]>
Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * The USB Monitor, inspired by Dave Harding's USBMon. | |
3 | * | |
4 | * This is a text format reader. | |
5 | */ | |
6 | ||
7 | #include <linux/kernel.h> | |
8 | #include <linux/list.h> | |
9 | #include <linux/usb.h> | |
10 | #include <linux/time.h> | |
4186ecf8 | 11 | #include <linux/mutex.h> |
1da177e4 LT |
12 | #include <asm/uaccess.h> |
13 | ||
14 | #include "usb_mon.h" | |
15 | ||
16 | /* | |
17 | * No, we do not want arbitrarily long data strings. | |
18 | * Use the binary interface if you want to capture bulk data! | |
19 | */ | |
20 | #define DATA_MAX 32 | |
21 | ||
ae0d6cce PZ |
22 | /* |
23 | * Defined by USB 2.0 clause 9.3, table 9.2. | |
24 | */ | |
25 | #define SETUP_MAX 8 | |
26 | ||
1da177e4 LT |
27 | /* |
28 | * This limit exists to prevent OOMs when the user process stops reading. | |
5b1c674d PZ |
29 | * If usbmon were available to unprivileged processes, it might be open |
30 | * to a local DoS. But we have to keep to root in order to prevent | |
31 | * password sniffing from HID devices. | |
1da177e4 | 32 | */ |
5b1c674d | 33 | #define EVENT_MAX (2*PAGE_SIZE / sizeof(struct mon_event_text)) |
1da177e4 | 34 | |
5b1c674d | 35 | #define PRINTF_DFL 160 |
1da177e4 LT |
36 | |
37 | struct mon_event_text { | |
38 | struct list_head e_link; | |
39 | int type; /* submit, complete, etc. */ | |
40 | unsigned int pipe; /* Pipe */ | |
41 | unsigned long id; /* From pointer, most of the time */ | |
42 | unsigned int tstamp; | |
43 | int length; /* Depends on type: xfer length or act length */ | |
44 | int status; | |
ae0d6cce | 45 | char setup_flag; |
1da177e4 | 46 | char data_flag; |
ae0d6cce | 47 | unsigned char setup[SETUP_MAX]; |
1da177e4 LT |
48 | unsigned char data[DATA_MAX]; |
49 | }; | |
50 | ||
51 | #define SLAB_NAME_SZ 30 | |
52 | struct mon_reader_text { | |
e18b890b | 53 | struct kmem_cache *e_slab; |
1da177e4 LT |
54 | int nevents; |
55 | struct list_head e_list; | |
56 | struct mon_reader r; /* In C, parent class can be placed anywhere */ | |
57 | ||
58 | wait_queue_head_t wait; | |
59 | int printf_size; | |
60 | char *printf_buf; | |
4186ecf8 | 61 | struct mutex printf_lock; |
1da177e4 LT |
62 | |
63 | char slab_name[SLAB_NAME_SZ]; | |
64 | }; | |
65 | ||
e18b890b | 66 | static void mon_text_ctor(void *, struct kmem_cache *, unsigned long); |
1da177e4 LT |
67 | |
68 | /* | |
69 | * mon_text_submit | |
70 | * mon_text_complete | |
71 | * | |
72 | * May be called from an interrupt. | |
73 | * | |
74 | * This is called with the whole mon_bus locked, so no additional lock. | |
75 | */ | |
76 | ||
ae0d6cce | 77 | static inline char mon_text_get_setup(struct mon_event_text *ep, |
4d6cd483 | 78 | struct urb *urb, char ev_type, struct mon_bus *mbus) |
ae0d6cce PZ |
79 | { |
80 | ||
81 | if (!usb_pipecontrol(urb->pipe) || ev_type != 'S') | |
82 | return '-'; | |
83 | ||
4d6cd483 | 84 | if (mbus->uses_dma && (urb->transfer_flags & URB_NO_SETUP_DMA_MAP)) |
bc506517 | 85 | return mon_dmapeek(ep->setup, urb->setup_dma, SETUP_MAX); |
ae0d6cce PZ |
86 | if (urb->setup_packet == NULL) |
87 | return 'Z'; /* '0' would be not as pretty. */ | |
88 | ||
89 | memcpy(ep->setup, urb->setup_packet, SETUP_MAX); | |
90 | return 0; | |
91 | } | |
92 | ||
