1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * Host Side support for RNDIS Networking Links
4  * Copyright (C) 2005 by David Brownell
5  */
6 #include <linux/module.h>
7 #include <linux/netdevice.h>
8 #include <linux/etherdevice.h>
9 #include <linux/ethtool.h>
10 #include <linux/workqueue.h>
11 #include <linux/slab.h>
12 #include <linux/mii.h>
13 #include <linux/usb.h>
14 #include <linux/usb/cdc.h>
15 #include <linux/usb/usbnet.h>
16 #include <linux/usb/rndis_host.h>
17 
18 
19 /*
20  * RNDIS is NDIS remoted over USB.  It's a MSFT variant of CDC ACM ... of
21  * course ACM was intended for modems, not Ethernet links!  USB's standard
22  * for Ethernet links is "CDC Ethernet", which is significantly simpler.
23  *
24  * NOTE that Microsoft's "RNDIS 1.0" specification is incomplete.  Issues
25  * include:
26  *    - Power management in particular relies on information that's scattered
27  *	through other documentation, and which is incomplete or incorrect even
28  *	there.
29  *    - There are various undocumented protocol requirements, such as the
30  *	need to send unused garbage in control-OUT messages.
31  *    - In some cases, MS-Windows will emit undocumented requests; this
32  *	matters more to peripheral implementations than host ones.
33  *
34  * Moreover there's a no-open-specs variant of RNDIS called "ActiveSync".
35  *
36  * For these reasons and others, ** USE OF RNDIS IS STRONGLY DISCOURAGED ** in
37  * favor of such non-proprietary alternatives as CDC Ethernet or the newer (and
38  * currently rare) "Ethernet Emulation Model" (EEM).
39  */
40 
41 /*
42  * RNDIS notifications from device: command completion; "reverse"
43  * keepalives; etc
44  */
rndis_status(struct usbnet * dev,struct urb * urb)45 void rndis_status(struct usbnet *dev, struct urb *urb)
46 {
47 	netdev_dbg(dev->net, "rndis status urb, len %d stat %d\n",
48 		   urb->actual_length, urb->status);
49 	// FIXME for keepalives, respond immediately (asynchronously)
50 	// if not an RNDIS status, do like cdc_status(dev,urb) does
51 }
52 EXPORT_SYMBOL_GPL(rndis_status);
53 
54 /*
55  * RNDIS indicate messages.
56  */
rndis_msg_indicate(struct usbnet * dev,struct rndis_indicate * msg,int buflen)57 static void rndis_msg_indicate(struct usbnet *dev, struct rndis_indicate *msg,
58 				int buflen)
59 {
60 	struct cdc_state *info = (void *)&dev->data;
61 	struct device *udev = &info->control->dev;
62 
63 	if (dev->driver_info->indication) {
64 		dev->driver_info->indication(dev, msg, buflen);
65 	} else {
66 		u32 status = le32_to_cpu(msg->status);
67 
68 		switch (status) {
69 		case RNDIS_STATUS_MEDIA_CONNECT:
70 			dev_info(udev, "rndis media connect\n");
71 			break;
72 		case RNDIS_STATUS_MEDIA_DISCONNECT:
73 			dev_info(udev, "rndis media disconnect\n");
74 			break;
75 		default:
76 			dev_info(udev, "rndis indication: 0x%08x\n", status);
77 		}
78 	}
79 }
80 
81 /*
82  * RPC done RNDIS-style.  Caller guarantees:
83  * - message is properly byteswapped
84  * - there's no other request pending
85  * - buf can hold up to 1KB response (required by RNDIS spec)
86  * On return, the first few entries are already byteswapped.
87  *
88  * Call context is likely probe(), before interface name is known,
89  * which is why we won't try to use it in the diagnostics.
