1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * f_rndis.c -- RNDIS link function driver 4 * 5 * Copyright (C) 2003-2005,2008 David Brownell 6 * Copyright (C) 2003-2004 Robert Schwebel, Benedikt Spranger 7 * Copyright (C) 2008 Nokia Corporation 8 * Copyright (C) 2009 Samsung Electronics 9 * Author: Michal Nazarewicz (mina86@mina86.com) 10 */ 11 12 /* #define VERBOSE_DEBUG */ 13 14 #include <linux/slab.h> 15 #include <linux/kernel.h> 16 #include <linux/module.h> 17 #include <linux/device.h> 18 #include <linux/etherdevice.h> 19 20 #include <linux/atomic.h> 21 22 #include "u_ether.h" 23 #include "u_ether_configfs.h" 24 #include "u_rndis.h" 25 #include "rndis.h" 26 #include "configfs.h" 27 28 /* 29 * This function is an RNDIS Ethernet port -- a Microsoft protocol that's 30 * been promoted instead of the standard CDC Ethernet. The published RNDIS 31 * spec is ambiguous, incomplete, and needlessly complex. Variants such as 32 * ActiveSync have even worse status in terms of specification. 33 * 34 * In short: it's a protocol controlled by (and for) Microsoft, not for an 35 * Open ecosystem or markets. Linux supports it *only* because Microsoft 36 * doesn't support the CDC Ethernet standard. 37 * 38 * The RNDIS data transfer model is complex, with multiple Ethernet packets 39 * per USB message, and out of band data. The control model is built around 40 * what's essentially an "RNDIS RPC" protocol. It's all wrapped in a CDC ACM 41 * (modem, not Ethernet) veneer, with those ACM descriptors being entirely 42 * useless (they're ignored). RNDIS expects to be the only function in its 43 * configuration, so it's no real help if you need composite devices; and 44 * it expects to be the first configuration too. 45 * 46 * There is a single technical advantage of RNDIS over CDC Ethernet, if you 47 * discount the fluff that its RPC can be made to deliver: it doesn't need 48 * a NOP altsetting for the data interface. That lets it work on some of the 49 * "so smart it's stupid" hardware which takes over configuration changes 50 * from the software, and adds restrictions like "no altsettings". 51 * 52 * Unfortunately MSFT's RNDIS drivers are buggy. They hang or oops, and 53 * have all sorts of contrary-to-specification oddities that can prevent 54 * them from working sanely. Since bugfixes (or accurate specs, letting 55 * Linux work around those bugs) are unlikely to ever come from MSFT, you 56 * may want to avoid using RNDIS on purely operational grounds. 57 * 58 * Omissions from the RNDIS 1.0 specification include: 59 * 60 * - Power management ... references data that's scattered around lots 61 * of other documentation, which is incorrect/incomplete there too. 62 * 63 * - There are various undocumented protocol requirements, like the need 64 * to send garbage in some control-OUT messages. 65 * 66 * - MS-Windows drivers sometimes emit undocumented requests. 67 */ 68 69 struct f_rndis { 70 struct gether port; 71 u8 ctrl_id, data_id; 72 u8 ethaddr[ETH_ALEN]; 73 u32 vendorID; 74 const char *manufacturer; 75 struct rndis_params *params; 76 77 struct usb_ep *notify; 78 struct usb_request *notify_req; 79 atomic_t notify_count; 80 }; 81 82 static inline struct f_rndis *func_to_rndis(struct usb_function *f) 83 { 84 return container_of(f, struct f_rndis, port.func); 85 } 86 87 /*-------------------------------------------------------------------------*/ 88 89 /* 90 */ 91 92 #define RNDIS_STATUS_INTERVAL_MS 32 93 #define STATUS_BYTECOUNT 8 /* 8 bytes data */ 94 95 96 /* interface descriptor: */ 97 98 static struct usb_interface_descriptor rndis_control_intf = { 99 .bLength = sizeof rndis_control_intf, 100 .bDescriptorType = USB_DT_INTERFACE, 101 102 /* .bInterfaceNumber = DYNAMIC */ 103 /* status endpoint is optional; this could be patched later */ 104 .bNumEndpoints = 1, 105 .bInterfaceClass = USB_CLASS_COMM, 106 .bInterfaceSubClass = USB_CDC_SUBCLASS_ACM, 107 .bInterfaceProtocol = USB_CDC_ACM_PROTO_VENDOR, 108 /* .iInterface = DYNAMIC */ 109 }; 110 111 static struct usb_cdc_header_desc header_desc = { 112 .bLength = sizeof header_desc, 113 .bDescriptorType = USB_DT_CS_INTERFACE, 114 .bDescriptorSubType = USB_CDC_HEADER_TYPE, 115 116 .bcdCDC = cpu_to_le16(0x0110), 117 }; 118 119 static struct usb_cdc_call_mgmt_descriptor call_mgmt_descriptor = { 120 .bLength = sizeof call_mgmt_descriptor, 121 .bDescriptorType = USB_DT_CS_INTERFACE, 122 .bDescriptorSubType = USB_CDC_CALL_MANAGEMENT_TYPE, 123 124 .bmCapabilities = 0x00, 125 .bDataInterface = 0x01, 126 }; 127 128 static struct usb_cdc_acm_descriptor rndis_acm_descriptor = { 129 .bLength = sizeof rndis_acm_descriptor, 130 .bDescriptorType = USB_DT_CS_INTERFACE, 131 .bDescriptorSubType = USB_CDC_ACM_TYPE, 132 133 .bmCapabilities = 0x00, 134 }; 135 136 static struct usb_cdc_union_desc rndis_union_desc = { 137 .bLength = sizeof(rndis_union_desc), 138 .bDescriptorType = USB_DT_CS_INTERFACE, 139 .bDescriptorSubType = USB_CDC_UNION_TYPE, 140 /* .bMasterInterface0 = DYNAMIC */ 141 /* .bSlaveInterface0 = DYNAMIC */ 142 }; 143 144 /* the data interface has two bulk endpoints */ 145 146 static struct usb_interface_descriptor rndis_data_intf = { 147 .bLength = sizeof rndis_data_intf, 148 .bDescriptorType = USB_DT_INTERFACE, 149 150 /* .bInterfaceNumber = DYNAMIC */ 151 .bNumEndpoints = 2, 152 .bInterfaceClass = USB_CLASS_CDC_DATA, 153 .bInterfaceSubClass = 0, 154 .bInterfaceProtocol = 0, 155 /* .iInterface = DYNAMIC */ 156 }; 157 158 159 static struct usb_interface_assoc_descriptor 160 rndis_iad_descriptor = { 161 .bLength = sizeof rndis_iad_descriptor, 162 .bDescriptorType = USB_DT_INTERFACE_ASSOCIATION, 163 164 .bFirstInterface = 0, /* XXX, hardcoded */ 165 .bInterfaceCount = 2, // control + data 166 .bFunctionClass = USB_CLASS_COMM, 167 .bFunctionSubClass = USB_CDC_SUBCLASS_ETHERNET, 168 .bFunctionProtocol = USB_CDC_PROTO_NONE, 169 /* .iFunction = DYNAMIC */ 170 }; 171 172 /* full speed support: */ 173 174 static struct usb_endpoint_descriptor fs_notify_desc = { 175 .bLength = USB_DT_ENDPOINT_SIZE, 176 .bDescriptorType = USB_DT_ENDPOINT, 177 178 .bEndpointAddress = USB_DIR_IN, 179 .bmAttributes = USB_ENDPOINT_XFER_INT, 180 .wMaxPacketSize = cpu_to_le16(STATUS_BYTECOUNT), 181 .bInterval = RNDIS_STATUS_INTERVAL_MS, 182 }; 183 184 static struct usb_endpoint_descriptor fs_in_desc = { 185 .bLength = USB_DT_ENDPOINT_SIZE, 186 .bDescriptorType = USB_DT_ENDPOINT, 187 188 .bEndpointAddress = USB_DIR_IN, 189 .bmAttributes = USB_ENDPOINT_XFER_BULK, 190 }; 191 192 static struct usb_endpoint_descriptor fs_out_desc = { 193 .bLength = USB_DT_ENDPOINT_SIZE, 194 .bDescriptorType = USB_DT_ENDPOINT, 195 196 .bEndpointAddress = USB_DIR_OUT, 197 .bmAttributes = USB_ENDPOINT_XFER_BULK, 198 }; 199 200 static struct usb_descriptor_header *eth_fs_function[] = { 201 (struct usb_descriptor_header *) &rndis_iad_descriptor, 202 203 /* control interface matches ACM, not Ethernet */ 204 (struct usb_descriptor_header *) &rndis_control_intf, 205 (struct usb_descriptor_header *) &header_desc, 206 (struct usb_descriptor_header *) &call_mgmt_descriptor, 207 (struct usb_descriptor_header *) &rndis_acm_descriptor, 208 (struct usb_descriptor_header *) &rndis_union_desc, 209 (struct usb_descriptor_header *) &fs_notify_desc, 210 211 /* data interface has no altsetting */ 212 (struct usb_descriptor_header *) &rndis_data_intf, 213 (struct usb_descriptor_header *) &fs_in_desc, 214 (struct usb_descriptor_header *) &fs_out_desc, 215 NULL, 216 }; 217 218 /* high speed support: */ 219 220 static struct usb_endpoint_descriptor hs_notify_desc = { 221 .bLength = USB_DT_ENDPOINT_SIZE, 222 .bDescriptorType = USB_DT_ENDPOINT, 223 224 .bEndpointAddress = USB_DIR_IN, 225 .bmAttributes = USB_ENDPOINT_XFER_INT, 226 .wMaxPacketSize = cpu_to_le16(STATUS_BYTECOUNT), 227 .bInterval = USB_MS_TO_HS_INTERVAL(RNDIS_STATUS_INTERVAL_MS) 228 }; 229 230 static struct usb_endpoint_descriptor hs_in_desc = { 231 .bLength = USB_DT_ENDPOINT_SIZE, 232 .bDescriptorType = USB_DT_ENDPOINT, 233 