1 /* 2 * Copyright (c) 2012 Smith Micro Software, Inc. 3 * Copyright (c) 2012 Bjørn Mork <bjorn@mork.no> 4 * 5 * This driver is based on and reuse most of cdc_ncm, which is 6 * Copyright (C) ST-Ericsson 2010-2012 7 * 8 * This program is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU General Public License 10 * version 2 as published by the Free Software Foundation. 11 */ 12 13 #include <linux/module.h> 14 #include <linux/netdevice.h> 15 #include <linux/ethtool.h> 16 #include <linux/if_vlan.h> 17 #include <linux/ip.h> 18 #include <linux/mii.h> 19 #include <linux/usb.h> 20 #include <linux/usb/cdc.h> 21 #include <linux/usb/usbnet.h> 22 #include <linux/usb/cdc-wdm.h> 23 #include <linux/usb/cdc_ncm.h> 24 #include <net/ipv6.h> 25 #include <net/addrconf.h> 26 27 /* driver specific data - must match cdc_ncm usage */ 28 struct cdc_mbim_state { 29 struct cdc_ncm_ctx *ctx; 30 atomic_t pmcount; 31 struct usb_driver *subdriver; 32 struct usb_interface *control; 33 struct usb_interface *data; 34 }; 35 36 /* using a counter to merge subdriver requests with our own into a combined state */ 37 static int cdc_mbim_manage_power(struct usbnet *dev, int on) 38 { 39 struct cdc_mbim_state *info = (void *)&dev->data; 40 int rv = 0; 41 42 dev_dbg(&dev->intf->dev, "%s() pmcount=%d, on=%d\n", __func__, atomic_read(&info->pmcount), on); 43 44 if ((on && atomic_add_return(1, &info->pmcount) == 1) || (!on && atomic_dec_and_test(&info->pmcount))) { 45 /* need autopm_get/put here to ensure the usbcore sees the new value */ 46 rv = usb_autopm_get_interface(dev->intf); 47 dev->intf->needs_remote_wakeup = on; 48 if (!rv) 49 usb_autopm_put_interface(dev->intf); 50 } 51 return 0; 52 } 53 54 static int cdc_mbim_wdm_manage_power(struct usb_interface *intf, int status) 55 { 56 struct usbnet *dev = usb_get_intfdata(intf); 57 58 /* can be called while disconnecting */ 59 if (!dev) 60 return 0; 61 62 return cdc_mbim_manage_power(dev, status); 63 } 64 65 66 static int cdc_mbim_bind(struct usbnet *dev, struct usb_interface *intf) 67 { 68 struct cdc_ncm_ctx *ctx; 69 struct usb_driver *subdriver = ERR_PTR(-ENODEV); 70 int ret = -ENODEV; 71 u8 data_altsetting = cdc_ncm_select_altsetting(dev, intf); 72 struct cdc_mbim_state *info = (void *)&dev->data; 73 74 /* Probably NCM, defer for cdc_ncm_bind */ 75 if (!cdc_ncm_comm_intf_is_mbim(intf->cur_altsetting)) 76 goto err; 77 78 ret = cdc_ncm_bind_common(dev, intf, data_altsetting); 79 if (ret) 80 goto err; 81 82 ctx = info->ctx; 83 84 /* The MBIM descriptor and the status endpoint are required */ 85 if (ctx->mbim_desc && dev->status) 86 subdriver = usb_cdc_wdm_register(ctx->control, 87 &dev->status->desc, 88 le16_to_cpu(ctx->mbim_desc->wMaxControlMessage), 89 cdc_mbim_wdm_manage_power); 90 if (IS_ERR(subdriver)) { 91 ret = PTR_ERR(subdriver); 92 cdc_ncm_unbind(dev, intf); 93 goto err; 94 } 95 96 /* can't let usbnet use the interrupt endpoint */ 97 dev->status = NULL; 98 info->subdriver = subdriver; 99 100 /* MBIM cannot do ARP */ 101 dev->net->flags |= IFF_NOARP; 102 103 /* no need to put the VLAN tci in the packet headers */ 104 dev->net->features |= NETIF_F_HW_VLAN_CTAG_TX; 105 err: 106 return ret; 107 } 108 109 static void cdc_mbim_unbind(struct usbnet *dev, struct usb_interface *intf) 110 { 111 struct cdc_mbim_state *info = (void *)&dev->data; 112 struct cdc_ncm_ctx *ctx = info->ctx; 113 114 /* disconnect subdriver from control interface */ 115 if (info->subdriver && info->subdriver->disconnect) 116 info->subdriver->disconnect(ctx->control); 117 info->subdriver = NULL; 118 119 /* let NCM unbind clean up both control and data interface */ 120 cdc_ncm_unbind(dev, intf); 121 } 122 123 /* verify that the ethernet protocol is IPv4 or IPv6 */ 124 static bool is_ip_proto(__be16 proto) 125 { 126 switch (proto) { 127 case htons(ETH_P_IP): 128 case htons(ETH_P_IPV6): 129 return true; 130 } 131 return false; 132 } 133 134 static struct sk_buff *cdc_mbim_tx_fixup(struct usbnet *dev, struct sk_buff *skb, gfp_t flags) 135 { 136 struct sk_buff *skb_out; 137 struct cdc_mbim_state *info = (void *)&dev->data; 138 struct cdc_ncm_ctx *ctx = info->ctx; 139 __le32 sign = cpu_to_le32(USB_CDC_MBIM_NDP16_IPS_SIGN); 140 u16 tci = 0; 141 bool is_ip; 142 u8 *c; 143 144 if (!ctx) 145 goto error; 146 147 if (skb) { 148 if (skb->len <= ETH_HLEN) 149 goto error; 150 151 /* Some applications using e.g. packet sockets will 152 * bypass the VLAN acceleration and create tagged 153 * ethernet frames directly. We primarily look for 154 * the accelerated out-of-band tag, but fall back if 155 * required 156 */ 157 skb_reset_mac_header(skb); 158 if (vlan_get_tag(skb, &tci) < 0 && skb->len > VLAN_ETH_HLEN && 159 __vlan_get_tag(skb, &tci) == 0) { 160 is_ip = is_ip_proto(vlan_eth_hdr(skb)->h_vlan_encapsulated_proto); 161 skb_pull(skb, VLAN_ETH_HLEN); 162 } else { 163 is_ip = is_ip_proto(eth_hdr(skb)->h_proto); 164 skb_pull(skb, ETH_HLEN); 165 } 166 167 /* mapping VLANs to MBIM sessions: 168 * no tag => IPS session <0> 169 * 1 - 255 => IPS session <vlanid> 170 * 256 - 511 => DSS session <vlanid - 256> 171 * 512 - 4095 => unsupported, drop 172 */ 173 switch (tci & 0x0f00) { 174 case 0x0000: /* VLAN ID 0 - 255 */ 175 if (!is_ip) 176 goto error; 177 c = (u8 *)&sign; 178 c[3] = tci; 179 break; 180 case 0x0100: /* VLAN ID 256 - 511 */ 181 sign = cpu_to_le32(USB_CDC_MBIM_NDP16_DSS_SIGN); 182 c = (u8 *)&sign; 183 c[3] = tci; 184 break; 185 default: 186 netif_err(dev, tx_err, dev->net, 187 "unsupported tci=0x%04x\n", tci); 188 goto error; 189 } 190 } 191 192 spin_lock_bh(&ctx->mtx); 193 skb_out = cdc_ncm_fill_tx_frame(dev, skb, sign); 194 spin_unlock_bh(&ctx->mtx); 195 return skb_out; 196 197 error: 198 if (skb) 199 dev_kfree_skb_any(skb); 200 201 return NULL; 202 } 203 204 /* Some devices are known to send Neigbor Solicitation messages and 205 * require Neigbor Advertisement replies. The IPv6 core will not 206 * respond since IFF_NOARP is set, so we must handle them ourselves. 