1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * f_rndis.c -- RNDIS link function driver 4 * 5 * Copyright (C) 2003-2005,2008 David Brownell 6 * Copyright (C) 2003-2004 Robert Schwebel, Benedikt Spranger 7 * Copyright (C) 2008 Nokia Corporation 8 * Copyright (C) 2009 Samsung Electronics 9 * Author: Michal Nazarewicz (mina86@mina86.com) 10 */ 11 12 /* #define VERBOSE_DEBUG */ 13 14 #include <linux/slab.h> 15 #include <linux/kernel.h> 16 #include <linux/module.h> 17 #include <linux/device.h> 18 #include <linux/etherdevice.h> 19 20 #include <linux/atomic.h> 21 22 #include <linux/usb/gadget.h> 23 24 #include "u_ether.h" 25 #include "u_ether_configfs.h" 26 #include "u_rndis.h" 27 #include "rndis.h" 28 #include "configfs.h" 29 30 /* 31 * This function is an RNDIS Ethernet port -- a Microsoft protocol that's 32 * been promoted instead of the standard CDC Ethernet. The published RNDIS 33 * spec is ambiguous, incomplete, and needlessly complex. Variants such as 34 * ActiveSync have even worse status in terms of specification. 35 * 36 * In short: it's a protocol controlled by (and for) Microsoft, not for an 37 * Open ecosystem or markets. Linux supports it *only* because Microsoft 38 * doesn't support the CDC Ethernet standard. 39 * 40 * The RNDIS data transfer model is complex, with multiple Ethernet packets 41 * per USB message, and out of band data. The control model is built around 42 * what's essentially an "RNDIS RPC" protocol. It's all wrapped in a CDC ACM 43 * (modem, not Ethernet) veneer, with those ACM descriptors being entirely 44 * useless (they're ignored). RNDIS expects to be the only function in its 45 * configuration, so it's no real help if you need composite devices; and 46 * it expects to be the first configuration too. 47 * 48 * There is a single technical advantage of RNDIS over CDC Ethernet, if you 49 * discount the fluff that its RPC can be made to deliver: it doesn't need 50 * a NOP altsetting for the data interface. That lets it work on some of the 51 * "so smart it's stupid" hardware which takes over configuration changes 52 * from the software, and adds restrictions like "no altsettings". 53 * 54 * Unfortunately MSFT's RNDIS drivers are buggy. They hang or oops, and 55 * have all sorts of contrary-to-specification oddities that can prevent 56 * them from working sanely. Since bugfixes (or accurate specs, letting 57 * Linux work around those bugs) are unlikely to ever come from MSFT, you 58 * may want to avoid using RNDIS on purely operational grounds. 59 * 60 * Omissions from the RNDIS 1.0 specification include: 61 * 62 * - Power management ... references data that's scattered around lots 63 * of other documentation, which is incorrect/incomplete there too. 64 * 65 * - There are various undocumented protocol requirements, like the need 66 * to send garbage in some control-OUT messages. 67 * 68 * - MS-Windows drivers sometimes emit undocumented requests. 69 */ 70 71 struct f_rndis { 72 struct gether port; 73 u8 ctrl_id, data_id; 74 u8 ethaddr[ETH_ALEN]; 75 u32 vendorID; 76 const char *manufacturer; 77 struct rndis_params *params; 78 79 struct usb_ep *notify; 80 struct usb_request *notify_req; 81 atomic_t notify_count; 82 }; 83 84 static inline struct f_rndis *func_to_rndis(struct usb_function *f) 85 { 86 return container_of(f, struct f_rndis, port.func); 87 } 88 89 /*-------------------------------------------------------------------------*/ 90 91 /* 92 */ 93 94 #define RNDIS_STATUS_INTERVAL_MS 32 95 #define STATUS_BYTECOUNT 8 /* 8 bytes data */ 96 97 98 /* interface descriptor: */ 99 100 static struct usb_interface_descriptor rndis_control_intf = { 101 .bLength = sizeof rndis_control_intf, 102 .bDescriptorType = USB_DT_INTERFACE, 103 104 /* .bInterfaceNumber = DYNAMIC */ 105 /* status endpoint is optional; this could be patched later */ 106 .bNumEndpoints = 1, 107 .bInterfaceClass = USB_CLASS_COMM, 108 .bInterfaceSubClass = USB_CDC_SUBCLASS_ACM, 109 .bInterfaceProtocol = USB_CDC_ACM_PROTO_VENDOR, 110 /* .iInterface = DYNAMIC */ 111 }; 112 113 static struct usb_cdc_header_desc header_desc = { 114 .bLength = sizeof header_desc, 115 .bDescriptorType = USB_DT_CS_INTERFACE, 116 .bDescriptorSubType = USB_CDC_HEADER_TYPE, 117 118 .bcdCDC = cpu_to_le16(0x0110), 119 }; 120 121 static struct usb_cdc_call_mgmt_descriptor call_mgmt_descriptor = { 122 .bLength = sizeof call_mgmt_descriptor, 123 .bDescriptorType = USB_DT_CS_INTERFACE, 124 .bDescriptorSubType = USB_CDC_CALL_MANAGEMENT_TYPE, 125 126 .bmCapabilities = 0x00, 127 .bDataInterface = 0x01, 128 }; 129 130 static struct usb_cdc_acm_descriptor rndis_acm_descriptor = { 131 .bLength = sizeof rndis_acm_descriptor, 132 .bDescriptorType = USB_DT_CS_INTERFACE, 133 .bDescriptorSubType = USB_CDC_ACM_TYPE, 134 135 .bmCapabilities = 0x00, 136 }; 137 138 static struct usb_cdc_union_desc rndis_union_desc = { 139 .bLength = sizeof(rndis_union_desc), 140 .bDescriptorType = USB_DT_CS_INTERFACE, 141 .bDescriptorSubType = USB_CDC_UNION_TYPE, 142 /* .bMasterInterface0 = DYNAMIC */ 143 /* .bSlaveInterface0 = DYNAMIC */ 144 }; 145 146 /* the data interface has two bulk endpoints */ 147 148 static struct usb_interface_descriptor rndis_data_intf = { 149 .bLength = sizeof rndis_data_intf, 150 .bDescriptorType = USB_DT_INTERFACE, 151 152 /* .bInterfaceNumber = DYNAMIC */ 153 .bNumEndpoints = 2, 154 .bInterfaceClass = USB_CLASS_CDC_DATA, 155 .bInterfaceSubClass = 0, 156 .bInterfaceProtocol = 0, 157 /* .iInterface = DYNAMIC */ 158 }; 159 160 161 static struct usb_interface_assoc_descriptor 162 rndis_iad_descriptor = { 163 .bLength = sizeof rndis_iad_descriptor, 164 .bDescriptorType = USB_DT_INTERFACE_ASSOCIATION, 165 166 .bFirstInterface = 0, /* XXX, hardcoded */ 167 .bInterfaceCount = 2, // control + data 168 .bFunctionClass = USB_CLASS_COMM, 169 .bFunctionSubClass = USB_CDC_SUBCLASS_ETHERNET, 170 .bFunctionProtocol = USB_CDC_PROTO_NONE, 171 /* .iFunction = DYNAMIC */ 172 }; 173 174 /* full speed support: */ 175 176 static struct usb_endpoint_descriptor fs_notify_desc = { 177 .bLength = USB_DT_ENDPOINT_SIZE, 178 .bDescriptorType = USB_DT_ENDPOINT, 179 180 .bEndpointAddress = USB_DIR_IN, 181 .bmAttributes = USB_ENDPOINT_XFER_INT, 182 .wMaxPacketSize = cpu_to_le16(STATUS_BYTECOUNT), 183 .bInterval = RNDIS_STATUS_INTERVAL_MS, 184 }; 185 186 static struct usb_endpoint_descriptor fs_in_desc = { 187 .bLength = USB_DT_ENDPOINT_SIZE, 188 .bDescriptorType = USB_DT_ENDPOINT, 189 190 .bEndpointAddress = USB_DIR_IN, 191 .bmAttributes = USB_ENDPOINT_XFER_BULK, 192 }; 193 194 static struct usb_endpoint_descriptor fs_out_desc = { 195 .bLength = USB_DT_ENDPOINT_SIZE, 196 .bDescriptorType = USB_DT_ENDPOINT, 197 198 .bEndpointAddress = USB_DIR_OUT, 199 .bmAttributes = USB_ENDPOINT_XFER_BULK, 200 }; 201 202 static struct usb_descriptor_header *eth_fs_function[] = { 203 (struct usb_descriptor_header *) &rndis_iad_descriptor, 204 205 /* control interface matches ACM, not Ethernet */ 206 (struct usb_descriptor_header *) &rndis_control_intf, 207 (struct usb_descriptor_header *) &header_desc, 208 (struct usb_descriptor_header *) &call_mgmt_descriptor, 209 (struct usb_descriptor_header *) &rndis_acm_descriptor, 210 (struct usb_descriptor_header *) &rndis_union_desc, 211 (struct usb_descriptor_header *) &fs_notify_desc, 212 213 /* data interface has no altsetting */ 214 (struct usb_descriptor_header *) &rndis_data_intf, 215 (struct usb_descriptor_header *) &fs_in_desc, 216 (struct usb_descriptor_header *) &fs_out_desc, 217 NULL, 218 }; 219 220 /* high speed support: */ 221 222 static struct usb_endpoint_descriptor hs_notify_desc = { 223 .bLength = USB_DT_ENDPOINT_SIZE, 224 .bDescriptorType = USB_DT_ENDPOINT, 225 226 .bEndpointAddress = USB_DIR_IN, 227 .bmAttributes = USB_ENDPOINT_XFER_INT, 228 .wMaxPacketSize = cpu_to_le16(STATUS_BYTECOUNT), 229 .bInterval = USB_MS_TO_HS_INTERVAL(RNDIS_STATUS_INTERVAL_MS) 230 }; 231 232 static struct usb_endpoint_descriptor hs_in_desc = { 233 .bLength = USB_DT_ENDPOINT_SIZE, 234 .bDescriptorType = USB_DT_ENDPOINT, 235 236 .bEndpointAddress = USB_DIR_IN, 237 .bmAttributes = USB_ENDPOINT_XFER_BULK, 238 .wMaxPacketSize = cpu_to_le16(512), 239 }; 240 241 static struct usb_endpoint_descriptor hs_out_desc = { 242 .bLength = USB_DT_ENDPOINT_SIZE, 243 .bDescriptorType = USB_DT_ENDPOINT, 244 245 .bEndpointAddress = USB_DIR_OUT, 246 .bmAttributes = USB_ENDPOINT_XFER_BULK, 247 .wMaxPacketSize = cpu_to_le16(512), 248 }; 249 250 static struct usb_descriptor_header *eth_hs_function[] = { 251 (struct usb_descriptor_header *) &rndis_iad_descriptor, 252 253 /* control interface matches ACM, not Ethernet */ 254 (struct usb_descriptor_header *) &rndis_control_intf, 255 (struct usb_descriptor_header *) &header_desc, 256 (struct usb_descriptor_header *) &call_mgmt_descriptor, 257 (struct usb_descriptor_header *) &rndis_acm_descriptor, 258 (struct usb_descriptor_header *) &rndis_union_desc, 259 (struct usb_descriptor_header *) &hs_notify_desc, 260 261 /* data interface has no altsetting */ 262 (struct usb_descriptor_header *) &rndis_data_intf, 263 (struct usb_descriptor_header *) &hs_in_desc, 264 (struct usb_descriptor_header *) &hs_out_desc, 265 NULL, 266 }; 267 268 /* super speed support: */ 269 270 static struct usb_endpoint_descriptor ss_notify_desc = { 271 .bLength = USB_DT_ENDPOINT_SIZE, 272 .bDescriptorType = USB_DT_ENDPOINT, 273 274 .bEndpointAddress = USB_DIR_IN, 275 .bmAttributes = USB_ENDPOINT_XFER_INT, 276 .wMaxPacketSize = cpu_to_le16(STATUS_BYTECOUNT), 277 .bInterval = USB_MS_TO_HS_INTERVAL(RNDIS_STATUS_INTERVAL_MS) 278 }; 279 280 static struct usb_ss_ep_comp_descriptor ss_intr_comp_desc = { 281 .bLength = sizeof ss_intr_comp_desc, 282 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 283 284 /* the following 3 values can be tweaked if necessary */ 285 /* .bMaxBurst = 0, */ 286 /* .bmAttributes = 0, */ 287 .wBytesPerInterval = cpu_to_le16(STATUS_BYTECOUNT), 288 }; 289 290 static struct usb_endpoint_descriptor ss_in_desc = { 291 .bLength = USB_DT_ENDPOINT_SIZE, 292 .bDescriptorType = USB_DT_ENDPOINT, 293 294 .bEndpointAddress = USB_DIR_IN, 295 .bmAttributes = USB_ENDPOINT_XFER_BULK, 296 .wMaxPacketSize = cpu_to_le16(1024), 297 }; 298 299 static struct usb_endpoint_descriptor ss_out_desc = { 300 .bLength = USB_DT_ENDPOINT_SIZE, 301 .bDescriptorType = USB_DT_ENDPOINT, 302 303 .bEndpointAddress = USB_DIR_OUT, 304 .bmAttributes = USB_ENDPOINT_XFER_BULK, 305 .wMaxPacketSize = cpu_to_le16(1024), 306 }; 307 308 static struct usb_ss_ep_comp_descriptor ss_bulk_comp_desc = { 309 .bLength = sizeof ss_bulk_comp_desc, 310 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 311 312 /* the following 2 values can be tweaked if necessary */ 313 /* .bMaxBurst = 0, */ 314 /* .bmAttributes = 0, */ 315 }; 316 317 static struct usb_descriptor_header *eth_ss_function[] = { 318 (struct usb_descriptor_header *) &rndis_iad_descriptor, 319 320 /* control interface matches ACM, not Ethernet */ 321 (struct usb_descriptor_header *) &rndis_control_intf, 322 (struct usb_descriptor_header *) &header_desc, 323 (struct usb_descriptor_header *) &call_mgmt_descriptor, 324 (struct usb_descriptor_header *) &rndis_acm_descriptor, 325 (struct usb_descriptor_header *) &rndis_union_desc, 326 (struct usb_descriptor_header *) &ss_notify_desc, 327 (struct usb_descriptor_header *) &ss_intr_comp_desc, 328 329 /* data interface has no altsetting */ 330 (struct usb_descriptor_header *) &rndis_data_intf, 331 (struct usb_descriptor_header *) &ss_in_desc, 332 (struct usb_descriptor_header *) &ss_bulk_comp_desc, 333 (struct usb_descriptor_header *) &ss_out_desc, 334 (struct usb_descriptor_header *) &ss_bulk_comp_desc, 335 NULL, 336 }; 337 338 /* string descriptors: */ 339 340 static struct usb_string rndis_string_defs[] = { 341 [0].s = "RNDIS Communications Control", 342 [1].s = "RNDIS Ethernet Data", 343 [2].s = "RNDIS", 344 { } /* end of list */ 345 }; 346 347 static struct usb_gadget_strings