1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * f_ncm.c -- USB CDC Network (NCM) link function driver 4 * 5 * Copyright (C) 2010 Nokia Corporation 6 * Contact: Yauheni Kaliuta <yauheni.kaliuta@nokia.com> 7 * 8 * The driver borrows from f_ecm.c which is: 9 * 10 * Copyright (C) 2003-2005,2008 David Brownell 11 * Copyright (C) 2008 Nokia Corporation 12 */ 13 14 #include <linux/kernel.h> 15 #include <linux/interrupt.h> 16 #include <linux/module.h> 17 #include <linux/device.h> 18 #include <linux/etherdevice.h> 19 #include <linux/crc32.h> 20 21 #include <linux/usb/cdc.h> 22 23 #include "u_ether.h" 24 #include "u_ether_configfs.h" 25 #include "u_ncm.h" 26 #include "configfs.h" 27 28 /* 29 * This function is a "CDC Network Control Model" (CDC NCM) Ethernet link. 30 * NCM is intended to be used with high-speed network attachments. 31 * 32 * Note that NCM requires the use of "alternate settings" for its data 33 * interface. This means that the set_alt() method has real work to do, 34 * and also means that a get_alt() method is required. 35 */ 36 37 /* to trigger crc/non-crc ndp signature */ 38 39 #define NCM_NDP_HDR_CRC 0x01000000 40 41 enum ncm_notify_state { 42 NCM_NOTIFY_NONE, /* don't notify */ 43 NCM_NOTIFY_CONNECT, /* issue CONNECT next */ 44 NCM_NOTIFY_SPEED, /* issue SPEED_CHANGE next */ 45 }; 46 47 struct f_ncm { 48 struct gether port; 49 u8 ctrl_id, data_id; 50 51 char ethaddr[14]; 52 53 struct usb_ep *notify; 54 struct usb_request *notify_req; 55 u8 notify_state; 56 atomic_t notify_count; 57 bool is_open; 58 59 const struct ndp_parser_opts *parser_opts; 60 bool is_crc; 61 u32 ndp_sign; 62 63 /* 64 * for notification, it is accessed from both 65 * callback and ethernet open/close 66 */ 67 spinlock_t lock; 68 69 struct net_device *netdev; 70 71 /* For multi-frame NDP TX */ 72 struct sk_buff *skb_tx_data; 73 struct sk_buff *skb_tx_ndp; 74 u16 ndp_dgram_count; 75 struct hrtimer task_timer; 76 }; 77 78 static inline struct f_ncm *func_to_ncm(struct usb_function *f) 79 { 80 return container_of(f, struct f_ncm, port.func); 81 } 82 83 /* peak (theoretical) bulk transfer rate in bits-per-second */ 84 static inline unsigned ncm_bitrate(struct usb_gadget *g) 85 { 86 if (!g) 87 return 0; 88 else if (gadget_is_superspeed(g) && g->speed >= USB_SPEED_SUPER_PLUS) 89 return 4250000000U; 90 else if (gadget_is_superspeed(g) && g->speed == USB_SPEED_SUPER) 91 return 3750000000U; 92 else if (gadget_is_dualspeed(g) && g->speed == USB_SPEED_HIGH) 93 return 13 * 512 * 8 * 1000 * 8; 94 else 95 return 19 * 64 * 1 * 1000 * 8; 96 } 97 98 /*-------------------------------------------------------------------------*/ 99 100 /* 101 * We cannot group frames so use just the minimal size which ok to put 102 * one max-size ethernet frame. 103 * If the host can group frames, allow it to do that, 16K is selected, 104 * because it's used by default by the current linux host driver 105 */ 106 #define NTB_DEFAULT_IN_SIZE 16384 107 #define NTB_OUT_SIZE 16384 108 109 /* Allocation for storing the NDP, 32 should suffice for a 110 * 16k packet. This allows a maximum of 32 * 507 Byte packets to 111 * be transmitted in a single 16kB skb, though when sending full size 112 * packets this limit will be plenty. 113 * Smaller packets are not likely to be trying to maximize the 114 * throughput and will be mstly sending smaller infrequent frames. 115 */ 116 #define TX_MAX_NUM_DPE 32 117 118 /* Delay for the transmit to wait before sending an unfilled NTB frame. */ 119 #define TX_TIMEOUT_NSECS 300000 120 121 #define FORMATS_SUPPORTED (USB_CDC_NCM_NTB16_SUPPORTED | \ 122 USB_CDC_NCM_NTB32_SUPPORTED) 123 124 static struct usb_cdc_ncm_ntb_parameters ntb_parameters = { 125 .wLength = cpu_to_le16(sizeof(ntb_parameters)), 126 .bmNtbFormatsSupported = cpu_to_le16(FORMATS_SUPPORTED), 127 .dwNtbInMaxSize = cpu_to_le32(NTB_DEFAULT_IN_SIZE), 128 .wNdpInDivisor = cpu_to_le16(4), 129 .wNdpInPayloadRemainder = cpu_to_le16(0), 130 .wNdpInAlignment = cpu_to_le16(4), 131 132 .dwNtbOutMaxSize = cpu_to_le32(NTB_OUT_SIZE), 133 .wNdpOutDivisor = cpu_to_le16(4), 134 .wNdpOutPayloadRemainder = cpu_to_le16(0), 135 .wNdpOutAlignment = cpu_to_le16(4), 136 }; 137 138 /* 139 * Use wMaxPacketSize big enough to fit CDC_NOTIFY_SPEED_CHANGE in one 140 * packet, to simplify cancellation; and a big transfer interval, to 141 * waste less bandwidth. 142 */ 143 144 #define NCM_STATUS_INTERVAL_MS 32 145 #define NCM_STATUS_BYTECOUNT 16 /* 8 byte header + data */ 146 147 static struct usb_interface_assoc_descriptor ncm_iad_desc = { 148 .bLength = sizeof ncm_iad_desc, 149 .bDescriptorType = USB_DT_INTERFACE_ASSOCIATION, 150 151 /* .bFirstInterface = DYNAMIC, */ 152 .bInterfaceCount = 2, /* control + data */ 153 .bFunctionClass = USB_CLASS_COMM, 154 .bFunctionSubClass = USB_CDC_SUBCLASS_NCM, 155 .bFunctionProtocol = USB_CDC_PROTO_NONE, 156 /* .iFunction = DYNAMIC */ 157 }; 158 159 /* interface descriptor: */ 160 161 static struct usb_interface_descriptor ncm_control_intf = { 162 .bLength = sizeof ncm_control_intf, 163 .bDescriptorType = USB_DT_INTERFACE, 164 165 /* .bInterfaceNumber = DYNAMIC */ 166 .bNumEndpoints = 1, 167 .bInterfaceClass = USB_CLASS_COMM, 168 .bInterfaceSubClass = USB_CDC_SUBCLASS_NCM, 169 .bInterfaceProtocol = USB_CDC_PROTO_NONE, 170 /* .iInterface = DYNAMIC */ 171 }; 172 173 static struct usb_cdc_header_desc ncm_header_desc = { 174 .bLength = sizeof ncm_header_desc, 175 .bDescriptorType = USB_DT_CS_INTERFACE, 176 .bDescriptorSubType = USB_CDC_HEADER_TYPE, 177 178 .bcdCDC = cpu_to_le16(0x0110), 179 }; 180 181 static struct usb_cdc_union_desc ncm_union_desc = { 182 .bLength = sizeof(ncm_union_desc), 183 .bDescriptorType = USB_DT_CS_INTERFACE, 184 .bDescriptorSubType = USB_CDC_UNION_TYPE, 185 /* .bMasterInterface0 = DYNAMIC */ 186 /* .bSlaveInterface0 = DYNAMIC */ 187 }; 188 189 static struct usb_cdc_ether_desc ecm_desc = { 190 .bLength = sizeof ecm_desc, 191 .bDescriptorType = USB_DT_CS_INTERFACE, 192 .bDescriptorSubType = USB_CDC_ETHERNET_TYPE, 193 194 /* this descriptor actually adds value, surprise! */ 195 /* .iMACAddress = DYNAMIC */ 196 .bmEthernetStatistics = cpu_to_le32(0), /* no statistics */ 197 .wMaxSegmentSize = cpu_to_le16(ETH_FRAME_LEN), 198 .wNumberMCFilters = cpu_to_le16(0), 199 .bNumberPowerFilters = 0, 200 }; 201 202 #define NCAPS (USB_CDC_NCM_NCAP_ETH_FILTER | USB_CDC_NCM_NCAP_CRC_MODE) 203 204 static struct usb_cdc_ncm_desc ncm_desc = { 205 .bLength = sizeof ncm_desc, 206 .bDescriptorType = USB_DT_CS_INTERFACE, 207 .bDescriptorSubType = USB_CDC_NCM_TYPE, 208 209 .bcdNcmVersion = cpu_to_le16(0x0100), 210 /* can process SetEthernetPacketFilter */ 211 .bmNetworkCapabilities = NCAPS, 212 }; 213 214 /* the default data interface has no endpoints ... */ 215 216 static struct usb_interface_descriptor ncm_data_nop_intf = { 217 .bLength = sizeof ncm_data_nop_intf, 218 .bDescriptorType = USB_DT_INTERFACE, 219 220 .bInterfaceNumber = 1, 221 .bAlternateSetting = 0, 222 .bNumEndpoints = 0, 223 .bInterfaceClass = USB_CLASS_CDC_DATA, 224 .bInterfaceSubClass = 0, 225 .bInterfaceProtocol = USB_CDC_NCM_PROTO_NTB, 226 /* .iInterface = DYNAMIC */ 227 }; 228 229 /* ... but the "real" data interface has two bulk endpoints */ 230 231 static struct usb_interface_descriptor ncm_data_intf = { 232 .bLength = sizeof ncm_data_intf, 233 .bDescriptorType = USB_DT_INTERFACE, 234 235 .bInterfaceNumber = 1, 236 .bAlternateSetting = 1, 237 .bNumEndpoints = 2, 238 .bInterfaceClass = USB_CLASS_CDC_DATA, 239 .bInterfaceSubClass = 0, 240 .bInterfaceProtocol = USB_CDC_NCM_PROTO_NTB, 241 /* .iInterface = DYNAMIC */ 242 }; 243 244 /* full speed support: */ 245 246 static struct usb_endpoint_descriptor fs_ncm_notify_desc = { 247 .bLength = USB_DT_ENDPOINT_SIZE, 248 .bDescriptorType = USB_DT_ENDPOINT, 249 250 .bEndpointAddress = USB_DIR_IN, 251 .bmAttributes = USB_ENDPOINT_XFER_INT, 252 .wMaxPacketSize = cpu_to_le16(NCM_STATUS_BYTECOUNT), 253 .bInterval = NCM_STATUS_INTERVAL_MS, 254 }; 255 256 static struct usb_endpoint_descriptor fs_ncm_in_desc = { 257 .bLength = USB_DT_ENDPOINT_SIZE, 258 .bDescriptorType = USB_DT_ENDPOINT, 259 260 .bEndpointAddress = USB_DIR_IN, 261 .bmAttributes = USB_ENDPOINT_XFER_BULK, 262 }; 263 264 static struct usb_endpoint_descriptor fs_ncm_out_desc = { 265 .bLength = USB_DT_ENDPOINT_SIZE, 266 .bDescriptorType = USB_DT_ENDPOINT, 267 268 .bEndpointAddress = USB_DIR_OUT, 269 .bmAttributes = USB_ENDPOINT_XFER_BULK, 270 }; 271 272 static struct usb_descriptor_header *ncm_fs_function[] = { 273 (struct usb_descriptor_header *) &ncm_iad_desc, 274 /* CDC NCM control descriptors */ 275 (struct usb_descriptor_header *) &ncm_control_intf, 276 (struct usb_descriptor_header *) &ncm_header_desc, 277 (struct usb_descriptor_header *) &ncm_union_desc, 278 (struct usb_descriptor_header *) &ecm_desc, 279 (struct usb_descriptor_header *) &ncm_desc, 280 (struct usb_descriptor_header *) &fs_ncm_notify_desc, 281 /* data interface, altsettings 0 and 1 */ 282 (struct usb_descriptor_header *) &ncm_data_nop_intf, 283 (struct usb_descriptor_header *) &ncm_data_intf, 284 (struct usb_descriptor_header *) &fs_ncm_in_desc, 285 (struct usb_descriptor_header *) &fs_ncm_out_desc, 286 NULL, 287 }; 288 289 /* high speed support: */ 290 291 static struct usb_endpoint_descriptor hs_ncm_notify_desc = { 292 .bLength = USB_DT_ENDPOINT_SIZE, 293 .bDescriptorType = USB_DT_ENDPOINT, 294 295 .bEndpointAddress = USB_DIR_IN, 296 .bmAttributes = USB_ENDPOINT_XFER_INT, 297 .wMaxPacketSize = cpu_to_le16(NCM_STATUS_BYTECOUNT), 298 .bInterval = USB_MS_TO_HS_INTERVAL(NCM_STATUS_INTERVAL_MS), 299 }; 300 static struct usb_endpoint_descriptor hs_ncm_in_desc = { 301 .bLength = USB_DT_ENDPOINT_SIZE, 302 .bDescriptorType = USB_DT_ENDPOINT, 303 304 .bEndpointAddress = USB_DIR_IN, 305 .bmAttributes = USB_ENDPOINT_XFER_BULK, 306 .wMaxPacketSize = cpu_to_le16(512), 307 }; 308 309 static struct usb_endpoint_descriptor hs_ncm_out_desc = { 310 .bLength = USB_DT_ENDPOINT_SIZE, 311 .bDescriptorType = USB_DT_ENDPOINT, 312 313 .bEndpointAddress = USB_DIR_OUT, 314 .bmAttributes = USB_ENDPOINT_XFER_BULK, 315 .wMaxPacketSize = cpu_to_le16(512), 316 }; 317 318 static struct usb_descriptor_header *ncm_hs_function[] = { 319 (struct usb_descriptor_header *) &ncm_iad_desc, 320 /* CDC NCM control descriptors */ 321 (struct usb_descriptor_header *) &ncm_control_intf, 322 (struct usb_descriptor_header *) &ncm_header_desc, 323 (struct usb_descriptor_header *) &ncm_union_desc, 324 (struct usb_descriptor_header *) &ecm_desc, 325 (struct usb_descriptor_header *) &ncm_desc, 326 (struct usb_descriptor_header *) &hs_ncm_notify_desc, 327 /* data interface, altsettings 0 and 1 */ 328 (struct usb_descriptor_header *) &ncm_data_nop_intf, 329 (struct usb_descriptor_header *) &ncm_data_intf, 330 (struct usb_descriptor_header *) &hs_ncm_in_desc, 331 (struct usb_descriptor_header *) &hs_ncm_out_desc, 332 NULL, 333 }; 334 335 336 /* super speed support: */ 337 338 static struct usb_endpoint_descriptor ss_ncm_notify_desc = { 339 .bLength = USB_DT_ENDPOINT_SIZE, 340 .bDescriptorType = USB_DT_ENDPOINT, 341 342 .bEndpointAddress = USB_DIR_IN, 343 .bmAttributes = USB_ENDPOINT_XFER_INT, 344 .wMaxPacketSize = cpu_to_le16(NCM_STATUS_BYTECOUNT), 345 .bInterval = USB_MS_TO_HS_INTERVAL(NCM_STATUS_INTERVAL_MS) 346 }; 347 348 static struct usb_ss_ep_comp_descriptor ss_ncm_notify_comp_desc = { 349 .bLength = sizeof(ss_ncm_notify_comp_desc), 350 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 351 352 /* the following 3 values can be tweaked if necessary */ 353 /* .bMaxBurst = 0, */ 354 /* .bmAttributes = 0, */ 355 .wBytesPerInterval = cpu_to_le16(NCM_STATUS_BYTECOUNT), 356 }; 357 358 static struct usb_endpoint_descriptor ss_ncm_in_desc = { 359 .bLength = USB_DT_ENDPOINT_SIZE, 360 .bDescriptorType = USB_DT_ENDPOINT, 361 362 .bEndpointAddress = USB_DIR_IN, 363 .bmAttributes = USB_ENDPOINT_XFER_BULK, 364 .wMaxPacketSize = cpu_to_le16(1024), 365 }; 366 367 static struct usb_endpoint_descriptor ss_ncm_out_desc = { 368 .bLength = USB_DT_ENDPOINT_SIZE, 369 .bDescriptorType = USB_DT_ENDPOINT, 370 371 .bEndpointAddress = USB_DIR_OUT, 372 .bmAttributes = USB_ENDPOINT_XFER_BULK, 373 .wMaxPacketSize = cpu_to_le16(1024), 374 }; 375 376 static struct usb_ss_ep_comp_descriptor ss_ncm_bulk_comp_desc = { 377 .bLength = sizeof(ss_ncm_bulk_comp_desc), 378 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 379 380 /* the following 2 values can be tweaked if necessary */ 381 .bMaxBurst = 15, 382 /* .bmAttributes = 0, */ 383 }; 384 385 static struct usb_descriptor_header *ncm_ss_function[] = { 386 (struct usb_descriptor_header *) &ncm_iad_desc, 387 /* CDC NCM control descriptors */ 388 (struct usb_descriptor_header *) &ncm_control_intf, 389 (struct usb_descriptor_header *) &ncm_header_desc, 390 (struct usb_descriptor_header *) &ncm_union_desc, 391 (struct usb_descriptor_header *) &ecm_desc, 392 (struct usb_descriptor_header *) &ncm_desc, 393 (struct usb_descriptor_header *) &ss_ncm_notify_desc, 394 (struct usb_descriptor_header *) &ss_ncm_notify_comp_desc, 395 /* data interface, altsettings 0 and 1 */ 396 (struct usb_descriptor_header *) &ncm_data_nop_intf, 397 (struct usb_descriptor_header *) &ncm_data_intf, 398 (struct usb_descriptor_header *) &ss_ncm_in_desc, 399 (struct usb_descriptor_header *) &ss_ncm_bulk_comp_desc, 400 (struct usb_descriptor_header *) &ss_ncm_out_desc, 401 (struct usb_descriptor_header *) &ss_ncm_bulk_comp_desc, 402 NULL, 403 }; 404 405 /* string descriptors: */ 406 407 #define STRING_CTRL_IDX 0 408 #define STRING_MAC_IDX 1 409 #define STRING_DATA_IDX 2 410 #define STRING_IAD_IDX 3 411 412 static struct usb_string ncm_string_defs[] = { 413 [STRING_CTRL_IDX].s = "CDC Network Control Model (NCM)", 414 [STRING_MAC_IDX].s = "", 415 [STRING_DATA_IDX].s = "CDC Network Data", 416 [STRING_IAD_IDX].s = "CDC NCM", 417 { } /* end of list */ 418 }; 419 420 static struct usb_gadget_strings ncm_string_table = { 421 .language = 0x0409, /* en-us */ 422 .strings = ncm_string_defs, 423 }; 424 425 static struct usb_gadget_strings *ncm_strings[] = { 426 &ncm_string_table, 427 NULL, 428 }; 429 430 /* 431 * Here are options for NCM Datagram Pointer table (NDP) parser. 432 * There are 2 different formats: NDP16 and NDP32 in the spec (ch. 3), 433 * in NDP16 offsets and sizes fields are 1 16bit word wide, 434 * in NDP32 -- 2 16bit words wide. Also signatures are different. 435 * To make the parser code the same, put the differences in the structure, 436 * and switch pointers to the structures when the format is changed. 437 */ 438 439 struct ndp_parser_opts { 440 u32 nth_sign; 441 u32 ndp_sign; 442 unsigned nth_size; 443 unsigned ndp_size; 444 unsigned dpe_size; 445 unsigned ndplen_align; 446 /* sizes in u16 units */ 447 unsigned dgram_item_len; /* index or length */ 448 unsigned block_length; 449 unsigned ndp_index; 450 unsigned reserved1; 451 unsigned reserved2; 452 unsigned next_ndp_index; 453 }; 454 455 static const struct ndp_parser_opts ndp16_opts = { 456 .nth_sign = USB_CDC_NCM_NTH16_SIGN, 457 .ndp_sign = USB_CDC_NCM_NDP16_NOCRC_SIGN, 458 .nth_size = sizeof(struct usb_cdc_ncm_nth16), 459 .ndp_size = sizeof(struct usb_cdc_ncm_ndp16), 460 .dpe_size = sizeof(struct usb_cdc_ncm_dpe16), 461 .ndplen_align = 4, 462 .dgram_item_len = 1, 463 .block_length = 1, 464 .ndp_index = 1, 465 .reserved1 = 0, 466 .reserved2 = 0, 467 .next_ndp_index = 1, 468 }; 469 470 static const struct ndp_parser_opts ndp32_opts = { 471 .nth_sign = USB_CDC_NCM_NTH32_SIGN, 472 .ndp_sign = USB_CDC_NCM_NDP32_NOCRC_SIGN, 473 .nth_size = sizeof(struct usb_cdc_ncm_nth32), 474 .ndp_size = sizeof(struct usb_cdc_ncm_ndp32), 475 .dpe_size = sizeof(struct usb_cdc_ncm_dpe32), 476 .ndplen_align = 8, 477 .dgram_item_len = 2, 478 .block_length = 2, 479 .ndp_index = 2, 480 .reserved1 = 1, 481 .reserved2 = 2, 482 .next_ndp_index = 2, 483 }; 484 485 static inline void put_ncm(__le16 **p, unsigned size, unsigned val) 486 { 487 switch (size) { 488 case 1: 489 put_unaligned_le16((u16)val, *p); 490 break; 491 case 2: 492 put_unaligned_le32((u32)val, *p); 493 494 break; 495 default: 496 BUG(); 497 } 498 499 *p += size; 500 } 501 502 static inline unsigned get_ncm(__le16 **p, unsigned size) 503 { 504 unsigned tmp; 505 506 switch (size) { 507 case 1: 508 tmp = get_unaligned_le16(*p); 509 break; 510 case 2: 511 tmp = get_unaligned_le32(*p); 512 break; 513 default: 514 BUG(); 515 } 516 517 *p += size; 518 return tmp; 519 } 520 521 /*-------------------------------------------------------------------------*/ 522 523 static inline void ncm_reset_values(struct f_ncm *ncm) 524 { 525 ncm->parser_opts = &ndp16_opts; 526 ncm->is_crc = false; 527 ncm->ndp_sign = ncm->parser_opts->ndp_sign; 528 ncm->port.cdc_filter = DEFAULT_FILTER; 529 530 /* doesn't make sense for ncm, fixed size used */ 531 ncm->port.header_len = 0; 532 533 ncm->port.fixed_out_len = le32_to_cpu(ntb_parameters.dwNtbOutMaxSize); 534 ncm->port.fixed_in_len = NTB_DEFAULT_IN_SIZE; 535 } 536 537 /* 538 * Context: ncm->lock held 539 */ 540 static void ncm_do_notify(struct f_ncm *ncm) 541 { 542 struct usb_request *req = ncm->notify_req; 543 struct usb_cdc_notification *event; 544 struct usb_composite_dev *cdev = ncm->port.func.config->cdev; 545 __le32 *data; 546 int status; 547 548 /* notification already in flight? */ 549 if (atomic_read(&ncm->notify_count)) 550 return; 551 552 event = req->buf; 553 switch (ncm->notify_state) { 554 case NCM_NOTIFY_NONE: 555 return; 556 557 case NCM_NOTIFY_CONNECT: 558 event->bNotificationType = USB_CDC_NOTIFY_NETWORK_CONNECTION; 559 if (ncm->is_open) 560 event->wValue = cpu_to_le16(1); 561 else 562 event->wValue = cpu_to_le16(0); 563 event->wLength = 0; 564 req->length = sizeof *event; 565 566 DBG(cdev, "notify connect %s\n", 567 ncm->is_open ? "true" : "false"); 568 ncm->notify_state = NCM_NOTIFY_NONE; 569 break; 570 571 case NCM_NOTIFY_SPEED: 572 event->bNotificationType = USB_CDC_NOTIFY_SPEED_CHANGE; 573 event->wValue = cpu_to_le16(0); 574 event->wLength = cpu_to_le16(8); 575 req->length = NCM_STATUS_BYTECOUNT; 576 577 /* SPEED_CHANGE data is up/down speeds in bits/sec */ 578 data = req->buf + sizeof *event; 579 data[0] = cpu_to_le32(ncm_bitrate(cdev->gadget)); 580 data[1] = data[0]; 581 582 DBG(cdev, "notify speed %u\n", ncm_bitrate(cdev->gadget)); 583 ncm->notify_state = NCM_NOTIFY_CONNECT; 584 break; 585 } 586 event->bmRequestType = 0xA1; 587 event->wIndex = cpu_to_le16(ncm->ctrl_id); 588 589 atomic_inc(&ncm->notify_count); 590 591 /* 592 * In double buffering if there is a space in FIFO, 593 * completion callback can be called right after the call, 594 * so unlocking 595 */ 596 spin_unlock(&ncm->lock); 597 status = usb_ep_queue(ncm->notify, req, GFP_ATOMIC); 598 spin_lock(&ncm->lock); 599 if (status < 0) { 600 atomic_dec(&ncm->notify_count); 601 DBG(cdev, "notify --> %d\n", status); 602 } 603 } 604 605 /* 606 * Context: ncm->lock held 607 */ 608 static void ncm_notify(struct f_ncm *ncm) 609 { 610 /* 611 * NOTE on most versions of Linux, host side cdc-ethernet 612 * won't listen for notifications until its netdevice opens. 613 * The first notification then sits in the FIFO for a long 614 * time, and the second one is queued. 