1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  * f_eem.c -- USB CDC Ethernet (EEM) link function driver
4  *
5  * Copyright (C) 2003-2005,2008 David Brownell
6  * Copyright (C) 2008 Nokia Corporation
7  * Copyright (C) 2009 EF Johnson Technologies
8  */
9 
10 #include <linux/kernel.h>
11 #include <linux/module.h>
12 #include <linux/device.h>
13 #include <linux/etherdevice.h>
14 #include <linux/crc32.h>
15 #include <linux/slab.h>
16 
17 #include "u_ether.h"
18 #include "u_ether_configfs.h"
19 #include "u_eem.h"
20 
21 #define EEM_HLEN 2
22 
23 /*
24  * This function is a "CDC Ethernet Emulation Model" (CDC EEM)
25  * Ethernet link.
26  */
27 
28 struct f_eem {
29 	struct gether			port;
30 	u8				ctrl_id;
31 };
32 
33 static inline struct f_eem *func_to_eem(struct usb_function *f)
34 {
35 	return container_of(f, struct f_eem, port.func);
36 }
37 
38 /*-------------------------------------------------------------------------*/
39 
40 /* interface descriptor: */
41 
42 static struct usb_interface_descriptor eem_intf = {
43 	.bLength =		sizeof eem_intf,
44 	.bDescriptorType =	USB_DT_INTERFACE,
45 
46 	/* .bInterfaceNumber = DYNAMIC */
47 	.bNumEndpoints =	2,
48 	.bInterfaceClass =	USB_CLASS_COMM,
49 	.bInterfaceSubClass =	USB_CDC_SUBCLASS_EEM,
50 	.bInterfaceProtocol =	USB_CDC_PROTO_EEM,
51 	/* .iInterface = DYNAMIC */
52 };
53 
54 /* full speed support: */
55 
56 static struct usb_endpoint_descriptor eem_fs_in_desc = {
57 	.bLength =		USB_DT_ENDPOINT_SIZE,
58 	.bDescriptorType =	USB_DT_ENDPOINT,
59 
60 	.bEndpointAddress =	USB_DIR_IN,
61 	.bmAttributes =		USB_ENDPOINT_XFER_BULK,
62 };
63 
64 static struct usb_endpoint_descriptor eem_fs_out_desc = {
65 	.bLength =		USB_DT_ENDPOINT_SIZE,
66 	.bDescriptorType =	USB_DT_ENDPOINT,
67 
68 	.bEndpointAddress =	USB_DIR_OUT,
69 	.bmAttributes =		USB_ENDPOINT_XFER_BULK,
70 };
71 
72 static struct usb_descriptor_header *eem_fs_function[] = {
73 	/* CDC EEM control descriptors */
74 	(struct usb_descriptor_header *) &eem_intf,
75 	(struct usb_descriptor_header *) &eem_fs_in_desc,
76 	(struct usb_descriptor_header *) &eem_fs_out_desc,
77 	NULL,
78 };
79 
80 /* high speed support: */
81 
82 static struct usb_endpoint_descriptor eem_hs_in_desc = {
83 	.bLength =		USB_DT_ENDPOINT_SIZE,
84 	.bDescriptorType =	USB_DT_ENDPOINT,
85 
86 	.bEndpointAddress =	USB_DIR_IN,
87 	.bmAttributes =		USB_ENDPOINT_XFER_BULK,
88 	.wMaxPacketSize =	cpu_to_le16(512),
89 };
90 
91 static struct usb_endpoint_descriptor eem_hs_out_desc = {
92 	.bLength =		USB_DT_ENDPOINT_SIZE,
93 	.bDescriptorType =	USB_DT_ENDPOINT,
94 
95 	.bEndpointAddress =	USB_DIR_OUT,
96 	.bmAttributes =		USB_ENDPOINT_XFER_BULK,
97 	.wMaxPacketSize =	cpu_to_le16(512),
98 };
99 
100 static struct usb_descriptor_header *eem_hs_function[] = {
101 	/* CDC EEM control descriptors */
102 	(struct usb_descriptor_header *) &eem_intf,
103 	(struct usb_descriptor_header *) &eem_hs_in_desc,
104 	(struct usb_descriptor_header *) &eem_hs_out_desc,
105 	NULL,
106 };
107 
108 /* super speed support: */
109 
110 static struct usb_endpoint_descriptor eem_ss_in_desc = {
111 	.bLength =		USB_DT_ENDPOINT_SIZE,
112 	.bDescriptorType =	USB_DT_ENDPOINT,
113 
114 	.bEndpointAddress =	USB_DIR_IN,
115 	.bmAttributes =		USB_ENDPOINT_XFER_BULK,
116 	.wMaxPacketSize =	cpu_to_le16(1024),
