• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * f_rndis.c -- RNDIS link function driver
3  *
4  * Copyright (C) 2003-2005,2008 David Brownell
5  * Copyright (C) 2003-2004 Robert Schwebel, Benedikt Spranger
6  * Copyright (C) 2008 Nokia Corporation
7  * Copyright (C) 2009 Samsung Electronics
8  *                    Author: Michal Nazarewicz (mina86@mina86.com)
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License as published by
12  * the Free Software Foundation; either version 2 of the License, or
13  * (at your option) any later version.
14  */
15 
16 /* #define VERBOSE_DEBUG */
17 
18 #include <linux/slab.h>
19 #include <linux/kernel.h>
20 #include <linux/device.h>
21 #include <linux/etherdevice.h>
22 
23 #include <linux/atomic.h>
24 
25 #include "u_ether.h"
26 #include "rndis.h"
27 
28 /*
29  * This function is an RNDIS Ethernet port -- a Microsoft protocol that's
30  * been promoted instead of the standard CDC Ethernet.  The published RNDIS
31  * spec is ambiguous, incomplete, and needlessly complex.  Variants such as
32  * ActiveSync have even worse status in terms of specification.
33  *
34  * In short:  it's a protocol controlled by (and for) Microsoft, not for an
35  * Open ecosystem or markets.  Linux supports it *only* because Microsoft
36  * doesn't support the CDC Ethernet standard.
37  *
38  * The RNDIS data transfer model is complex, with multiple Ethernet packets
39  * per USB message, and out of band data.  The control model is built around
40  * what's essentially an "RNDIS RPC" protocol.  It's all wrapped in a CDC ACM
41  * (modem, not Ethernet) veneer, with those ACM descriptors being entirely
42  * useless (they're ignored).  RNDIS expects to be the only function in its
43  * configuration, so it's no real help if you need composite devices; and
44  * it expects to be the first configuration too.
45  *
46  * There is a single technical advantage of RNDIS over CDC Ethernet, if you
47  * discount the fluff that its RPC can be made to deliver: it doesn't need
48  * a NOP altsetting for the data interface.  That lets it work on some of the
49  * "so smart it's stupid" hardware which takes over configuration changes
50  * from the software, and adds restrictions like "no altsettings".
51  *
52  * Unfortunately MSFT's RNDIS drivers are buggy.  They hang or oops, and
53  * have all sorts of contrary-to-specification oddities that can prevent
54  * them from working sanely.  Since bugfixes (or accurate specs, letting
55  * Linux work around those bugs) are unlikely to ever come from MSFT, you
56  * may want to avoid using RNDIS on purely operational grounds.
57  *
58  * Omissions from the RNDIS 1.0 specification include:
59  *
60  *   - Power management ... references data that's scattered around lots
61  *     of other documentation, which is incorrect/incomplete there too.
62  *
63  *   - There are various undocumented protocol requirements, like the need
64  *     to send garbage in some control-OUT messages.
65  *
66  *   - MS-Windows drivers sometimes emit undocumented requests.
67  */
68 
69 static unsigned int rndis_dl_max_pkt_per_xfer = 3;
70 module_param(rndis_dl_max_pkt_per_xfer, uint, S_IRUGO | S_IWUSR);
71 MODULE_PARM_DESC(rndis_dl_max_pkt_per_xfer,
72 	"Maximum packets per transfer for DL aggregation");
73 
74 static unsigned int rndis_ul_max_pkt_per_xfer = 3;
75 module_param(rndis_ul_max_pkt_per_xfer, uint, S_IRUGO | S_IWUSR);
76 MODULE_PARM_DESC(rndis_ul_max_pkt_per_xfer,
77        "Maximum packets per transfer for UL aggregation");
78 
79 struct f_rndis {
80 	struct gether			port;
81 	u8				ctrl_id, data_id;
