1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * f_rndis.c -- RNDIS link function driver
4 *
5 * Copyright (C) 2003-2005,2008 David Brownell
6 * Copyright (C) 2003-2004 Robert Schwebel, Benedikt Spranger
7 * Copyright (C) 2008 Nokia Corporation
8 * Copyright (C) 2009 Samsung Electronics
9 * Author: Michal Nazarewicz (mina86@mina86.com)
10 */
11
12 /* #define VERBOSE_DEBUG */
13
14 #include <linux/slab.h>
15 #include <linux/kernel.h>
16 #include <linux/module.h>
17 #include <linux/device.h>
18 #include <linux/etherdevice.h>
19
20 #include <linux/atomic.h>
21
22 #include <linux/usb/gadget.h>
23
24 #include "u_ether.h"
25 #include "u_ether_configfs.h"
26 #include "u_rndis.h"
27 #include "rndis.h"
28 #include "configfs.h"
29
30 /*
31 * This function is an RNDIS Ethernet port -- a Microsoft protocol that's
32 * been promoted instead of the standard CDC Ethernet. The published RNDIS
33 * spec is ambiguous, incomplete, and needlessly complex. Variants such as
34 * ActiveSync have even worse status in terms of specification.
35 *
36 * In short: it's a protocol controlled by (and for) Microsoft, not for an
37 * Open ecosystem or markets. Linux supports it *only* because Microsoft
38 * doesn't support the CDC Ethernet standard.
39 *
40 * The RNDIS data transfer model is complex, with multiple Ethernet packets
41 * per USB message, and out of band data. The control model is built around
42 * what's essentially an "RNDIS RPC" protocol. It's all wrapped in a CDC ACM
43 * (modem, not Ethernet) veneer, with those ACM descriptors being entirely
44 * useless (they're ignored). RNDIS expects to be the only function in its
45 * configuration, so it's no real help if you need composite devices; and
46 * it expects to be the first configuration too.
47 *
48 * There is a single technical advantage of RNDIS over CDC Ethernet, if you
49 * discount the fluff that its RPC can be made to deliver: it doesn't need
50 * a NOP altsetting for the data interface. That lets it work on some of the
51 * "so smart it's stupid" hardware which takes over configuration changes
52 * from the software, and adds restrictions like "no altsettings".
53 *
54 * Unfortunately MSFT's RNDIS drivers are buggy. They hang or oops, and
55 * have all sorts of contrary-to-specification oddities that can prevent
56 * them from working sanely. Since bugfixes (or accurate specs, letting
57 * Linux work around those bugs) are unlikely to ever come from MSFT, you
58 * may want to avoid using RNDIS on purely operational grounds.
59 *
60 * Omissions from the RNDIS 1.0 specification include:
61 *
62 * - Power management ... references data that's scattered around lots
63 * of other documentation, which is incorrect/incomplete there too.
64 *
65 * - There are various undocumented protocol requirements, like the need
66 * to send garbage in some control-OUT messages.
67 *
68 * - MS-Windows drivers sometimes emit undocumented requests.
69 */
70
71 struct f_rndis {
72 struct gether port;
73 u8 ctrl_id, data_id;
74 u8 ethaddr[ETH_ALEN];
75 u32 vendorID;
76 const char *manufacturer;
77 struct rndis_params *params;
78
79 struct usb_ep *notify;
80 struct usb_request *notify_req;
81 atomic_t notify_count;
82 };
83
func_to_rndis(struct usb_function * f)84 static inline struct f_rndis *func_to_rndis(struct usb_function *f)
85 {
86 return container_of(f, struct f_rndis, port.func);
87 }
88
89 /*-------------------------------------------------------------------------*/
90
91 /*
92 */
93
94 #define RNDIS_STATUS_INTERVAL_MS 32
95 #define STATUS_BYTECOUNT 8 /* 8 bytes data */
96
97
98 /* interface descriptor: */
99
100 static struct usb_interface_descriptor rndis_control_intf = {
101 .bLength = sizeof rndis_control_intf,
102 .bDescriptorType = USB_DT_INTERFACE,
103
104 /* .bInterfaceNumber = DYNAMIC */
105 /* status endpoint is optional; this could be patched later */
106 .bNumEndpoints = 1,
107 .bInterfaceClass = USB_CLASS_COMM,
108 .bInterfaceSubClass = USB_CDC_SUBCLASS_ACM,
109 .bInterfaceProtocol = USB_CDC_ACM_PROTO_VENDOR,
110 /* .iInterface = DYNAMIC */
111 };
112
113 static struct usb_cdc_header_desc header_desc = {
114 .bLength = sizeof header_desc,
115 .bDescriptorType = USB_DT_CS_INTERFACE,
116 .bDescriptorSubType = USB_CDC_HEADER_TYPE,
117
118 .bcdCDC = cpu_to_le16(0x0110),
119 };
120
121 static struct usb_cdc_call_mgmt_descriptor call_mgmt_descriptor = {
