]>
Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * The USB Monitor, inspired by Dave Harding's USBMon. | |
3 | * | |
4 | * This is a text format reader. | |
5 | */ | |
6 | ||
7 | #include <linux/kernel.h> | |
8 | #include <linux/list.h> | |
9 | #include <linux/usb.h> | |
10 | #include <linux/time.h> | |
4186ecf8 | 11 | #include <linux/mutex.h> |
1da177e4 LT |
12 | #include <asm/uaccess.h> |
13 | ||
14 | #include "usb_mon.h" | |
15 | ||
16 | /* | |
17 | * No, we do not want arbitrarily long data strings. | |
18 | * Use the binary interface if you want to capture bulk data! | |
19 | */ | |
20 | #define DATA_MAX 32 | |
21 | ||
ae0d6cce PZ |
22 | /* |
23 | * Defined by USB 2.0 clause 9.3, table 9.2. | |
24 | */ | |
25 | #define SETUP_MAX 8 | |
26 | ||
1da177e4 LT |
27 | /* |
28 | * This limit exists to prevent OOMs when the user process stops reading. | |
5b1c674d PZ |
29 | * If usbmon were available to unprivileged processes, it might be open |
30 | * to a local DoS. But we have to keep to root in order to prevent | |
31 | * password sniffing from HID devices. | |
1da177e4 | 32 | */ |
5b1c674d | 33 | #define EVENT_MAX (2*PAGE_SIZE / sizeof(struct mon_event_text)) |
1da177e4 | 34 | |
5b1c674d | 35 | #define PRINTF_DFL 160 |
1da177e4 LT |
36 | |
37 | struct mon_event_text { | |
38 | struct list_head e_link; | |
39 | int type; /* submit, complete, etc. */ | |
40 | unsigned int pipe; /* Pipe */ | |
41 | unsigned long id; /* From pointer, most of the time */ | |
42 | unsigned int tstamp; | |
43 | int length; /* Depends on type: xfer length or act length */ | |
44 | int status; | |
ae0d6cce | 45 | char setup_flag; |
1da177e4 | 46 | char data_flag; |
ae0d6cce | 47 | unsigned char setup[SETUP_MAX]; |
1da177e4 LT |
48 | unsigned char data[DATA_MAX]; |
49 | }; | |
50 | ||
51 | #define SLAB_NAME_SZ 30 | |
52 | struct mon_reader_text { | |
53 | kmem_cache_t *e_slab; | |
54 | int nevents; | |
55 | struct list_head e_list; | |
56 | struct mon_reader r; /* In C, parent class can be placed anywhere */ | |
57 | ||
58 | wait_queue_head_t wait; | |
59 | int printf_size; | |
60 | char *printf_buf; | |
4186ecf8 | 61 | struct mutex printf_lock; |
1da177e4 LT |
62 | |
63 | char slab_name[SLAB_NAME_SZ]; | |
64 | }; | |
65 | ||
66 | static void mon_text_ctor(void *, kmem_cache_t *, unsigned long); | |
1da177e4 LT |
67 | |
68 | /* | |
69 | * mon_text_submit | |
70 | * mon_text_complete | |
71 | * | |
72 | * May be called from an interrupt. | |
73 | * | |
74 | * This is called with the whole mon_bus locked, so no additional lock. | |
75 | */ | |
76 | ||
ae0d6cce PZ |
77 | static inline char mon_text_get_setup(struct mon_event_text *ep, |
78 | struct urb *urb, char ev_type) | |
79 | { | |
80 | ||
81 | if (!usb_pipecontrol(urb->pipe) || ev_type != 'S') | |
82 | return '-'; | |
83 | ||
84 | if (urb->transfer_flags & URB_NO_SETUP_DMA_MAP) | |
bc506517 | 85 | return mon_dmapeek(ep->setup, urb->setup_dma, SETUP_MAX); |
ae0d6cce PZ |
86 | if (urb->setup_packet == NULL) |
87 | return 'Z'; /* '0' would be not as pretty. */ | |
88 | ||
89 | memcpy(ep->setup, urb->setup_packet, SETUP_MAX); | |
90 | return 0; | |
91 | } | |
92 | ||
1da177e4 LT |
