1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * f_rndis.c -- RNDIS link function driver
4 *
5 * Copyright (C) 2003-2005,2008 David Brownell
6 * Copyright (C) 2003-2004 Robert Schwebel, Benedikt Spranger
7 * Copyright (C) 2008 Nokia Corporation
8 * Copyright (C) 2009 Samsung Electronics
9 * Author: Michal Nazarewicz (mina86@mina86.com)
10 */
11
12 /* #define VERBOSE_DEBUG */
13
14 #include <linux/slab.h>
15 #include <linux/kernel.h>
16 #include <linux/module.h>
17 #include <linux/device.h>
18 #include <linux/etherdevice.h>
19
20 #include <linux/atomic.h>
21
22 #include "u_ether.h"
23 #include "u_ether_configfs.h"
24 #include "u_rndis.h"
25 #include "rndis.h"
26 #include "configfs.h"
27
28 /*
29 * This function is an RNDIS Ethernet port -- a Microsoft protocol that's
30 * been promoted instead of the standard CDC Ethernet. The published RNDIS
31 * spec is ambiguous, incomplete, and needlessly complex. Variants such as
32 * ActiveSync have even worse status in terms of specification.
33 *
34 * In short: it's a protocol controlled by (and for) Microsoft, not for an
35 * Open ecosystem or markets. Linux supports it *only* because Microsoft
36 * doesn't support the CDC Ethernet standard.
37 *
38 * The RNDIS data transfer model is complex, with multiple Ethernet packets
39 * per USB message, and out of band data. The control model is built around
40 * what's essentially an "RNDIS RPC" protocol. It's all wrapped in a CDC ACM
41 * (modem, not Ethernet) veneer, with those ACM descriptors being entirely
42 * useless (they're ignored). RNDIS expects to be the only function in its
43 * configuration, so it's no real help if you need composite devices; and
44 * it expects to be the first configuration too.
45 *
46 * There is a single technical advantage of RNDIS over CDC Ethernet, if you
47 * discount the fluff that its RPC can be made to deliver: it doesn't need
48 * a NOP altsetting for the data interface. That lets it work on some of the
49 * "so smart it's stupid" hardware which takes over configuration changes
50 * from the software, and adds restrictions like "no altsettings".
51 *
52 * Unfortunately MSFT's RNDIS drivers are buggy. They hang or oops, and
53 * have all sorts of contrary-to-specification oddities that can prevent
54 * them from working sanely. Since bugfixes (or accurate specs, letting
55 * Linux work around those bugs) are unlikely to ever come from MSFT, you
56 * may want to avoid using RNDIS on purely operational grounds.
57 *
58 * Omissions from the RNDIS 1.0 specification include:
59 *
60 * - Power management ... references data that's scattered around lots
61 * of other documentation, which is incorrect/incomplete there too.
62 *
63 * - There are various undocumented protocol requirements, like the need
64 * to send garbage in some control-OUT messages.
65 *
66 * - MS-Windows drivers sometimes emit undocumented requests.
67 */
68
69 struct f_rndis {
70 struct gether port;
71 u8 ctrl_id, data_id;
72 u8 ethaddr[ETH_ALEN];
73 u32 vendorID;
74 const char *manufacturer;
75 struct rndis_params *params;
76
77 struct usb_ep *notify;
78 struct usb_request *notify_req;
79 atomic_t notify_count;
80 };
81
func_to_rndis(struct usb_function * f)82 static inline struct f_rndis *func_to_rndis(struct usb_function *f)
83 {
84 return container_of(f, struct f_rndis, port.func);
85 }
86
87 /*-------------------------------------------------------------------------*/
88
89 /*
90 */
91
92 #define RNDIS_STATUS_INTERVAL_MS 32
93 #define STATUS_BYTECOUNT 8 /* 8 bytes data */
94
95
96 /* interface descriptor: */
97
98 static struct usb_interface_descriptor rndis_control_intf = {
99 .bLength = sizeof rndis_control_intf,
100 .bDescriptorType = USB_DT_INTERFACE,
101
102 /* .bInterfaceNumber = DYNAMIC */
103 /* status endpoint is optional; this could be patched later */
104 .bNumEndpoints = 1,
105 .bInterfaceClass = USB_CLASS_COMM,
106 .bInterfaceSubClass = USB_CDC_SUBCLASS_ACM,
107 .bInterfaceProtocol = USB_CDC_ACM_PROTO_VENDOR,
108 /* .iInterface = DYNAMIC */
109 };
110
111 static struct usb_cdc_header_desc header_desc = {
112 .bLength = sizeof header_desc,
113 .bDescriptorType = USB_DT_CS_INTERFACE,
114 .bDescriptorSubType = USB_CDC_HEADER_TYPE,
115
116 .bcdCDC = cpu_to_le16(0x0110),
117 };
118
119 static struct usb_cdc_call_mgmt_descriptor call_mgmt_descriptor = {
120 .bLength = sizeof call_mgmt_descriptor,
