2 * USB redirector usb-guest
4 * Copyright (c) 2011 Red Hat, Inc.
9 * Permission is hereby granted, free of charge, to any person obtaining a copy
10 * of this software and associated documentation files (the "Software"), to deal
11 * in the Software without restriction, including without limitation the rights
12 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
13 * copies of the Software, and to permit persons to whom the Software is
14 * furnished to do so, subject to the following conditions:
16 * The above copyright notice and this permission notice shall be included in
17 * all copies or substantial portions of the Software.
19 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
20 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
21 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
22 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
23 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
24 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
28 #include "qemu-common.h"
29 #include "qemu-timer.h"
34 #include <sys/ioctl.h>
36 #include <usbredirparser.h>
37 #include <usbredirfilter.h>
41 #define MAX_ENDPOINTS 32
42 #define EP2I(ep_address) (((ep_address & 0x80) >> 3) | (ep_address & 0x0f))
43 #define I2EP(i) (((i & 0x10) << 3) | (i & 0x0f))
45 typedef struct AsyncURB AsyncURB;
46 typedef struct USBRedirDevice USBRedirDevice;
48 /* Struct to hold buffered packets (iso or int input packets) */
53 QTAILQ_ENTRY(buf_packet)next;
59 uint8_t interface; /* bInterfaceNumber this ep belongs to */
61 uint8_t iso_error; /* For reporting iso errors to the HC */
62 uint8_t interrupt_started;
63 uint8_t interrupt_error;
64 uint8_t bufpq_prefilled;
65 uint8_t bufpq_dropping_packets;
66 QTAILQ_HEAD(, buf_packet) bufpq;
68 int bufpq_target_size;
71 struct USBRedirDevice {
77 /* Data passed from chardev the fd_read cb to the usbredirparser read cb */
78 const uint8_t *read_buf;
80 /* For async handling of open/close */
81 QEMUBH *open_close_bh;
82 /* To delay the usb attach in case of quick chardev close + open */
83 QEMUTimer *attach_timer;
84 int64_t next_attach_time;
85 struct usbredirparser *parser;
86 struct endp_data endpoint[MAX_ENDPOINTS];
88 QTAILQ_HEAD(, AsyncURB) asyncq;
89 /* Data for device filtering */
90 struct usb_redir_device_connect_header device_info;
91 struct usb_redir_interface_info_header interface_info;
92 struct usbredirfilter_rule *filter_rules;
93 int filter_rules_count;
102 struct usb_redir_control_packet_header control_packet;
103 struct usb_redir_bulk_packet_header bulk_packet;
104 struct usb_redir_interrupt_packet_header interrupt_packet;
106 QTAILQ_ENTRY(AsyncURB)next;
109 static void usbredir_device_connect(void *priv,
110 struct usb_redir_device_connect_header *device_connect);
111 static void usbredir_device_disconnect(void *priv);
112 static void usbredir_interface_info(void *priv,
113 struct usb_redir_interface_info_header *interface_info);
114 static void usbredir_ep_info(void *priv,
115 struct usb_redir_ep_info_header *ep_info);
116 static void usbredir_configuration_status(void *priv, uint32_t id,
117 struct usb_redir_configuration_status_header *configuration_status);
118 static void usbredir_alt_setting_status(void *priv, uint32_t id,
119 struct usb_redir_alt_setting_status_header *alt_setting_status);
120 static void usbredir_iso_stream_status(void *priv, uint32_t id,
121 struct usb_redir_iso_stream_status_header *iso_stream_status);
122 static void usbredir_interrupt_receiving_status(void *priv, uint32_t id,
123 struct usb_redir_interrupt_receiving_status_header
124 *interrupt_receiving_status);
125 static void usbredir_bulk_streams_status(void *priv, uint32_t id,
126 struct usb_redir_bulk_streams_status_header *bulk_streams_status);
127 static void usbredir_control_packet(void *priv, uint32_t id,
128 struct usb_redir_control_packet_header *control_packet,
129 uint8_t *data, int data_len);
130 static void usbredir_bulk_packet(void *priv, uint32_t id,
131 struct usb_redir_bulk_packet_header *bulk_packet,
132 uint8_t *data, int data_len);
133 static void usbredir_iso_packet(void *priv, uint32_t id,
134 struct usb_redir_iso_packet_header *iso_packet,
135 uint8_t *data, int data_len);
136 static void usbredir_interrupt_packet(void *priv, uint32_t id,
137 struct usb_redir_interrupt_packet_header *interrupt_header,
138 uint8_t *data, int data_len);
140 static int usbredir_handle_status(USBRedirDevice *dev,
141 int status, int actual_len);
143 #define VERSION "qemu usb-redir guest " QEMU_VERSION
151 if (dev->debug >= usbredirparser_error) { \
152 error_report("usb-redir error: " __VA_ARGS__); \
155 #define WARNING(...) \
157 if (dev->debug >= usbredirparser_warning) { \
158 error_report("usb-redir warning: " __VA_ARGS__); \
163 if (dev->debug >= usbredirparser_info) { \
164 error_report("usb-redir: " __VA_ARGS__); \
167 #define DPRINTF(...) \
169 if (dev->debug >= usbredirparser_debug) { \
