1 // SPDX-License-Identifier: GPL-2.0+
3 * Copyright (C) 2003-2008 Takahiro Hirofuchi
4 * Copyright (C) 2015-2016 Nobuo Iwata
7 #include <linux/kthread.h>
8 #include <linux/file.h>
10 #include <linux/platform_device.h>
11 #include <linux/slab.h>
13 #include "usbip_common.h"
16 /* TODO: refine locking ?*/
20 * hub port sta spd dev sockfd local_busid
21 * hs 0000 004 000 00000000 3 1-2.3
22 * ................................................
23 * ss 0008 004 000 00000000 4 2-3.4
24 * ................................................
26 * Output includes socket fd instead of socket pointer address to avoid
27 * leaking kernel memory address in:
28 * /sys/devices/platform/vhci_hcd.0/status and in debug output.
29 * The socket pointer address is not used at the moment and it was made
30 * visible as a convenient way to find IP address from socket pointer
31 * address by looking up /proc/net/{tcp,tcp6}. As this opens a security
32 * hole, the change is made to use sockfd instead.
35 static void port_show_vhci(char **out, int hub, int port, struct vhci_device *vdev)
37 if (hub == HUB_SPEED_HIGH)
38 *out += sprintf(*out, "hs %04u %03u ",
39 port, vdev->ud.status);
40 else /* hub == HUB_SPEED_SUPER */
41 *out += sprintf(*out, "ss %04u %03u ",
42 port, vdev->ud.status);
44 if (vdev->ud.status == VDEV_ST_USED) {
45 *out += sprintf(*out, "%03u %08x ",
46 vdev->speed, vdev->devid);
47 *out += sprintf(*out, "%u %s",
49 dev_name(&vdev->udev->dev));
52 *out += sprintf(*out, "000 00000000 ");
53 *out += sprintf(*out, "0000000000000000 0-0");
56 *out += sprintf(*out, "\n");
59 /* Sysfs entry to show port status */
60 static ssize_t status_show_vhci(int pdev_nr, char *out)
62 struct platform_device *pdev = vhcis[pdev_nr].pdev;
65 struct vhci_hcd *vhci_hcd;
71 usbip_dbg_vhci_sysfs("show status error\n");
75 hcd = platform_get_drvdata(pdev);
76 vhci_hcd = hcd_to_vhci_hcd(hcd);
77 vhci = vhci_hcd->vhci;
79 spin_lock_irqsave(&vhci->lock, flags);
81 for (i = 0; i < VHCI_HC_PORTS; i++) {
82 struct vhci_device *vdev = &vhci->vhci_hcd_hs->vdev[i];
84 spin_lock(&vdev->ud.lock);
85 port_show_vhci(&out, HUB_SPEED_HIGH,
86 pdev_nr * VHCI_PORTS + i, vdev);
87 spin_unlock(&vdev->ud.lock);
90 for (i = 0; i < VHCI_HC_PORTS; i++) {
91 struct vhci_device *vdev = &vhci->vhci_hcd_ss->vdev[i];
93 spin_lock(&vdev->ud.lock);
94 port_show_vhci(&out, HUB_SPEED_SUPER,
95 pdev_nr * VHCI_PORTS + VHCI_HC_PORTS + i, vdev);
96 spin_unlock(&vdev->ud.lock);
99 spin_unlock_irqrestore(&vhci->lock, flags);
104 static ssize_t status_show_not_ready(int pdev_nr, char *out)
109 for (i = 0; i < VHCI_HC_PORTS; i++) {
110 out += sprintf(out, "hs %04u %03u ",
111 (pdev_nr * VHCI_PORTS) + i,
112 VDEV_ST_NOTASSIGNED);
113 out += sprintf(out, "000 00000000 0000000000000000 0-0");
114 out += sprintf(out, "\n");
117 for (i = 0; i < VHCI_HC_PORTS; i++) {
118 out += sprintf(out, "ss %04u %03u ",
119 (pdev_nr * VHCI_PORTS) + VHCI_HC_PORTS + i,
120 VDEV_ST_NOTASSIGNED);
121 out += sprintf(out, "000 00000000 0000000000000000 0-0");
122 out += sprintf(out, "\n");
