1#include <linux/usb.h> 2#include <linux/usb/ch9.h> 3#include <linux/module.h> 4#include <linux/init.h> 5#include <linux/slab.h> 6#include <linux/device.h> 7#include <asm/byteorder.h> 8#include "usb.h" 9#include "hcd.h" 10 11#define USB_MAXALTSETTING 128 /* Hard limit */ 12#define USB_MAXENDPOINTS 30 /* Hard limit */ 13 14#define USB_MAXCONFIG 8 /* Arbitrary limit */ 15 16 17static inline const char *plural(int n) 18{ 19 return (n == 1 ? "" : "s"); 20} 21 22static int find_next_descriptor(unsigned char *buffer, int size, 23 int dt1, int dt2, int *num_skipped) 24{ 25 struct usb_descriptor_header *h; 26 int n = 0; 27 unsigned char *buffer0 = buffer; 28 29 /* Find the next descriptor of type dt1 or dt2 */ 30 while (size > 0) { 31 h = (struct usb_descriptor_header *) buffer; 32 if (h->bDescriptorType == dt1 || h->bDescriptorType == dt2) 33 break; 34 buffer += h->bLength; 35 size -= h->bLength; 36 ++n; 37 } 38 39 /* Store the number of descriptors skipped and return the 40 * number of bytes skipped */ 41 if (num_skipped) 42 *num_skipped = n; 43 return buffer - buffer0; 44} 45 46static int usb_parse_endpoint(struct device *ddev, int cfgno, int inum, 47 int asnum, struct usb_host_interface *ifp, int num_ep, 48 unsigned char *buffer, int size) 49{ 50 unsigned char *buffer0 = buffer; 51 struct usb_endpoint_descriptor *d; 52 struct usb_host_endpoint *endpoint; 53 int n, i, j; 54 55 d = (struct usb_endpoint_descriptor *) buffer; 56 buffer += d->bLength; 57 size -= d->bLength; 58 59 if (d->bLength >= USB_DT_ENDPOINT_AUDIO_SIZE) 60 n = USB_DT_ENDPOINT_AUDIO_SIZE; 61 else if (d->bLength >= USB_DT_ENDPOINT_SIZE) 62 n = USB_DT_ENDPOINT_SIZE; 63 else { 64 dev_warn(ddev, "config %d interface %d altsetting %d has an " 65 "invalid endpoint descriptor of length %d, skipping\n", 66 cfgno, inum, asnum, d->bLength); 67 goto skip_to_next_endpoint_or_interface_descriptor; 68 } 69 70 i = d->bEndpointAddress & ~USB_ENDPOINT_DIR_MASK; 71 if (i >= 16 || i == 0) { 72 dev_warn(ddev, "config %d interface %d altsetting %d has an " 73 "invalid endpoint with address 0x%X, skipping\n", 74 cfgno, inum, asnum, d->bEndpointAddress); 75 goto skip_to_next_endpoint_or_interface_descriptor; 76 } 77 78 /* Only store as many endpoints as we have room for */ 79 if (ifp->desc.bNumEndpoints >= num_ep) 80 goto skip_to_next_endpoint_or_interface_descriptor; 81 82 endpoint = &ifp->endpoint[ifp->desc.bNumEndpoints]; 83 ++ifp->desc.bNumEndpoints; 84 85 memcpy(&endpoint->desc, d, n); 86 INIT_LIST_HEAD(&endpoint->urb_list); 87 88 /* If the bInterval value is outside the legal range, 89 * set it to a default value: 32 ms */ 90 i = 0; /* i = min, j = max, n = default */ 91 j = 255; 92 if (usb_endpoint_xfer_int(d)) { 93 i = 1; 94 switch (to_usb_device(ddev)->speed) { 95 case USB_SPEED_HIGH: 96 n = 9; /* 32 ms = 2^(9-1) uframes */ 97 j = 16; 98 break; 99 default: /* USB_SPEED_FULL or _LOW */ 100 /* For low-speed, 10 ms is the official minimum. 