170 error_report("usb-redir: " __VA_ARGS__); \
173 #define DPRINTF2(...) \
175 if (dev->debug >= usbredirparser_debug_data) { \
176 error_report("usb-redir: " __VA_ARGS__); \
180 static void usbredir_log(void *priv, int level, const char *msg)
182 USBRedirDevice *dev = priv;
184 if (dev->debug < level) {
188 error_report("%s", msg);
191 static void usbredir_log_data(USBRedirDevice *dev, const char *desc,
192 const uint8_t *data, int len)
196 if (dev->debug < usbredirparser_debug_data) {
200 for (i = 0; i < len; i += j) {
203 n = sprintf(buf, "%s", desc);
204 for (j = 0; j < 8 && i + j < len; j++) {
205 n += sprintf(buf + n, " %02X", data[i + j]);
207 error_report("%s", buf);
212 * usbredirparser io functions
215 static int usbredir_read(void *priv, uint8_t *data, int count)
217 USBRedirDevice *dev = priv;
219 if (dev->read_buf_size < count) {
220 count = dev->read_buf_size;
223 memcpy(data, dev->read_buf, count);
225 dev->read_buf_size -= count;
226 if (dev->read_buf_size) {
227 dev->read_buf += count;
229 dev->read_buf = NULL;
235 static int usbredir_write(void *priv, uint8_t *data, int count)
237 USBRedirDevice *dev = priv;
239 if (!dev->cs->opened) {
243 return qemu_chr_fe_write(dev->cs, data, count);
247 * Async and buffered packets helpers
250 static AsyncURB *async_alloc(USBRedirDevice *dev, USBPacket *p)
252 AsyncURB *aurb = (AsyncURB *) g_malloc0(sizeof(AsyncURB));
255 aurb->packet_id = dev->packet_id;
256 QTAILQ_INSERT_TAIL(&dev->asyncq, aurb, next);
262 static void async_free(USBRedirDevice *dev, AsyncURB *aurb)
264 QTAILQ_REMOVE(&dev->asyncq, aurb, next);
268 static AsyncURB *async_find(USBRedirDevice *dev, uint32_t packet_id)
272 QTAILQ_FOREACH(aurb, &dev->asyncq, next) {
273 if (aurb->packet_id == packet_id) {
277 ERROR("could not find async urb for packet_id %u\n", packet_id);
281 static void usbredir_cancel_packet(USBDevice *udev, USBPacket *p)
283 USBRedirDevice *dev = DO_UPCAST(USBRedirDevice, dev, udev);
286 QTAILQ_FOREACH(aurb, &dev->asyncq, next) {
287 if (p != aurb->packet) {
291 DPRINTF("async cancel id %u\n", aurb->packet_id);
292 usbredirparser_send_cancel_data_packet(dev->parser, aurb->packet_id);
293 usbredirparser_do_write(dev->parser);
295 /* Mark it as dead */
301 static void bufp_alloc(USBRedirDevice *dev,
302 uint8_t *data, int len, int status, uint8_t ep)
304 struct buf_packet *bufp;
306 if (!dev->endpoint[EP2I(ep)].bufpq_dropping_packets &&
307 dev->endpoint[EP2I(ep)].bufpq_size >
308 2 * dev->endpoint[EP2I(ep)].bufpq_target_size) {
309 DPRINTF("bufpq overflow, dropping packets ep %02X\n", ep);
310 dev->endpoint[EP2I(ep)].bufpq_dropping_packets = 1;
312 /* Since we're interupting the stream anyways, drop enough packets to get
313 back to our target buffer size */
314 if (dev->endpoint[EP2I(ep)].bufpq_dropping_packets) {
315 if (dev->endpoint[EP2I(ep)].bufpq_size >
316 dev->endpoint[EP2I(ep)].bufpq_target_size) {
320 dev->endpoint[EP2I(ep)].bufpq_dropping_packets = 0;
323 bufp = g_malloc(sizeof(struct buf_packet));
326 bufp->status = status;
327 QTAILQ_INSERT_TAIL(&dev->endpoint[EP2I(ep)].bufpq, bufp, next);
328 dev->endpoint[EP2I(ep)].bufpq_size++;
331 static void bufp_free(USBRedirDevice *dev, struct buf_packet *bufp,
334 QTAILQ_REMOVE(&dev->endpoint[EP2I(ep)].bufpq, bufp, next);
335 dev->endpoint[EP2I(ep)].bufpq_size--;
340 static void usbredir_free_bufpq(USBRedirDevice *dev, uint8_t ep)
342 struct buf_packet *buf, *buf_next;
344 QTAILQ_FOREACH_SAFE(buf, &dev->endpoint[EP2I(ep)].bufpq, next, buf_next) {
345 bufp_free(dev, buf, ep);
350 * USBDevice callbacks
353 static void usbredir_handle_reset(USBDevice *udev)
355 USBRedirDevice *dev = DO_UPCAST(USBRedirDevice, dev, udev);
357 DPRINTF("reset device\n");
358 usbredirparser_send_reset(dev->parser);
359 usbredirparser_do_write(dev->parser);
362 static int usbredir_handle_iso_data(USBRedirDevice *dev, USBPacket *p,
366 if (!dev->endpoint[EP2I(ep)].iso_started &&
367 !dev->endpoint[EP2I(ep)].iso_error) {
368 struct usb_redir_start_iso_stream_header start_iso = {
373 if (dev->dev.speed == USB_SPEED_HIGH) {
374 pkts_per_sec = 8000 / dev->endpoint[EP2I(ep)].interval;
376 pkts_per_sec = 1000 / dev->endpoint[EP2I(ep)].interval;
378 /* Testing has shown that we need circa 60 ms buffer */
379 dev->endpoint[EP2I(ep)].bufpq_target_size = (pkts_per_sec * 60) / 1000;
381 /* Aim for approx 100 interrupts / second on the client to
382 balance latency and interrupt load */
383 start_iso.pkts_per_urb = pkts_per_sec / 100;
384 if (start_iso.pkts_per_urb < 1) {
385 start_iso.pkts_per_urb = 1;
386 } else if (start_iso.pkts_per_urb > 32) {
387 start_iso.pkts_per_urb = 32;
390 start_iso.no_urbs = (dev->endpoint[EP2I(ep)].bufpq_target_size +
391 start_iso.pkts_per_urb - 1) /
392 start_iso.pkts_per_urb;
393 /* Output endpoints pre-fill only 1/2 of the packets, keeping the rest
394 as overflow buffer. Also see the usbredir protocol documentation */
395 if (!(ep & USB_DIR_IN)) {
396 start_iso.no_urbs *= 2;