122 .bLength = sizeof call_mgmt_descriptor,
123 .bDescriptorType = USB_DT_CS_INTERFACE,
124 .bDescriptorSubType = USB_CDC_CALL_MANAGEMENT_TYPE,
125
126 .bmCapabilities = 0x00,
127 .bDataInterface = 0x01,
128 };
129
130 static struct usb_cdc_acm_descriptor rndis_acm_descriptor = {
131 .bLength = sizeof rndis_acm_descriptor,
132 .bDescriptorType = USB_DT_CS_INTERFACE,
133 .bDescriptorSubType = USB_CDC_ACM_TYPE,
134
135 .bmCapabilities = 0x00,
136 };
137
138 static struct usb_cdc_union_desc rndis_union_desc = {
139 .bLength = sizeof(rndis_union_desc),
140 .bDescriptorType = USB_DT_CS_INTERFACE,
141 .bDescriptorSubType = USB_CDC_UNION_TYPE,
142 /* .bMasterInterface0 = DYNAMIC */
143 /* .bSlaveInterface0 = DYNAMIC */
144 };
145
146 /* the data interface has two bulk endpoints */
147
148 static struct usb_interface_descriptor rndis_data_intf = {
149 .bLength = sizeof rndis_data_intf,
150 .bDescriptorType = USB_DT_INTERFACE,
151
152 /* .bInterfaceNumber = DYNAMIC */
153 .bNumEndpoints = 2,
154 .bInterfaceClass = USB_CLASS_CDC_DATA,
155 .bInterfaceSubClass = 0,
156 .bInterfaceProtocol = 0,
157 /* .iInterface = DYNAMIC */
158 };
159
160
161 static struct usb_interface_assoc_descriptor
162 rndis_iad_descriptor = {
163 .bLength = sizeof rndis_iad_descriptor,
164 .bDescriptorType = USB_DT_INTERFACE_ASSOCIATION,
165
166 .bFirstInterface = 0, /* XXX, hardcoded */
167 .bInterfaceCount = 2, // control + data
168 .bFunctionClass = USB_CLASS_COMM,
169 .bFunctionSubClass = USB_CDC_SUBCLASS_ETHERNET,
170 .bFunctionProtocol = USB_CDC_PROTO_NONE,
171 /* .iFunction = DYNAMIC */
172 };
173
174 /* full speed support: */
175
176 static struct usb_endpoint_descriptor fs_notify_desc = {
177 .bLength = USB_DT_ENDPOINT_SIZE,
178 .bDescriptorType = USB_DT_ENDPOINT,
179
180 .bEndpointAddress = USB_DIR_IN,
181 .bmAttributes = USB_ENDPOINT_XFER_INT,
182 .wMaxPacketSize = cpu_to_le16(STATUS_BYTECOUNT),
183 .bInterval = RNDIS_STATUS_INTERVAL_MS,
184 };
185
186 static struct usb_endpoint_descriptor fs_in_desc = {
187 .bLength = USB_DT_ENDPOINT_SIZE,
188 .bDescriptorType = USB_DT_ENDPOINT,
189
190 .bEndpointAddress = USB_DIR_IN,
191 .bmAttributes = USB_ENDPOINT_XFER_BULK,
192 };
193
194 static struct usb_endpoint_descriptor fs_out_desc = {
195 .bLength = USB_DT_ENDPOINT_SIZE,
196 .bDescriptorType = USB_DT_ENDPOINT,
197
198 .bEndpointAddress = USB_DIR_OUT,
199 .bmAttributes = USB_ENDPOINT_XFER_BULK,
200 };
201
202 static struct usb_descriptor_header *eth_fs_function[] = {
203 (struct usb_descriptor_header *) &rndis_iad_descriptor,
204
205 /* control interface matches ACM, not Ethernet */
206 (struct usb_descriptor_header *) &rndis_control_intf,
207 (struct usb_descriptor_header *) &header_desc,
208 (struct usb_descriptor_header *) &call_mgmt_descriptor,
209 (struct usb_descriptor_header *) &rndis_acm_descriptor,
210 (struct usb_descriptor_header *) &rndis_union_desc,
211 (struct usb_descriptor_header *) &fs_notify_desc,
212
213 /* data interface has no altsetting */
214 (struct usb_descriptor_header *) &rndis_data_intf,
215 (struct usb_descriptor_header *) &fs_in_desc,
216 (struct usb_descriptor_header *) &fs_out_desc,
217 NULL,
218 };
219
220 /* high speed support: */
221
222 static struct usb_endpoint_descriptor hs_notify_desc = {
223 .bLength = USB_DT_ENDPOINT_SIZE,
224 .bDescriptorType = USB_DT_ENDPOINT,
225
226 .bEndpointAddress = USB_DIR_IN,
227 .bmAttributes = USB_ENDPOINT_XFER_INT,
228 .wMaxPacketSize = cpu_to_le16(STATUS_BYTECOUNT),
229 .bInterval = USB_MS_TO_HS_INTERVAL(RNDIS_STATUS_INTERVAL_MS)
230 };
231
232 static struct usb_endpoint_descriptor hs_in_desc = {
233 .bLength = USB_DT_ENDPOINT_SIZE,
234 .bDescriptorType = USB_DT_ENDPOINT,
235
236 .bEndpointAddress = USB_DIR_IN,
237 .bmAttributes = USB_ENDPOINT_XFER_BULK,
238 .wMaxPacketSize = cpu_to_le16(512),
239 };
240
241 static struct usb_endpoint_descriptor hs_out_desc = {
242 .bLength = USB_DT_ENDPOINT_SIZE,
243 .bDescriptorType = USB_DT_ENDPOINT,
244
245 .bEndpointAddress = USB_DIR_OUT,
246 .bmAttributes = USB_ENDPOINT_XFER_BULK,
247 .wMaxPacketSize = cpu_to_le16(512),
248 };
249
250 static struct usb_descriptor_header *eth_hs_function[] = {
251 (struct usb_descriptor_header *) &rndis_iad_descriptor,
252
253 /* control interface matches ACM, not Ethernet */
254 (struct usb_descriptor_header *) &rndis_control_intf,
255 (struct usb_descriptor_header *) &header_desc,
