xref: /OK3568_Linux_fs/kernel/drivers/usb/usbip/stub_tx.c (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0+
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun  * Copyright (C) 2003-2008 Takahiro Hirofuchi
4*4882a593Smuzhiyun  */
5*4882a593Smuzhiyun 
6*4882a593Smuzhiyun #include <linux/kthread.h>
7*4882a593Smuzhiyun #include <linux/socket.h>
8*4882a593Smuzhiyun #include <linux/scatterlist.h>
9*4882a593Smuzhiyun 
10*4882a593Smuzhiyun #include "usbip_common.h"
11*4882a593Smuzhiyun #include "stub.h"
12*4882a593Smuzhiyun 
13*4882a593Smuzhiyun /* be in spin_lock_irqsave(&sdev->priv_lock, flags) */
stub_enqueue_ret_unlink(struct stub_device * sdev,__u32 seqnum,__u32 status)14*4882a593Smuzhiyun void stub_enqueue_ret_unlink(struct stub_device *sdev, __u32 seqnum,
15*4882a593Smuzhiyun 			     __u32 status)
16*4882a593Smuzhiyun {
17*4882a593Smuzhiyun 	struct stub_unlink *unlink;
18*4882a593Smuzhiyun 
19*4882a593Smuzhiyun 	unlink = kzalloc(sizeof(struct stub_unlink), GFP_ATOMIC);
20*4882a593Smuzhiyun 	if (!unlink) {
21*4882a593Smuzhiyun 		usbip_event_add(&sdev->ud, VDEV_EVENT_ERROR_MALLOC);
22*4882a593Smuzhiyun 		return;
23*4882a593Smuzhiyun 	}
24*4882a593Smuzhiyun 
25*4882a593Smuzhiyun 	unlink->seqnum = seqnum;
26*4882a593Smuzhiyun 	unlink->status = status;
27*4882a593Smuzhiyun 
28*4882a593Smuzhiyun 	list_add_tail(&unlink->list, &sdev->unlink_tx);
29*4882a593Smuzhiyun }
30*4882a593Smuzhiyun 
31*4882a593Smuzhiyun /**
32*4882a593Smuzhiyun  * stub_complete - completion handler of a usbip urb
33*4882a593Smuzhiyun  * @urb: pointer to the urb completed
34*4882a593Smuzhiyun  *
35*4882a593Smuzhiyun  * When a urb has completed, the USB core driver calls this function mostly in
36*4882a593Smuzhiyun  * the interrupt context. To return the result of a urb, the completed urb is
37*4882a593Smuzhiyun  * linked to the pending list of returning.
38*4882a593Smuzhiyun  *
39*4882a593Smuzhiyun  */
stub_complete(struct urb * urb)40*4882a593Smuzhiyun void stub_complete(struct urb *urb)
41*4882a593Smuzhiyun {
42*4882a593Smuzhiyun 	struct stub_priv *priv = (struct stub_priv *) urb->context;
43*4882a593Smuzhiyun 	struct stub_device *sdev = priv->sdev;
44*4882a593Smuzhiyun 	unsigned long flags;
45*4882a593Smuzhiyun 
46*4882a593Smuzhiyun 	usbip_dbg_stub_tx("complete! status %d\n", urb->status);
47*4882a593Smuzhiyun 
48*4882a593Smuzhiyun 	switch (urb->status) {
49*4882a593Smuzhiyun 	case 0:
50*4882a593Smuzhiyun 		/* OK */
51*4882a593Smuzhiyun 		break;
52*4882a593Smuzhiyun 	case -ENOENT:
53*4882a593Smuzhiyun 		dev_info(&urb->dev->dev,
54*4882a593Smuzhiyun 			 "stopped by a call to usb_kill_urb() because of cleaning up a virtual connection\n");
55*4882a593Smuzhiyun 		return;
56*4882a593Smuzhiyun 	case -ECONNRESET:
57*4882a593Smuzhiyun 		dev_info(&urb->dev->dev,
58*4882a593Smuzhiyun 			 "unlinked by a call to usb_unlink_urb()\n");
59*4882a593Smuzhiyun 		break;
60*4882a593Smuzhiyun 	case -EPIPE:
61*4882a593Smuzhiyun 		dev_info(&urb->dev->dev, "endpoint %d is stalled\n",
62*4882a593Smuzhiyun 			 usb_pipeendpoint(urb->pipe));
63*4882a593Smuzhiyun 		break;
64*4882a593Smuzhiyun 	case -ESHUTDOWN:
65*4882a593Smuzhiyun 		dev_info(&urb->dev->dev, "device removed?\n");
66*4882a593Smuzhiyun 		break;
67*4882a593Smuzhiyun 	default:
68*4882a593Smuzhiyun 		dev_info(&urb->dev->dev,
69*4882a593Smuzhiyun 			 "urb completion with non-zero status %d\n",
70*4882a593Smuzhiyun 			 urb->status);
71*4882a593Smuzhiyun 		break;
72*4882a593Smuzhiyun 	}
73*4882a593Smuzhiyun 
74*4882a593Smuzhiyun 	/*
75*4882a593Smuzhiyun 	 * If the server breaks single SG request into the several URBs, the
76*4882a593Smuzhiyun 	 * URBs must be reassembled before sending completed URB to the vhci.