615 * 616 * If ncm_notify() is called before the second (CONNECT) 617 * notification is sent, then it will reset to send the SPEED 618 * notificaion again (and again, and again), but it's not a problem 619 */ 620 ncm->notify_state = NCM_NOTIFY_SPEED; 621 ncm_do_notify(ncm); 622 } 623 624 static void ncm_notify_complete(struct usb_ep *ep, struct usb_request *req) 625 { 626 struct f_ncm *ncm = req->context; 627 struct usb_composite_dev *cdev = ncm->port.func.config->cdev; 628 struct usb_cdc_notification *event = req->buf; 629 630 spin_lock(&ncm->lock); 631 switch (req->status) { 632 case 0: 633 VDBG(cdev, "Notification %02x sent\n", 634 event->bNotificationType); 635 atomic_dec(&ncm->notify_count); 636 break; 637 case -ECONNRESET: 638 case -ESHUTDOWN: 639 atomic_set(&ncm->notify_count, 0); 640 ncm->notify_state = NCM_NOTIFY_NONE; 641 break; 642 default: 643 DBG(cdev, "event %02x --> %d\n", 644 event->bNotificationType, req->status); 645 atomic_dec(&ncm->notify_count); 646 break; 647 } 648 ncm_do_notify(ncm); 649 spin_unlock(&ncm->lock); 650 } 651 652 static void ncm_ep0out_complete(struct usb_ep *ep, struct usb_request *req) 653 { 654 /* now for SET_NTB_INPUT_SIZE only */ 655 unsigned in_size; 656 struct usb_function *f = req->context; 657 struct f_ncm *ncm = func_to_ncm(f); 658 struct usb_composite_dev *cdev = f->config->cdev; 659 660 req->context = NULL; 661 if (req->status || req->actual != req->length) { 662 DBG(cdev, "Bad control-OUT transfer\n"); 663 goto invalid; 664 } 665 666 in_size = get_unaligned_le32(req->buf); 667 if (in_size < USB_CDC_NCM_NTB_MIN_IN_SIZE || 668 in_size > le32_to_cpu(ntb_parameters.dwNtbInMaxSize)) { 669 DBG(cdev, "Got wrong INPUT SIZE (%d) from host\n", in_size); 670 goto invalid; 671 } 672 673 ncm->port.fixed_in_len = in_size; 674 VDBG(cdev, "Set NTB INPUT SIZE %d\n", in_size); 675 return; 676 677 invalid: 678 usb_ep_set_halt(ep); 679 return; 680 } 681 682 static int ncm_setup(struct usb_function *f, const struct usb_ctrlrequest *ctrl) 683 { 684 struct f_ncm *ncm = func_to_ncm(f); 685 struct usb_composite_dev *cdev = f->config->cdev; 686 struct usb_request *req = cdev->req; 687 int value = -EOPNOTSUPP; 688 u16 w_index = le16_to_cpu(ctrl->wIndex); 689 u16 w_value = le16_to_cpu(ctrl->wValue); 690 u16 w_length = le16_to_cpu(ctrl->wLength); 691 692 /* 693 * composite driver infrastructure handles everything except 694 * CDC class messages; interface activation uses set_alt(). 695 */ 696 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) { 697 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 698 | USB_CDC_SET_ETHERNET_PACKET_FILTER: 699 /* 700 * see 6.2.30: no data, wIndex = interface, 701 * wValue = packet filter bitmap 702 */ 703 if (w_length != 0 || w_index != ncm->ctrl_id) 704 goto invalid; 705 DBG(cdev, "packet filter %02x\n", w_value); 706 /* 707 * REVISIT locking of cdc_filter. This assumes the UDC 708 * driver won't have a concurrent packet TX irq running on 709 * another CPU; or that if it does, this write is atomic... 710 */ 711 ncm->port.cdc_filter = w_value; 712 value = 0; 713 break; 714 /* 715 * and optionally: 716 * case USB_CDC_SEND_ENCAPSULATED_COMMAND: 717 * case USB_CDC_GET_ENCAPSULATED_RESPONSE: 718 * case USB_CDC_SET_ETHERNET_MULTICAST_FILTERS: 719 * case USB_CDC_SET_ETHERNET_PM_PATTERN_FILTER: 720 * case USB_CDC_GET_ETHERNET_PM_PATTERN_FILTER: 721 * case USB_CDC_GET_ETHERNET_STATISTIC: 722 */ 723 724 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 725 | USB_CDC_GET_NTB_PARAMETERS: 726 727 if (w_length == 0 || w_value != 0 || w_index != ncm->ctrl_id) 728 goto invalid; 729 value = w_length > sizeof ntb_parameters ? 730 sizeof ntb_parameters : w_length; 731 memcpy(req->buf, &ntb_parameters, value); 732 VDBG(cdev, "Host asked NTB parameters\n"); 733 break; 734 735 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 736 | USB_CDC_GET_NTB_INPUT_SIZE: 737 738 if (w_length < 4 || w_value != 0 || w_index != ncm->ctrl_id) 739 goto invalid; 740 put_unaligned_le32(ncm->port.fixed_in_len, req->buf); 741 value = 4; 742 VDBG(cdev, "Host asked INPUT SIZE, sending %d\n", 743 ncm->port.fixed_in_len); 744 break; 745 746 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 747 | USB_CDC_SET_NTB_INPUT_SIZE: 748 { 749 if (w_length != 4 || w_value != 0 || w_index != ncm->ctrl_id) 750 goto invalid; 751 req->complete = ncm_ep0out_complete; 752 req->length = w_length; 753 req->context = f; 754 755 value = req->length; 756 break; 757 } 758 759 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 760 | USB_CDC_GET_NTB_FORMAT: 761 { 762 uint16_t format; 763 764 if (w_length < 2 || w_value != 0 || w_index != ncm->ctrl_id) 765 goto invalid; 766 format = (ncm->parser_opts == &ndp16_opts) ? 0x0000 : 0x0001; 767 put_unaligned_le16(format, req->buf); 768 value = 2; 769 VDBG(cdev, "Host asked NTB FORMAT, sending %d\n", format); 770 break; 771 } 772 773 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 774 | USB_CDC_SET_NTB_FORMAT: 775 { 776 if (w_length != 0 || w_index != ncm->ctrl_id) 777 goto invalid; 778 switch (w_value) { 779 case 0x0000: 780 ncm->parser_opts = &ndp16_opts; 781 DBG(cdev, "NCM16 selected\n"); 782 break; 783 case 0x0001: 784 ncm->parser_opts = &ndp32_opts; 785 DBG(cdev, "NCM32 selected\n"); 786 break; 787 default: 788 goto invalid; 789 } 790 value = 0; 791 break; 792 } 793 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 794 | USB_CDC_GET_CRC_MODE: 795 { 796 uint16_t is_crc; 797 798 if (w_length < 2 || w_value != 0 || w_index != ncm->ctrl_id) 799 goto invalid; 800 is_crc = ncm->is_crc ? 0x0001 : 0x0000; 801 put_unaligned_le16(is_crc, req->buf); 802 value = 2; 803 VDBG(cdev, "Host asked CRC MODE, sending %d\n", is_crc); 804 break; 805 } 806 807 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 808 | USB_CDC_SET_CRC_MODE: 809 { 810 if (w_length != 0 || w_index != ncm->ctrl_id) 811 goto invalid; 812 switch (w_value) { 813 case 0x0000: 814 ncm->is_crc = false; 815 DBG(cdev, "non-CRC mode selected\n"); 816 break; 817 case 0x0001: 818 ncm->is_crc = true; 819 DBG(cdev, "CRC mode selected\n"); 820 break; 821 default: 822 goto invalid; 823 } 824 value = 0; 825 break; 826 } 827 828 /* and disabled in ncm descriptor: */ 829 /* case USB_CDC_GET_NET_ADDRESS: */ 830 /* case USB_CDC_SET_NET_ADDRESS: */ 831 /* case USB_CDC_GET_MAX_DATAGRAM_SIZE: */ 832 /* case USB_CDC_SET_MAX_DATAGRAM_SIZE: */ 833 834 default: 835 invalid: 836 DBG(cdev, "invalid control req%02x.%02x v%04x i%04x l%d\n", 837 ctrl->bRequestType, ctrl->bRequest, 838 w_value, w_index, w_length); 839 } 840 ncm->ndp_sign = ncm->parser_opts->ndp_sign | 841 (ncm->is_crc ? NCM_NDP_HDR_CRC : 0); 842 843 /* respond with data transfer or status phase? */ 844 if (value >= 0) { 845 DBG(cdev, "ncm req%02x.