127 static int status_name_to_id(const char *name)
133 c = strchr(name, '.');
137 ret = kstrtol(c+1, 10, &val);
144 static ssize_t status_show(struct device *dev,
145 struct device_attribute *attr, char *out)
151 "hub port sta spd dev socket local_busid\n");
153 pdev_nr = status_name_to_id(attr->attr.name);
155 out += status_show_not_ready(pdev_nr, out);
157 out += status_show_vhci(pdev_nr, out);
162 static ssize_t nports_show(struct device *dev, struct device_attribute *attr,
168 * Half the ports are for SPEED_HIGH and half for SPEED_SUPER,
171 out += sprintf(out, "%d\n", VHCI_PORTS * vhci_num_controllers);
174 static DEVICE_ATTR_RO(nports);
176 /* Sysfs entry to shutdown a virtual connection */
177 static int vhci_port_disconnect(struct vhci_hcd *vhci_hcd, __u32 rhport)
179 struct vhci_device *vdev = &vhci_hcd->vdev[rhport];
180 struct vhci *vhci = vhci_hcd->vhci;
183 usbip_dbg_vhci_sysfs("enter\n");
186 spin_lock_irqsave(&vhci->lock, flags);
187 spin_lock(&vdev->ud.lock);
189 if (vdev->ud.status == VDEV_ST_NULL) {
190 pr_err("not connected %d\n", vdev->ud.status);
193 spin_unlock(&vdev->ud.lock);
194 spin_unlock_irqrestore(&vhci->lock, flags);
200 spin_unlock(&vdev->ud.lock);
201 spin_unlock_irqrestore(&vhci->lock, flags);
203 usbip_event_add(&vdev->ud, VDEV_EVENT_DOWN);
208 static int valid_port(__u32 pdev_nr, __u32 rhport)
210 if (pdev_nr >= vhci_num_controllers) {
211 pr_err("pdev %u\n", pdev_nr);
214 if (rhport >= VHCI_HC_PORTS) {
215 pr_err("rhport %u\n", rhport);
221 static ssize_t store_detach(struct device *dev, struct device_attribute *attr,
222 const char *buf, size_t count)
224 __u32 port = 0, pdev_nr = 0, rhport = 0;
226 struct vhci_hcd *vhci_hcd;
229 if (kstrtoint(buf, 10, &port) < 0)
232 pdev_nr = port_to_pdev_nr(port);
233 rhport = port_to_rhport(port);
235 if (!valid_port(pdev_nr, rhport))
238 hcd = platform_get_drvdata(vhcis[pdev_nr].pdev);
240 dev_err(dev, "port is not ready %u\n", port);
244 usbip_dbg_vhci_sysfs("rhport %d\n", rhport);
246 if ((port / VHCI_HC_PORTS) % 2)
247 vhci_hcd = hcd_to_vhci_hcd(hcd)->vhci->vhci_hcd_ss;
249 vhci_hcd = hcd_to_vhci_hcd(hcd)->vhci->vhci_hcd_hs;
251 ret = vhci_port_disconnect(vhci_hcd, rhport);
255 usbip_dbg_vhci_sysfs("Leave\n");
259 static DEVICE_ATTR(detach, S_IWUSR, NULL, store_detach);
261 static int valid_args(__u32 pdev_nr, __u32 rhport, enum usb_device_speed speed)
263 if (!valid_port(pdev_nr, rhport)) {
271 case USB_SPEED_WIRELESS:
272 case USB_SPEED_SUPER:
275 pr_err("Failed attach request for unsupported USB speed: %s\n",
276 usb_speed_string(speed));
283 /* Sysfs entry to establish a virtual connection */
285 * To start a new USB/IP attachment, a userland program needs to setup a TCP
286 * connection and then write its socket descriptor with remote device
287 * information into this sysfs file.
289 * A remote device is virtually attached to the root-hub port of @rhport with
290 * @speed. @devid is embedded into a request to specify the remote device in a
293 * write() returns 0 on success, else negative errno.