234 .bEndpointAddress = USB_DIR_IN, 235 .bmAttributes = USB_ENDPOINT_XFER_BULK, 236 .wMaxPacketSize = cpu_to_le16(512), 237 }; 238 239 static struct usb_endpoint_descriptor hs_out_desc = { 240 .bLength = USB_DT_ENDPOINT_SIZE, 241 .bDescriptorType = USB_DT_ENDPOINT, 242 243 .bEndpointAddress = USB_DIR_OUT, 244 .bmAttributes = USB_ENDPOINT_XFER_BULK, 245 .wMaxPacketSize = cpu_to_le16(512), 246 }; 247 248 static struct usb_descriptor_header *eth_hs_function[] = { 249 (struct usb_descriptor_header *) &rndis_iad_descriptor, 250 251 /* control interface matches ACM, not Ethernet */ 252 (struct usb_descriptor_header *) &rndis_control_intf, 253 (struct usb_descriptor_header *) &header_desc, 254 (struct usb_descriptor_header *) &call_mgmt_descriptor, 255 (struct usb_descriptor_header *) &rndis_acm_descriptor, 256 (struct usb_descriptor_header *) &rndis_union_desc, 257 (struct usb_descriptor_header *) &hs_notify_desc, 258 259 /* data interface has no altsetting */ 260 (struct usb_descriptor_header *) &rndis_data_intf, 261 (struct usb_descriptor_header *) &hs_in_desc, 262 (struct usb_descriptor_header *) &hs_out_desc, 263 NULL, 264 }; 265 266 /* super speed support: */ 267 268 static struct usb_endpoint_descriptor ss_notify_desc = { 269 .bLength = USB_DT_ENDPOINT_SIZE, 270 .bDescriptorType = USB_DT_ENDPOINT, 271 272 .bEndpointAddress = USB_DIR_IN, 273 .bmAttributes = USB_ENDPOINT_XFER_INT, 274 .wMaxPacketSize = cpu_to_le16(STATUS_BYTECOUNT), 275 .bInterval = USB_MS_TO_HS_INTERVAL(RNDIS_STATUS_INTERVAL_MS) 276 }; 277 278 static struct usb_ss_ep_comp_descriptor ss_intr_comp_desc = { 279 .bLength = sizeof ss_intr_comp_desc, 280 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 281 282 /* the following 3 values can be tweaked if necessary */ 283 /* .bMaxBurst = 0, */ 284 /* .bmAttributes = 0, */ 285 .wBytesPerInterval = cpu_to_le16(STATUS_BYTECOUNT), 286 }; 287 288 static struct usb_endpoint_descriptor ss_in_desc = { 289 .bLength = USB_DT_ENDPOINT_SIZE, 290 .bDescriptorType = USB_DT_ENDPOINT, 291 292 .bEndpointAddress = USB_DIR_IN, 293 .bmAttributes = USB_ENDPOINT_XFER_BULK, 294 .wMaxPacketSize = cpu_to_le16(1024), 295 }; 296 297 static struct usb_endpoint_descriptor ss_out_desc = { 298 .bLength = USB_DT_ENDPOINT_SIZE, 299 .bDescriptorType = USB_DT_ENDPOINT, 300 301 .bEndpointAddress = USB_DIR_OUT, 302 .bmAttributes = USB_ENDPOINT_XFER_BULK, 303 .wMaxPacketSize = cpu_to_le16(1024), 304 }; 305 306 static struct usb_ss_ep_comp_descriptor ss_bulk_comp_desc = { 307 .bLength = sizeof ss_bulk_comp_desc, 308 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 309 310 /* the following 2 values can be tweaked if necessary */ 311 /* .bMaxBurst = 0, */ 312 /* .bmAttributes = 0, */ 313 }; 314 315 static struct usb_descriptor_header *eth_ss_function[] = { 316 (struct usb_descriptor_header *) &rndis_iad_descriptor, 317 318 /* control interface matches ACM, not Ethernet */ 319 (struct usb_descriptor_header *) &rndis_control_intf, 320 (struct usb_descriptor_header *) &header_desc, 321 (struct usb_descriptor_header *) &call_mgmt_descriptor, 322 (struct usb_descriptor_header *) &rndis_acm_descriptor, 323 (struct usb_descriptor_header *) &rndis_union_desc, 324 (struct usb_descriptor_header *) &ss_notify_desc, 325 (struct usb_descriptor_header *) &ss_intr_comp_desc, 326 327 /* data interface has no altsetting */ 328 (struct usb_descriptor_header *) &rndis_data_intf, 329 (struct usb_descriptor_header *) &ss_in_desc, 330 (struct usb_descriptor_header *) &ss_bulk_comp_desc, 331 (struct usb_descriptor_header *) &ss_out_desc, 332 (struct usb_descriptor_header *) &ss_bulk_comp_desc, 333 NULL, 334 }; 335 336 /* string descriptors: */ 337 338 static struct usb_string rndis_string_defs[] = { 339 [0].s = "RNDIS Communications Control", 340 [1].s = "RNDIS Ethernet Data", 341 [2].s = "RNDIS", 342 { } /* end of list */ 343 }; 344 345 static struct usb_gadget_strings rndis_string_table = { 346 .language = 0x0409, /* en-us */ 347 .strings = rndis_string_defs, 