Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / d6d690a02efba98cfeb753038fa8053c50787f08 / . / drivers / usb / gadget / f_qc_rndis.c
blob: f86bf122225e2a8ee8b6cb30c6cf812c847fb23f [file] [log] [blame]
Ofir Cohenaef90b72012-07-31 12:37:04 +0200[diff] [blame]1/*
2 * f_qc_rndis.c -- RNDIS link function driver
3 *
4 * Copyright (C) 2003-2005,2008 David Brownell
5 * Copyright (C) 2003-2004 Robert Schwebel, Benedikt Spranger
6 * Copyright (C) 2008 Nokia Corporation
7 * Copyright (C) 2009 Samsung Electronics
8 * Author: Michal Nazarewicz (mina86@mina86.com)
9 * Copyright (c) 2012, Code Aurora Forum. All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 */
23
24/* #define VERBOSE_DEBUG */
25
26#include <linux/slab.h>
27#include <linux/kernel.h>
28#include <linux/device.h>
29#include <linux/etherdevice.h>
30
31#include <linux/atomic.h>
32
33#include "u_ether.h"
34#include "u_qc_ether.h"
35#include "rndis.h"
36
37
38/*
39 * This function is an RNDIS Ethernet port -- a Microsoft protocol that's
40 * been promoted instead of the standard CDC Ethernet. The published RNDIS
41 * spec is ambiguous, incomplete, and needlessly complex. Variants such as
42 * ActiveSync have even worse status in terms of specification.
43 *
44 * In short: it's a protocol controlled by (and for) Microsoft, not for an
45 * Open ecosystem or markets. Linux supports it *only* because Microsoft
46 * doesn't support the CDC Ethernet standard.
47 *
48 * The RNDIS data transfer model is complex, with multiple Ethernet packets
49 * per USB message, and out of band data. The control model is built around
50 * what's essentially an "RNDIS RPC" protocol. It's all wrapped in a CDC ACM
51 * (modem, not Ethernet) veneer, with those ACM descriptors being entirely
52 * useless (they're ignored). RNDIS expects to be the only function in its
53 * configuration, so it's no real help if you need composite devices; and
54 * it expects to be the first configuration too.
55 *
56 * There is a single technical advantage of RNDIS over CDC Ethernet, if you
57 * discount the fluff that its RPC can be made to deliver: it doesn't need
58 * a NOP altsetting for the data interface. That lets it work on some of the
59 * "so smart it's stupid" hardware which takes over configuration changes
60 * from the software, and adds restrictions like "no altsettings".
61 *
62 * Unfortunately MSFT's RNDIS drivers are buggy. They hang or oops, and
63 * have all sorts of contrary-to-specification oddities that can prevent
64 * them from working sanely. Since bugfixes (or accurate specs, letting
65 * Linux work around those bugs) are unlikely to ever come from MSFT, you
66 * may want to avoid using RNDIS on purely operational grounds.
67 *
68 * Omissions from the RNDIS 1.0 specification include:
69 *
70 * - Power management ... references data that's scattered around lots
71 * of other documentation, which is incorrect/incomplete there too.
72 *
73 * - There are various undocumented protocol requirements, like the need
74 * to send garbage in some control-OUT messages.
75 *
76 * - MS-Windows drivers sometimes emit undocumented requests.
77 *
78 * This function is based on RNDIS link function driver and
79 * contains MSM specific implementation.
80 */
81
82struct f_rndis_qc {
83 struct qc_gether port;
84 u8 ctrl_id, data_id;
85 u8 ethaddr[ETH_ALEN];
86 u32 vendorID;
87 u8 max_pkt_per_xfer;
88 const char *manufacturer;
89 int config;
90 atomic_t ioctl_excl;
91 atomic_t open_excl;
92
93 struct usb_ep *notify;
94 struct usb_request *notify_req;
95 atomic_t notify_count;
96};
97
98static inline struct f_rndis_qc *func_to_rndis_qc(struct usb_function *f)
99{
100 return container_of(f, struct f_rndis_qc, port.func);
101}
102
103/* peak (theoretical) bulk transfer rate in bits-per-second */
104static unsigned int rndis_qc_bitrate(struct usb_gadget *g)
105{
106 if (gadget_is_superspeed(g) && g->speed == USB_SPEED_SUPER)
107 return 13 * 1024 * 8 * 1000 * 8;
108 else if (gadget_is_dualspeed(g) && g->speed == USB_SPEED_HIGH)
109 return 13 * 512 * 8 * 1000 * 8;
110 else
111 return 19 * 64 * 1 * 1000 * 8;
112}
113
114/*-------------------------------------------------------------------------*/
115
116#define RNDIS_QC_LOG2_STATUS_INTERVAL_MSEC 5 /* 1 << 5 == 32 msec */
117#define RNDIS_QC_STATUS_BYTECOUNT 8 /* 8 bytes data */
118
119/* currently only one rndis instance is supported */
120#define RNDIS_QC_NO_PORTS 1
121
122/* default max packets per tarnsfer value */
123#define DEFAULT_MAX_PKT_PER_XFER 15
124
125
126#define RNDIS_QC_IOCTL_MAGIC 'i'
127#define RNDIS_QC_GET_MAX_PKT_PER_XFER _IOR(RNDIS_QC_IOCTL_MAGIC, 1, u8)
128
129
130/* interface descriptor: */
131
132static struct usb_interface_descriptor rndis_qc_control_intf = {