rndis_string_table = { 348 .language = 0x0409, /* en-us */ 349 .strings = rndis_string_defs, 350 }; 351 352 static struct usb_gadget_strings *rndis_strings[] = { 353 &rndis_string_table, 354 NULL, 355 }; 356 357 /*-------------------------------------------------------------------------*/ 358 359 static struct sk_buff *rndis_add_header(struct gether *port, 360 struct sk_buff *skb) 361 { 362 struct sk_buff *skb2; 363 364 if (!skb) 365 return NULL; 366 367 skb2 = skb_realloc_headroom(skb, sizeof(struct rndis_packet_msg_type)); 368 rndis_add_hdr(skb2); 369 370 dev_kfree_skb(skb); 371 return skb2; 372 } 373 374 static void rndis_response_available(void *_rndis) 375 { 376 struct f_rndis *rndis = _rndis; 377 struct usb_request *req = rndis->notify_req; 378 struct usb_composite_dev *cdev = rndis->port.func.config->cdev; 379 __le32 *data = req->buf; 380 int status; 381 382 if (atomic_inc_return(&rndis->notify_count) != 1) 383 return; 384 385 /* Send RNDIS RESPONSE_AVAILABLE notification; a 386 * USB_CDC_NOTIFY_RESPONSE_AVAILABLE "should" work too 387 * 388 * This is the only notification defined by RNDIS. 389 */ 390 data[0] = cpu_to_le32(1); 391 data[1] = cpu_to_le32(0); 392 393 status = usb_ep_queue(rndis->notify, req, GFP_ATOMIC); 394 if (status) { 395 atomic_dec(&rndis->notify_count); 396 DBG(cdev, "notify/0 --> %d\n", status); 397 } 398 } 399 400 static void rndis_response_complete(struct usb_ep *ep, struct usb_request *req) 401 { 402 struct f_rndis *rndis = req->context; 403 struct usb_composite_dev *cdev = rndis->port.func.config->cdev; 404 int status = req->status; 405 406 /* after TX: 407 * - USB_CDC_GET_ENCAPSULATED_RESPONSE (ep0/control) 408 * - RNDIS_RESPONSE_AVAILABLE (status/irq) 409 */ 410 switch (status) { 411 case -ECONNRESET: 412 case -ESHUTDOWN: 413 /* connection gone */ 414 atomic_set(&rndis->notify_count, 0); 415 break; 416 default: 417 DBG(cdev, "RNDIS %s response error %d, %d/%d\n", 418 ep->name, status, 419 req->actual, req->length); 420 fallthrough; 421 case 0: 422 if (ep != rndis->notify) 423 break; 424 425 /* handle multiple pending RNDIS_RESPONSE_AVAILABLE 426 * notifications by resending until we're done 427 */ 428 if (atomic_dec_and_test(&rndis->notify_count)) 429 break; 430 status = usb_ep_queue(rndis->notify, req, GFP_ATOMIC); 431 if (status) { 432 atomic_dec(&rndis->notify_count); 433 DBG(cdev, "notify/1 --> %d\n", status); 434 } 435 break; 436 } 437 } 438 439 static void rndis_command_complete(struct usb_ep *ep, struct usb_request *req) 440 { 441 struct f_rndis *rndis = req->context; 442 int status; 443 444 /* received RNDIS command from USB_CDC_SEND_ENCAPSULATED_COMMAND */ 445 // spin_lock(&dev->lock); 446 status = rndis_msg_parser(rndis->params, (u8 *) req->buf); 447 if (status < 0) 448 pr_err("RNDIS command error %d, %d/%d\n", 449 status, req->actual, req->length); 450 // spin_unlock(&dev->lock); 451 } 452 453 static int 454 rndis_setup(struct usb_function *f, const struct usb_ctrlrequest *ctrl) 455 { 456 struct f_rndis *rndis = func_to_rndis(f); 457 struct usb_composite_dev *cdev = f->config->cdev; 458 struct usb_request *req = cdev->req; 459 int value = -EOPNOTSUPP; 460 u16 w_index = le16_to_cpu(ctrl->wIndex); 461 u16 w_value = le16_to_cpu(ctrl->wValue); 462 u16 w_length = le16_to_cpu(ctrl->wLength); 463 464 /* composite driver infrastructure handles everything except 465 * CDC class messages; interface activation uses set_alt(). 