1 #include <linux/usb.h> 2 #include <linux/usb/ch9.h> 3 #include <linux/module.h> 4 #include <linux/init.h> 5 #include <linux/slab.h> 6 #include <linux/device.h> 7 #include <asm/byteorder.h> 8 #include "usb.h" 9 #include "hcd.h" 10 11 #define USB_MAXALTSETTING 128 /* Hard limit */ 12 #define USB_MAXENDPOINTS 30 /* Hard limit */ 13 14 #define USB_MAXCONFIG 8 /* Arbitrary limit */ 15 16 17 static inline const char *plural(int n) 18 { 19 return (n == 1 ? "" : "s"); 20 } 21 22 static int find_next_descriptor(unsigned char *buffer, int size, 23 int dt1, int dt2, int *num_skipped) 24 { 25 struct usb_descriptor_header *h; 26 int n = 0; 27 unsigned char *buffer0 = buffer; 28 29 /* Find the next descriptor of type dt1 or dt2 */ 30 while (size > 0) { 31 h = (struct usb_descriptor_header *) buffer; 32 if (h->bDescriptorType == dt1 || h->bDescriptorType == dt2) 33 break; 34 buffer += h->bLength; 35 size -= h->bLength; 36 ++n; 37 } 38 39 /* Store the number of descriptors skipped and return the 40 * number of bytes skipped */ 41 if (num_skipped) 42 *num_skipped = n; 43 return buffer - buffer0; 44 } 45 46 static int usb_parse_endpoint(struct device *ddev, int cfgno, int inum, 47 int asnum, struct usb_host_interface *ifp, int num_ep, 48 unsigned char *buffer, int size) 49 { 50 unsigned char *buffer0 = buffer; 51 struct usb_endpoint_descriptor *d; 52 struct usb_host_endpoint *endpoint; 53 int n, i, j; 54 55 d = (struct usb_endpoint_descriptor *) buffer; 56 buffer += d->bLength; 57 size -= d->bLength; 58 59 if (d->bLength >= USB_DT_ENDPOINT_AUDIO_SIZE) 60 n = USB_DT_ENDPOINT_AUDIO_SIZE; 61 else if (d->bLength >= USB_DT_ENDPOINT_SIZE) 62 n = USB_DT_ENDPOINT_SIZE; 63 else { 64 dev_warn(ddev, "config %d interface %d altsetting %d has an " 65 "invalid endpoint descriptor of length %d, skipping\n", 66 cfgno, inum, asnum, d->bLength); 67 goto skip_to_next_endpoint_or_interface_descriptor; 68 } 69 70 i = d->bEndpointAddress & ~USB_ENDPOINT_DIR_MASK; 71 if (i >= 16 || i == 0) { 72 dev_warn(ddev, "config %d interface %d altsetting %d has an " 73 "invalid endpoint with address 0x%X, skipping\n", 74 cfgno, inum, asnum, d->bEndpointAddress); 75 goto skip_to_next_endpoint_or_interface_descriptor; 76 } 77 78 /* Only store as many endpoints as we have room for */ 79 if (ifp->desc.bNumEndpoints >= num_ep) 80 goto skip_to_next_endpoint_or_interface_descriptor; 81 82 endpoint = &ifp->endpoint[ifp->desc.bNumEndpoints]; 83 ++ifp->desc.bNumEndpoints; 84 85 memcpy(&endpoint->desc, d, n); 86 INIT_LIST_HEAD(&endpoint->urb_list); 87 88 /* Fix up bInterval values outside the legal range. Use 32 ms if no 89 * proper value can be guessed. */ 90 i = 0; /* i = min, j = max, n = default */ 91 j = 255; 92 if (usb_endpoint_xfer_int(d)) { 93 i = 1; 94 switch (to_usb_device(ddev)->speed) { 95 case USB_SPEED_HIGH: 96 /* Many device manufacturers are using full-speed 97 * bInterval values in high-speed interrupt endpoint 98 * descriptors. Try to fix those and fall back to a 99 * 32 ms default value otherwise. */ 100 n = fls(d->bInterval*8); 101 if (n == 0) 102 n = 9; /* 32 ms = 2^(9-1) uframes */ 103 j = 16; 104 break; 105 default: /* USB_SPEED_FULL or _LOW */ 106 /* For low-speed, 10 ms is the official minimum. 