xref: /openbmc/linux/drivers/usb/core/config.c (revision de2bdb3d)
1 #include <linux/usb.h>
2 #include <linux/usb/ch9.h>
3 #include <linux/usb/hcd.h>
4 #include <linux/usb/quirks.h>
5 #include <linux/module.h>
6 #include <linux/slab.h>
7 #include <linux/device.h>
8 #include <asm/byteorder.h>
9 #include "usb.h"
10 
11 
12 #define USB_MAXALTSETTING		128	/* Hard limit */
13 
14 #define USB_MAXCONFIG			8	/* Arbitrary limit */
15 
16 
17 static inline const char *plural(int n)
18 {
19 	return (n == 1 ? "" : "s");
20 }
21 
22 static int find_next_descriptor(unsigned char *buffer, int size,
23     int dt1, int dt2, int *num_skipped)
24 {
25 	struct usb_descriptor_header *h;
26 	int n = 0;
27 	unsigned char *buffer0 = buffer;
28 
29 	/* Find the next descriptor of type dt1 or dt2 */
30 	while (size > 0) {
31 		h = (struct usb_descriptor_header *) buffer;
32 		if (h->bDescriptorType == dt1 || h->bDescriptorType == dt2)
33 			break;
34 		buffer += h->bLength;
35 		size -= h->bLength;
36 		++n;
37 	}
38 
39 	/* Store the number of descriptors skipped and return the
40 	 * number of bytes skipped */
41 	if (num_skipped)
42 		*num_skipped = n;
43 	return buffer - buffer0;
44 }
45 
46 static void usb_parse_ssp_isoc_endpoint_companion(struct device *ddev,
47 		int cfgno, int inum, int asnum, struct usb_host_endpoint *ep,
48 		unsigned char *buffer, int size)
49 {
50 	struct usb_ssp_isoc_ep_comp_descriptor *desc;
51 
52 	/*
53 	 * The SuperSpeedPlus Isoc endpoint companion descriptor immediately
54 	 * follows the SuperSpeed Endpoint Companion descriptor
55 	 */
56 	desc = (struct usb_ssp_isoc_ep_comp_descriptor *) buffer;
57 	if (desc->bDescriptorType != USB_DT_SSP_ISOC_ENDPOINT_COMP ||
58 	    size < USB_DT_SSP_ISOC_EP_COMP_SIZE) {
59 		dev_warn(ddev, "Invalid SuperSpeedPlus isoc endpoint companion"
60 			 "for config %d interface %d altsetting %d ep %d.\n",
61 			 cfgno, inum, asnum, ep->desc.bEndpointAddress);
62 		return;
63 	}
64 	memcpy(&ep->ssp_isoc_ep_comp, desc, USB_DT_SSP_ISOC_EP_COMP_SIZE);
65 }
66 
67 static void usb_parse_ss_endpoint_companion(struct device *ddev, int cfgno,
68 		int inum, int asnum, struct usb_host_endpoint *ep,
69 		unsigned char *buffer, int size)
70 {
71 	struct usb_ss_ep_comp_descriptor *desc;
72 	int max_tx;
73 
74 	/* The SuperSpeed endpoint companion descriptor is supposed to
75 	 * be the first thing immediately following the endpoint descriptor.
76 	 */
77 	desc = (struct usb_ss_ep_comp_descriptor *) buffer;
78 
79 	if (desc->bDescriptorType != USB_DT_SS_ENDPOINT_COMP ||
80 			size < USB_DT_SS_EP_COMP_SIZE) {
81 		dev_warn(ddev, "No SuperSpeed endpoint companion for config %d "
82 				" interface %d altsetting %d ep %d: "
83 				"using minimum values\n",
84 				cfgno, inum, asnum, ep->desc.bEndpointAddress);
85 
86 		/* Fill in some default values.
87 		 * Leave bmAttributes as zero, which will mean no streams for
88 		 * bulk, and isoc won't support multiple bursts of packets.
89 		 * With bursts of only one packet, and a Mult of 1, the max
90 		 * amount of data moved per endpoint service interval is one
91 		 * packet.
