Loading...
1// SPDX-License-Identifier: GPL-2.0+
2/*
3 * Copyright (C) 2003-2008 Takahiro Hirofuchi
4 */
5
6#include <linux/kthread.h>
7#include <linux/socket.h>
8#include <linux/scatterlist.h>
9
10#include "usbip_common.h"
11#include "stub.h"
12
13/* be in spin_lock_irqsave(&sdev->priv_lock, flags) */
14void stub_enqueue_ret_unlink(struct stub_device *sdev, __u32 seqnum,
15 __u32 status)
16{
17 struct stub_unlink *unlink;
18
19 unlink = kzalloc(sizeof(struct stub_unlink), GFP_ATOMIC);
20 if (!unlink) {
21 usbip_event_add(&sdev->ud, VDEV_EVENT_ERROR_MALLOC);
22 return;
23 }
24
25 unlink->seqnum = seqnum;
26 unlink->status = status;
27
28 list_add_tail(&unlink->list, &sdev->unlink_tx);
29}
30
31/**
32 * stub_complete - completion handler of a usbip urb
33 * @urb: pointer to the urb completed
34 *
35 * When a urb has completed, the USB core driver calls this function mostly in
36 * the interrupt context. To return the result of a urb, the completed urb is
37 * linked to the pending list of returning.
38 *
39 */
40void stub_complete(struct urb *urb)
41{
42 struct stub_priv *priv = (struct stub_priv *) urb->context;
43 struct stub_device *sdev = priv->sdev;
44 unsigned long flags;
45
46 usbip_dbg_stub_tx("complete! status %d\n", urb->status);
47
48 switch (urb->status) {
49 case 0:
50 /* OK */
51 break;
52 case -ENOENT:
53 dev_info(&urb->dev->dev,
54 "stopped by a call to usb_kill_urb() because of cleaning up a virtual connection\n");
55 return;
56 case -ECONNRESET:
57 dev_info(&urb->dev->dev,
58 "unlinked by a call to usb_unlink_urb()\n");
59 break;
60 case -EPIPE:
61 dev_info(&urb->dev->dev, "endpoint %d is stalled\n",
62 usb_pipeendpoint(urb->pipe));
63 break;
64 case -ESHUTDOWN:
65 dev_info(&urb->dev->dev, "device removed?\n");
66 break;
67 default:
68 dev_info(&urb->dev->dev,
69 "urb completion with non-zero status %d\n",
70 urb->status);
71 break;
72 }
73
74 /*
75 * If the server breaks single SG request into the several URBs, the
76 * URBs must be reassembled before sending completed URB to the vhci.
77 * Don't wake up the tx thread until all the URBs are completed.
78 */
79 if (priv->sgl) {
80 priv->completed_urbs++;
81
82 /* Only save the first error status */
83 if (urb->status && !priv->urb_status)
84 priv->urb_status = urb->status;
85
86 if (priv->completed_urbs < priv->num_urbs)
87 return;
88 }
89
90 /* link a urb to the queue of tx. */
91 spin_lock_irqsave(&sdev->priv_lock, flags);
92 if (sdev->ud.tcp_socket == NULL) {
93 usbip_dbg_stub_tx("ignore urb for closed connection\n");
94 /* It will be freed in stub_device_cleanup_urbs(). */
95 } else if (priv->unlinking) {
96 stub_enqueue_ret_unlink(sdev, priv->seqnum, urb->status);
97 stub_free_priv_and_urb(priv);
98 } else {
99 list_move_tail(&priv->list, &sdev->priv_tx);
100 }
101 spin_unlock_irqrestore(&sdev->priv_lock, flags);
102
103 /* wake up tx_thread */
104 wake_up(&sdev->tx_waitq);
105}
106
107static inline void setup_base_pdu(struct usbip_header_basic *base,
108 __u32 command, __u32 seqnum)
109{
110 base->command = command;
111 base->seqnum = seqnum;
112 base->devid = 0;
113 base->ep = 0;
114 base->direction = 0;
115}
116