90  */
rndis_command(struct usbnet * dev,struct rndis_msg_hdr * buf,int buflen)91 int rndis_command(struct usbnet *dev, struct rndis_msg_hdr *buf, int buflen)
92 {
93 	struct cdc_state	*info = (void *) &dev->data;
94 	struct usb_cdc_notification notification;
95 	int			master_ifnum;
96 	int			retval;
97 	int			partial;
98 	unsigned		count;
99 	u32			xid = 0, msg_len, request_id, msg_type, rsp,
100 				status;
101 
102 	/* REVISIT when this gets called from contexts other than probe() or
103 	 * disconnect(): either serialize, or dispatch responses on xid
104 	 */
105 
106 	msg_type = le32_to_cpu(buf->msg_type);
107 
108 	/* Issue the request; xid is unique, don't bother byteswapping it */
109 	if (likely(msg_type != RNDIS_MSG_HALT && msg_type != RNDIS_MSG_RESET)) {
110 		xid = dev->xid++;
111 		if (!xid)
112 			xid = dev->xid++;
113 		buf->request_id = (__force __le32) xid;
114 	}
115 	master_ifnum = info->control->cur_altsetting->desc.bInterfaceNumber;
116 	retval = usb_control_msg(dev->udev,
117 		usb_sndctrlpipe(dev->udev, 0),
118 		USB_CDC_SEND_ENCAPSULATED_COMMAND,
119 		USB_TYPE_CLASS | USB_RECIP_INTERFACE,
120 		0, master_ifnum,
121 		buf, le32_to_cpu(buf->msg_len),
122 		RNDIS_CONTROL_TIMEOUT_MS);
123 	if (unlikely(retval < 0 || xid == 0))
124 		return retval;
125 
126 	/* Some devices don't respond on the control channel until
127 	 * polled on the status channel, so do that first. */
128 	if (dev->driver_info->data & RNDIS_DRIVER_DATA_POLL_STATUS) {
129 		retval = usb_interrupt_msg(
130 			dev->udev,
131 			usb_rcvintpipe(dev->udev,
132 				       dev->status->desc.bEndpointAddress),
133 			&notification, sizeof(notification), &partial,
134 			RNDIS_CONTROL_TIMEOUT_MS);
135 		if (unlikely(retval < 0))
136 			return retval;
137 	}
138 
139 	/* Poll the control channel; the request probably completed immediately */
140 	rsp = le32_to_cpu(buf->msg_type) | RNDIS_MSG_COMPLETION;
141 	for (count = 0; count < 10; count++) {
142 		memset(buf, 0, CONTROL_BUFFER_SIZE);
143 		retval = usb_control_msg(dev->udev,
144 			usb_rcvctrlpipe(dev->udev, 0),
145 			USB_CDC_GET_ENCAPSULATED_RESPONSE,
146 			USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
147 			0, master_ifnum,
148 			buf, buflen,
149 			RNDIS_CONTROL_TIMEOUT_MS);
150 		if (likely(retval >= 8)) {
151 			msg_type = le32_to_cpu(buf->msg_type);
152 			msg_len = le32_to_cpu(buf->msg_len);
153 			status = le32_to_cpu(buf->status);
154 			request_id = (__force u32) buf->request_id;
155 			if (likely(msg_type == rsp)) {
156 				if (likely(request_id == xid)) {
157 					if (unlikely(rsp == RNDIS_MSG_RESET_C))
158 						return 0;
159 					if (likely(RNDIS_STATUS_SUCCESS ==
160 							status))
161 						return 0;
162 					dev_dbg(&info->control->dev,
163 						"rndis reply status %08x\n",
164 						status);
165 					return -EL3RST;
166 				}
167 				dev_dbg(&info->control->dev,
168 					"rndis reply id %d expected %d\n",
169 					request_id, xid);
170 				/* then likely retry */
171 			} else switch (msg_type) {
