1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * f_rndis.c -- RNDIS link function driver 4 * 5 * Copyright (C) 2003-2005,2008 David Brownell 6 * Copyright (C) 2003-2004 Robert Schwebel, Benedikt Spranger 7 * Copyright (C) 2008 Nokia Corporation 8 * Copyright (C) 2009 Samsung Electronics 9 * Author: Michal Nazarewicz (mina86@mina86.com) 10 */ 11 12 /* #define VERBOSE_DEBUG */ 13 14 #include <linux/slab.h> 15 #include <linux/kernel.h> 16 #include <linux/module.h> 17 #include <linux/device.h> 18 #include <linux/etherdevice.h> 19 20 #include <linux/atomic.h> 21 22 #include "u_ether.h" 23 #include "u_ether_configfs.h" 24 #include "u_rndis.h" 25 #include "rndis.h" 26 #include "configfs.h" 27 28 /* 29 * This function is an RNDIS Ethernet port -- a Microsoft protocol that's 30 * been promoted instead of the standard CDC Ethernet. The published RNDIS 31 * spec is ambiguous, incomplete, and needlessly complex. Variants such as 32 * ActiveSync have even worse status in terms of specification. 33 * 34 * In short: it's a protocol controlled by (and for) Microsoft, not for an 35 * Open ecosystem or markets. Linux supports it *only* because Microsoft 36 * doesn't support the CDC Ethernet standard. 37 * 38 * The RNDIS data transfer model is complex, with multiple Ethernet packets 39 * per USB message, and out of band data. The control model is built around 40 * what's essentially an "RNDIS RPC" protocol. It's all wrapped in a CDC ACM 41 * (modem, not Ethernet) veneer, with those ACM descriptors being entirely 42 * useless (they're ignored). RNDIS expects to be the only function in its 43 * configuration, so it's no real help if you need composite devices; and 44 * it expects to be the first configuration too. 45 * 46 * There is a single technical advantage of RNDIS over CDC Ethernet, if you 47 * discount the fluff that its RPC can be made to deliver: it doesn't need 48 * a NOP altsetting for the data interface. That lets it work on some of the 49 * "so smart it's stupid" hardware which takes over configuration changes 50 * from the software, and adds restrictions like "no altsettings". 51 * 52 * Unfortunately MSFT's RNDIS drivers are buggy. They hang or oops, and 53 * have all sorts of contrary-to-specification oddities that can prevent 54 * them from working sanely. Since bugfixes (or accurate specs, letting 55 * Linux work around those bugs) are unlikely to ever come from MSFT, you 56 * may want to avoid using RNDIS on purely operational grounds. 57 * 58 * Omissions from the RNDIS 1.0 specification include: 59 * 60 * - Power management ... references data that's scattered around lots 61 * of other documentation, which is incorrect/incomplete there too. 62 * 63 * - There are various undocumented protocol requirements, like the need 64 * to send garbage in some control-OUT messages. 65 * 66 * - MS-Windows drivers sometimes emit undocumented requests. 67 */ 68 69 struct f_rndis { 70 struct gether port; 71 u8 ctrl_id, data_id; 72 u8 ethaddr[ETH_ALEN]; 73 u32 vendorID; 74 const char *manufacturer; 75 struct rndis_params *params; 76 77 struct usb_ep *notify; 78 struct usb_request *notify_req; 79 atomic_t notify_count; 80 }; 81 82 static inline struct f_rndis *func_to_rndis(struct usb_function *f) 83 { 84 return container_of(f, struct f_rndis, port.func); 85 } 86 87 /* peak (theoretical) bulk transfer rate in bits-per-second */ 88 static unsigned int bitrate(struct usb_gadget *g) 89 { 90 if (gadget_is_superspeed(g) && g->speed == USB_SPEED_SUPER) 91 return 13 * 1024 * 8 * 1000 * 8; 92 else if (gadget_is_dualspeed(g) && g->speed == USB_SPEED_HIGH) 93 return 13 * 512 * 8 * 1000 * 8; 94 else 95 return 19 * 64 * 1 * 1000 * 8; 96 } 97 98 /*-------------------------------------------------------------------------*/ 99 100 /* 101 */ 102 103 #define RNDIS_STATUS_INTERVAL_MS 32 104 #define STATUS_BYTECOUNT 8 /* 8 bytes data */ 105 106 107 /* interface descriptor: */ 108 109 static struct usb_interface_descriptor rndis_control_intf = { 110 .bLength = sizeof rndis_control_intf, 111 .bDescriptorType = USB_DT_INTERFACE, 112 113 /* .bInterfaceNumber = DYNAMIC */ 114 /* status endpoint is optional; this could be patched later */ 115 .bNumEndpoints = 1, 116 .bInterfaceClass = USB_CLASS_COMM, 117 .bInterfaceSubClass = USB_CDC_SUBCLASS_ACM, 118 .bInterfaceProtocol = USB_CDC_ACM_PROTO_VENDOR, 119 /* .iInterface = DYNAMIC */ 120 }; 121 122 static struct usb_cdc_header_desc header_desc = { 123 .bLength = sizeof header_desc, 124 .bDescriptorType = USB_DT_CS_INTERFACE, 125 .bDescriptorSubType = USB_CDC_HEADER_TYPE, 126 127 .bcdCDC = cpu_to_le16(0x0110), 128 }; 129 130 static struct usb_cdc_call_mgmt_descriptor call_mgmt_descriptor = { 131 .bLength = sizeof call_mgmt_descriptor, 132 .bDescriptorType = USB_DT_CS_INTERFACE, 133 .bDescriptorSubType = USB_CDC_CALL_MANAGEMENT_TYPE, 134 135 .bmCapabilities = 0x00, 136 .bDataInterface = 0x01, 137 }; 138 139 static struct usb_cdc_acm_descriptor rndis_acm_descriptor = { 140 .bLength = sizeof rndis_acm_descriptor, 141 .bDescriptorType = USB_DT_CS_INTERFACE, 142 .bDescriptorSubType = USB_CDC_ACM_TYPE, 143 144 .bmCapabilities = 0x00, 145 }; 146 147 static struct usb_cdc_union_desc rndis_union_desc = { 148 .bLength = sizeof(rndis_union_desc), 149 .bDescriptorType = USB_DT_CS_INTERFACE, 150 .bDescriptorSubType = USB_CDC_UNION_TYPE, 151 /* .bMasterInterface0 = DYNAMIC */ 152 /* .bSlaveInterface0 = DYNAMIC */ 153 }; 154 155 /* the data interface has two bulk endpoints */ 156 157 static struct usb_interface_descriptor rndis_data_intf = { 158 .bLength = sizeof rndis_data_intf, 159 .bDescriptorType = USB_DT_INTERFACE, 160 161 /* .bInterfaceNumber = DYNAMIC */ 162 .bNumEndpoints = 2, 163 .bInterfaceClass = USB_CLASS_CDC_DATA, 164 .bInterfaceSubClass = 0, 165 .bInterfaceProtocol = 0, 166 /* .iInterface = DYNAMIC */ 167 }; 168 169 170 static struct usb_interface_assoc_descriptor 171 rndis_iad_descriptor = { 172 .bLength = sizeof rndis_iad_descriptor, 173 .bDescriptorType = USB_DT_INTERFACE_ASSOCIATION, 174 175 .bFirstInterface = 0, /* XXX, hardcoded */ 176 .bInterfaceCount = 2, // control + data 177 .bFunctionClass = USB_CLASS_COMM, 178 .bFunctionSubClass = USB_CDC_SUBCLASS_ETHERNET, 179 .bFunctionProtocol = USB_CDC_PROTO_NONE, 180 /* .iFunction = DYNAMIC */ 181 }; 182 183 /* full speed support: */ 184 185 static struct usb_endpoint_descriptor fs_notify_desc = { 186 .bLength = USB_DT_ENDPOINT_SIZE, 187 .bDescriptorType = USB_DT_ENDPOINT, 188 189 .bEndpointAddress = USB_DIR_IN, 190 .bmAttributes = USB_ENDPOINT_XFER_INT, 191 .wMaxPacketSize = cpu_to_le16(STATUS_BYTECOUNT), 192 .bInterval = RNDIS_STATUS_INTERVAL_MS, 193 }; 194 195 static struct usb_endpoint_descriptor fs_in_desc = { 196 .bLength = USB_DT_ENDPOINT_SIZE, 197 .bDescriptorType = USB_DT_ENDPOINT, 198 199 .bEndpointAddress = USB_DIR_IN, 200 .bmAttributes = USB_ENDPOINT_XFER_BULK, 201 }; 202 203 static struct usb_endpoint_descriptor fs_out_desc = { 204 .bLength = USB_DT_ENDPOINT_SIZE, 205 .bDescriptorType = USB_DT_ENDPOINT, 206 207 .bEndpointAddress = USB_DIR_OUT, 208 .bmAttributes = USB_ENDPOINT_XFER_BULK, 209 }; 210 211 static struct usb_descriptor_header *eth_fs_function[] = { 212 (struct usb_descriptor_header *) &rndis_iad_descriptor, 213 214 /* control interface matches ACM, not Ethernet */ 215 (struct usb_descriptor_header *) &rndis_control_intf, 216 (struct usb_descriptor_header *) &header_desc, 217 (struct usb_descriptor_header *) &call_mgmt_descriptor, 218 (struct usb_descriptor_header *) &rndis_acm_descriptor, 219 (struct usb_descriptor_header *) &rndis_union_desc, 220 (struct usb_descriptor_header *) &fs_notify_desc, 221 222 /* data interface has no altsetting */ 223 (struct usb_descriptor_header *) &rndis_data_intf, 224 (struct usb_descriptor_header *) &fs_in_desc, 225 (struct usb_descriptor_header *) &fs_out_desc, 226 NULL, 227 }; 228 229 /* high speed support: */ 230 231 static struct usb_endpoint_descriptor hs_notify_desc = { 232 .bLength = USB_DT_ENDPOINT_SIZE, 233 .bDescriptorType = USB_DT_ENDPOINT, 234 235 .bEndpointAddress = USB_DIR_IN, 236 .bmAttributes = USB_ENDPOINT_XFER_INT, 237 .wMaxPacketSize = cpu_to_le16(STATUS_BYTECOUNT), 238 .bInterval = USB_MS_TO_HS_INTERVAL(RNDIS_STATUS_INTERVAL_MS) 239 }; 240 241 static struct usb_endpoint_descriptor hs_in_desc = { 242 .bLength = USB_DT_ENDPOINT_SIZE, 243 .bDescriptorType = USB_DT_ENDPOINT, 244 245 .bEndpointAddress = USB_DIR_IN, 246 .bmAttributes = USB_ENDPOINT_XFER_BULK, 247 .wMaxPacketSize = cpu_to_le16(512), 248 }; 249 250 static struct usb_endpoint_descriptor hs_out_desc = { 251 .bLength = USB_DT_ENDPOINT_SIZE, 252 .bDescriptorType = USB_DT_ENDPOINT, 253 254 .bEndpointAddress = USB_DIR_OUT, 255 .bmAttributes = USB_ENDPOINT_XFER_BULK, 256 .wMaxPacketSize = cpu_to_le16(512), 257 }; 258 259 static struct usb_descriptor_header *eth_hs_function[] = { 260 (struct usb_descriptor_header *) &rndis_iad_descriptor, 261 262 /* control interface matches ACM, not Ethernet */ 263 (struct usb_descriptor_header *) &rndis_control_intf, 264 (struct usb_descriptor_header *) &header_desc, 265 (struct usb_descriptor_header *) &call_mgmt_descriptor, 266 (struct usb_descriptor_header *) &rndis_acm_descriptor, 267 (struct usb_descriptor_header *) &rndis_union_desc, 268 (struct usb_descriptor_header *) &hs_notify_desc, 269 270 /* data interface has no altsetting */ 271 (struct usb_descriptor_header *) &rndis_data_intf, 272 (struct usb_descriptor_header *) &hs_in_desc, 273 (struct usb_descriptor_header *) &hs_out_desc, 274 NULL, 275 }; 276 277 /* super speed support: */ 278 279 static struct usb_endpoint_descriptor ss_notify_desc = { 280 .bLength = USB_DT_ENDPOINT_SIZE, 281 .bDescriptorType = USB_DT_ENDPOINT, 282 283 .bEndpointAddress = USB_DIR_IN, 284 .bmAttributes = USB_ENDPOINT_XFER_INT, 285 .wMaxPacketSize = cpu_to_le16(STATUS_BYTECOUNT), 286 .bInterval = USB_MS_TO_HS_INTERVAL(RNDIS_STATUS_INTERVAL_MS) 287 }; 288 289 static struct usb_ss_ep_comp_descriptor ss_intr_comp_desc = { 290 .bLength = sizeof ss_intr_comp_desc, 291 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 292 293 /* the following 3 values can be tweaked if necessary */ 294 /* .bMaxBurst = 0, */ 295 /* .bmAttributes = 0, */ 296 .wBytesPerInterval = cpu_to_le16(STATUS_BYTECOUNT), 297 }; 298 299 static struct usb_endpoint_descriptor ss_in_desc = { 300 .bLength = USB_DT_ENDPOINT_SIZE, 301 .bDescriptorType = USB_DT_ENDPOINT, 302 303 .bEndpointAddress = USB_DIR_IN, 304 .bmAttributes = USB_ENDPOINT_XFER_BULK, 305 .wMaxPacketSize = cpu_to_le16(1024), 306 }; 307 308 static struct usb_endpoint_descriptor ss_out_desc = { 309 .bLength = USB_DT_ENDPOINT_SIZE, 310 .bDescriptorType = USB_DT_ENDPOINT, 311 312 .bEndpointAddress = USB_DIR_OUT, 313 .bmAttributes = USB_ENDPOINT_XFER_BULK, 314 .wMaxPacketSize = cpu_to_le16(1024), 315 }; 316 317 static struct usb_ss_ep_comp_descriptor ss_bulk_comp_desc = { 318 .bLength = sizeof ss_bulk_comp_desc, 319 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 320 321 /* the following 2 values can be tweaked if necessary */ 322 /* .bMaxBurst = 0, */ 323 /* .bmAttributes = 0, */ 324 }; 325 326 static struct usb_descriptor_header *eth_ss_function[] = { 327 (struct usb_descriptor_header *) &rndis_iad_descriptor, 328 329 /* control interface matches ACM, not Ethernet */ 330 (struct usb_descriptor_header *) &rndis_control_intf, 331 (struct usb_descriptor_header *) &header_desc, 332 (struct usb_descriptor_header *) &call_mgmt_descriptor, 333 (struct usb_descriptor_header *) &rndis_acm_descriptor, 334 (struct usb_descriptor_header *) &rndis_union_desc, 335 (struct usb_descriptor_header *) &ss_notify_desc, 336 (struct usb_descriptor_header *) &ss_intr_comp_desc, 337 338 /* data interface has no altsetting */ 339 (struct usb_descriptor_header *) &rndis_data_intf, 340 (struct usb_descriptor_header *) &ss_in_desc, 341 (struct usb_descriptor_header *) &ss_bulk_comp_desc, 342 (struct usb_descriptor_header *) &ss_out_desc, 343 (struct usb_descriptor_header *) &ss_bulk_comp_desc, 344 NULL, 345 }; 346 347 /* string descriptors: */ 348 349 static struct usb_string rndis_string_defs[] = { 350 [0].s = "RNDIS Communications Control", 351 [1].s = "RNDIS Ethernet