92 		 */
93 		ep->ss_ep_comp.bLength = USB_DT_SS_EP_COMP_SIZE;
94 		ep->ss_ep_comp.bDescriptorType = USB_DT_SS_ENDPOINT_COMP;
95 		if (usb_endpoint_xfer_isoc(&ep->desc) ||
96 				usb_endpoint_xfer_int(&ep->desc))
97 			ep->ss_ep_comp.wBytesPerInterval =
98 					ep->desc.wMaxPacketSize;
99 		return;
100 	}
101 	buffer += desc->bLength;
102 	size -= desc->bLength;
103 	memcpy(&ep->ss_ep_comp, desc, USB_DT_SS_EP_COMP_SIZE);
104 
105 	/* Check the various values */
106 	if (usb_endpoint_xfer_control(&ep->desc) && desc->bMaxBurst != 0) {
107 		dev_warn(ddev, "Control endpoint with bMaxBurst = %d in "
108 				"config %d interface %d altsetting %d ep %d: "
109 				"setting to zero\n", desc->bMaxBurst,
110 				cfgno, inum, asnum, ep->desc.bEndpointAddress);
111 		ep->ss_ep_comp.bMaxBurst = 0;
112 	} else if (desc->bMaxBurst > 15) {
113 		dev_warn(ddev, "Endpoint with bMaxBurst = %d in "
114 				"config %d interface %d altsetting %d ep %d: "
115 				"setting to 15\n", desc->bMaxBurst,
116 				cfgno, inum, asnum, ep->desc.bEndpointAddress);
117 		ep->ss_ep_comp.bMaxBurst = 15;
118 	}
119 
120 	if ((usb_endpoint_xfer_control(&ep->desc) ||
121 			usb_endpoint_xfer_int(&ep->desc)) &&
122 				desc->bmAttributes != 0) {
123 		dev_warn(ddev, "%s endpoint with bmAttributes = %d in "
124 				"config %d interface %d altsetting %d ep %d: "
125 				"setting to zero\n",
126 				usb_endpoint_xfer_control(&ep->desc) ? "Control" : "Bulk",
127 				desc->bmAttributes,
128 				cfgno, inum, asnum, ep->desc.bEndpointAddress);
129 		ep->ss_ep_comp.bmAttributes = 0;
130 	} else if (usb_endpoint_xfer_bulk(&ep->desc) &&
131 			desc->bmAttributes > 16) {
132 		dev_warn(ddev, "Bulk endpoint with more than 65536 streams in "
133 				"config %d interface %d altsetting %d ep %d: "
134 				"setting to max\n",
135 				cfgno, inum, asnum, ep->desc.bEndpointAddress);
136 		ep->ss_ep_comp.bmAttributes = 16;
137 	} else if (usb_endpoint_xfer_isoc(&ep->desc) &&
138 		   !USB_SS_SSP_ISOC_COMP(desc->bmAttributes) &&
139 		   USB_SS_MULT(desc->bmAttributes) > 3) {
140 		dev_warn(ddev, "Isoc endpoint has Mult of %d in "
141 				"config %d interface %d altsetting %d ep %d: "
142 				"setting to 3\n",
143 				USB_SS_MULT(desc->bmAttributes),
144 				cfgno, inum, asnum, ep->desc.bEndpointAddress);
145 		ep->ss_ep_comp.bmAttributes = 2;
146 	}
147 
148 	if (usb_endpoint_xfer_isoc(&ep->desc))
149 		max_tx = (desc->bMaxBurst + 1) *
150 			(USB_SS_MULT(desc->bmAttributes)) *
151 			usb_endpoint_maxp(&ep->desc);
152 	else if (usb_endpoint_xfer_int(&ep->desc))
153 		max_tx = usb_endpoint_maxp(&ep->desc) *
154 			(desc->bMaxBurst + 1);
155 	else
156 		max_tx = 999999;
157 	if (le16_to_cpu(desc->wBytesPerInterval) > max_tx) {
158 		dev_warn(ddev, "%s endpoint with wBytesPerInterval of %d in "
159 				"config %d interface %d altsetting %d ep %d: "
160 				"setting to %d\n",
161 				usb_endpoint_xfer_isoc(&ep->desc) ? "Isoc" : "Int",
162 				le16_to_cpu(desc->wBytesPerInterval),
163 				cfgno, inum, asnum, ep->desc.bEndpointAddress,
164 				max_tx);
165 		ep->ss_ep_comp.wBytesPerInterval = cpu_to_le16(max_tx);
166 	}
167 	/* Parse a possible SuperSpeedPlus isoc ep companion descriptor */
168 	if (usb_endpoint_xfer_isoc(&ep->desc) &&
169 	    USB_SS_SSP_ISOC_COMP(desc->bmAttributes))
170 		usb_parse_ssp_isoc_endpoint_companion(ddev, cfgno, inum, asnum,
171 							ep, buffer, size);
172 }
173 
174 static const unsigned short low_speed_maxpacket_maxes[4] = {
175 	[USB_ENDPOINT_XFER_CONTROL] = 8,
176 	[USB_ENDPOINT_XFER_ISOC] = 0,
177 	[USB_ENDPOINT_XFER_BULK] = 0,
178 	[USB_ENDPOINT_XFER_INT] = 8,
179 };
180 static const unsigned short full_speed_maxpacket_maxes[4] = {
181 	[USB_ENDPOINT_XFER_CONTROL] = 64,
182 	[USB_ENDPOINT_XFER_ISOC] = 1023,
183 	[USB_ENDPOINT_XFER_BULK] = 64,
184 	[USB_ENDPOINT_XFER_INT] = 64,
185 };
186 static const unsigned short high_speed_maxpacket_maxes[4] = {
187 	[USB_ENDPOINT_XFER_CONTROL] = 64,
188 	[USB_ENDPOINT_XFER_ISOC] = 1024,
189 	[USB_ENDPOINT_XFER_BULK] = 512,
190 	[USB_ENDPOINT_XFER_INT] = 1024,
