1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * f_eem.c -- USB CDC Ethernet (EEM) link function driver 4 * 5 * Copyright (C) 2003-2005,2008 David Brownell 6 * Copyright (C) 2008 Nokia Corporation 7 * Copyright (C) 2009 EF Johnson Technologies 8 */ 9 10 #include <linux/kernel.h> 11 #include <linux/module.h> 12 #include <linux/device.h> 13 #include <linux/etherdevice.h> 14 #include <linux/crc32.h> 15 #include <linux/slab.h> 16 17 #include "u_ether.h" 18 #include "u_ether_configfs.h" 19 #include "u_eem.h" 20 21 #define EEM_HLEN 2 22 23 /* 24 * This function is a "CDC Ethernet Emulation Model" (CDC EEM) 25 * Ethernet link. 26 */ 27 28 struct f_eem { 29 struct gether port; 30 u8 ctrl_id; 31 }; 32 33 static inline struct f_eem *func_to_eem(struct usb_function *f) 34 { 35 return container_of(f, struct f_eem, port.func); 36 } 37 38 /*-------------------------------------------------------------------------*/ 39 40 /* interface descriptor: */ 41 42 static struct usb_interface_descriptor eem_intf = { 43 .bLength = sizeof eem_intf, 44 .bDescriptorType = USB_DT_INTERFACE, 45 46 /* .bInterfaceNumber = DYNAMIC */ 47 .bNumEndpoints = 2, 48 .bInterfaceClass = USB_CLASS_COMM, 49 .bInterfaceSubClass = USB_CDC_SUBCLASS_EEM, 50 .bInterfaceProtocol = USB_CDC_PROTO_EEM, 51 /* .iInterface = DYNAMIC */ 52 }; 53 54 /* full speed support: */ 55 56 static struct usb_endpoint_descriptor eem_fs_in_desc = { 57 .bLength = USB_DT_ENDPOINT_SIZE, 58 .bDescriptorType = USB_DT_ENDPOINT, 59 60 .bEndpointAddress = USB_DIR_IN, 61 .bmAttributes = USB_ENDPOINT_XFER_BULK, 62 }; 63 64 static struct usb_endpoint_descriptor eem_fs_out_desc = { 65 .bLength = USB_DT_ENDPOINT_SIZE, 66 .bDescriptorType = USB_DT_ENDPOINT, 67 68 .bEndpointAddress = USB_DIR_OUT, 69 .bmAttributes = USB_ENDPOINT_XFER_BULK, 70 }; 71 72 static struct usb_descriptor_header *eem_fs_function[] = { 73 /* CDC EEM control descriptors */ 74 (struct usb_descriptor_header *) &eem_intf, 75 (struct usb_descriptor_header *) &eem_fs_in_desc, 76 (struct usb_descriptor_header *) &eem_fs_out_desc, 77 NULL, 78 }; 79 80 /* high speed support: */ 81 82 static struct usb_endpoint_descriptor eem_hs_in_desc = { 83 .bLength = USB_DT_ENDPOINT_SIZE, 84 .bDescriptorType = USB_DT_ENDPOINT, 85 86 .bEndpointAddress = USB_DIR_IN, 87 .bmAttributes = USB_ENDPOINT_XFER_BULK, 88 .wMaxPacketSize = cpu_to_le16(512), 89 }; 90 91 static struct usb_endpoint_descriptor eem_hs_out_desc = { 92 .bLength = USB_DT_ENDPOINT_SIZE, 93 .bDescriptorType = USB_DT_ENDPOINT, 94 95 .bEndpointAddress = USB_DIR_OUT, 96 .bmAttributes = USB_ENDPOINT_XFER_BULK, 97 .wMaxPacketSize = cpu_to_le16(512), 98 }; 99 100 static struct usb_descriptor_header *eem_hs_function[] = { 101 /* CDC EEM control descriptors */ 102 (struct usb_descriptor_header *) &eem_intf, 103 (struct usb_descriptor_header *) &eem_hs_in_desc, 104 (struct usb_descriptor_header *) &eem_hs_out_desc, 105 NULL, 106 }; 107 108 /* super speed support: */ 