]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - drivers/net/usb/kalmia.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
net: kalmia: fix memory leaks
[mirror_ubuntu-bionic-kernel.git] / drivers / net / usb / kalmia.c
1 /*
2 * USB network interface driver for Samsung Kalmia based LTE USB modem like the
3 * Samsung GT-B3730 and GT-B3710.
4 *
5 * Copyright (C) 2011 Marius Bjoernstad Kotsbak <marius@kotsbak.com>
6 *
7 * Sponsored by Quicklink Video Distribution Services Ltd.
8 *
9 * Based on the cdc_eem module.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 */
16
17 #include <linux/module.h>
18 #include <linux/netdevice.h>
19 #include <linux/etherdevice.h>
20 #include <linux/ctype.h>
21 #include <linux/ethtool.h>
22 #include <linux/workqueue.h>
23 #include <linux/mii.h>
24 #include <linux/usb.h>
25 #include <linux/crc32.h>
26 #include <linux/usb/cdc.h>
27 #include <linux/usb/usbnet.h>
28 #include <linux/gfp.h>
29
30 /*
31 * The Samsung Kalmia based LTE USB modems have a CDC ACM port for modem control
32 * handled by the "option" module and an ethernet data port handled by this
33 * module.
34 *
35 * The stick must first be switched into modem mode by usb_modeswitch
36 * or similar tool. Then the modem gets sent two initialization packets by
37 * this module, which gives the MAC address of the device. User space can then
38 * connect the modem using AT commands through the ACM port and then use
39 * DHCP on the network interface exposed by this module. Network packets are
40 * sent to and from the modem in a proprietary format discovered after watching
41 * the behavior of the windows driver for the modem.
42 *
43 * More information about the use of the modem is available in usb_modeswitch
44 * forum and the project page:
45 *
46 * http://www.draisberghof.de/usb_modeswitch/bb/viewtopic.php?t=465
47 * https://github.com/mkotsbak/Samsung-GT-B3730-linux-driver
48 */
49
50 /* #define DEBUG */
51 /* #define VERBOSE */
52
53 #define KALMIA_HEADER_LENGTH 6
54 #define KALMIA_ALIGN_SIZE 4
55 #define KALMIA_USB_TIMEOUT 10000
56
57 /*-------------------------------------------------------------------------*/
58
59 static int
60 kalmia_send_init_packet(struct usbnet *dev, u8 *init_msg, u8 init_msg_len,
61 u8 *buffer, u8 expected_len)
62 {
63 int act_len;
64 int status;
65
66 netdev_dbg(dev->net, "Sending init packet");
67
68 status = usb_bulk_msg(dev->udev, usb_sndbulkpipe(dev->udev, 0x02),
69 init_msg, init_msg_len, &act_len, KALMIA_USB_TIMEOUT);
70 if (status != 0) {
71 netdev_err(dev->net,
72 "Error sending init packet. Status %i, length %i\n",
73 status, act_len);
74 return status;
75 }
76 else if (act_len != init_msg_len) {
77 netdev_err(dev->net,
78 "Did not send all of init packet. Bytes sent: %i",
79 act_len);
80 }
81 else {
82 netdev_dbg(dev->net, "Successfully sent init packet.");
83 }
84
85 status = usb_bulk_msg(dev->udev, usb_rcvbulkpipe(dev->udev, 0x81),
86 buffer, expected_len, &act_len, KALMIA_USB_TIMEOUT);
87
88 if (status != 0)
89 netdev_err(dev->net,
90 "Error receiving init result. Status %i, length %i\n",
91 status, act_len);
92 else if (act_len != expected_len)
93 netdev_err(dev->net, "Unexpected init result length: %i\n",
94 act_len);
95
96 return status;
97 }
98
99 static int
100 kalmia_init_and_get_ethernet_addr(struct usbnet *dev, u8 *ethernet_addr)
101 {
102 static const char init_msg_1[] =
103 { 0x57, 0x50, 0x04, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00,
104 0x00, 0x00 };
105 static const char init_msg_2[] =
106 { 0x57, 0x50, 0x04, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0xf4,
107 0x00, 0x00 };
