1// SPDX-License-Identifier: GPL-2.0+ 2/* 3 * f_ncm.c -- USB CDC Network (NCM) link function driver 4 * 5 * Copyright (C) 2010 Nokia Corporation 6 * Contact: Yauheni Kaliuta <yauheni.kaliuta@nokia.com> 7 * 8 * The driver borrows from f_ecm.c which is: 9 * 10 * Copyright (C) 2003-2005,2008 David Brownell 11 * Copyright (C) 2008 Nokia Corporation 12 */ 13 14#include <linux/kernel.h> 15#include <linux/interrupt.h> 16#include <linux/module.h> 17#include <linux/device.h> 18#include <linux/etherdevice.h> 19#include <linux/crc32.h> 20 21#include <linux/usb/cdc.h> 22 23#include "u_ether.h" 24#include "u_ether_configfs.h" 25#include "u_ncm.h" 26#include "configfs.h" 27 28/* 29 * This function is a "CDC Network Control Model" (CDC NCM) Ethernet link. 30 * NCM is intended to be used with high-speed network attachments. 31 * 32 * Note that NCM requires the use of "alternate settings" for its data 33 * interface. This means that the set_alt() method has real work to do, 34 * and also means that a get_alt() method is required. 35 */ 36 37/* to trigger crc/non-crc ndp signature */ 38 39#define NCM_NDP_HDR_CRC 0x01000000 40 41enum ncm_notify_state { 42 NCM_NOTIFY_NONE, /* don't notify */ 43 NCM_NOTIFY_CONNECT, /* issue CONNECT next */ 44 NCM_NOTIFY_SPEED, /* issue SPEED_CHANGE next */ 45}; 46 47struct f_ncm { 48 struct gether port; 49 u8 ctrl_id, data_id; 50 51 char ethaddr[14]; 52 53 struct usb_ep *notify; 54 struct usb_request *notify_req; 55 u8 notify_state; 56 atomic_t notify_count; 57 bool is_open; 58 59 const struct ndp_parser_opts *parser_opts; 60 bool is_crc; 61 u32 ndp_sign; 62 63 /* 64 * for notification, it is accessed from both 65 * callback and ethernet open/close 66 */ 67 spinlock_t lock; 68 69 struct net_device *netdev; 70 71 /* For multi-frame NDP TX */ 72 struct sk_buff *skb_tx_data; 73 struct sk_buff *skb_tx_ndp; 74 u16 ndp_dgram_count; 75 struct hrtimer task_timer; 76}; 77 78static inline struct f_ncm *func_to_ncm(struct usb_function *f) 79{ 80 return container_of(f, struct f_ncm, port.func); 81} 82 83/*-------------------------------------------------------------------------*/ 84 85/* 86 * We cannot group frames so use just the minimal size which ok to put 87 * one max-size ethernet frame. 88 * If the host can group frames, allow it to do that, 16K is selected, 89 * because it's used by default by the current linux host driver 90 */ 91#define NTB_DEFAULT_IN_SIZE 16384 92#define NTB_OUT_SIZE 16384 93 94/* Allocation for storing the NDP, 32 should suffice for a 95 * 16k packet. This allows a maximum of 32 * 507 Byte packets to 96 * be transmitted in a single 16kB skb, though when sending full size 97 * packets this limit will be plenty. 98 * Smaller packets are not likely to be trying to maximize the 99 * throughput and will be mstly sending smaller infrequent frames. 100 */ 101#define TX_MAX_NUM_DPE 32 102 103/* Delay for the transmit to wait before sending an unfilled NTB frame. */ 104#define TX_TIMEOUT_NSECS 300000 105 106/* 107 * Although max mtu as dictated by u_ether is 15412 bytes, setting 108 * max_segment_size to 15426 would not be efficient. If user chooses segment 109 * size to be (>= 8192), then we can't aggregate more than one buffer in each 110 * NTB (assuming each packet coming from network layer is >= 8192 bytes) as ep 111 * maxpacket limit is 16384. So let max_segment_size be limited to 8000 to allow 112 * at least 2 packets to be aggregated reducing wastage of NTB buffer space 113 */ 114#define MAX_DATAGRAM_SIZE 8000 115 116#define FORMATS_SUPPORTED (USB_CDC_NCM_NTB16_SUPPORTED | \ 117 USB_CDC_NCM_NTB32_SUPPORTED) 118 119static struct usb_cdc_ncm_ntb_parameters ntb_parameters = { 120 .wLength = cpu_to_le16(sizeof(ntb_parameters)), 121 .bmNtbFormatsSupported = cpu_to_le16(FORMATS_SUPPORTED), 122 .dwNtbInMaxSize = cpu_to_le32(NTB_DEFAULT_IN_SIZE), 123 .wNdpInDivisor = cpu_to_le16(4), 124 .wNdpInPayloadRemainder = cpu_to_le16(0), 125 .wNdpInAlignment = cpu_to_le16(4), 126 127 .dwNtbOutMaxSize = cpu_to_le32(NTB_OUT_SIZE), 128 .wNdpOutDivisor = cpu_to_le16(4), 129 .wNdpOutPayloadRemainder = cpu_to_le16(0), 130 .wNdpOutAlignment = cpu_to_le16(4), 131}; 132 133/* 134 * Use wMaxPacketSize big enough to fit CDC_NOTIFY_SPEED_CHANGE in one 135 * packet, to simplify cancellation; and a big transfer interval, to 136 * waste less bandwidth. 137 */ 138 139#define NCM_STATUS_INTERVAL_MS 32 140#define NCM_STATUS_BYTECOUNT 16 /* 8 byte header + data */ 141 142static struct usb_interface_assoc_descriptor ncm_iad_desc = { 143 .bLength = sizeof ncm_iad_desc, 144 .bDescriptorType = USB_DT_INTERFACE_ASSOCIATION, 145 146 /* .bFirstInterface = DYNAMIC, */ 147 .bInterfaceCount = 2, /* control + data */ 148 .bFunctionClass = USB_CLASS_COMM, 149 .bFunctionSubClass = USB_CDC_SUBCLASS_NCM, 150 .bFunctionProtocol = USB_CDC_PROTO_NONE, 151 /* .iFunction = DYNAMIC */ 152}; 153 154/* interface descriptor: */ 155 156static struct usb_interface_descriptor ncm_control_intf = { 157 .bLength = sizeof ncm_control_intf, 158 .bDescriptorType = USB_DT_INTERFACE, 159 160 /* .bInterfaceNumber = DYNAMIC */ 161 .bNumEndpoints = 1, 162 .bInterfaceClass = USB_CLASS_COMM, 163 .bInterfaceSubClass = USB_CDC_SUBCLASS_NCM, 164 .bInterfaceProtocol = USB_CDC_PROTO_NONE, 165 /* .iInterface = DYNAMIC */ 166}; 167 168static struct usb_cdc_header_desc ncm_header_desc = { 169 .bLength = sizeof ncm_header_desc, 170 .bDescriptorType = USB_DT_CS_INTERFACE, 171 .bDescriptorSubType = USB_CDC_HEADER_TYPE, 172 173 .bcdCDC = cpu_to_le16(0x0110), 174}; 175 176static struct usb_cdc_union_desc ncm_union_desc = { 177 .bLength = sizeof(ncm_union_desc), 178 .bDescriptorType = USB_DT_CS_INTERFACE, 179 .bDescriptorSubType = USB_CDC_UNION_TYPE, 180 /* .bMasterInterface0 = DYNAMIC */ 181 /* .bSlaveInterface0 = DYNAMIC */ 182}; 183 184static struct usb_cdc_ether_desc ecm_desc = { 185 .bLength = sizeof ecm_desc, 186 .bDescriptorType = USB_DT_CS_INTERFACE, 187 .bDescriptorSubType = USB_CDC_ETHERNET_TYPE, 188 189 /* this descriptor actually adds value, surprise! */ 190 /* .iMACAddress = DYNAMIC */ 191 .bmEthernetStatistics = cpu_to_le32(0), /* no statistics */ 192 .wNumberMCFilters = cpu_to_le16(0), 193 .bNumberPowerFilters = 0, 194}; 195 196#define NCAPS (USB_CDC_NCM_NCAP_ETH_FILTER | USB_CDC_NCM_NCAP_CRC_MODE) 197 198static struct usb_cdc_ncm_desc ncm_desc = { 199 .bLength = sizeof ncm_desc, 200 .bDescriptorType = USB_DT_CS_INTERFACE, 201 .bDescriptorSubType = USB_CDC_NCM_TYPE, 202 203 .bcdNcmVersion = cpu_to_le16(0x0100), 204 /* can process SetEthernetPacketFilter */ 205 .bmNetworkCapabilities = NCAPS, 206}; 207 208/* the default data interface has no endpoints ... */ 