172 			case RNDIS_MSG_INDICATE: /* fault/event */
173 				rndis_msg_indicate(dev, (void *)buf, buflen);
174 				break;
175 			case RNDIS_MSG_KEEPALIVE: { /* ping */
176 				struct rndis_keepalive_c *msg = (void *)buf;
177 
178 				msg->msg_type = cpu_to_le32(RNDIS_MSG_KEEPALIVE_C);
179 				msg->msg_len = cpu_to_le32(sizeof *msg);
180 				msg->status = cpu_to_le32(RNDIS_STATUS_SUCCESS);
181 				retval = usb_control_msg(dev->udev,
182 					usb_sndctrlpipe(dev->udev, 0),
183 					USB_CDC_SEND_ENCAPSULATED_COMMAND,
184 					USB_TYPE_CLASS | USB_RECIP_INTERFACE,
185 					0, master_ifnum,
186 					msg, sizeof *msg,
187 					RNDIS_CONTROL_TIMEOUT_MS);
188 				if (unlikely(retval < 0))
189 					dev_dbg(&info->control->dev,
190 						"rndis keepalive err %d\n",
191 						retval);
192 				}
193 				break;
194 			default:
195 				dev_dbg(&info->control->dev,
196 					"unexpected rndis msg %08x len %d\n",
197 					le32_to_cpu(buf->msg_type), msg_len);
198 			}
199 		} else {
200 			/* device probably issued a protocol stall; ignore */
201 			dev_dbg(&info->control->dev,
202 				"rndis response error, code %d\n", retval);
203 		}
204 		msleep(40);
205 	}
206 	dev_dbg(&info->control->dev, "rndis response timeout\n");
207 	return -ETIMEDOUT;
208 }
209 EXPORT_SYMBOL_GPL(rndis_command);
210 
211 /*
212  * rndis_query:
213  *
214  * Performs a query for @oid along with 0 or more bytes of payload as
215  * specified by @in_len. If @reply_len is not set to -1 then the reply
216  * length is checked against this value, resulting in an error if it
217  * doesn't match.
218  *
219  * NOTE: Adding a payload exactly or greater than the size of the expected
220  * response payload is an evident requirement MSFT added for ActiveSync.
221  *
222  * The only exception is for OIDs that return a variably sized response,
223  * in which case no payload should be added.  This undocumented (and
224  * nonsensical!) issue was found by sniffing protocol requests from the
225  * ActiveSync 4.1 Windows driver.
226  */
rndis_query(struct usbnet * dev,struct usb_interface * intf,void * buf,u32 oid,u32 in_len,void ** reply,int * reply_len)227 static int rndis_query(struct usbnet *dev, struct usb_interface *intf,
228 		void *buf, u32 oid, u32 in_len,
229 		void **reply, int *reply_len)
230 {
231 	int retval;
232 	union {
233 		void			*buf;
234 		struct rndis_msg_hdr	*header;
235 		struct rndis_query	*get;
236 		struct rndis_query_c	*get_c;
237 	} u;
238 	u32 off, len;
239 
240 	u.buf = buf;
241 
242 	memset(u.get, 0, sizeof *u.get + in_len);
243 	u.get->msg_type = cpu_to_le32(RNDIS_MSG_QUERY);
244 	u.get->msg_len = cpu_to_le32(sizeof *u.get + in_len);
245 	u.get->oid = cpu_to_le32(oid);
246 	u.get->len = cpu_to_le32(in_len);
247 	u.get->offset = cpu_to_le32(20);
248 
249 	retval = rndis_command(dev, u.header, CONTROL_BUFFER_SIZE);
250 	if (unlikely(retval < 0)) {
251 		dev_err(&intf->dev, "RNDIS_MSG_QUERY(0x%08x) failed, %d\n",
252 				oid, retval);
253 		return retval;
254 	}
255 
256 	off = le32_to_cpu(u.get_c->offset);