191 };
192 static const unsigned short super_speed_maxpacket_maxes[4] = {
193 	[USB_ENDPOINT_XFER_CONTROL] = 512,
194 	[USB_ENDPOINT_XFER_ISOC] = 1024,
195 	[USB_ENDPOINT_XFER_BULK] = 1024,
196 	[USB_ENDPOINT_XFER_INT] = 1024,
197 };
198 
199 static int usb_parse_endpoint(struct device *ddev, int cfgno, int inum,
200     int asnum, struct usb_host_interface *ifp, int num_ep,
201     unsigned char *buffer, int size)
202 {
203 	unsigned char *buffer0 = buffer;
204 	struct usb_endpoint_descriptor *d;
205 	struct usb_host_endpoint *endpoint;
206 	int n, i, j, retval;
207 	unsigned int maxp;
208 	const unsigned short *maxpacket_maxes;
209 
210 	d = (struct usb_endpoint_descriptor *) buffer;
211 	buffer += d->bLength;
212 	size -= d->bLength;
213 
214 	if (d->bLength >= USB_DT_ENDPOINT_AUDIO_SIZE)
215 		n = USB_DT_ENDPOINT_AUDIO_SIZE;
216 	else if (d->bLength >= USB_DT_ENDPOINT_SIZE)
217 		n = USB_DT_ENDPOINT_SIZE;
218 	else {
219 		dev_warn(ddev, "config %d interface %d altsetting %d has an "
220 		    "invalid endpoint descriptor of length %d, skipping\n",
221 		    cfgno, inum, asnum, d->bLength);
222 		goto skip_to_next_endpoint_or_interface_descriptor;
223 	}
224 
225 	i = d->bEndpointAddress & ~USB_ENDPOINT_DIR_MASK;
226 	if (i >= 16 || i == 0) {
227 		dev_warn(ddev, "config %d interface %d altsetting %d has an "
228 		    "invalid endpoint with address 0x%X, skipping\n",
229 		    cfgno, inum, asnum, d->bEndpointAddress);
230 		goto skip_to_next_endpoint_or_interface_descriptor;
231 	}
232 
233 	/* Only store as many endpoints as we have room for */
234 	if (ifp->desc.bNumEndpoints >= num_ep)
235 		goto skip_to_next_endpoint_or_interface_descriptor;
236 
237 	endpoint = &ifp->endpoint[ifp->desc.bNumEndpoints];
238 	++ifp->desc.bNumEndpoints;
239 
240 	memcpy(&endpoint->desc, d, n);
241 	INIT_LIST_HEAD(&endpoint->urb_list);
242 
243 	/*
244 	 * Fix up bInterval values outside the legal range.
245 	 * Use 10 or 8 ms if no proper value can be guessed.
246 	 */
247 	i = 0;		/* i = min, j = max, n = default */
248 	j = 255;
249 	if (usb_endpoint_xfer_int(d)) {
250 		i = 1;
251 		switch (to_usb_device(ddev)->speed) {
252 		case USB_SPEED_SUPER_PLUS:
253 		case USB_SPEED_SUPER:
254 		case USB_SPEED_HIGH:
255 			/*
256 			 * Many device manufacturers are using full-speed
257 			 * bInterval values in high-speed interrupt endpoint
258 			 * descriptors. Try to fix those and fall back to an
259 			 * 8-ms default value otherwise.
260 			 */
261 			n = fls(d->bInterval*8);
262 			if (n == 0)
263 				n = 7;	/* 8 ms = 2^(7-1) uframes */
264 			j = 16;
265 
266 			/*
267 			 * Adjust bInterval for quirked devices.
268 			 * This quirk fixes bIntervals reported in
269 			 * linear microframes.
270 			 */
271 			if (to_usb_device(ddev)->quirks &
272 				USB_QUIRK_LINEAR_UFRAME_INTR_BINTERVAL) {
273 				n = clamp(fls(d->bInterval), i, j);
274 				i = j = n;
275 			}
276 			break;
277 		default:		/* USB_SPEED_FULL or _LOW */
278 			/*
279 			 * For low-speed, 10 ms is the official minimum.
280 			 * But some "overclocked" devices might want faster
281 			 * polling so we'll allow it.
282 			 */
283 			n = 10;
284 			break;
285 		}
286 	} else if (usb_endpoint_xfer_isoc(d)) {
287 		i = 1;
288 		j = 16;
289 		switch (to_usb_device(ddev)->speed) {
290 		case USB_SPEED_HIGH:
291 			n = 7;		/* 8 ms = 2^(7-1) uframes */
292 			break;
293 		default:		/* USB_SPEED_FULL */
294 			n = 4;		/* 8 ms = 2^(4-1) frames */
295 			break;
296 		}
297 	}
298 	if (d->bInterval < i || d->bInterval > j) {
299 		dev_warn(ddev, "config %d interface %d altsetting %d "
300 		    "endpoint 0x%X has an invalid bInterval %d, "
301 		    "changing to %d\n",
302 		    cfgno, inum, asnum,
303 		    d->bEndpointAddress, d->bInterval, n);
304 		endpoint->desc.bInterval = n;
305 	}
306 
307 	/* Some buggy low-speed devices have Bulk endpoints, which is
308 	 * explicitly forbidden by the USB spec.  In an attempt to make
309 	 * them usable, we will try treating them as Interrupt endpoints.
