1/* 2 * f_rndis.c -- RNDIS link function driver 3 * 4 * Copyright (C) 2003-2005,2008 David Brownell 5 * Copyright (C) 2003-2004 Robert Schwebel, Benedikt Spranger 6 * Copyright (C) 2008 Nokia Corporation 7 * Copyright (C) 2009 Samsung Electronics 8 * Author: Michal Nazarewicz (mina86@mina86.com) 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License as published by 12 * the Free Software Foundation; either version 2 of the License, or 13 * (at your option) any later version. 14 */ 15 16/* #define VERBOSE_DEBUG */ 17 18#include <linux/slab.h> 19#include <linux/kernel.h> 20#include <linux/module.h> 21#include <linux/device.h> 22#include <linux/etherdevice.h> 23 24#include <linux/atomic.h> 25 26#include "u_ether.h" 27#include "u_ether_configfs.h" 28#include "u_rndis.h" 29#include "rndis.h" 30#include "configfs.h" 31 32/* 33 * This function is an RNDIS Ethernet port -- a Microsoft protocol that's 34 * been promoted instead of the standard CDC Ethernet. The published RNDIS 35 * spec is ambiguous, incomplete, and needlessly complex. Variants such as 36 * ActiveSync have even worse status in terms of specification. 37 * 38 * In short: it's a protocol controlled by (and for) Microsoft, not for an 39 * Open ecosystem or markets. Linux supports it *only* because Microsoft 40 * doesn't support the CDC Ethernet standard. 41 * 42 * The RNDIS data transfer model is complex, with multiple Ethernet packets 43 * per USB message, and out of band data. The control model is built around 44 * what's essentially an "RNDIS RPC" protocol. It's all wrapped in a CDC ACM 45 * (modem, not Ethernet) veneer, with those ACM descriptors being entirely 46 * useless (they're ignored). RNDIS expects to be the only function in its 47 * configuration, so it's no real help if you need composite devices; and 48 * it expects to be the first configuration too. 49 * 50 * There is a single technical advantage of RNDIS over CDC Ethernet, if you 51 * discount the fluff that its RPC can be made to deliver: it doesn't need 52 * a NOP altsetting for the data interface. That lets it work on some of the 53 * "so smart it's stupid" hardware which takes over configuration changes 54 * from the software, and adds restrictions like "no altsettings". 55 * 56 * Unfortunately MSFT's RNDIS drivers are buggy. They hang or oops, and 57 * have all sorts of contrary-to-specification oddities that can prevent 58 * them from working sanely. Since bugfixes (or accurate specs, letting 59 * Linux work around those bugs) are unlikely to ever come from MSFT, you 60 * may want to avoid using RNDIS on purely operational grounds. 61 * 62 * Omissions from the RNDIS 1.0 specification include: 63 * 64 * - Power management ... references data that's scattered around lots 65 * of other documentation, which is incorrect/incomplete there too. 66 * 67 * - There are various undocumented protocol requirements, like the need 68 * to send garbage in some control-OUT messages. 69 * 70 * - MS-Windows drivers sometimes emit undocumented requests. 71 */ 72 73static unsigned int rndis_dl_max_pkt_per_xfer = 3; 74module_param(rndis_dl_max_pkt_per_xfer, uint, S_IRUGO | S_IWUSR); 75MODULE_PARM_DESC(rndis_dl_max_pkt_per_xfer, 76 "Maximum packets per transfer for DL aggregation"); 77 78static unsigned int rndis_ul_max_pkt_per_xfer = 3; 79module_param(rndis_ul_max_pkt_per_xfer, uint, S_IRUGO | S_IWUSR); 80MODULE_PARM_DESC(rndis_ul_max_pkt_per_xfer, 81 "Maximum packets per transfer for UL aggregation"); 82 83struct f_rndis { 84 struct gether port; 85 u8 ctrl_id, data_id; 86 u8 ethaddr[ETH_ALEN]; 87 u32 vendorID; 88 const char *manufacturer; 89 int config; 90 91 struct usb_ep *notify; 92 struct usb_request *notify_req; 93 atomic_t notify_count; 94}; 95 96static inline struct f_rndis *func_to_rndis(struct usb_function *f) 97{ 98 return container_of(f, struct f_rndis, port.func); 99} 100 101/* peak (theoretical) bulk transfer rate in bits-per-second */ 102static unsigned int bitrate(struct usb_gadget *g) 103{ 104 if (gadget_is_superspeed(g) && g->speed == USB_SPEED_SUPER) 105 return 13 * 1024 * 8 * 1000 * 8; 106 else if (gadget_is_dualspeed(g) && g->speed == USB_SPEED_HIGH) 107 return 13 * 