256 (struct usb_descriptor_header *) &call_mgmt_descriptor,
257 (struct usb_descriptor_header *) &rndis_acm_descriptor,
258 (struct usb_descriptor_header *) &rndis_union_desc,
259 (struct usb_descriptor_header *) &hs_notify_desc,
260
261 /* data interface has no altsetting */
262 (struct usb_descriptor_header *) &rndis_data_intf,
263 (struct usb_descriptor_header *) &hs_in_desc,
264 (struct usb_descriptor_header *) &hs_out_desc,
265 NULL,
266 };
267
268 /* super speed support: */
269
270 static struct usb_endpoint_descriptor ss_notify_desc = {
271 .bLength = USB_DT_ENDPOINT_SIZE,
272 .bDescriptorType = USB_DT_ENDPOINT,
273
274 .bEndpointAddress = USB_DIR_IN,
275 .bmAttributes = USB_ENDPOINT_XFER_INT,
276 .wMaxPacketSize = cpu_to_le16(STATUS_BYTECOUNT),
277 .bInterval = USB_MS_TO_HS_INTERVAL(RNDIS_STATUS_INTERVAL_MS)
278 };
279
280 static struct usb_ss_ep_comp_descriptor ss_intr_comp_desc = {
281 .bLength = sizeof ss_intr_comp_desc,
282 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
283
284 /* the following 3 values can be tweaked if necessary */
285 /* .bMaxBurst = 0, */
286 /* .bmAttributes = 0, */
287 .wBytesPerInterval = cpu_to_le16(STATUS_BYTECOUNT),
288 };
289
290 static struct usb_endpoint_descriptor ss_in_desc = {
291 .bLength = USB_DT_ENDPOINT_SIZE,
292 .bDescriptorType = USB_DT_ENDPOINT,
293
294 .bEndpointAddress = USB_DIR_IN,
295 .bmAttributes = USB_ENDPOINT_XFER_BULK,
296 .wMaxPacketSize = cpu_to_le16(1024),
297 };
298
299 static struct usb_endpoint_descriptor ss_out_desc = {
300 .bLength = USB_DT_ENDPOINT_SIZE,
301 .bDescriptorType = USB_DT_ENDPOINT,
302
303 .bEndpointAddress = USB_DIR_OUT,
304 .bmAttributes = USB_ENDPOINT_XFER_BULK,
305 .wMaxPacketSize = cpu_to_le16(1024),
306 };
307
308 static struct usb_ss_ep_comp_descriptor ss_bulk_comp_desc = {
309 .bLength = sizeof ss_bulk_comp_desc,
310 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
311
312 /* the following 2 values can be tweaked if necessary */
313 /* .bMaxBurst = 0, */
314 /* .bmAttributes = 0, */
315 };
316
317 static struct usb_descriptor_header *eth_ss_function[] = {
318 (struct usb_descriptor_header *) &rndis_iad_descriptor,
319
320 /* control interface matches ACM, not Ethernet */
321 (struct usb_descriptor_header *) &rndis_control_intf,
322 (struct usb_descriptor_header *) &header_desc,
323 (struct usb_descriptor_header *) &call_mgmt_descriptor,
324 (struct usb_descriptor_header *) &rndis_acm_descriptor,
325 (struct usb_descriptor_header *) &rndis_union_desc,
326 (struct usb_descriptor_header *) &ss_notify_desc,
327 (struct usb_descriptor_header *) &ss_intr_comp_desc,
328
329 /* data interface has no altsetting */
330 (struct usb_descriptor_header *) &rndis_data_intf,
331 (struct usb_descriptor_header *) &ss_in_desc,
332 (struct usb_descriptor_header *) &ss_bulk_comp_desc,
333 (struct usb_descriptor_header *) &ss_out_desc,
334 (struct usb_descriptor_header *) &ss_bulk_comp_desc,
335 NULL,
336 };
337
338 /* string descriptors: */
339
340 static struct usb_string rndis_string_defs[] = {
341 [0].s = "RNDIS Communications Control",
342 [1].s = "RNDIS Ethernet Data",
343 [2].s = "RNDIS",
344 { } /* end of list */
345 };
346
347 static struct usb_gadget_strings rndis_string_table = {
348 .language = 0x0409, /* en-us */
349 .strings = rndis_string_defs,
350 };
351
352 static struct usb_gadget_strings *rndis_strings[] = {
353 &rndis_string_table,
354 NULL,
355 };
356
357 /*-------------------------------------------------------------------------*/
358
rndis_add_header(struct gether * port,struct sk_buff * skb)359 static struct sk_buff *rndis_add_header(struct gether *port,
360 struct sk_buff *skb)
361 {
362 struct sk_buff *skb2;
363
364 if (!skb)
365 return NULL;
366
367 skb2 = skb_realloc_headroom(skb, sizeof(struct rndis_packet_msg_type));
368 rndis_add_hdr(skb2);
369
370 dev_kfree_skb(skb);
371 return skb2;
372 }
373
rndis_response_available(void * _rndis)374 static void rndis_response_available(void *_rndis)
375 {
376 struct f_rndis *rndis = _rndis;
377 struct usb_request *req = rndis->notify_req;
378 struct usb_composite_dev *cdev = rndis->port.func.config->cdev;
379 __le32 *data = req->buf;
380 int status;
381
382 if (atomic_inc_return(&rndis->notify_count) != 1)
383 return;
384
385 /* Send RNDIS RESPONSE_AVAILABLE notification; a
386 * USB_CDC_NOTIFY_RESPONSE_AVAILABLE "should" work too
387 *
388 * This is the only notification defined by RNDIS.