207 */ 208 static void do_neigh_solicit(struct usbnet *dev, u8 *buf, u16 tci) 209 { 210 struct ipv6hdr *iph = (void *)buf; 211 struct nd_msg *msg = (void *)(iph + 1); 212 struct net_device *netdev; 213 struct inet6_dev *in6_dev; 214 bool is_router; 215 216 /* we'll only respond to requests from unicast addresses to 217 * our solicited node addresses. 218 */ 219 if (!ipv6_addr_is_solict_mult(&iph->daddr) || 220 !(ipv6_addr_type(&iph->saddr) & IPV6_ADDR_UNICAST)) 221 return; 222 223 /* need to send the NA on the VLAN dev, if any */ 224 rcu_read_lock(); 225 if (tci) { 226 netdev = __vlan_find_dev_deep(dev->net, htons(ETH_P_8021Q), 227 tci); 228 if (!netdev) { 229 rcu_read_unlock(); 230 return; 231 } 232 } else { 233 netdev = dev->net; 234 } 235 dev_hold(netdev); 236 rcu_read_unlock(); 237 238 in6_dev = in6_dev_get(netdev); 239 if (!in6_dev) 240 goto out; 241 is_router = !!in6_dev->cnf.forwarding; 242 in6_dev_put(in6_dev); 243 244 /* ipv6_stub != NULL if in6_dev_get returned an inet6_dev */ 245 ipv6_stub->ndisc_send_na(netdev, NULL, &iph->saddr, &msg->target, 246 is_router /* router */, 247 true /* solicited */, 248 false /* override */, 249 true /* inc_opt */); 250 out: 251 dev_put(netdev); 252 } 253 254 static bool is_neigh_solicit(u8 *buf, size_t len) 255 { 256 struct ipv6hdr *iph = (void *)buf; 257 struct nd_msg *msg = (void *)(iph + 1); 258 259 return (len >= sizeof(struct ipv6hdr) + sizeof(struct nd_msg) && 260 iph->nexthdr == IPPROTO_ICMPV6 && 261 msg->icmph.icmp6_code == 0 && 262 msg->icmph.icmp6_type == NDISC_NEIGHBOUR_SOLICITATION); 263 } 264 265 266 static struct sk_buff *cdc_mbim_process_dgram(struct usbnet *dev, u8 *buf, size_t len, u16 tci) 267 { 268 __be16 proto = htons(ETH_P_802_3); 269 struct sk_buff *skb = NULL; 270 271 if (tci < 256) { /* IPS session? */ 272 if (len < sizeof(struct iphdr)) 273 goto err; 274 275 switch (*buf & 0xf0) { 276 case 0x40: 277 proto = htons(ETH_P_IP); 278 break; 279 case 0x60: 280 if (is_neigh_solicit(buf, len)) 281 do_neigh_solicit(dev, buf, tci); 282 proto = htons(ETH_P_IPV6); 283 break; 284 default: 285 goto err; 286 } 287 } 288 289 skb = netdev_alloc_skb_ip_align(dev->net, len + ETH_HLEN); 290 if (!skb) 291 goto err; 292 293 /* add an ethernet header */ 294 skb_put(skb, ETH_HLEN); 295 skb_reset_mac_header(skb); 296 eth_hdr(skb)->h_proto = proto; 297 memset(eth_hdr(skb)->h_source, 0, ETH_ALEN); 298 memcpy(eth_hdr(skb)->h_dest, dev->net->dev_addr, ETH_ALEN); 299 300 /* add datagram */ 301 memcpy(skb_put(skb, len), buf, len); 302 303 /* map MBIM session to VLAN */ 304 if (tci) 305 vlan_put_tag(skb, htons(ETH_P_8021Q), tci); 306 err: 307 return skb; 308 } 309 310 static int cdc_mbim_rx_fixup(struct usbnet *dev, struct sk_buff *skb_in) 311 { 312 struct sk_buff *skb; 313 struct cdc_mbim_state *info = (void *)&dev->data; 314 struct cdc_ncm_ctx *ctx = info->ctx; 315 int len; 316 int nframes; 317 int x; 318 int offset; 319 struct usb_cdc_ncm_ndp16 *ndp16; 320 struct usb_cdc_ncm_dpe16 *dpe16; 321 int ndpoffset; 322 int loopcount = 50; /* arbitrary max preventing infinite loop */ 323 u8 *c; 324 u16 