search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
inet: frag: enforce memory limits earlier
[linux/fpc-iii.git] / drivers / usb / gadget / function / f_eem.c
blob007ec6e4a5d42cf391060b3e99b36b8bf3ff2848
1 /*
2 * f_eem.c -- USB CDC Ethernet (EEM) link function driver
3 *
4 * Copyright (C) 2003-2005,2008 David Brownell
5 * Copyright (C) 2008 Nokia Corporation
6 * Copyright (C) 2009 EF Johnson Technologies
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 */
13
14 #include <linux/kernel.h>
15 #include <linux/module.h>
16 #include <linux/device.h>
17 #include <linux/etherdevice.h>
18 #include <linux/crc32.h>
19 #include <linux/slab.h>
20
21 #include "u_ether.h"
22 #include "u_ether_configfs.h"
23 #include "u_eem.h"
24
25 #define EEM_HLEN 2
26
27 /*
28 * This function is a "CDC Ethernet Emulation Model" (CDC EEM)
29 * Ethernet link.
30 */
31
32 struct f_eem {
33 struct gether port;
34 u8 ctrl_id;
35 };
36
37 static inline struct f_eem *func_to_eem(struct usb_function *f)
38 {
39 return container_of(f, struct f_eem, port.func);
40 }
41
42 /*-------------------------------------------------------------------------*/
43
44 /* interface descriptor: */
45
46 static struct usb_interface_descriptor eem_intf = {
47 .bLength = sizeof eem_intf,
48 .bDescriptorType = USB_DT_INTERFACE,
49
50 /* .bInterfaceNumber = DYNAMIC */
51 .bNumEndpoints = 2,
52 .bInterfaceClass = USB_CLASS_COMM,
53 .bInterfaceSubClass = USB_CDC_SUBCLASS_EEM,
54 .bInterfaceProtocol = USB_CDC_PROTO_EEM,
55 /* .iInterface = DYNAMIC */
56 };
57
58 /* full speed support: */
59
60 static struct usb_endpoint_descriptor eem_fs_in_desc = {
61 .bLength = USB_DT_ENDPOINT_SIZE,
62 .bDescriptorType = USB_DT_ENDPOINT,
63
64 .bEndpointAddress = USB_DIR_IN,
65 .bmAttributes = USB_ENDPOINT_XFER_BULK,
66 };
67
68 static struct usb_endpoint_descriptor eem_fs_out_desc = {
69 .bLength = USB_DT_ENDPOINT_SIZE,
70 .bDescriptorType = USB_DT_ENDPOINT,
71
72 .bEndpointAddress = USB_DIR_OUT,
73 .bmAttributes = USB_ENDPOINT_XFER_BULK,
74 };
75
76 static struct usb_descriptor_header *eem_fs_function[] = {
77 /* CDC EEM control descriptors */
78 (struct usb_descriptor_header *) &eem_intf,
79 (struct usb_descriptor_header *) &eem_fs_in_desc,
80 (struct usb_descriptor_header *) &eem_fs_out_desc,
81 NULL,
82 };
83
84 /* high speed support: */
85
86 static struct usb_endpoint_descriptor eem_hs_in_desc = {
87 .bLength = USB_DT_ENDPOINT_SIZE,
88 .bDescriptorType = USB_DT_ENDPOINT,
89
90 .bEndpointAddress = USB_DIR_IN,
91 .bmAttributes = USB_ENDPOINT_XFER_BULK,
92 .wMaxPacketSize = cpu_to_le16(512),
93 };
94
95 static struct usb_endpoint_descriptor eem_hs_out_desc = {
96 .bLength = USB_DT_ENDPOINT_SIZE,
97 .bDescriptorType = USB_DT_ENDPOINT,
98
99 .bEndpointAddress = USB_DIR_OUT,
100 .bmAttributes = USB_ENDPOINT_XFER_BULK,
101 .wMaxPacketSize = cpu_to_le16(512),
102 };
103
104 static struct usb_descriptor_header *eem_hs_function[] = {
105 /* CDC EEM control descriptors */
106 (struct usb_descriptor_header *) &eem_intf,
107 (struct usb_descriptor_header *) &eem_hs_in_desc,
108 (struct usb_descriptor_header *) &eem_hs_out_desc,
109 NULL,
110 };
111
112 /* super speed support: */
113
114 static struct usb_endpoint_descriptor eem_ss_in_desc = {
115 .bLength = USB_DT_ENDPOINT_SIZE,
