1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * f_rndis.c -- RNDIS link function driver 4 * 5 * Copyright (C) 2003-2005,2008 David Brownell 6 * Copyright (C) 2003-2004 Robert Schwebel, Benedikt Spranger 7 * Copyright (C) 2008 Nokia Corporation 8 * Copyright (C) 2009 Samsung Electronics 9 * Author: Michal Nazarewicz (mina86@mina86.com) 10 */ 11 12 /* #define VERBOSE_DEBUG */ 13 14 #include <linux/cleanup.h> 15 #include <linux/slab.h> 16 #include <linux/kernel.h> 17 #include <linux/module.h> 18 #include <linux/device.h> 19 #include <linux/etherdevice.h> 20 21 #include <linux/atomic.h> 22 23 #include <linux/usb/gadget.h> 24 25 #include "u_ether.h" 26 #include "u_ether_configfs.h" 27 #include "u_rndis.h" 28 #include "rndis.h" 29 #include "configfs.h" 30 31 /* 32 * This function is an RNDIS Ethernet port -- a Microsoft protocol that's 33 * been promoted instead of the standard CDC Ethernet. The published RNDIS 34 * spec is ambiguous, incomplete, and needlessly complex. Variants such as 35 * ActiveSync have even worse status in terms of specification. 36 * 37 * In short: it's a protocol controlled by (and for) Microsoft, not for an 38 * Open ecosystem or markets. Linux supports it *only* because Microsoft 39 * doesn't support the CDC Ethernet standard. 40 * 41 * The RNDIS data transfer model is complex, with multiple Ethernet packets 42 * per USB message, and out of band data. The control model is built around 43 * what's essentially an "RNDIS RPC" protocol. It's all wrapped in a CDC ACM 44 * (modem, not Ethernet) veneer, with those ACM descriptors being entirely 45 * useless (they're ignored). RNDIS expects to be the only function in its 46 * configuration, so it's no real help if you need composite devices; and 47 * it expects to be the first configuration too. 48 * 49 * There is a single technical advantage of RNDIS over CDC Ethernet, if you 50 * discount the fluff that its RPC can be made to deliver: it doesn't need 51 * a NOP altsetting for the data interface. That lets it work on some of the 52 * "so smart it's stupid" hardware which takes over configuration changes 53 * from the software, and adds restrictions like "no altsettings". 54 * 55 * Unfortunately MSFT's RNDIS drivers are buggy. They hang or oops, and 56 * have all sorts of contrary-to-specification oddities that can prevent 57 * them from working sanely. Since bugfixes (or accurate specs, letting 58 * Linux work around those bugs) are unlikely to ever come from MSFT, you 59 * may want to avoid using RNDIS on purely operational grounds. 60 * 61 * Omissions from the RNDIS 1.0 specification include: 62 * 63 * - Power management ... references data that's scattered around lots 64 * of other documentation, which is incorrect/incomplete there too. 65 * 66 * - There are various undocumented protocol requirements, like the need 67 * to send garbage in some control-OUT messages. 68 * 69 * - MS-Windows drivers sometimes emit undocumented requests. 70 */ 71 72 struct f_rndis { 73 struct gether port; 74 u8 ctrl_id, data_id; 75 u8 ethaddr[ETH_ALEN]; 76 u32 vendorID; 77 const char *manufacturer; 78 struct rndis_params *params; 79 80 struct usb_ep *notify; 81 struct usb_request *notify_req; 82 atomic_t notify_count; 83 }; 84 85 static inline struct f_rndis *func_to_rndis(struct usb_function *f) 86 { 87 return container_of(f, struct f_rndis, port.func); 88 } 89 90 /*-------------------------------------------------------------------------*/ 91 92 /* 93 */ 94 95 #define RNDIS_STATUS_INTERVAL_MS 32 96 #define STATUS_BYTECOUNT 8 /* 8 bytes data */ 97 98 99 /* interface descriptor: */ 100 101 static struct usb_interface_descriptor rndis_control_intf = { 102 .bLength = sizeof rndis_control_intf, 103 .bDescriptorType = USB_DT_INTERFACE, 104 105 /* .bInterfaceNumber = DYNAMIC */ 106 /* status endpoint is optional; this could be patched later */ 107 .bNumEndpoints = 1, 108 .bInterfaceClass = USB_CLASS_COMM, 109 .bInterfaceSubClass = USB_CDC_SUBCLASS_ACM, 110 .bInterfaceProtocol = USB_CDC_ACM_PROTO_VENDOR, 