1// SPDX-License-Identifier: GPL-2.0+ 2/* 3 * f_ncm.c -- USB CDC Network (NCM) link function driver 4 * 5 * Copyright (C) 2010 Nokia Corporation 6 * Contact: Yauheni Kaliuta <yauheni.kaliuta@nokia.com> 7 * 8 * The driver borrows from f_ecm.c which is: 9 * 10 * Copyright (C) 2003-2005,2008 David Brownell 11 * Copyright (C) 2008 Nokia Corporation 12 */ 13 14#include <linux/kernel.h> 15#include <linux/interrupt.h> 16#include <linux/module.h> 17#include <linux/device.h> 18#include <linux/etherdevice.h> 19#include <linux/crc32.h> 20 21#include <linux/usb/cdc.h> 22 23#include "u_ether.h" 24#include "u_ether_configfs.h" 25#include "u_ncm.h" 26#include "configfs.h" 27 28/* 29 * This function is a "CDC Network Control Model" (CDC NCM) Ethernet link. 30 * NCM is intended to be used with high-speed network attachments. 31 * 32 * Note that NCM requires the use of "alternate settings" for its data 33 * interface. This means that the set_alt() method has real work to do, 34 * and also means that a get_alt() method is required. 35 */ 36 37/* to trigger crc/non-crc ndp signature */ 38 39#define NCM_NDP_HDR_CRC 0x01000000 40 41enum ncm_notify_state { 42 NCM_NOTIFY_NONE, /* don't notify */ 43 NCM_NOTIFY_CONNECT, /* issue CONNECT next */ 44 NCM_NOTIFY_SPEED, /* issue SPEED_CHANGE next */ 45}; 46 47struct f_ncm { 48 struct gether port; 49 u8 ctrl_id, data_id; 50 51 char ethaddr[14]; 52 53 struct usb_ep *notify; 54 struct usb_request *notify_req; 55 u8 notify_state; 56 atomic_t notify_count; 57 bool is_open; 58 59 const struct ndp_parser_opts *parser_opts; 60 bool is_crc; 61 u32 ndp_sign; 62 63 /* 64 * for notification, it is accessed from both 65 * callback and ethernet open/close 66 */ 67 spinlock_t lock; 68 69 struct net_device *netdev; 70 71 /* For multi-frame NDP TX */ 72 struct sk_buff *skb_tx_data; 73 struct sk_buff *skb_tx_ndp; 74 u16 ndp_dgram_count; 75 bool timer_force_tx; 76 struct hrtimer task_timer; 77 bool timer_stopping; 78}; 79 80static inline struct f_ncm *func_to_ncm(struct usb_function *f) 81{ 82 return container_of(f, struct f_ncm, port.func); 83} 84 85/* peak (theoretical) bulk transfer rate in bits-per-second */ 86static inline unsigned ncm_bitrate(struct usb_gadget *g) 87{ 88 if (!g) 89 return 0; 90 else if (gadget_is_superspeed(g) && g->speed >= USB_SPEED_SUPER_PLUS) 91 return 4250000000U; 92 else if (gadget_is_superspeed(g) && g->speed == USB_SPEED_SUPER) 93 return 3750000000U; 94 else if (gadget_is_dualspeed(g) && g->speed == USB_SPEED_HIGH) 95 return 13 * 512 * 8 * 1000 * 8; 96 else 97 return 19 * 64 * 1 * 1000 * 8; 98} 99 100/*-------------------------------------------------------------------------*/ 101 102/* 103 * We cannot group frames so use just the minimal size which ok to put 104 * one max-size ethernet frame. 105 * If the host can group frames, allow it to do that, 16K is selected, 106 * because it's used by default by the current linux host driver 107 */ 108#define NTB_DEFAULT_IN_SIZE 16384 109#define NTB_OUT_SIZE 16384 110 111/* Allocation for storing the NDP, 32 should suffice for a 112 * 16k packet. This allows a maximum of 32 * 507 Byte packets to 113 * be transmitted in a single 16kB skb, though when sending full size 114 * packets this limit will be plenty. 115 * Smaller packets are not likely to be trying to maximize the 116 * throughput and will be mstly sending smaller infrequent frames. 117 */ 118#define TX_MAX_NUM_DPE 32 119 120/* Delay for the transmit to wait before sending an unfilled NTB frame. */ 121#define TX_TIMEOUT_NSECS 300000 122 123#define FORMATS_SUPPORTED (USB_CDC_NCM_NTB16_SUPPORTED | \ 124 USB_CDC_NCM_NTB32_SUPPORTED) 125 126static struct usb_cdc_ncm_ntb_parameters ntb_parameters = { 127 .wLength = cpu_to_le16(sizeof(ntb_parameters)), 128 .bmNtbFormatsSupported = cpu_to_le16(FORMATS_SUPPORTED), 129 .dwNtbInMaxSize = cpu_to_le32(NTB_DEFAULT_IN_SIZE), 130 .wNdpInDivisor = cpu_to_le16(4), 131 .wNdpInPayloadRemainder = cpu_to_le16(0), 132 .wNdpInAlignment = cpu_to_le16(4), 133 134 .dwNtbOutMaxSize = cpu_to_le32(NTB_OUT_SIZE), 135 .wNdpOutDivisor = cpu_to_le16(4), 136 .wNdpOutPayloadRemainder = cpu_to_le16(0), 137 .wNdpOutAlignment = cpu_to_le16(4), 138}; 139 140/* 141 * Use wMaxPacketSize big enough to fit CDC_NOTIFY_SPEED_CHANGE in one 142 * packet, to simplify cancellation; and a big transfer interval, to 143 * waste less bandwidth. 144 */ 145 146#define NCM_STATUS_INTERVAL_MS 32 147#define NCM_STATUS_BYTECOUNT 16 /* 8 byte header + data */ 148 149static struct usb_interface_assoc_descriptor ncm_iad_desc = { 150 .bLength = sizeof ncm_iad_desc, 151 .bDescriptorType = USB_DT_INTERFACE_ASSOCIATION, 152 153 /* .bFirstInterface = DYNAMIC, */ 154 .bInterfaceCount = 2, /* control + data */ 155 .bFunctionClass = USB_CLASS_COMM, 156 .bFunctionSubClass = USB_CDC_SUBCLASS_NCM, 157 .bFunctionProtocol = USB_CDC_PROTO_NONE, 158 /* .iFunction = DYNAMIC */ 159}; 160 161/* interface descriptor: */ 162 163static struct usb_interface_descriptor ncm_control_intf = { 164 .bLength = sizeof ncm_control_intf, 165 .bDescriptorType = USB_DT_INTERFACE, 166 167 /* .bInterfaceNumber = DYNAMIC */ 168 .bNumEndpoints = 1, 169 .bInterfaceClass = USB_CLASS_COMM, 170 .bInterfaceSubClass = USB_CDC_SUBCLASS_NCM, 171 .bInterfaceProtocol = USB_CDC_PROTO_NONE, 172 /* .iInterface = DYNAMIC */ 173}; 174 175static struct usb_cdc_header_desc ncm_header_desc = { 176 .bLength = sizeof ncm_header_desc, 177 .bDescriptorType = USB_DT_CS_INTERFACE, 178 .bDescriptorSubType = USB_CDC_HEADER_TYPE, 179 180 .bcdCDC = cpu_to_le16(0x0110), 181}; 182 183static struct usb_cdc_union_desc ncm_union_desc = { 184 .bLength = sizeof(ncm_union_desc), 185 .bDescriptorType = USB_DT_CS_INTERFACE, 186 .bDescriptorSubType = USB_CDC_UNION_TYPE, 187 /* .bMasterInterface0 = DYNAMIC */ 188 /* .bSlaveInterface0 = DYNAMIC */ 189}; 190 191static struct usb_cdc_ether_desc ecm_desc = { 192 .bLength = sizeof ecm_desc, 193 .bDescriptorType = USB_DT_CS_INTERFACE, 194 .bDescriptorSubType = USB_CDC_ETHERNET_TYPE, 195 196 /* this descriptor actually adds value, surprise! */ 197 /* .iMACAddress = DYNAMIC */ 198 .bmEthernetStatistics = cpu_to_le32(0), /* no statistics */ 199 .wMaxSegmentSize = cpu_to_le16(ETH_FRAME_LEN), 200 .wNumberMCFilters = cpu_to_le16(0), 201 .bNumberPowerFilters = 0, 202}; 203 204#define NCAPS (USB_CDC_NCM_NCAP_ETH_FILTER | USB_CDC_NCM_NCAP_CRC_MODE) 205 206static struct usb_cdc_ncm_desc ncm_desc = { 207 .bLength = sizeof ncm_desc, 208 .bDescriptorType = USB_DT_CS_INTERFACE, 209 .bDescriptorSubType = USB_CDC_NCM_TYPE, 210 211 .bcdNcmVersion = cpu_to_le16(0x0100), 212 /* can process SetEthernetPacketFilter */ 213 .bmNetworkCapabilities = NCAPS, 214}; 215 216/* the default data interface has no endpoints ... */ 217 218static struct usb_interface_descriptor ncm_data_nop_intf = { 219 .bLength = sizeof ncm_data_nop_intf, 220 .bDescriptorType = USB_DT_INTERFACE, 221 222 .bInterfaceNumber = 1, 223 .bAlternateSetting = 0, 224 .bNumEndpoints = 0, 225 .bInterfaceClass = USB_CLASS_CDC_DATA, 226 .bInterfaceSubClass = 0, 227 .bInterfaceProtocol = USB_CDC_NCM_PROTO_NTB, 228 /* .iInterface = DYNAMIC */ 229}; 230 231/* ... but the "real" data interface has two bulk endpoints */ 232 233static struct usb_interface_descriptor ncm_data_intf = { 234 .bLength = sizeof ncm_data_intf, 235 .bDescriptorType = USB_DT_INTERFACE, 236 237 .bInterfaceNumber = 1, 238 .bAlternateSetting = 1, 239 .bNumEndpoints = 2, 240 .bInterfaceClass = USB_CLASS_CDC_DATA, 241 .bInterfaceSubClass = 0, 242 .bInterfaceProtocol = USB_CDC_NCM_PROTO_NTB, 243 /* .iInterface = DYNAMIC */ 244}; 245 246/* full speed support: */ 247 248static struct usb_endpoint_descriptor fs_ncm_notify_desc = { 249 .bLength = USB_DT_ENDPOINT_SIZE, 250 .bDescriptorType = USB_DT_ENDPOINT, 251 252 .bEndpointAddress = USB_DIR_IN, 253 .bmAttributes = USB_ENDPOINT_XFER_INT, 254 .wMaxPacketSize = cpu_to_le16(NCM_STATUS_BYTECOUNT), 255 .bInterval = NCM_STATUS_INTERVAL_MS, 256}; 257 258static struct usb_endpoint_descriptor fs_ncm_in_desc = { 259 .bLength = USB_DT_ENDPOINT_SIZE, 260 .bDescriptorType = USB_DT_ENDPOINT, 261 262 .bEndpointAddress = USB_DIR_IN, 263 .bmAttributes = USB_ENDPOINT_XFER_BULK, 264}; 265 266static struct usb_endpoint_descriptor fs_ncm_out_desc = { 267 .bLength = USB_DT_ENDPOINT_SIZE, 268 .bDescriptorType = USB_DT_ENDPOINT, 269 270 .bEndpointAddress = USB_DIR_OUT, 271 .bmAttributes = USB_ENDPOINT_XFER_BULK, 272}; 273 274static struct usb_descriptor_header *ncm_fs_function[] = { 275 (struct usb_descriptor_header *) &ncm_iad_desc, 276 /* CDC NCM control descriptors */ 277 (struct usb_descriptor_header *) &ncm_control_intf, 278 (struct usb_descriptor_header *) &ncm_header_desc, 279 (struct usb_descriptor_header *) &ncm_union_desc, 280 (struct usb_descriptor_header *) &ecm_desc, 281 (struct usb_descriptor_header *) &ncm_desc, 282 (struct usb_descriptor_header *) &fs_ncm_notify_desc, 283 /* data interface, altsettings 0 and 1 */ 284 (struct usb_descriptor_header *) &ncm_data_nop_intf, 285 (struct usb_descriptor_header *) &ncm_data_intf, 286 (struct usb_descriptor_header *) &fs_ncm_in_desc, 287 (struct usb_descriptor_header *) &fs_ncm_out_desc, 288 NULL, 289}; 290 291/* high speed support: */ 292 293static struct usb_endpoint_descriptor hs_ncm_notify_desc = { 294 .bLength = USB_DT_ENDPOINT_SIZE, 295 .bDescriptorType = USB_DT_ENDPOINT, 296 297 .bEndpointAddress = USB_DIR_IN, 298 .bmAttributes = USB_ENDPOINT_XFER_INT, 299 .wMaxPacketSize = cpu_to_le16(NCM_STATUS_BYTECOUNT), 300 .bInterval = USB_MS_TO_HS_INTERVAL(NCM_STATUS_INTERVAL_MS), 301}; 302static struct usb_endpoint_descriptor hs_ncm_in_desc = { 303 .bLength = USB_DT_ENDPOINT_SIZE, 304 .bDescriptorType = USB_DT_ENDPOINT, 305 306 .bEndpointAddress = USB_DIR_IN, 307 .bmAttributes = USB_ENDPOINT_XFER_BULK, 308 .wMaxPacketSize = cpu_to_le16(512), 309}; 310 311static struct usb_endpoint_descriptor hs_ncm_out_desc = { 312 .bLength = USB_DT_ENDPOINT_SIZE, 313 .bDescriptorType = USB_DT_ENDPOINT, 314 315 .bEndpointAddress = USB_DIR_OUT, 316 .bmAttributes = USB_ENDPOINT_XFER_BULK, 317 .wMaxPacketSize = cpu_to_le16(512), 318}; 319 320static struct usb_descriptor_header *ncm_hs_function[] = { 321 (struct usb_descriptor_header *) &ncm_iad_desc, 322 /* CDC NCM control descriptors */ 323 (struct usb_descriptor_header *) &ncm_control_intf, 324 (struct usb_descriptor_header *) &ncm_header_desc, 325 (struct usb_descriptor_header *) &ncm_union_desc, 326 (struct usb_descriptor_header *) &ecm_desc, 327 (struct usb_descriptor_header *) &ncm_desc, 328 (struct usb_descriptor_header *) &hs_ncm_notify_desc, 329 /* data interface, altsettings 0 and 1 */ 330 (struct usb_descriptor_header *) &ncm_data_nop_intf, 331 (struct usb_descriptor_header *) &ncm_data_intf, 332 (struct usb_descriptor_header *) &hs_ncm_in_desc, 333 (struct usb_descriptor_header *) &hs_ncm_out_desc, 334 NULL, 335}; 336 337 338/* super speed support: */ 339 340static struct usb_endpoint_descriptor ss_ncm_notify_desc = { 341 .bLength = USB_DT_ENDPOINT_SIZE, 342 .bDescriptorType = USB_DT_ENDPOINT, 343 344 .bEndpointAddress = USB_DIR_IN, 345 .bmAttributes = USB_ENDPOINT_XFER_INT, 346 .wMaxPacketSize = cpu_to_le16(NCM_STATUS_BYTECOUNT), 347 .bInterval = USB_MS_TO_HS_INTERVAL(NCM_STATUS_INTERVAL_MS) 348}; 349 350static struct usb_ss_ep_comp_descriptor ss_ncm_notify_comp_desc = { 351 .bLength = sizeof(ss_ncm_notify_comp_desc), 352 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 353 354 /* the following 3 values can be tweaked if necessary */ 355 /* .bMaxBurst = 0, */ 356 /* .bmAttributes = 0, */ 357 .wBytesPerInterval = cpu_to_le16(NCM_STATUS_BYTECOUNT), 358}; 359 360static struct usb_endpoint_descriptor ss_ncm_in_desc = { 361 .bLength = USB_DT_ENDPOINT_SIZE, 362 .bDescriptorType = USB_DT_ENDPOINT, 363 364 .bEndpointAddress = USB_DIR_IN, 365 .bmAttributes = USB_ENDPOINT_XFER_BULK, 366 .wMaxPacketSize = cpu_to_le16(1024), 367}; 368 369static struct usb_endpoint_descriptor ss_ncm_out_desc = { 370 .bLength = USB_DT_ENDPOINT_SIZE, 371 .bDescriptorType = USB_DT_ENDPOINT, 372 373 .bEndpointAddress = USB_DIR_OUT, 374 .bmAttributes = USB_ENDPOINT_XFER_BULK, 375 .wMaxPacketSize = cpu_to_le16(1024), 376}; 377 378static struct usb_ss_ep_comp_descriptor ss_ncm_bulk_comp_desc = { 379 .bLength = sizeof(ss_ncm_bulk_comp_desc), 380 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 381 382 /* the following 2 values can be tweaked if necessary */ 383 .bMaxBurst = 15, 384 /* .bmAttributes = 0, */ 385}; 386 387static struct usb_descriptor_header *ncm_ss_function[] = { 388 (struct usb_descriptor_header *) &ncm_iad_desc, 389 /* CDC NCM control descriptors */ 390 (struct usb_descriptor_header *) &ncm_control_intf, 391 (struct usb_descriptor_header *) &ncm_header_desc, 392 (struct usb_descriptor_header *) &ncm_union_desc, 393 (struct usb_descriptor_header *) &ecm_desc, 394 (struct usb_descriptor_header *) &ncm_desc, 395 (struct usb_descriptor_header *) &ss_ncm_notify_desc, 396 (struct usb_descriptor_header *) &ss_ncm_notify_comp_desc, 397 /* data