107 * But some "overclocked" devices might want faster 108 * polling so we'll allow it. */ 109 n = 32; 110 break; 111 } 112 } else if (usb_endpoint_xfer_isoc(d)) { 113 i = 1; 114 j = 16; 115 switch (to_usb_device(ddev)->speed) { 116 case USB_SPEED_HIGH: 117 n = 9; /* 32 ms = 2^(9-1) uframes */ 118 break; 119 default: /* USB_SPEED_FULL */ 120 n = 6; /* 32 ms = 2^(6-1) frames */ 121 break; 122 } 123 } 124 if (d->bInterval < i || d->bInterval > j) { 125 dev_warn(ddev, "config %d interface %d altsetting %d " 126 "endpoint 0x%X has an invalid bInterval %d, " 127 "changing to %d\n", 128 cfgno, inum, asnum, 129 d->bEndpointAddress, d->bInterval, n); 130 endpoint->desc.bInterval = n; 131 } 132 133 /* Some buggy low-speed devices have Bulk endpoints, which is 134 * explicitly forbidden by the USB spec. In an attempt to make 135 * them usable, we will try treating them as Interrupt endpoints. 136 */ 137 if (to_usb_device(ddev)->speed == USB_SPEED_LOW && 138 usb_endpoint_xfer_bulk(d)) { 139 dev_warn(ddev, "config %d interface %d altsetting %d " 140 "endpoint 0x%X is Bulk; changing to Interrupt\n", 141 cfgno, inum, asnum, d->bEndpointAddress); 142 endpoint->desc.bmAttributes = USB_ENDPOINT_XFER_INT; 143 endpoint->desc.bInterval = 1; 144 if (le16_to_cpu(endpoint->desc.wMaxPacketSize) > 8) 145 endpoint->desc.wMaxPacketSize = cpu_to_le16(8); 146 } 147 148 /* Skip over any Class Specific or Vendor Specific descriptors; 149 * find the next endpoint or interface descriptor */ 150 endpoint->extra = buffer; 151 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 152 USB_DT_INTERFACE, &n); 153 endpoint->extralen = i; 154 if (n > 0) 155 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 156 n, plural(n), "endpoint"); 157 return buffer - buffer0 + i; 158 159 skip_to_next_endpoint_or_interface_descriptor: 160 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 161 USB_DT_INTERFACE, NULL); 162 return buffer - buffer0 + i; 163 } 164 165 void usb_release_interface_cache(struct kref *ref) 166 { 167 struct usb_interface_cache *intfc = ref_to_usb_interface_cache(ref); 168 int j; 169 170 for (j = 0; j < intfc->num_altsetting; j++) { 171 struct usb_host_interface *alt = &intfc->altsetting[j]; 172 173 kfree(alt->endpoint); 174 kfree(alt->string); 175 } 176 kfree(intfc); 177 } 178 179 static int usb_parse_interface(struct device *ddev, int cfgno, 180 struct usb_host_config *config, unsigned char *buffer, int size, 181 u8 inums[], u8 nalts[]) 182 { 183 unsigned char *buffer0 = buffer; 184 struct usb_interface_descriptor *d; 185 int inum, asnum; 186 struct usb_interface_cache *intfc; 187 struct usb_host_interface *alt; 188 int i, n; 189 int len, retval; 190 int num_ep, num_ep_orig; 191 192 d = (struct usb_interface_descriptor *) buffer; 193 buffer += d->bLength; 194 size -= d->bLength; 195 196 if (d->bLength < USB_DT_INTERFACE_SIZE) 197 goto skip_to_next_interface_descriptor; 