257 	len = le32_to_cpu(u.get_c->len);
258 	if (unlikely((off > CONTROL_BUFFER_SIZE - 8) ||
259 		     (len > CONTROL_BUFFER_SIZE - 8 - off)))
260 		goto response_error;
261 
262 	if (*reply_len != -1 && len != *reply_len)
263 		goto response_error;
264 
265 	*reply = (unsigned char *) &u.get_c->request_id + off;
266 	*reply_len = len;
267 
268 	return retval;
269 
270 response_error:
271 	dev_err(&intf->dev, "RNDIS_MSG_QUERY(0x%08x) "
272 			"invalid response - off %d len %d\n",
273 		oid, off, len);
274 	return -EDOM;
275 }
276 
277 /* same as usbnet_netdev_ops but MTU change not allowed */
278 static const struct net_device_ops rndis_netdev_ops = {
279 	.ndo_open		= usbnet_open,
280 	.ndo_stop		= usbnet_stop,
281 	.ndo_start_xmit		= usbnet_start_xmit,
282 	.ndo_tx_timeout		= usbnet_tx_timeout,
283 	.ndo_get_stats64	= dev_get_tstats64,
284 	.ndo_set_mac_address 	= eth_mac_addr,
285 	.ndo_validate_addr	= eth_validate_addr,
286 };
287 
288 int
generic_rndis_bind(struct usbnet * dev,struct usb_interface * intf,int flags)289 generic_rndis_bind(struct usbnet *dev, struct usb_interface *intf, int flags)
290 {
291 	int			retval;
292 	struct net_device	*net = dev->net;
293 	struct cdc_state	*info = (void *) &dev->data;
294 	union {
295 		void			*buf;
296 		struct rndis_msg_hdr	*header;
297 		struct rndis_init	*init;
298 		struct rndis_init_c	*init_c;
299 		struct rndis_query	*get;
300 		struct rndis_query_c	*get_c;
301 		struct rndis_set	*set;
302 		struct rndis_set_c	*set_c;
303 		struct rndis_halt	*halt;
304 	} u;
305 	u32			tmp;
306 	__le32			phym_unspec, *phym;
307 	int			reply_len;
308 	unsigned char		*bp;
309 
310 	/* we can't rely on i/o from stack working, or stack allocation */
311 	u.buf = kmalloc(CONTROL_BUFFER_SIZE, GFP_KERNEL);
312 	if (!u.buf)
313 		return -ENOMEM;
314 	retval = usbnet_generic_cdc_bind(dev, intf);
315 	if (retval < 0)
316 		goto fail;
317 
318 	u.init->msg_type = cpu_to_le32(RNDIS_MSG_INIT);
319 	u.init->msg_len = cpu_to_le32(sizeof *u.init);
320 	u.init->major_version = cpu_to_le32(1);
321 	u.init->minor_version = cpu_to_le32(0);
322 
323 	/* max transfer (in spec) is 0x4000 at full speed, but for
324 	 * TX we'll stick to one Ethernet packet plus RNDIS framing.
325 	 * For RX we handle drivers that zero-pad to end-of-packet.
326 	 * Don't let userspace change these settings.
327 	 *
328 	 * NOTE: there still seems to be weirdness here, as if we need
329 	 * to do some more things to make sure WinCE targets accept this.
330 	 * They default to jumbograms of 8KB or 16KB, which is absurd
331 	 * for such low data rates and which is also more than Linux
332 	 * can usually expect to allocate for SKB data...
333 	 */
334 	net->hard_header_len += sizeof (struct rndis_data_hdr);
335 	dev->hard_mtu = net->mtu + net->hard_header_len;
336 
337 	dev->maxpacket = usb_maxpacket(dev->udev, dev->out);
338 	if (dev->maxpacket == 0) {
339 		netif_dbg(dev, probe, dev->net,
340 			  "dev->maxpacket can't be 0\n");
341 		retval = -EINVAL;