interface, altsettings 0 and 1 */ 398 (struct usb_descriptor_header *) &ncm_data_nop_intf, 399 (struct usb_descriptor_header *) &ncm_data_intf, 400 (struct usb_descriptor_header *) &ss_ncm_in_desc, 401 (struct usb_descriptor_header *) &ss_ncm_bulk_comp_desc, 402 (struct usb_descriptor_header *) &ss_ncm_out_desc, 403 (struct usb_descriptor_header *) &ss_ncm_bulk_comp_desc, 404 NULL, 405}; 406 407/* string descriptors: */ 408 409#define STRING_CTRL_IDX 0 410#define STRING_MAC_IDX 1 411#define STRING_DATA_IDX 2 412#define STRING_IAD_IDX 3 413 414static struct usb_string ncm_string_defs[] = { 415 [STRING_CTRL_IDX].s = "CDC Network Control Model (NCM)", 416 [STRING_MAC_IDX].s = "", 417 [STRING_DATA_IDX].s = "CDC Network Data", 418 [STRING_IAD_IDX].s = "CDC NCM", 419 { } /* end of list */ 420}; 421 422static struct usb_gadget_strings ncm_string_table = { 423 .language = 0x0409, /* en-us */ 424 .strings = ncm_string_defs, 425}; 426 427static struct usb_gadget_strings *ncm_strings[] = { 428 &ncm_string_table, 429 NULL, 430}; 431 432/* 433 * Here are options for NCM Datagram Pointer table (NDP) parser. 434 * There are 2 different formats: NDP16 and NDP32 in the spec (ch. 3), 435 * in NDP16 offsets and sizes fields are 1 16bit word wide, 436 * in NDP32 -- 2 16bit words wide. Also signatures are different. 437 * To make the parser code the same, put the differences in the structure, 438 * and switch pointers to the structures when the format is changed. 439 */ 440 441struct ndp_parser_opts { 442 u32 nth_sign; 443 u32 ndp_sign; 444 unsigned nth_size; 445 unsigned ndp_size; 446 unsigned dpe_size; 447 unsigned ndplen_align; 448 /* sizes in u16 units */ 449 unsigned dgram_item_len; /* index or length */ 450 unsigned block_length; 451 unsigned ndp_index; 452 unsigned reserved1; 453 unsigned reserved2; 454 unsigned next_ndp_index; 455}; 456 457#define INIT_NDP16_OPTS { \ 458 .nth_sign = USB_CDC_NCM_NTH16_SIGN, \ 459 .ndp_sign = USB_CDC_NCM_NDP16_NOCRC_SIGN, \ 460 .nth_size = sizeof(struct usb_cdc_ncm_nth16), \ 461 .ndp_size = sizeof(struct usb_cdc_ncm_ndp16), \ 462 .dpe_size = sizeof(struct usb_cdc_ncm_dpe16), \ 463 .ndplen_align = 4, \ 464 .dgram_item_len = 1, \ 465 .block_length = 1, \ 466 .ndp_index = 1, \ 467 .reserved1 = 0, \ 468 .reserved2 = 0, \ 469 .next_ndp_index = 1, \ 470 } 471 472 473#define INIT_NDP32_OPTS { \ 474 .nth_sign = USB_CDC_NCM_NTH32_SIGN, \ 475 .ndp_sign = USB_CDC_NCM_NDP32_NOCRC_SIGN, \ 476 .nth_size = sizeof(struct usb_cdc_ncm_nth32), \ 477 .ndp_size = sizeof(struct usb_cdc_ncm_ndp32), \ 478 .dpe_size = sizeof(struct usb_cdc_ncm_dpe32), \ 479 .ndplen_align = 8, \ 480 .dgram_item_len = 2, \ 481 .block_length = 2, \ 482 .ndp_index = 2, \ 483 .reserved1 = 1, \ 484 .reserved2 = 2, \ 485 .next_ndp_index = 2, \ 486 } 487 488static const struct ndp_parser_opts ndp16_opts = INIT_NDP16_OPTS; 489static const struct ndp_parser_opts ndp32_opts = INIT_NDP32_OPTS; 490 491static inline void put_ncm(__le16 **p, unsigned size, unsigned val) 492{ 493 switch (size) { 494 case 1: 495 put_unaligned_le16((u16)val, *p); 496 break; 497 case 2: 498 put_unaligned_le32((u32)val, *p); 499 500 break; 501 default: 502 BUG(); 503 } 504 505 *p += size; 506} 507 508static inline unsigned get_ncm(__le16 **p, unsigned size) 509{ 510 unsigned tmp; 511 512 switch (size) { 513 case 1: 514 tmp = get_unaligned_le16(*p); 515 break; 516 case 2: 517 tmp = get_unaligned_le32(*p); 518 break; 519 default: 520 BUG(); 521 } 522 523 *p += size; 524 return tmp; 525} 526 527/*-------------------------------------------------------------------------*/ 528 529static inline void ncm_reset_values(struct f_ncm *ncm) 530{ 531 ncm->parser_opts = &ndp16_opts; 532 ncm->is_crc = false; 533 ncm->ndp_sign = ncm->parser_opts->ndp_sign; 534 ncm->port.cdc_filter = DEFAULT_FILTER; 535 536 /* doesn't make sense for ncm, fixed size used */ 537 ncm->port.header_len = 0; 538 539 ncm->port.fixed_out_len = le32_to_cpu(ntb_parameters.dwNtbOutMaxSize); 540 ncm->port.fixed_in_len = NTB_DEFAULT_IN_SIZE; 541} 542 543/* 544 * Context: ncm->lock held 545 */ 546static void ncm_do_notify(struct f_ncm *ncm) 547{ 548 struct usb_request *req = ncm->notify_req; 549 struct usb_cdc_notification *event; 550 struct usb_composite_dev *cdev = ncm->port.func.config->cdev; 551 __le32 *data; 552 int status; 553 554 /* notification already in flight? */ 555 if (atomic_read(&ncm->notify_count)) 556 return; 557 558 event = req->buf; 559 switch (ncm->notify_state) { 560 case NCM_NOTIFY_NONE: 561 return; 562 563 case NCM_NOTIFY_CONNECT: 564 event->bNotificationType = USB_CDC_NOTIFY_NETWORK_CONNECTION; 565 if (ncm->is_open) 566 event->wValue = cpu_to_le16(1); 567 else 568 event->wValue = cpu_to_le16(0); 569 event->wLength = 0; 570 req->length = sizeof *event; 571 572 DBG(cdev, "notify connect %s\n", 573 ncm->is_open ? "true" : "false"); 574 ncm->notify_state = NCM_NOTIFY_NONE; 575 break; 576 577 case NCM_NOTIFY_SPEED: 578 event->bNotificationType = USB_CDC_NOTIFY_SPEED_CHANGE; 579 event->wValue = cpu_to_le16(0); 580 event->wLength = cpu_to_le16(8); 581 req->length = NCM_STATUS_BYTECOUNT; 582 583 /* SPEED_CHANGE data is up/down speeds in bits/sec */ 584 data = req->buf + sizeof *event; 585 data[0] = cpu_to_le32(ncm_bitrate(cdev->gadget)); 586 data[1] = data[0]; 587 588 DBG(cdev, "notify speed %u\n", ncm_bitrate(cdev->gadget)); 589 ncm->notify_state = NCM_NOTIFY_CONNECT; 590 break; 591 } 592 event->bmRequestType = 0xA1; 593 event->wIndex = cpu_to_le16(ncm->ctrl_id); 594 595 atomic_inc(&ncm->notify_count); 596 597 /* 598 * In double buffering if there is a space in FIFO, 599 * completion callback can be called right after the call, 600 * so unlocking 601 */ 602 spin_unlock(&ncm->lock); 603 status = usb_ep_queue(ncm->notify, req, GFP_ATOMIC); 604 spin_lock(&ncm->lock); 605 if (status < 0) { 606 atomic_dec(&ncm->notify_count); 607 DBG(cdev, "notify --> %d\n", status); 608 } 609} 610 611/* 612 * Context: ncm->lock held 613 */ 614static void ncm_notify(struct f_ncm *ncm) 615{ 616 /* 617 * NOTE on most versions of Linux, host side cdc-ethernet 618 * won't listen for notifications until its netdevice opens. 619 * The first notification then sits in the FIFO for a long 620 * time, and the second one is queued. 