93 | static inline char mon_text_get_data(struct mon_event_text *ep, struct urb *urb, |
94 | int len, char ev_type) | |
95 | { | |
96 | int pipe = urb->pipe; | |
1da177e4 LT |
97 | |
98 | if (len <= 0) | |
99 | return 'L'; | |
02568396 PZ |
100 | if (len >= DATA_MAX) |
101 | len = DATA_MAX; | |
1da177e4 | 102 | |
b9b09422 PZ |
103 | if (usb_pipein(pipe)) { |
104 | if (ev_type == 'S') | |
105 | return '<'; | |
106 | } else { | |
107 | if (ev_type == 'C') | |
108 | return '>'; | |
1da177e4 LT |
109 | } |
110 | ||
02568396 PZ |
111 | /* |
112 | * The check to see if it's safe to poke at data has an enormous | |
113 | * number of corner cases, but it seems that the following is | |
114 | * more or less safe. | |
115 | * | |
5b1c674d | 116 | * We do not even try to look at transfer_buffer, because it can |
02568396 PZ |
117 | * contain non-NULL garbage in case the upper level promised to |
118 | * set DMA for the HCD. | |
119 | */ | |
120 | if (urb->transfer_flags & URB_NO_TRANSFER_DMA_MAP) | |
121 | return mon_dmapeek(ep->data, urb->transfer_dma, len); | |
122 | ||
123 | if (urb->transfer_buffer == NULL) | |
124 | return 'Z'; /* '0' would be not as pretty. */ | |
125 | ||
1da177e4 LT |
126 | memcpy(ep->data, urb->transfer_buffer, len); |
127 | return 0; | |
128 | } | |
129 | ||
130 | static inline unsigned int mon_get_timestamp(void) | |
131 | { | |
132 | struct timeval tval; | |
133 | unsigned int stamp; | |
134 | ||
135 | do_gettimeofday(&tval); | |
136 | stamp = tval.tv_sec & 0xFFFF; /* 2^32 = 4294967296. Limit to 4096s. */ | |
137 | stamp = stamp * 1000000 + tval.tv_usec; | |
138 | return stamp; | |
139 | } | |
140 | ||
141 | static void mon_text_event(struct mon_reader_text *rp, struct urb *urb, | |
142 | char ev_type) | |
143 | { | |
144 | struct mon_event_text *ep; | |
145 | unsigned int stamp; | |
146 | ||
147 | stamp = mon_get_timestamp(); | |
148 | ||
149 | if (rp->nevents >= EVENT_MAX || | |
150 | (ep = kmem_cache_alloc(rp->e_slab, SLAB_ATOMIC)) == NULL) { | |
151 | rp->r.m_bus->cnt_text_lost++; | |
152 | return; | |
153 | } | |
154 | ||
155 | ep->type = ev_type; | |
156 | ep->pipe = urb->pipe; | |
157 | ep->id = (unsigned long) urb; | |
158 | ep->tstamp = stamp; | |
159 | ep->length = (ev_type == 'S') ? | |
160 | urb->transfer_buffer_length : urb->actual_length; | |
161 | /* Collecting status makes debugging sense for submits, too */ | |
162 | ep->status = urb->status; | |
163 | ||
ae0d6cce | 164 | ep->setup_flag = mon_text_get_setup(ep, urb, ev_type); |
1da177e4 LT |
165 | ep->data_flag = mon_text_get_data(ep, urb, ep->length, ev_type); |
166 | ||
167 | rp->nevents++; | |
168 | list_add_tail(&ep->e_link, &rp->e_list); | |
169 | wake_up(&rp->wait); | |
170 | } | |
171 | ||
172 | static void mon_text_submit(void *data, struct urb *urb) | |
173 | { | |
174 | struct mon_reader_text *rp = data; | |
175 | mon_text_event(rp, urb, 'S'); | |
176 | } | |
177 | ||
178 | static void mon_text_complete(void *data, struct urb *urb) | |
179 | { | |
180 | struct mon_reader_text *rp = data; | |
181 | mon_text_event(rp, urb, 'C'); | |
182 | } | |
183 | ||
12e72fea PZ |
184 | static void mon_text_error(void *data, struct urb *urb, int error) |
185 | { | |
186 | struct mon_reader_text *rp = data; | |
