1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* MHI MBIM Network driver - Network/MBIM over MHI bus
6 * This driver copy some code from cdc_ncm, which is:
7 * Copyright (C) ST-Ericsson 2010-2012
8 * and cdc_mbim, which is:
9 * Copyright (c) 2012 Smith Micro Software, Inc.
14 #include <linux/ethtool.h>
15 #include <linux/if_arp.h>
16 #include <linux/if_vlan.h>
18 #include <linux/mhi.h>
19 #include <linux/mii.h>
20 #include <linux/mod_devicetable.h>
21 #include <linux/module.h>
22 #include <linux/netdevice.h>
23 #include <linux/skbuff.h>
24 #include <linux/u64_stats_sync.h>
25 #include <linux/usb.h>
26 #include <linux/usb/cdc.h>
27 #include <linux/usb/usbnet.h>
28 #include <linux/usb/cdc_ncm.h>
29 #include <linux/wwan.h>
31 /* 3500 allows to optimize skb allocation, the skbs will basically fit in
32 * one 4K page. Large MBIM packets will simply be split over several MHI
33 * transfers and chained by the MHI net layer (zerocopy).
35 #define MHI_DEFAULT_MRU 3500
37 #define MHI_MBIM_DEFAULT_MTU 1500
38 #define MHI_MAX_BUF_SZ 0xffff
40 #define MBIM_NDP16_SIGN_MASK 0x00ffffff
42 #define MHI_MBIM_LINK_HASH_SIZE 8
43 #define LINK_HASH(session) ((session) % MHI_MBIM_LINK_HASH_SIZE)
45 struct mhi_mbim_link {
46 struct mhi_mbim_context *mbim;
47 struct net_device *ndev;
51 u64_stats_t rx_packets;
53 u64_stats_t rx_errors;
54 u64_stats_t tx_packets;
56 u64_stats_t tx_errors;
57 u64_stats_t tx_dropped;
58 struct u64_stats_sync tx_syncp;
59 struct u64_stats_sync rx_syncp;
61 struct hlist_node hlnode;
64 struct mhi_mbim_context {
65 struct mhi_device *mdev;
66 struct sk_buff *skbagg_head;
67 struct sk_buff *skbagg_tail;
72 struct delayed_work rx_refill;
74 struct hlist_head link_list[MHI_MBIM_LINK_HASH_SIZE];
78 struct usb_cdc_ncm_nth16 nth16;
79 struct usb_cdc_ncm_ndp16 ndp16;
80 struct usb_cdc_ncm_dpe16 dpe16[2];
83 static struct mhi_mbim_link *mhi_mbim_get_link_rcu(struct mhi_mbim_context *mbim,
86 struct mhi_mbim_link *link;
88 hlist_for_each_entry_rcu(link, &mbim->link_list[LINK_HASH(session)], hlnode) {
89 if (link->session == session)
96 static struct sk_buff *mbim_tx_fixup(struct sk_buff *skb, unsigned int session,
99 unsigned int dgram_size = skb->len;
100 struct usb_cdc_ncm_nth16 *nth16;
101 struct usb_cdc_ncm_ndp16 *ndp16;
102 struct mbim_tx_hdr *mbim_hdr;
104 /* Only one NDP is sent, containing the IP packet (no aggregation) */
106 /* Ensure we have enough headroom for crafting MBIM header */
107 if (skb_cow_head(skb, sizeof(struct mbim_tx_hdr))) {
108 dev_kfree_skb_any(skb);
112 mbim_hdr = skb_push(skb, sizeof(struct mbim_tx_hdr));
114 /* Fill NTB header */
115 nth16 = &mbim_hdr->nth16;
116 nth16->dwSignature = cpu_to_le32(USB_CDC_NCM_NTH16_SIGN);
117 nth16->wHeaderLength = cpu_to_le16(sizeof(struct usb_cdc_ncm_nth16));
118 nth16->wSequence = cpu_to_le16(tx_seq);
119 nth16->wBlockLength = cpu_to_le16(skb->len);
120 nth16->wNdpIndex = cpu_to_le16(sizeof(struct usb_cdc_ncm_nth16));
122 /* Fill the unique NDP */
123 ndp16 = &mbim_hdr->ndp16;
124 ndp16->dwSignature = cpu_to_le32(USB_CDC_MBIM_NDP16_IPS_SIGN | (session << 24));
125 ndp16->wLength = cpu_to_le16(sizeof(struct usb_cdc_ncm_ndp16)
126 + sizeof(struct usb_cdc_ncm_dpe16) * 2);
127 ndp16->wNextNdpIndex = 0;
129 /* Datagram follows the mbim header */