389 */
390 data[0] = cpu_to_le32(1);
391 data[1] = cpu_to_le32(0);
392
393 status = usb_ep_queue(rndis->notify, req, GFP_ATOMIC);
394 if (status) {
395 atomic_dec(&rndis->notify_count);
396 DBG(cdev, "notify/0 --> %d\n", status);
397 }
398 }
399
rndis_response_complete(struct usb_ep * ep,struct usb_request * req)400 static void rndis_response_complete(struct usb_ep *ep, struct usb_request *req)
401 {
402 struct f_rndis *rndis = req->context;
403 struct usb_composite_dev *cdev = rndis->port.func.config->cdev;
404 int status = req->status;
405
406 /* after TX:
407 * - USB_CDC_GET_ENCAPSULATED_RESPONSE (ep0/control)
408 * - RNDIS_RESPONSE_AVAILABLE (status/irq)
409 */
410 switch (status) {
411 case -ECONNRESET:
412 case -ESHUTDOWN:
413 /* connection gone */
414 atomic_set(&rndis->notify_count, 0);
415 break;
416 default:
417 DBG(cdev, "RNDIS %s response error %d, %d/%d\n",
418 ep->name, status,
419 req->actual, req->length);
420 fallthrough;
421 case 0:
422 if (ep != rndis->notify)
423 break;
424
425 /* handle multiple pending RNDIS_RESPONSE_AVAILABLE
426 * notifications by resending until we're done
427 */
428 if (atomic_dec_and_test(&rndis->notify_count))
429 break;
430 status = usb_ep_queue(rndis->notify, req, GFP_ATOMIC);
431 if (status) {
432 atomic_dec(&rndis->notify_count);
433 DBG(cdev, "notify/1 --> %d\n", status);
434 }
435 break;
436 }
437 }
438
rndis_command_complete(struct usb_ep * ep,struct usb_request * req)439 static void rndis_command_complete(struct usb_ep *ep, struct usb_request *req)
440 {
441 struct f_rndis *rndis = req->context;
442 int status;
443
444 /* received RNDIS command from USB_CDC_SEND_ENCAPSULATED_COMMAND */
445 // spin_lock(&dev->lock);
446 status = rndis_msg_parser(rndis->params, (u8 *) req->buf);
447 if (status < 0)
448 pr_err("RNDIS command error %d, %d/%d\n",
449 status, req->actual, req->length);
450 // spin_unlock(&dev->lock);
451 }
452
453 static int
rndis_setup(struct usb_function * f,const struct usb_ctrlrequest * ctrl)454 rndis_setup(struct usb_function *f, const struct usb_ctrlrequest *ctrl)
455 {
456 struct f_rndis *rndis = func_to_rndis(f);
457 struct usb_composite_dev *cdev = f->config->cdev;
458 struct usb_request *req = cdev->req;
459 int value = -EOPNOTSUPP;
460 u16 w_index = le16_to_cpu(ctrl->wIndex);
461 u16 w_value = le16_to_cpu(ctrl->wValue);
462 u16 w_length = le16_to_cpu(ctrl->wLength);
463
464 /* composite driver infrastructure handles everything except
465 * CDC class messages; interface activation uses set_alt().
466 */
467 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) {
468
469 /* RNDIS uses the CDC command encapsulation mechanism to implement
470 * an RPC scheme, with much getting/setting of attributes by OID.
