1 #include <linux/usb.h> 2 #include <linux/usb/ch9.h> 3 #include <linux/module.h> 4 #include <linux/init.h> 5 #include <linux/slab.h> 6 #include <linux/device.h> 7 #include <asm/byteorder.h> 8 #include "usb.h" 9 #include "hcd.h" 10 11 #define USB_MAXALTSETTING 128 /* Hard limit */ 12 #define USB_MAXENDPOINTS 30 /* Hard limit */ 13 14 #define USB_MAXCONFIG 8 /* Arbitrary limit */ 15 16 17 static inline const char *plural(int n) 18 { 19 return (n == 1 ? "" : "s"); 20 } 21 22 static int find_next_descriptor(unsigned char *buffer, int size, 23 int dt1, int dt2, int *num_skipped) 24 { 25 struct usb_descriptor_header *h; 26 int n = 0; 27 unsigned char *buffer0 = buffer; 28 29 /* Find the next descriptor of type dt1 or dt2 */ 30 while (size > 0) { 31 h = (struct usb_descriptor_header *) buffer; 32 if (h->bDescriptorType == dt1 || h->bDescriptorType == dt2) 33 break; 34 buffer += h->bLength; 35 size -= h->bLength; 36 ++n; 37 } 38 39 /* Store the number of descriptors skipped and return the 40 * number of bytes skipped */ 41 if (num_skipped) 42 *num_skipped = n; 43 return buffer - buffer0; 44 } 45 46 static int usb_parse_endpoint(struct device *ddev, int cfgno, int inum, 47 int asnum, struct usb_host_interface *ifp, int num_ep, 48 unsigned char *buffer, int size) 49 { 50 unsigned char *buffer0 = buffer; 51 struct usb_endpoint_descriptor *d; 52 struct usb_host_endpoint *endpoint; 53 int n, i, j; 54 55 d = (struct usb_endpoint_descriptor *) buffer; 56 buffer += d->bLength; 57 size -= d->bLength; 58 59 if (d->bLength >= USB_DT_ENDPOINT_AUDIO_SIZE) 60 n = USB_DT_ENDPOINT_AUDIO_SIZE; 61 else if (d->bLength >= USB_DT_ENDPOINT_SIZE) 62 n = USB_DT_ENDPOINT_SIZE; 63 else { 64 dev_warn(ddev, "config %d interface %d altsetting %d has an " 65 "invalid endpoint descriptor of length %d, skipping\n", 66 cfgno, inum, asnum, d->bLength); 67 goto skip_to_next_endpoint_or_interface_descriptor; 68 } 69 70 i = d->bEndpointAddress & ~USB_ENDPOINT_DIR_MASK; 71 if (i >= 16 || i == 0) { 72 dev_warn(ddev, "config %d interface %d altsetting %d has an " 73 "invalid endpoint with address 0x%X, skipping\n", 74 cfgno, inum, asnum, d->bEndpointAddress); 75 goto skip_to_next_endpoint_or_interface_descriptor; 76 } 77 78 /* Only store as many endpoints as we have room for */ 79 if (ifp->desc.bNumEndpoints >= num_ep) 80 goto skip_to_next_endpoint_or_interface_descriptor; 81 82 endpoint = &ifp->endpoint[ifp->desc.bNumEndpoints]; 83 ++ifp->desc.bNumEndpoints; 84 85 memcpy(&endpoint->desc, d, n); 86 INIT_LIST_HEAD(&endpoint->urb_list); 87 88 /* Fix up bInterval values outside the legal range. Use 32 ms if no 89 * proper value can be guessed. */ 90 i = 0; /* i = min, j = max, n = default */ 91 j = 255; 92 if (usb_endpoint_xfer_int(d)) { 93 i = 1; 94 switch (to_usb_device(ddev)->speed) { 95 case USB_SPEED_HIGH: 96 /* Many device manufacturers are using full-speed 97 * bInterval values in high-speed interrupt endpoint 98 * descriptors. Try to fix those and fall back to a 99 * 32 ms default value otherwise. */ 100 n = fls(d->bInterval*8); 101 if (n == 0) 102 n = 9; /* 32 ms = 2^(9-1) uframes */ 103 j = 16; 104 break; 105 default: /* USB_SPEED_FULL or _LOW */ 106 /* For low-speed, 10 ms is the official minimum. 