77*4882a593Smuzhiyun 	 * Don't wake up the tx thread until all the URBs are completed.
78*4882a593Smuzhiyun 	 */
79*4882a593Smuzhiyun 	if (priv->sgl) {
80*4882a593Smuzhiyun 		priv->completed_urbs++;
81*4882a593Smuzhiyun 
82*4882a593Smuzhiyun 		/* Only save the first error status */
83*4882a593Smuzhiyun 		if (urb->status && !priv->urb_status)
84*4882a593Smuzhiyun 			priv->urb_status = urb->status;
85*4882a593Smuzhiyun 
86*4882a593Smuzhiyun 		if (priv->completed_urbs < priv->num_urbs)
87*4882a593Smuzhiyun 			return;
88*4882a593Smuzhiyun 	}
89*4882a593Smuzhiyun 
90*4882a593Smuzhiyun 	/* link a urb to the queue of tx. */
91*4882a593Smuzhiyun 	spin_lock_irqsave(&sdev->priv_lock, flags);
92*4882a593Smuzhiyun 	if (sdev->ud.tcp_socket == NULL) {
93*4882a593Smuzhiyun 		usbip_dbg_stub_tx("ignore urb for closed connection\n");
94*4882a593Smuzhiyun 		/* It will be freed in stub_device_cleanup_urbs(). */
95*4882a593Smuzhiyun 	} else if (priv->unlinking) {
96*4882a593Smuzhiyun 		stub_enqueue_ret_unlink(sdev, priv->seqnum, urb->status);
97*4882a593Smuzhiyun 		stub_free_priv_and_urb(priv);
98*4882a593Smuzhiyun 	} else {
99*4882a593Smuzhiyun 		list_move_tail(&priv->list, &sdev->priv_tx);
100*4882a593Smuzhiyun 	}
101*4882a593Smuzhiyun 	spin_unlock_irqrestore(&sdev->priv_lock, flags);
102*4882a593Smuzhiyun 
103*4882a593Smuzhiyun 	/* wake up tx_thread */
104*4882a593Smuzhiyun 	wake_up(&sdev->tx_waitq);
105*4882a593Smuzhiyun }
106*4882a593Smuzhiyun 
setup_base_pdu(struct usbip_header_basic * base,__u32 command,__u32 seqnum)107*4882a593Smuzhiyun static inline void setup_base_pdu(struct usbip_header_basic *base,
108*4882a593Smuzhiyun 				  __u32 command, __u32 seqnum)
109*4882a593Smuzhiyun {
110*4882a593Smuzhiyun 	base->command	= command;
111*4882a593Smuzhiyun 	base->seqnum	= seqnum;
112*4882a593Smuzhiyun 	base->devid	= 0;
113*4882a593Smuzhiyun 	base->ep	= 0;
114*4882a593Smuzhiyun 	base->direction = 0;
115*4882a593Smuzhiyun }
116*4882a593Smuzhiyun 
setup_ret_submit_pdu(struct usbip_header * rpdu,struct urb * urb)117*4882a593Smuzhiyun static void setup_ret_submit_pdu(struct usbip_header *rpdu, struct urb *urb)
118*4882a593Smuzhiyun {
119*4882a593Smuzhiyun 	struct stub_priv *priv = (struct stub_priv *) urb->context;
120*4882a593Smuzhiyun 
121*4882a593Smuzhiyun 	setup_base_pdu(&rpdu->base, USBIP_RET_SUBMIT, priv->seqnum);
122*4882a593Smuzhiyun 	usbip_pack_pdu(rpdu, urb, USBIP_RET_SUBMIT, 1);
123*4882a593Smuzhiyun }
124*4882a593Smuzhiyun 
