1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Released under the GPLv2 only.
4 */
5
6 #include <linux/usb.h>
7 #include <linux/usb/ch9.h>
8 #include <linux/usb/hcd.h>
9 #include <linux/usb/quirks.h>
10 #include <linux/module.h>
11 #include <linux/slab.h>
12 #include <linux/string_choices.h>
13 #include <linux/device.h>
14 #include <asm/byteorder.h>
15 #include "usb.h"
16
17
18 #define USB_MAXALTSETTING 128 /* Hard limit */
19
20 #define USB_MAXCONFIG 8 /* Arbitrary limit */
21
find_next_descriptor(unsigned char * buffer,int size,int dt1,int dt2,int * num_skipped)22 static int find_next_descriptor(unsigned char *buffer, int size,
23 int dt1, int dt2, int *num_skipped)
24 {
25 struct usb_descriptor_header *h;
26 int n = 0;
27 unsigned char *buffer0 = buffer;
28
29 /* Find the next descriptor of type dt1 or dt2 */
30 while (size > 0) {
31 h = (struct usb_descriptor_header *) buffer;
32 if (h->bDescriptorType == dt1 || h->bDescriptorType == dt2)
33 break;
34 buffer += h->bLength;
35 size -= h->bLength;
36 ++n;
37 }
38
39 /* Store the number of descriptors skipped and return the
40 * number of bytes skipped */
41 if (num_skipped)
42 *num_skipped = n;
43 return buffer - buffer0;
44 }
45
usb_parse_ssp_isoc_endpoint_companion(struct device * ddev,int cfgno,int inum,int asnum,struct usb_host_endpoint * ep,unsigned char * buffer,int size)46 static void usb_parse_ssp_isoc_endpoint_companion(struct device *ddev,
47 int cfgno, int inum, int asnum, struct usb_host_endpoint *ep,
48 unsigned char *buffer, int size)
49 {
50 struct usb_ssp_isoc_ep_comp_descriptor *desc;
51
52 /*
53 * The SuperSpeedPlus Isoc endpoint companion descriptor immediately
54 * follows the SuperSpeed Endpoint Companion descriptor
55 */
56 desc = (struct usb_ssp_isoc_ep_comp_descriptor *) buffer;
57 if (size < USB_DT_SSP_ISOC_EP_COMP_SIZE ||
58 desc->bDescriptorType != USB_DT_SSP_ISOC_ENDPOINT_COMP) {
59 dev_notice(ddev, "Invalid SuperSpeedPlus isoc endpoint companion for config %d interface %d altsetting %d ep 0x%X.\n",
60 cfgno, inum, asnum, ep->desc.bEndpointAddress);
61 return;
62 }
63 memcpy(&ep->ssp_isoc_ep_comp, desc, USB_DT_SSP_ISOC_EP_COMP_SIZE);
64 }
65
usb_parse_eusb2_isoc_endpoint_companion(struct device * ddev,int cfgno,int inum,int asnum,struct usb_host_endpoint * ep,unsigned char * buffer,int size)66 static void usb_parse_eusb2_isoc_endpoint_companion(struct device *ddev,
67 int cfgno, int inum, int asnum, struct usb_host_endpoint *ep,
68 unsigned char *buffer, int size)
69 {
70 struct usb_eusb2_isoc_ep_comp_descriptor *desc;
71 struct usb_descriptor_header *h;
72
73 /*
74 * eUSB2 isochronous endpoint companion descriptor for this endpoint
75 * shall be declared before the next endpoint or interface descriptor
76 */
77 while (size >= USB_DT_EUSB2_ISOC_EP_COMP_SIZE) {
78 h = (struct usb_descriptor_header *)buffer;
79
80 if (h->bDescriptorType == USB_DT_EUSB2_ISOC_ENDPOINT_COMP) {
81 desc = (struct usb_eusb2_isoc_ep_comp_descriptor *)buffer;
82 ep->eusb2_isoc_ep_comp = *desc;
83 return;
84 }
85 if (h->bDescriptorType == USB_DT_ENDPOINT ||
86 h->bDescriptorType == USB_DT_INTERFACE)
87 break;
88
89 buffer += h->bLength;
90 size -= h->bLength;
91 }
92
93 dev_notice(ddev, "No eUSB2 isoc ep 0x%X companion for config %d interface %d altsetting %d\n",
94 ep->desc.bEndpointAddress, cfgno, inum, asnum);
95 }
96
usb_parse_ss_endpoint_companion(struct device * ddev,int cfgno,int inum,int asnum,struct usb_host_endpoint * ep,unsigned char * buffer,int size)97 static void usb_parse_ss_endpoint_companion(struct device *ddev, int cfgno,
98 int inum, int asnum, struct usb_host_endpoint *ep,
99 unsigned char *buffer, int size)
100 {
101 struct usb_ss_ep_comp_descriptor *desc;
102 int max_tx;
103
104 /* The SuperSpeed endpoint companion descriptor is supposed to
105 * be the first thing immediately following the endpoint descriptor.