117static void setup_ret_submit_pdu(struct usbip_header *rpdu, struct urb *urb)
118{
119 struct stub_priv *priv = (struct stub_priv *) urb->context;
120
121 setup_base_pdu(&rpdu->base, USBIP_RET_SUBMIT, priv->seqnum);
122 usbip_pack_pdu(rpdu, urb, USBIP_RET_SUBMIT, 1);
123}
124
125static void setup_ret_unlink_pdu(struct usbip_header *rpdu,
126 struct stub_unlink *unlink)
127{
128 setup_base_pdu(&rpdu->base, USBIP_RET_UNLINK, unlink->seqnum);
129 rpdu->u.ret_unlink.status = unlink->status;
130}
131
132static struct stub_priv *dequeue_from_priv_tx(struct stub_device *sdev)
133{
134 unsigned long flags;
135 struct stub_priv *priv, *tmp;
136
137 spin_lock_irqsave(&sdev->priv_lock, flags);
138
139 list_for_each_entry_safe(priv, tmp, &sdev->priv_tx, list) {
140 list_move_tail(&priv->list, &sdev->priv_free);
141 spin_unlock_irqrestore(&sdev->priv_lock, flags);
142 return priv;
143 }
144
145 spin_unlock_irqrestore(&sdev->priv_lock, flags);
146
147 return NULL;
148}
149
150static int stub_send_ret_submit(struct stub_device *sdev)
151{
152 unsigned long flags;
153 struct stub_priv *priv, *tmp;
154
155 struct msghdr msg;
156 size_t txsize;
157
158 size_t total_size = 0;
159
160 while ((priv = dequeue_from_priv_tx(sdev)) != NULL) {
161 struct urb *urb = priv->urbs[0];
162 struct usbip_header pdu_header;
163 struct usbip_iso_packet_descriptor *iso_buffer = NULL;
164 struct kvec *iov = NULL;
165 struct scatterlist *sg;
166 u32 actual_length = 0;
167 int iovnum = 0;
168 int ret;
169 int i;
170
171 txsize = 0;
172 memset(&pdu_header, 0, sizeof(pdu_header));
173 memset(&msg, 0, sizeof(msg));
174
175 if (urb->actual_length > 0 && !urb->transfer_buffer &&
176 !urb->num_sgs) {
177 dev_err(&sdev->udev->dev,
178 "urb: actual_length %d transfer_buffer null\n",
179 urb->actual_length);
180 return -1;
181 }
182
183 if (usb_pipetype(urb->pipe) == PIPE_ISOCHRONOUS)
184 iovnum = 2 + urb->number_of_packets;
185 else if (usb_pipein(urb->pipe) && urb->actual_length > 0 &&
186 urb->num_sgs)
187 iovnum = 1 + urb->num_sgs;
188 else if (usb_pipein(urb->pipe) && priv->sgl)
189 iovnum = 1 + priv->num_urbs;
190 else
191 iovnum = 2;
192
193 iov = kcalloc(iovnum, sizeof(struct kvec), GFP_KERNEL);
194
195 if (!iov) {
196 usbip_event_add(&sdev->ud, SDEV_EVENT_ERROR_MALLOC);
197 return -1;
198 }
199
200 iovnum = 0;
201
202 /* 1. setup usbip_header */
203 setup_ret_submit_pdu(&pdu_header, urb);
204 usbip_dbg_stub_tx("setup txdata seqnum: %d\n",
205 pdu_header.base.seqnum);
206
207 if (priv->sgl) {
208 for (i = 0; i < priv->num_urbs; i++)
209 actual_length += priv->urbs[i]->actual_length;
210
211 pdu_header.u.ret_submit.status = priv->urb_status;
212 pdu_header.u.ret_submit.actual_length = actual_length;
213 }
214
215 usbip_header_correct_endian(&pdu_header, 1);
216
217 iov[iovnum].iov_base = &pdu_header;
218 iov[iovnum].iov_len = sizeof(pdu_header);
219 iovnum++;
220 txsize += sizeof(pdu_header);
221
222 /* 2. setup transfer buffer */
223 if (usb_pipein(urb->pipe) && priv->sgl) {
224 /* If the server split a single SG request into several
225 * URBs because the server's HCD doesn't support SG,
226 * reassemble the split URB buffers into a single
227 * return command.