%02x v%04x i%04x l%d\n", 846 ctrl->bRequestType, ctrl->bRequest, 847 w_value, w_index, w_length); 848 req->zero = 0; 849 req->length = value; 850 value = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC); 851 if (value < 0) 852 ERROR(cdev, "ncm req %02x.%02x response err %d\n", 853 ctrl->bRequestType, ctrl->bRequest, 854 value); 855 } 856 857 /* device either stalls (value < 0) or reports success */ 858 return value; 859 } 860 861 862 static int ncm_set_alt(struct usb_function *f, unsigned intf, unsigned alt) 863 { 864 struct f_ncm *ncm = func_to_ncm(f); 865 struct usb_composite_dev *cdev = f->config->cdev; 866 867 /* Control interface has only altsetting 0 */ 868 if (intf == ncm->ctrl_id) { 869 if (alt != 0) 870 goto fail; 871 872 DBG(cdev, "reset ncm control %d\n", intf); 873 usb_ep_disable(ncm->notify); 874 875 if (!(ncm->notify->desc)) { 876 DBG(cdev, "init ncm ctrl %d\n", intf); 877 if (config_ep_by_speed(cdev->gadget, f, ncm->notify)) 878 goto fail; 879 } 880 usb_ep_enable(ncm->notify); 881 882 /* Data interface has two altsettings, 0 and 1 */ 883 } else if (intf == ncm->data_id) { 884 if (alt > 1) 885 goto fail; 886 887 if (ncm->port.in_ep->enabled) { 888 DBG(cdev, "reset ncm\n"); 889 ncm->netdev = NULL; 890 gether_disconnect(&ncm->port); 891 ncm_reset_values(ncm); 892 } 893 894 /* 895 * CDC Network only sends data in non-default altsettings. 896 * Changing altsettings resets filters, statistics, etc. 897 */ 898 if (alt == 1) { 899 struct net_device *net; 900 901 if (!ncm->port.in_ep->desc || 902 !ncm->port.out_ep->desc) { 903 DBG(cdev, "init ncm\n"); 904 if (config_ep_by_speed(cdev->gadget, f, 905 ncm->port.in_ep) || 906 config_ep_by_speed(cdev->gadget, f, 907 ncm->port.out_ep)) { 908 ncm->port.in_ep->desc = NULL; 909 ncm->port.out_ep->desc = NULL; 910 goto fail; 911 } 912 } 913 914 /* TODO */ 915 /* Enable zlps by default for NCM conformance; 916 * override for musb_hdrc (avoids txdma ovhead) 917 */ 918 ncm->port.is_zlp_ok = 919 gadget_is_zlp_supported(cdev->gadget); 920 ncm->port.cdc_filter = DEFAULT_FILTER; 921 DBG(cdev, "activate ncm\n"); 922 net = gether_connect(&ncm->port); 923 if (IS_ERR(net)) 924 return PTR_ERR(net); 925 ncm->netdev = net; 926 } 927 928 spin_lock(&ncm->lock); 929 ncm_notify(ncm); 930 spin_unlock(&ncm->lock); 931 } else 932 goto fail; 933 934 return 0; 935 fail: 936 return -EINVAL; 937 } 938 939 /* 940 * Because the data interface supports multiple altsettings, 941 * this NCM function *MUST* implement a get_alt() method. 942 */ 943 static int ncm_get_alt(struct usb_function *f, unsigned intf) 944 { 945 struct f_ncm *ncm = func_to_ncm(f); 946 947 if (intf == ncm->ctrl_id) 948 return 0; 949 return ncm->port.in_ep->enabled ? 1 : 0; 950 } 951 952 static struct sk_buff *package_for_tx(struct f_ncm *ncm) 953 { 954 __le16 *ntb_iter; 955 struct sk_buff *skb2 = NULL; 956 unsigned ndp_pad; 957 unsigned ndp_index; 958 unsigned new_len; 959 960 const struct ndp_parser_opts *opts = ncm->parser_opts; 961 const int ndp_align = le16_to_cpu(ntb_parameters.wNdpInAlignment); 962 const int dgram_idx_len = 2 * 2 * opts->dgram_item_len; 963 964 /* Stop the timer */ 965 hrtimer_try_to_cancel(&ncm->task_timer); 966 967 ndp_pad = ALIGN(ncm->skb_tx_data->len, ndp_align) - 968 ncm->skb_tx_data->len; 969 ndp_index = ncm->skb_tx_data->len + ndp_pad; 970 new_len = ndp_index + dgram_idx_len + ncm->skb_tx_ndp->len; 971 972 /* Set the final BlockLength and wNdpIndex */ 973 ntb_iter = (void *) ncm->skb_tx_data->data; 974 /* Increment pointer to BlockLength */ 975 ntb_iter += 2 + 1 + 1; 976 put_ncm(&ntb_iter, opts->block_length, new_len); 977 put_ncm(&ntb_iter, opts->ndp_index, ndp_index); 978 979 /* Set the final NDP wLength */ 980 new_len = opts->ndp_size + 981 (ncm->ndp_dgram_count * dgram_idx_len); 982 ncm->ndp_dgram_count = 0; 983 /* Increment from start to wLength */ 984 ntb_iter = (void *) ncm->skb_tx_ndp->data; 985 ntb_iter += 2; 986 put_unaligned_le16(new_len, ntb_iter); 987 988 /* Merge the skbs */ 989 swap(skb2, ncm->skb_tx_data); 990 if (ncm->skb_tx_data) { 991 dev_consume_skb_any(ncm->skb_tx_data); 992 ncm->skb_tx_data = NULL; 993 } 994 995 /* Insert NDP alignment. */ 996 skb_put_zero(skb2, ndp_pad); 997 998 /* Copy NTB across. */ 999 skb_put_data(skb2, ncm->skb_tx_ndp->data, ncm->skb_tx_ndp->len); 1000 dev_consume_skb_any(ncm->skb_tx_ndp); 1001 ncm->skb_tx_ndp = NULL; 1002 1003 /* Insert zero'd datagram. */ 1004 skb_put_zero(skb2, dgram_idx_len); 1005 1006 return skb2; 1007 } 1008 1009 static struct sk_buff *ncm_wrap_ntb(struct gether *port, 1010 struct sk_buff *skb) 1011 { 1012 struct f_ncm *ncm = func_to_ncm(&port->func); 1013 struct sk_buff *skb2 = NULL; 1014 1015 if (skb) { 1016 int ncb_len = 0; 1017 __le16 *ntb_data; 1018 __le16 *ntb_ndp; 1019 int dgram_pad; 1020 1021 unsigned max_size = ncm->port.fixed_in_len; 1022 const struct ndp_parser_opts *opts = ncm->parser_opts; 1023 const int ndp_align = le16_to_cpu(ntb_parameters.wNdpInAlignment); 1024 const int div = le16_to_cpu(ntb_parameters.wNdpInDivisor); 1025 const int rem = le16_to_cpu(ntb_parameters.wNdpInPayloadRemainder); 1026 const int dgram_idx_len = 2 * 2 * opts->dgram_item_len; 1027 1028 /* Add the CRC if required up front */ 1029 if (ncm->is_crc) { 1030 uint32_t crc; 1031 __le16 *crc_pos; 1032 1033 crc = ~crc32_le(~0, 1034 skb->data, 1035 skb->len); 1036 crc_pos = skb_put(skb, sizeof(uint32_t)); 1037 put_unaligned_le32(crc, crc_pos); 1038 } 1039 1040 /* If the new skb is too big for the current NCM NTB then 1041 * set the current stored skb to be sent now and clear it 1042 * ready for new data. 1043 * NOTE: Assume maximum align for speed of calculation. 1044 */ 1045 if (ncm->skb_tx_data 1046 && (ncm->ndp_dgram_count >= TX_MAX_NUM_DPE 1047 || (ncm->skb_tx_data->len + 1048 div + rem + skb->len + 1049 ncm->skb_tx_ndp->len + ndp_align + (2 * dgram_idx_len)) 1050 > max_size)) { 1051 skb2 = package_for_tx(ncm); 1052 if (!skb2) 1053 goto err; 1054 } 1055 1056 if (!ncm->skb_tx_data) { 1057 ncb_len = opts->nth_size; 1058 dgram_pad = ALIGN(ncb_len, div) + rem - ncb_len; 1059 ncb_len += dgram_pad; 1060 1061 /* Create a new skb for the NTH and datagrams. */ 1062 ncm->skb_tx_data = alloc_skb(max_size, GFP_ATOMIC); 1063 if (!ncm->skb_tx_data) 1064 goto err; 1065 1066 ncm->skb_tx_data->dev = ncm->netdev; 1067 ntb_data = skb_put_zero(ncm->skb_tx_data, ncb_len); 1068 /* dwSignature */ 1069 put_unaligned_le32(opts->nth_sign, ntb_data); 1070 ntb_data += 2; 1071 /* wHeaderLength */ 1072 put_unaligned_le16(opts->nth_size, ntb_data++); 1073 1074 /* Allocate an skb for storing the NDP, 1075 * TX_MAX_NUM_DPE should easily suffice for a 1076 * 16k packet. 