usb/usbip/stub_rx.c

0001 // SPDX-License-Identifier: GPL-2.0+
0002 /*
0003  * Copyright (C) 2003-2008 Takahiro Hirofuchi
0004  */
0005
0006 #include <asm/byteorder.h>
0007 #include <linux/kthread.h>
0008 #include <linux/usb.h>
0009 #include <linux/usb/hcd.h>
0010 #include <linux/scatterlist.h>
0011
0012 #include "usbip_common.h"
0013 #include "stub.h"
0014
0015 static int is_clear_halt_cmd(struct urb *urb)
0016 {
0017     struct usb_ctrlrequest *req;
0018
0019     req = (struct usb_ctrlrequest *) urb->setup_packet;
0020
0021     return (req->bRequest == USB_REQ_CLEAR_FEATURE) &&
0022            (req->bRequestType == USB_RECIP_ENDPOINT) &&
0023            (req->wValue == USB_ENDPOINT_HALT);
0024 }
0025
0026 static int is_set_interface_cmd(struct urb *urb)
0027 {
0028     struct usb_ctrlrequest *req;
0029
0030     req = (struct usb_ctrlrequest *) urb->setup_packet;
0031
0032     return (req->bRequest == USB_REQ_SET_INTERFACE) &&
0033         (req->bRequestType == USB_RECIP_INTERFACE);
0034 }
0035
0036 static int is_set_configuration_cmd(struct urb *urb)
0037 {
0038     struct usb_ctrlrequest *req;
0039
0040     req = (struct usb_ctrlrequest *) urb->setup_packet;
0041
0042     return (req->bRequest == USB_REQ_SET_CONFIGURATION) &&
0043         (req->bRequestType == USB_RECIP_DEVICE);
0044 }
0045
0046 static int is_reset_device_cmd(struct urb *urb)
0047 {
0048     struct usb_ctrlrequest *req;
0049     __u16 value;
0050     __u16 index;
0051
0052     req = (struct usb_ctrlrequest *) urb->setup_packet;
0053     value = le16_to_cpu(req->wValue);
0054     index = le16_to_cpu(req->wIndex);
0055
0056     if ((req->bRequest == USB_REQ_SET_FEATURE) &&
0057         (req->bRequestType == USB_RT_PORT) &&
0058         (value == USB_PORT_FEAT_RESET)) {
0059         usbip_dbg_stub_rx("reset_device_cmd, port %u\n", index);
0060         return 1;
0061     } else
0062         return 0;
0063 }
0064
0065 static int tweak_clear_halt_cmd(struct urb *urb)
0066 {
0067     struct usb_ctrlrequest *req;
0068     int target_endp;
0069     int target_dir;
0070     int target_pipe;
0071     int ret;
0072
0073     req = (struct usb_ctrlrequest *) urb->setup_packet;
0074
0075     /*
0076      * The stalled endpoint is specified in the wIndex value. The endpoint
0077      * of the urb is the target of this clear_halt request (i.e., control
0078      * endpoint).
0079      */
0080     target_endp = le16_to_cpu(req->wIndex) & 0x000f;
0081
0082     /* the stalled endpoint direction is IN or OUT?. USB_DIR_IN is 0x80.  */
0083     target_dir = le16_to_cpu(req->wIndex) & 0x0080;
0084
0085     if (target_dir)
0086         target_pipe = usb_rcvctrlpipe(urb->dev, target_endp);
0087     else
0088         target_pipe = usb_sndctrlpipe(urb->dev, target_endp);
0089
0090     ret = usb_clear_halt(urb->dev, target_pipe);
0091     if (ret < 0)
0092         dev_err(&urb->dev->dev,
0093             "usb_clear_halt error: devnum %d endp %d ret %d\n",
0094             urb->dev->devnum, target_endp, ret);
0095     else
0096         dev_info(&urb->dev->dev,
0097              "usb_clear_halt done: devnum %d endp %d\n",
0098              urb->dev->devnum, target_endp);
0099
0100     return ret;
0101 }
0102
0103 static int tweak_set_interface_cmd(struct urb *urb)
0104 {
0105     struct usb_ctrlrequest *req;
0106     __u16 alternate;
0107     __u16 interface;
0108     int ret;
0109
0110     req = (struct usb_ctrlrequest *) urb->setup_packet;
0111     alternate = le16_to_cpu(req->wValue);
0112     interface = le16_to_cpu(req->wIndex);
0113
0114     usbip_dbg_stub_rx("set_interface: inf %u alt %u\n",
0115               interface, alternate);
0116
0117     ret = usb_set_interface(urb->dev, interface, alternate);
0118     if (ret < 0)
0119         dev_err(&urb->dev->dev,
0120             "usb_set_interface error: inf %u alt %u ret %d\n",