466 */ 467 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) { 468 469 /* RNDIS uses the CDC command encapsulation mechanism to implement 470 * an RPC scheme, with much getting/setting of attributes by OID. 471 */ 472 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 473 | USB_CDC_SEND_ENCAPSULATED_COMMAND: 474 if (w_value || w_index != rndis->ctrl_id) 475 goto invalid; 476 /* read the request; process it later */ 477 value = w_length; 478 req->complete = rndis_command_complete; 479 req->context = rndis; 480 /* later, rndis_response_available() sends a notification */ 481 break; 482 483 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 484 | USB_CDC_GET_ENCAPSULATED_RESPONSE: 485 if (w_value || w_index != rndis->ctrl_id) 486 goto invalid; 487 else { 488 u8 *buf; 489 u32 n; 490 491 /* return the result */ 492 buf = rndis_get_next_response(rndis->params, &n); 493 if (buf) { 494 memcpy(req->buf, buf, n); 495 req->complete = rndis_response_complete; 496 req->context = rndis; 497 rndis_free_response(rndis->params, buf); 498 value = n; 499 } 500 /* else stalls ... spec says to avoid that */ 501 } 502 break; 503 504 default: 505 invalid: 506 VDBG(cdev, "invalid control req%02x.%02x v%04x i%04x l%d\n", 507 ctrl->bRequestType, ctrl->bRequest, 508 w_value, w_index, w_length); 509 } 510 511 /* respond with data transfer or status phase? */ 512 if (value >= 0) { 513 DBG(cdev, "rndis req%02x.%02x v%04x i%04x l%d\n", 514 ctrl->bRequestType, ctrl->bRequest, 515 w_value, w_index, w_length); 516 req->zero = (value < w_length); 517 req->length = value; 518 value = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC); 519 if (value < 0) 520 ERROR(cdev, "rndis response on err %d\n", value); 521 } 522 523 /* device either stalls (value < 0) or reports success */ 524 return value; 525 } 526 527 528 static int rndis_set_alt(struct usb_function *f, unsigned intf, unsigned alt) 529 { 530 struct f_rndis *rndis = func_to_rndis(f); 531 struct usb_composite_dev *cdev = f->config->cdev; 532 533 /* we know alt == 0 */ 534 535 if (intf == rndis->ctrl_id) { 536 VDBG(cdev, "reset rndis control %d\n", intf); 537 usb_ep_disable(rndis->notify); 538 539 if (!rndis->notify->desc) { 540 VDBG(cdev, "init rndis ctrl %d\n", intf); 541 if (config_ep_by_speed(cdev->gadget, f, rndis->notify)) 542 goto fail; 543 } 544 usb_ep_enable(rndis->notify); 545 546 } else if (intf == rndis->data_id) { 547 struct net_device *net; 548 549 if (rndis->port.in_ep->enabled) { 550 DBG(cdev, "reset rndis\n"); 551 gether_disconnect(&rndis->port); 552 } 553 554 if (!rndis->port.in_ep->desc || !rndis->port.out_ep->desc) { 555 DBG(cdev, "init rndis\n"); 556 if (config_ep_by_speed(cdev->gadget, f, 557 rndis->port.in_ep) || 558 config_ep_by_speed(cdev->gadget, f, 559 rndis->port.out_ep)) { 560 rndis->port.in_ep->desc = NULL; 561 rndis->port.out_ep->desc = NULL; 562 goto fail; 563 } 564 } 565 566 /* Avoid ZLPs; they can be troublesome. */ 567 rndis->port.is_zlp_ok = false; 568 569 /* RNDIS should be in the "RNDIS uninitialized" state, 570 * either never activated or after rndis_uninit(). 571 * 572 * We don't want data to flow here until a nonzero packet 573 * filter is set, at which point it enters "RNDIS data 574 * initialized" state ... but we do want the endpoints 575 * to be activated. It's a strange little state. 576 * 577 * REVISIT the RNDIS gadget code has done this wrong for a 578 * very long time. We need another call to the link layer 579 * code -- gether_updown(...bool) maybe -- to do it right. 580 */ 581 rndis->port.cdc_filter = 0; 582 583 DBG(cdev, "RNDIS RX/TX early activation ... \n"); 584 net = gether_connect(&rndis->port); 585 if (IS_ERR(net)) 586 return PTR_ERR(net); 587 588 rndis_set_param_dev(rndis->params, net, 589 &rndis->port.cdc_filter); 590 } else 591 goto fail; 592 593 return 0; 594 fail: 595 return -EINVAL; 596 } 597 598 static void rndis_disable(struct usb_function *f) 599 { 600 struct f_rndis *rndis = func_to_rndis(f); 601 struct usb_composite_dev *cdev = f->config->cdev; 602 603 if (!rndis->notify->enabled) 604 return; 605 606 DBG(cdev, "rndis deactivated\n"); 607 608 rndis_uninit(rndis->params); 609 gether_disconnect(&rndis->port); 610 611 usb_ep_disable(rndis->notify); 612 rndis->notify->desc = NULL; 613 } 614 615 /*-------------------------------------------------------------------------*/ 616 617 /* 618 * This isn't quite the same mechanism as CDC Ethernet, since the 619 * notification scheme passes less data, but the same set of link 620 * states must be tested. A