209 210static struct usb_interface_descriptor ncm_data_nop_intf = { 211 .bLength = sizeof ncm_data_nop_intf, 212 .bDescriptorType = USB_DT_INTERFACE, 213 214 .bInterfaceNumber = 1, 215 .bAlternateSetting = 0, 216 .bNumEndpoints = 0, 217 .bInterfaceClass = USB_CLASS_CDC_DATA, 218 .bInterfaceSubClass = 0, 219 .bInterfaceProtocol = USB_CDC_NCM_PROTO_NTB, 220 /* .iInterface = DYNAMIC */ 221}; 222 223/* ... but the "real" data interface has two bulk endpoints */ 224 225static struct usb_interface_descriptor ncm_data_intf = { 226 .bLength = sizeof ncm_data_intf, 227 .bDescriptorType = USB_DT_INTERFACE, 228 229 .bInterfaceNumber = 1, 230 .bAlternateSetting = 1, 231 .bNumEndpoints = 2, 232 .bInterfaceClass = USB_CLASS_CDC_DATA, 233 .bInterfaceSubClass = 0, 234 .bInterfaceProtocol = USB_CDC_NCM_PROTO_NTB, 235 /* .iInterface = DYNAMIC */ 236}; 237 238/* full speed support: */ 239 240static struct usb_endpoint_descriptor fs_ncm_notify_desc = { 241 .bLength = USB_DT_ENDPOINT_SIZE, 242 .bDescriptorType = USB_DT_ENDPOINT, 243 244 .bEndpointAddress = USB_DIR_IN, 245 .bmAttributes = USB_ENDPOINT_XFER_INT, 246 .wMaxPacketSize = cpu_to_le16(NCM_STATUS_BYTECOUNT), 247 .bInterval = NCM_STATUS_INTERVAL_MS, 248}; 249 250static struct usb_endpoint_descriptor fs_ncm_in_desc = { 251 .bLength = USB_DT_ENDPOINT_SIZE, 252 .bDescriptorType = USB_DT_ENDPOINT, 253 254 .bEndpointAddress = USB_DIR_IN, 255 .bmAttributes = USB_ENDPOINT_XFER_BULK, 256}; 257 258static struct usb_endpoint_descriptor fs_ncm_out_desc = { 259 .bLength = USB_DT_ENDPOINT_SIZE, 260 .bDescriptorType = USB_DT_ENDPOINT, 261 262 .bEndpointAddress = USB_DIR_OUT, 263 .bmAttributes = USB_ENDPOINT_XFER_BULK, 264}; 265 266static struct usb_descriptor_header *ncm_fs_function[] = { 267 (struct usb_descriptor_header *) &ncm_iad_desc, 268 /* CDC NCM control descriptors */ 269 (struct usb_descriptor_header *) &ncm_control_intf, 270 (struct usb_descriptor_header *) &ncm_header_desc, 271 (struct usb_descriptor_header *) &ncm_union_desc, 272 (struct usb_descriptor_header *) &ecm_desc, 273 (struct usb_descriptor_header *) &ncm_desc, 274 (struct usb_descriptor_header *) &fs_ncm_notify_desc, 275 /* data interface, altsettings 0 and 1 */ 276 (struct usb_descriptor_header *) &ncm_data_nop_intf, 277 (struct usb_descriptor_header *) &ncm_data_intf, 278 (struct usb_descriptor_header *) &fs_ncm_in_desc, 279 (struct usb_descriptor_header *) &fs_ncm_out_desc, 280 NULL, 281}; 282 283/* high speed support: */ 284 285static struct usb_endpoint_descriptor hs_ncm_notify_desc = { 286 .bLength = USB_DT_ENDPOINT_SIZE, 287 .bDescriptorType = USB_DT_ENDPOINT, 288 289 .bEndpointAddress = USB_DIR_IN, 290 .bmAttributes = USB_ENDPOINT_XFER_INT, 291 .wMaxPacketSize = cpu_to_le16(NCM_STATUS_BYTECOUNT), 292 .bInterval = USB_MS_TO_HS_INTERVAL(NCM_STATUS_INTERVAL_MS), 293}; 294static struct usb_endpoint_descriptor hs_ncm_in_desc = { 295 .bLength = USB_DT_ENDPOINT_SIZE, 296 .bDescriptorType = USB_DT_ENDPOINT, 297 298 .bEndpointAddress = USB_DIR_IN, 299 .bmAttributes = USB_ENDPOINT_XFER_BULK, 300 .wMaxPacketSize = cpu_to_le16(512), 301}; 302 303static struct usb_endpoint_descriptor hs_ncm_out_desc = { 304 .bLength = USB_DT_ENDPOINT_SIZE, 305 .bDescriptorType = USB_DT_ENDPOINT, 306 307 .bEndpointAddress = USB_DIR_OUT, 308 .bmAttributes = USB_ENDPOINT_XFER_BULK, 309 .wMaxPacketSize = cpu_to_le16(512), 310}; 311 312static struct usb_descriptor_header *ncm_hs_function[] = { 313 (struct usb_descriptor_header *) &ncm_iad_desc, 314 /* CDC NCM control descriptors */ 315 (struct usb_descriptor_header *) &ncm_control_intf, 316 (struct usb_descriptor_header *) &ncm_header_desc, 317 (struct usb_descriptor_header *) &ncm_union_desc, 318 (struct usb_descriptor_header *) &ecm_desc, 319 (struct usb_descriptor_header *) &ncm_desc, 320 (struct usb_descriptor_header *) &hs_ncm_notify_desc, 321 /* data interface, altsettings 0 and 1 */ 322 (struct usb_descriptor_header *) &ncm_data_nop_intf, 323 (struct usb_descriptor_header *) &ncm_data_intf, 324 (struct usb_descriptor_header *) &hs_ncm_in_desc, 325 (struct usb_descriptor_header *) &hs_ncm_out_desc, 326 NULL, 327}; 328 329 330/* super speed support: */ 331 332static struct usb_endpoint_descriptor ss_ncm_notify_desc = { 333 .bLength = USB_DT_ENDPOINT_SIZE, 334 .bDescriptorType = USB_DT_ENDPOINT, 335 336 .bEndpointAddress = USB_DIR_IN, 337 .bmAttributes = USB_ENDPOINT_XFER_INT, 338 .wMaxPacketSize = cpu_to_le16(NCM_STATUS_BYTECOUNT), 339 .bInterval = USB_MS_TO_HS_INTERVAL(NCM_STATUS_INTERVAL_MS) 340}; 341 342static struct usb_ss_ep_comp_descriptor ss_ncm_notify_comp_desc = { 343 .bLength = sizeof(ss_ncm_notify_comp_desc), 344 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 345 346 /* the following 3 values can be tweaked if necessary */ 347 /* .bMaxBurst = 0, */ 348 /* .bmAttributes = 0, */ 349 .wBytesPerInterval = cpu_to_le16(NCM_STATUS_BYTECOUNT), 350}; 351 352static struct usb_endpoint_descriptor ss_ncm_in_desc = { 353 .bLength = USB_DT_ENDPOINT_SIZE, 354 .bDescriptorType = USB_DT_ENDPOINT, 355 356 .bEndpointAddress = USB_DIR_IN, 357 .bmAttributes = USB_ENDPOINT_XFER_BULK, 358 .wMaxPacketSize = cpu_to_le16(1024), 359}; 360 361static struct usb_endpoint_descriptor ss_ncm_out_desc = { 362 .bLength = USB_DT_ENDPOINT_SIZE, 363 .bDescriptorType = USB_DT_ENDPOINT, 364 365 .bEndpointAddress = USB_DIR_OUT, 366 .bmAttributes = USB_ENDPOINT_XFER_BULK, 367 .wMaxPacketSize = cpu_to_le16(1024), 368}; 369 370static struct usb_ss_ep_comp_descriptor ss_ncm_bulk_comp_desc = { 371 .bLength = sizeof(ss_ncm_bulk_comp_desc), 372 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 373 374 /* the following 2 values can be tweaked if necessary */ 375 .bMaxBurst = 15, 376 /* .bmAttributes = 0, */ 377}; 378 379static struct usb_descriptor_header *ncm_ss_function[] = { 380 (struct usb_descriptor_header *) &ncm_iad_desc, 381 /* CDC NCM control descriptors */ 382 (struct usb_descriptor_header *) &ncm_control_intf, 383 (struct usb_descriptor_header *) &ncm_header_desc, 384 (struct usb_descriptor_header *) &ncm_union_desc, 385 (struct usb_descriptor_header *) &ecm_desc, 386 (struct usb_descriptor_header *) &ncm_desc, 387 (struct usb_descriptor_header *) &ss_ncm_notify_desc, 388 (struct usb_descriptor_header *) &ss_ncm_notify_comp_desc, 389 /* data interface, altsettings 0 and 1 */ 390 (struct usb_descriptor_header *) &ncm_data_nop_intf, 391 (struct usb_descriptor_header *) &ncm_data_intf, 392 (struct usb_descriptor_header *) &ss_ncm_in_desc, 393 (struct usb_descriptor_header *) &ss_ncm_bulk_comp_desc, 394 (struct usb_descriptor_header *) &ss_ncm_out_desc, 395 (struct usb_descriptor_header *) &ss_ncm_bulk_comp_desc, 396 NULL, 397}; 398 399/* string descriptors: */ 400 401#define STRING_CTRL_IDX 0 402#define STRING_MAC_IDX 1 403#define STRING_DATA_IDX 2 404#define STRING_IAD_IDX 3 405 406static struct usb_string ncm_string_defs[] = { 407 [STRING_CTRL_IDX].s = "CDC Network Control Model (NCM)", 408 [STRING_MAC_IDX].s = "", 409 [STRING_DATA_IDX].s = "CDC Network Data", 410 [STRING_IAD_IDX].s = "CDC NCM", 411 { } /* end of list */ 412}; 413 414static struct usb_gadget_strings ncm_string_table = { 415 .language = 0x0409, /* en-us */ 416 .strings = ncm_string_defs, 417}; 418 419static struct usb_gadget_strings *ncm_strings[] = { 420 &ncm_string_table, 421 NULL, 422}; 423 424/* 425 * Here are options for NCM Datagram Pointer table (NDP) parser. 