1/* 2 * Copyright (c) 2012 Smith Micro Software, Inc. 3 * Copyright (c) 2012 Bjørn Mork <bjorn@mork.no> 4 * 5 * This driver is based on and reuse most of cdc_ncm, which is 6 * Copyright (C) ST-Ericsson 2010-2012 7 * 8 * This program is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU General Public License 10 * version 2 as published by the Free Software Foundation. 11 */ 12 13#include <linux/module.h> 14#include <linux/netdevice.h> 15#include <linux/ethtool.h> 16#include <linux/if_vlan.h> 17#include <linux/ip.h> 18#include <linux/mii.h> 19#include <linux/usb.h> 20#include <linux/usb/cdc.h> 21#include <linux/usb/usbnet.h> 22#include <linux/usb/cdc-wdm.h> 23#include <linux/usb/cdc_ncm.h> 24#include <net/ipv6.h> 25#include <net/addrconf.h> 26 27/* alternative VLAN for IP session 0 if not untagged */ 28#define MBIM_IPS0_VID 4094 29 30/* driver specific data - must match cdc_ncm usage */ 31struct cdc_mbim_state { 32 struct cdc_ncm_ctx *ctx; 33 atomic_t pmcount; 34 struct usb_driver *subdriver; 35 unsigned long _unused; 36 unsigned long flags; 37}; 38 39/* flags for the cdc_mbim_state.flags field */ 40enum cdc_mbim_flags { 41 FLAG_IPS0_VLAN = 1 << 0, /* IP session 0 is tagged */ 42}; 43 44/* using a counter to merge subdriver requests with our own into a combined state */ 45static int cdc_mbim_manage_power(struct usbnet *dev, int on) 46{ 47 struct cdc_mbim_state *info = (void *)&dev->data; 48 int rv = 0; 49 50 dev_dbg(&dev->intf->dev, "%s() pmcount=%d, on=%d\n", __func__, atomic_read(&info->pmcount), on); 51 52 if ((on && atomic_add_return(1, &info->pmcount) == 1) || (!on && atomic_dec_and_test(&info->pmcount))) { 53 /* need autopm_get/put here to ensure the usbcore sees the new value */ 54 rv = usb_autopm_get_interface(dev->intf); 55 dev->intf->needs_remote_wakeup = on; 56 if (!rv) 57 usb_autopm_put_interface(dev->intf); 58 } 59 return 0; 60} 61 62static int cdc_mbim_wdm_manage_power(struct usb_interface *intf, int status) 63{ 64 struct usbnet *dev = usb_get_intfdata(intf); 65 66 /* can be called while disconnecting */ 67 if (!dev) 68 return 0; 69 70 return cdc_mbim_manage_power(dev, status); 71} 72 73static int cdc_mbim_rx_add_vid(struct net_device *netdev, __be16 proto, u16 vid) 74{ 75 struct usbnet *dev = netdev_priv(netdev); 76 struct cdc_mbim_state *info = (void *)&dev->data; 77 78 /* creation of this VLAN is a request to tag IP session 0 */ 79 if (vid == MBIM_IPS0_VID) 80 info->flags |= FLAG_IPS0_VLAN; 81 else 82 if (vid >= 512) /* we don't map these to MBIM session */ 83 return -EINVAL; 84 return 0; 85} 86 87static int cdc_mbim_rx_kill_vid(struct net_device *netdev, __be16 proto, u16 vid) 88{ 89 struct usbnet *dev = netdev_priv(netdev); 90 struct cdc_mbim_state *info = (void *)&dev->data; 91 92 /* this is a request for an untagged IP session 0 */ 93 if (vid == MBIM_IPS0_VID) 94 info->flags &= ~FLAG_IPS0_VLAN; 95 return 0; 96} 97 98static const struct net_device_ops cdc_mbim_netdev_ops = { 99 .ndo_open = usbnet_open, 100 .ndo_stop = usbnet_stop, 101 .ndo_start_xmit = usbnet_start_xmit, 102 .ndo_tx_timeout = usbnet_tx_timeout, 103 .ndo_change_mtu = usbnet_change_mtu, 104 .ndo_set_mac_address = eth_mac_addr, 105 .ndo_validate_addr = eth_validate_addr, 106 .ndo_vlan_rx_add_vid = cdc_mbim_rx_add_vid, 107 .ndo_vlan_rx_kill_vid = cdc_mbim_rx_kill_vid, 108}; 109 110/* Change the control interface altsetting and update the .driver_info 111 * pointer if the matching entry after changing class codes points to 112 * a different struct 113 */ 114static int cdc_mbim_set_ctrlalt(struct usbnet *dev, struct usb_interface *intf, u8 alt) 115{ 116 struct usb_driver *driver = to_usb_driver(intf->dev.driver); 117 const struct usb_device_id *id; 118 struct driver_info *info; 119 int ret; 120 121 ret = usb_set_interface(dev->udev, 122 intf->cur_altsetting->desc.bInterfaceNumber, 123 alt); 124 if (ret) 125 return ret; 126 127 id = usb_match_id(intf, driver->id_table); 128 if (!id) 129 return -ENODEV; 130 131 info = (struct driver_info *)id->driver_info; 132 if (info != dev->driver_info) { 133 dev_dbg(&intf->dev, "driver_info updated to '%s'\n", 134 info->description); 135 dev->driver_info = info; 136 } 137 return 0; 138} 139 140static int cdc_mbim_bind(struct usbnet *dev, struct usb_interface *intf) 141{ 142 struct cdc_ncm_ctx *ctx; 143 struct usb_driver *subdriver = ERR_PTR(-ENODEV); 144 int ret = -ENODEV; 145 u8 data_altsetting = 1; 146 struct cdc_mbim_state *info = (void *)&dev->data; 147 148 /* should we change control altsetting on a NCM/MBIM function? */ 149 if (cdc_ncm_select_altsetting(intf) == CDC_NCM_COMM_ALTSETTING_MBIM) { 150 data_altsetting = CDC_NCM_DATA_ALTSETTING_MBIM; 151 ret = cdc_mbim_set_ctrlalt(dev, intf, CDC_NCM_COMM_ALTSETTING_MBIM); 152 if (ret) 153 goto err; 154 ret = -ENODEV; 155 } 156 157 /* we will hit this for NCM/MBIM functions if prefer_mbim is false */ 158 if (!cdc_ncm_comm_intf_is_mbim(intf->cur_altsetting)) 159 goto err; 160 161 ret = cdc_ncm_bind_common(dev, intf, data_altsetting); 162 if (ret) 163 goto err; 164 165 ctx = info->ctx; 166 167 /* The MBIM descriptor and the status endpoint are required */ 168 if (ctx->mbim_desc && dev->status) 169 subdriver = usb_cdc_wdm_register(ctx->control, 170 &dev->status->desc, 171 le16_to_cpu(ctx->mbim_desc->wMaxControlMessage), 172 cdc_mbim_wdm_manage_power); 173 if (IS_ERR(subdriver)) { 174 ret = PTR_ERR(subdriver); 175 cdc_ncm_unbind(dev, intf); 176 goto err; 177 } 178 179 /* can't let usbnet use the interrupt endpoint */ 180 dev->status = NULL; 181 info->subdriver = subdriver; 182 183 /* MBIM cannot do ARP */ 184 dev->net->flags |= IFF_NOARP; 185 186 /* no need to put the VLAN tci in the packet headers */ 187 dev->net->features |= NETIF_F_HW_VLAN_CTAG_TX | NETIF_F_HW_VLAN_CTAG_FILTER; 188 189 /* monitor VLAN additions and removals */ 190 dev->net->netdev_ops = &cdc_mbim_netdev_ops; 191err: 192 return ret; 193} 194 195static void cdc_mbim_unbind(struct usbnet *dev, struct usb_interface *intf) 196{ 197 struct cdc_mbim_state *info = (void *)&dev->data; 198 struct cdc_ncm_ctx *ctx = info->ctx; 199 200 /* disconnect subdriver from control interface */ 201 if (info->subdriver && info->subdriver->disconnect) 202 info->subdriver->disconnect(ctx->control); 203 info->subdriver = NULL; 204 205 /* let NCM unbind clean up both control and data interface */ 206 cdc_ncm_unbind(dev, intf); 207} 208 209/* verify that the ethernet protocol is IPv4 or IPv6 */ 210static bool is_ip_proto(__be16 proto) 211{ 212 switch (proto) { 213 case htons(ETH_P_IP): 214 case htons(ETH_P_IPV6): 215 return true; 216 } 217 return false; 218} 219 220static struct sk_buff *cdc_mbim_tx_fixup(struct usbnet *dev, struct sk_buff *skb, gfp_t flags) 221{ 222 struct sk_buff *skb_out; 223 struct cdc_mbim_state *info = (void *)&dev->data; 224 struct cdc_ncm_ctx *ctx = info->ctx; 225 __le32 sign = cpu_to_le32(USB_CDC_MBIM_NDP16_IPS_SIGN); 226 u16 tci = 0; 227 bool is_ip; 228 u8 *c; 229 230 if (!ctx) 231 goto error; 232 233 if (skb) { 234 if (skb->len <= ETH_HLEN) 235 goto error; 236 237 /* Some applications using e.g. packet sockets will 238 * bypass the VLAN acceleration and create tagged 239 * ethernet frames directly. We primarily look for 240 * the accelerated out-of-band tag, but fall back if 241 * required 242 */ 243 skb_reset_mac_header(skb); 244 if (vlan_get_tag(skb, &tci) < 0 && skb->len > VLAN_ETH_HLEN && 245 __vlan_get_tag(skb, &tci) == 0) { 246 is_ip = is_ip_proto(vlan_eth_hdr(skb)->h_vlan_encapsulated_proto); 247 skb_pull(skb, VLAN_ETH_HLEN); 248 } else { 249 is_ip = is_ip_proto(eth_hdr(skb)->h_proto); 250 skb_pull(skb, ETH_HLEN); 251 } 252 253 /* Is IP session <0> tagged too? */ 254 if (info->flags & FLAG_IPS0_VLAN) { 255 /* drop all untagged packets */ 256 if (!tci) 257 goto error; 258 /* map MBIM_IPS0_VID to IPS<0> */ 259 if (tci == MBIM_IPS0_VID) 260 tci = 0; 261 } 262 263 /* mapping VLANs to MBIM sessions: 264 * no tag => IPS session <0> if !FLAG_IPS0_VLAN 265 * 1 - 255 => IPS session <vlanid> 266 * 256 - 511 => DSS session <vlanid - 256> 267 * 512 - 4093 => unsupported, drop 268 * 4094 => IPS session <0> if FLAG_IPS0_VLAN 269 */ 270 271 switch (tci & 0x0f00) { 272 case 0x0000: /* VLAN ID 0 - 255 */ 273 if (!is_ip) 274 goto error; 275 c = (u8 *)&sign; 276 c[3] = tci; 277 break; 278 case 0x0100: /* VLAN ID 256 - 511 */ 279 if (is_ip) 280 goto error; 281 sign = cpu_to_le32(USB_CDC_MBIM_NDP16_DSS_SIGN); 282 c = (u8 *)&sign; 283 c[3] = tci; 284 break; 285 default: 286 netif_err(dev, tx_err, dev->net, 287 "unsupported tci=0x%04x\n", tci); 288 goto error; 289 } 290 } 291 292 spin_lock_bh(&ctx->mtx); 293 skb_out = cdc_ncm_fill_tx_frame(dev, skb, sign); 294 spin_unlock_bh(&ctx->mtx); 295 return skb_out; 296 297error: 298 if (skb) 299 dev_kfree_skb_any(skb); 300 301 return NULL; 302} 303 304/* Some devices are known to send Neigbor Solicitation messages and 305 * require Neigbor Advertisement replies. The IPv6 core will not 306 * respond since IFF_NOARP is set, so we must handle them ourselves. 307 */ 308static void do_neigh_solicit(struct usbnet *dev, u8 *buf, u16 tci) 309{ 310 struct ipv6hdr *iph = (void *)buf; 311 struct nd_msg *msg = (void *)(iph + 1); 312 struct net_device *netdev; 313 struct inet6_dev *in6_dev; 314 bool is_router; 315 316 /* we'll only respond to requests from unicast addresses to 317 * our solicited node addresses. 