187 | struct mon_event_text *ep; | |
188 | ||
189 | if (rp->nevents >= EVENT_MAX || | |
190 | (ep = kmem_cache_alloc(rp->e_slab, SLAB_ATOMIC)) == NULL) { | |
191 | rp->r.m_bus->cnt_text_lost++; | |
192 | return; | |
193 | } | |
194 | ||
195 | ep->type = 'E'; | |
196 | ep->pipe = urb->pipe; | |
197 | ep->id = (unsigned long) urb; | |
198 | ep->tstamp = 0; | |
199 | ep->length = 0; | |
200 | ep->status = error; | |
201 | ||
202 | ep->setup_flag = '-'; | |
203 | ep->data_flag = 'E'; | |
204 | ||
205 | rp->nevents++; | |
206 | list_add_tail(&ep->e_link, &rp->e_list); | |
207 | wake_up(&rp->wait); | |
208 | } | |
209 | ||
1da177e4 LT |
210 | /* |
211 | * Fetch next event from the circular buffer. | |
212 | */ | |
213 | static struct mon_event_text *mon_text_fetch(struct mon_reader_text *rp, | |
214 | struct mon_bus *mbus) | |
215 | { | |
216 | struct list_head *p; | |
217 | unsigned long flags; | |
218 | ||
219 | spin_lock_irqsave(&mbus->lock, flags); | |
220 | if (list_empty(&rp->e_list)) { | |
221 | spin_unlock_irqrestore(&mbus->lock, flags); | |
222 | return NULL; | |
223 | } | |
224 | p = rp->e_list.next; | |
225 | list_del(p); | |
226 | --rp->nevents; | |
227 | spin_unlock_irqrestore(&mbus->lock, flags); | |
228 | return list_entry(p, struct mon_event_text, e_link); | |
229 | } | |
230 | ||
231 | /* | |
232 | */ | |
233 | static int mon_text_open(struct inode *inode, struct file *file) | |
234 | { | |
235 | struct mon_bus *mbus; | |
236 | struct usb_bus *ubus; | |
237 | struct mon_reader_text *rp; | |
238 | int rc; | |
239 | ||
4186ecf8 | 240 | mutex_lock(&mon_lock); |
8e18e294 | 241 | mbus = inode->i_private; |
1da177e4 LT |
242 | ubus = mbus->u_bus; |
243 | ||
80b6ca48 | 244 | rp = kzalloc(sizeof(struct mon_reader_text), GFP_KERNEL); |
1da177e4 LT |
245 | if (rp == NULL) { |
246 | rc = -ENOMEM; | |
247 | goto err_alloc; | |
248 | } | |
1da177e4 LT |
249 | INIT_LIST_HEAD(&rp->e_list); |
250 | init_waitqueue_head(&rp->wait); | |
4186ecf8 | 251 | mutex_init(&rp->printf_lock); |
1da177e4 LT |
252 | |
253 | rp->printf_size = PRINTF_DFL; | |
254 | rp->printf_buf = kmalloc(rp->printf_size, GFP_KERNEL); | |
255 | if (rp->printf_buf == NULL) { | |
256 | rc = -ENOMEM; | |
257 | goto err_alloc_pr; | |
258 | } | |
259 | ||
260 | rp->r.m_bus = mbus; | |
261 | rp->r.r_data = rp; | |
262 | rp->r.rnf_submit = mon_text_submit; | |
12e72fea | 263 | rp->r.rnf_error = mon_text_error; |
1da177e4 LT |
264 | rp->r.rnf_complete = mon_text_complete; |
265 | ||
266 | snprintf(rp->slab_name, SLAB_NAME_SZ, "mon%dt_%lx", ubus->busnum, | |
267 | (long)rp); | |
268 | rp->e_slab = kmem_cache_create(rp->slab_name, | |
269 | sizeof(struct mon_event_text), sizeof(long), 0, | |
028d2a39 | 270 | mon_text_ctor, NULL); |
1da177e4 LT |
271 | if (rp->e_slab == NULL) { |
272 | rc = -ENOMEM; | |
273 | goto err_slab; | |
274 | } | |
275 | ||
276 | mon_reader_add(mbus, &rp->r); | |
277 | ||
278 | file->private_data = rp; | |
4186ecf8 | 279 | mutex_unlock(&mon_lock); |
1da177e4 LT |
280 | return 0; |
281 | ||
282 | // err_busy: | |
283 | // kmem_cache_destroy(rp->e_slab); | |
284 | err_slab: | |
285 | kfree(rp->printf_buf); | |
286 | err_alloc_pr: | |
287 | kfree(rp); | |