426 * There are 2 different formats: NDP16 and NDP32 in the spec (ch. 3), 427 * in NDP16 offsets and sizes fields are 1 16bit word wide, 428 * in NDP32 -- 2 16bit words wide. Also signatures are different. 429 * To make the parser code the same, put the differences in the structure, 430 * and switch pointers to the structures when the format is changed. 431 */ 432 433struct ndp_parser_opts { 434 u32 nth_sign; 435 u32 ndp_sign; 436 unsigned nth_size; 437 unsigned ndp_size; 438 unsigned dpe_size; 439 unsigned ndplen_align; 440 /* sizes in u16 units */ 441 unsigned dgram_item_len; /* index or length */ 442 unsigned block_length; 443 unsigned ndp_index; 444 unsigned reserved1; 445 unsigned reserved2; 446 unsigned next_ndp_index; 447}; 448 449static const struct ndp_parser_opts ndp16_opts = { 450 .nth_sign = USB_CDC_NCM_NTH16_SIGN, 451 .ndp_sign = USB_CDC_NCM_NDP16_NOCRC_SIGN, 452 .nth_size = sizeof(struct usb_cdc_ncm_nth16), 453 .ndp_size = sizeof(struct usb_cdc_ncm_ndp16), 454 .dpe_size = sizeof(struct usb_cdc_ncm_dpe16), 455 .ndplen_align = 4, 456 .dgram_item_len = 1, 457 .block_length = 1, 458 .ndp_index = 1, 459 .reserved1 = 0, 460 .reserved2 = 0, 461 .next_ndp_index = 1, 462}; 463 464static const struct ndp_parser_opts ndp32_opts = { 465 .nth_sign = USB_CDC_NCM_NTH32_SIGN, 466 .ndp_sign = USB_CDC_NCM_NDP32_NOCRC_SIGN, 467 .nth_size = sizeof(struct usb_cdc_ncm_nth32), 468 .ndp_size = sizeof(struct usb_cdc_ncm_ndp32), 469 .dpe_size = sizeof(struct usb_cdc_ncm_dpe32), 470 .ndplen_align = 8, 471 .dgram_item_len = 2, 472 .block_length = 2, 473 .ndp_index = 2, 474 .reserved1 = 1, 475 .reserved2 = 2, 476 .next_ndp_index = 2, 477}; 478 479static inline void put_ncm(__le16 **p, unsigned size, unsigned val) 480{ 481 switch (size) { 482 case 1: 483 put_unaligned_le16((u16)val, *p); 484 break; 485 case 2: 486 put_unaligned_le32((u32)val, *p); 487 488 break; 489 default: 490 BUG(); 491 } 492 493 *p += size; 494} 495 496static inline unsigned get_ncm(__le16 **p, unsigned size) 497{ 498 unsigned tmp; 499 500 switch (size) { 501 case 1: 502 tmp = get_unaligned_le16(*p); 503 break; 504 case 2: 505 tmp = get_unaligned_le32(*p); 506 break; 507 default: 508 BUG(); 509 } 510 511 *p += size; 512 return tmp; 513} 514 515/*-------------------------------------------------------------------------*/ 516 517static inline void ncm_reset_values(struct f_ncm *ncm) 518{ 519 ncm->parser_opts = &ndp16_opts; 520 ncm->is_crc = false; 521 ncm->ndp_sign = ncm->parser_opts->ndp_sign; 522 ncm->port.cdc_filter = DEFAULT_FILTER; 523 524 /* doesn't make sense for ncm, fixed size used */ 525 ncm->port.header_len = 0; 526 527 ncm->port.fixed_out_len = le32_to_cpu(ntb_parameters.dwNtbOutMaxSize); 528 ncm->port.fixed_in_len = NTB_DEFAULT_IN_SIZE; 529} 530 531/* 532 * Context: ncm->lock held 533 */ 534static void ncm_do_notify(struct f_ncm *ncm) 535{ 536 struct usb_request *req = ncm->notify_req; 537 struct usb_cdc_notification *event; 538 struct usb_composite_dev *cdev = ncm->port.func.config->cdev; 539 __le32 *data; 540 int status; 541 542 /* notification already in flight? */ 543 if (atomic_read(&ncm->notify_count)) 544 return; 545 546 event = req->buf; 547 switch (ncm->notify_state) { 548 case NCM_NOTIFY_NONE: 549 return; 550 551 case NCM_NOTIFY_CONNECT: 552 event->bNotificationType = USB_CDC_NOTIFY_NETWORK_CONNECTION; 553 if (ncm->is_open) 554 event->wValue = cpu_to_le16(1); 555 else 556 event->wValue = cpu_to_le16(0); 557 event->wLength = 0; 558 req->length = sizeof *event; 559 560 DBG(cdev, "notify connect %s\n", 561 ncm->is_open ? "true" : "false"); 562 ncm->notify_state = NCM_NOTIFY_NONE; 563 break; 564 565 case NCM_NOTIFY_SPEED: 566 event->bNotificationType = USB_CDC_NOTIFY_SPEED_CHANGE; 567 event->wValue = cpu_to_le16(0); 568 event->wLength = cpu_to_le16(8); 569 req->length = NCM_STATUS_BYTECOUNT; 570 571 /* SPEED_CHANGE data is up/down speeds in bits/sec */ 572 data = req->buf + sizeof *event; 573 data[0] = cpu_to_le32(gether_bitrate(cdev->gadget)); 574 data[1] = data[0]; 575 576 DBG(cdev, "notify speed %u\n", gether_bitrate(cdev->gadget)); 577 ncm->notify_state = NCM_NOTIFY_CONNECT; 578 break; 579 } 580 event->bmRequestType = 0xA1; 581 event->wIndex = cpu_to_le16(ncm->ctrl_id); 582 583 atomic_inc(&ncm->notify_count); 584 585 /* 586 * In double buffering if there is a space in FIFO, 587 * completion callback can be called right after the call, 588 * so unlocking 589 */ 590 spin_unlock(&ncm->lock); 591 status = usb_ep_queue(ncm->notify, req, GFP_ATOMIC); 592 spin_lock(&ncm->lock); 593 if (status < 0) { 594 atomic_dec(&ncm->notify_count); 595 DBG(cdev, "notify --> %d\n", status); 596 } 597} 598 599/* 600 * Context: ncm->lock held 601 */ 602static void ncm_notify(struct f_ncm *ncm) 603{ 604 /* 605 * NOTE on most versions of Linux, host side cdc-ethernet 606 * won't listen for notifications until its netdevice opens. 607 * The first notification then sits in the FIFO for a long 608 * time, and the second one is queued. 