117 };
118 
119 static struct usb_endpoint_descriptor eem_ss_out_desc = {
120 	.bLength =		USB_DT_ENDPOINT_SIZE,
121 	.bDescriptorType =	USB_DT_ENDPOINT,
122 
123 	.bEndpointAddress =	USB_DIR_OUT,
124 	.bmAttributes =		USB_ENDPOINT_XFER_BULK,
125 	.wMaxPacketSize =	cpu_to_le16(1024),
126 };
127 
128 static struct usb_ss_ep_comp_descriptor eem_ss_bulk_comp_desc = {
129 	.bLength =		sizeof eem_ss_bulk_comp_desc,
130 	.bDescriptorType =	USB_DT_SS_ENDPOINT_COMP,
131 
132 	/* the following 2 values can be tweaked if necessary */
133 	/* .bMaxBurst =		0, */
134 	/* .bmAttributes =	0, */
135 };
136 
137 static struct usb_descriptor_header *eem_ss_function[] = {
138 	/* CDC EEM control descriptors */
139 	(struct usb_descriptor_header *) &eem_intf,
140 	(struct usb_descriptor_header *) &eem_ss_in_desc,
141 	(struct usb_descriptor_header *) &eem_ss_bulk_comp_desc,
142 	(struct usb_descriptor_header *) &eem_ss_out_desc,
143 	(struct usb_descriptor_header *) &eem_ss_bulk_comp_desc,
144 	NULL,
145 };
146 
147 /* string descriptors: */
148 
149 static struct usb_string eem_string_defs[] = {
150 	[0].s = "CDC Ethernet Emulation Model (EEM)",
151 	{  } /* end of list */
152 };
153 
154 static struct usb_gadget_strings eem_string_table = {
155 	.language =		0x0409,	/* en-us */
156 	.strings =		eem_string_defs,
157 };
158 
159 static struct usb_gadget_strings *eem_strings[] = {
160 	&eem_string_table,
161 	NULL,
162 };
163 
164 /*-------------------------------------------------------------------------*/
165 
166 static int eem_setup(struct usb_function *f, const struct usb_ctrlrequest *ctrl)
167 {
168 	struct usb_composite_dev *cdev = f->config->cdev;
169 	u16			w_index = le16_to_cpu(ctrl->wIndex);
170 	u16			w_value = le16_to_cpu(ctrl->wValue);
171 	u16			w_length = le16_to_cpu(ctrl->wLength);
172 
173 	DBG(cdev, "invalid control req%02x.%02x v%04x i%04x l%d\n",
174 		ctrl->bRequestType, ctrl->bRequest,
175 		w_value, w_index, w_length);
176 
177 	/* device either stalls (value < 0) or reports success */
178 	return -EOPNOTSUPP;
179 }
180 
181 
182 static int eem_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
183 {
184 	struct f_eem		*eem = func_to_eem(f);
185 	struct usb_composite_dev *cdev = f->config->cdev;
186 	struct net_device	*net;
187 
188 	/* we know alt == 0, so this is an activation or a reset */
189 	if (alt != 0)
190 		goto fail;
191 
192 	if (intf == eem->ctrl_id) {
193 		DBG(cdev, "reset eem\n");
194 		gether_disconnect(&eem->port);
195 
196 		if (!eem->port.in_ep->desc || !eem->port.out_ep->desc) {
197 			DBG(cdev, "init eem\n");
198 			if (config_ep_by_speed(cdev->gadget, f,
199 					       eem->port.in_ep) ||
200 			    config_ep_by_speed(cdev->gadget, f,
201 					       eem->port.out_ep)) {
202 				eem->port.in_ep->desc = NULL;
203 				eem->port.out_ep->desc = NULL;
204 				goto fail;
205 			}
206 		}
207 
208 		/* zlps should not occur because zero-length EEM packets
209 		 * will be inserted in those cases where they would occur
210 		 */
211 		eem->port.is_zlp_ok = 1;
212 		eem->port.cdc_filter = DEFAULT_FILTER;
213 		DBG(cdev, "activate eem\n");
214 		net = gether_connect(&eem->port);
215 		if (IS_ERR(net))
216 			return PTR_ERR(net);
217 	} else
218 		goto fail;
219 
220 	return 0;
221 fail:
222 	return -EINVAL;
223 }
224 