398 if (start_iso.no_urbs > 16) {
399 start_iso.no_urbs = 16;
402 /* No id, we look at the ep when receiving a status back */
403 usbredirparser_send_start_iso_stream(dev->parser, 0, &start_iso);
404 usbredirparser_do_write(dev->parser);
405 DPRINTF("iso stream started pkts/sec %d pkts/urb %d urbs %d ep %02X\n",
406 pkts_per_sec, start_iso.pkts_per_urb, start_iso.no_urbs, ep);
407 dev->endpoint[EP2I(ep)].iso_started = 1;
408 dev->endpoint[EP2I(ep)].bufpq_prefilled = 0;
409 dev->endpoint[EP2I(ep)].bufpq_dropping_packets = 0;
412 if (ep & USB_DIR_IN) {
413 struct buf_packet *isop;
415 if (dev->endpoint[EP2I(ep)].iso_started &&
416 !dev->endpoint[EP2I(ep)].bufpq_prefilled) {
417 if (dev->endpoint[EP2I(ep)].bufpq_size <
418 dev->endpoint[EP2I(ep)].bufpq_target_size) {
419 return usbredir_handle_status(dev, 0, 0);
421 dev->endpoint[EP2I(ep)].bufpq_prefilled = 1;
424 isop = QTAILQ_FIRST(&dev->endpoint[EP2I(ep)].bufpq);
426 DPRINTF("iso-token-in ep %02X, no isop, iso_error: %d\n",
427 ep, dev->endpoint[EP2I(ep)].iso_error);
428 /* Re-fill the buffer */
429 dev->endpoint[EP2I(ep)].bufpq_prefilled = 0;
430 /* Check iso_error for stream errors, otherwise its an underrun */
431 status = dev->endpoint[EP2I(ep)].iso_error;
432 dev->endpoint[EP2I(ep)].iso_error = 0;
433 return usbredir_handle_status(dev, status, 0);
435 DPRINTF2("iso-token-in ep %02X status %d len %d queue-size: %d\n", ep,
436 isop->status, isop->len, dev->endpoint[EP2I(ep)].bufpq_size);
438 status = isop->status;
439 if (status != usb_redir_success) {
440 bufp_free(dev, isop, ep);
441 return usbredir_handle_status(dev, status, 0);
445 if (len > p->iov.size) {
446 ERROR("received iso data is larger then packet ep %02X (%d > %d)\n",
447 ep, len, (int)p->iov.size);
448 bufp_free(dev, isop, ep);
451 usb_packet_copy(p, isop->data, len);
452 bufp_free(dev, isop, ep);
455 /* If the stream was not started because of a pending error don't
456 send the packet to the usb-host */
457 if (dev->endpoint[EP2I(ep)].iso_started) {
458 struct usb_redir_iso_packet_header iso_packet = {
460 .length = p->iov.size
462 uint8_t buf[p->iov.size];
463 /* No id, we look at the ep when receiving a status back */
464 usb_packet_copy(p, buf, p->iov.size);
465 usbredirparser_send_iso_packet(dev->parser, 0, &iso_packet,
467 usbredirparser_do_write(dev->parser);
469 status = dev->endpoint[EP2I(ep)].iso_error;
470 dev->endpoint[EP2I(ep)].iso_error = 0;
471 DPRINTF2("iso-token-out ep %02X status %d len %zd\n", ep, status,
473 return usbredir_handle_status(dev, status, p->iov.size);
477 static void usbredir_stop_iso_stream(USBRedirDevice *dev, uint8_t ep)
479 struct usb_redir_stop_iso_stream_header stop_iso_stream = {
482 if (dev->endpoint[EP2I(ep)].iso_started) {
483 usbredirparser_send_stop_iso_stream(dev->parser, 0, &stop_iso_stream);
484 DPRINTF("iso stream stopped ep %02X\n", ep);
485 dev->endpoint[EP2I(ep)].iso_started = 0;
487 dev->endpoint[EP2I(ep)].iso_error = 0;
488 usbredir_free_bufpq(dev, ep);
491 static int usbredir_handle_bulk_data(USBRedirDevice *dev, USBPacket *p,
494 AsyncURB *aurb = async_alloc(dev, p);
495 struct usb_redir_bulk_packet_header bulk_packet;
497 DPRINTF("bulk-out ep %02X len %zd id %u\n", ep,
498 p->iov.size, aurb->packet_id);
500 bulk_packet.endpoint = ep;
501 bulk_packet.length = p->iov.size;
502 bulk_packet.stream_id = 0;
503 aurb->bulk_packet = bulk_packet;
505 if (ep & USB_DIR_IN) {
506 usbredirparser_send_bulk_packet(dev->parser, aurb->packet_id,
507 &bulk_packet, NULL, 0);
509 uint8_t buf[p->iov.size];
510 usb_packet_copy(p, buf, p->iov.size);
511 usbredir_log_data(dev, "bulk data out:", buf, p->iov.size);
512 usbredirparser_send_bulk_packet(dev->parser, aurb->packet_id,
513 &bulk_packet, buf, p->iov.size);
515 usbredirparser_do_write(dev->parser);
516 return USB_RET_ASYNC;
519 static int usbredir_handle_interrupt_data(USBRedirDevice *dev,
520 USBPacket *p, uint8_t ep)
522 if (ep & USB_DIR_IN) {
523 /* Input interrupt endpoint, buffered packet input */
524 struct buf_packet *intp;
527 if (!dev->endpoint[EP2I(ep)].interrupt_started &&
528 !dev->endpoint[EP2I(ep)].interrupt_error) {
529 struct usb_redir_start_interrupt_receiving_header start_int = {
532 /* No id, we look at the ep when receiving a status back */
533 usbredirparser_send_start_interrupt_receiving(dev->parser, 0,
535 usbredirparser_do_write(dev->parser);
536 DPRINTF("interrupt recv started ep %02X\n", ep);
537 dev->endpoint[EP2I(ep)].interrupt_started = 1;
538 /* We don't really want to drop interrupt packets ever, but
539 having some upper limit to how much we buffer is good. */
540 dev->endpoint[EP2I(ep)].bufpq_target_size = 1000;
541 dev->endpoint[EP2I(ep)].bufpq_dropping_packets = 0;
544 intp = QTAILQ_FIRST(&dev->endpoint[EP2I(ep)].bufpq);
546 DPRINTF2("interrupt-token-in ep %02X, no intp\n", ep);
547 /* Check interrupt_error for stream errors */
548 status = dev->endpoint[EP2I(ep)].interrupt_error;
549 dev->endpoint[EP2I(ep)].interrupt_error = 0;