609 * 610 * If ncm_notify() is called before the second (CONNECT) 611 * notification is sent, then it will reset to send the SPEED 612 * notificaion again (and again, and again), but it's not a problem 613 */ 614 ncm->notify_state = NCM_NOTIFY_SPEED; 615 ncm_do_notify(ncm); 616} 617 618static void ncm_notify_complete(struct usb_ep *ep, struct usb_request *req) 619{ 620 struct f_ncm *ncm = req->context; 621 struct usb_composite_dev *cdev = ncm->port.func.config->cdev; 622 struct usb_cdc_notification *event = req->buf; 623 624 spin_lock(&ncm->lock); 625 switch (req->status) { 626 case 0: 627 VDBG(cdev, "Notification %02x sent\n", 628 event->bNotificationType); 629 atomic_dec(&ncm->notify_count); 630 break; 631 case -ECONNRESET: 632 case -ESHUTDOWN: 633 atomic_set(&ncm->notify_count, 0); 634 ncm->notify_state = NCM_NOTIFY_NONE; 635 break; 636 default: 637 DBG(cdev, "event %02x --> %d\n", 638 event->bNotificationType, req->status); 639 atomic_dec(&ncm->notify_count); 640 break; 641 } 642 ncm_do_notify(ncm); 643 spin_unlock(&ncm->lock); 644} 645 646static void ncm_ep0out_complete(struct usb_ep *ep, struct usb_request *req) 647{ 648 /* now for SET_NTB_INPUT_SIZE only */ 649 unsigned in_size; 650 struct usb_function *f = req->context; 651 struct f_ncm *ncm = func_to_ncm(f); 652 struct usb_composite_dev *cdev = f->config->cdev; 653 654 req->context = NULL; 655 if (req->status || req->actual != req->length) { 656 DBG(cdev, "Bad control-OUT transfer\n"); 657 goto invalid; 658 } 659 660 in_size = get_unaligned_le32(req->buf); 661 if (in_size < USB_CDC_NCM_NTB_MIN_IN_SIZE || 662 in_size > le32_to_cpu(ntb_parameters.dwNtbInMaxSize)) { 663 DBG(cdev, "Got wrong INPUT SIZE (%d) from host\n", in_size); 664 goto invalid; 665 } 666 667 ncm->port.fixed_in_len = in_size; 668 VDBG(cdev, "Set NTB INPUT SIZE %d\n", in_size); 669 return; 670 671invalid: 672 usb_ep_set_halt(ep); 673 return; 674} 675 676static int ncm_setup(struct usb_function *f, const struct usb_ctrlrequest *ctrl) 677{ 678 struct f_ncm *ncm = func_to_ncm(f); 679 struct usb_composite_dev *cdev = f->config->cdev; 680 struct usb_request *req = cdev->req; 681 int value = -EOPNOTSUPP; 682 u16 w_index = le16_to_cpu(ctrl->wIndex); 683 u16 w_value = le16_to_cpu(ctrl->wValue); 684 u16 w_length = le16_to_cpu(ctrl->wLength); 685 686 /* 687 * composite driver infrastructure handles everything except 688 * CDC class messages; interface activation uses set_alt(). 689 */ 690 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) { 691 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 692 | USB_CDC_SET_ETHERNET_PACKET_FILTER: 693 /* 694 * see 6.2.30: no data, wIndex = interface, 695 * wValue = packet filter bitmap 696 */ 697 if (w_length != 0 || w_index != ncm->ctrl_id) 698 goto invalid; 699 DBG(cdev, "packet filter %02x\n", w_value); 700 /* 701 * REVISIT locking of cdc_filter. This assumes the UDC 702 * driver won't have a concurrent packet TX irq running on 703 * another CPU; or that if it does, this write is atomic... 704 */ 705 ncm->port.cdc_filter = w_value; 706 value = 0; 707 break; 708 /* 709 * and optionally: 710 * case USB_CDC_SEND_ENCAPSULATED_COMMAND: 711 * case USB_CDC_GET_ENCAPSULATED_RESPONSE: 712 * case USB_CDC_SET_ETHERNET_MULTICAST_FILTERS: 713 * case USB_CDC_SET_ETHERNET_PM_PATTERN_FILTER: 714 * case USB_CDC_GET_ETHERNET_PM_PATTERN_FILTER: 715 * case USB_CDC_GET_ETHERNET_STATISTIC: 716 */ 717 718 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 719 | USB_CDC_GET_NTB_PARAMETERS: 720 721 if (w_length == 0 || w_value != 0 || w_index != ncm->ctrl_id) 722 goto invalid; 723 value = w_length > sizeof ntb_parameters ? 724 sizeof ntb_parameters : w_length; 725 memcpy(req->buf, &ntb_parameters, value); 726 VDBG(cdev, "Host asked NTB parameters\n"); 727 break; 728 729 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 730 | USB_CDC_GET_NTB_INPUT_SIZE: 731 732 if (w_length < 4 || w_value != 0 || w_index != ncm->ctrl_id) 733 goto invalid; 734 put_unaligned_le32(ncm->port.fixed_in_len, req->buf); 735 value = 4; 736 VDBG(cdev, "Host asked INPUT SIZE, sending %d\n", 737 ncm->port.fixed_in_len); 738 break; 739 740 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 741 | USB_CDC_SET_NTB_INPUT_SIZE: 742 { 743 if (w_length != 4 || w_value != 0 || w_index != ncm->ctrl_id) 744 goto invalid; 745 req->complete = ncm_ep0out_complete; 746 req->length = w_length; 747 req->context = f; 748 749 value = req->length; 750 break; 751 } 752 753 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 754 | USB_CDC_GET_NTB_FORMAT: 755 { 756 uint16_t format; 757 758 if (w_length < 2 || w_value != 0 || w_index != ncm->ctrl_id) 759 goto invalid; 760 format = (ncm->parser_opts == &ndp16_opts) ? 0x0000 : 0x0001; 761 put_unaligned_le16(format, req->buf); 762 value = 2; 763 VDBG(cdev, "Host asked NTB FORMAT, sending %d\n", format); 764 break; 765 } 766 767 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 768 | USB_CDC_SET_NTB_FORMAT: 769 { 770 if (w_length != 0 || w_index != ncm->ctrl_id) 771 goto invalid; 772 switch (w_value) { 773 case 0x0000: 774 ncm->parser_opts = &ndp16_opts; 775 DBG(cdev, "NCM16 selected\n"); 776 break; 777 case 0x0001: 778 ncm->parser_opts = &ndp32_opts; 779 DBG(cdev, "NCM32 selected\n"); 780 break; 781 default: 782 goto invalid; 783 } 784 value = 0; 785 break; 786 } 787 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 788 | USB_CDC_GET_CRC_MODE: 789 { 790 uint16_t is_crc; 791 792 if (w_length < 2 || w_value != 0 || w_index != ncm->ctrl_id) 793 goto invalid; 794 is_crc = ncm->is_crc ? 0x0001 : 0x0000; 795 put_unaligned_le16(is_crc, req->buf); 796 value = 2; 797 VDBG(cdev, "Host asked CRC MODE, sending %d\n", is_crc); 798 break; 799 } 800 801 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 802 | USB_CDC_SET_CRC_MODE: 803 { 804 if (w_length != 0 || w_index != ncm->ctrl_id) 805 goto invalid; 806 switch (w_value) { 807 case 0x0000: 808 ncm->is_crc = false; 809 DBG(cdev, "non-CRC mode selected\n"); 810 break; 811 case 0x0001: 812 ncm->is_crc = true; 813 DBG(cdev, "CRC mode selected\n"); 814 break; 815 default: 816 goto invalid; 817 } 818 value = 0; 819 break; 820 } 821 822 /* and disabled in ncm descriptor: */ 823 /* case USB_CDC_GET_NET_ADDRESS: */ 824 /* case USB_CDC_SET_NET_ADDRESS: */ 825 /* case USB_CDC_GET_MAX_DATAGRAM_SIZE: */ 826 /* case USB_CDC_SET_MAX_DATAGRAM_SIZE: */ 827 828 default: 829invalid: 830 DBG(cdev, "invalid control req%02x.%02x v%04x i%04x l%d\n", 831 ctrl->bRequestType, ctrl->bRequest, 832 w_value, w_index, w_length); 833 } 834 ncm->ndp_sign = ncm->parser_opts->ndp_sign | 835 (ncm->is_crc ? NCM_NDP_HDR_CRC : 0); 836 837 /* respond with data transfer or status phase? */ 838 if (value >= 0) { 839 DBG(cdev, "ncm req%02x.%02x v%04x i%04x l%d\n", 840 ctrl->bRequestType, ctrl->bRequest, 841 w_value, w_index, w_length); 842 req->zero = 0; 843 req->length = value; 844 value = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC); 845 if (value < 0) 846 ERROR(cdev, "ncm req %02x.%02x response err %d\n", 847 ctrl->bRequestType, ctrl->bRequest, 848 value); 849 } 850 851 /* device either stalls (value < 0) or reports success */ 852 return value; 853} 854 855 856static int ncm_set_alt(struct usb_function *f, unsigned intf, unsigned alt) 857{ 858 struct f_ncm *ncm = func_to_ncm(f); 859 struct usb_composite_dev *cdev = f->config->cdev; 860 861 /* Control interface has only altsetting 0 */ 862 if (intf == ncm->ctrl_id) { 863 if (alt != 0) 864 goto fail; 865 866 DBG(cdev, "reset ncm control %d\n", intf); 867 usb_ep_disable(ncm->notify); 868 869 if (!