tci; 325 326 ndpoffset = cdc_ncm_rx_verify_nth16(ctx, skb_in); 327 if (ndpoffset < 0) 328 goto error; 329 330 next_ndp: 331 nframes = cdc_ncm_rx_verify_ndp16(skb_in, ndpoffset); 332 if (nframes < 0) 333 goto error; 334 335 ndp16 = (struct usb_cdc_ncm_ndp16 *)(skb_in->data + ndpoffset); 336 337 switch (ndp16->dwSignature & cpu_to_le32(0x00ffffff)) { 338 case cpu_to_le32(USB_CDC_MBIM_NDP16_IPS_SIGN): 339 c = (u8 *)&ndp16->dwSignature; 340 tci = c[3]; 341 break; 342 case cpu_to_le32(USB_CDC_MBIM_NDP16_DSS_SIGN): 343 c = (u8 *)&ndp16->dwSignature; 344 tci = c[3] + 256; 345 break; 346 default: 347 netif_dbg(dev, rx_err, dev->net, 348 "unsupported NDP signature <0x%08x>\n", 349 le32_to_cpu(ndp16->dwSignature)); 350 goto err_ndp; 351 352 } 353 354 dpe16 = ndp16->dpe16; 355 for (x = 0; x < nframes; x++, dpe16++) { 356 offset = le16_to_cpu(dpe16->wDatagramIndex); 357 len = le16_to_cpu(dpe16->wDatagramLength); 358 359 /* 360 * CDC NCM ch. 3.7 361 * All entries after first NULL entry are to be ignored 362 */ 363 if ((offset == 0) || (len == 0)) { 364 if (!x) 365 goto err_ndp; /* empty NTB */ 366 break; 367 } 368 369 /* sanity checking */ 370 if (((offset + len) > skb_in->len) || (len > ctx->rx_max)) { 371 netif_dbg(dev, rx_err, dev->net, 372 "invalid frame detected (ignored) offset[%u]=%u, length=%u, skb=%p\n", 373 x, offset, len, skb_in); 374 if (!x) 375 goto err_ndp; 376 break; 377 } else { 378 skb = cdc_mbim_process_dgram(dev, skb_in->data + offset, len, tci); 379 if (!skb) 380 goto error; 381 usbnet_skb_return(dev, skb); 382 } 383 } 384 err_ndp: 385 /* are there more NDPs to process? */ 386 ndpoffset = le16_to_cpu(ndp16->wNextNdpIndex); 387 if (ndpoffset && loopcount--) 388 goto next_ndp; 389 390 return 1; 391 error: 392 return 0; 393 } 394 395 static int cdc_mbim_suspend(struct usb_interface *intf, pm_message_t message) 396 { 397 int ret = -ENODEV; 398 struct usbnet *dev = usb_get_intfdata(intf); 399 struct cdc_mbim_state *info = (void *)&dev->data; 400 struct cdc_ncm_ctx *ctx = info->ctx; 401 402 if (!ctx) 403 goto error; 404 405 /* 406 * Both usbnet_suspend() and subdriver->suspend() MUST return 0 407 * in system sleep context, otherwise, the resume callback has 408 * to recover device from previous suspend failure. 409 */ 410 ret = usbnet_suspend(intf, message); 411 if (ret < 0) 412 goto error; 413 414 if (intf == ctx->control && info->subdriver && info->subdriver->suspend) 415 ret = info->subdriver->suspend(intf, message); 416 if (ret < 0) 417 usbnet_resume(intf); 418 419 error: 420 return ret; 421 } 422 423 static int cdc_mbim_resume(struct usb_interface *intf) 424 { 425 int ret = 0; 426 struct usbnet *dev = usb_get_intfdata(intf); 427 struct cdc_mbim_state *info = (void *)&dev->data; 428 struct cdc_ncm_ctx *ctx = info->ctx; 429 bool callsub = (intf == ctx->control && info->subdriver && info->subdriver->resume); 430 431 if (callsub) 432 ret = info->subdriver->resume(intf); 433 if (ret < 0) 434 goto err; 435 ret = usbnet_resume(intf); 436 if (ret < 0 && callsub) 