130 ndp16->dpe16[0].wDatagramIndex = cpu_to_le16(sizeof(struct mbim_tx_hdr));
131 ndp16->dpe16[0].wDatagramLength = cpu_to_le16(dgram_size);
133 /* null termination */
134 ndp16->dpe16[1].wDatagramIndex = 0;
135 ndp16->dpe16[1].wDatagramLength = 0;
140 static netdev_tx_t mhi_mbim_ndo_xmit(struct sk_buff *skb, struct net_device *ndev)
142 struct mhi_mbim_link *link = wwan_netdev_drvpriv(ndev);
143 struct mhi_mbim_context *mbim = link->mbim;
147 /* Serialize MHI channel queuing and MBIM seq */
148 spin_lock_irqsave(&mbim->tx_lock, flags);
150 skb = mbim_tx_fixup(skb, link->session, mbim->tx_seq);
154 err = mhi_queue_skb(mbim->mdev, DMA_TO_DEVICE, skb, skb->len, MHI_EOT);
156 if (mhi_queue_is_full(mbim->mdev, DMA_TO_DEVICE))
157 netif_stop_queue(ndev);
163 spin_unlock_irqrestore(&mbim->tx_lock, flags);
166 net_err_ratelimited("%s: Failed to queue TX buf (%d)\n",
168 dev_kfree_skb_any(skb);
175 u64_stats_update_begin(&link->tx_syncp);
176 u64_stats_inc(&link->tx_dropped);
177 u64_stats_update_end(&link->tx_syncp);
182 static int mbim_rx_verify_nth16(struct mhi_mbim_context *mbim, struct sk_buff *skb)
184 struct usb_cdc_ncm_nth16 *nth16;
187 if (skb->len < sizeof(struct usb_cdc_ncm_nth16) +
188 sizeof(struct usb_cdc_ncm_ndp16)) {
189 net_err_ratelimited("frame too short\n");
193 nth16 = (struct usb_cdc_ncm_nth16 *)skb->data;
195 if (nth16->dwSignature != cpu_to_le32(USB_CDC_NCM_NTH16_SIGN)) {
196 net_err_ratelimited("invalid NTH16 signature <%#010x>\n",
197 le32_to_cpu(nth16->dwSignature));
201 /* No limit on the block length, except the size of the data pkt */
202 len = le16_to_cpu(nth16->wBlockLength);
203 if (len > skb->len) {
204 net_err_ratelimited("NTB does not fit into the skb %u/%u\n",
209 if (mbim->rx_seq + 1 != le16_to_cpu(nth16->wSequence) &&
210 (mbim->rx_seq || le16_to_cpu(nth16->wSequence)) &&
211 !(mbim->rx_seq == 0xffff && !le16_to_cpu(nth16->wSequence))) {
212 net_err_ratelimited("sequence number glitch prev=%d curr=%d\n",
213 mbim->rx_seq, le16_to_cpu(nth16->wSequence));
215 mbim->rx_seq = le16_to_cpu(nth16->wSequence);
217 return le16_to_cpu(nth16->wNdpIndex);
220 static int mbim_rx_verify_ndp16(struct sk_buff *skb, struct usb_cdc_ncm_ndp16 *ndp16)
224 if (le16_to_cpu(ndp16->wLength) < USB_CDC_NCM_NDP16_LENGTH_MIN) {
225 net_err_ratelimited("invalid DPT16 length <%u>\n",
226 le16_to_cpu(ndp16->wLength));
230 ret = ((le16_to_cpu(ndp16->wLength) - sizeof(struct usb_cdc_ncm_ndp16))
231 / sizeof(struct usb_cdc_ncm_dpe16));
232 ret--; /* Last entry is always a NULL terminator */
234 if (sizeof(struct usb_cdc_ncm_ndp16) +
235 ret * sizeof(struct usb_cdc_ncm_dpe16) > skb->len) {
236 net_err_ratelimited("Invalid nframes = %d\n", ret);
243 static void mhi_mbim_rx(struct mhi_mbim_context *mbim, struct sk_buff *skb)
247 /* Check NTB header and retrieve first NDP offset */
248 ndpoffset = mbim_rx_verify_nth16(mbim, skb);
250 net_err_ratelimited("mbim: Incorrect NTB header\n");
254 /* Process each NDP */
256 struct usb_cdc_ncm_ndp16 ndp16;
257 struct usb_cdc_ncm_dpe16 dpe16;
258 struct mhi_mbim_link *link;
259 int nframes, n, dpeoffset;
260 unsigned int session;
262 if (skb_copy_bits(skb, ndpoffset, &ndp16, sizeof(ndp16))) {
263 net_err_ratelimited("mbim: Incorrect NDP offset (%u)\n",