Data", 352 [2].s = "RNDIS", 353 { } /* end of list */ 354 }; 355 356 static struct usb_gadget_strings rndis_string_table = { 357 .language = 0x0409, /* en-us */ 358 .strings = rndis_string_defs, 359 }; 360 361 static struct usb_gadget_strings *rndis_strings[] = { 362 &rndis_string_table, 363 NULL, 364 }; 365 366 /*-------------------------------------------------------------------------*/ 367 368 static struct sk_buff *rndis_add_header(struct gether *port, 369 struct sk_buff *skb) 370 { 371 struct sk_buff *skb2; 372 373 if (!skb) 374 return NULL; 375 376 skb2 = skb_realloc_headroom(skb, sizeof(struct rndis_packet_msg_type)); 377 rndis_add_hdr(skb2); 378 379 dev_kfree_skb(skb); 380 return skb2; 381 } 382 383 static void rndis_response_available(void *_rndis) 384 { 385 struct f_rndis *rndis = _rndis; 386 struct usb_request *req = rndis->notify_req; 387 struct usb_composite_dev *cdev = rndis->port.func.config->cdev; 388 __le32 *data = req->buf; 389 int status; 390 391 if (atomic_inc_return(&rndis->notify_count) != 1) 392 return; 393 394 /* Send RNDIS RESPONSE_AVAILABLE notification; a 395 * USB_CDC_NOTIFY_RESPONSE_AVAILABLE "should" work too 396 * 397 * This is the only notification defined by RNDIS. 398 */ 399 data[0] = cpu_to_le32(1); 400 data[1] = cpu_to_le32(0); 401 402 status = usb_ep_queue(rndis->notify, req, GFP_ATOMIC); 403 if (status) { 404 atomic_dec(&rndis->notify_count); 405 DBG(cdev, "notify/0 --> %d\n", status); 406 } 407 } 408 409 static void rndis_response_complete(struct usb_ep *ep, struct usb_request *req) 410 { 411 struct f_rndis *rndis = req->context; 412 struct usb_composite_dev *cdev = rndis->port.func.config->cdev; 413 int status = req->status; 414 415 /* after TX: 416 * - USB_CDC_GET_ENCAPSULATED_RESPONSE (ep0/control) 417 * - RNDIS_RESPONSE_AVAILABLE (status/irq) 418 */ 419 switch (status) { 420 case -ECONNRESET: 421 case -ESHUTDOWN: 422 /* connection gone */ 423 atomic_set(&rndis->notify_count, 0); 424 break; 425 default: 426 DBG(cdev, "RNDIS %s response error %d, %d/%d\n", 427 ep->name, status, 428 req->actual, req->length); 429 fallthrough; 430 case 0: 431 if (ep != rndis->notify) 432 break; 433 434 /* handle multiple pending RNDIS_RESPONSE_AVAILABLE 435 * notifications by resending until we're done 436 */ 437 if (atomic_dec_and_test(&rndis->notify_count)) 438 break; 439 status = usb_ep_queue(rndis->notify, req, GFP_ATOMIC); 440 if (status) { 441 atomic_dec(&rndis->notify_count); 442 DBG(cdev, "notify/1 --> %d\n", status); 443 } 444 break; 445 } 446 } 447 448 static void rndis_command_complete(struct usb_ep *ep, struct usb_request *req) 449 { 450 struct f_rndis *rndis = req->context; 451 int status; 452 453 /* received RNDIS command from USB_CDC_SEND_ENCAPSULATED_COMMAND */ 454 // spin_lock(&dev->lock); 455 status = rndis_msg_parser(rndis->params, (u8 *) req->buf); 456 if (status < 0) 457 pr_err("RNDIS command error %d, %d/%d\n", 458 status, req->actual, req->length); 459 // spin_unlock(&dev->lock); 460 } 461 462 static int 463 rndis_setup(struct usb_function *f, const struct usb_ctrlrequest *ctrl) 464 { 465 struct f_rndis *rndis = func_to_rndis(f); 466 struct usb_composite_dev *cdev = f->config->cdev; 467 struct usb_request *req = cdev->req; 468 int value = -EOPNOTSUPP; 469 u16 w_index = le16_to_cpu(ctrl->wIndex); 470 u16 w_value = le16_to_cpu(ctrl->wValue); 471 u16 w_length = le16_to_cpu(ctrl->wLength); 472 473 /* composite driver infrastructure handles everything except 474 * CDC class messages; interface activation uses set_alt(). 