setup_ret_unlink_pdu(struct usbip_header * rpdu,struct stub_unlink * unlink)125*4882a593Smuzhiyun static void setup_ret_unlink_pdu(struct usbip_header *rpdu,
126*4882a593Smuzhiyun 				 struct stub_unlink *unlink)
127*4882a593Smuzhiyun {
128*4882a593Smuzhiyun 	setup_base_pdu(&rpdu->base, USBIP_RET_UNLINK, unlink->seqnum);
129*4882a593Smuzhiyun 	rpdu->u.ret_unlink.status = unlink->status;
130*4882a593Smuzhiyun }
131*4882a593Smuzhiyun 
dequeue_from_priv_tx(struct stub_device * sdev)132*4882a593Smuzhiyun static struct stub_priv *dequeue_from_priv_tx(struct stub_device *sdev)
133*4882a593Smuzhiyun {
134*4882a593Smuzhiyun 	unsigned long flags;
135*4882a593Smuzhiyun 	struct stub_priv *priv, *tmp;
136*4882a593Smuzhiyun 
137*4882a593Smuzhiyun 	spin_lock_irqsave(&sdev->priv_lock, flags);
138*4882a593Smuzhiyun 
139*4882a593Smuzhiyun 	list_for_each_entry_safe(priv, tmp, &sdev->priv_tx, list) {
140*4882a593Smuzhiyun 		list_move_tail(&priv->list, &sdev->priv_free);
141*4882a593Smuzhiyun 		spin_unlock_irqrestore(&sdev->priv_lock, flags);
142*4882a593Smuzhiyun 		return priv;
143*4882a593Smuzhiyun 	}
144*4882a593Smuzhiyun 
145*4882a593Smuzhiyun 	spin_unlock_irqrestore(&sdev->priv_lock, flags);
146*4882a593Smuzhiyun 
147*4882a593Smuzhiyun 	return NULL;
148*4882a593Smuzhiyun }
149*4882a593Smuzhiyun 
stub_send_ret_submit(struct stub_device * sdev)150*4882a593Smuzhiyun static int stub_send_ret_submit(struct stub_device *sdev)
151*4882a593Smuzhiyun {
152*4882a593Smuzhiyun 	unsigned long flags;
153*4882a593Smuzhiyun 	struct stub_priv *priv, *tmp;
154*4882a593Smuzhiyun 
155*4882a593Smuzhiyun 	struct msghdr msg;
156*4882a593Smuzhiyun 	size_t txsize;
157*4882a593Smuzhiyun 
158*4882a593Smuzhiyun 	size_t total_size = 0;
159*4882a593Smuzhiyun 
160*4882a593Smuzhiyun 	while ((priv = dequeue_from_priv_tx(sdev)) != NULL) {
161*4882a593Smuzhiyun 		struct urb *urb = priv->urbs[0];
162*4882a593Smuzhiyun 		struct usbip_header pdu_header;
163*4882a593Smuzhiyun 		struct usbip_iso_packet_descriptor *iso_buffer = NULL;
164*4882a593Smuzhiyun 		struct kvec *iov = NULL;
165*4882a593Smuzhiyun 		struct scatterlist *sg;
166*4882a593Smuzhiyun 		u32 actual_length = 0;
167*4882a593Smuzhiyun 		int iovnum = 0;
168*4882a593Smuzhiyun 		int ret;
169*4882a593Smuzhiyun 		int i;
170*4882a593Smuzhiyun 
171*4882a593Smuzhiyun 		txsize = 0;
172*4882a593Smuzhiyun 		memset(&pdu_header, 0, sizeof(pdu_header));
173*4882a593Smuzhiyun 		memset(&msg, 0, sizeof(msg));
174*4882a593Smuzhiyun 
175*4882a593Smuzhiyun 		if (urb->actual_length > 0 && !urb->transfer_buffer &&
176*4882a593Smuzhiyun 		   !urb->num_sgs) {