268 /* Check NDP header and retrieve number of datagrams */
269 nframes = mbim_rx_verify_ndp16(skb, &ndp16);
271 net_err_ratelimited("mbim: Incorrect NDP16\n");
275 /* Only IP data type supported, no DSS in MHI context */
276 if ((ndp16.dwSignature & cpu_to_le32(MBIM_NDP16_SIGN_MASK))
277 != cpu_to_le32(USB_CDC_MBIM_NDP16_IPS_SIGN)) {
278 net_err_ratelimited("mbim: Unsupported NDP type\n");
282 session = (le32_to_cpu(ndp16.dwSignature) & ~MBIM_NDP16_SIGN_MASK) >> 24;
286 link = mhi_mbim_get_link_rcu(mbim, session);
288 net_err_ratelimited("mbim: bad packet session (%u)\n", session);
292 /* de-aggregate and deliver IP packets */
293 dpeoffset = ndpoffset + sizeof(struct usb_cdc_ncm_ndp16);
294 for (n = 0; n < nframes; n++, dpeoffset += sizeof(dpe16)) {
295 u16 dgram_offset, dgram_len;
296 struct sk_buff *skbn;
298 if (skb_copy_bits(skb, dpeoffset, &dpe16, sizeof(dpe16)))
301 dgram_offset = le16_to_cpu(dpe16.wDatagramIndex);
302 dgram_len = le16_to_cpu(dpe16.wDatagramLength);
304 if (!dgram_offset || !dgram_len)
305 break; /* null terminator */
307 skbn = netdev_alloc_skb(link->ndev, dgram_len);
311 skb_put(skbn, dgram_len);
312 skb_copy_bits(skb, dgram_offset, skbn->data, dgram_len);
314 switch (skbn->data[0] & 0xf0) {
316 skbn->protocol = htons(ETH_P_IP);
319 skbn->protocol = htons(ETH_P_IPV6);
322 net_err_ratelimited("%s: unknown protocol\n",
324 dev_kfree_skb_any(skbn);
325 u64_stats_update_begin(&link->rx_syncp);
326 u64_stats_inc(&link->rx_errors);
327 u64_stats_update_end(&link->rx_syncp);
331 u64_stats_update_begin(&link->rx_syncp);
332 u64_stats_inc(&link->rx_packets);
333 u64_stats_add(&link->rx_bytes, skbn->len);
334 u64_stats_update_end(&link->rx_syncp);
341 /* Other NDP to process? */
342 ndpoffset = (int)le16_to_cpu(ndp16.wNextNdpIndex);
348 dev_consume_skb_any(skb);
351 dev_kfree_skb_any(skb);
354 static struct sk_buff *mhi_net_skb_agg(struct mhi_mbim_context *mbim,
357 struct sk_buff *head = mbim->skbagg_head;
358 struct sk_buff *tail = mbim->skbagg_tail;
360 /* This is non-paged skb chaining using frag_list */
362 mbim->skbagg_head = skb;
366 if (!skb_shinfo(head)->frag_list)
367 skb_shinfo(head)->frag_list = skb;
371 head->len += skb->len;
372 head->data_len += skb->len;
373 head->truesize += skb->truesize;
375 mbim->skbagg_tail = skb;
377 return mbim->skbagg_head;
380 static void mhi_net_rx_refill_work(struct work_struct *work)
382 struct mhi_mbim_context *mbim = container_of(work, struct mhi_mbim_context,
384 struct mhi_device *mdev = mbim->mdev;
387 while (!mhi_queue_is_full(mdev, DMA_FROM_DEVICE)) {
388 struct sk_buff *skb = alloc_skb(mbim->mru, GFP_KERNEL);
393 err = mhi_queue_skb(mdev, DMA_FROM_DEVICE, skb,
400 /* Do not hog the CPU if rx buffers are consumed faster than
406 /* If we're still starved of rx buffers, reschedule later */
407 if (mhi_get_free_desc_count(mdev, DMA_FROM_DEVICE) == mbim->rx_queue_sz)
408 schedule_delayed_work(&mbim->rx_refill, HZ / 2);
411 static void mhi_mbim_dl_callback(struct mhi_device *mhi_dev,
412 struct mhi_result *mhi_res)
414 struct mhi_mbim_context *mbim = dev_get_drvdata(&mhi_dev->dev);
415 struct sk_buff *skb = mhi_res->buf_addr;
418 free_desc_count = mhi_get_free_desc_count(mhi_dev, DMA_FROM_DEVICE);
420 if (unlikely(mhi_res->transaction_status)) {