(ncm->notify->desc)) { 870 DBG(cdev, "init ncm ctrl %d\n", intf); 871 if (config_ep_by_speed(cdev->gadget, f, ncm->notify)) 872 goto fail; 873 } 874 usb_ep_enable(ncm->notify); 875 876 /* Data interface has two altsettings, 0 and 1 */ 877 } else if (intf == ncm->data_id) { 878 if (alt > 1) 879 goto fail; 880 881 if (ncm->netdev) { 882 DBG(cdev, "reset ncm\n"); 883 ncm->netdev = NULL; 884 gether_disconnect(&ncm->port); 885 ncm_reset_values(ncm); 886 } 887 888 /* 889 * CDC Network only sends data in non-default altsettings. 890 * Changing altsettings resets filters, statistics, etc. 891 */ 892 if (alt == 1) { 893 struct net_device *net; 894 895 if (!ncm->port.in_ep->desc || 896 !ncm->port.out_ep->desc) { 897 DBG(cdev, "init ncm\n"); 898 if (config_ep_by_speed(cdev->gadget, f, 899 ncm->port.in_ep) || 900 config_ep_by_speed(cdev->gadget, f, 901 ncm->port.out_ep)) { 902 ncm->port.in_ep->desc = NULL; 903 ncm->port.out_ep->desc = NULL; 904 goto fail; 905 } 906 } 907 908 /* TODO */ 909 /* Enable zlps by default for NCM conformance; 910 * override for musb_hdrc (avoids txdma ovhead) 911 */ 912 ncm->port.is_zlp_ok = 913 gadget_is_zlp_supported(cdev->gadget); 914 ncm->port.cdc_filter = DEFAULT_FILTER; 915 DBG(cdev, "activate ncm\n"); 916 net = gether_connect(&ncm->port); 917 if (IS_ERR(net)) 918 return PTR_ERR(net); 919 ncm->netdev = net; 920 } 921 922 spin_lock(&ncm->lock); 923 ncm_notify(ncm); 924 spin_unlock(&ncm->lock); 925 } else 926 goto fail; 927 928 return 0; 929fail: 930 return -EINVAL; 931} 932 933/* 934 * Because the data interface supports multiple altsettings, 935 * this NCM function *MUST* implement a get_alt() method. 936 */ 937static int ncm_get_alt(struct usb_function *f, unsigned intf) 938{ 939 struct f_ncm *ncm = func_to_ncm(f); 940 941 if (intf == ncm->ctrl_id) 942 return 0; 943 return ncm->port.in_ep->enabled ? 1 : 0; 944} 945 946static struct sk_buff *package_for_tx(struct f_ncm *ncm) 947{ 948 __le16 *ntb_iter; 949 struct sk_buff *skb2 = NULL; 950 unsigned ndp_pad; 951 unsigned ndp_index; 952 unsigned new_len; 953 954 const struct ndp_parser_opts *opts = ncm->parser_opts; 955 const int ndp_align = le16_to_cpu(ntb_parameters.wNdpInAlignment); 956 const int dgram_idx_len = 2 * 2 * opts->dgram_item_len; 957 958 /* Stop the timer */ 959 hrtimer_try_to_cancel(&ncm->task_timer); 960 961 ndp_pad = ALIGN(ncm->skb_tx_data->len, ndp_align) - 962 ncm->skb_tx_data->len; 963 ndp_index = ncm->skb_tx_data->len + ndp_pad; 964 new_len = ndp_index + dgram_idx_len + ncm->skb_tx_ndp->len; 965 966 /* Set the final BlockLength and wNdpIndex */ 967 ntb_iter = (void *) ncm->skb_tx_data->data; 968 /* Increment pointer to BlockLength */ 969 ntb_iter += 2 + 1 + 1; 970 put_ncm(&ntb_iter, opts->block_length, new_len); 971 put_ncm(&ntb_iter, opts->ndp_index, ndp_index); 972 973 /* Set the final NDP wLength */ 974 new_len = opts->ndp_size + 975 (ncm->ndp_dgram_count * dgram_idx_len); 976 ncm->ndp_dgram_count = 0; 977 /* Increment from start to wLength */ 978 ntb_iter = (void *) ncm->skb_tx_ndp->data; 979 ntb_iter += 2; 980 put_unaligned_le16(new_len, ntb_iter); 981 982 /* Merge the skbs */ 983 swap(skb2, ncm->skb_tx_data); 984 if (ncm->skb_tx_data) { 985 dev_consume_skb_any(ncm->skb_tx_data); 986 ncm->skb_tx_data = NULL; 987 } 988 989 /* Insert NDP alignment. */ 990 skb_put_zero(skb2, ndp_pad); 991 992 /* Copy NTB across. */ 993 skb_put_data(skb2, ncm->skb_tx_ndp->data, ncm->skb_tx_ndp->len); 994 dev_consume_skb_any(ncm->skb_tx_ndp); 995 ncm->skb_tx_ndp = NULL; 996 997 /* Insert zero'd datagram. */ 998 skb_put_zero(skb2, dgram_idx_len); 999 1000 return skb2; 1001} 1002 1003static struct sk_buff *ncm_wrap_ntb(struct gether *port, 1004 struct sk_buff *skb) 1005{ 1006 struct f_ncm *ncm = func_to_ncm(&port->func); 1007 struct sk_buff *skb2 = NULL; 1008 1009 if (skb) { 1010 int ncb_len = 0; 1011 __le16 *ntb_data; 1012 __le16 *ntb_ndp; 1013 int dgram_pad; 1014 1015 unsigned max_size = ncm->port.fixed_in_len; 1016 const struct ndp_parser_opts *opts = ncm->parser_opts; 1017 const int ndp_align = le16_to_cpu(ntb_parameters.wNdpInAlignment); 1018 const int div = le16_to_cpu(ntb_parameters.wNdpInDivisor); 1019 const int rem = le16_to_cpu(ntb_parameters.wNdpInPayloadRemainder); 1020 const int dgram_idx_len = 2 * 2 * opts->dgram_item_len; 1021 1022 /* Add the CRC if required up front */ 1023 if (ncm->is_crc) { 1024 uint32_t crc; 1025 __le16 *crc_pos; 1026 1027 crc = ~crc32_le(~0, 1028 skb->data, 1029 skb->len); 1030 crc_pos = skb_put(skb, sizeof(uint32_t)); 1031 put_unaligned_le32(crc, crc_pos); 1032 } 1033 1034 /* If the new skb is too big for the current NCM NTB then 1035 * set the current stored skb to be sent now and clear it 1036 * ready for new data. 1037 * NOTE: Assume maximum align for speed of calculation. 1038 */ 1039 if (ncm->skb_tx_data 1040 && (ncm->ndp_dgram_count >= TX_MAX_NUM_DPE 1041 || (ncm->skb_tx_data->len + 1042 div + rem + skb->len + 1043 ncm->skb_tx_ndp->len + ndp_align + (2 * dgram_idx_len)) 1044 > max_size)) { 1045 skb2 = package_for_tx(ncm); 1046 if (!skb2) 1047 goto err; 1048 } 1049 1050 if (!ncm->skb_tx_data) { 1051 ncb_len = opts->nth_size; 1052 dgram_pad = ALIGN(ncb_len, div) + rem - ncb_len; 1053 ncb_len += dgram_pad; 1054 1055 /* Create a new skb for the NTH and datagrams. */ 1056 ncm->skb_tx_data = alloc_skb(max_size, GFP_ATOMIC); 1057 if (!ncm->skb_tx_data) 1058 goto err; 1059 1060 ncm->skb_tx_data->dev = ncm->netdev; 1061 ntb_data = skb_put_zero(ncm->skb_tx_data, ncb_len); 1062 /* dwSignature */ 1063 put_unaligned_le32(opts->nth_sign, ntb_data); 1064 ntb_data += 2; 1065 /* wHeaderLength */ 1066 put_unaligned_le16(opts->nth_size, ntb_data++); 1067 1068 /* Allocate an skb for storing the NDP, 1069 * TX_MAX_NUM_DPE should easily suffice for a 1070 * 16k packet. 