2 * The USB Monitor, inspired by Dave Harding's USBMon.
4 * This is a text format reader.
7 #include <linux/kernel.h>
8 #include <linux/list.h>
10 #include <linux/slab.h>
11 #include <linux/time.h>
12 #include <linux/ktime.h>
13 #include <linux/export.h>
14 #include <linux/mutex.h>
15 #include <linux/debugfs.h>
16 #include <linux/scatterlist.h>
17 #include <asm/uaccess.h>
22 * No, we do not want arbitrarily long data strings.
23 * Use the binary interface if you want to capture bulk data!
28 * Defined by USB 2.0 clause 9.3, table 9.2.
33 * This limit exists to prevent OOMs when the user process stops reading.
34 * If usbmon were available to unprivileged processes, it might be open
35 * to a local DoS. But we have to keep to root in order to prevent
36 * password sniffing from HID devices.
38 #define EVENT_MAX (4*PAGE_SIZE / sizeof(struct mon_event_text))
41 * Potentially unlimited number; we limit it for similar allocations.
42 * The usbfs limits this to 128, but we're not quite as generous.
46 #define PRINTF_DFL 250 /* with 5 ISOs segs */
51 unsigned int length; /* Unsigned here, signed in URB. Historic. */
54 struct mon_event_text {
55 struct list_head e_link;
56 int type; /* submit, complete, etc. */
57 unsigned long id; /* From pointer, most of the time */
64 int length; /* Depends on type: xfer length or act length */
71 int numdesc; /* Full number */
72 struct mon_iso_desc isodesc[ISODESC_MAX];
73 unsigned char setup[SETUP_MAX];
74 unsigned char data[DATA_MAX];
77 #define SLAB_NAME_SZ 30
78 struct mon_reader_text {
79 struct kmem_cache *e_slab;
81 struct list_head e_list;
82 struct mon_reader r; /* In C, parent class can be placed anywhere */
84 wait_queue_head_t wait;
89 struct mutex printf_lock;
91 char slab_name[SLAB_NAME_SZ];
94 static struct dentry *mon_dir; /* Usually /sys/kernel/debug/usbmon */
96 static void mon_text_ctor(void *);
103 static struct mon_event_text *
104 mon_text_read_wait(struct mon_reader_text *rp, struct file *file);
105 static void mon_text_read_head_t(struct mon_reader_text *rp,
106 struct mon_text_ptr *p, const struct mon_event_text *ep);
107 static void mon_text_read_head_u(struct mon_reader_text *rp,
108 struct mon_text_ptr *p, const struct mon_event_text *ep);
109 static void mon_text_read_statset(struct mon_reader_text *rp,
110 struct mon_text_ptr *p, const struct mon_event_text *ep);
111 static void mon_text_read_intstat(struct mon_reader_text *rp,
112 struct mon_text_ptr *p, const struct mon_event_text *ep);
113 static void mon_text_read_isostat(struct mon_reader_text *rp,
114 struct mon_text_ptr *p, const struct mon_event_text *ep);
115 static void mon_text_read_isodesc(struct mon_reader_text *rp,
116 struct mon_text_ptr *p, const struct mon_event_text *ep);
117 static void mon_text_read_data(struct mon_reader_text *rp,
118 struct mon_text_ptr *p, const struct mon_event_text *ep);
124 * May be called from an interrupt.
126 * This is called with the whole mon_bus locked, so no additional lock.
129 static inline char mon_text_get_setup(struct mon_event_text *ep,
130 struct urb *urb, char ev_type, struct mon_bus *mbus)
133 if (ep->xfertype != USB_ENDPOINT_XFER_CONTROL || ev_type != 'S')
136 if (urb->setup_packet == NULL)
137 return 'Z'; /* '0' would be not as pretty. */
139 memcpy(ep->setup, urb->setup_packet, SETUP_MAX);
143 static inline char mon_text_get_data(struct mon_event_text *ep, struct urb *urb,
144 int len, char ev_type, struct mon_bus *mbus)
161 if (urb->num_sgs == 0) {
162 src = urb->transfer_buffer;
164 return 'Z'; /* '0' would be not as pretty. */
166 struct scatterlist *sg = urb->sg;
168 if (PageHighMem(sg_page(sg)))
171 /* For the text interface we copy only the first sg buffer */
172 len = min_t(int, sg->length, len);
176 memcpy(ep->data, src, len);
180 static inline unsigned int mon_get_timestamp(void)
182 struct timespec64 now;
185 ktime_get_ts64(&now);
186 stamp = now.tv_sec & 0xFFF; /* 2^32 = 4294967296. Limit to 4096s. */
187 stamp = stamp * USEC_PER_SEC + now.tv_nsec / NSEC_PER_USEC;
191 static void mon_text_event(struct mon_reader_text *rp, struct urb *urb,
192 char ev_type, int status)
194 struct mon_event_text *ep;
196 struct usb_iso_packet_descriptor *fp;
197 struct mon_iso_desc *dp;
200 stamp = mon_get_timestamp();
202 if (rp->nevents >= EVENT_MAX ||
203 (ep = kmem_cache_alloc(rp->e_slab, GFP_ATOMIC)) == NULL) {
204 rp->r.m_bus->cnt_text_lost++;
209 ep->id = (unsigned long) urb;
210 ep->busnum = urb->dev->bus->busnum;
211 ep->devnum = urb->dev->devnum;
212 ep->epnum = usb_endpoint_num(&urb->ep->desc);
213 ep->xfertype = usb_endpoint_type(&urb->ep->desc);
214 ep->is_in = usb_urb_dir_in(urb);
216 ep->length = (ev_type == 'S') ?