107 * But some "overclocked" devices might want faster 108 * polling so we'll allow it. */ 109 n = 32; 110 break; 111 } 112 } else if (usb_endpoint_xfer_isoc(d)) { 113 i = 1; 114 j = 16; 115 switch (to_usb_device(ddev)->speed) { 116 case USB_SPEED_HIGH: 117 n = 9; /* 32 ms = 2^(9-1) uframes */ 118 break; 119 default: /* USB_SPEED_FULL */ 120 n = 6; /* 32 ms = 2^(6-1) frames */ 121 break; 122 } 123 } 124 if (d->bInterval < i || d->bInterval > j) { 125 dev_warn(ddev, "config %d interface %d altsetting %d " 126 "endpoint 0x%X has an invalid bInterval %d, " 127 "changing to %d\n", 128 cfgno, inum, asnum, 129 d->bEndpointAddress, d->bInterval, n); 130 endpoint->desc.bInterval = n; 131 } 132 133 /* Some buggy low-speed devices have Bulk endpoints, which is 134 * explicitly forbidden by the USB spec. In an attempt to make 135 * them usable, we will try treating them as Interrupt endpoints. 136 */ 137 if (to_usb_device(ddev)->speed == USB_SPEED_LOW && 138 usb_endpoint_xfer_bulk(d)) { 139 dev_warn(ddev, "config %d interface %d altsetting %d " 140 "endpoint 0x%X is Bulk; changing to Interrupt\n", 141 cfgno, inum, asnum, d->bEndpointAddress); 142 endpoint->desc.bmAttributes = USB_ENDPOINT_XFER_INT; 143 endpoint->desc.bInterval = 1; 144 if (le16_to_cpu(endpoint->desc.wMaxPacketSize) > 8) 145 endpoint->desc.wMaxPacketSize = cpu_to_le16(8); 146 } 147 148 /* Skip over any Class Specific or Vendor Specific descriptors; 149 * find the next endpoint or interface descriptor */ 150 endpoint->extra = buffer; 151 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 152 USB_DT_INTERFACE, &n); 153 endpoint->extralen = i; 154 if (n > 0) 155 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 156 n, plural(n), "endpoint"); 157 return buffer - buffer0 + i; 158 159 skip_to_next_endpoint_or_interface_descriptor: 160 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 161 USB_DT_INTERFACE, NULL); 162 return buffer - buffer0 + i; 163 } 164 165 void usb_release_interface_cache(struct kref *ref) 166 { 167 struct usb_interface_cache *intfc = ref_to_usb_interface_cache(ref); 168 int j; 169 170 for (j = 0; j < intfc->num_altsetting; j++) { 171 struct usb_host_interface *alt = &intfc->altsetting[j]; 172 173 kfree(alt->endpoint); 174 kfree(alt->string); 175 } 176 kfree(intfc); 177 } 178 179 static int usb_parse_interface(struct device *ddev, int cfgno, 180 struct usb_host_config *config, unsigned char *buffer, int size, 181 u8 inums[], u8 nalts[]) 182 { 183 unsigned char *buffer0 = buffer; 184 struct usb_interface_descriptor *d; 185 int inum, asnum; 186 struct usb_interface_cache *intfc; 187 struct usb_host_interface *alt; 188 int i, n; 189 int len, retval; 190 int num_ep, num_ep_orig; 191 192 d = (struct usb_interface_descriptor *) buffer; 193 buffer += d->bLength; 194 size -= d->bLength; 195 196 if (d->bLength < USB_DT_INTERFACE_SIZE) 197 goto skip_to_next_interface_descriptor; 198 199 /* Which interface entry is this? */ 200 intfc = NULL; 201 inum = d->bInterfaceNumber; 202 for (i = 0; i < config->desc.bNumInterfaces; ++i) { 203 if (inums[i] == inum) { 204 intfc = config->intf_cache[i]; 205 break; 206 } 207 } 208 if (!intfc || intfc->num_altsetting >= nalts[i]) 209 goto skip_to_next_interface_descriptor; 210 211 /* Check for duplicate altsetting entries */ 212 asnum = d->bAlternateSetting; 213 for ((i = 0, alt = &intfc->altsetting[0]); 214 i < intfc->num_altsetting; 215 (++i, ++alt)) { 216 if (alt->desc.bAlternateSetting == asnum) { 217 dev_warn(ddev, "Duplicate descriptor for config %d " 218 "interface %d altsetting %d, skipping\n", 219 cfgno, inum, asnum); 220 goto skip_to_next_interface_descriptor; 221 } 222 } 223 224 ++intfc->num_altsetting; 225 memcpy(&alt->desc, d, USB_DT_INTERFACE_SIZE); 226 227 /* Skip over any Class Specific or Vendor Specific descriptors; 228 * find the first endpoint or interface descriptor */ 229 alt->extra = buffer; 230 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 231 USB_DT_INTERFACE, &n); 232 alt->extralen = i; 233 if (n > 0) 234 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 235 n, plural(n), "interface"); 236 buffer += i; 237 size -= i; 238 239 /* Allocate space for the right(?) number of endpoints */ 240 num_ep = num_ep_orig = alt->desc.bNumEndpoints; 241 alt->desc.bNumEndpoints = 0; /* Use as a counter */ 242 if (num_ep > USB_MAXENDPOINTS) { 243 dev_warn(ddev, "too many endpoints for config %d interface %d " 244 "altsetting %d: %d, using maximum allowed: %d\n", 245 cfgno, inum, asnum, num_ep, USB_MAXENDPOINTS); 246 num_ep = USB_MAXENDPOINTS; 247 } 248 249 if (num_ep > 0) { 250 /* Can't allocate 0 bytes */ 251 len = sizeof(struct usb_host_endpoint) * num_ep; 252 alt->endpoint = kzalloc(len, GFP_KERNEL); 253 if (!alt->endpoint) 254 return -ENOMEM; 255 } 256 257 /* Parse all the endpoint descriptors */ 258 n = 0; 259 while (size > 0) { 260 if (((struct usb_descriptor_header *) buffer)->bDescriptorType 261 == USB_DT_INTERFACE) 262 break; 263 retval = usb_parse_endpoint(ddev, cfgno, inum, asnum, alt, 264 num_ep, buffer, size); 265 if (retval < 0) 266 return retval; 267 ++n; 268 269 buffer += retval; 270 size -= retval; 271 } 272 273 if (n != num_ep_orig) 274 dev_warn(ddev, "config %d interface %d altsetting %d has %d " 275 "endpoint descriptor%s, different from the interface " 276 "descriptor's value: %d\n", 277 cfgno, inum, asnum, n, plural(n), num_ep_orig); 278 return buffer - buffer0; 279 280 skip_to_next_interface_descriptor: 281 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE, 282 USB_DT_INTERFACE, NULL); 283 return buffer - buffer0 + i; 284 } 285 286 static int usb_parse_configuration(struct device *ddev, int cfgidx, 287 struct usb_host_config *config, unsigned char *buffer, int size) 288 { 289 unsigned char *buffer0 = buffer; 290 int cfgno; 291 int nintf, nintf_orig; 292 int i, j, n; 293 struct usb_interface_cache *intfc; 294 unsigned char *buffer2; 295 int size2; 296 struct usb_descriptor_header *header; 297 int len, retval; 298 u8 inums[USB_MAXINTERFACES], nalts[USB_MAXINTERFACES]; 299 unsigned iad_num = 0; 300 301 memcpy(&config->desc, buffer, USB_DT_CONFIG_SIZE); 302 if (config->desc.bDescriptorType != USB_DT_CONFIG || 303 config->desc.bLength < USB_DT_CONFIG_SIZE) { 304 dev_err(ddev, "invalid descriptor for config index %d: " 305 "type = 0x%X, length = %d\n", cfgidx, 306 config->desc.bDescriptorType, config->desc.bLength); 307 return -EINVAL; 308 } 309 cfgno = config->desc.bConfigurationValue; 310 311 buffer += config->desc.bLength; 312 size -= config->desc.bLength; 313 314 nintf = nintf_orig = config->desc.bNumInterfaces; 315 if (nintf > USB_MAXINTERFACES) { 316 dev_warn(ddev, "config %d has too many interfaces: %d, " 317 "using maximum allowed: %d\n", 318 cfgno, nintf, USB_MAXINTERFACES); 319 nintf = USB_MAXINTERFACES; 320 } 321 322 /* Go through the descriptors, checking their length and counting the 323 * number of altsettings for each interface */ 324 n = 0; 325 for ((buffer2 = buffer, size2 = size); 326 size2 > 0; 327 (buffer2 += header->bLength, size2 -= header->bLength)) { 328 329 if (size2 < sizeof(struct usb_descriptor_header)) { 330 dev_warn(ddev, "config %d descriptor has %d excess " 331 "byte%s, ignoring\n", 332 cfgno, size2, plural(size2)); 333 break; 334 } 335 336 header = (struct usb_descriptor_header *) buffer2; 337 if ((header->bLength > size2) || (header->bLength < 2)) { 338 dev_warn(ddev, "config %d has an invalid descriptor " 339 "of length %d, skipping remainder of the config\n", 340 cfgno, header->bLength); 341 break; 342 } 343 344 if (header->bDescriptorType == USB_DT_INTERFACE) { 345 struct usb_interface_descriptor *d; 346 int inum; 347 348 d = (struct usb_interface_descriptor *) header; 349 if (d->bLength < USB_DT_INTERFACE_SIZE) { 350 dev_warn(ddev, "config %d has an invalid " 351 "interface descriptor of length %d, " 352 "skipping\n", cfgno, d->bLength); 353 continue; 354 } 355 356 inum = d->bInterfaceNumber; 357 if (inum >= nintf_orig) 358 dev_warn(ddev, "config %d has an invalid " 359 "interface number: %d but max is %d\n", 360 cfgno, inum, nintf_orig - 1); 361 362 /* Have we already encountered this interface? 363 * Count its altsettings */ 364 for (i = 0; i < n; ++i) { 365 if (inums[i] == inum) 366 break; 367 } 368 if (i < n) { 369 if (nalts[i] < 255) 370 ++nalts[i]; 371 } else if (n < USB_MAXINTERFACES) { 372 inums[n] = inum; 373 nalts[n] = 1; 374 ++n; 375 } 376 377 } else if (header->bDescriptorType == 378 USB_DT_INTERFACE_ASSOCIATION) { 379 if (iad_num == USB_MAXIADS) { 380 dev_warn(ddev, "found more Interface " 381 "Association Descriptors " 382 "than allocated for in " 383 "configuration %d\n", cfgno); 384 } else { 385 config->intf_assoc[iad_num] = 386 (struct usb_interface_assoc_descriptor 387 *)header; 388 iad_num++; 389 } 390 391 } else if (header->bDescriptorType == USB_DT_DEVICE || 392 header->bDescriptorType == USB_DT_CONFIG) 393 dev_warn(ddev, "config %d contains an unexpected " 394 "descriptor of type 0x%X, skipping\n", 395 cfgno, header->bDescriptorType); 396 397 } /* for ((buffer2 = buffer, size2 = size); ...) */ 398 size = buffer2 - buffer; 399 config->desc.wTotalLength = cpu_to_le16(buffer2 - buffer0); 400 401 if (n != nintf) 402 dev_warn(ddev, "config %d has %d interface%s, different from " 403 "the descriptor's value: %d\n", 404 cfgno, n, plural(n), nintf_orig); 405 else if (n == 0) 406 dev_warn(ddev, "config %d has no interfaces?