cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

vudc_transfer.c (11936B)

      1// SPDX-License-Identifier: GPL-2.0+
      2/*
      3 * Copyright (C) 2015 Karol Kosik <karo9@interia.eu>
      4 * Copyright (C) 2015-2016 Samsung Electronics
      5 *               Igor Kotrasinski <i.kotrasinsk@samsung.com>
      6 *
      7 * Based on dummy_hcd.c, which is:
      8 * Copyright (C) 2003 David Brownell
      9 * Copyright (C) 2003-2005 Alan Stern
     10 */
     11
     12#include <linux/usb.h>
     13#include <linux/timer.h>
     14#include <linux/usb/ch9.h>
     15
     16#include "vudc.h"
     17
     18#define DEV_REQUEST	(USB_TYPE_STANDARD | USB_RECIP_DEVICE)
     19#define DEV_INREQUEST	(DEV_REQUEST | USB_DIR_IN)
     20#define INTF_REQUEST	(USB_TYPE_STANDARD | USB_RECIP_INTERFACE)
     21#define INTF_INREQUEST	(INTF_REQUEST | USB_DIR_IN)
     22#define EP_REQUEST	(USB_TYPE_STANDARD | USB_RECIP_ENDPOINT)
     23#define EP_INREQUEST	(EP_REQUEST | USB_DIR_IN)
     24
     25static int get_frame_limit(enum usb_device_speed speed)
     26{
     27	switch (speed) {
     28	case USB_SPEED_LOW:
     29		return 8 /*bytes*/ * 12 /*packets*/;
     30	case USB_SPEED_FULL:
     31		return 64 /*bytes*/ * 19 /*packets*/;
     32	case USB_SPEED_HIGH:
     33		return 512 /*bytes*/ * 13 /*packets*/ * 8 /*uframes*/;
     34	case USB_SPEED_SUPER:
     35		/* Bus speed is 500000 bytes/ms, so use a little less */
     36		return 490000;
     37	default:
     38		/* error */
     39		return -1;
     40	}
     41
     42}
     43
     44/*
     45 * handle_control_request() - handles all control transfers
     46 * @udc: pointer to vudc
     47 * @urb: the urb request to handle
     48 * @setup: pointer to the setup data for a USB device control
     49 *	 request
     50 * @status: pointer to request handling status
     51 *
     52 * Return 0 - if the request was handled
     53 *	  1 - if the request wasn't handles
     54 *	  error code on error
     55 *
     56 * Adapted from drivers/usb/gadget/udc/dummy_hcd.c
     57 */
     58static int handle_control_request(struct vudc *udc, struct urb *urb,
     59				  struct usb_ctrlrequest *setup,
     60				  int *status)
     61{
     62	struct vep	*ep2;
     63	int		ret_val = 1;
     64	unsigned int	w_index;
     65	unsigned int	w_value;
     66
     67	w_index = le16_to_cpu(setup->wIndex);
     68	w_value = le16_to_cpu(setup->wValue);
     69	switch (setup->bRequest) {
     70	case USB_REQ_SET_ADDRESS:
     71		if (setup->bRequestType != DEV_REQUEST)
     72			break;
     73		udc->address = w_value;
     74		ret_val = 0;
     75		*status = 0;
     76		break;
     77	case USB_REQ_SET_FEATURE:
     78		if (setup->bRequestType == DEV_REQUEST) {
     79			ret_val = 0;
     80			switch (w_value) {
     81			case USB_DEVICE_REMOTE_WAKEUP:
     82				break;
     83			case USB_DEVICE_B_HNP_ENABLE:
     84				udc->gadget.b_hnp_enable = 1;
     85				break;
     86			case USB_DEVICE_A_HNP_SUPPORT:
     87				udc->gadget.a_hnp_support = 1;
     88				break;
     89			case USB_DEVICE_A_ALT_HNP_SUPPORT:
     90				udc->gadget.a_alt_hnp_support = 1;
     91				break;
     92			default:
     93				ret_val = -EOPNOTSUPP;
     94			}
     95			if (ret_val == 0) {
     96				udc->devstatus |= (1 << w_value);
     97				*status = 0;
     98			}
     99		} else if (setup->bRequestType == EP_REQUEST) {
    100			/* endpoint halt */
    101			ep2 = vudc_find_endpoint(udc, w_index);
    102			if (!ep2 || ep2->ep.name == udc->ep[0].ep.name) {
    103				ret_val = -EOPNOTSUPP;
    104				break;
    105			}
    106			ep2->halted = 1;
    107			ret_val = 0;
    108			*status = 0;
    109		}
    110		break;
    111	case USB_REQ_CLEAR_FEATURE:
    112		if (setup->bRequestType == DEV_REQUEST) {
    113			ret_val = 0;
    114			switch (w_value) {
