1 #include <linux/usb.h> 2 #include <linux/usb/ch9.h> 3 #include <linux/usb/hcd.h> 4 #include <linux/usb/quirks.h> 5 #include <linux/module.h> 6 #include <linux/slab.h> 7 #include <linux/device.h> 8 #include <asm/byteorder.h> 9 #include "usb.h" 10 11 12 #define USB_MAXALTSETTING 128 /* Hard limit */ 13 14 #define USB_MAXCONFIG 8 /* Arbitrary limit */ 15 16 17 static inline const char *plural(int n) 18 { 19 return (n == 1 ? "" : "s"); 20 } 21 22 static int find_next_descriptor(unsigned char *buffer, int size, 23 int dt1, int dt2, int *num_skipped) 24 { 25 struct usb_descriptor_header *h; 26 int n = 0; 27 unsigned char *buffer0 = buffer; 28 29 /* Find the next descriptor of type dt1 or dt2 */ 30 while (size > 0) { 31 h = (struct usb_descriptor_header *) buffer; 32 if (h->bDescriptorType == dt1 || h->bDescriptorType == dt2) 33 break; 34 buffer += h->bLength; 35 size -= h->bLength; 36 ++n; 37 } 38 39 /* Store the number of descriptors skipped and return the 40 * number of bytes skipped */ 41 if (num_skipped) 42 *num_skipped = n; 43 return buffer - buffer0; 44 } 45 46 static void usb_parse_ssp_isoc_endpoint_companion(struct device *ddev, 47 int cfgno, int inum, int asnum, struct usb_host_endpoint *ep, 48 unsigned char *buffer, int size) 49 { 50 struct usb_ssp_isoc_ep_comp_descriptor *desc; 51 52 /* 53 * The SuperSpeedPlus Isoc endpoint companion descriptor immediately 54 * follows the SuperSpeed Endpoint Companion descriptor 55 */ 56 desc = (struct usb_ssp_isoc_ep_comp_descriptor *) buffer; 57 if (desc->bDescriptorType != USB_DT_SSP_ISOC_ENDPOINT_COMP || 58 size < USB_DT_SSP_ISOC_EP_COMP_SIZE) { 59 dev_warn(ddev, "Invalid SuperSpeedPlus isoc endpoint companion" 60 "for config %d interface %d altsetting %d ep %d.\n", 61 cfgno, inum, asnum, ep->desc.bEndpointAddress); 62 return; 63 } 64 memcpy(&ep->ssp_isoc_ep_comp, desc, USB_DT_SSP_ISOC_EP_COMP_SIZE); 65 } 66 67 static void usb_parse_ss_endpoint_companion(struct device *ddev, int cfgno, 68 int inum, int asnum, struct usb_host_endpoint *ep, 69 unsigned char *buffer, int size) 70 { 71 struct usb_ss_ep_comp_descriptor *desc; 72 int max_tx; 73 74 /* The SuperSpeed endpoint companion descriptor is supposed to 75 * be the first thing immediately following the endpoint descriptor. 76 */ 77 desc = (struct usb_ss_ep_comp_descriptor *) buffer; 78 79 if (desc->bDescriptorType != USB_DT_SS_ENDPOINT_COMP || 80 size < USB_DT_SS_EP_COMP_SIZE) { 81 dev_warn(ddev, "No SuperSpeed endpoint companion for config %d " 82 " interface %d altsetting %d ep %d: " 83 "using minimum values\n", 84 cfgno, inum, asnum, ep->desc.bEndpointAddress); 85 86 /* Fill in some default values. 87 * Leave bmAttributes as zero, which will mean no streams for 88 * bulk, and isoc won't support multiple bursts of packets. 89 * With bursts of only one packet, and a Mult of 1, the max 90 * amount of data moved per endpoint service interval is one 91 * packet. 92 */ 93 ep->ss_ep_comp.bLength = USB_DT_SS_EP_COMP_SIZE; 94 ep->ss_ep_comp.bDescriptorType = USB_DT_SS_ENDPOINT_COMP; 95 if (usb_endpoint_xfer_isoc(&ep->desc) || 96 usb_endpoint_xfer_int(&ep->desc)) 97 ep->ss_ep_comp.wBytesPerInterval = 98 ep->desc.wMaxPacketSize; 99 return; 100 } 101 buffer += desc->bLength; 102 size -= desc->bLength; 103 memcpy(&ep->ss_ep_comp, desc, USB_DT_SS_EP_COMP_SIZE); 104 105 /* Check the various values */ 106 if (usb_endpoint_xfer_control(&ep->desc) && desc->bMaxBurst != 0) { 107 dev_warn(ddev, "Control endpoint with bMaxBurst = %d in " 108 "config %d interface %d altsetting %d ep %d: " 109 "setting to zero\n", desc->bMaxBurst, 110 cfgno, inum, asnum, ep->desc.bEndpointAddress); 111 ep->ss_ep_comp.bMaxBurst = 0; 112 } else if (desc->bMaxBurst > 15) { 113 dev_warn(ddev, "Endpoint with