198 199 /* Which interface entry is this? */ 200 intfc = NULL; 201 inum = d->bInterfaceNumber; 202 for (i = 0; i < config->desc.bNumInterfaces; ++i) { 203 if (inums[i] == inum) { 204 intfc = config->intf_cache[i]; 205 break; 206 } 207 } 208 if (!intfc || intfc->num_altsetting >= nalts[i]) 209 goto skip_to_next_interface_descriptor; 210 211 /* Check for duplicate altsetting entries */ 212 asnum = d->bAlternateSetting; 213 for ((i = 0, alt = &intfc->altsetting[0]); 214 i < intfc->num_altsetting; 215 (++i, ++alt)) { 216 if (alt->desc.bAlternateSetting == asnum) { 217 dev_warn(ddev, "Duplicate descriptor for config %d " 218 "interface %d altsetting %d, skipping\n", 219 cfgno, inum, asnum); 220 goto skip_to_next_interface_descriptor; 221 } 222 } 223 224 ++intfc->num_altsetting; 225 memcpy(&alt->desc, d, USB_DT_INTERFACE_SIZE); 226 227 /* Skip over any Class Specific or Vendor Specific descriptors; 228 * find the first endpoint or interface descriptor */ 229 alt->extra = buffer; 230 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 231 USB_DT_INTERFACE, &n); 232 alt->extralen = i; 233 if (n > 0) 234 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 235 n, plural(n), "interface"); 236 buffer += i; 237 size -= i; 238 239 /* Allocate space for the right(?) number of endpoints */ 240 num_ep = num_ep_orig = alt->desc.bNumEndpoints; 241 alt->desc.bNumEndpoints = 0; // Use as a counter 242 if (num_ep > USB_MAXENDPOINTS) { 243 dev_warn(ddev, "too many endpoints for config %d interface %d " 244 "altsetting %d: %d, using maximum allowed: %d\n", 245 cfgno, inum, asnum, num_ep, USB_MAXENDPOINTS); 246 num_ep = USB_MAXENDPOINTS; 247 } 248 249 if (num_ep > 0) { /* Can't allocate 0 bytes */ 250 len = sizeof(struct usb_host_endpoint) * num_ep; 251 alt->endpoint = kzalloc(len, GFP_KERNEL); 252 if (!alt->endpoint) 253 return -ENOMEM; 254 } 255 256 /* Parse all the endpoint descriptors */ 257 n = 0; 258 while (size > 0) { 259 if (((struct usb_descriptor_header *) buffer)->bDescriptorType 260 == USB_DT_INTERFACE) 261 break; 262 retval = usb_parse_endpoint(ddev, cfgno, inum, asnum, alt, 263 num_ep, buffer, size); 264 if (retval < 0) 265 return retval; 266 ++n; 267 268 buffer += retval; 269 size -= retval; 270 } 271 272 if (n != num_ep_orig) 273 dev_warn(ddev, "config %d interface %d altsetting %d has %d " 274 "endpoint descriptor%s, different from the interface " 275 "descriptor's value: %d\n", 276 cfgno, inum, asnum, n, plural(n), num_ep_orig); 277 return buffer - buffer0; 278 279 skip_to_next_interface_descriptor: 280 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE, 281 USB_DT_INTERFACE, NULL); 282 return buffer - buffer0 + i; 283 } 284 285 static int usb_parse_configuration(struct device *ddev, int cfgidx, 286 struct usb_host_config *config, unsigned char *buffer, int size) 287 { 288 unsigned char *buffer0 = buffer; 289 int cfgno; 290 int nintf, nintf_orig; 291 int i, j, n; 292 struct usb_interface_cache *intfc; 293 unsigned char *buffer2; 294 int size2; 295 struct usb_descriptor_header *header; 