101 * But some "overclocked" devices might want faster 102 * polling so we'll allow it. */ 103 n = 32; 104 break; 105 } 106 } else if (usb_endpoint_xfer_isoc(d)) { 107 i = 1; 108 j = 16; 109 switch (to_usb_device(ddev)->speed) { 110 case USB_SPEED_HIGH: 111 n = 9; /* 32 ms = 2^(9-1) uframes */ 112 break; 113 default: /* USB_SPEED_FULL */ 114 n = 6; /* 32 ms = 2^(6-1) frames */ 115 break; 116 } 117 } 118 if (d->bInterval < i || d->bInterval > j) { 119 dev_warn(ddev, "config %d interface %d altsetting %d " 120 "endpoint 0x%X has an invalid bInterval %d, " 121 "changing to %d\n", 122 cfgno, inum, asnum, 123 d->bEndpointAddress, d->bInterval, n); 124 endpoint->desc.bInterval = n; 125 } 126 127 /* Skip over any Class Specific or Vendor Specific descriptors; 128 * find the next endpoint or interface descriptor */ 129 endpoint->extra = buffer; 130 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 131 USB_DT_INTERFACE, &n); 132 endpoint->extralen = i; 133 if (n > 0) 134 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 135 n, plural(n), "endpoint"); 136 return buffer - buffer0 + i; 137 138skip_to_next_endpoint_or_interface_descriptor: 139 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 140 USB_DT_INTERFACE, NULL); 141 return buffer - buffer0 + i; 142} 143 144void usb_release_interface_cache(struct kref *ref) 145{ 146 struct usb_interface_cache *intfc = ref_to_usb_interface_cache(ref); 147 int j; 148 149 for (j = 0; j < intfc->num_altsetting; j++) { 150 struct usb_host_interface *alt = &intfc->altsetting[j]; 151 152 kfree(alt->endpoint); 153 kfree(alt->string); 154 } 155 kfree(intfc); 156} 157 158static int usb_parse_interface(struct device *ddev, int cfgno, 159 struct usb_host_config *config, unsigned char *buffer, int size, 160 u8 inums[], u8 nalts[]) 161{ 162 unsigned char *buffer0 = buffer; 163 struct usb_interface_descriptor *d; 164 int inum, asnum; 165 struct usb_interface_cache *intfc; 166 struct usb_host_interface *alt; 167 int i, n; 168 int len, retval; 169 int num_ep, num_ep_orig; 170 171 d = (struct usb_interface_descriptor *) buffer; 172 buffer += d->bLength; 173 size -= d->bLength; 174 175 if (d->bLength < USB_DT_INTERFACE_SIZE) 176 goto skip_to_next_interface_descriptor; 177 178 /* Which interface entry is this? */ 179 intfc = NULL; 180 inum = d->bInterfaceNumber; 181 for (i = 0; i < config->desc.bNumInterfaces; ++i) { 182 if (inums[i] == inum) { 183 intfc = config->intf_cache[i]; 184 break; 185 } 186 } 187 if (!intfc || intfc->num_altsetting >= nalts[i]) 188 goto skip_to_next_interface_descriptor; 189 190 /* Check for duplicate altsetting entries */ 191 asnum = d->bAlternateSetting; 192 for ((i = 0, alt = &intfc->altsetting[0]); 193 i < intfc->num_altsetting; 194 (++i, ++alt)) { 195 if (alt->desc.bAlternateSetting == asnum) { 196 dev_warn(ddev, "Duplicate descriptor for config %d " 197 "interface %d altsetting %d, skipping\n", 198 cfgno, inum, asnum); 199 goto skip_to_next_interface_descriptor; 200 } 201 } 202 203 ++intfc->num_altsetting; 204 memcpy(&alt->desc, d, USB_DT_INTERFACE_SIZE); 205 206 /* Skip over any Class Specific or Vendor Specific descriptors; 207 * find the first endpoint or interface descriptor */ 208 alt->extra = buffer; 209 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 210 USB_DT_INTERFACE, &n); 211 alt->extralen = i; 212 if (n > 0) 213 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 214 n, plural(n), "interface"); 215 buffer += i; 216 size -= i; 217 218 /* Allocate space for the right(?) number of endpoints */ 219 num_ep = num_ep_orig = alt->desc.bNumEndpoints; 220 alt->desc.bNumEndpoints = 0; // Use as a counter 221 if (num_ep > USB_MAXENDPOINTS) { 222 dev_warn(ddev, "too many endpoints for config %d interface %d " 223 "altsetting %d: %d, using maximum allowed: %d\n", 224 cfgno, inum, asnum, num_ep, USB_MAXENDPOINTS); 