search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
inet: frag: enforce memory limits earlier
[linux/fpc-iii.git] / drivers / usb / usbip / vhci_sysfs.c
blobe8a008de8dbc8baebfc0d4b99eb9f97e741aad4b
1 /*
2 * Copyright (C) 2003-2008 Takahiro Hirofuchi
3 * Copyright (C) 2015-2016 Nobuo Iwata
4 *
5 * This is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
18 * USA.
19 */
20
21 #include <linux/kthread.h>
22 #include <linux/file.h>
23 #include <linux/net.h>
24 #include <linux/platform_device.h>
25 #include <linux/slab.h>
26
27 /* Hardening for Spectre-v1 */
28 #include <linux/nospec.h>
29
30 #include "usbip_common.h"
31 #include "vhci.h"
32
33 /* TODO: refine locking ?*/
34
35 /* Sysfs entry to show port status */
36 static ssize_t status_show_vhci(int pdev_nr, char *out)
37 {
38 struct platform_device *pdev = *(vhci_pdevs + pdev_nr);
39 struct vhci_hcd *vhci;
40 char *s = out;
41 int i = 0;
42 unsigned long flags;
43
44 if (!pdev || !out) {
45 usbip_dbg_vhci_sysfs("show status error\n");
46 return 0;
47 }
48
49 vhci = hcd_to_vhci(platform_get_drvdata(pdev));
50
51 spin_lock_irqsave(&vhci->lock, flags);
52
53 /*
54 * output example:
55 * port sta spd dev sockfd local_busid
56 * 0000 004 000 00000000 000003 1-2.3
57 * 0001 004 000 00000000 000004 2-3.4
58 *
59 * Output includes socket fd instead of socket pointer address to
60 * avoid leaking kernel memory address in:
61 * /sys/devices/platform/vhci_hcd.0/status and in debug output.
62 * The socket pointer address is not used at the moment and it was
63 * made visible as a convenient way to find IP address from socket
64 * pointer address by looking up /proc/net/{tcp,tcp6}. As this opens
65 * a security hole, the change is made to use sockfd instead.
66 */
67 for (i = 0; i < VHCI_HC_PORTS; i++) {
68 struct vhci_device *vdev = &vhci->vdev[i];
69
70 spin_lock(&vdev->ud.lock);
71 out += sprintf(out, "%04u %03u ",
72 (pdev_nr * VHCI_HC_PORTS) + i,
73 vdev->ud.status);
74
75 if (vdev->ud.status == VDEV_ST_USED) {
76 out += sprintf(out, "%03u %08x ",
77 vdev->speed, vdev->devid);
78 out += sprintf(out, "%06u %s",
79 vdev->ud.sockfd,
80 dev_name(&vdev->udev->dev));
81
82 } else {
83 out += sprintf(out, "000 00000000 ");
84 out += sprintf(out, "000000 0-0");
85 }
86
87 out += sprintf(out, "\n");
88 spin_unlock(&vdev->ud.lock);
89 }
90
91 spin_unlock_irqrestore(&vhci->lock, flags);
92
93 return out - s;
94 }
95
96 static ssize_t status_show_not_ready(int pdev_nr, char *out)
97 {
98 char *s = out;
99 int i = 0;
100
101 for (i = 0; i < VHCI_HC_PORTS; i++) {
102 out += sprintf(out, "%04u %03u ",
103 (pdev_nr * VHCI_HC_PORTS) + i,
104 VDEV_ST_NOTASSIGNED);
105 out += sprintf(out, "000 00000000 0000000000000000 0-0");
106 out += sprintf(out, "\n");
107 }
108 return out - s;
109 }
110
111 static int status_name_to_id(const char *name)
112 {
113 char *c;
114 long val;
115 int ret;
116
117 c = strchr(name, '.');
118 if (c == NULL)
119 return 0;
120
121 ret = kstrtol(c+1, 10, &val);
122 if (ret < 0)
123 return ret;
124
125 return val;
126 }
127
128 static ssize_t status_show(struct device *dev,
129 struct device_attribute *attr, char *out)
130 {
131 char *s = out;
132 int pdev_nr;
133
134 out += sprintf(out,
135 "port sta spd dev sockfd local_busid\n");
136
137 pdev_nr = status_name_to_id(attr->attr.name);
138 if (pdev_nr < 0)