82 	u8				ethaddr[ETH_ALEN];
83 	u32				vendorID;
84 	const char			*manufacturer;
85 	int				config;
86 
87 	struct usb_ep			*notify;
88 	struct usb_request		*notify_req;
89 	atomic_t			notify_count;
90 };
91 
func_to_rndis(struct usb_function * f)92 static inline struct f_rndis *func_to_rndis(struct usb_function *f)
93 {
94 	return container_of(f, struct f_rndis, port.func);
95 }
96 
97 /* peak (theoretical) bulk transfer rate in bits-per-second */
bitrate(struct usb_gadget * g)98 static unsigned int bitrate(struct usb_gadget *g)
99 {
100 	if (gadget_is_superspeed(g) && g->speed == USB_SPEED_SUPER)
101 		return 13 * 1024 * 8 * 1000 * 8;
102 	else if (gadget_is_dualspeed(g) && g->speed == USB_SPEED_HIGH)
103 		return 13 * 512 * 8 * 1000 * 8;
104 	else
105 		return 19 * 64 * 1 * 1000 * 8;
106 }
107 
108 /*-------------------------------------------------------------------------*/
109 
110 /*
111  */
112 
113 #define RNDIS_STATUS_INTERVAL_MS	32
114 #define STATUS_BYTECOUNT		8	/* 8 bytes data */
115 
116 
117 /* interface descriptor: */
118 
119 static struct usb_interface_descriptor rndis_control_intf = {
120 	.bLength =		sizeof rndis_control_intf,
121 	.bDescriptorType =	USB_DT_INTERFACE,
122 
123 	/* .bInterfaceNumber = DYNAMIC */
124 	/* status endpoint is optional; this could be patched later */
125 	.bNumEndpoints =	1,
126 	.bInterfaceClass =	USB_CLASS_COMM,
127 	.bInterfaceSubClass =   USB_CDC_SUBCLASS_ACM,
128 	.bInterfaceProtocol =   USB_CDC_ACM_PROTO_VENDOR,
129 	/* .iInterface = DYNAMIC */
130 };
131 
132 static struct usb_cdc_header_desc header_desc = {
133 	.bLength =		sizeof header_desc,
134 	.bDescriptorType =	USB_DT_CS_INTERFACE,
135 	.bDescriptorSubType =	USB_CDC_HEADER_TYPE,
136 
137 	.bcdCDC =		cpu_to_le16(0x0110),
138 };
139 
140 static struct usb_cdc_call_mgmt_descriptor call_mgmt_descriptor = {
141 	.bLength =		sizeof call_mgmt_descriptor,
142 	.bDescriptorType =	USB_DT_CS_INTERFACE,
143 	.bDescriptorSubType =	USB_CDC_CALL_MANAGEMENT_TYPE,
144 
145 	.bmCapabilities =	0x00,
146 	.bDataInterface =	0x01,
147 };
148 
149 static struct usb_cdc_acm_descriptor rndis_acm_descriptor = {
150 	.bLength =		sizeof rndis_acm_descriptor,
151 	.bDescriptorType =	USB_DT_CS_INTERFACE,
152 	.bDescriptorSubType =	USB_CDC_ACM_TYPE,
153 
154 	.bmCapabilities =	0x00,
155 };
156 
157 static struct usb_cdc_union_desc rndis_union_desc = {
158 	.bLength =		sizeof(rndis_union_desc),
159 	.bDescriptorType =	USB_DT_CS_INTERFACE,
160 	.bDescriptorSubType =	USB_CDC_UNION_TYPE,
161 	/* .bMasterInterface0 =	DYNAMIC */
162 	/* .bSlaveInterface0 =	DYNAMIC */
163 };
164 
165 /* the data interface has two bulk endpoints */
166 
167 static struct usb_interface_descriptor rndis_data_intf = {
168 	.bLength =		sizeof rndis_data_intf,
169 	.bDescriptorType =	USB_DT_INTERFACE,
170 
171 	/* .bInterfaceNumber = DYNAMIC */
172 	.bNumEndpoints =	2,
173 	.bInterfaceClass =	USB_CLASS_CDC_DATA,
174 	.bInterfaceSubClass =	0,
175 	.bInterfaceProtocol =	0,
176 	/* .iInterface = DYNAMIC */
177 };
178 
179 
180 static struct usb_interface_assoc_descriptor
181 rndis_iad_descriptor = {
182 	.bLength =		sizeof rndis_iad_descriptor,
183 	.bDescriptorType =	USB_DT_INTERFACE_ASSOCIATION,
184 
185 	.bFirstInterface =	0, /* XXX, hardcoded */
186 	.bInterfaceCount = 	2,	// control + data
187 	.bFunctionClass =	USB_CLASS_COMM,
188 	.bFunctionSubClass =	USB_CDC_SUBCLASS_ETHERNET,
189 	.bFunctionProtocol =	USB_CDC_PROTO_NONE,
190 	/* .iFunction = DYNAMIC */
191 };
192 
193 /* full speed support: */
194 
195 static struct usb_endpoint_descriptor fs_notify_desc = {
196 	.bLength =		USB_DT_ENDPOINT_SIZE,
