]> bbs.cooldavid.org Git - net-next-2.6.git/blame - drivers/net/usb/rndis_host.c
git://bbs.cooldavid.org / net-next-2.6.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
rndis_host: Halt device if rndis_bind fails.
[net-next-2.6.git] / drivers / net / usb / rndis_host.c
CommitLineData
64e04910
DB		 1/*
2 * Host Side support for RNDIS Networking Links
3 * Copyright (C) 2005 by David Brownell
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 */
19
20// #define DEBUG // error path messages, extra info
21// #define VERBOSE // more; success messages
22
64e04910 23#include <linux/module.h>
64e04910
DB		 24#include <linux/init.h>
25#include <linux/netdevice.h>
26#include <linux/etherdevice.h>
27#include <linux/ethtool.h>
28#include <linux/workqueue.h>
29#include <linux/mii.h>
30#include <linux/usb.h>
a8c28f23 31#include <linux/usb/cdc.h>
64e04910
DB		 32
33#include "usbnet.h"
34
35
36/*
37 * RNDIS is NDIS remoted over USB. It's a MSFT variant of CDC ACM ... of
38 * course ACM was intended for modems, not Ethernet links! USB's standard
39 * for Ethernet links is "CDC Ethernet", which is significantly simpler.
51400f1d
DB		 40 *
41 * NOTE that Microsoft's "RNDIS 1.0" specification is incomplete. Issues
42 * include:
43 * - Power management in particular relies on information that's scattered
44 * through other documentation, and which is incomplete or incorrect even
45 * there.
46 * - There are various undocumented protocol requirements, such as the
47 * need to send unused garbage in control-OUT messages.
48 * - In some cases, MS-Windows will emit undocumented requests; this
49 * matters more to peripheral implementations than host ones.
50 *
ad55d71a
OAVR		 51 * Moreover there's a no-open-specs variant of RNDIS called "ActiveSync".
52 *
51400f1d
DB		 53 * For these reasons and others, ** USE OF RNDIS IS STRONGLY DISCOURAGED ** in
54 * favor of such non-proprietary alternatives as CDC Ethernet or the newer (and
55 * currently rare) "Ethernet Emulation Model" (EEM).
64e04910
DB		 56 */
57
58/*
59 * CONTROL uses CDC "encapsulated commands" with funky notifications.
60 * - control-out: SEND_ENCAPSULATED
61 * - interrupt-in: RESPONSE_AVAILABLE
62 * - control-in: GET_ENCAPSULATED
63 *
64 * We'll try to ignore the RESPONSE_AVAILABLE notifications.
ad55d71a
OAVR		 65 *
66 * REVISIT some RNDIS implementations seem to have curious issues still
67 * to be resolved.
64e04910
DB		 68 */
69struct rndis_msg_hdr {
70 __le32 msg_type; /* RNDIS_MSG_* */
71 __le32 msg_len;
72 // followed by data that varies between messages
73 __le32 request_id;
74 __le32 status;
75 // ... and more
76} __attribute__ ((packed));
77
ad55d71a
OAVR		 78/* MS-Windows uses this strange size, but RNDIS spec says 1024 minimum */
79#define CONTROL_BUFFER_SIZE 1025
80
81/* RNDIS defines an (absurdly huge) 10 second control timeout,
82 * but ActiveSync seems to use a more usual 5 second timeout
83 * (which matches the USB 2.0 spec).
84 */
85#define RNDIS_CONTROL_TIMEOUT_MS (5 * 1000)
64e04910
DB		 86
87
88#define ccpu2 __constant_cpu_to_le32
89
90#define RNDIS_MSG_COMPLETION ccpu2(0x80000000)
91
92/* codes for "msg_type" field of rndis messages;
93 * only the data channel uses packet messages (maybe batched);
94 * everything else goes on the control channel.