471 */
472 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8)
473 | USB_CDC_SEND_ENCAPSULATED_COMMAND:
474 if (w_value || w_index != rndis->ctrl_id)
475 goto invalid;
476 /* read the request; process it later */
477 value = w_length;
478 req->complete = rndis_command_complete;
479 req->context = rndis;
480 /* later, rndis_response_available() sends a notification */
481 break;
482
483 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8)
484 | USB_CDC_GET_ENCAPSULATED_RESPONSE:
485 if (w_value || w_index != rndis->ctrl_id)
486 goto invalid;
487 else {
488 u8 *buf;
489 u32 n;
490
491 /* return the result */
492 buf = rndis_get_next_response(rndis->params, &n);
493 if (buf) {
494 memcpy(req->buf, buf, n);
495 req->complete = rndis_response_complete;
496 req->context = rndis;
497 rndis_free_response(rndis->params, buf);
498 value = n;
499 }
500 /* else stalls ... spec says to avoid that */
501 }
502 break;
503
504 default:
505 invalid:
506 VDBG(cdev, "invalid control req%02x.%02x v%04x i%04x l%d\n",
507 ctrl->bRequestType, ctrl->bRequest,
508 w_value, w_index, w_length);
509 }
510
511 /* respond with data transfer or status phase? */
512 if (value >= 0) {
513 DBG(cdev, "rndis req%02x.%02x v%04x i%04x l%d\n",
514 ctrl->bRequestType, ctrl->bRequest,
515 w_value, w_index, w_length);
516 req->zero = (value < w_length);
517 req->length = value;
518 value = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC);
519 if (value < 0)
520 ERROR(cdev, "rndis response on err %d\n", value);
521 }
522
523 /* device either stalls (value < 0) or reports success */
524 return value;
525 }
526
527
rndis_set_alt(struct usb_function * f,unsigned intf,unsigned alt)528 static int rndis_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
529 {
530 struct f_rndis *rndis = func_to_rndis(f);
531 struct usb_composite_dev *cdev = f->config->cdev;
532
533 /* we know alt == 0 */
534
535 if (intf == rndis->ctrl_id) {
536 VDBG(cdev, "reset rndis control %d\n", intf);
537 usb_ep_disable(rndis->notify);
538
539 if (!rndis->notify->desc) {
540 VDBG(cdev, "init rndis ctrl %d\n", intf);
541 if (config_ep_by_speed(cdev->gadget, f, rndis->notify))
542 goto fail;
543 }
544 usb_ep_enable(rndis->notify);
545
546 } else if (intf == rndis->data_id) {
547 struct net_device *net;
548
549 if (rndis->port.in_ep->enabled) {
550 DBG(cdev, "reset rndis\n");
551 gether_disconnect(&rndis->port);
552 }
553
554 if (!rndis->port.in_ep->desc || !rndis->port.out_ep->desc) {
555 DBG(cdev, "init rndis\n");
556 if (config_ep_by_speed(cdev->gadget, f,
557 rndis->port.in_ep) ||
558 config_ep_by_speed(cdev->gadget, f,
559 rndis->port.out_ep)) {
560 rndis->port.in_ep->desc = NULL;
561 rndis->port.out_ep->desc = NULL;
562 goto fail;
563 }
564 }
565
566 /* Avoid ZLPs; they can be troublesome. */
567 rndis->port.is_zlp_ok = false;
568
569 /* RNDIS should be in the "RNDIS uninitialized" state,
570 * either never activated or after rndis_uninit().
571 *
572 * We don't want data to flow here until a nonzero packet
573 * filter is set, at which point it enters "RNDIS data
574 * initialized" state ... but we do want the endpoints
575 * to be activated. It's a strange little state.
576 *
577 * REVISIT the RNDIS gadget code has done this wrong for a
578 * very long time. We need another call to the link layer
579 * code -- gether_updown(...bool) maybe -- to do it right.
580 */
581 rndis->port.cdc_filter = 0;
582
583 DBG(cdev, "RNDIS RX/TX early activation ... \n");
584 net = gether_connect(&rndis->port);
585 if (IS_ERR(net))
586 return PTR_ERR(net);
587
588 rndis_set_param_dev(rndis->params, net,
589 &rndis->port.cdc_filter);
590 } else
591 goto fail;
592
593 return 0;
594 fail:
595 return -EINVAL;
596 }
597
rndis_disable(struct usb_function * f)598 static void rndis_disable(struct usb_function *f)
599 {
600 struct f_rndis *rndis = func_to_rndis(f);
601 struct usb_composite_dev *cdev = f->config->cdev;
602
603 if (!rndis->notify->enabled)
604 return;
605
606 DBG(cdev, "rndis deactivated\n");
607
608 rndis_uninit(rndis->params);
609 gether_disconnect(&rndis->port);
610
611 usb_ep_disable(rndis->notify);
612 rndis->notify->desc = NULL;
613 }
614
615 /*-------------------------------------------------------------------------*/
616
617 /*
618 * This isn't quite the same mechanism as CDC Ethernet, since the
619 * notification scheme passes less data, but the same set of link
620 * states must be tested. A key difference is that altsettings are
621 * not used to tell whether the link should send packets or not.