bMaxBurst = %d in " 114 "config %d interface %d altsetting %d ep %d: " 115 "setting to 15\n", desc->bMaxBurst, 116 cfgno, inum, asnum, ep->desc.bEndpointAddress); 117 ep->ss_ep_comp.bMaxBurst = 15; 118 } 119 120 if ((usb_endpoint_xfer_control(&ep->desc) || 121 usb_endpoint_xfer_int(&ep->desc)) && 122 desc->bmAttributes != 0) { 123 dev_warn(ddev, "%s endpoint with bmAttributes = %d in " 124 "config %d interface %d altsetting %d ep %d: " 125 "setting to zero\n", 126 usb_endpoint_xfer_control(&ep->desc) ? "Control" : "Bulk", 127 desc->bmAttributes, 128 cfgno, inum, asnum, ep->desc.bEndpointAddress); 129 ep->ss_ep_comp.bmAttributes = 0; 130 } else if (usb_endpoint_xfer_bulk(&ep->desc) && 131 desc->bmAttributes > 16) { 132 dev_warn(ddev, "Bulk endpoint with more than 65536 streams in " 133 "config %d interface %d altsetting %d ep %d: " 134 "setting to max\n", 135 cfgno, inum, asnum, ep->desc.bEndpointAddress); 136 ep->ss_ep_comp.bmAttributes = 16; 137 } else if (usb_endpoint_xfer_isoc(&ep->desc) && 138 !USB_SS_SSP_ISOC_COMP(desc->bmAttributes) && 139 USB_SS_MULT(desc->bmAttributes) > 3) { 140 dev_warn(ddev, "Isoc endpoint has Mult of %d in " 141 "config %d interface %d altsetting %d ep %d: " 142 "setting to 3\n", 143 USB_SS_MULT(desc->bmAttributes), 144 cfgno, inum, asnum, ep->desc.bEndpointAddress); 145 ep->ss_ep_comp.bmAttributes = 2; 146 } 147 148 if (usb_endpoint_xfer_isoc(&ep->desc)) 149 max_tx = (desc->bMaxBurst + 1) * 150 (USB_SS_MULT(desc->bmAttributes)) * 151 usb_endpoint_maxp(&ep->desc); 152 else if (usb_endpoint_xfer_int(&ep->desc)) 153 max_tx = usb_endpoint_maxp(&ep->desc) * 154 (desc->bMaxBurst + 1); 155 else 156 max_tx = 999999; 157 if (le16_to_cpu(desc->wBytesPerInterval) > max_tx) { 158 dev_warn(ddev, "%s endpoint with wBytesPerInterval of %d in " 159 "config %d interface %d altsetting %d ep %d: " 160 "setting to %d\n", 161 usb_endpoint_xfer_isoc(&ep->desc) ? "Isoc" : "Int", 162 le16_to_cpu(desc->wBytesPerInterval), 163 cfgno, inum, asnum, ep->desc.bEndpointAddress, 164 max_tx); 165 ep->ss_ep_comp.wBytesPerInterval = cpu_to_le16(max_tx); 166 } 167 /* Parse a possible SuperSpeedPlus isoc ep companion descriptor */ 168 if (usb_endpoint_xfer_isoc(&ep->desc) && 169 USB_SS_SSP_ISOC_COMP(desc->bmAttributes)) 170 usb_parse_ssp_isoc_endpoint_companion(ddev, cfgno, inum, asnum, 171 ep, buffer, size); 172 } 173 174 static const unsigned short low_speed_maxpacket_maxes[4] = { 175 [USB_ENDPOINT_XFER_CONTROL] = 8, 176 [USB_ENDPOINT_XFER_ISOC] = 0, 177 [USB_ENDPOINT_XFER_BULK] = 0, 178 [USB_ENDPOINT_XFER_INT] = 8, 179 }; 180 static const unsigned short full_speed_maxpacket_maxes[4] = { 181 [USB_ENDPOINT_XFER_CONTROL] = 64, 182 [USB_ENDPOINT_XFER_ISOC] = 1023, 183 [USB_ENDPOINT_XFER_BULK] = 64, 184 [USB_ENDPOINT_XFER_INT] = 64, 185 }; 186 static const unsigned short high_speed_maxpacket_maxes[4] = { 187 [USB_ENDPOINT_XFER_CONTROL] = 64, 188 [USB_ENDPOINT_XFER_ISOC] = 1024, 189 [USB_ENDPOINT_XFER_BULK] = 512, 190 [USB_ENDPOINT_XFER_INT] = 1024, 191 }; 192 static const unsigned short super_speed_maxpacket_maxes[4] = { 193 [USB_ENDPOINT_XFER_CONTROL] = 512, 194 [USB_ENDPOINT_XFER_ISOC] = 1024, 195 [USB_ENDPOINT_XFER_BULK] = 1024, 196 [USB_ENDPOINT_XFER_INT] = 1024, 197 }; 198 199 static int usb_parse_endpoint(struct device *ddev, int cfgno, int inum, 200 int asnum, struct usb_host_interface *ifp, int num_ep, 201 unsigned char *buffer, int size) 202 { 203 unsigned char *buffer0 = buffer; 204 struct usb_endpoint_descriptor *d; 205 struct usb_host_endpoint *endpoint; 206 int n, i, j, retval; 207 unsigned int maxp; 208 const unsigned short *maxpacket_maxes; 209 210 d = (struct usb_endpoint_descriptor *) buffer; 211 buffer += d->bLength; 212 size -= d->bLength; 213 214 if (d->bLength >= USB_DT_ENDPOINT_AUDIO_SIZE) 215 n = USB_DT_ENDPOINT_AUDIO_SIZE; 216 else if (d->bLength >= USB_DT_ENDPOINT_SIZE) 217 n = USB_DT_ENDPOINT_SIZE; 218 else { 219 dev_warn(ddev, "config %d interface %d altsetting %d has an " 220 "invalid endpoint descriptor of length %d, skipping\n", 221 cfgno, inum, asnum, d->bLength); 222 goto skip_to_next_endpoint_or_interface_descriptor; 223 } 224 225 i = d->bEndpointAddress & ~USB_ENDPOINT_DIR_MASK; 226 if (i >= 16 || i == 0) { 227 dev_warn(ddev, "config %d interface %d altsetting %d has an " 228 "invalid endpoint with address 0x%X, skipping\n", 229 cfgno, inum, asnum, d->bEndpointAddress); 230 goto skip_to_next_endpoint_or_interface_descriptor; 231 } 232 233 /* Only store as many endpoints as we have room for */ 234 if (ifp->desc.bNumEndpoints >= num_ep) 235 goto skip_to_next_endpoint_or_interface_descriptor; 236 237 endpoint = &ifp->endpoint[ifp->desc.bNumEndpoints]; 238 ++ifp->desc.bNumEndpoints; 239 240 memcpy(&endpoint->desc, d, n); 241 INIT_LIST_HEAD(&endpoint->urb_list); 242 243 /* 244 * Fix up bInterval values outside the legal range. 245 * Use 10 or 8 ms if no proper value can be guessed. 246 */ 247 i = 0; /* i = min, j = max, n = default */ 248 j = 255; 249 if (usb_endpoint_xfer_int(d)) { 250 i = 1; 251 switch (to_usb_device(ddev)->speed) { 252 case USB_SPEED_SUPER_PLUS: 253 case USB_SPEED_SUPER: 254 case USB_SPEED_HIGH: 255 /* 256 * Many device manufacturers are using full-speed 257 * bInterval values in high-speed interrupt endpoint 258 * descriptors. Try to fix those and fall back to an 259 * 8-ms default value otherwise. 260 */ 261 n = fls(d->bInterval*8); 262 if (n == 0) 263 n = 7; /* 8 ms = 2^(7-1) uframes */ 264 j = 16; 265 266 /* 267 * Adjust bInterval for quirked devices. 268 * This quirk fixes bIntervals reported in 269 * linear microframes. 270 */ 271 if (to_usb_device(ddev)->quirks & 272 USB_QUIRK_LINEAR_UFRAME_INTR_BINTERVAL) { 273 n = clamp(fls(d->bInterval), i, j); 274 i = j = n; 275 } 276 break; 277 default: /* USB_SPEED_FULL or _LOW */ 278 /* 279 * For low-speed, 10 ms is the official minimum. 280 * But some "overclocked" devices might want faster 281 * polling so we'll allow it. 282 */ 283 n = 10; 284 break; 285 } 286 } else if (usb_endpoint_xfer_isoc(d)) { 287 i = 1; 288 j = 16; 289 switch (to_usb_device(ddev)->speed) { 290 case USB_SPEED_HIGH: 291 n = 7; /* 8 ms = 2^(7-1) uframes */ 292 break; 293 default: /* USB_SPEED_FULL */ 294 n = 4; /* 8 ms = 2^(4-1) frames */ 295 break; 296 } 297 } 298 if (d->bInterval < i || d->bInterval > j) { 299 dev_warn(ddev, "config %d interface %d altsetting %d " 300 "endpoint 0x%X has an invalid bInterval %d, " 301 "changing to %d\n", 302 cfgno, inum, asnum, 303 d->bEndpointAddress, d->bInterval, n); 304 endpoint->desc.bInterval = n; 305 } 306 307 /* Some buggy low-speed devices have Bulk endpoints, which is 308 * explicitly forbidden by the USB spec. In an attempt to make 309 * them usable, we will try treating them as Interrupt endpoints. 310 */ 311 if (to_usb_device(ddev)->speed == USB_SPEED_LOW && 312 usb_endpoint_xfer_bulk(d)) { 313 dev_warn(ddev, "config %d interface %d altsetting %d " 314 "endpoint 0x%X is Bulk; changing to Interrupt\n", 315 cfgno, inum, asnum, d->bEndpointAddress); 316 endpoint->desc.bmAttributes = USB_ENDPOINT_XFER_INT; 317 endpoint->desc.bInterval = 1; 318 if (usb_endpoint_maxp(&endpoint->desc) > 8) 319 endpoint->desc.wMaxPacketSize = cpu_to_le16(8); 320 } 321 322 /* Validate the wMaxPacketSize field */ 323 maxp = usb_endpoint_maxp(&endpoint->desc); 324 325 /* Find the highest legal maxpacket size for this endpoint */ 326 i = 0; /* additional transactions per microframe */ 327 switch (to_usb_device(ddev)->speed) { 328 case