95 */
96#define RNDIS_MSG_PACKET ccpu2(0x00000001) /* 1-N packets */
97#define RNDIS_MSG_INIT ccpu2(0x00000002)
51400f1d 98#define RNDIS_MSG_INIT_C (RNDIS_MSG_INIT|RNDIS_MSG_COMPLETION)
64e04910
DB		 99#define RNDIS_MSG_HALT ccpu2(0x00000003)
100#define RNDIS_MSG_QUERY ccpu2(0x00000004)
51400f1d 101#define RNDIS_MSG_QUERY_C (RNDIS_MSG_QUERY|RNDIS_MSG_COMPLETION)
64e04910 102#define RNDIS_MSG_SET ccpu2(0x00000005)
51400f1d 103#define RNDIS_MSG_SET_C (RNDIS_MSG_SET|RNDIS_MSG_COMPLETION)
64e04910 104#define RNDIS_MSG_RESET ccpu2(0x00000006)
51400f1d 105#define RNDIS_MSG_RESET_C (RNDIS_MSG_RESET|RNDIS_MSG_COMPLETION)
64e04910
DB		 106#define RNDIS_MSG_INDICATE ccpu2(0x00000007)
107#define RNDIS_MSG_KEEPALIVE ccpu2(0x00000008)
51400f1d 108#define RNDIS_MSG_KEEPALIVE_C (RNDIS_MSG_KEEPALIVE|RNDIS_MSG_COMPLETION)
64e04910
DB		 109
110/* codes for "status" field of completion messages */
111#define RNDIS_STATUS_SUCCESS ccpu2(0x00000000)
112#define RNDIS_STATUS_FAILURE ccpu2(0xc0000001)
113#define RNDIS_STATUS_INVALID_DATA ccpu2(0xc0010015)
114#define RNDIS_STATUS_NOT_SUPPORTED ccpu2(0xc00000bb)
115#define RNDIS_STATUS_MEDIA_CONNECT ccpu2(0x4001000b)
116#define RNDIS_STATUS_MEDIA_DISCONNECT ccpu2(0x4001000c)
117
118
119struct rndis_data_hdr {
120 __le32 msg_type; /* RNDIS_MSG_PACKET */
121 __le32 msg_len; // rndis_data_hdr + data_len + pad
122 __le32 data_offset; // 36 -- right after header
123 __le32 data_len; // ... real packet size
124
125 __le32 oob_data_offset; // zero
126 __le32 oob_data_len; // zero
127 __le32 num_oob; // zero
128 __le32 packet_data_offset; // zero
129
130 __le32 packet_data_len; // zero
131 __le32 vc_handle; // zero
132 __le32 reserved; // zero
133} __attribute__ ((packed));
134
135struct rndis_init { /* OUT */
136 // header and:
137 __le32 msg_type; /* RNDIS_MSG_INIT */
138 __le32 msg_len; // 24
139 __le32 request_id;
140 __le32 major_version; // of rndis (1.0)
141 __le32 minor_version;
142 __le32 max_transfer_size;
143} __attribute__ ((packed));
144
145struct rndis_init_c { /* IN */
146 // header and:
147 __le32 msg_type; /* RNDIS_MSG_INIT_C */
148 __le32 msg_len;
149 __le32 request_id;
150 __le32 status;
151 __le32 major_version; // of rndis (1.0)
152 __le32 minor_version;
153 __le32 device_flags;
154 __le32 medium; // zero == 802.3
155 __le32 max_packets_per_message;
156 __le32 max_transfer_size;
157 __le32 packet_alignment; // max 7; (1<<n) bytes
158 __le32 af_list_offset; // zero
159 __le32 af_list_size; // zero
160} __attribute__ ((packed));
161
162struct rndis_halt { /* OUT (no reply) */
163 // header and:
164 __le32 msg_type; /* RNDIS_MSG_HALT */
165 __le32 msg_len;
166 __le32 request_id;
167} __attribute__ ((packed));
168
169struct rndis_query { /* OUT */
170 // header and:
171 __le32 msg_type; /* RNDIS_MSG_QUERY */
172 __le32 msg_len;
173 __le32 request_id;
174 __le32 oid;
175 __le32 len;
176 __le32 offset;
177/*?*/ __le32 handle; // zero
178} __attribute__ ((packed));
179