139 out += status_show_not_ready(pdev_nr, out);
140 else
141 out += status_show_vhci(pdev_nr, out);
142
143 return out - s;
144 }
145
146 static ssize_t nports_show(struct device *dev, struct device_attribute *attr,
147 char *out)
148 {
149 char *s = out;
150
151 out += sprintf(out, "%d\n", VHCI_HC_PORTS * vhci_num_controllers);
152 return out - s;
153 }
154 static DEVICE_ATTR_RO(nports);
155
156 /* Sysfs entry to shutdown a virtual connection */
157 static int vhci_port_disconnect(struct vhci_hcd *vhci, __u32 rhport)
158 {
159 struct vhci_device *vdev = &vhci->vdev[rhport];
160 unsigned long flags;
161
162 usbip_dbg_vhci_sysfs("enter\n");
163
164 /* lock */
165 spin_lock_irqsave(&vhci->lock, flags);
166 spin_lock(&vdev->ud.lock);
167
168 if (vdev->ud.status == VDEV_ST_NULL) {
169 pr_err("not connected %d\n", vdev->ud.status);
170
171 /* unlock */
172 spin_unlock(&vdev->ud.lock);
173 spin_unlock_irqrestore(&vhci->lock, flags);
174
175 return -EINVAL;
176 }
177
178 /* unlock */
179 spin_unlock(&vdev->ud.lock);
180 spin_unlock_irqrestore(&vhci->lock, flags);
181
182 usbip_event_add(&vdev->ud, VDEV_EVENT_DOWN);
183
184 return 0;
185 }
186
187 static int valid_port(__u32 *pdev_nr, __u32 *rhport)
188 {
189 if (*pdev_nr >= vhci_num_controllers) {
190 pr_err("pdev %u\n", *pdev_nr);
191 return 0;
192 }
193 *pdev_nr = array_index_nospec(*pdev_nr, vhci_num_controllers);
194
195 if (*rhport >= VHCI_HC_PORTS) {
196 pr_err("rhport %u\n", *rhport);
197 return 0;
198 }
199 *rhport = array_index_nospec(*rhport, VHCI_HC_PORTS);
200
201 return 1;
202 }
203
204 static ssize_t store_detach(struct device *dev, struct device_attribute *attr,
205 const char *buf, size_t count)
206 {
207 __u32 port = 0, pdev_nr = 0, rhport = 0;
208 struct usb_hcd *hcd;
209 int ret;
210
211 if (kstrtoint(buf, 10, &port) < 0)
212 return -EINVAL;
213
214 pdev_nr = port_to_pdev_nr(port);
215 rhport = port_to_rhport(port);
216
217 if (!valid_port(&pdev_nr, &rhport))
218 return -EINVAL;
219
220 hcd = platform_get_drvdata(*(vhci_pdevs + pdev_nr));
221 if (hcd == NULL) {
222 dev_err(dev, "port is not ready %u\n", port);
223 return -EAGAIN;
224 }
225
226 ret = vhci_port_disconnect(hcd_to_vhci(hcd), rhport);
227 if (ret < 0)
228 return -EINVAL;
229
230 usbip_dbg_vhci_sysfs("Leave\n");
231
232 return count;
233 }
234 static DEVICE_ATTR(detach, S_IWUSR, NULL, store_detach);
235
236 static int valid_args(__u32 *pdev_nr, __u32 *rhport,
237 enum usb_device_speed speed)
238 {
239 if (!valid_port(pdev_nr, rhport)) {
240 return 0;
241 }
242
243 switch (speed) {
244 case USB_SPEED_LOW:
245 case USB_SPEED_FULL:
246 case USB_SPEED_HIGH:
247 case USB_SPEED_WIRELESS:
248 break;
249 default:
250 pr_err("Failed attach request for unsupported USB speed: %s\n",
251 usb_speed_string(speed));
252 return 0;
253 }
254
255 return 1;
256 }
257
258 /* Sysfs entry to establish a virtual connection */
259 /*
260 * To start a new USB/IP attachment, a userland program needs to setup a TCP
261 * connection and then write its socket descriptor with remote device
262 * information into this sysfs file.
263 *
264 * A remote device is virtually attached to the root-hub port of @rhport with
265 * @speed. @devid is embedded into a request to specify the remote device in a
266 * server host.
267 *
268 * write() returns 0 on success, else negative errno.
