1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * f_rndis.c -- RNDIS link function driver
4 *
5 * Copyright (C) 2003-2005,2008 David Brownell
6 * Copyright (C) 2003-2004 Robert Schwebel, Benedikt Spranger
7 * Copyright (C) 2008 Nokia Corporation
8 * Copyright (C) 2009 Samsung Electronics
9 * Author: Michal Nazarewicz (mina86@mina86.com)
10 */
11
12 /* #define VERBOSE_DEBUG */
13
14 #include <linux/cleanup.h>
15 #include <linux/slab.h>
16 #include <linux/kernel.h>
17 #include <linux/module.h>
18 #include <linux/device.h>
19 #include <linux/etherdevice.h>
20
21 #include <linux/atomic.h>
22
23 #include <linux/usb/gadget.h>
24
25 #include "u_ether.h"
26 #include "u_ether_configfs.h"
27 #include "u_rndis.h"
28 #include "rndis.h"
29 #include "configfs.h"
30
31 /*
32 * This function is an RNDIS Ethernet port -- a Microsoft protocol that's
33 * been promoted instead of the standard CDC Ethernet. The published RNDIS
34 * spec is ambiguous, incomplete, and needlessly complex. Variants such as
35 * ActiveSync have even worse status in terms of specification.
36 *
37 * In short: it's a protocol controlled by (and for) Microsoft, not for an
38 * Open ecosystem or markets. Linux supports it *only* because Microsoft
39 * doesn't support the CDC Ethernet standard.
40 *
41 * The RNDIS data transfer model is complex, with multiple Ethernet packets
42 * per USB message, and out of band data. The control model is built around
43 * what's essentially an "RNDIS RPC" protocol. It's all wrapped in a CDC ACM
44 * (modem, not Ethernet) veneer, with those ACM descriptors being entirely
45 * useless (they're ignored). RNDIS expects to be the only function in its
46 * configuration, so it's no real help if you need composite devices; and
47 * it expects to be the first configuration too.
48 *
49 * There is a single technical advantage of RNDIS over CDC Ethernet, if you
50 * discount the fluff that its RPC can be made to deliver: it doesn't need
51 * a NOP altsetting for the data interface. That lets it work on some of the
52 * "so smart it's stupid" hardware which takes over configuration changes
53 * from the software, and adds restrictions like "no altsettings".
54 *
55 * Unfortunately MSFT's RNDIS drivers are buggy. They hang or oops, and
56 * have all sorts of contrary-to-specification oddities that can prevent
57 * them from working sanely. Since bugfixes (or accurate specs, letting
58 * Linux work around those bugs) are unlikely to ever come from MSFT, you
59 * may want to avoid using RNDIS on purely operational grounds.
60 *
61 * Omissions from the RNDIS 1.0 specification include:
62 *
63 * - Power management ... references data that's scattered around lots
64 * of other documentation, which is incorrect/incomplete there too.
65 *
66 * - There are various undocumented protocol requirements, like the need
67 * to send garbage in some control-OUT messages.
68 *
69 * - MS-Windows drivers sometimes emit undocumented requests.
70 */
71
72 struct f_rndis {
73 struct gether port;
74 u8 ctrl_id, data_id;
75 u8 ethaddr[ETH_ALEN];
76 u32 vendorID;
77 const char *manufacturer;
78 struct rndis_params *params;
79
80 struct usb_ep *notify;
81 struct usb_request *notify_req;
82 atomic_t notify_count;
83 };
84
func_to_rndis(struct usb_function * f)85 static inline struct f_rndis *func_to_rndis(struct usb_function *f)
86 {
87 return container_of(f, struct f_rndis, port.func);
88 }
89
90 /*-------------------------------------------------------------------------*/
91
92 /*
93 */
94
95 #define RNDIS_STATUS_INTERVAL_MS 32
96 #define STATUS_BYTECOUNT 8 /* 8 bytes data */
97
98
99 /* interface descriptor: */
100
101 static struct usb_interface_descriptor rndis_control_intf = {
102 .bLength = sizeof rndis_control_intf,
103 .bDescriptorType = USB_DT_INTERFACE,
104
105 /* .bInterfaceNumber = DYNAMIC */
106 /* status endpoint is optional; this could be patched later */
107 .bNumEndpoints = 1,
108 .bInterfaceClass = USB_CLASS_COMM,
109 .bInterfaceSubClass = USB_CDC_SUBCLASS_ACM,
110 .bInterfaceProtocol = USB_CDC_ACM_PROTO_VENDOR,
111 /* .iInterface = DYNAMIC */
112 };
113
114 static struct usb_cdc_header_desc header_desc = {
115 .bLength = sizeof header_desc,
116 .bDescriptorType = USB_DT_CS_INTERFACE,
117 .bDescriptorSubType = USB_CDC_HEADER_TYPE,
118
119 .bcdCDC = cpu_to_le16(0x0110),
120 };
121
122 static struct usb_cdc_call_mgmt_descriptor call_mgmt_descriptor = {