180struct rndis_query_c { /* IN */
181 // header and:
182 __le32 msg_type; /* RNDIS_MSG_QUERY_C */
183 __le32 msg_len;
184 __le32 request_id;
185 __le32 status;
186 __le32 len;
187 __le32 offset;
188} __attribute__ ((packed));
189
190struct rndis_set { /* OUT */
191 // header and:
192 __le32 msg_type; /* RNDIS_MSG_SET */
193 __le32 msg_len;
194 __le32 request_id;
195 __le32 oid;
196 __le32 len;
197 __le32 offset;
198/*?*/ __le32 handle; // zero
199} __attribute__ ((packed));
200
201struct rndis_set_c { /* IN */
202 // header and:
203 __le32 msg_type; /* RNDIS_MSG_SET_C */
204 __le32 msg_len;
205 __le32 request_id;
206 __le32 status;
207} __attribute__ ((packed));
208
209struct rndis_reset { /* IN */
210 // header and:
211 __le32 msg_type; /* RNDIS_MSG_RESET */
212 __le32 msg_len;
213 __le32 reserved;
214} __attribute__ ((packed));
215
216struct rndis_reset_c { /* OUT */
217 // header and:
218 __le32 msg_type; /* RNDIS_MSG_RESET_C */
219 __le32 msg_len;
220 __le32 status;
221 __le32 addressing_lost;
222} __attribute__ ((packed));
223
224struct rndis_indicate { /* IN (unrequested) */
225 // header and:
226 __le32 msg_type; /* RNDIS_MSG_INDICATE */
227 __le32 msg_len;
228 __le32 status;
229 __le32 length;
230 __le32 offset;
231/**/ __le32 diag_status;
232 __le32 error_offset;
233/**/ __le32 message;
234} __attribute__ ((packed));
235
236struct rndis_keepalive { /* OUT (optionally IN) */
237 // header and:
238 __le32 msg_type; /* RNDIS_MSG_KEEPALIVE */
239 __le32 msg_len;
240 __le32 request_id;
241} __attribute__ ((packed));
242
243struct rndis_keepalive_c { /* IN (optionally OUT) */
244 // header and:
245 __le32 msg_type; /* RNDIS_MSG_KEEPALIVE_C */
246 __le32 msg_len;
247 __le32 request_id;
248 __le32 status;
249} __attribute__ ((packed));
250
251/* NOTE: about 30 OIDs are "mandatory" for peripherals to support ... and
252 * there are gobs more that may optionally be supported. We'll avoid as much
253 * of that mess as possible.
254 */
255#define OID_802_3_PERMANENT_ADDRESS ccpu2(0x01010101)
ddda0862 256#define OID_GEN_MAXIMUM_FRAME_SIZE ccpu2(0x00010106)
64e04910
DB		 257#define OID_GEN_CURRENT_PACKET_FILTER ccpu2(0x0001010e)
258
259/*
260 * RNDIS notifications from device: command completion; "reverse"
261 * keepalives; etc
262 */
263static void rndis_status(struct usbnet *dev, struct urb *urb)
264{
265 devdbg(dev, "rndis status urb, len %d stat %d",
266 urb->actual_length, urb->status);
267 // FIXME for keepalives, respond immediately (asynchronously)
268 // if not an RNDIS status, do like cdc_status(dev,urb) does
269}
270
271/*
272 * RPC done RNDIS-style. Caller guarantees:
273 * - message is properly byteswapped
274 * - there's no other request pending
275 * - buf can hold up to 1KB response (required by RNDIS spec)
276 * On return, the first few entries are already byteswapped.
277 *
278 * Call context is likely probe(), before interface name is known,
279 * which is why we won't try to use it in the diagnostics.