437 info->subdriver->suspend(intf, PMSG_SUSPEND); 438 err: 439 return ret; 440 } 441 442 static const struct driver_info cdc_mbim_info = { 443 .description = "CDC MBIM", 444 .flags = FLAG_NO_SETINT | FLAG_MULTI_PACKET | FLAG_WWAN, 445 .bind = cdc_mbim_bind, 446 .unbind = cdc_mbim_unbind, 447 .manage_power = cdc_mbim_manage_power, 448 .rx_fixup = cdc_mbim_rx_fixup, 449 .tx_fixup = cdc_mbim_tx_fixup, 450 }; 451 452 /* MBIM and NCM devices should not need a ZLP after NTBs with 453 * dwNtbOutMaxSize length. Nevertheless, a number of devices from 454 * different vendor IDs will fail unless we send ZLPs, forcing us 455 * to make this the default. 456 * 457 * This default may cause a performance penalty for spec conforming 458 * devices wanting to take advantage of optimizations possible without 459 * ZLPs. A whitelist is added in an attempt to avoid this for devices 460 * known to conform to the MBIM specification. 461 * 462 * All known devices supporting NCM compatibility mode are also 463 * conforming to the NCM and MBIM specifications. For this reason, the 464 * NCM subclass entry is also in the ZLP whitelist. 465 */ 466 static const struct driver_info cdc_mbim_info_zlp = { 467 .description = "CDC MBIM", 468 .flags = FLAG_NO_SETINT | FLAG_MULTI_PACKET | FLAG_WWAN | FLAG_SEND_ZLP, 469 .bind = cdc_mbim_bind, 470 .unbind = cdc_mbim_unbind, 471 .manage_power = cdc_mbim_manage_power, 472 .rx_fixup = cdc_mbim_rx_fixup, 473 .tx_fixup = cdc_mbim_tx_fixup, 474 }; 475 476 static const struct usb_device_id mbim_devs[] = { 477 /* This duplicate NCM entry is intentional. MBIM devices can 478 * be disguised as NCM by default, and this is necessary to 479 * allow us to bind the correct driver_info to such devices. 480 * 481 * bind() will sort out this for us, selecting the correct 482 * entry and reject the other 483 */ 484 { USB_INTERFACE_INFO(USB_CLASS_COMM, USB_CDC_SUBCLASS_NCM, USB_CDC_PROTO_NONE), 485 .driver_info = (unsigned long)&cdc_mbim_info, 486 }, 487 /* ZLP conformance whitelist: All Ericsson MBIM devices */ 488 { USB_VENDOR_AND_INTERFACE_INFO(0x0bdb, USB_CLASS_COMM, USB_CDC_SUBCLASS_MBIM, USB_CDC_PROTO_NONE), 489 .driver_info = (unsigned long)&cdc_mbim_info, 490 }, 491 /* default entry */ 492 { USB_INTERFACE_INFO(USB_CLASS_COMM, USB_CDC_SUBCLASS_MBIM, USB_CDC_PROTO_NONE), 493 .driver_info = (unsigned long)&cdc_mbim_info_zlp, 494 }, 495 { 496 }, 497 }; 498 MODULE_DEVICE_TABLE(usb, mbim_devs); 499 500 static struct usb_driver cdc_mbim_driver = { 501 .name = "cdc_mbim", 502 .id_table = mbim_devs, 503 .probe = usbnet_probe, 504 .disconnect = usbnet_disconnect, 505 .suspend = cdc_mbim_suspend, 506 .resume = cdc_mbim_resume, 507 .reset_resume = cdc_mbim_resume, 508 .supports_autosuspend = 1, 509 .disable_hub_initiated_lpm = 1, 510 }; 511 module_usb_driver(cdc_mbim_driver); 512 513 MODULE_AUTHOR("Greg Suarez <gsuarez@smithmicro.com>"); 514 MODULE_AUTHOR("Bjørn Mork <bjorn@mork.no>"); 515 MODULE_DESCRIPTION("USB CDC MBIM host driver"); 516 MODULE_LICENSE("GPL"); 517