111 /* .iInterface = DYNAMIC */ 112 }; 113 114 static struct usb_cdc_header_desc header_desc = { 115 .bLength = sizeof header_desc, 116 .bDescriptorType = USB_DT_CS_INTERFACE, 117 .bDescriptorSubType = USB_CDC_HEADER_TYPE, 118 119 .bcdCDC = cpu_to_le16(0x0110), 120 }; 121 122 static struct usb_cdc_call_mgmt_descriptor call_mgmt_descriptor = { 123 .bLength = sizeof call_mgmt_descriptor, 124 .bDescriptorType = USB_DT_CS_INTERFACE, 125 .bDescriptorSubType = USB_CDC_CALL_MANAGEMENT_TYPE, 126 127 .bmCapabilities = 0x00, 128 .bDataInterface = 0x01, 129 }; 130 131 static struct usb_cdc_acm_descriptor rndis_acm_descriptor = { 132 .bLength = sizeof rndis_acm_descriptor, 133 .bDescriptorType = USB_DT_CS_INTERFACE, 134 .bDescriptorSubType = USB_CDC_ACM_TYPE, 135 136 .bmCapabilities = 0x00, 137 }; 138 139 static struct usb_cdc_union_desc rndis_union_desc = { 140 .bLength = sizeof(rndis_union_desc), 141 .bDescriptorType = USB_DT_CS_INTERFACE, 142 .bDescriptorSubType = USB_CDC_UNION_TYPE, 143 /* .bMasterInterface0 = DYNAMIC */ 144 /* .bSlaveInterface0 = DYNAMIC */ 145 }; 146 147 /* the data interface has two bulk endpoints */ 148 149 static struct usb_interface_descriptor rndis_data_intf = { 150 .bLength = sizeof rndis_data_intf, 151 .bDescriptorType = USB_DT_INTERFACE, 152 153 /* .bInterfaceNumber = DYNAMIC */ 154 .bNumEndpoints = 2, 155 .bInterfaceClass = USB_CLASS_CDC_DATA, 156 .bInterfaceSubClass = 0, 157 .bInterfaceProtocol = 0, 158 /* .iInterface = DYNAMIC */ 159 }; 160 161 162 static struct usb_interface_assoc_descriptor 163 rndis_iad_descriptor = { 164 .bLength = sizeof rndis_iad_descriptor, 165 .bDescriptorType = USB_DT_INTERFACE_ASSOCIATION, 166 167 .bFirstInterface = 0, /* XXX, hardcoded */ 168 .bInterfaceCount = 2, // control + data 169 .bFunctionClass = USB_CLASS_COMM, 170 .bFunctionSubClass = USB_CDC_SUBCLASS_ETHERNET, 171 .bFunctionProtocol = USB_CDC_PROTO_NONE, 172 /* .iFunction = DYNAMIC */ 173 }; 174 175 /* full speed support: */ 176 177 static struct usb_endpoint_descriptor fs_notify_desc = { 178 .bLength = USB_DT_ENDPOINT_SIZE, 179 .bDescriptorType = USB_DT_ENDPOINT, 180 181 .bEndpointAddress = USB_DIR_IN, 182 .bmAttributes = USB_ENDPOINT_XFER_INT, 183 .wMaxPacketSize = cpu_to_le16(STATUS_BYTECOUNT), 184 .bInterval = RNDIS_STATUS_INTERVAL_MS, 185 }; 186 187 static struct usb_endpoint_descriptor fs_in_desc = { 188 .bLength = USB_DT_ENDPOINT_SIZE, 189 .bDescriptorType = USB_DT_ENDPOINT, 190 191 .bEndpointAddress = USB_DIR_IN, 192 .bmAttributes = USB_ENDPOINT_XFER_BULK, 193 }; 194 195 static struct usb_endpoint_descriptor fs_out_desc = { 196 .bLength = USB_DT_ENDPOINT_SIZE, 197 .bDescriptorType = USB_DT_ENDPOINT, 198 199 .bEndpointAddress = USB_DIR_OUT, 200 .bmAttributes = USB_ENDPOINT_XFER_BULK, 201 }; 202 203 static struct usb_descriptor_header *eth_fs_function[] = { 204 (struct usb_descriptor_header *) &rndis_iad_descriptor, 205 206 /* control interface matches ACM, not Ethernet */ 207 (struct usb_descriptor_header *) &rndis_control_intf, 208 (struct usb_descriptor_header *) &header_desc, 209 (struct usb_descriptor_header *) &call_mgmt_descriptor, 210 (struct usb_descriptor_header *) &rndis_acm_descriptor, 211 (struct usb_descriptor_header *) &rndis_union_desc, 212 (struct usb_descriptor_header *) &fs_notify_desc, 213 214 /* data interface has no altsetting */ 215 (struct usb_descriptor_header *) &rndis_data_intf, 216 (struct usb_descriptor_header *) &fs_in_desc, 217 (struct usb_descriptor_header *) &fs_out_desc, 218 NULL, 219 }; 220 221 /* high speed support: */ 222 223 static struct usb_endpoint_descriptor hs_notify_desc = { 224 .bLength = USB_DT_ENDPOINT_SIZE, 225 .bDescriptorType = USB_DT_ENDPOINT, 226 227 .bEndpointAddress = USB_DIR_IN, 228 .bmAttributes = USB_ENDPOINT_XFER_INT, 229 .wMaxPacketSize = cpu_to_le16(STATUS_BYTECOUNT), 230 .bInterval = USB_MS_TO_HS_INTERVAL(RNDIS_STATUS_INTERVAL_MS) 231 }; 232 233 static struct usb_endpoint_descriptor hs_in_desc = { 234 .bLength = USB_DT_ENDPOINT_SIZE, 235 .bDescriptorType = USB_DT_ENDPOINT, 236 237 .bEndpointAddress = USB_DIR_IN, 238 .bmAttributes = USB_ENDPOINT_XFER_BULK, 239 .wMaxPacketSize = cpu_to_le16(512), 240 }; 241 242 static struct usb_endpoint_descriptor hs_out_desc = { 243 .bLength = USB_DT_ENDPOINT_SIZE, 244 .bDescriptorType = USB_DT_ENDPOINT, 245 246 .bEndpointAddress = USB_DIR_OUT, 247 .bmAttributes = USB_ENDPOINT_XFER_BULK, 248 .wMaxPacketSize = cpu_to_le16(512), 249 }; 250 251 static struct usb_descriptor_header *eth_hs_function[] = { 252 (struct usb_descriptor_header *) &rndis_iad_descriptor, 253 254 /* control interface matches ACM, not Ethernet */ 255 (struct usb_descriptor_header *) &rndis_control_intf, 256 (struct usb_descriptor_header *) &header_desc, 257 (struct usb_descriptor_header *) &call_mgmt_descriptor, 258 (struct usb_descriptor_header *) &rndis_acm_descriptor, 259 (struct usb_descriptor_header *) &rndis_union_desc, 260 (struct usb_descriptor_header *) &hs_notify_desc, 261 262 /* data interface has no altsetting */ 263 (struct usb_descriptor_header *) &rndis_data_intf, 264 (struct usb_descriptor_header *) &hs_in_desc, 265 (struct usb_descriptor_header *) &hs_out_desc, 266 NULL, 267 }; 268 269 /* super speed support: */ 270 271 static struct usb_endpoint_descriptor ss_notify_desc = { 272 .bLength = USB_DT_ENDPOINT_SIZE, 273 .bDescriptorType = USB_DT_ENDPOINT, 274 275 .bEndpointAddress = USB_DIR_IN, 276 .bmAttributes = USB_ENDPOINT_XFER_INT, 277 .wMaxPacketSize = cpu_to_le16(STATUS_BYTECOUNT), 278 .bInterval = USB_MS_TO_HS_INTERVAL(RNDIS_STATUS_INTERVAL_MS) 279 }; 280 281 static struct usb_ss_ep_comp_descriptor ss_intr_comp_desc = { 282 .bLength = sizeof ss_intr_comp_desc, 283 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 284 285 /* the following 3 values can be tweaked if necessary */ 286 /* .bMaxBurst = 0, */ 287 /* .bmAttributes = 0, */ 288 .wBytesPerInterval = cpu_to_le16(STATUS_BYTECOUNT), 289 }; 290 291 static struct usb_endpoint_descriptor ss_in_desc = { 292 .bLength = USB_DT_ENDPOINT_SIZE, 293 .bDescriptorType = USB_DT_ENDPOINT, 294 295 .bEndpointAddress = USB_DIR_IN, 296 .bmAttributes = USB_ENDPOINT_XFER_BULK, 297 .wMaxPacketSize = cpu_to_le16(1024), 298 }; 299 300 static struct usb_endpoint_descriptor ss_out_desc = { 301 .bLength = USB_DT_ENDPOINT_SIZE, 302 .bDescriptorType = USB_DT_ENDPOINT, 303 304 .bEndpointAddress = USB_DIR_OUT, 305 .bmAttributes = USB_ENDPOINT_XFER_BULK, 306 .wMaxPacketSize = cpu_to_le16(1024), 307 }; 308 309 static struct usb_ss_ep_comp_descriptor ss_bulk_comp_desc = { 310 .bLength = sizeof ss_bulk_comp_desc, 311 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 312 313 /* the following 2 values can be tweaked if necessary */ 314 /* .bMaxBurst = 0, */ 315 /* .bmAttributes = 0, */ 316 }; 317 318 static struct usb_descriptor_header *eth_ss_function[] = { 319 (struct usb_descriptor_header *) &rndis_iad_descriptor, 320 321 /* control interface matches ACM, not Ethernet */ 322 (struct usb_descriptor_header *) &rndis_control_intf, 323 (struct usb_descriptor_header *) &header_desc, 324 (struct usb_descriptor_header *) &call_mgmt_descriptor, 325 (struct usb_descriptor_header *) &rndis_acm_descriptor, 326 (struct usb_descriptor_header *) &rndis_union_desc, 327 (struct usb_descriptor_header *) &ss_notify_desc, 328 (struct usb_descriptor_header *) &ss_intr_comp_desc, 329 330 /* data interface has no altsetting */ 331 (struct usb_descriptor_header *) &rndis_data_intf, 332 (struct usb_descriptor_header *) &ss_in_desc, 333 (struct usb_descriptor_header *) &ss_bulk_comp_desc, 334 (struct usb_descriptor_header *) &ss_out_desc, 335 (struct usb_descriptor_header *) &ss_bulk_comp_desc, 336 NULL, 337 }; 338 339 /* string descriptors: */ 340 341 static struct usb_string rndis_string_defs[] = { 342 [0].s = "RNDIS Communications Control", 343 [1].s = "RNDIS Ethernet Data", 344 [2].s = "RNDIS", 345 { } /* end of list */ 346 }; 347 348 static struct usb_gadget_strings rndis_string_table = { 349 .language = 0x0409, /* en-us */ 350 .strings = rndis_string_defs, 