108 static const int buflen = 28;
109 char *usb_buf;
110 int status;
111
112 usb_buf = kmalloc(buflen, GFP_DMA | GFP_KERNEL);
113 if (!usb_buf)
114 return -ENOMEM;
115
116 memcpy(usb_buf, init_msg_1, 12);
117 status = kalmia_send_init_packet(dev, usb_buf, sizeof(init_msg_1)
118 / sizeof(init_msg_1[0]), usb_buf, 24);
119 if (status != 0)
120 goto out;
121
122 memcpy(usb_buf, init_msg_2, 12);
123 status = kalmia_send_init_packet(dev, usb_buf, sizeof(init_msg_2)
124 / sizeof(init_msg_2[0]), usb_buf, 28);
125 if (status != 0)
126 goto out;
127
128 memcpy(ethernet_addr, usb_buf + 10, ETH_ALEN);
129 out:
130 kfree(usb_buf);
131 return status;
132 }
133
134 static int
135 kalmia_bind(struct usbnet *dev, struct usb_interface *intf)
136 {
137 int status;
138 u8 ethernet_addr[ETH_ALEN];
139
140 /* Don't bind to AT command interface */
141 if (intf->cur_altsetting->desc.bInterfaceClass != USB_CLASS_VENDOR_SPEC)
142 return -EINVAL;
143
144 dev->in = usb_rcvbulkpipe(dev->udev, 0x81 & USB_ENDPOINT_NUMBER_MASK);
145 dev->out = usb_sndbulkpipe(dev->udev, 0x02 & USB_ENDPOINT_NUMBER_MASK);
146 dev->status = NULL;
147
148 dev->net->hard_header_len += KALMIA_HEADER_LENGTH;
149 dev->hard_mtu = 1400;
150 dev->rx_urb_size = dev->hard_mtu * 10; // Found as optimal after testing
151
152 status = kalmia_init_and_get_ethernet_addr(dev, ethernet_addr);
153
154 if (status) {
155 usb_set_intfdata(intf, NULL);
156 usb_driver_release_interface(driver_of(intf), intf);
157 return status;
158 }
159
160 memcpy(dev->net->dev_addr, ethernet_addr, ETH_ALEN);
161
162 return status;
163 }
164
165 static struct sk_buff *
166 kalmia_tx_fixup(struct usbnet *dev, struct sk_buff *skb, gfp_t flags)
167 {
168 struct sk_buff *skb2 = NULL;
169 u16 content_len;
170 unsigned char *header_start;
171 unsigned char ether_type_1, ether_type_2;
172 u8 remainder, padlen = 0;
173
174 if (!skb_cloned(skb)) {
175 int headroom = skb_headroom(skb);
176 int tailroom = skb_tailroom(skb);
177
178 if ((tailroom >= KALMIA_ALIGN_SIZE) && (headroom
179 >= KALMIA_HEADER_LENGTH))
180 goto done;
181
182 if ((headroom + tailroom) > (KALMIA_HEADER_LENGTH
183 + KALMIA_ALIGN_SIZE)) {
184 skb->data = memmove(skb->head + KALMIA_HEADER_LENGTH,
185 skb->data, skb->len);
186 skb_set_tail_pointer(skb, skb->len);
187 goto done;
188 }
189 }
190
191 skb2 = skb_copy_expand(skb, KALMIA_HEADER_LENGTH,
192 KALMIA_ALIGN_SIZE, flags);
193 if (!skb2)
194 return NULL;
195
196 dev_kfree_skb_any(skb);
197 skb = skb2;
198
199 done:
200 header_start = skb_push(skb, KALMIA_HEADER_LENGTH);
201 ether_type_1 = header_start[KALMIA_HEADER_LENGTH + 12];
202 ether_type_2 = header_start[KALMIA_HEADER_LENGTH + 13];
203
204 netdev_dbg(dev->net, "Sending etherType: %02x%02x", ether_type_1,
205 ether_type_2);
206
207 /* According to empiric data for data packages */
208 header_start[0] = 0x57;
209 header_start[1] = 0x44;
210 content_len = skb->len - KALMIA_HEADER_LENGTH;
211
212 put_unaligned_le16(content_len, &header_start[2]);
213 header_start[4] = ether_type_1;
214 header_start[5] = ether_type_2;
215
216 /* Align to 4 bytes by padding with zeros */
217 remainder = skb->len % KALMIA_ALIGN_SIZE;
218 if (remainder > 0) {
219 padlen = KALMIA_ALIGN_SIZE - remainder;
220 skb_put_zero(skb, padlen);
221 }
222
223 netdev_dbg(dev->net,
224 "Sending package with length %i and padding %i. Header: %6phC.",
225 content_len, padlen, header_start);
226
227 return skb;
228 }
229
230 static int
231 kalmia_rx_fixup(struct usbnet *dev, struct sk_buff *skb)
232 {
233 /*
234 * Our task here is to strip off framing, leaving skb with one
235 * data frame for the usbnet framework code to process.