106 */
107 desc = (struct usb_ss_ep_comp_descriptor *) buffer;
108
109 if (size < USB_DT_SS_EP_COMP_SIZE) {
110 dev_notice(ddev,
111 "invalid SuperSpeed endpoint companion descriptor "
112 "of length %d, skipping\n", size);
113 return;
114 }
115
116 if (desc->bDescriptorType != USB_DT_SS_ENDPOINT_COMP) {
117 dev_notice(ddev, "No SuperSpeed endpoint companion for config %d interface %d altsetting %d ep 0x%X: using minimum values\n",
118 cfgno, inum, asnum, ep->desc.bEndpointAddress);
119
120 /* Fill in some default values.
121 * Leave bmAttributes as zero, which will mean no streams for
122 * bulk, and isoc won't support multiple bursts of packets.
123 * With bursts of only one packet, and a Mult of 1, the max
124 * amount of data moved per endpoint service interval is one
125 * packet.
126 */
127 ep->ss_ep_comp.bLength = USB_DT_SS_EP_COMP_SIZE;
128 ep->ss_ep_comp.bDescriptorType = USB_DT_SS_ENDPOINT_COMP;
129 if (usb_endpoint_xfer_isoc(&ep->desc) ||
130 usb_endpoint_xfer_int(&ep->desc))
131 ep->ss_ep_comp.wBytesPerInterval =
132 ep->desc.wMaxPacketSize;
133 return;
134 }
135 buffer += desc->bLength;
136 size -= desc->bLength;
137 memcpy(&ep->ss_ep_comp, desc, USB_DT_SS_EP_COMP_SIZE);
138
139 /* Check the various values */
140 if (usb_endpoint_xfer_control(&ep->desc) && desc->bMaxBurst != 0) {
141 dev_notice(ddev, "Control endpoint with bMaxBurst = %d in config %d interface %d altsetting %d ep 0x%X: setting to zero\n",
142 desc->bMaxBurst, cfgno, inum, asnum, ep->desc.bEndpointAddress);
143 ep->ss_ep_comp.bMaxBurst = 0;
144 } else if (desc->bMaxBurst > 15) {
145 dev_notice(ddev, "Endpoint with bMaxBurst = %d in config %d interface %d altsetting %d ep 0x%X: setting to 15\n",
146 desc->bMaxBurst, cfgno, inum, asnum, ep->desc.bEndpointAddress);
147 ep->ss_ep_comp.bMaxBurst = 15;
148 }
149
150 if ((usb_endpoint_xfer_control(&ep->desc) ||
151 usb_endpoint_xfer_int(&ep->desc)) &&
152 desc->bmAttributes != 0) {
153 dev_notice(ddev, "%s endpoint with bmAttributes = %d in config %d interface %d altsetting %d ep 0x%X: setting to zero\n",
154 usb_endpoint_xfer_control(&ep->desc) ? "Control" : "Bulk",
155 desc->bmAttributes,
156 cfgno, inum, asnum, ep->desc.bEndpointAddress);
157 ep->ss_ep_comp.bmAttributes = 0;
158 } else if (usb_endpoint_xfer_bulk(&ep->desc) &&
159 desc->bmAttributes > 16) {
160 dev_notice(ddev, "Bulk endpoint with more than 65536 streams in config %d interface %d altsetting %d ep 0x%X: setting to max\n",
161 cfgno, inum, asnum, ep->desc.bEndpointAddress);
162 ep->ss_ep_comp.bmAttributes = 16;
163 } else if (usb_endpoint_xfer_isoc(&ep->desc) &&
164 !USB_SS_SSP_ISOC_COMP(desc->bmAttributes) &&
165 USB_SS_MULT(desc->bmAttributes) > 3) {
166 dev_notice(ddev, "Isoc endpoint has Mult of %d in config %d interface %d altsetting %d ep 0x%X: setting to 3\n",
167 USB_SS_MULT(desc->bmAttributes),
168 cfgno, inum, asnum, ep->desc.bEndpointAddress);
169 ep->ss_ep_comp.bmAttributes = 2;
170 }
171
172 if (usb_endpoint_xfer_isoc(&ep->desc))
173 max_tx = (desc->bMaxBurst + 1) *
174 (USB_SS_MULT(desc->bmAttributes)) *
175 usb_endpoint_maxp(&ep->desc);
176 else if (usb_endpoint_xfer_int(&ep->desc))
177 max_tx = usb_endpoint_maxp(&ep->desc) *
178 (desc->bMaxBurst + 1);
179 else
180 max_tx = 999999;
181 /*
182 * wBytesPerInterval > max_tx is bogus, but USB3 spec doesn't forbid the opposite.
183 * Experience shows that wBytesPerInterval < wMaxPacketSize on common interrupt IN
184 * endpoints is usually bogus too, and recent HCs enforce interrupt BW limits.