USB_SPEED_LOW: 329 maxpacket_maxes = low_speed_maxpacket_maxes; 330 break; 331 case USB_SPEED_FULL: 332 maxpacket_maxes = full_speed_maxpacket_maxes; 333 break; 334 case USB_SPEED_HIGH: 335 /* Bits 12..11 are allowed only for HS periodic endpoints */ 336 if (usb_endpoint_xfer_int(d) || usb_endpoint_xfer_isoc(d)) { 337 i = maxp & (BIT(12) | BIT(11)); 338 maxp &= ~i; 339 } 340 /* fallthrough */ 341 default: 342 maxpacket_maxes = high_speed_maxpacket_maxes; 343 break; 344 case USB_SPEED_SUPER: 345 case USB_SPEED_SUPER_PLUS: 346 maxpacket_maxes = super_speed_maxpacket_maxes; 347 break; 348 } 349 j = maxpacket_maxes[usb_endpoint_type(&endpoint->desc)]; 350 351 if (maxp > j) { 352 dev_warn(ddev, "config %d interface %d altsetting %d endpoint 0x%X has invalid maxpacket %d, setting to %d\n", 353 cfgno, inum, asnum, d->bEndpointAddress, maxp, j); 354 maxp = j; 355 endpoint->desc.wMaxPacketSize = cpu_to_le16(i | maxp); 356 } 357 358 /* 359 * Some buggy high speed devices have bulk endpoints using 360 * maxpacket sizes other than 512. High speed HCDs may not 361 * be able to handle that particular bug, so let's warn... 362 */ 363 if (to_usb_device(ddev)->speed == USB_SPEED_HIGH 364 && usb_endpoint_xfer_bulk(d)) { 365 if (maxp != 512) 366 dev_warn(ddev, "config %d interface %d altsetting %d " 367 "bulk endpoint 0x%X has invalid maxpacket %d\n", 368 cfgno, inum, asnum, d->bEndpointAddress, 369 maxp); 370 } 371 372 /* Parse a possible SuperSpeed endpoint companion descriptor */ 373 if (to_usb_device(ddev)->speed >= USB_SPEED_SUPER) 374 usb_parse_ss_endpoint_companion(ddev, cfgno, 375 inum, asnum, endpoint, buffer, size); 376 377 /* Skip over any Class Specific or Vendor Specific descriptors; 378 * find the next endpoint or interface descriptor */ 379 endpoint->extra = buffer; 380 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 381 USB_DT_INTERFACE, &n); 382 endpoint->extralen = i; 383 retval = buffer - buffer0 + i; 384 if (n > 0) 385 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 386 n, plural(n), "endpoint"); 387 return retval; 388 389 skip_to_next_endpoint_or_interface_descriptor: 390 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 391 USB_DT_INTERFACE, NULL); 392 return buffer - buffer0 + i; 393 } 394 395 void usb_release_interface_cache(struct kref *ref) 396 { 397 struct usb_interface_cache *intfc = ref_to_usb_interface_cache(ref); 398 int j; 399 400 for (j = 0; j < intfc->num_altsetting; j++) { 401 struct usb_host_interface *alt = &intfc->altsetting[j]; 402 403 kfree(alt->endpoint); 404 kfree(alt->string); 405 } 406 kfree(intfc); 407 } 408 409 static int usb_parse_interface(struct device *ddev, int cfgno, 410 struct usb_host_config *config, unsigned char *buffer, int size, 411 u8 inums[], u8 nalts[]) 412 { 413 unsigned char *buffer0 = buffer; 414 struct usb_interface_descriptor *d; 415 int inum, asnum; 416 struct usb_interface_cache *intfc; 417 struct usb_host_interface *alt; 418 int i, n; 419 int len, retval; 420 int num_ep, num_ep_orig; 421 422 d = (struct usb_interface_descriptor *) buffer; 423 buffer += d->bLength; 424 size -= d->bLength; 425 426 if (d->bLength < USB_DT_INTERFACE_SIZE) 427 goto skip_to_next_interface_descriptor; 428 429 /* Which interface entry is this? */ 430 intfc = NULL; 431 inum = d->bInterfaceNumber; 432 for (i = 0; i < config->desc.bNumInterfaces; ++i) { 433 if (inums[i] == inum) { 434 intfc = config->intf_cache[i]; 435 break; 436 } 437 } 438 if (!intfc || intfc->num_altsetting >= nalts[i]) 439 goto skip_to_next_interface_descriptor; 440 441 /* Check for duplicate altsetting entries */ 442 asnum = d->bAlternateSetting; 443 for ((i = 0, alt = &intfc->altsetting[0]); 444 i < intfc->num_altsetting; 445 (++i, ++alt)) { 446 if (alt->desc.bAlternateSetting == asnum) { 447 dev_warn(ddev, "Duplicate descriptor for config %d " 448 "interface %d altsetting %d, skipping\n", 449 cfgno, inum, asnum); 450 goto skip_to_next_interface_descriptor; 451 } 452 } 453 454 ++intfc->num_altsetting; 455 memcpy(&alt->desc, d, USB_DT_INTERFACE_SIZE); 456 457 /* Skip over any Class Specific or Vendor Specific descriptors; 458 * find the first endpoint or interface descriptor */ 459 alt->extra = buffer; 460 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 461 USB_DT_INTERFACE, &n); 462 alt->extralen = i; 463 if (n > 0) 464 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 465 n, plural(n), "interface"); 466 buffer += i; 467 size -= i; 468 469 /* Allocate space for the right(?) number of endpoints */ 470 num_ep = num_ep_orig = alt->desc.bNumEndpoints; 471 alt->desc.bNumEndpoints = 0; /* Use as a counter */ 472 if (num_ep > USB_MAXENDPOINTS) { 473 dev_warn(ddev, "too many endpoints for config %d interface %d " 474 "altsetting %d: %d, using maximum allowed: %d\n", 475 cfgno, inum, asnum, num_ep, USB_MAXENDPOINTS); 476 num_ep = USB_MAXENDPOINTS; 477 } 478 479 if (num_ep > 0) { 480 /* Can't allocate 0 bytes */ 481 len = sizeof(struct usb_host_endpoint) * num_ep; 482 alt->endpoint = kzalloc(len, GFP_KERNEL); 483 if (!alt->endpoint) 484 return -ENOMEM; 485 } 486 487 /* Parse all the endpoint descriptors */ 488 n = 0; 489 while (size > 0) { 490 if (((struct usb_descriptor_header *) buffer)->bDescriptorType 491 == USB_DT_INTERFACE) 492 break; 493 retval = usb_parse_endpoint(ddev, cfgno, inum, asnum, alt, 494 num_ep, buffer, size); 495 if (retval < 0) 496 return retval; 497 ++n; 498 499 buffer += retval; 500 size -= retval; 501 } 502 503 if (n != num_ep_orig) 504 dev_warn(ddev, "config %d interface %d altsetting %d has %d " 505 "endpoint descriptor%s, different from the interface " 506 "descriptor's value: %d\n", 507 cfgno, inum, asnum, n, plural(n), num_ep_orig); 508 return buffer - buffer0; 509 510 skip_to_next_interface_descriptor: 511 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE, 512 USB_DT_INTERFACE, NULL); 513 return buffer - buffer0 + i; 514 } 515 516 static int usb_parse_configuration(struct usb_device *dev, int cfgidx, 517 struct usb_host_config *config, unsigned char *buffer, int size) 518 { 519 struct device *ddev = &dev->dev; 520 unsigned char *buffer0 = buffer; 521 int cfgno; 522 int nintf, nintf_orig; 523 int i, j, n; 524 struct usb_interface_cache *intfc; 525 unsigned char *buffer2; 526 int size2; 527 struct usb_descriptor_header *header; 528 int len, retval; 529 u8 inums[USB_MAXINTERFACES], nalts[USB_MAXINTERFACES]; 530 unsigned iad_num = 0; 531 532 memcpy(&config->desc, buffer, USB_DT_CONFIG_SIZE); 533 if (config->desc.bDescriptorType != USB_DT_CONFIG || 534 config->desc.bLength < USB_DT_CONFIG_SIZE || 535 config->desc.bLength > size) { 536 dev_err(ddev, "invalid descriptor for config index %d: " 537 "type = 0x%X, length = %d\n", cfgidx, 538 config->desc.bDescriptorType, config->desc.bLength); 539 return -EINVAL; 540 } 541 cfgno = config->desc.bConfigurationValue; 542 543 buffer += config->desc.bLength; 544 size -= config->desc.bLength; 545 546 nintf = nintf_orig = config->desc.bNumInterfaces; 547 if (nintf > USB_MAXINTERFACES) { 548 dev_warn(ddev, "config %d has too many interfaces: %d, " 549 "using maximum allowed: %d\n", 550 cfgno, nintf, USB_MAXINTERFACES); 551 nintf = USB_MAXINTERFACES; 552 } 553 554 /* Go through the descriptors, checking their length and counting the 555 * number of altsettings for each interface */ 556 n = 0; 557 for ((buffer2 = buffer, size2 = size); 558 size2 > 0; 559 (buffer2 += header->bLength, size2 -= header->bLength)) { 560 561 if (size2 < sizeof(struct