421 switch (mhi_res->transaction_status) {
423 /* Packet has been split over multiple transfers */
424 skb_put(skb, mhi_res->bytes_xferd);
425 mhi_net_skb_agg(mbim, skb);
428 /* MHI layer stopping/resetting the DL channel */
429 dev_kfree_skb_any(skb);
432 /* Unknown error, simply drop */
433 dev_kfree_skb_any(skb);
436 skb_put(skb, mhi_res->bytes_xferd);
438 if (mbim->skbagg_head) {
439 /* Aggregate the final fragment */
440 skb = mhi_net_skb_agg(mbim, skb);
441 mbim->skbagg_head = NULL;
444 mhi_mbim_rx(mbim, skb);
447 /* Refill if RX buffers queue becomes low */
448 if (free_desc_count >= mbim->rx_queue_sz / 2)
449 schedule_delayed_work(&mbim->rx_refill, 0);
452 static void mhi_mbim_ndo_get_stats64(struct net_device *ndev,
453 struct rtnl_link_stats64 *stats)
455 struct mhi_mbim_link *link = wwan_netdev_drvpriv(ndev);
459 start = u64_stats_fetch_begin(&link->rx_syncp);
460 stats->rx_packets = u64_stats_read(&link->rx_packets);
461 stats->rx_bytes = u64_stats_read(&link->rx_bytes);
462 stats->rx_errors = u64_stats_read(&link->rx_errors);
463 } while (u64_stats_fetch_retry(&link->rx_syncp, start));
466 start = u64_stats_fetch_begin(&link->tx_syncp);
467 stats->tx_packets = u64_stats_read(&link->tx_packets);
468 stats->tx_bytes = u64_stats_read(&link->tx_bytes);
469 stats->tx_errors = u64_stats_read(&link->tx_errors);
470 stats->tx_dropped = u64_stats_read(&link->tx_dropped);
471 } while (u64_stats_fetch_retry(&link->tx_syncp, start));
474 static void mhi_mbim_ul_callback(struct mhi_device *mhi_dev,
475 struct mhi_result *mhi_res)
477 struct mhi_mbim_context *mbim = dev_get_drvdata(&mhi_dev->dev);
478 struct sk_buff *skb = mhi_res->buf_addr;
479 struct net_device *ndev = skb->dev;
480 struct mhi_mbim_link *link = wwan_netdev_drvpriv(ndev);
482 /* Hardware has consumed the buffer, so free the skb (which is not
483 * freed by the MHI stack) and perform accounting.
485 dev_consume_skb_any(skb);
487 u64_stats_update_begin(&link->tx_syncp);
488 if (unlikely(mhi_res->transaction_status)) {
489 /* MHI layer stopping/resetting the UL channel */
490 if (mhi_res->transaction_status == -ENOTCONN) {
491 u64_stats_update_end(&link->tx_syncp);
495 u64_stats_inc(&link->tx_errors);
497 u64_stats_inc(&link->tx_packets);
498 u64_stats_add(&link->tx_bytes, mhi_res->bytes_xferd);
500 u64_stats_update_end(&link->tx_syncp);
502 if (netif_queue_stopped(ndev) && !mhi_queue_is_full(mbim->mdev, DMA_TO_DEVICE))
503 netif_wake_queue(ndev);
506 static int mhi_mbim_ndo_open(struct net_device *ndev)
508 struct mhi_mbim_link *link = wwan_netdev_drvpriv(ndev);
510 /* Feed the MHI rx buffer pool */
511 schedule_delayed_work(&link->mbim->rx_refill, 0);
513 /* Carrier is established via out-of-band channel (e.g. qmi) */
514 netif_carrier_on(ndev);
516 netif_start_queue(ndev);
521 static int mhi_mbim_ndo_stop(struct net_device *ndev)
523 netif_stop_queue(ndev);
524 netif_carrier_off(ndev);
529 static const struct net_device_ops mhi_mbim_ndo = {
530 .ndo_open = mhi_mbim_ndo_open,
531 .ndo_stop = mhi_mbim_ndo_stop,
532 .ndo_start_xmit = mhi_mbim_ndo_xmit,
533 .ndo_get_stats64 = mhi_mbim_ndo_get_stats64,
536 static int mhi_mbim_newlink(void *ctxt, struct net_device *ndev, u32 if_id,
537 struct netlink_ext_ack *extack)