236 */
237 static const u8 HEADER_END_OF_USB_PACKET[] =
238 { 0x57, 0x5a, 0x00, 0x00, 0x08, 0x00 };
239 static const u8 EXPECTED_UNKNOWN_HEADER_1[] =
240 { 0x57, 0x43, 0x1e, 0x00, 0x15, 0x02 };
241 static const u8 EXPECTED_UNKNOWN_HEADER_2[] =
242 { 0x57, 0x50, 0x0e, 0x00, 0x00, 0x00 };
243 int i = 0;
244
245 /* incomplete header? */
246 if (skb->len < KALMIA_HEADER_LENGTH)
247 return 0;
248
249 do {
250 struct sk_buff *skb2 = NULL;
251 u8 *header_start;
252 u16 usb_packet_length, ether_packet_length;
253 int is_last;
254
255 header_start = skb->data;
256
257 if (unlikely(header_start[0] != 0x57 || header_start[1] != 0x44)) {
258 if (!memcmp(header_start, EXPECTED_UNKNOWN_HEADER_1,
259 sizeof(EXPECTED_UNKNOWN_HEADER_1)) || !memcmp(
260 header_start, EXPECTED_UNKNOWN_HEADER_2,
261 sizeof(EXPECTED_UNKNOWN_HEADER_2))) {
262 netdev_dbg(dev->net,
263 "Received expected unknown frame header: %6phC. Package length: %i\n",
264 header_start,
265 skb->len - KALMIA_HEADER_LENGTH);
266 }
267 else {
268 netdev_err(dev->net,
269 "Received unknown frame header: %6phC. Package length: %i\n",
270 header_start,
271 skb->len - KALMIA_HEADER_LENGTH);
272 return 0;
273 }
274 }
275 else
276 netdev_dbg(dev->net,
277 "Received header: %6phC. Package length: %i\n",
278 header_start, skb->len - KALMIA_HEADER_LENGTH);
279
280 /* subtract start header and end header */
281 usb_packet_length = skb->len - (2 * KALMIA_HEADER_LENGTH);
282 ether_packet_length = get_unaligned_le16(&header_start[2]);
283 skb_pull(skb, KALMIA_HEADER_LENGTH);
284
285 /* Some small packets misses end marker */
286 if (usb_packet_length < ether_packet_length) {
287 ether_packet_length = usb_packet_length
288 + KALMIA_HEADER_LENGTH;
289 is_last = true;
290 }
291 else {
292 netdev_dbg(dev->net, "Correct package length #%i", i
293 + 1);
294
295 is_last = (memcmp(skb->data + ether_packet_length,
296 HEADER_END_OF_USB_PACKET,
297 sizeof(HEADER_END_OF_USB_PACKET)) == 0);
298 if (!is_last) {
299 header_start = skb->data + ether_packet_length;
300 netdev_dbg(dev->net,
301 "End header: %6phC. Package length: %i\n",
302 header_start,
303 skb->len - KALMIA_HEADER_LENGTH);
304 }
305 }
306
307 if (is_last) {
308 skb2 = skb;
309 }
310 else {
311 skb2 = skb_clone(skb, GFP_ATOMIC);
312 if (unlikely(!skb2))
313 return 0;
314 }
315
316 skb_trim(skb2, ether_packet_length);
317
318 if (is_last) {
319 return 1;
320 }
321 else {
322 usbnet_skb_return(dev, skb2);
323 skb_pull(skb, ether_packet_length);
324 }
325
326 i++;
327 }
328 while (skb->len);
329
330 return 1;
331 }
332
333 static const struct driver_info kalmia_info = {
334 .description = "Samsung Kalmia LTE USB dongle",
335 .flags = FLAG_WWAN,
336 .bind = kalmia_bind,
337 .rx_fixup = kalmia_rx_fixup,
338 .tx_fixup = kalmia_tx_fixup
339 };
340
341 /*-------------------------------------------------------------------------*/
342
343 static const struct usb_device_id products[] = {
344 /* The unswitched USB ID, to get the module auto loaded: */
345 { USB_DEVICE(0x04e8, 0x689a) },
346 /* The stick switched into modem (by e.g. usb_modeswitch): */
347 { USB_DEVICE(0x04e8, 0x6889),
348 .driver_info = (unsigned long) &kalmia_info, },
349 { /* EMPTY == end of list */} };
350 MODULE_DEVICE_TABLE( usb, products);
351
352 static struct usb_driver kalmia_driver = {
353 .name = "kalmia",
354 .id_table = products,
355 .probe = usbnet_probe,
356 .disconnect = usbnet_disconnect,
357 .suspend = usbnet_suspend,
358 .resume = usbnet_resume,
359 .disable_hub_initiated_lpm = 1,
360 };
361
362 module_usb_driver(kalmia_driver);
363
364 MODULE_AUTHOR("Marius Bjoernstad Kotsbak <marius@kotsbak.com>");
365 MODULE_DESCRIPTION("Samsung Kalmia USB network driver");
366 MODULE_LICENSE("GPL");
ubuntu-bionic-kernel mirror