1da177e4 | 93 | static inline char mon_text_get_data(struct mon_event_text *ep, struct urb *urb, |
4d6cd483 | 94 | int len, char ev_type, struct mon_bus *mbus) |
1da177e4 LT |
95 | { |
96 | int pipe = urb->pipe; | |
1da177e4 LT |
97 | |
98 | if (len <= 0) | |
99 | return 'L'; | |
02568396 PZ |
100 | if (len >= DATA_MAX) |
101 | len = DATA_MAX; | |
1da177e4 | 102 | |
b9b09422 PZ |
103 | if (usb_pipein(pipe)) { |
104 | if (ev_type == 'S') | |
105 | return '<'; | |
106 | } else { | |
107 | if (ev_type == 'C') | |
108 | return '>'; | |
1da177e4 LT |
109 | } |
110 | ||
02568396 PZ |
111 | /* |
112 | * The check to see if it's safe to poke at data has an enormous | |
113 | * number of corner cases, but it seems that the following is | |
114 | * more or less safe. | |
115 | * | |
5b1c674d | 116 | * We do not even try to look at transfer_buffer, because it can |
02568396 PZ |
117 | * contain non-NULL garbage in case the upper level promised to |
118 | * set DMA for the HCD. | |
119 | */ | |
4d6cd483 | 120 | if (mbus->uses_dma && (urb->transfer_flags & URB_NO_TRANSFER_DMA_MAP)) |
02568396 PZ |
121 | return mon_dmapeek(ep->data, urb->transfer_dma, len); |
122 | ||
123 | if (urb->transfer_buffer == NULL) | |
124 | return 'Z'; /* '0' would be not as pretty. */ | |
125 | ||
1da177e4 LT |
126 | memcpy(ep->data, urb->transfer_buffer, len); |
127 | return 0; | |
128 | } | |
129 | ||
130 | static inline unsigned int mon_get_timestamp(void) | |
131 | { | |
132 | struct timeval tval; | |
133 | unsigned int stamp; | |
134 | ||
135 | do_gettimeofday(&tval); | |
136 | stamp = tval.tv_sec & 0xFFFF; /* 2^32 = 4294967296. Limit to 4096s. */ | |
137 | stamp = stamp * 1000000 + tval.tv_usec; | |
138 | return stamp; | |
139 | } | |
140 | ||
141 | static void mon_text_event(struct mon_reader_text *rp, struct urb *urb, | |
142 | char ev_type) | |
143 | { | |
144 | struct mon_event_text *ep; | |
145 | unsigned int stamp; | |
146 | ||
147 | stamp = mon_get_timestamp(); | |
148 | ||
149 | if (rp->nevents >= EVENT_MAX || | |
54e6ecb2 | 150 | (ep = kmem_cache_alloc(rp->e_slab, GFP_ATOMIC)) == NULL) { |
1da177e4 LT |
151 | rp->r.m_bus->cnt_text_lost++; |
152 | return; | |
153 | } | |
154 | ||
155 | ep->type = ev_type; | |
156 | ep->pipe = urb->pipe; | |
157 | ep->id = (unsigned long) urb; | |
158 | ep->tstamp = stamp; | |
159 | ep->length = (ev_type == 'S') ? | |
160 | urb->transfer_buffer_length : urb->actual_length; | |
161 | /* Collecting status makes debugging sense for submits, too */ | |
162 | ep->status = urb->status; | |
163 | ||
4d6cd483 AS |
164 | ep->setup_flag = mon_text_get_setup(ep, urb, ev_type, rp->r.m_bus); |
165 | ep->data_flag = mon_text_get_data(ep, urb, ep->length, ev_type, | |
166 | rp->r.m_bus); | |
1da177e4 LT |
167 | |
168 | rp->nevents++; | |
169 | list_add_tail(&ep->e_link, &rp->e_list); | |
170 | wake_up(&rp->wait); | |
171 | } | |
172 | ||
173 | static void mon_text_submit(void *data, struct urb *urb) | |
174 | { | |
175 | struct mon_reader_text *rp = data; | |
176 | mon_text_event(rp, urb, 'S'); | |
177 | } | |
178 | ||
179 | static void mon_text_complete(void *data, struct urb *urb) | |
180 | { | |
181 | struct mon_reader_text *rp = data; | |
182 | mon_text_event(rp, urb, 'C'); | |
183 | } | |
184 | ||
12e72fea PZ |