    115			case USB_DEVICE_REMOTE_WAKEUP:
    116				w_value = USB_DEVICE_REMOTE_WAKEUP;
    117				break;
    118
    119			case USB_DEVICE_U1_ENABLE:
    120			case USB_DEVICE_U2_ENABLE:
    121			case USB_DEVICE_LTM_ENABLE:
    122				ret_val = -EOPNOTSUPP;
    123				break;
    124			default:
    125				ret_val = -EOPNOTSUPP;
    126				break;
    127			}
    128			if (ret_val == 0) {
    129				udc->devstatus &= ~(1 << w_value);
    130				*status = 0;
    131			}
    132		} else if (setup->bRequestType == EP_REQUEST) {
    133			/* endpoint halt */
    134			ep2 = vudc_find_endpoint(udc, w_index);
    135			if (!ep2) {
    136				ret_val = -EOPNOTSUPP;
    137				break;
    138			}
    139			if (!ep2->wedged)
    140				ep2->halted = 0;
    141			ret_val = 0;
    142			*status = 0;
    143		}
    144		break;
    145	case USB_REQ_GET_STATUS:
    146		if (setup->bRequestType == DEV_INREQUEST
    147				|| setup->bRequestType == INTF_INREQUEST
    148				|| setup->bRequestType == EP_INREQUEST) {
    149			char *buf;
    150			/*
    151			 * device: remote wakeup, selfpowered
    152			 * interface: nothing
    153			 * endpoint: halt
    154			 */
    155			buf = (char *)urb->transfer_buffer;
    156			if (urb->transfer_buffer_length > 0) {
    157				if (setup->bRequestType == EP_INREQUEST) {
    158					ep2 = vudc_find_endpoint(udc, w_index);
    159					if (!ep2) {
    160						ret_val = -EOPNOTSUPP;
    161						break;
    162					}
    163					buf[0] = ep2->halted;
    164				} else if (setup->bRequestType ==
    165					   DEV_INREQUEST) {
    166					buf[0] = (u8)udc->devstatus;
    167				} else
    168					buf[0] = 0;
    169			}
    170			if (urb->transfer_buffer_length > 1)
    171				buf[1] = 0;
    172			urb->actual_length = min_t(u32, 2,
    173				urb->transfer_buffer_length);
    174			ret_val = 0;
    175			*status = 0;
    176		}
    177		break;
    178	}
    179	return ret_val;
    180}
    181
    182/* Adapted from dummy_hcd.c ; caller must hold lock */
    183static int transfer(struct vudc *udc,
    184		struct urb *urb, struct vep *ep, int limit)
    185{
    186	struct vrequest	*req;
    187	int sent = 0;
    188top:
    189	/* if there's no request queued, the device is NAKing; return */
    190	list_for_each_entry(req, &ep->req_queue, req_entry) {
    191		unsigned int	host_len, dev_len, len;
    192		void		*ubuf_pos, *rbuf_pos;
    193		int		is_short, to_host;
    194		int		rescan = 0;
    195
    196		/*
    197		 * 1..N packets of ep->ep.maxpacket each ... the last one
    198		 * may be short (including zero length).
    199		 *
    200		 * writer can send a zlp explicitly (length 0) or implicitly
    201		 * (length mod maxpacket zero, and 'zero' flag); they always
    202		 * terminate reads.
    203		 */
    204		host_len = urb->transfer_buffer_length - urb->actual_length;
    205		dev_len = req->req.length - req->req.actual;
    206		len = min(host_len, dev_len);
    207
    208		to_host = usb_pipein(urb->pipe);
    209		if (unlikely(len == 0))
    210			is_short = 1;
    211		else {
    212			/* send multiple of maxpacket first, then remainder */
    213			if (len >= ep->ep.maxpacket) {
    214				is_short = 0;
    215				if (len % ep->ep.maxpacket > 0)
    216					rescan = 1;
    217				len -= len % ep->ep.maxpacket;
    218			} else {
    219				is_short = 1;
    220			}
    221
    222			ubuf_pos = urb->transfer_buffer + urb->actual_length;
    223			rbuf_pos = req->req.buf + req->req.actual;
    224
    225			if (urb->pipe & USB_DIR_IN)
    226				memcpy(ubuf_pos, rbuf_pos, len);
    227			else
    228				memcpy(rbuf_pos, ubuf_pos, len);
    229
    230			urb->actual_length += len;
    231			req->req.actual += len;
    232			sent += len;
    233		}
    234
    235		/*
    236		 * short packets terminate, maybe with overflow/underflow.