1077 */ 1078 ncm->skb_tx_ndp = alloc_skb((int)(opts->ndp_size 1079 + opts->dpe_size 1080 * TX_MAX_NUM_DPE), 1081 GFP_ATOMIC); 1082 if (!ncm->skb_tx_ndp) 1083 goto err; 1084 1085 ncm->skb_tx_ndp->dev = ncm->netdev; 1086 ntb_ndp = skb_put(ncm->skb_tx_ndp, opts->ndp_size); 1087 memset(ntb_ndp, 0, ncb_len); 1088 /* dwSignature */ 1089 put_unaligned_le32(ncm->ndp_sign, ntb_ndp); 1090 ntb_ndp += 2; 1091 1092 /* There is always a zeroed entry */ 1093 ncm->ndp_dgram_count = 1; 1094 1095 /* Note: we skip opts->next_ndp_index */ 1096 1097 /* Start the timer. */ 1098 hrtimer_start(&ncm->task_timer, TX_TIMEOUT_NSECS, 1099 HRTIMER_MODE_REL_SOFT); 1100 } 1101 1102 /* Add the datagram position entries */ 1103 ntb_ndp = skb_put_zero(ncm->skb_tx_ndp, dgram_idx_len); 1104 1105 ncb_len = ncm->skb_tx_data->len; 1106 dgram_pad = ALIGN(ncb_len, div) + rem - ncb_len; 1107 ncb_len += dgram_pad; 1108 1109 /* (d)wDatagramIndex */ 1110 put_ncm(&ntb_ndp, opts->dgram_item_len, ncb_len); 1111 /* (d)wDatagramLength */ 1112 put_ncm(&ntb_ndp, opts->dgram_item_len, skb->len); 1113 ncm->ndp_dgram_count++; 1114 1115 /* Add the new data to the skb */ 1116 skb_put_zero(ncm->skb_tx_data, dgram_pad); 1117 skb_put_data(ncm->skb_tx_data, skb->data, skb->len); 1118 dev_consume_skb_any(skb); 1119 skb = NULL; 1120 1121 } else if (ncm->skb_tx_data) { 1122 /* If we get here ncm_wrap_ntb() was called with NULL skb, 1123 * because eth_start_xmit() was called with NULL skb by 1124 * ncm_tx_timeout() - hence, this is our signal to flush/send. 1125 */ 1126 skb2 = package_for_tx(ncm); 1127 if (!skb2) 1128 goto err; 1129 } 1130 1131 return skb2; 1132 1133 err: 1134 ncm->netdev->stats.tx_dropped++; 1135 1136 if (skb) 1137 dev_kfree_skb_any(skb); 1138 if (ncm->skb_tx_data) 1139 dev_kfree_skb_any(ncm->skb_tx_data); 1140 if (ncm->skb_tx_ndp) 1141 dev_kfree_skb_any(ncm->skb_tx_ndp); 1142 1143 return NULL; 1144 } 1145 1146 /* 1147 * The transmit should only be run if no skb data has been sent 1148 * for a certain duration. 1149 */ 1150 static enum hrtimer_restart ncm_tx_timeout(struct hrtimer *data) 1151 { 1152 struct f_ncm *ncm = container_of(data, struct f_ncm, task_timer); 1153 struct net_device *netdev = READ_ONCE(ncm->netdev); 1154 1155 if (netdev) { 1156 /* XXX This allowance of a NULL skb argument to ndo_start_xmit 1157 * XXX is not sane. The gadget layer should be redesigned so 1158 * XXX that the dev->wrap() invocations to build SKBs is transparent 1159 * XXX and performed in some way outside of the ndo_start_xmit 1160 * XXX interface. 1161 * 1162 * This will call directly into u_ether's eth_start_xmit() 1163 */ 1164 netdev->netdev_ops->ndo_start_xmit(NULL, netdev); 1165 } 1166 return HRTIMER_NORESTART; 1167 } 1168 1169 static int ncm_unwrap_ntb(struct gether *port, 1170 struct sk_buff *skb, 1171 struct sk_buff_head *list) 1172 { 1173 struct f_ncm *ncm = func_to_ncm(&port->func); 1174 __le16 *tmp = (void *) skb->data; 1175 unsigned index, index2; 1176 int ndp_index; 1177 unsigned dg_len, dg_len2; 1178 unsigned ndp_len; 1179 unsigned block_len; 1180 struct sk_buff *skb2; 1181 int ret = -EINVAL; 1182 unsigned ntb_max = le32_to_cpu(ntb_parameters.dwNtbOutMaxSize); 1183 unsigned frame_max = le16_to_cpu(ecm_desc.wMaxSegmentSize); 1184 const struct ndp_parser_opts *opts = ncm->parser_opts; 1185 unsigned crc_len = ncm->is_crc ? sizeof(uint32_t) : 0; 1186 int dgram_counter; 1187 1188 /* dwSignature */ 1189 if (get_unaligned_le32(tmp) != opts->nth_sign) { 1190 INFO(port->func.config->cdev, "Wrong NTH SIGN, skblen %d\n", 1191 skb->len); 1192 print_hex_dump(KERN_INFO, "HEAD:", DUMP_PREFIX_ADDRESS, 32, 1, 1193 skb->data, 32, false); 1194 1195 goto err; 1196 } 1197 tmp += 2; 1198 /* wHeaderLength */ 1199 if (get_unaligned_le16(tmp++) != opts->nth_size) { 1200 INFO(port->func.config->cdev, "Wrong NTB headersize\n"); 1201 goto err; 1202 } 1203 tmp++; /* skip wSequence */ 1204 1205 block_len = get_ncm(&tmp, opts->block_length); 1206 /* (d)wBlockLength */ 1207 if (block_len > ntb_max) { 1208 INFO(port->func.config->cdev, "OUT size exceeded\n"); 1209 goto err; 1210 } 1211 1212 ndp_index = get_ncm(&tmp, opts->ndp_index); 1213 1214 /* Run through all the NDP's in the NTB */ 1215 do { 1216 /* 1217 * NCM 3.2 1218 * dwNdpIndex 1219 */ 1220 if (((ndp_index % 4) != 0) || 1221 (ndp_index < opts->nth_size) || 1222 (ndp_index > (block_len - 1223 opts->ndp_size))) { 1224 INFO(port->func.config->cdev, "Bad index: %#X\n", 1225 ndp_index); 1226 goto err; 1227 } 1228 1229 /* 1230 * walk through NDP 1231 * dwSignature 1232 */ 1233 tmp = (void *)(skb->data + ndp_index); 1234 if (get_unaligned_le32(tmp) != ncm->ndp_sign) { 1235 INFO(port->func.config->cdev, "Wrong NDP SIGN\n"); 1236 goto err; 1237 } 1238 tmp += 2; 1239 1240 ndp_len = get_unaligned_le16(tmp++); 1241 /* 1242 * NCM 3.3.1 1243 * wLength 1244 * entry is 2 items 1245 * item size is 16/32 bits, opts->dgram_item_len * 2 bytes 1246 * minimal: struct usb_cdc_ncm_ndpX + normal entry + zero entry 1247 * Each entry is a dgram index and a dgram length. 1248 */ 1249 if ((ndp_len < opts->ndp_size 1250 + 2 * 2 * (opts->dgram_item_len * 2)) || 1251 (ndp_len % opts->ndplen_align != 0)) { 1252 INFO(port->func.config->cdev, "Bad NDP length: %#X\n", 1253 ndp_len); 1254 goto err; 1255 } 1256 tmp += opts->reserved1; 1257 /* Check for another NDP (d)wNextNdpIndex */ 1258 ndp_index = get_ncm(&tmp, opts->next_ndp_index); 1259 tmp += opts->reserved2; 1260 1261 ndp_len -= opts->ndp_size; 1262 index2 = get_ncm(&tmp, opts->dgram_item_len); 1263 dg_len2 = get_ncm(&tmp, opts->dgram_item_len); 1264 dgram_counter = 0; 1265 1266 do { 1267 index = index2; 1268 /* wDatagramIndex[0] */ 1269 if ((index < opts->nth_size) || 1270 (index > block_len - opts->dpe_size)) { 1271 INFO(port->func.config->cdev, 1272 "Bad index: %#X\n", index); 1273 goto err; 1274 } 1275 1276 dg_len = dg_len2; 1277 /* 1278 * wDatagramLength[0] 1279 * ethernet hdr + crc or larger than max frame size 1280 */ 1281 if ((dg_len < 14 + crc_len) || 1282 (dg_len > frame_max)) { 1283 INFO(port->func.config->cdev, 1284 "Bad dgram length: %#X\n", dg_len); 1285 goto err; 1286 } 1287 if (ncm->is_crc) { 1288 uint32_t crc, crc2; 1289 1290 crc = get_unaligned_le32(skb->data + 1291 index + dg_len - 1292 crc_len); 1293 crc2 = ~crc32_le(~0, 1294 skb->data + index, 1295 dg_len - crc_len); 1296 if (crc != crc2) { 1297 INFO(port->func.config->cdev, 1298 "Bad CRC\n"); 1299 goto err; 1300 } 1301 } 1302 1303 index2 = get_ncm(&tmp, opts->dgram_item_len); 1304 dg_len2 = get_ncm(&tmp, opts->dgram_item_len); 1305 1306 /* wDatagramIndex[1] */ 1307 if (index2 > block_len - opts->dpe_size) { 1308 INFO(port->func.config->cdev, 1309 "Bad index: %#X\n", index2); 1310 goto err; 1311 } 1312 1313 /* 1314 * Copy the data into a new skb. 1315 * This ensures the truesize is correct 1316 */ 1317 skb2 = netdev_alloc_skb_ip_align(ncm->netdev, 1318 dg_len - crc_len); 1319 if (skb2 == NULL) 1320 goto err; 1321 skb_put_data(skb2, skb->data + index, 1322 dg_len - crc_len); 1323 1324 skb_queue_tail(list, skb2); 1325 1326 ndp_len -= 2 * (opts->dgram_item_len * 2); 1327 1328 dgram_counter++; 1329 if (index2 == 0 || dg_len2 == 0) 1330 break; 1331 } while (ndp_len > 2 * (opts->dgram_item_len * 2)); 1332 } while (ndp_index); 1333 1334 dev_consume_skb_any(skb); 1335 1336 VDBG(port->func.config->cdev, 1337 "Parsed NTB with %d frames\n", dgram_counter); 1338 return 0; 1339 err: 1340 skb_queue_purge(list); 1341 dev_kfree_skb_any(skb); 1342 return ret; 1343 } 1344 1345 static void ncm_disable(struct usb_function *f) 1346 { 1347 struct f_ncm *ncm = func_to_ncm(f); 1348 struct usb_composite_dev *cdev = f->config->cdev; 1349 1350 DBG(cdev, "ncm deactivated\n"); 1351 1352 if (ncm->port.in_ep->enabled) { 1353 ncm->netdev = NULL; 1354 gether_disconnect(&ncm->port); 1355 } 1356 1357 if (ncm->notify->enabled) { 1358 usb_ep_disable(ncm->notify); 1359 ncm->notify->desc = NULL; 1360 } 1361 } 1362 1363 /*-------------------------------------------------------------------------*/ 1364 1365 /* 1366 * Callbacks let us notify the host about connect/disconnect when the 1367 * net device is opened or closed. 1368 * 1369 * For testing, note that link states on this side include both opened 1370 * and closed variants of: 1371 * 1372 * - disconnected/unconfigured 1373 * - configured but inactive (data alt 0) 1374 * - configured and active (data alt 1) 1375 * 1376 * Each needs to be tested with unplug, rmmod, SET_CONFIGURATION, and 1377 * SET_INTERFACE (altsetting). Remember also that "configured" doesn't 1378 * imply the host is actually polling the notification endpoint, and 1379 * likewise that "active" doesn't imply it's actually using the data 1380 * endpoints for traffic. 1381 */ 1382 1383 static void ncm_open(struct gether *geth) 1384 { 1385 struct f_ncm *ncm = func_to_ncm(&geth->func); 1386 1387 DBG(ncm->port.func.config->cdev, "%s\n", __func__); 1388 1389 spin_lock(&ncm->lock); 1390 ncm->is_open = true; 1391 ncm_notify(ncm); 1392 spin_unlock(&ncm->lock); 1393 } 1394 1395 static void ncm_close(struct gether *geth) 1396 { 1397 struct f_ncm *ncm = func_to_ncm(&geth->func); 1398 1399 DBG(ncm->port.func.config->cdev, "%s\n", __func__); 1400 1401 spin_lock(&ncm->lock); 1402 ncm->is_open = false; 1403 ncm_notify(ncm); 1404 spin_unlock(&ncm->lock); 1405 } 1406 1407 /*-------------------------------------------------------------------------*/ 1408 1409 /* ethernet function driver setup/binding */ 1410 1411 static int ncm_bind(struct usb_configuration *c, struct usb_function *f) 1412 { 1413 struct usb_composite_dev *cdev = c->cdev; 1414 struct f_ncm *ncm = func_to_ncm(f); 1415 struct usb_string *us; 1416 int status; 1417 struct usb_ep *ep; 1418 struct f_ncm_opts *ncm_opts; 1419 1420 if (!can_support_ecm(cdev->gadget)) 1421 return -EINVAL; 1422 1423 ncm_opts = container_of(f->fi, struct f_ncm_opts, func_inst); 1424 1425 if (cdev->use_os_string) { 1426 f->os_desc_table = kzalloc(sizeof(*f->os_desc_table), 1427 GFP_KERNEL); 1428 if (!f->os_desc_table) 1429 return -ENOMEM; 1430 f->os_desc_n = 1; 1431 f->os_desc_table[0].os_desc = &ncm_opts->ncm_os_desc; 1432 } 1433 1434 /* 1435 * in drivers/usb/gadget/configfs.c:configfs_composite_bind() 1436 * configurations are bound in sequence with list_for_each_entry, 1437 * in each configuration its functions are bound in sequence 1438 * with list_for_each_entry, so we assume no race condition 1439 * with regard to ncm_opts->bound access 1440 */ 1441 if (!ncm_opts->bound) { 1442 mutex_lock(&ncm_opts->lock); 1443 gether_set_gadget(ncm_opts->net, cdev->gadget); 1444 status = gether_register_netdev(ncm_opts->net); 1445 mutex_unlock(&ncm_opts->lock); 1446 if (status) 1447 goto fail; 1448 ncm_opts->bound = true; 1449 } 1450 us = usb_gstrings_attach(cdev, ncm_strings, 1451 ARRAY_SIZE(ncm_string_defs)); 1452 if (IS_ERR(us)) { 1453 status = PTR_ERR(us); 1454 goto fail; 1455 } 1456 ncm_control_intf.iInterface = us[STRING_CTRL_IDX].id; 1457 ncm_data_nop_intf.iInterface = us[STRING_DATA_IDX].id; 1458 ncm_data_intf.iInterface = us[STRING_DATA_IDX].id; 1459 ecm_desc.iMACAddress = us[STRING_MAC_IDX].id; 1460 ncm_iad_desc.iFunction = us[STRING_IAD_IDX].id; 1461 1462 /* allocate instance-specific interface IDs */ 1463 status = usb_interface_id(c, f); 1464 if (status < 0) 1465 goto fail; 1466 ncm->ctrl_id = status; 1467 ncm_iad_desc.bFirstInterface = status; 1468 1469 ncm_control_intf.bInterfaceNumber = status; 1470 ncm_union_desc.bMasterInterface0 = status; 1471 1472 if (cdev->use_os_string) 1473 f->os_desc_table[0].if_id = 1474 ncm_iad_desc.bFirstInterface; 1475 1476 status = usb_interface_id(c, f); 1477 if (status < 0) 1478 goto fail; 1479 ncm->data_id = status; 1480 1481 ncm_data_nop_intf.bInterfaceNumber = status; 1482 ncm_data_intf.bInterfaceNumber = status; 1483 ncm_union_desc.bSlaveInterface0 = status; 1484 1485 status = -ENODEV; 1486 1487 /* allocate instance-specific endpoints */ 1488 ep = usb_ep_autoconfig(cdev->gadget, &fs_ncm_in_desc); 1489 if (!ep) 1490 goto fail; 1491 ncm->port.in_ep = ep; 1492 1493 ep = usb_ep_autoconfig(cdev->gadget, &fs_ncm_out_desc); 1494 if (!ep) 1495 goto fail; 1496 ncm->port.out_ep = ep; 1497 1498 ep = usb_ep_autoconfig(cdev->gadget, &fs_ncm_notify_desc); 1499 if (!ep) 1500 goto fail; 1501 ncm->notify = ep; 1502 1503 status = -ENOMEM; 1504 1505 /* allocate notification request and buffer */ 1506 ncm->notify_req = usb_ep_alloc_request(ep, GFP_KERNEL); 1507 if (!ncm->notify_req) 1508 goto fail; 1509 ncm->notify_req->buf = kmalloc(NCM_STATUS_BYTECOUNT, GFP_KERNEL); 1510 if (!ncm->notify_req->buf) 1511 goto fail; 1512 ncm->notify_req->context = ncm; 1513 ncm->notify_req->complete = ncm_notify_complete; 1514 1515 /* 1516 * support all relevant hardware speeds... we expect that when 1517 * hardware is dual speed, all bulk-capable endpoints work at 1518 * both speeds 1519 */ 1520 hs_ncm_in_desc.bEndpointAddress = fs_ncm_in_desc.bEndpointAddress; 1521 hs_ncm_out_desc.bEndpointAddress = fs_ncm_out_desc.bEndpointAddress; 1522 hs_ncm_notify_desc.bEndpointAddress = 1523 fs_ncm_notify_desc.bEndpointAddress; 1524 1525 ss_ncm_in_desc.bEndpointAddress = fs_ncm_in_desc.bEndpointAddress; 1526 ss_ncm_out_desc.bEndpointAddress = fs_ncm_out_desc.bEndpointAddress; 1527 ss_ncm_notify_desc.bEndpointAddress = 1528 fs_ncm_notify_desc.bEndpointAddress; 1529 1530 status = usb_assign_descriptors(f, ncm_fs_function, ncm_hs_function, 1531 ncm_ss_function, ncm_ss_function); 1532 if (status) 1533 goto fail; 1534 1535 /* 1536 * NOTE: all that is done without knowing or caring about 1537 * the network link ... which is unavailable to this code 1538 * until we're activated via set_alt(). 