121 .bDescriptorType = USB_DT_CS_INTERFACE,
122 .bDescriptorSubType = USB_CDC_CALL_MANAGEMENT_TYPE,
123
124 .bmCapabilities = 0x00,
125 .bDataInterface = 0x01,
126 };
127
128 static struct usb_cdc_acm_descriptor rndis_acm_descriptor = {
129 .bLength = sizeof rndis_acm_descriptor,
130 .bDescriptorType = USB_DT_CS_INTERFACE,
131 .bDescriptorSubType = USB_CDC_ACM_TYPE,
132
133 .bmCapabilities = 0x00,
134 };
135
136 static struct usb_cdc_union_desc rndis_union_desc = {
137 .bLength = sizeof(rndis_union_desc),
138 .bDescriptorType = USB_DT_CS_INTERFACE,
139 .bDescriptorSubType = USB_CDC_UNION_TYPE,
140 /* .bMasterInterface0 = DYNAMIC */
141 /* .bSlaveInterface0 = DYNAMIC */
142 };
143
144 /* the data interface has two bulk endpoints */
145
146 static struct usb_interface_descriptor rndis_data_intf = {
147 .bLength = sizeof rndis_data_intf,
148 .bDescriptorType = USB_DT_INTERFACE,
149
150 /* .bInterfaceNumber = DYNAMIC */
151 .bNumEndpoints = 2,
152 .bInterfaceClass = USB_CLASS_CDC_DATA,
153 .bInterfaceSubClass = 0,
154 .bInterfaceProtocol = 0,
155 /* .iInterface = DYNAMIC */
156 };
157
158
159 static struct usb_interface_assoc_descriptor
160 rndis_iad_descriptor = {
161 .bLength = sizeof rndis_iad_descriptor,
162 .bDescriptorType = USB_DT_INTERFACE_ASSOCIATION,
163
164 .bFirstInterface = 0, /* XXX, hardcoded */
165 .bInterfaceCount = 2, // control + data
166 .bFunctionClass = USB_CLASS_COMM,
167 .bFunctionSubClass = USB_CDC_SUBCLASS_ETHERNET,
168 .bFunctionProtocol = USB_CDC_PROTO_NONE,
169 /* .iFunction = DYNAMIC */
170 };
171
172 /* full speed support: */
173
174 static struct usb_endpoint_descriptor fs_notify_desc = {
175 .bLength = USB_DT_ENDPOINT_SIZE,
176 .bDescriptorType = USB_DT_ENDPOINT,
177
178 .bEndpointAddress = USB_DIR_IN,
179 .bmAttributes = USB_ENDPOINT_XFER_INT,
180 .wMaxPacketSize = cpu_to_le16(STATUS_BYTECOUNT),
181 .bInterval = RNDIS_STATUS_INTERVAL_MS,
182 };
183
184 static struct usb_endpoint_descriptor fs_in_desc = {
185 .bLength = USB_DT_ENDPOINT_SIZE,
186 .bDescriptorType = USB_DT_ENDPOINT,
187
188 .bEndpointAddress = USB_DIR_IN,
189 .bmAttributes = USB_ENDPOINT_XFER_BULK,
190 };
191
192 static struct usb_endpoint_descriptor fs_out_desc = {
193 .bLength = USB_DT_ENDPOINT_SIZE,
194 .bDescriptorType = USB_DT_ENDPOINT,
195
196 .bEndpointAddress = USB_DIR_OUT,
197 .bmAttributes = USB_ENDPOINT_XFER_BULK,
198 };
199
200 static struct usb_descriptor_header *eth_fs_function[] = {
201 (struct usb_descriptor_header *) &rndis_iad_descriptor,
202
203 /* control interface matches ACM, not Ethernet */
204 (struct usb_descriptor_header *) &rndis_control_intf,
205 (struct usb_descriptor_header *) &header_desc,
206 (struct usb_descriptor_header *) &call_mgmt_descriptor,
207 (struct usb_descriptor_header *) &rndis_acm_descriptor,
208 (struct usb_descriptor_header *) &rndis_union_desc,
209 (struct usb_descriptor_header *) &fs_notify_desc,
210
211 /* data interface has no altsetting */
212 (struct usb_descriptor_header *) &rndis_data_intf,
213 (struct usb_descriptor_header *) &fs_in_desc,
214 (struct usb_descriptor_header *) &fs_out_desc,
215 NULL,
216 };
217
218 /* high speed support: */
219
220 static struct usb_endpoint_descriptor hs_notify_desc = {
221 .bLength = USB_DT_ENDPOINT_SIZE,
222 .bDescriptorType = USB_DT_ENDPOINT,
223
224 .bEndpointAddress = USB_DIR_IN,
225 .bmAttributes = USB_ENDPOINT_XFER_INT,
226 .wMaxPacketSize = cpu_to_le16(STATUS_BYTECOUNT),
227 .bInterval = USB_MS_TO_HS_INTERVAL(RNDIS_STATUS_INTERVAL_MS)
228 };
229
230 static struct usb_endpoint_descriptor hs_in_desc = {
231 .bLength = USB_DT_ENDPOINT_SIZE,
232 .bDescriptorType = USB_DT_ENDPOINT,
233
234 .bEndpointAddress = USB_DIR_IN,
235 .bmAttributes = USB_ENDPOINT_XFER_BULK,
236 .wMaxPacketSize = cpu_to_le16(512),
237 };
238
239 static struct usb_endpoint_descriptor hs_out_desc = {
240 .bLength = USB_DT_ENDPOINT_SIZE,
241 .bDescriptorType = USB_DT_ENDPOINT,
242
243 .bEndpointAddress = USB_DIR_OUT,
244 .bmAttributes = USB_ENDPOINT_XFER_BULK,
245 .wMaxPacketSize = cpu_to_le16(512),
246 };
247
248 static struct usb_descriptor_header *eth_hs_function[] = {
249 (struct usb_descriptor_header *) &rndis_iad_descriptor,
250
251 /* control interface matches ACM, not Ethernet */
252 (struct usb_descriptor_header *) &rndis_control_intf,
253 (struct usb_descriptor_header *) &header_desc,
254 (struct usb_descriptor_header *) &call_mgmt_descriptor,
