1/* $FreeBSD: stable/11/sys/dev/usb/usb_parse.c 368826 2020-12-30 01:11:08Z hselasky $ */ 2/*- 3 * Copyright (c) 2008-2020 Hans Petter Selasky. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27#ifdef USB_GLOBAL_INCLUDE_FILE 28#include USB_GLOBAL_INCLUDE_FILE 29#else 30#include <sys/stdint.h> 31#include <sys/stddef.h> 32#include <sys/param.h> 33#include <sys/queue.h> 34#include <sys/types.h> 35#include <sys/systm.h> 36#include <sys/kernel.h> 37#include <sys/bus.h> 38#include <sys/module.h> 39#include <sys/lock.h> 40#include <sys/mutex.h> 41#include <sys/condvar.h> 42#include <sys/sysctl.h> 43#include <sys/sx.h> 44#include <sys/unistd.h> 45#include <sys/callout.h> 46#include <sys/malloc.h> 47#include <sys/priv.h> 48 49#include <dev/usb/usb.h> 50#include <dev/usb/usbdi.h> 51#include <dev/usb/usbdi_util.h> 52 53#define USB_DEBUG_VAR usb_debug 54 55#include <dev/usb/usb_core.h> 56#include <dev/usb/usb_debug.h> 57#endif /* USB_GLOBAL_INCLUDE_FILE */ 58 59/*------------------------------------------------------------------------* 60 * usb_desc_foreach 61 * 62 * This function is the safe way to iterate across the USB config 63 * descriptor. It contains several checks against invalid 64 * descriptors. If the "desc" argument passed to this function is 65 * "NULL" the first descriptor, if any, will be returned. 66 * 67 * Return values: 68 * NULL: End of descriptors 69 * Else: Next descriptor after "desc" 70 *------------------------------------------------------------------------*/ 71struct usb_descriptor * 72usb_desc_foreach(struct usb_config_descriptor *cd, 73 struct usb_descriptor *_desc) 74{ 75 uint8_t *desc_next; 76 uint8_t *start; 77 uint8_t *end; 78 uint8_t *desc; 79 80 /* be NULL safe */ 81 if (cd == NULL) 82 return (NULL); 83 84 /* We assume that the "wTotalLength" has been checked. */ 85 start = (uint8_t *)cd; 86 end = start + UGETW(cd->wTotalLength); 87 desc = (uint8_t *)_desc; 88 89 /* Get start of next USB descriptor. */ 90 if (desc == NULL) 91 desc = start; 92 else 93 desc = desc + desc[0]; 94 95 /* Check that the next USB descriptor is within the range. */ 96 if ((desc < start) || (desc >= end)) 97 return (NULL); /* out of range, or EOD */ 98 99 /* Check that the second next USB descriptor is within range. */ 100 desc_next = desc + desc[0]; 101 if ((desc_next < start) || (desc_next > end)) 102 return (NULL); /* out of range */ 103 104 /* Check minimum descriptor length. */ 105 if (desc[0] < 3) 106 return (NULL); /* too short descriptor */ 107 108 /* Return start of next descriptor. */ 109 return ((struct usb_descriptor *)desc); 110} 111 112/*------------------------------------------------------------------------* 113 * usb_idesc_foreach 114 * 115 * This function will iterate the interface descriptors in the config 116 * descriptor. The parse state structure should be zeroed before 117 * calling this function the first time. 118 * 119 * Return values: 120 * NULL: End of descriptors 121 * Else: A valid interface descriptor 122 *------------------------------------------------------------------------*/ 123struct usb_interface_descriptor * 124usb_idesc_foreach(struct usb_config_descriptor *cd, 125 struct usb_idesc_parse_state *ps) 126{ 127 struct usb_interface_descriptor *id; 128 uint8_t new_iface; 129 130 /* retrieve current descriptor */ 131 id = (struct usb_interface_descriptor *)ps->desc; 132 /* default is to start a new interface */ 133 new_iface = 1; 134 135 while (1) { 136 id = (struct usb_interface_descriptor *) 137 usb_desc_foreach(cd, (struct usb_descriptor *)id); 138 if (id == NULL) 139 break; 140 if ((id->bDescriptorType == UDESC_INTERFACE) && 141 (id->bLength >= sizeof(*id))) { 142 if (ps->iface_no_last == id->bInterfaceNumber) { 143 /* 144 * Don't allow more than 256 alternate 145 * settings to avoid overflowing the 146 * alternate index which is a 8-bit 147 * variable. 