123 .bLength = sizeof call_mgmt_descriptor,
124 .bDescriptorType = USB_DT_CS_INTERFACE,
125 .bDescriptorSubType = USB_CDC_CALL_MANAGEMENT_TYPE,
126
127 .bmCapabilities = 0x00,
128 .bDataInterface = 0x01,
129 };
130
131 static struct usb_cdc_acm_descriptor rndis_acm_descriptor = {
132 .bLength = sizeof rndis_acm_descriptor,
133 .bDescriptorType = USB_DT_CS_INTERFACE,
134 .bDescriptorSubType = USB_CDC_ACM_TYPE,
135
136 .bmCapabilities = 0x00,
137 };
138
139 static struct usb_cdc_union_desc rndis_union_desc = {
140 .bLength = sizeof(rndis_union_desc),
141 .bDescriptorType = USB_DT_CS_INTERFACE,
142 .bDescriptorSubType = USB_CDC_UNION_TYPE,
143 /* .bMasterInterface0 = DYNAMIC */
144 /* .bSlaveInterface0 = DYNAMIC */
145 };
146
147 /* the data interface has two bulk endpoints */
148
149 static struct usb_interface_descriptor rndis_data_intf = {
150 .bLength = sizeof rndis_data_intf,
151 .bDescriptorType = USB_DT_INTERFACE,
152
153 /* .bInterfaceNumber = DYNAMIC */
154 .bNumEndpoints = 2,
155 .bInterfaceClass = USB_CLASS_CDC_DATA,
156 .bInterfaceSubClass = 0,
157 .bInterfaceProtocol = 0,
158 /* .iInterface = DYNAMIC */
159 };
160
161
162 static struct usb_interface_assoc_descriptor
163 rndis_iad_descriptor = {
164 .bLength = sizeof rndis_iad_descriptor,
165 .bDescriptorType = USB_DT_INTERFACE_ASSOCIATION,
166
167 .bFirstInterface = 0, /* XXX, hardcoded */
168 .bInterfaceCount = 2, // control + data
169 .bFunctionClass = USB_CLASS_COMM,
170 .bFunctionSubClass = USB_CDC_SUBCLASS_ETHERNET,
171 .bFunctionProtocol = USB_CDC_PROTO_NONE,
172 /* .iFunction = DYNAMIC */
173 };
174
175 /* full speed support: */
176
177 static struct usb_endpoint_descriptor fs_notify_desc = {
178 .bLength = USB_DT_ENDPOINT_SIZE,
179 .bDescriptorType = USB_DT_ENDPOINT,
180
181 .bEndpointAddress = USB_DIR_IN,
182 .bmAttributes = USB_ENDPOINT_XFER_INT,
183 .wMaxPacketSize = cpu_to_le16(STATUS_BYTECOUNT),
184 .bInterval = RNDIS_STATUS_INTERVAL_MS,
185 };
186
187 static struct usb_endpoint_descriptor fs_in_desc = {
188 .bLength = USB_DT_ENDPOINT_SIZE,
189 .bDescriptorType = USB_DT_ENDPOINT,
190
191 .bEndpointAddress = USB_DIR_IN,
192 .bmAttributes = USB_ENDPOINT_XFER_BULK,
193 };
194
195 static struct usb_endpoint_descriptor fs_out_desc = {
196 .bLength = USB_DT_ENDPOINT_SIZE,
197 .bDescriptorType = USB_DT_ENDPOINT,
198
199 .bEndpointAddress = USB_DIR_OUT,
200 .bmAttributes = USB_ENDPOINT_XFER_BULK,
201 };
202
203 static struct usb_descriptor_header *eth_fs_function[] = {
204 (struct usb_descriptor_header *) &rndis_iad_descriptor,
205
206 /* control interface matches ACM, not Ethernet */
207 (struct usb_descriptor_header *) &rndis_control_intf,
208 (struct usb_descriptor_header *) &header_desc,
209 (struct usb_descriptor_header *) &call_mgmt_descriptor,
210 (struct usb_descriptor_header *) &rndis_acm_descriptor,
211 (struct usb_descriptor_header *) &rndis_union_desc,
212 (struct usb_descriptor_header *) &fs_notify_desc,
213
214 /* data interface has no altsetting */
215 (struct usb_descriptor_header *) &rndis_data_intf,
216 (struct usb_descriptor_header *) &fs_in_desc,
217 (struct usb_descriptor_header *) &fs_out_desc,
218 NULL,
219 };
220
221 /* high speed support: */
222
223 static struct usb_endpoint_descriptor hs_notify_desc = {
224 .bLength = USB_DT_ENDPOINT_SIZE,
225 .bDescriptorType = USB_DT_ENDPOINT,
226
227 .bEndpointAddress = USB_DIR_IN,
228 .bmAttributes = USB_ENDPOINT_XFER_INT,
229 .wMaxPacketSize = cpu_to_le16(STATUS_BYTECOUNT),
230 .bInterval = USB_MS_TO_HS_INTERVAL(RNDIS_STATUS_INTERVAL_MS)
231 };
232
233 static struct usb_endpoint_descriptor hs_in_desc = {
234 .bLength = USB_DT_ENDPOINT_SIZE,
235 .bDescriptorType = USB_DT_ENDPOINT,
236
237 .bEndpointAddress = USB_DIR_IN,
238 .bmAttributes = USB_ENDPOINT_XFER_BULK,
239 .wMaxPacketSize = cpu_to_le16(512),
240 };
241
242 static struct usb_endpoint_descriptor hs_out_desc = {
243 .bLength = USB_DT_ENDPOINT_SIZE,
244 .bDescriptorType = USB_DT_ENDPOINT,
245
246 .bEndpointAddress = USB_DIR_OUT,
247 .bmAttributes = USB_ENDPOINT_XFER_BULK,
248 .wMaxPacketSize = cpu_to_le16(512),
249 };
250
251 static struct usb_descriptor_header *eth_hs_function[] = {
252 (struct usb_descriptor_header *) &rndis_iad_descriptor,
253
254 /* control interface matches ACM, not Ethernet */
255 (struct usb_descriptor_header *) &rndis_control_intf,
256 (struct usb_descriptor_header *) &header_desc,