255 (struct usb_descriptor_header *) &rndis_acm_descriptor,
256 (struct usb_descriptor_header *) &rndis_union_desc,
257 (struct usb_descriptor_header *) &hs_notify_desc,
258
259 /* data interface has no altsetting */
260 (struct usb_descriptor_header *) &rndis_data_intf,
261 (struct usb_descriptor_header *) &hs_in_desc,
262 (struct usb_descriptor_header *) &hs_out_desc,
263 NULL,
264 };
265
266 /* super speed support: */
267
268 static struct usb_endpoint_descriptor ss_notify_desc = {
269 .bLength = USB_DT_ENDPOINT_SIZE,
270 .bDescriptorType = USB_DT_ENDPOINT,
271
272 .bEndpointAddress = USB_DIR_IN,
273 .bmAttributes = USB_ENDPOINT_XFER_INT,
274 .wMaxPacketSize = cpu_to_le16(STATUS_BYTECOUNT),
275 .bInterval = USB_MS_TO_HS_INTERVAL(RNDIS_STATUS_INTERVAL_MS)
276 };
277
278 static struct usb_ss_ep_comp_descriptor ss_intr_comp_desc = {
279 .bLength = sizeof ss_intr_comp_desc,
280 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
281
282 /* the following 3 values can be tweaked if necessary */
283 /* .bMaxBurst = 0, */
284 /* .bmAttributes = 0, */
285 .wBytesPerInterval = cpu_to_le16(STATUS_BYTECOUNT),
286 };
287
288 static struct usb_endpoint_descriptor ss_in_desc = {
289 .bLength = USB_DT_ENDPOINT_SIZE,
290 .bDescriptorType = USB_DT_ENDPOINT,
291
292 .bEndpointAddress = USB_DIR_IN,
293 .bmAttributes = USB_ENDPOINT_XFER_BULK,
294 .wMaxPacketSize = cpu_to_le16(1024),
295 };
296
297 static struct usb_endpoint_descriptor ss_out_desc = {
298 .bLength = USB_DT_ENDPOINT_SIZE,
299 .bDescriptorType = USB_DT_ENDPOINT,
300
301 .bEndpointAddress = USB_DIR_OUT,
302 .bmAttributes = USB_ENDPOINT_XFER_BULK,
303 .wMaxPacketSize = cpu_to_le16(1024),
304 };
305
306 static struct usb_ss_ep_comp_descriptor ss_bulk_comp_desc = {
307 .bLength = sizeof ss_bulk_comp_desc,
308 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
309
310 /* the following 2 values can be tweaked if necessary */
311 /* .bMaxBurst = 0, */
312 /* .bmAttributes = 0, */
313 };
314
315 static struct usb_descriptor_header *eth_ss_function[] = {
316 (struct usb_descriptor_header *) &rndis_iad_descriptor,
317
318 /* control interface matches ACM, not Ethernet */
319 (struct usb_descriptor_header *) &rndis_control_intf,
320 (struct usb_descriptor_header *) &header_desc,
321 (struct usb_descriptor_header *) &call_mgmt_descriptor,
322 (struct usb_descriptor_header *) &rndis_acm_descriptor,
323 (struct usb_descriptor_header *) &rndis_union_desc,
324 (struct usb_descriptor_header *) &ss_notify_desc,
325 (struct usb_descriptor_header *) &ss_intr_comp_desc,
326
327 /* data interface has no altsetting */
328 (struct usb_descriptor_header *) &rndis_data_intf,
329 (struct usb_descriptor_header *) &ss_in_desc,
330 (struct usb_descriptor_header *) &ss_bulk_comp_desc,
331 (struct usb_descriptor_header *) &ss_out_desc,
332 (struct usb_descriptor_header *) &ss_bulk_comp_desc,
333 NULL,
334 };
335
336 /* string descriptors: */
337
338 static struct usb_string rndis_string_defs[] = {
339 [0].s = "RNDIS Communications Control",
340 [1].s = "RNDIS Ethernet Data",
341 [2].s = "RNDIS",
342 { } /* end of list */
343 };
344
345 static struct usb_gadget_strings rndis_string_table = {
346 .language = 0x0409, /* en-us */
347 .strings = rndis_string_defs,
348 };
349
350 static struct usb_gadget_strings *rndis_strings[] = {
351 &rndis_string_table,
352 NULL,
353 };
354
355 /*-------------------------------------------------------------------------*/
356
rndis_add_header(struct gether * port,struct sk_buff * skb)357 static struct sk_buff *rndis_add_header(struct gether *port,
358 struct sk_buff *skb)
359 {
360 struct sk_buff *skb2;
361
362 if (!skb)
363 return NULL;
364
365 skb2 = skb_realloc_headroom(skb, sizeof(struct rndis_packet_msg_type));
366 rndis_add_hdr(skb2);
367
368 dev_kfree_skb(skb);
369 return skb2;
370 }
371
rndis_response_available(void * _rndis)372 static void rndis_response_available(void *_rndis)
373 {
374 struct f_rndis *rndis = _rndis;
375 struct usb_request *req = rndis->notify_req;
376 struct usb_composite_dev *cdev = rndis->port.func.config->cdev;
377 __le32 *data = req->buf;
378 int status;
379
380 if (atomic_inc_return(&rndis->notify_count) != 1)
381 return;
382
383 /* Send RNDIS RESPONSE_AVAILABLE notification; a
384 * USB_CDC_NOTIFY_RESPONSE_AVAILABLE "should" work too
385 *
386 * This is the only notification defined by RNDIS.