185 */
186 if (le16_to_cpu(desc->wBytesPerInterval) > max_tx ||
187 (le16_to_cpu(desc->wBytesPerInterval) < usb_endpoint_maxp(&ep->desc) &&
188 usb_endpoint_is_int_in(&ep->desc))) {
189 dev_notice(ddev, "%s endpoint with wBytesPerInterval of %d in config %d interface %d altsetting %d ep 0x%X: setting to %d\n",
190 usb_endpoint_xfer_isoc(&ep->desc) ? "Isoc" : "Int",
191 le16_to_cpu(desc->wBytesPerInterval),
192 cfgno, inum, asnum, ep->desc.bEndpointAddress,
193 max_tx);
194 ep->ss_ep_comp.wBytesPerInterval = cpu_to_le16(max_tx);
195 }
196 /* Parse a possible SuperSpeedPlus isoc ep companion descriptor */
197 if (usb_endpoint_xfer_isoc(&ep->desc) &&
198 USB_SS_SSP_ISOC_COMP(desc->bmAttributes))
199 usb_parse_ssp_isoc_endpoint_companion(ddev, cfgno, inum, asnum,
200 ep, buffer, size);
201 }
202
203 static const unsigned short low_speed_maxpacket_maxes[4] = {
204 [USB_ENDPOINT_XFER_CONTROL] = 8,
205 [USB_ENDPOINT_XFER_ISOC] = 0,
206 [USB_ENDPOINT_XFER_BULK] = 0,
207 [USB_ENDPOINT_XFER_INT] = 8,
208 };
209 static const unsigned short full_speed_maxpacket_maxes[4] = {
210 [USB_ENDPOINT_XFER_CONTROL] = 64,
211 [USB_ENDPOINT_XFER_ISOC] = 1023,
212 [USB_ENDPOINT_XFER_BULK] = 64,
213 [USB_ENDPOINT_XFER_INT] = 64,
214 };
215 static const unsigned short high_speed_maxpacket_maxes[4] = {
216 [USB_ENDPOINT_XFER_CONTROL] = 64,
217 [USB_ENDPOINT_XFER_ISOC] = 1024,
218
219 /* Bulk should be 512, but some devices use 1024: we will warn below */
220 [USB_ENDPOINT_XFER_BULK] = 1024,
221 [USB_ENDPOINT_XFER_INT] = 1024,
222 };
223 static const unsigned short super_speed_maxpacket_maxes[4] = {
224 [USB_ENDPOINT_XFER_CONTROL] = 512,
225 [USB_ENDPOINT_XFER_ISOC] = 1024,
226 [USB_ENDPOINT_XFER_BULK] = 1024,
227 [USB_ENDPOINT_XFER_INT] = 1024,
228 };
229
endpoint_is_duplicate(struct usb_endpoint_descriptor * e1,struct usb_endpoint_descriptor * e2)230 static bool endpoint_is_duplicate(struct usb_endpoint_descriptor *e1,
231 struct usb_endpoint_descriptor *e2)
232 {
233 if (e1->bEndpointAddress == e2->bEndpointAddress)
234 return true;
235
236 if (usb_endpoint_xfer_control(e1) || usb_endpoint_xfer_control(e2)) {
237 if (usb_endpoint_num(e1) == usb_endpoint_num(e2))
238 return true;
239 }
240
241 return false;
242 }
243
244 /*
245 * Check for duplicate endpoint addresses in other interfaces and in the
246 * altsetting currently being parsed.
247 */
config_endpoint_is_duplicate(struct usb_host_config * config,int inum,int asnum,struct usb_endpoint_descriptor * d)248 static bool config_endpoint_is_duplicate(struct usb_host_config *config,
249 int inum, int asnum, struct usb_endpoint_descriptor *d)
250 {
251 struct usb_endpoint_descriptor *epd;
252 struct usb_interface_cache *intfc;
253 struct usb_host_interface *alt;
254 int i, j, k;
255
256 for (i = 0; i < config->desc.bNumInterfaces; ++i) {
257 intfc = config->intf_cache[i];
258
259 for (j = 0; j < intfc->num_altsetting; ++j) {
260 alt = &intfc->altsetting[j];
261
262 if (alt->desc.bInterfaceNumber == inum &&
263 alt->desc.bAlternateSetting != asnum)
264 continue;
265
266 for (k = 0; k < alt->desc.bNumEndpoints; ++k) {
267 epd = &alt->endpoint[k].desc;
268
269 if (endpoint_is_duplicate(epd, d))
270 return true;
271 }
272 }
273 }
274
275 return false;
276 }
277
usb_parse_endpoint(struct device * ddev,int cfgno,struct usb_host_config * config,int inum,int asnum,struct usb_host_interface * ifp,int num_ep,unsigned char * buffer,int size)278 static int usb_parse_endpoint(struct device *ddev, int cfgno,
279 struct usb_host_config *config, int inum, int asnum,
280 struct usb_host_interface *ifp, int num_ep,
281 unsigned char *buffer, int size)
282 {
283 struct usb_device *udev = to_usb_device(ddev);
284 unsigned char *buffer0 = buffer;
285 struct usb_endpoint_descriptor *d;
286 struct usb_host_endpoint *endpoint;
287 int n, i, j, retval;
288 unsigned int maxp;
289 const unsigned short *maxpacket_maxes;
290 u16 bcdUSB;
291
292 d = (struct usb_endpoint_descriptor *) buffer;
293 bcdUSB = le16_to_cpu(udev->descriptor.bcdUSB);
294 buffer += d->bLength;
295 size -= d->bLength;
296
297 if (d->bLength >= USB_DT_ENDPOINT_AUDIO_SIZE)
298 n = USB_DT_ENDPOINT_AUDIO_SIZE;
299 else if (d->bLength >= USB_DT_ENDPOINT_SIZE)