usb_descriptor_header)) { 562 dev_warn(ddev, "config %d descriptor has %d excess " 563 "byte%s, ignoring\n", 564 cfgno, size2, plural(size2)); 565 break; 566 } 567 568 header = (struct usb_descriptor_header *) buffer2; 569 if ((header->bLength > size2) || (header->bLength < 2)) { 570 dev_warn(ddev, "config %d has an invalid descriptor " 571 "of length %d, skipping remainder of the config\n", 572 cfgno, header->bLength); 573 break; 574 } 575 576 if (header->bDescriptorType == USB_DT_INTERFACE) { 577 struct usb_interface_descriptor *d; 578 int inum; 579 580 d = (struct usb_interface_descriptor *) header; 581 if (d->bLength < USB_DT_INTERFACE_SIZE) { 582 dev_warn(ddev, "config %d has an invalid " 583 "interface descriptor of length %d, " 584 "skipping\n", cfgno, d->bLength); 585 continue; 586 } 587 588 inum = d->bInterfaceNumber; 589 590 if ((dev->quirks & USB_QUIRK_HONOR_BNUMINTERFACES) && 591 n >= nintf_orig) { 592 dev_warn(ddev, "config %d has more interface " 593 "descriptors, than it declares in " 594 "bNumInterfaces, ignoring interface " 595 "number: %d\n", cfgno, inum); 596 continue; 597 } 598 599 if (inum >= nintf_orig) 600 dev_warn(ddev, "config %d has an invalid " 601 "interface number: %d but max is %d\n", 602 cfgno, inum, nintf_orig - 1); 603 604 /* Have we already encountered this interface? 605 * Count its altsettings */ 606 for (i = 0; i < n; ++i) { 607 if (inums[i] == inum) 608 break; 609 } 610 if (i < n) { 611 if (nalts[i] < 255) 612 ++nalts[i]; 613 } else if (n < USB_MAXINTERFACES) { 614 inums[n] = inum; 615 nalts[n] = 1; 616 ++n; 617 } 618 619 } else if (header->bDescriptorType == 620 USB_DT_INTERFACE_ASSOCIATION) { 621 if (iad_num == USB_MAXIADS) { 622 dev_warn(ddev, "found more Interface " 623 "Association Descriptors " 624 "than allocated for in " 625 "configuration %d\n", cfgno); 626 } else { 627 config->intf_assoc[iad_num] = 628 (struct usb_interface_assoc_descriptor 629 *)header; 630 iad_num++; 631 } 632 633 } else if (header->bDescriptorType == USB_DT_DEVICE || 634 header->bDescriptorType == USB_DT_CONFIG) 635 dev_warn(ddev, "config %d contains an unexpected " 636 "descriptor of type 0x%X, skipping\n", 637 cfgno, header->bDescriptorType); 638 639 } /* for ((buffer2 = buffer, size2 = size); ...) */ 640 size = buffer2 - buffer; 641 config->desc.wTotalLength = cpu_to_le16(buffer2 - buffer0); 642 643 if (n != nintf) 644 dev_warn(ddev, "config %d has %d interface%s, different from " 645 "the descriptor's value: %d\n", 646 cfgno, n, plural(n), nintf_orig); 647 else if (n == 0) 648 dev_warn(ddev, "config %d has no interfaces?\n", cfgno); 649 config->desc.bNumInterfaces = nintf = n; 650 651 /* Check for missing interface numbers */ 652 for (i = 0; i < nintf; ++i) { 653 for (j = 0; j < nintf; ++j) { 654 if (inums[j] == i) 655 break; 656 } 657 if (j >= nintf) 658 dev_warn(ddev, "config %d has no interface number " 659 "%d\n", cfgno, i); 660 } 661 662 /* Allocate the usb_interface_caches and altsetting arrays */ 663 for (i = 0; i < nintf; ++i) { 664 j = nalts[i]; 665 if (j > USB_MAXALTSETTING) { 666 dev_warn(ddev, "too many alternate settings for " 667 "config %d interface %d: %d, " 668 "using maximum allowed: %d\n", 669 cfgno, inums[i], j, USB_MAXALTSETTING); 670 nalts[i] = j = USB_MAXALTSETTING; 671 } 672 673 len = sizeof(*intfc) + sizeof(struct usb_host_interface) * j; 674 config->intf_cache[i] = intfc = kzalloc(len, GFP_KERNEL); 675 if (!intfc) 676 return -ENOMEM; 677 kref_init(&intfc->ref); 678 } 679 680 /* FIXME: parse the BOS descriptor */ 681 682 /* Skip over any Class Specific or Vendor Specific descriptors; 683 * find the first interface descriptor */ 684 config->extra = buffer; 685 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE, 686 