228 */
229 for (i = 0; i < priv->num_urbs; i++) {
230 iov[iovnum].iov_base =
231 priv->urbs[i]->transfer_buffer;
232 iov[iovnum].iov_len =
233 priv->urbs[i]->actual_length;
234 iovnum++;
235 }
236 txsize += actual_length;
237 } else if (usb_pipein(urb->pipe) &&
238 usb_pipetype(urb->pipe) != PIPE_ISOCHRONOUS &&
239 urb->actual_length > 0) {
240 if (urb->num_sgs) {
241 unsigned int copy = urb->actual_length;
242 int size;
243
244 for_each_sg(urb->sg, sg, urb->num_sgs, i) {
245 if (copy == 0)
246 break;
247
248 if (copy < sg->length)
249 size = copy;
250 else
251 size = sg->length;
252
253 iov[iovnum].iov_base = sg_virt(sg);
254 iov[iovnum].iov_len = size;
255
256 iovnum++;
257 copy -= size;
258 }
259 } else {
260 iov[iovnum].iov_base = urb->transfer_buffer;
261 iov[iovnum].iov_len = urb->actual_length;
262 iovnum++;
263 }
264 txsize += urb->actual_length;
265 } else if (usb_pipein(urb->pipe) &&
266 usb_pipetype(urb->pipe) == PIPE_ISOCHRONOUS) {
267 /*
268 * For isochronous packets: actual length is the sum of
269 * the actual length of the individual, packets, but as
270 * the packet offsets are not changed there will be
271 * padding between the packets. To optimally use the
272 * bandwidth the padding is not transmitted.
273 */
274
275 int i;
276
277 for (i = 0; i < urb->number_of_packets; i++) {
278 iov[iovnum].iov_base = urb->transfer_buffer +
279 urb->iso_frame_desc[i].offset;
280 iov[iovnum].iov_len =
281 urb->iso_frame_desc[i].actual_length;
282 iovnum++;
283 txsize += urb->iso_frame_desc[i].actual_length;
284 }
285
286 if (txsize != sizeof(pdu_header) + urb->actual_length) {
287 dev_err(&sdev->udev->dev,
288 "actual length of urb %d does not match iso packet sizes %zu\n",
289 urb->actual_length,
290 txsize-sizeof(pdu_header));
291 kfree(iov);
292 usbip_event_add(&sdev->ud,
293 SDEV_EVENT_ERROR_TCP);
294 return -1;
295 }
296 }
297
298 /* 3. setup iso_packet_descriptor */
299 if (usb_pipetype(urb->pipe) == PIPE_ISOCHRONOUS) {
300 ssize_t len = 0;
301
302 iso_buffer = usbip_alloc_iso_desc_pdu(urb, &len);
303 if (!iso_buffer) {
304 usbip_event_add(&sdev->ud,
305 SDEV_EVENT_ERROR_MALLOC);
306 kfree(iov);
307 return -1;
308 }
309
310 iov[iovnum].iov_base = iso_buffer;
311 iov[iovnum].iov_len = len;
312 txsize += len;
313 iovnum++;
314 }
315
316 ret = kernel_sendmsg(sdev->ud.tcp_socket, &msg,
317 iov, iovnum, txsize);
318 if (ret != txsize) {
319 dev_err(&sdev->udev->dev,
320 "sendmsg failed!, retval %d for %zd\n",
321 ret, txsize);
322 kfree(iov);
323 kfree(iso_buffer);
324 usbip_event_add(&sdev->ud, SDEV_EVENT_ERROR_TCP);
325 return -1;
326 }
327
328 kfree(iov);
329 kfree(iso_buffer);
330
331 total_size += txsize;
332 }
333
334 spin_lock_irqsave(&sdev->priv_lock, flags);
335 list_for_each_entry_safe(priv, tmp, &sdev->priv_free, list) {
336 stub_free_priv_and_urb(priv);
337 }
338 spin_unlock_irqrestore(&sdev->priv_lock, flags);
339
340 return total_size;
341}
342
343static struct stub_unlink *dequeue_from_unlink_tx(struct stub_device *sdev)
344{
345 unsigned long flags;
346 struct stub_unlink *unlink, *tmp;
347
348 spin_lock_irqsave(&sdev->priv_lock, flags);
349
350 list_for_each_entry_safe(unlink, tmp, &sdev->unlink_tx, list) {
351 list_move_tail(&unlink->list, &sdev->unlink_free);
352 spin_unlock_irqrestore(&sdev->priv_lock, flags);
353 return unlink;
354 }
355
356 spin_unlock_irqrestore(&sdev->priv_lock, flags);
357
358 return NULL;
359}
360
361static int stub_send_ret_unlink(struct stub_device *sdev)
362{
363 unsigned long flags;
364 struct stub_unlink *unlink, *tmp;
365
366 struct msghdr msg;
367 struct kvec iov[1];
368 size_t txsize;
369
370 size_t total_size = 0;
371
372 while ((unlink = dequeue_from_unlink_tx(sdev)) != NULL) {