318 */ 319 if (!ipv6_addr_is_solict_mult(&iph->daddr) || 320 !(ipv6_addr_type(&iph->saddr) & IPV6_ADDR_UNICAST)) 321 return; 322 323 /* need to send the NA on the VLAN dev, if any */ 324 rcu_read_lock(); 325 if (tci) { 326 netdev = __vlan_find_dev_deep_rcu(dev->net, htons(ETH_P_8021Q), 327 tci); 328 if (!netdev) { 329 rcu_read_unlock(); 330 return; 331 } 332 } else { 333 netdev = dev->net; 334 } 335 dev_hold(netdev); 336 rcu_read_unlock(); 337 338 in6_dev = in6_dev_get(netdev); 339 if (!in6_dev) 340 goto out; 341 is_router = !!in6_dev->cnf.forwarding; 342 in6_dev_put(in6_dev); 343 344 /* ipv6_stub != NULL if in6_dev_get returned an inet6_dev */ 345 ipv6_stub->ndisc_send_na(netdev, NULL, &iph->saddr, &msg->target, 346 is_router /* router */, 347 true /* solicited */, 348 false /* override */, 349 true /* inc_opt */); 350out: 351 dev_put(netdev); 352} 353 354static bool is_neigh_solicit(u8 *buf, size_t len) 355{ 356 struct ipv6hdr *iph = (void *)buf; 357 struct nd_msg *msg = (void *)(iph + 1); 358 359 return (len >= sizeof(struct ipv6hdr) + sizeof(struct nd_msg) && 360 iph->nexthdr == IPPROTO_ICMPV6 && 361 msg->icmph.icmp6_code == 0 && 362 msg->icmph.icmp6_type == NDISC_NEIGHBOUR_SOLICITATION); 363} 364 365 366static struct sk_buff *cdc_mbim_process_dgram(struct usbnet *dev, u8 *buf, size_t len, u16 tci) 367{ 368 __be16 proto = htons(ETH_P_802_3); 369 struct sk_buff *skb = NULL; 370 371 if (tci < 256 || tci == MBIM_IPS0_VID) { /* IPS session? */ 372 if (len < sizeof(struct iphdr)) 373 goto err; 374 375 switch (*buf & 0xf0) { 376 case 0x40: 377 proto = htons(ETH_P_IP); 378 break; 379 case 0x60: 380 if (is_neigh_solicit(buf, len)) 381 do_neigh_solicit(dev, buf, tci); 382 proto = htons(ETH_P_IPV6); 383 break; 384 default: 385 goto err; 386 } 387 } 388 389 skb = netdev_alloc_skb_ip_align(dev->net, len + ETH_HLEN); 390 if (!skb) 391 goto err; 392 393 /* add an ethernet header */ 394 skb_put(skb, ETH_HLEN); 395 skb_reset_mac_header(skb); 396 eth_hdr(skb)->h_proto = proto; 397 memset(eth_hdr(skb)->h_source, 0, ETH_ALEN); 398 memcpy(eth_hdr(skb)->h_dest, dev->net->dev_addr, ETH_ALEN); 399 400 /* add datagram */ 401 memcpy(skb_put(skb, len), buf, len); 402 403 /* map MBIM session to VLAN */ 404 if (tci) 405 vlan_put_tag(skb, htons(ETH_P_8021Q), tci); 406err: 407 return skb; 408} 409 410static int cdc_mbim_rx_fixup(struct usbnet *dev, struct sk_buff *skb_in) 411{ 412 struct sk_buff *skb; 413 struct cdc_mbim_state *info = (void *)&dev->data; 414 struct cdc_ncm_ctx *ctx = info->ctx; 415 int len; 416 int nframes; 417 int x; 418 int offset; 419 struct usb_cdc_ncm_ndp16 *ndp16; 420 struct usb_cdc_ncm_dpe16 *dpe16; 421 int ndpoffset; 422 int loopcount = 50; /* arbitrary max preventing infinite loop */ 423 u32 payload = 0; 424 u8 *c; 425 u16 tci; 426 427 ndpoffset = cdc_ncm_rx_verify_nth16(ctx, skb_in); 428 if (ndpoffset < 0) 429 goto error; 430 431next_ndp: 432 nframes = cdc_ncm_rx_verify_ndp16(skb_in, ndpoffset); 433 if (nframes < 0) 434 goto error; 435 436 ndp16 = (struct usb_cdc_ncm_ndp16 *)(skb_in->data + ndpoffset); 437 438 switch (ndp16->dwSignature & cpu_to_le32(0x00ffffff)) { 439 case cpu_to_le32(USB_CDC_MBIM_NDP16_IPS_SIGN): 440 c = (u8 *)&ndp16->dwSignature; 441 tci = c[3]; 442 /* tag IPS<0> packets too if MBIM_IPS0_VID exists */ 443 if (!tci && info->flags & FLAG_IPS0_VLAN) 444 tci = MBIM_IPS0_VID; 445 break; 446 case cpu_to_le32(USB_CDC_MBIM_NDP16_DSS_SIGN): 447 c = (u8 *)&ndp16->dwSignature; 448 tci = c[3] + 256; 449 break; 450 default: 451 netif_dbg(dev, rx_err, dev->net, 452 "unsupported NDP signature <0x%08x>\n", 453 le32_to_cpu(ndp16->dwSignature)); 454 goto err_ndp; 455 456 } 457 458 dpe16 = ndp16->dpe16; 459 for (x = 0; x < nframes; x++, dpe16++) { 460 offset = le16_to_cpu(dpe16->wDatagramIndex); 461 len = le16_to_cpu(dpe16->wDatagramLength); 462 463 /* 464 * CDC NCM ch. 3.7 465 * All entries after first NULL entry are to be ignored 466 */ 467 if ((offset == 0) || (len == 0)) { 468 if (!x) 469 goto err_ndp; /* empty NTB */ 470 break; 471 } 472 473 /* sanity checking */ 474 if (((offset + len) > skb_in->len) || (len > ctx->rx_max)) { 475 netif_dbg(dev, rx_err, dev->net, 476 "invalid frame detected (ignored) offset[%u]=%u, length=%u, skb=%p\n", 477 x, offset, len, skb_in); 478 if (!x) 479 goto err_ndp; 480 break; 481 } else { 482 skb = cdc_mbim_process_dgram(dev, skb_in->data + offset, len, tci); 483 if (!skb) 484 goto error; 485 usbnet_skb_return(dev, skb); 486 payload += len; /* count payload bytes in this NTB */ 487 } 488 } 489err_ndp: 490 /* are there more NDPs to process? */ 491 ndpoffset = le16_to_cpu(ndp16->wNextNdpIndex); 492 if (ndpoffset && loopcount--) 493 goto next_ndp; 494 495 /* update stats */ 496 ctx->rx_overhead += skb_in->len - payload; 497 ctx->rx_ntbs++; 498 499 return 1; 500error: 501 return 0; 502} 503 504static int cdc_mbim_suspend(struct usb_interface *intf, pm_message_t message) 505{ 506 int ret = -ENODEV; 507 struct usbnet *dev = usb_get_intfdata(intf); 508 struct cdc_mbim_state *info = (void *)&dev->data; 509 struct cdc_ncm_ctx *ctx = info->ctx; 510 511 if (!ctx) 512 goto error; 513 514 /* 515 * Both usbnet_suspend() and subdriver->suspend() MUST return 0 516 * in system sleep context, otherwise, the resume callback has 517 * to recover device from previous suspend failure. 518 */ 519 ret = usbnet_suspend(intf, message); 520 if (ret < 0) 521 goto error; 522 523 if (intf == ctx->control && info->subdriver && info->subdriver->suspend) 524 ret = info->subdriver->suspend(intf, message); 525 if (ret < 0) 526 usbnet_resume(intf); 527 528error: 529 return ret; 530} 531 532static int cdc_mbim_resume(struct usb_interface *intf) 533{ 534 int ret = 0; 535 struct usbnet *dev = usb_get_intfdata(intf); 536 struct cdc_mbim_state *info = (void *)&dev->data; 537 struct cdc_ncm_ctx *ctx = info->ctx; 538 bool callsub = (intf == ctx->control && info->subdriver && info->subdriver->resume); 539 540 if (callsub) 541 ret = info->subdriver->resume(intf); 542 if (ret < 0) 