622 */
623
rndis_open(struct gether * geth)624 static void rndis_open(struct gether *geth)
625 {
626 struct f_rndis *rndis = func_to_rndis(&geth->func);
627 struct usb_composite_dev *cdev = geth->func.config->cdev;
628
629 DBG(cdev, "%s\n", __func__);
630
631 rndis_set_param_medium(rndis->params, RNDIS_MEDIUM_802_3,
632 gether_bitrate(cdev->gadget) / 100);
633 rndis_signal_connect(rndis->params);
634 }
635
rndis_close(struct gether * geth)636 static void rndis_close(struct gether *geth)
637 {
638 struct f_rndis *rndis = func_to_rndis(&geth->func);
639
640 DBG(geth->func.config->cdev, "%s\n", __func__);
641
642 rndis_set_param_medium(rndis->params, RNDIS_MEDIUM_802_3, 0);
643 rndis_signal_disconnect(rndis->params);
644 }
645
646 /*-------------------------------------------------------------------------*/
647
648 /* Some controllers can't support RNDIS ... */
can_support_rndis(struct usb_configuration * c)649 static inline bool can_support_rndis(struct usb_configuration *c)
650 {
651 /* everything else is *presumably* fine */
652 return true;
653 }
654
655 /* ethernet function driver setup/binding */
656
657 static int
rndis_bind(struct usb_configuration * c,struct usb_function * f)658 rndis_bind(struct usb_configuration *c, struct usb_function *f)
659 {
660 struct usb_composite_dev *cdev = c->cdev;
661 struct f_rndis *rndis = func_to_rndis(f);
662 struct usb_string *us;
663 int status;
664 struct usb_ep *ep;
665
666 struct f_rndis_opts *rndis_opts;
667 struct usb_os_desc_table *os_desc_table __free(kfree) = NULL;
668 struct usb_request *request __free(free_usb_request) = NULL;
669
670 if (!can_support_rndis(c))
671 return -EINVAL;
672
673 rndis_opts = container_of(f->fi, struct f_rndis_opts, func_inst);
674
675 if (cdev->use_os_string) {
676 os_desc_table = kzalloc_obj(*os_desc_table);
677 if (!os_desc_table)
678 return -ENOMEM;
679 }
680
681 rndis_iad_descriptor.bFunctionClass = rndis_opts->class;
682 rndis_iad_descriptor.bFunctionSubClass = rndis_opts->subclass;
683 rndis_iad_descriptor.bFunctionProtocol = rndis_opts->protocol;
684
685 /*
686 * in drivers/usb/gadget/configfs.c:configfs_composite_bind()
687 * configurations are bound in sequence with list_for_each_entry,
688 * in each configuration its functions are bound in sequence
689 * with list_for_each_entry, so we assume no race condition
690 * with regard to rndis_opts->bound access
691 */
692 if (!rndis_opts->bound) {
693 gether_set_gadget(rndis_opts->net, cdev->gadget);
694 status = gether_register_netdev(rndis_opts->net);
695 if (status)
696 return status;
697 rndis_opts->bound = true;
698 }
699
700 us = usb_gstrings_attach(cdev, rndis_strings,
701 ARRAY_SIZE(rndis_string_defs));
702 if (IS_ERR(us))
703 return PTR_ERR(us);
704 rndis_control_intf.iInterface = us[0].id;
705 rndis_data_intf.iInterface = us[1].id;
706 rndis_iad_descriptor.iFunction = us[2].id;
707
708 /* allocate instance-specific interface IDs */
709 status = usb_interface_id(c, f);
710 if (status < 0)
711 return status;
712 rndis->ctrl_id = status;
713 rndis_iad_descriptor.bFirstInterface = status;
714
715 rndis_control_intf.bInterfaceNumber = status;
716 rndis_union_desc.bMasterInterface0 = status;
717
718 status = usb_interface_id(c, f);
719 if (status < 0)
720 return status;
721 rndis->data_id = status;
722
723 rndis_data_intf.bInterfaceNumber = status;
724 rndis_union_desc.bSlaveInterface0 = status;
725
726 /* allocate instance-specific endpoints */
727 ep = usb_ep_autoconfig(cdev->gadget, &fs_in_desc);
728 if (!ep)
729 return -ENODEV;
730 rndis->port.in_ep = ep;
731
732 ep = usb_ep_autoconfig(cdev->gadget, &fs_out_desc);
733 if (!ep)
734 return -ENODEV;
735 rndis->port.out_ep = ep;
736
737 /* NOTE: a status/notification endpoint is, strictly speaking,
738 * optional. We don't treat it that way though! It's simpler,
739 * and some newer profiles don't treat it as optional.