133 .bLength = sizeof rndis_qc_control_intf,
134 .bDescriptorType = USB_DT_INTERFACE,
135
136 /* .bInterfaceNumber = DYNAMIC */
137 /* status endpoint is optional; this could be patched later */
138 .bNumEndpoints = 1,
139 .bInterfaceClass = USB_CLASS_COMM,
140 .bInterfaceSubClass = USB_CDC_SUBCLASS_ACM,
141 .bInterfaceProtocol = USB_CDC_ACM_PROTO_VENDOR,
142 /* .iInterface = DYNAMIC */
143};
144
145static struct usb_cdc_header_desc rndis_qc_header_desc = {
146 .bLength = sizeof rndis_qc_header_desc,
147 .bDescriptorType = USB_DT_CS_INTERFACE,
148 .bDescriptorSubType = USB_CDC_HEADER_TYPE,
149
150 .bcdCDC = cpu_to_le16(0x0110),
151};
152
153static struct usb_cdc_call_mgmt_descriptor rndis_qc_call_mgmt_descriptor = {
154 .bLength = sizeof rndis_qc_call_mgmt_descriptor,
155 .bDescriptorType = USB_DT_CS_INTERFACE,
156 .bDescriptorSubType = USB_CDC_CALL_MANAGEMENT_TYPE,
157
158 .bmCapabilities = 0x00,
159 .bDataInterface = 0x01,
160};
161
162static struct usb_cdc_acm_descriptor rndis_qc_acm_descriptor = {
163 .bLength = sizeof rndis_qc_acm_descriptor,
164 .bDescriptorType = USB_DT_CS_INTERFACE,
165 .bDescriptorSubType = USB_CDC_ACM_TYPE,
166
167 .bmCapabilities = 0x00,
168};
169
170static struct usb_cdc_union_desc rndis_qc_union_desc = {
171 .bLength = sizeof(rndis_qc_union_desc),
172 .bDescriptorType = USB_DT_CS_INTERFACE,
173 .bDescriptorSubType = USB_CDC_UNION_TYPE,
174 /* .bMasterInterface0 = DYNAMIC */
175 /* .bSlaveInterface0 = DYNAMIC */
176};
177
178/* the data interface has two bulk endpoints */
179
180static struct usb_interface_descriptor rndis_qc_data_intf = {
181 .bLength = sizeof rndis_qc_data_intf,
182 .bDescriptorType = USB_DT_INTERFACE,
183
184 /* .bInterfaceNumber = DYNAMIC */
185 .bNumEndpoints = 2,
186 .bInterfaceClass = USB_CLASS_CDC_DATA,
187 .bInterfaceSubClass = 0,
188 .bInterfaceProtocol = 0,
189 /* .iInterface = DYNAMIC */
190};
191
192
193static struct usb_interface_assoc_descriptor
194rndis_qc_iad_descriptor = {
195 .bLength = sizeof rndis_qc_iad_descriptor,
196 .bDescriptorType = USB_DT_INTERFACE_ASSOCIATION,
197 .bFirstInterface = 0, /* XXX, hardcoded */
198 .bInterfaceCount = 2, /* control + data */
199 .bFunctionClass = USB_CLASS_COMM,
200 .bFunctionSubClass = USB_CDC_SUBCLASS_ETHERNET,
201 .bFunctionProtocol = USB_CDC_PROTO_NONE,
202 /* .iFunction = DYNAMIC */
203};
204
205/* full speed support: */
206
207static struct usb_endpoint_descriptor rndis_qc_fs_notify_desc = {
208 .bLength = USB_DT_ENDPOINT_SIZE,
209 .bDescriptorType = USB_DT_ENDPOINT,
210
211 .bEndpointAddress = USB_DIR_IN,
212 .bmAttributes = USB_ENDPOINT_XFER_INT,
213 .wMaxPacketSize = cpu_to_le16(RNDIS_QC_STATUS_BYTECOUNT),
214 .bInterval = 1 << RNDIS_QC_LOG2_STATUS_INTERVAL_MSEC,
215};
216
217static struct usb_endpoint_descriptor rndis_qc_fs_in_desc = {
218 .bLength = USB_DT_ENDPOINT_SIZE,
219 .bDescriptorType = USB_DT_ENDPOINT,
220
221 .bEndpointAddress = USB_DIR_IN,
222 .bmAttributes = USB_ENDPOINT_XFER_BULK,
223};
224
225static struct usb_endpoint_descriptor rndis_qc_fs_out_desc = {
226 .bLength = USB_DT_ENDPOINT_SIZE,
227 .bDescriptorType = USB_DT_ENDPOINT,
228
229 .bEndpointAddress = USB_DIR_OUT,
230 .bmAttributes = USB_ENDPOINT_XFER_BULK,
231};
232
233static struct usb_descriptor_header *eth_qc_fs_function[] = {
234 (struct usb_descriptor_header *) &rndis_qc_iad_descriptor,
235 /* control interface matches ACM, not Ethernet */
236 (struct usb_descriptor_header *) &rndis_qc_control_intf,
237 (struct usb_descriptor_header *) &rndis_qc_header_desc,
238 (struct usb_descriptor_header *) &rndis_qc_call_mgmt_descriptor,
239 (struct usb_descriptor_header *) &rndis_qc_acm_descriptor,
240 (struct usb_descriptor_header *) &rndis_qc_union_desc,
241 (struct usb_descriptor_header *) &rndis_qc_fs_notify_desc,
242 /* data interface has no altsetting */
243 (struct usb_descriptor_header *) &rndis_qc_data_intf,
244 (struct usb_descriptor_header *) &rndis_qc_fs_in_desc,
245 (struct usb_descriptor_header *) &rndis_qc_fs_out_desc,
246 NULL,
247};
248
249/* high speed support: */
250
251static struct usb_endpoint_descriptor rndis_qc_hs_notify_desc = {
252 .bLength = USB_DT_ENDPOINT_SIZE,
253 .bDescriptorType = USB_DT_ENDPOINT,
254
255 .bEndpointAddress = USB_DIR_IN,
256 .bmAttributes = USB_ENDPOINT_XFER_INT,
257 .wMaxPacketSize = cpu_to_le16(RNDIS_QC_STATUS_BYTECOUNT),
258 .bInterval = RNDIS_QC_LOG2_STATUS_INTERVAL_MSEC + 4,
259};
260static struct usb_endpoint_descriptor rndis_qc_hs_in_desc = {
261 .bLength = USB_DT_ENDPOINT_SIZE,
262 .bDescriptorType = USB_DT_ENDPOINT,
263
264 .bEndpointAddress = USB_DIR_IN,
265 .bmAttributes = USB_ENDPOINT_XFER_BULK,
266 .wMaxPacketSize = cpu_to_le16(512),
267};
268
269static struct usb_endpoint_descriptor rndis_qc_hs_out_desc = {