351 }; 352 353 static struct usb_gadget_strings *rndis_strings[] = { 354 &rndis_string_table, 355 NULL, 356 }; 357 358 /*-------------------------------------------------------------------------*/ 359 360 static struct sk_buff *rndis_add_header(struct gether *port, 361 struct sk_buff *skb) 362 { 363 struct sk_buff *skb2; 364 365 if (!skb) 366 return NULL; 367 368 skb2 = skb_realloc_headroom(skb, sizeof(struct rndis_packet_msg_type)); 369 rndis_add_hdr(skb2); 370 371 dev_kfree_skb(skb); 372 return skb2; 373 } 374 375 static void rndis_response_available(void *_rndis) 376 { 377 struct f_rndis *rndis = _rndis; 378 struct usb_request *req = rndis->notify_req; 379 struct usb_composite_dev *cdev = rndis->port.func.config->cdev; 380 __le32 *data = req->buf; 381 int status; 382 383 if (atomic_inc_return(&rndis->notify_count) != 1) 384 return; 385 386 /* Send RNDIS RESPONSE_AVAILABLE notification; a 387 * USB_CDC_NOTIFY_RESPONSE_AVAILABLE "should" work too 388 * 389 * This is the only notification defined by RNDIS. 390 */ 391 data[0] = cpu_to_le32(1); 392 data[1] = cpu_to_le32(0); 393 394 status = usb_ep_queue(rndis->notify, req, GFP_ATOMIC); 395 if (status) { 396 atomic_dec(&rndis->notify_count); 397 DBG(cdev, "notify/0 --> %d\n", status); 398 } 399 } 400 401 static void rndis_response_complete(struct usb_ep *ep, struct usb_request *req) 402 { 403 struct f_rndis *rndis = req->context; 404 struct usb_composite_dev *cdev = rndis->port.func.config->cdev; 405 int status = req->status; 406 407 /* after TX: 408 * - USB_CDC_GET_ENCAPSULATED_RESPONSE (ep0/control) 409 * - RNDIS_RESPONSE_AVAILABLE (status/irq) 410 */ 411 switch (status) { 412 case -ECONNRESET: 413 case -ESHUTDOWN: 414 /* connection gone */ 415 atomic_set(&rndis->notify_count, 0); 416 break; 417 default: 418 DBG(cdev, "RNDIS %s response error %d, %d/%d\n", 419 ep->name, status, 420 req->actual, req->length); 421 fallthrough; 422 case 0: 423 if (ep != rndis->notify) 424 break; 425 426 /* handle multiple pending RNDIS_RESPONSE_AVAILABLE 427 * notifications by resending until we're done 428 */ 429 if (atomic_dec_and_test(&rndis->notify_count)) 430 break; 431 status = usb_ep_queue(rndis->notify, req, GFP_ATOMIC); 432 if (status) { 433 atomic_dec(&rndis->notify_count); 434 DBG(cdev, "notify/1 --> %d\n", status); 435 } 436 break; 437 } 438 } 439 440 static void rndis_command_complete(struct usb_ep *ep, struct usb_request *req) 441 { 442 struct f_rndis *rndis = req->context; 443 int status; 444 445 /* received RNDIS command from USB_CDC_SEND_ENCAPSULATED_COMMAND */ 446 // spin_lock(&dev->lock); 447 status = rndis_msg_parser(rndis->params, (u8 *) req->buf); 448 if (status < 0) 449 pr_err("RNDIS command error %d, %d/%d\n", 450 status, req->actual, req->length); 451 // spin_unlock(&dev->lock); 452 } 453 454 static int 455 rndis_setup(struct usb_function *f, const struct usb_ctrlrequest *ctrl) 456 { 457 struct f_rndis *rndis = func_to_rndis(f); 458 struct usb_composite_dev *cdev = f->config->cdev; 459 struct usb_request *req = cdev->req; 460 int value = -EOPNOTSUPP; 461 u16 w_index = le16_to_cpu(ctrl->wIndex); 462 u16 w_value = le16_to_cpu(ctrl->wValue); 463 u16 w_length = le16_to_cpu(ctrl->wLength); 464 465 /* composite driver infrastructure handles everything except 466 * CDC class messages; interface activation uses set_alt(). 467 */ 468 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) { 469 470 /* RNDIS uses the CDC command encapsulation mechanism to implement 471 * an RPC scheme, with much getting/setting of attributes by OID. 472 */ 473 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 474 | USB_CDC_SEND_ENCAPSULATED_COMMAND: 475 if (w_value || w_index != rndis->ctrl_id) 476 goto invalid; 477 /* read the request; process it later */ 478 value = w_length; 479 req->complete = rndis_command_complete; 480 req->context = rndis; 481 /* later, rndis_response_available() sends a notification */ 482 break; 483 484 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 485 | USB_CDC_GET_ENCAPSULATED_RESPONSE: 486 if (w_value || w_index != rndis->ctrl_id) 487 goto invalid; 488 else { 489 u8 *buf; 490 u32 n; 491 492 /* return the result */ 493 buf = rndis_get_next_response(rndis->params, &n); 494 if (buf) { 495 memcpy(req->buf, buf, n); 496 req->complete = rndis_response_complete; 497 req->context = rndis; 498 rndis_free_response(rndis->params, buf); 499 value = n; 500 } 501 /* else stalls ... spec says to avoid that */ 502 } 503 break; 504 505 default: 506 invalid: 507 VDBG(cdev, "invalid control req%02x.