1071 */ 1072 ncm->skb_tx_ndp = alloc_skb((int)(opts->ndp_size 1073 + opts->dpe_size 1074 * TX_MAX_NUM_DPE), 1075 GFP_ATOMIC); 1076 if (!ncm->skb_tx_ndp) 1077 goto err; 1078 1079 ncm->skb_tx_ndp->dev = ncm->netdev; 1080 ntb_ndp = skb_put(ncm->skb_tx_ndp, opts->ndp_size); 1081 memset(ntb_ndp, 0, ncb_len); 1082 /* dwSignature */ 1083 put_unaligned_le32(ncm->ndp_sign, ntb_ndp); 1084 ntb_ndp += 2; 1085 1086 /* There is always a zeroed entry */ 1087 ncm->ndp_dgram_count = 1; 1088 1089 /* Note: we skip opts->next_ndp_index */ 1090 1091 /* Start the timer. */ 1092 hrtimer_start(&ncm->task_timer, TX_TIMEOUT_NSECS, 1093 HRTIMER_MODE_REL_SOFT); 1094 } 1095 1096 /* Add the datagram position entries */ 1097 ntb_ndp = skb_put_zero(ncm->skb_tx_ndp, dgram_idx_len); 1098 1099 ncb_len = ncm->skb_tx_data->len; 1100 dgram_pad = ALIGN(ncb_len, div) + rem - ncb_len; 1101 ncb_len += dgram_pad; 1102 1103 /* (d)wDatagramIndex */ 1104 put_ncm(&ntb_ndp, opts->dgram_item_len, ncb_len); 1105 /* (d)wDatagramLength */ 1106 put_ncm(&ntb_ndp, opts->dgram_item_len, skb->len); 1107 ncm->ndp_dgram_count++; 1108 1109 /* Add the new data to the skb */ 1110 skb_put_zero(ncm->skb_tx_data, dgram_pad); 1111 skb_put_data(ncm->skb_tx_data, skb->data, skb->len); 1112 dev_consume_skb_any(skb); 1113 skb = NULL; 1114 1115 } else if (ncm->skb_tx_data) { 1116 /* If we get here ncm_wrap_ntb() was called with NULL skb, 1117 * because eth_start_xmit() was called with NULL skb by 1118 * ncm_tx_timeout() - hence, this is our signal to flush/send. 1119 */ 1120 skb2 = package_for_tx(ncm); 1121 if (!skb2) 1122 goto err; 1123 } 1124 1125 return skb2; 1126 1127err: 1128 ncm->netdev->stats.tx_dropped++; 1129 1130 if (skb) 1131 dev_kfree_skb_any(skb); 1132 if (ncm->skb_tx_data) 1133 dev_kfree_skb_any(ncm->skb_tx_data); 1134 if (ncm->skb_tx_ndp) 1135 dev_kfree_skb_any(ncm->skb_tx_ndp); 1136 1137 return NULL; 1138} 1139 1140/* 1141 * The transmit should only be run if no skb data has been sent 1142 * for a certain duration. 1143 */ 1144static enum hrtimer_restart ncm_tx_timeout(struct hrtimer *data) 1145{ 1146 struct f_ncm *ncm = container_of(data, struct f_ncm, task_timer); 1147 struct net_device *netdev = READ_ONCE(ncm->netdev); 1148 1149 if (netdev) { 1150 /* XXX This allowance of a NULL skb argument to ndo_start_xmit 1151 * XXX is not sane. The gadget layer should be redesigned so 1152 * XXX that the dev->wrap() invocations to build SKBs is transparent 1153 * XXX and performed in some way outside of the ndo_start_xmit 1154 * XXX interface. 1155 * 1156 * This will call directly into u_ether's eth_start_xmit() 1157 */ 1158 netdev->netdev_ops->ndo_start_xmit(NULL, netdev); 1159 } 1160 return HRTIMER_NORESTART; 1161} 1162 1163static int ncm_unwrap_ntb(struct gether *port, 1164 struct sk_buff *skb, 1165 struct sk_buff_head *list) 1166{ 1167 struct f_ncm *ncm = func_to_ncm(&port->func); 1168 unsigned char *ntb_ptr = skb->data; 1169 __le16 *tmp; 1170 unsigned index, index2; 1171 int ndp_index; 1172 unsigned dg_len, dg_len2; 1173 unsigned ndp_len; 1174 unsigned block_len; 1175 struct sk_buff *skb2; 1176 int ret = -EINVAL; 1177 unsigned ntb_max = le32_to_cpu(ntb_parameters.dwNtbOutMaxSize); 1178 unsigned frame_max; 1179 const struct ndp_parser_opts *opts = ncm->parser_opts; 1180 unsigned crc_len = ncm->is_crc ? sizeof(uint32_t) : 0; 1181 int dgram_counter; 1182 int to_process = skb->len; 1183 struct f_ncm_opts *ncm_opts; 1184 1185 ncm_opts = container_of(port->func.fi, struct f_ncm_opts, func_inst); 1186 frame_max = ncm_opts->max_segment_size; 1187 1188parse_ntb: 1189 tmp = (__le16 *)ntb_ptr; 1190 1191 /* dwSignature */ 1192 if (get_unaligned_le32(tmp) != opts->nth_sign) { 1193 INFO(port->func.config->cdev, "Wrong NTH SIGN, skblen %d\n", 1194 skb->len); 1195 print_hex_dump(KERN_INFO, "HEAD:", DUMP_PREFIX_ADDRESS, 32, 1, 1196 skb->data, 32, false); 1197 1198 goto err; 1199 } 1200 tmp += 2; 1201 /* wHeaderLength */ 1202 if (get_unaligned_le16(tmp++) != opts->nth_size) { 1203 INFO(port->func.config->cdev, "Wrong NTB headersize\n"); 1204 goto err; 1205 } 1206 tmp++; /* skip wSequence */ 1207 1208 block_len = get_ncm(&tmp, opts->block_length); 1209 /* (d)wBlockLength */ 1210 if (block_len > ntb_max) { 1211 INFO(port->func.config->cdev, "OUT size exceeded\n"); 1212 goto err; 1213 } 1214 1215 ndp_index = get_ncm(&tmp, opts->ndp_index); 1216 1217 /* Run through all the NDP's in the NTB */ 1218 do { 1219 /* 1220 * NCM 3.2 1221 * dwNdpIndex 1222 */ 1223 if (((ndp_index % 4) != 0) || 1224 (ndp_index < opts->nth_size) || 1225 (ndp_index > (block_len - 1226 opts->ndp_size))) { 1227 INFO(port->func.config->cdev, "Bad index: %#X\n", 1228 ndp_index); 1229 goto err; 1230 } 1231 1232 /* 1233 * walk through NDP 1234 * dwSignature 1235 */ 1236 tmp = (__le16 *)(ntb_ptr + ndp_index); 1237 if (get_unaligned_le32(tmp) != ncm->ndp_sign) { 1238 INFO(port->func.config->cdev, "Wrong NDP SIGN\n"); 1239 goto err; 1240 } 1241 tmp += 2; 1242 1243 ndp_len = get_unaligned_le16(tmp++); 1244 /* 1245 * NCM 3.3.1 1246 * wLength 1247 * entry is 2 items 1248 * item size is 16/32 bits, opts->dgram_item_len * 2 bytes 1249 * minimal: struct usb_cdc_ncm_ndpX + normal entry + zero entry 1250 * Each entry is a dgram index and a dgram length. 1251 */ 1252 if ((ndp_len < opts->ndp_size 1253 + 2 * 2 * (opts->dgram_item_len * 2)) || 1254 (ndp_len % opts->ndplen_align != 0)) { 1255 INFO(port->func.config->cdev, "Bad NDP length: %#X\n", 1256 ndp_len); 1257 goto err; 1258 } 1259 tmp += opts->reserved1; 1260 /* Check for another NDP (d)wNextNdpIndex */ 1261 ndp_index = get_ncm(&tmp, opts->next_ndp_index); 1262 tmp += opts->reserved2; 1263 1264 ndp_len -= opts->ndp_size; 1265 index2 = get_ncm(&tmp, opts->dgram_item_len); 1266 dg_len2 = get_ncm(&tmp, opts->dgram_item_len); 1267 dgram_counter = 0; 1268 1269 do { 1270 index = index2; 1271 /* wDatagramIndex[0] */ 1272 if ((index < opts->nth_size) || 1273 (index > block_len - opts->dpe_size)) { 1274 INFO(port->func.config->cdev, 1275 "Bad index: %#X\n", index); 1276 goto err; 1277 } 1278 1279 dg_len = dg_len2; 1280 /* 1281 * wDatagramLength[0] 1282 * ethernet hdr + crc or larger than max frame size 1283 */ 1284 if ((dg_len < 14 + crc_len) || 1285 (dg_len > frame_max)) { 1286 INFO(port->func.config->cdev, 1287 "Bad dgram length: %#X\n", dg_len); 1288 goto err; 1289 } 1290 if (ncm->is_crc) { 1291 uint32_t crc, crc2; 1292 1293 crc = get_unaligned_le32(ntb_ptr + 1294 index + dg_len - 1295 crc_len); 1296 crc2 = ~crc32_le(~0, 1297 ntb_ptr + index, 1298 dg_len - crc_len); 1299 if (crc != crc2) { 1300 INFO(port->func.config->cdev, 1301 "Bad CRC\n"); 1302 goto err; 1303 } 1304 } 1305 1306 index2 = get_ncm(&tmp, opts->dgram_item_len); 1307 dg_len2 = get_ncm(&tmp, opts->dgram_item_len); 1308 1309 /* wDatagramIndex[1] */ 1310 if (index2 > block_len - opts->dpe_size) { 1311 INFO(port->func.config->cdev, 1312 "Bad index: %#X\n", index2); 1313 goto err; 1314 } 1315 1316 /* 1317 * Copy the data into a new skb. 1318 * This ensures the truesize is correct 1319 */ 1320 skb2 = netdev_alloc_skb_ip_align(ncm->netdev, 1321 dg_len - crc_len); 1322 if (skb2 == NULL) 1323 goto err; 1324 skb_put_data(skb2, ntb_ptr + index, 1325 dg_len - crc_len); 1326 1327 skb_queue_tail(list, skb2); 1328 1329 ndp_len -= 2 * (opts->dgram_item_len * 2); 1330 1331 dgram_counter++; 1332 if (index2 == 0 || dg_len2 == 0) 1333 break; 1334 } while (ndp_len > 2 * (opts->dgram_item_len * 2)); 1335 } while (ndp_index); 1336 1337 VDBG(port->func.config->cdev, 1338 "Parsed NTB with %d frames\n", dgram_counter); 1339 1340 to_process -= block_len; 1341 1342 /* 1343 * Windows NCM driver avoids USB ZLPs by adding a 1-byte 1344 * zero pad as needed. 