projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ns83820: Avoid bad pointer deref in ns83820_init_one().
[linux-2.6-block.git] / drivers / net / usb / cdc_ncm.c
CommitLineData
900d495a
AO		 1/*
2 * cdc_ncm.c
3 *
4 * Copyright (C) ST-Ericsson 2010
5 * Contact: Alexey Orishko <alexey.orishko@stericsson.com>
6 * Original author: Hans Petter Selasky <hans.petter.selasky@stericsson.com>
7 *
8 * USB Host Driver for Network Control Model (NCM)
9 * http://www.usb.org/developers/devclass_docs/NCM10.zip
10 *
11 * The NCM encoding, decoding and initialization logic
12 * derives from FreeBSD 8.x. if_cdce.c and if_cdcereg.h
13 *
14 * This software is available to you under a choice of one of two
15 * licenses. You may choose this file to be licensed under the terms
16 * of the GNU General Public License (GPL) Version 2 or the 2-clause
17 * BSD license listed below:
18 *
19 * Redistribution and use in source and binary forms, with or without
20 * modification, are permitted provided that the following conditions
21 * are met:
22 * 1. Redistributions of source code must retain the above copyright
23 * notice, this list of conditions and the following disclaimer.
24 * 2. Redistributions in binary form must reproduce the above copyright
25 * notice, this list of conditions and the following disclaimer in the
26 * documentation and/or other materials provided with the distribution.
27 *
28 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
29 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
30 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
31 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
32 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
33 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
34 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
35 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
36 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
37 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 * SUCH DAMAGE.
39 */
40
41#include <linux/module.h>
42#include <linux/init.h>
43#include <linux/netdevice.h>
44#include <linux/ctype.h>
45#include <linux/ethtool.h>
46#include <linux/workqueue.h>
47#include <linux/mii.h>
48#include <linux/crc32.h>
49#include <linux/usb.h>
50#include <linux/version.h>
51#include <linux/timer.h>
52#include <linux/spinlock.h>
53#include <linux/atomic.h>
54#include <linux/usb/usbnet.h>
55#include <linux/usb/cdc.h>
56
57#define DRIVER_VERSION "30-Nov-2010"
58
59/* CDC NCM subclass 3.2.1 */
60#define USB_CDC_NCM_NDP16_LENGTH_MIN 0x10
61
62/* Maximum NTB length */
63#define CDC_NCM_NTB_MAX_SIZE_TX 16384 /* bytes */
64#define CDC_NCM_NTB_MAX_SIZE_RX 16384 /* bytes */
65
66/* Minimum value for MaxDatagramSize, ch. 6.2.9 */
67#define CDC_NCM_MIN_DATAGRAM_SIZE 1514 /* bytes */
68
69#define CDC_NCM_MIN_TX_PKT 512 /* bytes */
70
71/* Default value for MaxDatagramSize */
72#define CDC_NCM_MAX_DATAGRAM_SIZE 2048 /* bytes */
73
74/*
75 * Maximum amount of datagrams in NCM Datagram Pointer Table, not counting
76 * the last NULL entry. Any additional datagrams in NTB would be discarded.
77 */
78#define CDC_NCM_DPT_DATAGRAMS_MAX 32
79
80/* Restart the timer, if amount of datagrams is less than given value */
81#define CDC_NCM_RESTART_TIMER_DATAGRAM_CNT 3
82
83/* The following macro defines the minimum header space */
84#define CDC_NCM_MIN_HDR_SIZE \
85 (sizeof(struct usb_cdc_ncm_nth16) + sizeof(struct usb_cdc_ncm_ndp16) + \
86 (CDC_NCM_DPT_DATAGRAMS_MAX + 1) * sizeof(struct usb_cdc_ncm_dpe16))
87
88struct connection_speed_change {
89 __le32 USBitRate; /* holds 3GPP downlink value, bits per second */
90 __le32 DSBitRate; /* holds 3GPP uplink value, bits per second */
91} __attribute__ ((packed));
92
93struct cdc_ncm_data {
94 struct usb_cdc_ncm_nth16 nth16;
95 struct usb_cdc_ncm_ndp16 ndp16;
96 struct usb_cdc_ncm_dpe16 dpe16[CDC_NCM_DPT_DATAGRAMS_MAX + 1];
97};
98
99struct cdc_ncm_ctx {
100 struct cdc_ncm_data rx_ncm;
101 struct cdc_ncm_data tx_ncm;
102 struct usb_cdc_ncm_ntb_parameters ncm_parm;
103 struct timer_list tx_timer;
104
105 const struct usb_cdc_ncm_desc *func_desc;
106 const struct usb_cdc_header_desc *header_desc;
107 const struct usb_cdc_union_desc *union_desc;
108 const struct usb_cdc_ether_desc *ether_desc;
109
110 struct net_device *netdev;
111 struct usb_device *udev;
112 struct usb_host_endpoint *in_ep;
113 struct usb_host_endpoint *out_ep;
114 struct usb_host_endpoint *status_ep;
115 struct usb_interface *intf;
116 struct usb_interface *control;
117 struct usb_interface *data;
118
119 struct sk_buff *tx_curr_skb;
120 struct sk_buff *tx_rem_skb;
121
122 spinlock_t mtx;
123
124 u32 tx_timer_pending;
125 u32 tx_curr_offset;
126 u32 tx_curr_last_offset;
127 u32 tx_curr_frame_num;
128 u32 rx_speed;
129 u32 tx_speed;
130 u32 rx_max;
131 u32 tx_max;
132 u32 max_datagram_size;
133 u16 tx_max_datagrams;
134 u16 tx_remainder;
135 u16 tx_modulus;
136 u16 tx_ndp_modulus;
137 u16 tx_seq;
138 u16 connected;
139 u8 data_claimed;
140 u8 control_claimed;
141};
142
143static void cdc_ncm_tx_timeout(unsigned long arg);
144static const struct driver_info cdc_ncm_info;
145static struct usb_driver cdc_ncm_driver;
146static struct ethtool_ops cdc_ncm_ethtool_ops;
147
148static const struct usb_device_id cdc_devs[] = {
149 { USB_INTERFACE_INFO(USB_CLASS_COMM,
150 USB_CDC_SUBCLASS_NCM, USB_CDC_PROTO_NONE),
151 .driver_info = (unsigned long)&cdc_ncm_info,
152 },
153 {
154 },
155};
156
157MODULE_DEVICE_TABLE(usb, cdc_devs);
158
159static void
160cdc_ncm_get_drvinfo(struct net_device *net, struct ethtool_drvinfo *info)
161{
162 struct usbnet *dev = netdev_priv(net);
163
164 strncpy(info->driver, dev->driver_name, sizeof(info->driver));
165 strncpy(info->version, DRIVER_VERSION, sizeof(info->version));
166 strncpy(info->fw_version, dev->driver_info->description,
167 sizeof(info->fw_version));
168 usb_make_path(dev->udev, info->bus_info, sizeof(info->bus_info));
169}
170
171static int
172cdc_ncm_do_request(struct cdc_ncm_ctx *ctx, struct usb_cdc_notification *req,
173 void *data, u16 flags, u16 *actlen, u16 timeout)
174{
175 int err;
176
177 err = usb_control_msg(ctx->udev, (req->bmRequestType & USB_DIR_IN) ?