310 	 */
311 	if (to_usb_device(ddev)->speed == USB_SPEED_LOW &&
312 			usb_endpoint_xfer_bulk(d)) {
313 		dev_warn(ddev, "config %d interface %d altsetting %d "
314 		    "endpoint 0x%X is Bulk; changing to Interrupt\n",
315 		    cfgno, inum, asnum, d->bEndpointAddress);
316 		endpoint->desc.bmAttributes = USB_ENDPOINT_XFER_INT;
317 		endpoint->desc.bInterval = 1;
318 		if (usb_endpoint_maxp(&endpoint->desc) > 8)
319 			endpoint->desc.wMaxPacketSize = cpu_to_le16(8);
320 	}
321 
322 	/* Validate the wMaxPacketSize field */
323 	maxp = usb_endpoint_maxp(&endpoint->desc);
324 
325 	/* Find the highest legal maxpacket size for this endpoint */
326 	i = 0;		/* additional transactions per microframe */
327 	switch (to_usb_device(ddev)->speed) {
328 	case USB_SPEED_LOW:
329 		maxpacket_maxes = low_speed_maxpacket_maxes;
330 		break;
331 	case USB_SPEED_FULL:
332 		maxpacket_maxes = full_speed_maxpacket_maxes;
333 		break;
334 	case USB_SPEED_HIGH:
335 		/* Bits 12..11 are allowed only for HS periodic endpoints */
336 		if (usb_endpoint_xfer_int(d) || usb_endpoint_xfer_isoc(d)) {
337 			i = maxp & (BIT(12) | BIT(11));
338 			maxp &= ~i;
339 		}
340 		/* fallthrough */
341 	default:
342 		maxpacket_maxes = high_speed_maxpacket_maxes;
343 		break;
344 	case USB_SPEED_SUPER:
345 	case USB_SPEED_SUPER_PLUS:
346 		maxpacket_maxes = super_speed_maxpacket_maxes;
347 		break;
348 	}
349 	j = maxpacket_maxes[usb_endpoint_type(&endpoint->desc)];
350 
351 	if (maxp > j) {
352 		dev_warn(ddev, "config %d interface %d altsetting %d endpoint 0x%X has invalid maxpacket %d, setting to %d\n",
353 		    cfgno, inum, asnum, d->bEndpointAddress, maxp, j);
354 		maxp = j;
355 		endpoint->desc.wMaxPacketSize = cpu_to_le16(i | maxp);
356 	}
357 
358 	/*
359 	 * Some buggy high speed devices have bulk endpoints using
360 	 * maxpacket sizes other than 512.  High speed HCDs may not
361 	 * be able to handle that particular bug, so let's warn...
362 	 */
363 	if (to_usb_device(ddev)->speed == USB_SPEED_HIGH
364 			&& usb_endpoint_xfer_bulk(d)) {
365 		if (maxp != 512)
366 			dev_warn(ddev, "config %d interface %d altsetting %d "
367 				"bulk endpoint 0x%X has invalid maxpacket %d\n",
368 				cfgno, inum, asnum, d->bEndpointAddress,
369 				maxp);
370 	}
371 
372 	/* Parse a possible SuperSpeed endpoint companion descriptor */
373 	if (to_usb_device(ddev)->speed >= USB_SPEED_SUPER)
374 		usb_parse_ss_endpoint_companion(ddev, cfgno,
375 				inum, asnum, endpoint, buffer, size);
376 
377 	/* Skip over any Class Specific or Vendor Specific descriptors;
378 	 * find the next endpoint or interface descriptor */
379 	endpoint->extra = buffer;
380 	i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
381 			USB_DT_INTERFACE, &n);
382 	endpoint->extralen = i;
383 	retval = buffer - buffer0 + i;
384 	if (n > 0)
385 		dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
386 		    n, plural(n), "endpoint");
387 	return retval;
388 
389 skip_to_next_endpoint_or_interface_descriptor:
390 	i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
391 	    USB_DT_INTERFACE, NULL);
392 	return buffer - buffer0 + i;
393 }
394 
395 void usb_release_interface_cache(struct kref *ref)
396 {
397 	struct usb_interface_cache *intfc = ref_to_usb_interface_cache(ref);
398 	int j;
399 
400 	for (j = 0; j < intfc->num_altsetting; j++) {
401 		struct usb_host_interface *alt = &intfc->altsetting[j];
402 
403 		kfree(alt->endpoint);
404 		kfree(alt->string);
405 	}
406 	kfree(intfc);
407 }
408 
409 static int usb_parse_interface(struct device *ddev, int cfgno,
410     struct usb_host_config *config, unsigned char *buffer, int size,
411     u8 inums[], u8 nalts[])
412 {
413 	unsigned char *buffer0 = buffer;
414 	struct usb_interface_descriptor	*d;
415 	int inum, asnum;
416 	struct usb_interface_cache *intfc;
417 	struct usb_host_interface *alt;
418 	int i, n;
419 	int len, retval;
420 	int num_ep, num_ep_orig;
421 
422 	d = (struct usb_interface_descriptor *) buffer;
423 	buffer += d->bLength;
424 	size -= d->bLength;
425 
426 	if (d->bLength < USB_DT_INTERFACE_SIZE)
427 		goto skip_to_next_interface_descriptor;
428 
429 	/* Which interface entry is this? */
430 	intfc = NULL;
431 	inum = d->bInterfaceNumber;
432 	for (i = 0; i < config->desc.bNumInterfaces; ++i) {
433 		if (inums[i] == inum) {
434 			intfc = config->intf_cache[i];
435 			break;
436 		}
437 	}
438 	if (!intfc || intfc->num_altsetting >= nalts[i])
439 		goto skip_to_next_interface_descriptor;
440 
441 	/* Check for duplicate altsetting entries */