217 urb->transfer_buffer_length : urb->actual_length;
218 /* Collecting status makes debugging sense for submits, too */
221 if (ep->xfertype == USB_ENDPOINT_XFER_INT) {
222 ep->interval = urb->interval;
223 } else if (ep->xfertype == USB_ENDPOINT_XFER_ISOC) {
224 ep->interval = urb->interval;
225 ep->start_frame = urb->start_frame;
226 ep->error_count = urb->error_count;
228 ep->numdesc = urb->number_of_packets;
229 if (ep->xfertype == USB_ENDPOINT_XFER_ISOC &&
230 urb->number_of_packets > 0) {
231 if ((ndesc = urb->number_of_packets) > ISODESC_MAX)
233 fp = urb->iso_frame_desc;
235 for (i = 0; i < ndesc; i++) {
236 dp->status = fp->status;
237 dp->offset = fp->offset;
238 dp->length = (ev_type == 'S') ?
239 fp->length : fp->actual_length;
243 /* Wasteful, but simple to understand: ISO 'C' is sparse. */
245 ep->length = urb->transfer_buffer_length;
248 ep->setup_flag = mon_text_get_setup(ep, urb, ev_type, rp->r.m_bus);
249 ep->data_flag = mon_text_get_data(ep, urb, ep->length, ev_type,
253 list_add_tail(&ep->e_link, &rp->e_list);
257 static void mon_text_submit(void *data, struct urb *urb)
259 struct mon_reader_text *rp = data;
260 mon_text_event(rp, urb, 'S', -EINPROGRESS);
263 static void mon_text_complete(void *data, struct urb *urb, int status)
265 struct mon_reader_text *rp = data;
266 mon_text_event(rp, urb, 'C', status);
269 static void mon_text_error(void *data, struct urb *urb, int error)
271 struct mon_reader_text *rp = data;
272 struct mon_event_text *ep;
274 if (rp->nevents >= EVENT_MAX ||
275 (ep = kmem_cache_alloc(rp->e_slab, GFP_ATOMIC)) == NULL) {
276 rp->r.m_bus->cnt_text_lost++;
281 ep->id = (unsigned long) urb;
282 ep->busnum = urb->dev->bus->busnum;
283 ep->devnum = urb->dev->devnum;
284 ep->epnum = usb_endpoint_num(&urb->ep->desc);
285 ep->xfertype = usb_endpoint_type(&urb->ep->desc);
286 ep->is_in = usb_urb_dir_in(urb);
287 ep->tstamp = mon_get_timestamp();
291 ep->setup_flag = '-';
295 list_add_tail(&ep->e_link, &rp->e_list);
300 * Fetch next event from the circular buffer.