512 * 8 * 1000 * 8; 108 else 109 return 19 * 64 * 1 * 1000 * 8; 110} 111 112/*-------------------------------------------------------------------------*/ 113 114/* 115 */ 116 117#define RNDIS_STATUS_INTERVAL_MS 32 118#define STATUS_BYTECOUNT 8 /* 8 bytes data */ 119 120 121/* interface descriptor: */ 122 123static struct usb_interface_descriptor rndis_control_intf = { 124 .bLength = sizeof rndis_control_intf, 125 .bDescriptorType = USB_DT_INTERFACE, 126 127 /* .bInterfaceNumber = DYNAMIC */ 128 /* status endpoint is optional; this could be patched later */ 129 .bNumEndpoints = 1, 130 .bInterfaceClass = USB_CLASS_COMM, 131 .bInterfaceSubClass = USB_CDC_SUBCLASS_ACM, 132 .bInterfaceProtocol = USB_CDC_ACM_PROTO_VENDOR, 133 /* .iInterface = DYNAMIC */ 134}; 135 136static struct usb_cdc_header_desc header_desc = { 137 .bLength = sizeof header_desc, 138 .bDescriptorType = USB_DT_CS_INTERFACE, 139 .bDescriptorSubType = USB_CDC_HEADER_TYPE, 140 141 .bcdCDC = cpu_to_le16(0x0110), 142}; 143 144static struct usb_cdc_call_mgmt_descriptor call_mgmt_descriptor = { 145 .bLength = sizeof call_mgmt_descriptor, 146 .bDescriptorType = USB_DT_CS_INTERFACE, 147 .bDescriptorSubType = USB_CDC_CALL_MANAGEMENT_TYPE, 148 149 .bmCapabilities = 0x00, 150 .bDataInterface = 0x01, 151}; 152 153static struct usb_cdc_acm_descriptor rndis_acm_descriptor = { 154 .bLength = sizeof rndis_acm_descriptor, 155 .bDescriptorType = USB_DT_CS_INTERFACE, 156 .bDescriptorSubType = USB_CDC_ACM_TYPE, 157 158 .bmCapabilities = 0x00, 159}; 160 161static struct usb_cdc_union_desc rndis_union_desc = { 162 .bLength = sizeof(rndis_union_desc), 163 .bDescriptorType = USB_DT_CS_INTERFACE, 164 .bDescriptorSubType = USB_CDC_UNION_TYPE, 165 /* .bMasterInterface0 = DYNAMIC */ 166 /* .bSlaveInterface0 = DYNAMIC */ 167}; 168 169/* the data interface has two bulk endpoints */ 170 171static struct usb_interface_descriptor rndis_data_intf = { 172 .bLength = sizeof rndis_data_intf, 173 .bDescriptorType = USB_DT_INTERFACE, 174 175 /* .bInterfaceNumber = DYNAMIC */ 176 .bNumEndpoints = 2, 177 .bInterfaceClass = USB_CLASS_CDC_DATA, 178 .bInterfaceSubClass = 0, 179 .bInterfaceProtocol = 0, 180 /* .iInterface = DYNAMIC */ 181}; 182 183 184static struct usb_interface_assoc_descriptor 185rndis_iad_descriptor = { 186 .bLength = sizeof rndis_iad_descriptor, 187 .bDescriptorType = USB_DT_INTERFACE_ASSOCIATION, 188 189 .bFirstInterface = 0, /* XXX, hardcoded */ 190 .bInterfaceCount = 2, // control + data 191 .bFunctionClass = USB_CLASS_COMM, 192 .bFunctionSubClass = USB_CDC_SUBCLASS_ETHERNET, 193 .bFunctionProtocol = USB_CDC_PROTO_NONE, 194 /* .iFunction = DYNAMIC */ 195}; 196 197/* full speed support: */ 198 199static struct usb_endpoint_descriptor fs_notify_desc = { 200 .bLength = USB_DT_ENDPOINT_SIZE, 201 .bDescriptorType = USB_DT_ENDPOINT, 202 203 .bEndpointAddress = USB_DIR_IN, 204 .bmAttributes = USB_ENDPOINT_XFER_INT, 205 .wMaxPacketSize = cpu_to_le16(STATUS_BYTECOUNT), 206 .bInterval = RNDIS_STATUS_INTERVAL_MS, 207}; 208 209static struct usb_endpoint_descriptor fs_in_desc = { 210 .bLength = USB_DT_ENDPOINT_SIZE, 211 .bDescriptorType = USB_DT_ENDPOINT, 212 213 .bEndpointAddress = USB_DIR_IN, 214 .bmAttributes = USB_ENDPOINT_XFER_BULK, 215}; 216 217static struct usb_endpoint_descriptor fs_out_desc = { 218 .bLength = USB_DT_ENDPOINT_SIZE, 219 .bDescriptorType = USB_DT_ENDPOINT, 220 221 .bEndpointAddress = USB_DIR_OUT, 222 .bmAttributes = USB_ENDPOINT_XFER_BULK, 223}; 224 225static struct usb_descriptor_header *eth_fs_function[] = { 226 (struct usb_descriptor_header *) &rndis_iad_descriptor, 227 228 /* control interface matches ACM, not Ethernet */ 229 (struct usb_descriptor_header *) &rndis_control_intf, 230 (struct usb_descriptor_header *) &header_desc, 231 (struct usb_descriptor_header *) &call_mgmt_descriptor, 232 (struct usb_descriptor_header *) &rndis_acm_descriptor, 233 (struct usb_descriptor_header *) &rndis_union_desc, 234 (struct usb_descriptor_header *) &fs_notify_desc, 235 236 /* data interface has no altsetting */ 237 (struct usb_descriptor_header *) &rndis_data_intf, 238 (struct usb_descriptor_header *) &fs_in_desc, 239 (struct usb_descriptor_header *) &fs_out_desc, 240 NULL, 241}; 242 243/* high speed support: */ 244 245static struct usb_endpoint_descriptor hs_notify_desc = { 246 .bLength = USB_DT_ENDPOINT_SIZE, 247 .bDescriptorType = USB_DT_ENDPOINT, 248 249 .bEndpointAddress = USB_DIR_IN, 250 .bmAttributes = USB_ENDPOINT_XFER_INT, 251 .wMaxPacketSize = cpu_to_le16(STATUS_BYTECOUNT), 252 .bInterval = USB_MS_TO_HS_INTERVAL(RNDIS_STATUS_INTERVAL_MS) 253}; 254 255static struct usb_endpoint_descriptor hs_in_desc = { 256 .bLength = USB_DT_ENDPOINT_SIZE, 257 .bDescriptorType = USB_DT_ENDPOINT, 258 259 .bEndpointAddress = USB_DIR_IN, 260 .bmAttributes = USB_ENDPOINT_XFER_BULK, 261 .wMaxPacketSize = cpu_to_le16(512), 262}; 263 264static struct usb_endpoint_descriptor hs_out_desc = { 265 .bLength = USB_DT_ENDPOINT_SIZE, 266 .bDescriptorType = USB_DT_ENDPOINT, 267 268 .bEndpointAddress = USB_DIR_OUT, 269 .bmAttributes = USB_ENDPOINT_XFER_BULK, 270 .wMaxPacketSize = cpu_to_le16(512), 271}; 272 273static struct usb_descriptor_header *eth_hs_function[] = { 274 (struct usb_descriptor_header *) &rndis_iad_descriptor, 275 276 /* control interface matches ACM, not Ethernet */ 277 (struct usb_descriptor_header *) &rndis_control_intf, 278 (struct usb_descriptor_header *) &header_desc, 279 (struct usb_descriptor_header *) &call_mgmt_descriptor, 280 (struct usb_descriptor_header *) &rndis_acm_descriptor, 281 (struct usb_descriptor_header *) &rndis_union_desc, 282 (struct usb_descriptor_header *) &hs_notify_desc, 283 284 /* data interface has no altsetting */ 285 (struct usb_descriptor_header *) &rndis_data_intf, 286 (struct usb_descriptor_header *) &hs_in_desc, 287 (struct usb_descriptor_header *) &hs_out_desc, 288 NULL, 289}; 290 291/* super speed support: */ 292 293static struct usb_endpoint_descriptor ss_notify_desc = { 294 .bLength = USB_DT_ENDPOINT_SIZE, 295 .bDescriptorType = USB_DT_ENDPOINT, 296 297 .bEndpointAddress = USB_DIR_IN, 298 .bmAttributes = USB_ENDPOINT_XFER_INT, 299 .wMaxPacketSize = cpu_to_le16(STATUS_BYTECOUNT), 300 .bInterval = USB_MS_TO_HS_INTERVAL(RNDIS_STATUS_INTERVAL_MS) 301}; 302 303static struct usb_ss_ep_comp_descriptor ss_intr_comp_desc = { 304 .bLength = sizeof ss_intr_comp_desc, 305 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 306 307 /* the following 3 values can be tweaked if necessary */ 308 /* .bMaxBurst = 0, */ 309 /* .bmAttributes = 0, */ 310 .wBytesPerInterval = cpu_to_le16(STATUS_BYTECOUNT), 311}; 312 313static struct usb_endpoint_descriptor ss_in_desc = { 314 .bLength = USB_DT_ENDPOINT_SIZE, 315 .bDescriptorType = USB_DT_ENDPOINT, 316 317 .bEndpointAddress = USB_DIR_IN, 318 .bmAttributes = USB_ENDPOINT_XFER_BULK, 319 .wMaxPacketSize = cpu_to_le16(1024), 320}; 321 322static struct usb_endpoint_descriptor ss_out_desc = { 323 .bLength = USB_DT_ENDPOINT_SIZE, 324 .bDescriptorType = USB_DT_ENDPOINT, 325 326 .bEndpointAddress = USB_DIR_OUT, 327 .bmAttributes = USB_ENDPOINT_XFER_BULK, 328 .wMaxPacketSize = cpu_to_le16(1024), 329}; 330 331static struct usb_ss_ep_comp_descriptor ss_bulk_comp_desc = { 332 .bLength = sizeof ss_bulk_comp_desc, 333 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 334 335 /* the following 2 values can be tweaked if necessary */ 336 /* .bMaxBurst = 0, */ 337 /* .bmAttributes = 0, */ 338}; 339 340static struct usb_descriptor_header *eth_ss_function[] = { 341 (struct usb_descriptor_header *) &rndis_iad_descriptor, 342 343 /* control interface matches ACM, not Ethernet */ 344 (struct usb_descriptor_header *) &rndis_control_intf, 345 (struct usb_descriptor_header *) &header_desc, 346 (struct usb_descriptor_header *) &call_mgmt_descriptor, 347 (struct usb_descriptor_header *) &rndis_acm_descriptor, 348 (struct usb_descriptor_header *) &rndis_union_desc, 349 (struct usb_descriptor_header *) &ss_notify_desc, 350 (struct usb_descriptor_header *) &ss_intr_comp_desc, 351 352 /* data interface has no altsetting */ 353 (struct usb_descriptor_header *) &rndis_data_intf, 354 (struct usb_descriptor_header *) &ss_in_desc, 355 (struct usb_descriptor_header *) &ss_bulk_comp_desc, 356 (struct usb_descriptor_header *) &ss_out_desc, 357 (struct usb_descriptor_header *) &ss_bulk_comp_desc, 358 NULL, 359}; 360 361/* string