2 * Copyright (C) 2003-2008 Takahiro Hirofuchi
3 * Copyright (C) 2015-2016 Nobuo Iwata
5 * This is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
21 #include <linux/kthread.h>
22 #include <linux/file.h>
23 #include <linux/net.h>
24 #include <linux/platform_device.h>
25 #include <linux/slab.h>
27 /* Hardening for Spectre-v1 */
28 #include <linux/nospec.h>
30 #include "usbip_common.h"
33 /* TODO: refine locking ?*/
35 /* Sysfs entry to show port status */
36 static ssize_t status_show_vhci(int pdev_nr, char *out)
38 struct platform_device *pdev = *(vhci_pdevs + pdev_nr);
39 struct vhci_hcd *vhci;
45 usbip_dbg_vhci_sysfs("show status error\n");
49 vhci = hcd_to_vhci(platform_get_drvdata(pdev));
51 spin_lock_irqsave(&vhci->lock, flags);
55 * port sta spd dev sockfd local_busid
56 * 0000 004 000 00000000 000003 1-2.3
57 * 0001 004 000 00000000 000004 2-3.4
59 * Output includes socket fd instead of socket pointer address to
60 * avoid leaking kernel memory address in:
61 * /sys/devices/platform/vhci_hcd.0/status and in debug output.
62 * The socket pointer address is not used at the moment and it was
63 * made visible as a convenient way to find IP address from socket
64 * pointer address by looking up /proc/net/{tcp,tcp6}. As this opens
65 * a security hole, the change is made to use sockfd instead.
67 for (i = 0; i < VHCI_HC_PORTS; i++) {
68 struct vhci_device *vdev = &vhci->vdev[i];
70 spin_lock(&vdev->ud.lock);
71 out += sprintf(out, "%04u %03u ",
72 (pdev_nr * VHCI_HC_PORTS) + i,
75 if (vdev->ud.status == VDEV_ST_USED) {
76 out += sprintf(out, "%03u %08x ",
77 vdev->speed, vdev->devid);
78 out += sprintf(out, "%06u %s",
80 dev_name(&vdev->udev->dev));
83 out += sprintf(out, "000 00000000 ");
84 out += sprintf(out, "000000 0-0");
87 out += sprintf(out, "\n");
88 spin_unlock(&vdev->ud.lock);
91 spin_unlock_irqrestore(&vhci->lock, flags);
96 static ssize_t status_show_not_ready(int pdev_nr, char *out)
101 for (i = 0; i < VHCI_HC_PORTS; i++) {
102 out += sprintf(out, "%04u %03u ",
103 (pdev_nr * VHCI_HC_PORTS) + i,
104 VDEV_ST_NOTASSIGNED);
105 out += sprintf(out, "000 00000000 0000000000000000 0-0");
106 out += sprintf(out, "\n");
111 static int status_name_to_id(const char *name)
117 c = strchr(name, '.');
121 ret = kstrtol(c+1, 10, &val);
128 static ssize_t status_show(struct device *dev,
129 struct device_attribute *attr, char *out)
135 "port sta spd dev sockfd local_busid\n");
137 pdev_nr = status_name_to_id(attr->attr.name);
139 out += status_show_not_ready(pdev_nr, out);
141 out += status_show_vhci(pdev_nr, out);
146 static ssize_t nports_show(struct device *dev, struct device_attribute *attr,
151 out += sprintf(out, "%d\n", VHCI_HC_PORTS * vhci_num_controllers);
154 static DEVICE_ATTR_RO(nports);
156 /* Sysfs entry to shutdown a virtual connection */
157 static int vhci_port_disconnect(struct vhci_hcd *vhci, __u32 rhport)
159 struct vhci_device *vdev = &vhci->vdev[rhport];
162 usbip_dbg_vhci_sysfs("enter\n");
164 mutex_lock(&vdev->ud.sysfs_lock);
167 spin_lock_irqsave(&vhci->lock, flags);
168 spin_lock(&vdev->ud.lock);
170 if (vdev->ud.status == VDEV_ST_NULL) {