197 	.bDescriptorType =	USB_DT_ENDPOINT,
198 
199 	.bEndpointAddress =	USB_DIR_IN,
200 	.bmAttributes =		USB_ENDPOINT_XFER_INT,
201 	.wMaxPacketSize =	cpu_to_le16(STATUS_BYTECOUNT),
202 	.bInterval =		RNDIS_STATUS_INTERVAL_MS,
203 };
204 
205 static struct usb_endpoint_descriptor fs_in_desc = {
206 	.bLength =		USB_DT_ENDPOINT_SIZE,
207 	.bDescriptorType =	USB_DT_ENDPOINT,
208 
209 	.bEndpointAddress =	USB_DIR_IN,
210 	.bmAttributes =		USB_ENDPOINT_XFER_BULK,
211 };
212 
213 static struct usb_endpoint_descriptor fs_out_desc = {
214 	.bLength =		USB_DT_ENDPOINT_SIZE,
215 	.bDescriptorType =	USB_DT_ENDPOINT,
216 
217 	.bEndpointAddress =	USB_DIR_OUT,
218 	.bmAttributes =		USB_ENDPOINT_XFER_BULK,
219 };
220 
221 static struct usb_descriptor_header *eth_fs_function[] = {
222 	(struct usb_descriptor_header *) &rndis_iad_descriptor,
223 
224 	/* control interface matches ACM, not Ethernet */
225 	(struct usb_descriptor_header *) &rndis_control_intf,
226 	(struct usb_descriptor_header *) &header_desc,
227 	(struct usb_descriptor_header *) &call_mgmt_descriptor,
228 	(struct usb_descriptor_header *) &rndis_acm_descriptor,
229 	(struct usb_descriptor_header *) &rndis_union_desc,
230 	(struct usb_descriptor_header *) &fs_notify_desc,
231 
232 	/* data interface has no altsetting */
233 	(struct usb_descriptor_header *) &rndis_data_intf,
234 	(struct usb_descriptor_header *) &fs_in_desc,
235 	(struct usb_descriptor_header *) &fs_out_desc,
236 	NULL,
237 };
238 
239 /* high speed support: */
240 
241 static struct usb_endpoint_descriptor hs_notify_desc = {
242 	.bLength =		USB_DT_ENDPOINT_SIZE,
243 	.bDescriptorType =	USB_DT_ENDPOINT,
244 
245 	.bEndpointAddress =	USB_DIR_IN,
246 	.bmAttributes =		USB_ENDPOINT_XFER_INT,
247 	.wMaxPacketSize =	cpu_to_le16(STATUS_BYTECOUNT),
248 	.bInterval =		USB_MS_TO_HS_INTERVAL(RNDIS_STATUS_INTERVAL_MS)
249 };
250 
251 static struct usb_endpoint_descriptor hs_in_desc = {
252 	.bLength =		USB_DT_ENDPOINT_SIZE,
253 	.bDescriptorType =	USB_DT_ENDPOINT,
254 
255 	.bEndpointAddress =	USB_DIR_IN,
256 	.bmAttributes =		USB_ENDPOINT_XFER_BULK,
257 	.wMaxPacketSize =	cpu_to_le16(512),
258 };
259 
260 static struct usb_endpoint_descriptor hs_out_desc = {
261 	.bLength =		USB_DT_ENDPOINT_SIZE,
262 	.bDescriptorType =	USB_DT_ENDPOINT,
263 
264 	.bEndpointAddress =	USB_DIR_OUT,
265 	.bmAttributes =		USB_ENDPOINT_XFER_BULK,
266 	.wMaxPacketSize =	cpu_to_le16(512),
267 };
268 
269 static struct usb_descriptor_header *eth_hs_function[] = {
270 	(struct usb_descriptor_header *) &rndis_iad_descriptor,
271 
272 	/* control interface matches ACM, not Ethernet */
273 	(struct usb_descriptor_header *) &rndis_control_intf,
274 	(struct usb_descriptor_header *) &header_desc,
275 	(struct usb_descriptor_header *) &call_mgmt_descriptor,
276 	(struct usb_descriptor_header *) &rndis_acm_descriptor,
277 	(struct usb_descriptor_header *) &rndis_union_desc,
278 	(struct usb_descriptor_header *) &hs_notify_desc,
279 
280 	/* data interface has no altsetting */
281 	(struct usb_descriptor_header *) &rndis_data_intf,
282 	(struct usb_descriptor_header *) &hs_in_desc,
283 	(struct usb_descriptor_header *) &hs_out_desc,
284 	NULL,
285 };
286 
287 /* super speed support: */
288 
289 static struct usb_endpoint_descriptor ss_notify_desc = {
290 	.bLength =		USB_DT_ENDPOINT_SIZE,
291 	.bDescriptorType =	USB_DT_ENDPOINT,
292 
293 	.bEndpointAddress =	USB_DIR_IN,
294 	.bmAttributes =		USB_ENDPOINT_XFER_INT,
295 	.wMaxPacketSize =	cpu_to_le16(STATUS_BYTECOUNT),
296 	.bInterval =		USB_MS_TO_HS_INTERVAL(RNDIS_STATUS_INTERVAL_MS)
297 };
298 
299 static struct usb_ss_ep_comp_descriptor ss_intr_comp_desc = {