300 n = USB_DT_ENDPOINT_SIZE;
301 else {
302 dev_notice(ddev, "config %d interface %d altsetting %d has an "
303 "invalid endpoint descriptor of length %d, skipping\n",
304 cfgno, inum, asnum, d->bLength);
305 goto skip_to_next_endpoint_or_interface_descriptor;
306 }
307
308 i = usb_endpoint_num(d);
309 if (i == 0) {
310 dev_notice(ddev, "config %d interface %d altsetting %d has an "
311 "invalid descriptor for endpoint zero, skipping\n",
312 cfgno, inum, asnum);
313 goto skip_to_next_endpoint_or_interface_descriptor;
314 }
315
316 /* Only store as many endpoints as we have room for */
317 if (ifp->desc.bNumEndpoints >= num_ep)
318 goto skip_to_next_endpoint_or_interface_descriptor;
319
320 /* Save a copy of the descriptor and use it instead of the original */
321 endpoint = &ifp->endpoint[ifp->desc.bNumEndpoints];
322 memcpy(&endpoint->desc, d, n);
323 d = &endpoint->desc;
324
325 /* Clear the reserved bits in bEndpointAddress */
326 i = d->bEndpointAddress &
327 (USB_ENDPOINT_DIR_MASK | USB_ENDPOINT_NUMBER_MASK);
328 if (i != d->bEndpointAddress) {
329 dev_notice(ddev, "config %d interface %d altsetting %d has an endpoint descriptor with address 0x%X, changing to 0x%X\n",
330 cfgno, inum, asnum, d->bEndpointAddress, i);
331 endpoint->desc.bEndpointAddress = i;
332 }
333
334 /* Check for duplicate endpoint addresses */
335 if (config_endpoint_is_duplicate(config, inum, asnum, d)) {
336 dev_notice(ddev, "config %d interface %d altsetting %d has a duplicate endpoint with address 0x%X, skipping\n",
337 cfgno, inum, asnum, d->bEndpointAddress);
338 goto skip_to_next_endpoint_or_interface_descriptor;
339 }
340
341 /* Ignore some endpoints */
342 if (udev->quirks & USB_QUIRK_ENDPOINT_IGNORE) {
343 if (usb_endpoint_is_ignored(udev, ifp, d)) {
344 dev_notice(ddev, "config %d interface %d altsetting %d has an ignored endpoint with address 0x%X, skipping\n",
345 cfgno, inum, asnum,
346 d->bEndpointAddress);
347 goto skip_to_next_endpoint_or_interface_descriptor;
348 }
349 }
350
351 /* Accept this endpoint */
352 ++ifp->desc.bNumEndpoints;
353 INIT_LIST_HEAD(&endpoint->urb_list);
354
355 /*
356 * Fix up bInterval values outside the legal range.
357 * Use 10 or 8 ms if no proper value can be guessed.
358 */
359 i = 0; /* i = min, j = max, n = default */
360 j = 255;
361 if (usb_endpoint_xfer_int(d)) {
362 i = 1;
363 switch (udev->speed) {
364 case USB_SPEED_SUPER_PLUS:
365 case USB_SPEED_SUPER:
366 case USB_SPEED_HIGH:
367 /*
368 * Many device manufacturers are using full-speed
369 * bInterval values in high-speed interrupt endpoint
370 * descriptors. Try to fix those and fall back to an
371 * 8-ms default value otherwise.
372 */
373 n = fls(d->bInterval*8);
374 if (n == 0)
375 n = 7; /* 8 ms = 2^(7-1) uframes */
376 j = 16;
377
378 /*
379 * Adjust bInterval for quirked devices.
380 */
381 /*
382 * This quirk fixes bIntervals reported in ms.
383 */
384 if (udev->quirks & USB_QUIRK_LINEAR_FRAME_INTR_BINTERVAL) {
385 n = clamp(fls(d->bInterval) + 3, i, j);
386 i = j = n;
387 }
388 /*
389 * This quirk fixes bIntervals reported in
390 * linear microframes.
391 */
392 if (udev->quirks & USB_QUIRK_LINEAR_UFRAME_INTR_BINTERVAL) {
393 n = clamp(fls(d->bInterval), i, j);
394 i = j = n;
395 }
396 break;
397 default: /* USB_SPEED_FULL or _LOW */
398 /*
399 * For low-speed, 10 ms is the official minimum.
400 * But some "overclocked" devices might want faster
401 * polling so we'll allow it.
402 */
403 n = 10;
404 break;
405 }
406 } else if (usb_endpoint_xfer_isoc(d)) {
407 i = 1;
408 j = 16;
409 switch (udev->speed) {
410 case USB_SPEED_HIGH:
411 n = 7; /* 8 ms = 2^(7-1) uframes */
412 break;
413 default: /* USB_SPEED_FULL */
414 n = 4; /* 8 ms = 2^(4-1) frames */
415 break;
416 }
417 }
418 if (d->bInterval < i || d->bInterval > j) {
419 dev_notice(ddev, "config %d interface %d altsetting %d "
420 "endpoint 0x%X has an invalid bInterval %d, "
421 "changing to %d\n",
422 cfgno, inum, asnum,
423 d->bEndpointAddress, d->bInterval, n);
424 endpoint->desc.bInterval = n;
425 }
426
427 /* Some buggy low-speed devices have Bulk endpoints, which is
428 * explicitly forbidden by the USB spec. In an attempt to make
429 * them usable, we will try treating them as Interrupt endpoints.