225 num_ep = USB_MAXENDPOINTS; 226 } 227 228 if (num_ep > 0) { /* Can't allocate 0 bytes */ 229 len = sizeof(struct usb_host_endpoint) * num_ep; 230 alt->endpoint = kzalloc(len, GFP_KERNEL); 231 if (!alt->endpoint) 232 return -ENOMEM; 233 } 234 235 /* Parse all the endpoint descriptors */ 236 n = 0; 237 while (size > 0) { 238 if (((struct usb_descriptor_header *) buffer)->bDescriptorType 239 == USB_DT_INTERFACE) 240 break; 241 retval = usb_parse_endpoint(ddev, cfgno, inum, asnum, alt, 242 num_ep, buffer, size); 243 if (retval < 0) 244 return retval; 245 ++n; 246 247 buffer += retval; 248 size -= retval; 249 } 250 251 if (n != num_ep_orig) 252 dev_warn(ddev, "config %d interface %d altsetting %d has %d " 253 "endpoint descriptor%s, different from the interface " 254 "descriptor's value: %d\n", 255 cfgno, inum, asnum, n, plural(n), num_ep_orig); 256 return buffer - buffer0; 257 258skip_to_next_interface_descriptor: 259 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE, 260 USB_DT_INTERFACE, NULL); 261 return buffer - buffer0 + i; 262} 263 264static int usb_parse_configuration(struct device *ddev, int cfgidx, 265 struct usb_host_config *config, unsigned char *buffer, int size) 266{ 267 unsigned char *buffer0 = buffer; 268 int cfgno; 269 int nintf, nintf_orig; 270 int i, j, n; 271 struct usb_interface_cache *intfc; 272 unsigned char *buffer2; 273 int size2; 274 struct usb_descriptor_header *header; 275 int len, retval; 276 u8 inums[USB_MAXINTERFACES], nalts[USB_MAXINTERFACES]; 277 278 memcpy(&config->desc, buffer, USB_DT_CONFIG_SIZE); 279 if (config->desc.bDescriptorType != USB_DT_CONFIG || 280 config->desc.bLength < USB_DT_CONFIG_SIZE) { 281 dev_err(ddev, "invalid descriptor for config index %d: " 282 "type = 0x%X, length = %d\n", cfgidx, 283 config->desc.bDescriptorType, config->desc.bLength); 284 return -EINVAL; 285 } 286 cfgno = config->desc.bConfigurationValue; 287 288 buffer += config->desc.bLength; 289 size -= config->desc.bLength; 290 291 nintf = nintf_orig = config->desc.bNumInterfaces; 292 if (nintf > USB_MAXINTERFACES) { 293 dev_warn(ddev, "config %d has too many interfaces: %d, " 294 "using maximum allowed: %d\n", 295 cfgno, nintf, USB_MAXINTERFACES); 296 nintf = USB_MAXINTERFACES; 297 } 298 299 /* Go through the descriptors, checking their length and counting the 300 * number of altsettings for each interface */ 301 n = 0; 302 for ((buffer2 = buffer, size2 = size); 303 size2 > 0; 304 (buffer2 += header->bLength, size2 -= header->bLength)) { 305 306 if (size2 < sizeof(struct usb_descriptor_header)) { 307 dev_warn(ddev, "config %d descriptor has %d excess " 308 "byte%s, ignoring\n", 309 cfgno, size2, plural(size2)); 310 break; 311 } 312 313 header = (struct usb_descriptor_header *) buffer2; 314 if ((header->bLength > size2) || (header->bLength < 2)) { 315 dev_warn(ddev, "config %d has an invalid descriptor " 316 "of length %d, skipping remainder of the config\n", 317 cfgno, header->bLength); 318 break; 319 } 320 321 if (header->bDescriptorType == USB_DT_INTERFACE) { 322 struct usb_interface_descriptor *d; 323 int inum; 324 325 d = (struct usb_interface_descriptor *) header; 326 if (d->bLength < USB_DT_INTERFACE_SIZE) { 327 dev_warn(ddev, "config %d has an invalid " 328 "interface descriptor of length %d, " 329 "skipping\n", cfgno, d->bLength); 330 continue; 331 } 332 333 inum = d->bInterfaceNumber; 334 if (inum >= nintf_orig) 335 dev_warn(ddev, "config %d has an invalid " 336 "interface number: %d but max is %d\n", 337 cfgno, inum, nintf_orig - 1); 338 339 /* Have we already encountered this interface? 