280 */
281static int rndis_command(struct usbnet *dev, struct rndis_msg_hdr *buf)
282{
283 struct cdc_state *info = (void *) &dev->data;
ad55d71a 284 int master_ifnum;
64e04910
DB		 285 int retval;
286 unsigned count;
287 __le32 rsp;
288 u32 xid = 0, msg_len, request_id;
289
290 /* REVISIT when this gets called from contexts other than probe() or
291 * disconnect(): either serialize, or dispatch responses on xid
292 */
293
ad55d71a 294 /* Issue the request; xid is unique, don't bother byteswapping it */
64e04910
DB		 295 if (likely(buf->msg_type != RNDIS_MSG_HALT
296 && buf->msg_type != RNDIS_MSG_RESET)) {
297 xid = dev->xid++;
298 if (!xid)
299 xid = dev->xid++;
300 buf->request_id = (__force __le32) xid;
301 }
ad55d71a 302 master_ifnum = info->control->cur_altsetting->desc.bInterfaceNumber;
64e04910
DB		 303 retval = usb_control_msg(dev->udev,
304 usb_sndctrlpipe(dev->udev, 0),
305 USB_CDC_SEND_ENCAPSULATED_COMMAND,
306 USB_TYPE_CLASS | USB_RECIP_INTERFACE,
ad55d71a 307 0, master_ifnum,
64e04910
DB		 308 buf, le32_to_cpu(buf->msg_len),
309 RNDIS_CONTROL_TIMEOUT_MS);
310 if (unlikely(retval < 0 || xid == 0))
311 return retval;
312
313 // FIXME Seems like some devices discard responses when
314 // we time out and cancel our "get response" requests...
315 // so, this is fragile. Probably need to poll for status.
316
317 /* ignore status endpoint, just poll the control channel;
318 * the request probably completed immediately
319 */
320 rsp = buf->msg_type | RNDIS_MSG_COMPLETION;
321 for (count = 0; count < 10; count++) {
ad55d71a 322 memset(buf, 0, CONTROL_BUFFER_SIZE);
64e04910
DB		 323 retval = usb_control_msg(dev->udev,
324 usb_rcvctrlpipe(dev->udev, 0),
325 USB_CDC_GET_ENCAPSULATED_RESPONSE,
326 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
ad55d71a
OAVR		 327 0, master_ifnum,
328 buf, CONTROL_BUFFER_SIZE,
64e04910
DB		 329 RNDIS_CONTROL_TIMEOUT_MS);
330 if (likely(retval >= 8)) {
331 msg_len = le32_to_cpu(buf->msg_len);
332 request_id = (__force u32) buf->request_id;
333 if (likely(buf->msg_type == rsp)) {
334 if (likely(request_id == xid)) {
335 if (unlikely(rsp == RNDIS_MSG_RESET_C))
336 return 0;
337 if (likely(RNDIS_STATUS_SUCCESS
338 == buf->status))
339 return 0;
340 dev_dbg(&info->control->dev,
341 "rndis reply status %08x\n",
342 le32_to_cpu(buf->status));
343 return -EL3RST;
344 }
345 dev_dbg(&info->control->dev,
346 "rndis reply id %d expected %d\n",
347 request_id, xid);
348 /* then likely retry */
349 } else switch (buf->msg_type) {
350 case RNDIS_MSG_INDICATE: { /* fault */
351 // struct rndis_indicate *msg = (void *)buf;
352 dev_info(&info->control->dev,
ddda0862 353 "rndis fault indication\n");
64e04910
DB		 354 }
355 break;
356 case RNDIS_MSG_KEEPALIVE: { /* ping */
357 struct rndis_keepalive_c *msg = (void *)buf;
358
359 msg->msg_type = RNDIS_MSG_KEEPALIVE_C;
360 msg->msg_len = ccpu2(sizeof *msg);
361 msg->status = RNDIS_STATUS_SUCCESS;
362 retval = usb_control_msg(dev->udev,
363 usb_sndctrlpipe(dev->udev, 0),
364 USB_CDC_SEND_ENCAPSULATED_COMMAND,
365 USB_TYPE_CLASS | USB_RECIP_INTERFACE,
ad55d71a 366 0, master_ifnum,
64e04910
DB		 367 msg, sizeof *msg,
368 RNDIS_CONTROL_TIMEOUT_MS);
369 if (unlikely(retval < 0))
370 dev_dbg(&info->control->dev,
371 "rndis keepalive err %d\n",
372 retval);
373 }
374 break;
375 default:
376 dev_dbg(&info->control->dev,
377 "unexpected rndis msg %08x len %d\n",
378 le32_to_cpu(buf->msg_type), msg_len);
379 }
380 } else {
381 /* device probably issued a protocol stall; ignore */
382 dev_dbg(&info->control->dev,
383 "rndis response error, code %d\n", retval);
384 }
385 msleep(2);
386 }
387 dev_dbg(&info->control->dev, "rndis response timeout\n");
388 return -ETIMEDOUT;
389}
390
ddda0862
DB		 391/*
392 * rndis_query:
393 *
394 * Performs a query for @oid along with 0 or more bytes of payload as
395 * specified by @in_len. If @reply_len is not set to -1 then the reply
396 * length is checked against this value, resulting in an error if it
397 * doesn't match.