177*4882a593Smuzhiyun 			dev_err(&sdev->udev->dev,
178*4882a593Smuzhiyun 				"urb: actual_length %d transfer_buffer null\n",
179*4882a593Smuzhiyun 				urb->actual_length);
180*4882a593Smuzhiyun 			return -1;
181*4882a593Smuzhiyun 		}
182*4882a593Smuzhiyun 
183*4882a593Smuzhiyun 		if (usb_pipetype(urb->pipe) == PIPE_ISOCHRONOUS)
184*4882a593Smuzhiyun 			iovnum = 2 + urb->number_of_packets;
185*4882a593Smuzhiyun 		else if (usb_pipein(urb->pipe) && urb->actual_length > 0 &&
186*4882a593Smuzhiyun 			urb->num_sgs)
187*4882a593Smuzhiyun 			iovnum = 1 + urb->num_sgs;
188*4882a593Smuzhiyun 		else if (usb_pipein(urb->pipe) && priv->sgl)
189*4882a593Smuzhiyun 			iovnum = 1 + priv->num_urbs;
190*4882a593Smuzhiyun 		else
191*4882a593Smuzhiyun 			iovnum = 2;
192*4882a593Smuzhiyun 
193*4882a593Smuzhiyun 		iov = kcalloc(iovnum, sizeof(struct kvec), GFP_KERNEL);
194*4882a593Smuzhiyun 
195*4882a593Smuzhiyun 		if (!iov) {
196*4882a593Smuzhiyun 			usbip_event_add(&sdev->ud, SDEV_EVENT_ERROR_MALLOC);
197*4882a593Smuzhiyun 			return -1;
198*4882a593Smuzhiyun 		}
199*4882a593Smuzhiyun 
200*4882a593Smuzhiyun 		iovnum = 0;
201*4882a593Smuzhiyun 
202*4882a593Smuzhiyun 		/* 1. setup usbip_header */
203*4882a593Smuzhiyun 		setup_ret_submit_pdu(&pdu_header, urb);
204*4882a593Smuzhiyun 		usbip_dbg_stub_tx("setup txdata seqnum: %d\n",
205*4882a593Smuzhiyun 				  pdu_header.base.seqnum);
206*4882a593Smuzhiyun 
207*4882a593Smuzhiyun 		if (priv->sgl) {
208*4882a593Smuzhiyun 			for (i = 0; i < priv->num_urbs; i++)
209*4882a593Smuzhiyun 				actual_length += priv->urbs[i]->actual_length;
210*4882a593Smuzhiyun 
211*4882a593Smuzhiyun 			pdu_header.u.ret_submit.status = priv->urb_status;
212*4882a593Smuzhiyun 			pdu_header.u.ret_submit.actual_length = actual_length;
213*4882a593Smuzhiyun 		}
214*4882a593Smuzhiyun 
215*4882a593Smuzhiyun 		usbip_header_correct_endian(&pdu_header, 1);
216*4882a593Smuzhiyun 
217*4882a593Smuzhiyun 		iov[iovnum].iov_base = &pdu_header;
218*4882a593Smuzhiyun 		iov[iovnum].iov_len  = sizeof(pdu_header);
219*4882a593Smuzhiyun 		iovnum++;
220*4882a593Smuzhiyun 		txsize += sizeof(pdu_header);
221*4882a593Smuzhiyun 
222*4882a593Smuzhiyun 		/* 2. setup transfer buffer */
223*4882a593Smuzhiyun 		if (usb_pipein(urb->pipe) && priv->sgl) {
224*4882a593Smuzhiyun 			/* If the server split a single SG request into several
225*4882a593Smuzhiyun 			 * URBs because the server's HCD doesn't support SG,
226*4882a593Smuzhiyun 			 * reassemble the split URB buffers into a single
227*4882a593Smuzhiyun 			 * return command.