178 usb_rcvctrlpipe(ctx->udev, 0) :
179 usb_sndctrlpipe(ctx->udev, 0),
180 req->bNotificationType, req->bmRequestType,
181 req->wValue,
182 req->wIndex, data,
183 req->wLength, timeout);
184
185 if (err < 0) {
186 if (actlen)
187 *actlen = 0;
188 return err;
189 }
190
191 if (actlen)
192 *actlen = err;
193
194 return 0;
195}
196
197static u8 cdc_ncm_setup(struct cdc_ncm_ctx *ctx)
198{
199 struct usb_cdc_notification req;
200 u32 val;
201 __le16 max_datagram_size;
202 u8 flags;
203 u8 iface_no;
204 int err;
205
206 iface_no = ctx->control->cur_altsetting->desc.bInterfaceNumber;
207
208 req.bmRequestType = USB_TYPE_CLASS | USB_DIR_IN | USB_RECIP_INTERFACE;
209 req.bNotificationType = USB_CDC_GET_NTB_PARAMETERS;
210 req.wValue = 0;
211 req.wIndex = cpu_to_le16(iface_no);
212 req.wLength = cpu_to_le16(sizeof(ctx->ncm_parm));
213
214 err = cdc_ncm_do_request(ctx, &req, &ctx->ncm_parm, 0, NULL, 1000);
215 if (err) {
216 pr_debug("failed GET_NTB_PARAMETERS\n");
217 return 1;
218 }
219
220 /* read correct set of parameters according to device mode */
221 ctx->rx_max = le32_to_cpu(ctx->ncm_parm.dwNtbInMaxSize);
222 ctx->tx_max = le32_to_cpu(ctx->ncm_parm.dwNtbOutMaxSize);
223 ctx->tx_remainder = le16_to_cpu(ctx->ncm_parm.wNdpOutPayloadRemainder);
224 ctx->tx_modulus = le16_to_cpu(ctx->ncm_parm.wNdpOutDivisor);
225 ctx->tx_ndp_modulus = le16_to_cpu(ctx->ncm_parm.wNdpOutAlignment);
226
227 if (ctx->func_desc != NULL)
228 flags = ctx->func_desc->bmNetworkCapabilities;
229 else
230 flags = 0;
231
232 pr_debug("dwNtbInMaxSize=%u dwNtbOutMaxSize=%u "
233 "wNdpOutPayloadRemainder=%u wNdpOutDivisor=%u "
234 "wNdpOutAlignment=%u flags=0x%x\n",
235 ctx->rx_max, ctx->tx_max, ctx->tx_remainder, ctx->tx_modulus,
236 ctx->tx_ndp_modulus, flags);
237
238 /* max count of tx datagrams without terminating NULL entry */
239 ctx->tx_max_datagrams = CDC_NCM_DPT_DATAGRAMS_MAX;
240
241 /* verify maximum size of received NTB in bytes */
242 if ((ctx->rx_max <
243 (CDC_NCM_MIN_HDR_SIZE + CDC_NCM_MIN_DATAGRAM_SIZE)) ||
244 (ctx->rx_max > CDC_NCM_NTB_MAX_SIZE_RX)) {
245 pr_debug("Using default maximum receive length=%d\n",
246 CDC_NCM_NTB_MAX_SIZE_RX);
247 ctx->rx_max = CDC_NCM_NTB_MAX_SIZE_RX;
248 }
249
250 /* verify maximum size of transmitted NTB in bytes */
251 if ((ctx->tx_max <
252 (CDC_NCM_MIN_HDR_SIZE + CDC_NCM_MIN_DATAGRAM_SIZE)) ||
253 (ctx->tx_max > CDC_NCM_NTB_MAX_SIZE_TX)) {
254 pr_debug("Using default maximum transmit length=%d\n",
255 CDC_NCM_NTB_MAX_SIZE_TX);
256 ctx->tx_max = CDC_NCM_NTB_MAX_SIZE_TX;
257 }
258
259 /*
260 * verify that the structure alignment is:
261 * - power of two
262 * - not greater than the maximum transmit length
263 * - not less than four bytes
264 */
265 val = ctx->tx_ndp_modulus;
266
267 if ((val < USB_CDC_NCM_NDP_ALIGN_MIN_SIZE) ||
268 (val != ((-val) & val)) || (val >= ctx->tx_max)) {
269 pr_debug("Using default alignment: 4 bytes\n");
270 ctx->tx_ndp_modulus = USB_CDC_NCM_NDP_ALIGN_MIN_SIZE;
271 }
272
273 /*
274 * verify that the payload alignment is:
275 * - power of two
276 * - not greater than the maximum transmit length
277 * - not less than four bytes
278 */
279 val = ctx->tx_modulus;
280
281 if ((val < USB_CDC_NCM_NDP_ALIGN_MIN_SIZE) ||
282 (val != ((-val) & val)) || (val >= ctx->tx_max)) {
283 pr_debug("Using default transmit modulus: 4 bytes\n");
284 ctx->tx_modulus = USB_CDC_NCM_NDP_ALIGN_MIN_SIZE;
285 }
286
287 /* verify the payload remainder */
288 if (ctx->tx_remainder >= ctx->tx_modulus) {
289 pr_debug("Using default transmit remainder: 0 bytes\n");
290 ctx->tx_remainder = 0;
291 }
292
293 /* adjust TX-remainder according to NCM specification. */
294 ctx->tx_remainder = ((ctx->tx_remainder - ETH_HLEN) &
295 (ctx->tx_modulus - 1));
296
297 /* additional configuration */
298