398 *
399 * NOTE: Adding a payload exactly or greater than the size of the expected
400 * response payload is an evident requirement MSFT added for ActiveSync.
401 *
402 * The only exception is for OIDs that return a variably sized response,
403 * in which case no payload should be added. This undocumented (and
404 * nonsensical!) issue was found by sniffing protocol requests from the
405 * ActiveSync 4.1 Windows driver.
406 */
407static int rndis_query(struct usbnet *dev, struct usb_interface *intf,
408 void *buf, u32 oid, u32 in_len,
409 void **reply, int *reply_len)
410{
411 int retval;
412 union {
413 void *buf;
414 struct rndis_msg_hdr *header;
415 struct rndis_query *get;
416 struct rndis_query_c *get_c;
417 } u;
418 u32 off, len;
419
420 u.buf = buf;
421
422 memset(u.get, 0, sizeof *u.get + in_len);
423 u.get->msg_type = RNDIS_MSG_QUERY;
424 u.get->msg_len = cpu_to_le32(sizeof *u.get + in_len);
425 u.get->oid = oid;
426 u.get->len = cpu_to_le32(in_len);
427 u.get->offset = ccpu2(20);
428
429 retval = rndis_command(dev, u.header);
430 if (unlikely(retval < 0)) {
431 dev_err(&intf->dev, "RNDIS_MSG_QUERY(0x%08x) failed, %d\n",
432 oid, retval);
433 return retval;
434 }
435
436 off = le32_to_cpu(u.get_c->offset);
437 len = le32_to_cpu(u.get_c->len);
438 if (unlikely((8 + off + len) > CONTROL_BUFFER_SIZE))
439 goto response_error;
440
441 if (*reply_len != -1 && len != *reply_len)
442 goto response_error;
443
444 *reply = (unsigned char *) &u.get_c->request_id + off;
445 *reply_len = len;
446
447 return retval;
448
449response_error:
450 dev_err(&intf->dev, "RNDIS_MSG_QUERY(0x%08x) "
451 "invalid response - off %d len %d\n",
452 oid, off, len);
453 return -EDOM;
454}
455
64e04910
DB		 456static int rndis_bind(struct usbnet *dev, struct usb_interface *intf)
457{
458 int retval;
459 struct net_device *net = dev->net;
deb31f17 460 struct cdc_state *info = (void *) &dev->data;
64e04910
DB		 461 union {
462 void *buf;
463 struct rndis_msg_hdr *header;
464 struct rndis_init *init;
465 struct rndis_init_c *init_c;
466 struct rndis_query *get;
467 struct rndis_query_c *get_c;
468 struct rndis_set *set;
469 struct rndis_set_c *set_c;
9ff55874 470 struct rndis_halt *halt;
64e04910
DB		 471 } u;
472 u32 tmp;
ddda0862
DB		 473 int reply_len;
474 unsigned char *bp;
64e04910
DB		 475
476 /* we can't rely on i/o from stack working, or stack allocation */
ad55d71a 477 u.buf = kmalloc(CONTROL_BUFFER_SIZE, GFP_KERNEL);
64e04910
DB		 478 if (!u.buf)
479 return -ENOMEM;
480 retval = usbnet_generic_cdc_bind(dev, intf);
481 if (retval < 0)
deb31f17 482 goto fail;
64e04910 483
64e04910
DB		 484 u.init->msg_type = RNDIS_MSG_INIT;
485 u.init->msg_len = ccpu2(sizeof *u.init);
486 u.init->major_version = ccpu2(1);
487 u.init->minor_version = ccpu2(0);
64e04910 488
ad55d71a
OAVR		 489 /* max transfer (in spec) is 0x4000 at full speed, but for
490 * TX we'll stick to one Ethernet packet plus RNDIS framing.
