1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * f_rndis.c -- RNDIS link function driver 4 * 5 * Copyright (C) 2003-2005,2008 David Brownell 6 * Copyright (C) 2003-2004 Robert Schwebel, Benedikt Spranger 7 * Copyright (C) 2008 Nokia Corporation 8 * Copyright (C) 2009 Samsung Electronics 9 * Author: Michal Nazarewicz (mina86@mina86.com) 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License as published by 13 * the Free Software Foundation; either version 2 of the License, or 14 * (at your option) any later version. 15 */ 16 17 /* #define VERBOSE_DEBUG */ 18 19 #include <linux/slab.h> 20 #include <linux/kernel.h> 21 #include <linux/module.h> 22 #include <linux/device.h> 23 #include <linux/etherdevice.h> 24 25 #include <linux/atomic.h> 26 27 #include "u_ether.h" 28 #include "u_ether_configfs.h" 29 #include "u_rndis.h" 30 #include "rndis.h" 31 #include "configfs.h" 32 33 /* 34 * This function is an RNDIS Ethernet port -- a Microsoft protocol that's 35 * been promoted instead of the standard CDC Ethernet. The published RNDIS 36 * spec is ambiguous, incomplete, and needlessly complex. Variants such as 37 * ActiveSync have even worse status in terms of specification. 38 * 39 * In short: it's a protocol controlled by (and for) Microsoft, not for an 40 * Open ecosystem or markets. Linux supports it *only* because Microsoft 41 * doesn't support the CDC Ethernet standard. 42 * 43 * The RNDIS data transfer model is complex, with multiple Ethernet packets 44 * per USB message, and out of band data. The control model is built around 45 * what's essentially an "RNDIS RPC" protocol. It's all wrapped in a CDC ACM 46 * (modem, not Ethernet) veneer, with those ACM descriptors being entirely 47 * useless (they're ignored). RNDIS expects to be the only function in its 48 * configuration, so it's no real help if you need composite devices; and 49 * it expects to be the first configuration too. 50 * 51 * There is a single technical advantage of RNDIS over CDC Ethernet, if you 52 * discount the fluff that its RPC can be made to deliver: it doesn't need 53 * a NOP altsetting for the data interface. That lets it work on some of the 54 * "so smart it's stupid" hardware which takes over configuration changes 55 * from the software, and adds restrictions like "no altsettings". 56 * 57 * Unfortunately MSFT's RNDIS drivers are buggy. They hang or oops, and 58 * have all sorts of contrary-to-specification oddities that can prevent 59 * them from working sanely. Since bugfixes (or accurate specs, letting 60 * Linux work around those bugs) are unlikely to ever come from MSFT, you 61 * may want to avoid using RNDIS on purely operational grounds. 62 * 63 * Omissions from the RNDIS 1.0 specification include: 64 * 65 * - Power management ... references data that's scattered around lots 66 * of other documentation, which is incorrect/incomplete there too. 67 * 68 * - There are various undocumented protocol requirements, like the need 69 * to send garbage in some control-OUT messages. 70 * 71 * - MS-Windows drivers sometimes emit undocumented requests. 72 */ 73 74 struct f_rndis { 75 struct gether port; 76 u8 ctrl_id, data_id; 77 u8 ethaddr[ETH_ALEN]; 78 u32 vendorID; 79 const char *manufacturer; 80 struct rndis_params *params; 81 82 struct usb_ep *notify; 83 struct usb_request *notify_req; 84 atomic_t notify_count; 85 }; 86 87 static inline struct f_rndis *func_to_rndis(struct usb_function *f) 88 { 89 return container_of(f, struct f_rndis, port.func); 90 } 91 92 /* peak (theoretical) bulk transfer rate in bits-per-second */ 93 static unsigned int bitrate(struct usb_gadget *g) 94 { 95 if (gadget_is_superspeed(g) && g->speed == USB_SPEED_SUPER) 96 return 13 * 1024 * 8 * 1000 * 8; 97 else if (gadget_is_dualspeed(g) && g->speed == USB_SPEED_HIGH) 98 return 13 * 512 * 8 * 1000 * 8; 99 else 100 return 19 * 64 * 1 * 1000 * 8; 101 } 102 103 /*-------------------------------------------------------------------------*/ 104 105 /* 106 */ 107 108 #define RNDIS_STATUS_INTERVAL_MS 32 109 #define STATUS_BYTECOUNT 8 /* 8 bytes data */ 110 