300 	.bLength =		sizeof ss_intr_comp_desc,
301 	.bDescriptorType =	USB_DT_SS_ENDPOINT_COMP,
302 
303 	/* the following 3 values can be tweaked if necessary */
304 	/* .bMaxBurst =		0, */
305 	/* .bmAttributes =	0, */
306 	.wBytesPerInterval =	cpu_to_le16(STATUS_BYTECOUNT),
307 };
308 
309 static struct usb_endpoint_descriptor ss_in_desc = {
310 	.bLength =		USB_DT_ENDPOINT_SIZE,
311 	.bDescriptorType =	USB_DT_ENDPOINT,
312 
313 	.bEndpointAddress =	USB_DIR_IN,
314 	.bmAttributes =		USB_ENDPOINT_XFER_BULK,
315 	.wMaxPacketSize =	cpu_to_le16(1024),
316 };
317 
318 static struct usb_endpoint_descriptor ss_out_desc = {
319 	.bLength =		USB_DT_ENDPOINT_SIZE,
320 	.bDescriptorType =	USB_DT_ENDPOINT,
321 
322 	.bEndpointAddress =	USB_DIR_OUT,
323 	.bmAttributes =		USB_ENDPOINT_XFER_BULK,
324 	.wMaxPacketSize =	cpu_to_le16(1024),
325 };
326 
327 static struct usb_ss_ep_comp_descriptor ss_bulk_comp_desc = {
328 	.bLength =		sizeof ss_bulk_comp_desc,
329 	.bDescriptorType =	USB_DT_SS_ENDPOINT_COMP,
330 
331 	/* the following 2 values can be tweaked if necessary */
332 	/* .bMaxBurst =		0, */
333 	/* .bmAttributes =	0, */
334 };
335 
336 static struct usb_descriptor_header *eth_ss_function[] = {
337 	(struct usb_descriptor_header *) &rndis_iad_descriptor,
338 
339 	/* control interface matches ACM, not Ethernet */
340 	(struct usb_descriptor_header *) &rndis_control_intf,
341 	(struct usb_descriptor_header *) &header_desc,
342 	(struct usb_descriptor_header *) &call_mgmt_descriptor,
343 	(struct usb_descriptor_header *) &rndis_acm_descriptor,
344 	(struct usb_descriptor_header *) &rndis_union_desc,
345 	(struct usb_descriptor_header *) &ss_notify_desc,
346 	(struct usb_descriptor_header *) &ss_intr_comp_desc,
347 
348 	/* data interface has no altsetting */
349 	(struct usb_descriptor_header *) &rndis_data_intf,
350 	(struct usb_descriptor_header *) &ss_in_desc,
351 	(struct usb_descriptor_header *) &ss_bulk_comp_desc,
352 	(struct usb_descriptor_header *) &ss_out_desc,
353 	(struct usb_descriptor_header *) &ss_bulk_comp_desc,
354 	NULL,
355 };
356 
357 /* string descriptors: */
358 
359 static struct usb_string rndis_string_defs[] = {
360 	[0].s = "RNDIS Communications Control",
361 	[1].s = "RNDIS Ethernet Data",
362 	[2].s = "RNDIS",
363 	{  } /* end of list */
364 };
365 
366 static struct usb_gadget_strings rndis_string_table = {
367 	.language =		0x0409,	/* en-us */
368 	.strings =		rndis_string_defs,
369 };
370 
371 static struct usb_gadget_strings *rndis_strings[] = {
372 	&rndis_string_table,
373 	NULL,
374 };
375 
376 /*-------------------------------------------------------------------------*/
377 
rndis_add_header(struct gether * port,struct sk_buff * skb)378 static struct sk_buff *rndis_add_header(struct gether *port,
379 					struct sk_buff *skb)
380 {
381 	struct sk_buff *skb2;
382 
383 	skb2 = skb_realloc_headroom(skb, sizeof(struct rndis_packet_msg_type));
384 	if (skb2)
385 		rndis_add_hdr(skb2);
386 
387 	dev_kfree_skb_any(skb);
388 	return skb2;
389 }
390 
rndis_response_available(void * _rndis)391 static void rndis_response_available(void *_rndis)
392 {
393 	struct f_rndis			*rndis = _rndis;
394 	struct usb_request		*req = rndis->notify_req;
395 	struct usb_composite_dev	*cdev = rndis->port.func.config->cdev;
396 	__le32				*data = req->buf;
397 	int				status;
398 
399 	if (atomic_inc_return(&rndis->notify_count) != 1)
400 		return;
401 
402 	/* Send RNDIS RESPONSE_AVAILABLE notification; a
403 	 * USB_CDC_NOTIFY_RESPONSE_AVAILABLE "should" work too
404 	 *
405 	 * This is the only notification defined by RNDIS.