430 */
431 if (udev->speed == USB_SPEED_LOW && usb_endpoint_xfer_bulk(d)) {
432 dev_notice(ddev, "config %d interface %d altsetting %d "
433 "endpoint 0x%X is Bulk; changing to Interrupt\n",
434 cfgno, inum, asnum, d->bEndpointAddress);
435 endpoint->desc.bmAttributes = USB_ENDPOINT_XFER_INT;
436 endpoint->desc.bInterval = 1;
437 if (usb_endpoint_maxp(&endpoint->desc) > 8)
438 endpoint->desc.wMaxPacketSize = cpu_to_le16(8);
439 }
440
441 /*
442 * Validate the wMaxPacketSize field.
443 * eUSB2 devices (see USB 2.0 Double Isochronous IN ECN 9.6.6 Endpoint)
444 * and devices with isochronous endpoints in altsetting 0 (see USB 2.0
445 * end of section 5.6.3) have wMaxPacketSize = 0.
446 * So don't warn about those.
447 */
448 maxp = le16_to_cpu(endpoint->desc.wMaxPacketSize);
449
450 if (maxp == 0 && bcdUSB != 0x0220 &&
451 !(usb_endpoint_xfer_isoc(d) && asnum == 0))
452 dev_notice(ddev, "config %d interface %d altsetting %d endpoint 0x%X has invalid wMaxPacketSize 0\n",
453 cfgno, inum, asnum, d->bEndpointAddress);
454
455 /* Find the highest legal maxpacket size for this endpoint */
456 i = 0; /* additional transactions per microframe */
457 switch (udev->speed) {
458 case USB_SPEED_LOW:
459 maxpacket_maxes = low_speed_maxpacket_maxes;
460 break;
461 case USB_SPEED_FULL:
462 maxpacket_maxes = full_speed_maxpacket_maxes;
463 break;
464 case USB_SPEED_HIGH:
465 /* Multiple-transactions bits are allowed only for HS periodic endpoints */
466 if (usb_endpoint_xfer_int(d) || usb_endpoint_xfer_isoc(d)) {
467 i = maxp & USB_EP_MAXP_MULT_MASK;
468 maxp &= ~i;
469 }
470 fallthrough;
471 default:
472 maxpacket_maxes = high_speed_maxpacket_maxes;
473 break;
474 case USB_SPEED_SUPER:
475 case USB_SPEED_SUPER_PLUS:
476 maxpacket_maxes = super_speed_maxpacket_maxes;
477 break;
478 }
479 j = maxpacket_maxes[usb_endpoint_type(&endpoint->desc)];
480
481 if (maxp > j) {
482 dev_notice(ddev, "config %d interface %d altsetting %d endpoint 0x%X has invalid maxpacket %d, setting to %d\n",
483 cfgno, inum, asnum, d->bEndpointAddress, maxp, j);
484 maxp = j;
485 endpoint->desc.wMaxPacketSize = cpu_to_le16(i | maxp);
486 }
487
488 /*
489 * Some buggy high speed devices have bulk endpoints using
490 * maxpacket sizes other than 512. High speed HCDs may not
491 * be able to handle that particular bug, so let's warn...
492 */
493 if (udev->speed == USB_SPEED_HIGH && usb_endpoint_xfer_bulk(d)) {
494 if (maxp != 512)
495 dev_notice(ddev, "config %d interface %d altsetting %d "
496 "bulk endpoint 0x%X has invalid maxpacket %d\n",
497 cfgno, inum, asnum, d->bEndpointAddress,
498 maxp);
499 }
500
501 /* Parse a possible eUSB2 periodic endpoint companion descriptor */
502 if (udev->speed == USB_SPEED_HIGH && bcdUSB == 0x0220 &&
503 !le16_to_cpu(d->wMaxPacketSize) && usb_endpoint_is_isoc_in(d))
504 usb_parse_eusb2_isoc_endpoint_companion(ddev, cfgno, inum, asnum,
505 endpoint, buffer, size);
506
507 /* Parse a possible SuperSpeed endpoint companion descriptor */
508 if (udev->speed >= USB_SPEED_SUPER)
509 usb_parse_ss_endpoint_companion(ddev, cfgno,
510 inum, asnum, endpoint, buffer, size);
511
512 /* Skip over any Class Specific or Vendor Specific descriptors;
513 * find the next endpoint or interface descriptor */
514 endpoint->extra = buffer;
515 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
516 USB_DT_INTERFACE, &n);
517 endpoint->extralen = i;
518 retval = buffer - buffer0 + i;
519 if (n > 0)
520 dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
521 n, str_plural(n), "endpoint");
522 return retval;
523
524 skip_to_next_endpoint_or_interface_descriptor:
525 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
526 USB_DT_INTERFACE, NULL);
527 return buffer - buffer0 + i;
528 }
529
usb_release_interface_cache(struct kref * ref)530 void usb_release_interface_cache(struct kref *ref)
531 {
532 struct usb_interface_cache *intfc = ref_to_usb_interface_cache(ref);
533 int j;
534
535 for (j = 0; j < intfc->num_altsetting; j++) {
536 struct usb_host_interface *alt = &intfc->altsetting[j];
537
538 kfree(alt->endpoint);
539 kfree(alt->string);
540 }
541 kfree(intfc);
542 }
543
