1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * The USB Monitor, inspired by Dave Harding's USBMon.
4  *
5  * mon_main.c: Main file, module initiation and exit, registrations, etc.
6  *
7  * Copyright (C) 2005 Pete Zaitcev (zaitcev@redhat.com)
8  */
9 
10 #include <linux/kernel.h>
11 #include <linux/module.h>
12 #include <linux/usb.h>
13 #include <linux/usb/hcd.h>
14 #include <linux/slab.h>
15 #include <linux/notifier.h>
16 #include <linux/mutex.h>
17 
18 #include "usb_mon.h"
19 
20 
21 static void mon_stop(struct mon_bus *mbus);
22 static void mon_dissolve(struct mon_bus *mbus, struct usb_bus *ubus);
23 static void mon_bus_drop(struct kref *r);
24 static void mon_bus_init(struct usb_bus *ubus);
25 
26 DEFINE_MUTEX(mon_lock);
27 
28 struct mon_bus mon_bus0;		/* Pseudo bus meaning "all buses" */
29 static LIST_HEAD(mon_buses);		/* All buses we know: struct mon_bus */
30 
31 /*
32  * Link a reader into the bus.
33  *
34  * This must be called with mon_lock taken because of mbus->ref.
35  */
mon_reader_add(struct mon_bus * mbus,struct mon_reader * r)36 void mon_reader_add(struct mon_bus *mbus, struct mon_reader *r)
37 {
38 	unsigned long flags;
39 	struct list_head *p;
40 
41 	spin_lock_irqsave(&mbus->lock, flags);
42 	if (mbus->nreaders == 0) {
43 		if (mbus == &mon_bus0) {
44 			list_for_each (p, &mon_buses) {
45 				struct mon_bus *m1;
46 				m1 = list_entry(p, struct mon_bus, bus_link);
47 				m1->u_bus->monitored = 1;
48 			}
49 		} else {
50 			mbus->u_bus->monitored = 1;
51 		}
52 	}
53 	mbus->nreaders++;
54 	list_add_tail(&r->r_link, &mbus->r_list);
55 	spin_unlock_irqrestore(&mbus->lock, flags);
56 
57 	kref_get(&mbus->ref);
58 }
59 
60 /*
61  * Unlink reader from the bus.
62  *
63  * This is called with mon_lock taken, so we can decrement mbus->ref.
64  */
mon_reader_del(struct mon_bus * mbus,struct mon_reader * r)65 void mon_reader_del(struct mon_bus *mbus, struct mon_reader *r)
66 {
67 	unsigned long flags;
68 
69 	spin_lock_irqsave(&mbus->lock, flags);
70 	list_del(&r->r_link);
71 	--mbus->nreaders;
72 	if (mbus->nreaders == 0)
73 		mon_stop(mbus);
74 	spin_unlock_irqrestore(&mbus->lock, flags);
75 
76 	kref_put(&mbus->ref, mon_bus_drop);
77 }
78 
79 /*
80  */
mon_bus_submit(struct mon_bus * mbus,struct urb * urb)81 static void mon_bus_submit(struct mon_bus *mbus, struct urb *urb)
82 {
83 	unsigned long flags;
84 	struct mon_reader *r;
85 
86 	spin_lock_irqsave(&mbus->lock, flags);
87 	mbus->cnt_events++;
88 	list_for_each_entry(r, &mbus->r_list, r_link)
89 		r->rnf_submit(r->r_data, urb);
90 	spin_unlock_irqrestore(&mbus->lock, flags);
91 }
92 
mon_submit(struct usb_bus * ubus,struct urb * urb)93 static void mon_submit(struct usb_bus *ubus, struct urb *urb)
94 {
95 	struct mon_bus *mbus;
96 
97 	mbus = ubus->mon_bus;
98 	if (mbus != NULL)
99 		mon_bus_submit(mbus, urb);
100 	mon_bus_submit(&mon_bus0, urb);
101 }
102 
103 /*
104  */
mon_bus_submit_error(struct mon_bus * mbus,struct urb * urb,int error)105 static void mon_bus_submit_error(struct mon_bus *mbus, struct urb *urb, int error)
106 {
107 	unsigned long flags;
108 	struct mon_reader *r;
109 
110 	spin_lock_irqsave(&mbus->lock, flags);
111 	mbus->cnt_events++;
112 	list_for_each_entry(r, &mbus->r_list, r_link)
113 		r->rnf_error(r->r_data, urb, error);
114 	spin_unlock_irqrestore(&mbus->lock, flags);
115 }
116 
mon_submit_error(struct usb_bus * ubus,struct urb * urb,int error)117 static void mon_submit_error(struct usb_bus *ubus, struct urb *urb, int error)
118 {
119 	struct mon_bus *mbus;
120 
121 	mbus = ubus->mon_bus;
122 	if (mbus != NULL)
123 		mon_bus_submit_error(mbus, urb, error);
124 	mon_bus_submit_error(&mon_bus0, urb, error);
125 }
126 
127 /*
128  */
mon_bus_complete(struct mon_bus * mbus,struct urb * urb,int status)129 static void mon_bus_complete(struct mon_bus *mbus, struct urb *urb, int status)
130 {
131 	unsigned long flags;
132 	struct mon_reader *r;
133 
134 	spin_lock_irqsave(&mbus->lock, flags);
135 	mbus->cnt_events++;
136 	list_for_each_entry(r, &mbus->r_list, r_link)
137 		r->rnf_complete(r->r_data, urb, status);
138 	spin_unlock_irqrestore(&mbus->lock, flags);
139 }
140 
mon_complete(struct usb_bus * ubus,struct urb * urb,int status)141 static void mon_complete(struct usb_bus *ubus, struct urb *urb, int status)
142 {
143 	struct mon_bus *mbus;
144 
145 	mbus = ubus->mon_bus;
146 	if (mbus != NULL)
147 		mon_bus_complete(mbus, urb, status);
148 	mon_bus_complete(&mon_bus0, urb, status);
149 }
150 
151 /* int (*unlink_urb) (struct urb *urb, int status); */
152 
153 /*
154  * Stop monitoring.