228*4882a593Smuzhiyun 			 */
229*4882a593Smuzhiyun 			for (i = 0; i < priv->num_urbs; i++) {
230*4882a593Smuzhiyun 				iov[iovnum].iov_base =
231*4882a593Smuzhiyun 					priv->urbs[i]->transfer_buffer;
232*4882a593Smuzhiyun 				iov[iovnum].iov_len =
233*4882a593Smuzhiyun 					priv->urbs[i]->actual_length;
234*4882a593Smuzhiyun 				iovnum++;
235*4882a593Smuzhiyun 			}
236*4882a593Smuzhiyun 			txsize += actual_length;
237*4882a593Smuzhiyun 		} else if (usb_pipein(urb->pipe) &&
238*4882a593Smuzhiyun 		    usb_pipetype(urb->pipe) != PIPE_ISOCHRONOUS &&
239*4882a593Smuzhiyun 		    urb->actual_length > 0) {
240*4882a593Smuzhiyun 			if (urb->num_sgs) {
241*4882a593Smuzhiyun 				unsigned int copy = urb->actual_length;
242*4882a593Smuzhiyun 				int size;
243*4882a593Smuzhiyun 
244*4882a593Smuzhiyun 				for_each_sg(urb->sg, sg, urb->num_sgs, i) {
245*4882a593Smuzhiyun 					if (copy == 0)
246*4882a593Smuzhiyun 						break;
247*4882a593Smuzhiyun 
248*4882a593Smuzhiyun 					if (copy < sg->length)
249*4882a593Smuzhiyun 						size = copy;
250*4882a593Smuzhiyun 					else
251*4882a593Smuzhiyun 						size = sg->length;
252*4882a593Smuzhiyun 
253*4882a593Smuzhiyun 					iov[iovnum].iov_base = sg_virt(sg);
254*4882a593Smuzhiyun 					iov[iovnum].iov_len = size;
255*4882a593Smuzhiyun 
256*4882a593Smuzhiyun 					iovnum++;
257*4882a593Smuzhiyun 					copy -= size;
258*4882a593Smuzhiyun 				}
259*4882a593Smuzhiyun 			} else {
260*4882a593Smuzhiyun 				iov[iovnum].iov_base = urb->transfer_buffer;
261*4882a593Smuzhiyun 				iov[iovnum].iov_len  = urb->actual_length;
262*4882a593Smuzhiyun 				iovnum++;
263*4882a593Smuzhiyun 			}
264*4882a593Smuzhiyun 			txsize += urb->actual_length;
265*4882a593Smuzhiyun 		} else if (usb_pipein(urb->pipe) &&
266*4882a593Smuzhiyun 			   usb_pipetype(urb->pipe) == PIPE_ISOCHRONOUS) {
267*4882a593Smuzhiyun 			/*
268*4882a593Smuzhiyun 			 * For isochronous packets: actual length is the sum of
269*4882a593Smuzhiyun 			 * the actual length of the individual, packets, but as
270*4882a593Smuzhiyun 			 * the packet offsets are not changed there will be
271*4882a593Smuzhiyun 			 * padding between the packets. To optimally use the
272*4882a593Smuzhiyun 			 * bandwidth the padding is not transmitted.