148 */ 149 if (ps->iface_index_alt == 255) { 150 DPRINTF("Interface(%u) has more than 256 alternate settings\n", 151 id->bInterfaceNumber); 152 continue; 153 } 154 new_iface = 0; 155 } 156 ps->iface_no_last = id->bInterfaceNumber; 157 break; 158 } 159 } 160 161 if (ps->desc == NULL) { 162 /* first time or zero descriptors */ 163 } else if (new_iface) { 164 /* new interface */ 165 ps->iface_index ++; 166 ps->iface_index_alt = 0; 167 } else { 168 /* new alternate interface */ 169 ps->iface_index_alt ++; 170 } 171#if (USB_IFACE_MAX <= 0) 172#error "USB_IFACE_MAX must be defined greater than zero" 173#endif 174 /* check for too many interfaces */ 175 if (ps->iface_index >= USB_IFACE_MAX) { 176 DPRINTF("Interface limit reached\n"); 177 id = NULL; 178 } 179 180 /* store and return current descriptor */ 181 ps->desc = (struct usb_descriptor *)id; 182 return (id); 183} 184 185/*------------------------------------------------------------------------* 186 * usb_edesc_foreach 187 * 188 * This function will iterate all the endpoint descriptors within an 189 * interface descriptor. Starting value for the "ped" argument should 190 * be a valid interface descriptor. 191 * 192 * Return values: 193 * NULL: End of descriptors 194 * Else: A valid endpoint descriptor 195 *------------------------------------------------------------------------*/ 196struct usb_endpoint_descriptor * 197usb_edesc_foreach(struct usb_config_descriptor *cd, 198 struct usb_endpoint_descriptor *ped) 199{ 200 struct usb_descriptor *desc; 201 202 desc = ((struct usb_descriptor *)ped); 203 204 while ((desc = usb_desc_foreach(cd, desc))) { 205 if (desc->bDescriptorType == UDESC_INTERFACE) { 206 break; 207 } 208 if (desc->bDescriptorType == UDESC_ENDPOINT) { 209 if (desc->bLength < sizeof(*ped)) { 210 /* endpoint descriptor is invalid */ 211 break; 212 } 213 return ((struct usb_endpoint_descriptor *)desc); 214 } 215 } 216 return (NULL); 217} 218 219/*------------------------------------------------------------------------* 220 * usb_ed_comp_foreach 221 * 222 * This function will iterate all the endpoint companion descriptors 223 * within an endpoint descriptor in an interface descriptor. Starting 224 * value for the "ped" argument should be a valid endpoint companion 225 * descriptor. 226 * 227 * Return values: 228 * NULL: End of descriptors 229 * Else: A valid endpoint companion descriptor 230 *------------------------------------------------------------------------*/ 231struct usb_endpoint_ss_comp_descriptor * 232usb_ed_comp_foreach(struct usb_config_descriptor *cd, 233 struct usb_endpoint_ss_comp_descriptor *ped) 234{ 235 struct usb_descriptor *desc; 236 237 desc = ((struct usb_descriptor *)ped); 238 239 while ((desc = usb_desc_foreach(cd, desc))) { 240 if (desc->bDescriptorType == UDESC_INTERFACE) 241 break; 242 if (desc->bDescriptorType == UDESC_ENDPOINT) 243 break; 244 if (desc->bDescriptorType == UDESC_ENDPOINT_SS_COMP) { 245 if (desc->bLength < sizeof(*ped)) { 246 /* endpoint companion descriptor is invalid */ 247 break; 248 } 249 return ((struct usb_endpoint_ss_comp_descriptor *)desc); 250 } 251 } 252 return (NULL); 253} 254 255/*------------------------------------------------------------------------* 256 * usbd_get_no_descriptors 257 * 258 * This function will count the total number of descriptors in the 259 * configuration descriptor of type "type". 260 *------------------------------------------------------------------------*/ 261uint8_t 262usbd_get_no_descriptors(struct usb_config_descriptor *cd, uint8_t type) 263{ 264 struct usb_descriptor *desc = NULL; 265 uint8_t count = 0; 266 267 while ((desc = usb_desc_foreach(cd, desc))) { 268 if (desc->bDescriptorType == type) { 269 count++; 270 if (count == 0xFF) 271 break; /* crazy */ 272 } 273 } 274 return (count); 275} 276 277/*------------------------------------------------------------------------* 278 * usbd_get_no_alts 279 * 280 * Return value: 281 * Number of alternate settings for the given interface descriptor 282 * pointer. If the USB descriptor is corrupt, the returned value can 283 * be greater than the actual number of alternate settings. 284 *------------------------------------------------------------------------*/ 285uint8_t 286usbd_get_no_alts(struct usb_config_descriptor *cd, 287 struct usb_interface_descriptor *id) 288{ 289 struct usb_descriptor *desc; 290 uint8_t n; 291 uint8_t ifaceno; 292 293 /* Reset interface count */ 294 295 n = 0; 296 297 /* Get the interface number */ 298 299 ifaceno = id->bInterfaceNumber; 300 301 /* Iterate all the USB descriptors */ 302 303 desc = NULL; 304 while ((desc = usb_desc_foreach(cd, desc))) { 305 if ((desc->bDescriptorType == UDESC_INTERFACE) && 306 (desc->bLength >= sizeof(*id))) { 307 id = (struct usb_interface_descriptor *)desc; 308 if (id->bInterfaceNumber == ifaceno) { 309 n++; 310 if (n == 0xFF) 311 break; /* crazy */ 312 } 313 } 314 } 315 return (n); 316} 317