621 * 622 * If ncm_notify() is called before the second (CONNECT) 623 * notification is sent, then it will reset to send the SPEED 624 * notificaion again (and again, and again), but it's not a problem 625 */ 626 ncm->notify_state = NCM_NOTIFY_SPEED; 627 ncm_do_notify(ncm); 628} 629 630static void ncm_notify_complete(struct usb_ep *ep, struct usb_request *req) 631{ 632 struct f_ncm *ncm = req->context; 633 struct usb_composite_dev *cdev = ncm->port.func.config->cdev; 634 struct usb_cdc_notification *event = req->buf; 635 636 spin_lock(&ncm->lock); 637 switch (req->status) { 638 case 0: 639 VDBG(cdev, "Notification %02x sent\n", 640 event->bNotificationType); 641 atomic_dec(&ncm->notify_count); 642 break; 643 case -ECONNRESET: 644 case -ESHUTDOWN: 645 atomic_set(&ncm->notify_count, 0); 646 ncm->notify_state = NCM_NOTIFY_NONE; 647 break; 648 default: 649 DBG(cdev, "event %02x --> %d\n", 650 event->bNotificationType, req->status); 651 atomic_dec(&ncm->notify_count); 652 break; 653 } 654 ncm_do_notify(ncm); 655 spin_unlock(&ncm->lock); 656} 657 658static void ncm_ep0out_complete(struct usb_ep *ep, struct usb_request *req) 659{ 660 /* now for SET_NTB_INPUT_SIZE only */ 661 unsigned in_size; 662 struct usb_function *f = req->context; 663 struct f_ncm *ncm = func_to_ncm(f); 664 struct usb_composite_dev *cdev = f->config->cdev; 665 666 req->context = NULL; 667 if (req->status || req->actual != req->length) { 668 DBG(cdev, "Bad control-OUT transfer\n"); 669 goto invalid; 670 } 671 672 in_size = get_unaligned_le32(req->buf); 673 if (in_size < USB_CDC_NCM_NTB_MIN_IN_SIZE || 674 in_size > le32_to_cpu(ntb_parameters.dwNtbInMaxSize)) { 675 DBG(cdev, "Got wrong INPUT SIZE (%d) from host\n", in_size); 676 goto invalid; 677 } 678 679 ncm->port.fixed_in_len = in_size; 680 VDBG(cdev, "Set NTB INPUT SIZE %d\n", in_size); 681 return; 682 683invalid: 684 usb_ep_set_halt(ep); 685 return; 686} 687 688static int ncm_setup(struct usb_function *f, const struct usb_ctrlrequest *ctrl) 689{ 690 struct f_ncm *ncm = func_to_ncm(f); 691 struct usb_composite_dev *cdev = f->config->cdev; 692 struct usb_request *req = cdev->req; 693 int value = -EOPNOTSUPP; 694 u16 w_index = le16_to_cpu(ctrl->wIndex); 695 u16 w_value = le16_to_cpu(ctrl->wValue); 696 u16 w_length = le16_to_cpu(ctrl->wLength); 697 698 /* 699 * composite driver infrastructure handles everything except 700 * CDC class messages; interface activation uses set_alt(). 701 */ 702 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) { 703 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 704 | USB_CDC_SET_ETHERNET_PACKET_FILTER: 705 /* 706 * see 6.2.30: no data, wIndex = interface, 707 * wValue = packet filter bitmap 708 */ 709 if (w_length != 0 || w_index != ncm->ctrl_id) 710 goto invalid; 711 DBG(cdev, "packet filter %02x\n", w_value); 712 /* 713 * REVISIT locking of cdc_filter. This assumes the UDC 714 * driver won't have a concurrent packet TX irq running on 715 * another CPU; or that if it does, this write is atomic... 716 */ 717 ncm->port.cdc_filter = w_value; 718 value = 0; 719 break; 720 /* 721 * and optionally: 722 * case USB_CDC_SEND_ENCAPSULATED_COMMAND: 723 * case USB_CDC_GET_ENCAPSULATED_RESPONSE: 724 * case USB_CDC_SET_ETHERNET_MULTICAST_FILTERS: 725 * case USB_CDC_SET_ETHERNET_PM_PATTERN_FILTER: 726 * case USB_CDC_GET_ETHERNET_PM_PATTERN_FILTER: 727 * case USB_CDC_GET_ETHERNET_STATISTIC: 728 */ 729 730 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 731 | USB_CDC_GET_NTB_PARAMETERS: 732 733 if (w_length == 0 || w_value != 0 || w_index != ncm->ctrl_id) 734 goto invalid; 735 value = w_length > sizeof ntb_parameters ? 736 sizeof ntb_parameters : w_length; 737 memcpy(req->buf, &ntb_parameters, value); 738 VDBG(cdev, "Host asked NTB parameters\n"); 739 break; 740 741 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 742 | USB_CDC_GET_NTB_INPUT_SIZE: 743 744 if (w_length < 4 || w_value != 0 || w_index != ncm->ctrl_id) 745 goto invalid; 746 put_unaligned_le32(ncm->port.fixed_in_len, req->buf); 747 value = 4; 748 VDBG(cdev, "Host asked INPUT SIZE, sending %d\n", 749 ncm->port.fixed_in_len); 750 break; 751 752 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 753 | USB_CDC_SET_NTB_INPUT_SIZE: 754 { 755 if (w_length != 4 || w_value != 0 || w_index != ncm->ctrl_id) 756 goto invalid; 757 req->complete = ncm_ep0out_complete; 758 req->length = w_length; 759 req->context = f; 760 761 value = req->length; 762 break; 763 } 764 765 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 766 | USB_CDC_GET_NTB_FORMAT: 767 { 768 uint16_t format; 769 770 if (w_length < 2 || w_value != 0 || w_index != ncm->ctrl_id) 771 goto invalid; 772 format = (ncm->parser_opts == &ndp16_opts) ? 0x0000 : 0x0001; 773 put_unaligned_le16(format, req->buf); 774 value = 2; 775 VDBG(cdev, "Host asked NTB FORMAT, sending %d\n", format); 776 break; 777 } 778 779 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 780 | USB_CDC_SET_NTB_FORMAT: 781 { 782 if (w_length != 0 || w_index != ncm->ctrl_id) 783 goto invalid; 784 switch (w_value) { 785 case 0x0000: 786 ncm->parser_opts = &ndp16_opts; 787 DBG(cdev, "NCM16 selected\n"); 788 break; 789 case 0x0001: 790 ncm->parser_opts = &ndp32_opts; 791 DBG(cdev, "NCM32 selected\n"); 792 break; 793 default: 794 goto invalid; 795 } 796 value = 0; 797 break; 798 } 799 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 800 | USB_CDC_GET_CRC_MODE: 801 { 802 uint16_t is_crc; 803 804 if (w_length < 2 || w_value != 0 || w_index != ncm->ctrl_id) 805 goto invalid; 806 is_crc = ncm->is_crc ? 0x0001 : 0x0000; 807 put_unaligned_le16(is_crc, req->buf); 808 value = 2; 809 VDBG(cdev, "Host asked CRC MODE, sending %d\n", is_crc); 810 break; 811 } 812 813 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8) 814 | USB_CDC_SET_CRC_MODE: 815 { 816 if (w_length != 0 || w_index != ncm->ctrl_id) 817 goto invalid; 818 switch (w_value) { 819 case 0x0000: 820 ncm->is_crc = false; 821 DBG(cdev, "non-CRC mode selected\n"); 822 break; 823 case 0x0001: 824 ncm->is_crc = true; 825 DBG(cdev, "CRC mode selected\n"); 826 break; 827 default: 828 goto invalid; 829 } 830 value = 0; 831 break; 832 } 833 834 /* and disabled in ncm descriptor: */ 835 /* case USB_CDC_GET_NET_ADDRESS: */ 836 /* case USB_CDC_SET_NET_ADDRESS: */ 837 /* case USB_CDC_GET_MAX_DATAGRAM_SIZE: */ 838 /* case USB_CDC_SET_MAX_DATAGRAM_SIZE: */ 839 840 default: 841invalid: 842 DBG(cdev, "invalid control req%02x.%02x v%04x i%04x l%d\n", 843 ctrl->bRequestType, ctrl->bRequest, 844 w_value, w_index, w_length); 845 } 846 ncm->ndp_sign = ncm->parser_opts->ndp_sign | 847 (ncm->is_crc ? NCM_NDP_HDR_CRC : 0); 848 849 /* respond with data transfer or status phase? */ 850 if (value >= 0) { 851 DBG(cdev, "ncm req%02x.