491 * For RX we handle drivers that zero-pad to end-of-packet.
492 * Don't let userspace change these settings.
ddda0862
DB		 493 *
494 * NOTE: there still seems to be wierdness here, as if we need
495 * to do some more things to make sure WinCE targets accept this.
496 * They default to jumbograms of 8KB or 16KB, which is absurd
497 * for such low data rates and which is also more than Linux
498 * can usually expect to allocate for SKB data...
ad55d71a
OAVR		 499 */
500 net->hard_header_len += sizeof (struct rndis_data_hdr);
501 dev->hard_mtu = net->mtu + net->hard_header_len;
502
503 dev->rx_urb_size = dev->hard_mtu + (dev->maxpacket + 1);
504 dev->rx_urb_size &= ~(dev->maxpacket - 1);
505 u.init->max_transfer_size = cpu_to_le32(dev->rx_urb_size);
506
507 net->change_mtu = NULL;
64e04910
DB		 508 retval = rndis_command(dev, u.header);
509 if (unlikely(retval < 0)) {
510 /* it might not even be an RNDIS device!! */
511 dev_err(&intf->dev, "RNDIS init failed, %d\n", retval);
ddda0862 512 goto fail_and_release;
ad55d71a
OAVR		 513 }
514 tmp = le32_to_cpu(u.init_c->max_transfer_size);
515 if (tmp < dev->hard_mtu) {
500d2c2f
TS		 516 if (tmp <= net->hard_header_len) {
517 dev_err(&intf->dev,
518 "dev can't take %u byte packets (max %u)\n",
519 dev->hard_mtu, tmp);
520 retval = -EINVAL;
9ff55874 521 goto halt_fail_and_release;
500d2c2f
TS		 522 }
523 dev->hard_mtu = tmp;
524 net->mtu = dev->hard_mtu - net->hard_header_len;
525 dev_warn(&intf->dev,
526 "dev can't take %u byte packets (max %u), "
527 "adjusting MTU to %u\n",
528 dev->hard_mtu, tmp, net->mtu);
64e04910 529 }
ad55d71a 530
64e04910 531 /* REVISIT: peripheral "alignment" request is ignored ... */
ad55d71a
OAVR		 532 dev_dbg(&intf->dev,
533 "hard mtu %u (%u from dev), rx buflen %Zu, align %d\n",
534 dev->hard_mtu, tmp, dev->rx_urb_size,
64e04910
DB		 535 1 << le32_to_cpu(u.init_c->packet_alignment));
536
ddda0862
DB		 537 /* Get designated host ethernet address */
538 reply_len = ETH_ALEN;
539 retval = rndis_query(dev, intf, u.buf, OID_802_3_PERMANENT_ADDRESS,
540 48, (void **) &bp, &reply_len);
541 if (unlikely(retval< 0)) {
64e04910 542 dev_err(&intf->dev, "rndis get ethaddr, %d\n", retval);
9ff55874 543 goto halt_fail_and_release;
64e04910 544 }
ddda0862 545 memcpy(net->dev_addr, bp, ETH_ALEN);
64e04910
DB		 546
547 /* set a nonzero filter to enable data transfers */
548 memset(u.set, 0, sizeof *u.set);
549 u.set->msg_type = RNDIS_MSG_SET;
550 u.set->msg_len = ccpu2(4 + sizeof *u.set);
551 u.set->oid = OID_GEN_CURRENT_PACKET_FILTER;
552 u.set->len = ccpu2(4);
553 u.set->offset = ccpu2((sizeof *u.set) - 8);
554 *(__le32 *)(u.buf + sizeof *u.set) = ccpu2(DEFAULT_FILTER);
555
556 retval = rndis_command(dev, u.header);
557 if (unlikely(retval < 0)) {