185 | static void mon_text_error(void *data, struct urb *urb, int error) |
186 | { | |
187 | struct mon_reader_text *rp = data; | |
188 | struct mon_event_text *ep; | |
189 | ||
190 | if (rp->nevents >= EVENT_MAX || | |
54e6ecb2 | 191 | (ep = kmem_cache_alloc(rp->e_slab, GFP_ATOMIC)) == NULL) { |
12e72fea PZ |
192 | rp->r.m_bus->cnt_text_lost++; |
193 | return; | |
194 | } | |
195 | ||
196 | ep->type = 'E'; | |
197 | ep->pipe = urb->pipe; | |
198 | ep->id = (unsigned long) urb; | |
199 | ep->tstamp = 0; | |
200 | ep->length = 0; | |
201 | ep->status = error; | |
202 | ||
203 | ep->setup_flag = '-'; | |
204 | ep->data_flag = 'E'; | |
205 | ||
206 | rp->nevents++; | |
207 | list_add_tail(&ep->e_link, &rp->e_list); | |
208 | wake_up(&rp->wait); | |
209 | } | |
210 | ||
1da177e4 LT |
211 | /* |
212 | * Fetch next event from the circular buffer. | |
213 | */ | |
214 | static struct mon_event_text *mon_text_fetch(struct mon_reader_text *rp, | |
215 | struct mon_bus *mbus) | |
216 | { | |
217 | struct list_head *p; | |
218 | unsigned long flags; | |
219 | ||
220 | spin_lock_irqsave(&mbus->lock, flags); | |
221 | if (list_empty(&rp->e_list)) { | |
222 | spin_unlock_irqrestore(&mbus->lock, flags); | |
223 | return NULL; | |
224 | } | |
225 | p = rp->e_list.next; | |
226 | list_del(p); | |
227 | --rp->nevents; | |
228 | spin_unlock_irqrestore(&mbus->lock, flags); | |
229 | return list_entry(p, struct mon_event_text, e_link); | |
230 | } | |
231 | ||
232 | /* | |
233 | */ | |
234 | static int mon_text_open(struct inode *inode, struct file *file) | |
235 | { | |
236 | struct mon_bus *mbus; | |
237 | struct usb_bus *ubus; | |
238 | struct mon_reader_text *rp; | |
239 | int rc; | |
240 | ||
4186ecf8 | 241 | mutex_lock(&mon_lock); |
8e18e294 | 242 | mbus = inode->i_private; |
1da177e4 LT |
243 | ubus = mbus->u_bus; |
244 | ||
80b6ca48 | 245 | rp = kzalloc(sizeof(struct mon_reader_text), GFP_KERNEL); |
1da177e4 LT |
246 | if (rp == NULL) { |
247 | rc = -ENOMEM; | |
248 | goto err_alloc; | |
249 | } | |
1da177e4 LT |
250 | INIT_LIST_HEAD(&rp->e_list); |
251 | init_waitqueue_head(&rp->wait); | |
4186ecf8 | 252 | mutex_init(&rp->printf_lock); |
1da177e4 LT |
253 | |
254 | rp->printf_size = PRINTF_DFL; | |
255 | rp->printf_buf = kmalloc(rp->printf_size, GFP_KERNEL); | |
256 | if (rp->printf_buf == NULL) { | |
257 | rc = -ENOMEM; | |
258 | goto err_alloc_pr; | |
259 | } | |
260 | ||
261 | rp->r.m_bus = mbus; | |
262 | rp->r.r_data = rp; | |
263 | rp->r.rnf_submit = mon_text_submit; | |
12e72fea | 264 | rp->r.rnf_error = mon_text_error; |
1da177e4 LT |
265 | rp->r.rnf_complete = mon_text_complete; |
266 | ||
267 | snprintf(rp->slab_name, SLAB_NAME_SZ, "mon%dt_%lx", ubus->busnum, | |
268 | (long)rp); | |
269 | rp->e_slab = kmem_cache_create(rp->slab_name, | |
270 | sizeof(struct mon_event_text), sizeof(long), 0, | |
028d2a39 | 271 | mon_text_ctor, NULL); |
1da177e4 LT |
272 | if (rp->e_slab == NULL) { |
273 | rc = -ENOMEM; | |
274 | goto err_slab; | |
275 | } | |
276 | ||
277 | mon_reader_add(mbus, &rp->r); | |
278 | ||
279 | file->private_data = rp; | |
4186ecf8 | 280 | mutex_unlock(&mon_lock); |
1da177e4 LT |
281 | return 0; |
282 | ||
283 | // err_busy: | |
284 | // kmem_cache_destroy(rp->e_slab); | |
285 | err_slab: | |
