search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
lkdtm: Add Control Flow Integrity test
[linux/fpc-iii.git] / drivers / net / usb / lg-vl600.c
blob6c2b3e368efec68663093a510f2a1c1f0c708587
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Ethernet interface part of the LG VL600 LTE modem (4G dongle)
4 *
5 * Copyright (C) 2011 Intel Corporation
6 * Author: Andrzej Zaborowski <balrogg@gmail.com>
7 */
8 #include <linux/etherdevice.h>
9 #include <linux/ethtool.h>
10 #include <linux/mii.h>
11 #include <linux/usb.h>
12 #include <linux/usb/cdc.h>
13 #include <linux/usb/usbnet.h>
14 #include <linux/if_ether.h>
15 #include <linux/if_arp.h>
16 #include <linux/inetdevice.h>
17 #include <linux/module.h>
18
19 /*
20 * The device has a CDC ACM port for modem control (it claims to be
21 * CDC ACM anyway) and a CDC Ethernet port for actual network data.
22 * It will however ignore data on both ports that is not encapsulated
23 * in a specific way, any data returned is also encapsulated the same
24 * way. The headers don't seem to follow any popular standard.
25 *
26 * This driver adds and strips these headers from the ethernet frames
27 * sent/received from the CDC Ethernet port. The proprietary header
28 * replaces the standard ethernet header in a packet so only actual
29 * ethernet frames are allowed. The headers allow some form of
30 * multiplexing by using non standard values of the .h_proto field.
31 * Windows/Mac drivers do send a couple of such frames to the device
32 * during initialisation, with protocol set to 0x0906 or 0x0b06 and (what
33 * seems to be) a flag in the .dummy_flags. This doesn't seem necessary
34 * for modem operation but can possibly be used for GPS or other funcitons.
35 */
36
37 struct vl600_frame_hdr {
38 __le32 len;
39 __le32 serial;
40 __le32 pkt_cnt;
41 __le32 dummy_flags;
42 __le32 dummy;
43 __le32 magic;
44 } __attribute__((packed));
45
46 struct vl600_pkt_hdr {
47 __le32 dummy[2];
48 __le32 len;
49 __be16 h_proto;
50 } __attribute__((packed));
51
52 struct vl600_state {
53 struct sk_buff *current_rx_buf;
54 };
55
56 static int vl600_bind(struct usbnet *dev, struct usb_interface *intf)
57 {
58 int ret;
59 struct vl600_state *s = kzalloc(sizeof(struct vl600_state), GFP_KERNEL);
60
61 if (!s)
62 return -ENOMEM;
63
64 ret = usbnet_cdc_bind(dev, intf);
65 if (ret) {
66 kfree(s);
67 return ret;
68 }
69
70 dev->driver_priv = s;
71
72 /* ARP packets don't go through, but they're also of no use. The
73 * subnet has only two hosts anyway: us and the gateway / DHCP
74 * server (probably simulated by modem firmware or network operator)
75 * whose address changes everytime we connect to the intarwebz and
76 * who doesn't bother answering ARP requests either. So hardware
77 * addresses have no meaning, the destination and the source of every
78 * packet depend only on whether it is on the IN or OUT endpoint. */
79 dev->net->flags |= IFF_NOARP;
80 /* IPv6 NDP relies on multicast. Enable it by default. */
81 dev->net->flags |= IFF_MULTICAST;
82
83 return ret;
84 }
85
86 static void vl600_unbind(struct usbnet *dev, struct usb_interface *intf)
87 {
88 struct vl600_state *s = dev->driver_priv;
89
90 if (s->current_rx_buf)
91 dev_kfree_skb(s->current_rx_buf);
92
93 kfree(s);
94
95 return usbnet_cdc_unbind(dev, intf);