257 (struct usb_descriptor_header *) &call_mgmt_descriptor,
258 (struct usb_descriptor_header *) &rndis_acm_descriptor,
259 (struct usb_descriptor_header *) &rndis_union_desc,
260 (struct usb_descriptor_header *) &hs_notify_desc,
261
262 /* data interface has no altsetting */
263 (struct usb_descriptor_header *) &rndis_data_intf,
264 (struct usb_descriptor_header *) &hs_in_desc,
265 (struct usb_descriptor_header *) &hs_out_desc,
266 NULL,
267 };
268
269 /* super speed support: */
270
271 static struct usb_endpoint_descriptor ss_notify_desc = {
272 .bLength = USB_DT_ENDPOINT_SIZE,
273 .bDescriptorType = USB_DT_ENDPOINT,
274
275 .bEndpointAddress = USB_DIR_IN,
276 .bmAttributes = USB_ENDPOINT_XFER_INT,
277 .wMaxPacketSize = cpu_to_le16(STATUS_BYTECOUNT),
278 .bInterval = USB_MS_TO_HS_INTERVAL(RNDIS_STATUS_INTERVAL_MS)
279 };
280
281 static struct usb_ss_ep_comp_descriptor ss_intr_comp_desc = {
282 .bLength = sizeof ss_intr_comp_desc,
283 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
284
285 /* the following 3 values can be tweaked if necessary */
286 /* .bMaxBurst = 0, */
287 /* .bmAttributes = 0, */
288 .wBytesPerInterval = cpu_to_le16(STATUS_BYTECOUNT),
289 };
290
291 static struct usb_endpoint_descriptor ss_in_desc = {
292 .bLength = USB_DT_ENDPOINT_SIZE,
293 .bDescriptorType = USB_DT_ENDPOINT,
294
295 .bEndpointAddress = USB_DIR_IN,
296 .bmAttributes = USB_ENDPOINT_XFER_BULK,
297 .wMaxPacketSize = cpu_to_le16(1024),
298 };
299
300 static struct usb_endpoint_descriptor ss_out_desc = {
301 .bLength = USB_DT_ENDPOINT_SIZE,
302 .bDescriptorType = USB_DT_ENDPOINT,
303
304 .bEndpointAddress = USB_DIR_OUT,
305 .bmAttributes = USB_ENDPOINT_XFER_BULK,
306 .wMaxPacketSize = cpu_to_le16(1024),
307 };
308
309 static struct usb_ss_ep_comp_descriptor ss_bulk_comp_desc = {
310 .bLength = sizeof ss_bulk_comp_desc,
311 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
312
313 /* the following 2 values can be tweaked if necessary */
314 /* .bMaxBurst = 0, */
315 /* .bmAttributes = 0, */
316 };
317
318 static struct usb_descriptor_header *eth_ss_function[] = {
319 (struct usb_descriptor_header *) &rndis_iad_descriptor,
320
321 /* control interface matches ACM, not Ethernet */
322 (struct usb_descriptor_header *) &rndis_control_intf,
323 (struct usb_descriptor_header *) &header_desc,
324 (struct usb_descriptor_header *) &call_mgmt_descriptor,
325 (struct usb_descriptor_header *) &rndis_acm_descriptor,
326 (struct usb_descriptor_header *) &rndis_union_desc,
327 (struct usb_descriptor_header *) &ss_notify_desc,
328 (struct usb_descriptor_header *) &ss_intr_comp_desc,
329
330 /* data interface has no altsetting */
331 (struct usb_descriptor_header *) &rndis_data_intf,
332 (struct usb_descriptor_header *) &ss_in_desc,
333 (struct usb_descriptor_header *) &ss_bulk_comp_desc,
334 (struct usb_descriptor_header *) &ss_out_desc,
335 (struct usb_descriptor_header *) &ss_bulk_comp_desc,
336 NULL,
337 };
338
339 /* string descriptors: */
340
341 static struct usb_string rndis_string_defs[] = {
342 [0].s = "RNDIS Communications Control",
343 [1].s = "RNDIS Ethernet Data",
344 [2].s = "RNDIS",
345 { } /* end of list */
346 };
347
348 static struct usb_gadget_strings rndis_string_table = {
349 .language = 0x0409, /* en-us */
350 .strings = rndis_string_defs,
351 };
352
353 static struct usb_gadget_strings *rndis_strings[] = {
354 &rndis_string_table,
355 NULL,
356 };
357
358 /*-------------------------------------------------------------------------*/
359
rndis_add_header(struct gether * port,struct sk_buff * skb)360 static struct sk_buff *rndis_add_header(struct gether *port,
361 struct sk_buff *skb)
362 {
363 struct sk_buff *skb2;
364
365 if (!skb)
366 return NULL;
367
368 skb2 = skb_realloc_headroom(skb, sizeof(struct rndis_packet_msg_type));
369 rndis_add_hdr(skb2);
370
371 dev_kfree_skb(skb);
372 return skb2;
373 }
374
rndis_response_available(void * _rndis)375 static void rndis_response_available(void *_rndis)
376 {
377 struct f_rndis *rndis = _rndis;
378 struct usb_request *req = rndis->notify_req;
379 struct usb_composite_dev *cdev = rndis->port.func.config->cdev;
380 __le32 *data = req->buf;
381 int status;
382
383 if (atomic_inc_return(&rndis->notify_count) != 1)
384 return;
385
386 /* Send RNDIS RESPONSE_AVAILABLE notification; a
387 * USB_CDC_NOTIFY_RESPONSE_AVAILABLE "should" work too
388 *
389 * This is the only notification defined by RNDIS.