387 */
388 data[0] = cpu_to_le32(1);
389 data[1] = cpu_to_le32(0);
390
391 status = usb_ep_queue(rndis->notify, req, GFP_ATOMIC);
392 if (status) {
393 atomic_dec(&rndis->notify_count);
394 DBG(cdev, "notify/0 --> %d\n", status);
395 }
396 }
397
rndis_response_complete(struct usb_ep * ep,struct usb_request * req)398 static void rndis_response_complete(struct usb_ep *ep, struct usb_request *req)
399 {
400 struct f_rndis *rndis = req->context;
401 struct usb_composite_dev *cdev = rndis->port.func.config->cdev;
402 int status = req->status;
403
404 /* after TX:
405 * - USB_CDC_GET_ENCAPSULATED_RESPONSE (ep0/control)
406 * - RNDIS_RESPONSE_AVAILABLE (status/irq)
407 */
408 switch (status) {
409 case -ECONNRESET:
410 case -ESHUTDOWN:
411 /* connection gone */
412 atomic_set(&rndis->notify_count, 0);
413 break;
414 default:
415 DBG(cdev, "RNDIS %s response error %d, %d/%d\n",
416 ep->name, status,
417 req->actual, req->length);
418 fallthrough;
419 case 0:
420 if (ep != rndis->notify)
421 break;
422
423 /* handle multiple pending RNDIS_RESPONSE_AVAILABLE
424 * notifications by resending until we're done
425 */
426 if (atomic_dec_and_test(&rndis->notify_count))
427 break;
428 status = usb_ep_queue(rndis->notify, req, GFP_ATOMIC);
429 if (status) {
430 atomic_dec(&rndis->notify_count);
431 DBG(cdev, "notify/1 --> %d\n", status);
432 }
433 break;
434 }
435 }
436
rndis_command_complete(struct usb_ep * ep,struct usb_request * req)437 static void rndis_command_complete(struct usb_ep *ep, struct usb_request *req)
438 {
439 struct f_rndis *rndis = req->context;
440 int status;
441
442 /* received RNDIS command from USB_CDC_SEND_ENCAPSULATED_COMMAND */
443 // spin_lock(&dev->lock);
444 status = rndis_msg_parser(rndis->params, (u8 *) req->buf);
445 if (status < 0)
446 pr_err("RNDIS command error %d, %d/%d\n",
447 status, req->actual, req->length);
448 // spin_unlock(&dev->lock);
449 }
450
451 static int
rndis_setup(struct usb_function * f,const struct usb_ctrlrequest * ctrl)452 rndis_setup(struct usb_function *f, const struct usb_ctrlrequest *ctrl)
453 {
454 struct f_rndis *rndis = func_to_rndis(f);
455 struct usb_composite_dev *cdev = f->config->cdev;
456 struct usb_request *req = cdev->req;
457 int value = -EOPNOTSUPP;
458 u16 w_index = le16_to_cpu(ctrl->wIndex);
459 u16 w_value = le16_to_cpu(ctrl->wValue);
460 u16 w_length = le16_to_cpu(ctrl->wLength);
461
462 /* composite driver infrastructure handles everything except
463 * CDC class messages; interface activation uses set_alt().
464 */
465 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) {
466
467 /* RNDIS uses the CDC command encapsulation mechanism to implement
468 * an RPC scheme, with much getting/setting of attributes by OID.