273*4882a593Smuzhiyun 			 */
274*4882a593Smuzhiyun 
275*4882a593Smuzhiyun 			int i;
276*4882a593Smuzhiyun 
277*4882a593Smuzhiyun 			for (i = 0; i < urb->number_of_packets; i++) {
278*4882a593Smuzhiyun 				iov[iovnum].iov_base = urb->transfer_buffer +
279*4882a593Smuzhiyun 					urb->iso_frame_desc[i].offset;
280*4882a593Smuzhiyun 				iov[iovnum].iov_len =
281*4882a593Smuzhiyun 					urb->iso_frame_desc[i].actual_length;
282*4882a593Smuzhiyun 				iovnum++;
283*4882a593Smuzhiyun 				txsize += urb->iso_frame_desc[i].actual_length;
284*4882a593Smuzhiyun 			}
285*4882a593Smuzhiyun 
286*4882a593Smuzhiyun 			if (txsize != sizeof(pdu_header) + urb->actual_length) {
287*4882a593Smuzhiyun 				dev_err(&sdev->udev->dev,
288*4882a593Smuzhiyun 					"actual length of urb %d does not match iso packet sizes %zu\n",
289*4882a593Smuzhiyun 					urb->actual_length,
290*4882a593Smuzhiyun 					txsize-sizeof(pdu_header));
291*4882a593Smuzhiyun 				kfree(iov);
292*4882a593Smuzhiyun 				usbip_event_add(&sdev->ud,
293*4882a593Smuzhiyun 						SDEV_EVENT_ERROR_TCP);
294*4882a593Smuzhiyun 				return -1;
295*4882a593Smuzhiyun 			}
296*4882a593Smuzhiyun 		}
297*4882a593Smuzhiyun 
298*4882a593Smuzhiyun 		/* 3. setup iso_packet_descriptor */
299*4882a593Smuzhiyun 		if (usb_pipetype(urb->pipe) == PIPE_ISOCHRONOUS) {
300*4882a593Smuzhiyun 			ssize_t len = 0;
301*4882a593Smuzhiyun 
302*4882a593Smuzhiyun 			iso_buffer = usbip_alloc_iso_desc_pdu(urb, &len);
303*4882a593Smuzhiyun 			if (!iso_buffer) {
304*4882a593Smuzhiyun 				usbip_event_add(&sdev->ud,
305*4882a593Smuzhiyun 						SDEV_EVENT_ERROR_MALLOC);
306*4882a593Smuzhiyun 				kfree(iov);
307*4882a593Smuzhiyun 				return -1;
308*4882a593Smuzhiyun 			}
309*4882a593Smuzhiyun 
310*4882a593Smuzhiyun 			iov[iovnum].iov_base = iso_buffer;
311*4882a593Smuzhiyun 			iov[iovnum].iov_len  = len;
312*4882a593Smuzhiyun 			txsize += len;
313*4882a593Smuzhiyun 			iovnum++;
314*4882a593Smuzhiyun 		}
315*4882a593Smuzhiyun 
316*4882a593Smuzhiyun 		ret = kernel_sendmsg(sdev->ud.tcp_socket, &msg,
317*4882a593Smuzhiyun 						iov,  iovnum, txsize);
318*4882a593Smuzhiyun 		if (ret != txsize) {
319*4882a593Smuzhiyun 			dev_err(&sdev->udev->dev,
320*4882a593Smuzhiyun 				"sendmsg failed!, retval %d for %zd\n",
321*4882a593Smuzhiyun 				ret, txsize);
322*4882a593Smuzhiyun 			kfree(iov);
323*4882a593Smuzhiyun 			kfree(iso_buffer);
324*4882a593Smuzhiyun 			usbip_event_add(&sdev->ud, SDEV_EVENT_ERROR_TCP);
325*4882a593Smuzhiyun 			return -1;
326*4882a593Smuzhiyun 		}
327*4882a593Smuzhiyun 
328*4882a593Smuzhiyun 		kfree(iov);
329*4882a593Smuzhiyun 		kfree(iso_buffer);
330*4882a593Smuzhiyun 
331*4882a593Smuzhiyun 		total_size += txsize;
332*4882a593Smuzhiyun 	}
333*4882a593Smuzhiyun 
334*4882a593Smuzhiyun 	spin_lock_irqsave(&sdev->priv_lock, flags);
335*4882a593Smuzhiyun 	list_for_each_entry_safe(priv, tmp, &sdev->priv_free, list) {