340 * Count its altsettings */ 341 for (i = 0; i < n; ++i) { 342 if (inums[i] == inum) 343 break; 344 } 345 if (i < n) { 346 if (nalts[i] < 255) 347 ++nalts[i]; 348 } else if (n < USB_MAXINTERFACES) { 349 inums[n] = inum; 350 nalts[n] = 1; 351 ++n; 352 } 353 354 } else if (header->bDescriptorType == USB_DT_DEVICE || 355 header->bDescriptorType == USB_DT_CONFIG) 356 dev_warn(ddev, "config %d contains an unexpected " 357 "descriptor of type 0x%X, skipping\n", 358 cfgno, header->bDescriptorType); 359 360 } /* for ((buffer2 = buffer, size2 = size); ...) */ 361 size = buffer2 - buffer; 362 config->desc.wTotalLength = cpu_to_le16(buffer2 - buffer0); 363 364 if (n != nintf) 365 dev_warn(ddev, "config %d has %d interface%s, different from " 366 "the descriptor's value: %d\n", 367 cfgno, n, plural(n), nintf_orig); 368 else if (n == 0) 369 dev_warn(ddev, "config %d has no interfaces?\n", cfgno); 370 config->desc.bNumInterfaces = nintf = n; 371 372 /* Check for missing interface numbers */ 373 for (i = 0; i < nintf; ++i) { 374 for (j = 0; j < nintf; ++j) { 375 if (inums[j] == i) 376 break; 377 } 378 if (j >= nintf) 379 dev_warn(ddev, "config %d has no interface number " 380 "%d\n", cfgno, i); 381 } 382 383 /* Allocate the usb_interface_caches and altsetting arrays */ 384 for (i = 0; i < nintf; ++i) { 385 j = nalts[i]; 386 if (j > USB_MAXALTSETTING) { 387 dev_warn(ddev, "too many alternate settings for " 388 "config %d interface %d: %d, " 389 "using maximum allowed: %d\n", 390 cfgno, inums[i], j, USB_MAXALTSETTING); 391 nalts[i] = j = USB_MAXALTSETTING; 392 } 393 394 len = sizeof(*intfc) + sizeof(struct usb_host_interface) * j; 395 config->intf_cache[i] = intfc = kzalloc(len, GFP_KERNEL); 396 if (!intfc) 397 return -ENOMEM; 398 kref_init(&intfc->ref); 399 } 400 401 /* Skip over any Class Specific or Vendor Specific descriptors; 402 * find the first interface descriptor */ 403 config->extra = buffer; 404 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE, 405 USB_DT_INTERFACE, &n); 406 config->extralen = i; 407 if (n > 0) 408 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 409 n, plural(n), "configuration"); 410 buffer += i; 411 size -= i; 412 413 /* Parse all the interface/altsetting descriptors */ 414 while (size > 0) { 415 retval = usb_parse_interface(ddev, cfgno, config, 416 buffer, size, inums, nalts); 417 if (retval < 0) 418 return retval; 419 420 buffer += retval; 421 size -= retval; 422 } 423 424 /* Check for missing altsettings */ 425 for (i = 0; i < nintf; ++i) { 426 intfc = config->intf_cache[i]; 427 for (j = 0; j < intfc->num_altsetting; ++j) { 428 for (n = 0; n < intfc->num_altsetting; ++n) { 429 if (intfc->altsetting[n].desc. 430 bAlternateSetting == j) 431 break; 432 } 433 if (n >= intfc->num_altsetting) 434 dev_warn(ddev, "config %d interface %d has no " 435 "altsetting %d\n", cfgno, inums[i], j); 436 } 437 } 438 439 return 0; 440} 441 442// hub-only!! ... and only exported for reset/reinit path. 443// otherwise used internally on disconnect/destroy path 444void usb_destroy_configuration(struct usb_device *dev) 445{ 446 int c, i; 447 448 if (!dev->config) 449 return; 450 451 if (dev->rawdescriptors) { 452 for (i = 0; i < dev->descriptor.bNumConfigurations; i++) 453 kfree(dev->rawdescriptors[i]); 454 455 kfree(dev->rawdescriptors); 456 dev->rawdescriptors = NULL; 457 } 458 459 for (c = 0; c < dev->descriptor.bNumConfigurations; c++) { 460 struct usb_host_config *cf = &dev->config[c]; 461 462 kfree(cf->string); 463 for (i = 0; i < cf->desc.bNumInterfaces; i++) { 464 if (cf->intf_cache[i]) 465 kref_put(&cf->intf_cache[i]->ref, 466 usb_release_interface_cache); 467 } 468 } 469 kfree(dev->config); 470 dev->config = NULL; 471} 472 473 474// hub-only!! ... and only in reset path, or usb_new_device() 475// (used by real hubs and virtual root hubs) 476int usb_get_configuration(struct usb_device *dev) 477{ 478 struct device *ddev = &dev->dev; 479 int ncfg = dev->descriptor.bNumConfigurations; 480 int result = -ENOMEM; 481 unsigned int cfgno, length; 482 unsigned char *buffer; 483 unsigned char *bigbuffer; 484 struct usb_config_descriptor *desc; 485 486 if (ncfg > USB_MAXCONFIG) { 487 dev_warn(ddev, "too many configurations: %d, " 488 "using maximum allowed: %d\n", ncfg, USB_MAXCONFIG); 489 dev->descriptor.bNumConfigurations = ncfg = USB_MAXCONFIG; 490 } 491 492 if (ncfg < 1) { 493 dev_err(ddev, "no configurations\n"); 494 return -EINVAL; 495 } 496 497 length = ncfg * sizeof(struct usb_host_config); 498 dev->config = kzalloc(length, GFP_KERNEL); 499 if (!dev->config) 500 goto err2; 501 502 length = ncfg * sizeof(char *); 503 dev->rawdescriptors = kzalloc(length, GFP_KERNEL); 504 if (!dev->rawdescriptors) 505 goto err2; 506 507 buffer = kmalloc(USB_DT_CONFIG_SIZE, GFP_KERNEL); 508 if (!buffer) 509 goto err2; 510 desc = (struct usb_config_descriptor *)buffer; 511 512 for (cfgno = 0; cfgno < ncfg; cfgno++) { 513 /* We grab just the first descriptor so we know how long 514 * the whole configuration is */ 515 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno, 516 buffer, USB_DT_CONFIG_SIZE); 517 if (result < 0) { 518 dev_err(ddev, "unable to read config index %d " 519 "descriptor/%s\n", cfgno, "start"); 520 dev_err(ddev, "chopping to %d config(s)\n", cfgno); 521 dev->descriptor.bNumConfigurations = cfgno; 522 break; 523 } else if (result < 4) { 524 dev_err(ddev, "config index %d descriptor too short " 525 "(expected %i, got %i)\n", cfgno, 526 USB_DT_CONFIG_SIZE, result); 527 result = -EINVAL; 528 goto err; 529 } 530 length = max((int) le16_to_cpu(desc->wTotalLength), 531 USB_DT_CONFIG_SIZE); 532 533 /* Now that we know the length, get the whole thing */ 534 bigbuffer = kmalloc(length, GFP_KERNEL); 535 if (!bigbuffer) { 536 result = -ENOMEM; 537 goto err; 538 } 539 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno, 540 bigbuffer, length); 541 if (result < 0) { 542 dev_err(ddev, "unable to read config index %d " 543 "descriptor/%s\n", cfgno, "all"); 544 kfree(bigbuffer); 545 goto err; 546 } 547 if (result < length) { 548 dev_warn(ddev, "config index %d descriptor too short " 549 "(expected %i, got %i)\n", cfgno, length, result); 550 length = result; 551 } 552 553 dev->rawdescriptors[cfgno] = bigbuffer; 554 555 result = usb_parse_configuration(&dev->dev, cfgno, 556 &dev->config[cfgno], bigbuffer, length); 557 if (result < 0) { 558 ++cfgno; 559 goto err; 560 } 561 } 562 result = 0; 563 564err: 565 kfree(buffer); 566 dev->descriptor.bNumConfigurations = cfgno; 567err2: 568 if (result == -ENOMEM) 569 dev_err(ddev, "out of memory\n"); 570 return result; 571} 572