348 }; 349 350 static struct usb_gadget_strings *rndis_strings[] = { 351 &rndis_string_table, 352 NULL, 353 }; 354 355 /*-------------------------------------------------------------------------*/ 356 357 static struct sk_buff *rndis_add_header(struct gether *port, 358 struct sk_buff *skb) 359 { 360 struct sk_buff *skb2; 361 362 if (!skb) 363 return NULL; 364 365 skb2 = skb_realloc_headroom(skb, sizeof(struct rndis_packet_msg_type)); 366 rndis_add_hdr(skb2); 367 368 dev_kfree_skb(skb); 369 return skb2; 370 } 371 372 static void rndis_response_available(void *_rndis) 373 { 374 struct f_rndis *rndis = _rndis; 375 struct usb_request *req = rndis->notify_req; 376 struct usb_composite_dev *cdev = rndis->port.func.config->cdev; 377 __le32 *data = req->buf; 378 int status; 379 380 if (atomic_inc_return(&rndis->notify_count) != 1) 381 return; 382 383 /* Send RNDIS RESPONSE_AVAILABLE notification; a 384 * USB_CDC_NOTIFY_RESPONSE_AVAILABLE "should" work too 385 * 386 * This is the only notification defined by RNDIS. 387 */ 388 data[0] = cpu_to_le32(1); 389 data[1] = cpu_to_le32(0); 390 391 status = usb_ep_queue(rndis->notify, req, GFP_ATOMIC); 392 if (status) { 393 atomic_dec(&rndis->notify_count); 394 DBG(cdev, "notify/0 --> %d\n", status); 395 } 396 } 397 398 static void rndis_response_complete(struct usb_ep *ep, struct usb_request *req) 399 { 400 struct f_rndis *rndis = req->context; 401 struct usb_composite_dev *cdev = rndis->port.func.config->cdev; 402 int status = req->status; 403 404 /* after TX: 405 * - USB_CDC_GET_ENCAPSULATED_RESPONSE (ep0/control) 406 * - RNDIS_RESPONSE_AVAILABLE (status/irq) 407 */ 408 switch (status) { 409 case -ECONNRESET: 410 case -ESHUTDOWN: 411 /* connection gone */ 412 atomic_set(&rndis->notify_count, 0); 413 break; 414 default: 415 DBG(cdev, "RNDIS %s response error %d, %d/%d\n", 416 ep->name, status, 417 req->actual, req->length); 418 fallthrough; 419 case 0: 420 if (ep != rndis->notify) 421 break; 422 423 /* handle multiple pending RNDIS_RESPONSE_AVAILABLE 424 * notifications by resending until we're done 425 */ 426 if (atomic_dec_and_test(&rndis->notify_count)) 427 break; 428 status = usb_ep_queue(rndis->notify, req, GFP_ATOMIC); 429 if (status) { 430 atomic_dec(&rndis->notify_count); 431 DBG(cdev, "notify/1 --> %d\n", status); 432 } 433 break; 434 } 435 } 436 437 static void rndis_command_complete(struct usb_ep *ep, struct usb_request *req) 438 { 439 struct f_rndis *rndis = req->context; 440 int status; 441 442 /* received RNDIS command from USB_CDC_SEND_ENCAPSULATED_COMMAND */ 443 // spin_lock(&dev->lock); 444 status = rndis_msg_parser(rndis->params, (u8 *) req->buf); 445 if (status < 0) 446 pr_err("RNDIS command error %d, %d/%d\n", 447 status, req->actual, req->length); 448 // spin_unlock(&dev->lock); 449 } 450 451 static int 452 rndis_setup(struct usb_function *f, const struct usb_ctrlrequest *ctrl) 453 { 454 struct f_rndis *rndis = func_to_rndis(f); 455 struct usb_composite_dev *cdev = f->config->cdev; 456 struct usb_request *req = cdev->req; 457 int value = -EOPNOTSUPP; 458 u16 w_index = le16_to_cpu(ctrl->wIndex); 459 u16 w_value = le16_to_cpu(ctrl->wValue); 460 u16 w_length = le16_to_cpu(ctrl->wLength); 461 462 /* composite driver infrastructure handles everything except 463 * CDC class messages; interface activation uses set_alt(). 464 */ 465 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) { 466 467 /* RNDIS uses the CDC command encapsulation mechanism to implement 468 * an RPC scheme, with much getting/setting of attributes by OID. 469 */ 470 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 471 | USB_CDC_SEND_ENCAPSULATED_COMMAND: 472 if (w_value || w_index != rndis->ctrl_id) 473 goto invalid; 474 /* read the request; process it later */ 475 value = w_length; 476 req->complete = rndis_command_complete; 477 req->context = rndis; 478 /* later, rndis_response_available() sends a notification */ 479 break; 480 481 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 482 | USB_CDC_GET_ENCAPSULATED_RESPONSE: 483 if (w_value || w_index != rndis->ctrl_id) 484 goto invalid; 485 else { 486 u8 *buf; 487 u32 n; 488 489 /* return the result */ 490 buf = rndis_get_next_response(rndis->params, &n); 491 if (buf) { 492 memcpy(req->buf, buf, n); 493 req->complete = rndis_response_complete; 494 req->context = rndis; 495 rndis_free_response(rndis->params, buf); 496 value = n; 497 } 498 /* else stalls ... spec says to avoid that */ 499 } 500 break; 501 502 default: 503 invalid: 504 VDBG(cdev, "invalid control req%02x.