109 110 static struct usb_endpoint_descriptor eem_ss_in_desc = { 111 .bLength = USB_DT_ENDPOINT_SIZE, 112 .bDescriptorType = USB_DT_ENDPOINT, 113 114 .bEndpointAddress = USB_DIR_IN, 115 .bmAttributes = USB_ENDPOINT_XFER_BULK, 116 .wMaxPacketSize = cpu_to_le16(1024), 117 }; 118 119 static struct usb_endpoint_descriptor eem_ss_out_desc = { 120 .bLength = USB_DT_ENDPOINT_SIZE, 121 .bDescriptorType = USB_DT_ENDPOINT, 122 123 .bEndpointAddress = USB_DIR_OUT, 124 .bmAttributes = USB_ENDPOINT_XFER_BULK, 125 .wMaxPacketSize = cpu_to_le16(1024), 126 }; 127 128 static struct usb_ss_ep_comp_descriptor eem_ss_bulk_comp_desc = { 129 .bLength = sizeof eem_ss_bulk_comp_desc, 130 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 131 132 /* the following 2 values can be tweaked if necessary */ 133 /* .bMaxBurst = 0, */ 134 /* .bmAttributes = 0, */ 135 }; 136 137 static struct usb_descriptor_header *eem_ss_function[] = { 138 /* CDC EEM control descriptors */ 139 (struct usb_descriptor_header *) &eem_intf, 140 (struct usb_descriptor_header *) &eem_ss_in_desc, 141 (struct usb_descriptor_header *) &eem_ss_bulk_comp_desc, 142 (struct usb_descriptor_header *) &eem_ss_out_desc, 143 (struct usb_descriptor_header *) &eem_ss_bulk_comp_desc, 144 NULL, 145 }; 146 147 /* string descriptors: */ 148 149 static struct usb_string eem_string_defs[] = { 150 [0].s = "CDC Ethernet Emulation Model (EEM)", 151 { } /* end of list */ 152 }; 153 154 static struct usb_gadget_strings eem_string_table = { 155 .language = 0x0409, /* en-us */ 156 .strings = eem_string_defs, 157 }; 158 159 static struct usb_gadget_strings *eem_strings[] = { 160 &eem_string_table, 161 NULL, 162 }; 163 164 /*-------------------------------------------------------------------------*/ 165 166 static int eem_setup(struct usb_function *f, const struct usb_ctrlrequest *ctrl) 167 { 168 struct usb_composite_dev *cdev = f->config->cdev; 169 u16 w_index = le16_to_cpu(ctrl->wIndex); 170 u16 w_value = le16_to_cpu(ctrl->wValue); 171 u16 w_length = le16_to_cpu(ctrl->wLength); 172 173 DBG(cdev, "invalid control req%02x.%02x v%04x i%04x l%d\n", 174 ctrl->bRequestType, ctrl->bRequest, 175 w_value, w_index, w_length); 176 177 /* device either stalls (value < 0) or reports success */ 178 return -EOPNOTSUPP; 179 } 180 181 182 static int eem_set_alt(struct usb_function *f, unsigned intf, unsigned alt) 183 { 184 struct f_eem *eem = func_to_eem(f); 185 struct usb_composite_dev *cdev = f->config->cdev; 186 struct net_device *net; 187 188 /* we know alt == 0, so this is an activation or a reset */ 189 if (alt != 0) 190 goto fail; 191 192 if (intf == eem->ctrl_id) { 193 DBG(cdev, "reset eem\n"); 194 gether_disconnect(&eem->port); 195 196 if (!eem->port.in_ep->desc || !eem->port.out_ep->desc) { 197 DBG(cdev, "init eem\n"); 198 if (config_ep_by_speed(cdev->gadget, f, 199 eem->port.in_ep) || 200 config_ep_by_speed(cdev->gadget, f, 201 eem->port.out_ep)) { 202 eem->port.in_ep->desc = NULL; 203 eem->port.out_ep->desc = NULL; 204 goto fail; 205 } 206 } 207 208 /* zlps should not occur because zero-length EEM packets 209 * will be inserted in those cases where they would occur 210 */ 211 eem->port.is_zlp_ok = 1; 212 eem->port.cdc_filter = DEFAULT_FILTER; 213 DBG(cdev, "activate eem\n"); 214 net = gether_connect(&eem->port); 215 if (IS_ERR(net)) 216 return PTR_ERR(net); 217 } else 218 goto fail; 219 220 return 0; 221 fail: 222 return -EINVAL; 223 } 224 225 static void eem_disable(struct usb_function *f) 226 { 227 struct f_eem *eem = func_to_eem(f); 228 struct usb_composite_dev *cdev = f->config->cdev; 229 230 DBG(cdev, "eem deactivated\n"); 231 232 if (eem->port.in_ep->enabled) 233 gether_disconnect(&eem->port); 234 } 235 236 /*-------------------------------------------------------------------------*/ 237 238 /* EEM function driver setup/binding */ 239 240 static int eem_bind(struct usb_configuration *c, struct usb_function *f) 241 { 242 struct usb_composite_dev *cdev = c->cdev; 243 struct f_eem *eem = func_to_eem(f); 244 struct usb_string *us; 245 int status; 246 struct usb_ep *ep; 247 248 struct f_eem_opts *eem_opts; 249 250 eem_opts = container_of(f->fi, struct f_eem_opts, func_inst); 251 /* 252 * in drivers/usb/gadget/configfs.c:configfs_composite_bind() 253 * configurations are bound in sequence with list_for_each_entry, 254 * in each configuration its functions are bound in sequence 255 * with list_for_each_entry, so we assume no race condition 256 * with regard to eem_opts->bound access 257 */ 258 if (!eem_opts->bound) { 259 mutex_lock(&eem_opts->lock); 260 gether_set_gadget(eem_opts->net, cdev->gadget); 261 status = gether_register_netdev(eem_opts->net); 262 mutex_unlock(&eem_opts->lock); 263 if (status) 264 return status; 265 eem_opts->bound = true; 266 } 267 268 us = usb_gstrings_attach(cdev, eem_strings, 269 ARRAY_SIZE(eem_string_defs)); 270 if (IS_ERR(us)) 271 return PTR_ERR(us); 272 eem_intf.iInterface = us[0].id; 273 274 /* allocate instance-specific interface IDs */ 275 status = usb_interface_id(c, f); 276 if (status < 0) 277 goto fail; 278 eem->ctrl_id = status; 279 eem_intf.bInterfaceNumber = status; 280 281 status = -ENODEV; 282 283 /* allocate instance-specific endpoints */ 284 ep = usb_ep_autoconfig(cdev->gadget, &eem_fs_in_desc); 285 if (!ep) 286 goto fail; 287 eem->port.in_ep = ep; 288 289 ep = usb_ep_autoconfig(cdev->gadget, &eem_fs_out_desc); 290 if (!ep) 291 goto fail; 292 eem->port.out_ep = ep; 293 294 status = -ENOMEM; 295 296 /* support all relevant hardware speeds... we expect that when 297 * hardware is dual speed, all bulk-capable endpoints work at 298 * both speeds 299 */ 300 eem_hs_in_desc.bEndpointAddress = eem_fs_in_desc.bEndpointAddress; 301 eem_hs_out_desc.bEndpointAddress = eem_fs_out_desc.bEndpointAddress; 302 303 eem_ss_in_desc.bEndpointAddress = eem_fs_in_desc.bEndpointAddress; 304 eem_ss_out_desc.bEndpointAddress = eem_fs_out_desc.bEndpointAddress; 