225 static void eem_disable(struct usb_function *f)
226 {
227 	struct f_eem		*eem = func_to_eem(f);
228 	struct usb_composite_dev *cdev = f->config->cdev;
229 
230 	DBG(cdev, "eem deactivated\n");
231 
232 	if (eem->port.in_ep->enabled)
233 		gether_disconnect(&eem->port);
234 }
235 
236 /*-------------------------------------------------------------------------*/
237 
238 /* EEM function driver setup/binding */
239 
240 static int eem_bind(struct usb_configuration *c, struct usb_function *f)
241 {
242 	struct usb_composite_dev *cdev = c->cdev;
243 	struct f_eem		*eem = func_to_eem(f);
244 	struct usb_string	*us;
245 	int			status;
246 	struct usb_ep		*ep;
247 
248 	struct f_eem_opts	*eem_opts;
249 
250 	eem_opts = container_of(f->fi, struct f_eem_opts, func_inst);
251 	/*
252 	 * in drivers/usb/gadget/configfs.c:configfs_composite_bind()
253 	 * configurations are bound in sequence with list_for_each_entry,
254 	 * in each configuration its functions are bound in sequence
255 	 * with list_for_each_entry, so we assume no race condition
256 	 * with regard to eem_opts->bound access
257 	 */
258 	if (!eem_opts->bound) {
259 		mutex_lock(&eem_opts->lock);
260 		gether_set_gadget(eem_opts->net, cdev->gadget);
261 		status = gether_register_netdev(eem_opts->net);
262 		mutex_unlock(&eem_opts->lock);
263 		if (status)
264 			return status;
265 		eem_opts->bound = true;
266 	}
267 
268 	us = usb_gstrings_attach(cdev, eem_strings,
269 				 ARRAY_SIZE(eem_string_defs));
270 	if (IS_ERR(us))
271 		return PTR_ERR(us);
272 	eem_intf.iInterface = us[0].id;
273 
274 	/* allocate instance-specific interface IDs */
275 	status = usb_interface_id(c, f);
276 	if (status < 0)
277 		goto fail;
278 	eem->ctrl_id = status;
279 	eem_intf.bInterfaceNumber = status;
280 
281 	status = -ENODEV;
282 
283 	/* allocate instance-specific endpoints */
284 	ep = usb_ep_autoconfig(cdev->gadget, &eem_fs_in_desc);
285 	if (!ep)
286 		goto fail;
287 	eem->port.in_ep = ep;
288 
289 	ep = usb_ep_autoconfig(cdev->gadget, &eem_fs_out_desc);
290 	if (!ep)
291 		goto fail;
292 	eem->port.out_ep = ep;
293 
294 	/* support all relevant hardware speeds... we expect that when
295 	 * hardware is dual speed, all bulk-capable endpoints work at
296 	 * both speeds
297 	 */
298 	eem_hs_in_desc.bEndpointAddress = eem_fs_in_desc.bEndpointAddress;
299 	eem_hs_out_desc.bEndpointAddress = eem_fs_out_desc.bEndpointAddress;
300 
301 	eem_ss_in_desc.bEndpointAddress = eem_fs_in_desc.bEndpointAddress;
302 	eem_ss_out_desc.bEndpointAddress = eem_fs_out_desc.bEndpointAddress;
303 
304 	status = usb_assign_descriptors(f, eem_fs_function, eem_hs_function,
305 			eem_ss_function, NULL);
306 	if (status)
307 		goto fail;
308 
309 	DBG(cdev, "CDC Ethernet (EEM): %s speed IN/%s OUT/%s\n",
310 			gadget_is_superspeed(c->cdev->gadget) ? "super" :
311 			gadget_is_dualspeed(c->cdev->gadget) ? "dual" : "full",
312 			eem->port.in_ep->name, eem->port.out_ep->name);
313 	return 0;
314 
315 fail:
316 	ERROR(cdev, "%s: can't bind, err %d\n", f->name, status);
317 
318 	return status;
319 }
320 
321 static void eem_cmd_complete(struct usb_ep *ep, struct usb_request *req)
322 {
323 	struct sk_buff *skb = (struct sk_buff *)req->context;
324 
325 	dev_kfree_skb_any(skb);
326 }
327 
328 /*
329  * Add the EEM header and ethernet checksum.