key difference is that altsettings are 621 * not used to tell whether the link should send packets or not. 622 */ 623 624 static void rndis_open(struct gether *geth) 625 { 626 struct f_rndis *rndis = func_to_rndis(&geth->func); 627 struct usb_composite_dev *cdev = geth->func.config->cdev; 628 629 DBG(cdev, "%s\n", __func__); 630 631 rndis_set_param_medium(rndis->params, RNDIS_MEDIUM_802_3, 632 gether_bitrate(cdev->gadget) / 100); 633 rndis_signal_connect(rndis->params); 634 } 635 636 static void rndis_close(struct gether *geth) 637 { 638 struct f_rndis *rndis = func_to_rndis(&geth->func); 639 640 DBG(geth->func.config->cdev, "%s\n", __func__); 641 642 rndis_set_param_medium(rndis->params, RNDIS_MEDIUM_802_3, 0); 643 rndis_signal_disconnect(rndis->params); 644 } 645 646 /*-------------------------------------------------------------------------*/ 647 648 /* Some controllers can't support RNDIS ... */ 649 static inline bool can_support_rndis(struct usb_configuration *c) 650 { 651 /* everything else is *presumably* fine */ 652 return true; 653 } 654 655 /* ethernet function driver setup/binding */ 656 657 static int 658 rndis_bind(struct usb_configuration *c, struct usb_function *f) 659 { 660 struct usb_composite_dev *cdev = c->cdev; 661 struct f_rndis *rndis = func_to_rndis(f); 662 struct usb_string *us; 663 int status; 664 struct usb_ep *ep; 665 666 struct f_rndis_opts *rndis_opts; 667 struct usb_os_desc_table *os_desc_table __free(kfree) = NULL; 668 struct usb_request *request __free(free_usb_request) = NULL; 669 670 if (!can_support_rndis(c)) 671 return -EINVAL; 672 673 rndis_opts = container_of(f->fi, struct f_rndis_opts, func_inst); 674 675 if (cdev->use_os_string) { 676 os_desc_table = kzalloc(sizeof(*os_desc_table), GFP_KERNEL); 677 if (!os_desc_table) 678 return -ENOMEM; 679 } 680 681 rndis_iad_descriptor.bFunctionClass = rndis_opts->class; 682 rndis_iad_descriptor.bFunctionSubClass = rndis_opts->subclass; 683 rndis_iad_descriptor.bFunctionProtocol = rndis_opts->protocol; 684 685 /* 686 * in drivers/usb/gadget/configfs.c:configfs_composite_bind() 687 * configurations are bound in sequence with list_for_each_entry, 688 * in each configuration its functions are bound in sequence 689 * with list_for_each_entry, so we assume no race condition 690 * with regard to rndis_opts->bound access 691 */ 692 if (!rndis_opts->bound) { 693 gether_set_gadget(rndis_opts->net, cdev->gadget); 694 status = gether_register_netdev(rndis_opts->net); 695 if (status) 696 return status; 697 rndis_opts->bound = true; 698 } 699 700 us = usb_gstrings_attach(cdev, rndis_strings, 701 ARRAY_SIZE(rndis_string_defs)); 702 if (IS_ERR(us)) 703 return PTR_ERR(us); 704 rndis_control_intf.iInterface = us[0].id; 705 rndis_data_intf.iInterface = us[1].id; 706 rndis_iad_descriptor.iFunction = us[2].id; 707 708 /* allocate instance-specific interface IDs */ 709 status = usb_interface_id(c, f); 710 if (status < 0) 711 return status; 712 rndis->ctrl_id = status; 713 rndis_iad_descriptor.bFirstInterface = status; 714 715 rndis_control_intf.bInterfaceNumber = status; 716 rndis_union_desc.bMasterInterface0 = status; 717 718 status = usb_interface_id(c, f); 719 if (status < 0) 720 return status; 721 rndis->data_id = status; 722 723 rndis_data_intf.bInterfaceNumber = status; 724 rndis_union_desc.bSlaveInterface0 = status; 725 726 /* allocate instance-specific endpoints */ 727 ep = usb_ep_autoconfig(cdev->gadget, &fs_in_desc); 728 if (!ep) 729 return -ENODEV; 730 rndis->port.in_ep = ep; 731 732 ep = usb_ep_autoconfig(cdev->gadget, &fs_out_desc); 733 if (!ep) 734 return -ENODEV; 735 rndis->port.out_ep = ep; 736 737 /* NOTE: a status/notification endpoint is, strictly speaking, 738 * optional. We don't treat it that way though! It's simpler, 739 * and some newer profiles don't treat it as optional. 