299 /* set CRC Mode */
300 req.bmRequestType = USB_TYPE_CLASS | USB_DIR_OUT | USB_RECIP_INTERFACE;
301 req.bNotificationType = USB_CDC_SET_CRC_MODE;
302 req.wValue = cpu_to_le16(USB_CDC_NCM_CRC_NOT_APPENDED);
303 req.wIndex = cpu_to_le16(iface_no);
304 req.wLength = 0;
305
306 err = cdc_ncm_do_request(ctx, &req, NULL, 0, NULL, 1000);
307 if (err)
308 pr_debug("Setting CRC mode off failed\n");
309
310 /* set NTB format */
311 req.bmRequestType = USB_TYPE_CLASS | USB_DIR_OUT | USB_RECIP_INTERFACE;
312 req.bNotificationType = USB_CDC_SET_NTB_FORMAT;
313 req.wValue = cpu_to_le16(USB_CDC_NCM_NTB16_FORMAT);
314 req.wIndex = cpu_to_le16(iface_no);
315 req.wLength = 0;
316
317 err = cdc_ncm_do_request(ctx, &req, NULL, 0, NULL, 1000);
318 if (err)
319 pr_debug("Setting NTB format to 16-bit failed\n");
320
321 /* set Max Datagram Size (MTU) */
322 req.bmRequestType = USB_TYPE_CLASS | USB_DIR_IN | USB_RECIP_INTERFACE;
323 req.bNotificationType = USB_CDC_GET_MAX_DATAGRAM_SIZE;
324 req.wValue = 0;
325 req.wIndex = cpu_to_le16(iface_no);
326 req.wLength = cpu_to_le16(2);
327
328 err = cdc_ncm_do_request(ctx, &req, &max_datagram_size, 0, NULL, 1000);
329 if (err) {
330 pr_debug(" GET_MAX_DATAGRAM_SIZE failed, using size=%u\n",
331 CDC_NCM_MIN_DATAGRAM_SIZE);
332 /* use default */
333 ctx->max_datagram_size = CDC_NCM_MIN_DATAGRAM_SIZE;
334 } else {
335 ctx->max_datagram_size = le16_to_cpu(max_datagram_size);
336
337 if (ctx->max_datagram_size < CDC_NCM_MIN_DATAGRAM_SIZE)
338 ctx->max_datagram_size = CDC_NCM_MIN_DATAGRAM_SIZE;
339 else if (ctx->max_datagram_size > CDC_NCM_MAX_DATAGRAM_SIZE)
340 ctx->max_datagram_size = CDC_NCM_MAX_DATAGRAM_SIZE;
341 }
342
343 if (ctx->netdev->mtu != (ctx->max_datagram_size - ETH_HLEN))
344 ctx->netdev->mtu = ctx->max_datagram_size - ETH_HLEN;
345
346 return 0;
347}
348
349static void
350cdc_ncm_find_endpoints(struct cdc_ncm_ctx *ctx, struct usb_interface *intf)
351{
352 struct usb_host_endpoint *e;
353 u8 ep;
354
355 for (ep = 0; ep < intf->cur_altsetting->desc.bNumEndpoints; ep++) {
356
357 e = intf->cur_altsetting->endpoint + ep;
358 switch (e->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) {
359 case USB_ENDPOINT_XFER_INT:
360 if (usb_endpoint_dir_in(&e->desc)) {
361 if (ctx->status_ep == NULL)
362 ctx->status_ep = e;
363 }
364 break;
365
366 case USB_ENDPOINT_XFER_BULK:
367 if (usb_endpoint_dir_in(&e->desc)) {
368 if (ctx->in_ep == NULL)
369 ctx->in_ep = e;
370 } else {
371 if (ctx->out_ep == NULL)
372 ctx->out_ep = e;
373 }
374 break;
375
376 default:
377 break;
378 }
379 }
380}
381
382static void cdc_ncm_free(struct cdc_ncm_ctx *ctx)
383{
384 if (ctx == NULL)
385 return;
386
387 del_timer_sync(&ctx->tx_timer);
388
389 if (ctx->data_claimed) {
390 usb_set_intfdata(ctx->data, NULL);
391 usb_driver_release_interface(driver_of(ctx->intf), ctx->data);
392 }
393
394 if (ctx->control_claimed) {
395 usb_set_intfdata(ctx->control, NULL);
396 usb_driver_release_interface(driver_of(ctx->intf),
397 ctx->control);
398 }
399
400 if (ctx->tx_rem_skb != NULL) {
401 dev_kfree_skb_any(ctx->tx_rem_skb);
402 ctx->tx_rem_skb = NULL;
403 }
404
405 if (ctx->tx_curr_skb != NULL) {
406 dev_kfree_skb_any(ctx->tx_curr_skb);
407 ctx->tx_curr_skb = NULL;
408 }
409
410 kfree(ctx);
411}
412
413static int cdc_ncm_bind(struct usbnet *dev, struct usb_interface *intf)
414{
415 struct cdc_ncm_ctx *ctx;
416 struct usb_driver *driver;
417 u8 *buf;
418 int len;
419 int temp;
420 u8 iface_no;
421
422 ctx = kmalloc(sizeof(*ctx), GFP_KERNEL);
423 if (ctx == NULL)
424 goto error;
425
426 memset(ctx, 0, sizeof(*ctx));
427
428 init_timer(&ctx->tx_timer);
429 spin_lock_init(&ctx->mtx);
430 ctx->netdev = dev->net;
431
432 /* store ctx pointer in device data field */
433 dev->data[0] = (unsigned long)ctx;
434