373 int ret;
374 struct usbip_header pdu_header;
375
376 txsize = 0;
377 memset(&pdu_header, 0, sizeof(pdu_header));
378 memset(&msg, 0, sizeof(msg));
379 memset(&iov, 0, sizeof(iov));
380
381 usbip_dbg_stub_tx("setup ret unlink %lu\n", unlink->seqnum);
382
383 /* 1. setup usbip_header */
384 setup_ret_unlink_pdu(&pdu_header, unlink);
385 usbip_header_correct_endian(&pdu_header, 1);
386
387 iov[0].iov_base = &pdu_header;
388 iov[0].iov_len = sizeof(pdu_header);
389 txsize += sizeof(pdu_header);
390
391 ret = kernel_sendmsg(sdev->ud.tcp_socket, &msg, iov,
392 1, txsize);
393 if (ret != txsize) {
394 dev_err(&sdev->udev->dev,
395 "sendmsg failed!, retval %d for %zd\n",
396 ret, txsize);
397 usbip_event_add(&sdev->ud, SDEV_EVENT_ERROR_TCP);
398 return -1;
399 }
400
401 usbip_dbg_stub_tx("send txdata\n");
402 total_size += txsize;
403 }
404
405 spin_lock_irqsave(&sdev->priv_lock, flags);
406
407 list_for_each_entry_safe(unlink, tmp, &sdev->unlink_free, list) {
408 list_del(&unlink->list);
409 kfree(unlink);
410 }
411
412 spin_unlock_irqrestore(&sdev->priv_lock, flags);
413
414 return total_size;
415}
416
417int stub_tx_loop(void *data)
418{
419 struct usbip_device *ud = data;
420 struct stub_device *sdev = container_of(ud, struct stub_device, ud);
421
422 while (!kthread_should_stop()) {
423 if (usbip_event_happened(ud))
424 break;
425
426 /*
427 * send_ret_submit comes earlier than send_ret_unlink. stub_rx
428 * looks at only priv_init queue. If the completion of a URB is
429 * earlier than the receive of CMD_UNLINK, priv is moved to
430 * priv_tx queue and stub_rx does not find the target priv. In
431 * this case, vhci_rx receives the result of the submit request
432 * and then receives the result of the unlink request. The
433 * result of the submit is given back to the usbcore as the
434 * completion of the unlink request. The request of the
435 * unlink is ignored. This is ok because a driver who calls
436 * usb_unlink_urb() understands the unlink was too late by
437 * getting the status of the given-backed URB which has the
438 * status of usb_submit_urb().
439 */
440 if (stub_send_ret_submit(sdev) < 0)
441 break;
442
443 if (stub_send_ret_unlink(sdev) < 0)
444 break;
445
446 wait_event_interruptible(sdev->tx_waitq,
447 (!list_empty(&sdev->priv_tx) ||
448 !list_empty(&sdev->unlink_tx) ||
449 kthread_should_stop()));
450 }
451
452 return 0;
453}
1// SPDX-License-Identifier: GPL-2.0+
2/*
3 * Copyright (C) 2003-2008 Takahiro Hirofuchi
4 */
5
6#include <linux/kthread.h>
7#include <linux/socket.h>
8
9#include "usbip_common.h"
10#include "stub.h"
11
12static void stub_free_priv_and_urb(struct stub_priv *priv)
13{
14 struct urb *urb = priv->urb;
15
16 kfree(urb->setup_packet);
17 urb->setup_packet = NULL;
18
19 kfree(urb->transfer_buffer);
20 urb->transfer_buffer = NULL;
21
22 list_del(&priv->list);
23 kmem_cache_free(stub_priv_cache, priv);
24 usb_free_urb(urb);
25}
26
27/* be in spin_lock_irqsave(&sdev->priv_lock, flags) */
28void stub_enqueue_ret_unlink(struct stub_device *sdev, __u32 seqnum,
29 __u32 status)
30{
31 struct stub_unlink *unlink;
32
33 unlink = kzalloc(sizeof(struct stub_unlink), GFP_ATOMIC);
34 if (!unlink) {
35 usbip_event_add(&sdev->ud, VDEV_EVENT_ERROR_MALLOC);
36 return;
37 }
38
39 unlink->seqnum = seqnum;
40 unlink->status = status;
41
42 list_add_tail(&unlink->list, &sdev->unlink_tx);
43}
44
45/**
46 * stub_complete - completion handler of a usbip urb
47 * @urb: pointer to the urb completed
48 *
49 * When a urb has completed, the USB core driver calls this function mostly in
50 * the interrupt context. To return the result of a urb, the completed urb is
51 * linked to the pending list of returning.