295 static ssize_t store_attach(struct device *dev, struct device_attribute *attr,
296 const char *buf, size_t count)
298 struct socket *socket;
300 __u32 port = 0, pdev_nr = 0, rhport = 0, devid = 0, speed = 0;
302 struct vhci_hcd *vhci_hcd;
303 struct vhci_device *vdev;
309 * @rhport: port number of vhci_hcd
310 * @sockfd: socket descriptor of an established TCP connection
311 * @devid: unique device identifier in a remote host
312 * @speed: usb device speed in a remote host
314 if (sscanf(buf, "%u %u %u %u", &port, &sockfd, &devid, &speed) != 4)
316 pdev_nr = port_to_pdev_nr(port);
317 rhport = port_to_rhport(port);
319 usbip_dbg_vhci_sysfs("port(%u) pdev(%d) rhport(%u)\n",
320 port, pdev_nr, rhport);
321 usbip_dbg_vhci_sysfs("sockfd(%u) devid(%u) speed(%u)\n",
322 sockfd, devid, speed);
324 /* check received parameters */
325 if (!valid_args(pdev_nr, rhport, speed))
328 hcd = platform_get_drvdata(vhcis[pdev_nr].pdev);
330 dev_err(dev, "port %d is not ready\n", port);
334 vhci_hcd = hcd_to_vhci_hcd(hcd);
335 vhci = vhci_hcd->vhci;
337 if (speed == USB_SPEED_SUPER)
338 vdev = &vhci->vhci_hcd_ss->vdev[rhport];
340 vdev = &vhci->vhci_hcd_hs->vdev[rhport];
342 /* Extract socket from fd. */
343 socket = sockfd_lookup(sockfd, &err);
347 /* now need lock until setting vdev status as used */
350 spin_lock_irqsave(&vhci->lock, flags);
351 spin_lock(&vdev->ud.lock);
353 if (vdev->ud.status != VDEV_ST_NULL) {
354 /* end of the lock */
355 spin_unlock(&vdev->ud.lock);
356 spin_unlock_irqrestore(&vhci->lock, flags);
360 dev_err(dev, "port %d already used\n", rhport);
362 * Will be retried from userspace
363 * if there's another free port.
368 dev_info(dev, "pdev(%u) rhport(%u) sockfd(%d)\n",
369 pdev_nr, rhport, sockfd);
370 dev_info(dev, "devid(%u) speed(%u) speed_str(%s)\n",
371 devid, speed, usb_speed_string(speed));
375 vdev->ud.sockfd = sockfd;
376 vdev->ud.tcp_socket = socket;
377 vdev->ud.status = VDEV_ST_NOTASSIGNED;
379 spin_unlock(&vdev->ud.lock);
380 spin_unlock_irqrestore(&vhci->lock, flags);
383 vdev->ud.tcp_rx = kthread_get_run(vhci_rx_loop, &vdev->ud, "vhci_rx");
384 vdev->ud.tcp_tx = kthread_get_run(vhci_tx_loop, &vdev->ud, "vhci_tx");
386 rh_port_connect(vdev, speed);
390 static DEVICE_ATTR(attach, S_IWUSR, NULL, store_attach);
392 #define MAX_STATUS_NAME 16
395 struct device_attribute attr;
396 char name[MAX_STATUS_NAME+1];
399 static struct status_attr *status_attrs;
401 static void set_status_attr(int id)
403 struct status_attr *status;
405 status = status_attrs + id;
407 strcpy(status->name, "status");
409 snprintf(status->name, MAX_STATUS_NAME+1, "status.%d", id);
410 status->attr.attr.name = status->name;
411 status->attr.attr.mode = S_IRUGO;
412 status->attr.show = status_show;
413 sysfs_attr_init(&status->attr.attr);
416 static int init_status_attrs(void)
420 status_attrs = kcalloc(vhci_num_controllers, sizeof(struct status_attr),
422 if (status_attrs == NULL)
425 for (id = 0; id < vhci_num_controllers; id++)
431 static void finish_status_attrs(void)
436 struct attribute_group vhci_attr_group = {
440 int vhci_init_attr_group(void)
442 struct attribute **attrs;
445 attrs = kcalloc((vhci_num_controllers + 5), sizeof(struct attribute *),
450 ret = init_status_attrs();
455 *attrs = &dev_attr_nports.attr;
456 *(attrs + 1) = &dev_attr_detach.attr;
457 *(attrs + 2) = &dev_attr_attach.attr;
458 *(attrs + 3) = &dev_attr_usbip_debug.attr;
459 for (i = 0; i < vhci_num_controllers; i++)
460 *(attrs + i + 4) = &((status_attrs + i)->attr.attr);
461 vhci_attr_group.attrs = attrs;
465 void vhci_finish_attr_group(void)
467 finish_status_attrs();
468 kfree(vhci_attr_group.attrs);