305 306 status = usb_assign_descriptors(f, eem_fs_function, eem_hs_function, 307 eem_ss_function, NULL); 308 if (status) 309 goto fail; 310 311 DBG(cdev, "CDC Ethernet (EEM): %s speed IN/%s OUT/%s\n", 312 gadget_is_superspeed(c->cdev->gadget) ? "super" : 313 gadget_is_dualspeed(c->cdev->gadget) ? "dual" : "full", 314 eem->port.in_ep->name, eem->port.out_ep->name); 315 return 0; 316 317 fail: 318 ERROR(cdev, "%s: can't bind, err %d\n", f->name, status); 319 320 return status; 321 } 322 323 static void eem_cmd_complete(struct usb_ep *ep, struct usb_request *req) 324 { 325 struct sk_buff *skb = (struct sk_buff *)req->context; 326 327 dev_kfree_skb_any(skb); 328 } 329 330 /* 331 * Add the EEM header and ethernet checksum. 332 * We currently do not attempt to put multiple ethernet frames 333 * into a single USB transfer 334 */ 335 static struct sk_buff *eem_wrap(struct gether *port, struct sk_buff *skb) 336 { 337 struct sk_buff *skb2 = NULL; 338 struct usb_ep *in = port->in_ep; 339 int headroom, tailroom, padlen = 0; 340 u16 len; 341 342 if (!skb) 343 return NULL; 344 345 len = skb->len; 346 headroom = skb_headroom(skb); 347 tailroom = skb_tailroom(skb); 348 349 /* When (len + EEM_HLEN + ETH_FCS_LEN) % in->maxpacket) is 0, 350 * stick two bytes of zero-length EEM packet on the end. 351 */ 352 if (((len + EEM_HLEN + ETH_FCS_LEN) % in->maxpacket) == 0) 353 padlen += 2; 354 355 if ((tailroom >= (ETH_FCS_LEN + padlen)) && 356 (headroom >= EEM_HLEN) && !skb_cloned(skb)) 357 goto done; 358 359 skb2 = skb_copy_expand(skb, EEM_HLEN, ETH_FCS_LEN + padlen, GFP_ATOMIC); 360 dev_kfree_skb_any(skb); 361 skb = skb2; 362 if (!skb) 363 return skb; 364 365 done: 366 /* use the "no CRC" option */ 367 put_unaligned_be32(0xdeadbeef, skb_put(skb, 4)); 368 369 /* EEM packet header format: 370 * b0..13: length of ethernet frame 371 * b14: bmCRC (0 == sentinel CRC) 372 * b15: bmType (0 == data) 373 */ 374 len = skb->len; 375 put_unaligned_le16(len & 0x3FFF, skb_push(skb, 2)); 376 377 /* add a zero-length EEM packet, if needed */ 378 if (padlen) 379 put_unaligned_le16(0, skb_put(skb, 2)); 380 381 return skb; 382 } 383 384 /* 385 * Remove the EEM header. Note that there can be many EEM packets in a single 386 * USB transfer, so we need to break them out and handle them independently. 387 */ 388 static int eem_unwrap(struct gether *port, 389 struct sk_buff *skb, 390 struct sk_buff_head *list) 391 { 392 struct usb_composite_dev *cdev = port->func.config->cdev; 393 int status = 0; 394 395 do { 396 struct sk_buff *skb2; 397 u16 header; 398 u16 len = 0; 399 400 if (skb->len < EEM_HLEN) { 401 status = -EINVAL; 402 DBG(cdev, "invalid EEM header\n"); 403 goto error; 404 } 405 406 /* remove the EEM header */ 407 header = get_unaligned_le16(skb->data); 408 skb_pull(skb, EEM_HLEN); 409 410 /* EEM packet header format: 411 * b0..14: EEM type dependent (data or command) 412 * b15: bmType (0 == data, 1 == command) 413 */ 414 if (header & BIT(15)) { 415 struct usb_request *req = cdev->req; 416 u16 bmEEMCmd; 417 418 /* EEM command packet format: 419 * b0..10: bmEEMCmdParam 420 * b11..13: bmEEMCmd 421 * b14: reserved (must be zero) 422 * b15: bmType (1 == command) 423 */ 424 if (header & BIT(14)) 425 continue; 426 427 bmEEMCmd = (header >> 11) & 0x7; 428 switch (bmEEMCmd) { 429 case 0: /* echo */ 430 len = header & 0x7FF; 431 if (skb->len < len) { 432 status = -EOVERFLOW; 433 goto error; 434 } 435 436 skb2 = skb_clone(skb, GFP_ATOMIC); 437 if (unlikely(!skb2)) { 438 DBG(cdev, "EEM echo response error\n"); 439 goto next; 440 } 441 skb_trim(skb2, len); 442 put_unaligned_le16(BIT(15) | BIT(11) | len, 443 skb_push(skb2, 2)); 444 skb_copy_bits(skb2, 0, req->buf, skb2->len); 445 req->length = skb2->len; 446 req->complete = eem_cmd_complete; 447 req->zero = 1; 448 req->context = skb2; 449 if (usb_ep_queue(port->in_ep, req, GFP_ATOMIC)) 450 DBG(cdev, "echo response queue fail\n"); 451 break; 452 453 case 1: /* echo response */ 454 case 2: /* suspend hint */ 455 case 3: /* response hint */ 456 case 4: /* response complete hint */ 457 case 5: /* tickle */ 458 default: /* reserved */ 459 continue; 460 } 461 } else { 462 u32 crc, crc2; 463 struct sk_buff *skb3; 464 465 /* check for zero-length EEM packet */ 466 if (header == 0) 467 continue; 468 469 /* EEM data packet format: 470 * b0..13: length of ethernet frame 471 * b14: bmCRC (0 == sentinel, 1 == calculated) 472 * b15: bmType (0 == data) 473 */ 474 len = header & 0x3FFF; 475 if ((skb->len < len) 476 || (len < (ETH_HLEN + ETH_FCS_LEN))) { 477 status = -EINVAL; 478 goto error; 479 } 480 481 /* validate CRC */ 482 if (header & BIT(14)) { 483 crc = get_unaligned_le32(skb->data + len 484 - ETH_FCS_LEN); 485 crc2 = ~crc32_le(~0, 486 skb->data, len - ETH_FCS_LEN); 487 } else { 488 crc = get_unaligned_be32(skb->data + len 489 - ETH_FCS_LEN); 490 crc2 = 0xdeadbeef; 491 } 492 if (crc != crc2) { 493 DBG(cdev, "invalid EEM CRC\n"); 494 goto next; 495 } 496 497 skb2 = skb_clone(skb, GFP_ATOMIC); 498 if (unlikely(!skb2)) { 499 DBG(cdev, "unable to unframe EEM packet\n"); 500 continue; 501 } 502 skb_trim(skb2, len - ETH_FCS_LEN); 503 504 skb3 = skb_copy_expand(skb2, 505 NET_IP_ALIGN, 506 0, 507 GFP_ATOMIC); 508 if (unlikely(!skb3)) { 509 dev_kfree_skb_any(skb2); 510 continue; 511 } 512 dev_kfree_skb_any(skb2); 513 skb_queue_tail(list, skb3); 514 } 515 next: 516 skb_pull(skb, len); 517 } while (skb->len); 518 519 error: 520 dev_kfree_skb_any(skb); 521 return status; 522 } 523 524 static inline struct f_eem_opts *to_f_eem_opts(struct config_item *item) 525 { 526 return container_of(to_config_group(item), struct f_eem_opts, 527 func_inst.group); 528 } 529 530 /* f_eem_item_ops */ 531 USB_ETHERNET_CONFIGFS_ITEM(eem); 532 533 /* f_eem_opts_dev_addr */ 534 USB_ETHERNET_CONFIGFS_ITEM_ATTR_DEV_ADDR(eem); 535 536 /* f_eem_opts_host_addr */ 537 USB_ETHERNET_CONFIGFS_ITEM_ATTR_HOST_ADDR(eem); 