155  */
mon_stop(struct mon_bus * mbus)156 static void mon_stop(struct mon_bus *mbus)
157 {
158 	struct usb_bus *ubus;
159 
160 	if (mbus == &mon_bus0) {
161 		list_for_each_entry(mbus, &mon_buses, bus_link) {
162 			/*
163 			 * We do not change nreaders here, so rely on mon_lock.
164 			 */
165 			if (mbus->nreaders == 0 && (ubus = mbus->u_bus) != NULL)
166 				ubus->monitored = 0;
167 		}
168 	} else {
169 		/*
170 		 * A stop can be called for a dissolved mon_bus in case of
171 		 * a reader staying across an rmmod foo_hcd, so test ->u_bus.
172 		 */
173 		if (mon_bus0.nreaders == 0 && (ubus = mbus->u_bus) != NULL) {
174 			ubus->monitored = 0;
175 			mb();
176 		}
177 	}
178 }
179 
180 /*
181  * Add a USB bus (usually by a modprobe foo-hcd)
182  *
183  * This does not return an error code because the core cannot care less
184  * if monitoring is not established.
185  */
mon_bus_add(struct usb_bus * ubus)186 static void mon_bus_add(struct usb_bus *ubus)
187 {
188 	mon_bus_init(ubus);
189 	mutex_lock(&mon_lock);
190 	if (mon_bus0.nreaders != 0)
191 		ubus->monitored = 1;
192 	mutex_unlock(&mon_lock);
193 }
194 
195 /*
196  * Remove a USB bus (either from rmmod foo-hcd or from a hot-remove event).
197  */
mon_bus_remove(struct usb_bus * ubus)198 static void mon_bus_remove(struct usb_bus *ubus)
199 {
200 	struct mon_bus *mbus = ubus->mon_bus;
201 
202 	mutex_lock(&mon_lock);
203 	list_del(&mbus->bus_link);
204 	if (mbus->text_inited)
205 		mon_text_del(mbus);
206 	if (mbus->bin_inited)
207 		mon_bin_del(mbus);
208 
209 	mon_dissolve(mbus, ubus);
210 	kref_put(&mbus->ref, mon_bus_drop);
211 	mutex_unlock(&mon_lock);
212 }
213 
mon_notify(struct notifier_block * self,unsigned long action,void * dev)214 static int mon_notify(struct notifier_block *self, unsigned long action,
215 		      void *dev)
216 {
217 	switch (action) {
218 	case USB_BUS_ADD:
219 		mon_bus_add(dev);
220 		break;
221 	case USB_BUS_REMOVE:
222 		mon_bus_remove(dev);
223 	}
224 	return NOTIFY_OK;
225 }
226 
227 static struct notifier_block mon_nb = {
228 	.notifier_call = 	mon_notify,
229 };
230 
231 /*
232  * Ops
233  */
234 static const struct usb_mon_operations mon_ops_0 = {
235 	.urb_submit =	mon_submit,
236 	.urb_submit_error = mon_submit_error,
237 	.urb_complete =	mon_complete,
238 };
239 
240 /*
241  * Tear usb_bus and mon_bus apart.
242  */
mon_dissolve(struct mon_bus * mbus,struct usb_bus * ubus)243 static void mon_dissolve(struct mon_bus *mbus, struct usb_bus *ubus)
244 {
245 
246 	if (ubus->monitored) {
247 		ubus->monitored = 0;
248 		mb();
249 	}
250 
251 	ubus->mon_bus = NULL;
252 	mbus->u_bus = NULL;
253 	mb();
254 
255 	/* We want synchronize_irq() here, but that needs an argument. */
256 }
257 
258 /*
259  */
mon_bus_drop(struct kref * r)260 static void mon_bus_drop(struct kref *r)
261 {
262 	struct mon_bus *mbus = container_of(r, struct mon_bus, ref);
263 	kfree(mbus);
264 }
265 
266 /*
267  * Initialize a bus for us:
268  *  - allocate mon_bus
269  *  - refcount USB bus struct
270  *  - link
271  */
mon_bus_init(struct usb_bus * ubus)272 static void mon_bus_init(struct usb_bus *ubus)
273 {
274 	struct mon_bus *mbus;
275 
276 	mbus = kzalloc(sizeof(struct mon_bus), GFP_KERNEL);
277 	if (mbus == NULL)
278 		goto err_alloc;
279 	kref_init(&mbus->ref);
280 	spin_lock_init(&mbus->lock);
281 	INIT_LIST_HEAD(&mbus->r_list);
282 
283 	/*
284 	 * We don't need to take a reference to ubus, because we receive
285 	 * a notification if the bus is about to be removed.