270 .bLength = USB_DT_ENDPOINT_SIZE,
271 .bDescriptorType = USB_DT_ENDPOINT,
272
273 .bEndpointAddress = USB_DIR_OUT,
274 .bmAttributes = USB_ENDPOINT_XFER_BULK,
275 .wMaxPacketSize = cpu_to_le16(512),
276};
277
278static struct usb_descriptor_header *eth_qc_hs_function[] = {
279 (struct usb_descriptor_header *) &rndis_qc_iad_descriptor,
280 /* control interface matches ACM, not Ethernet */
281 (struct usb_descriptor_header *) &rndis_qc_control_intf,
282 (struct usb_descriptor_header *) &rndis_qc_header_desc,
283 (struct usb_descriptor_header *) &rndis_qc_call_mgmt_descriptor,
284 (struct usb_descriptor_header *) &rndis_qc_acm_descriptor,
285 (struct usb_descriptor_header *) &rndis_qc_union_desc,
286 (struct usb_descriptor_header *) &rndis_qc_hs_notify_desc,
287 /* data interface has no altsetting */
288 (struct usb_descriptor_header *) &rndis_qc_data_intf,
289 (struct usb_descriptor_header *) &rndis_qc_hs_in_desc,
290 (struct usb_descriptor_header *) &rndis_qc_hs_out_desc,
291 NULL,
292};
293
294/* super speed support: */
295
296static struct usb_endpoint_descriptor rndis_qc_ss_notify_desc = {
297 .bLength = USB_DT_ENDPOINT_SIZE,
298 .bDescriptorType = USB_DT_ENDPOINT,
299
300 .bEndpointAddress = USB_DIR_IN,
301 .bmAttributes = USB_ENDPOINT_XFER_INT,
302 .wMaxPacketSize = cpu_to_le16(STATUS_BYTECOUNT),
303 .bInterval = LOG2_STATUS_INTERVAL_MSEC + 4,
304};
305
306static struct usb_ss_ep_comp_descriptor rndis_qc_ss_intr_comp_desc = {
307 .bLength = sizeof ss_intr_comp_desc,
308 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
309
310 /* the following 3 values can be tweaked if necessary */
311 /* .bMaxBurst = 0, */
312 /* .bmAttributes = 0, */
313 .wBytesPerInterval = cpu_to_le16(STATUS_BYTECOUNT),
314};
315
316static struct usb_endpoint_descriptor rndis_qc_ss_in_desc = {
317 .bLength = USB_DT_ENDPOINT_SIZE,
318 .bDescriptorType = USB_DT_ENDPOINT,
319
320 .bEndpointAddress = USB_DIR_IN,
321 .bmAttributes = USB_ENDPOINT_XFER_BULK,
322 .wMaxPacketSize = cpu_to_le16(1024),
323};
324
325static struct usb_endpoint_descriptor rndis_qc_ss_out_desc = {
326 .bLength = USB_DT_ENDPOINT_SIZE,
327 .bDescriptorType = USB_DT_ENDPOINT,
328
329 .bEndpointAddress = USB_DIR_OUT,
330 .bmAttributes = USB_ENDPOINT_XFER_BULK,
331 .wMaxPacketSize = cpu_to_le16(1024),
332};
333
334static struct usb_ss_ep_comp_descriptor rndis_qc_ss_bulk_comp_desc = {
335 .bLength = sizeof ss_bulk_comp_desc,
336 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
337
338 /* the following 2 values can be tweaked if necessary */
339 /* .bMaxBurst = 0, */
340 /* .bmAttributes = 0, */
341};
342
343static struct usb_descriptor_header *eth_qc_ss_function[] = {
344 (struct usb_descriptor_header *) &rndis_iad_descriptor,
345
346 /* control interface matches ACM, not Ethernet */
347 (struct usb_descriptor_header *) &rndis_qc_control_intf,
348 (struct usb_descriptor_header *) &rndis_qc_header_desc,
349 (struct usb_descriptor_header *) &rndis_qc_call_mgmt_descriptor,
350 (struct usb_descriptor_header *) &rndis_qc_acm_descriptor,
351 (struct usb_descriptor_header *) &rndis_qc_union_desc,
352 (struct usb_descriptor_header *) &rndis_qc_ss_notify_desc,
353 (struct usb_descriptor_header *) &rndis_qc_ss_intr_comp_desc,
354
355 /* data interface has no altsetting */
356 (struct usb_descriptor_header *) &rndis_qc_data_intf,
357 (struct usb_descriptor_header *) &rndis_qc_ss_in_desc,
358 (struct usb_descriptor_header *) &rndis_qc_ss_bulk_comp_desc,
359 (struct usb_descriptor_header *) &rndis_qc_ss_out_desc,
360 (struct usb_descriptor_header *) &rndis_qc_ss_bulk_comp_desc,
361 NULL,
362};
363
364/* string descriptors: */
365
366static struct usb_string rndis_qc_string_defs[] = {
367 [0].s = "RNDIS Communications Control",
368 [1].s = "RNDIS Ethernet Data",
369 [2].s = "RNDIS",
370 { } /* end of list */
371};
372
373static struct usb_gadget_strings rndis_qc_string_table = {
374 .language = 0x0409, /* en-us */
375 .strings = rndis_qc_string_defs,
376};
377
378static struct usb_gadget_strings *rndis_qc_strings[] = {
379 &rndis_qc_string_table,
380 NULL,
381};
382
383struct f_rndis_qc *_rndis_qc;
384
385static inline int rndis_qc_lock(atomic_t *excl)
386{
387 if (atomic_inc_return(excl) == 1) {
388 return 0;
389 } else {
390 atomic_dec(excl);
391 return -EBUSY;
392 }
393}
394
395static inline void rndis_qc_unlock(atomic_t *excl)
396{
397 atomic_dec(excl);
398}
399
400/* MSM bam support */
401static struct data_port rndis_qc_bam_port;
402
403static int rndis_qc_bam_setup(void)
404{
405 int ret;
406
407 ret = bam_data_setup(RNDIS_QC_NO_PORTS);
408 if (ret) {
409 pr_err("bam_data_setup failed err: %d\n", ret);
410 return ret;
411 }
412
413 return 0;
414}
415