330  * We currently do not attempt to put multiple ethernet frames
331  * into a single USB transfer
332  */
333 static struct sk_buff *eem_wrap(struct gether *port, struct sk_buff *skb)
334 {
335 	struct sk_buff	*skb2 = NULL;
336 	struct usb_ep	*in = port->in_ep;
337 	int		headroom, tailroom, padlen = 0;
338 	u16		len;
339 
340 	if (!skb)
341 		return NULL;
342 
343 	len = skb->len;
344 	headroom = skb_headroom(skb);
345 	tailroom = skb_tailroom(skb);
346 
347 	/* When (len + EEM_HLEN + ETH_FCS_LEN) % in->maxpacket) is 0,
348 	 * stick two bytes of zero-length EEM packet on the end.
349 	 */
350 	if (((len + EEM_HLEN + ETH_FCS_LEN) % in->maxpacket) == 0)
351 		padlen += 2;
352 
353 	if ((tailroom >= (ETH_FCS_LEN + padlen)) &&
354 			(headroom >= EEM_HLEN) && !skb_cloned(skb))
355 		goto done;
356 
357 	skb2 = skb_copy_expand(skb, EEM_HLEN, ETH_FCS_LEN + padlen, GFP_ATOMIC);
358 	dev_kfree_skb_any(skb);
359 	skb = skb2;
360 	if (!skb)
361 		return skb;
362 
363 done:
364 	/* use the "no CRC" option */
365 	put_unaligned_be32(0xdeadbeef, skb_put(skb, 4));
366 
367 	/* EEM packet header format:
368 	 * b0..13:	length of ethernet frame
369 	 * b14:		bmCRC (0 == sentinel CRC)
370 	 * b15:		bmType (0 == data)
371 	 */
372 	len = skb->len;
373 	put_unaligned_le16(len & 0x3FFF, skb_push(skb, 2));
374 
375 	/* add a zero-length EEM packet, if needed */
376 	if (padlen)
377 		put_unaligned_le16(0, skb_put(skb, 2));
378 
379 	return skb;
380 }
381 
382 /*
383  * Remove the EEM header.  Note that there can be many EEM packets in a single
384  * USB transfer, so we need to break them out and handle them independently.