111 112 /* interface descriptor: */ 113 114 static struct usb_interface_descriptor rndis_control_intf = { 115 .bLength = sizeof rndis_control_intf, 116 .bDescriptorType = USB_DT_INTERFACE, 117 118 /* .bInterfaceNumber = DYNAMIC */ 119 /* status endpoint is optional; this could be patched later */ 120 .bNumEndpoints = 1, 121 .bInterfaceClass = USB_CLASS_COMM, 122 .bInterfaceSubClass = USB_CDC_SUBCLASS_ACM, 123 .bInterfaceProtocol = USB_CDC_ACM_PROTO_VENDOR, 124 /* .iInterface = DYNAMIC */ 125 }; 126 127 static struct usb_cdc_header_desc header_desc = { 128 .bLength = sizeof header_desc, 129 .bDescriptorType = USB_DT_CS_INTERFACE, 130 .bDescriptorSubType = USB_CDC_HEADER_TYPE, 131 132 .bcdCDC = cpu_to_le16(0x0110), 133 }; 134 135 static struct usb_cdc_call_mgmt_descriptor call_mgmt_descriptor = { 136 .bLength = sizeof call_mgmt_descriptor, 137 .bDescriptorType = USB_DT_CS_INTERFACE, 138 .bDescriptorSubType = USB_CDC_CALL_MANAGEMENT_TYPE, 139 140 .bmCapabilities = 0x00, 141 .bDataInterface = 0x01, 142 }; 143 144 static struct usb_cdc_acm_descriptor rndis_acm_descriptor = { 145 .bLength = sizeof rndis_acm_descriptor, 146 .bDescriptorType = USB_DT_CS_INTERFACE, 147 .bDescriptorSubType = USB_CDC_ACM_TYPE, 148 149 .bmCapabilities = 0x00, 150 }; 151 152 static struct usb_cdc_union_desc rndis_union_desc = { 153 .bLength = sizeof(rndis_union_desc), 154 .bDescriptorType = USB_DT_CS_INTERFACE, 155 .bDescriptorSubType = USB_CDC_UNION_TYPE, 156 /* .bMasterInterface0 = DYNAMIC */ 157 /* .bSlaveInterface0 = DYNAMIC */ 158 }; 159 160 /* the data interface has two bulk endpoints */ 161 162 static struct usb_interface_descriptor rndis_data_intf = { 163 .bLength = sizeof rndis_data_intf, 164 .bDescriptorType = USB_DT_INTERFACE, 165 166 /* .bInterfaceNumber = DYNAMIC */ 167 .bNumEndpoints = 2, 168 .bInterfaceClass = USB_CLASS_CDC_DATA, 169 .bInterfaceSubClass = 0, 170 .bInterfaceProtocol = 0, 171 /* .iInterface = DYNAMIC */ 172 }; 173 174 175 static struct usb_interface_assoc_descriptor 176 rndis_iad_descriptor = { 177 .bLength = sizeof rndis_iad_descriptor, 178 .bDescriptorType = USB_DT_INTERFACE_ASSOCIATION, 179 180 .bFirstInterface = 0, /* XXX, hardcoded */ 181 .bInterfaceCount = 2, // control + data 182 .bFunctionClass = USB_CLASS_COMM, 183 .bFunctionSubClass = USB_CDC_SUBCLASS_ETHERNET, 184 .bFunctionProtocol = USB_CDC_PROTO_NONE, 185 /* .iFunction = DYNAMIC */ 186 }; 187 188 /* full speed support: */ 189 190 static struct usb_endpoint_descriptor fs_notify_desc = { 191 .bLength = USB_DT_ENDPOINT_SIZE, 192 .bDescriptorType = USB_DT_ENDPOINT, 193 194 .bEndpointAddress = USB_DIR_IN, 195 .bmAttributes = USB_ENDPOINT_XFER_INT, 196 .wMaxPacketSize = cpu_to_le16(STATUS_BYTECOUNT), 197 .bInterval = RNDIS_STATUS_INTERVAL_MS, 198 }; 199 200 static struct usb_endpoint_descriptor fs_in_desc = { 201 .bLength = USB_DT_ENDPOINT_SIZE, 202 .bDescriptorType = USB_DT_ENDPOINT, 203 204 .bEndpointAddress = USB_DIR_IN, 205 .bmAttributes = USB_ENDPOINT_XFER_BULK, 206 }; 207 208 static struct usb_endpoint_descriptor fs_out_desc = { 209 .bLength = USB_DT_ENDPOINT_SIZE, 210 .bDescriptorType = USB_DT_ENDPOINT, 211 212 .bEndpointAddress = USB_DIR_OUT, 213 .bmAttributes = USB_ENDPOINT_XFER_BULK, 214 }; 215 216 static struct usb_descriptor_header *eth_fs_function[] = { 217 (struct usb_descriptor_header *) &rndis_iad_descriptor, 218 219 /* control interface matches ACM, not Ethernet */ 220 (struct usb_descriptor_header *) &rndis_control_intf, 221 (struct usb_descriptor_header *) &header_desc, 222 (struct usb_descriptor_header *) &call_mgmt_descriptor, 223 (struct usb_descriptor_header *) &rndis_acm_descriptor, 224 (struct usb_descriptor_header *) &rndis_union_desc, 225 (struct usb_descriptor_header *) &fs_notify_desc, 226 227 /* data interface has no altsetting */ 228 (struct usb_descriptor_header *) &rndis_data_intf, 229 (struct usb_descriptor_header *) &fs_in_desc, 230 (struct usb_descriptor_header *) &fs_out_desc, 231 NULL, 232 }; 233 234 /* high speed support: */ 235 236 static struct usb_endpoint_descriptor hs_notify_desc = { 237 .bLength = USB_DT_ENDPOINT_SIZE, 238 .bDescriptorType = USB_DT_ENDPOINT, 239 240 .bEndpointAddress = USB_DIR_IN, 241 .bmAttributes = USB_ENDPOINT_XFER_INT, 242 .wMaxPacketSize = cpu_to_le16(STATUS_BYTECOUNT), 243 .bInterval = USB_MS_TO_HS_INTERVAL(RNDIS_STATUS_INTERVAL_MS) 244 }; 245 246 static struct usb_endpoint_descriptor hs_in_desc = { 247 .bLength = USB_DT_ENDPOINT_SIZE, 248 .bDescriptorType = USB_DT_ENDPOINT, 249 250 .bEndpointAddress = USB_DIR_IN, 251 .bmAttributes = USB_ENDPOINT_XFER_BULK, 252 .wMaxPacketSize = cpu_to_le16(512), 253 }; 254 255 static struct usb_endpoint_descriptor hs_out_desc = { 256 .bLength = USB_DT_ENDPOINT_SIZE, 257 .bDescriptorType = USB_DT_ENDPOINT, 258 259 .bEndpointAddress = USB_DIR_OUT, 260 .bmAttributes = USB_ENDPOINT_XFER_BULK, 261 .wMaxPacketSize = cpu_to_le16(512), 262 }; 263 264 static struct usb_descriptor_header *eth_hs_function[] = { 265 (struct usb_descriptor_header *) &rndis_iad_descriptor, 266 267 /* control interface matches ACM, not Ethernet */ 268 (struct usb_descriptor_header *) &rndis_control_intf, 269 (struct usb_descriptor_header *) &header_desc, 270 (struct usb_descriptor_header *) &call_mgmt_descriptor, 271 (struct usb_descriptor_header *) &rndis_acm_descriptor, 272 (struct usb_descriptor_header *) &rndis_union_desc, 273 (struct usb_descriptor_header *) &hs_notify_desc, 274 275 /* data interface has no altsetting */ 276 (struct usb_descriptor_header *) &rndis_data_intf, 277 (struct usb_descriptor_header *) &hs_in_desc, 278 (struct usb_descriptor_header *) &hs_out_desc, 279 NULL, 280 }; 281 282 /* super speed support: */ 283 284 static struct usb_endpoint_descriptor ss_notify_desc = { 285 .bLength = USB_DT_ENDPOINT_SIZE, 286 .bDescriptorType = USB_DT_ENDPOINT, 287 288 .bEndpointAddress = USB_DIR_IN, 289 .bmAttributes = USB_ENDPOINT_XFER_INT, 290 .wMaxPacketSize = cpu_to_le16(STATUS_BYTECOUNT), 291 .bInterval = USB_MS_TO_HS_INTERVAL(RNDIS_STATUS_INTERVAL_MS) 292 }; 293 294 static struct usb_ss_ep_comp_descriptor ss_intr_comp_desc = { 295 .bLength = sizeof ss_intr_comp_desc, 296 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 297 298 /* the following 3 values can be tweaked if necessary */ 299 /* .bMaxBurst = 0, */ 300 /* .bmAttributes = 0, */ 301 .wBytesPerInterval = cpu_to_le16(STATUS_BYTECOUNT), 302 }; 303 304 static struct usb_endpoint_descriptor ss_in_desc = { 305 .bLength = USB_DT_ENDPOINT_SIZE, 306 .bDescriptorType = USB_DT_ENDPOINT, 307 308 .bEndpointAddress = USB_DIR_IN, 309 .bmAttributes = USB_ENDPOINT_XFER_BULK, 310 .wMaxPacketSize = cpu_to_le16(1024), 311 }; 312 313 static struct usb_endpoint_descriptor ss_out_desc = { 314 .bLength = USB_DT_ENDPOINT_SIZE, 315 .bDescriptorType = USB_DT_ENDPOINT, 316 317 .bEndpointAddress = USB_DIR_OUT, 318 .bmAttributes = USB_ENDPOINT_XFER_BULK, 319 .wMaxPacketSize = cpu_to_le16(1024), 320 }; 321 322 static struct usb_ss_ep_comp_descriptor ss_bulk_comp_desc = { 323 .bLength = sizeof ss_bulk_comp_desc, 324 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 325 326 /* the following 2 values can be tweaked if necessary */ 327 /* .bMaxBurst = 0, */ 328 /* .bmAttributes = 0, */ 329 }; 330 331 static struct usb_descriptor_header *eth_ss_function[] = { 332 (struct usb_descriptor_header *) &rndis_iad_descriptor, 333 334 /* control interface matches ACM, not Ethernet */ 335 (struct usb_descriptor_header *) &rndis_control_intf, 336 (struct usb_descriptor_header *) &header_desc, 337 (struct usb_descriptor_header *) &call_mgmt_descriptor, 338 (struct usb_descriptor_header *) &rndis_acm_descriptor, 339 (struct usb_descriptor_header *) &rndis_union_desc, 340 (struct usb_descriptor_header *) &ss_notify_desc, 341 (struct usb_descriptor_header *) &ss_intr_comp_desc, 342 343 /* data interface has no altsetting */ 344 (struct usb_descriptor_header *) &rndis_data_intf, 345 (struct usb_descriptor_header *) &ss_in_desc, 346 (struct usb_descriptor_header *) &ss_bulk_comp_desc, 347 (struct usb_descriptor_header *) &ss_out_desc, 348 (struct usb_descriptor_header *) &ss_bulk_comp_desc, 349 NULL, 350 }; 351 352 /* string descriptors: */ 353 354 static struct usb_string rndis_string_defs[] = { 355 [0].s = "RNDIS Communications Control", 356 [1].s = "RNDIS Ethernet Data", 357 [2].s = "RNDIS", 358 { } /* end of list */ 359 }; 360 361 static struct usb_gadget_strings rndis_string_table = { 362 .language = 0x0409, /* en-us */ 363 .strings = rndis_string_defs, 364 }; 365 366 static struct usb_gadget_strings *rndis_strings[] = { 367 &rndis_string_table, 368 NULL, 369 }; 370 371 /*-------------------------------------------------------------------------*/ 372 373 static struct sk_buff *rndis_add_header(struct gether *port, 374 struct sk_buff *skb) 375 { 376 struct sk_buff *skb2; 377 378 if (!skb) 379 return NULL; 380 381 skb2 = skb_realloc_headroom(skb, sizeof(struct rndis_packet_msg_type)); 382 rndis_add_hdr(skb2); 383 384 dev_kfree_skb(skb); 385 return skb2; 386 } 387 388 static void rndis_response_available(void *_rndis) 389 { 390 struct f_rndis *rndis = _rndis; 391 struct usb_request *req = rndis->notify_req; 392 struct usb_composite_dev *cdev = rndis->port.func.config->cdev; 393 __le32 *data = req->buf; 394 int status; 395 396 if (atomic_inc_return(&rndis->notify_count) != 1) 397 return; 398 399 /* Send RNDIS RESPONSE_AVAILABLE notification; a 400 * USB_CDC_NOTIFY_RESPONSE_AVAILABLE "should" work too 401 * 402 * This is the only notification defined by RNDIS. 403 */ 404 data[0] = cpu_to_le32(1); 405 data[1] = cpu_to_le32(0); 406 407 status = usb_ep_queue(rndis->notify, req, GFP_ATOMIC); 408 if (status) { 409 atomic_dec(&rndis->notify_count); 410 DBG(cdev, "notify/0 --> %d\n", status); 411 } 412 } 413 414 static void rndis_response_complete(struct usb_ep *ep, struct usb_request *req) 415 { 416 struct f_rndis *rndis = req->context; 417 struct usb_composite_dev *cdev = rndis->port.func.config->cdev; 418 int status = req->status; 419 420 /* after TX: 421 * - USB_CDC_GET_ENCAPSULATED_RESPONSE (ep0/control) 422 * - RNDIS_RESPONSE_AVAILABLE (status/irq) 423 */ 424 switch (status) { 425 case -ECONNRESET: 426 case -ESHUTDOWN: 427 /* connection gone */ 428 atomic_set(&rndis->notify_count, 0); 429 break; 430 default: 431 DBG(cdev, "RNDIS %s response error %d, %d/%d\n", 432 ep->name, status, 433 req->actual, req->length); 434 /* FALLTHROUGH */ 435 case 0: 436 if (ep != rndis->notify) 437 break; 438 439 /* handle multiple pending RNDIS_RESPONSE_AVAILABLE 440 * notifications by resending until we're done 441 */ 442 if (atomic_dec_and_test(&rndis->notify_count)) 443 break; 444 status = usb_ep_queue(rndis->notify, req, GFP_ATOMIC); 445 if (status) { 446 atomic_dec(&rndis->notify_count); 447 DBG(cdev, "notify/1 --> %d\n", status); 448 } 449 break; 450 } 451 } 452 453 static void rndis_command_complete(struct usb_ep *ep, struct usb_request *req) 454 { 455 struct f_rndis *rndis = req->context; 456 int status; 457 458 /* received RNDIS command from USB_CDC_SEND_ENCAPSULATED_COMMAND */ 459 // spin_lock(&dev->lock); 460 status = rndis_msg_parser(rndis->params, (u8 *) req->buf); 461 if (status < 0) 462 pr_err("RNDIS command error %d, %d/%d\n", 463 status, req->actual, req->length); 464 // spin_unlock(&dev->lock); 465 } 466 467 static int 468 rndis_setup(struct usb_function *f, const struct usb_ctrlrequest *ctrl) 469 { 470 struct f_rndis *rndis = func_to_rndis(f); 471 struct usb_composite_dev *cdev = f->config->cdev; 472 struct usb_request *req = cdev->req; 473 int value = -EOPNOTSUPP; 474 u16 w_index = le16_to_cpu(ctrl->wIndex); 475 u16 w_value = le16_to_cpu(ctrl->wValue); 476 u16 w_length = le16_to_cpu(ctrl->wLength); 477 478 /* composite driver infrastructure handles everything except 479 * CDC class messages; interface activation uses set_alt(). 