435 /* get some pointers */
436 driver = driver_of(intf);
437 buf = intf->cur_altsetting->extra;
438 len = intf->cur_altsetting->extralen;
439
440 ctx->udev = dev->udev;
441 ctx->intf = intf;
442
443 /* parse through descriptors associated with control interface */
444 while ((len > 0) && (buf[0] > 2) && (buf[0] <= len)) {
445
446 if (buf[1] != USB_DT_CS_INTERFACE)
447 goto advance;
448
449 switch (buf[2]) {
450 case USB_CDC_UNION_TYPE:
451 if (buf[0] < sizeof(*(ctx->union_desc)))
452 break;
453
454 ctx->union_desc =
455 (const struct usb_cdc_union_desc *)buf;
456
457 ctx->control = usb_ifnum_to_if(dev->udev,
458 ctx->union_desc->bMasterInterface0);
459 ctx->data = usb_ifnum_to_if(dev->udev,
460 ctx->union_desc->bSlaveInterface0);
461 break;
462
463 case USB_CDC_ETHERNET_TYPE:
464 if (buf[0] < sizeof(*(ctx->ether_desc)))
465 break;
466
467 ctx->ether_desc =
468 (const struct usb_cdc_ether_desc *)buf;
469
470 dev->hard_mtu =
471 le16_to_cpu(ctx->ether_desc->wMaxSegmentSize);
472
473 if (dev->hard_mtu <
474 (CDC_NCM_MIN_DATAGRAM_SIZE - ETH_HLEN))
475 dev->hard_mtu =
476 CDC_NCM_MIN_DATAGRAM_SIZE - ETH_HLEN;
477
478 else if (dev->hard_mtu >
479 (CDC_NCM_MAX_DATAGRAM_SIZE - ETH_HLEN))
480 dev->hard_mtu =
481 CDC_NCM_MAX_DATAGRAM_SIZE - ETH_HLEN;
482 break;
483
484 case USB_CDC_NCM_TYPE:
485 if (buf[0] < sizeof(*(ctx->func_desc)))
486 break;
487
488 ctx->func_desc = (const struct usb_cdc_ncm_desc *)buf;
489 break;
490
491 default:
492 break;
493 }
494advance:
495 /* advance to next descriptor */
496 temp = buf[0];
497 buf += temp;
498 len -= temp;
499 }
500
501 /* check if we got everything */
502 if ((ctx->control == NULL) || (ctx->data == NULL) ||
503 (ctx->ether_desc == NULL))
504 goto error;
505
506 /* claim interfaces, if any */
507 if (ctx->data != intf) {
508 temp = usb_driver_claim_interface(driver, ctx->data, dev);
509 if (temp)
510 goto error;
511 ctx->data_claimed = 1;
512 }
513
514 if (ctx->control != intf) {
515 temp = usb_driver_claim_interface(driver, ctx->control, dev);
516 if (temp)
517 goto error;
518 ctx->control_claimed = 1;
519 }
520
521 iface_no = ctx->data->cur_altsetting->desc.bInterfaceNumber;
522
523 /* reset data interface */
524 temp = usb_set_interface(dev->udev, iface_no, 0);
525 if (temp)
526 goto error;
527
528 /* initialize data interface */
529 if (cdc_ncm_setup(ctx))
530 goto error;
531
532 /* configure data interface */
533 temp = usb_set_interface(dev->udev, iface_no, 1);
534 if (temp)
535 goto error;
536
537 cdc_ncm_find_endpoints(ctx, ctx->data);
538 cdc_ncm_find_endpoints(ctx, ctx->control);
539
540 if ((ctx->in_ep == NULL) || (ctx->out_ep == NULL) ||
541 (ctx->status_ep == NULL))
542 goto error;
543
544 dev->net->ethtool_ops = &cdc_ncm_ethtool_ops;
545
546 usb_set_intfdata(ctx->data, dev);
547 usb_set_intfdata(ctx->control, dev);
548 usb_set_intfdata(ctx->intf, dev);
549
550 temp = usbnet_get_ethernet_addr(dev, ctx->ether_desc->iMACAddress);
551 if (temp)
552 goto error;
553
554 dev_info(&dev->udev->dev, "MAC-Address: "
555 "0x%02x:0x%02x:0x%02x:0x%02x:0x%02x:0x%02x\n",
556 dev->net->dev_addr[0], dev->net->dev_addr[1],
557 dev->net->dev_addr[2], dev->net->dev_addr[3],
558 dev->net->dev_addr[4], dev->net->dev_addr[5]);
559
560 dev->in = usb_rcvbulkpipe(dev->udev,
561 ctx->in_ep->desc.bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
562 dev->out = usb_sndbulkpipe(dev->udev,
563 ctx->out_ep->desc.bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
564 dev->status = ctx->status_ep;
565 dev->rx_urb_size = ctx->rx_max;
566
567 /*
568 * We should get an event when network connection is "connected" or
569 * "disconnected". Set network connection in "disconnected" state
570 * (carrier is OFF) during attach, so the IP network stack does not
571 * start IPv6 negotiation and more.