442 	asnum = d->bAlternateSetting;
443 	for ((i = 0, alt = &intfc->altsetting[0]);
444 	      i < intfc->num_altsetting;
445 	     (++i, ++alt)) {
446 		if (alt->desc.bAlternateSetting == asnum) {
447 			dev_warn(ddev, "Duplicate descriptor for config %d "
448 			    "interface %d altsetting %d, skipping\n",
449 			    cfgno, inum, asnum);
450 			goto skip_to_next_interface_descriptor;
451 		}
452 	}
453 
454 	++intfc->num_altsetting;
455 	memcpy(&alt->desc, d, USB_DT_INTERFACE_SIZE);
456 
457 	/* Skip over any Class Specific or Vendor Specific descriptors;
458 	 * find the first endpoint or interface descriptor */
459 	alt->extra = buffer;
460 	i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
461 	    USB_DT_INTERFACE, &n);
462 	alt->extralen = i;
463 	if (n > 0)
464 		dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
465 		    n, plural(n), "interface");
466 	buffer += i;
467 	size -= i;
468 
469 	/* Allocate space for the right(?) number of endpoints */
470 	num_ep = num_ep_orig = alt->desc.bNumEndpoints;
471 	alt->desc.bNumEndpoints = 0;		/* Use as a counter */
472 	if (num_ep > USB_MAXENDPOINTS) {
473 		dev_warn(ddev, "too many endpoints for config %d interface %d "
474 		    "altsetting %d: %d, using maximum allowed: %d\n",
475 		    cfgno, inum, asnum, num_ep, USB_MAXENDPOINTS);
476 		num_ep = USB_MAXENDPOINTS;
477 	}
478 
479 	if (num_ep > 0) {
480 		/* Can't allocate 0 bytes */
481 		len = sizeof(struct usb_host_endpoint) * num_ep;
482 		alt->endpoint = kzalloc(len, GFP_KERNEL);
483 		if (!alt->endpoint)
484 			return -ENOMEM;
485 	}
486 
487 	/* Parse all the endpoint descriptors */
488 	n = 0;
489 	while (size > 0) {
490 		if (((struct usb_descriptor_header *) buffer)->bDescriptorType
491 		     == USB_DT_INTERFACE)
492 			break;
493 		retval = usb_parse_endpoint(ddev, cfgno, inum, asnum, alt,
494 		    num_ep, buffer, size);
495 		if (retval < 0)
496 			return retval;
497 		++n;
498 
499 		buffer += retval;
500 		size -= retval;
501 	}
502 
503 	if (n != num_ep_orig)
504 		dev_warn(ddev, "config %d interface %d altsetting %d has %d "
505 		    "endpoint descriptor%s, different from the interface "
506 		    "descriptor's value: %d\n",
507 		    cfgno, inum, asnum, n, plural(n), num_ep_orig);
508 	return buffer - buffer0;
509 
510 skip_to_next_interface_descriptor:
511 	i = find_next_descriptor(buffer, size, USB_DT_INTERFACE,
512 	    USB_DT_INTERFACE, NULL);
513 	return buffer - buffer0 + i;
514 }
515 
516 static int usb_parse_configuration(struct usb_device *dev, int cfgidx,
517     struct usb_host_config *config, unsigned char *buffer, int size)
518 {
519 	struct device *ddev = &dev->dev;
520 	unsigned char *buffer0 = buffer;
521 	int cfgno;
522 	int nintf, nintf_orig;
523 	int i, j, n;
524 	struct usb_interface_cache *intfc;
525 	unsigned char *buffer2;
526 	int size2;
527 	struct usb_descriptor_header *header;
528 	int len, retval;
529 	u8 inums[USB_MAXINTERFACES], nalts[USB_MAXINTERFACES];
530 	unsigned iad_num = 0;
531 
532 	memcpy(&config->desc, buffer, USB_DT_CONFIG_SIZE);
533 	if (config->desc.bDescriptorType != USB_DT_CONFIG ||
534 	    config->desc.bLength < USB_DT_CONFIG_SIZE ||
535 	    config->desc.bLength > size) {
536 		dev_err(ddev, "invalid descriptor for config index %d: "
537 		    "type = 0x%X, length = %d\n", cfgidx,
538 		    config->desc.bDescriptorType, config->desc.bLength);
539 		return -EINVAL;
540 	}
541 	cfgno = config->desc.bConfigurationValue;
542 
543 	buffer += config->desc.bLength;
544 	size -= config->desc.bLength;
545 
546 	nintf = nintf_orig = config->desc.bNumInterfaces;
547 	if (nintf > USB_MAXINTERFACES) {
548 		dev_warn(ddev, "config %d has too many interfaces: %d, "
549 		    "using maximum allowed: %d\n",
550 		    cfgno, nintf, USB_MAXINTERFACES);
551 		nintf = USB_MAXINTERFACES;
552 	}
553 
554 	/* Go through the descriptors, checking their length and counting the
555 	 * number of altsettings for each interface */
556 	n = 0;
557 	for ((buffer2 = buffer, size2 = size);
558 	      size2 > 0;
559 	     (buffer2 += header->bLength, size2 -= header->bLength)) {
560 
561 		if (size2 < sizeof(struct usb_descriptor_header)) {
562 			dev_warn(ddev, "config %d descriptor has %d excess "
563 			    "byte%s, ignoring\n",
564 			    cfgno, size2, plural(size2));
565 			break;
566 		}
567 
568 		header = (struct usb_descriptor_header *) buffer2;
569 		if ((header->bLength > size2) || (header->bLength < 2)) {
570 			dev_warn(ddev, "config %d has an invalid descriptor "