    237		 * it's only really an error to write too much.
    238		 *
    239		 * partially filling a buffer optionally blocks queue advances
    240		 * (so completion handlers can clean up the queue) but we don't
    241		 * need to emulate such data-in-flight.
    242		 */
    243		if (is_short) {
    244			if (host_len == dev_len) {
    245				req->req.status = 0;
    246				urb->status = 0;
    247			} else if (to_host) {
    248				req->req.status = 0;
    249				if (dev_len > host_len)
    250					urb->status = -EOVERFLOW;
    251				else
    252					urb->status = 0;
    253			} else {
    254				urb->status = 0;
    255				if (host_len > dev_len)
    256					req->req.status = -EOVERFLOW;
    257				else
    258					req->req.status = 0;
    259			}
    260
    261		/* many requests terminate without a short packet */
    262		/* also check if we need to send zlp */
    263		} else {
    264			if (req->req.length == req->req.actual) {
    265				if (req->req.zero && to_host)
    266					rescan = 1;
    267				else
    268					req->req.status = 0;
    269			}
    270			if (urb->transfer_buffer_length == urb->actual_length) {
    271				if (urb->transfer_flags & URB_ZERO_PACKET &&
    272				    !to_host)
    273					rescan = 1;
    274				else
    275					urb->status = 0;
    276			}
    277		}
    278
    279		/* device side completion --> continuable */
    280		if (req->req.status != -EINPROGRESS) {
    281
    282			list_del_init(&req->req_entry);
    283			spin_unlock(&udc->lock);
    284			usb_gadget_giveback_request(&ep->ep, &req->req);
    285			spin_lock(&udc->lock);
    286
    287			/* requests might have been unlinked... */
    288			rescan = 1;
    289		}
    290
    291		/* host side completion --> terminate */
    292		if (urb->status != -EINPROGRESS)
    293			break;
    294
    295		/* rescan to continue with any other queued i/o */
    296		if (rescan)
    297			goto top;
    298	}
    299	return sent;
    300}
    301
    302static void v_timer(struct timer_list *t)
    303{
    304	struct vudc *udc = from_timer(udc, t, tr_timer.timer);
    305	struct transfer_timer *timer = &udc->tr_timer;
    306	struct urbp *urb_p, *tmp;
    307	unsigned long flags;
    308	struct usb_ep *_ep;
    309	struct vep *ep;
    310	int ret = 0;
    311	int total, limit;
    312
    313	spin_lock_irqsave(&udc->lock, flags);
    314
    315	total = get_frame_limit(udc->gadget.speed);
    316	if (total < 0) {	/* unknown speed, or not set yet */
    317		timer->state = VUDC_TR_IDLE;
    318		spin_unlock_irqrestore(&udc->lock, flags);
    319		return;
    320	}
    321	/* is it next frame now? */
    322	if (time_after(jiffies, timer->frame_start + msecs_to_jiffies(1))) {
    323		timer->frame_limit = total;
    324		/* FIXME: how to make it accurate? */
    325		timer->frame_start = jiffies;
    326	} else {
    327		total = timer->frame_limit;
    328	}
    329
    330	/* We have to clear ep0 flags separately as it's not on the list */
    331	udc->ep[0].already_seen = 0;
    332	list_for_each_entry(_ep, &udc->gadget.ep_list, ep_list) {
    333		ep = to_vep(_ep);
    334		ep->already_seen = 0;
    335	}
    336
    337restart:
    338	list_for_each_entry_safe(urb_p, tmp, &udc->urb_queue, urb_entry) {
    339		struct urb *urb = urb_p->urb;
    340
    341		ep = urb_p->ep;
    342		if (urb->unlinked)
    343			goto return_urb;
    344		if (timer->state != VUDC_TR_RUNNING)
    345			continue;
    346
    347		if (!ep) {
    348			urb->status = -EPROTO;
    349			goto return_urb;
    350		}
    351
    352		/* Used up bandwidth? */
    353		if (total <= 0 && ep->type == USB_ENDPOINT_XFER_BULK)
    354			continue;
    355
    356		if (ep->already_seen)
    357			continue;
    358		ep->already_seen = 1;
    359		if (ep == &udc->ep[0] && urb_p->new) {
    360			ep->setup_stage = 1;
    361			urb_p->new = 0;
    362		}
