cdc-acm: reassemble fragmented notifications
authorTobias Herzog <t-herzog@gmx.de>
Thu, 30 Mar 2017 20:15:11 +0000 (22:15 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 1 Apr 2017 09:05:03 +0000 (11:05 +0200)
USB devices may have very limited endpoint packet sizes, so that
notifications can not be transferred within one single usb packet.
Reassembling of multiple packages may be necessary.

Signed-off-by: Tobias Herzog <t-herzog@gmx.de>
Acked-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/usb/class/cdc-acm.c
drivers/usb/class/cdc-acm.h

index cdabe76960bcb1133f83766406899ef87d84838e..eb854dd4ed5b4c71ab8780e734b4930fb2a9fd55 100644 (file)
@@ -36,6 +36,7 @@
 #include <linux/errno.h>
 #include <linux/init.h>
 #include <linux/slab.h>
+#include <linux/log2.h>
 #include <linux/tty.h>
 #include <linux/serial.h>
 #include <linux/tty_driver.h>
@@ -283,39 +284,13 @@ static DEVICE_ATTR(iCountryCodeRelDate, S_IRUGO, show_country_rel_date, NULL);
  * Interrupt handlers for various ACM device responses
  */
 
-/* control interface reports status changes with "interrupt" transfers */
-static void acm_ctrl_irq(struct urb *urb)
+static void acm_process_notification(struct acm *acm, unsigned char *buf)
 {
-       struct acm *acm = urb->context;
-       struct usb_cdc_notification *dr = urb->transfer_buffer;
-       unsigned char *data;
        int newctrl;
        int difference;
-       int retval;
-       int status = urb->status;
-
-       switch (status) {
-       case 0:
-               /* success */
-               break;
-       case -ECONNRESET:
-       case -ENOENT:
-       case -ESHUTDOWN:
-               /* this urb is terminated, clean up */
-               dev_dbg(&acm->control->dev,
-                       "%s - urb shutting down with status: %d\n",
-                       __func__, status);
-               return;
-       default:
-               dev_dbg(&acm->control->dev,
-                       "%s - nonzero urb status received: %d\n",
-                       __func__, status);
-               goto exit;
-       }
+       struct usb_cdc_notification *dr = (struct usb_cdc_notification *)buf;
+       unsigned char *data = buf + sizeof(struct usb_cdc_notification);
 
-       usb_mark_last_busy(acm->dev);
-
-       data = (unsigned char *)(dr + 1);
        switch (dr->bNotificationType) {
        case USB_CDC_NOTIFY_NETWORK_CONNECTION:
                dev_dbg(&acm->control->dev,
@@ -368,9 +343,83 @@ static void acm_ctrl_irq(struct urb *urb)
                        "%s - unknown notification %d received: index %d len %d\n",
                        __func__,
                        dr->bNotificationType, dr->wIndex, dr->wLength);
+       }
+}
 
+/* control interface reports status changes with "interrupt" transfers */
+static void acm_ctrl_irq(struct urb *urb)
+{
+       struct acm *acm = urb->context;
+       struct usb_cdc_notification *dr = urb->transfer_buffer;
+       unsigned int current_size = urb->actual_length;
+       unsigned int expected_size, copy_size, alloc_size;
+       int retval;
+       int status = urb->status;
+
+       switch (status) {
+       case 0:
+               /* success */
                break;
+       case -ECONNRESET:
+       case -ENOENT:
+       case -ESHUTDOWN:
+               /* this urb is terminated, clean up */
+               acm->nb_index = 0;
+               dev_dbg(&acm->control->dev,
+                       "%s - urb shutting down with status: %d\n",
+                       __func__, status);
+               return;
+       default:
+               dev_dbg(&acm->control->dev,
+                       "%s - nonzero urb status received: %d\n",
+                       __func__, status);
+               goto exit;
+       }
+
+       usb_mark_last_busy(acm->dev);
+
+       if (acm->nb_index)
+               dr = (struct usb_cdc_notification *)acm->notification_buffer;
+
+       /* size = notification-header + (optional) data */
+       expected_size = sizeof(struct usb_cdc_notification) +
+                                       le16_to_cpu(dr->wLength);
+
+       if (current_size < expected_size) {
+               /* notification is transmitted fragmented, reassemble */
+               if (acm->nb_size < expected_size) {
+                       if (acm->nb_size) {
+                               kfree(acm->notification_buffer);
+                               acm->nb_size = 0;
+                       }
+                       alloc_size = roundup_pow_of_two(expected_size);
+                       /*
+                        * kmalloc ensures a valid notification_buffer after a
+                        * use of kfree in case the previous allocation was too
+                        * small. Final freeing is done on disconnect.
+                        */
+                       acm->notification_buffer =
+                               kmalloc(alloc_size, GFP_ATOMIC);
+                       if (!acm->notification_buffer)
+                               goto exit;
+                       acm->nb_size = alloc_size;
+               }
+
+               copy_size = min(current_size,
+                               expected_size - acm->nb_index);
+
+               memcpy(&acm->notification_buffer[acm->nb_index],
+                      urb->transfer_buffer, copy_size);
+               acm->nb_index += copy_size;
+               current_size = acm->nb_index;
        }
+
+       if (current_size >= expected_size) {
+               /* notification complete */
+               acm_process_notification(acm, (unsigned char *)dr);
+               acm->nb_index = 0;
+       }
+
 exit:
        retval = usb_submit_urb(urb, GFP_ATOMIC);
        if (retval && retval != -EPERM)
@@ -1483,6 +1532,9 @@ skip_countries:
                         epctrl->bInterval ? epctrl->bInterval : 16);
        acm->ctrlurb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
        acm->ctrlurb->transfer_dma = acm->ctrl_dma;
+       acm->notification_buffer = NULL;
+       acm->nb_index = 0;
+       acm->nb_size = 0;
 
        dev_info(&intf->dev, "ttyACM%d: USB ACM device\n", minor);
 
@@ -1575,6 +1627,8 @@ static void acm_disconnect(struct usb_interface *intf)
        usb_free_coherent(acm->dev, acm->ctrlsize, acm->ctrl_buffer, acm->ctrl_dma);
        acm_read_buffers_free(acm);
 
+       kfree(acm->notification_buffer);
+
        if (!acm->combined_interfaces)
                usb_driver_release_interface(&acm_driver, intf == acm->control ?
                                        acm->data : acm->control);
index c980f11cdf560a773e6d6bc4b8fccd232c0df200..b519138364093943f3f0dc72fa36ab8b12194ec7 100644 (file)
@@ -98,6 +98,9 @@ struct acm {
        struct acm_wb *putbuffer;                       /* for acm_tty_put_char() */
        int rx_buflimit;
        spinlock_t read_lock;
+       u8 *notification_buffer;                        /* to reassemble fragmented notifications */
+       unsigned int nb_index;
+       unsigned int nb_size;
        int write_used;                                 /* number of non-empty write buffers */
        int transmitting;
        spinlock_t write_lock;