480 */ 481 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) { 482 483 /* RNDIS uses the CDC command encapsulation mechanism to implement 484 * an RPC scheme, with much getting/setting of attributes by OID. 485 */ 486 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 487 | USB_CDC_SEND_ENCAPSULATED_COMMAND: 488 if (w_value || w_index != rndis->ctrl_id) 489 goto invalid; 490 /* read the request; process it later */ 491 value = w_length; 492 req->complete = rndis_command_complete; 493 req->context = rndis; 494 /* later, rndis_response_available() sends a notification */ 495 break; 496 497 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 498 | USB_CDC_GET_ENCAPSULATED_RESPONSE: 499 if (w_value || w_index != rndis->ctrl_id) 500 goto invalid; 501 else { 502 u8 *buf; 503 u32 n; 504 505 /* return the result */ 506 buf = rndis_get_next_response(rndis->params, &n); 507 if (buf) { 508 memcpy(req->buf, buf, n); 509 req->complete = rndis_response_complete; 510 req->context = rndis; 511 rndis_free_response(rndis->params, buf); 512 value = n; 513 } 514 /* else stalls ... spec says to avoid that */ 515 } 516 break; 517 518 default: 519 invalid: 520 VDBG(cdev, "invalid control req%02x.%02x v%04x i%04x l%d\n", 521 ctrl->bRequestType, ctrl->bRequest, 522 w_value, w_index, w_length); 523 } 524 525 /* respond with data transfer or status phase? */ 526 if (value >= 0) { 527 DBG(cdev, "rndis req%02x.%02x v%04x i%04x l%d\n", 528 ctrl->bRequestType, ctrl->bRequest, 529 w_value, w_index, w_length); 530 req->zero = (value < w_length); 531 req->length = value; 532 value = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC); 533 if (value < 0) 534 ERROR(cdev, "rndis response on err %d\n", value); 535 } 536 537 /* device either stalls (value < 0) or reports success */ 538 return value; 539 } 540 541 542 static int rndis_set_alt(struct usb_function *f, unsigned intf, unsigned alt) 543 { 544 struct f_rndis *rndis = func_to_rndis(f); 545 struct usb_composite_dev *cdev = f->config->cdev; 546 547 /* we know alt == 0 */ 548 549 if (intf == rndis->ctrl_id) { 550 VDBG(cdev, "reset rndis control %d\n", intf); 551 usb_ep_disable(rndis->notify); 552 553 if (!rndis->notify->desc) { 554 VDBG(cdev, "init rndis ctrl %d\n", intf); 555 if (config_ep_by_speed(cdev->gadget, f, rndis->notify)) 556 goto fail; 557 } 558 usb_ep_enable(rndis->notify); 559 560 } else if (intf == rndis->data_id) { 561 struct net_device *net; 562 563 if (rndis->port.in_ep->enabled) { 564 DBG(cdev, "reset rndis\n"); 565 gether_disconnect(&rndis->port); 566 } 567 568 if (!rndis->port.in_ep->desc || !rndis->port.out_ep->desc) { 569 DBG(cdev, "init rndis\n"); 570 if (config_ep_by_speed(cdev->gadget, f, 571 rndis->port.in_ep) || 572 config_ep_by_speed(cdev->gadget, f, 573 rndis->port.out_ep)) { 574 rndis->port.in_ep->desc = NULL; 575 rndis->port.out_ep->desc = NULL; 576 goto fail; 577 } 578 } 579 580 /* Avoid ZLPs; they can be troublesome. */ 581 rndis->port.is_zlp_ok = false; 582 583 /* RNDIS should be in the "RNDIS uninitialized" state, 584 * either never activated or after rndis_uninit(). 585 * 586 * We don't want data to flow here until a nonzero packet 587 * filter is set, at which point it enters "RNDIS data 588 * initialized" state ... but we do want the endpoints 589 * to be activated. It's a strange little state. 590 * 591 * REVISIT the RNDIS gadget code has done this wrong for a 592 * very long time. We need another call to the link layer 593 * code -- gether_updown(...bool) maybe -- to do it right. 594 */ 595 rndis->port.cdc_filter = 0; 596 597 DBG(cdev, "RNDIS RX/TX early activation ... \n"); 598 net = gether_connect(&rndis->port); 599 if (IS_ERR(net)) 600 return PTR_ERR(net); 601 602 rndis_set_param_dev(rndis->params, net, 603 &rndis->port.cdc_filter); 604 } else 605 goto fail; 606 607 return 0; 608 fail: 609 return -EINVAL; 610 } 611 612 static void rndis_disable(struct usb_function *f) 613 { 614 struct f_rndis *rndis = func_to_rndis(f); 615 struct usb_composite_dev *cdev = f->config->cdev; 616 617 if (!rndis->notify->enabled) 618 return; 619 620 DBG(cdev, "rndis deactivated\n"); 621 622 rndis_uninit(rndis->params); 623 gether_disconnect(&rndis->port); 624 625 usb_ep_disable(rndis->notify); 626 } 627 628 /*-------------------------------------------------------------------------*/ 629 630 /* 631 * This isn't quite the same mechanism as CDC Ethernet, since the 632 * notification scheme passes less data, but the same set of link 633 * states must be