550 return usbredir_handle_status(dev, status, 0);
552 DPRINTF("interrupt-token-in ep %02X status %d len %d\n", ep,
553 intp->status, intp->len);
555 status = intp->status;
556 if (status != usb_redir_success) {
557 bufp_free(dev, intp, ep);
558 return usbredir_handle_status(dev, status, 0);
562 if (len > p->iov.size) {
563 ERROR("received int data is larger then packet ep %02X\n", ep);
564 bufp_free(dev, intp, ep);
567 usb_packet_copy(p, intp->data, len);
568 bufp_free(dev, intp, ep);
571 /* Output interrupt endpoint, normal async operation */
572 AsyncURB *aurb = async_alloc(dev, p);
573 struct usb_redir_interrupt_packet_header interrupt_packet;
574 uint8_t buf[p->iov.size];
576 DPRINTF("interrupt-out ep %02X len %zd id %u\n", ep, p->iov.size,
579 interrupt_packet.endpoint = ep;
580 interrupt_packet.length = p->iov.size;
581 aurb->interrupt_packet = interrupt_packet;
583 usb_packet_copy(p, buf, p->iov.size);
584 usbredir_log_data(dev, "interrupt data out:", buf, p->iov.size);
585 usbredirparser_send_interrupt_packet(dev->parser, aurb->packet_id,
586 &interrupt_packet, buf, p->iov.size);
587 usbredirparser_do_write(dev->parser);
588 return USB_RET_ASYNC;
592 static void usbredir_stop_interrupt_receiving(USBRedirDevice *dev,
595 struct usb_redir_stop_interrupt_receiving_header stop_interrupt_recv = {
598 if (dev->endpoint[EP2I(ep)].interrupt_started) {
599 usbredirparser_send_stop_interrupt_receiving(dev->parser, 0,
600 &stop_interrupt_recv);
601 DPRINTF("interrupt recv stopped ep %02X\n", ep);
602 dev->endpoint[EP2I(ep)].interrupt_started = 0;
604 dev->endpoint[EP2I(ep)].interrupt_error = 0;
605 usbredir_free_bufpq(dev, ep);
608 static int usbredir_handle_data(USBDevice *udev, USBPacket *p)
610 USBRedirDevice *dev = DO_UPCAST(USBRedirDevice, dev, udev);
614 if (p->pid == USB_TOKEN_IN) {
618 switch (dev->endpoint[EP2I(ep)].type) {
619 case USB_ENDPOINT_XFER_CONTROL:
620 ERROR("handle_data called for control transfer on ep %02X\n", ep);
622 case USB_ENDPOINT_XFER_ISOC:
623 return usbredir_handle_iso_data(dev, p, ep);
624 case USB_ENDPOINT_XFER_BULK:
625 return usbredir_handle_bulk_data(dev, p, ep);
626 case USB_ENDPOINT_XFER_INT:
627 return usbredir_handle_interrupt_data(dev, p, ep);
629 ERROR("handle_data ep %02X has unknown type %d\n", ep,
630 dev->endpoint[EP2I(ep)].type);
635 static int usbredir_set_config(USBRedirDevice *dev, USBPacket *p,
638 struct usb_redir_set_configuration_header set_config;
639 AsyncURB *aurb = async_alloc(dev, p);
642 DPRINTF("set config %d id %u\n", config, aurb->packet_id);
644 for (i = 0; i < MAX_ENDPOINTS; i++) {
645 switch (dev->endpoint[i].type) {
646 case USB_ENDPOINT_XFER_ISOC:
647 usbredir_stop_iso_stream(dev, I2EP(i));
649 case USB_ENDPOINT_XFER_INT:
651 usbredir_stop_interrupt_receiving(dev, I2EP(i));
655 usbredir_free_bufpq(dev, I2EP(i));
658 set_config.configuration = config;
659 usbredirparser_send_set_configuration(dev->parser, aurb->packet_id,
661 usbredirparser_do_write(dev->parser);
662 return USB_RET_ASYNC;
665 static int usbredir_get_config(USBRedirDevice *dev, USBPacket *p)
667 AsyncURB *aurb = async_alloc(dev, p);
669 DPRINTF("get config id %u\n", aurb->packet_id);
672 usbredirparser_send_get_configuration(dev->parser, aurb->packet_id);
673 usbredirparser_do_write(dev->parser);
674 return USB_RET_ASYNC;
677 static int usbredir_set_interface(USBRedirDevice *dev, USBPacket *p,
678 int interface, int alt)
680 struct usb_redir_set_alt_setting_header set_alt;
681 AsyncURB *aurb = async_alloc(dev, p);
684 DPRINTF("set interface %d alt %d id %u\n", interface, alt,
687 for (i = 0; i < MAX_ENDPOINTS; i++) {
688 if (dev->endpoint[i].interface == interface) {
689 switch (dev->endpoint[i].type) {
690 case USB_ENDPOINT_XFER_ISOC:
691 usbredir_stop_iso_stream(dev, I2EP(i));
693 case USB_ENDPOINT_XFER_INT:
695 usbredir_stop_interrupt_receiving(dev, I2EP(i));
699 usbredir_free_bufpq(dev, I2EP(i));
703 set_alt.interface = interface;
705 usbredirparser_send_set_alt_setting(dev->parser, aurb->packet_id,
707 usbredirparser_do_write(dev->parser);
708 return USB_RET_ASYNC;
711 static int usbredir_get_interface(USBRedirDevice *dev, USBPacket *p,
714 struct usb_redir_get_alt_setting_header get_alt;
715 AsyncURB *aurb = async_alloc(dev, p);
717 DPRINTF("get interface %d id %u\n", interface, aurb->packet_id);
719 get_alt.interface = interface;
721 usbredirparser_send_get_alt_setting(dev->parser, aurb->packet_id,
723 usbredirparser_do_write(dev->parser);
724 return USB_RET_ASYNC;
727 static int usbredir_handle_control(USBDevice *udev, USBPacket *p,
728 int request, int value, int index, int length, uint8_t *data)
730 USBRedirDevice *dev = DO_UPCAST(USBRedirDevice, dev, udev);
731 struct usb_redir_control_packet_header control_packet;
734 /* Special cases for certain standard device requests */
736 case DeviceOutRequest | USB_REQ_SET_ADDRESS:
737 DPRINTF("set address %d\n", value);
738 dev->dev.addr = value;