390 */
391 data[0] = cpu_to_le32(1);
392 data[1] = cpu_to_le32(0);
393
394 status = usb_ep_queue(rndis->notify, req, GFP_ATOMIC);
395 if (status) {
396 atomic_dec(&rndis->notify_count);
397 DBG(cdev, "notify/0 --> %d\n", status);
398 }
399 }
400
rndis_response_complete(struct usb_ep * ep,struct usb_request * req)401 static void rndis_response_complete(struct usb_ep *ep, struct usb_request *req)
402 {
403 struct f_rndis *rndis = req->context;
404 struct usb_composite_dev *cdev = rndis->port.func.config->cdev;
405 int status = req->status;
406
407 /* after TX:
408 * - USB_CDC_GET_ENCAPSULATED_RESPONSE (ep0/control)
409 * - RNDIS_RESPONSE_AVAILABLE (status/irq)
410 */
411 switch (status) {
412 case -ECONNRESET:
413 case -ESHUTDOWN:
414 /* connection gone */
415 atomic_set(&rndis->notify_count, 0);
416 break;
417 default:
418 DBG(cdev, "RNDIS %s response error %d, %d/%d\n",
419 ep->name, status,
420 req->actual, req->length);
421 fallthrough;
422 case 0:
423 if (ep != rndis->notify)
424 break;
425
426 /* handle multiple pending RNDIS_RESPONSE_AVAILABLE
427 * notifications by resending until we're done
428 */
429 if (atomic_dec_and_test(&rndis->notify_count))
430 break;
431 status = usb_ep_queue(rndis->notify, req, GFP_ATOMIC);
432 if (status) {
433 atomic_dec(&rndis->notify_count);
434 DBG(cdev, "notify/1 --> %d\n", status);
435 }
436 break;
437 }
438 }
439
rndis_command_complete(struct usb_ep * ep,struct usb_request * req)440 static void rndis_command_complete(struct usb_ep *ep, struct usb_request *req)
441 {
442 struct f_rndis *rndis = req->context;
443 int status;
444
445 /* received RNDIS command from USB_CDC_SEND_ENCAPSULATED_COMMAND */
446 // spin_lock(&dev->lock);
447 status = rndis_msg_parser(rndis->params, (u8 *) req->buf);
448 if (status < 0)
449 pr_err("RNDIS command error %d, %d/%d\n",
450 status, req->actual, req->length);
451 // spin_unlock(&dev->lock);
452 }
453
454 static int
rndis_setup(struct usb_function * f,const struct usb_ctrlrequest * ctrl)455 rndis_setup(struct usb_function *f, const struct usb_ctrlrequest *ctrl)
456 {
457 struct f_rndis *rndis = func_to_rndis(f);
458 struct usb_composite_dev *cdev = f->config->cdev;
459 struct usb_request *req = cdev->req;
460 int value = -EOPNOTSUPP;
461 u16 w_index = le16_to_cpu(ctrl->wIndex);
462 u16 w_value = le16_to_cpu(ctrl->wValue);
463 u16 w_length = le16_to_cpu(ctrl->wLength);
464
465 /* composite driver infrastructure handles everything except
466 * CDC class messages; interface activation uses set_alt().
467 */
468 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) {
469
470 /* RNDIS uses the CDC command encapsulation mechanism to implement
471 * an RPC scheme, with much getting/setting of attributes by OID.