572 */
573 netif_carrier_off(dev->net);
574 ctx->tx_speed = ctx->rx_speed = 0;
575 return 0;
576
577error:
578 cdc_ncm_free((struct cdc_ncm_ctx *)dev->data[0]);
579 dev->data[0] = 0;
580 dev_info(&dev->udev->dev, "Descriptor failure\n");
581 return -ENODEV;
582}
583
584static void cdc_ncm_unbind(struct usbnet *dev, struct usb_interface *intf)
585{
586 struct cdc_ncm_ctx *ctx = (struct cdc_ncm_ctx *)dev->data[0];
587 struct usb_driver *driver;
588
589 if (ctx == NULL)
590 return; /* no setup */
591
592 driver = driver_of(intf);
593
594 usb_set_intfdata(ctx->data, NULL);
595 usb_set_intfdata(ctx->control, NULL);
596 usb_set_intfdata(ctx->intf, NULL);
597
598 /* release interfaces, if any */
599 if (ctx->data_claimed) {
600 usb_driver_release_interface(driver, ctx->data);
601 ctx->data_claimed = 0;
602 }
603
604 if (ctx->control_claimed) {
605 usb_driver_release_interface(driver, ctx->control);
606 ctx->control_claimed = 0;
607 }
608
609 cdc_ncm_free(ctx);
610}
611
612static void cdc_ncm_zero_fill(u8 *ptr, u32 first, u32 end, u32 max)
613{
614 if (first >= max)
615 return;
616 if (first >= end)
617 return;
618 if (end > max)
619 end = max;
620 memset(ptr + first, 0, end - first);
621}
622
623static struct sk_buff *
624cdc_ncm_fill_tx_frame(struct cdc_ncm_ctx *ctx, struct sk_buff *skb)
625{
626 struct sk_buff *skb_out;
627 u32 rem;
628 u32 offset;
629 u32 last_offset;
630 u16 n = 0;
631 u8 timeout = 0;
632
633 /* if there is a remaining skb, it gets priority */
634 if (skb != NULL)
635 swap(skb, ctx->tx_rem_skb);
636 else
637 timeout = 1;
638
639 /*
640 * +----------------+
641 * | skb_out |
642 * +----------------+
643 * ^ offset
644 * ^ last_offset
645 */
646
647 /* check if we are resuming an OUT skb */
648 if (ctx->tx_curr_skb != NULL) {
649 /* pop variables */
650 skb_out = ctx->tx_curr_skb;
651 offset = ctx->tx_curr_offset;
652 last_offset = ctx->tx_curr_last_offset;
653 n = ctx->tx_curr_frame_num;
654
655 } else {
656 /* reset variables */
657 skb_out = alloc_skb(ctx->tx_max, GFP_ATOMIC);
658 if (skb_out == NULL) {
659 if (skb != NULL) {
660 dev_kfree_skb_any(skb);
661 ctx->netdev->stats.tx_dropped++;
662 }
663 goto exit_no_skb;
664 }
665
666 /* make room for NTH and NDP */
667 offset = ALIGN(sizeof(struct usb_cdc_ncm_nth16),
668 ctx->tx_ndp_modulus) +
669 sizeof(struct usb_cdc_ncm_ndp16) +
670 (ctx->tx_max_datagrams + 1) *
671 sizeof(struct usb_cdc_ncm_dpe16);
672
673 /* store last valid offset before alignment */
674 last_offset = offset;
675 /* align first Datagram offset correctly */
676 offset = ALIGN(offset, ctx->tx_modulus) + ctx->tx_remainder;
677 /* zero buffer till the first IP datagram */
678 cdc_ncm_zero_fill(skb_out->data, 0, offset, offset);
679 n = 0;
680 ctx->tx_curr_frame_num = 0;
681 }
682
683 for (; n < ctx->tx_max_datagrams; n++) {
684 /* check if end of transmit buffer is reached */
685 if (offset >= ctx->tx_max)
686 break;
687
688 /* compute maximum buffer size */
689 rem = ctx->tx_max - offset;
690
691 if (skb == NULL) {
692 skb = ctx->tx_rem_skb;
693 ctx->tx_rem_skb = NULL;
694
695 /* check for end of skb */
696 if (skb == NULL)
697 break;
698 }
699
700 if (skb->len > rem) {
701 if (n == 0) {
702 /* won't fit, MTU problem? */
703 dev_kfree_skb_any(skb);
704 skb = NULL;
705 ctx->netdev->stats.tx_dropped++;
706 } else {
707 /* no room for skb - store for later */
708 if (ctx->tx_rem_skb != NULL) {
709 dev_kfree_skb_any(ctx->tx_rem_skb);
710 ctx->netdev->stats.tx_dropped++;
711 }
712 ctx->tx_rem_skb = skb;
713 skb = NULL;
714
715 /* loop one more time */
716 timeout = 1;
717 }
718 break;
719 }
720
721 memcpy(((u8 *)skb_out->data) + offset, skb->data, skb->len);
722
723 ctx->tx_ncm.dpe16[n].wDatagramLength = cpu_to_le16(skb->len);
724 ctx->tx_ncm.dpe16[n].wDatagramIndex = cpu_to_le16(offset);
725
726 /* update offset */
727 offset += skb->len;
728
729 /* store last valid offset before alignment */
730 last_offset = offset;
731
732 /* align offset correctly */
733 offset = ALIGN(offset, ctx->tx_modulus) + ctx->tx_remainder;
734
735 /* zero padding */
736 cdc_ncm_zero_fill(skb_out->data, last_offset, offset,
737 ctx->tx_max);
738 dev_kfree_skb_any(skb);
739 skb = NULL;
740 }
741
742 /* free up any dangling skb */
743 if (skb != NULL) {
744 dev_kfree_skb_any(skb);
745 skb = NULL;
746 ctx->netdev->stats.tx_dropped++;
747 }
748
749 ctx->tx_curr_frame_num = n;
750
751 if (n == 0) {
752 /* wait for more frames */
753 /* push variables */
754 ctx->tx_curr_skb = skb_out;
755 ctx->tx_curr_offset = offset;
756 ctx->tx_curr_last_offset = last_offset;
757 goto exit_no_skb;
758
759 } else if ((n < ctx->tx_max_datagrams) && (timeout == 0)) {
760 /* wait for more frames */
761 /* push variables */
762 ctx->tx_curr_skb = skb_out;
763 ctx->tx_curr_offset = offset;
764 ctx->tx_curr_last_offset = last_offset;
765 /* set the pending count */
766 if (n < CDC_NCM_RESTART_TIMER_DATAGRAM_CNT)
767 ctx->tx_timer_pending = 2;
768 goto exit_no_skb;
769
770 } else {
771 /* frame goes out */
772 /* variables will be reset at next call */
773 }
774
775 /* check for overflow */
776 if (last_offset > ctx->tx_max)
777 last_offset = ctx->tx_max;
778
779 /* revert offset */
780 offset = last_offset;
781
782 /*
783 * If collected data size is less or equal CDC_NCM_MIN_TX_PKT bytes,
784 * we send buffers as it is. If we get more data, it would be more
785 * efficient for USB HS mobile device with DMA engine to receive a full
786 * size NTB, than canceling DMA transfer and receiving a short packet.