416static int rndis_qc_bam_connect(struct f_rndis_qc *dev)
417{
418 int ret;
419
Anna Perel557bf722012-09-20 11:16:35 +0300[diff] [blame]420 rndis_qc_bam_port.cdev = dev->port.func.config->cdev;
Ofir Cohenaef90b72012-07-31 12:37:04 +0200[diff] [blame]421 rndis_qc_bam_port.in = dev->port.in_ep;
422 rndis_qc_bam_port.out = dev->port.out_ep;
423
424 /* currently we use the first connection */
425 ret = bam_data_connect(&rndis_qc_bam_port, 0, 0);
426 if (ret) {
427 pr_err("bam_data_connect failed: err:%d\n",
428 ret);
429 return ret;
430 } else {
431 pr_info("rndis bam connected\n");
432 }
433
434 return 0;
435}
436
437static int rndis_qc_bam_disconnect(struct f_rndis_qc *dev)
438{
439 pr_info("dev:%p. %s Do nothing.\n",
440 dev, __func__);
441
442 return 0;
443}
444
445/*-------------------------------------------------------------------------*/
446
447static struct sk_buff *rndis_qc_add_header(struct qc_gether *port,
448 struct sk_buff *skb)
449{
450 struct sk_buff *skb2;
451
452 skb2 = skb_realloc_headroom(skb, sizeof(struct rndis_packet_msg_type));
453 if (skb2)
454 rndis_add_hdr(skb2);
455
456 dev_kfree_skb_any(skb);
457 return skb2;
458}
459
460int rndis_qc_rm_hdr(struct qc_gether *port,
461 struct sk_buff *skb,
462 struct sk_buff_head *list)
463{
464 /* tmp points to a struct rndis_packet_msg_type */
465 __le32 *tmp = (void *)skb->data;
466
467 /* MessageType, MessageLength */
468 if (cpu_to_le32(REMOTE_NDIS_PACKET_MSG)
469 != get_unaligned(tmp++)) {
470 dev_kfree_skb_any(skb);
471 return -EINVAL;
472 }
473 tmp++;
474
475 /* DataOffset, DataLength */
476 if (!skb_pull(skb, get_unaligned_le32(tmp++) + 8)) {
477 dev_kfree_skb_any(skb);
478 return -EOVERFLOW;
479 }
480 skb_trim(skb, get_unaligned_le32(tmp++));
481
482 skb_queue_tail(list, skb);
483 return 0;
484}
485
486
487static void rndis_qc_response_available(void *_rndis)
488{
489 struct f_rndis_qc *rndis = _rndis;
490 struct usb_request *req = rndis->notify_req;
491 __le32 *data = req->buf;
492 int status;
493
494 if (atomic_inc_return(&rndis->notify_count) != 1)
495 return;
496
497 /* Send RNDIS RESPONSE_AVAILABLE notification; a
498 * USB_CDC_NOTIFY_RESPONSE_AVAILABLE "should" work too
499 *
500 * This is the only notification defined by RNDIS.
501 */
502 data[0] = cpu_to_le32(1);
503 data[1] = cpu_to_le32(0);
504
505 status = usb_ep_queue(rndis->notify, req, GFP_ATOMIC);
506 if (status) {
507 atomic_dec(&rndis->notify_count);
508 pr_info("notify/0 --> %d\n", status);
509 }
510}
511
512static void rndis_qc_response_complete(struct usb_ep *ep,
513 struct usb_request *req)
514{
Jack Pham0ad82e62012-09-27 17:31:08 -0700[diff] [blame]515 struct f_rndis_qc *rndis = req->context;
Ofir Cohenaef90b72012-07-31 12:37:04 +0200[diff] [blame]516 int status = req->status;
Jack Pham0ad82e62012-09-27 17:31:08 -0700[diff] [blame]517 struct usb_composite_dev *cdev = rndis->port.func.config->cdev;
Ofir Cohenaef90b72012-07-31 12:37:04 +0200[diff] [blame]518
519 /* after TX:
520 * - USB_CDC_GET_ENCAPSULATED_RESPONSE (ep0/control)
521 * - RNDIS_RESPONSE_AVAILABLE (status/irq)
522 */
523 switch (status) {
524 case -ECONNRESET:
525 case -ESHUTDOWN:
526 /* connection gone */
527 atomic_set(&rndis->notify_count, 0);
528 break;
529 default:
530 pr_info("RNDIS %s response error %d, %d/%d\n",
531 ep->name, status,
532 req->actual, req->length);
533 /* FALLTHROUGH */
534 case 0:
535 if (ep != rndis->notify)
536 break;
537
538 /* handle multiple pending RNDIS_RESPONSE_AVAILABLE
539 * notifications by resending until we're done
540 */
541 if (atomic_dec_and_test(&rndis->notify_count))
542 break;
543 status = usb_ep_queue(rndis->notify, req, GFP_ATOMIC);
544 if (status) {
545 atomic_dec(&rndis->notify_count);
546 DBG(cdev, "notify/1 --> %d\n", status);
547 }
548 break;
549 }
550}
551
552static void rndis_qc_command_complete(struct usb_ep *ep,
553 struct usb_request *req)
554{
555 struct f_rndis_qc *rndis = req->context;
556 int status;
557
558 /* received RNDIS command from USB_CDC_SEND_ENCAPSULATED_COMMAND */
559 status = rndis_msg_parser(rndis->config, (u8 *) req->buf);
560 if (status < 0)
561 pr_err("RNDIS command error %d, %d/%d\n",
562 status, req->actual, req->length);
563}
564
565static int
566rndis_qc_setup(struct usb_function *f, const struct usb_ctrlrequest *ctrl)
567{
568 struct f_rndis_qc *rndis = func_to_rndis_qc(f);
569 struct usb_composite_dev *cdev = f->config->cdev;
570 struct usb_request *req = cdev->req;
571 int value = -EOPNOTSUPP;
572 u16 w_index = le16_to_cpu(ctrl->wIndex);
573 u16 w_value = le16_to_cpu(ctrl->wValue);
574 u16 w_length = le16_to_cpu(ctrl->wLength);
575
576 /* composite driver infrastructure handles everything except
577 * CDC class messages; interface activation uses set_alt().