0121             interface, alternate, ret);
0122     else
0123         dev_info(&urb->dev->dev,
0124             "usb_set_interface done: inf %u alt %u\n",
0125             interface, alternate);
0126
0127     return ret;
0128 }
0129
0130 static int tweak_set_configuration_cmd(struct urb *urb)
0131 {
0132     struct stub_priv *priv = (struct stub_priv *) urb->context;
0133     struct stub_device *sdev = priv->sdev;
0134     struct usb_ctrlrequest *req;
0135     __u16 config;
0136     int err;
0137
0138     req = (struct usb_ctrlrequest *) urb->setup_packet;
0139     config = le16_to_cpu(req->wValue);
0140
0141     usb_lock_device(sdev->udev);
0142     err = usb_set_configuration(sdev->udev, config);
0143     usb_unlock_device(sdev->udev);
0144     if (err && err != -ENODEV)
0145         dev_err(&sdev->udev->dev, "can't set config #%d, error %d\n",
0146             config, err);
0147     return 0;
0148 }
0149
0150 static int tweak_reset_device_cmd(struct urb *urb)
0151 {
0152     struct stub_priv *priv = (struct stub_priv *) urb->context;
0153     struct stub_device *sdev = priv->sdev;
0154
0155     dev_info(&urb->dev->dev, "usb_queue_reset_device\n");
0156
0157     if (usb_lock_device_for_reset(sdev->udev, NULL) < 0) {
0158         dev_err(&urb->dev->dev, "could not obtain lock to reset device\n");
0159         return 0;
0160     }
0161     usb_reset_device(sdev->udev);
0162     usb_unlock_device(sdev->udev);
0163
0164     return 0;
0165 }
0166
0167 /*
0168  * clear_halt, set_interface, and set_configuration require special tricks.
0169  */
0170 static void tweak_special_requests(struct urb *urb)
0171 {
0172     if (!urb || !urb->setup_packet)
0173         return;
0174
0175     if (usb_pipetype(urb->pipe) != PIPE_CONTROL)
0176         return;
0177
0178     if (is_clear_halt_cmd(urb))
0179         /* tweak clear_halt */
0180          tweak_clear_halt_cmd(urb);
0181
0182     else if (is_set_interface_cmd(urb))
0183         /* tweak set_interface */
0184         tweak_set_interface_cmd(urb);
0185
0186     else if (is_set_configuration_cmd(urb))
0187         /* tweak set_configuration */
0188         tweak_set_configuration_cmd(urb);
0189
0190     else if (is_reset_device_cmd(urb))
0191         tweak_reset_device_cmd(urb);
0192     else
0193         usbip_dbg_stub_rx("no need to tweak\n");
0194 }
0195
0196 /*
0197  * stub_recv_unlink() unlinks the URB by a call to usb_unlink_urb().
0198  * By unlinking the urb asynchronously, stub_rx can continuously
0199  * process coming urbs.  Even if the urb is unlinked, its completion
0200  * handler will be called and stub_tx will send a return pdu.
0201  *
0202  * See also comments about unlinking strategy in vhci_hcd.c.
0203  */
0204 static int stub_recv_cmd_unlink(struct stub_device *sdev,
0205                 struct usbip_header *pdu)
0206 {
0207     int ret, i;
0208     unsigned long flags;
0209     struct stub_priv *priv;
0210
0211     spin_lock_irqsave(&sdev->priv_lock, flags);
0212
0213     list_for_each_entry(priv, &sdev->priv_init, list) {
0214         if (priv->seqnum != pdu->u.cmd_unlink.seqnum)
0215             continue;
0216
0217         /*
0218          * This matched urb is not completed yet (i.e., be in
0219          * flight in usb hcd hardware/driver). Now we are
0220          * cancelling it. The unlinking flag means that we are
0221          * now not going to return the normal result pdu of a
0222          * submission request, but going to return a result pdu
0223          * of the unlink request.
0224          */
0225         priv->unlinking = 1;
0226
0227         /*
0228          * In the case that unlinking flag is on, prev->seqnum
0229          * is changed from the seqnum of the cancelling urb to
0230          * the seqnum of the unlink request. This will be used
0231          * to make the result pdu of the unlink request.