302 static struct mon_event_text *mon_text_fetch(struct mon_reader_text *rp,
303 struct mon_bus *mbus)
308 spin_lock_irqsave(&mbus->lock, flags);
309 if (list_empty(&rp->e_list)) {
310 spin_unlock_irqrestore(&mbus->lock, flags);
316 spin_unlock_irqrestore(&mbus->lock, flags);
317 return list_entry(p, struct mon_event_text, e_link);
322 static int mon_text_open(struct inode *inode, struct file *file)
324 struct mon_bus *mbus;
325 struct mon_reader_text *rp;
328 mutex_lock(&mon_lock);
329 mbus = inode->i_private;
331 rp = kzalloc(sizeof(struct mon_reader_text), GFP_KERNEL);
336 INIT_LIST_HEAD(&rp->e_list);
337 init_waitqueue_head(&rp->wait);
338 mutex_init(&rp->printf_lock);
340 rp->printf_size = PRINTF_DFL;
341 rp->printf_buf = kmalloc(rp->printf_size, GFP_KERNEL);
342 if (rp->printf_buf == NULL) {
349 rp->r.rnf_submit = mon_text_submit;
350 rp->r.rnf_error = mon_text_error;
351 rp->r.rnf_complete = mon_text_complete;
353 snprintf(rp->slab_name, SLAB_NAME_SZ, "mon_text_%p", rp);
354 rp->e_slab = kmem_cache_create(rp->slab_name,
355 sizeof(struct mon_event_text), sizeof(long), 0,
357 if (rp->e_slab == NULL) {
362 mon_reader_add(mbus, &rp->r);
364 file->private_data = rp;
365 mutex_unlock(&mon_lock);
369 // kmem_cache_destroy(rp->e_slab);
371 kfree(rp->printf_buf);
375 mutex_unlock(&mon_lock);
379 static ssize_t mon_text_copy_to_user(struct mon_reader_text *rp,
380 char __user * const buf, const size_t nbytes)
382 const size_t togo = min(nbytes, rp->printf_togo);
384 if (copy_to_user(buf, &rp->printf_buf[rp->printf_offset], togo))
386 rp->printf_togo -= togo;
387 rp->printf_offset += togo;
391 /* ppos is not advanced since the llseek operation is not permitted. */
392 static ssize_t mon_text_read_t(struct file *file, char __user *buf,
393 size_t nbytes, loff_t *ppos)
395 struct mon_reader_text *rp = file->private_data;
396 struct mon_event_text *ep;
397 struct mon_text_ptr ptr;
400 mutex_lock(&rp->printf_lock);
402 if (rp->printf_togo == 0) {
404 ep = mon_text_read_wait(rp, file);
406 mutex_unlock(&rp->printf_lock);
410 ptr.pbuf = rp->printf_buf;
411 ptr.limit = rp->printf_size;
413 mon_text_read_head_t(rp, &ptr, ep);
414 mon_text_read_statset(rp, &ptr, ep);
415 ptr.cnt += snprintf(ptr.pbuf + ptr.cnt, ptr.limit - ptr.cnt,
417 mon_text_read_data(rp, &ptr, ep);
419 rp->printf_togo = ptr.cnt;
420 rp->printf_offset = 0;
422 kmem_cache_free(rp->e_slab, ep);
425 ret = mon_text_copy_to_user(rp, buf, nbytes);
426 mutex_unlock(&rp->printf_lock);
430 /* ppos is not advanced since the llseek operation is not permitted. */
431 static ssize_t mon_text_read_u(struct file *file, char __user *buf,
432 size_t nbytes, loff_t *ppos)
434 struct mon_reader_text *rp = file->private_data;
435 struct mon_event_text *ep;
436 struct mon_text_ptr ptr;
439 mutex_lock(&rp->printf_lock);
441 if (rp->printf_togo == 0) {
443 ep = mon_text_read_wait(rp, file);
445 mutex_unlock(&rp->printf_lock);
449 ptr.pbuf = rp->printf_buf;
450 ptr.limit = rp->printf_size;
452 mon_text_read_head_u(rp, &ptr, ep);
453 if (ep->type == 'E') {
454 mon_text_read_statset(rp, &ptr, ep);
455 } else if (ep->xfertype == USB_ENDPOINT_XFER_ISOC) {
456 mon_text_read_isostat(rp, &ptr, ep);
457 mon_text_read_isodesc(rp, &ptr, ep);
458 } else if (ep->xfertype == USB_ENDPOINT_XFER_INT) {
459 mon_text_read_intstat(rp, &ptr, ep);
461 mon_text_read_statset(rp, &ptr, ep);
463 ptr.cnt += snprintf(ptr.pbuf + ptr.cnt, ptr.limit - ptr.cnt,
465 mon_text_read_data(rp, &ptr, ep);
467 rp->printf_togo = ptr.cnt;
468 rp->printf_offset = 0;
470 kmem_cache_free(rp->e_slab, ep);
473 ret = mon_text_copy_to_user(rp, buf, nbytes);
474 mutex_unlock(&rp->printf_lock);
478 static struct mon_event_text *mon_text_read_wait(struct mon_reader_text *rp,
481 struct mon_bus *mbus = rp->r.m_bus;
482 DECLARE_WAITQUEUE(waita, current);
483 struct mon_event_text *ep;
485 add_wait_queue(&rp->wait, &waita);
486 set_current_state(TASK_INTERRUPTIBLE);
487 while ((ep = mon_text_fetch(rp, mbus)) == NULL) {
488 if (file->f_flags & O_NONBLOCK) {
489 set_current_state(TASK_RUNNING);
490 remove_wait_queue(&rp->wait, &waita);
491 return ERR_PTR(-EWOULDBLOCK);
494 * We do not count nwaiters, because ->release is supposed
495 * to be called when all openers are gone only.