336*4882a593Smuzhiyun 		stub_free_priv_and_urb(priv);
337*4882a593Smuzhiyun 	}
338*4882a593Smuzhiyun 	spin_unlock_irqrestore(&sdev->priv_lock, flags);
339*4882a593Smuzhiyun 
340*4882a593Smuzhiyun 	return total_size;
341*4882a593Smuzhiyun }
342*4882a593Smuzhiyun 
dequeue_from_unlink_tx(struct stub_device * sdev)343*4882a593Smuzhiyun static struct stub_unlink *dequeue_from_unlink_tx(struct stub_device *sdev)
344*4882a593Smuzhiyun {
345*4882a593Smuzhiyun 	unsigned long flags;
346*4882a593Smuzhiyun 	struct stub_unlink *unlink, *tmp;
347*4882a593Smuzhiyun 
348*4882a593Smuzhiyun 	spin_lock_irqsave(&sdev->priv_lock, flags);
349*4882a593Smuzhiyun 
350*4882a593Smuzhiyun 	list_for_each_entry_safe(unlink, tmp, &sdev->unlink_tx, list) {
351*4882a593Smuzhiyun 		list_move_tail(&unlink->list, &sdev->unlink_free);
352*4882a593Smuzhiyun 		spin_unlock_irqrestore(&sdev->priv_lock, flags);
353*4882a593Smuzhiyun 		return unlink;
354*4882a593Smuzhiyun 	}
355*4882a593Smuzhiyun 
356*4882a593Smuzhiyun 	spin_unlock_irqrestore(&sdev->priv_lock, flags);
357*4882a593Smuzhiyun 
358*4882a593Smuzhiyun 	return NULL;
359*4882a593Smuzhiyun }
360*4882a593Smuzhiyun 
stub_send_ret_unlink(struct stub_device * sdev)361*4882a593Smuzhiyun static int stub_send_ret_unlink(struct stub_device *sdev)
362*4882a593Smuzhiyun {
363*4882a593Smuzhiyun 	unsigned long flags;
364*4882a593Smuzhiyun 	struct stub_unlink *unlink, *tmp;
365*4882a593Smuzhiyun 
366*4882a593Smuzhiyun 	struct msghdr msg;
367*4882a593Smuzhiyun 	struct kvec iov[1];
368*4882a593Smuzhiyun 	size_t txsize;
369*4882a593Smuzhiyun 
370*4882a593Smuzhiyun 	size_t total_size = 0;
371*4882a593Smuzhiyun 
372*4882a593Smuzhiyun 	while ((unlink = dequeue_from_unlink_tx(sdev)) != NULL) {
373*4882a593Smuzhiyun 		int ret;
374*4882a593Smuzhiyun 		struct usbip_header pdu_header;
375*4882a593Smuzhiyun 
376*4882a593Smuzhiyun 		txsize = 0;
377*4882a593Smuzhiyun 		memset(&pdu_header, 0, sizeof(pdu_header));
378*4882a593Smuzhiyun 		memset(&msg, 0, sizeof(msg));
379*4882a593Smuzhiyun 		memset(&iov, 0, sizeof(iov));
380*4882a593Smuzhiyun 
381*4882a593Smuzhiyun 		usbip_dbg_stub_tx("setup ret unlink %lu\n", unlink->seqnum);
382*4882a593Smuzhiyun 
383*4882a593Smuzhiyun 		/* 1. setup usbip_header */
384*4882a593Smuzhiyun 		setup_ret_unlink_pdu(&pdu_header, unlink);
385*4882a593Smuzhiyun 		usbip_header_correct_endian(&pdu_header, 1);
386*4882a593Smuzhiyun 
387*4882a593Smuzhiyun 		iov[0].iov_base = &pdu_header;
388*4882a593Smuzhiyun 		iov[0].iov_len  = sizeof(pdu_header);
389*4882a593Smuzhiyun 		txsize += sizeof(pdu_header);
390*4882a593Smuzhiyun 
391*4882a593Smuzhiyun 		ret = kernel_sendmsg(sdev->ud.tcp_socket, &msg, iov,
392*4882a593Smuzhiyun 				     1, txsize);
393*4882a593Smuzhiyun 		if (ret != txsize) {
394*4882a593Smuzhiyun 			dev_err(&sdev->udev->dev,
395*4882a593Smuzhiyun 				"sendmsg failed!, retval %d for %zd\n",
396*4882a593Smuzhiyun 				ret, txsize);