116 .bDescriptorType = USB_DT_ENDPOINT,
117
118 .bEndpointAddress = USB_DIR_IN,
119 .bmAttributes = USB_ENDPOINT_XFER_BULK,
120 .wMaxPacketSize = cpu_to_le16(1024),
121 };
122
123 static struct usb_endpoint_descriptor eem_ss_out_desc = {
124 .bLength = USB_DT_ENDPOINT_SIZE,
125 .bDescriptorType = USB_DT_ENDPOINT,
126
127 .bEndpointAddress = USB_DIR_OUT,
128 .bmAttributes = USB_ENDPOINT_XFER_BULK,
129 .wMaxPacketSize = cpu_to_le16(1024),
130 };
131
132 static struct usb_ss_ep_comp_descriptor eem_ss_bulk_comp_desc = {
133 .bLength = sizeof eem_ss_bulk_comp_desc,
134 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
135
136 /* the following 2 values can be tweaked if necessary */
137 /* .bMaxBurst = 0, */
138 /* .bmAttributes = 0, */
139 };
140
141 static struct usb_descriptor_header *eem_ss_function[] = {
142 /* CDC EEM control descriptors */
143 (struct usb_descriptor_header *) &eem_intf,
144 (struct usb_descriptor_header *) &eem_ss_in_desc,
145 (struct usb_descriptor_header *) &eem_ss_bulk_comp_desc,
146 (struct usb_descriptor_header *) &eem_ss_out_desc,
147 (struct usb_descriptor_header *) &eem_ss_bulk_comp_desc,
148 NULL,
149 };
150
151 /* string descriptors: */
152
153 static struct usb_string eem_string_defs[] = {
154 [0].s = "CDC Ethernet Emulation Model (EEM)",
155 { } /* end of list */
156 };
157
158 static struct usb_gadget_strings eem_string_table = {
159 .language = 0x0409, /* en-us */
160 .strings = eem_string_defs,
161 };
162
163 static struct usb_gadget_strings *eem_strings[] = {
164 &eem_string_table,
165 NULL,
166 };
167
168 /*-------------------------------------------------------------------------*/
169
170 static int eem_setup(struct usb_function *f, const struct usb_ctrlrequest *ctrl)
171 {
172 struct usb_composite_dev *cdev = f->config->cdev;
173 int value = -EOPNOTSUPP;
174 u16 w_index = le16_to_cpu(ctrl->wIndex);
175 u16 w_value = le16_to_cpu(ctrl->wValue);
176 u16 w_length = le16_to_cpu(ctrl->wLength);
177
178 DBG(cdev, "invalid control req%02x.%02x v%04x i%04x l%d\n",
179 ctrl->bRequestType, ctrl->bRequest,
180 w_value, w_index, w_length);
181
182 /* device either stalls (value < 0) or reports success */
183 return value;
184 }
185
186
187 static int eem_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
188 {
189 struct f_eem *eem = func_to_eem(f);
190 struct usb_composite_dev *cdev = f->config->cdev;
191 struct net_device *net;
192
193 /* we know alt == 0, so this is an activation or a reset */
194 if (alt != 0)
195 goto fail;
196
197 if (intf == eem->ctrl_id) {
198 DBG(cdev, "reset eem\n");
199 gether_disconnect(&eem->port);
200
201 if (!eem->port.in_ep->desc || !eem->port.out_ep->desc) {
202 DBG(cdev, "init eem\n");
203 if (config_ep_by_speed(cdev->gadget, f,
204 eem->port.in_ep) ||
205 config_ep_by_speed(cdev->gadget, f,
206 eem->port.out_ep)) {
207 eem->port.in_ep->desc = NULL;
208 eem->port.out_ep->desc = NULL;
209 goto fail;
210 }
211 }
212
213 /* zlps should not occur because zero-length EEM packets
214 * will be inserted in those cases where they would occur
215 */
216 eem->port.is_zlp_ok = 1;
217 eem->port.cdc_filter = DEFAULT_FILTER;
218 DBG(cdev, "activate eem\n");
219 net = gether_connect(&eem->port);
220 if (IS_ERR(net))
221 return PTR_ERR(net);
222 } else
223 goto fail;