288 | err_alloc: | |
4186ecf8 | 289 | mutex_unlock(&mon_lock); |
1da177e4 LT |
290 | return rc; |
291 | } | |
292 | ||
293 | /* | |
294 | * For simplicity, we read one record in one system call and throw out | |
295 | * what does not fit. This means that the following does not work: | |
296 | * dd if=/dbg/usbmon/0t bs=10 | |
297 | * Also, we do not allow seeks and do not bother advancing the offset. | |
298 | */ | |
299 | static ssize_t mon_text_read(struct file *file, char __user *buf, | |
300 | size_t nbytes, loff_t *ppos) | |
301 | { | |
302 | struct mon_reader_text *rp = file->private_data; | |
303 | struct mon_bus *mbus = rp->r.m_bus; | |
304 | DECLARE_WAITQUEUE(waita, current); | |
305 | struct mon_event_text *ep; | |
306 | int cnt, limit; | |
307 | char *pbuf; | |
308 | char udir, utype; | |
309 | int data_len, i; | |
310 | ||
311 | add_wait_queue(&rp->wait, &waita); | |
312 | set_current_state(TASK_INTERRUPTIBLE); | |
313 | while ((ep = mon_text_fetch(rp, mbus)) == NULL) { | |
314 | if (file->f_flags & O_NONBLOCK) { | |
315 | set_current_state(TASK_RUNNING); | |
316 | remove_wait_queue(&rp->wait, &waita); | |
317 | return -EWOULDBLOCK; /* Same as EAGAIN in Linux */ | |
318 | } | |
319 | /* | |
320 | * We do not count nwaiters, because ->release is supposed | |
321 | * to be called when all openers are gone only. | |
322 | */ | |
323 | schedule(); | |
324 | if (signal_pending(current)) { | |
325 | remove_wait_queue(&rp->wait, &waita); | |
326 | return -EINTR; | |
327 | } | |
328 | set_current_state(TASK_INTERRUPTIBLE); | |
329 | } | |
330 | set_current_state(TASK_RUNNING); | |
331 | remove_wait_queue(&rp->wait, &waita); | |
332 | ||
4186ecf8 | 333 | mutex_lock(&rp->printf_lock); |
1da177e4 LT |
334 | cnt = 0; |
335 | pbuf = rp->printf_buf; | |
336 | limit = rp->printf_size; | |
337 | ||
338 | udir = usb_pipein(ep->pipe) ? 'i' : 'o'; | |
339 | switch (usb_pipetype(ep->pipe)) { | |
340 | case PIPE_ISOCHRONOUS: utype = 'Z'; break; | |
341 | case PIPE_INTERRUPT: utype = 'I'; break; | |
342 | case PIPE_CONTROL: utype = 'C'; break; | |
343 | default: /* PIPE_BULK */ utype = 'B'; | |
344 | } | |
345 | cnt += snprintf(pbuf + cnt, limit - cnt, | |
ae0d6cce | 346 | "%lx %u %c %c%c:%03u:%02u", |
1da177e4 | 347 | ep->id, ep->tstamp, ep->type, |
ae0d6cce PZ |
348 | utype, udir, usb_pipedevice(ep->pipe), usb_pipeendpoint(ep->pipe)); |
349 | ||
350 | if (ep->setup_flag == 0) { /* Setup packet is present and captured */ | |
351 | cnt += snprintf(pbuf + cnt, limit - cnt, | |
352 | " s %02x %02x %04x %04x %04x", | |
353 | ep->setup[0], | |
354 | ep->setup[1], | |
355 | (ep->setup[3] << 8) | ep->setup[2], | |
356 | (ep->setup[5] << 8) | ep->setup[4], | |
357 | (ep->setup[7] << 8) | ep->setup[6]); | |
358 | } else if (ep->setup_flag != '-') { /* Unable to capture setup packet */ | |
359 | cnt += snprintf(pbuf + cnt, limit - cnt, | |
360 | " %c __ __ ____ ____ ____", ep->setup_flag); | |
361 | } else { /* No setup for this kind of URB */ | |
362 | cnt += snprintf(pbuf + cnt, limit - cnt, " %d", ep->status); | |
363 | } | |
364 | cnt += snprintf(pbuf + cnt, limit - cnt, " %d", ep->length); | |
1da177e4 LT |
365 | |
366 | if ((data_len = ep->length) > 0) { | |