469 */
470 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8)
471 | USB_CDC_SEND_ENCAPSULATED_COMMAND:
472 if (w_value || w_index != rndis->ctrl_id)
473 goto invalid;
474 /* read the request; process it later */
475 value = w_length;
476 req->complete = rndis_command_complete;
477 req->context = rndis;
478 /* later, rndis_response_available() sends a notification */
479 break;
480
481 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8)
482 | USB_CDC_GET_ENCAPSULATED_RESPONSE:
483 if (w_value || w_index != rndis->ctrl_id)
484 goto invalid;
485 else {
486 u8 *buf;
487 u32 n;
488
489 /* return the result */
490 buf = rndis_get_next_response(rndis->params, &n);
491 if (buf) {
492 memcpy(req->buf, buf, n);
493 req->complete = rndis_response_complete;
494 req->context = rndis;
495 rndis_free_response(rndis->params, buf);
496 value = n;
497 }
498 /* else stalls ... spec says to avoid that */
499 }
500 break;
501
502 default:
503 invalid:
504 VDBG(cdev, "invalid control req%02x.%02x v%04x i%04x l%d\n",
505 ctrl->bRequestType, ctrl->bRequest,
506 w_value, w_index, w_length);
507 }
508
509 /* respond with data transfer or status phase? */
510 if (value >= 0) {
511 DBG(cdev, "rndis req%02x.%02x v%04x i%04x l%d\n",
512 ctrl->bRequestType, ctrl->bRequest,
513 w_value, w_index, w_length);
514 req->zero = (value < w_length);
515 req->length = value;
516 value = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC);
517 if (value < 0)
518 ERROR(cdev, "rndis response on err %d\n", value);
519 }
520
521 /* device either stalls (value < 0) or reports success */
522 return value;
523 }
524
525
rndis_set_alt(struct usb_function * f,unsigned intf,unsigned alt)526 static int rndis_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
527 {
528 struct f_rndis *rndis = func_to_rndis(f);
529 struct usb_composite_dev *cdev = f->config->cdev;
530
531 /* we know alt == 0 */
532
533 if (intf == rndis->ctrl_id) {
534 VDBG(cdev, "reset rndis control %d\n", intf);
535 usb_ep_disable(rndis->notify);
536
537 if (!rndis->notify->desc) {
538 VDBG(cdev, "init rndis ctrl %d\n", intf);
539 if (config_ep_by_speed(cdev->gadget, f, rndis->notify))
540 goto fail;
541 }
542 usb_ep_enable(rndis->notify);
543
544 } else if (intf == rndis->data_id) {
545 struct net_device *net;
546
547 if (rndis->port.in_ep->enabled) {
548 DBG(cdev, "reset rndis\n");
549 gether_disconnect(&rndis->port);
550 }
551
552 if (!rndis->port.in_ep->desc || !rndis->port.out_ep->desc) {
553 DBG(cdev, "init rndis\n");
554 if (config_ep_by_speed(cdev->gadget, f,
555 rndis->port.in_ep) ||
556 config_ep_by_speed(cdev->gadget, f,
557 rndis->port.out_ep)) {
558 rndis->port.in_ep->desc = NULL;
559 rndis->port.out_ep->desc = NULL;
560 goto fail;
561 }
562 }
563
564 /* Avoid ZLPs; they can be troublesome. */
565 rndis->port.is_zlp_ok = false;
566
567 /* RNDIS should be in the "RNDIS uninitialized" state,
568 * either never activated or after rndis_uninit().
569 *
570 * We don't want data to flow here until a nonzero packet
571 * filter is set, at which point it enters "RNDIS data
572 * initialized" state ... but we do want the endpoints
573 * to be activated. It's a strange little state.
574 *
575 * REVISIT the RNDIS gadget code has done this wrong for a
576 * very long time. We need another call to the link layer
577 * code -- gether_updown(...bool) maybe -- to do it right.
578 */
579 rndis->port.cdc_filter = 0;
580
581 DBG(cdev, "RNDIS RX/TX early activation ... \n");
582 net = gether_connect(&rndis->port);
583 if (IS_ERR(net))
584 return PTR_ERR(net);
585
586 rndis_set_param_dev(rndis->params, net,
587 &rndis->port.cdc_filter);
588 } else
589 goto fail;
590
591 return 0;
592 fail:
593 return -EINVAL;
594 }
595
rndis_disable(struct usb_function * f)596 static void rndis_disable(struct usb_function *f)
597 {
598 struct f_rndis *rndis = func_to_rndis(f);
599 struct usb_composite_dev *cdev = f->config->cdev;
600
601 if (!rndis->notify->enabled)
602 return;
603
604 DBG(cdev, "rndis deactivated\n");
605
606 rndis_uninit(rndis->params);
607 gether_disconnect(&rndis->port);
608
609 usb_ep_disable(rndis->notify);
610 rndis->notify->desc = NULL;
611 }
612
613 /*-------------------------------------------------------------------------*/
614
615 /*
616 * This isn't quite the same mechanism as CDC Ethernet, since the
617 * notification scheme passes less data, but the same set of link
618 * states must be tested. A key difference is that altsettings are
619 * not used to tell whether the link should send packets or not.