578 */
579 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) {
580
581 /* RNDIS uses the CDC command encapsulation mechanism to implement
582 * an RPC scheme, with much getting/setting of attributes by OID.
583 */
584 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8)
585 | USB_CDC_SEND_ENCAPSULATED_COMMAND:
586 if (w_value || w_index != rndis->ctrl_id)
587 goto invalid;
588 /* read the request; process it later */
589 value = w_length;
590 req->complete = rndis_qc_command_complete;
591 req->context = rndis;
592 /* later, rndis_response_available() sends a notification */
593 break;
594
595 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8)
596 | USB_CDC_GET_ENCAPSULATED_RESPONSE:
597 if (w_value || w_index != rndis->ctrl_id)
598 goto invalid;
599 else {
600 u8 *buf;
601 u32 n;
602
603 /* return the result */
604 buf = rndis_get_next_response(rndis->config, &n);
605 if (buf) {
606 memcpy(req->buf, buf, n);
607 req->complete = rndis_qc_response_complete;
608 rndis_free_response(rndis->config, buf);
609 value = n;
610 }
611 /* else stalls ... spec says to avoid that */
612 }
613 break;
614
615 default:
616invalid:
617 VDBG(cdev, "invalid control req%02x.%02x v%04x i%04x l%d\n",
618 ctrl->bRequestType, ctrl->bRequest,
619 w_value, w_index, w_length);
620 }
621
622 /* respond with data transfer or status phase? */
623 if (value >= 0) {
624 DBG(cdev, "rndis req%02x.%02x v%04x i%04x l%d\n",
625 ctrl->bRequestType, ctrl->bRequest,
626 w_value, w_index, w_length);
627 req->zero = (value < w_length);
628 req->length = value;
629 value = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC);
630 if (value < 0)
631 pr_err("rndis response on err %d\n", value);
632 }
633
634 /* device either stalls (value < 0) or reports success */
635 return value;
636}
637
638
639static int rndis_qc_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
640{
641 struct f_rndis_qc *rndis = func_to_rndis_qc(f);
642 struct usb_composite_dev *cdev = f->config->cdev;
643
644 /* we know alt == 0 */
645
646 if (intf == rndis->ctrl_id) {
647 if (rndis->notify->driver_data) {
648 VDBG(cdev, "reset rndis control %d\n", intf);
649 usb_ep_disable(rndis->notify);
650 }
651 if (!rndis->notify->desc) {
652 VDBG(cdev, "init rndis ctrl %d\n", intf);
653 if (config_ep_by_speed(cdev->gadget, f, rndis->notify))
654 goto fail;
655 }
656 usb_ep_enable(rndis->notify);
657 rndis->notify->driver_data = rndis;
658
659 } else if (intf == rndis->data_id) {
660 struct net_device *net;
661
662 if (rndis->port.in_ep->driver_data) {
663 DBG(cdev, "reset rndis\n");
Amit Blayd6d690a2012-10-16 13:37:42 +0200[diff] [blame^]664 gether_qc_disconnect_name(&rndis->port, "rndis0");
Ofir Cohenaef90b72012-07-31 12:37:04 +0200[diff] [blame]665 rndis_qc_bam_disconnect(rndis);
666 }
667
668 if (!rndis->port.in_ep->desc || !rndis->port.out_ep->desc) {
669 DBG(cdev, "init rndis\n");
670 if (config_ep_by_speed(cdev->gadget, f,
671 rndis->port.in_ep) ||
672 config_ep_by_speed(cdev->gadget, f,
673 rndis->port.out_ep)) {
674 rndis->port.in_ep->desc = NULL;
675 rndis->port.out_ep->desc = NULL;
676 goto fail;
677 }
678 }
679
680 /* Avoid ZLPs; they can be troublesome. */
681 rndis->port.is_zlp_ok = false;
682
683 /* RNDIS should be in the "RNDIS uninitialized" state,
684 * either never activated or after rndis_uninit().
685 *
686 * We don't want data to flow here until a nonzero packet
687 * filter is set, at which point it enters "RNDIS data
688 * initialized" state ... but we do want the endpoints
689 * to be activated. It's a strange little state.
690 *
691 * REVISIT the RNDIS gadget code has done this wrong for a
692 * very long time. We need another call to the link layer
693 * code -- gether_updown(...bool) maybe -- to do it right.