descriptors: */ 362 363static struct usb_string rndis_string_defs[] = { 364 [0].s = "RNDIS Communications Control", 365 [1].s = "RNDIS Ethernet Data", 366 [2].s = "RNDIS", 367 { } /* end of list */ 368}; 369 370static struct usb_gadget_strings rndis_string_table = { 371 .language = 0x0409, /* en-us */ 372 .strings = rndis_string_defs, 373}; 374 375static struct usb_gadget_strings *rndis_strings[] = { 376 &rndis_string_table, 377 NULL, 378}; 379 380/*-------------------------------------------------------------------------*/ 381 382static struct sk_buff *rndis_add_header(struct gether *port, 383 struct sk_buff *skb) 384{ 385 struct sk_buff *skb2; 386 387 skb2 = skb_realloc_headroom(skb, sizeof(struct rndis_packet_msg_type)); 388 if (skb2) 389 rndis_add_hdr(skb2); 390 391 dev_kfree_skb(skb); 392 return skb2; 393} 394 395static void rndis_response_available(void *_rndis) 396{ 397 struct f_rndis *rndis = _rndis; 398 struct usb_request *req = rndis->notify_req; 399 struct usb_composite_dev *cdev = rndis->port.func.config->cdev; 400 __le32 *data = req->buf; 401 int status; 402 403 if (atomic_inc_return(&rndis->notify_count) != 1) 404 return; 405 406 /* Send RNDIS RESPONSE_AVAILABLE notification; a 407 * USB_CDC_NOTIFY_RESPONSE_AVAILABLE "should" work too 408 * 409 * This is the only notification defined by RNDIS. 410 */ 411 data[0] = cpu_to_le32(1); 412 data[1] = cpu_to_le32(0); 413 414 status = usb_ep_queue(rndis->notify, req, GFP_ATOMIC); 415 if (status) { 416 atomic_dec(&rndis->notify_count); 417 DBG(cdev, "notify/0 --> %d\n", status); 418 } 419} 420 421static void rndis_response_complete(struct usb_ep *ep, struct usb_request *req) 422{ 423 struct f_rndis *rndis = req->context; 424 struct usb_composite_dev *cdev = rndis->port.func.config->cdev; 425 int status = req->status; 426 427 /* after TX: 428 * - USB_CDC_GET_ENCAPSULATED_RESPONSE (ep0/control) 429 * - RNDIS_RESPONSE_AVAILABLE (status/irq) 430 */ 431 switch (status) { 432 case -ECONNRESET: 433 case -ESHUTDOWN: 434 /* connection gone */ 435 atomic_set(&rndis->notify_count, 0); 436 break; 437 default: 438 DBG(cdev, "RNDIS %s response error %d, %d/%d\n", 439 ep->name, status, 440 req->actual, req->length); 441 /* FALLTHROUGH */ 442 case 0: 443 if (ep != rndis->notify) 444 break; 445 446 /* handle multiple pending RNDIS_RESPONSE_AVAILABLE 447 * notifications by resending until we're done 448 */ 449 if (atomic_dec_and_test(&rndis->notify_count)) 450 break; 451 status = usb_ep_queue(rndis->notify, req, GFP_ATOMIC); 452 if (status) { 453 atomic_dec(&rndis->notify_count); 454 DBG(cdev, "notify/1 --> %d\n", status); 455 } 456 break; 457 } 458} 459 460static void rndis_command_complete(struct usb_ep *ep, struct usb_request *req) 461{ 462 struct f_rndis *rndis = req->context; 463 int status; 464 rndis_init_msg_type *buf; 465 466 /* received RNDIS command from USB_CDC_SEND_ENCAPSULATED_COMMAND */ 467// spin_lock(&dev->lock); 468 status = rndis_msg_parser(rndis->config, (u8 *) req->buf); 469 if (status < 0) 470 pr_err("RNDIS command error %d, %d/%d\n", 471 status, req->actual, req->length); 472 473 buf = (rndis_init_msg_type *)req->buf; 474 475 if (buf->MessageType == RNDIS_MSG_INIT) { 476 if (buf->MaxTransferSize > 2048) 477 rndis->port.multi_pkt_xfer = 1; 478 else 479 rndis->port.multi_pkt_xfer = 0; 480 pr_info("%s: MaxTransferSize: %d : Multi_pkt_txr: %s\n", 481 __func__, buf->MaxTransferSize, 482 rndis->port.multi_pkt_xfer ? "enabled" : 483 "disabled"); 484 if (rndis_dl_max_pkt_per_xfer <= 1) 485 rndis->port.multi_pkt_xfer = 0; 486 } 487// spin_unlock(&dev->lock); 488} 489 490static int 491rndis_setup(struct usb_function *f, const struct usb_ctrlrequest *ctrl) 492{ 493 struct f_rndis *rndis = func_to_rndis(f); 494 struct usb_composite_dev *cdev = f->config->cdev; 495 struct usb_request *req = cdev->req; 496 int value = -EOPNOTSUPP; 497 u16 w_index = le16_to_cpu(ctrl->wIndex); 498 u16 w_value = le16_to_cpu(ctrl->wValue); 499 u16 w_length = le16_to_cpu(ctrl->wLength); 500 501 /* composite driver infrastructure handles everything except 502 * CDC class messages; interface activation uses set_alt(). 