%02x v%04x i%04x l%d\n", 852 ctrl->bRequestType, ctrl->bRequest, 853 w_value, w_index, w_length); 854 req->zero = 0; 855 req->length = value; 856 value = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC); 857 if (value < 0) 858 ERROR(cdev, "ncm req %02x.%02x response err %d\n", 859 ctrl->bRequestType, ctrl->bRequest, 860 value); 861 } 862 863 /* device either stalls (value < 0) or reports success */ 864 return value; 865} 866 867 868static int ncm_set_alt(struct usb_function *f, unsigned intf, unsigned alt) 869{ 870 struct f_ncm *ncm = func_to_ncm(f); 871 struct usb_composite_dev *cdev = f->config->cdev; 872 873 /* Control interface has only altsetting 0 */ 874 if (intf == ncm->ctrl_id) { 875 if (alt != 0) 876 goto fail; 877 878 DBG(cdev, "reset ncm control %d\n", intf); 879 usb_ep_disable(ncm->notify); 880 881 if (!(ncm->notify->desc)) { 882 DBG(cdev, "init ncm ctrl %d\n", intf); 883 if (config_ep_by_speed(cdev->gadget, f, ncm->notify)) 884 goto fail; 885 } 886 usb_ep_enable(ncm->notify); 887 888 /* Data interface has two altsettings, 0 and 1 */ 889 } else if (intf == ncm->data_id) { 890 if (alt > 1) 891 goto fail; 892 893 if (ncm->port.in_ep->enabled) { 894 DBG(cdev, "reset ncm\n"); 895 ncm->timer_stopping = true; 896 ncm->netdev = NULL; 897 gether_disconnect(&ncm->port); 898 ncm_reset_values(ncm); 899 } 900 901 /* 902 * CDC Network only sends data in non-default altsettings. 903 * Changing altsettings resets filters, statistics, etc. 904 */ 905 if (alt == 1) { 906 struct net_device *net; 907 908 if (!ncm->port.in_ep->desc || 909 !ncm->port.out_ep->desc) { 910 DBG(cdev, "init ncm\n"); 911 if (config_ep_by_speed(cdev->gadget, f, 912 ncm->port.in_ep) || 913 config_ep_by_speed(cdev->gadget, f, 914 ncm->port.out_ep)) { 915 ncm->port.in_ep->desc = NULL; 916 ncm->port.out_ep->desc = NULL; 917 goto fail; 918 } 919 } 920 921 /* TODO */ 922 /* Enable zlps by default for NCM conformance; 923 * override for musb_hdrc (avoids txdma ovhead) 924 */ 925 ncm->port.is_zlp_ok = 926 gadget_is_zlp_supported(cdev->gadget); 927 ncm->port.cdc_filter = DEFAULT_FILTER; 928 DBG(cdev, "activate ncm\n"); 929 net = gether_connect(&ncm->port); 930 if (IS_ERR(net)) 931 return PTR_ERR(net); 932 ncm->netdev = net; 933 ncm->timer_stopping = false; 934 } 935 936 spin_lock(&ncm->lock); 937 ncm_notify(ncm); 938 spin_unlock(&ncm->lock); 939 } else 940 goto fail; 941 942 return 0; 943fail: 944 return -EINVAL; 945} 946 947/* 948 * Because the data interface supports multiple altsettings, 949 * this NCM function *MUST* implement a get_alt() method. 950 */ 951static int ncm_get_alt(struct usb_function *f, unsigned intf) 952{ 953 struct f_ncm *ncm = func_to_ncm(f); 954 955 if (intf == ncm->ctrl_id) 956 return 0; 957 return ncm->port.in_ep->enabled ? 1 : 0; 958} 959 960static struct sk_buff *package_for_tx(struct f_ncm *ncm) 961{ 962 __le16 *ntb_iter; 963 struct sk_buff *skb2 = NULL; 964 unsigned ndp_pad; 965 unsigned ndp_index; 966 unsigned new_len; 967 968 const struct ndp_parser_opts *opts = ncm->parser_opts; 969 const int ndp_align = le16_to_cpu(ntb_parameters.wNdpInAlignment); 970 const int dgram_idx_len = 2 * 2 * opts->dgram_item_len; 971 972 /* Stop the timer */ 973 hrtimer_try_to_cancel(&ncm->task_timer); 974 975 ndp_pad = ALIGN(ncm->skb_tx_data->len, ndp_align) - 976 ncm->skb_tx_data->len; 977 ndp_index = ncm->skb_tx_data->len + ndp_pad; 978 new_len = ndp_index + dgram_idx_len + ncm->skb_tx_ndp->len; 979 980 /* Set the final BlockLength and wNdpIndex */ 981 ntb_iter = (void *) ncm->skb_tx_data->data; 982 /* Increment pointer to BlockLength */ 983 ntb_iter += 2 + 1 + 1; 984 put_ncm(&ntb_iter, opts->block_length, new_len); 985 put_ncm(&ntb_iter, opts->ndp_index, ndp_index); 986 987 /* Set the final NDP wLength */ 988 new_len = opts->ndp_size + 989 (ncm->ndp_dgram_count * dgram_idx_len); 990 ncm->ndp_dgram_count = 0; 991 /* Increment from start to wLength */ 992 ntb_iter = (void *) ncm->skb_tx_ndp->data; 993 ntb_iter += 2; 994 put_unaligned_le16(new_len, ntb_iter); 995 996 /* Merge the skbs */ 997 swap(skb2, ncm->skb_tx_data); 998 if (ncm->skb_tx_data) { 999 dev_consume_skb_any(ncm->skb_tx_data); 1000 ncm->skb_tx_data = NULL; 1001 } 1002 1003 /* Insert NDP alignment. */ 1004 skb_put_zero(skb2, ndp_pad); 1005 1006 /* Copy NTB across. */ 1007 skb_put_data(skb2, ncm->skb_tx_ndp->data, ncm->skb_tx_ndp->len); 1008 dev_consume_skb_any(ncm->skb_tx_ndp); 1009 ncm->skb_tx_ndp = NULL; 1010 1011 /* Insert zero'd datagram. */ 1012 skb_put_zero(skb2, dgram_idx_len); 1013 1014 return skb2; 1015} 1016 1017static struct sk_buff *ncm_wrap_ntb(struct gether *port, 1018 struct sk_buff *skb) 1019{ 1020 struct f_ncm *ncm = func_to_ncm(&port->func); 1021 struct sk_buff *skb2 = NULL; 1022 int ncb_len = 0; 1023 __le16 *ntb_data; 1024 __le16 *ntb_ndp; 1025 int dgram_pad; 1026 1027 unsigned max_size = ncm->port.fixed_in_len; 1028 const struct ndp_parser_opts *opts = ncm->parser_opts; 1029 const int ndp_align = le16_to_cpu(ntb_parameters.wNdpInAlignment); 1030 const int div = le16_to_cpu(ntb_parameters.wNdpInDivisor); 1031 const int rem = le16_to_cpu(ntb_parameters.wNdpInPayloadRemainder); 1032 const int dgram_idx_len = 2 * 2 * opts->dgram_item_len; 1033 1034 if (!skb && !ncm->skb_tx_data) 1035 return NULL; 1036 1037 if (skb) { 1038 /* Add the CRC if required up front */ 1039 if (ncm->is_crc) { 1040 uint32_t crc; 1041 __le16 *crc_pos; 1042 1043 crc = ~crc32_le(~0, 1044 skb->data, 1045 skb->len); 1046 crc_pos = skb_put(skb, sizeof(uint32_t)); 1047 put_unaligned_le32(crc, crc_pos); 1048 } 1049 1050 /* If the new skb is too big for the current NCM NTB then 1051 * set the current stored skb to be sent now and clear it 1052 * ready for new data. 1053 * NOTE: Assume maximum align for speed of calculation. 1054 */ 1055 if (ncm->skb_tx_data 1056 && (ncm->ndp_dgram_count >= TX_MAX_NUM_DPE 1057 || (ncm->skb_tx_data->len + 1058 div + rem + skb->len + 1059 ncm->skb_tx_ndp->len + ndp_align + (2 * dgram_idx_len)) 1060 > max_size)) { 1061 skb2 = package_for_tx(ncm); 1062 if (!skb2) 1063 goto err; 1064 } 1065 1066 if (!ncm->skb_tx_data) { 1067 ncb_len = opts->nth_size; 1068 dgram_pad = ALIGN(ncb_len, div) + rem - ncb_len; 1069 ncb_len += dgram_pad; 1070 1071 /* Create a new skb for the NTH and datagrams. */ 1072 ncm->skb_tx_data = alloc_skb(max_size, GFP_ATOMIC); 1073 if (!ncm->skb_tx_data) 1074 goto err; 1075 1076 ncm->skb_tx_data->dev = ncm->netdev; 1077 ntb_data = skb_put_zero(ncm->skb_tx_data, ncb_len); 1078 /* dwSignature */ 1079 put_unaligned_le32(opts->nth_sign, ntb_data); 1080 ntb_data += 2; 1081 /* wHeaderLength */ 1082 put_unaligned_le16(opts->nth_size, ntb_data++); 1083 1084 /* Allocate an skb for storing the NDP, 1085 * TX_MAX_NUM_DPE should easily suffice for a 1086 * 16k packet. 