%02x v%04x i%04x l%d\n", 508 ctrl->bRequestType, ctrl->bRequest, 509 w_value, w_index, w_length); 510 } 511 512 /* respond with data transfer or status phase? */ 513 if (value >= 0) { 514 DBG(cdev, "rndis req%02x.%02x v%04x i%04x l%d\n", 515 ctrl->bRequestType, ctrl->bRequest, 516 w_value, w_index, w_length); 517 req->zero = (value < w_length); 518 req->length = value; 519 value = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC); 520 if (value < 0) 521 ERROR(cdev, "rndis response on err %d\n", value); 522 } 523 524 /* device either stalls (value < 0) or reports success */ 525 return value; 526 } 527 528 529 static int rndis_set_alt(struct usb_function *f, unsigned intf, unsigned alt) 530 { 531 struct f_rndis *rndis = func_to_rndis(f); 532 struct usb_composite_dev *cdev = f->config->cdev; 533 534 /* we know alt == 0 */ 535 536 if (intf == rndis->ctrl_id) { 537 VDBG(cdev, "reset rndis control %d\n", intf); 538 usb_ep_disable(rndis->notify); 539 540 if (!rndis->notify->desc) { 541 VDBG(cdev, "init rndis ctrl %d\n", intf); 542 if (config_ep_by_speed(cdev->gadget, f, rndis->notify)) 543 goto fail; 544 } 545 usb_ep_enable(rndis->notify); 546 547 } else if (intf == rndis->data_id) { 548 struct net_device *net; 549 550 if (rndis->port.in_ep->enabled) { 551 DBG(cdev, "reset rndis\n"); 552 gether_disconnect(&rndis->port); 553 } 554 555 if (!rndis->port.in_ep->desc || !rndis->port.out_ep->desc) { 556 DBG(cdev, "init rndis\n"); 557 if (config_ep_by_speed(cdev->gadget, f, 558 rndis->port.in_ep) || 559 config_ep_by_speed(cdev->gadget, f, 560 rndis->port.out_ep)) { 561 rndis->port.in_ep->desc = NULL; 562 rndis->port.out_ep->desc = NULL; 563 goto fail; 564 } 565 } 566 567 /* Avoid ZLPs; they can be troublesome. */ 568 rndis->port.is_zlp_ok = false; 569 570 /* RNDIS should be in the "RNDIS uninitialized" state, 571 * either never activated or after rndis_uninit(). 572 * 573 * We don't want data to flow here until a nonzero packet 574 * filter is set, at which point it enters "RNDIS data 575 * initialized" state ... but we do want the endpoints 576 * to be activated. It's a strange little state. 577 * 578 * REVISIT the RNDIS gadget code has done this wrong for a 579 * very long time. We need another call to the link layer 580 * code -- gether_updown(...bool) maybe -- to do it right. 581 */ 582 rndis->port.cdc_filter = 0; 583 584 DBG(cdev, "RNDIS RX/TX early activation ... \n"); 585 net = gether_connect(&rndis->port); 586 if (IS_ERR(net)) 587 return PTR_ERR(net); 588 589 rndis_set_param_dev(rndis->params, net, 590 &rndis->port.cdc_filter); 591 } else 592 goto fail; 593 594 return 0; 595 fail: 596 return -EINVAL; 597 } 598 599 static void rndis_disable(struct usb_function *f) 600 { 601 struct f_rndis *rndis = func_to_rndis(f); 602 struct usb_composite_dev *cdev = f->config->cdev; 603 604 if (!rndis->notify->enabled) 605 return; 606 607 DBG(cdev, "rndis deactivated\n"); 608 609 rndis_uninit(rndis->params); 610 gether_disconnect(&rndis->port); 611 612 usb_ep_disable(rndis->notify); 613 rndis->notify->desc = NULL; 614 } 615 616 /*-------------------------------------------------------------------------*/ 617 618 /* 619 * This isn't quite the same mechanism as CDC Ethernet, since the 620 * notification scheme passes less data, but the same set of link 621 * states must be tested. A key difference is that altsettings are 622 * not used to tell whether the link should send packets or not. 623 */ 624 625 static void rndis_open(struct gether *geth) 626 { 627 struct f_rndis *rndis = func_to_rndis(&geth->func); 628 struct usb_composite_dev *cdev = geth->func.config->cdev; 629 630 DBG(cdev, "%s\n", __func__); 631 632 rndis_set_param_medium(rndis->params, RNDIS_MEDIUM_802_3, 633 gether_bitrate(cdev->gadget) / 100); 634 rndis_signal_connect(rndis->params); 635 } 636 637 static void rndis_close(struct gether *geth) 638 { 639 struct f_rndis *rndis = func_to_rndis(&geth->func); 640 641 DBG(geth->func.config->cdev, "%s\n", __func__); 642 643 rndis_set_param_medium(rndis->params, RNDIS_MEDIUM_802_3, 0); 644 rndis_signal_disconnect(rndis->params); 645 } 646 647 /*-------------------------------------------------------------------------*/ 648 649 /* Some controllers can't support RNDIS ... */ 650 static inline bool can_support_rndis(struct usb_configuration *c) 651 { 652 /* everything else is *presumably* fine */ 653 return true; 654 } 655 656 /* ethernet function driver setup/binding */ 657 658 static int 659 rndis_bind(struct usb_configuration *c, struct usb_function *f) 660 { 661 struct usb_composite_dev *cdev = c->cdev; 662 struct f_rndis *rndis = func_to_rndis(f); 663 struct usb_string *us; 664 int status; 665 struct usb_ep *ep; 666 667 struct f_rndis_opts *rndis_opts; 668 struct usb_os_desc_table *os_desc_table __free(kfree) = NULL; 669 struct net_device *net __free(detach_gadget) = NULL; 670 struct usb_request *request __free(free_usb_request) = NULL; 671 672 if (!can_support_rndis(c)) 673 return -EINVAL; 674 675 rndis_opts = container_of(f->fi, struct f_rndis_opts, func_inst); 676 677 if (cdev->use_os_string) { 678 os_desc_table = kzalloc_obj(*os_desc_table); 679 if (!os_desc_table) 680 return -ENOMEM; 681 } 682 683 scoped_guard(mutex, &rndis_opts->lock) { 684 rndis_iad_descriptor.bFunctionClass = rndis_opts->class; 685 rndis_iad_descriptor.bFunctionSubClass = rndis_opts->subclass; 686 rndis_iad_descriptor.bFunctionProtocol = rndis_opts->protocol; 687 688 if (rndis_opts->bind_count == 0 && !rndis_opts->borrowed_net) { 689 if (!device_is_registered(&rndis_opts->net->dev)) { 690 gether_set_gadget(rndis_opts->net, cdev->gadget); 691 status = gether_register_netdev(rndis_opts->net); 692 } else 693 status = gether_attach_gadget(rndis_opts->net, cdev->gadget); 694 695 if (status) 696 return status; 697 net = rndis_opts->net; 698 } 699 } 700 701 us = usb_gstrings_attach(cdev, rndis_strings, 702 ARRAY_SIZE(rndis_string_defs)); 703 if (IS_ERR(us)) 704 return PTR_ERR(us); 705 rndis_control_intf.iInterface = us[0].id; 706 rndis_data_intf.iInterface = us[1].id; 707 rndis_iad_descriptor.iFunction = us[2].id; 708 709 /* allocate instance-specific interface IDs */ 710 status = usb_interface_id(c, f); 711 if (status < 0) 712 return status; 713 rndis->ctrl_id = status; 714 rndis_iad_descriptor.bFirstInterface = status; 715 716 rndis_control_intf.bInterfaceNumber = status; 717 rndis_union_desc.bMasterInterface0 = status; 718 719 status = usb_interface_id(c, f); 720 if (status < 0) 721 return status; 722 rndis->data_id = status; 723 724 rndis_data_intf.bInterfaceNumber = status; 725 rndis_union_desc.bSlaveInterface0 = status; 726 727 /* allocate instance-specific endpoints */ 728 ep = usb_ep_autoconfig(cdev->gadget, &fs_in_desc); 729 if (!ep) 730 return -ENODEV; 731 rndis->port.in_ep = ep; 732 733 ep = usb_ep_autoconfig(cdev->gadget, &fs_out_desc); 734 if (!ep) 735 return -ENODEV; 736 rndis->port.out_ep = ep; 737 738 /* NOTE: a status/notification endpoint is, strictly speaking, 739 * optional. We don't treat it that way though! It's simpler, 740 * and some newer profiles don't treat it as optional. 