USB_DT_INTERFACE, &n); 687 config->extralen = i; 688 if (n > 0) 689 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 690 n, plural(n), "configuration"); 691 buffer += i; 692 size -= i; 693 694 /* Parse all the interface/altsetting descriptors */ 695 while (size > 0) { 696 retval = usb_parse_interface(ddev, cfgno, config, 697 buffer, size, inums, nalts); 698 if (retval < 0) 699 return retval; 700 701 buffer += retval; 702 size -= retval; 703 } 704 705 /* Check for missing altsettings */ 706 for (i = 0; i < nintf; ++i) { 707 intfc = config->intf_cache[i]; 708 for (j = 0; j < intfc->num_altsetting; ++j) { 709 for (n = 0; n < intfc->num_altsetting; ++n) { 710 if (intfc->altsetting[n].desc. 711 bAlternateSetting == j) 712 break; 713 } 714 if (n >= intfc->num_altsetting) 715 dev_warn(ddev, "config %d interface %d has no " 716 "altsetting %d\n", cfgno, inums[i], j); 717 } 718 } 719 720 return 0; 721 } 722 723 /* hub-only!! ... and only exported for reset/reinit path. 724 * otherwise used internally on disconnect/destroy path 725 */ 726 void usb_destroy_configuration(struct usb_device *dev) 727 { 728 int c, i; 729 730 if (!dev->config) 731 return; 732 733 if (dev->rawdescriptors) { 734 for (i = 0; i < dev->descriptor.bNumConfigurations; i++) 735 kfree(dev->rawdescriptors[i]); 736 737 kfree(dev->rawdescriptors); 738 dev->rawdescriptors = NULL; 739 } 740 741 for (c = 0; c < dev->descriptor.bNumConfigurations; c++) { 742 struct usb_host_config *cf = &dev->config[c]; 743 744 kfree(cf->string); 745 for (i = 0; i < cf->desc.bNumInterfaces; i++) { 746 if (cf->intf_cache[i]) 747 kref_put(&cf->intf_cache[i]->ref, 748 usb_release_interface_cache); 749 } 750 } 751 kfree(dev->config); 752 dev->config = NULL; 753 } 754 755 756 /* 757 * Get the USB config descriptors, cache and parse'em 758 * 759 * hub-only!! ... and only in reset path, or usb_new_device() 760 * (used by real hubs and virtual root hubs) 761 */ 762 int usb_get_configuration(struct usb_device *dev) 763 { 764 struct device *ddev = &dev->dev; 765 int ncfg = dev->descriptor.bNumConfigurations; 766 int result = 0; 767 unsigned int cfgno, length; 768 unsigned char *bigbuffer; 769 struct usb_config_descriptor *desc; 770 771 cfgno = 0; 772 result = -ENOMEM; 773 if (ncfg > USB_MAXCONFIG) { 774 dev_warn(ddev, "too many configurations: %d, " 775 "using maximum allowed: %d\n", ncfg, USB_MAXCONFIG); 776 dev->descriptor.bNumConfigurations = ncfg = USB_MAXCONFIG; 777 } 778 779 if (ncfg < 1) { 780 dev_err(ddev, "no configurations\n"); 781 return -EINVAL; 782 } 783 784 length = ncfg * sizeof(struct usb_host_config); 785 dev->config = kzalloc(length, GFP_KERNEL); 786 if (!dev->config) 787 goto err2; 788 789 length = ncfg * sizeof(char *); 790 dev->rawdescriptors = kzalloc(length, GFP_KERNEL); 791 if (!dev->rawdescriptors) 792 goto err2; 793 794 desc = kmalloc(USB_DT_CONFIG_SIZE, GFP_KERNEL); 795 if (!desc) 796 goto err2; 797 798 result = 0; 799 for (; cfgno < ncfg; cfgno++) { 800 /* We grab just the first descriptor so we know how long 801 * the whole configuration is */ 802 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno, 803 desc, USB_DT_CONFIG_SIZE); 804 if (result < 0) { 805 dev_err(ddev, "unable to read config index %d " 806 "descriptor/%s: %d\n", cfgno, "start", result); 807 if (result != -EPIPE) 808 goto err; 809 dev_err(ddev, "chopping to %d config(s)\n", cfgno); 810 dev->descriptor.bNumConfigurations = cfgno; 811 break; 812 } else if (result < 4) { 813 dev_err(ddev, "config index %d descriptor too short " 814 "(expected %i, got %i)\n", cfgno, 815 USB_DT_CONFIG_SIZE, result); 816 result = -EINVAL; 817 goto err; 818 } 819 length = max((int) le16_to_cpu(desc->wTotalLength), 820 USB_DT_CONFIG_SIZE); 821 822 /* Now that we