296 int len, retval; 297 u8 inums[USB_MAXINTERFACES], nalts[USB_MAXINTERFACES]; 298 unsigned iad_num = 0; 299 300 memcpy(&config->desc, buffer, USB_DT_CONFIG_SIZE); 301 if (config->desc.bDescriptorType != USB_DT_CONFIG || 302 config->desc.bLength < USB_DT_CONFIG_SIZE) { 303 dev_err(ddev, "invalid descriptor for config index %d: " 304 "type = 0x%X, length = %d\n", cfgidx, 305 config->desc.bDescriptorType, config->desc.bLength); 306 return -EINVAL; 307 } 308 cfgno = config->desc.bConfigurationValue; 309 310 buffer += config->desc.bLength; 311 size -= config->desc.bLength; 312 313 nintf = nintf_orig = config->desc.bNumInterfaces; 314 if (nintf > USB_MAXINTERFACES) { 315 dev_warn(ddev, "config %d has too many interfaces: %d, " 316 "using maximum allowed: %d\n", 317 cfgno, nintf, USB_MAXINTERFACES); 318 nintf = USB_MAXINTERFACES; 319 } 320 321 /* Go through the descriptors, checking their length and counting the 322 * number of altsettings for each interface */ 323 n = 0; 324 for ((buffer2 = buffer, size2 = size); 325 size2 > 0; 326 (buffer2 += header->bLength, size2 -= header->bLength)) { 327 328 if (size2 < sizeof(struct usb_descriptor_header)) { 329 dev_warn(ddev, "config %d descriptor has %d excess " 330 "byte%s, ignoring\n", 331 cfgno, size2, plural(size2)); 332 break; 333 } 334 335 header = (struct usb_descriptor_header *) buffer2; 336 if ((header->bLength > size2) || (header->bLength < 2)) { 337 dev_warn(ddev, "config %d has an invalid descriptor " 338 "of length %d, skipping remainder of the config\n", 339 cfgno, header->bLength); 340 break; 341 } 342 343 if (header->bDescriptorType == USB_DT_INTERFACE) { 344 struct usb_interface_descriptor *d; 345 int inum; 346 347 d = (struct usb_interface_descriptor *) header; 348 if (d->bLength < USB_DT_INTERFACE_SIZE) { 349 dev_warn(ddev, "config %d has an invalid " 350 "interface descriptor of length %d, " 351 "skipping\n", cfgno, d->bLength); 352 continue; 353 } 354 355 inum = d->bInterfaceNumber; 356 if (inum >= nintf_orig) 357 dev_warn(ddev, "config %d has an invalid " 358 "interface number: %d but max is %d\n", 359 cfgno, inum, nintf_orig - 1); 360 361 /* Have we already encountered this interface? 362 * Count its altsettings */ 363 for (i = 0; i < n; ++i) { 364 if (inums[i] == inum) 365 break; 366 } 367 if (i < n) { 368 if (nalts[i] < 255) 369 ++nalts[i]; 370 } else if (n < USB_MAXINTERFACES) { 371 inums[n] = inum; 372 nalts[n] = 1; 373 ++n; 374 } 375 376 } else if (header->bDescriptorType == 377 USB_DT_INTERFACE_ASSOCIATION) { 378 if (iad_num == USB_MAXIADS) { 379 dev_warn(ddev, "found more Interface " 380 "Association Descriptors " 381 "than allocated for in " 382 "configuration %d\n", cfgno); 383 } else { 384 config->intf_assoc[iad_num] = 385 (struct usb_interface_assoc_descriptor 386 *)header; 387 iad_num++; 388 } 389 390 } else if (header->bDescriptorType == USB_DT_DEVICE || 391 header->bDescriptorType == USB_DT_CONFIG) 392 dev_warn(ddev, "config %d contains an unexpected " 393 "descriptor of type 0x%X, skipping\n", 394 cfgno, header->bDescriptorType); 395 396 } /* for ((buffer2 = buffer, size2 = size); ...) */ 397 size = buffer2 - buffer; 398 config->desc.wTotalLength = cpu_to_le16(buffer2 - buffer0); 399 400 if (n != nintf) 401 dev_warn(ddev, "config %d has %d interface%s, different from " 402 "the descriptor's value: %d\n", 403 cfgno, n, plural(n), nintf_orig); 404 else if (n == 0) 405 dev_warn(ddev, "config %d has no interfaces?