503 */ 504 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) { 505 506 /* RNDIS uses the CDC command encapsulation mechanism to implement 507 * an RPC scheme, with much getting/setting of attributes by OID. 508 */ 509 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 510 | USB_CDC_SEND_ENCAPSULATED_COMMAND: 511 if (w_value || w_index != rndis->ctrl_id) 512 goto invalid; 513 /* read the request; process it later */ 514 value = w_length; 515 req->complete = rndis_command_complete; 516 req->context = rndis; 517 /* later, rndis_response_available() sends a notification */ 518 break; 519 520 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 521 | USB_CDC_GET_ENCAPSULATED_RESPONSE: 522 if (w_value || w_index != rndis->ctrl_id) 523 goto invalid; 524 else { 525 u8 *buf; 526 u32 n; 527 528 /* return the result */ 529 buf = rndis_get_next_response(rndis->config, &n); 530 if (buf) { 531 memcpy(req->buf, buf, n); 532 req->complete = rndis_response_complete; 533 req->context = rndis; 534 rndis_free_response(rndis->config, buf); 535 value = n; 536 } 537 /* else stalls ... spec says to avoid that */ 538 } 539 break; 540 541 default: 542invalid: 543 VDBG(cdev, "invalid control req%02x.%02x v%04x i%04x l%d\n", 544 ctrl->bRequestType, ctrl->bRequest, 545 w_value, w_index, w_length); 546 } 547 548 /* respond with data transfer or status phase? */ 549 if (value >= 0) { 550 DBG(cdev, "rndis req%02x.%02x v%04x i%04x l%d\n", 551 ctrl->bRequestType, ctrl->bRequest, 552 w_value, w_index, w_length); 553 req->zero = (value < w_length); 554 req->length = value; 555 value = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC); 556 if (value < 0) 557 ERROR(cdev, "rndis response on err %d\n", value); 558 } 559 560 /* device either stalls (value < 0) or reports success */ 561 return value; 562} 563 564 565static int rndis_set_alt(struct usb_function *f, unsigned intf, unsigned alt) 566{ 567 struct f_rndis *rndis = func_to_rndis(f); 568 struct usb_composite_dev *cdev = f->config->cdev; 569 570 /* we know alt == 0 */ 571 572 if (intf == rndis->ctrl_id) { 573 if (rndis->notify->driver_data) { 574 VDBG(cdev, "reset rndis control %d\n", intf); 575 usb_ep_disable(rndis->notify); 576 } 577 if (!rndis->notify->desc) { 578 VDBG(cdev, "init rndis ctrl %d\n", intf); 579 if (config_ep_by_speed(cdev->gadget, f, rndis->notify)) 580 goto fail; 581 } 582 usb_ep_enable(rndis->notify); 583 rndis->notify->driver_data = rndis; 584 585 } else if (intf == rndis->data_id) { 586 struct net_device *net; 587 588 if (rndis->port.in_ep->driver_data) { 589 DBG(cdev, "reset rndis\n"); 590 gether_disconnect(&rndis->port); 591 } 592 593 if (!rndis->port.in_ep->desc || !rndis->port.out_ep->desc) { 594 DBG(cdev, "init rndis\n"); 595 if (config_ep_by_speed(cdev->gadget, f, 596 rndis->port.in_ep) || 597 config_ep_by_speed(cdev->gadget, f, 598 rndis->port.out_ep)) { 599 rndis->port.in_ep->desc = NULL; 600 rndis->port.out_ep->desc = NULL; 601 goto fail; 602 } 603 } 604 605 /* Avoid ZLPs; they can be troublesome. */ 606 rndis->port.is_zlp_ok = false; 607 608 /* RNDIS should be in the "RNDIS uninitialized" state, 609 * either never activated or after rndis_uninit(). 610 * 611 * We don't want data to flow here until a nonzero packet 612 * filter is set, at which point it enters "RNDIS data 613 * initialized" state ... but we do want the endpoints 614 * to be activated. It's a strange little state. 615 * 616 * REVISIT the RNDIS gadget code has done this wrong for a 617 * very long time. We need another call to the link layer 618 * code -- gether_updown(...bool) maybe -- to do it right. 619 */ 620 rndis->port.cdc_filter = 0; 621 622 DBG(cdev, "RNDIS RX/TX early activation ... \n"); 623 net = gether_connect(&rndis->port); 624 if (IS_ERR(net)) 625 return PTR_ERR(net); 626 627 rndis_set_param_dev(rndis->config, net, 628 &rndis->port.cdc_filter); 629 } else 630 goto fail; 631 632 return 0; 633fail: 634 return -EINVAL; 635} 636 637static void rndis_disable(struct usb_function *f) 638{ 639 struct f_rndis *rndis = func_to_rndis(f); 640 struct usb_composite_dev *cdev = f->config->cdev; 641 642 if (!rndis->notify->driver_data) 643 return; 644 645 DBG(cdev, "rndis deactivated\n"); 646 647 rndis_uninit(rndis->config); 648 