\n", cfgno); 407 config->desc.bNumInterfaces = nintf = n; 408 409 /* Check for missing interface numbers */ 410 for (i = 0; i < nintf; ++i) { 411 for (j = 0; j < nintf; ++j) { 412 if (inums[j] == i) 413 break; 414 } 415 if (j >= nintf) 416 dev_warn(ddev, "config %d has no interface number " 417 "%d\n", cfgno, i); 418 } 419 420 /* Allocate the usb_interface_caches and altsetting arrays */ 421 for (i = 0; i < nintf; ++i) { 422 j = nalts[i]; 423 if (j > USB_MAXALTSETTING) { 424 dev_warn(ddev, "too many alternate settings for " 425 "config %d interface %d: %d, " 426 "using maximum allowed: %d\n", 427 cfgno, inums[i], j, USB_MAXALTSETTING); 428 nalts[i] = j = USB_MAXALTSETTING; 429 } 430 431 len = sizeof(*intfc) + sizeof(struct usb_host_interface) * j; 432 config->intf_cache[i] = intfc = kzalloc(len, GFP_KERNEL); 433 if (!intfc) 434 return -ENOMEM; 435 kref_init(&intfc->ref); 436 } 437 438 /* Skip over any Class Specific or Vendor Specific descriptors; 439 * find the first interface descriptor */ 440 config->extra = buffer; 441 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE, 442 USB_DT_INTERFACE, &n); 443 config->extralen = i; 444 if (n > 0) 445 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 446 n, plural(n), "configuration"); 447 buffer += i; 448 size -= i; 449 450 /* Parse all the interface/altsetting descriptors */ 451 while (size > 0) { 452 retval = usb_parse_interface(ddev, cfgno, config, 453 buffer, size, inums, nalts); 454 if (retval < 0) 455 return retval; 456 457 buffer += retval; 458 size -= retval; 459 } 460 461 /* Check for missing altsettings */ 462 for (i = 0; i < nintf; ++i) { 463 intfc = config->intf_cache[i]; 464 for (j = 0; j < intfc->num_altsetting; ++j) { 465 for (n = 0; n < intfc->num_altsetting; ++n) { 466 if (intfc->altsetting[n].desc. 467 bAlternateSetting == j) 468 break; 469 } 470 if (n >= intfc->num_altsetting) 471 dev_warn(ddev, "config %d interface %d has no " 472 "altsetting %d\n", cfgno, inums[i], j); 473 } 474 } 475 476 return 0; 477 } 478 479 /* hub-only!! ... and only exported for reset/reinit path. 480 * otherwise used internally on disconnect/destroy path 481 */ 482 void usb_destroy_configuration(struct usb_device *dev) 483 { 484 int c, i; 485 486 if (!dev->config) 487 return; 488 489 if (dev->rawdescriptors) { 490 for (i = 0; i < dev->descriptor.bNumConfigurations; i++) 491 kfree(dev->rawdescriptors[i]); 492 493 kfree(dev->rawdescriptors); 494 dev->rawdescriptors = NULL; 495 } 496 497 for (c = 0; c < dev->descriptor.bNumConfigurations; c++) { 498 struct usb_host_config *cf = &dev->config[c]; 499 500 kfree(cf->string); 501 for (i = 0; i < cf->desc.bNumInterfaces; i++) { 502 if (cf->intf_cache[i]) 503 kref_put(&cf->intf_cache[i]->ref, 504 usb_release_interface_cache); 505 } 506 } 507 kfree(dev->config); 508 dev->config = NULL; 509 } 510 511 512 /* 513 * Get the USB config descriptors, cache and parse'em 514 * 515 * hub-only!! ... and only in reset path, or usb_new_device() 516 * (used by real hubs and virtual root hubs) 517 * 518 * NOTE: if this is a WUSB device and is not authorized, we skip the 519 * whole thing. A non-authorized USB device has no 520 * configurations. 