%02x v%04x i%04x l%d\n", 505 ctrl->bRequestType, ctrl->bRequest, 506 w_value, w_index, w_length); 507 } 508 509 /* respond with data transfer or status phase? */ 510 if (value >= 0) { 511 DBG(cdev, "rndis req%02x.%02x v%04x i%04x l%d\n", 512 ctrl->bRequestType, ctrl->bRequest, 513 w_value, w_index, w_length); 514 req->zero = (value < w_length); 515 req->length = value; 516 value = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC); 517 if (value < 0) 518 ERROR(cdev, "rndis response on err %d\n", value); 519 } 520 521 /* device either stalls (value < 0) or reports success */ 522 return value; 523 } 524 525 526 static int rndis_set_alt(struct usb_function *f, unsigned intf, unsigned alt) 527 { 528 struct f_rndis *rndis = func_to_rndis(f); 529 struct usb_composite_dev *cdev = f->config->cdev; 530 531 /* we know alt == 0 */ 532 533 if (intf == rndis->ctrl_id) { 534 VDBG(cdev, "reset rndis control %d\n", intf); 535 usb_ep_disable(rndis->notify); 536 537 if (!rndis->notify->desc) { 538 VDBG(cdev, "init rndis ctrl %d\n", intf); 539 if (config_ep_by_speed(cdev->gadget, f, rndis->notify)) 540 goto fail; 541 } 542 usb_ep_enable(rndis->notify); 543 544 } else if (intf == rndis->data_id) { 545 struct net_device *net; 546 547 if (rndis->port.in_ep->enabled) { 548 DBG(cdev, "reset rndis\n"); 549 gether_disconnect(&rndis->port); 550 } 551 552 if (!rndis->port.in_ep->desc || !rndis->port.out_ep->desc) { 553 DBG(cdev, "init rndis\n"); 554 if (config_ep_by_speed(cdev->gadget, f, 555 rndis->port.in_ep) || 556 config_ep_by_speed(cdev->gadget, f, 557 rndis->port.out_ep)) { 558 rndis->port.in_ep->desc = NULL; 559 rndis->port.out_ep->desc = NULL; 560 goto fail; 561 } 562 } 563 564 /* Avoid ZLPs; they can be troublesome. */ 565 rndis->port.is_zlp_ok = false; 566 567 /* RNDIS should be in the "RNDIS uninitialized" state, 568 * either never activated or after rndis_uninit(). 569 * 570 * We don't want data to flow here until a nonzero packet 571 * filter is set, at which point it enters "RNDIS data 572 * initialized" state ... but we do want the endpoints 573 * to be activated. It's a strange little state. 574 * 575 * REVISIT the RNDIS gadget code has done this wrong for a 576 * very long time. We need another call to the link layer 577 * code -- gether_updown(...bool) maybe -- to do it right. 578 */ 579 rndis->port.cdc_filter = 0; 580 581 DBG(cdev, "RNDIS RX/TX early activation ... \n"); 582 net = gether_connect(&rndis->port); 583 if (IS_ERR(net)) 584 return PTR_ERR(net); 585 586 rndis_set_param_dev(rndis->params, net, 587 &rndis->port.cdc_filter); 588 } else 589 goto fail; 590 591 return 0; 592 fail: 593 return -EINVAL; 594 } 595 596 static void rndis_disable(struct usb_function *f) 597 { 598 struct f_rndis *rndis = func_to_rndis(f); 599 struct usb_composite_dev *cdev = f->config->cdev; 600 601 if (!rndis->notify->enabled) 602 return; 603 604 DBG(cdev, "rndis deactivated\n"); 605 606 rndis_uninit(rndis->params); 607 gether_disconnect(&rndis->port); 608 609 usb_ep_disable(rndis->notify); 610 rndis->notify->desc = NULL; 611 } 612 613 /*-------------------------------------------------------------------------*/ 614 615 /* 616 * This isn't quite the same mechanism as CDC Ethernet, since the 617 * notification scheme passes less data, but the same set of link 618 * states must be tested. A key difference is that altsettings are 619 * not used to tell whether the link should send packets or not. 620 */ 621 622 static