269 */
270 static ssize_t store_attach(struct device *dev, struct device_attribute *attr,
271 const char *buf, size_t count)
272 {
273 struct socket *socket;
274 int sockfd = 0;
275 __u32 port = 0, pdev_nr = 0, rhport = 0, devid = 0, speed = 0;
276 struct usb_hcd *hcd;
277 struct vhci_hcd *vhci;
278 struct vhci_device *vdev;
279 int err;
280 unsigned long flags;
281
282 /*
283 * @rhport: port number of vhci_hcd
284 * @sockfd: socket descriptor of an established TCP connection
285 * @devid: unique device identifier in a remote host
286 * @speed: usb device speed in a remote host
287 */
288 if (sscanf(buf, "%u %u %u %u", &port, &sockfd, &devid, &speed) != 4)
289 return -EINVAL;
290 pdev_nr = port_to_pdev_nr(port);
291 rhport = port_to_rhport(port);
292
293 usbip_dbg_vhci_sysfs("port(%u) pdev(%d) rhport(%u)\n",
294 port, pdev_nr, rhport);
295 usbip_dbg_vhci_sysfs("sockfd(%u) devid(%u) speed(%u)\n",
296 sockfd, devid, speed);
297
298 /* check received parameters */
299 if (!valid_args(&pdev_nr, &rhport, speed))
300 return -EINVAL;
301
302 hcd = platform_get_drvdata(*(vhci_pdevs + pdev_nr));
303 if (hcd == NULL) {
304 dev_err(dev, "port %d is not ready\n", port);
305 return -EAGAIN;
306 }
307 vhci = hcd_to_vhci(hcd);
308 vdev = &vhci->vdev[rhport];
309
310 /* Extract socket from fd. */
311 socket = sockfd_lookup(sockfd, &err);
312 if (!socket)
313 return -EINVAL;
314
315 /* now need lock until setting vdev status as used */
316
317 /* begin a lock */
318 spin_lock_irqsave(&vhci->lock, flags);
319 spin_lock(&vdev->ud.lock);
320
321 if (vdev->ud.status != VDEV_ST_NULL) {
322 /* end of the lock */
323 spin_unlock(&vdev->ud.lock);
324 spin_unlock_irqrestore(&vhci->lock, flags);
325
326 sockfd_put(socket);
327
328 dev_err(dev, "port %d already used\n", rhport);
329 return -EINVAL;
330 }
331
332 dev_info(dev, "pdev(%u) rhport(%u) sockfd(%d)\n",
333 pdev_nr, rhport, sockfd);
334 dev_info(dev, "devid(%u) speed(%u) speed_str(%s)\n",
335 devid, speed, usb_speed_string(speed));
336
337 vdev->devid = devid;
338 vdev->speed = speed;
339 vdev->ud.sockfd = sockfd;
340 vdev->ud.tcp_socket = socket;
341 vdev->ud.status = VDEV_ST_NOTASSIGNED;
342
343 spin_unlock(&vdev->ud.lock);
344 spin_unlock_irqrestore(&vhci->lock, flags);
345 /* end the lock */
346
347 vdev->ud.tcp_rx = kthread_get_run(vhci_rx_loop, &vdev->ud, "vhci_rx");
348 vdev->ud.tcp_tx = kthread_get_run(vhci_tx_loop, &vdev->ud, "vhci_tx");
349
350 rh_port_connect(vdev, speed);
351
352 return count;
353 }
354 static DEVICE_ATTR(attach, S_IWUSR, NULL, store_attach);
355
356 #define MAX_STATUS_NAME 16
357
358 struct status_attr {
359 struct device_attribute attr;
360 char name[MAX_STATUS_NAME+1];
361 };
362
363 static struct status_attr *status_attrs;
364
365 static void set_status_attr(int id)
366 {
367 struct status_attr *status;
368
369 status = status_attrs + id;
370 if (id == 0)
371 strcpy(status->name, "status");
372 else
373 snprintf(status->name, MAX_STATUS_NAME+1, "status.%d", id);
374 status->attr.attr.name = status->name;
375 status->attr.attr.mode = S_IRUGO;
376 status->attr.show = status_show;
377 sysfs_attr_init(&status->attr.attr);
378 }
379
380 static int init_status_attrs(void)
381 {
382 int id;
383
384 status_attrs = kcalloc(vhci_num_controllers, sizeof(struct status_attr),
385 GFP_KERNEL);
386 if (status_attrs == NULL)
387 return -ENOMEM;
388
389 for (id = 0; id < vhci_num_controllers; id++)
390 set_status_attr(id);
391
392 return 0;
393 }
394
395 static void finish_status_attrs(void)
396 {
397 kfree(status_attrs);
398 }
399
400 struct attribute_group vhci_attr_group = {
401 .attrs = NULL,
402 };
403
404 int vhci_init_attr_group(void)
405 {
406 struct attribute **attrs;
407 int ret, i;
408
409 attrs = kcalloc((vhci_num_controllers + 5), sizeof(struct attribute *),
410 GFP_KERNEL);
411 if (attrs == NULL)
412 return -ENOMEM;
413
414 ret = init_status_attrs();
415 if (ret) {
416 kfree(attrs);
417 return ret;
418 }
419 *attrs = &dev_attr_nports.attr;
420 *(attrs + 1) = &dev_attr_detach.attr;
421 *(attrs + 2) = &dev_attr_attach.attr;
422 *(attrs + 3) = &dev_attr_usbip_debug.attr;
423 for (i = 0; i < vhci_num_controllers; i++)
424 *(attrs + i + 4) = &((status_attrs + i)->attr.attr);
425 vhci_attr_group.attrs = attrs;
426 return 0;
427 }
428
429 void vhci_finish_attr_group(void)
430 {
431 finish_status_attrs();
432 kfree(vhci_attr_group.attrs);
433 }
Linux with added FPC-III support