620 */
621
rndis_open(struct gether * geth)622 static void rndis_open(struct gether *geth)
623 {
624 struct f_rndis *rndis = func_to_rndis(&geth->func);
625 struct usb_composite_dev *cdev = geth->func.config->cdev;
626
627 DBG(cdev, "%s\n", __func__);
628
629 rndis_set_param_medium(rndis->params, RNDIS_MEDIUM_802_3,
630 gether_bitrate(cdev->gadget) / 100);
631 rndis_signal_connect(rndis->params);
632 }
633
rndis_close(struct gether * geth)634 static void rndis_close(struct gether *geth)
635 {
636 struct f_rndis *rndis = func_to_rndis(&geth->func);
637
638 DBG(geth->func.config->cdev, "%s\n", __func__);
639
640 rndis_set_param_medium(rndis->params, RNDIS_MEDIUM_802_3, 0);
641 rndis_signal_disconnect(rndis->params);
642 }
643
644 /*-------------------------------------------------------------------------*/
645
646 /* Some controllers can't support RNDIS ... */
can_support_rndis(struct usb_configuration * c)647 static inline bool can_support_rndis(struct usb_configuration *c)
648 {
649 /* everything else is *presumably* fine */
650 return true;
651 }
652
653 /* ethernet function driver setup/binding */
654
655 static int
rndis_bind(struct usb_configuration * c,struct usb_function * f)656 rndis_bind(struct usb_configuration *c, struct usb_function *f)
657 {
658 struct usb_composite_dev *cdev = c->cdev;
659 struct f_rndis *rndis = func_to_rndis(f);
660 struct usb_string *us;
661 int status;
662 struct usb_ep *ep;
663
664 struct f_rndis_opts *rndis_opts;
665
666 if (!can_support_rndis(c))
667 return -EINVAL;
668
669 rndis_opts = container_of(f->fi, struct f_rndis_opts, func_inst);
670
671 if (cdev->use_os_string) {
672 f->os_desc_table = kzalloc(sizeof(*f->os_desc_table),
673 GFP_KERNEL);
674 if (!f->os_desc_table)
675 return -ENOMEM;
676 f->os_desc_n = 1;
677 f->os_desc_table[0].os_desc = &rndis_opts->rndis_os_desc;
678 }
679
680 rndis_iad_descriptor.bFunctionClass = rndis_opts->class;
681 rndis_iad_descriptor.bFunctionSubClass = rndis_opts->subclass;
682 rndis_iad_descriptor.bFunctionProtocol = rndis_opts->protocol;
683
684 /*
685 * in drivers/usb/gadget/configfs.c:configfs_composite_bind()
686 * configurations are bound in sequence with list_for_each_entry,
687 * in each configuration its functions are bound in sequence
688 * with list_for_each_entry, so we assume no race condition
689 * with regard to rndis_opts->bound access
690 */
691 if (!rndis_opts->bound) {
692 gether_set_gadget(rndis_opts->net, cdev->gadget);
693 status = gether_register_netdev(rndis_opts->net);
694 if (status)
695 goto fail;
696 rndis_opts->bound = true;
697 }
698
699 us = usb_gstrings_attach(cdev, rndis_strings,
700 ARRAY_SIZE(rndis_string_defs));
701 if (IS_ERR(us)) {
702 status = PTR_ERR(us);
703 goto fail;
704 }
705 rndis_control_intf.iInterface = us[0].id;
706 rndis_data_intf.iInterface = us[1].id;
707 rndis_iad_descriptor.iFunction = us[2].id;
708
709 /* allocate instance-specific interface IDs */
710 status = usb_interface_id(c, f);
711 if (status < 0)
712 goto fail;
713 rndis->ctrl_id = status;
714 rndis_iad_descriptor.bFirstInterface = status;
715
716 rndis_control_intf.bInterfaceNumber = status;
717 rndis_union_desc.bMasterInterface0 = status;
718
719 if (cdev->use_os_string)
720 f->os_desc_table[0].if_id =
721 rndis_iad_descriptor.bFirstInterface;
722
723 status = usb_interface_id(c, f);
724 if (status < 0)
725 goto fail;
726 rndis->data_id = status;
727
728 rndis_data_intf.bInterfaceNumber = status;
729 rndis_union_desc.bSlaveInterface0 = status;
730
731 status = -ENODEV;
732
733 /* allocate instance-specific endpoints */
734 ep = usb_ep_autoconfig(cdev->gadget, &fs_in_desc);
735 if (!ep)
736 goto fail;
737 rndis->port.in_ep = ep;
738
739 ep = usb_ep_autoconfig(cdev->gadget, &fs_out_desc);
740 if (!ep)
741 goto fail;
742 rndis->port.out_ep = ep;
743
744 /* NOTE: a status/notification endpoint is, strictly speaking,
745 * optional. We don't treat it that way though! It's simpler,
746 * and some newer profiles don't treat it as optional.