406 	 */
407 	data[0] = cpu_to_le32(1);
408 	data[1] = cpu_to_le32(0);
409 
410 	status = usb_ep_queue(rndis->notify, req, GFP_ATOMIC);
411 	if (status) {
412 		atomic_dec(&rndis->notify_count);
413 		DBG(cdev, "notify/0 --> %d\n", status);
414 	}
415 }
416 
rndis_response_complete(struct usb_ep * ep,struct usb_request * req)417 static void rndis_response_complete(struct usb_ep *ep, struct usb_request *req)
418 {
419 	struct f_rndis			*rndis = req->context;
420 	struct usb_composite_dev	*cdev = rndis->port.func.config->cdev;
421 	int				status = req->status;
422 
423 	/* after TX:
424 	 *  - USB_CDC_GET_ENCAPSULATED_RESPONSE (ep0/control)
425 	 *  - RNDIS_RESPONSE_AVAILABLE (status/irq)
426 	 */
427 	switch (status) {
428 	case -ECONNRESET:
429 	case -ESHUTDOWN:
430 		/* connection gone */
431 		atomic_set(&rndis->notify_count, 0);
432 		break;
433 	default:
434 		DBG(cdev, "RNDIS %s response error %d, %d/%d\n",
435 			ep->name, status,
436 			req->actual, req->length);
437 		/* FALLTHROUGH */
438 	case 0:
439 		if (ep != rndis->notify)
440 			break;
441 
442 		/* handle multiple pending RNDIS_RESPONSE_AVAILABLE
443 		 * notifications by resending until we're done
444 		 */
445 		if (atomic_dec_and_test(&rndis->notify_count))
446 			break;
447 		status = usb_ep_queue(rndis->notify, req, GFP_ATOMIC);
448 		if (status) {
449 			atomic_dec(&rndis->notify_count);
450 			DBG(cdev, "notify/1 --> %d\n", status);
451 		}
452 		break;
453 	}
454 }
455 
rndis_command_complete(struct usb_ep * ep,struct usb_request * req)456 static void rndis_command_complete(struct usb_ep *ep, struct usb_request *req)
457 {
458 	struct f_rndis			*rndis = req->context;
459 	int				status;
460 	rndis_init_msg_type		*buf;
461 
462 	/* received RNDIS command from USB_CDC_SEND_ENCAPSULATED_COMMAND */
463 //	spin_lock(&dev->lock);
464 	status = rndis_msg_parser(rndis->config, (u8 *) req->buf);
465 	if (status < 0)
466 		pr_err("RNDIS command error %d, %d/%d\n",
467 			status, req->actual, req->length);
468 
469 	buf = (rndis_init_msg_type *)req->buf;
470 
471 	if (buf->MessageType == RNDIS_MSG_INIT) {
472 		if (buf->MaxTransferSize > 2048)
473 			rndis->port.multi_pkt_xfer = 1;
474 		else
475 			rndis->port.multi_pkt_xfer = 0;
476 		pr_info("%s: MaxTransferSize: %d : Multi_pkt_txr: %s\n",
477 				__func__, buf->MaxTransferSize,
478 				rndis->port.multi_pkt_xfer ? "enabled" :
479 							    "disabled");
480 		if (rndis_dl_max_pkt_per_xfer <= 1)
481 			rndis->port.multi_pkt_xfer = 0;
482 	}
483 //	spin_unlock(&dev->lock);
484 }
485 
486 static int
rndis_setup(struct usb_function * f,const struct usb_ctrlrequest * ctrl)487 rndis_setup(struct usb_function *f, const struct usb_ctrlrequest *ctrl)
488 {
489 	struct f_rndis		*rndis = func_to_rndis(f);
490 	struct usb_composite_dev *cdev = f->config->cdev;
491 	struct usb_request	*req = cdev->req;
492 	int			value = -EOPNOTSUPP;
493 	u16			w_index = le16_to_cpu(ctrl->wIndex);
494 	u16			w_value = le16_to_cpu(ctrl->wValue);
495 	u16			w_length = le16_to_cpu(ctrl->wLength);
496 
497 	/* composite driver infrastructure handles everything except
498 	 * CDC class messages; interface activation uses set_alt().
499 	 */
500 	switch ((ctrl->bRequestType << 8) | ctrl->bRequest) {
501 
502 	/* RNDIS uses the CDC command encapsulation mechanism to implement
503 	 * an RPC scheme, with much getting/setting of attributes by OID.