1087 */ 1088 ncm->skb_tx_ndp = alloc_skb((int)(opts->ndp_size 1089 + opts->dpe_size 1090 * TX_MAX_NUM_DPE), 1091 GFP_ATOMIC); 1092 if (!ncm->skb_tx_ndp) 1093 goto err; 1094 1095 ncm->skb_tx_ndp->dev = ncm->netdev; 1096 ntb_ndp = skb_put(ncm->skb_tx_ndp, opts->ndp_size); 1097 memset(ntb_ndp, 0, ncb_len); 1098 /* dwSignature */ 1099 put_unaligned_le32(ncm->ndp_sign, ntb_ndp); 1100 ntb_ndp += 2; 1101 1102 /* There is always a zeroed entry */ 1103 ncm->ndp_dgram_count = 1; 1104 1105 /* Note: we skip opts->next_ndp_index */ 1106 1107 /* Start the timer. */ 1108 hrtimer_start(&ncm->task_timer, TX_TIMEOUT_NSECS, 1109 HRTIMER_MODE_REL_SOFT); 1110 } 1111 1112 /* Add the datagram position entries */ 1113 ntb_ndp = skb_put_zero(ncm->skb_tx_ndp, dgram_idx_len); 1114 1115 ncb_len = ncm->skb_tx_data->len; 1116 dgram_pad = ALIGN(ncb_len, div) + rem - ncb_len; 1117 ncb_len += dgram_pad; 1118 1119 /* (d)wDatagramIndex */ 1120 put_ncm(&ntb_ndp, opts->dgram_item_len, ncb_len); 1121 /* (d)wDatagramLength */ 1122 put_ncm(&ntb_ndp, opts->dgram_item_len, skb->len); 1123 ncm->ndp_dgram_count++; 1124 1125 /* Add the new data to the skb */ 1126 skb_put_zero(ncm->skb_tx_data, dgram_pad); 1127 skb_put_data(ncm->skb_tx_data, skb->data, skb->len); 1128 dev_consume_skb_any(skb); 1129 skb = NULL; 1130 1131 } else if (ncm->skb_tx_data && ncm->timer_force_tx) { 1132 /* If the tx was requested because of a timeout then send */ 1133 skb2 = package_for_tx(ncm); 1134 if (!skb2) 1135 goto err; 1136 } 1137 1138 return skb2; 1139 1140err: 1141 ncm->netdev->stats.tx_dropped++; 1142 1143 if (skb) 1144 dev_kfree_skb_any(skb); 1145 if (ncm->skb_tx_data) 1146 dev_kfree_skb_any(ncm->skb_tx_data); 1147 if (ncm->skb_tx_ndp) 1148 dev_kfree_skb_any(ncm->skb_tx_ndp); 1149 1150 return NULL; 1151} 1152 1153/* 1154 * The transmit should only be run if no skb data has been sent 1155 * for a certain duration. 1156 */ 1157static enum hrtimer_restart ncm_tx_timeout(struct hrtimer *data) 1158{ 1159 struct f_ncm *ncm = container_of(data, struct f_ncm, task_timer); 1160 1161 /* Only send if data is available. */ 1162 if (!ncm->timer_stopping && ncm->skb_tx_data) { 1163 ncm->timer_force_tx = true; 1164 1165 /* XXX This allowance of a NULL skb argument to ndo_start_xmit 1166 * XXX is not sane. The gadget layer should be redesigned so 1167 * XXX that the dev->wrap() invocations to build SKBs is transparent 1168 * XXX and performed in some way outside of the ndo_start_xmit 1169 * XXX interface. 1170 */ 1171 ncm->netdev->netdev_ops->ndo_start_xmit(NULL, ncm->netdev); 1172 1173 ncm->timer_force_tx = false; 1174 } 1175 return HRTIMER_NORESTART; 1176} 1177 1178static int ncm_unwrap_ntb(struct gether *port, 1179 struct sk_buff *skb, 1180 struct sk_buff_head *list) 1181{ 1182 struct f_ncm *ncm = func_to_ncm(&port->func); 1183 unsigned char *ntb_ptr = skb->data; 1184 __le16 *tmp; 1185 unsigned index, index2; 1186 int ndp_index; 1187 unsigned dg_len, dg_len2; 1188 unsigned ndp_len; 1189 unsigned block_len; 1190 struct sk_buff *skb2; 1191 int ret = -EINVAL; 1192 unsigned ntb_max = le32_to_cpu(ntb_parameters.dwNtbOutMaxSize); 1193 unsigned frame_max = le16_to_cpu(ecm_desc.wMaxSegmentSize); 1194 const struct ndp_parser_opts *opts = ncm->parser_opts; 1195 unsigned crc_len = ncm->is_crc ? sizeof(uint32_t) : 0; 1196 int dgram_counter; 1197 int to_process = skb->len; 1198 1199parse_ntb: 1200 tmp = (__le16 *)ntb_ptr; 1201 1202 /* dwSignature */ 1203 if (get_unaligned_le32(tmp) != opts->nth_sign) { 1204 INFO(port->func.config->cdev, "Wrong NTH SIGN, skblen %d\n", 1205 skb->len); 1206 print_hex_dump(KERN_INFO, "HEAD:", DUMP_PREFIX_ADDRESS, 32, 1, 1207 skb->data, 32, false); 1208 1209 goto err; 1210 } 1211 tmp += 2; 1212 /* wHeaderLength */ 1213 if (get_unaligned_le16(tmp++) != opts->nth_size) { 1214 INFO(port->func.config->cdev, "Wrong NTB headersize\n"); 1215 goto err; 1216 } 1217 tmp++; /* skip wSequence */ 1218 1219 block_len = get_ncm(&tmp, opts->block_length); 1220 /* (d)wBlockLength */ 1221 if (block_len > ntb_max) { 1222 INFO(port->func.config->cdev, "OUT size exceeded\n"); 1223 goto err; 1224 } 1225 1226 ndp_index = get_ncm(&tmp, opts->ndp_index); 1227 1228 /* Run through all the NDP's in the NTB */ 1229 do { 1230 /* 1231 * NCM 3.2 1232 * dwNdpIndex 1233 */ 1234 if (((ndp_index % 4) != 0) || 1235 (ndp_index < opts->nth_size) || 1236 (ndp_index > (block_len - 1237 opts->ndp_size))) { 1238 INFO(port->func.config->cdev, "Bad index: %#X\n", 1239 ndp_index); 1240 goto err; 1241 } 1242 1243 /* 1244 * walk through NDP 1245 * dwSignature 1246 */ 1247 tmp = (__le16 *)(ntb_ptr + ndp_index); 1248 if (get_unaligned_le32(tmp) != ncm->ndp_sign) { 1249 INFO(port->func.config->cdev, "Wrong NDP SIGN\n"); 1250 goto err; 1251 } 1252 tmp += 2; 1253 1254 ndp_len = get_unaligned_le16(tmp++); 1255 /* 1256 * NCM 3.3.1 1257 * wLength 1258 * entry is 2 items 1259 * item size is 16/32 bits, opts->dgram_item_len * 2 bytes 1260 * minimal: struct usb_cdc_ncm_ndpX + normal entry + zero entry 1261 * Each entry is a dgram index and a dgram length. 1262 */ 1263 if ((ndp_len < opts->ndp_size 1264 + 2 * 2 * (opts->dgram_item_len * 2)) || 1265 (ndp_len % opts->ndplen_align != 0)) { 1266 INFO(port->func.config->cdev, "Bad NDP length: %#X\n", 1267 ndp_len); 1268 goto err; 1269 } 1270 tmp += opts->reserved1; 1271 /* Check for another NDP (d)wNextNdpIndex */ 1272 ndp_index = get_ncm(&tmp, opts->next_ndp_index); 1273 tmp += opts->reserved2; 1274 1275 ndp_len -= opts->ndp_size; 1276 index2 = get_ncm(&tmp, opts->dgram_item_len); 1277 dg_len2 = get_ncm(&tmp, opts->dgram_item_len); 1278 dgram_counter = 0; 1279 1280 do { 1281 index = index2; 1282 /* wDatagramIndex[0] */ 1283 if ((index < opts->nth_size) || 1284 (index > block_len - opts->dpe_size)) { 1285 INFO(port->func.config->cdev, 1286 "Bad index: %#X\n", index); 1287 goto err; 1288 } 1289 1290 dg_len = dg_len2; 1291 /* 1292 * wDatagramLength[0] 1293 * ethernet hdr + crc or larger than max frame size 1294 */ 1295 if ((dg_len < 14 + crc_len) || 1296 (dg_len > frame_max)) { 1297 INFO(port->func.config->cdev, 1298 "Bad dgram length: %#X\n", dg_len); 1299 goto err; 1300 } 1301 if (ncm->is_crc) { 1302 uint32_t crc, crc2; 1303 1304 crc = get_unaligned_le32(ntb_ptr + 1305 index + dg_len - 1306 crc_len); 1307 crc2 = ~crc32_le(~0, 1308 ntb_ptr + index, 1309 dg_len - crc_len); 1310 if (crc != crc2) { 1311 INFO(port->func.config->cdev, 1312 "Bad CRC\n"); 1313 goto err; 1314 } 1315 } 1316 1317 index2 = get_ncm(&tmp, opts->dgram_item_len); 1318 dg_len2 = get_ncm(&tmp, opts->dgram_item_len); 1319 1320 /* wDatagramIndex[1] */ 1321 if (index2 > block_len - opts->dpe_size) { 1322 INFO(port->func.config->cdev, 1323 "Bad index: %#X\n", index2); 1324 goto err; 1325 } 1326 1327 /* 1328 * Copy the data into a new skb. 1329 * This ensures the truesize is correct 1330 */ 1331 skb2 = netdev_alloc_skb_ip_align(ncm->netdev, 1332 dg_len - crc_len); 1333 if (skb2 == NULL) 1334 goto err; 1335 skb_put_data(skb2, ntb_ptr + index, 1336 dg_len - crc_len); 1337 1338 skb_queue_tail(list, skb2); 1339 1340 ndp_len -= 2 * (opts->dgram_item_len * 2); 1341 1342 dgram_counter++; 1343 if (index2 == 0 || dg_len2 == 0) 1344 break; 1345 } while (ndp_len > 2 * (opts->dgram_item_len * 2)); 1346 } while (ndp_index); 1347 1348 VDBG(port->func.config->cdev, 1349 "Parsed NTB with %d frames\n", dgram_counter); 1350 1351 to_process -= block_len; 1352 if (to_process != 0) { 1353 ntb_ptr = (unsigned char *)(ntb_ptr + block_len); 1354 goto parse_ntb; 1355 } 1356 1357 dev_consume_skb_any(skb); 1358 1359 return 0; 1360err: 1361 skb_queue_purge(list); 1362 dev_kfree_skb_any(skb); 1363 return ret; 1364} 1365 1366static void ncm_disable(struct usb_function *f) 1367{ 1368 struct f_ncm *ncm = func_to_ncm(f); 1369 struct usb_composite_dev *cdev = f->config->cdev; 1370 1371 DBG(cdev, "ncm deactivated\n"); 1372 1373 if (ncm->port.in_ep->enabled) { 1374 ncm->timer_stopping = true; 1375 ncm->netdev = NULL; 1376 gether_disconnect(&ncm->port); 1377 } 1378 1379 if (ncm->notify->enabled) { 1380 usb_ep_disable(ncm->notify); 1381 ncm->notify->desc = NULL; 1382 } 1383} 1384 1385/*-------------------------------------------------------------------------*/ 1386 1387/* 1388 * Callbacks let us notify the host about connect/disconnect when the 1389 * net device is opened or closed. 1390 * 1391 * For testing, note that link states on this side include both opened 1392 * and closed variants of: 1393 * 1394 * - disconnected/unconfigured 1395 * - configured but inactive (data alt 0) 1396 * - configured and active (data alt 1) 1397 * 1398 * Each needs to be tested with unplug, rmmod, SET_CONFIGURATION, and 1399 * SET_INTERFACE (altsetting). Remember also that "configured" doesn't 1400 * imply the host is actually polling the notification endpoint, and 1401 * likewise that "active" doesn't imply it's actually using the data 1402 * endpoints for traffic. 1403 */ 1404 1405static void ncm_open(struct gether *geth) 1406{ 1407 struct f_ncm *ncm = func_to_ncm(&geth->func); 1408 1409 DBG(ncm->port.func.config->cdev, "%s\n", __func__); 1410 1411 spin_lock(&ncm->lock); 1412 ncm->is_open = true; 1413 ncm_notify(ncm); 1414 spin_unlock(&ncm->lock); 1415} 1416 1417static void ncm_close(struct gether *geth) 1418{ 1419 struct f_ncm *ncm = func_to_ncm(&geth->func); 1420 1421 DBG(ncm->port.func.config->cdev, "%s\n", __func__); 1422 1423 spin_lock(&ncm->lock); 1424 ncm->is_open = false; 1425 ncm_notify(ncm); 1426 spin_unlock(&ncm->lock); 1427} 1428 1429/*-------------------------------------------------------------------------*/ 1430 1431/* ethernet function driver setup/binding */ 1432 1433static int ncm_bind(struct usb_configuration *c, struct usb_function *f) 1434{ 1435 struct usb_composite_dev *cdev = c->cdev; 1436 struct f_ncm *ncm = func_to_ncm(f); 1437 struct usb_string *us; 1438 int status = 0; 1439 struct usb_ep *ep; 1440 struct f_ncm_opts *ncm_opts; 1441 1442 if (!can_support_ecm(cdev->gadget)) 1443 return -EINVAL; 1444 1445 ncm_opts = container_of(f->fi, struct f_ncm_opts, func_inst); 1446 1447 if (cdev->use_os_string) { 1448 f->os_desc_table = kzalloc(sizeof(*f->os_desc_table), 1449 GFP_KERNEL); 1450 if (!f->os_desc_table) 1451 return -ENOMEM; 1452 f->os_desc_n = 1; 1453 f->os_desc_table[0].os_desc = &ncm_opts->ncm_os_desc; 1454 } 1455 1456 mutex_lock(&ncm_opts->lock); 1457 gether_set_gadget(ncm_opts->net, cdev->gadget); 1458 if (!ncm_opts->bound) 1459 status = gether_register_netdev(ncm_opts->net); 1460 mutex_unlock(&ncm_opts->lock); 1461 1462 if (status) 1463 goto fail; 1464 1465 ncm_opts->bound = true; 1466 1467 us = usb_gstrings_attach(cdev, ncm_strings, 1468 ARRAY_SIZE(ncm_string_defs)); 1469 if (IS_ERR(us)) { 1470 status = PTR_ERR(us); 1471 goto fail; 1472 } 1473 ncm_control_intf.iInterface = us[STRING_CTRL_IDX].id; 1474 ncm_data_nop_intf.iInterface = us[STRING_DATA_IDX].id; 1475 ncm_data_intf.iInterface = us[STRING_DATA_IDX].id; 1476 ecm_desc.iMACAddress = us[STRING_MAC_IDX].id; 1477 ncm_iad_desc.iFunction = us[STRING_IAD_IDX].id; 1478 1479 /* allocate instance-specific interface IDs */ 1480 status = usb_interface_id(c, f); 1481 if (status < 0) 1482 goto fail; 1483 ncm->ctrl_id = status; 1484 ncm_iad_desc.bFirstInterface = status; 1485 1486 ncm_control_intf.bInterfaceNumber = status; 1487 ncm_union_desc.bMasterInterface0 = status; 1488 1489 if (cdev->use_os_string) 1490 f->os_desc_table[0].if_id = 1491 ncm_iad_desc.bFirstInterface; 1492 1493 status = usb_interface_id(c, f); 1494 if (status < 0) 1495 goto fail; 1496 ncm->data_id = status; 1497 1498 ncm_data_nop_intf.bInterfaceNumber = status; 1499 ncm_data_intf.bInterfaceNumber = status; 1500 ncm_union_desc.bSlaveInterface0 = status; 1501 1502 status = -ENODEV; 1503 1504 /* allocate instance-specific endpoints */ 1505 ep = usb_ep_autoconfig(cdev->gadget, &fs_ncm_in_desc); 1506 if (!ep) 1507 goto fail; 1508 ncm->port.in_ep = ep; 1509 1510 ep = usb_ep_autoconfig(cdev->gadget, &fs_ncm_out_desc); 1511 if (!ep) 1512 goto fail; 1513 ncm->port.out_ep = ep; 1514 1515 ep = usb_ep_autoconfig(cdev->gadget, &fs_ncm_notify_desc); 1516 if (!ep) 1517 goto fail; 1518 ncm->notify = ep; 1519 1520 status = -ENOMEM; 1521 1522 /* allocate notification request and buffer */ 1523 ncm->notify_req = usb_ep_alloc_request(ep, GFP_KERNEL); 1524 if (!ncm->notify_req) 1525 goto fail; 1526 ncm->notify_req->buf = kmalloc(NCM_STATUS_BYTECOUNT, GFP_KERNEL); 1527 if (!ncm->notify_req->buf) 1528 goto fail; 1529 ncm->notify_req->context = ncm; 1530 ncm->notify_req->complete = ncm_notify_complete; 1531 1532 /* 1533 * support all relevant hardware speeds... we expect that when 1534 * hardware is dual speed, all bulk-capable endpoints work at 1535 * both speeds 1536 */ 1537 hs_ncm_in_desc.bEndpointAddress = fs_ncm_in_desc.bEndpointAddress; 1538 hs_ncm_out_desc.bEndpointAddress = fs_ncm_out_desc.bEndpointAddress; 1539 hs_ncm_notify_desc.bEndpointAddress = 1540 fs_ncm_notify_desc.bEndpointAddress; 1541 1542 ss_ncm_in_desc.bEndpointAddress = fs_ncm_in_desc.bEndpointAddress; 1543 ss_ncm_out_desc.bEndpointAddress = fs_ncm_out_desc.bEndpointAddress; 1544 ss_ncm_notify_desc.bEndpointAddress = 1545 fs_ncm_notify_desc.bEndpointAddress; 1546 1547 status = usb_assign_descriptors(f, ncm_fs_function, ncm_hs_function, 1548 ncm_ss_function, ncm_ss_function); 1549 if (status) 1550 goto fail; 1551 1552 /* 1553 * NOTE: all that is done without knowing or caring about 1554 * the network link ... which is unavailable to this code 1555 * until we're activated via set_alt(). 