571 			    "of length %d, skipping remainder of the config\n",
572 			    cfgno, header->bLength);
573 			break;
574 		}
575 
576 		if (header->bDescriptorType == USB_DT_INTERFACE) {
577 			struct usb_interface_descriptor *d;
578 			int inum;
579 
580 			d = (struct usb_interface_descriptor *) header;
581 			if (d->bLength < USB_DT_INTERFACE_SIZE) {
582 				dev_warn(ddev, "config %d has an invalid "
583 				    "interface descriptor of length %d, "
584 				    "skipping\n", cfgno, d->bLength);
585 				continue;
586 			}
587 
588 			inum = d->bInterfaceNumber;
589 
590 			if ((dev->quirks & USB_QUIRK_HONOR_BNUMINTERFACES) &&
591 			    n >= nintf_orig) {
592 				dev_warn(ddev, "config %d has more interface "
593 				    "descriptors, than it declares in "
594 				    "bNumInterfaces, ignoring interface "
595 				    "number: %d\n", cfgno, inum);
596 				continue;
597 			}
598 
599 			if (inum >= nintf_orig)
600 				dev_warn(ddev, "config %d has an invalid "
601 				    "interface number: %d but max is %d\n",
602 				    cfgno, inum, nintf_orig - 1);
603 
604 			/* Have we already encountered this interface?
605 			 * Count its altsettings */
606 			for (i = 0; i < n; ++i) {
607 				if (inums[i] == inum)
608 					break;
609 			}
610 			if (i < n) {
611 				if (nalts[i] < 255)
612 					++nalts[i];
613 			} else if (n < USB_MAXINTERFACES) {
614 				inums[n] = inum;
615 				nalts[n] = 1;
616 				++n;
617 			}
618 
619 		} else if (header->bDescriptorType ==
620 				USB_DT_INTERFACE_ASSOCIATION) {
621 			if (iad_num == USB_MAXIADS) {
622 				dev_warn(ddev, "found more Interface "
623 					       "Association Descriptors "
624 					       "than allocated for in "
625 					       "configuration %d\n", cfgno);
626 			} else {
627 				config->intf_assoc[iad_num] =
628 					(struct usb_interface_assoc_descriptor
629 					*)header;
630 				iad_num++;
631 			}
632 
633 		} else if (header->bDescriptorType == USB_DT_DEVICE ||
634 			    header->bDescriptorType == USB_DT_CONFIG)
635 			dev_warn(ddev, "config %d contains an unexpected "
636 			    "descriptor of type 0x%X, skipping\n",
637 			    cfgno, header->bDescriptorType);
638 
639 	}	/* for ((buffer2 = buffer, size2 = size); ...) */
640 	size = buffer2 - buffer;
641 	config->desc.wTotalLength = cpu_to_le16(buffer2 - buffer0);
642 
643 	if (n != nintf)
644 		dev_warn(ddev, "config %d has %d interface%s, different from "
645 		    "the descriptor's value: %d\n",
646 		    cfgno, n, plural(n), nintf_orig);
647 	else if (n == 0)
648 		dev_warn(ddev, "config %d has no interfaces?\n", cfgno);
649 	config->desc.bNumInterfaces = nintf = n;
650 
651 	/* Check for missing interface numbers */
652 	for (i = 0; i < nintf; ++i) {
653 		for (j = 0; j < nintf; ++j) {
654 			if (inums[j] == i)
655 				break;
656 		}
657 		if (j >= nintf)
658 			dev_warn(ddev, "config %d has no interface number "
659 			    "%d\n", cfgno, i);
660 	}
661 
662 	/* Allocate the usb_interface_caches and altsetting arrays */
663 	for (i = 0; i < nintf; ++i) {
664 		j = nalts[i];
665 		if (j > USB_MAXALTSETTING) {
666 			dev_warn(ddev, "too many alternate settings for "
667 			    "config %d interface %d: %d, "
668 			    "using maximum allowed: %d\n",
669 			    cfgno, inums[i], j, USB_MAXALTSETTING);
670 			nalts[i] = j = USB_MAXALTSETTING;
671 		}
672 
673 		len = sizeof(*intfc) + sizeof(struct usb_host_interface) * j;
674 		config->intf_cache[i] = intfc = kzalloc(len, GFP_KERNEL);
675 		if (!intfc)
676 			return -ENOMEM;
677 		kref_init(&intfc->ref);
678 	}
679 
680 	/* FIXME: parse the BOS descriptor */
681 
682 	/* Skip over any Class Specific or Vendor Specific descriptors;
683 	 * find the first interface descriptor */
684 	config->extra = buffer;
685 	i = find_next_descriptor(buffer, size, USB_DT_INTERFACE,
686 	    USB_DT_INTERFACE, &n);
687 	config->extralen = i;
688 	if (n > 0)
689 		dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
690 		    n, plural(n), "configuration");
691 	buffer += i;
692 	size -= i;
693 
694 	/* Parse all the interface/altsetting descriptors */
695 	while (size > 0) {
696 		retval = usb_parse_interface(ddev, cfgno, config,
697 		    buffer, size, inums, nalts);
698 		if (retval < 0)
699 			return retval;
700 
701 		buffer += retval;
702 		size -= retval;
703 	}
704 
705 	/* Check for missing altsettings */
706 	for (i = 0; i < nintf; ++i) {
707 		intfc = config->intf_cache[i];
708 		for (j = 0; j < intfc->num_altsetting; ++j) {
709 			for (n = 0; n < intfc->num_altsetting; ++n) {
710 				if (intfc->altsetting[n].desc.