694 */
695 rndis->port.cdc_filter = 0;
696
697 DBG(cdev, "RNDIS RX/TX early activation ...\n");
Amit Blayd6d690a2012-10-16 13:37:42 +0200[diff] [blame^]698 net = gether_qc_connect_name(&rndis->port, "rndis0");
Ofir Cohenaef90b72012-07-31 12:37:04 +0200[diff] [blame]699 if (IS_ERR(net))
700 return PTR_ERR(net);
701
702 if (rndis_qc_bam_connect(rndis))
703 goto fail;
704
705 rndis_set_param_dev(rndis->config, net,
706 &rndis->port.cdc_filter);
707 } else
708 goto fail;
709
710 return 0;
711fail:
712 return -EINVAL;
713}
714
715static void rndis_qc_disable(struct usb_function *f)
716{
717 struct f_rndis_qc *rndis = func_to_rndis_qc(f);
718
719 if (!rndis->notify->driver_data)
720 return;
721
722 pr_info("rndis deactivated\n");
723
724 rndis_uninit(rndis->config);
Amit Blayd6d690a2012-10-16 13:37:42 +0200[diff] [blame^]725 gether_qc_disconnect_name(&rndis->port, "rndis0");
Ofir Cohenaef90b72012-07-31 12:37:04 +0200[diff] [blame]726 rndis_qc_bam_disconnect(rndis);
727
728 usb_ep_disable(rndis->notify);
729 rndis->notify->driver_data = NULL;
730}
731
732/*-------------------------------------------------------------------------*/
733
734/*
735 * This isn't quite the same mechanism as CDC Ethernet, since the
736 * notification scheme passes less data, but the same set of link
737 * states must be tested. A key difference is that altsettings are
738 * not used to tell whether the link should send packets or not.
739 */
740
741static void rndis_qc_open(struct qc_gether *geth)
742{
743 struct f_rndis_qc *rndis = func_to_rndis_qc(&geth->func);
744 struct usb_composite_dev *cdev = geth->func.config->cdev;
745
746 DBG(cdev, "%s\n", __func__);
747
748 rndis_set_param_medium(rndis->config, NDIS_MEDIUM_802_3,
749 rndis_qc_bitrate(cdev->gadget) / 100);
750 rndis_signal_connect(rndis->config);
751}
752
753static void rndis_qc_close(struct qc_gether *geth)
754{
755 struct f_rndis_qc *rndis = func_to_rndis_qc(&geth->func);
756
757 DBG(geth->func.config->cdev, "%s\n", __func__);
758
759 rndis_set_param_medium(rndis->config, NDIS_MEDIUM_802_3, 0);
760 rndis_signal_disconnect(rndis->config);
761}
762
763/*-------------------------------------------------------------------------*/
764
765/* ethernet function driver setup/binding */
766
767static int
768rndis_qc_bind(struct usb_configuration *c, struct usb_function *f)
769{
770 struct usb_composite_dev *cdev = c->cdev;
771 struct f_rndis_qc *rndis = func_to_rndis_qc(f);
772 int status;
773 struct usb_ep *ep;
774
775 /* allocate instance-specific interface IDs */
776 status = usb_interface_id(c, f);
777 if (status < 0)
778 goto fail;
779 rndis->ctrl_id = status;
780 rndis_qc_iad_descriptor.bFirstInterface = status;
781
782 rndis_qc_control_intf.bInterfaceNumber = status;
783 rndis_qc_union_desc.bMasterInterface0 = status;
784
785 status = usb_interface_id(c, f);
786 if (status < 0)
787 goto fail;
788 rndis->data_id = status;
789
790 rndis_qc_data_intf.bInterfaceNumber = status;
791 rndis_qc_union_desc.bSlaveInterface0 = status;
792
793 status = -ENODEV;
794
795 /* allocate instance-specific endpoints */
796 ep = usb_ep_autoconfig(cdev->gadget, &rndis_qc_fs_in_desc);
797 if (!ep)
798 goto fail;
799 rndis->port.in_ep = ep;
800 ep->driver_data = cdev; /* claim */
801
802 ep = usb_ep_autoconfig(cdev->gadget, &rndis_qc_fs_out_desc);
803 if (!ep)
804 goto fail;
805 rndis->port.out_ep = ep;
806 ep->driver_data = cdev; /* claim */
807
808 /* NOTE: a status/notification endpoint is, strictly speaking,
809 * optional. We don't treat it that way though! It's simpler,
810 * and some newer profiles don't treat it as optional.