gether_disconnect(&rndis->port); 649 650 usb_ep_disable(rndis->notify); 651 rndis->notify->driver_data = NULL; 652} 653 654/*-------------------------------------------------------------------------*/ 655 656/* 657 * This isn't quite the same mechanism as CDC Ethernet, since the 658 * notification scheme passes less data, but the same set of link 659 * states must be tested. A key difference is that altsettings are 660 * not used to tell whether the link should send packets or not. 661 */ 662 663static void rndis_open(struct gether *geth) 664{ 665 struct f_rndis *rndis = func_to_rndis(&geth->func); 666 struct usb_composite_dev *cdev = geth->func.config->cdev; 667 668 DBG(cdev, "%s\n", __func__); 669 670 rndis_set_param_medium(rndis->config, RNDIS_MEDIUM_802_3, 671 bitrate(cdev->gadget) / 100); 672 rndis_signal_connect(rndis->config); 673} 674 675static void rndis_close(struct gether *geth) 676{ 677 struct f_rndis *rndis = func_to_rndis(&geth->func); 678 679 DBG(geth->func.config->cdev, "%s\n", __func__); 680 681 rndis_set_param_medium(rndis->config, RNDIS_MEDIUM_802_3, 0); 682 rndis_signal_disconnect(rndis->config); 683} 684 685/*-------------------------------------------------------------------------*/ 686 687/* Some controllers can't support RNDIS ... */ 688static inline bool can_support_rndis(struct usb_configuration *c) 689{ 690 /* everything else is *presumably* fine */ 691 return true; 692} 693 694/* ethernet function driver setup/binding */ 695 696static int 697rndis_bind(struct usb_configuration *c, struct usb_function *f) 698{ 699 struct usb_composite_dev *cdev = c->cdev; 700 struct f_rndis *rndis = func_to_rndis(f); 701 struct usb_string *us; 702 int status; 703 struct usb_ep *ep; 704 705 struct f_rndis_opts *rndis_opts; 706 707 if (!can_support_rndis(c)) 708 return -EINVAL; 709 710 rndis_opts = container_of(f->fi, struct f_rndis_opts, func_inst); 711 712 if (cdev->use_os_string) { 713 f->os_desc_table = kzalloc(sizeof(*f->os_desc_table), 714 GFP_KERNEL); 715 if (!f->os_desc_table) 716 return -ENOMEM; 717 f->os_desc_n = 1; 718 f->os_desc_table[0].os_desc = &rndis_opts->rndis_os_desc; 719 } 720 721 /* 722 * in drivers/usb/gadget/configfs.c:configfs_composite_bind() 723 * configurations are bound in sequence with list_for_each_entry, 724 * in each configuration its functions are bound in sequence 725 * with list_for_each_entry, so we assume no race condition 726 * with regard to rndis_opts->bound access 727 */ 728 if (!rndis_opts->bound) { 729 gether_set_gadget(rndis_opts->net, cdev->gadget); 730 status = gether_register_netdev(rndis_opts->net); 731 if (status) 732 goto fail; 733 rndis_opts->bound = true; 734 } 735 736 us = usb_gstrings_attach(cdev, rndis_strings, 737 ARRAY_SIZE(rndis_string_defs)); 738 if (IS_ERR(us)) { 739 status = PTR_ERR(us); 740 goto fail; 741 } 742 rndis_control_intf.iInterface = us[0].id; 743 rndis_data_intf.iInterface = us[1].id; 744 rndis_iad_descriptor.iFunction = us[2].id; 745 746 /* allocate instance-specific interface IDs */ 747 status = usb_interface_id(c, f); 748 if (status < 0) 749 goto fail; 750 rndis->ctrl_id = status; 751 rndis_iad_descriptor.bFirstInterface = status; 752 753 rndis_control_intf.bInterfaceNumber = status; 754 rndis_union_desc.bMasterInterface0 = status; 755 756 if (cdev->use_os_string) 757 f->os_desc_table[0].if_id = 758 rndis_iad_descriptor.bFirstInterface; 759 760 status = usb_interface_id(c, f); 761 if (status < 0) 762 goto fail; 763 rndis->data_id = status; 764 765 rndis_data_intf.bInterfaceNumber = status; 766 rndis_union_desc.bSlaveInterface0 = status; 767 768 status = -ENODEV; 769 770 /* allocate instance-specific endpoints */ 771 ep = usb_ep_autoconfig(cdev->gadget, &fs_in_desc); 772 if (!ep) 773 goto fail; 774 rndis->port.in_ep = ep; 775 ep->driver_data = cdev; /* claim */ 776 777 ep = usb_ep_autoconfig(cdev->gadget, &fs_out_desc); 778 if (!ep) 779 goto fail; 780 rndis->port.out_ep = ep; 781 ep->driver_data = cdev; /* claim */ 782 783 /* NOTE: a status/notification endpoint is, strictly speaking, 784 * optional. We don't treat it that way though! It's simpler, 785 * and some newer profiles don't treat it as optional. 