know the length, get the whole thing */ 823 bigbuffer = kmalloc(length, GFP_KERNEL); 824 if (!bigbuffer) { 825 result = -ENOMEM; 826 goto err; 827 } 828 829 if (dev->quirks & USB_QUIRK_DELAY_INIT) 830 msleep(100); 831 832 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno, 833 bigbuffer, length); 834 if (result < 0) { 835 dev_err(ddev, "unable to read config index %d " 836 "descriptor/%s\n", cfgno, "all"); 837 kfree(bigbuffer); 838 goto err; 839 } 840 if (result < length) { 841 dev_warn(ddev, "config index %d descriptor too short " 842 "(expected %i, got %i)\n", cfgno, length, result); 843 length = result; 844 } 845 846 dev->rawdescriptors[cfgno] = bigbuffer; 847 848 result = usb_parse_configuration(dev, cfgno, 849 &dev->config[cfgno], bigbuffer, length); 850 if (result < 0) { 851 ++cfgno; 852 goto err; 853 } 854 } 855 result = 0; 856 857 err: 858 kfree(desc); 859 dev->descriptor.bNumConfigurations = cfgno; 860 err2: 861 if (result == -ENOMEM) 862 dev_err(ddev, "out of memory\n"); 863 return result; 864 } 865 866 void usb_release_bos_descriptor(struct usb_device *dev) 867 { 868 if (dev->bos) { 869 kfree(dev->bos->desc); 870 kfree(dev->bos); 871 dev->bos = NULL; 872 } 873 } 874 875 /* Get BOS descriptor set */ 876 int usb_get_bos_descriptor(struct usb_device *dev) 877 { 878 struct device *ddev = &dev->dev; 879 struct usb_bos_descriptor *bos; 880 struct usb_dev_cap_header *cap; 881 unsigned char *buffer; 882 int length, total_len, num, i; 883 int ret; 884 885 bos = kzalloc(sizeof(struct usb_bos_descriptor), GFP_KERNEL); 886 if (!bos) 887 return -ENOMEM; 888 889 /* Get BOS descriptor */ 890 ret = usb_get_descriptor(dev, USB_DT_BOS, 0, bos, USB_DT_BOS_SIZE); 891 if (ret < USB_DT_BOS_SIZE) { 892 dev_err(ddev, "unable to get BOS descriptor\n"); 893 if (ret >= 0) 894 ret = -ENOMSG; 895 kfree(bos); 896 return ret; 897 } 898 899 length = bos->bLength; 900 total_len = le16_to_cpu(bos->wTotalLength); 901 num = bos->bNumDeviceCaps; 902 kfree(bos); 903 if (total_len < length) 904 return -EINVAL; 905 906 dev->bos = kzalloc(sizeof(struct usb_host_bos), GFP_KERNEL); 907 if (!dev->bos) 908 return -ENOMEM; 909 910 /* Now let's get the whole BOS descriptor set */ 911 buffer = kzalloc(total_len, GFP_KERNEL); 912 if (!buffer) { 913 ret = -ENOMEM; 914 goto err; 915 } 916 dev->bos->desc = (struct usb_bos_descriptor *)buffer; 917 918 ret = usb_get_descriptor(dev, USB_DT_BOS, 0, buffer, total_len); 919 if (ret < total_len) { 920 dev_err(ddev, "unable to get BOS descriptor set\n"); 921 if (ret >= 0) 922 ret = -ENOMSG; 923 goto err; 924 } 925 total_len -= length; 926 927 for (i = 0; i < num; i++) { 928 buffer += length; 929 cap = (struct usb_dev_cap_header *)buffer; 930 length = cap->bLength; 931 932 if (total_len < length) 933 break; 934 total_len -= length; 935 936 if (cap->bDescriptorType != USB_DT_DEVICE_CAPABILITY) { 937 dev_warn(ddev, "descriptor type invalid, skip\n"); 938 continue; 939 } 940 941 switch (cap->bDevCapabilityType) { 942 case USB_CAP_TYPE_WIRELESS_USB: 943 /* Wireless USB cap descriptor is handled by wusb */ 944 break; 945 case USB_CAP_TYPE_EXT: 946 dev->bos->ext_cap = 947 (struct usb_ext_cap_descriptor *)buffer; 948 break; 949 case USB_SS_CAP_TYPE: 950 dev->bos->ss_cap = 951 (struct usb_ss_cap_descriptor *)buffer; 952 break; 953 case USB_SSP_CAP_TYPE: 954 dev->bos->ssp_cap = 955 (struct usb_ssp_cap_descriptor *)buffer; 956 break; 957 case CONTAINER_ID_TYPE: 958 dev->bos->ss_id = 959 (struct usb_ss_container_id_descriptor *)buffer; 960 break; 961 case USB_PTM_CAP_TYPE: 962 dev->bos->ptm_cap = 963 (struct usb_ptm_cap_descriptor *)buffer; 964 default: 965 break; 966 } 967 } 968 969 return 0; 970 971 err: 972 usb_release_bos_descriptor(dev); 973 return ret; 974 } 975