787 */
788 if (offset > CDC_NCM_MIN_TX_PKT)
789 offset = ctx->tx_max;
790
791 /* final zero padding */
792 cdc_ncm_zero_fill(skb_out->data, last_offset, offset, ctx->tx_max);
793
794 /* store last offset */
795 last_offset = offset;
796
797 if ((last_offset < ctx->tx_max) && ((last_offset %
798 le16_to_cpu(ctx->out_ep->desc.wMaxPacketSize)) == 0)) {
799 /* force short packet */
800 *(((u8 *)skb_out->data) + last_offset) = 0;
801 last_offset++;
802 }
803
804 /* zero the rest of the DPEs plus the last NULL entry */
805 for (; n <= CDC_NCM_DPT_DATAGRAMS_MAX; n++) {
806 ctx->tx_ncm.dpe16[n].wDatagramLength = 0;
807 ctx->tx_ncm.dpe16[n].wDatagramIndex = 0;
808 }
809
810 /* fill out 16-bit NTB header */
811 ctx->tx_ncm.nth16.dwSignature = cpu_to_le32(USB_CDC_NCM_NTH16_SIGN);
812 ctx->tx_ncm.nth16.wHeaderLength =
813 cpu_to_le16(sizeof(ctx->tx_ncm.nth16));
814 ctx->tx_ncm.nth16.wSequence = cpu_to_le16(ctx->tx_seq);
815 ctx->tx_ncm.nth16.wBlockLength = cpu_to_le16(last_offset);
816 ctx->tx_ncm.nth16.wFpIndex = ALIGN(sizeof(struct usb_cdc_ncm_nth16),
817 ctx->tx_ndp_modulus);
818
819 memcpy(skb_out->data, &(ctx->tx_ncm.nth16), sizeof(ctx->tx_ncm.nth16));
820 ctx->tx_seq++;
821
822 /* fill out 16-bit NDP table */
823 ctx->tx_ncm.ndp16.dwSignature =
824 cpu_to_le32(USB_CDC_NCM_NDP16_NOCRC_SIGN);
825 rem = sizeof(ctx->tx_ncm.ndp16) + ((ctx->tx_curr_frame_num + 1) *
826 sizeof(struct usb_cdc_ncm_dpe16));
827 ctx->tx_ncm.ndp16.wLength = cpu_to_le16(rem);
828 ctx->tx_ncm.ndp16.wNextFpIndex = 0; /* reserved */
829
830 memcpy(((u8 *)skb_out->data) + ctx->tx_ncm.nth16.wFpIndex,
831 &(ctx->tx_ncm.ndp16),
832 sizeof(ctx->tx_ncm.ndp16));
833
834 memcpy(((u8 *)skb_out->data) + ctx->tx_ncm.nth16.wFpIndex +
835 sizeof(ctx->tx_ncm.ndp16),
836 &(ctx->tx_ncm.dpe16),
837 (ctx->tx_curr_frame_num + 1) *
838 sizeof(struct usb_cdc_ncm_dpe16));
839
840 /* set frame length */
841 skb_put(skb_out, last_offset);
842
843 /* return skb */
844 ctx->tx_curr_skb = NULL;
845 return skb_out;
846
847exit_no_skb:
848 return NULL;
849}
850
851static void cdc_ncm_tx_timeout_start(struct cdc_ncm_ctx *ctx)
852{
853 /* start timer, if not already started */
854 if (timer_pending(&ctx->tx_timer) == 0) {
855 ctx->tx_timer.function = &cdc_ncm_tx_timeout;
856 ctx->tx_timer.data = (unsigned long)ctx;
857 ctx->tx_timer.expires = jiffies + ((HZ + 999) / 1000);
858 add_timer(&ctx->tx_timer);
859 }
860}
861
862static void cdc_ncm_tx_timeout(unsigned long arg)
863{
864 struct cdc_ncm_ctx *ctx = (struct cdc_ncm_ctx *)arg;
865 u8 restart;
866
867 spin_lock(&ctx->mtx);
868 if (ctx->tx_timer_pending != 0) {
869 ctx->tx_timer_pending--;
870 restart = 1;
871 } else
872 restart = 0;
873
874 spin_unlock(&ctx->mtx);
875
876 if (restart)
877 cdc_ncm_tx_timeout_start(ctx);
878 else if (ctx->netdev != NULL)
879 usbnet_start_xmit(NULL, ctx->netdev);
880}
881
882static struct sk_buff *
883cdc_ncm_tx_fixup(struct usbnet *dev, struct sk_buff *skb, gfp_t flags)
884{
885 struct sk_buff *skb_out;
886 struct cdc_ncm_ctx *ctx = (struct cdc_ncm_ctx *)dev->data[0];
887 u8 need_timer = 0;
888
889 /*
890 * The Ethernet API we are using does not support transmitting
891 * multiple Ethernet frames in a single call. This driver will
892 * accumulate multiple Ethernet frames and send out a larger
893 * USB frame when the USB buffer is full or when a single jiffies
894 * timeout happens.