tested. A key difference is that altsettings are 634 * not used to tell whether the link should send packets or not. 635 */ 636 637 static void rndis_open(struct gether *geth) 638 { 639 struct f_rndis *rndis = func_to_rndis(&geth->func); 640 struct usb_composite_dev *cdev = geth->func.config->cdev; 641 642 DBG(cdev, "%s\n", __func__); 643 644 rndis_set_param_medium(rndis->params, RNDIS_MEDIUM_802_3, 645 bitrate(cdev->gadget) / 100); 646 rndis_signal_connect(rndis->params); 647 } 648 649 static void rndis_close(struct gether *geth) 650 { 651 struct f_rndis *rndis = func_to_rndis(&geth->func); 652 653 DBG(geth->func.config->cdev, "%s\n", __func__); 654 655 rndis_set_param_medium(rndis->params, RNDIS_MEDIUM_802_3, 0); 656 rndis_signal_disconnect(rndis->params); 657 } 658 659 /*-------------------------------------------------------------------------*/ 660 661 /* Some controllers can't support RNDIS ... */ 662 static inline bool can_support_rndis(struct usb_configuration *c) 663 { 664 /* everything else is *presumably* fine */ 665 return true; 666 } 667 668 /* ethernet function driver setup/binding */ 669 670 static int 671 rndis_bind(struct usb_configuration *c, struct usb_function *f) 672 { 673 struct usb_composite_dev *cdev = c->cdev; 674 struct f_rndis *rndis = func_to_rndis(f); 675 struct usb_string *us; 676 int status; 677 struct usb_ep *ep; 678 679 struct f_rndis_opts *rndis_opts; 680 681 if (!can_support_rndis(c)) 682 return -EINVAL; 683 684 rndis_opts = container_of(f->fi, struct f_rndis_opts, func_inst); 685 686 if (cdev->use_os_string) { 687 f->os_desc_table = kzalloc(sizeof(*f->os_desc_table), 688 GFP_KERNEL); 689 if (!f->os_desc_table) 690 return -ENOMEM; 691 f->os_desc_n = 1; 692 f->os_desc_table[0].os_desc = &rndis_opts->rndis_os_desc; 693 } 694 695 rndis_iad_descriptor.bFunctionClass = rndis_opts->class; 696 rndis_iad_descriptor.bFunctionSubClass = rndis_opts->subclass; 697 rndis_iad_descriptor.bFunctionProtocol = rndis_opts->protocol; 698 699 /* 700 * in drivers/usb/gadget/configfs.c:configfs_composite_bind() 701 * configurations are bound in sequence with list_for_each_entry, 702 * in each configuration its functions are bound in sequence 703 * with list_for_each_entry, so we assume no race condition 704 * with regard to rndis_opts->bound access 705 */ 706 if (!rndis_opts->bound) { 707 gether_set_gadget(rndis_opts->net, cdev->gadget); 708 status = gether_register_netdev(rndis_opts->net); 709 if (status) 710 goto fail; 711 rndis_opts->bound = true; 712 } 713 714 us = usb_gstrings_attach(cdev, rndis_strings, 715 ARRAY_SIZE(rndis_string_defs)); 716 if (IS_ERR(us)) { 717 status = PTR_ERR(us); 718 goto fail; 719 } 720 rndis_control_intf.iInterface = us[0].id; 721 rndis_data_intf.iInterface = us[1].id; 722 rndis_iad_descriptor.iFunction = us[2].id; 723 724 /* allocate instance-specific interface IDs */ 725 status = usb_interface_id(c, f); 726 if (status < 0) 727 goto fail; 728 rndis->ctrl_id = status; 729 rndis_iad_descriptor.bFirstInterface = status; 730 731 rndis_control_intf.bInterfaceNumber = status; 732 rndis_union_desc.bMasterInterface0 = status; 733 734 if (cdev->use_os_string) 735 f->os_desc_table[0].if_id = 736 rndis_iad_descriptor.bFirstInterface; 737 738 status = usb_interface_id(c, f); 739 if (status < 0) 740 goto fail; 741 rndis->data_id = status; 742 743 rndis_data_intf.bInterfaceNumber = status; 744 rndis_union_desc.bSlaveInterface0 = status; 745 746 status = -ENODEV; 747 748 /* allocate instance-specific endpoints */ 749 ep = usb_ep_autoconfig(cdev->gadget, &fs_in_desc); 750 if (!ep) 751 goto fail; 752 rndis->port.in_ep = ep; 753 754 ep = usb_ep_autoconfig(cdev->gadget, &fs_out_desc); 755 if (!ep) 756 goto fail; 757 rndis->port.out_ep = ep; 758 759 /* NOTE: a status/notification endpoint is, strictly speaking, 760 * optional. We don't treat it that way though! It's simpler, 761 * and some newer profiles don't treat it as optional. 