397*4882a593Smuzhiyun 			usbip_event_add(&sdev->ud, SDEV_EVENT_ERROR_TCP);
398*4882a593Smuzhiyun 			return -1;
399*4882a593Smuzhiyun 		}
400*4882a593Smuzhiyun 
401*4882a593Smuzhiyun 		usbip_dbg_stub_tx("send txdata\n");
402*4882a593Smuzhiyun 		total_size += txsize;
403*4882a593Smuzhiyun 	}
404*4882a593Smuzhiyun 
405*4882a593Smuzhiyun 	spin_lock_irqsave(&sdev->priv_lock, flags);
406*4882a593Smuzhiyun 
407*4882a593Smuzhiyun 	list_for_each_entry_safe(unlink, tmp, &sdev->unlink_free, list) {
408*4882a593Smuzhiyun 		list_del(&unlink->list);
409*4882a593Smuzhiyun 		kfree(unlink);
410*4882a593Smuzhiyun 	}
411*4882a593Smuzhiyun 
412*4882a593Smuzhiyun 	spin_unlock_irqrestore(&sdev->priv_lock, flags);
413*4882a593Smuzhiyun 
414*4882a593Smuzhiyun 	return total_size;
415*4882a593Smuzhiyun }
416*4882a593Smuzhiyun 
stub_tx_loop(void * data)417*4882a593Smuzhiyun int stub_tx_loop(void *data)
418*4882a593Smuzhiyun {
419*4882a593Smuzhiyun 	struct usbip_device *ud = data;
420*4882a593Smuzhiyun 	struct stub_device *sdev = container_of(ud, struct stub_device, ud);
421*4882a593Smuzhiyun 
422*4882a593Smuzhiyun 	while (!kthread_should_stop()) {
423*4882a593Smuzhiyun 		if (usbip_event_happened(ud))
424*4882a593Smuzhiyun 			break;
425*4882a593Smuzhiyun 
426*4882a593Smuzhiyun 		/*
427*4882a593Smuzhiyun 		 * send_ret_submit comes earlier than send_ret_unlink.  stub_rx
428*4882a593Smuzhiyun 		 * looks at only priv_init queue. If the completion of a URB is
429*4882a593Smuzhiyun 		 * earlier than the receive of CMD_UNLINK, priv is moved to
430*4882a593Smuzhiyun 		 * priv_tx queue and stub_rx does not find the target priv. In
431*4882a593Smuzhiyun 		 * this case, vhci_rx receives the result of the submit request
432*4882a593Smuzhiyun 		 * and then receives the result of the unlink request. The
433*4882a593Smuzhiyun 		 * result of the submit is given back to the usbcore as the
434*4882a593Smuzhiyun 		 * completion of the unlink request. The request of the
435*4882a593Smuzhiyun 		 * unlink is ignored. This is ok because a driver who calls
436*4882a593Smuzhiyun 		 * usb_unlink_urb() understands the unlink was too late by
437*4882a593Smuzhiyun 		 * getting the status of the given-backed URB which has the
438*4882a593Smuzhiyun 		 * status of usb_submit_urb().
439*4882a593Smuzhiyun 		 */
440*4882a593Smuzhiyun 		if (stub_send_ret_submit(sdev) < 0)
441*4882a593Smuzhiyun 			break;
442*4882a593Smuzhiyun 
443*4882a593Smuzhiyun 		if (stub_send_ret_unlink(sdev) < 0)
444*4882a593Smuzhiyun 			break;
445*4882a593Smuzhiyun 
446*4882a593Smuzhiyun 		wait_event_interruptible(sdev->tx_waitq,
447*4882a593Smuzhiyun 					 (!list_empty(&sdev->priv_tx) ||
448*4882a593Smuzhiyun 					  !list_empty(&sdev->unlink_tx) ||
449*4882a593Smuzhiyun 					  kthread_should_stop()));
450*4882a593Smuzhiyun 	}
451*4882a593Smuzhiyun 
452*4882a593Smuzhiyun 	return 0;
453*4882a593Smuzhiyun }
454