711 				    bAlternateSetting == j)
712 					break;
713 			}
714 			if (n >= intfc->num_altsetting)
715 				dev_warn(ddev, "config %d interface %d has no "
716 				    "altsetting %d\n", cfgno, inums[i], j);
717 		}
718 	}
719 
720 	return 0;
721 }
722 
723 /* hub-only!! ... and only exported for reset/reinit path.
724  * otherwise used internally on disconnect/destroy path
725  */
726 void usb_destroy_configuration(struct usb_device *dev)
727 {
728 	int c, i;
729 
730 	if (!dev->config)
731 		return;
732 
733 	if (dev->rawdescriptors) {
734 		for (i = 0; i < dev->descriptor.bNumConfigurations; i++)
735 			kfree(dev->rawdescriptors[i]);
736 
737 		kfree(dev->rawdescriptors);
738 		dev->rawdescriptors = NULL;
739 	}
740 
741 	for (c = 0; c < dev->descriptor.bNumConfigurations; c++) {
742 		struct usb_host_config *cf = &dev->config[c];
743 
744 		kfree(cf->string);
745 		for (i = 0; i < cf->desc.bNumInterfaces; i++) {
746 			if (cf->intf_cache[i])
747 				kref_put(&cf->intf_cache[i]->ref,
748 					  usb_release_interface_cache);
749 		}
750 	}
751 	kfree(dev->config);
752 	dev->config = NULL;
753 }
754 
755 
756 /*
757  * Get the USB config descriptors, cache and parse'em
758  *
759  * hub-only!! ... and only in reset path, or usb_new_device()
760  * (used by real hubs and virtual root hubs)
761  */
762 int usb_get_configuration(struct usb_device *dev)
763 {
764 	struct device *ddev = &dev->dev;
765 	int ncfg = dev->descriptor.bNumConfigurations;
766 	int result = 0;
767 	unsigned int cfgno, length;
768 	unsigned char *bigbuffer;
769 	struct usb_config_descriptor *desc;
770 
771 	cfgno = 0;
772 	result = -ENOMEM;
773 	if (ncfg > USB_MAXCONFIG) {
774 		dev_warn(ddev, "too many configurations: %d, "
775 		    "using maximum allowed: %d\n", ncfg, USB_MAXCONFIG);
776 		dev->descriptor.bNumConfigurations = ncfg = USB_MAXCONFIG;
777 	}
778 
779 	if (ncfg < 1) {
780 		dev_err(ddev, "no configurations\n");
781 		return -EINVAL;
782 	}
783 
784 	length = ncfg * sizeof(struct usb_host_config);
785 	dev->config = kzalloc(length, GFP_KERNEL);
786 	if (!dev->config)
787 		goto err2;
788 
789 	length = ncfg * sizeof(char *);
790 	dev->rawdescriptors = kzalloc(length, GFP_KERNEL);
791 	if (!dev->rawdescriptors)
792 		goto err2;
793 
794 	desc = kmalloc(USB_DT_CONFIG_SIZE, GFP_KERNEL);
795 	if (!desc)
796 		goto err2;
797 
798 	result = 0;
799 	for (; cfgno < ncfg; cfgno++) {
800 		/* We grab just the first descriptor so we know how long
801 		 * the whole configuration is */
802 		result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno,
803 		    desc, USB_DT_CONFIG_SIZE);
804 		if (result < 0) {
805 			dev_err(ddev, "unable to read config index %d "
806 			    "descriptor/%s: %d\n", cfgno, "start", result);
807 			if (result != -EPIPE)
808 				goto err;
809 			dev_err(ddev, "chopping to %d config(s)\n", cfgno);
810 			dev->descriptor.bNumConfigurations = cfgno;
811 			break;
812 		} else if (result < 4) {
813 			dev_err(ddev, "config index %d descriptor too short "
814 			    "(expected %i, got %i)\n", cfgno,
815 			    USB_DT_CONFIG_SIZE, result);
816 			result = -EINVAL;
817 			goto err;
818 		}
819 		length = max((int) le16_to_cpu(desc->wTotalLength),
820 		    USB_DT_CONFIG_SIZE);
821 
822 		/* Now that we know the length, get the whole thing */
823 		bigbuffer = kmalloc(length, GFP_KERNEL);
824 		if (!bigbuffer) {
825 			result = -ENOMEM;
826 			goto err;
827 		}
828 
829 		if (dev->quirks & USB_QUIRK_DELAY_INIT)
830 			msleep(100);
831 
832 		result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno,
833 		    bigbuffer, length);
834 		if (result < 0) {