52 *
53 */
54void stub_complete(struct urb *urb)
55{
56 struct stub_priv *priv = (struct stub_priv *) urb->context;
57 struct stub_device *sdev = priv->sdev;
58 unsigned long flags;
59
60 usbip_dbg_stub_tx("complete! status %d\n", urb->status);
61
62 switch (urb->status) {
63 case 0:
64 /* OK */
65 break;
66 case -ENOENT:
67 dev_info(&urb->dev->dev,
68 "stopped by a call to usb_kill_urb() because of cleaning up a virtual connection\n");
69 return;
70 case -ECONNRESET:
71 dev_info(&urb->dev->dev,
72 "unlinked by a call to usb_unlink_urb()\n");
73 break;
74 case -EPIPE:
75 dev_info(&urb->dev->dev, "endpoint %d is stalled\n",
76 usb_pipeendpoint(urb->pipe));
77 break;
78 case -ESHUTDOWN:
79 dev_info(&urb->dev->dev, "device removed?\n");
80 break;
81 default:
82 dev_info(&urb->dev->dev,
83 "urb completion with non-zero status %d\n",
84 urb->status);
85 break;
86 }
87
88 /* link a urb to the queue of tx. */
89 spin_lock_irqsave(&sdev->priv_lock, flags);
90 if (sdev->ud.tcp_socket == NULL) {
91 usbip_dbg_stub_tx("ignore urb for closed connection\n");
92 /* It will be freed in stub_device_cleanup_urbs(). */
93 } else if (priv->unlinking) {
94 stub_enqueue_ret_unlink(sdev, priv->seqnum, urb->status);
95 stub_free_priv_and_urb(priv);
96 } else {
97 list_move_tail(&priv->list, &sdev->priv_tx);
98 }
99 spin_unlock_irqrestore(&sdev->priv_lock, flags);
100
101 /* wake up tx_thread */
102 wake_up(&sdev->tx_waitq);
103}
104
105static inline void setup_base_pdu(struct usbip_header_basic *base,
106 __u32 command, __u32 seqnum)
107{
108 base->command = command;
109 base->seqnum = seqnum;
110 base->devid = 0;
111 base->ep = 0;
112 base->direction = 0;
113}
114
115static void setup_ret_submit_pdu(struct usbip_header *rpdu, struct urb *urb)
116{
117 struct stub_priv *priv = (struct stub_priv *) urb->context;
118
119 setup_base_pdu(&rpdu->base, USBIP_RET_SUBMIT, priv->seqnum);
120 usbip_pack_pdu(rpdu, urb, USBIP_RET_SUBMIT, 1);
121}
122
123static void setup_ret_unlink_pdu(struct usbip_header *rpdu,
124 struct stub_unlink *unlink)
125{
126 setup_base_pdu(&rpdu->base, USBIP_RET_UNLINK, unlink->seqnum);
127 rpdu->u.ret_unlink.status = unlink->status;
128}
129
130static struct stub_priv *dequeue_from_priv_tx(struct stub_device *sdev)
131{
132 unsigned long flags;
133 struct stub_priv *priv, *tmp;
134
135 spin_lock_irqsave(&sdev->priv_lock, flags);
136
137 list_for_each_entry_safe(priv, tmp, &sdev->priv_tx, list) {
138 list_move_tail(&priv->list, &sdev->priv_free);
139 spin_unlock_irqrestore(&sdev->priv_lock, flags);
140 return priv;
141 }
142
143 spin_unlock_irqrestore(&sdev->priv_lock, flags);
144
145 return NULL;
146}
147
148static int stub_send_ret_submit(struct stub_device *sdev)
149{
150 unsigned long flags;
151 struct stub_priv *priv, *tmp;
152
153 struct msghdr msg;
154 size_t txsize;
155
156 size_t total_size = 0;
157
158 while ((priv = dequeue_from_priv_tx(sdev)) != NULL) {
159 int ret;
160 struct urb *urb = priv->urb;
161 struct usbip_header pdu_header;
162 struct usbip_iso_packet_descriptor *iso_buffer = NULL;
163 struct kvec *iov = NULL;
164 int iovnum = 0;
165
166 txsize = 0;
167 memset(&pdu_header, 0, sizeof(pdu_header));
168 memset(&msg, 0, sizeof(msg));