740 */ 741 ep = usb_ep_autoconfig(cdev->gadget, &fs_notify_desc); 742 if (!ep) 743 return -ENODEV; 744 rndis->notify = ep; 745 746 /* allocate notification request and buffer */ 747 request = usb_ep_alloc_request(ep, GFP_KERNEL); 748 if (!request) 749 return -ENOMEM; 750 request->buf = kmalloc(STATUS_BYTECOUNT, GFP_KERNEL); 751 if (!request->buf) 752 return -ENOMEM; 753 request->length = STATUS_BYTECOUNT; 754 request->context = rndis; 755 request->complete = rndis_response_complete; 756 757 /* support all relevant hardware speeds... we expect that when 758 * hardware is dual speed, all bulk-capable endpoints work at 759 * both speeds 760 */ 761 hs_in_desc.bEndpointAddress = fs_in_desc.bEndpointAddress; 762 hs_out_desc.bEndpointAddress = fs_out_desc.bEndpointAddress; 763 hs_notify_desc.bEndpointAddress = fs_notify_desc.bEndpointAddress; 764 765 ss_in_desc.bEndpointAddress = fs_in_desc.bEndpointAddress; 766 ss_out_desc.bEndpointAddress = fs_out_desc.bEndpointAddress; 767 ss_notify_desc.bEndpointAddress = fs_notify_desc.bEndpointAddress; 768 769 status = usb_assign_descriptors(f, eth_fs_function, eth_hs_function, 770 eth_ss_function, eth_ss_function); 771 if (status) 772 return status; 773 774 rndis->port.open = rndis_open; 775 rndis->port.close = rndis_close; 776 777 rndis_set_param_medium(rndis->params, RNDIS_MEDIUM_802_3, 0); 778 rndis_set_host_mac(rndis->params, rndis->ethaddr); 779 780 if (rndis->manufacturer && rndis->vendorID && 781 rndis_set_param_vendor(rndis->params, rndis->vendorID, 782 rndis->manufacturer)) { 783 usb_free_all_descriptors(f); 784 return -EINVAL; 785 } 786 787 if (cdev->use_os_string) { 788 os_desc_table[0].os_desc = &rndis_opts->rndis_os_desc; 789 os_desc_table[0].if_id = rndis_iad_descriptor.bFirstInterface; 790 f->os_desc_table = no_free_ptr(os_desc_table); 791 f->os_desc_n = 1; 792 793 } 794 rndis->notify_req = no_free_ptr(request); 795 796 /* NOTE: all that is done without knowing or caring about 797 * the network link ... which is unavailable to this code 798 * until we're activated via set_alt(). 799 */ 800 801 DBG(cdev, "RNDIS: IN/%s OUT/%s NOTIFY/%s\n", 802 rndis->port.in_ep->name, rndis->port.out_ep->name, 803 rndis->notify->name); 804 return 0; 805 } 806 807 void rndis_borrow_net(struct usb_function_instance *f, struct net_device *net) 808 { 809 struct f_rndis_opts *opts; 810 811 opts = container_of(f, struct f_rndis_opts, func_inst); 812 if (opts->bound) 813 gether_cleanup(netdev_priv(opts->net)); 814 else 815 free_netdev(opts->net); 816 opts->borrowed_net = opts->bound = true; 817 opts->net = net; 818 } 819 EXPORT_SYMBOL_GPL(rndis_borrow_net); 820 821 static inline struct f_rndis_opts *to_f_rndis_opts(struct config_item *item) 822 { 823 return container_of(to_config_group(item), struct f_rndis_opts, 824 func_inst.group); 825 } 826 827 /* f_rndis_item_ops */ 828 USB_ETHERNET_CONFIGFS_ITEM(rndis); 829 830 /* f_rndis_opts_dev_addr */ 831 USB_ETHERNET_CONFIGFS_ITEM_ATTR_DEV_ADDR(rndis); 832 833 /* f_rndis_opts_host_addr */ 834 USB_ETHERNET_CONFIGFS_ITEM_ATTR_HOST_ADDR(rndis); 835 836 /* f_rndis_opts_qmult */ 837 USB_ETHERNET_CONFIGFS_ITEM_ATTR_QMULT(rndis); 838 839 /* f_rndis_opts_ifname */ 840 USB_ETHERNET_CONFIGFS_ITEM_ATTR_IFNAME(rndis); 841 842 /* f_rndis_opts_class */ 843 USB_ETHER_CONFIGFS_ITEM_ATTR_U8_RW(rndis, class); 844 845 /* f_rndis_opts_subclass */ 846 USB_ETHER_CONFIGFS_ITEM_ATTR_U8_RW(rndis, subclass); 847 848 /* f_rndis_opts_protocol */ 849 USB_ETHER_CONFIGFS_ITEM_ATTR_U8_RW(rndis, protocol); 850 851 static struct configfs_attribute *rndis_attrs[] = { 852 &rndis_opts_attr_dev_addr, 853 &rndis_opts_attr_host_addr, 854 &rndis_opts_attr_qmult, 855 &rndis_opts_attr_ifname, 856 &rndis_opts_attr_class, 857 &rndis_opts_attr_subclass, 858 &rndis_opts_attr_protocol, 859 NULL, 860 }; 861 862 static const struct config_item_type rndis_func_type = { 863 .ct_item_ops = &rndis_item_ops, 864 .ct_attrs = rndis_attrs, 865 .ct_owner = THIS_MODULE, 866 }; 867 868 static void rndis_free_inst(struct usb_function_instance *f) 869 { 870 struct f_rndis_opts *opts; 871 872 opts = container_of(f, struct f_rndis_opts, func_inst); 