1539 */ 1540 1541 ncm->port.open = ncm_open; 1542 ncm->port.close = ncm_close; 1543 1544 hrtimer_init(&ncm->task_timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL_SOFT); 1545 ncm->task_timer.function = ncm_tx_timeout; 1546 1547 DBG(cdev, "CDC Network: %s speed IN/%s OUT/%s NOTIFY/%s\n", 1548 gadget_is_superspeed(c->cdev->gadget) ? "super" : 1549 gadget_is_dualspeed(c->cdev->gadget) ? "dual" : "full", 1550 ncm->port.in_ep->name, ncm->port.out_ep->name, 1551 ncm->notify->name); 1552 return 0; 1553 1554 fail: 1555 kfree(f->os_desc_table); 1556 f->os_desc_n = 0; 1557 1558 if (ncm->notify_req) { 1559 kfree(ncm->notify_req->buf); 1560 usb_ep_free_request(ncm->notify, ncm->notify_req); 1561 } 1562 1563 ERROR(cdev, "%s: can't bind, err %d\n", f->name, status); 1564 1565 return status; 1566 } 1567 1568 static inline struct f_ncm_opts *to_f_ncm_opts(struct config_item *item) 1569 { 1570 return container_of(to_config_group(item), struct f_ncm_opts, 1571 func_inst.group); 1572 } 1573 1574 /* f_ncm_item_ops */ 1575 USB_ETHERNET_CONFIGFS_ITEM(ncm); 1576 1577 /* f_ncm_opts_dev_addr */ 1578 USB_ETHERNET_CONFIGFS_ITEM_ATTR_DEV_ADDR(ncm); 1579 1580 /* f_ncm_opts_host_addr */ 1581 USB_ETHERNET_CONFIGFS_ITEM_ATTR_HOST_ADDR(ncm); 1582 1583 /* f_ncm_opts_qmult */ 1584 USB_ETHERNET_CONFIGFS_ITEM_ATTR_QMULT(ncm); 1585 1586 /* f_ncm_opts_ifname */ 1587 USB_ETHERNET_CONFIGFS_ITEM_ATTR_IFNAME(ncm); 1588 1589 static struct configfs_attribute *ncm_attrs[] = { 1590 &ncm_opts_attr_dev_addr, 1591 &ncm_opts_attr_host_addr, 1592 &ncm_opts_attr_qmult, 1593 &ncm_opts_attr_ifname, 1594 NULL, 1595 }; 1596 1597 static const struct config_item_type ncm_func_type = { 1598 .ct_item_ops = &ncm_item_ops, 1599 .ct_attrs = ncm_attrs, 1600 .ct_owner = THIS_MODULE, 1601 }; 1602 1603 static void ncm_free_inst(struct usb_function_instance *f) 1604 { 1605 struct f_ncm_opts *opts; 1606 1607 opts = container_of(f, struct f_ncm_opts, func_inst); 1608 if (opts->bound) 1609 gether_cleanup(netdev_priv(opts->net)); 1610 else 1611 free_netdev(opts->net); 1612 kfree(opts->ncm_interf_group); 1613 kfree(opts); 1614 } 1615 1616 static struct usb_function_instance *ncm_alloc_inst(void) 1617 { 1618 struct f_ncm_opts *opts; 1619 struct usb_os_desc *descs[1]; 1620 char *names[1]; 1621 struct config_group *ncm_interf_group; 1622 1623 opts = kzalloc(sizeof(*opts), GFP_KERNEL); 1624 if (!opts) 1625 return ERR_PTR(-ENOMEM); 1626 opts->ncm_os_desc.ext_compat_id = opts->ncm_ext_compat_id; 1627 1628 mutex_init(&opts->lock); 1629 opts->func_inst.free_func_inst = ncm_free_inst; 1630 opts->net = gether_setup_default(); 1631 if (IS_ERR(opts->net)) { 1632 struct net_device *net = opts->net; 1633 kfree(opts); 1634 return ERR_CAST(net); 1635 } 1636 INIT_LIST_HEAD(&opts->ncm_os_desc.ext_prop); 1637 1638 descs[0] = &opts->ncm_os_desc; 1639 names[0] = "ncm"; 1640 1641 config_group_init_type_name(&opts->func_inst.group, "", &ncm_func_type); 1642 ncm_interf_group = 1643 usb_os_desc_prepare_interf_dir(&opts->func_inst.group, 1, descs, 1644 names, THIS_MODULE); 1645 if (IS_ERR(ncm_interf_group)) { 1646 ncm_free_inst(&opts->func_inst); 1647 return ERR_CAST(ncm_interf_group); 1648 } 1649 opts->ncm_interf_group = ncm_interf_group; 1650 1651 return &opts->func_inst; 1652 } 1653 1654 static void ncm_free(struct usb_function *f) 1655 { 1656 struct f_ncm *ncm; 1657 struct f_ncm_opts *opts; 1658 1659 ncm = func_to_ncm(f); 1660 opts = container_of(f->fi, struct f_ncm_opts, func_inst); 1661 kfree(ncm); 1662 mutex_lock(&opts->lock); 1663 opts->refcnt--; 1664 mutex_unlock(&opts->lock); 1665 } 1666 1667 static void ncm_unbind(struct usb_configuration *c, struct usb_function *f) 1668 { 1669 struct f_ncm *ncm = func_to_ncm(f); 1670 1671 DBG(c->cdev, "ncm unbind\n"); 1672 1673 hrtimer_cancel(&ncm->task_timer); 1674 1675 kfree(f->os_desc_table); 1676 f->os_desc_n = 0; 1677 1678 ncm_string_defs[0].id = 0; 1679 usb_free_all_descriptors(f); 1680 1681 if (atomic_read(&ncm->notify_count)) { 1682 usb_ep_dequeue(ncm->notify, ncm->notify_req); 1683 atomic_set(&ncm->notify_count, 0); 1684 } 1685 1686 kfree(ncm->notify_req->buf); 1687 usb_ep_free_request(ncm->notify, ncm->notify_req); 1688 } 1689 1690 static struct usb_function *ncm_alloc(struct usb_function_instance *fi) 1691 { 1692 struct f_ncm *ncm; 1693 struct f_ncm_opts *opts; 1694 int status; 1695 1696 /* allocate and initialize one new instance */ 1697 ncm = kzalloc(sizeof(*ncm), GFP_KERNEL); 1698 if (!ncm) 1699 return ERR_PTR(-ENOMEM); 1700 1701 opts = container_of(fi, struct f_ncm_opts, func_inst); 1702 mutex_lock(&opts->lock); 1703 opts->refcnt++; 1704 1705 /* export host's Ethernet address in CDC format */ 1706 status = gether_get_host_addr_cdc(opts->net, ncm->ethaddr, 1707 sizeof(ncm->ethaddr)); 1708 if (status < 12) { /* strlen("01234567890a") */ 1709 kfree(ncm); 1710 mutex_unlock(&opts->lock); 1711 return ERR_PTR(-EINVAL); 1712 } 1713 ncm_string_defs[STRING_MAC_IDX].s = ncm->ethaddr; 1714 1715 spin_lock_init(&ncm->lock); 1716 ncm_reset_values(ncm); 1717 ncm->port.ioport = netdev_priv(opts->net); 1718 mutex_unlock(&opts->lock); 1719 ncm->port.is_fixed = true; 1720 ncm->port.supports_multi_frame = true; 1721 1722 ncm->port.func.name = "cdc_network"; 1723 /* descriptors are per-instance copies */ 1724 ncm->port.func.bind = ncm_bind; 1725 ncm->port.func.unbind = ncm_unbind; 1726 ncm->port.func.set_alt = ncm_set_alt; 1727 ncm->port.func.get_alt = ncm_get_alt; 1728 ncm->port.func.setup = ncm_setup; 1729 ncm->port.func.disable = ncm_disable; 1730 ncm->port.func.free_func = ncm_free; 1731 1732 ncm->port.wrap = ncm_wrap_ntb; 1733 ncm->port.unwrap = ncm_unwrap_ntb; 1734 1735 return &ncm->port.func; 1736 } 1737 1738 DECLARE_USB_FUNCTION_INIT(ncm, ncm_alloc_inst, ncm_alloc); 1739 MODULE_LICENSE("GPL"); 1740 MODULE_AUTHOR("Yauheni Kaliuta"); 1741