498 if (signal_pending(current)) {
499 remove_wait_queue(&rp->wait, &waita);
500 return ERR_PTR(-EINTR);
502 set_current_state(TASK_INTERRUPTIBLE);
504 set_current_state(TASK_RUNNING);
505 remove_wait_queue(&rp->wait, &waita);
509 static void mon_text_read_head_t(struct mon_reader_text *rp,
510 struct mon_text_ptr *p, const struct mon_event_text *ep)
514 udir = (ep->is_in ? 'i' : 'o');
515 switch (ep->xfertype) {
516 case USB_ENDPOINT_XFER_ISOC: utype = 'Z'; break;
517 case USB_ENDPOINT_XFER_INT: utype = 'I'; break;
518 case USB_ENDPOINT_XFER_CONTROL: utype = 'C'; break;
519 default: /* PIPE_BULK */ utype = 'B';
521 p->cnt += snprintf(p->pbuf + p->cnt, p->limit - p->cnt,
522 "%lx %u %c %c%c:%03u:%02u",
523 ep->id, ep->tstamp, ep->type,
524 utype, udir, ep->devnum, ep->epnum);
527 static void mon_text_read_head_u(struct mon_reader_text *rp,
528 struct mon_text_ptr *p, const struct mon_event_text *ep)
532 udir = (ep->is_in ? 'i' : 'o');
533 switch (ep->xfertype) {
534 case USB_ENDPOINT_XFER_ISOC: utype = 'Z'; break;
535 case USB_ENDPOINT_XFER_INT: utype = 'I'; break;
536 case USB_ENDPOINT_XFER_CONTROL: utype = 'C'; break;
537 default: /* PIPE_BULK */ utype = 'B';
539 p->cnt += snprintf(p->pbuf + p->cnt, p->limit - p->cnt,
540 "%lx %u %c %c%c:%d:%03u:%u",
541 ep->id, ep->tstamp, ep->type,
542 utype, udir, ep->busnum, ep->devnum, ep->epnum);
545 static void mon_text_read_statset(struct mon_reader_text *rp,
546 struct mon_text_ptr *p, const struct mon_event_text *ep)
549 if (ep->setup_flag == 0) { /* Setup packet is present and captured */
550 p->cnt += snprintf(p->pbuf + p->cnt, p->limit - p->cnt,
551 " s %02x %02x %04x %04x %04x",
554 (ep->setup[3] << 8) | ep->setup[2],
555 (ep->setup[5] << 8) | ep->setup[4],
556 (ep->setup[7] << 8) | ep->setup[6]);
557 } else if (ep->setup_flag != '-') { /* Unable to capture setup packet */
558 p->cnt += snprintf(p->pbuf + p->cnt, p->limit - p->cnt,
559 " %c __ __ ____ ____ ____", ep->setup_flag);
560 } else { /* No setup for this kind of URB */
561 p->cnt += snprintf(p->pbuf + p->cnt, p->limit - p->cnt,
566 static void mon_text_read_intstat(struct mon_reader_text *rp,
567 struct mon_text_ptr *p, const struct mon_event_text *ep)
569 p->cnt += snprintf(p->pbuf + p->cnt, p->limit - p->cnt,
570 " %d:%d", ep->status, ep->interval);
573 static void mon_text_read_isostat(struct mon_reader_text *rp,
574 struct mon_text_ptr *p, const struct mon_event_text *ep)
576 if (ep->type == 'S') {
577 p->cnt += snprintf(p->pbuf + p->cnt, p->limit - p->cnt,
578 " %d:%d:%d", ep->status, ep->interval, ep->start_frame);
580 p->cnt += snprintf(p->pbuf + p->cnt, p->limit - p->cnt,
582 ep->status, ep->interval, ep->start_frame, ep->error_count);
586 static void mon_text_read_isodesc(struct mon_reader_text *rp,
587 struct mon_text_ptr *p, const struct mon_event_text *ep)
589 int ndesc; /* Display this many */
591 const struct mon_iso_desc *dp;
593 p->cnt += snprintf(p->pbuf + p->cnt, p->limit - p->cnt,
596 if (ndesc > ISODESC_MAX)
601 for (i = 0; i < ndesc; i++) {
602 p->cnt += snprintf(p->pbuf + p->cnt, p->limit - p->cnt,
603 " %d:%u:%u", dp->status, dp->offset, dp->length);
608 static void mon_text_read_data(struct mon_reader_text *rp,
609 struct mon_text_ptr *p, const struct mon_event_text *ep)
613 if ((data_len = ep->length) > 0) {