0232          */
0233         priv->seqnum = pdu->base.seqnum;
0234
0235         spin_unlock_irqrestore(&sdev->priv_lock, flags);
0236
0237         /*
0238          * usb_unlink_urb() is now out of spinlocking to avoid
0239          * spinlock recursion since stub_complete() is
0240          * sometimes called in this context but not in the
0241          * interrupt context.  If stub_complete() is executed
0242          * before we call usb_unlink_urb(), usb_unlink_urb()
0243          * will return an error value. In this case, stub_tx
0244          * will return the result pdu of this unlink request
0245          * though submission is completed and actual unlinking
0246          * is not executed. OK?
0247          */
0248         /* In the above case, urb->status is not -ECONNRESET,
0249          * so a driver in a client host will know the failure
0250          * of the unlink request ?
0251          */
0252         for (i = priv->completed_urbs; i < priv->num_urbs; i++) {
0253             ret = usb_unlink_urb(priv->urbs[i]);
0254             if (ret != -EINPROGRESS)
0255                 dev_err(&priv->urbs[i]->dev->dev,
0256                     "failed to unlink %d/%d urb of seqnum %lu, ret %d\n",
0257                     i + 1, priv->num_urbs,
0258                     priv->seqnum, ret);
0259         }
0260         return 0;
0261     }
0262
0263     usbip_dbg_stub_rx("seqnum %d is not pending\n",
0264               pdu->u.cmd_unlink.seqnum);
0265
0266     /*
0267      * The urb of the unlink target is not found in priv_init queue. It was
0268      * already completed and its results is/was going to be sent by a
0269      * CMD_RET pdu. In this case, usb_unlink_urb() is not needed. We only
0270      * return the completeness of this unlink request to vhci_hcd.
0271      */
0272     stub_enqueue_ret_unlink(sdev, pdu->base.seqnum, 0);
0273
0274     spin_unlock_irqrestore(&sdev->priv_lock, flags);
0275
0276     return 0;
0277 }
0278
0279 static int valid_request(struct stub_device *sdev, struct usbip_header *pdu)
0280 {
0281     struct usbip_device *ud = &sdev->ud;
0282     int valid = 0;
0283
0284     if (pdu->base.devid == sdev->devid) {
0285         spin_lock_irq(&ud->lock);
0286         if (ud->status == SDEV_ST_USED) {
0287             /* A request is valid. */
0288             valid = 1;
0289         }
0290         spin_unlock_irq(&ud->lock);
0291     }
0292
0293     return valid;
0294 }
0295
0296 static struct stub_priv *stub_priv_alloc(struct stub_device *sdev,
0297                      struct usbip_header *pdu)
0298 {
0299     struct stub_priv *priv;
0300     struct usbip_device *ud = &sdev->ud;
0301     unsigned long flags;
0302
0303     spin_lock_irqsave(&sdev->priv_lock, flags);
0304
0305     priv = kmem_cache_zalloc(stub_priv_cache, GFP_ATOMIC);
0306     if (!priv) {
0307         dev_err(&sdev->udev->dev, "alloc stub_priv\n");
0308         spin_unlock_irqrestore(&sdev->priv_lock, flags);
0309         usbip_event_add(ud, SDEV_EVENT_ERROR_MALLOC);
0310         return NULL;
0311     }
0312
0313     priv->seqnum = pdu->base.seqnum;
0314     priv->sdev = sdev;
0315
0316     /*
0317      * After a stub_priv is linked to a list_head,
0318      * our error handler can free allocated data.