342 		goto fail_and_release;
343 	}
344 
345 	dev->rx_urb_size = dev->hard_mtu + (dev->maxpacket + 1);
346 	dev->rx_urb_size &= ~(dev->maxpacket - 1);
347 	u.init->max_transfer_size = cpu_to_le32(dev->rx_urb_size);
348 
349 	net->netdev_ops = &rndis_netdev_ops;
350 
351 	retval = rndis_command(dev, u.header, CONTROL_BUFFER_SIZE);
352 	if (unlikely(retval < 0)) {
353 		/* it might not even be an RNDIS device!! */
354 		dev_err(&intf->dev, "RNDIS init failed, %d\n", retval);
355 		goto fail_and_release;
356 	}
357 	tmp = le32_to_cpu(u.init_c->max_transfer_size);
358 	if (tmp < dev->hard_mtu) {
359 		if (tmp <= net->hard_header_len) {
360 			dev_err(&intf->dev,
361 				"dev can't take %u byte packets (max %u)\n",
362 				dev->hard_mtu, tmp);
363 			retval = -EINVAL;
364 			goto halt_fail_and_release;
365 		}
366 		dev_warn(&intf->dev,
367 			 "dev can't take %u byte packets (max %u), "
368 			 "adjusting MTU to %u\n",
369 			 dev->hard_mtu, tmp, tmp - net->hard_header_len);
370 		dev->hard_mtu = tmp;
371 		net->mtu = dev->hard_mtu - net->hard_header_len;
372 	}
373 
374 	/* REVISIT:  peripheral "alignment" request is ignored ... */
375 	dev_dbg(&intf->dev,
376 		"hard mtu %u (%u from dev), rx buflen %zu, align %d\n",
377 		dev->hard_mtu, tmp, dev->rx_urb_size,
378 		1 << le32_to_cpu(u.init_c->packet_alignment));
379 
380 	/* module has some device initialization code needs to be done right
381 	 * after RNDIS_INIT */
382 	if (dev->driver_info->early_init &&
383 			dev->driver_info->early_init(dev) != 0)
384 		goto halt_fail_and_release;
385 
386 	/* Check physical medium */
387 	phym = NULL;
388 	reply_len = sizeof *phym;
389 	retval = rndis_query(dev, intf, u.buf,
390 			     RNDIS_OID_GEN_PHYSICAL_MEDIUM,
391 			     reply_len, (void **)&phym, &reply_len);
392 	if (retval != 0 || !phym) {
393 		/* OID is optional so don't fail here. */
394 		phym_unspec = cpu_to_le32(RNDIS_PHYSICAL_MEDIUM_UNSPECIFIED);
395 		phym = &phym_unspec;
396 	}
397 	if ((flags & FLAG_RNDIS_PHYM_WIRELESS) &&
398 	    le32_to_cpup(phym) != RNDIS_PHYSICAL_MEDIUM_WIRELESS_LAN) {
399 		netif_dbg(dev, probe, dev->net,
400 			  "driver requires wireless physical medium, but device is not\n");
401 		retval = -ENODEV;
402 		goto halt_fail_and_release;
403 	}
404 	if ((flags & FLAG_RNDIS_PHYM_NOT_WIRELESS) &&
405 	    le32_to_cpup(phym) == RNDIS_PHYSICAL_MEDIUM_WIRELESS_LAN) {
406 		netif_dbg(dev, probe, dev->net,
407 			  "driver requires non-wireless physical medium, but device is wireless.\n");
408 		retval = -ENODEV;
409 		goto halt_fail_and_release;
410 	}
411 
412 	/* Get designated host ethernet address */
413 	reply_len = ETH_ALEN;
414 	retval = rndis_query(dev, intf, u.buf,
415 			     RNDIS_OID_802_3_PERMANENT_ADDRESS,
416 			     48, (void **) &bp, &reply_len);
417 	if (unlikely(retval< 0)) {
418 		dev_err(&intf->dev, "rndis get ethaddr, %d\n", retval);
419 		goto halt_fail_and_release;
420 	}
421 
422 	eth_hw_addr_set(net, bp);
423 
424 	/* set a nonzero filter to enable data transfers */