171 pr_err("not connected %d\n", vdev->ud.status);
174 spin_unlock(&vdev->ud.lock);
175 spin_unlock_irqrestore(&vhci->lock, flags);
176 mutex_unlock(&vdev->ud.sysfs_lock);
182 spin_unlock(&vdev->ud.lock);
183 spin_unlock_irqrestore(&vhci->lock, flags);
185 usbip_event_add(&vdev->ud, VDEV_EVENT_DOWN);
187 mutex_unlock(&vdev->ud.sysfs_lock);
192 static int valid_port(__u32 *pdev_nr, __u32 *rhport)
194 if (*pdev_nr >= vhci_num_controllers) {
195 pr_err("pdev %u\n", *pdev_nr);
198 *pdev_nr = array_index_nospec(*pdev_nr, vhci_num_controllers);
200 if (*rhport >= VHCI_HC_PORTS) {
201 pr_err("rhport %u\n", *rhport);
204 *rhport = array_index_nospec(*rhport, VHCI_HC_PORTS);
209 static ssize_t store_detach(struct device *dev, struct device_attribute *attr,
210 const char *buf, size_t count)
212 __u32 port = 0, pdev_nr = 0, rhport = 0;
216 if (kstrtoint(buf, 10, &port) < 0)
219 pdev_nr = port_to_pdev_nr(port);
220 rhport = port_to_rhport(port);
222 if (!valid_port(&pdev_nr, &rhport))
225 hcd = platform_get_drvdata(*(vhci_pdevs + pdev_nr));
227 dev_err(dev, "port is not ready %u\n", port);
231 ret = vhci_port_disconnect(hcd_to_vhci(hcd), rhport);
235 usbip_dbg_vhci_sysfs("Leave\n");
239 static DEVICE_ATTR(detach, S_IWUSR, NULL, store_detach);
241 static int valid_args(__u32 *pdev_nr, __u32 *rhport,
242 enum usb_device_speed speed)
244 if (!valid_port(pdev_nr, rhport)) {
252 case USB_SPEED_WIRELESS:
255 pr_err("Failed attach request for unsupported USB speed: %s\n",
256 usb_speed_string(speed));
263 /* Sysfs entry to establish a virtual connection */
265 * To start a new USB/IP attachment, a userland program needs to setup a TCP
266 * connection and then write its socket descriptor with remote device
267 * information into this sysfs file.
269 * A remote device is virtually attached to the root-hub port of @rhport with
270 * @speed. @devid is embedded into a request to specify the remote device in a
273 * write() returns 0 on success, else negative errno.
275 static ssize_t store_attach(struct device *dev, struct device_attribute *attr,
276 const char *buf, size_t count)
278 struct socket *socket;
280 __u32 port = 0, pdev_nr = 0, rhport = 0, devid = 0, speed = 0;
282 struct vhci_hcd *vhci;
283 struct vhci_device *vdev;
286 struct task_struct *tcp_rx = NULL;
287 struct task_struct *tcp_tx = NULL;
290 * @rhport: port number of vhci_hcd
291 * @sockfd: socket descriptor of an established TCP connection
292 * @devid: unique device identifier in a remote host
293 * @speed: usb device speed in a remote host
295 if (sscanf(buf, "%u %u %u %u", &port, &sockfd, &devid, &speed) != 4)
297 pdev_nr = port_to_pdev_nr(port);
298 rhport = port_to_rhport(port);
300 usbip_dbg_vhci_sysfs("port(%u) pdev(%d) rhport(%u)\n",
301 port, pdev_nr, rhport);
302 usbip_dbg_vhci_sysfs("sockfd(%u) devid(%u) speed(%u)\n",
303 sockfd, devid, speed);
305 /* check received parameters */
306 if (!valid_args(&pdev_nr, &rhport, speed))
309 hcd = platform_get_drvdata(*(vhci_pdevs + pdev_nr));
311 dev_err(dev, "port %d is not ready\n", port);
314 vhci = hcd_to_vhci(hcd);
315 vdev = &vhci->vdev[rhport];