385  */
386 static int eem_unwrap(struct gether *port,
387 			struct sk_buff *skb,
388 			struct sk_buff_head *list)
389 {
390 	struct usb_composite_dev	*cdev = port->func.config->cdev;
391 	int				status = 0;
392 
393 	do {
394 		struct sk_buff	*skb2;
395 		u16		header;
396 		u16		len = 0;
397 
398 		if (skb->len < EEM_HLEN) {
399 			status = -EINVAL;
400 			DBG(cdev, "invalid EEM header\n");
401 			goto error;
402 		}
403 
404 		/* remove the EEM header */
405 		header = get_unaligned_le16(skb->data);
406 		skb_pull(skb, EEM_HLEN);
407 
408 		/* EEM packet header format:
409 		 * b0..14:	EEM type dependent (data or command)
410 		 * b15:		bmType (0 == data, 1 == command)
411 		 */
412 		if (header & BIT(15)) {
413 			struct usb_request	*req = cdev->req;
414 			u16			bmEEMCmd;
415 
416 			/* EEM command packet format:
417 			 * b0..10:	bmEEMCmdParam
418 			 * b11..13:	bmEEMCmd
419 			 * b14:		reserved (must be zero)
420 			 * b15:		bmType (1 == command)
421 			 */
422 			if (header & BIT(14))
423 				continue;
424 
425 			bmEEMCmd = (header >> 11) & 0x7;
426 			switch (bmEEMCmd) {
427 			case 0: /* echo */
428 				len = header & 0x7FF;
429 				if (skb->len < len) {
430 					status = -EOVERFLOW;
431 					goto error;
432 				}
433 
434 				skb2 = skb_clone(skb, GFP_ATOMIC);
435 				if (unlikely(!skb2)) {
436 					DBG(cdev, "EEM echo response error\n");
437 					goto next;
438 				}
439 				skb_trim(skb2, len);
440 				put_unaligned_le16(BIT(15) | BIT(11) | len,
441 							skb_push(skb2, 2));
442 				skb_copy_bits(skb2, 0, req->buf, skb2->len);
443 				req->length = skb2->len;
444 				req->complete = eem_cmd_complete;
445 				req->zero = 1;
446 				req->context = skb2;
447 				if (usb_ep_queue(port->in_ep, req, GFP_ATOMIC))
448 					DBG(cdev, "echo response queue fail\n");
449 				break;
450 
451 			case 1:  /* echo response */
452 			case 2:  /* suspend hint */
453 			case 3:  /* response hint */
454 			case 4:  /* response complete hint */
455 			case 5:  /* tickle */
456 			default: /* reserved */
457 				continue;
458 			}
459 		} else {
460 			u32		crc, crc2;
461 			struct sk_buff	*skb3;
462 
463 			/* check for zero-length EEM packet */
464 			if (header == 0)
465 				continue;
466 
467 			/* EEM data packet format:
468 			 * b0..13:	length of ethernet frame
469 			 * b14:		bmCRC (0 == sentinel, 1 == calculated)
470 			 * b15:		bmType (0 == data)
471 			 */
472 			len = header & 0x3FFF;
473 			if ((skb->len < len)
474 					|| (len < (ETH_HLEN + ETH_FCS_LEN))) {
475 				status = -EINVAL;
476 				goto error;
477 			}
478 
479 			/* validate CRC */
480 			if (header & BIT(14)) {
481 				crc = get_unaligned_le32(skb->data + len
482 							- ETH_FCS_LEN);
483 				crc2 = ~crc32_le(~0,
484 						skb->data, len - ETH_FCS_LEN);
485 			} else {
486 				crc = get_unaligned_be32(skb->data + len
487 							- ETH_FCS_LEN);
488 				crc2 = 0xdeadbeef;
489 			}
490 			if (crc != crc2) {
491 				DBG(cdev, "invalid EEM CRC\n");
492 				goto next;
493 			}
494 
495 			skb2 = skb_clone(skb, GFP_ATOMIC);
496 			if (unlikely(!skb2)) {
497 				DBG(cdev, "unable to unframe EEM packet\n");
498 				continue;
499 			}
500 			skb_trim(skb2, len - ETH_FCS_LEN);
501 
502 			skb3 = skb_copy_expand(skb2,
503 						NET_IP_ALIGN,
504 						0,
505 						GFP_ATOMIC);
506 			if (unlikely(!skb3)) {
507 				dev_kfree_skb_any(skb2);
508 				continue;
509 			}
510 			dev_kfree_skb_any(skb2);
511 			skb_queue_tail(list, skb3);
512 		}
513 next:
514 		skb_pull(skb, len);
515 	} while (skb->len);
516 