\n", cfgno); 406 config->desc.bNumInterfaces = nintf = n; 407 408 /* Check for missing interface numbers */ 409 for (i = 0; i < nintf; ++i) { 410 for (j = 0; j < nintf; ++j) { 411 if (inums[j] == i) 412 break; 413 } 414 if (j >= nintf) 415 dev_warn(ddev, "config %d has no interface number " 416 "%d\n", cfgno, i); 417 } 418 419 /* Allocate the usb_interface_caches and altsetting arrays */ 420 for (i = 0; i < nintf; ++i) { 421 j = nalts[i]; 422 if (j > USB_MAXALTSETTING) { 423 dev_warn(ddev, "too many alternate settings for " 424 "config %d interface %d: %d, " 425 "using maximum allowed: %d\n", 426 cfgno, inums[i], j, USB_MAXALTSETTING); 427 nalts[i] = j = USB_MAXALTSETTING; 428 } 429 430 len = sizeof(*intfc) + sizeof(struct usb_host_interface) * j; 431 config->intf_cache[i] = intfc = kzalloc(len, GFP_KERNEL); 432 if (!intfc) 433 return -ENOMEM; 434 kref_init(&intfc->ref); 435 } 436 437 /* Skip over any Class Specific or Vendor Specific descriptors; 438 * find the first interface descriptor */ 439 config->extra = buffer; 440 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE, 441 USB_DT_INTERFACE, &n); 442 config->extralen = i; 443 if (n > 0) 444 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 445 n, plural(n), "configuration"); 446 buffer += i; 447 size -= i; 448 449 /* Parse all the interface/altsetting descriptors */ 450 while (size > 0) { 451 retval = usb_parse_interface(ddev, cfgno, config, 452 buffer, size, inums, nalts); 453 if (retval < 0) 454 return retval; 455 456 buffer += retval; 457 size -= retval; 458 } 459 460 /* Check for missing altsettings */ 461 for (i = 0; i < nintf; ++i) { 462 intfc = config->intf_cache[i]; 463 for (j = 0; j < intfc->num_altsetting; ++j) { 464 for (n = 0; n < intfc->num_altsetting; ++n) { 465 if (intfc->altsetting[n].desc. 466 bAlternateSetting == j) 467 break; 468 } 469 if (n >= intfc->num_altsetting) 470 dev_warn(ddev, "config %d interface %d has no " 471 "altsetting %d\n", cfgno, inums[i], j); 472 } 473 } 474 475 return 0; 476 } 477 478 // hub-only!! ... and only exported for reset/reinit path. 479 // otherwise used internally on disconnect/destroy path 480 void usb_destroy_configuration(struct usb_device *dev) 481 { 482 int c, i; 483 484 if (!dev->config) 485 return; 486 487 if (dev->rawdescriptors) { 488 for (i = 0; i < dev->descriptor.bNumConfigurations; i++) 489 kfree(dev->rawdescriptors[i]); 490 491 kfree(dev->rawdescriptors); 492 dev->rawdescriptors = NULL; 493 } 494 495 for (c = 0; c < dev->descriptor.bNumConfigurations; c++) { 496 struct usb_host_config *cf = &dev->config[c]; 497 498 kfree(cf->string); 499 for (i = 0; i < cf->desc.bNumInterfaces; i++) { 500 