762 */ 763 ep = usb_ep_autoconfig(cdev->gadget, &fs_notify_desc); 764 if (!ep) 765 goto fail; 766 rndis->notify = ep; 767 768 status = -ENOMEM; 769 770 /* allocate notification request and buffer */ 771 rndis->notify_req = usb_ep_alloc_request(ep, GFP_KERNEL); 772 if (!rndis->notify_req) 773 goto fail; 774 rndis->notify_req->buf = kmalloc(STATUS_BYTECOUNT, GFP_KERNEL); 775 if (!rndis->notify_req->buf) 776 goto fail; 777 rndis->notify_req->length = STATUS_BYTECOUNT; 778 rndis->notify_req->context = rndis; 779 rndis->notify_req->complete = rndis_response_complete; 780 781 /* support all relevant hardware speeds... we expect that when 782 * hardware is dual speed, all bulk-capable endpoints work at 783 * both speeds 784 */ 785 hs_in_desc.bEndpointAddress = fs_in_desc.bEndpointAddress; 786 hs_out_desc.bEndpointAddress = fs_out_desc.bEndpointAddress; 787 hs_notify_desc.bEndpointAddress = fs_notify_desc.bEndpointAddress; 788 789 ss_in_desc.bEndpointAddress = fs_in_desc.bEndpointAddress; 790 ss_out_desc.bEndpointAddress = fs_out_desc.bEndpointAddress; 791 ss_notify_desc.bEndpointAddress = fs_notify_desc.bEndpointAddress; 792 793 status = usb_assign_descriptors(f, eth_fs_function, eth_hs_function, 794 eth_ss_function, NULL); 795 if (status) 796 goto fail; 797 798 rndis->port.open = rndis_open; 799 rndis->port.close = rndis_close; 800 801 rndis_set_param_medium(rndis->params, RNDIS_MEDIUM_802_3, 0); 802 rndis_set_host_mac(rndis->params, rndis->ethaddr); 803 804 if (rndis->manufacturer && rndis->vendorID && 805 rndis_set_param_vendor(rndis->params, rndis->vendorID, 806 rndis->manufacturer)) { 807 status = -EINVAL; 808 goto fail_free_descs; 809 } 810 811 /* NOTE: all that is done without knowing or caring about 812 * the network link ... which is unavailable to this code 813 * until we're activated via set_alt(). 814 */ 815 816 DBG(cdev, "RNDIS: %s speed IN/%s OUT/%s NOTIFY/%s\n", 817 gadget_is_superspeed(c->cdev->gadget) ? "super" : 818 gadget_is_dualspeed(c->cdev->gadget) ? "dual" : "full", 819 rndis->port.in_ep->name, rndis->port.out_ep->name, 820 rndis->notify->name); 821 return 0; 822 823 fail_free_descs: 824 usb_free_all_descriptors(f); 825 fail: 826 kfree(f->os_desc_table); 827 f->os_desc_n = 0; 828 829 if (rndis->notify_req) { 830 kfree(rndis->notify_req->buf); 831 usb_ep_free_request(rndis->notify, rndis->notify_req); 832 } 833 834 ERROR(cdev, "%s: can't bind, err %d\n", f->name, status); 835 836 return status; 837 } 838 839 void rndis_borrow_net(struct usb_function_instance *f, struct net_device *net) 840 { 841 struct f_rndis_opts *opts; 842 843 opts = container_of(f, struct f_rndis_opts, func_inst); 844 if (opts->bound) 845 gether_cleanup(netdev_priv(opts->net)); 846 else 847 free_netdev(opts->net); 848 opts->borrowed_net = opts->bound = true; 849 opts->net = net; 850 } 851 EXPORT_SYMBOL_GPL(rndis_borrow_net); 852 853 static inline struct f_rndis_opts *to_f_rndis_opts(struct config_item *item) 854 { 855 return container_of(to_config_group(item), struct f_rndis_opts, 856 func_inst.group); 857 } 858 859 /* f_rndis_item_ops */ 860 USB_ETHERNET_CONFIGFS_ITEM(rndis); 861 862 /* f_rndis_opts_dev_addr */ 863 USB_ETHERNET_CONFIGFS_ITEM_ATTR_DEV_ADDR(rndis); 864 865 /* f_rndis_opts_host_addr */ 866 USB_ETHERNET_CONFIGFS_ITEM_ATTR_HOST_ADDR(rndis); 867 868 /* f_rndis_opts_qmult */ 869 USB_ETHERNET_CONFIGFS_ITEM_ATTR_QMULT(rndis); 870 871 /* f_rndis_opts_ifname */ 872 USB_ETHERNET_CONFIGFS_ITEM_ATTR_IFNAME(rndis); 873 874 /* f_rndis_opts_class */ 875 USB_ETHER_CONFIGFS_ITEM_ATTR_U8_RW(rndis, class); 876 877 /* f_rndis_opts_subclass */ 878 USB_ETHER_CONFIGFS_ITEM_ATTR_U8_RW(rndis, subclass); 879 880 /* f_rndis_opts_protocol */ 881 USB_ETHER_CONFIGFS_ITEM_ATTR_U8_RW(rndis, protocol); 882 883 static struct configfs_attribute *rndis_attrs[] = { 884 &rndis_opts_attr_dev_addr, 885 &rndis_opts_attr_host_addr, 886 &rndis_opts_attr_qmult, 887 &rndis_opts_attr_ifname, 888 &rndis_opts_attr_class, 889 &rndis_opts_attr_subclass, 890 &rndis_opts_attr_protocol, 891 NULL, 892 }; 893 894 static struct config_item_type rndis_func_type = { 895 .ct_item_ops = &rndis_item_ops, 896 .ct_attrs = rndis_attrs, 897 .ct_owner = THIS_MODULE, 898 }; 899 900 static void rndis_free_inst(struct