472 */
473 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8)
474 | USB_CDC_SEND_ENCAPSULATED_COMMAND:
475 if (w_value || w_index != rndis->ctrl_id)
476 goto invalid;
477 /* read the request; process it later */
478 value = w_length;
479 req->complete = rndis_command_complete;
480 req->context = rndis;
481 /* later, rndis_response_available() sends a notification */
482 break;
483
484 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8)
485 | USB_CDC_GET_ENCAPSULATED_RESPONSE:
486 if (w_value || w_index != rndis->ctrl_id)
487 goto invalid;
488 else {
489 u8 *buf;
490 u32 n;
491
492 /* return the result */
493 buf = rndis_get_next_response(rndis->params, &n);
494 if (buf) {
495 memcpy(req->buf, buf, n);
496 req->complete = rndis_response_complete;
497 req->context = rndis;
498 rndis_free_response(rndis->params, buf);
499 value = n;
500 }
501 /* else stalls ... spec says to avoid that */
502 }
503 break;
504
505 default:
506 invalid:
507 VDBG(cdev, "invalid control req%02x.%02x v%04x i%04x l%d\n",
508 ctrl->bRequestType, ctrl->bRequest,
509 w_value, w_index, w_length);
510 }
511
512 /* respond with data transfer or status phase? */
513 if (value >= 0) {
514 DBG(cdev, "rndis req%02x.%02x v%04x i%04x l%d\n",
515 ctrl->bRequestType, ctrl->bRequest,
516 w_value, w_index, w_length);
517 req->zero = (value < w_length);
518 req->length = value;
519 value = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC);
520 if (value < 0)
521 ERROR(cdev, "rndis response on err %d\n", value);
522 }
523
524 /* device either stalls (value < 0) or reports success */
525 return value;
526 }
527
528
rndis_set_alt(struct usb_function * f,unsigned intf,unsigned alt)529 static int rndis_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
530 {
531 struct f_rndis *rndis = func_to_rndis(f);
532 struct usb_composite_dev *cdev = f->config->cdev;
533
534 /* we know alt == 0 */
535
536 if (intf == rndis->ctrl_id) {
537 VDBG(cdev, "reset rndis control %d\n", intf);
538 usb_ep_disable(rndis->notify);
539
540 if (!rndis->notify->desc) {
541 VDBG(cdev, "init rndis ctrl %d\n", intf);
542 if (config_ep_by_speed(cdev->gadget, f, rndis->notify))
543 goto fail;
544 }
545 usb_ep_enable(rndis->notify);
546
547 } else if (intf == rndis->data_id) {
548 struct net_device *net;
549
550 if (rndis->port.in_ep->enabled) {
551 DBG(cdev, "reset rndis\n");
552 gether_disconnect(&rndis->port);
553 }
554
555 if (!rndis->port.in_ep->desc || !rndis->port.out_ep->desc) {
556 DBG(cdev, "init rndis\n");
557 if (config_ep_by_speed(cdev->gadget, f,
558 rndis->port.in_ep) ||
559 config_ep_by_speed(cdev->gadget, f,
560 rndis->port.out_ep)) {
561 rndis->port.in_ep->desc = NULL;
562 rndis->port.out_ep->desc = NULL;
563 goto fail;
564 }
565 }
566
567 /* Avoid ZLPs; they can be troublesome. */
568 rndis->port.is_zlp_ok = false;
569
570 /* RNDIS should be in the "RNDIS uninitialized" state,
571 * either never activated or after rndis_uninit().
572 *
573 * We don't want data to flow here until a nonzero packet
574 * filter is set, at which point it enters "RNDIS data
575 * initialized" state ... but we do want the endpoints
576 * to be activated. It's a strange little state.
577 *
578 * REVISIT the RNDIS gadget code has done this wrong for a
579 * very long time. We need another call to the link layer
580 * code -- gether_updown(...bool) maybe -- to do it right.
581 */
582 rndis->port.cdc_filter = 0;
583
584 DBG(cdev, "RNDIS RX/TX early activation ... \n");
585 net = gether_connect(&rndis->port);
586 if (IS_ERR(net))
587 return PTR_ERR(net);
588
589 rndis_set_param_dev(rndis->params, net,
590 &rndis->port.cdc_filter);
591 } else
592 goto fail;
593
594 return 0;
595 fail:
596 return -EINVAL;
597 }
598
rndis_disable(struct usb_function * f)599 static void rndis_disable(struct usb_function *f)
600 {
601 struct f_rndis *rndis = func_to_rndis(f);
602 struct usb_composite_dev *cdev = f->config->cdev;
603
604 if (!rndis->notify->enabled)
605 return;
606
607 DBG(cdev, "rndis deactivated\n");
608
609 rndis_uninit(rndis->params);
610 gether_disconnect(&rndis->port);
611
612 usb_ep_disable(rndis->notify);
613 rndis->notify->desc = NULL;
614 }
615
616 /*-------------------------------------------------------------------------*/
617
618 /*
619 * This isn't quite the same mechanism as CDC Ethernet, since the
620 * notification scheme passes less data, but the same set of link
621 * states must be tested. A key difference is that altsettings are
622 * not used to tell whether the link should send packets or not.