96 }
97
98 static int vl600_rx_fixup(struct usbnet *dev, struct sk_buff *skb)
99 {
100 struct vl600_frame_hdr *frame;
101 struct vl600_pkt_hdr *packet;
102 struct ethhdr *ethhdr;
103 int packet_len, count;
104 struct sk_buff *buf = skb;
105 struct sk_buff *clone;
106 struct vl600_state *s = dev->driver_priv;
107
108 /* Frame lengths are generally 4B multiplies but every couple of
109 * hours there's an odd number of bytes sized yet correct frame,
110 * so don't require this. */
111
112 /* Allow a packet (or multiple packets batched together) to be
113 * split across many frames. We don't allow a new batch to
114 * begin in the same frame another one is ending however, and no
115 * leading or trailing pad bytes. */
116 if (s->current_rx_buf) {
117 frame = (struct vl600_frame_hdr *) s->current_rx_buf->data;
118 if (skb->len + s->current_rx_buf->len >
119 le32_to_cpup(&frame->len)) {
120 netif_err(dev, ifup, dev->net, "Fragment too long\n");
121 dev->net->stats.rx_length_errors++;
122 goto error;
123 }
124
125 buf = s->current_rx_buf;
126 skb_put_data(buf, skb->data, skb->len);
127 } else if (skb->len < 4) {
128 netif_err(dev, ifup, dev->net, "Frame too short\n");
129 dev->net->stats.rx_length_errors++;
130 goto error;
131 }
132
133 frame = (struct vl600_frame_hdr *) buf->data;
134 /* Yes, check that frame->magic == 0x53544448 (or 0x44544d48),
135 * otherwise we may run out of memory w/a bad packet */
136 if (ntohl(frame->magic) != 0x53544448 &&
137 ntohl(frame->magic) != 0x44544d48)
138 goto error;
139
140 if (buf->len < sizeof(*frame) ||
141 buf->len != le32_to_cpup(&frame->len)) {
142 /* Save this fragment for later assembly */
143 if (s->current_rx_buf)
144 return 0;
145
146 s->current_rx_buf = skb_copy_expand(skb, 0,
147 le32_to_cpup(&frame->len), GFP_ATOMIC);
148 if (!s->current_rx_buf)
149 dev->net->stats.rx_errors++;
150
151 return 0;
152 }
153
154 count = le32_to_cpup(&frame->pkt_cnt);
155
156 skb_pull(buf, sizeof(*frame));
157
158 while (count--) {
159 if (buf->len < sizeof(*packet)) {
160 netif_err(dev, ifup, dev->net, "Packet too short\n");
161 goto error;
162 }
163
164 packet = (struct vl600_pkt_hdr *) buf->data;
165 packet_len = sizeof(*packet) + le32_to_cpup(&packet->len);
166 if (packet_len > buf->len) {
167 netif_err(dev, ifup, dev->net,
168 "Bad packet length stored in header\n");
169 goto error;
170 }
171
172 /* Packet header is same size as the ethernet header
173 * (sizeof(*packet) == sizeof(*ethhdr)), additionally
174 * the h_proto field is in the same place so we just leave it
175 * alone and fill in the remaining fields.
176 */
177 ethhdr = (struct ethhdr *) skb->data;
178 if (be16_to_cpup(&ethhdr->h_proto) == ETH_P_ARP &&
179 buf->len > 0x26) {
180 /* Copy the addresses from packet contents */
181 memcpy(ethhdr->h_source,
182 &buf->data[sizeof(*ethhdr) + 0x8],
183 ETH_ALEN);
184 memcpy(ethhdr->h_dest,
185 &buf->data[sizeof(*ethhdr) + 0x12],
186 ETH_ALEN);
187 } else {
188 eth_zero_addr(ethhdr->h_source);
189 memcpy(ethhdr->h_dest, dev->net->dev_addr, ETH_ALEN);
190
191 /* Inbound IPv6 packets have an IPv4 ethertype (0x800)
192 * for some reason. Peek at the L3 header to check
193 * for IPv6 packets, and set the ethertype to IPv6
194 * (0x86dd) so Linux can understand it.