786 */ 787 ep = usb_ep_autoconfig(cdev->gadget, &fs_notify_desc); 788 if (!ep) 789 goto fail; 790 rndis->notify = ep; 791 ep->driver_data = cdev; /* claim */ 792 793 status = -ENOMEM; 794 795 /* allocate notification request and buffer */ 796 rndis->notify_req = usb_ep_alloc_request(ep, GFP_KERNEL); 797 if (!rndis->notify_req) 798 goto fail; 799 rndis->notify_req->buf = kmalloc(STATUS_BYTECOUNT, GFP_KERNEL); 800 if (!rndis->notify_req->buf) 801 goto fail; 802 rndis->notify_req->length = STATUS_BYTECOUNT; 803 rndis->notify_req->context = rndis; 804 rndis->notify_req->complete = rndis_response_complete; 805 806 /* support all relevant hardware speeds... we expect that when 807 * hardware is dual speed, all bulk-capable endpoints work at 808 * both speeds 809 */ 810 hs_in_desc.bEndpointAddress = fs_in_desc.bEndpointAddress; 811 hs_out_desc.bEndpointAddress = fs_out_desc.bEndpointAddress; 812 hs_notify_desc.bEndpointAddress = fs_notify_desc.bEndpointAddress; 813 814 ss_in_desc.bEndpointAddress = fs_in_desc.bEndpointAddress; 815 ss_out_desc.bEndpointAddress = fs_out_desc.bEndpointAddress; 816 ss_notify_desc.bEndpointAddress = fs_notify_desc.bEndpointAddress; 817 818 status = usb_assign_descriptors(f, eth_fs_function, eth_hs_function, 819 eth_ss_function); 820 if (status) 821 goto fail; 822 823 rndis->port.open = rndis_open; 824 rndis->port.close = rndis_close; 825 826 rndis_set_param_medium(rndis->config, RNDIS_MEDIUM_802_3, 0); 827 rndis_set_host_mac(rndis->config, rndis->ethaddr); 828 rndis_set_max_pkt_xfer(rndis->config, rndis_ul_max_pkt_per_xfer); 829 830 if (rndis->manufacturer && rndis->vendorID && 831 rndis_set_param_vendor(rndis->config, rndis->vendorID, 832 rndis->manufacturer)) { 833 status = -EINVAL; 834 goto fail_free_descs; 835 } 836 837 /* NOTE: all that is done without knowing or caring about 838 * the network link ... which is unavailable to this code 839 * until we're activated via set_alt(). 840 */ 841 842 DBG(cdev, "RNDIS: %s speed IN/%s OUT/%s NOTIFY/%s\n", 843 gadget_is_superspeed(c->cdev->gadget) ? "super" : 844 gadget_is_dualspeed(c->cdev->gadget) ? "dual" : "full", 845 rndis->port.in_ep->name, rndis->port.out_ep->name, 846 rndis->notify->name); 847 return 0; 848 849fail_free_descs: 850 usb_free_all_descriptors(f); 851fail: 852 kfree(f->os_desc_table); 853 f->os_desc_n = 0; 854 855 if (rndis->notify_req) { 856 kfree(rndis->notify_req->buf); 857 usb_ep_free_request(rndis->notify, rndis->notify_req); 858 } 859 860 /* we might as well release our claims on endpoints */ 861 if (rndis->notify) 862 rndis->notify->driver_data = NULL; 863 if (rndis->port.out_ep) 864 rndis->port.out_ep->driver_data = NULL; 865 if (rndis->port.in_ep) 866 rndis->port.in_ep->driver_data = NULL; 867 868 ERROR(cdev, "%s: can't bind, err %d\n", f->name, status); 869 870 return status; 871} 872 873void rndis_borrow_net(struct usb_function_instance *f, struct net_device *net) 874{ 875 struct f_rndis_opts *opts; 876 877 opts = container_of(f, struct f_rndis_opts, func_inst); 878 if (opts->bound) 879 gether_cleanup(netdev_priv(opts->net)); 880 else 881 free_netdev(opts->net); 882 opts->borrowed_net = opts->bound = true; 883 opts->net = net; 884} 885EXPORT_SYMBOL_GPL(rndis_borrow_net); 886 887static inline struct f_rndis_opts *to_f_rndis_opts(struct config_item *item) 888{ 889 return container_of(to_config_group(item), struct f_rndis_opts, 890 func_inst.group); 891} 892 893/* f_rndis_item_ops */ 894USB_ETHERNET_CONFIGFS_ITEM(rndis); 895 896/* f_rndis_opts_dev_addr */ 897USB_ETHERNET_CONFIGFS_ITEM_ATTR_DEV_ADDR(rndis); 898 899/* f_rndis_opts_host_addr */ 900USB_ETHERNET_CONFIGFS_ITEM_ATTR_HOST_ADDR(rndis); 901 902/* f_rndis_opts_qmult */ 903USB_ETHERNET_CONFIGFS_ITEM_ATTR_QMULT(rndis); 904 905/* f_rndis_opts_ifname */ 906USB_ETHERNET_CONFIGFS_ITEM_ATTR_IFNAME(rndis); 907 908static struct configfs_attribute *rndis_attrs[] = { 909 &f_rndis_opts_dev_addr.attr, 910 &f_rndis_opts_host_addr.attr, 911 &f_rndis_opts_qmult.attr, 912 &f_rndis_opts_ifname.attr, 913 NULL, 914}; 915 916static struct config_item_type rndis_func_type = { 917 .ct_item_ops = &rndis_item_ops, 918 .ct_attrs = rndis_attrs, 919 .ct_owner = THIS_MODULE, 920}; 921 922static