317 mutex_lock(&vdev->ud.sysfs_lock);
319 /* Extract socket from fd. */
320 socket = sockfd_lookup(sockfd, &err);
322 dev_err(dev, "failed to lookup sock");
326 if (socket->type != SOCK_STREAM) {
327 dev_err(dev, "Expecting SOCK_STREAM - found %d",
334 /* create threads before locking */
335 tcp_rx = kthread_create(vhci_rx_loop, &vdev->ud, "vhci_rx");
336 if (IS_ERR(tcp_rx)) {
341 tcp_tx = kthread_create(vhci_tx_loop, &vdev->ud, "vhci_tx");
342 if (IS_ERR(tcp_tx)) {
343 kthread_stop(tcp_rx);
349 /* get task structs now */
350 get_task_struct(tcp_rx);
351 get_task_struct(tcp_tx);
353 /* now begin lock until setting vdev status set */
354 spin_lock_irqsave(&vhci->lock, flags);
355 spin_lock(&vdev->ud.lock);
357 if (vdev->ud.status != VDEV_ST_NULL) {
358 /* end of the lock */
359 spin_unlock(&vdev->ud.lock);
360 spin_unlock_irqrestore(&vhci->lock, flags);
363 kthread_stop_put(tcp_rx);
364 kthread_stop_put(tcp_tx);
366 dev_err(dev, "port %d already used\n", rhport);
371 dev_info(dev, "pdev(%u) rhport(%u) sockfd(%d)\n",
372 pdev_nr, rhport, sockfd);
373 dev_info(dev, "devid(%u) speed(%u) speed_str(%s)\n",
374 devid, speed, usb_speed_string(speed));
378 vdev->ud.sockfd = sockfd;
379 vdev->ud.tcp_socket = socket;
380 vdev->ud.tcp_rx = tcp_rx;
381 vdev->ud.tcp_tx = tcp_tx;
382 vdev->ud.status = VDEV_ST_NOTASSIGNED;
384 spin_unlock(&vdev->ud.lock);
385 spin_unlock_irqrestore(&vhci->lock, flags);
388 wake_up_process(vdev->ud.tcp_rx);
389 wake_up_process(vdev->ud.tcp_tx);
391 rh_port_connect(vdev, speed);
393 dev_info(dev, "Device attached\n");
395 mutex_unlock(&vdev->ud.sysfs_lock);
400 mutex_unlock(&vdev->ud.sysfs_lock);
403 static DEVICE_ATTR(attach, S_IWUSR, NULL, store_attach);
405 #define MAX_STATUS_NAME 16
408 struct device_attribute attr;
409 char name[MAX_STATUS_NAME+1];
412 static struct status_attr *status_attrs;
414 static void set_status_attr(int id)
416 struct status_attr *status;
418 status = status_attrs + id;
420 strcpy(status->name, "status");
422 snprintf(status->name, MAX_STATUS_NAME+1, "status.%d", id);
423 status->attr.attr.name = status->name;
424 status->attr.attr.mode = S_IRUGO;
425 status->attr.show = status_show;
426 sysfs_attr_init(&status->attr.attr);
429 static int init_status_attrs(void)
433 status_attrs = kcalloc(vhci_num_controllers, sizeof(struct status_attr),
435 if (status_attrs == NULL)
438 for (id = 0; id < vhci_num_controllers; id++)
444 static void finish_status_attrs(void)
449 struct attribute_group vhci_attr_group = {
453 int vhci_init_attr_group(void)
455 struct attribute **attrs;
458 attrs = kcalloc((vhci_num_controllers + 5), sizeof(struct attribute *),
463 ret = init_status_attrs();
468 *attrs = &dev_attr_nports.attr;
469 *(attrs + 1) = &dev_attr_detach.attr;
470 *(attrs + 2) = &dev_attr_attach.attr;
471 *(attrs + 3) = &dev_attr_usbip_debug.attr;
472 for (i = 0; i < vhci_num_controllers; i++)
473 *(attrs + i + 4) = &((status_attrs + i)->attr.attr);
474 vhci_attr_group.attrs = attrs;
478 void vhci_finish_attr_group(void)
480 finish_status_attrs();
481 kfree(vhci_attr_group.attrs);
projects / releases.git / blob