425 	memset(u.set, 0, sizeof *u.set);
426 	u.set->msg_type = cpu_to_le32(RNDIS_MSG_SET);
427 	u.set->msg_len = cpu_to_le32(4 + sizeof *u.set);
428 	u.set->oid = cpu_to_le32(RNDIS_OID_GEN_CURRENT_PACKET_FILTER);
429 	u.set->len = cpu_to_le32(4);
430 	u.set->offset = cpu_to_le32((sizeof *u.set) - 8);
431 	*(__le32 *)(u.buf + sizeof *u.set) = cpu_to_le32(RNDIS_DEFAULT_FILTER);
432 
433 	retval = rndis_command(dev, u.header, CONTROL_BUFFER_SIZE);
434 	if (unlikely(retval < 0)) {
435 		dev_err(&intf->dev, "rndis set packet filter, %d\n", retval);
436 		goto halt_fail_and_release;
437 	}
438 
439 	retval = 0;
440 
441 	kfree(u.buf);
442 	return retval;
443 
444 halt_fail_and_release:
445 	memset(u.halt, 0, sizeof *u.halt);
446 	u.halt->msg_type = cpu_to_le32(RNDIS_MSG_HALT);
447 	u.halt->msg_len = cpu_to_le32(sizeof *u.halt);
448 	(void) rndis_command(dev, (void *)u.halt, CONTROL_BUFFER_SIZE);
449 fail_and_release:
450 	usb_set_intfdata(info->data, NULL);
451 	usb_driver_release_interface(driver_of(intf), info->data);
452 	info->data = NULL;
453 fail:
454 	kfree(u.buf);
455 	return retval;
456 }
457 EXPORT_SYMBOL_GPL(generic_rndis_bind);
458 
rndis_bind(struct usbnet * dev,struct usb_interface * intf)459 static int rndis_bind(struct usbnet *dev, struct usb_interface *intf)
460 {
461 	return generic_rndis_bind(dev, intf, FLAG_RNDIS_PHYM_NOT_WIRELESS);
462 }
463 
zte_rndis_bind(struct usbnet * dev,struct usb_interface * intf)464 static int zte_rndis_bind(struct usbnet *dev, struct usb_interface *intf)
465 {
466 	int status = rndis_bind(dev, intf);
467 
468 	if (!status && (dev->net->dev_addr[0] & 0x02))
469 		eth_hw_addr_random(dev->net);
470 
471 	return status;
472 }
473 
rndis_unbind(struct usbnet * dev,struct usb_interface * intf)474 void rndis_unbind(struct usbnet *dev, struct usb_interface *intf)
475 {
476 	struct rndis_halt	*halt;
477 
478 	/* try to clear any rndis state/activity (no i/o from stack!) */
479 	halt = kzalloc(CONTROL_BUFFER_SIZE, GFP_KERNEL);
480 	if (halt) {
481 		halt->msg_type = cpu_to_le32(RNDIS_MSG_HALT);
482 		halt->msg_len = cpu_to_le32(sizeof *halt);
483 		(void) rndis_command(dev, (void *)halt, CONTROL_BUFFER_SIZE);
484 		kfree(halt);
485 	}
486 
487 	usbnet_cdc_unbind(dev, intf);
488 }
489 EXPORT_SYMBOL_GPL(rndis_unbind);
490 
491 /*
492  * DATA -- host must not write zlps
493  */
rndis_rx_fixup(struct usbnet * dev,struct sk_buff * skb)494 int rndis_rx_fixup(struct usbnet *dev, struct sk_buff *skb)
495 {
496 	bool dst_mac_fixup;
497 
498 	/* This check is no longer done by usbnet */
499 	if (skb->len < dev->net->hard_header_len)
500 		return 0;
501 
502 	dst_mac_fixup = !!(dev->driver_info->data & RNDIS_DRIVER_DATA_DST_MAC_FIXUP);
503 
504 	/* peripheral may have batched packets to us... */
505 	while (likely(skb->len)) {
506 		struct rndis_data_hdr	*hdr = (void *)skb->data;
507 		struct sk_buff		*skb2;
508 		u32			msg_type, msg_len, data_offset, data_len;
509 
510 		msg_type = le32_to_cpu(hdr->msg_type);
511 		msg_len = le32_to_cpu(hdr->msg_len);