286 | kfree(rp->printf_buf); | |
287 | err_alloc_pr: | |
288 | kfree(rp); | |
289 | err_alloc: | |
4186ecf8 | 290 | mutex_unlock(&mon_lock); |
1da177e4 LT |
291 | return rc; |
292 | } | |
293 | ||
294 | /* | |
295 | * For simplicity, we read one record in one system call and throw out | |
296 | * what does not fit. This means that the following does not work: | |
297 | * dd if=/dbg/usbmon/0t bs=10 | |
298 | * Also, we do not allow seeks and do not bother advancing the offset. | |
299 | */ | |
300 | static ssize_t mon_text_read(struct file *file, char __user *buf, | |
301 | size_t nbytes, loff_t *ppos) | |
302 | { | |
303 | struct mon_reader_text *rp = file->private_data; | |
304 | struct mon_bus *mbus = rp->r.m_bus; | |
305 | DECLARE_WAITQUEUE(waita, current); | |
306 | struct mon_event_text *ep; | |
307 | int cnt, limit; | |
308 | char *pbuf; | |
309 | char udir, utype; | |
310 | int data_len, i; | |
311 | ||
312 | add_wait_queue(&rp->wait, &waita); | |
313 | set_current_state(TASK_INTERRUPTIBLE); | |
314 | while ((ep = mon_text_fetch(rp, mbus)) == NULL) { | |
315 | if (file->f_flags & O_NONBLOCK) { | |
316 | set_current_state(TASK_RUNNING); | |
317 | remove_wait_queue(&rp->wait, &waita); | |
318 | return -EWOULDBLOCK; /* Same as EAGAIN in Linux */ | |
319 | } | |
320 | /* | |
321 | * We do not count nwaiters, because ->release is supposed | |
322 | * to be called when all openers are gone only. | |
323 | */ | |
324 | schedule(); | |
325 | if (signal_pending(current)) { | |
326 | remove_wait_queue(&rp->wait, &waita); | |
327 | return -EINTR; | |
328 | } | |
329 | set_current_state(TASK_INTERRUPTIBLE); | |
330 | } | |
331 | set_current_state(TASK_RUNNING); | |
332 | remove_wait_queue(&rp->wait, &waita); | |
333 | ||
4186ecf8 | 334 | mutex_lock(&rp->printf_lock); |
1da177e4 LT |
335 | cnt = 0; |
336 | pbuf = rp->printf_buf; | |
337 | limit = rp->printf_size; | |
338 | ||
339 | udir = usb_pipein(ep->pipe) ? 'i' : 'o'; | |
340 | switch (usb_pipetype(ep->pipe)) { | |
341 | case PIPE_ISOCHRONOUS: utype = 'Z'; break; | |
342 | case PIPE_INTERRUPT: utype = 'I'; break; | |
343 | case PIPE_CONTROL: utype = 'C'; break; | |
344 | default: /* PIPE_BULK */ utype = 'B'; | |
345 | } | |
346 | cnt += snprintf(pbuf + cnt, limit - cnt, | |
ae0d6cce | 347 | "%lx %u %c %c%c:%03u:%02u", |
1da177e4 | 348 | ep->id, ep->tstamp, ep->type, |
ae0d6cce PZ |
349 | utype, udir, usb_pipedevice(ep->pipe), usb_pipeendpoint(ep->pipe)); |
350 | ||
351 | if (ep->setup_flag == 0) { /* Setup packet is present and captured */ | |
352 | cnt += snprintf(pbuf + cnt, limit - cnt, | |
353 | " s %02x %02x %04x %04x %04x", | |
354 | ep->setup[0], | |
355 | ep->setup[1], | |
356 | (ep->setup[3] << 8) | ep->setup[2], | |
357 | (ep->setup[5] << 8) | ep->setup[4], | |
358 | (ep->setup[7] << 8) | ep->setup[6]); | |
359 | } else if (ep->setup_flag != '-') { /* Unable to capture setup packet */ | |
360 | cnt += snprintf(pbuf + cnt, limit - cnt, | |
361 | " %c __ __ ____ ____ ____", ep->setup_flag); | |
362 | } else { /* No setup for this kind of URB */ | |
363 | cnt += snprintf(pbuf + cnt, limit - cnt, " %d", ep->status); | |
364 | } | |
365 | cnt += snprintf(pbuf + cnt, limit - cnt, " %d", ep->length); | |
1da177e4 LT |
366 | |
367 | if ((data_len = ep->length) > 0) { | |