521 */ 522 int usb_get_configuration(struct usb_device *dev) 523 { 524 struct device *ddev = &dev->dev; 525 int ncfg = dev->descriptor.bNumConfigurations; 526 int result = 0; 527 unsigned int cfgno, length; 528 unsigned char *buffer; 529 unsigned char *bigbuffer; 530 struct usb_config_descriptor *desc; 531 532 cfgno = 0; 533 if (dev->authorized == 0) /* Not really an error */ 534 goto out_not_authorized; 535 result = -ENOMEM; 536 if (ncfg > USB_MAXCONFIG) { 537 dev_warn(ddev, "too many configurations: %d, " 538 "using maximum allowed: %d\n", ncfg, USB_MAXCONFIG); 539 dev->descriptor.bNumConfigurations = ncfg = USB_MAXCONFIG; 540 } 541 542 if (ncfg < 1) { 543 dev_err(ddev, "no configurations\n"); 544 return -EINVAL; 545 } 546 547 length = ncfg * sizeof(struct usb_host_config); 548 dev->config = kzalloc(length, GFP_KERNEL); 549 if (!dev->config) 550 goto err2; 551 552 length = ncfg * sizeof(char *); 553 dev->rawdescriptors = kzalloc(length, GFP_KERNEL); 554 if (!dev->rawdescriptors) 555 goto err2; 556 557 buffer = kmalloc(USB_DT_CONFIG_SIZE, GFP_KERNEL); 558 if (!buffer) 559 goto err2; 560 desc = (struct usb_config_descriptor *)buffer; 561 562 result = 0; 563 for (; cfgno < ncfg; cfgno++) { 564 /* We grab just the first descriptor so we know how long 565 * the whole configuration is */ 566 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno, 567 buffer, USB_DT_CONFIG_SIZE); 568 if (result < 0) { 569 dev_err(ddev, "unable to read config index %d " 570 "descriptor/%s: %d\n", cfgno, "start", result); 571 dev_err(ddev, "chopping to %d config(s)\n", cfgno); 572 dev->descriptor.bNumConfigurations = cfgno; 573 break; 574 } else if (result < 4) { 575 dev_err(ddev, "config index %d descriptor too short " 576 "(expected %i, got %i)\n", cfgno, 577 USB_DT_CONFIG_SIZE, result); 578 result = -EINVAL; 579 goto err; 580 } 581 length = max((int) le16_to_cpu(desc->wTotalLength), 582 USB_DT_CONFIG_SIZE); 583 584 /* Now that we know the length, get the whole thing */ 585 bigbuffer = kmalloc(length, GFP_KERNEL); 586 if (!bigbuffer) { 587 result = -ENOMEM; 588 goto err; 589 } 590 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno, 591 bigbuffer, length); 592 if (result < 0) { 593 dev_err(ddev, "unable to read config index %d " 594 "descriptor/%s\n", cfgno, "all"); 595 kfree(bigbuffer); 596 goto err; 597 } 598 if (result < length) { 599 dev_warn(ddev, "config index %d descriptor too short " 600 "(expected %i, got %i)\n", cfgno, length, result); 601 length = result; 602 } 603 604 dev->rawdescriptors[cfgno] = bigbuffer; 605 606 result = usb_parse_configuration(&dev->dev, cfgno, 607 &dev->config[cfgno], bigbuffer, length); 608 if (result < 0) { 609 ++cfgno; 610 goto err; 611 } 612 } 613 result = 0; 614 615 err: 616 kfree(buffer); 617 out_not_authorized: 618 dev->descriptor.bNumConfigurations = cfgno; 619 err2: 620 if (result == -ENOMEM) 621 dev_err(ddev, "out of memory\n"); 622 return result; 623 } 624