895 */
896 if (ctx == NULL)
897 goto error;
898
899 spin_lock(&ctx->mtx);
900 skb_out = cdc_ncm_fill_tx_frame(ctx, skb);
901 if (ctx->tx_curr_skb != NULL)
902 need_timer = 1;
903 spin_unlock(&ctx->mtx);
904
905 /* Start timer, if there is a remaining skb */
906 if (need_timer)
907 cdc_ncm_tx_timeout_start(ctx);
908
909 if (skb_out)
910 dev->net->stats.tx_packets += ctx->tx_curr_frame_num;
911 return skb_out;
912
913error:
914 if (skb != NULL)
915 dev_kfree_skb_any(skb);
916
917 return NULL;
918}
919
920static int cdc_ncm_rx_fixup(struct usbnet *dev, struct sk_buff *skb_in)
921{
922 struct sk_buff *skb;
923 struct cdc_ncm_ctx *ctx;
924 int sumlen;
925 int actlen;
926 int temp;
927 int nframes;
928 int x;
929 int offset;
930
931 ctx = (struct cdc_ncm_ctx *)dev->data[0];
932 if (ctx == NULL)
933 goto error;
934
935 actlen = skb_in->len;
936 sumlen = CDC_NCM_NTB_MAX_SIZE_RX;
937
938 if (actlen < (sizeof(ctx->rx_ncm.nth16) + sizeof(ctx->rx_ncm.ndp16))) {
939 pr_debug("frame too short\n");
940 goto error;
941 }
942
943 memcpy(&(ctx->rx_ncm.nth16), ((u8 *)skb_in->data),
944 sizeof(ctx->rx_ncm.nth16));
945
946 if (le32_to_cpu(ctx->rx_ncm.nth16.dwSignature) !=
947 USB_CDC_NCM_NTH16_SIGN) {
948 pr_debug("invalid NTH16 signature <%u>\n",
949 le32_to_cpu(ctx->rx_ncm.nth16.dwSignature));
950 goto error;
951 }
952
953 temp = le16_to_cpu(ctx->rx_ncm.nth16.wBlockLength);
954 if (temp > sumlen) {
955 pr_debug("unsupported NTB block length %u/%u\n", temp, sumlen);
956 goto error;
957 }
958
959 temp = le16_to_cpu(ctx->rx_ncm.nth16.wFpIndex);
960 if ((temp + sizeof(ctx->rx_ncm.ndp16)) > actlen) {
961 pr_debug("invalid DPT16 index\n");
962 goto error;
963 }
964
965 memcpy(&(ctx->rx_ncm.ndp16), ((u8 *)skb_in->data) + temp,
966 sizeof(ctx->rx_ncm.ndp16));
967
968 if (le32_to_cpu(ctx->rx_ncm.ndp16.dwSignature) !=
969 USB_CDC_NCM_NDP16_NOCRC_SIGN) {
970 pr_debug("invalid DPT16 signature <%u>\n",
971 le32_to_cpu(ctx->rx_ncm.ndp16.dwSignature));
972 goto error;
973 }
974
975 if (le16_to_cpu(ctx->rx_ncm.ndp16.wLength) <
976 USB_CDC_NCM_NDP16_LENGTH_MIN) {
977 pr_debug("invalid DPT16 length <%u>\n",
978 le32_to_cpu(ctx->rx_ncm.ndp16.dwSignature));
979 goto error;
980 }
981
982 nframes = ((le16_to_cpu(ctx->rx_ncm.ndp16.wLength) -
983 sizeof(struct usb_cdc_ncm_ndp16)) /
984 sizeof(struct usb_cdc_ncm_dpe16));
985 nframes--; /* we process NDP entries except for the last one */
986
987 pr_debug("nframes = %u\n", nframes);
988
989 temp += sizeof(ctx->rx_ncm.ndp16);
990
991 if ((temp + nframes * (sizeof(struct usb_cdc_ncm_dpe16))) > actlen) {
992 pr_debug("Invalid nframes = %d\n", nframes);
993 goto error;
994 }
995
996 if (nframes > CDC_NCM_DPT_DATAGRAMS_MAX) {
997 pr_debug("Truncating number of frames from %u to %u\n",
998 nframes, CDC_NCM_DPT_DATAGRAMS_MAX);
999 nframes = CDC_NCM_DPT_DATAGRAMS_MAX;
1000 }
1001
1002 memcpy(&(ctx->rx_ncm.dpe16), ((u8 *)skb_in->data) + temp,
1003 nframes * (sizeof(struct usb_cdc_ncm_dpe16)));
1004
1005 for (x = 0; x < nframes; x++) {
1006 offset = le16_to_cpu(ctx->rx_ncm.dpe16[x].wDatagramIndex);
1007 temp = le16_to_cpu(ctx->rx_ncm.dpe16[x].wDatagramLength);
1008
1009 /*
1010 * CDC NCM ch. 3.7
1011 * All entries after first NULL entry are to be ignored
1012 */
1013 if ((offset == 0) || (temp == 0)) {
1014 if (!x)
1015 goto error; /* empty NTB */
1016 break;
1017 }
1018
1019 /* sanity checking */
1020 if (((offset + temp) > actlen) ||
1021 (temp > CDC_NCM_MAX_DATAGRAM_SIZE) || (temp < ETH_HLEN)) {
1022 pr_debug("invalid frame detected (ignored)"
1023 "offset[%u]=%u, length=%u, skb=%p\n",
9e56790a 1024 x, offset, temp, skb_in);
900d495a
AO		 1025 if (!x)
1026 goto error;
1027 break;
1028
1029 } else {
1030 skb = skb_clone(skb_in, GFP_ATOMIC);
9e56790a
JJ		 1031 if (!skb)
1032 goto error;
900d495a
AO		 1033 skb->len = temp;
1034 skb->data = ((u8 *)skb_in->data) + offset;
1035 skb_set_tail_pointer(skb, temp);
1036 usbnet_skb_return(dev, skb);
1037 }
1038 }
1039 return 1;
1040error:
1041 return 0;
1042}
1043
1044static void
1045cdc_ncm_speed_change(struct cdc_ncm_ctx *ctx,
1046 struct connection_speed_change *data)
1047{
1048 uint32_t rx_speed = le32_to_cpu(data->USBitRate);
1049 uint32_t tx_speed = le32_to_cpu(data->DSBitRate);
1050
1051 /*
1052 * Currently the USB-NET API does not support reporting the actual
1053 * device speed. Do print it instead.