void rndis_free_inst(struct usb_function_instance *f) 923{ 924 struct f_rndis_opts *opts; 925 926 opts = container_of(f, struct f_rndis_opts, func_inst); 927 if (!opts->borrowed_net) { 928 if (opts->bound) 929 gether_cleanup(netdev_priv(opts->net)); 930 else 931 free_netdev(opts->net); 932 } 933 934 kfree(opts->rndis_os_desc.group.default_groups); /* single VLA chunk */ 935 kfree(opts); 936} 937 938static struct usb_function_instance *rndis_alloc_inst(void) 939{ 940 struct f_rndis_opts *opts; 941 struct usb_os_desc *descs[1]; 942 char *names[1]; 943 944 opts = kzalloc(sizeof(*opts), GFP_KERNEL); 945 if (!opts) 946 return ERR_PTR(-ENOMEM); 947 opts->rndis_os_desc.ext_compat_id = opts->rndis_ext_compat_id; 948 949 mutex_init(&opts->lock); 950 opts->func_inst.free_func_inst = rndis_free_inst; 951 opts->net = gether_setup_default(); 952 if (IS_ERR(opts->net)) { 953 struct net_device *net = opts->net; 954 kfree(opts); 955 return ERR_CAST(net); 956 } 957 INIT_LIST_HEAD(&opts->rndis_os_desc.ext_prop); 958 959 descs[0] = &opts->rndis_os_desc; 960 names[0] = "rndis"; 961 usb_os_desc_prepare_interf_dir(&opts->func_inst.group, 1, descs, 962 names, THIS_MODULE); 963 config_group_init_type_name(&opts->func_inst.group, "", 964 &rndis_func_type); 965 966 return &opts->func_inst; 967} 968 969static void rndis_free(struct usb_function *f) 970{ 971 struct f_rndis *rndis; 972 struct f_rndis_opts *opts; 973 974 rndis = func_to_rndis(f); 975 rndis_deregister(rndis->config); 976 opts = container_of(f->fi, struct f_rndis_opts, func_inst); 977 kfree(rndis); 978 mutex_lock(&opts->lock); 979 opts->refcnt--; 980 mutex_unlock(&opts->lock); 981} 982 983static void rndis_unbind(struct usb_configuration *c, struct usb_function *f) 984{ 985 struct f_rndis *rndis = func_to_rndis(f); 986 987 kfree(f->os_desc_table); 988 f->os_desc_n = 0; 989 usb_free_all_descriptors(f); 990 991 kfree(rndis->notify_req->buf); 992 usb_ep_free_request(rndis->notify, rndis->notify_req); 993} 994 995static struct usb_function *rndis_alloc(struct usb_function_instance *fi) 996{ 997 struct f_rndis *rndis; 998 struct f_rndis_opts *opts; 999 int status; 1000 1001 /* allocate and initialize one new instance */ 1002 rndis = kzalloc(sizeof(*rndis), GFP_KERNEL); 1003 if (!rndis) 1004 return ERR_PTR(-ENOMEM); 1005 1006 opts = container_of(fi, struct f_rndis_opts, func_inst); 1007 mutex_lock(&opts->lock); 1008 opts->refcnt++; 1009 1010 gether_get_host_addr_u8(opts->net, rndis->ethaddr); 1011 rndis->vendorID = opts->vendor_id; 1012 rndis->manufacturer = opts->manufacturer; 1013 1014 rndis->port.ioport = netdev_priv(opts->net); 1015 mutex_unlock(&opts->lock); 1016 /* RNDIS activates when the host changes this filter */ 1017 rndis->port.cdc_filter = 0; 1018 1019 /* RNDIS has special (and complex) framing */ 1020 rndis->port.header_len = sizeof(struct rndis_packet_msg_type); 1021 rndis->port.wrap = rndis_add_header; 1022 rndis->port.unwrap = rndis_rm_hdr; 1023 rndis->port.ul_max_pkts_per_xfer = rndis_ul_max_pkt_per_xfer; 1024 rndis->port.dl_max_pkts_per_xfer = rndis_dl_max_pkt_per_xfer; 1025 1026 rndis->port.func.name = "rndis"; 1027 /* descriptors are per-instance copies */ 1028 rndis->port.func.bind = rndis_bind; 1029 rndis->port.func.unbind = rndis_unbind; 1030 rndis->port.func.set_alt = rndis_set_alt; 1031 rndis->port.func.setup = rndis_setup; 1032 rndis->port.func.disable = rndis_disable; 1033 rndis->port.func.free_func = rndis_free; 1034 1035 status = rndis_register(rndis_response_available, rndis); 1036 if (status < 0) { 1037 kfree(rndis); 1038 return ERR_PTR(status); 1039 } 1040 rndis->config = status; 1041 1042 return &rndis->port.func; 1043} 1044 1045DECLARE_USB_FUNCTION(rndis, rndis_alloc_inst, rndis_alloc); 1046 1047static int __init rndis_mod_init(void) 1048{ 1049 int ret; 1050 1051 ret = rndis_init(); 1052 if (ret) 1053 return ret; 1054 1055 return usb_function_register(&rndisusb_func); 1056} 1057module_init(rndis_mod_init); 1058 1059static void __exit rndis_mod_exit(void) 1060{ 1061 usb_function_unregister(&rndisusb_func); 1062 rndis_exit(); 1063} 1064module_exit(rndis_mod_exit); 1065 1066MODULE_LICENSE("GPL"); 1067MODULE_AUTHOR("David Brownell"); 1068