0319      */
0320     list_add_tail(&priv->list, &sdev->priv_init);
0321
0322     spin_unlock_irqrestore(&sdev->priv_lock, flags);
0323
0324     return priv;
0325 }
0326
0327 static int get_pipe(struct stub_device *sdev, struct usbip_header *pdu)
0328 {
0329     struct usb_device *udev = sdev->udev;
0330     struct usb_host_endpoint *ep;
0331     struct usb_endpoint_descriptor *epd = NULL;
0332     int epnum = pdu->base.ep;
0333     int dir = pdu->base.direction;
0334
0335     if (epnum < 0 || epnum > 15)
0336         goto err_ret;
0337
0338     if (dir == USBIP_DIR_IN)
0339         ep = udev->ep_in[epnum & 0x7f];
0340     else
0341         ep = udev->ep_out[epnum & 0x7f];
0342     if (!ep)
0343         goto err_ret;
0344
0345     epd = &ep->desc;
0346
0347     if (usb_endpoint_xfer_control(epd)) {
0348         if (dir == USBIP_DIR_OUT)
0349             return usb_sndctrlpipe(udev, epnum);
0350         else
0351             return usb_rcvctrlpipe(udev, epnum);
0352     }
0353
0354     if (usb_endpoint_xfer_bulk(epd)) {
0355         if (dir == USBIP_DIR_OUT)
0356             return usb_sndbulkpipe(udev, epnum);
0357         else
0358             return usb_rcvbulkpipe(udev, epnum);
0359     }
0360
0361     if (usb_endpoint_xfer_int(epd)) {
0362         if (dir == USBIP_DIR_OUT)
0363             return usb_sndintpipe(udev, epnum);
0364         else
0365             return usb_rcvintpipe(udev, epnum);
0366     }
0367
0368     if (usb_endpoint_xfer_isoc(epd)) {
0369         /* validate number of packets */
0370         if (pdu->u.cmd_submit.number_of_packets < 0 ||
0371             pdu->u.cmd_submit.number_of_packets >
0372             USBIP_MAX_ISO_PACKETS) {
0373             dev_err(&sdev->udev->dev,
0374                 "CMD_SUBMIT: isoc invalid num packets %d\n",
0375                 pdu->u.cmd_submit.number_of_packets);
0376             return -1;
0377         }
0378         if (dir == USBIP_DIR_OUT)
0379             return usb_sndisocpipe(udev, epnum);
0380         else
0381             return usb_rcvisocpipe(udev, epnum);
0382     }
0383
0384 err_ret:
0385     /* NOT REACHED */
0386     dev_err(&sdev->udev->dev, "CMD_SUBMIT: invalid epnum %d\n", epnum);
0387     return -1;
0388 }
0389
0390 static void masking_bogus_flags(struct urb *urb)
0391 {
0392     int             xfertype;
0393     struct usb_device       *dev;
0394     struct usb_host_endpoint    *ep;
0395     int             is_out;
0396     unsigned int    allowed;
0397
0398     if (!urb || urb->hcpriv || !urb->complete)
0399         return;
0400     dev = urb->dev;
0401     if ((!dev) || (dev->state < USB_STATE_UNAUTHENTICATED))
0402         return;
0403
0404     ep = (usb_pipein(urb->pipe) ? dev->ep_in : dev->ep_out)
0405         [usb_pipeendpoint(urb->pipe)];
0406     if (!ep)
0407         return;
0408
0409     xfertype = usb_endpoint_type(&ep->desc);
0410     if (xfertype == USB_ENDPOINT_XFER_CONTROL) {
0411         struct usb_ctrlrequest *setup =
0412             (struct usb_ctrlrequest *) urb->setup_packet;
0413
0414         if (!setup)
0415             return;
0416         is_out = !(setup->bRequestType & USB_DIR_IN) ||
0417             !setup->wLength;
0418     } else {
0419         is_out = usb_endpoint_dir_out(&ep->desc);
0420     }
0421
0422     /* enforce simple/standard policy */
0423     allowed = (URB_NO_TRANSFER_DMA_MAP | URB_NO_INTERRUPT |
0424            URB_DIR_MASK | URB_FREE_BUFFER);
0425     switch (xfertype) {
0426     case USB_ENDPOINT_XFER_BULK:
0427         if (is_out)
0428             allowed |= URB_ZERO_PACKET;
0429         fallthrough;
0430     default:            /* all non-iso endpoints */
0431         if (!is_out)
0432             allowed |= URB_SHORT_NOT_OK;
0433         break;
0434     case USB_ENDPOINT_XFER_ISOC:
0435         allowed |= URB_ISO_ASAP;
0436         break;
0437     }
0438     urb->transfer_flags &= allowed;
0439 }
0440
0441 static int stub_recv_xbuff(struct usbip_device *ud, struct stub_priv *priv)
0442 {
0443     int ret;
0444     int i;
0445
0446     for (i = 0; i < priv->num_urbs; i++) {
0447         ret = usbip_recv_xbuff(ud, priv->urbs[i]);
0448         if (ret < 0)
0449             break;
0450     }
0451
0452     return ret;
0453 }
0454
0455 static void stub_recv_cmd_submit(struct stub_device *sdev,
0456                  struct usbip_header *pdu)
0457 {
0458     struct stub_priv *priv;
0459     struct usbip_device *ud = &sdev->ud;
0460     struct usb_device *udev = sdev->udev;
0461     struct scatterlist *sgl = NULL, *sg;
0462     void *buffer = NULL;
0463     unsigned long long buf_len;
0464     int nents;
0465     int num_urbs = 1;
0466     int pipe = get_pipe(sdev, pdu);
0467     int use_sg = pdu->u.cmd_submit.transfer_flags & URB_DMA_MAP_SG;
0468     int support_sg = 1;
0469     int np = 0;
0470     int ret, i;
0471
0472     if (pipe == -1)
0473         return;
0474
0475     /*
0476      * Smatch reported the error case where use_sg is true and buf_len is 0.