1556 */ 1557 1558 ncm->port.open = ncm_open; 1559 ncm->port.close = ncm_close; 1560 1561 hrtimer_init(&ncm->task_timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL_SOFT); 1562 ncm->task_timer.function = ncm_tx_timeout; 1563 1564 DBG(cdev, "CDC Network: %s speed IN/%s OUT/%s NOTIFY/%s\n", 1565 gadget_is_superspeed(c->cdev->gadget) ? "super" : 1566 gadget_is_dualspeed(c->cdev->gadget) ? "dual" : "full", 1567 ncm->port.in_ep->name, ncm->port.out_ep->name, 1568 ncm->notify->name); 1569 return 0; 1570 1571fail: 1572 kfree(f->os_desc_table); 1573 f->os_desc_n = 0; 1574 1575 if (ncm->notify_req) { 1576 kfree(ncm->notify_req->buf); 1577 usb_ep_free_request(ncm->notify, ncm->notify_req); 1578 } 1579 1580 ERROR(cdev, "%s: can't bind, err %d\n", f->name, status); 1581 1582 return status; 1583} 1584 1585static inline struct f_ncm_opts *to_f_ncm_opts(struct config_item *item) 1586{ 1587 return container_of(to_config_group(item), struct f_ncm_opts, 1588 func_inst.group); 1589} 1590 1591/* f_ncm_item_ops */ 1592USB_ETHERNET_CONFIGFS_ITEM(ncm); 1593 1594/* f_ncm_opts_dev_addr */ 1595USB_ETHERNET_CONFIGFS_ITEM_ATTR_DEV_ADDR(ncm); 1596 1597/* f_ncm_opts_host_addr */ 1598USB_ETHERNET_CONFIGFS_ITEM_ATTR_HOST_ADDR(ncm); 1599 1600/* f_ncm_opts_qmult */ 1601USB_ETHERNET_CONFIGFS_ITEM_ATTR_QMULT(ncm); 1602 1603/* f_ncm_opts_ifname */ 1604USB_ETHERNET_CONFIGFS_ITEM_ATTR_IFNAME(ncm); 1605 1606static struct configfs_attribute *ncm_attrs[] = { 1607 &ncm_opts_attr_dev_addr, 1608 &ncm_opts_attr_host_addr, 1609 &ncm_opts_attr_qmult, 1610 &ncm_opts_attr_ifname, 1611 NULL, 1612}; 1613 1614static const struct config_item_type ncm_func_type = { 1615 .ct_item_ops = &ncm_item_ops, 1616 .ct_attrs = ncm_attrs, 1617 .ct_owner = THIS_MODULE, 1618}; 1619 1620static void ncm_free_inst(struct usb_function_instance *f) 1621{ 1622 struct f_ncm_opts *opts; 1623 1624 opts = container_of(f, struct f_ncm_opts, func_inst); 1625 if (opts->bound) 1626 gether_cleanup(netdev_priv(opts->net)); 1627 else 1628 free_netdev(opts->net); 1629 kfree(opts->ncm_interf_group); 1630 kfree(opts); 1631} 1632 1633static struct usb_function_instance *ncm_alloc_inst(void) 1634{ 1635 struct f_ncm_opts *opts; 1636 struct usb_os_desc *descs[1]; 1637 char *names[1]; 1638 struct config_group *ncm_interf_group; 1639 1640 opts = kzalloc(sizeof(*opts), GFP_KERNEL); 1641 if (!opts) 1642 return ERR_PTR(-ENOMEM); 1643 opts->ncm_os_desc.ext_compat_id = opts->ncm_ext_compat_id; 1644 1645 mutex_init(&opts->lock); 1646 opts->func_inst.free_func_inst = ncm_free_inst; 1647 opts->net = gether_setup_default(); 1648 if (IS_ERR(opts->net)) { 1649 struct net_device *net = opts->net; 1650 kfree(opts); 1651 return ERR_CAST(net); 1652 } 1653 INIT_LIST_HEAD(&opts->ncm_os_desc.ext_prop); 1654 1655 descs[0] = &opts->ncm_os_desc; 1656 names[0] = "ncm"; 1657 1658 config_group_init_type_name(&opts->func_inst.group, "", &ncm_func_type); 1659 ncm_interf_group = 1660 usb_os_desc_prepare_interf_dir(&opts->func_inst.group, 1, descs, 1661 names, THIS_MODULE); 1662 if (IS_ERR(ncm_interf_group)) { 1663 ncm_free_inst(&opts->func_inst); 1664 return ERR_CAST(ncm_interf_group); 1665 } 1666 opts->ncm_interf_group = ncm_interf_group; 1667 1668 return &opts->func_inst; 1669} 1670 1671static void ncm_free(struct usb_function *f) 1672{ 1673 struct f_ncm *ncm; 1674 struct f_ncm_opts *opts; 1675 1676 ncm = func_to_ncm(f); 1677 opts = container_of(f->fi, struct f_ncm_opts, func_inst); 1678 kfree(ncm); 1679 mutex_lock(&opts->lock); 1680 opts->refcnt--; 1681 mutex_unlock(&opts->lock); 1682} 1683 1684static void ncm_unbind(struct usb_configuration *c, struct usb_function *f) 1685{ 1686 struct f_ncm *ncm = func_to_ncm(f); 1687 1688 DBG(c->cdev, "ncm unbind\n"); 1689 1690 hrtimer_cancel(&ncm->task_timer); 1691 1692 kfree(f->os_desc_table); 1693 f->os_desc_n = 0; 1694 1695 ncm_string_defs[0].id = 0; 1696 usb_free_all_descriptors(f); 1697 1698 if (atomic_read(&ncm->notify_count)) { 1699 usb_ep_dequeue(ncm->notify, ncm->notify_req); 1700 atomic_set(&ncm->notify_count, 0); 1701 } 1702 1703 kfree(ncm->notify_req->buf); 1704 usb_ep_free_request(ncm->notify, ncm->notify_req); 1705} 1706 1707static struct usb_function *ncm_alloc(struct usb_function_instance *fi) 1708{ 1709 struct f_ncm *ncm; 1710 struct f_ncm_opts *opts; 1711 int status; 1712 1713 /* allocate and initialize one new instance */ 1714 ncm = kzalloc(sizeof(*ncm), GFP_KERNEL); 1715 if (!ncm) 1716 return ERR_PTR(-ENOMEM); 1717 1718 opts = container_of(fi, struct f_ncm_opts, func_inst); 1719 mutex_lock(&opts->lock); 1720 opts->refcnt++; 1721 1722 /* export host's Ethernet address in CDC format */ 1723 status = gether_get_host_addr_cdc(opts->net, ncm->ethaddr, 1724 sizeof(ncm->ethaddr)); 1725 if (status < 12) { /* strlen("01234567890a") */ 1726 kfree(ncm); 1727 mutex_unlock(&opts->lock); 1728 return ERR_PTR(-EINVAL); 1729 } 1730 ncm_string_defs[STRING_MAC_IDX].s = ncm->ethaddr; 1731 1732 spin_lock_init(&ncm->lock); 1733 ncm_reset_values(ncm); 1734 ncm->port.ioport = netdev_priv(opts->net); 1735 mutex_unlock(&opts->lock); 1736 ncm->port.is_fixed = true; 1737 ncm->port.supports_multi_frame = true; 1738 1739 ncm->port.func.name = "cdc_network"; 1740 /* descriptors are per-instance copies */ 1741 ncm->port.func.bind = ncm_bind; 1742 ncm->port.func.unbind = ncm_unbind; 1743 ncm->port.func.set_alt = ncm_set_alt; 1744 ncm->port.func.get_alt = ncm_get_alt; 1745 ncm->port.func.setup = ncm_setup; 1746 ncm->port.func.disable = ncm_disable; 1747 ncm->port.func.free_func = ncm_free; 1748 1749 ncm->port.wrap = ncm_wrap_ntb; 1750 ncm->port.unwrap = ncm_unwrap_ntb; 1751 1752 return &ncm->port.func; 1753} 1754 1755DECLARE_USB_FUNCTION_INIT(ncm, ncm_alloc_inst, ncm_alloc); 1756MODULE_LICENSE("GPL"); 1757MODULE_AUTHOR("Yauheni Kaliuta"); 1758