740 case DeviceOutRequest | USB_REQ_SET_CONFIGURATION:
741 return usbredir_set_config(dev, p, value & 0xff);
742 case DeviceRequest | USB_REQ_GET_CONFIGURATION:
743 return usbredir_get_config(dev, p);
744 case InterfaceOutRequest | USB_REQ_SET_INTERFACE:
745 return usbredir_set_interface(dev, p, index, value);
746 case InterfaceRequest | USB_REQ_GET_INTERFACE:
747 return usbredir_get_interface(dev, p, index);
750 /* "Normal" ctrl requests */
751 aurb = async_alloc(dev, p);
753 /* Note request is (bRequestType << 8) | bRequest */
754 DPRINTF("ctrl-out type 0x%x req 0x%x val 0x%x index %d len %d id %u\n",
755 request >> 8, request & 0xff, value, index, length,
758 control_packet.request = request & 0xFF;
759 control_packet.requesttype = request >> 8;
760 control_packet.endpoint = control_packet.requesttype & USB_DIR_IN;
761 control_packet.value = value;
762 control_packet.index = index;
763 control_packet.length = length;
764 aurb->control_packet = control_packet;
766 if (control_packet.requesttype & USB_DIR_IN) {
767 usbredirparser_send_control_packet(dev->parser, aurb->packet_id,
768 &control_packet, NULL, 0);
770 usbredir_log_data(dev, "ctrl data out:", data, length);
771 usbredirparser_send_control_packet(dev->parser, aurb->packet_id,
772 &control_packet, data, length);
774 usbredirparser_do_write(dev->parser);
775 return USB_RET_ASYNC;
779 * Close events can be triggered by usbredirparser_do_write which gets called
780 * from within the USBDevice data / control packet callbacks and doing a
781 * usb_detach from within these callbacks is not a good idea.
783 * So we use a bh handler to take care of close events. We also handle
784 * open events from this callback to make sure that a close directly followed
785 * by an open gets handled in the right order.
787 static void usbredir_open_close_bh(void *opaque)
789 USBRedirDevice *dev = opaque;
790 uint32_t caps[USB_REDIR_CAPS_SIZE] = { 0, };
792 usbredir_device_disconnect(dev);
795 usbredirparser_destroy(dev->parser);
799 if (dev->cs->opened) {
800 dev->parser = qemu_oom_check(usbredirparser_create());
801 dev->parser->priv = dev;
802 dev->parser->log_func = usbredir_log;
803 dev->parser->read_func = usbredir_read;
804 dev->parser->write_func = usbredir_write;
805 dev->parser->device_connect_func = usbredir_device_connect;
806 dev->parser->device_disconnect_func = usbredir_device_disconnect;
807 dev->parser->interface_info_func = usbredir_interface_info;
808 dev->parser->ep_info_func = usbredir_ep_info;
809 dev->parser->configuration_status_func = usbredir_configuration_status;
810 dev->parser->alt_setting_status_func = usbredir_alt_setting_status;
811 dev->parser->iso_stream_status_func = usbredir_iso_stream_status;
812 dev->parser->interrupt_receiving_status_func =
813 usbredir_interrupt_receiving_status;
814 dev->parser->bulk_streams_status_func = usbredir_bulk_streams_status;
815 dev->parser->control_packet_func = usbredir_control_packet;
816 dev->parser->bulk_packet_func = usbredir_bulk_packet;
817 dev->parser->iso_packet_func = usbredir_iso_packet;
818 dev->parser->interrupt_packet_func = usbredir_interrupt_packet;
819 dev->read_buf = NULL;
820 dev->read_buf_size = 0;
822 usbredirparser_caps_set_cap(caps, usb_redir_cap_connect_device_version);
823 usbredirparser_init(dev->parser, VERSION, caps, USB_REDIR_CAPS_SIZE, 0);
824 usbredirparser_do_write(dev->parser);
828 static void usbredir_do_attach(void *opaque)
830 USBRedirDevice *dev = opaque;
832 usb_device_attach(&dev->dev);
839 static int usbredir_chardev_can_read(void *opaque)
841 USBRedirDevice *dev = opaque;
844 /* usbredir_parser_do_read will consume *all* data we give it */
847 /* usbredir_open_close_bh hasn't handled the open event yet */
852 static void usbredir_chardev_read(void *opaque, const uint8_t *buf, int size)
854 USBRedirDevice *dev = opaque;
856 /* No recursion allowed! */
857 assert(dev->read_buf == NULL);
860 dev->read_buf_size = size;
862 usbredirparser_do_read(dev->parser);
863 /* Send any acks, etc. which may be queued now */
864 usbredirparser_do_write(dev->parser);
867 static void usbredir_chardev_event(void *opaque, int event)
869 USBRedirDevice *dev = opaque;
872 case CHR_EVENT_OPENED:
873 case CHR_EVENT_CLOSED:
874 qemu_bh_schedule(dev->open_close_bh);
883 static int usbredir_initfn(USBDevice *udev)
885 USBRedirDevice *dev = DO_UPCAST(USBRedirDevice, dev, udev);
888 if (dev->cs == NULL) {
889 qerror_report(QERR_MISSING_PARAMETER, "chardev");
893 if (dev->filter_str) {
894 i = usbredirfilter_string_to_rules(dev->filter_str, ":", "|",
896 &dev->filter_rules_count);
898 qerror_report(QERR_INVALID_PARAMETER_VALUE, "filter",
899 "a usb device filter string");
904 dev->open_close_bh = qemu_bh_new(usbredir_open_close_bh, dev);
905 dev->attach_timer = qemu_new_timer_ms(vm_clock, usbredir_do_attach, dev);
907 QTAILQ_INIT(&dev->asyncq);
908 for (i = 0; i < MAX_ENDPOINTS; i++) {
909 QTAILQ_INIT(&dev->endpoint[i].bufpq);