512 		data_offset = le32_to_cpu(hdr->data_offset);
513 		data_len = le32_to_cpu(hdr->data_len);
514 
515 		/* don't choke if we see oob, per-packet data, etc */
516 		if (unlikely(msg_type != RNDIS_MSG_PACKET || skb->len < msg_len
517 				|| (data_offset + data_len + 8) > msg_len)) {
518 			dev->net->stats.rx_frame_errors++;
519 			netdev_dbg(dev->net, "bad rndis message %d/%d/%d/%d, len %d\n",
520 				   le32_to_cpu(hdr->msg_type),
521 				   msg_len, data_offset, data_len, skb->len);
522 			return 0;
523 		}
524 		skb_pull(skb, 8 + data_offset);
525 
526 		/* at most one packet left? */
527 		if (likely((data_len - skb->len) <= sizeof *hdr)) {
528 			skb_trim(skb, data_len);
529 			break;
530 		}
531 
532 		/* try to return all the packets in the batch */
533 		skb2 = skb_clone(skb, GFP_ATOMIC);
534 		if (unlikely(!skb2))
535 			break;
536 		skb_pull(skb, msg_len - sizeof *hdr);
537 		skb_trim(skb2, data_len);
538 
539 		if (unlikely(dst_mac_fixup))
540 			usbnet_cdc_zte_rx_fixup(dev, skb2);
541 
542 		usbnet_skb_return(dev, skb2);
543 	}
544 
545 	/* caller will usbnet_skb_return the remaining packet */
546 	if (unlikely(dst_mac_fixup))
547 		usbnet_cdc_zte_rx_fixup(dev, skb);
548 
549 	return 1;
550 }
551 EXPORT_SYMBOL_GPL(rndis_rx_fixup);
552 
553 struct sk_buff *
rndis_tx_fixup(struct usbnet * dev,struct sk_buff * skb,gfp_t flags)554 rndis_tx_fixup(struct usbnet *dev, struct sk_buff *skb, gfp_t flags)
555 {
556 	struct rndis_data_hdr	*hdr;
557 	struct sk_buff		*skb2;
558 	unsigned		len = skb->len;
559 
560 	if (likely(!skb_cloned(skb))) {
561 		int	room = skb_headroom(skb);
562 
563 		/* enough head room as-is? */
564 		if (unlikely((sizeof *hdr) <= room))
565 			goto fill;
566 
567 		/* enough room, but needs to be readjusted? */
568 		room += skb_tailroom(skb);
569 		if (likely((sizeof *hdr) <= room)) {
570 			skb->data = memmove(skb->head + sizeof *hdr,
571 					    skb->data, len);
572 			skb_set_tail_pointer(skb, len);
573 			goto fill;
574 		}
575 	}
576 
577 	/* create a new skb, with the correct size (and tailpad) */
578 	skb2 = skb_copy_expand(skb, sizeof *hdr, 1, flags);
579 	dev_kfree_skb_any(skb);
580 	if (unlikely(!skb2))
581 		return skb2;
582 	skb = skb2;
583 
584 	/* fill out the RNDIS header.  we won't bother trying to batch
585 	 * packets; Linux minimizes wasted bandwidth through tx queues.
586 	 */
587 fill:
588 	hdr = __skb_push(skb, sizeof *hdr);
589 	memset(hdr, 0, sizeof *hdr);
590 	hdr->msg_type = cpu_to_le32(RNDIS_MSG_PACKET);
591 	hdr->msg_len = cpu_to_le32(skb->len);
592 	hdr->data_offset = cpu_to_le32(sizeof(*hdr) - 8);
593 	hdr->data_len = cpu_to_le32(len);
594 
595 	/* FIXME make the last packet always be short ... */
596 	return skb;
597 }
598 EXPORT_SYMBOL_GPL(rndis_tx_fixup);
599 
600 
601 static const struct driver_info	rndis_info = {
602 	.description =	"RNDIS device",
603 	.flags =	FLAG_ETHER | FLAG_POINTTOPOINT | FLAG_FRAMING_RN | FLAG_NO_SETINT,
604 	.bind =		rndis_bind,
605 	.unbind =	rndis_unbind,