usb_parse_interface(struct device * ddev,int cfgno,struct usb_host_config * config,unsigned char * buffer,int size,u8 inums[],u8 nalts[])544 static int usb_parse_interface(struct device *ddev, int cfgno,
545 struct usb_host_config *config, unsigned char *buffer, int size,
546 u8 inums[], u8 nalts[])
547 {
548 unsigned char *buffer0 = buffer;
549 struct usb_interface_descriptor *d;
550 int inum, asnum;
551 struct usb_interface_cache *intfc;
552 struct usb_host_interface *alt;
553 int i, n;
554 int len, retval;
555 int num_ep, num_ep_orig;
556
557 d = (struct usb_interface_descriptor *) buffer;
558 buffer += d->bLength;
559 size -= d->bLength;
560
561 if (d->bLength < USB_DT_INTERFACE_SIZE)
562 goto skip_to_next_interface_descriptor;
563
564 /* Which interface entry is this? */
565 intfc = NULL;
566 inum = d->bInterfaceNumber;
567 for (i = 0; i < config->desc.bNumInterfaces; ++i) {
568 if (inums[i] == inum) {
569 intfc = config->intf_cache[i];
570 break;
571 }
572 }
573 if (!intfc || intfc->num_altsetting >= nalts[i])
574 goto skip_to_next_interface_descriptor;
575
576 /* Check for duplicate altsetting entries */
577 asnum = d->bAlternateSetting;
578 for ((i = 0, alt = &intfc->altsetting[0]);
579 i < intfc->num_altsetting;
580 (++i, ++alt)) {
581 if (alt->desc.bAlternateSetting == asnum) {
582 dev_notice(ddev, "Duplicate descriptor for config %d "
583 "interface %d altsetting %d, skipping\n",
584 cfgno, inum, asnum);
585 goto skip_to_next_interface_descriptor;
586 }
587 }
588
589 ++intfc->num_altsetting;
590 memcpy(&alt->desc, d, USB_DT_INTERFACE_SIZE);
591
592 /* Skip over any Class Specific or Vendor Specific descriptors;
593 * find the first endpoint or interface descriptor */
594 alt->extra = buffer;
595 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
596 USB_DT_INTERFACE, &n);
597 alt->extralen = i;
598 if (n > 0)
599 dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
600 n, str_plural(n), "interface");
601 buffer += i;
602 size -= i;
603
604 /* Allocate space for the right(?) number of endpoints */
605 num_ep = num_ep_orig = alt->desc.bNumEndpoints;
606 alt->desc.bNumEndpoints = 0; /* Use as a counter */
607 if (num_ep > USB_MAXENDPOINTS) {
608 dev_notice(ddev, "too many endpoints for config %d interface %d "
609 "altsetting %d: %d, using maximum allowed: %d\n",
610 cfgno, inum, asnum, num_ep, USB_MAXENDPOINTS);
611 num_ep = USB_MAXENDPOINTS;
612 }
613
614 if (num_ep > 0) {
615 /* Can't allocate 0 bytes */
616 len = sizeof(struct usb_host_endpoint) * num_ep;
617 alt->endpoint = kzalloc(len, GFP_KERNEL);
618 if (!alt->endpoint)
619 return -ENOMEM;
620 }
621
622 /* Parse all the endpoint descriptors */
623 n = 0;
624 while (size > 0) {
625 if (((struct usb_descriptor_header *) buffer)->bDescriptorType
626 == USB_DT_INTERFACE)
627 break;
628 retval = usb_parse_endpoint(ddev, cfgno, config, inum, asnum,
629 alt, num_ep, buffer, size);
630 if (retval < 0)
631 return retval;
632 ++n;
633
634 buffer += retval;
635 size -= retval;
636 }
637
638 if (n != num_ep_orig)
639 dev_notice(ddev, "config %d interface %d altsetting %d has %d "
640 "endpoint descriptor%s, different from the interface "
641 "descriptor's value: %d\n",
642 cfgno, inum, asnum, n, str_plural(n), num_ep_orig);
643 return buffer - buffer0;
644
645 skip_to_next_interface_descriptor:
646 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE,
647 USB_DT_INTERFACE, NULL);
648 return buffer - buffer0 + i;
649 }
650
usb_parse_configuration(struct usb_device * dev,int cfgidx,struct usb_host_config * config,unsigned char * buffer,int size)651 static int usb_parse_configuration(struct usb_device *dev, int cfgidx,
652 struct usb_host_config *config, unsigned char *buffer, int size)
653 {
654 struct device *ddev = &dev->dev;
655 unsigned char *buffer0 = buffer;
656 int cfgno;
657 int nintf, nintf_orig;
658 int i, j, n;
659 struct usb_interface_cache *intfc;
660 unsigned char *buffer2;
661 int size2;
662 struct usb_descriptor_header *header;
663 int retval;
664 u8 inums[USB_MAXINTERFACES], nalts[USB_MAXINTERFACES];
665 unsigned iad_num = 0;
666
667 memcpy(&config->desc, buffer, USB_DT_CONFIG_SIZE);