0477      * In this case, It adds SDEV_EVENT_ERROR_MALLOC and stub_priv will be
0478      * released by stub event handler and connection will be shut down.
0479      */
0480     priv = stub_priv_alloc(sdev, pdu);
0481     if (!priv)
0482         return;
0483
0484     buf_len = (unsigned long long)pdu->u.cmd_submit.transfer_buffer_length;
0485
0486     if (use_sg && !buf_len) {
0487         dev_err(&udev->dev, "sg buffer with zero length\n");
0488         goto err_malloc;
0489     }
0490
0491     /* allocate urb transfer buffer, if needed */
0492     if (buf_len) {
0493         if (use_sg) {
0494             sgl = sgl_alloc(buf_len, GFP_KERNEL, &nents);
0495             if (!sgl)
0496                 goto err_malloc;
0497
0498             /* Check if the server's HCD supports SG */
0499             if (!udev->bus->sg_tablesize) {
0500                 /*
0501                  * If the server's HCD doesn't support SG, break
0502                  * a single SG request into several URBs and map
0503                  * each SG list entry to corresponding URB
0504                  * buffer. The previously allocated SG list is
0505                  * stored in priv->sgl (If the server's HCD
0506                  * support SG, SG list is stored only in
0507                  * urb->sg) and it is used as an indicator that
0508                  * the server split single SG request into
0509                  * several URBs. Later, priv->sgl is used by
0510                  * stub_complete() and stub_send_ret_submit() to
0511                  * reassemble the divied URBs.
0512                  */
0513                 support_sg = 0;
0514                 num_urbs = nents;
0515                 priv->completed_urbs = 0;
0516                 pdu->u.cmd_submit.transfer_flags &=
0517                                 ~URB_DMA_MAP_SG;
0518             }
0519         } else {
0520             buffer = kzalloc(buf_len, GFP_KERNEL);
0521             if (!buffer)
0522                 goto err_malloc;
0523         }
0524     }
0525
0526     /* allocate urb array */
0527     priv->num_urbs = num_urbs;
0528     priv->urbs = kmalloc_array(num_urbs, sizeof(*priv->urbs), GFP_KERNEL);
0529     if (!priv->urbs)
0530         goto err_urbs;
0531
0532     /* setup a urb */
0533     if (support_sg) {
0534         if (usb_pipeisoc(pipe))
0535             np = pdu->u.cmd_submit.number_of_packets;
0536
0537         priv->urbs[0] = usb_alloc_urb(np, GFP_KERNEL);
0538         if (!priv->urbs[0])
0539             goto err_urb;
0540
0541         if (buf_len) {
0542             if (use_sg) {
0543                 priv->urbs[0]->sg = sgl;
0544                 priv->urbs[0]->num_sgs = nents;
0545                 priv->urbs[0]->transfer_buffer = NULL;
0546             } else {
0547                 priv->urbs[0]->transfer_buffer = buffer;
0548             }
0549         }
0550
0551         /* copy urb setup packet */
0552         priv->urbs[0]->setup_packet = kmemdup(&pdu->u.cmd_submit.setup,
0553                     8, GFP_KERNEL);
0554         if (!priv->urbs[0]->setup_packet) {
0555             usbip_event_add(ud, SDEV_EVENT_ERROR_MALLOC);
0556             return;
0557         }
0558
0559         usbip_pack_pdu(pdu, priv->urbs[0], USBIP_CMD_SUBMIT, 0);
0560     } else {
0561         for_each_sg(sgl, sg, nents, i) {
0562             priv->urbs[i] = usb_alloc_urb(0, GFP_KERNEL);
0563             /* The URBs which is previously allocated will be freed
0564              * in stub_device_cleanup_urbs() if error occurs.