623 */
624
rndis_open(struct gether * geth)625 static void rndis_open(struct gether *geth)
626 {
627 struct f_rndis *rndis = func_to_rndis(&geth->func);
628 struct usb_composite_dev *cdev = geth->func.config->cdev;
629
630 DBG(cdev, "%s\n", __func__);
631
632 rndis_set_param_medium(rndis->params, RNDIS_MEDIUM_802_3,
633 gether_bitrate(cdev->gadget) / 100);
634 rndis_signal_connect(rndis->params);
635 }
636
rndis_close(struct gether * geth)637 static void rndis_close(struct gether *geth)
638 {
639 struct f_rndis *rndis = func_to_rndis(&geth->func);
640
641 DBG(geth->func.config->cdev, "%s\n", __func__);
642
643 rndis_set_param_medium(rndis->params, RNDIS_MEDIUM_802_3, 0);
644 rndis_signal_disconnect(rndis->params);
645 }
646
647 /*-------------------------------------------------------------------------*/
648
649 /* Some controllers can't support RNDIS ... */
can_support_rndis(struct usb_configuration * c)650 static inline bool can_support_rndis(struct usb_configuration *c)
651 {
652 /* everything else is *presumably* fine */
653 return true;
654 }
655
656 /* ethernet function driver setup/binding */
657
658 static int
rndis_bind(struct usb_configuration * c,struct usb_function * f)659 rndis_bind(struct usb_configuration *c, struct usb_function *f)
660 {
661 struct usb_composite_dev *cdev = c->cdev;
662 struct f_rndis *rndis = func_to_rndis(f);
663 struct usb_string *us;
664 int status;
665 struct usb_ep *ep;
666
667 struct f_rndis_opts *rndis_opts;
668 struct usb_os_desc_table *os_desc_table __free(kfree) = NULL;
669 struct net_device *net __free(detach_gadget) = NULL;
670 struct usb_request *request __free(free_usb_request) = NULL;
671
672 if (!can_support_rndis(c))
673 return -EINVAL;
674
675 rndis_opts = container_of(f->fi, struct f_rndis_opts, func_inst);
676
677 if (cdev->use_os_string) {
678 os_desc_table = kzalloc_obj(*os_desc_table);
679 if (!os_desc_table)
680 return -ENOMEM;
681 }
682
683 scoped_guard(mutex, &rndis_opts->lock) {
684 rndis_iad_descriptor.bFunctionClass = rndis_opts->class;
685 rndis_iad_descriptor.bFunctionSubClass = rndis_opts->subclass;
686 rndis_iad_descriptor.bFunctionProtocol = rndis_opts->protocol;
687
688 if (rndis_opts->bind_count == 0 && !rndis_opts->borrowed_net) {
689 if (!device_is_registered(&rndis_opts->net->dev)) {
690 gether_set_gadget(rndis_opts->net, cdev->gadget);
691 status = gether_register_netdev(rndis_opts->net);
692 } else
693 status = gether_attach_gadget(rndis_opts->net, cdev->gadget);
694
695 if (status)
696 return status;
697 net = rndis_opts->net;
698 }
699 }
700
701 us = usb_gstrings_attach(cdev, rndis_strings,
702 ARRAY_SIZE(rndis_string_defs));
703 if (IS_ERR(us))
704 return PTR_ERR(us);
705 rndis_control_intf.iInterface = us[0].id;
706 rndis_data_intf.iInterface = us[1].id;
707 rndis_iad_descriptor.iFunction = us[2].id;
708
709 /* allocate instance-specific interface IDs */
710 status = usb_interface_id(c, f);
711 if (status < 0)
712 return status;
713 rndis->ctrl_id = status;
714 rndis_iad_descriptor.bFirstInterface = status;
715
716 rndis_control_intf.bInterfaceNumber = status;
717 rndis_union_desc.bMasterInterface0 = status;
718
719 status = usb_interface_id(c, f);
720 if (status < 0)
721 return status;
722 rndis->data_id = status;
723
724 rndis_data_intf.bInterfaceNumber = status;
725 rndis_union_desc.bSlaveInterface0 = status;
726
727 /* allocate instance-specific endpoints */
728 ep = usb_ep_autoconfig(cdev->gadget, &fs_in_desc);
729 if (!ep)
730 return -ENODEV;
731 rndis->port.in_ep = ep;
732
733 ep = usb_ep_autoconfig(cdev->gadget, &fs_out_desc);
734 if (!ep)
735 return -ENODEV;
736 rndis->port.out_ep = ep;
737
738 /* NOTE: a status/notification endpoint is, strictly speaking,
739 * optional. We don't treat it that way though! It's simpler,
740 * and some newer profiles don't treat it as optional.