740 */
741 ep = usb_ep_autoconfig(cdev->gadget, &fs_notify_desc);
742 if (!ep)
743 return -ENODEV;
744 rndis->notify = ep;
745
746 /* allocate notification request and buffer */
747 request = usb_ep_alloc_request(ep, GFP_KERNEL);
748 if (!request)
749 return -ENOMEM;
750 request->buf = kmalloc(STATUS_BYTECOUNT, GFP_KERNEL);
751 if (!request->buf)
752 return -ENOMEM;
753 request->length = STATUS_BYTECOUNT;
754 request->context = rndis;
755 request->complete = rndis_response_complete;
756
757 /* support all relevant hardware speeds... we expect that when
758 * hardware is dual speed, all bulk-capable endpoints work at
759 * both speeds
760 */
761 hs_in_desc.bEndpointAddress = fs_in_desc.bEndpointAddress;
762 hs_out_desc.bEndpointAddress = fs_out_desc.bEndpointAddress;
763 hs_notify_desc.bEndpointAddress = fs_notify_desc.bEndpointAddress;
764
765 ss_in_desc.bEndpointAddress = fs_in_desc.bEndpointAddress;
766 ss_out_desc.bEndpointAddress = fs_out_desc.bEndpointAddress;
767 ss_notify_desc.bEndpointAddress = fs_notify_desc.bEndpointAddress;
768
769 status = usb_assign_descriptors(f, eth_fs_function, eth_hs_function,
770 eth_ss_function, eth_ss_function);
771 if (status)
772 return status;
773
774 rndis->port.open = rndis_open;
775 rndis->port.close = rndis_close;
776
777 rndis_set_param_medium(rndis->params, RNDIS_MEDIUM_802_3, 0);
778 rndis_set_host_mac(rndis->params, rndis->ethaddr);
779
780 if (rndis->manufacturer && rndis->vendorID &&
781 rndis_set_param_vendor(rndis->params, rndis->vendorID,
782 rndis->manufacturer)) {
783 usb_free_all_descriptors(f);
784 return -EINVAL;
785 }
786
787 if (cdev->use_os_string) {
788 os_desc_table[0].os_desc = &rndis_opts->rndis_os_desc;
789 os_desc_table[0].if_id = rndis_iad_descriptor.bFirstInterface;
790 f->os_desc_table = no_free_ptr(os_desc_table);
791 f->os_desc_n = 1;
792
793 }
794 rndis->notify_req = no_free_ptr(request);
795
796 /* NOTE: all that is done without knowing or caring about
797 * the network link ... which is unavailable to this code
798 * until we're activated via set_alt().
799 */
800
801 DBG(cdev, "RNDIS: IN/%s OUT/%s NOTIFY/%s\n",
802 rndis->port.in_ep->name, rndis->port.out_ep->name,
803 rndis->notify->name);
804 return 0;
805 }
806
rndis_borrow_net(struct usb_function_instance * f,struct net_device * net)807 void rndis_borrow_net(struct usb_function_instance *f, struct net_device *net)
808 {
809 struct f_rndis_opts *opts;
810
811 opts = container_of(f, struct f_rndis_opts, func_inst);
812 if (opts->bound)
813 gether_cleanup(netdev_priv(opts->net));
814 else
815 free_netdev(opts->net);
816 opts->borrowed_net = opts->bound = true;
817 opts->net = net;
818 }
819 EXPORT_SYMBOL_GPL(rndis_borrow_net);
820
to_f_rndis_opts(struct config_item * item)821 static inline struct f_rndis_opts *to_f_rndis_opts(struct config_item *item)
822 {
823 return container_of(to_config_group(item), struct f_rndis_opts,
824 func_inst.group);
825 }
826
827 /* f_rndis_item_ops */
828 USB_ETHERNET_CONFIGFS_ITEM(rndis);
829
830 /* f_rndis_opts_dev_addr */
831 USB_ETHERNET_CONFIGFS_ITEM_ATTR_DEV_ADDR(rndis);
832
833 /* f_rndis_opts_host_addr */
834 USB_ETHERNET_CONFIGFS_ITEM_ATTR_HOST_ADDR(rndis);
835
836 /* f_rndis_opts_qmult */
837 USB_ETHERNET_CONFIGFS_ITEM_ATTR_QMULT(rndis);
838
839 /* f_rndis_opts_ifname */
840 USB_ETHERNET_CONFIGFS_ITEM_ATTR_IFNAME(rndis);
841
842 /* f_rndis_opts_class */
843 USB_ETHER_CONFIGFS_ITEM_ATTR_U8_RW(rndis, class);
844
845 /* f_rndis_opts_subclass */
846 USB_ETHER_CONFIGFS_ITEM_ATTR_U8_RW(rndis, subclass);
847
848 /* f_rndis_opts_protocol */
849 USB_ETHER_CONFIGFS_ITEM_ATTR_U8_RW(rndis, protocol);
850
851 static struct configfs_attribute *rndis_attrs[] = {
852 &rndis_opts_attr_dev_addr,
853 &rndis_opts_attr_host_addr,
854 &rndis_opts_attr_qmult,
855 &rndis_opts_attr_ifname,
856 &rndis_opts_attr_class,
857 &rndis_opts_attr_subclass,
858 &rndis_opts_attr_protocol,
859 NULL,
860 };
861
862 static const struct config_item_type rndis_func_type = {
863 .ct_item_ops = &rndis_item_ops,
864 .ct_attrs = rndis_attrs,
865 .ct_owner = THIS_MODULE,
866 };
867
rndis_free_inst(struct usb_function_instance * f)868 static void rndis_free_inst(struct usb_function_instance *f)
869 {