224
225 return 0;
226 fail:
227 return -EINVAL;
228 }
229
230 static void eem_disable(struct usb_function *f)
231 {
232 struct f_eem *eem = func_to_eem(f);
233 struct usb_composite_dev *cdev = f->config->cdev;
234
235 DBG(cdev, "eem deactivated\n");
236
237 if (eem->port.in_ep->enabled)
238 gether_disconnect(&eem->port);
239 }
240
241 /*-------------------------------------------------------------------------*/
242
243 /* EEM function driver setup/binding */
244
245 static int eem_bind(struct usb_configuration *c, struct usb_function *f)
246 {
247 struct usb_composite_dev *cdev = c->cdev;
248 struct f_eem *eem = func_to_eem(f);
249 struct usb_string *us;
250 int status;
251 struct usb_ep *ep;
252
253 struct f_eem_opts *eem_opts;
254
255 eem_opts = container_of(f->fi, struct f_eem_opts, func_inst);
256 /*
257 * in drivers/usb/gadget/configfs.c:configfs_composite_bind()
258 * configurations are bound in sequence with list_for_each_entry,
259 * in each configuration its functions are bound in sequence
260 * with list_for_each_entry, so we assume no race condition
261 * with regard to eem_opts->bound access
262 */
263 if (!eem_opts->bound) {
264 mutex_lock(&eem_opts->lock);
265 gether_set_gadget(eem_opts->net, cdev->gadget);
266 status = gether_register_netdev(eem_opts->net);
267 mutex_unlock(&eem_opts->lock);
268 if (status)
269 return status;
270 eem_opts->bound = true;
271 }
272
273 us = usb_gstrings_attach(cdev, eem_strings,
274 ARRAY_SIZE(eem_string_defs));
275 if (IS_ERR(us))
276 return PTR_ERR(us);
277 eem_intf.iInterface = us[0].id;
278
279 /* allocate instance-specific interface IDs */
280 status = usb_interface_id(c, f);
281 if (status < 0)
282 goto fail;
283 eem->ctrl_id = status;
284 eem_intf.bInterfaceNumber = status;
285
286 status = -ENODEV;
287
288 /* allocate instance-specific endpoints */
289 ep = usb_ep_autoconfig(cdev->gadget, &eem_fs_in_desc);
290 if (!ep)
291 goto fail;
292 eem->port.in_ep = ep;
293
294 ep = usb_ep_autoconfig(cdev->gadget, &eem_fs_out_desc);
295 if (!ep)
296 goto fail;
297 eem->port.out_ep = ep;
298
299 status = -ENOMEM;
300
301 /* support all relevant hardware speeds... we expect that when
302 * hardware is dual speed, all bulk-capable endpoints work at
303 * both speeds
304 */
305 eem_hs_in_desc.bEndpointAddress = eem_fs_in_desc.bEndpointAddress;
306 eem_hs_out_desc.bEndpointAddress = eem_fs_out_desc.bEndpointAddress;
307
308 eem_ss_in_desc.bEndpointAddress = eem_fs_in_desc.bEndpointAddress;
309 eem_ss_out_desc.bEndpointAddress = eem_fs_out_desc.bEndpointAddress;
310
311 status = usb_assign_descriptors(f, eem_fs_function, eem_hs_function,
312 eem_ss_function, NULL);
313 if (status)
314 goto fail;
315
316 DBG(cdev, "CDC Ethernet (EEM): %s speed IN/%s OUT/%s\n",
317 gadget_is_superspeed(c->cdev->gadget) ? "super" :
318 gadget_is_dualspeed(c->cdev->gadget) ? "dual" : "full",
319 eem->port.in_ep->name, eem->port.out_ep->name);
320 return 0;
321
322 fail:
323 ERROR(cdev, "%s: can't bind, err %d\n", f->name, status);
324
325 return status;
326 }
327
328 static void eem_cmd_complete(struct usb_ep *ep, struct usb_request *req)
329 {
330 struct sk_buff *skb = (struct sk_buff *)req->context;
331
332 dev_kfree_skb_any(skb);
333 }
334
335 /*
336 * Add the EEM header and ethernet checksum.