741 */
742 ep = usb_ep_autoconfig(cdev->gadget, &fs_notify_desc);
743 if (!ep)
744 return -ENODEV;
745 rndis->notify = ep;
746
747 /* allocate notification request and buffer */
748 request = usb_ep_alloc_request(ep, GFP_KERNEL);
749 if (!request)
750 return -ENOMEM;
751 request->buf = kmalloc(STATUS_BYTECOUNT, GFP_KERNEL);
752 if (!request->buf)
753 return -ENOMEM;
754 request->length = STATUS_BYTECOUNT;
755 request->context = rndis;
756 request->complete = rndis_response_complete;
757
758 /* support all relevant hardware speeds... we expect that when
759 * hardware is dual speed, all bulk-capable endpoints work at
760 * both speeds
761 */
762 hs_in_desc.bEndpointAddress = fs_in_desc.bEndpointAddress;
763 hs_out_desc.bEndpointAddress = fs_out_desc.bEndpointAddress;
764 hs_notify_desc.bEndpointAddress = fs_notify_desc.bEndpointAddress;
765
766 ss_in_desc.bEndpointAddress = fs_in_desc.bEndpointAddress;
767 ss_out_desc.bEndpointAddress = fs_out_desc.bEndpointAddress;
768 ss_notify_desc.bEndpointAddress = fs_notify_desc.bEndpointAddress;
769
770 status = usb_assign_descriptors(f, eth_fs_function, eth_hs_function,
771 eth_ss_function, eth_ss_function);
772 if (status)
773 return status;
774
775 rndis->port.open = rndis_open;
776 rndis->port.close = rndis_close;
777
778 rndis_set_param_medium(rndis->params, RNDIS_MEDIUM_802_3, 0);
779 rndis_set_host_mac(rndis->params, rndis->ethaddr);
780
781 if (rndis->manufacturer && rndis->vendorID &&
782 rndis_set_param_vendor(rndis->params, rndis->vendorID,
783 rndis->manufacturer)) {
784 usb_free_all_descriptors(f);
785 return -EINVAL;
786 }
787
788 if (cdev->use_os_string) {
789 os_desc_table[0].os_desc = &rndis_opts->rndis_os_desc;
790 os_desc_table[0].if_id = rndis_iad_descriptor.bFirstInterface;
791 f->os_desc_table = no_free_ptr(os_desc_table);
792 f->os_desc_n = 1;
793
794 }
795 rndis->notify_req = no_free_ptr(request);
796
797 rndis_opts->bind_count++;
798 retain_and_null_ptr(net);
799
800 /* NOTE: all that is done without knowing or caring about
801 * the network link ... which is unavailable to this code
802 * until we're activated via set_alt().
803 */
804
805 DBG(cdev, "RNDIS: IN/%s OUT/%s NOTIFY/%s\n",
806 rndis->port.in_ep->name, rndis->port.out_ep->name,
807 rndis->notify->name);
808 return 0;
809 }
810
rndis_borrow_net(struct usb_function_instance * f,struct net_device * net)811 void rndis_borrow_net(struct usb_function_instance *f, struct net_device *net)
812 {
813 struct f_rndis_opts *opts;
814
815 opts = container_of(f, struct f_rndis_opts, func_inst);
816 if (device_is_registered(&opts->net->dev))
817 gether_cleanup(netdev_priv(opts->net));
818 else
819 free_netdev(opts->net);
820 opts->borrowed_net = true;
821 opts->net = net;
822 }
823 EXPORT_SYMBOL_GPL(rndis_borrow_net);
824
to_f_rndis_opts(struct config_item * item)825 static inline struct f_rndis_opts *to_f_rndis_opts(struct config_item *item)
826 {
827 return container_of(to_config_group(item), struct f_rndis_opts,
828 func_inst.group);
829 }
830
831 /* f_rndis_item_ops */
832 USB_ETHERNET_CONFIGFS_ITEM(rndis);
833
834 /* f_rndis_opts_dev_addr */
835 USB_ETHERNET_CONFIGFS_ITEM_ATTR_DEV_ADDR(rndis);
836
837 /* f_rndis_opts_host_addr */
838 USB_ETHERNET_CONFIGFS_ITEM_ATTR_HOST_ADDR(rndis);
839
840 /* f_rndis_opts_qmult */
841 USB_ETHERNET_CONFIGFS_ITEM_ATTR_QMULT(rndis);
842
843 /* f_rndis_opts_ifname */
844 USB_ETHERNET_CONFIGFS_ITEM_ATTR_IFNAME(rndis);
845
846 /* f_rndis_opts_class */
847 USB_ETHER_CONFIGFS_ITEM_ATTR_U8_RW(rndis, class);
848
849 /* f_rndis_opts_subclass */
850 USB_ETHER_CONFIGFS_ITEM_ATTR_U8_RW(rndis, subclass);
851
852 /* f_rndis_opts_protocol */
853 USB_ETHER_CONFIGFS_ITEM_ATTR_U8_RW(rndis, protocol);
854
855 static struct configfs_attribute *rndis_attrs[] = {
856 &rndis_opts_attr_dev_addr,
857 &rndis_opts_attr_host_addr,
858 &rndis_opts_attr_qmult,
859 &rndis_opts_attr_ifname,
860 &rndis_opts_attr_class,
861 &rndis_opts_attr_subclass,
862 &rndis_opts_attr_protocol,
863 NULL,
864 };
865
866 static const struct config_item_type rndis_func_type = {
867 .ct_item_ops = &rndis_item_ops,
868 .ct_attrs = rndis_attrs,
869 .ct_owner = THIS_MODULE,
870 };
871
rndis_free_inst(struct usb_function_instance * f)872 static void rndis_free_inst(struct usb_function_instance *f)
873 {
874 struct f_rndis_opts *opts;
875
876 opts = container_of(f, struct f_rndis_opts, func_inst);