538 539 /* f_eem_opts_qmult */ 540 USB_ETHERNET_CONFIGFS_ITEM_ATTR_QMULT(eem); 541 542 /* f_eem_opts_ifname */ 543 USB_ETHERNET_CONFIGFS_ITEM_ATTR_IFNAME(eem); 544 545 static struct configfs_attribute *eem_attrs[] = { 546 &eem_opts_attr_dev_addr, 547 &eem_opts_attr_host_addr, 548 &eem_opts_attr_qmult, 549 &eem_opts_attr_ifname, 550 NULL, 551 }; 552 553 static const struct config_item_type eem_func_type = { 554 .ct_item_ops = &eem_item_ops, 555 .ct_attrs = eem_attrs, 556 .ct_owner = THIS_MODULE, 557 }; 558 559 static void eem_free_inst(struct usb_function_instance *f) 560 { 561 struct f_eem_opts *opts; 562 563 opts = container_of(f, struct f_eem_opts, func_inst); 564 if (opts->bound) 565 gether_cleanup(netdev_priv(opts->net)); 566 else 567 free_netdev(opts->net); 568 kfree(opts); 569 } 570 571 static struct usb_function_instance *eem_alloc_inst(void) 572 { 573 struct f_eem_opts *opts; 574 575 opts = kzalloc(sizeof(*opts), GFP_KERNEL); 576 if (!opts) 577 return ERR_PTR(-ENOMEM); 578 mutex_init(&opts->lock); 579 opts->func_inst.free_func_inst = eem_free_inst; 580 opts->net = gether_setup_default(); 581 if (IS_ERR(opts->net)) { 582 struct net_device *net = opts->net; 583 kfree(opts); 584 return ERR_CAST(net); 585 } 586 587 config_group_init_type_name(&opts->func_inst.group, "", &eem_func_type); 588 589 return &opts->func_inst; 590 } 591 592 static void eem_free(struct usb_function *f) 593 { 594 struct f_eem *eem; 595 struct f_eem_opts *opts; 596 597 eem = func_to_eem(f); 598 opts = container_of(f->fi, struct f_eem_opts, func_inst); 599 kfree(eem); 600 mutex_lock(&opts->lock); 601 opts->refcnt--; 602 mutex_unlock(&opts->lock); 603 } 604 605 static void eem_unbind(struct usb_configuration *c, struct usb_function *f) 606 { 607 DBG(c->cdev, "eem unbind\n"); 608 609 usb_free_all_descriptors(f); 610 } 611 612 static struct usb_function *eem_alloc(struct usb_function_instance *fi) 613 { 614 struct f_eem *eem; 615 struct f_eem_opts *opts; 616 617 /* allocate and initialize one new instance */ 618 eem = kzalloc(sizeof(*eem), GFP_KERNEL); 619 if (!eem) 620 return ERR_PTR(-ENOMEM); 621 622 opts = container_of(fi, struct f_eem_opts, func_inst); 623 mutex_lock(&opts->lock); 624 opts->refcnt++; 625 626 eem->port.ioport = netdev_priv(opts->net); 627 mutex_unlock(&opts->lock); 628 eem->port.cdc_filter = DEFAULT_FILTER; 629 630 eem->port.func.name = "cdc_eem"; 631 /* descriptors are per-instance copies */ 632 eem->port.func.bind = eem_bind; 633 eem->port.func.unbind = eem_unbind; 634 eem->port.func.set_alt = eem_set_alt; 635 eem->port.func.setup = eem_setup; 636 eem->port.func.disable = eem_disable; 637 eem->port.func.free_func = eem_free; 638 eem->port.wrap = eem_wrap; 639 eem->port.unwrap = eem_unwrap; 640 eem->port.header_len = EEM_HLEN; 641 642 return &eem->port.func; 643 } 644 645 DECLARE_USB_FUNCTION_INIT(eem, eem_alloc_inst, eem_alloc); 646 MODULE_LICENSE("GPL"); 647 MODULE_AUTHOR("David Brownell"); 648