912 /* We'll do the attach once we receive the speed from the usb-host */
913 udev->auto_attach = 0;
915 /* Let the backend know we are ready */
916 qemu_chr_fe_open(dev->cs);
917 qemu_chr_add_handlers(dev->cs, usbredir_chardev_can_read,
918 usbredir_chardev_read, usbredir_chardev_event, dev);
923 static void usbredir_cleanup_device_queues(USBRedirDevice *dev)
925 AsyncURB *aurb, *next_aurb;
928 QTAILQ_FOREACH_SAFE(aurb, &dev->asyncq, next, next_aurb) {
929 async_free(dev, aurb);
931 for (i = 0; i < MAX_ENDPOINTS; i++) {
932 usbredir_free_bufpq(dev, I2EP(i));
936 static void usbredir_handle_destroy(USBDevice *udev)
938 USBRedirDevice *dev = DO_UPCAST(USBRedirDevice, dev, udev);
940 qemu_chr_fe_close(dev->cs);
941 qemu_chr_delete(dev->cs);
942 /* Note must be done after qemu_chr_close, as that causes a close event */
943 qemu_bh_delete(dev->open_close_bh);
945 qemu_del_timer(dev->attach_timer);
946 qemu_free_timer(dev->attach_timer);
948 usbredir_cleanup_device_queues(dev);
951 usbredirparser_destroy(dev->parser);
954 free(dev->filter_rules);
957 static int usbredir_check_filter(USBRedirDevice *dev)
959 if (dev->interface_info.interface_count == 0) {
960 ERROR("No interface info for device\n");
964 if (dev->filter_rules) {
965 if (!usbredirparser_peer_has_cap(dev->parser,
966 usb_redir_cap_connect_device_version)) {
967 ERROR("Device filter specified and peer does not have the "
968 "connect_device_version capability\n");
972 if (usbredirfilter_check(
974 dev->filter_rules_count,
975 dev->device_info.device_class,
976 dev->device_info.device_subclass,
977 dev->device_info.device_protocol,
978 dev->interface_info.interface_class,
979 dev->interface_info.interface_subclass,
980 dev->interface_info.interface_protocol,
981 dev->interface_info.interface_count,
982 dev->device_info.vendor_id,
983 dev->device_info.product_id,
984 dev->device_info.device_version_bcd,
994 * usbredirparser packet complete callbacks
997 static int usbredir_handle_status(USBRedirDevice *dev,
998 int status, int actual_len)
1001 case usb_redir_success:
1003 case usb_redir_stall:
1004 return USB_RET_STALL;
1005 case usb_redir_cancelled:
1006 WARNING("returning cancelled packet to HC?\n");
1007 case usb_redir_inval:
1008 case usb_redir_ioerror:
1009 case usb_redir_timeout:
1015 static void usbredir_device_connect(void *priv,
1016 struct usb_redir_device_connect_header *device_connect)
1018 USBRedirDevice *dev = priv;
1021 if (qemu_timer_pending(dev->attach_timer) || dev->dev.attached) {
1022 ERROR("Received device connect while already connected\n");
1026 switch (device_connect->speed) {
1027 case usb_redir_speed_low:
1028 speed = "low speed";
1029 dev->dev.speed = USB_SPEED_LOW;
1031 case usb_redir_speed_full:
1032 speed = "full speed";
1033 dev->dev.speed = USB_SPEED_FULL;
1035 case usb_redir_speed_high:
1036 speed = "high speed";
1037 dev->dev.speed = USB_SPEED_HIGH;
1039 case usb_redir_speed_super:
1040 speed = "super speed";
1041 dev->dev.speed = USB_SPEED_SUPER;
1044 speed = "unknown speed";
1045 dev->dev.speed = USB_SPEED_FULL;
1048 if (usbredirparser_peer_has_cap(dev->parser,
1049 usb_redir_cap_connect_device_version)) {
1050 INFO("attaching %s device %04x:%04x version %d.%d class %02x\n",
1051 speed, device_connect->vendor_id, device_connect->product_id,
1052 device_connect->device_version_bcd >> 8,
1053 device_connect->device_version_bcd & 0xff,
1054 device_connect->device_class);
1056 INFO("attaching %s device %04x:%04x class %02x\n", speed,
1057 device_connect->vendor_id, device_connect->product_id,
1058 device_connect->device_class);
1061 dev->dev.speedmask = (1 << dev->dev.speed);
1062 dev->device_info = *device_connect;
1064 if (usbredir_check_filter(dev)) {
1065 WARNING("Device %04x:%04x rejected by device filter, not attaching\n",
1066 device_connect->vendor_id, device_connect->product_id);
1070 qemu_mod_timer(dev->attach_timer, dev->next_attach_time);
1073 static void usbredir_device_disconnect(void *priv)
1075 USBRedirDevice *dev = priv;
1078 /* Stop any pending attaches */
1079 qemu_del_timer(dev->attach_timer);
1081 if (dev->dev.attached) {
1082 usb_device_detach(&dev->dev);
1084 * Delay next usb device attach to give the guest a chance to see
1085 * see the detach / attach in case of quick close / open succession
1087 dev->next_attach_time = qemu_get_clock_ms(vm_clock) + 200;
1090 /* Reset state so that the next dev connected starts with a clean slate */
1091 usbredir_cleanup_device_queues(dev);
1092 memset(dev->endpoint, 0, sizeof(dev->endpoint));
1093 for (i = 0; i < MAX_ENDPOINTS; i++) {
1094 QTAILQ_INIT(&dev->endpoint[i].bufpq);
1096 dev->interface_info.interface_count = 0;
1099 static void usbredir_interface_info(void *priv,
1100 struct usb_redir_interface_info_header *interface_info)
1102 USBRedirDevice *dev = priv;
1104 dev->interface_info = *interface_info;
1107 * If we receive interface info after the device has already been
1108 * connected (ie on a set_config), re-check the filter.