367 | if (ep->data_flag == 0) { | |
368 | cnt += snprintf(pbuf + cnt, limit - cnt, " ="); | |
369 | if (data_len >= DATA_MAX) | |
370 | data_len = DATA_MAX; | |
371 | for (i = 0; i < data_len; i++) { | |
372 | if (i % 4 == 0) { | |
373 | cnt += snprintf(pbuf + cnt, limit - cnt, | |
374 | " "); | |
375 | } | |
376 | cnt += snprintf(pbuf + cnt, limit - cnt, | |
377 | "%02x", ep->data[i]); | |
378 | } | |
379 | cnt += snprintf(pbuf + cnt, limit - cnt, "\n"); | |
380 | } else { | |
381 | cnt += snprintf(pbuf + cnt, limit - cnt, | |
382 | " %c\n", ep->data_flag); | |
383 | } | |
384 | } else { | |
385 | cnt += snprintf(pbuf + cnt, limit - cnt, "\n"); | |
386 | } | |
387 | ||
388 | if (copy_to_user(buf, rp->printf_buf, cnt)) | |
389 | cnt = -EFAULT; | |
4186ecf8 | 390 | mutex_unlock(&rp->printf_lock); |
1da177e4 LT |
391 | kmem_cache_free(rp->e_slab, ep); |
392 | return cnt; | |
393 | } | |
394 | ||
395 | static int mon_text_release(struct inode *inode, struct file *file) | |
396 | { | |
397 | struct mon_reader_text *rp = file->private_data; | |
398 | struct mon_bus *mbus; | |
399 | /* unsigned long flags; */ | |
400 | struct list_head *p; | |
401 | struct mon_event_text *ep; | |
402 | ||
4186ecf8 | 403 | mutex_lock(&mon_lock); |
8e18e294 | 404 | mbus = inode->i_private; |
1da177e4 LT |
405 | |
406 | if (mbus->nreaders <= 0) { | |
407 | printk(KERN_ERR TAG ": consistency error on close\n"); | |
4186ecf8 | 408 | mutex_unlock(&mon_lock); |
1da177e4 LT |
409 | return 0; |
410 | } | |
411 | mon_reader_del(mbus, &rp->r); | |
412 | ||
413 | /* | |
414 | * In theory, e_list is protected by mbus->lock. However, | |
415 | * after mon_reader_del has finished, the following is the case: | |
416 | * - we are not on reader list anymore, so new events won't be added; | |
417 | * - whole mbus may be dropped if it was orphaned. | |
418 | * So, we better not touch mbus. | |
419 | */ | |
420 | /* spin_lock_irqsave(&mbus->lock, flags); */ | |
421 | while (!list_empty(&rp->e_list)) { | |
422 | p = rp->e_list.next; | |
423 | ep = list_entry(p, struct mon_event_text, e_link); | |
424 | list_del(p); | |
425 | --rp->nevents; | |
426 | kmem_cache_free(rp->e_slab, ep); | |
427 | } | |
428 | /* spin_unlock_irqrestore(&mbus->lock, flags); */ | |
429 | ||
430 | kmem_cache_destroy(rp->e_slab); | |
431 | kfree(rp->printf_buf); | |
432 | kfree(rp); | |
433 | ||
4186ecf8 | 434 | mutex_unlock(&mon_lock); |
1da177e4 LT |
435 | return 0; |
436 | } | |
437 | ||
438 | struct file_operations mon_fops_text = { | |
439 | .owner = THIS_MODULE, | |
440 | .open = mon_text_open, | |
441 | .llseek = no_llseek, | |
442 | .read = mon_text_read, | |
443 | /* .write = mon_text_write, */ | |
444 | /* .poll = mon_text_poll, */ | |
445 | /* .ioctl = mon_text_ioctl, */ | |
446 | .release = mon_text_release, | |
447 | }; | |
448 | ||
449 | /* | |
450 | * Slab interface: constructor. | |
451 | */ | |
452 | static void mon_text_ctor(void *mem, kmem_cache_t *slab, unsigned long sflags) | |
453 | { | |
454 | /* | |
455 | * Nothing to initialize. No, really! | |
456 | * So, we fill it with garbage to emulate a reused object. | |
457 | */ | |
458 | memset(mem, 0xe5, sizeof(struct mon_event_text)); | |
459 | } | |
460 |