747 */
748 ep = usb_ep_autoconfig(cdev->gadget, &fs_notify_desc);
749 if (!ep)
750 goto fail;
751 rndis->notify = ep;
752
753 status = -ENOMEM;
754
755 /* allocate notification request and buffer */
756 rndis->notify_req = usb_ep_alloc_request(ep, GFP_KERNEL);
757 if (!rndis->notify_req)
758 goto fail;
759 rndis->notify_req->buf = kmalloc(STATUS_BYTECOUNT, GFP_KERNEL);
760 if (!rndis->notify_req->buf)
761 goto fail;
762 rndis->notify_req->length = STATUS_BYTECOUNT;
763 rndis->notify_req->context = rndis;
764 rndis->notify_req->complete = rndis_response_complete;
765
766 /* support all relevant hardware speeds... we expect that when
767 * hardware is dual speed, all bulk-capable endpoints work at
768 * both speeds
769 */
770 hs_in_desc.bEndpointAddress = fs_in_desc.bEndpointAddress;
771 hs_out_desc.bEndpointAddress = fs_out_desc.bEndpointAddress;
772 hs_notify_desc.bEndpointAddress = fs_notify_desc.bEndpointAddress;
773
774 ss_in_desc.bEndpointAddress = fs_in_desc.bEndpointAddress;
775 ss_out_desc.bEndpointAddress = fs_out_desc.bEndpointAddress;
776 ss_notify_desc.bEndpointAddress = fs_notify_desc.bEndpointAddress;
777
778 status = usb_assign_descriptors(f, eth_fs_function, eth_hs_function,
779 eth_ss_function, eth_ss_function);
780 if (status)
781 goto fail;
782
783 rndis->port.open = rndis_open;
784 rndis->port.close = rndis_close;
785
786 rndis_set_param_medium(rndis->params, RNDIS_MEDIUM_802_3, 0);
787 rndis_set_host_mac(rndis->params, rndis->ethaddr);
788
789 if (rndis->manufacturer && rndis->vendorID &&
790 rndis_set_param_vendor(rndis->params, rndis->vendorID,
791 rndis->manufacturer)) {
792 status = -EINVAL;
793 goto fail_free_descs;
794 }
795
796 /* NOTE: all that is done without knowing or caring about
797 * the network link ... which is unavailable to this code
798 * until we're activated via set_alt().
799 */
800
801 DBG(cdev, "RNDIS: IN/%s OUT/%s NOTIFY/%s\n",
802 rndis->port.in_ep->name, rndis->port.out_ep->name,
803 rndis->notify->name);
804 return 0;
805
806 fail_free_descs:
807 usb_free_all_descriptors(f);
808 fail:
809 kfree(f->os_desc_table);
810 f->os_desc_n = 0;
811
812 if (rndis->notify_req) {
813 kfree(rndis->notify_req->buf);
814 usb_ep_free_request(rndis->notify, rndis->notify_req);
815 }
816
817 ERROR(cdev, "%s: can't bind, err %d\n", f->name, status);
818
819 return status;
820 }
821
rndis_borrow_net(struct usb_function_instance * f,struct net_device * net)822 void rndis_borrow_net(struct usb_function_instance *f, struct net_device *net)
823 {
824 struct f_rndis_opts *opts;
825
826 opts = container_of(f, struct f_rndis_opts, func_inst);
827 if (opts->bound)
828 gether_cleanup(netdev_priv(opts->net));
829 else
830 free_netdev(opts->net);
831 opts->borrowed_net = opts->bound = true;
832 opts->net = net;
833 }
834 EXPORT_SYMBOL_GPL(rndis_borrow_net);
835
to_f_rndis_opts(struct config_item * item)836 static inline struct f_rndis_opts *to_f_rndis_opts(struct config_item *item)
837 {
838 return container_of(to_config_group(item), struct f_rndis_opts,
839 func_inst.group);
840 }
841
842 /* f_rndis_item_ops */
843 USB_ETHERNET_CONFIGFS_ITEM(rndis);
844
845 /* f_rndis_opts_dev_addr */
846 USB_ETHERNET_CONFIGFS_ITEM_ATTR_DEV_ADDR(rndis);
847
848 /* f_rndis_opts_host_addr */
849 USB_ETHERNET_CONFIGFS_ITEM_ATTR_HOST_ADDR(rndis);
850
851 /* f_rndis_opts_qmult */
852 USB_ETHERNET_CONFIGFS_ITEM_ATTR_QMULT(rndis);
853
854 /* f_rndis_opts_ifname */
855 USB_ETHERNET_CONFIGFS_ITEM_ATTR_IFNAME(rndis);
856
857 /* f_rndis_opts_class */
858 USB_ETHER_CONFIGFS_ITEM_ATTR_U8_RW(rndis, class);
859
860 /* f_rndis_opts_subclass */
861 USB_ETHER_CONFIGFS_ITEM_ATTR_U8_RW(rndis, subclass);
862
863 /* f_rndis_opts_protocol */
864 USB_ETHER_CONFIGFS_ITEM_ATTR_U8_RW(rndis, protocol);
865
866 static struct configfs_attribute *rndis_attrs[] = {
867 &rndis_opts_attr_dev_addr,
868 &rndis_opts_attr_host_addr,
869 &rndis_opts_attr_qmult,
870 &rndis_opts_attr_ifname,
871 &rndis_opts_attr_class,
872 &rndis_opts_attr_subclass,
873 &rndis_opts_attr_protocol,
874 NULL,
875 };
876
877 static const struct config_item_type rndis_func_type = {
878 .ct_item_ops = &rndis_item_ops,
879 .ct_attrs = rndis_attrs,
880 .ct_owner = THIS_MODULE,
881 };
882