169
170 if (urb->actual_length > 0 && !urb->transfer_buffer) {
171 dev_err(&sdev->udev->dev,
172 "urb: actual_length %d transfer_buffer null\n",
173 urb->actual_length);
174 return -1;
175 }
176
177 if (usb_pipetype(urb->pipe) == PIPE_ISOCHRONOUS)
178 iovnum = 2 + urb->number_of_packets;
179 else
180 iovnum = 2;
181
182 iov = kcalloc(iovnum, sizeof(struct kvec), GFP_KERNEL);
183
184 if (!iov) {
185 usbip_event_add(&sdev->ud, SDEV_EVENT_ERROR_MALLOC);
186 return -1;
187 }
188
189 iovnum = 0;
190
191 /* 1. setup usbip_header */
192 setup_ret_submit_pdu(&pdu_header, urb);
193 usbip_dbg_stub_tx("setup txdata seqnum: %d\n",
194 pdu_header.base.seqnum);
195 usbip_header_correct_endian(&pdu_header, 1);
196
197 iov[iovnum].iov_base = &pdu_header;
198 iov[iovnum].iov_len = sizeof(pdu_header);
199 iovnum++;
200 txsize += sizeof(pdu_header);
201
202 /* 2. setup transfer buffer */
203 if (usb_pipein(urb->pipe) &&
204 usb_pipetype(urb->pipe) != PIPE_ISOCHRONOUS &&
205 urb->actual_length > 0) {
206 iov[iovnum].iov_base = urb->transfer_buffer;
207 iov[iovnum].iov_len = urb->actual_length;
208 iovnum++;
209 txsize += urb->actual_length;
210 } else if (usb_pipein(urb->pipe) &&
211 usb_pipetype(urb->pipe) == PIPE_ISOCHRONOUS) {
212 /*
213 * For isochronous packets: actual length is the sum of
214 * the actual length of the individual, packets, but as
215 * the packet offsets are not changed there will be
216 * padding between the packets. To optimally use the
217 * bandwidth the padding is not transmitted.
218 */
219
220 int i;
221
222 for (i = 0; i < urb->number_of_packets; i++) {
223 iov[iovnum].iov_base = urb->transfer_buffer +
224 urb->iso_frame_desc[i].offset;
225 iov[iovnum].iov_len =
226 urb->iso_frame_desc[i].actual_length;
227 iovnum++;
228 txsize += urb->iso_frame_desc[i].actual_length;
229 }
230
231 if (txsize != sizeof(pdu_header) + urb->actual_length) {
232 dev_err(&sdev->udev->dev,
233 "actual length of urb %d does not match iso packet sizes %zu\n",
234 urb->actual_length,
235 txsize-sizeof(pdu_header));
236 kfree(iov);
237 usbip_event_add(&sdev->ud,
238 SDEV_EVENT_ERROR_TCP);
239 return -1;
240 }
241 }
242
243 /* 3. setup iso_packet_descriptor */
244 if (usb_pipetype(urb->pipe) == PIPE_ISOCHRONOUS) {
245 ssize_t len = 0;
246
247 iso_buffer = usbip_alloc_iso_desc_pdu(urb, &len);
248 if (!iso_buffer) {
249 usbip_event_add(&sdev->ud,
250 SDEV_EVENT_ERROR_MALLOC);
251 kfree(iov);
252 return -1;
253 }
254
255 iov[iovnum].iov_base = iso_buffer;
256 iov[iovnum].iov_len = len;
257 txsize += len;
258 iovnum++;
259 }
260
261 ret = kernel_sendmsg(sdev->ud.tcp_socket, &msg,
262 iov, iovnum, txsize);
263 if (ret != txsize) {
264 dev_err(&sdev->udev->dev,
265 "sendmsg failed!, retval %d for %zd\n",
266 ret, txsize);
267 kfree(iov);
268 kfree(iso_buffer);
269 usbip_event_add(&sdev->ud, SDEV_EVENT_ERROR_TCP);
270 return -1;
271 }
272
273 kfree(iov);
274 kfree(iso_buffer);
275
276 total_size += txsize;
277 }
278
279 spin_lock_irqsave(&sdev->priv_lock, flags);
280 list_for_each_entry_safe(priv, tmp, &sdev->priv_free, list) {
281 stub_free_priv_and_urb(priv);
282 }
283 spin_unlock_irqrestore(&sdev->priv_lock, flags);
284
285 return total_size;