368 | if (ep->data_flag == 0) { | |
369 | cnt += snprintf(pbuf + cnt, limit - cnt, " ="); | |
370 | if (data_len >= DATA_MAX) | |
371 | data_len = DATA_MAX; | |
372 | for (i = 0; i < data_len; i++) { | |
373 | if (i % 4 == 0) { | |
374 | cnt += snprintf(pbuf + cnt, limit - cnt, | |
375 | " "); | |
376 | } | |
377 | cnt += snprintf(pbuf + cnt, limit - cnt, | |
378 | "%02x", ep->data[i]); | |
379 | } | |
380 | cnt += snprintf(pbuf + cnt, limit - cnt, "\n"); | |
381 | } else { | |
382 | cnt += snprintf(pbuf + cnt, limit - cnt, | |
383 | " %c\n", ep->data_flag); | |
384 | } | |
385 | } else { | |
386 | cnt += snprintf(pbuf + cnt, limit - cnt, "\n"); | |
387 | } | |
388 | ||
389 | if (copy_to_user(buf, rp->printf_buf, cnt)) | |
390 | cnt = -EFAULT; | |
4186ecf8 | 391 | mutex_unlock(&rp->printf_lock); |
1da177e4 LT |
392 | kmem_cache_free(rp->e_slab, ep); |
393 | return cnt; | |
394 | } | |
395 | ||
396 | static int mon_text_release(struct inode *inode, struct file *file) | |
397 | { | |
398 | struct mon_reader_text *rp = file->private_data; | |
399 | struct mon_bus *mbus; | |
400 | /* unsigned long flags; */ | |
401 | struct list_head *p; | |
402 | struct mon_event_text *ep; | |
403 | ||
4186ecf8 | 404 | mutex_lock(&mon_lock); |
8e18e294 | 405 | mbus = inode->i_private; |
1da177e4 LT |
406 | |
407 | if (mbus->nreaders <= 0) { | |
408 | printk(KERN_ERR TAG ": consistency error on close\n"); | |
4186ecf8 | 409 | mutex_unlock(&mon_lock); |
1da177e4 LT |
410 | return 0; |
411 | } | |
412 | mon_reader_del(mbus, &rp->r); | |
413 | ||
414 | /* | |
415 | * In theory, e_list is protected by mbus->lock. However, | |
416 | * after mon_reader_del has finished, the following is the case: | |
417 | * - we are not on reader list anymore, so new events won't be added; | |
418 | * - whole mbus may be dropped if it was orphaned. | |
419 | * So, we better not touch mbus. | |
420 | */ | |
421 | /* spin_lock_irqsave(&mbus->lock, flags); */ | |
422 | while (!list_empty(&rp->e_list)) { | |
423 | p = rp->e_list.next; | |
424 | ep = list_entry(p, struct mon_event_text, e_link); | |
425 | list_del(p); | |
426 | --rp->nevents; | |
427 | kmem_cache_free(rp->e_slab, ep); | |
428 | } | |
429 | /* spin_unlock_irqrestore(&mbus->lock, flags); */ | |
430 | ||
431 | kmem_cache_destroy(rp->e_slab); | |
432 | kfree(rp->printf_buf); | |
433 | kfree(rp); | |
434 | ||
4186ecf8 | 435 | mutex_unlock(&mon_lock); |
1da177e4 LT |
436 | return 0; |
437 | } | |
438 | ||
066202dd | 439 | const struct file_operations mon_fops_text = { |
1da177e4 LT |
440 | .owner = THIS_MODULE, |
441 | .open = mon_text_open, | |
442 | .llseek = no_llseek, | |
443 | .read = mon_text_read, | |
444 | /* .write = mon_text_write, */ | |
445 | /* .poll = mon_text_poll, */ | |
446 | /* .ioctl = mon_text_ioctl, */ | |
447 | .release = mon_text_release, | |
448 | }; | |
449 | ||
450 | /* | |
451 | * Slab interface: constructor. | |
452 | */ | |
e18b890b | 453 | static void mon_text_ctor(void *mem, struct kmem_cache *slab, unsigned long sflags) |
1da177e4 LT |
454 | { |
455 | /* | |
456 | * Nothing to initialize. No, really! | |
457 | * So, we fill it with garbage to emulate a reused object. | |
458 | */ | |
459 | memset(mem, 0xe5, sizeof(struct mon_event_text)); | |
460 | } | |
461 |