668 nintf = nintf_orig = config->desc.bNumInterfaces;
669 config->desc.bNumInterfaces = 0; // Adjusted later
670
671 if (config->desc.bDescriptorType != USB_DT_CONFIG ||
672 config->desc.bLength < USB_DT_CONFIG_SIZE ||
673 config->desc.bLength > size) {
674 dev_notice(ddev, "invalid descriptor for config index %d: "
675 "type = 0x%X, length = %d\n", cfgidx,
676 config->desc.bDescriptorType, config->desc.bLength);
677 return -EINVAL;
678 }
679 cfgno = config->desc.bConfigurationValue;
680
681 buffer += config->desc.bLength;
682 size -= config->desc.bLength;
683
684 if (nintf > USB_MAXINTERFACES) {
685 dev_notice(ddev, "config %d has too many interfaces: %d, "
686 "using maximum allowed: %d\n",
687 cfgno, nintf, USB_MAXINTERFACES);
688 nintf = USB_MAXINTERFACES;
689 }
690
691 /* Go through the descriptors, checking their length and counting the
692 * number of altsettings for each interface */
693 n = 0;
694 for ((buffer2 = buffer, size2 = size);
695 size2 > 0;
696 (buffer2 += header->bLength, size2 -= header->bLength)) {
697
698 if (size2 < sizeof(struct usb_descriptor_header)) {
699 dev_notice(ddev, "config %d descriptor has %d excess "
700 "byte%s, ignoring\n",
701 cfgno, size2, str_plural(size2));
702 break;
703 }
704
705 header = (struct usb_descriptor_header *) buffer2;
706 if ((header->bLength > size2) || (header->bLength < 2)) {
707 dev_notice(ddev, "config %d has an invalid descriptor "
708 "of length %d, skipping remainder of the config\n",
709 cfgno, header->bLength);
710 break;
711 }
712
713 if (header->bDescriptorType == USB_DT_INTERFACE) {
714 struct usb_interface_descriptor *d;
715 int inum;
716
717 d = (struct usb_interface_descriptor *) header;
718 if (d->bLength < USB_DT_INTERFACE_SIZE) {
719 dev_notice(ddev, "config %d has an invalid "
720 "interface descriptor of length %d, "
721 "skipping\n", cfgno, d->bLength);
722 continue;
723 }
724
725 inum = d->bInterfaceNumber;
726
727 if ((dev->quirks & USB_QUIRK_HONOR_BNUMINTERFACES) &&
728 n >= nintf_orig) {
729 dev_notice(ddev, "config %d has more interface "
730 "descriptors, than it declares in "
731 "bNumInterfaces, ignoring interface "
732 "number: %d\n", cfgno, inum);
733 continue;
734 }
735
736 if (inum >= nintf_orig)
737 dev_notice(ddev, "config %d has an invalid "
738 "interface number: %d but max is %d\n",
739 cfgno, inum, nintf_orig - 1);
740
741 /* Have we already encountered this interface?
742 * Count its altsettings */
743 for (i = 0; i < n; ++i) {
744 if (inums[i] == inum)
745 break;
746 }
747 if (i < n) {
748 if (nalts[i] < 255)
749 ++nalts[i];
750 } else if (n < USB_MAXINTERFACES) {
751 inums[n] = inum;
752 nalts[n] = 1;
753 ++n;
754 }
755
756 } else if (header->bDescriptorType ==
757 USB_DT_INTERFACE_ASSOCIATION) {
758 struct usb_interface_assoc_descriptor *d;
759
760 d = (struct usb_interface_assoc_descriptor *)header;
761 if (d->bLength < USB_DT_INTERFACE_ASSOCIATION_SIZE) {
762 dev_notice(ddev,
763 "config %d has an invalid interface association descriptor of length %d, skipping\n",
764 cfgno, d->bLength);
765 continue;
766 }
767
768 if (iad_num == USB_MAXIADS) {
769 dev_notice(ddev, "found more Interface "
770 "Association Descriptors "
771 "than allocated for in "
772 "configuration %d\n", cfgno);
773 } else {
774 config->intf_assoc[iad_num] = d;
775 iad_num++;
776 }
777
778 } else if (header->bDescriptorType == USB_DT_DEVICE ||
779 header->bDescriptorType == USB_DT_CONFIG)
780 dev_notice(ddev, "config %d contains an unexpected "
781 "descriptor of type 0x%X, skipping\n",
782 cfgno, header->bDescriptorType);
783
784 } /* for ((buffer2 = buffer, size2 = size); ...) */
785 size = buffer2 - buffer;
786 config->desc.wTotalLength = cpu_to_le16(buffer2 - buffer0);
787
788 if (n != nintf)
789 dev_notice(ddev, "config %d has %d interface%s, different from "
790 "the descriptor's value: %d\n",
791 cfgno, n, str_plural(n), nintf_orig);
792 else if (n == 0)
793 dev_notice(ddev, "config %d has no interfaces?\n", cfgno);
794 config->desc.bNumInterfaces = nintf = n;
795
796 /* Check for missing interface numbers */
797 for (i = 0; i < nintf; ++i) {
798 for (j = 0; j < nintf; ++j) {