1054 */
1055 if ((tx_speed != ctx->tx_speed) || (rx_speed != ctx->rx_speed)) {
1056 ctx->tx_speed = tx_speed;
1057 ctx->rx_speed = rx_speed;
1058
1059 if ((tx_speed > 1000000) && (rx_speed > 1000000)) {
1060 printk(KERN_INFO KBUILD_MODNAME
1061 ": %s: %u mbit/s downlink "
1062 "%u mbit/s uplink\n",
1063 ctx->netdev->name,
1064 (unsigned int)(rx_speed / 1000000U),
1065 (unsigned int)(tx_speed / 1000000U));
1066 } else {
1067 printk(KERN_INFO KBUILD_MODNAME
1068 ": %s: %u kbit/s downlink "
1069 "%u kbit/s uplink\n",
1070 ctx->netdev->name,
1071 (unsigned int)(rx_speed / 1000U),
1072 (unsigned int)(tx_speed / 1000U));
1073 }
1074 }
1075}
1076
1077static void cdc_ncm_status(struct usbnet *dev, struct urb *urb)
1078{
1079 struct cdc_ncm_ctx *ctx;
1080 struct usb_cdc_notification *event;
1081
1082 ctx = (struct cdc_ncm_ctx *)dev->data[0];
1083
1084 if (urb->actual_length < sizeof(*event))
1085 return;
1086
1087 /* test for split data in 8-byte chunks */
1088 if (test_and_clear_bit(EVENT_STS_SPLIT, &dev->flags)) {
1089 cdc_ncm_speed_change(ctx,
1090 (struct connection_speed_change *)urb->transfer_buffer);
1091 return;
1092 }
1093
1094 event = urb->transfer_buffer;
1095
1096 switch (event->bNotificationType) {
1097 case USB_CDC_NOTIFY_NETWORK_CONNECTION:
1098 /*
1099 * According to the CDC NCM specification ch.7.1
1100 * USB_CDC_NOTIFY_NETWORK_CONNECTION notification shall be
1101 * sent by device after USB_CDC_NOTIFY_SPEED_CHANGE.
1102 */
1103 ctx->connected = event->wValue;
1104
1105 printk(KERN_INFO KBUILD_MODNAME ": %s: network connection:"
1106 " %sconnected\n",
1107 ctx->netdev->name, ctx->connected ? "" : "dis");
1108
1109 if (ctx->connected)
1110 netif_carrier_on(dev->net);
1111 else {
1112 netif_carrier_off(dev->net);
1113 ctx->tx_speed = ctx->rx_speed = 0;
1114 }
1115 break;
1116
1117 case USB_CDC_NOTIFY_SPEED_CHANGE:
1118 if (urb->actual_length <
1119 (sizeof(*event) + sizeof(struct connection_speed_change)))
1120 set_bit(EVENT_STS_SPLIT, &dev->flags);
1121 else
1122 cdc_ncm_speed_change(ctx,
1123 (struct connection_speed_change *) &event[1]);
1124 break;
1125
1126 default:
1127 dev_err(&dev->udev->dev, "NCM: unexpected "
1128 "notification 0x%02x!\n", event->bNotificationType);
1129 break;
1130 }
1131}
1132
1133static int cdc_ncm_check_connect(struct usbnet *dev)
1134{
1135 struct cdc_ncm_ctx *ctx;
1136
1137 ctx = (struct cdc_ncm_ctx *)dev->data[0];
1138 if (ctx == NULL)
1139 return 1; /* disconnected */
1140
1141 return !ctx->connected;
1142}
1143
1144static int
1145cdc_ncm_probe(struct usb_interface *udev, const struct usb_device_id *prod)
1146{
1147 return usbnet_probe(udev, prod);
1148}
1149
1150static void cdc_ncm_disconnect(struct usb_interface *intf)
1151{
1152 struct usbnet *dev = usb_get_intfdata(intf);
1153
1154 if (dev == NULL)
1155 return; /* already disconnected */
1156
1157 usbnet_disconnect(intf);
1158}
1159
1160static int cdc_ncm_manage_power(struct usbnet *dev, int status)
1161{
1162 dev->intf->needs_remote_wakeup = status;
1163 return 0;
1164}
1165
1166static const struct driver_info cdc_ncm_info = {
1167 .description = "CDC NCM",
1168 .flags = FLAG_NO_SETINT | FLAG_MULTI_PACKET,
1169 .bind = cdc_ncm_bind,
1170 .unbind = cdc_ncm_unbind,
1171 .check_connect = cdc_ncm_check_connect,
1172 .manage_power = cdc_ncm_manage_power,
1173 .status = cdc_ncm_status,
1174 .rx_fixup = cdc_ncm_rx_fixup,
1175 .tx_fixup = cdc_ncm_tx_fixup,
1176};
1177
1178static struct usb_driver cdc_ncm_driver = {
1179 .name = "cdc_ncm",
1180 .id_table = cdc_devs,
1181 .probe = cdc_ncm_probe,
1182 .disconnect = cdc_ncm_disconnect,
1183 .suspend = usbnet_suspend,
1184 .resume = usbnet_resume,
1185 .supports_autosuspend = 1,
1186};
1187
1188static struct ethtool_ops cdc_ncm_ethtool_ops = {
1189 .get_drvinfo = cdc_ncm_get_drvinfo,
1190 .get_link = usbnet_get_link,
1191 .get_msglevel = usbnet_get_msglevel,
1192 .set_msglevel = usbnet_set_msglevel,
1193 .get_settings = usbnet_get_settings,
1194 .set_settings = usbnet_set_settings,
1195 .nway_reset = usbnet_nway_reset,
1196};
1197
1198static int __init cdc_ncm_init(void)
1199{
1200 printk(KERN_INFO KBUILD_MODNAME ": " DRIVER_VERSION "\n");
1201 return usb_register(&cdc_ncm_driver);
1202}
1203
1204module_init(cdc_ncm_init);
1205
1206static void __exit cdc_ncm_exit(void)
1207{
1208 usb_deregister(&cdc_ncm_driver);
1209}
1210
1211module_exit(cdc_ncm_exit);
1212
1213MODULE_AUTHOR("Hans Petter Selasky");
1214MODULE_DESCRIPTION("USB CDC NCM host driver");
1215MODULE_LICENSE("Dual BSD/GPL");
Linux 6.x block layer and io_uring tree(s)