1110 if (qemu_timer_pending(dev->attach_timer) || dev->dev.attached) {
1111 if (usbredir_check_filter(dev)) {
1112 ERROR("Device no longer matches filter after interface info "
1113 "change, disconnecting!\n");
1114 usbredir_device_disconnect(dev);
1119 static void usbredir_ep_info(void *priv,
1120 struct usb_redir_ep_info_header *ep_info)
1122 USBRedirDevice *dev = priv;
1125 for (i = 0; i < MAX_ENDPOINTS; i++) {
1126 dev->endpoint[i].type = ep_info->type[i];
1127 dev->endpoint[i].interval = ep_info->interval[i];
1128 dev->endpoint[i].interface = ep_info->interface[i];
1129 switch (dev->endpoint[i].type) {
1130 case usb_redir_type_invalid:
1132 case usb_redir_type_iso:
1133 case usb_redir_type_interrupt:
1134 if (dev->endpoint[i].interval == 0) {
1135 ERROR("Received 0 interval for isoc or irq endpoint\n");
1136 usbredir_device_disconnect(dev);
1139 case usb_redir_type_control:
1140 case usb_redir_type_bulk:
1141 DPRINTF("ep: %02X type: %d interface: %d\n", I2EP(i),
1142 dev->endpoint[i].type, dev->endpoint[i].interface);
1145 ERROR("Received invalid endpoint type\n");
1146 usbredir_device_disconnect(dev);
1151 static void usbredir_configuration_status(void *priv, uint32_t id,
1152 struct usb_redir_configuration_status_header *config_status)
1154 USBRedirDevice *dev = priv;
1158 DPRINTF("set config status %d config %d id %u\n", config_status->status,
1159 config_status->configuration, id);
1161 aurb = async_find(dev, id);
1167 dev->dev.data_buf[0] = config_status->configuration;
1170 aurb->packet->result =
1171 usbredir_handle_status(dev, config_status->status, len);
1172 usb_generic_async_ctrl_complete(&dev->dev, aurb->packet);
1174 async_free(dev, aurb);
1177 static void usbredir_alt_setting_status(void *priv, uint32_t id,
1178 struct usb_redir_alt_setting_status_header *alt_setting_status)
1180 USBRedirDevice *dev = priv;
1184 DPRINTF("alt status %d intf %d alt %d id: %u\n",
1185 alt_setting_status->status,
1186 alt_setting_status->interface,
1187 alt_setting_status->alt, id);
1189 aurb = async_find(dev, id);
1195 dev->dev.data_buf[0] = alt_setting_status->alt;
1198 aurb->packet->result =
1199 usbredir_handle_status(dev, alt_setting_status->status, len);
1200 usb_generic_async_ctrl_complete(&dev->dev, aurb->packet);
1202 async_free(dev, aurb);
1205 static void usbredir_iso_stream_status(void *priv, uint32_t id,
1206 struct usb_redir_iso_stream_status_header *iso_stream_status)
1208 USBRedirDevice *dev = priv;
1209 uint8_t ep = iso_stream_status->endpoint;
1211 DPRINTF("iso status %d ep %02X id %u\n", iso_stream_status->status,
1214 if (!dev->dev.attached || !dev->endpoint[EP2I(ep)].iso_started) {
1218 dev->endpoint[EP2I(ep)].iso_error = iso_stream_status->status;
1219 if (iso_stream_status->status == usb_redir_stall) {
1220 DPRINTF("iso stream stopped by peer ep %02X\n", ep);
1221 dev->endpoint[EP2I(ep)].iso_started = 0;
1225 static void usbredir_interrupt_receiving_status(void *priv, uint32_t id,
1226 struct usb_redir_interrupt_receiving_status_header
1227 *interrupt_receiving_status)
1229 USBRedirDevice *dev = priv;
1230 uint8_t ep = interrupt_receiving_status->endpoint;
1232 DPRINTF("interrupt recv status %d ep %02X id %u\n",
1233 interrupt_receiving_status->status, ep, id);
1235 if (!dev->dev.attached || !dev->endpoint[EP2I(ep)].interrupt_started) {
1239 dev->endpoint[EP2I(ep)].interrupt_error =
1240 interrupt_receiving_status->status;
1241 if (interrupt_receiving_status->status == usb_redir_stall) {
1242 DPRINTF("interrupt receiving stopped by peer ep %02X\n", ep);
1243 dev->endpoint[EP2I(ep)].interrupt_started = 0;
1247 static void usbredir_bulk_streams_status(void *priv, uint32_t id,
1248 struct usb_redir_bulk_streams_status_header *bulk_streams_status)
1252 static void usbredir_control_packet(void *priv, uint32_t id,
1253 struct usb_redir_control_packet_header *control_packet,
1254 uint8_t *data, int data_len)
1256 USBRedirDevice *dev = priv;
1257 int len = control_packet->length;
1260 DPRINTF("ctrl-in status %d len %d id %u\n", control_packet->status,
1263 aurb = async_find(dev, id);
1269 aurb->control_packet.status = control_packet->status;
1270 aurb->control_packet.length = control_packet->length;
1271 if (memcmp(&aurb->control_packet, control_packet,
1272 sizeof(*control_packet))) {
1273 ERROR("return control packet mismatch, please report this!\n");
1278 len = usbredir_handle_status(dev, control_packet->status, len);