475 */ 476 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) { 477 478 /* RNDIS uses the CDC command encapsulation mechanism to implement 479 * an RPC scheme, with much getting/setting of attributes by OID. 480 */ 481 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 482 | USB_CDC_SEND_ENCAPSULATED_COMMAND: 483 if (w_value || w_index != rndis->ctrl_id) 484 goto invalid; 485 /* read the request; process it later */ 486 value = w_length; 487 req->complete = rndis_command_complete; 488 req->context = rndis; 489 /* later, rndis_response_available() sends a notification */ 490 break; 491 492 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 493 | USB_CDC_GET_ENCAPSULATED_RESPONSE: 494 if (w_value || w_index != rndis->ctrl_id) 495 goto invalid; 496 else { 497 u8 *buf; 498 u32 n; 499 500 /* return the result */ 501 buf = rndis_get_next_response(rndis->params, &n); 502 if (buf) { 503 memcpy(req->buf, buf, n); 504 req->complete = rndis_response_complete; 505 req->context = rndis; 506 rndis_free_response(rndis->params, buf); 507 value = n; 508 } 509 /* else stalls ... spec says to avoid that */ 510 } 511 break; 512 513 default: 514 invalid: 515 VDBG(cdev, "invalid control req%02x.%02x v%04x i%04x l%d\n", 516 ctrl->bRequestType, ctrl->bRequest, 517 w_value, w_index, w_length); 518 } 519 520 /* respond with data transfer or status phase? */ 521 if (value >= 0) { 522 DBG(cdev, "rndis req%02x.%02x v%04x i%04x l%d\n", 523 ctrl->bRequestType, ctrl->bRequest, 524 w_value, w_index, w_length); 525 req->zero = (value < w_length); 526 req->length = value; 527 value = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC); 528 if (value < 0) 529 ERROR(cdev, "rndis response on err %d\n", value); 530 } 531 532 /* device either stalls (value < 0) or reports success */ 533 return value; 534 } 535 536 537 static int rndis_set_alt(struct usb_function *f, unsigned intf, unsigned alt) 538 { 539 struct f_rndis *rndis = func_to_rndis(f); 540 struct usb_composite_dev *cdev = f->config->cdev; 541 542 /* we know alt == 0 */ 543 544 if (intf == rndis->ctrl_id) { 545 VDBG(cdev, "reset rndis control %d\n", intf); 546 usb_ep_disable(rndis->notify); 547 548 if (!rndis->notify->desc) { 549 VDBG(cdev, "init rndis ctrl %d\n", intf); 550 if (config_ep_by_speed(cdev->gadget, f, rndis->notify)) 551 goto fail; 552 } 553 usb_ep_enable(rndis->notify); 554 555 } else if (intf == rndis->data_id) { 556 struct net_device *net; 557 558 if (rndis->port.in_ep->enabled) { 559 DBG(cdev, "reset rndis\n"); 560 gether_disconnect(&rndis->port); 561 } 562 563 if (!rndis->port.in_ep->desc || !rndis->port.out_ep->desc) { 564 DBG(cdev, "init rndis\n"); 565 if (config_ep_by_speed(cdev->gadget, f, 566 rndis->port.in_ep) || 567 config_ep_by_speed(cdev->gadget, f, 568 rndis->port.out_ep)) { 569 rndis->port.in_ep->desc = NULL; 570 rndis->port.out_ep->desc = NULL; 571 goto fail; 572 } 573 } 574 575 /* Avoid ZLPs; they can be troublesome. */ 576 rndis->port.is_zlp_ok = false; 577 578 /* RNDIS should be in the "RNDIS uninitialized" state, 579 * either never activated or after rndis_uninit(). 580 * 581 * We don't want data to flow here until a nonzero packet 582 * filter is set, at which point it enters "RNDIS data 583 * initialized" state ... but we do want the endpoints 584 * to be activated. It's a strange little state. 585 * 586 * REVISIT the RNDIS gadget code has done this wrong for a 587 * very long time. We need another call to the link layer 588 * code -- gether_updown(...bool) maybe -- to do it right. 589 */ 590 rndis->port.cdc_filter = 0; 591 592 DBG(cdev, "RNDIS RX/TX early activation ... \n"); 593 net = gether_connect(&rndis->port); 594 if (IS_ERR(net)) 595 return PTR_ERR(net); 596 597 rndis_set_param_dev(rndis->params, net, 598 &rndis->port.cdc_filter); 599 } else 600 goto fail; 601 602 return 0; 603 fail: 604 return -EINVAL; 605 } 606 607 static void rndis_disable(struct usb_function *f) 608 { 609 struct f_rndis *rndis = func_to_rndis(f); 610 struct usb_composite_dev *cdev = f->config->cdev; 611 612 if (!rndis->notify->enabled) 613 return; 614 615 DBG(cdev, "rndis deactivated\n"); 616 617 rndis_uninit(rndis->params); 618 gether_disconnect(&rndis->port); 619 620 usb_ep_disable(rndis->notify); 621 rndis->notify->desc = NULL; 622 } 623 624 /*-------------------------------------------------------------------------*/ 625 626 /* 627 * This isn't quite the same mechanism as CDC Ethernet, since the 628 * notification scheme passes less data, but the same set of link 629 * states must be tested. A key difference is that altsettings are 630 * not used to