870 struct f_rndis_opts *opts;
871
872 opts = container_of(f, struct f_rndis_opts, func_inst);
873 if (!opts->borrowed_net) {
874 if (opts->bound)
875 gether_cleanup(netdev_priv(opts->net));
876 else
877 free_netdev(opts->net);
878 }
879
880 kfree(opts->rndis_interf_group); /* single VLA chunk */
881 kfree(opts);
882 }
883
rndis_alloc_inst(void)884 static struct usb_function_instance *rndis_alloc_inst(void)
885 {
886 struct f_rndis_opts *opts;
887 struct usb_os_desc *descs[1];
888 char *names[1];
889 struct config_group *rndis_interf_group;
890
891 opts = kzalloc_obj(*opts);
892 if (!opts)
893 return ERR_PTR(-ENOMEM);
894 opts->rndis_os_desc.ext_compat_id = opts->rndis_ext_compat_id;
895
896 mutex_init(&opts->lock);
897 opts->func_inst.free_func_inst = rndis_free_inst;
898 opts->net = gether_setup_default();
899 if (IS_ERR(opts->net)) {
900 struct net_device *net = opts->net;
901 kfree(opts);
902 return ERR_CAST(net);
903 }
904 INIT_LIST_HEAD(&opts->rndis_os_desc.ext_prop);
905
906 opts->class = rndis_iad_descriptor.bFunctionClass;
907 opts->subclass = rndis_iad_descriptor.bFunctionSubClass;
908 opts->protocol = rndis_iad_descriptor.bFunctionProtocol;
909
910 descs[0] = &opts->rndis_os_desc;
911 names[0] = "rndis";
912 config_group_init_type_name(&opts->func_inst.group, "",
913 &rndis_func_type);
914 rndis_interf_group =
915 usb_os_desc_prepare_interf_dir(&opts->func_inst.group, 1, descs,
916 names, THIS_MODULE);
917 if (IS_ERR(rndis_interf_group)) {
918 rndis_free_inst(&opts->func_inst);
919 return ERR_CAST(rndis_interf_group);
920 }
921 opts->rndis_interf_group = rndis_interf_group;
922
923 return &opts->func_inst;
924 }
925
rndis_free(struct usb_function * f)926 static void rndis_free(struct usb_function *f)
927 {
928 struct f_rndis *rndis;
929 struct f_rndis_opts *opts;
930
931 rndis = func_to_rndis(f);
932 rndis_deregister(rndis->params);
933 opts = container_of(f->fi, struct f_rndis_opts, func_inst);
934 kfree(rndis);
935 mutex_lock(&opts->lock);
936 opts->refcnt--;
937 mutex_unlock(&opts->lock);
938 }
939
rndis_unbind(struct usb_configuration * c,struct usb_function * f)940 static void rndis_unbind(struct usb_configuration *c, struct usb_function *f)
941 {
942 struct f_rndis *rndis = func_to_rndis(f);
943
944 kfree(f->os_desc_table);
945 f->os_desc_n = 0;
946 usb_free_all_descriptors(f);
947
948 kfree(rndis->notify_req->buf);
949 usb_ep_free_request(rndis->notify, rndis->notify_req);
950 }
951
rndis_alloc(struct usb_function_instance * fi)952 static struct usb_function *rndis_alloc(struct usb_function_instance *fi)
953 {
954 struct f_rndis *rndis;
955 struct f_rndis_opts *opts;
956 struct rndis_params *params;
957
958 /* allocate and initialize one new instance */
959 rndis = kzalloc_obj(*rndis);
960 if (!rndis)
961 return ERR_PTR(-ENOMEM);
962
963 opts = container_of(fi, struct f_rndis_opts, func_inst);
964 mutex_lock(&opts->lock);
965 opts->refcnt++;
966
967 gether_get_host_addr_u8(opts->net, rndis->ethaddr);
968 rndis->vendorID = opts->vendor_id;
969 rndis->manufacturer = opts->manufacturer;
970
971 rndis->port.ioport = netdev_priv(opts->net);
972 mutex_unlock(&opts->lock);
973 /* RNDIS activates when the host changes this filter */
974 rndis->port.cdc_filter = 0;
975
976 /* RNDIS has special (and complex) framing */
977 rndis->port.header_len = sizeof(struct rndis_packet_msg_type);
978 rndis->port.wrap = rndis_add_header;
979 rndis->port.unwrap = rndis_rm_hdr;
980
981 rndis->port.func.name = "rndis";
982 /* descriptors are per-instance copies */
983 rndis->port.func.bind = rndis_bind;
984 rndis->port.func.unbind = rndis_unbind;
985 rndis->port.func.set_alt = rndis_set_alt;
986 rndis->port.func.setup = rndis_setup;
987 rndis->port.func.disable = rndis_disable;
988 rndis->port.func.free_func = rndis_free;
989
990 params = rndis_register(rndis_response_available, rndis);
991 if (IS_ERR(params)) {
992 kfree(rndis);
993 return ERR_CAST(params);
994 }
995 rndis->params = params;
996
997 return &rndis->port.func;
998 }
999
1000 DECLARE_USB_FUNCTION_INIT(rndis, rndis_alloc_inst, rndis_alloc);
1001 MODULE_DESCRIPTION("RNDIS link function driver");
1002 MODULE_LICENSE("GPL");
1003 MODULE_AUTHOR("David Brownell");
1004