rndis_free_inst(struct usb_function_instance * f)883 static void rndis_free_inst(struct usb_function_instance *f)
884 {
885 struct f_rndis_opts *opts;
886
887 opts = container_of(f, struct f_rndis_opts, func_inst);
888 if (!opts->borrowed_net) {
889 if (opts->bound)
890 gether_cleanup(netdev_priv(opts->net));
891 else
892 free_netdev(opts->net);
893 }
894
895 kfree(opts->rndis_interf_group); /* single VLA chunk */
896 kfree(opts);
897 }
898
rndis_alloc_inst(void)899 static struct usb_function_instance *rndis_alloc_inst(void)
900 {
901 struct f_rndis_opts *opts;
902 struct usb_os_desc *descs[1];
903 char *names[1];
904 struct config_group *rndis_interf_group;
905
906 opts = kzalloc(sizeof(*opts), GFP_KERNEL);
907 if (!opts)
908 return ERR_PTR(-ENOMEM);
909 opts->rndis_os_desc.ext_compat_id = opts->rndis_ext_compat_id;
910
911 mutex_init(&opts->lock);
912 opts->func_inst.free_func_inst = rndis_free_inst;
913 opts->net = gether_setup_default();
914 if (IS_ERR(opts->net)) {
915 struct net_device *net = opts->net;
916 kfree(opts);
917 return ERR_CAST(net);
918 }
919 INIT_LIST_HEAD(&opts->rndis_os_desc.ext_prop);
920
921 opts->class = rndis_iad_descriptor.bFunctionClass;
922 opts->subclass = rndis_iad_descriptor.bFunctionSubClass;
923 opts->protocol = rndis_iad_descriptor.bFunctionProtocol;
924
925 descs[0] = &opts->rndis_os_desc;
926 names[0] = "rndis";
927 config_group_init_type_name(&opts->func_inst.group, "",
928 &rndis_func_type);
929 rndis_interf_group =
930 usb_os_desc_prepare_interf_dir(&opts->func_inst.group, 1, descs,
931 names, THIS_MODULE);
932 if (IS_ERR(rndis_interf_group)) {
933 rndis_free_inst(&opts->func_inst);
934 return ERR_CAST(rndis_interf_group);
935 }
936 opts->rndis_interf_group = rndis_interf_group;
937
938 return &opts->func_inst;
939 }
940
rndis_free(struct usb_function * f)941 static void rndis_free(struct usb_function *f)
942 {
943 struct f_rndis *rndis;
944 struct f_rndis_opts *opts;
945
946 rndis = func_to_rndis(f);
947 rndis_deregister(rndis->params);
948 opts = container_of(f->fi, struct f_rndis_opts, func_inst);
949 kfree(rndis);
950 mutex_lock(&opts->lock);
951 opts->refcnt--;
952 mutex_unlock(&opts->lock);
953 }
954
rndis_unbind(struct usb_configuration * c,struct usb_function * f)955 static void rndis_unbind(struct usb_configuration *c, struct usb_function *f)
956 {
957 struct f_rndis *rndis = func_to_rndis(f);
958
959 kfree(f->os_desc_table);
960 f->os_desc_n = 0;
961 usb_free_all_descriptors(f);
962
963 kfree(rndis->notify_req->buf);
964 usb_ep_free_request(rndis->notify, rndis->notify_req);
965 }
966
rndis_alloc(struct usb_function_instance * fi)967 static struct usb_function *rndis_alloc(struct usb_function_instance *fi)
968 {
969 struct f_rndis *rndis;
970 struct f_rndis_opts *opts;
971 struct rndis_params *params;
972
973 /* allocate and initialize one new instance */
974 rndis = kzalloc(sizeof(*rndis), GFP_KERNEL);
975 if (!rndis)
976 return ERR_PTR(-ENOMEM);
977
978 opts = container_of(fi, struct f_rndis_opts, func_inst);
979 mutex_lock(&opts->lock);
980 opts->refcnt++;
981
982 gether_get_host_addr_u8(opts->net, rndis->ethaddr);
983 rndis->vendorID = opts->vendor_id;
984 rndis->manufacturer = opts->manufacturer;
985
986 rndis->port.ioport = netdev_priv(opts->net);
987 mutex_unlock(&opts->lock);
988 /* RNDIS activates when the host changes this filter */
989 rndis->port.cdc_filter = 0;
990
991 /* RNDIS has special (and complex) framing */
992 rndis->port.header_len = sizeof(struct rndis_packet_msg_type);
993 rndis->port.wrap = rndis_add_header;
994 rndis->port.unwrap = rndis_rm_hdr;
995
996 rndis->port.func.name = "rndis";
997 /* descriptors are per-instance copies */
998 rndis->port.func.bind = rndis_bind;
999 rndis->port.func.unbind = rndis_unbind;
1000 rndis->port.func.set_alt = rndis_set_alt;
1001 rndis->port.func.setup = rndis_setup;
1002 rndis->port.func.disable = rndis_disable;
1003 rndis->port.func.free_func = rndis_free;
1004
1005 params = rndis_register(rndis_response_available, rndis);
1006 if (IS_ERR(params)) {
1007 kfree(rndis);
1008 return ERR_CAST(params);
1009 }
1010 rndis->params = params;
1011
1012 return &rndis->port.func;
1013 }
1014
1015 DECLARE_USB_FUNCTION_INIT(rndis, rndis_alloc_inst, rndis_alloc);
1016 MODULE_LICENSE("GPL");
1017 MODULE_AUTHOR("David Brownell");
1018