517 error:
518 	dev_kfree_skb_any(skb);
519 	return status;
520 }
521 
522 static inline struct f_eem_opts *to_f_eem_opts(struct config_item *item)
523 {
524 	return container_of(to_config_group(item), struct f_eem_opts,
525 			    func_inst.group);
526 }
527 
528 /* f_eem_item_ops */
529 USB_ETHERNET_CONFIGFS_ITEM(eem);
530 
531 /* f_eem_opts_dev_addr */
532 USB_ETHERNET_CONFIGFS_ITEM_ATTR_DEV_ADDR(eem);
533 
534 /* f_eem_opts_host_addr */
535 USB_ETHERNET_CONFIGFS_ITEM_ATTR_HOST_ADDR(eem);
536 
537 /* f_eem_opts_qmult */
538 USB_ETHERNET_CONFIGFS_ITEM_ATTR_QMULT(eem);
539 
540 /* f_eem_opts_ifname */
541 USB_ETHERNET_CONFIGFS_ITEM_ATTR_IFNAME(eem);
542 
543 static struct configfs_attribute *eem_attrs[] = {
544 	&eem_opts_attr_dev_addr,
545 	&eem_opts_attr_host_addr,
546 	&eem_opts_attr_qmult,
547 	&eem_opts_attr_ifname,
548 	NULL,
549 };
550 
551 static const struct config_item_type eem_func_type = {
552 	.ct_item_ops	= &eem_item_ops,
553 	.ct_attrs	= eem_attrs,
554 	.ct_owner	= THIS_MODULE,
555 };
556 
557 static void eem_free_inst(struct usb_function_instance *f)
558 {
559 	struct f_eem_opts *opts;
560 
561 	opts = container_of(f, struct f_eem_opts, func_inst);
562 	if (opts->bound)
563 		gether_cleanup(netdev_priv(opts->net));
564 	else
565 		free_netdev(opts->net);
566 	kfree(opts);
567 }
568 
569 static struct usb_function_instance *eem_alloc_inst(void)
570 {
571 	struct f_eem_opts *opts;
572 
573 	opts = kzalloc(sizeof(*opts), GFP_KERNEL);
574 	if (!opts)
575 		return ERR_PTR(-ENOMEM);
576 	mutex_init(&opts->lock);
577 	opts->func_inst.free_func_inst = eem_free_inst;
578 	opts->net = gether_setup_default();
579 	if (IS_ERR(opts->net)) {
580 		struct net_device *net = opts->net;
581 		kfree(opts);
582 		return ERR_CAST(net);
583 	}
584 
585 	config_group_init_type_name(&opts->func_inst.group, "", &eem_func_type);
586 
587 	return &opts->func_inst;
588 }
589 
590 static void eem_free(struct usb_function *f)
591 {
592 	struct f_eem *eem;
593 	struct f_eem_opts *opts;
594 
595 	eem = func_to_eem(f);
596 	opts = container_of(f->fi, struct f_eem_opts, func_inst);
597 	kfree(eem);
598 	mutex_lock(&opts->lock);
599 	opts->refcnt--;
600 	mutex_unlock(&opts->lock);
601 }
602 
603 static void eem_unbind(struct usb_configuration *c, struct usb_function *f)
604 {
605 	DBG(c->cdev, "eem unbind\n");
606 
607 	usb_free_all_descriptors(f);
608 }
609 
610 static struct usb_function *eem_alloc(struct usb_function_instance *fi)
611 {
612 	struct f_eem	*eem;
613 	struct f_eem_opts *opts;
614 
615 	/* allocate and initialize one new instance */
616 	eem = kzalloc(sizeof(*eem), GFP_KERNEL);
617 	if (!eem)
618 		return ERR_PTR(-ENOMEM);
619 
620 	opts = container_of(fi, struct f_eem_opts, func_inst);
621 	mutex_lock(&opts->lock);
622 	opts->refcnt++;
623 
624 	eem->port.ioport = netdev_priv(opts->net);
625 	mutex_unlock(&opts->lock);
626 	eem->port.cdc_filter = DEFAULT_FILTER;
627 
628 	eem->port.func.name = "cdc_eem";
629 	/* descriptors are per-instance copies */
630 	eem->port.func.bind = eem_bind;
631 	eem->port.func.unbind = eem_unbind;
632 	eem->port.func.set_alt = eem_set_alt;
633 	eem->port.func.setup = eem_setup;
634 	eem->port.func.disable = eem_disable;
635 	eem->port.func.free_func = eem_free;
636 	eem->port.wrap = eem_wrap;
637 	eem->port.unwrap = eem_unwrap;
638 	eem->port.header_len = EEM_HLEN;
639 
640 	return &eem->port.func;
641 }
642 
643 DECLARE_USB_FUNCTION_INIT(eem, eem_alloc_inst, eem_alloc);
644 MODULE_LICENSE("GPL");
645 MODULE_AUTHOR("David Brownell");
646