873 if (!opts->borrowed_net) { 874 if (opts->bound) 875 gether_cleanup(netdev_priv(opts->net)); 876 else 877 free_netdev(opts->net); 878 } 879 880 kfree(opts->rndis_interf_group); /* single VLA chunk */ 881 kfree(opts); 882 } 883 884 static struct usb_function_instance *rndis_alloc_inst(void) 885 { 886 struct f_rndis_opts *opts; 887 struct usb_os_desc *descs[1]; 888 char *names[1]; 889 struct config_group *rndis_interf_group; 890 891 opts = kzalloc(sizeof(*opts), GFP_KERNEL); 892 if (!opts) 893 return ERR_PTR(-ENOMEM); 894 opts->rndis_os_desc.ext_compat_id = opts->rndis_ext_compat_id; 895 896 mutex_init(&opts->lock); 897 opts->func_inst.free_func_inst = rndis_free_inst; 898 opts->net = gether_setup_default(); 899 if (IS_ERR(opts->net)) { 900 struct net_device *net = opts->net; 901 kfree(opts); 902 return ERR_CAST(net); 903 } 904 INIT_LIST_HEAD(&opts->rndis_os_desc.ext_prop); 905 906 opts->class = rndis_iad_descriptor.bFunctionClass; 907 opts->subclass = rndis_iad_descriptor.bFunctionSubClass; 908 opts->protocol = rndis_iad_descriptor.bFunctionProtocol; 909 910 descs[0] = &opts->rndis_os_desc; 911 names[0] = "rndis"; 912 config_group_init_type_name(&opts->func_inst.group, "", 913 &rndis_func_type); 914 rndis_interf_group = 915 usb_os_desc_prepare_interf_dir(&opts->func_inst.group, 1, descs, 916 names, THIS_MODULE); 917 if (IS_ERR(rndis_interf_group)) { 918 rndis_free_inst(&opts->func_inst); 919 return ERR_CAST(rndis_interf_group); 920 } 921 opts->rndis_interf_group = rndis_interf_group; 922 923 return &opts->func_inst; 924 } 925 926 static void rndis_free(struct usb_function *f) 927 { 928 struct f_rndis *rndis; 929 struct f_rndis_opts *opts; 930 931 rndis = func_to_rndis(f); 932 rndis_deregister(rndis->params); 933 opts = container_of(f->fi, struct f_rndis_opts, func_inst); 934 kfree(rndis); 935 mutex_lock(&opts->lock); 936 opts->refcnt--; 937 mutex_unlock(&opts->lock); 938 } 939 940 static void rndis_unbind(struct usb_configuration *c, struct usb_function *f) 941 { 942 struct f_rndis *rndis = func_to_rndis(f); 943 944 kfree(f->os_desc_table); 945 f->os_desc_n = 0; 946 usb_free_all_descriptors(f); 947 948 kfree(rndis->notify_req->buf); 949 usb_ep_free_request(rndis->notify, rndis->notify_req); 950 } 951 952 static struct usb_function *rndis_alloc(struct usb_function_instance *fi) 953 { 954 struct f_rndis *rndis; 955 struct f_rndis_opts *opts; 956 struct rndis_params *params; 957 958 /* allocate and initialize one new instance */ 959 rndis = kzalloc(sizeof(*rndis), GFP_KERNEL); 960 if (!rndis) 961 return ERR_PTR(-ENOMEM); 962 963 opts = container_of(fi, struct f_rndis_opts, func_inst); 964 mutex_lock(&opts->lock); 965 opts->refcnt++; 966 967 gether_get_host_addr_u8(opts->net, rndis->ethaddr); 968 rndis->vendorID = opts->vendor_id; 969 rndis->manufacturer = opts->manufacturer; 970 971 rndis->port.ioport = netdev_priv(opts->net); 972 mutex_unlock(&opts->lock); 973 /* RNDIS activates when the host changes this filter */ 974 rndis->port.cdc_filter = 0; 975 976 /* RNDIS has special (and complex) framing */ 977 rndis->port.header_len = sizeof(struct rndis_packet_msg_type); 978 rndis->port.wrap = rndis_add_header; 979 rndis->port.unwrap = rndis_rm_hdr; 980 981 rndis->port.func.name = "rndis"; 982 /* descriptors are per-instance copies */ 983 rndis->port.func.bind = rndis_bind; 984 rndis->port.func.unbind = rndis_unbind; 985 rndis->port.func.set_alt = rndis_set_alt; 986 rndis->port.func.setup = rndis_setup; 987 rndis->port.func.disable = rndis_disable; 988 rndis->port.func.free_func = rndis_free; 989 990 params = rndis_register(rndis_response_available, rndis); 991 if (IS_ERR(params)) { 992 kfree(rndis); 993 return ERR_CAST(params); 994 } 995 rndis->params = params; 996 997 return &rndis->port.func; 998 } 999 1000 DECLARE_USB_FUNCTION_INIT(rndis, rndis_alloc_inst, rndis_alloc); 1001 MODULE_DESCRIPTION("RNDIS link function driver"); 1002 MODULE_LICENSE("GPL"); 1003 MODULE_AUTHOR("David Brownell"); 1004