tell whether the link should send packets or not. 631 */ 632 633 static void rndis_open(struct gether *geth) 634 { 635 struct f_rndis *rndis = func_to_rndis(&geth->func); 636 struct usb_composite_dev *cdev = geth->func.config->cdev; 637 638 DBG(cdev, "%s\n", __func__); 639 640 rndis_set_param_medium(rndis->params, RNDIS_MEDIUM_802_3, 641 bitrate(cdev->gadget) / 100); 642 rndis_signal_connect(rndis->params); 643 } 644 645 static void rndis_close(struct gether *geth) 646 { 647 struct f_rndis *rndis = func_to_rndis(&geth->func); 648 649 DBG(geth->func.config->cdev, "%s\n", __func__); 650 651 rndis_set_param_medium(rndis->params, RNDIS_MEDIUM_802_3, 0); 652 rndis_signal_disconnect(rndis->params); 653 } 654 655 /*-------------------------------------------------------------------------*/ 656 657 /* Some controllers can't support RNDIS ... */ 658 static inline bool can_support_rndis(struct usb_configuration *c) 659 { 660 /* everything else is *presumably* fine */ 661 return true; 662 } 663 664 /* ethernet function driver setup/binding */ 665 666 static int 667 rndis_bind(struct usb_configuration *c, struct usb_function *f) 668 { 669 struct usb_composite_dev *cdev = c->cdev; 670 struct f_rndis *rndis = func_to_rndis(f); 671 struct usb_string *us; 672 int status; 673 struct usb_ep *ep; 674 675 struct f_rndis_opts *rndis_opts; 676 677 if (!can_support_rndis(c)) 678 return -EINVAL; 679 680 rndis_opts = container_of(f->fi, struct f_rndis_opts, func_inst); 681 682 if (cdev->use_os_string) { 683 f->os_desc_table = kzalloc(sizeof(*f->os_desc_table), 684 GFP_KERNEL); 685 if (!f->os_desc_table) 686 return -ENOMEM; 687 f->os_desc_n = 1; 688 f->os_desc_table[0].os_desc = &rndis_opts->rndis_os_desc; 689 } 690 691 rndis_iad_descriptor.bFunctionClass = rndis_opts->class; 692 rndis_iad_descriptor.bFunctionSubClass = rndis_opts->subclass; 693 rndis_iad_descriptor.bFunctionProtocol = rndis_opts->protocol; 694 695 /* 696 * in drivers/usb/gadget/configfs.c:configfs_composite_bind() 697 * configurations are bound in sequence with list_for_each_entry, 698 * in each configuration its functions are bound in sequence 699 * with list_for_each_entry, so we assume no race condition 700 * with regard to rndis_opts->bound access 701 */ 702 if (!rndis_opts->bound) { 703 gether_set_gadget(rndis_opts->net, cdev->gadget); 704 status = gether_register_netdev(rndis_opts->net); 705 if (status) 706 goto fail; 707 rndis_opts->bound = true; 708 } 709 710 us = usb_gstrings_attach(cdev, rndis_strings, 711 ARRAY_SIZE(rndis_string_defs)); 712 if (IS_ERR(us)) { 713 status = PTR_ERR(us); 714 goto fail; 715 } 716 rndis_control_intf.iInterface = us[0].id; 717 rndis_data_intf.iInterface = us[1].id; 718 rndis_iad_descriptor.iFunction = us[2].id; 719 720 /* allocate instance-specific interface IDs */ 721 status = usb_interface_id(c, f); 722 if (status < 0) 723 goto fail; 724 rndis->ctrl_id = status; 725 rndis_iad_descriptor.bFirstInterface = status; 726 727 rndis_control_intf.bInterfaceNumber = status; 728 rndis_union_desc.bMasterInterface0 = status; 729 730 if (cdev->use_os_string) 731 f->os_desc_table[0].if_id = 732 rndis_iad_descriptor.bFirstInterface; 733 734 status = usb_interface_id(c, f); 735 if (status < 0) 736 goto fail; 737 rndis->data_id = status; 738 739 rndis_data_intf.bInterfaceNumber = status; 740 rndis_union_desc.bSlaveInterface0 = status; 741 742 status = -ENODEV; 743 744 /* allocate instance-specific endpoints */ 745 ep = usb_ep_autoconfig(cdev->gadget, &fs_in_desc); 746 if (!ep) 747 goto fail; 748 rndis->port.in_ep = ep; 749 750 ep = usb_ep_autoconfig(cdev->gadget, &fs_out_desc); 751 if (!ep) 752 goto fail; 753 rndis->port.out_ep = ep; 754 755 /* NOTE: a status/notification endpoint is, strictly speaking, 756 * optional. We don't treat it that way though! It's simpler, 757 * and some newer profiles don't treat it as optional. 