539 struct mhi_mbim_link *link = wwan_netdev_drvpriv(ndev);
540 struct mhi_mbim_context *mbim = ctxt;
542 link->session = if_id;
545 u64_stats_init(&link->rx_syncp);
546 u64_stats_init(&link->tx_syncp);
549 if (mhi_mbim_get_link_rcu(mbim, if_id)) {
555 /* Already protected by RTNL lock */
556 hlist_add_head_rcu(&link->hlnode, &mbim->link_list[LINK_HASH(if_id)]);
558 return register_netdevice(ndev);
561 static void mhi_mbim_dellink(void *ctxt, struct net_device *ndev,
562 struct list_head *head)
564 struct mhi_mbim_link *link = wwan_netdev_drvpriv(ndev);
566 hlist_del_init_rcu(&link->hlnode);
569 unregister_netdevice_queue(ndev, head);
572 static void mhi_mbim_setup(struct net_device *ndev)
574 ndev->header_ops = NULL; /* No header */
575 ndev->type = ARPHRD_RAWIP;
576 ndev->needed_headroom = sizeof(struct mbim_tx_hdr);
577 ndev->hard_header_len = 0;
579 ndev->flags = IFF_POINTOPOINT | IFF_NOARP;
580 ndev->netdev_ops = &mhi_mbim_ndo;
581 ndev->mtu = MHI_MBIM_DEFAULT_MTU;
582 ndev->min_mtu = ETH_MIN_MTU;
583 ndev->max_mtu = MHI_MAX_BUF_SZ - ndev->needed_headroom;
584 ndev->tx_queue_len = 1000;
585 ndev->needs_free_netdev = true;
588 static const struct wwan_ops mhi_mbim_wwan_ops = {
589 .priv_size = sizeof(struct mhi_mbim_link),
590 .setup = mhi_mbim_setup,
591 .newlink = mhi_mbim_newlink,
592 .dellink = mhi_mbim_dellink,
595 static int mhi_mbim_probe(struct mhi_device *mhi_dev, const struct mhi_device_id *id)
597 struct mhi_controller *cntrl = mhi_dev->mhi_cntrl;
598 struct mhi_mbim_context *mbim;
601 mbim = devm_kzalloc(&mhi_dev->dev, sizeof(*mbim), GFP_KERNEL);
605 spin_lock_init(&mbim->tx_lock);
606 dev_set_drvdata(&mhi_dev->dev, mbim);
607 mbim->mdev = mhi_dev;
608 mbim->mru = mhi_dev->mhi_cntrl->mru ? mhi_dev->mhi_cntrl->mru : MHI_DEFAULT_MRU;
610 INIT_DELAYED_WORK(&mbim->rx_refill, mhi_net_rx_refill_work);
612 /* Start MHI channels */
613 err = mhi_prepare_for_transfer(mhi_dev);
617 /* Number of transfer descriptors determines size of the queue */
618 mbim->rx_queue_sz = mhi_get_free_desc_count(mhi_dev, DMA_FROM_DEVICE);
620 /* Register wwan link ops with MHI controller representing WWAN instance */
621 return wwan_register_ops(&cntrl->mhi_dev->dev, &mhi_mbim_wwan_ops, mbim, 0);
624 static void mhi_mbim_remove(struct mhi_device *mhi_dev)
626 struct mhi_mbim_context *mbim = dev_get_drvdata(&mhi_dev->dev);
627 struct mhi_controller *cntrl = mhi_dev->mhi_cntrl;
629 mhi_unprepare_from_transfer(mhi_dev);
630 cancel_delayed_work_sync(&mbim->rx_refill);
631 wwan_unregister_ops(&cntrl->mhi_dev->dev);
632 kfree_skb(mbim->skbagg_head);
633 dev_set_drvdata(&mhi_dev->dev, NULL);
636 static const struct mhi_device_id mhi_mbim_id_table[] = {
637 /* Hardware accelerated data PATH (to modem IPA), MBIM protocol */
638 { .chan = "IP_HW0_MBIM", .driver_data = 0 },
641 MODULE_DEVICE_TABLE(mhi, mhi_mbim_id_table);
643 static struct mhi_driver mhi_mbim_driver = {
644 .probe = mhi_mbim_probe,
645 .remove = mhi_mbim_remove,
646 .dl_xfer_cb = mhi_mbim_dl_callback,
647 .ul_xfer_cb = mhi_mbim_ul_callback,
648 .id_table = mhi_mbim_id_table,
650 .name = "mhi_wwan_mbim",
651 .owner = THIS_MODULE,
655 module_mhi_driver(mhi_mbim_driver);
658 MODULE_DESCRIPTION("Network/MBIM over MHI");
659 MODULE_LICENSE("GPL v2");
projects / linux.git / blob