1345 */ 1346 if (to_process == 1 && 1347 (*(unsigned char *)(ntb_ptr + block_len) == 0x00)) { 1348 to_process--; 1349 } else if ((to_process > 0) && (block_len != 0)) { 1350 ntb_ptr = (unsigned char *)(ntb_ptr + block_len); 1351 goto parse_ntb; 1352 } 1353 1354 dev_consume_skb_any(skb); 1355 1356 return 0; 1357err: 1358 skb_queue_purge(list); 1359 dev_kfree_skb_any(skb); 1360 return ret; 1361} 1362 1363static void ncm_disable(struct usb_function *f) 1364{ 1365 struct f_ncm *ncm = func_to_ncm(f); 1366 struct usb_composite_dev *cdev = f->config->cdev; 1367 1368 DBG(cdev, "ncm deactivated\n"); 1369 1370 if (ncm->netdev) { 1371 ncm->netdev = NULL; 1372 gether_disconnect(&ncm->port); 1373 } 1374 1375 if (ncm->notify->enabled) { 1376 usb_ep_disable(ncm->notify); 1377 ncm->notify->desc = NULL; 1378 } 1379} 1380 1381/*-------------------------------------------------------------------------*/ 1382 1383/* 1384 * Callbacks let us notify the host about connect/disconnect when the 1385 * net device is opened or closed. 1386 * 1387 * For testing, note that link states on this side include both opened 1388 * and closed variants of: 1389 * 1390 * - disconnected/unconfigured 1391 * - configured but inactive (data alt 0) 1392 * - configured and active (data alt 1) 1393 * 1394 * Each needs to be tested with unplug, rmmod, SET_CONFIGURATION, and 1395 * SET_INTERFACE (altsetting). Remember also that "configured" doesn't 1396 * imply the host is actually polling the notification endpoint, and 1397 * likewise that "active" doesn't imply it's actually using the data 1398 * endpoints for traffic. 1399 */ 1400 1401static void ncm_open(struct gether *geth) 1402{ 1403 struct f_ncm *ncm = func_to_ncm(&geth->func); 1404 1405 DBG(ncm->port.func.config->cdev, "%s\n", __func__); 1406 1407 spin_lock(&ncm->lock); 1408 ncm->is_open = true; 1409 ncm_notify(ncm); 1410 spin_unlock(&ncm->lock); 1411} 1412 1413static void ncm_close(struct gether *geth) 1414{ 1415 struct f_ncm *ncm = func_to_ncm(&geth->func); 1416 1417 DBG(ncm->port.func.config->cdev, "%s\n", __func__); 1418 1419 spin_lock(&ncm->lock); 1420 ncm->is_open = false; 1421 ncm_notify(ncm); 1422 spin_unlock(&ncm->lock); 1423} 1424 1425/*-------------------------------------------------------------------------*/ 1426 1427/* ethernet function driver setup/binding */ 1428 1429static int ncm_bind(struct usb_configuration *c, struct usb_function *f) 1430{ 1431 struct usb_composite_dev *cdev = c->cdev; 1432 struct f_ncm *ncm = func_to_ncm(f); 1433 struct usb_string *us; 1434 int status = 0; 1435 struct usb_ep *ep; 1436 struct f_ncm_opts *ncm_opts; 1437 1438 if (!can_support_ecm(cdev->gadget)) 1439 return -EINVAL; 1440 1441 ncm_opts = container_of(f->fi, struct f_ncm_opts, func_inst); 1442 1443 if (cdev->use_os_string) { 1444 f->os_desc_table = kzalloc(sizeof(*f->os_desc_table), 1445 GFP_KERNEL); 1446 if (!f->os_desc_table) 1447 return -ENOMEM; 1448 f->os_desc_n = 1; 1449 f->os_desc_table[0].os_desc = &ncm_opts->ncm_os_desc; 1450 } 1451 1452 mutex_lock(&ncm_opts->lock); 1453 gether_set_gadget(ncm_opts->net, cdev->gadget); 1454 if (!ncm_opts->bound) { 1455 ncm_opts->net->mtu = (ncm_opts->max_segment_size - ETH_HLEN); 1456 status = gether_register_netdev(ncm_opts->net); 1457 } 1458 mutex_unlock(&ncm_opts->lock); 1459 1460 if (status) 1461 goto fail; 1462 1463 ncm_opts->bound = true; 1464 1465 us = usb_gstrings_attach(cdev, ncm_strings, 1466 ARRAY_SIZE(ncm_string_defs)); 1467 if (IS_ERR(us)) { 1468 status = PTR_ERR(us); 1469 goto fail; 1470 } 1471 ncm_control_intf.iInterface = us[STRING_CTRL_IDX].id; 1472 ncm_data_nop_intf.iInterface = us[STRING_DATA_IDX].id; 1473 ncm_data_intf.iInterface = us[STRING_DATA_IDX].id; 1474 ecm_desc.iMACAddress = us[STRING_MAC_IDX].id; 1475 ncm_iad_desc.iFunction = us[STRING_IAD_IDX].id; 1476 1477 /* allocate instance-specific interface IDs */ 1478 status = usb_interface_id(c, f); 1479 if (status < 0) 1480 goto fail; 1481 ncm->ctrl_id = status; 1482 ncm_iad_desc.bFirstInterface = status; 1483 1484 ncm_control_intf.bInterfaceNumber = status; 1485 ncm_union_desc.bMasterInterface0 = status; 1486 1487 if (cdev->use_os_string) 1488 f->os_desc_table[0].if_id = 1489 ncm_iad_desc.bFirstInterface; 1490 1491 status = usb_interface_id(c, f); 1492 if (status < 0) 1493 goto fail; 1494 ncm->data_id = status; 1495 1496 ncm_data_nop_intf.bInterfaceNumber = status; 1497 ncm_data_intf.bInterfaceNumber = status; 1498 ncm_union_desc.bSlaveInterface0 = status; 1499 1500 ecm_desc.wMaxSegmentSize = cpu_to_le16(ncm_opts->max_segment_size); 1501 1502 status = -ENODEV; 1503 1504 /* allocate instance-specific endpoints */ 1505 ep = usb_ep_autoconfig(cdev->gadget, &fs_ncm_in_desc); 1506 if (!ep) 1507 goto fail; 1508 ncm->port.in_ep = ep; 1509 1510 ep = usb_ep_autoconfig(cdev->gadget, &fs_ncm_out_desc); 1511 if (!ep) 1512 goto fail; 1513 ncm->port.out_ep = ep; 1514 1515 ep = usb_ep_autoconfig(cdev->gadget, &fs_ncm_notify_desc); 1516 if (!ep) 1517 goto fail; 1518 ncm->notify = ep; 1519 1520 status = -ENOMEM; 1521 1522 /* allocate notification request and buffer */ 1523 ncm->notify_req = usb_ep_alloc_request(ep, GFP_KERNEL); 1524 if (!ncm->notify_req) 1525 goto fail; 1526 ncm->notify_req->buf = kmalloc(NCM_STATUS_BYTECOUNT, GFP_KERNEL); 1527 if (!ncm->notify_req->buf) 1528 goto fail; 1529 ncm->notify_req->context = ncm; 1530 ncm->notify_req->complete = ncm_notify_complete; 1531 1532 /* 1533 * support all relevant hardware speeds... we expect that when 1534 * hardware is dual speed, all bulk-capable endpoints work at 1535 * both speeds 1536 */ 1537 hs_ncm_in_desc.bEndpointAddress = fs_ncm_in_desc.bEndpointAddress; 1538 hs_ncm_out_desc.bEndpointAddress = fs_ncm_out_desc.bEndpointAddress; 1539 hs_ncm_notify_desc.bEndpointAddress = 1540 fs_ncm_notify_desc.bEndpointAddress; 1541 1542 ss_ncm_in_desc.bEndpointAddress = fs_ncm_in_desc.bEndpointAddress; 1543 ss_ncm_out_desc.bEndpointAddress = fs_ncm_out_desc.bEndpointAddress; 1544 ss_ncm_notify_desc.bEndpointAddress = 1545 fs_ncm_notify_desc.bEndpointAddress; 1546 1547 status = usb_assign_descriptors(f, ncm_fs_function, ncm_hs_function, 1548 ncm_ss_function, ncm_ss_function); 1549 if (status) 1550 goto fail; 1551 1552 /* 1553 * NOTE: all that is done without knowing or caring about 1554 * the network link ... which is unavailable to this code 1555 * until we're activated via set_alt(). 