835 			dev_err(ddev, "unable to read config index %d "
836 			    "descriptor/%s\n", cfgno, "all");
837 			kfree(bigbuffer);
838 			goto err;
839 		}
840 		if (result < length) {
841 			dev_warn(ddev, "config index %d descriptor too short "
842 			    "(expected %i, got %i)\n", cfgno, length, result);
843 			length = result;
844 		}
845 
846 		dev->rawdescriptors[cfgno] = bigbuffer;
847 
848 		result = usb_parse_configuration(dev, cfgno,
849 		    &dev->config[cfgno], bigbuffer, length);
850 		if (result < 0) {
851 			++cfgno;
852 			goto err;
853 		}
854 	}
855 	result = 0;
856 
857 err:
858 	kfree(desc);
859 	dev->descriptor.bNumConfigurations = cfgno;
860 err2:
861 	if (result == -ENOMEM)
862 		dev_err(ddev, "out of memory\n");
863 	return result;
864 }
865 
866 void usb_release_bos_descriptor(struct usb_device *dev)
867 {
868 	if (dev->bos) {
869 		kfree(dev->bos->desc);
870 		kfree(dev->bos);
871 		dev->bos = NULL;
872 	}
873 }
874 
875 /* Get BOS descriptor set */
876 int usb_get_bos_descriptor(struct usb_device *dev)
877 {
878 	struct device *ddev = &dev->dev;
879 	struct usb_bos_descriptor *bos;
880 	struct usb_dev_cap_header *cap;
881 	unsigned char *buffer;
882 	int length, total_len, num, i;
883 	int ret;
884 
885 	bos = kzalloc(sizeof(struct usb_bos_descriptor), GFP_KERNEL);
886 	if (!bos)
887 		return -ENOMEM;
888 
889 	/* Get BOS descriptor */
890 	ret = usb_get_descriptor(dev, USB_DT_BOS, 0, bos, USB_DT_BOS_SIZE);
891 	if (ret < USB_DT_BOS_SIZE) {
892 		dev_err(ddev, "unable to get BOS descriptor\n");
893 		if (ret >= 0)
894 			ret = -ENOMSG;
895 		kfree(bos);
896 		return ret;
897 	}
898 
899 	length = bos->bLength;
900 	total_len = le16_to_cpu(bos->wTotalLength);
901 	num = bos->bNumDeviceCaps;
902 	kfree(bos);
903 	if (total_len < length)
904 		return -EINVAL;
905 
906 	dev->bos = kzalloc(sizeof(struct usb_host_bos), GFP_KERNEL);
907 	if (!dev->bos)
908 		return -ENOMEM;
909 
910 	/* Now let's get the whole BOS descriptor set */
911 	buffer = kzalloc(total_len, GFP_KERNEL);
912 	if (!buffer) {
913 		ret = -ENOMEM;
914 		goto err;
915 	}
916 	dev->bos->desc = (struct usb_bos_descriptor *)buffer;
917 
918 	ret = usb_get_descriptor(dev, USB_DT_BOS, 0, buffer, total_len);
919 	if (ret < total_len) {
920 		dev_err(ddev, "unable to get BOS descriptor set\n");
921 		if (ret >= 0)
922 			ret = -ENOMSG;
923 		goto err;
924 	}
925 	total_len -= length;
926 
927 	for (i = 0; i < num; i++) {
928 		buffer += length;
929 		cap = (struct usb_dev_cap_header *)buffer;
930 		length = cap->bLength;
931 
932 		if (total_len < length)
933 			break;
934 		total_len -= length;
935 
936 		if (cap->bDescriptorType != USB_DT_DEVICE_CAPABILITY) {
937 			dev_warn(ddev, "descriptor type invalid, skip\n");
938 			continue;
939 		}
940 
941 		switch (cap->bDevCapabilityType) {
942 		case USB_CAP_TYPE_WIRELESS_USB:
943 			/* Wireless USB cap descriptor is handled by wusb */
944 			break;
945 		case USB_CAP_TYPE_EXT:
946 			dev->bos->ext_cap =
947 				(struct usb_ext_cap_descriptor *)buffer;
948 			break;
949 		case USB_SS_CAP_TYPE:
950 			dev->bos->ss_cap =
951 				(struct usb_ss_cap_descriptor *)buffer;
952 			break;
953 		case USB_SSP_CAP_TYPE:
954 			dev->bos->ssp_cap =
955 				(struct usb_ssp_cap_descriptor *)buffer;
956 			break;
957 		case CONTAINER_ID_TYPE:
958 			dev->bos->ss_id =
959 				(struct usb_ss_container_id_descriptor *)buffer;
960 			break;
961 		case USB_PTM_CAP_TYPE:
962 			dev->bos->ptm_cap =
963 				(struct usb_ptm_cap_descriptor *)buffer;
964 		default:
965 			break;
966 		}
967 	}
968 
969 	return 0;
970 
971 err:
972 	usb_release_bos_descriptor(dev);
973 	return ret;
974 }
975