614 if (ep->data_flag == 0) {
615 p->cnt += snprintf(p->pbuf + p->cnt, p->limit - p->cnt,
617 if (data_len >= DATA_MAX)
619 for (i = 0; i < data_len; i++) {
621 p->cnt += snprintf(p->pbuf + p->cnt,
625 p->cnt += snprintf(p->pbuf + p->cnt,
627 "%02x", ep->data[i]);
629 p->cnt += snprintf(p->pbuf + p->cnt, p->limit - p->cnt,
632 p->cnt += snprintf(p->pbuf + p->cnt, p->limit - p->cnt,
633 " %c\n", ep->data_flag);
636 p->cnt += snprintf(p->pbuf + p->cnt, p->limit - p->cnt, "\n");
640 static int mon_text_release(struct inode *inode, struct file *file)
642 struct mon_reader_text *rp = file->private_data;
643 struct mon_bus *mbus;
644 /* unsigned long flags; */
646 struct mon_event_text *ep;
648 mutex_lock(&mon_lock);
649 mbus = inode->i_private;
651 if (mbus->nreaders <= 0) {
652 printk(KERN_ERR TAG ": consistency error on close\n");
653 mutex_unlock(&mon_lock);
656 mon_reader_del(mbus, &rp->r);
659 * In theory, e_list is protected by mbus->lock. However,
660 * after mon_reader_del has finished, the following is the case:
661 * - we are not on reader list anymore, so new events won't be added;
662 * - whole mbus may be dropped if it was orphaned.
663 * So, we better not touch mbus.
665 /* spin_lock_irqsave(&mbus->lock, flags); */
666 while (!list_empty(&rp->e_list)) {
668 ep = list_entry(p, struct mon_event_text, e_link);
671 kmem_cache_free(rp->e_slab, ep);
673 /* spin_unlock_irqrestore(&mbus->lock, flags); */
675 kmem_cache_destroy(rp->e_slab);
676 kfree(rp->printf_buf);
679 mutex_unlock(&mon_lock);
683 static const struct file_operations mon_fops_text_t = {
684 .owner = THIS_MODULE,
685 .open = mon_text_open,
687 .read = mon_text_read_t,
688 .release = mon_text_release,
691 static const struct file_operations mon_fops_text_u = {
692 .owner = THIS_MODULE,
693 .open = mon_text_open,
695 .read = mon_text_read_u,
696 .release = mon_text_release,
699 int mon_text_add(struct mon_bus *mbus, const struct usb_bus *ubus)
702 enum { NAMESZ = 10 };
704 int busnum = ubus? ubus->busnum: 0;
711 rc = snprintf(name, NAMESZ, "%dt", busnum);
712 if (rc <= 0 || rc >= NAMESZ)
714 d = debugfs_create_file(name, 0600, mon_dir, mbus,
721 rc = snprintf(name, NAMESZ, "%du", busnum);
722 if (rc <= 0 || rc >= NAMESZ)
724 d = debugfs_create_file(name, 0600, mon_dir, mbus, &mon_fops_text_u);
729 rc = snprintf(name, NAMESZ, "%ds", busnum);
730 if (rc <= 0 || rc >= NAMESZ)
732 d = debugfs_create_file(name, 0600, mon_dir, mbus, &mon_fops_stat);
741 debugfs_remove(mbus->dent_u);
746 debugfs_remove(mbus->dent_t);
754 void mon_text_del(struct mon_bus *mbus)
756 debugfs_remove(mbus->dent_u);
757 if (mbus->dent_t != NULL)
758 debugfs_remove(mbus->dent_t);
759 debugfs_remove(mbus->dent_s);
763 * Slab interface: constructor.
765 static void mon_text_ctor(void *mem)
768 * Nothing to initialize. No, really!
769 * So, we fill it with garbage to emulate a reused object.
771 memset(mem, 0xe5, sizeof(struct mon_event_text));
774 int __init mon_text_init(void)
776 struct dentry *mondir;
778 mondir = debugfs_create_dir("usbmon", usb_debug_root);
779 if (IS_ERR(mondir)) {
780 /* debugfs not available, but we can use usbmon without it */
783 if (mondir == NULL) {
784 printk(KERN_NOTICE TAG ": unable to create usbmon directory\n");
791 void mon_text_exit(void)
793 debugfs_remove(mon_dir);
projects / releases.git / blob