758 */ 759 ep = usb_ep_autoconfig(cdev->gadget, &fs_notify_desc); 760 if (!ep) 761 goto fail; 762 rndis->notify = ep; 763 764 status = -ENOMEM; 765 766 /* allocate notification request and buffer */ 767 rndis->notify_req = usb_ep_alloc_request(ep, GFP_KERNEL); 768 if (!rndis->notify_req) 769 goto fail; 770 rndis->notify_req->buf = kmalloc(STATUS_BYTECOUNT, GFP_KERNEL); 771 if (!rndis->notify_req->buf) 772 goto fail; 773 rndis->notify_req->length = STATUS_BYTECOUNT; 774 rndis->notify_req->context = rndis; 775 rndis->notify_req->complete = rndis_response_complete; 776 777 /* support all relevant hardware speeds... we expect that when 778 * hardware is dual speed, all bulk-capable endpoints work at 779 * both speeds 780 */ 781 hs_in_desc.bEndpointAddress = fs_in_desc.bEndpointAddress; 782 hs_out_desc.bEndpointAddress = fs_out_desc.bEndpointAddress; 783 hs_notify_desc.bEndpointAddress = fs_notify_desc.bEndpointAddress; 784 785 ss_in_desc.bEndpointAddress = fs_in_desc.bEndpointAddress; 786 ss_out_desc.bEndpointAddress = fs_out_desc.bEndpointAddress; 787 ss_notify_desc.bEndpointAddress = fs_notify_desc.bEndpointAddress; 788 789 status = usb_assign_descriptors(f, eth_fs_function, eth_hs_function, 790 eth_ss_function, NULL); 791 if (status) 792 goto fail; 793 794 rndis->port.open = rndis_open; 795 rndis->port.close = rndis_close; 796 797 rndis_set_param_medium(rndis->params, RNDIS_MEDIUM_802_3, 0); 798 rndis_set_host_mac(rndis->params, rndis->ethaddr); 799 800 if (rndis->manufacturer && rndis->vendorID && 801 rndis_set_param_vendor(rndis->params, rndis->vendorID, 802 rndis->manufacturer)) { 803 status = -EINVAL; 804 goto fail_free_descs; 805 } 806 807 /* NOTE: all that is done without knowing or caring about 808 * the network link ... which is unavailable to this code 809 * until we're activated via set_alt(). 810 */ 811 812 DBG(cdev, "RNDIS: %s speed IN/%s OUT/%s NOTIFY/%s\n", 813 gadget_is_superspeed(c->cdev->gadget) ? "super" : 814 gadget_is_dualspeed(c->cdev->gadget) ? "dual" : "full", 815 rndis->port.in_ep->name, rndis->port.out_ep->name, 816 rndis->notify->name); 817 return 0; 818 819 fail_free_descs: 820 usb_free_all_descriptors(f); 821 fail: 822 kfree(f->os_desc_table); 823 f->os_desc_n = 0; 824 825 if (rndis->notify_req) { 826 kfree(rndis->notify_req->buf); 827 usb_ep_free_request(rndis->notify, rndis->notify_req); 828 } 829 830 ERROR(cdev, "%s: can't bind, err %d\n", f->name, status); 831 832 return status; 833 } 834 835 void rndis_borrow_net(struct usb_function_instance *f, struct net_device *net) 836 { 837 struct f_rndis_opts *opts; 838 839 opts = container_of(f, struct f_rndis_opts, func_inst); 840 if (opts->bound) 841 gether_cleanup(netdev_priv(opts->net)); 842 else 843 free_netdev(opts->net); 844 opts->borrowed_net = opts->bound = true; 845 opts->net = net; 846 } 847 EXPORT_SYMBOL_GPL(rndis_borrow_net); 848 849 static inline struct f_rndis_opts *to_f_rndis_opts(struct config_item *item) 850 { 851 return container_of(to_config_group(item), struct f_rndis_opts, 852 func_inst.group); 853 } 854 855 /* f_rndis_item_ops */ 856 USB_ETHERNET_CONFIGFS_ITEM(rndis); 857 858 /* f_rndis_opts_dev_addr */ 859 USB_ETHERNET_CONFIGFS_ITEM_ATTR_DEV_ADDR(rndis); 860 861 /* f_rndis_opts_host_addr */ 862 USB_ETHERNET_CONFIGFS_ITEM_ATTR_HOST_ADDR(rndis); 863 864 /* f_rndis_opts_qmult */ 865 USB_ETHERNET_CONFIGFS_ITEM_ATTR_QMULT(rndis); 866 867 /* f_rndis_opts_ifname */ 868 USB_ETHERNET_CONFIGFS_ITEM_ATTR_IFNAME(rndis); 869 870 /* f_rndis_opts_class */ 871 USB_ETHER_CONFIGFS_ITEM_ATTR_U8_RW(rndis, class); 872 873 /* f_rndis_opts_subclass */ 874 USB_ETHER_CONFIGFS_ITEM_ATTR_U8_RW(rndis, subclass); 875 876 /* f_rndis_opts_protocol */ 877 USB_ETHER_CONFIGFS_ITEM_ATTR_U8_RW(rndis, protocol); 878 879 static struct configfs_attribute *rndis_attrs[] = { 880 &rndis_opts_attr_dev_addr, 881 &rndis_opts_attr_host_addr, 882 &rndis_opts_attr_qmult, 883 &rndis_opts_attr_ifname, 884 &rndis_opts_attr_class, 885 &rndis_opts_attr_subclass, 886 &rndis_opts_attr_protocol, 887 NULL, 888 }; 889 890 static const struct config_item_type rndis_func_type = { 891 .ct_item_ops = &rndis_item_ops, 892 .ct_attrs = rndis_attrs, 893 .ct_owner = THIS_MODULE, 894 }; 895 896 static void rndis_free_inst(struct