1280 usbredir_log_data(dev, "ctrl data in:", data, data_len);
1281 if (data_len <= sizeof(dev->dev.data_buf)) {
1282 memcpy(dev->dev.data_buf, data, data_len);
1284 ERROR("ctrl buffer too small (%d > %zu)\n",
1285 data_len, sizeof(dev->dev.data_buf));
1286 len = USB_RET_STALL;
1289 aurb->packet->result = len;
1290 usb_generic_async_ctrl_complete(&dev->dev, aurb->packet);
1292 async_free(dev, aurb);
1296 static void usbredir_bulk_packet(void *priv, uint32_t id,
1297 struct usb_redir_bulk_packet_header *bulk_packet,
1298 uint8_t *data, int data_len)
1300 USBRedirDevice *dev = priv;
1301 uint8_t ep = bulk_packet->endpoint;
1302 int len = bulk_packet->length;
1305 DPRINTF("bulk-in status %d ep %02X len %d id %u\n", bulk_packet->status,
1308 aurb = async_find(dev, id);
1314 if (aurb->bulk_packet.endpoint != bulk_packet->endpoint ||
1315 aurb->bulk_packet.stream_id != bulk_packet->stream_id) {
1316 ERROR("return bulk packet mismatch, please report this!\n");
1321 len = usbredir_handle_status(dev, bulk_packet->status, len);
1323 usbredir_log_data(dev, "bulk data in:", data, data_len);
1324 if (data_len <= aurb->packet->iov.size) {
1325 usb_packet_copy(aurb->packet, data, data_len);
1327 ERROR("bulk buffer too small (%d > %zd)\n", data_len,
1328 aurb->packet->iov.size);
1329 len = USB_RET_STALL;
1332 aurb->packet->result = len;
1333 usb_packet_complete(&dev->dev, aurb->packet);
1335 async_free(dev, aurb);
1339 static void usbredir_iso_packet(void *priv, uint32_t id,
1340 struct usb_redir_iso_packet_header *iso_packet,
1341 uint8_t *data, int data_len)
1343 USBRedirDevice *dev = priv;
1344 uint8_t ep = iso_packet->endpoint;
1346 DPRINTF2("iso-in status %d ep %02X len %d id %u\n", iso_packet->status, ep,
1349 if (dev->endpoint[EP2I(ep)].type != USB_ENDPOINT_XFER_ISOC) {
1350 ERROR("received iso packet for non iso endpoint %02X\n", ep);
1355 if (dev->endpoint[EP2I(ep)].iso_started == 0) {
1356 DPRINTF("received iso packet for non started stream ep %02X\n", ep);
1361 /* bufp_alloc also adds the packet to the ep queue */
1362 bufp_alloc(dev, data, data_len, iso_packet->status, ep);
1365 static void usbredir_interrupt_packet(void *priv, uint32_t id,
1366 struct usb_redir_interrupt_packet_header *interrupt_packet,
1367 uint8_t *data, int data_len)
1369 USBRedirDevice *dev = priv;
1370 uint8_t ep = interrupt_packet->endpoint;
1372 DPRINTF("interrupt-in status %d ep %02X len %d id %u\n",
1373 interrupt_packet->status, ep, data_len, id);
1375 if (dev->endpoint[EP2I(ep)].type != USB_ENDPOINT_XFER_INT) {
1376 ERROR("received int packet for non interrupt endpoint %02X\n", ep);
1381 if (ep & USB_DIR_IN) {
1382 if (dev->endpoint[EP2I(ep)].interrupt_started == 0) {
1383 DPRINTF("received int packet while not started ep %02X\n", ep);
1388 /* bufp_alloc also adds the packet to the ep queue */
1389 bufp_alloc(dev, data, data_len, interrupt_packet->status, ep);
1391 int len = interrupt_packet->length;
1393 AsyncURB *aurb = async_find(dev, id);
1398 if (aurb->interrupt_packet.endpoint != interrupt_packet->endpoint) {
1399 ERROR("return int packet mismatch, please report this!\n");
1404 aurb->packet->result = usbredir_handle_status(dev,
1405 interrupt_packet->status, len);
1406 usb_packet_complete(&dev->dev, aurb->packet);
1408 async_free(dev, aurb);
1412 static Property usbredir_properties[] = {
1413 DEFINE_PROP_CHR("chardev", USBRedirDevice, cs),
1414 DEFINE_PROP_UINT8("debug", USBRedirDevice, debug, 0),
1415 DEFINE_PROP_STRING("filter", USBRedirDevice, filter_str),
1416 DEFINE_PROP_END_OF_LIST(),
1419 static void usbredir_class_initfn(ObjectClass *klass, void *data)
1421 USBDeviceClass *uc = USB_DEVICE_CLASS(klass);
1422 DeviceClass *dc = DEVICE_CLASS(klass);
1424 uc->init = usbredir_initfn;
1425 uc->product_desc = "USB Redirection Device";
1426 uc->handle_destroy = usbredir_handle_destroy;
1427 uc->cancel_packet = usbredir_cancel_packet;
1428 uc->handle_reset = usbredir_handle_reset;
1429 uc->handle_data = usbredir_handle_data;
1430 uc->handle_control = usbredir_handle_control;
1431 dc->props = usbredir_properties;
1434 static TypeInfo usbredir_dev_info = {
1435 .name = "usb-redir",
1436 .parent = TYPE_USB_DEVICE,
1437 .instance_size = sizeof(USBRedirDevice),
1438 .class_init = usbredir_class_initfn,
1441 static void usbredir_register_types(void)
1443 type_register_static(&usbredir_dev_info);
1446 type_init(usbredir_register_types)
projects / qemu.git / blob