558 dev_err(&intf->dev, "rndis set packet filter, %d\n", retval);
9ff55874 559 goto halt_fail_and_release;
64e04910
DB		 560 }
561
562 retval = 0;
deb31f17
DG		 563
564 kfree(u.buf);
565 return retval;
566
9ff55874
JK		 567halt_fail_and_release:
568 memset(u.halt, 0, sizeof *u.halt);
569 u.halt->msg_type = RNDIS_MSG_HALT;
570 u.halt->msg_len = ccpu2(sizeof *u.halt);
571 (void) rndis_command(dev, (void *)u.halt);
deb31f17
DG		 572fail_and_release:
573 usb_set_intfdata(info->data, NULL);
574 usb_driver_release_interface(driver_of(intf), info->data);
ddda0862 575 info->data = NULL;
deb31f17 576fail:
64e04910
DB		 577 kfree(u.buf);
578 return retval;
579}
580
581static void rndis_unbind(struct usbnet *dev, struct usb_interface *intf)
582{
583 struct rndis_halt *halt;
584
585 /* try to clear any rndis state/activity (no i/o from stack!) */
04c3c01a 586 halt = kzalloc(CONTROL_BUFFER_SIZE, GFP_KERNEL);
64e04910
DB		 587 if (halt) {
588 halt->msg_type = RNDIS_MSG_HALT;
589 halt->msg_len = ccpu2(sizeof *halt);
590 (void) rndis_command(dev, (void *)halt);
591 kfree(halt);
592 }
593
2bfa2e1f 594 usbnet_cdc_unbind(dev, intf);
64e04910
DB		 595}
596
597/*
598 * DATA -- host must not write zlps
599 */
600static int rndis_rx_fixup(struct usbnet *dev, struct sk_buff *skb)
601{
602 /* peripheral may have batched packets to us... */
603 while (likely(skb->len)) {
604 struct rndis_data_hdr *hdr = (void *)skb->data;
605 struct sk_buff *skb2;
606 u32 msg_len, data_offset, data_len;
607
608 msg_len = le32_to_cpu(hdr->msg_len);
609 data_offset = le32_to_cpu(hdr->data_offset);
610 data_len = le32_to_cpu(hdr->data_len);
611
612 /* don't choke if we see oob, per-packet data, etc */
613 if (unlikely(hdr->msg_type != RNDIS_MSG_PACKET
614 || skb->len < msg_len
615 || (data_offset + data_len + 8) > msg_len)) {
616 dev->stats.rx_frame_errors++;
617 devdbg(dev, "bad rndis message %d/%d/%d/%d, len %d",
618 le32_to_cpu(hdr->msg_type),
619 msg_len, data_offset, data_len, skb->len);
620 return 0;
621 }
622 skb_pull(skb, 8 + data_offset);
623
624 /* at most one packet left? */
625 if (likely((data_len - skb->len) <= sizeof *hdr)) {
626 skb_trim(skb, data_len);
627 break;
628 }
629
630 /* try to return all the packets in the batch */
631 skb2 = skb_clone(skb, GFP_ATOMIC);
632 if (unlikely(!skb2))
633 break;
634 skb_pull(skb, msg_len - sizeof *hdr);
635 skb_trim(skb2, data_len);
636 usbnet_skb_return(dev, skb2);
637 }
638
639 /* caller will usbnet_skb_return the remaining packet */
640 return 1;
641}
642
643static struct sk_buff *
55016f10 644rndis_tx_fixup(struct usbnet *dev, struct sk_buff *skb, gfp_t flags)
64e04910
DB		 645{
646 struct rndis_data_hdr *hdr;
647 struct sk_buff *skb2;
648 unsigned len = skb->len;
649