195 */
196 if ((buf->data[sizeof(*ethhdr)] & 0xf0) == 0x60)
197 ethhdr->h_proto = htons(ETH_P_IPV6);
198 }
199
200 if (count) {
201 /* Not the last packet in this batch */
202 clone = skb_clone(buf, GFP_ATOMIC);
203 if (!clone)
204 goto error;
205
206 skb_trim(clone, packet_len);
207 usbnet_skb_return(dev, clone);
208
209 skb_pull(buf, (packet_len + 3) & ~3);
210 } else {
211 skb_trim(buf, packet_len);
212
213 if (s->current_rx_buf) {
214 usbnet_skb_return(dev, buf);
215 s->current_rx_buf = NULL;
216 return 0;
217 }
218
219 return 1;
220 }
221 }
222
223 error:
224 if (s->current_rx_buf) {
225 dev_kfree_skb_any(s->current_rx_buf);
226 s->current_rx_buf = NULL;
227 }
228 dev->net->stats.rx_errors++;
229 return 0;
230 }
231
232 static struct sk_buff *vl600_tx_fixup(struct usbnet *dev,
233 struct sk_buff *skb, gfp_t flags)
234 {
235 struct sk_buff *ret;
236 struct vl600_frame_hdr *frame;
237 struct vl600_pkt_hdr *packet;
238 static uint32_t serial = 1;
239 int orig_len = skb->len - sizeof(struct ethhdr);
240 int full_len = (skb->len + sizeof(struct vl600_frame_hdr) + 3) & ~3;
241
242 frame = (struct vl600_frame_hdr *) skb->data;
243 if (skb->len > sizeof(*frame) && skb->len == le32_to_cpup(&frame->len))
244 return skb; /* Already encapsulated? */
245
246 if (skb->len < sizeof(struct ethhdr))
247 /* Drop, device can only deal with ethernet packets */
248 return NULL;
249
250 if (!skb_cloned(skb)) {
251 int headroom = skb_headroom(skb);
252 int tailroom = skb_tailroom(skb);
253
254 if (tailroom >= full_len - skb->len - sizeof(*frame) &&
255 headroom >= sizeof(*frame))
256 /* There's enough head and tail room */
257 goto encapsulate;
258
259 if (headroom + tailroom + skb->len >= full_len) {
260 /* There's enough total room, just readjust */
261 skb->data = memmove(skb->head + sizeof(*frame),
262 skb->data, skb->len);
263 skb_set_tail_pointer(skb, skb->len);
264 goto encapsulate;
265 }
266 }
267
268 /* Alloc a new skb with the required size */
269 ret = skb_copy_expand(skb, sizeof(struct vl600_frame_hdr), full_len -
270 skb->len - sizeof(struct vl600_frame_hdr), flags);
271 dev_kfree_skb_any(skb);
272 if (!ret)
273 return ret;
274 skb = ret;
275
276 encapsulate:
277 /* Packet header is same size as ethernet packet header
278 * (sizeof(*packet) == sizeof(struct ethhdr)), additionally the
279 * h_proto field is in the same place so we just leave it alone and
280 * overwrite the remaining fields.
281 */
282 packet = (struct vl600_pkt_hdr *) skb->data;
283 /* The VL600 wants IPv6 packets to have an IPv4 ethertype
284 * Since this modem only supports IPv4 and IPv6, just set all
285 * frames to 0x0800 (ETH_P_IP)
286 */
287 packet->h_proto = htons(ETH_P_IP);
288 memset(&packet->dummy, 0, sizeof(packet->dummy));
289 packet->len = cpu_to_le32(orig_len);
290
291 frame = skb_push(skb, sizeof(*frame));
292 memset(frame, 0, sizeof(*frame));
293 frame->len = cpu_to_le32(full_len);
294 frame->serial = cpu_to_le32(serial++);
295 frame->pkt_cnt = cpu_to_le32(1);
296
297 if (skb->len < full_len) /* Pad */
298 skb_put(skb, full_len - skb->len);
299
300 return skb;
301 }
302
303 static const struct driver_info vl600_info = {
304 .description = "LG VL600 modem",
305 .flags = FLAG_RX_ASSEMBLE | FLAG_WWAN,
306 .bind = vl600_bind,
307 .unbind = vl600_unbind,
308 .status = usbnet_cdc_status,
309 .rx_fixup = vl600_rx_fixup,
310 .tx_fixup = vl600_tx_fixup,
311 };
312
313 static const struct usb_device_id products[] = {
314 {
315 USB_DEVICE_AND_INTERFACE_INFO(0x1004, 0x61aa, USB_CLASS_COMM,
316 USB_CDC_SUBCLASS_ETHERNET, USB_CDC_PROTO_NONE),
317 .driver_info = (unsigned long) &vl600_info,
318 },
319 {}, /* End */
320 };
321 MODULE_DEVICE_TABLE(usb, products);
322
323 static struct usb_driver lg_vl600_driver = {
324 .name = "lg-vl600",
325 .id_table = products,
326 .probe = usbnet_probe,
327 .disconnect = usbnet_disconnect,
328 .suspend = usbnet_suspend,
329 .resume = usbnet_resume,
330 .disable_hub_initiated_lpm = 1,
331 };
332
333 module_usb_driver(lg_vl600_driver);
334
335 MODULE_AUTHOR("Anrzej Zaborowski");
336 MODULE_DESCRIPTION("LG-VL600 modem's ethernet link");
337 MODULE_LICENSE("GPL");
Linux with added FPC-III support