504 	 */
505 	case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8)
506 			| USB_CDC_SEND_ENCAPSULATED_COMMAND:
507 		if (w_value || w_index != rndis->ctrl_id)
508 			goto invalid;
509 		/* read the request; process it later */
510 		value = w_length;
511 		req->complete = rndis_command_complete;
512 		req->context = rndis;
513 		/* later, rndis_response_available() sends a notification */
514 		break;
515 
516 	case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8)
517 			| USB_CDC_GET_ENCAPSULATED_RESPONSE:
518 		if (w_value || w_index != rndis->ctrl_id)
519 			goto invalid;
520 		else {
521 			u8 *buf;
522 			u32 n;
523 
524 			/* return the result */
525 			buf = rndis_get_next_response(rndis->config, &n);
526 			if (buf) {
527 				memcpy(req->buf, buf, n);
528 				req->complete = rndis_response_complete;
529 				req->context = rndis;
530 				rndis_free_response(rndis->config, buf);
531 				value = n;
532 			}
533 			/* else stalls ... spec says to avoid that */
534 		}
535 		break;
536 
537 	default:
538 invalid:
539 		VDBG(cdev, "invalid control req%02x.%02x v%04x i%04x l%d\n",
540 			ctrl->bRequestType, ctrl->bRequest,
541 			w_value, w_index, w_length);
542 	}
543 
544 	/* respond with data transfer or status phase? */
545 	if (value >= 0) {
546 		DBG(cdev, "rndis req%02x.%02x v%04x i%04x l%d\n",
547 			ctrl->bRequestType, ctrl->bRequest,
548 			w_value, w_index, w_length);
549 		req->zero = (value < w_length);
550 		req->length = value;
551 		value = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC);
552 		if (value < 0)
553 			ERROR(cdev, "rndis response on err %d\n", value);
554 	}
555 
556 	/* device either stalls (value < 0) or reports success */
557 	return value;
558 }
559 
560 
rndis_set_alt(struct usb_function * f,unsigned intf,unsigned alt)561 static int rndis_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
562 {
563 	struct f_rndis		*rndis = func_to_rndis(f);
564 	struct usb_composite_dev *cdev = f->config->cdev;
565 
566 	/* we know alt == 0 */
567 
568 	if (intf == rndis->ctrl_id) {
569 		if (rndis->notify->driver_data) {
570 			VDBG(cdev, "reset rndis control %d\n", intf);
571 			usb_ep_disable(rndis->notify);
572 		}
573 		if (!rndis->notify->desc) {
574 			VDBG(cdev, "init rndis ctrl %d\n", intf);
575 			if (config_ep_by_speed(cdev->gadget, f, rndis->notify))
576 				goto fail;
577 		}
578 		usb_ep_enable(rndis->notify);
579 		rndis->notify->driver_data = rndis;
580 
581 	} else if (intf == rndis->data_id) {
582 		struct net_device	*net;
583 
584 		if (rndis->port.in_ep->driver_data) {
585 			DBG(cdev, "reset rndis\n");
586 			gether_disconnect(&rndis->port);
587 		}
588 
589 		if (!rndis->port.in_ep->desc || !rndis->port.out_ep->desc) {
590 			DBG(cdev, "init rndis\n");
591 			if (config_ep_by_speed(cdev->gadget, f,
592 					       rndis->port.in_ep) ||
593 			    config_ep_by_speed(cdev->gadget, f,
594 					       rndis->port.out_ep)) {
595 				rndis->port.in_ep->desc = NULL;
596 				rndis->port.out_ep->desc = NULL;
597 				goto fail;
598 			}
599 		}
600 
601 		/* Avoid ZLPs; they can be troublesome. */
602 		rndis->port.is_zlp_ok = false;
603 
604 		/* RNDIS should be in the "RNDIS uninitialized" state,
605 		 * either never activated or after rndis_uninit().
606 		 *
607 		 * We don't want data to flow here until a nonzero packet
608 		 * filter is set, at which point it enters "RNDIS data
609 		 * initialized" state ... but we do want the endpoints
610 		 * to be activated.  It's a strange little state.
611 		 *
612 		 * REVISIT the RNDIS gadget code has done this wrong for a
613 		 * very long time.  We need another call to the link layer
614 		 * code -- gether_updown(...bool) maybe -- to do it right.
615 		 */
616 		rndis->port.cdc_filter = 0;
617 
618 		DBG(cdev, "RNDIS RX/TX early activation ... \n");
619 		net = gether_connect(&rndis->port);
620 		if (IS_ERR(net))
621 			return PTR_ERR(net);
622 
623 		rndis_set_param_dev(rndis->config, net,
624 				&rndis->port.cdc_filter);
625 	} else
626 		goto fail;
627 
628 	return 0;
629 fail:
630 	return -EINVAL;
631 }
632 
rndis_disable(struct usb_function * f)633 static void rndis_disable(struct usb_function *f)
634 {
635 	struct f_rndis		*rndis = func_to_rndis(f);
636 	struct usb_composite_dev *cdev = f->config->cdev;
637 
638 	if (!rndis->notify->driver_data)
639 		return;
640 
641 	DBG(cdev, "rndis deactivated\n");
642 
643 	rndis_uninit(rndis->config);
644 	gether_disconnect(&rndis->port);
645 
646 	usb_ep_disable(rndis->notify);
647 	rndis->notify->driver_data = NULL;
648 }
649 
650 /*-------------------------------------------------------------------------*/
651 
652 /*
653  * This isn't quite the same mechanism as CDC Ethernet, since the
654  * notification scheme passes less data, but the same set of link
655  * states must be tested.  A key difference is that altsettings are
656  * not used to tell whether the link should send packets or not.
