit comes earlier than send_ret_unlink. stub_rx
366 * looks at only priv_init queue. If the completion of a URB is
367 * earlier than the receive of CMD_UNLINK, priv is moved to
368 * priv_tx queue and stub_rx does not find the target priv. In
369 * this case, vhci_rx receives the result of the submit request
370 * and then receives the result of the unlink request. The
371 * result of the submit is given back to the usbcore as the
372 * completion of the unlink request. The request of the
373 * unlink is ignored. This is ok because a driver who calls
374 * usb_unlink_urb() understands the unlink was too late by
375 * getting the status of the given-backed URB which has the
376 * status of usb_submit_urb().
378 if (stub_send_ret_submit(sdev) < 0)
381 if (stub_send_ret_unlink(sdev) < 0)
384 wait_event_interruptible(sdev->tx_waitq,
385 (!list_empty(&sdev->priv_tx) ||
386 !list_empty(&sdev->unlink_tx) ||
387 kthread_should_stop()));