337 * We currently do not attempt to put multiple ethernet frames
338 * into a single USB transfer
339 */
340 static struct sk_buff *eem_wrap(struct gether *port, struct sk_buff *skb)
341 {
342 struct sk_buff *skb2 = NULL;
343 struct usb_ep *in = port->in_ep;
344 int headroom, tailroom, padlen = 0;
345 u16 len;
346
347 if (!skb)
348 return NULL;
349
350 len = skb->len;
351 headroom = skb_headroom(skb);
352 tailroom = skb_tailroom(skb);
353
354 /* When (len + EEM_HLEN + ETH_FCS_LEN) % in->maxpacket) is 0,
355 * stick two bytes of zero-length EEM packet on the end.
356 */
357 if (((len + EEM_HLEN + ETH_FCS_LEN) % in->maxpacket) == 0)
358 padlen += 2;
359
360 if ((tailroom >= (ETH_FCS_LEN + padlen)) &&
361 (headroom >= EEM_HLEN) && !skb_cloned(skb))
362 goto done;
363
364 skb2 = skb_copy_expand(skb, EEM_HLEN, ETH_FCS_LEN + padlen, GFP_ATOMIC);
365 dev_kfree_skb_any(skb);
366 skb = skb2;
367 if (!skb)
368 return skb;
369
370 done:
371 /* use the "no CRC" option */
372 put_unaligned_be32(0xdeadbeef, skb_put(skb, 4));
373
374 /* EEM packet header format:
375 * b0..13: length of ethernet frame
376 * b14: bmCRC (0 == sentinel CRC)
377 * b15: bmType (0 == data)
378 */
379 len = skb->len;
380 put_unaligned_le16(len & 0x3FFF, skb_push(skb, 2));
381
382 /* add a zero-length EEM packet, if needed */
383 if (padlen)
384 put_unaligned_le16(0, skb_put(skb, 2));
385
386 return skb;
387 }
388
389 /*
390 * Remove the EEM header. Note that there can be many EEM packets in a single
391 * USB transfer, so we need to break them out and handle them independently.