    363		if (ep->halted && !ep->setup_stage) {
    364			urb->status = -EPIPE;
    365			goto return_urb;
    366		}
    367
    368		if (ep == &udc->ep[0] && ep->setup_stage) {
    369			/* TODO - flush any stale requests */
    370			ep->setup_stage = 0;
    371			ep->halted = 0;
    372
    373			ret = handle_control_request(udc, urb,
    374				(struct usb_ctrlrequest *) urb->setup_packet,
    375				(&urb->status));
    376			if (ret > 0) {
    377				spin_unlock(&udc->lock);
    378				ret = udc->driver->setup(&udc->gadget,
    379					(struct usb_ctrlrequest *)
    380					urb->setup_packet);
    381				spin_lock(&udc->lock);
    382			}
    383			if (ret >= 0) {
    384				/* no delays (max 64kb data stage) */
    385				limit = 64 * 1024;
    386				goto treat_control_like_bulk;
    387			} else {
    388				urb->status = -EPIPE;
    389				urb->actual_length = 0;
    390				goto return_urb;
    391			}
    392		}
    393
    394		limit = total;
    395		switch (ep->type) {
    396		case USB_ENDPOINT_XFER_ISOC:
    397			/* TODO: support */
    398			urb->status = -EXDEV;
    399			break;
    400
    401		case USB_ENDPOINT_XFER_INT:
    402			/*
    403			 * TODO: figure out bandwidth guarantees
    404			 * for now, give unlimited bandwidth
    405			 */
    406			limit += urb->transfer_buffer_length;
    407			fallthrough;
    408		default:
    409treat_control_like_bulk:
    410			total -= transfer(udc, urb, ep, limit);
    411		}
    412		if (urb->status == -EINPROGRESS)
    413			continue;
    414
    415return_urb:
    416		if (ep)
    417			ep->already_seen = ep->setup_stage = 0;
    418
    419		spin_lock(&udc->lock_tx);
    420		list_del(&urb_p->urb_entry);
    421		if (!urb->unlinked) {
    422			v_enqueue_ret_submit(udc, urb_p);
    423		} else {
    424			v_enqueue_ret_unlink(udc, urb_p->seqnum,
    425					     urb->unlinked);
    426			free_urbp_and_urb(urb_p);
    427		}
    428		wake_up(&udc->tx_waitq);
    429		spin_unlock(&udc->lock_tx);
    430
    431		goto restart;
    432	}
    433
    434	/* TODO - also wait on empty usb_request queues? */
    435	if (list_empty(&udc->urb_queue))
    436		timer->state = VUDC_TR_IDLE;
    437	else
    438		mod_timer(&timer->timer,
    439			  timer->frame_start + msecs_to_jiffies(1));
    440
    441	spin_unlock_irqrestore(&udc->lock, flags);
    442}
    443
    444/* All timer functions are run with udc->lock held */
    445
    446void v_init_timer(struct vudc *udc)
    447{
    448	struct transfer_timer *t = &udc->tr_timer;
    449
    450	timer_setup(&t->timer, v_timer, 0);
    451	t->state = VUDC_TR_STOPPED;
    452}
    453
    454void v_start_timer(struct vudc *udc)
    455{
    456	struct transfer_timer *t = &udc->tr_timer;
    457
    458	dev_dbg(&udc->pdev->dev, "timer start");
    459	switch (t->state) {
    460	case VUDC_TR_RUNNING:
    461		return;
    462	case VUDC_TR_IDLE:
    463		return v_kick_timer(udc, jiffies);
    464	case VUDC_TR_STOPPED:
    465		t->state = VUDC_TR_IDLE;
    466		t->frame_start = jiffies;
    467		t->frame_limit = get_frame_limit(udc->gadget.speed);
    468		return v_kick_timer(udc, jiffies);
    469	}
    470}
    471
    472void v_kick_timer(struct vudc *udc, unsigned long time)
    473{
    474	struct transfer_timer *t = &udc->tr_timer;
    475
    476	dev_dbg(&udc->pdev->dev, "timer kick");
    477	switch (t->state) {
    478	case VUDC_TR_RUNNING:
    479		return;
    480	case VUDC_TR_IDLE:
    481		t->state = VUDC_TR_RUNNING;
    482		fallthrough;
    483	case VUDC_TR_STOPPED:
    484		/* we may want to kick timer to unqueue urbs */
    485		mod_timer(&t->timer, time);
    486	}
    487}
    488
    489void v_stop_timer(struct vudc *udc)
    490{
    491	struct transfer_timer *t = &udc->tr_timer;
    492
    493	/* timer itself will take care of stopping */
    494	dev_dbg(&udc->pdev->dev, "timer stop");
    495	t->state = VUDC_TR_STOPPED;
    496}