657  */
658 
rndis_open(struct gether * geth)659 static void rndis_open(struct gether *geth)
660 {
661 	struct f_rndis		*rndis = func_to_rndis(&geth->func);
662 	struct usb_composite_dev *cdev = geth->func.config->cdev;
663 
664 	DBG(cdev, "%s\n", __func__);
665 
666 	rndis_set_param_medium(rndis->config, RNDIS_MEDIUM_802_3,
667 				bitrate(cdev->gadget) / 100);
668 	rndis_signal_connect(rndis->config);
669 }
670 
rndis_close(struct gether * geth)671 static void rndis_close(struct gether *geth)
672 {
673 	struct f_rndis		*rndis = func_to_rndis(&geth->func);
674 
675 	DBG(geth->func.config->cdev, "%s\n", __func__);
676 
677 	rndis_set_param_medium(rndis->config, RNDIS_MEDIUM_802_3, 0);
678 	rndis_signal_disconnect(rndis->config);
679 }
680 
681 /*-------------------------------------------------------------------------*/
682 
683 /* ethernet function driver setup/binding */
684 
685 static int
rndis_bind(struct usb_configuration * c,struct usb_function * f)686 rndis_bind(struct usb_configuration *c, struct usb_function *f)
687 {
688 	struct usb_composite_dev *cdev = c->cdev;
689 	struct f_rndis		*rndis = func_to_rndis(f);
690 	int			status;
691 	struct usb_ep		*ep;
692 
693 	/* allocate instance-specific interface IDs */
694 	status = usb_interface_id(c, f);
695 	if (status < 0)
696 		goto fail;
697 	rndis->ctrl_id = status;
698 	rndis_iad_descriptor.bFirstInterface = status;
699 
700 	rndis_control_intf.bInterfaceNumber = status;
701 	rndis_union_desc.bMasterInterface0 = status;
702 
703 	status = usb_interface_id(c, f);
704 	if (status < 0)
705 		goto fail;
706 	rndis->data_id = status;
707 
708 	rndis_data_intf.bInterfaceNumber = status;
709 	rndis_union_desc.bSlaveInterface0 = status;
710 
711 	status = -ENODEV;
712 
713 	/* allocate instance-specific endpoints */
714 	ep = usb_ep_autoconfig(cdev->gadget, &fs_in_desc);
715 	if (!ep)
716 		goto fail;
717 	rndis->port.in_ep = ep;
718 	ep->driver_data = cdev;	/* claim */
719 
720 	ep = usb_ep_autoconfig(cdev->gadget, &fs_out_desc);
721 	if (!ep)
722 		goto fail;
723 	rndis->port.out_ep = ep;
724 	ep->driver_data = cdev;	/* claim */
725 
726 	/* NOTE:  a status/notification endpoint is, strictly speaking,
727 	 * optional.  We don't treat it that way though!  It's simpler,
728 	 * and some newer profiles don't treat it as optional.
729 	 */
730 	ep = usb_ep_autoconfig(cdev->gadget, &fs_notify_desc);
731 	if (!ep)
732 		goto fail;
733 	rndis->notify = ep;
734 	ep->driver_data = cdev;	/* claim */
735 
736 	status = -ENOMEM;
737 
738 	/* allocate notification request and buffer */
739 	rndis->notify_req = usb_ep_alloc_request(ep, GFP_KERNEL);
740 	if (!rndis->notify_req)
741 		goto fail;
742 	rndis->notify_req->buf = kmalloc(STATUS_BYTECOUNT, GFP_KERNEL);
743 	if (!rndis->notify_req->buf)
744 		goto fail;
745 	rndis->notify_req->length = STATUS_BYTECOUNT;
746 	rndis->notify_req->context = rndis;
747 	rndis->notify_req->complete = rndis_response_complete;
748 
749 	/* support all relevant hardware speeds... we expect that when
750 	 * hardware is dual speed, all bulk-capable endpoints work at
751 	 * both speeds
752 	 */
753 	hs_in_desc.bEndpointAddress = fs_in_desc.bEndpointAddress;
754 	hs_out_desc.bEndpointAddress = fs_out_desc.bEndpointAddress;
755 	hs_notify_desc.bEndpointAddress = fs_notify_desc.bEndpointAddress;
756 
757 	ss_in_desc.bEndpointAddress = fs_in_desc.bEndpointAddress;
758 	ss_out_desc.bEndpointAddress = fs_out_desc.bEndpointAddress;
759 	ss_notify_desc.bEndpointAddress = fs_notify_desc.bEndpointAddress;
760 
761 	status = usb_assign_descriptors(f, eth_fs_function, eth_hs_function,
762 			eth_ss_function);
763 	if (status)
764 		goto fail;
765 
766 	rndis->port.open = rndis_open;
767 	rndis->port.close = rndis_close;
768 
769 	status = rndis_register(rndis_response_available, rndis);
770 	if (status < 0)
771 		goto fail;
772 	rndis->config = status;
773 
774 	rndis_set_param_medium(rndis->config, RNDIS_MEDIUM_802_3, 0);
775 	rndis_set_host_mac(rndis->config, rndis->ethaddr);
776 	rndis_set_max_pkt_xfer(rndis->config, rndis_ul_max_pkt_per_xfer);
777 
778 	if (rndis->manufacturer && rndis->vendorID &&
779 			rndis_set_param_vendor(rndis->config, rndis->vendorID,
780 					       rndis->manufacturer))
781 		goto fail;
782 
783 	/* NOTE:  all that is done without knowing or caring about
784 	 * the network link ... which is unavailable to this code
785 	 * until we're activated via set_alt().