void rndis_open(struct gether *geth) 623 { 624 struct f_rndis *rndis = func_to_rndis(&geth->func); 625 struct usb_composite_dev *cdev = geth->func.config->cdev; 626 627 DBG(cdev, "%s\n", __func__); 628 629 rndis_set_param_medium(rndis->params, RNDIS_MEDIUM_802_3, 630 gether_bitrate(cdev->gadget) / 100); 631 rndis_signal_connect(rndis->params); 632 } 633 634 static void rndis_close(struct gether *geth) 635 { 636 struct f_rndis *rndis = func_to_rndis(&geth->func); 637 638 DBG(geth->func.config->cdev, "%s\n", __func__); 639 640 rndis_set_param_medium(rndis->params, RNDIS_MEDIUM_802_3, 0); 641 rndis_signal_disconnect(rndis->params); 642 } 643 644 /*-------------------------------------------------------------------------*/ 645 646 /* Some controllers can't support RNDIS ... */ 647 static inline bool can_support_rndis(struct usb_configuration *c) 648 { 649 /* everything else is *presumably* fine */ 650 return true; 651 } 652 653 /* ethernet function driver setup/binding */ 654 655 static int 656 rndis_bind(struct usb_configuration *c, struct usb_function *f) 657 { 658 struct usb_composite_dev *cdev = c->cdev; 659 struct f_rndis *rndis = func_to_rndis(f); 660 struct usb_string *us; 661 int status; 662 struct usb_ep *ep; 663 664 struct f_rndis_opts *rndis_opts; 665 666 if (!can_support_rndis(c)) 667 return -EINVAL; 668 669 rndis_opts = container_of(f->fi, struct f_rndis_opts, func_inst); 670 671 if (cdev->use_os_string) { 672 f->os_desc_table = kzalloc(sizeof(*f->os_desc_table), 673 GFP_KERNEL); 674 if (!f->os_desc_table) 675 return -ENOMEM; 676 f->os_desc_n = 1; 677 f->os_desc_table[0].os_desc = &rndis_opts->rndis_os_desc; 678 } 679 680 rndis_iad_descriptor.bFunctionClass = rndis_opts->class; 681 rndis_iad_descriptor.bFunctionSubClass = rndis_opts->subclass; 682 rndis_iad_descriptor.bFunctionProtocol = rndis_opts->protocol; 683 684 /* 685 * in drivers/usb/gadget/configfs.c:configfs_composite_bind() 686 * configurations are bound in sequence with list_for_each_entry, 687 * in each configuration its functions are bound in sequence 688 * with list_for_each_entry, so we assume no race condition 689 * with regard to rndis_opts->bound access 690 */ 691 if (!rndis_opts->bound) { 692 gether_set_gadget(rndis_opts->net, cdev->gadget); 693 status = gether_register_netdev(rndis_opts->net); 694 if (status) 695 goto fail; 696 rndis_opts->bound = true; 697 } 698 699 us = usb_gstrings_attach(cdev, rndis_strings, 700 ARRAY_SIZE(rndis_string_defs)); 701 if (IS_ERR(us)) { 702 status = PTR_ERR(us); 703 goto fail; 704 } 705 rndis_control_intf.iInterface = us[0].id; 706 rndis_data_intf.iInterface = us[1].id; 707 rndis_iad_descriptor.iFunction = us[2].id; 708 709 /* allocate instance-specific interface IDs */ 710 status = usb_interface_id(c, f); 711 if (status < 0) 712 goto fail; 713 rndis->ctrl_id = status; 714 rndis_iad_descriptor.bFirstInterface = status; 715 716 rndis_control_intf.bInterfaceNumber = status; 717 rndis_union_desc.bMasterInterface0 = status; 718 719 if (cdev->use_os_string) 720 f->os_desc_table[0].if_id = 721 rndis_iad_descriptor.bFirstInterface; 722 723 status = usb_interface_id(c, f); 724 if (status < 0) 725 goto fail; 726 rndis->data_id = status; 727 728 rndis_data_intf.bInterfaceNumber = status; 729 rndis_union_desc.bSlaveInterface0 = status; 730 731 status = -ENODEV; 732 733 /* allocate instance-specific endpoints */ 734 ep = usb_ep_autoconfig(cdev->gadget, &fs_in_desc); 735 if (!ep) 736 goto fail; 737 rndis->port.in_ep = ep; 738 739 ep = usb_ep_autoconfig(cdev->gadget, &fs_out_desc); 740 if (!ep) 741 goto fail; 742 rndis->port.out_ep = ep; 743 744 /* NOTE: a status/notification endpoint is, strictly speaking, 745 * optional. We don't treat it that way though! It's simpler, 746 * and some newer profiles don't treat it as optional. 