392 */
393 static int eem_unwrap(struct gether *port,
394 struct sk_buff *skb,
395 struct sk_buff_head *list)
396 {
397 struct usb_composite_dev *cdev = port->func.config->cdev;
398 int status = 0;
399
400 do {
401 struct sk_buff *skb2;
402 u16 header;
403 u16 len = 0;
404
405 if (skb->len < EEM_HLEN) {
406 status = -EINVAL;
407 DBG(cdev, "invalid EEM header\n");
408 goto error;
409 }
410
411 /* remove the EEM header */
412 header = get_unaligned_le16(skb->data);
413 skb_pull(skb, EEM_HLEN);
414
415 /* EEM packet header format:
416 * b0..14: EEM type dependent (data or command)
417 * b15: bmType (0 == data, 1 == command)
418 */
419 if (header & BIT(15)) {
420 struct usb_request *req = cdev->req;
421 u16 bmEEMCmd;
422
423 /* EEM command packet format:
424 * b0..10: bmEEMCmdParam
425 * b11..13: bmEEMCmd
426 * b14: reserved (must be zero)
427 * b15: bmType (1 == command)
428 */
429 if (header & BIT(14))
430 continue;
431
432 bmEEMCmd = (header >> 11) & 0x7;
433 switch (bmEEMCmd) {
434 case 0: /* echo */
435 len = header & 0x7FF;
436 if (skb->len < len) {
437 status = -EOVERFLOW;
438 goto error;
439 }
440
441 skb2 = skb_clone(skb, GFP_ATOMIC);
442 if (unlikely(!skb2)) {
443 DBG(cdev, "EEM echo response error\n");
444 goto next;
445 }
446 skb_trim(skb2, len);
447 put_unaligned_le16(BIT(15) | BIT(11) | len,
448 skb_push(skb2, 2));
449 skb_copy_bits(skb2, 0, req->buf, skb2->len);
450 req->length = skb2->len;
451 req->complete = eem_cmd_complete;
452 req->zero = 1;
453 req->context = skb2;
454 if (usb_ep_queue(port->in_ep, req, GFP_ATOMIC))
455 DBG(cdev, "echo response queue fail\n");
456 break;
457
458 case 1: /* echo response */
459 case 2: /* suspend hint */
460 case 3: /* response hint */
461 case 4: /* response complete hint */
462 case 5: /* tickle */
463 default: /* reserved */
464 continue;
465 }
466 } else {
467 u32 crc, crc2;
468 struct sk_buff *skb3;
469
470 /* check for zero-length EEM packet */
471 if (header == 0)
472 continue;
473
474 /* EEM data packet format:
475 * b0..13: length of ethernet frame
476 * b14: bmCRC (0 == sentinel, 1 == calculated)
477 * b15: bmType (0 == data)
478 */
479 len = header & 0x3FFF;
480 if ((skb->len < len)
481 || (len < (ETH_HLEN + ETH_FCS_LEN))) {
482 status = -EINVAL;
483 goto error;
484 }
485
486 /* validate CRC */
487 if (header & BIT(14)) {
488 crc = get_unaligned_le32(skb->data + len
489 - ETH_FCS_LEN);
490 crc2 = ~crc32_le(~0,
491 skb->data, len - ETH_FCS_LEN);
492 } else {
493 crc = get_unaligned_be32(skb->data + len
494 - ETH_FCS_LEN);
495 crc2 = 0xdeadbeef;
496 }
497 if (crc != crc2) {
498 DBG(cdev, "invalid EEM CRC\n");
499 goto next;
500 }
501
502 skb2 = skb_clone(skb, GFP_ATOMIC);
503 if (unlikely(!skb2)) {
504 DBG(cdev, "unable to unframe EEM packet\n");
505 continue;
506 }
507 skb_trim(skb2, len - ETH_FCS_LEN);
508
509 skb3 = skb_copy_expand(skb2,
510 NET_IP_ALIGN,
511 0,
512 GFP_ATOMIC);
513 if (unlikely(!skb3)) {
514 DBG(cdev, "unable to realign EEM packet\n");
515 dev_kfree_skb_any(skb2);
516 continue;
517 }
518 dev_kfree_skb_any(skb2);
519 skb_queue_tail(list, skb3);
520 }
521 next:
522 skb_pull(skb, len);
523 } while (skb->len);
524
525 error:
526 dev_kfree_skb_any(skb);
527 return status;
528 }
529
530 static inline struct f_eem_opts *to_f_eem_opts(struct config_item *item)
531 {