811 */
812 ep = usb_ep_autoconfig(cdev->gadget, &rndis_qc_fs_notify_desc);
813 if (!ep)
814 goto fail;
815 rndis->notify = ep;
816 ep->driver_data = cdev; /* claim */
817
818 status = -ENOMEM;
819
820 /* allocate notification request and buffer */
821 rndis->notify_req = usb_ep_alloc_request(ep, GFP_KERNEL);
822 if (!rndis->notify_req)
823 goto fail;
824 rndis->notify_req->buf = kmalloc(RNDIS_QC_STATUS_BYTECOUNT, GFP_KERNEL);
825 if (!rndis->notify_req->buf)
826 goto fail;
827 rndis->notify_req->length = RNDIS_QC_STATUS_BYTECOUNT;
828 rndis->notify_req->context = rndis;
829 rndis->notify_req->complete = rndis_qc_response_complete;
830
831 /* copy descriptors, and track endpoint copies */
832 f->descriptors = usb_copy_descriptors(eth_qc_fs_function);
833 if (!f->descriptors)
834 goto fail;
835
836 /* support all relevant hardware speeds... we expect that when
837 * hardware is dual speed, all bulk-capable endpoints work at
838 * both speeds
839 */
840 if (gadget_is_dualspeed(c->cdev->gadget)) {
841 rndis_qc_hs_in_desc.bEndpointAddress =
842 rndis_qc_fs_in_desc.bEndpointAddress;
843 rndis_qc_hs_out_desc.bEndpointAddress =
844 rndis_qc_fs_out_desc.bEndpointAddress;
845 rndis_qc_hs_notify_desc.bEndpointAddress =
846 rndis_qc_fs_notify_desc.bEndpointAddress;
847
848 /* copy descriptors, and track endpoint copies */
849 f->hs_descriptors = usb_copy_descriptors(eth_qc_hs_function);
850
851 if (!f->hs_descriptors)
852 goto fail;
853 }
854
855 if (gadget_is_superspeed(c->cdev->gadget)) {
856 rndis_qc_ss_in_desc.bEndpointAddress =
857 rndis_qc_fs_in_desc.bEndpointAddress;
858 rndis_qc_ss_out_desc.bEndpointAddress =
859 rndis_qc_fs_out_desc.bEndpointAddress;
860 rndis_qc_ss_notify_desc.bEndpointAddress =
861 rndis_qc_fs_notify_desc.bEndpointAddress;
862
863 /* copy descriptors, and track endpoint copies */
864 f->ss_descriptors = usb_copy_descriptors(eth_qc_ss_function);
865 if (!f->ss_descriptors)
866 goto fail;
867 }
868
869 rndis->port.open = rndis_qc_open;
870 rndis->port.close = rndis_qc_close;
871
872 status = rndis_register(rndis_qc_response_available, rndis);
873 if (status < 0)
874 goto fail;
875 rndis->config = status;
876
877 rndis_set_param_medium(rndis->config, NDIS_MEDIUM_802_3, 0);
878 rndis_set_host_mac(rndis->config, rndis->ethaddr);
879
880 if (rndis_set_param_vendor(rndis->config, rndis->vendorID,
881 rndis->manufacturer))
882 goto fail;
883
884 rndis_set_max_pkt_xfer(rndis->config, rndis->max_pkt_per_xfer);
885
Ofir Cohen76624ed2012-09-09 10:27:58 +0300[diff] [blame]886 /* In case of aggregated packets QC device will request
887 * aliment to 4 (2^2).
888 */
889 rndis_set_pkt_alignment_factor(rndis->config, 2);
890
Ofir Cohenaef90b72012-07-31 12:37:04 +0200[diff] [blame]891 /* NOTE: all that is done without knowing or caring about
892 * the network link ... which is unavailable to this code
893 * until we're activated via set_alt().
894 */
895
896 DBG(cdev, "RNDIS: %s speed IN/%s OUT/%s NOTIFY/%s\n",
897 gadget_is_superspeed(c->cdev->gadget) ? "super" :
898 gadget_is_dualspeed(c->cdev->gadget) ? "dual" : "full",
899 rndis->port.in_ep->name, rndis->port.out_ep->name,
900 rndis->notify->name);
901 return 0;
902
903fail:
904 if (gadget_is_superspeed(c->cdev->gadget) && f->ss_descriptors)
905 usb_free_descriptors(f->ss_descriptors);
906 if (gadget_is_dualspeed(c->cdev->gadget) && f->hs_descriptors)
907 usb_free_descriptors(f->hs_descriptors);
908 if (f->descriptors)
909 usb_free_descriptors(f->descriptors);
910
911 if (rndis->notify_req) {
912 kfree(rndis->notify_req->buf);
913 usb_ep_free_request(rndis->notify, rndis->notify_req);
914 }
915
916 /* we might as well release our claims on endpoints */
917 if (rndis->notify)
918 rndis->notify->driver_data = NULL;
919 if (rndis->port.out_ep->desc)
920 rndis->port.out_ep->driver_data = NULL;
921 if (rndis->port.in_ep->desc)
922 rndis->port.in_ep->driver_data = NULL;
923
924 pr_err("%s: can't bind, err %d\n", f->name, status);
925
926 return status;
927}
928
929static void
930rndis_qc_unbind(struct usb_configuration *c, struct usb_function *f)
931{
932 struct f_rndis_qc *rndis = func_to_rndis_qc(f);
933
934 rndis_deregister(rndis->config);
935 rndis_exit();
936
937 if (gadget_is_dualspeed(c->cdev->gadget))
938 usb_free_descriptors(f->hs_descriptors);
939 usb_free_descriptors(f->descriptors);
940
941 kfree(rndis->notify_req->buf);
942 usb_ep_free_request(rndis->notify, rndis->notify_req);
943
944 kfree(rndis);
945}
946
947/* Some controllers can't support RNDIS ... */
948static inline bool can_support_rndis_qc(struct usb_configuration *c)
949{
950 /* everything else is *presumably* fine */
951 return true;
952}
953
954/**
955 * rndis_qc_bind_config - add RNDIS network link to a configuration
956 * @c: the configuration to support the network link
957 * @ethaddr: a buffer in which the ethernet address of the host side
958 * side of the link was recorded
959 * Context: single threaded during gadget setup
960 *
961 * Returns zero on success, else negative errno.
962 *
963 * Caller must have called @gether_setup(). Caller is also responsible
964 * for calling @gether_cleanup() before module unload.