1556 */ 1557 1558 ncm->port.open = ncm_open; 1559 ncm->port.close = ncm_close; 1560 1561 hrtimer_init(&ncm->task_timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL_SOFT); 1562 ncm->task_timer.function = ncm_tx_timeout; 1563 1564 DBG(cdev, "CDC Network: IN/%s OUT/%s NOTIFY/%s\n", 1565 ncm->port.in_ep->name, ncm->port.out_ep->name, 1566 ncm->notify->name); 1567 return 0; 1568 1569fail: 1570 kfree(f->os_desc_table); 1571 f->os_desc_n = 0; 1572 1573 if (ncm->notify_req) { 1574 kfree(ncm->notify_req->buf); 1575 usb_ep_free_request(ncm->notify, ncm->notify_req); 1576 } 1577 1578 ERROR(cdev, "%s: can't bind, err %d\n", f->name, status); 1579 1580 return status; 1581} 1582 1583static inline struct f_ncm_opts *to_f_ncm_opts(struct config_item *item) 1584{ 1585 return container_of(to_config_group(item), struct f_ncm_opts, 1586 func_inst.group); 1587} 1588 1589/* f_ncm_item_ops */ 1590USB_ETHERNET_CONFIGFS_ITEM(ncm); 1591 1592/* f_ncm_opts_dev_addr */ 1593USB_ETHERNET_CONFIGFS_ITEM_ATTR_DEV_ADDR(ncm); 1594 1595/* f_ncm_opts_host_addr */ 1596USB_ETHERNET_CONFIGFS_ITEM_ATTR_HOST_ADDR(ncm); 1597 1598/* f_ncm_opts_qmult */ 1599USB_ETHERNET_CONFIGFS_ITEM_ATTR_QMULT(ncm); 1600 1601/* f_ncm_opts_ifname */ 1602USB_ETHERNET_CONFIGFS_ITEM_ATTR_IFNAME(ncm); 1603 1604static ssize_t ncm_opts_max_segment_size_show(struct config_item *item, 1605 char *page) 1606{ 1607 struct f_ncm_opts *opts = to_f_ncm_opts(item); 1608 u16 segment_size; 1609 1610 mutex_lock(&opts->lock); 1611 segment_size = opts->max_segment_size; 1612 mutex_unlock(&opts->lock); 1613 1614 return sysfs_emit(page, "%u\n", segment_size); 1615} 1616 1617static ssize_t ncm_opts_max_segment_size_store(struct config_item *item, 1618 const char *page, size_t len) 1619{ 1620 struct f_ncm_opts *opts = to_f_ncm_opts(item); 1621 u16 segment_size; 1622 int ret; 1623 1624 mutex_lock(&opts->lock); 1625 if (opts->refcnt) { 1626 ret = -EBUSY; 1627 goto out; 1628 } 1629 1630 ret = kstrtou16(page, 0, &segment_size); 1631 if (ret) 1632 goto out; 1633 1634 if (segment_size > MAX_DATAGRAM_SIZE) { 1635 ret = -EINVAL; 1636 goto out; 1637 } 1638 1639 opts->max_segment_size = segment_size; 1640 ret = len; 1641out: 1642 mutex_unlock(&opts->lock); 1643 return ret; 1644} 1645 1646CONFIGFS_ATTR(ncm_opts_, max_segment_size); 1647 1648static struct configfs_attribute *ncm_attrs[] = { 1649 &ncm_opts_attr_dev_addr, 1650 &ncm_opts_attr_host_addr, 1651 &ncm_opts_attr_qmult, 1652 &ncm_opts_attr_ifname, 1653 &ncm_opts_attr_max_segment_size, 1654 NULL, 1655}; 1656 1657static const struct config_item_type ncm_func_type = { 1658 .ct_item_ops = &ncm_item_ops, 1659 .ct_attrs = ncm_attrs, 1660 .ct_owner = THIS_MODULE, 1661}; 1662 1663static void ncm_free_inst(struct usb_function_instance *f) 1664{ 1665 struct f_ncm_opts *opts; 1666 1667 opts = container_of(f, struct f_ncm_opts, func_inst); 1668 if (opts->bound) 1669 gether_cleanup(netdev_priv(opts->net)); 1670 else 1671 free_netdev(opts->net); 1672 kfree(opts->ncm_interf_group); 1673 kfree(opts); 1674} 1675 1676static struct usb_function_instance *ncm_alloc_inst(void) 1677{ 1678 struct f_ncm_opts *opts; 1679 struct usb_os_desc *descs[1]; 1680 char *names[1]; 1681 struct config_group *ncm_interf_group; 1682 1683 opts = kzalloc(sizeof(*opts), GFP_KERNEL); 1684 if (!opts) 1685 return ERR_PTR(-ENOMEM); 1686 opts->ncm_os_desc.ext_compat_id = opts->ncm_ext_compat_id; 1687 1688 mutex_init(&opts->lock); 1689 opts->func_inst.free_func_inst = ncm_free_inst; 1690 opts->net = gether_setup_default(); 1691 if (IS_ERR(opts->net)) { 1692 struct net_device *net = opts->net; 1693 kfree(opts); 1694 return ERR_CAST(net); 1695 } 1696 opts->max_segment_size = ETH_FRAME_LEN; 1697 INIT_LIST_HEAD(&opts->ncm_os_desc.ext_prop); 1698 1699 descs[0] = &opts->ncm_os_desc; 1700 names[0] = "ncm"; 1701 1702 config_group_init_type_name(&opts->func_inst.group, "", &ncm_func_type); 1703 ncm_interf_group = 1704 usb_os_desc_prepare_interf_dir(&opts->func_inst.group, 1, descs, 1705 names, THIS_MODULE); 1706 if (IS_ERR(ncm_interf_group)) { 1707 ncm_free_inst(&opts->func_inst); 1708 return ERR_CAST(ncm_interf_group); 1709 } 1710 opts->ncm_interf_group = ncm_interf_group; 1711 1712 return &opts->func_inst; 1713} 1714 1715static void ncm_free(struct usb_function *f) 1716{ 1717 struct f_ncm *ncm; 1718 struct f_ncm_opts *opts; 1719 1720 ncm = func_to_ncm(f); 1721 opts = container_of(f->fi, struct f_ncm_opts, func_inst); 1722 kfree(ncm); 1723 mutex_lock(&opts->lock); 1724 opts->refcnt--; 1725 mutex_unlock(&opts->lock); 1726} 1727 1728static void ncm_unbind(struct usb_configuration *c, struct usb_function *f) 1729{ 1730 struct f_ncm *ncm = func_to_ncm(f); 1731 1732 DBG(c->cdev, "ncm unbind\n"); 1733 1734 hrtimer_cancel(&ncm->task_timer); 1735 1736 kfree(f->os_desc_table); 1737 f->os_desc_n = 0; 1738 1739 ncm_string_defs[0].id = 0; 1740 usb_free_all_descriptors(f); 1741 1742 if (atomic_read(&ncm->notify_count)) { 1743 usb_ep_dequeue(ncm->notify, ncm->notify_req); 1744 atomic_set(&ncm->notify_count, 0); 1745 } 1746 1747 kfree(ncm->notify_req->buf); 1748 usb_ep_free_request(ncm->notify, ncm->notify_req); 1749} 1750 1751static struct usb_function *ncm_alloc(struct usb_function_instance *fi) 1752{ 1753 struct f_ncm *ncm; 1754 struct f_ncm_opts *opts; 1755 int status; 1756 1757 /* allocate and initialize one new instance */ 1758 ncm = kzalloc(sizeof(*ncm), GFP_KERNEL); 1759 if (!ncm) 1760 return ERR_PTR(-ENOMEM); 1761 1762 opts = container_of(fi, struct f_ncm_opts, func_inst); 1763 mutex_lock(&opts->lock); 1764 opts->refcnt++; 1765 1766 /* export host's Ethernet address in CDC format */ 1767 status = gether_get_host_addr_cdc(opts->net, ncm->ethaddr, 1768 sizeof(ncm->ethaddr)); 1769 if (status < 12) { /* strlen("01234567890a") */ 1770 kfree(ncm); 1771 mutex_unlock(&opts->lock); 1772 return ERR_PTR(-EINVAL); 1773 } 1774 ncm_string_defs[STRING_MAC_IDX].s = ncm->ethaddr; 1775 1776 spin_lock_init(&ncm->lock); 1777 ncm_reset_values(ncm); 1778 ncm->port.ioport = netdev_priv(opts->net); 1779 mutex_unlock(&opts->lock); 1780 ncm->port.is_fixed = true; 1781 ncm->port.supports_multi_frame = true; 1782 1783 ncm->port.func.name = "cdc_network"; 1784 /* descriptors are per-instance copies */ 1785 ncm->port.func.bind = ncm_bind; 1786 ncm->port.func.unbind = ncm_unbind; 1787 ncm->port.func.set_alt = ncm_set_alt; 1788 ncm->port.func.get_alt = ncm_get_alt; 1789 ncm->port.func.setup = ncm_setup; 1790 ncm->port.func.disable = ncm_disable; 1791 ncm->port.func.free_func = ncm_free; 1792 1793 ncm->port.wrap = ncm_wrap_ntb; 1794 ncm->port.unwrap = ncm_unwrap_ntb; 1795 1796 return &ncm->port.func; 1797} 1798 1799DECLARE_USB_FUNCTION_INIT(ncm, ncm_alloc_inst, ncm_alloc); 1800MODULE_LICENSE("GPL"); 1801MODULE_AUTHOR("Yauheni Kaliuta"); 1802