if (cf->intf_cache[i]) 501 kref_put(&cf->intf_cache[i]->ref, 502 usb_release_interface_cache); 503 } 504 } 505 kfree(dev->config); 506 dev->config = NULL; 507 } 508 509 510 // hub-only!! ... and only in reset path, or usb_new_device() 511 // (used by real hubs and virtual root hubs) 512 int usb_get_configuration(struct usb_device *dev) 513 { 514 struct device *ddev = &dev->dev; 515 int ncfg = dev->descriptor.bNumConfigurations; 516 int result = -ENOMEM; 517 unsigned int cfgno, length; 518 unsigned char *buffer; 519 unsigned char *bigbuffer; 520 struct usb_config_descriptor *desc; 521 522 if (ncfg > USB_MAXCONFIG) { 523 dev_warn(ddev, "too many configurations: %d, " 524 "using maximum allowed: %d\n", ncfg, USB_MAXCONFIG); 525 dev->descriptor.bNumConfigurations = ncfg = USB_MAXCONFIG; 526 } 527 528 if (ncfg < 1) { 529 dev_err(ddev, "no configurations\n"); 530 return -EINVAL; 531 } 532 533 length = ncfg * sizeof(struct usb_host_config); 534 dev->config = kzalloc(length, GFP_KERNEL); 535 if (!dev->config) 536 goto err2; 537 538 length = ncfg * sizeof(char *); 539 dev->rawdescriptors = kzalloc(length, GFP_KERNEL); 540 if (!dev->rawdescriptors) 541 goto err2; 542 543 buffer = kmalloc(USB_DT_CONFIG_SIZE, GFP_KERNEL); 544 if (!buffer) 545 goto err2; 546 desc = (struct usb_config_descriptor *)buffer; 547 548 for (cfgno = 0; cfgno < ncfg; cfgno++) { 549 /* We grab just the first descriptor so we know how long 550 * the whole configuration is */ 551 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno, 552 buffer, USB_DT_CONFIG_SIZE); 553 if (result < 0) { 554 dev_err(ddev, "unable to read config index %d " 555 "descriptor/%s\n", cfgno, "start"); 556 dev_err(ddev, "chopping to %d config(s)\n", cfgno); 557 dev->descriptor.bNumConfigurations = cfgno; 558 break; 559 } else if (result < 4) { 560 dev_err(ddev, "config index %d descriptor too short " 561 "(expected %i, got %i)\n", cfgno, 562 USB_DT_CONFIG_SIZE, result); 563 result = -EINVAL; 564 goto err; 565 } 566 length = max((int) le16_to_cpu(desc->wTotalLength), 567 USB_DT_CONFIG_SIZE); 568 569 /* Now that we know the length, get the whole thing */ 570 bigbuffer = kmalloc(length, GFP_KERNEL); 571 if (!bigbuffer) { 572 result = -ENOMEM; 573 goto err; 574 } 575 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno, 576 bigbuffer, length); 577 if (result < 0) { 578 dev_err(ddev, "unable to read config index %d " 579 "descriptor/%s\n", cfgno, "all"); 580 kfree(bigbuffer); 581 goto err; 582 } 583 if (result < length) { 584 dev_warn(ddev, "config index %d descriptor too short " 585 "(expected %i, got %i)\n", cfgno, length, result); 586 length = result; 587 } 588 589 dev->rawdescriptors[cfgno] = bigbuffer; 590 591 result = usb_parse_configuration(&dev->dev, cfgno, 592 &dev->config[cfgno], bigbuffer, length); 593 if (result < 0) { 594 ++cfgno; 595 goto err; 596 } 597 } 598 result = 0; 599 600 err: 601 kfree(buffer); 602 dev->descriptor.bNumConfigurations = cfgno; 603 err2: 604 if (result == -ENOMEM) 605 dev_err(ddev, "out of memory\n"); 606 return result; 607 } 608