532 return container_of(to_config_group(item), struct f_eem_opts,
533 func_inst.group);
534 }
535
536 /* f_eem_item_ops */
537 USB_ETHERNET_CONFIGFS_ITEM(eem);
538
539 /* f_eem_opts_dev_addr */
540 USB_ETHERNET_CONFIGFS_ITEM_ATTR_DEV_ADDR(eem);
541
542 /* f_eem_opts_host_addr */
543 USB_ETHERNET_CONFIGFS_ITEM_ATTR_HOST_ADDR(eem);
544
545 /* f_eem_opts_qmult */
546 USB_ETHERNET_CONFIGFS_ITEM_ATTR_QMULT(eem);
547
548 /* f_eem_opts_ifname */
549 USB_ETHERNET_CONFIGFS_ITEM_ATTR_IFNAME(eem);
550
551 static struct configfs_attribute *eem_attrs[] = {
552 &eem_opts_attr_dev_addr,
553 &eem_opts_attr_host_addr,
554 &eem_opts_attr_qmult,
555 &eem_opts_attr_ifname,
556 NULL,
557 };
558
559 static struct config_item_type eem_func_type = {
560 .ct_item_ops = &eem_item_ops,
561 .ct_attrs = eem_attrs,
562 .ct_owner = THIS_MODULE,
563 };
564
565 static void eem_free_inst(struct usb_function_instance *f)
566 {
567 struct f_eem_opts *opts;
568
569 opts = container_of(f, struct f_eem_opts, func_inst);
570 if (opts->bound)
571 gether_cleanup(netdev_priv(opts->net));
572 else
573 free_netdev(opts->net);
574 kfree(opts);
575 }
576
577 static struct usb_function_instance *eem_alloc_inst(void)
578 {
579 struct f_eem_opts *opts;
580
581 opts = kzalloc(sizeof(*opts), GFP_KERNEL);
582 if (!opts)
583 return ERR_PTR(-ENOMEM);
584 mutex_init(&opts->lock);
585 opts->func_inst.free_func_inst = eem_free_inst;
586 opts->net = gether_setup_default();
587 if (IS_ERR(opts->net)) {
588 struct net_device *net = opts->net;
589 kfree(opts);
590 return ERR_CAST(net);
591 }
592
593 config_group_init_type_name(&opts->func_inst.group, "", &eem_func_type);
594
595 return &opts->func_inst;
596 }
597
598 static void eem_free(struct usb_function *f)
599 {
600 struct f_eem *eem;
601 struct f_eem_opts *opts;
602
603 eem = func_to_eem(f);
604 opts = container_of(f->fi, struct f_eem_opts, func_inst);
605 kfree(eem);
606 mutex_lock(&opts->lock);
607 opts->refcnt--;
608 mutex_unlock(&opts->lock);
609 }
610
611 static void eem_unbind(struct usb_configuration *c, struct usb_function *f)
612 {
613 DBG(c->cdev, "eem unbind\n");
614
615 usb_free_all_descriptors(f);
616 }
617
618 static struct usb_function *eem_alloc(struct usb_function_instance *fi)
619 {
620 struct f_eem *eem;
621 struct f_eem_opts *opts;
622
623 /* allocate and initialize one new instance */
624 eem = kzalloc(sizeof(*eem), GFP_KERNEL);
625 if (!eem)
626 return ERR_PTR(-ENOMEM);
627
628 opts = container_of(fi, struct f_eem_opts, func_inst);
629 mutex_lock(&opts->lock);
630 opts->refcnt++;
631
632 eem->port.ioport = netdev_priv(opts->net);
633 mutex_unlock(&opts->lock);
634 eem->port.cdc_filter = DEFAULT_FILTER;
635
636 eem->port.func.name = "cdc_eem";
637 /* descriptors are per-instance copies */
638 eem->port.func.bind = eem_bind;
639 eem->port.func.unbind = eem_unbind;
640 eem->port.func.set_alt = eem_set_alt;
641 eem->port.func.setup = eem_setup;
642 eem->port.func.disable = eem_disable;
643 eem->port.func.free_func = eem_free;
644 eem->port.wrap = eem_wrap;
645 eem->port.unwrap = eem_unwrap;
646 eem->port.header_len = EEM_HLEN;
647
648 return &eem->port.func;
649 }
650
651 DECLARE_USB_FUNCTION_INIT(eem, eem_alloc_inst, eem_alloc);
652 MODULE_LICENSE("GPL");
653 MODULE_AUTHOR("David Brownell");
Linux with added FPC-III support