741 */ 742 ep = usb_ep_autoconfig(cdev->gadget, &fs_notify_desc); 743 if (!ep) 744 return -ENODEV; 745 rndis->notify = ep; 746 747 /* allocate notification request and buffer */ 748 request = usb_ep_alloc_request(ep, GFP_KERNEL); 749 if (!request) 750 return -ENOMEM; 751 request->buf = kmalloc(STATUS_BYTECOUNT, GFP_KERNEL); 752 if (!request->buf) 753 return -ENOMEM; 754 request->length = STATUS_BYTECOUNT; 755 request->context = rndis; 756 request->complete = rndis_response_complete; 757 758 /* support all relevant hardware speeds... we expect that when 759 * hardware is dual speed, all bulk-capable endpoints work at 760 * both speeds 761 */ 762 hs_in_desc.bEndpointAddress = fs_in_desc.bEndpointAddress; 763 hs_out_desc.bEndpointAddress = fs_out_desc.bEndpointAddress; 764 hs_notify_desc.bEndpointAddress = fs_notify_desc.bEndpointAddress; 765 766 ss_in_desc.bEndpointAddress = fs_in_desc.bEndpointAddress; 767 ss_out_desc.bEndpointAddress = fs_out_desc.bEndpointAddress; 768 ss_notify_desc.bEndpointAddress = fs_notify_desc.bEndpointAddress; 769 770 status = usb_assign_descriptors(f, eth_fs_function, eth_hs_function, 771 eth_ss_function, eth_ss_function); 772 if (status) 773 return status; 774 775 rndis->port.open = rndis_open; 776 rndis->port.close = rndis_close; 777 778 rndis_set_param_medium(rndis->params, RNDIS_MEDIUM_802_3, 0); 779 rndis_set_host_mac(rndis->params, rndis->ethaddr); 780 781 if (rndis->manufacturer && rndis->vendorID && 782 rndis_set_param_vendor(rndis->params, rndis->vendorID, 783 rndis->manufacturer)) { 784 usb_free_all_descriptors(f); 785 return -EINVAL; 786 } 787 788 if (cdev->use_os_string) { 789 os_desc_table[0].os_desc = &rndis_opts->rndis_os_desc; 790 os_desc_table[0].if_id = rndis_iad_descriptor.bFirstInterface; 791 f->os_desc_table = no_free_ptr(os_desc_table); 792 f->os_desc_n = 1; 793 794 } 795 rndis->notify_req = no_free_ptr(request); 796 797 rndis_opts->bind_count++; 798 retain_and_null_ptr(net); 799 800 /* NOTE: all that is done without knowing or caring about 801 * the network link ... which is unavailable to this code 802 * until we're activated via set_alt(). 803 */ 804 805 DBG(cdev, "RNDIS: IN/%s OUT/%s NOTIFY/%s\n", 806 rndis->port.in_ep->name, rndis->port.out_ep->name, 807 rndis->notify->name); 808 return 0; 809 } 810 811 void rndis_borrow_net(struct usb_function_instance *f, struct net_device *net) 812 { 813 struct f_rndis_opts *opts; 814 815 opts = container_of(f, struct f_rndis_opts, func_inst); 816 if (device_is_registered(&opts->net->dev)) 817 gether_cleanup(netdev_priv(opts->net)); 818 else 819 free_netdev(opts->net); 820 opts->borrowed_net = true; 821 opts->net = net; 822 } 823 EXPORT_SYMBOL_GPL(rndis_borrow_net); 824 825 static inline struct f_rndis_opts *to_f_rndis_opts(struct config_item *item) 826 { 827 return container_of(to_config_group(item), struct f_rndis_opts, 828 func_inst.group); 829 } 830 831 /* f_rndis_item_ops */ 832 USB_ETHERNET_CONFIGFS_ITEM(rndis); 833 834 /* f_rndis_opts_dev_addr */ 835 USB_ETHERNET_CONFIGFS_ITEM_ATTR_DEV_ADDR(rndis); 836 837 /* f_rndis_opts_host_addr */ 838 USB_ETHERNET_CONFIGFS_ITEM_ATTR_HOST_ADDR(rndis); 839 840 /* f_rndis_opts_qmult */ 841 USB_ETHERNET_CONFIGFS_ITEM_ATTR_QMULT(rndis); 842 843 /* f_rndis_opts_ifname */ 844 USB_ETHERNET_CONFIGFS_ITEM_ATTR_IFNAME(rndis); 845 846 /* f_rndis_opts_class */ 847 USB_ETHER_CONFIGFS_ITEM_ATTR_U8_RW(rndis, class); 848 849 /* f_rndis_opts_subclass */ 850 USB_ETHER_CONFIGFS_ITEM_ATTR_U8_RW(rndis, subclass); 851 852 /* f_rndis_opts_protocol */ 853 USB_ETHER_CONFIGFS_ITEM_ATTR_U8_RW(rndis, protocol); 854 855 static struct configfs_attribute *rndis_attrs[] = { 856 &rndis_opts_attr_dev_addr, 857 &rndis_opts_attr_host_addr, 858 &rndis_opts_attr_qmult, 859 &rndis_opts_attr_ifname, 860 &rndis_opts_attr_class, 861 &rndis_opts_attr_subclass, 862 &rndis_opts_attr_protocol, 863 NULL, 864 }; 865 866 static const struct config_item_type rndis_func_type = { 867 .ct_item_ops = &rndis_item_ops, 868 .ct_attrs = rndis_attrs, 869 .ct_owner = THIS_MODULE, 870 }; 871 872 static void rndis_free_inst(struct usb_function_instance *f) 873 { 874 struct f_rndis_opts *opts; 875 876 opts = container_of(f, struct f_rndis_opts, func_inst); 877 if (!opts->borrowed_net) { 878 if (device_is_registered(&opts->net->dev)) 879 gether_cleanup(netdev_priv(opts->net)); 880 else 881 free_netdev(opts->net); 882 } 883 884 kfree(opts->rndis_interf_group); /* single