965 */
966int
967rndis_qc_bind_config(struct usb_configuration *c, u8 ethaddr[ETH_ALEN])
968{
969 return rndis_qc_bind_config_vendor(c, ethaddr, 0, NULL, 1);
970}
971
972int
973rndis_qc_bind_config_vendor(struct usb_configuration *c, u8 ethaddr[ETH_ALEN],
974 u32 vendorID, const char *manufacturer,
975 u8 max_pkt_per_xfer)
976{
977 struct f_rndis_qc *rndis;
978 int status;
979
980 if (!can_support_rndis_qc(c) || !ethaddr)
981 return -EINVAL;
982
983 /* setup RNDIS itself */
984 status = rndis_init();
985 if (status < 0)
986 return status;
987
988 status = rndis_qc_bam_setup();
989 if (status) {
990 pr_err("bam setup failed");
991 return status;
992 }
993
994 /* maybe allocate device-global string IDs */
995 if (rndis_qc_string_defs[0].id == 0) {
996
997 /* control interface label */
998 status = usb_string_id(c->cdev);
999 if (status < 0)
1000 return status;
1001 rndis_qc_string_defs[0].id = status;
1002 rndis_qc_control_intf.iInterface = status;
1003
1004 /* data interface label */
1005 status = usb_string_id(c->cdev);
1006 if (status < 0)
1007 return status;
1008 rndis_qc_string_defs[1].id = status;
1009 rndis_qc_data_intf.iInterface = status;
1010
1011 /* IAD iFunction label */
1012 status = usb_string_id(c->cdev);
1013 if (status < 0)
1014 return status;
1015 rndis_qc_string_defs[2].id = status;
1016 rndis_qc_iad_descriptor.iFunction = status;
1017 }
1018
1019 /* allocate and initialize one new instance */
1020 status = -ENOMEM;
1021 rndis = kzalloc(sizeof *rndis, GFP_KERNEL);
1022 if (!rndis)
1023 goto fail;
1024
1025 memcpy(rndis->ethaddr, ethaddr, ETH_ALEN);
1026 rndis->vendorID = vendorID;
1027 rndis->manufacturer = manufacturer;
1028
1029 /* if max_pkt_per_xfer was not configured set to default value */
1030 rndis->max_pkt_per_xfer =
1031 max_pkt_per_xfer ? max_pkt_per_xfer : DEFAULT_MAX_PKT_PER_XFER;
1032
1033 /* RNDIS activates when the host changes this filter */
1034 rndis->port.cdc_filter = 0;
1035
1036 /* RNDIS has special (and complex) framing */
1037 rndis->port.header_len = sizeof(struct rndis_packet_msg_type);
1038 rndis->port.wrap = rndis_qc_add_header;
1039 rndis->port.unwrap = rndis_qc_rm_hdr;
1040
1041 rndis->port.func.name = "rndis";
1042 rndis->port.func.strings = rndis_qc_strings;
1043 /* descriptors are per-instance copies */
1044 rndis->port.func.bind = rndis_qc_bind;
1045 rndis->port.func.unbind = rndis_qc_unbind;
1046 rndis->port.func.set_alt = rndis_qc_set_alt;
1047 rndis->port.func.setup = rndis_qc_setup;
1048 rndis->port.func.disable = rndis_qc_disable;
1049
1050 _rndis_qc = rndis;
1051
1052 status = usb_add_function(c, &rndis->port.func);
1053 if (status) {
1054 kfree(rndis);
1055fail:
1056 rndis_exit();
1057 }
1058 return status;
1059}
1060
1061static int rndis_qc_open_dev(struct inode *ip, struct file *fp)
1062{
1063 pr_info("Open rndis QC driver\n");
1064
1065 if (!_rndis_qc) {
1066 pr_err("rndis_qc_dev not created yet\n");
1067 return -ENODEV;
1068 }
1069
1070 if (rndis_qc_lock(&_rndis_qc->open_excl)) {
1071 pr_err("Already opened\n");
1072 return -EBUSY;
1073 }
1074
1075 fp->private_data = _rndis_qc;
1076 pr_info("rndis QC file opened\n");
1077
1078 return 0;
1079}
1080
1081static int rndis_qc_release_dev(struct inode *ip, struct file *fp)
1082{
1083 struct f_rndis_qc *rndis = fp->private_data;
1084
1085 pr_info("Close rndis QC file");
1086 rndis_qc_unlock(&rndis->open_excl);
1087
1088 return 0;
1089}
1090
1091static long rndis_qc_ioctl(struct file *fp, unsigned cmd, unsigned long arg)
1092{
1093 struct f_rndis_qc *rndis = fp->private_data;
1094 int ret = 0;
1095
1096 pr_info("Received command %d", cmd);
1097
1098 if (rndis_qc_lock(&rndis->ioctl_excl))
1099 return -EBUSY;
1100
1101 switch (cmd) {
1102 case RNDIS_QC_GET_MAX_PKT_PER_XFER:
1103 ret = copy_to_user((void __user *)arg,
1104 &rndis->max_pkt_per_xfer,
1105 sizeof(rndis->max_pkt_per_xfer));
1106 if (ret) {
1107 pr_err("copying to user space failed");
1108 ret = -EFAULT;
1109 }
1110 pr_info("Sent max packets per xfer %d",
1111 rndis->max_pkt_per_xfer);
1112 break;
1113 default:
1114 pr_err("Unsupported IOCTL");
1115 ret = -EINVAL;
1116 }
1117
1118 rndis_qc_unlock(&rndis->ioctl_excl);
1119
1120 return ret;
1121}
1122
1123static const struct file_operations rndis_qc_fops = {
1124 .owner = THIS_MODULE,
1125 .open = rndis_qc_open_dev,
1126 .release = rndis_qc_release_dev,
1127 .unlocked_ioctl = rndis_qc_ioctl,
1128};
1129
1130static struct miscdevice rndis_qc_device = {
1131 .minor = MISC_DYNAMIC_MINOR,
1132 .name = "android_rndis_qc",
1133 .fops = &rndis_qc_fops,
1134};
1135
1136static int rndis_qc_init(void)
1137{
1138 int ret;
1139
1140 pr_info("initialize rndis QC instance\n");
1141
1142 ret = misc_register(&rndis_qc_device);
1143 if (ret)
1144 pr_err("rndis QC driver failed to register");
1145
1146 return ret;
1147}
1148
1149static void rndis_qc_cleanup(void)
1150{
1151 pr_info("rndis QC cleanup");
1152
1153 misc_deregister(&rndis_qc_device);
1154 _rndis_qc = NULL;
1155}
1156
1157