0565              */
0566             if (!priv->urbs[i])
0567                 goto err_urb;
0568
0569             usbip_pack_pdu(pdu, priv->urbs[i], USBIP_CMD_SUBMIT, 0);
0570             priv->urbs[i]->transfer_buffer = sg_virt(sg);
0571             priv->urbs[i]->transfer_buffer_length = sg->length;
0572         }
0573         priv->sgl = sgl;
0574     }
0575
0576     for (i = 0; i < num_urbs; i++) {
0577         /* set other members from the base header of pdu */
0578         priv->urbs[i]->context = (void *) priv;
0579         priv->urbs[i]->dev = udev;
0580         priv->urbs[i]->pipe = pipe;
0581         priv->urbs[i]->complete = stub_complete;
0582
0583         /* no need to submit an intercepted request, but harmless? */
0584         tweak_special_requests(priv->urbs[i]);
0585
0586         masking_bogus_flags(priv->urbs[i]);
0587     }
0588
0589     if (stub_recv_xbuff(ud, priv) < 0)
0590         return;
0591
0592     if (usbip_recv_iso(ud, priv->urbs[0]) < 0)
0593         return;
0594
0595     /* urb is now ready to submit */
0596     for (i = 0; i < priv->num_urbs; i++) {
0597         ret = usb_submit_urb(priv->urbs[i], GFP_KERNEL);
0598
0599         if (ret == 0)
0600             usbip_dbg_stub_rx("submit urb ok, seqnum %u\n",
0601                     pdu->base.seqnum);
0602         else {
0603             dev_err(&udev->dev, "submit_urb error, %d\n", ret);
0604             usbip_dump_header(pdu);
0605             usbip_dump_urb(priv->urbs[i]);
0606
0607             /*
0608              * Pessimistic.
0609              * This connection will be discarded.
0610              */
0611             usbip_event_add(ud, SDEV_EVENT_ERROR_SUBMIT);
0612             break;
0613         }
0614     }
0615
0616     usbip_dbg_stub_rx("Leave\n");
0617     return;
0618
0619 err_urb:
0620     kfree(priv->urbs);
0621 err_urbs:
0622     kfree(buffer);
0623     sgl_free(sgl);
0624 err_malloc:
0625     usbip_event_add(ud, SDEV_EVENT_ERROR_MALLOC);
0626 }
0627
0628 /* recv a pdu */
0629 static void stub_rx_pdu(struct usbip_device *ud)
0630 {
0631     int ret;
0632     struct usbip_header pdu;
0633     struct stub_device *sdev = container_of(ud, struct stub_device, ud);
0634     struct device *dev = &sdev->udev->dev;
0635
0636     usbip_dbg_stub_rx("Enter\n");
0637
0638     memset(&pdu, 0, sizeof(pdu));
0639
0640     /* receive a pdu header */
0641     ret = usbip_recv(ud->tcp_socket, &pdu, sizeof(pdu));
0642     if (ret != sizeof(pdu)) {
0643         dev_err(dev, "recv a header, %d\n", ret);
0644         usbip_event_add(ud, SDEV_EVENT_ERROR_TCP);
0645         return;
0646     }
0647
0648     usbip_header_correct_endian(&pdu, 0);
0649
0650     if (usbip_dbg_flag_stub_rx)
0651         usbip_dump_header(&pdu);
0652
0653     if (!valid_request(sdev, &pdu)) {
0654         dev_err(dev, "recv invalid request\n");
0655         usbip_event_add(ud, SDEV_EVENT_ERROR_TCP);
0656         return;
0657     }
0658
0659     switch (pdu.base.command) {
0660     case USBIP_CMD_UNLINK:
0661         stub_recv_cmd_unlink(sdev, &pdu);
0662         break;
0663
0664     case USBIP_CMD_SUBMIT:
0665         stub_recv_cmd_submit(sdev, &pdu);
0666         break;
0667
0668     default:
0669         /* NOTREACHED */
0670         dev_err(dev, "unknown pdu\n");
0671         usbip_event_add(ud, SDEV_EVENT_ERROR_TCP);
0672         break;
0673     }
0674 }
0675
0676 int stub_rx_loop(void *data)
0677 {
0678     struct usbip_device *ud = data;
0679
0680     while (!kthread_should_stop()) {
0681         if (usbip_event_happened(ud))
0682             break;
0683
0684         stub_rx_pdu(ud);
0685     }
0686
0687     return 0;
0688 }