606 	.status =	rndis_status,
607 	.rx_fixup =	rndis_rx_fixup,
608 	.tx_fixup =	rndis_tx_fixup,
609 };
610 
611 static const struct driver_info	rndis_poll_status_info = {
612 	.description =	"RNDIS device (poll status before control)",
613 	.flags =	FLAG_ETHER | FLAG_POINTTOPOINT | FLAG_FRAMING_RN | FLAG_NO_SETINT,
614 	.data =		RNDIS_DRIVER_DATA_POLL_STATUS,
615 	.bind =		rndis_bind,
616 	.unbind =	rndis_unbind,
617 	.status =	rndis_status,
618 	.rx_fixup =	rndis_rx_fixup,
619 	.tx_fixup =	rndis_tx_fixup,
620 };
621 
622 static const struct driver_info	zte_rndis_info = {
623 	.description =	"ZTE RNDIS device",
624 	.flags =	FLAG_ETHER | FLAG_POINTTOPOINT | FLAG_FRAMING_RN | FLAG_NO_SETINT,
625 	.data =		RNDIS_DRIVER_DATA_DST_MAC_FIXUP,
626 	.bind =		zte_rndis_bind,
627 	.unbind =	rndis_unbind,
628 	.status =	rndis_status,
629 	.rx_fixup =	rndis_rx_fixup,
630 	.tx_fixup =	rndis_tx_fixup,
631 };
632 
633 /*-------------------------------------------------------------------------*/
634 
635 static const struct usb_device_id	products [] = {
636 {
637 	/* 2Wire HomePortal 1000SW */
638 	USB_DEVICE_AND_INTERFACE_INFO(0x1630, 0x0042,
639 				      USB_CLASS_COMM, 2 /* ACM */, 0x0ff),
640 	.driver_info = (unsigned long) &rndis_poll_status_info,
641 }, {
642 	/* Hytera Communications DMR radios' "Radio to PC Network" */
643 	USB_VENDOR_AND_INTERFACE_INFO(0x238b,
644 				      USB_CLASS_COMM, 2 /* ACM */, 0x0ff),
645 	.driver_info = (unsigned long)&rndis_info,
646 }, {
647 	/* ZTE WWAN modules */
648 	USB_VENDOR_AND_INTERFACE_INFO(0x19d2,
649 				      USB_CLASS_WIRELESS_CONTROLLER, 1, 3),
650 	.driver_info = (unsigned long)&zte_rndis_info,
651 }, {
652 	/* ZTE WWAN modules, ACM flavour */
653 	USB_VENDOR_AND_INTERFACE_INFO(0x19d2,
654 				      USB_CLASS_COMM, 2 /* ACM */, 0x0ff),
655 	.driver_info = (unsigned long)&zte_rndis_info,
656 }, {
657 	/* RNDIS is MSFT's un-official variant of CDC ACM */
658 	USB_INTERFACE_INFO(USB_CLASS_COMM, 2 /* ACM */, 0x0ff),
659 	.driver_info = (unsigned long) &rndis_info,
660 }, {
661 	/* "ActiveSync" is an undocumented variant of RNDIS, used in WM5 */
662 	USB_INTERFACE_INFO(USB_CLASS_MISC, 1, 1),
663 	.driver_info = (unsigned long) &rndis_poll_status_info,
664 }, {
665 	/* RNDIS for tethering */
666 	USB_INTERFACE_INFO(USB_CLASS_WIRELESS_CONTROLLER, 1, 3),
667 	.driver_info = (unsigned long) &rndis_info,
668 }, {
669 	/* Novatel Verizon USB730L */
670 	USB_INTERFACE_INFO(USB_CLASS_MISC, 4, 1),
671 	.driver_info = (unsigned long) &rndis_info,
672 },
673 	{ },		// END
674 };
675 MODULE_DEVICE_TABLE(usb, products);
676 
677 static struct usb_driver rndis_driver = {
678 	.name =		"rndis_host",
679 	.id_table =	products,
680 	.probe =	usbnet_probe,
681 	.disconnect =	usbnet_disconnect,
682 	.suspend =	usbnet_suspend,
683 	.resume =	usbnet_resume,
684 	.disable_hub_initiated_lpm = 1,
685 };
686 
687 module_usb_driver(rndis_driver);
688 
689 MODULE_AUTHOR("David Brownell");
690 MODULE_DESCRIPTION("USB Host side RNDIS driver");
691 MODULE_LICENSE("GPL");
692