usb_function_instance *f) 901 { 902 struct f_rndis_opts *opts; 903 904 opts = container_of(f, struct f_rndis_opts, func_inst); 905 if (!opts->borrowed_net) { 906 if (opts->bound) 907 gether_cleanup(netdev_priv(opts->net)); 908 else 909 free_netdev(opts->net); 910 } 911 912 kfree(opts->rndis_interf_group); /* single VLA chunk */ 913 kfree(opts); 914 } 915 916 static struct usb_function_instance *rndis_alloc_inst(void) 917 { 918 struct f_rndis_opts *opts; 919 struct usb_os_desc *descs[1]; 920 char *names[1]; 921 struct config_group *rndis_interf_group; 922 923 opts = kzalloc(sizeof(*opts), GFP_KERNEL); 924 if (!opts) 925 return ERR_PTR(-ENOMEM); 926 opts->rndis_os_desc.ext_compat_id = opts->rndis_ext_compat_id; 927 928 mutex_init(&opts->lock); 929 opts->func_inst.free_func_inst = rndis_free_inst; 930 opts->net = gether_setup_default(); 931 if (IS_ERR(opts->net)) { 932 struct net_device *net = opts->net; 933 kfree(opts); 934 return ERR_CAST(net); 935 } 936 INIT_LIST_HEAD(&opts->rndis_os_desc.ext_prop); 937 938 opts->class = rndis_iad_descriptor.bFunctionClass; 939 opts->subclass = rndis_iad_descriptor.bFunctionSubClass; 940 opts->protocol = rndis_iad_descriptor.bFunctionProtocol; 941 942 descs[0] = &opts->rndis_os_desc; 943 names[0] = "rndis"; 944 config_group_init_type_name(&opts->func_inst.group, "", 945 &rndis_func_type); 946 rndis_interf_group = 947 usb_os_desc_prepare_interf_dir(&opts->func_inst.group, 1, descs, 948 names, THIS_MODULE); 949 if (IS_ERR(rndis_interf_group)) { 950 rndis_free_inst(&opts->func_inst); 951 return ERR_CAST(rndis_interf_group); 952 } 953 opts->rndis_interf_group = rndis_interf_group; 954 955 return &opts->func_inst; 956 } 957 958 static void rndis_free(struct usb_function *f) 959 { 960 struct f_rndis *rndis; 961 struct f_rndis_opts *opts; 962 963 rndis = func_to_rndis(f); 964 rndis_deregister(rndis->params); 965 opts = container_of(f->fi, struct f_rndis_opts, func_inst); 966 kfree(rndis); 967 mutex_lock(&opts->lock); 968 opts->refcnt--; 969 mutex_unlock(&opts->lock); 970 } 971 972 static void rndis_unbind(struct usb_configuration *c, struct usb_function *f) 973 { 974 struct f_rndis *rndis = func_to_rndis(f); 975 976 kfree(f->os_desc_table); 977 f->os_desc_n = 0; 978 usb_free_all_descriptors(f); 979 980 kfree(rndis->notify_req->buf); 981 usb_ep_free_request(rndis->notify, rndis->notify_req); 982 } 983 984 static struct usb_function *rndis_alloc(struct usb_function_instance *fi) 985 { 986 struct f_rndis *rndis; 987 struct f_rndis_opts *opts; 988 struct rndis_params *params; 989 990 /* allocate and initialize one new instance */ 991 rndis = kzalloc(sizeof(*rndis), GFP_KERNEL); 992 if (!rndis) 993 return ERR_PTR(-ENOMEM); 994 995 opts = container_of(fi, struct f_rndis_opts, func_inst); 996 mutex_lock(&opts->lock); 997 opts->refcnt++; 998 999 gether_get_host_addr_u8(opts->net, rndis->ethaddr); 1000 rndis->vendorID = opts->vendor_id; 1001 rndis->manufacturer = opts->manufacturer; 1002 1003 rndis->port.ioport = netdev_priv(opts->net); 1004 mutex_unlock(&opts->lock); 1005 /* RNDIS activates when the host changes this filter */ 1006 rndis->port.cdc_filter = 0; 1007 1008 /* RNDIS has special (and complex) framing */ 1009 rndis->port.header_len = sizeof(struct rndis_packet_msg_type); 1010 rndis->port.wrap = rndis_add_header; 1011 rndis->port.unwrap = rndis_rm_hdr; 1012 1013 rndis->port.func.name = "rndis"; 1014 /* descriptors are per-instance copies */ 1015 rndis->port.func.bind = rndis_bind; 1016 rndis->port.func.unbind = rndis_unbind; 1017 rndis->port.func.set_alt = rndis_set_alt; 1018 rndis->port.func.setup = rndis_setup; 1019 rndis->port.func.disable = rndis_disable; 1020 rndis->port.func.free_func = rndis_free; 1021 1022 params = rndis_register(rndis_response_available, rndis); 1023 if (IS_ERR(params)) { 1024 kfree(rndis); 1025 return ERR_CAST(params); 1026 } 1027 rndis->params = params; 1028 1029 return &rndis->port.func; 1030 } 1031 1032 DECLARE_USB_FUNCTION_INIT(rndis, rndis_alloc_inst, rndis_alloc); 1033 MODULE_LICENSE("GPL"); 1034 MODULE_AUTHOR("David Brownell"); 1035