286 	 */
287 	mbus->u_bus = ubus;
288 	ubus->mon_bus = mbus;
289 
290 	mbus->text_inited = mon_text_add(mbus, ubus);
291 	mbus->bin_inited = mon_bin_add(mbus, ubus);
292 
293 	mutex_lock(&mon_lock);
294 	list_add_tail(&mbus->bus_link, &mon_buses);
295 	mutex_unlock(&mon_lock);
296 	return;
297 
298 err_alloc:
299 	return;
300 }
301 
mon_bus0_init(void)302 static void mon_bus0_init(void)
303 {
304 	struct mon_bus *mbus = &mon_bus0;
305 
306 	kref_init(&mbus->ref);
307 	spin_lock_init(&mbus->lock);
308 	INIT_LIST_HEAD(&mbus->r_list);
309 
310 	mbus->text_inited = mon_text_add(mbus, NULL);
311 	mbus->bin_inited = mon_bin_add(mbus, NULL);
312 }
313 
314 /*
315  * Search a USB bus by number. Notice that USB bus numbers start from one,
316  * which we may later use to identify "all" with zero.
317  *
318  * This function must be called with mon_lock held.
319  *
320  * This is obviously inefficient and may be revised in the future.
321  */
mon_bus_lookup(unsigned int num)322 struct mon_bus *mon_bus_lookup(unsigned int num)
323 {
324 	struct mon_bus *mbus;
325 
326 	if (num == 0) {
327 		return &mon_bus0;
328 	}
329 	list_for_each_entry(mbus, &mon_buses, bus_link) {
330 		if (mbus->u_bus->busnum == num) {
331 			return mbus;
332 		}
333 	}
334 	return NULL;
335 }
336 
mon_init(void)337 static int __init mon_init(void)
338 {
339 	struct usb_bus *ubus;
340 	int rc, id;
341 
342 	if ((rc = mon_text_init()) != 0)
343 		goto err_text;
344 	if ((rc = mon_bin_init()) != 0)
345 		goto err_bin;
346 
347 	mon_bus0_init();
348 
349 	if (usb_mon_register(&mon_ops_0) != 0) {
350 		printk(KERN_NOTICE TAG ": unable to register with the core\n");
351 		rc = -ENODEV;
352 		goto err_reg;
353 	}
354 	// MOD_INC_USE_COUNT(which_module?);
355 
356 	mutex_lock(&usb_bus_idr_lock);
357 	idr_for_each_entry(&usb_bus_idr, ubus, id)
358 		mon_bus_init(ubus);
359 	usb_register_notify(&mon_nb);
360 	mutex_unlock(&usb_bus_idr_lock);
361 	return 0;
362 
363 err_reg:
364 	mon_bin_exit();
365 err_bin:
366 	mon_text_exit();
367 err_text:
368 	return rc;
369 }
370 
mon_exit(void)371 static void __exit mon_exit(void)
372 {
373 	struct mon_bus *mbus;
374 	struct list_head *p;
375 
376 	usb_unregister_notify(&mon_nb);
377 	usb_mon_deregister();
378 
379 	mutex_lock(&mon_lock);
380 
381 	while (!list_empty(&mon_buses)) {
382 		p = mon_buses.next;
383 		mbus = list_entry(p, struct mon_bus, bus_link);
384 		list_del(p);
385 
386 		if (mbus->text_inited)
387 			mon_text_del(mbus);
388 		if (mbus->bin_inited)
389 			mon_bin_del(mbus);
390 
391 		/*
392 		 * This never happens, because the open/close paths in
393 		 * file level maintain module use counters and so rmmod fails
394 		 * before reaching here. However, better be safe...
395 		 */
396 		if (mbus->nreaders) {
397 			printk(KERN_ERR TAG
398 			    ": Outstanding opens (%d) on usb%d, leaking...\n",
399 			    mbus->nreaders, mbus->u_bus->busnum);
400 			kref_get(&mbus->ref); /* Force leak */
401 		}
402 
403 		mon_dissolve(mbus, mbus->u_bus);
404 		kref_put(&mbus->ref, mon_bus_drop);
405 	}
406 
407 	mbus = &mon_bus0;
408 	if (mbus->text_inited)
409 		mon_text_del(mbus);
410 	if (mbus->bin_inited)
411 		mon_bin_del(mbus);
412 
413 	mutex_unlock(&mon_lock);
414 
415 	mon_text_exit();
416 	mon_bin_exit();
417 }
418 
419 module_init(mon_init);
420 module_exit(mon_exit);
421 
422 MODULE_DESCRIPTION("USB Monitor");
423 MODULE_LICENSE("GPL");
424