747 */ 748 ep = usb_ep_autoconfig(cdev->gadget, &fs_notify_desc); 749 if (!ep) 750 goto fail; 751 rndis->notify = ep; 752 753 status = -ENOMEM; 754 755 /* allocate notification request and buffer */ 756 rndis->notify_req = usb_ep_alloc_request(ep, GFP_KERNEL); 757 if (!rndis->notify_req) 758 goto fail; 759 rndis->notify_req->buf = kmalloc(STATUS_BYTECOUNT, GFP_KERNEL); 760 if (!rndis->notify_req->buf) 761 goto fail; 762 rndis->notify_req->length = STATUS_BYTECOUNT; 763 rndis->notify_req->context = rndis; 764 rndis->notify_req->complete = rndis_response_complete; 765 766 /* support all relevant hardware speeds... we expect that when 767 * hardware is dual speed, all bulk-capable endpoints work at 768 * both speeds 769 */ 770 hs_in_desc.bEndpointAddress = fs_in_desc.bEndpointAddress; 771 hs_out_desc.bEndpointAddress = fs_out_desc.bEndpointAddress; 772 hs_notify_desc.bEndpointAddress = fs_notify_desc.bEndpointAddress; 773 774 ss_in_desc.bEndpointAddress = fs_in_desc.bEndpointAddress; 775 ss_out_desc.bEndpointAddress = fs_out_desc.bEndpointAddress; 776 ss_notify_desc.bEndpointAddress = fs_notify_desc.bEndpointAddress; 777 778 status = usb_assign_descriptors(f, eth_fs_function, eth_hs_function, 779 eth_ss_function, eth_ss_function); 780 if (status) 781 goto fail; 782 783 rndis->port.open = rndis_open; 784 rndis->port.close = rndis_close; 785 786 rndis_set_param_medium(rndis->params, RNDIS_MEDIUM_802_3, 0); 787 rndis_set_host_mac(rndis->params, rndis->ethaddr); 788 789 if (rndis->manufacturer && rndis->vendorID && 790 rndis_set_param_vendor(rndis->params, rndis->vendorID, 791 rndis->manufacturer)) { 792 status = -EINVAL; 793 goto fail_free_descs; 794 } 795 796 /* NOTE: all that is done without knowing or caring about 797 * the network link ... which is unavailable to this code 798 * until we're activated via set_alt(). 799 */ 800 801 DBG(cdev, "RNDIS: IN/%s OUT/%s NOTIFY/%s\n", 802 rndis->port.in_ep->name, rndis->port.out_ep->name, 803 rndis->notify->name); 804 return 0; 805 806 fail_free_descs: 807 usb_free_all_descriptors(f); 808 fail: 809 kfree(f->os_desc_table); 810 f->os_desc_n = 0; 811 812 if (rndis->notify_req) { 813 kfree(rndis->notify_req->buf); 814 usb_ep_free_request(rndis->notify, rndis->notify_req); 815 } 816 817 ERROR(cdev, "%s: can't bind, err %d\n", f->name, status); 818 819 return status; 820 } 821 822 void rndis_borrow_net(struct usb_function_instance *f, struct net_device *net) 823 { 824 struct f_rndis_opts *opts; 825 826 opts = container_of(f, struct f_rndis_opts, func_inst); 827 if (opts->bound) 828 gether_cleanup(netdev_priv(opts->net)); 829 else 830 free_netdev(opts->net); 831 opts->borrowed_net = opts->bound = true; 832 opts->net = net; 833 } 834 EXPORT_SYMBOL_GPL(rndis_borrow_net); 835 836 static inline struct f_rndis_opts *to_f_rndis_opts(struct config_item *item) 837 { 838 return container_of(to_config_group(item), struct f_rndis_opts, 839 func_inst.group); 840 } 841 842 /* f_rndis_item_ops */ 843 USB_ETHERNET_CONFIGFS_ITEM(rndis); 844 845 /* f_rndis_opts_dev_addr */ 846 USB_ETHERNET_CONFIGFS_ITEM_ATTR_DEV_ADDR(rndis); 847 848 /* f_rndis_opts_host_addr */ 849 USB_ETHERNET_CONFIGFS_ITEM_ATTR_HOST_ADDR(rndis); 850 851 /* f_rndis_opts_qmult */ 852 USB_ETHERNET_CONFIGFS_ITEM_ATTR_QMULT(rndis); 853 854 /* f_rndis_opts_ifname */ 855 USB_ETHERNET_CONFIGFS_ITEM_ATTR_IFNAME(rndis); 856 857 /* f_rndis_opts_class */ 858 USB_ETHER_CONFIGFS_ITEM_ATTR_U8_RW(rndis, class); 859 860 /* f_rndis_opts_subclass */ 861 USB_ETHER_CONFIGFS_ITEM_ATTR_U8_RW(rndis, subclass); 862 863 /* f_rndis_opts_protocol */ 864 USB_ETHER_CONFIGFS_ITEM_ATTR_U8_RW(rndis, protocol); 865 866 static struct configfs_attribute *rndis_attrs[] = { 867 &rndis_opts_attr_dev_addr, 868 &rndis_opts_attr_host_addr, 869 &rndis_opts_attr_qmult, 870 &rndis_opts_attr_ifname, 871 &rndis_opts_attr_class, 872 &rndis_opts_attr_subclass, 873 &rndis_opts_attr_protocol, 874 NULL, 875 }; 876 877 static const struct config_item_type rndis_func_type = { 878 .ct_item_ops = &rndis_item_ops, 879 .ct_attrs = rndis_attrs, 880 .ct_owner = THIS_MODULE, 881 }; 882 883 static void rndis_free_inst(struct usb_function_instance *f) 884 { 885 struct f_rndis_opts *opts; 