286}
287
288static struct stub_unlink *dequeue_from_unlink_tx(struct stub_device *sdev)
289{
290 unsigned long flags;
291 struct stub_unlink *unlink, *tmp;
292
293 spin_lock_irqsave(&sdev->priv_lock, flags);
294
295 list_for_each_entry_safe(unlink, tmp, &sdev->unlink_tx, list) {
296 list_move_tail(&unlink->list, &sdev->unlink_free);
297 spin_unlock_irqrestore(&sdev->priv_lock, flags);
298 return unlink;
299 }
300
301 spin_unlock_irqrestore(&sdev->priv_lock, flags);
302
303 return NULL;
304}
305
306static int stub_send_ret_unlink(struct stub_device *sdev)
307{
308 unsigned long flags;
309 struct stub_unlink *unlink, *tmp;
310
311 struct msghdr msg;
312 struct kvec iov[1];
313 size_t txsize;
314
315 size_t total_size = 0;
316
317 while ((unlink = dequeue_from_unlink_tx(sdev)) != NULL) {
318 int ret;
319 struct usbip_header pdu_header;
320
321 txsize = 0;
322 memset(&pdu_header, 0, sizeof(pdu_header));
323 memset(&msg, 0, sizeof(msg));
324 memset(&iov, 0, sizeof(iov));
325
326 usbip_dbg_stub_tx("setup ret unlink %lu\n", unlink->seqnum);
327
328 /* 1. setup usbip_header */
329 setup_ret_unlink_pdu(&pdu_header, unlink);
330 usbip_header_correct_endian(&pdu_header, 1);
331
332 iov[0].iov_base = &pdu_header;
333 iov[0].iov_len = sizeof(pdu_header);
334 txsize += sizeof(pdu_header);
335
336 ret = kernel_sendmsg(sdev->ud.tcp_socket, &msg, iov,
337 1, txsize);
338 if (ret != txsize) {
339 dev_err(&sdev->udev->dev,
340 "sendmsg failed!, retval %d for %zd\n",
341 ret, txsize);
342 usbip_event_add(&sdev->ud, SDEV_EVENT_ERROR_TCP);
343 return -1;
344 }
345
346 usbip_dbg_stub_tx("send txdata\n");
347 total_size += txsize;
348 }
349
350 spin_lock_irqsave(&sdev->priv_lock, flags);
351
352 list_for_each_entry_safe(unlink, tmp, &sdev->unlink_free, list) {
353 list_del(&unlink->list);
354 kfree(unlink);
355 }
356
357 spin_unlock_irqrestore(&sdev->priv_lock, flags);
358
359 return total_size;
360}
361
362int stub_tx_loop(void *data)
363{
364 struct usbip_device *ud = data;
365 struct stub_device *sdev = container_of(ud, struct stub_device, ud);
366
367 while (!kthread_should_stop()) {
368 if (usbip_event_happened(ud))
369 break;
370
371 /*
372 * send_ret_submit comes earlier than send_ret_unlink. stub_rx
373 * looks at only priv_init queue. If the completion of a URB is
374 * earlier than the receive of CMD_UNLINK, priv is moved to
375 * priv_tx queue and stub_rx does not find the target priv. In
376 * this case, vhci_rx receives the result of the submit request
377 * and then receives the result of the unlink request. The
378 * result of the submit is given back to the usbcore as the
379 * completion of the unlink request. The request of the
380 * unlink is ignored. This is ok because a driver who calls
381 * usb_unlink_urb() understands the unlink was too late by
382 * getting the status of the given-backed URB which has the
383 * status of usb_submit_urb().
384 */
385 if (stub_send_ret_submit(sdev) < 0)
386 break;
387
388 if (stub_send_ret_unlink(sdev) < 0)
389 break;
390
391 wait_event_interruptible(sdev->tx_waitq,
392 (!list_empty(&sdev->priv_tx) ||
393 !list_empty(&sdev->unlink_tx) ||
394 kthread_should_stop()));
395 }
396
397 return 0;
398}