786 	 */
787 
788 	DBG(cdev, "RNDIS: %s speed IN/%s OUT/%s NOTIFY/%s\n",
789 			gadget_is_superspeed(c->cdev->gadget) ? "super" :
790 			gadget_is_dualspeed(c->cdev->gadget) ? "dual" : "full",
791 			rndis->port.in_ep->name, rndis->port.out_ep->name,
792 			rndis->notify->name);
793 	return 0;
794 
795 fail:
796 	usb_free_all_descriptors(f);
797 
798 	if (rndis->notify_req) {
799 		kfree(rndis->notify_req->buf);
800 		usb_ep_free_request(rndis->notify, rndis->notify_req);
801 	}
802 
803 	/* we might as well release our claims on endpoints */
804 	if (rndis->notify)
805 		rndis->notify->driver_data = NULL;
806 	if (rndis->port.out_ep)
807 		rndis->port.out_ep->driver_data = NULL;
808 	if (rndis->port.in_ep)
809 		rndis->port.in_ep->driver_data = NULL;
810 
811 	ERROR(cdev, "%s: can't bind, err %d\n", f->name, status);
812 
813 	return status;
814 }
815 
816 static void
rndis_unbind(struct usb_configuration * c,struct usb_function * f)817 rndis_unbind(struct usb_configuration *c, struct usb_function *f)
818 {
819 	struct f_rndis		*rndis = func_to_rndis(f);
820 
821 	rndis_deregister(rndis->config);
822 	rndis_exit();
823 
824 	rndis_string_defs[0].id = 0;
825 	usb_free_all_descriptors(f);
826 
827 	kfree(rndis->notify_req->buf);
828 	usb_ep_free_request(rndis->notify, rndis->notify_req);
829 
830 	kfree(rndis);
831 }
832 
833 /* Some controllers can't support RNDIS ... */
can_support_rndis(struct usb_configuration * c)834 static inline bool can_support_rndis(struct usb_configuration *c)
835 {
836 	/* everything else is *presumably* fine */
837 	return true;
838 }
839 
840 int
rndis_bind_config_vendor(struct usb_configuration * c,u8 ethaddr[ETH_ALEN],u32 vendorID,const char * manufacturer,struct eth_dev * dev)841 rndis_bind_config_vendor(struct usb_configuration *c, u8 ethaddr[ETH_ALEN],
842 		u32 vendorID, const char *manufacturer, struct eth_dev *dev)
843 {
844 	struct f_rndis	*rndis;
845 	int		status;
846 
847 	if (!can_support_rndis(c) || !ethaddr)
848 		return -EINVAL;
849 
850 	/* setup RNDIS itself */
851 	status = rndis_init();
852 	if (status < 0)
853 		return status;
854 
855 	if (rndis_string_defs[0].id == 0) {
856 		status = usb_string_ids_tab(c->cdev, rndis_string_defs);
857 		if (status)
858 			return status;
859 
860 		rndis_control_intf.iInterface = rndis_string_defs[0].id;
861 		rndis_data_intf.iInterface = rndis_string_defs[1].id;
862 		rndis_iad_descriptor.iFunction = rndis_string_defs[2].id;
863 	}
864 
865 	/* allocate and initialize one new instance */
866 	status = -ENOMEM;
867 	rndis = kzalloc(sizeof *rndis, GFP_KERNEL);
868 	if (!rndis)
869 		goto fail;
870 
871 	memcpy(rndis->ethaddr, ethaddr, ETH_ALEN);
872 	rndis->vendorID = vendorID;
873 	rndis->manufacturer = manufacturer;
874 
875 	rndis->port.ioport = dev;
876 	/* RNDIS activates when the host changes this filter */
877 	rndis->port.cdc_filter = 0;
878 
879 	/* RNDIS has special (and complex) framing */
880 	rndis->port.header_len = sizeof(struct rndis_packet_msg_type);
881 	rndis->port.wrap = rndis_add_header;
882 	rndis->port.unwrap = rndis_rm_hdr;
883 	rndis->port.ul_max_pkts_per_xfer = rndis_ul_max_pkt_per_xfer;
884 	rndis->port.dl_max_pkts_per_xfer = rndis_dl_max_pkt_per_xfer;
885 
886 	rndis->port.func.name = "rndis";
887 	rndis->port.func.strings = rndis_strings;
888 	/* descriptors are per-instance copies */
889 	rndis->port.func.bind = rndis_bind;
890 	rndis->port.func.unbind = rndis_unbind;
891 	rndis->port.func.set_alt = rndis_set_alt;
892 	rndis->port.func.setup = rndis_setup;
893 	rndis->port.func.disable = rndis_disable;
894 
895 	status = usb_add_function(c, &rndis->port.func);
896 	if (status) {
897 		kfree(rndis);
898 fail:
899 		rndis_exit();
900 	}
901 	return status;
902 }
903