877 if (!opts->borrowed_net) {
878 if (device_is_registered(&opts->net->dev))
879 gether_cleanup(netdev_priv(opts->net));
880 else
881 free_netdev(opts->net);
882 }
883
884 kfree(opts->rndis_interf_group); /* single VLA chunk */
885 kfree(opts);
886 }
887
rndis_alloc_inst(void)888 static struct usb_function_instance *rndis_alloc_inst(void)
889 {
890 struct f_rndis_opts *opts;
891 struct usb_os_desc *descs[1];
892 char *names[1];
893 struct config_group *rndis_interf_group;
894
895 opts = kzalloc_obj(*opts);
896 if (!opts)
897 return ERR_PTR(-ENOMEM);
898 opts->rndis_os_desc.ext_compat_id = opts->rndis_ext_compat_id;
899
900 mutex_init(&opts->lock);
901 opts->func_inst.free_func_inst = rndis_free_inst;
902 opts->net = gether_setup_default();
903 if (IS_ERR(opts->net)) {
904 struct net_device *net = opts->net;
905 kfree(opts);
906 return ERR_CAST(net);
907 }
908 INIT_LIST_HEAD(&opts->rndis_os_desc.ext_prop);
909
910 opts->class = rndis_iad_descriptor.bFunctionClass;
911 opts->subclass = rndis_iad_descriptor.bFunctionSubClass;
912 opts->protocol = rndis_iad_descriptor.bFunctionProtocol;
913
914 descs[0] = &opts->rndis_os_desc;
915 names[0] = "rndis";
916 config_group_init_type_name(&opts->func_inst.group, "",
917 &rndis_func_type);
918 rndis_interf_group =
919 usb_os_desc_prepare_interf_dir(&opts->func_inst.group, 1, descs,
920 names, THIS_MODULE);
921 if (IS_ERR(rndis_interf_group)) {
922 rndis_free_inst(&opts->func_inst);
923 return ERR_CAST(rndis_interf_group);
924 }
925 opts->rndis_interf_group = rndis_interf_group;
926
927 return &opts->func_inst;
928 }
929
rndis_free(struct usb_function * f)930 static void rndis_free(struct usb_function *f)
931 {
932 struct f_rndis *rndis;
933 struct f_rndis_opts *opts;
934
935 rndis = func_to_rndis(f);
936 rndis_deregister(rndis->params);
937 opts = container_of(f->fi, struct f_rndis_opts, func_inst);
938 kfree(rndis);
939 mutex_lock(&opts->lock);
940 opts->refcnt--;
941 mutex_unlock(&opts->lock);
942 }
943
rndis_unbind(struct usb_configuration * c,struct usb_function * f)944 static void rndis_unbind(struct usb_configuration *c, struct usb_function *f)
945 {
946 struct f_rndis *rndis = func_to_rndis(f);
947 struct f_rndis_opts *rndis_opts;
948
949 rndis_opts = container_of(f->fi, struct f_rndis_opts, func_inst);
950
951 kfree(f->os_desc_table);
952 f->os_desc_n = 0;
953 usb_free_all_descriptors(f);
954
955 kfree(rndis->notify_req->buf);
956 usb_ep_free_request(rndis->notify, rndis->notify_req);
957
958 rndis_opts->bind_count--;
959 if (rndis_opts->bind_count == 0 && !rndis_opts->borrowed_net)
960 gether_detach_gadget(rndis_opts->net);
961 }
962
rndis_alloc(struct usb_function_instance * fi)963 static struct usb_function *rndis_alloc(struct usb_function_instance *fi)
964 {
965 struct f_rndis *rndis;
966 struct f_rndis_opts *opts;
967 struct rndis_params *params;
968
969 /* allocate and initialize one new instance */
970 rndis = kzalloc_obj(*rndis);
971 if (!rndis)
972 return ERR_PTR(-ENOMEM);
973
974 opts = container_of(fi, struct f_rndis_opts, func_inst);
975 mutex_lock(&opts->lock);
976 opts->refcnt++;
977
978 gether_get_host_addr_u8(opts->net, rndis->ethaddr);
979 rndis->vendorID = opts->vendor_id;
980 rndis->manufacturer = opts->manufacturer;
981
982 rndis->port.ioport = netdev_priv(opts->net);
983 mutex_unlock(&opts->lock);
984 /* RNDIS activates when the host changes this filter */
985 rndis->port.cdc_filter = 0;
986
987 /* RNDIS has special (and complex) framing */
988 rndis->port.header_len = sizeof(struct rndis_packet_msg_type);
989 rndis->port.wrap = rndis_add_header;
990 rndis->port.unwrap = rndis_rm_hdr;
991
992 rndis->port.func.name = "rndis";
993 /* descriptors are per-instance copies */
994 rndis->port.func.bind = rndis_bind;
995 rndis->port.func.unbind = rndis_unbind;
996 rndis->port.func.set_alt = rndis_set_alt;
997 rndis->port.func.setup = rndis_setup;
998 rndis->port.func.disable = rndis_disable;
999 rndis->port.func.free_func = rndis_free;
1000
1001 params = rndis_register(rndis_response_available, rndis);
1002 if (IS_ERR(params)) {
1003 kfree(rndis);
1004 return ERR_CAST(params);
1005 }
1006 rndis->params = params;
1007
1008 return &rndis->port.func;
1009 }
1010
1011 DECLARE_USB_FUNCTION_INIT(rndis, rndis_alloc_inst, rndis_alloc);
1012 MODULE_DESCRIPTION("RNDIS link function driver");
1013 MODULE_LICENSE("GPL");
1014 MODULE_AUTHOR("David Brownell");
1015