usb_function_instance *f) 897 { 898 struct f_rndis_opts *opts; 899 900 opts = container_of(f, struct f_rndis_opts, func_inst); 901 if (!opts->borrowed_net) { 902 if (opts->bound) 903 gether_cleanup(netdev_priv(opts->net)); 904 else 905 free_netdev(opts->net); 906 } 907 908 kfree(opts->rndis_interf_group); /* single VLA chunk */ 909 kfree(opts); 910 } 911 912 static struct usb_function_instance *rndis_alloc_inst(void) 913 { 914 struct f_rndis_opts *opts; 915 struct usb_os_desc *descs[1]; 916 char *names[1]; 917 struct config_group *rndis_interf_group; 918 919 opts = kzalloc(sizeof(*opts), GFP_KERNEL); 920 if (!opts) 921 return ERR_PTR(-ENOMEM); 922 opts->rndis_os_desc.ext_compat_id = opts->rndis_ext_compat_id; 923 924 mutex_init(&opts->lock); 925 opts->func_inst.free_func_inst = rndis_free_inst; 926 opts->net = gether_setup_default(); 927 if (IS_ERR(opts->net)) { 928 struct net_device *net = opts->net; 929 kfree(opts); 930 return ERR_CAST(net); 931 } 932 INIT_LIST_HEAD(&opts->rndis_os_desc.ext_prop); 933 934 opts->class = rndis_iad_descriptor.bFunctionClass; 935 opts->subclass = rndis_iad_descriptor.bFunctionSubClass; 936 opts->protocol = rndis_iad_descriptor.bFunctionProtocol; 937 938 descs[0] = &opts->rndis_os_desc; 939 names[0] = "rndis"; 940 config_group_init_type_name(&opts->func_inst.group, "", 941 &rndis_func_type); 942 rndis_interf_group = 943 usb_os_desc_prepare_interf_dir(&opts->func_inst.group, 1, descs, 944 names, THIS_MODULE); 945 if (IS_ERR(rndis_interf_group)) { 946 rndis_free_inst(&opts->func_inst); 947 return ERR_CAST(rndis_interf_group); 948 } 949 opts->rndis_interf_group = rndis_interf_group; 950 951 return &opts->func_inst; 952 } 953 954 static void rndis_free(struct usb_function *f) 955 { 956 struct f_rndis *rndis; 957 struct f_rndis_opts *opts; 958 959 rndis = func_to_rndis(f); 960 rndis_deregister(rndis->params); 961 opts = container_of(f->fi, struct f_rndis_opts, func_inst); 962 kfree(rndis); 963 mutex_lock(&opts->lock); 964 opts->refcnt--; 965 mutex_unlock(&opts->lock); 966 } 967 968 static void rndis_unbind(struct usb_configuration *c, struct usb_function *f) 969 { 970 struct f_rndis *rndis = func_to_rndis(f); 971 972 kfree(f->os_desc_table); 973 f->os_desc_n = 0; 974 usb_free_all_descriptors(f); 975 976 kfree(rndis->notify_req->buf); 977 usb_ep_free_request(rndis->notify, rndis->notify_req); 978 } 979 980 static struct usb_function *rndis_alloc(struct usb_function_instance *fi) 981 { 982 struct f_rndis *rndis; 983 struct f_rndis_opts *opts; 984 struct rndis_params *params; 985 986 /* allocate and initialize one new instance */ 987 rndis = kzalloc(sizeof(*rndis), GFP_KERNEL); 988 if (!rndis) 989 return ERR_PTR(-ENOMEM); 990 991 opts = container_of(fi, struct f_rndis_opts, func_inst); 992 mutex_lock(&opts->lock); 993 opts->refcnt++; 994 995 gether_get_host_addr_u8(opts->net, rndis->ethaddr); 996 rndis->vendorID = opts->vendor_id; 997 rndis->manufacturer = opts->manufacturer; 998 999 rndis->port.ioport = netdev_priv(opts->net); 1000 mutex_unlock(&opts->lock); 1001 /* RNDIS activates when the host changes this filter */ 1002 rndis->port.cdc_filter = 0; 1003 1004 /* RNDIS has special (and complex) framing */ 1005 rndis->port.header_len = sizeof(struct rndis_packet_msg_type); 1006 rndis->port.wrap = rndis_add_header; 1007 rndis->port.unwrap = rndis_rm_hdr; 1008 1009 rndis->port.func.name = "rndis"; 1010 /* descriptors are per-instance copies */ 1011 rndis->port.func.bind = rndis_bind; 1012 rndis->port.func.unbind = rndis_unbind; 1013 rndis->port.func.set_alt = rndis_set_alt; 1014 rndis->port.func.setup = rndis_setup; 1015 rndis->port.func.disable = rndis_disable; 1016 rndis->port.func.free_func = rndis_free; 1017 1018 params = rndis_register(rndis_response_available, rndis); 1019 if (IS_ERR(params)) { 1020 kfree(rndis); 1021 return ERR_CAST(params); 1022 } 1023 rndis->params = params; 1024 1025 return &rndis->port.func; 1026 } 1027 1028 DECLARE_USB_FUNCTION_INIT(rndis, rndis_alloc_inst, rndis_alloc); 1029 MODULE_LICENSE("GPL"); 1030 MODULE_AUTHOR("David Brownell"); 1031