543 goto err; 544 ret = usbnet_resume(intf); 545 if (ret < 0 && callsub) 546 info->subdriver->suspend(intf, PMSG_SUSPEND); 547err: 548 return ret; 549} 550 551static const struct driver_info cdc_mbim_info = { 552 .description = "CDC MBIM", 553 .flags = FLAG_NO_SETINT | FLAG_MULTI_PACKET | FLAG_WWAN, 554 .bind = cdc_mbim_bind, 555 .unbind = cdc_mbim_unbind, 556 .manage_power = cdc_mbim_manage_power, 557 .rx_fixup = cdc_mbim_rx_fixup, 558 .tx_fixup = cdc_mbim_tx_fixup, 559}; 560 561/* MBIM and NCM devices should not need a ZLP after NTBs with 562 * dwNtbOutMaxSize length. Nevertheless, a number of devices from 563 * different vendor IDs will fail unless we send ZLPs, forcing us 564 * to make this the default. 565 * 566 * This default may cause a performance penalty for spec conforming 567 * devices wanting to take advantage of optimizations possible without 568 * ZLPs. A whitelist is added in an attempt to avoid this for devices 569 * known to conform to the MBIM specification. 570 * 571 * All known devices supporting NCM compatibility mode are also 572 * conforming to the NCM and MBIM specifications. For this reason, the 573 * NCM subclass entry is also in the ZLP whitelist. 574 */ 575static const struct driver_info cdc_mbim_info_zlp = { 576 .description = "CDC MBIM", 577 .flags = FLAG_NO_SETINT | FLAG_MULTI_PACKET | FLAG_WWAN | FLAG_SEND_ZLP, 578 .bind = cdc_mbim_bind, 579 .unbind = cdc_mbim_unbind, 580 .manage_power = cdc_mbim_manage_power, 581 .rx_fixup = cdc_mbim_rx_fixup, 582 .tx_fixup = cdc_mbim_tx_fixup, 583}; 584 585static const struct usb_device_id mbim_devs[] = { 586 /* This duplicate NCM entry is intentional. MBIM devices can 587 * be disguised as NCM by default, and this is necessary to 588 * allow us to bind the correct driver_info to such devices. 589 * 590 * bind() will sort out this for us, selecting the correct 591 * entry and reject the other 592 */ 593 { USB_INTERFACE_INFO(USB_CLASS_COMM, USB_CDC_SUBCLASS_NCM, USB_CDC_PROTO_NONE), 594 .driver_info = (unsigned long)&cdc_mbim_info, 595 }, 596 /* ZLP conformance whitelist: All Ericsson MBIM devices */ 597 { USB_VENDOR_AND_INTERFACE_INFO(0x0bdb, USB_CLASS_COMM, USB_CDC_SUBCLASS_MBIM, USB_CDC_PROTO_NONE), 598 .driver_info = (unsigned long)&cdc_mbim_info, 599 }, 600 /* default entry */ 601 { USB_INTERFACE_INFO(USB_CLASS_COMM, USB_CDC_SUBCLASS_MBIM, USB_CDC_PROTO_NONE), 602 .driver_info = (unsigned long)&cdc_mbim_info_zlp, 603 }, 604 { 605 }, 606}; 607MODULE_DEVICE_TABLE(usb, mbim_devs); 608 609static struct usb_driver cdc_mbim_driver = { 610 .name = "cdc_mbim", 611 .id_table = mbim_devs, 612 .probe = usbnet_probe, 613 .disconnect = usbnet_disconnect, 614 .suspend = cdc_mbim_suspend, 615 .resume = cdc_mbim_resume, 616 .reset_resume = cdc_mbim_resume, 617 .supports_autosuspend = 1, 618 .disable_hub_initiated_lpm = 1, 619}; 620module_usb_driver(cdc_mbim_driver); 621 622MODULE_AUTHOR("Greg Suarez <gsuarez@smithmicro.com>"); 623MODULE_AUTHOR("Bjørn Mork <bjorn@mork.no>"); 624MODULE_DESCRIPTION("USB CDC MBIM host driver"); 625MODULE_LICENSE("GPL"); 626