650 if (likely(!skb_cloned(skb))) {
651 int room = skb_headroom(skb);
652
653 /* enough head room as-is? */
654 if (unlikely((sizeof *hdr) <= room))
655 goto fill;
656
657 /* enough room, but needs to be readjusted? */
658 room += skb_tailroom(skb);
659 if (likely((sizeof *hdr) <= room)) {
660 skb->data = memmove(skb->head + sizeof *hdr,
661 skb->data, len);
27a884dc 662 skb_set_tail_pointer(skb, len);
64e04910
DB		 663 goto fill;
664 }
665 }
666
667 /* create a new skb, with the correct size (and tailpad) */
668 skb2 = skb_copy_expand(skb, sizeof *hdr, 1, flags);
669 dev_kfree_skb_any(skb);
670 if (unlikely(!skb2))
671 return skb2;
672 skb = skb2;
673
674 /* fill out the RNDIS header. we won't bother trying to batch
675 * packets; Linux minimizes wasted bandwidth through tx queues.
676 */
677fill:
678 hdr = (void *) __skb_push(skb, sizeof *hdr);
679 memset(hdr, 0, sizeof *hdr);
680 hdr->msg_type = RNDIS_MSG_PACKET;
681 hdr->msg_len = cpu_to_le32(skb->len);
682 hdr->data_offset = ccpu2(sizeof(*hdr) - 8);
683 hdr->data_len = cpu_to_le32(len);
684
685 /* FIXME make the last packet always be short ... */
686 return skb;
687}
688
689
690static const struct driver_info rndis_info = {
691 .description = "RNDIS device",
ddda0862 692 .flags = FLAG_ETHER | FLAG_FRAMING_RN | FLAG_NO_SETINT,
64e04910
DB		 693 .bind = rndis_bind,
694 .unbind = rndis_unbind,
695 .status = rndis_status,
696 .rx_fixup = rndis_rx_fixup,
697 .tx_fixup = rndis_tx_fixup,
698};
699
700#undef ccpu2
701
702
703/*-------------------------------------------------------------------------*/
704
705static const struct usb_device_id products [] = {
706{
707 /* RNDIS is MSFT's un-official variant of CDC ACM */
708 USB_INTERFACE_INFO(USB_CLASS_COMM, 2 /* ACM */, 0x0ff),
709 .driver_info = (unsigned long) &rndis_info,
ad55d71a
OAVR		 710}, {
711 /* "ActiveSync" is an undocumented variant of RNDIS, used in WM5 */
712 USB_INTERFACE_INFO(USB_CLASS_MISC, 1, 1),
713 .driver_info = (unsigned long) &rndis_info,
64e04910
DB		 714},
715 { }, // END
716};
717MODULE_DEVICE_TABLE(usb, products);
718
719static struct usb_driver rndis_driver = {
64e04910
DB		 720 .name = "rndis_host",
721 .id_table = products,
722 .probe = usbnet_probe,
723 .disconnect = usbnet_disconnect,
724 .suspend = usbnet_suspend,
725 .resume = usbnet_resume,
726};
727
728static int __init rndis_init(void)
729{
51400f1d 730 return usb_register(&rndis_driver);
64e04910
DB		 731}
732module_init(rndis_init);
733
734static void __exit rndis_exit(void)
735{
51400f1d 736 usb_deregister(&rndis_driver);
64e04910
DB		 737}
738module_exit(rndis_exit);
739
740MODULE_AUTHOR("David Brownell");
741MODULE_DESCRIPTION("USB Host side RNDIS driver");
742MODULE_LICENSE("GPL");
Clone of davem's net-next-2.6 tree