886 887 opts = container_of(f, struct f_rndis_opts, func_inst); 888 if (!opts->borrowed_net) { 889 if (opts->bound) 890 gether_cleanup(netdev_priv(opts->net)); 891 else 892 free_netdev(opts->net); 893 } 894 895 kfree(opts->rndis_interf_group); /* single VLA chunk */ 896 kfree(opts); 897 } 898 899 static struct usb_function_instance *rndis_alloc_inst(void) 900 { 901 struct f_rndis_opts *opts; 902 struct usb_os_desc *descs[1]; 903 char *names[1]; 904 struct config_group *rndis_interf_group; 905 906 opts = kzalloc(sizeof(*opts), GFP_KERNEL); 907 if (!opts) 908 return ERR_PTR(-ENOMEM); 909 opts->rndis_os_desc.ext_compat_id = opts->rndis_ext_compat_id; 910 911 mutex_init(&opts->lock); 912 opts->func_inst.free_func_inst = rndis_free_inst; 913 opts->net = gether_setup_default(); 914 if (IS_ERR(opts->net)) { 915 struct net_device *net = opts->net; 916 kfree(opts); 917 return ERR_CAST(net); 918 } 919 INIT_LIST_HEAD(&opts->rndis_os_desc.ext_prop); 920 921 opts->class = rndis_iad_descriptor.bFunctionClass; 922 opts->subclass = rndis_iad_descriptor.bFunctionSubClass; 923 opts->protocol = rndis_iad_descriptor.bFunctionProtocol; 924 925 descs[0] = &opts->rndis_os_desc; 926 names[0] = "rndis"; 927 config_group_init_type_name(&opts->func_inst.group, "", 928 &rndis_func_type); 929 rndis_interf_group = 930 usb_os_desc_prepare_interf_dir(&opts->func_inst.group, 1, descs, 931 names, THIS_MODULE); 932 if (IS_ERR(rndis_interf_group)) { 933 rndis_free_inst(&opts->func_inst); 934 return ERR_CAST(rndis_interf_group); 935 } 936 opts->rndis_interf_group = rndis_interf_group; 937 938 return &opts->func_inst; 939 } 940 941 static void rndis_free(struct usb_function *f) 942 { 943 struct f_rndis *rndis; 944 struct f_rndis_opts *opts; 945 946 rndis = func_to_rndis(f); 947 rndis_deregister(rndis->params); 948 opts = container_of(f->fi, struct f_rndis_opts, func_inst); 949 kfree(rndis); 950 mutex_lock(&opts->lock); 951 opts->refcnt--; 952 mutex_unlock(&opts->lock); 953 } 954 955 static void rndis_unbind(struct usb_configuration *c, struct usb_function *f) 956 { 957 struct f_rndis *rndis = func_to_rndis(f); 958 959 kfree(f->os_desc_table); 960 f->os_desc_n = 0; 961 usb_free_all_descriptors(f); 962 963 kfree(rndis->notify_req->buf); 964 usb_ep_free_request(rndis->notify, rndis->notify_req); 965 } 966 967 static struct usb_function *rndis_alloc(struct usb_function_instance *fi) 968 { 969 struct f_rndis *rndis; 970 struct f_rndis_opts *opts; 971 struct rndis_params *params; 972 973 /* allocate and initialize one new instance */ 974 rndis = kzalloc(sizeof(*rndis), GFP_KERNEL); 975 if (!rndis) 976 return ERR_PTR(-ENOMEM); 977 978 opts = container_of(fi, struct f_rndis_opts, func_inst); 979 mutex_lock(&opts->lock); 980 opts->refcnt++; 981 982 gether_get_host_addr_u8(opts->net, rndis->ethaddr); 983 rndis->vendorID = opts->vendor_id; 984 rndis->manufacturer = opts->manufacturer; 985 986 rndis->port.ioport = netdev_priv(opts->net); 987 mutex_unlock(&opts->lock); 988 /* RNDIS activates when the host changes this filter */ 989 rndis->port.cdc_filter = 0; 990 991 /* RNDIS has special (and complex) framing */ 992 rndis->port.header_len = sizeof(struct rndis_packet_msg_type); 993 rndis->port.wrap = rndis_add_header; 994 rndis->port.unwrap = rndis_rm_hdr; 995 996 rndis->port.func.name = "rndis"; 997 /* descriptors are per-instance copies */ 998 rndis->port.func.bind = rndis_bind; 999 rndis->port.func.unbind = rndis_unbind; 1000 rndis->port.func.set_alt = rndis_set_alt; 1001 rndis->port.func.setup = rndis_setup; 1002 rndis->port.func.disable = rndis_disable; 1003 rndis->port.func.free_func = rndis_free; 1004 1005 params = rndis_register(rndis_response_available, rndis); 1006 if (IS_ERR(params)) { 1007 kfree(rndis); 1008 return ERR_CAST(params); 1009 } 1010 rndis->params = params; 1011 1012 return &rndis->port.func; 1013 } 1014 1015 DECLARE_USB_FUNCTION_INIT(rndis, rndis_alloc_inst, rndis_alloc); 1016 MODULE_LICENSE("GPL"); 1017 MODULE_AUTHOR("David Brownell"); 1018