VLA chunk */ 885 kfree(opts); 886 } 887 888 static struct usb_function_instance *rndis_alloc_inst(void) 889 { 890 struct f_rndis_opts *opts; 891 struct usb_os_desc *descs[1]; 892 char *names[1]; 893 struct config_group *rndis_interf_group; 894 895 opts = kzalloc_obj(*opts); 896 if (!opts) 897 return ERR_PTR(-ENOMEM); 898 opts->rndis_os_desc.ext_compat_id = opts->rndis_ext_compat_id; 899 900 mutex_init(&opts->lock); 901 opts->func_inst.free_func_inst = rndis_free_inst; 902 opts->net = gether_setup_default(); 903 if (IS_ERR(opts->net)) { 904 struct net_device *net = opts->net; 905 kfree(opts); 906 return ERR_CAST(net); 907 } 908 INIT_LIST_HEAD(&opts->rndis_os_desc.ext_prop); 909 910 opts->class = rndis_iad_descriptor.bFunctionClass; 911 opts->subclass = rndis_iad_descriptor.bFunctionSubClass; 912 opts->protocol = rndis_iad_descriptor.bFunctionProtocol; 913 914 descs[0] = &opts->rndis_os_desc; 915 names[0] = "rndis"; 916 config_group_init_type_name(&opts->func_inst.group, "", 917 &rndis_func_type); 918 rndis_interf_group = 919 usb_os_desc_prepare_interf_dir(&opts->func_inst.group, 1, descs, 920 names, THIS_MODULE); 921 if (IS_ERR(rndis_interf_group)) { 922 rndis_free_inst(&opts->func_inst); 923 return ERR_CAST(rndis_interf_group); 924 } 925 opts->rndis_interf_group = rndis_interf_group; 926 927 return &opts->func_inst; 928 } 929 930 static void rndis_free(struct usb_function *f) 931 { 932 struct f_rndis *rndis; 933 struct f_rndis_opts *opts; 934 935 rndis = func_to_rndis(f); 936 rndis_deregister(rndis->params); 937 opts = container_of(f->fi, struct f_rndis_opts, func_inst); 938 kfree(rndis); 939 mutex_lock(&opts->lock); 940 opts->refcnt--; 941 mutex_unlock(&opts->lock); 942 } 943 944 static void rndis_unbind(struct usb_configuration *c, struct usb_function *f) 945 { 946 struct f_rndis *rndis = func_to_rndis(f); 947 struct f_rndis_opts *rndis_opts; 948 949 rndis_opts = container_of(f->fi, struct f_rndis_opts, func_inst); 950 951 kfree(f->os_desc_table); 952 f->os_desc_n = 0; 953 usb_free_all_descriptors(f); 954 955 kfree(rndis->notify_req->buf); 956 usb_ep_free_request(rndis->notify, rndis->notify_req); 957 958 rndis_opts->bind_count--; 959 if (rndis_opts->bind_count == 0 && !rndis_opts->borrowed_net) 960 gether_detach_gadget(rndis_opts->net); 961 } 962 963 static struct usb_function *rndis_alloc(struct usb_function_instance *fi) 964 { 965 struct f_rndis *rndis; 966 struct f_rndis_opts *opts; 967 struct rndis_params *params; 968 969 /* allocate and initialize one new instance */ 970 rndis = kzalloc_obj(*rndis); 971 if (!rndis) 972 return ERR_PTR(-ENOMEM); 973 974 opts = container_of(fi, struct f_rndis_opts, func_inst); 975 mutex_lock(&opts->lock); 976 opts->refcnt++; 977 978 gether_get_host_addr_u8(opts->net, rndis->ethaddr); 979 rndis->vendorID = opts->vendor_id; 980 rndis->manufacturer = opts->manufacturer; 981 982 rndis->port.ioport = netdev_priv(opts->net); 983 mutex_unlock(&opts->lock); 984 /* RNDIS activates when the host changes this filter */ 985 rndis->port.cdc_filter = 0; 986 987 /* RNDIS has special (and complex) framing */ 988 rndis->port.header_len = sizeof(struct rndis_packet_msg_type); 989 rndis->port.wrap = rndis_add_header; 990 rndis->port.unwrap = rndis_rm_hdr; 991 992 rndis->port.func.name = "rndis"; 993 /* descriptors are per-instance copies */ 994 rndis->port.func.bind = rndis_bind; 995 rndis->port.func.unbind = rndis_unbind; 996 rndis->port.func.set_alt = rndis_set_alt; 997 rndis->port.func.setup = rndis_setup; 998 rndis->port.func.disable = rndis_disable; 999 rndis->port.func.free_func = rndis_free; 1000 1001 params = rndis_register(rndis_response_available, rndis); 1002 if (IS_ERR(params)) { 1003 kfree(rndis); 1004 return ERR_CAST(params); 1005 } 1006 rndis->params = params; 1007 1008 return &rndis->port.func; 1009 } 1010 1011 DECLARE_USB_FUNCTION_INIT(rndis, rndis_alloc_inst, rndis_alloc); 1012 MODULE_DESCRIPTION("RNDIS link function driver"); 1013 MODULE_LICENSE("GPL"); 1014 MODULE_AUTHOR("David Brownell"); 1015