799 if (inums[j] == i)
800 break;
801 }
802 if (j >= nintf)
803 dev_notice(ddev, "config %d has no interface number "
804 "%d\n", cfgno, i);
805 }
806
807 /* Allocate the usb_interface_caches and altsetting arrays */
808 for (i = 0; i < nintf; ++i) {
809 j = nalts[i];
810 if (j > USB_MAXALTSETTING) {
811 dev_notice(ddev, "too many alternate settings for "
812 "config %d interface %d: %d, "
813 "using maximum allowed: %d\n",
814 cfgno, inums[i], j, USB_MAXALTSETTING);
815 nalts[i] = j = USB_MAXALTSETTING;
816 }
817
818 intfc = kzalloc_flex(*intfc, altsetting, j);
819 config->intf_cache[i] = intfc;
820 if (!intfc)
821 return -ENOMEM;
822 kref_init(&intfc->ref);
823 }
824
825 /* FIXME: parse the BOS descriptor */
826
827 /* Skip over any Class Specific or Vendor Specific descriptors;
828 * find the first interface descriptor */
829 config->extra = buffer;
830 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE,
831 USB_DT_INTERFACE, &n);
832 config->extralen = i;
833 if (n > 0)
834 dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
835 n, str_plural(n), "configuration");
836 buffer += i;
837 size -= i;
838
839 /* Parse all the interface/altsetting descriptors */
840 while (size > 0) {
841 retval = usb_parse_interface(ddev, cfgno, config,
842 buffer, size, inums, nalts);
843 if (retval < 0)
844 return retval;
845
846 buffer += retval;
847 size -= retval;
848 }
849
850 /* Check for missing altsettings */
851 for (i = 0; i < nintf; ++i) {
852 intfc = config->intf_cache[i];
853 for (j = 0; j < intfc->num_altsetting; ++j) {
854 for (n = 0; n < intfc->num_altsetting; ++n) {
855 if (intfc->altsetting[n].desc.
856 bAlternateSetting == j)
857 break;
858 }
859 if (n >= intfc->num_altsetting)
860 dev_notice(ddev, "config %d interface %d has no "
861 "altsetting %d\n", cfgno, inums[i], j);
862 }
863 }
864
865 return 0;
866 }
867
868 /* hub-only!! ... and only exported for reset/reinit path.
869 * otherwise used internally on disconnect/destroy path
870 */
usb_destroy_configuration(struct usb_device * dev)871 void usb_destroy_configuration(struct usb_device *dev)
872 {
873 int c, i;
874
875 if (!dev->config)
876 return;
877
878 if (dev->rawdescriptors) {
879 for (i = 0; i < dev->descriptor.bNumConfigurations; i++)
880 kfree(dev->rawdescriptors[i]);
881
882 kfree(dev->rawdescriptors);
883 dev->rawdescriptors = NULL;
884 }
885
886 for (c = 0; c < dev->descriptor.bNumConfigurations; c++) {
887 struct usb_host_config *cf = &dev->config[c];
888
889 kfree(cf->string);
890 for (i = 0; i < cf->desc.bNumInterfaces; i++) {
891 if (cf->intf_cache[i])
892 kref_put(&cf->intf_cache[i]->ref,
893 usb_release_interface_cache);
894 }
895 }
896 kfree(dev->config);
897 dev->config = NULL;
898 }
899
900
901 /*
902 * Get the USB config descriptors, cache and parse'em
903 *
904 * hub-only!! ... and only in reset path, or usb_new_device()
905 * (used by real hubs and virtual root hubs)
906 */
usb_get_configuration(struct usb_device * dev)907 int usb_get_configuration(struct usb_device *dev)
908 {
909 struct device *ddev = &dev->dev;
910 int ncfg = dev->descriptor.bNumConfigurations;
911 unsigned int cfgno, length;
912 unsigned char *bigbuffer;
913 struct usb_config_descriptor *desc;
914 int result;
915
916 if (ncfg > USB_MAXCONFIG) {
917 dev_notice(ddev, "too many configurations: %d, "
918 "using maximum allowed: %d\n", ncfg, USB_MAXCONFIG);
919 dev->descriptor.bNumConfigurations = ncfg = USB_MAXCONFIG;
920 }
921
922 if (ncfg < 1 && dev->quirks & USB_QUIRK_FORCE_ONE_CONFIG) {
923 dev_info(ddev, "Device claims zero configurations, forcing to 1\n");
924 dev->descriptor.bNumConfigurations = 1;
925 ncfg = 1;
926 } else if (ncfg < 1) {
927 dev_err(ddev, "no configurations\n");
928 return -EINVAL;
929 }
930
931 length = ncfg * sizeof(struct usb_host_config);
932 dev->config = kzalloc(length, GFP_KERNEL);
933 if (!dev->config)
934 return -ENOMEM;
935
936 length = ncfg * sizeof(char *);
937 dev->rawdescriptors = kzalloc(length, GFP_KERNEL);
938 if (!dev->rawdescriptors)
939 return -ENOMEM;
940
941 desc = kmalloc(USB_DT_CONFIG_SIZE, GFP_KERNEL);
942 if (!desc)
943 return -ENOMEM;
944
945 for (cfgno = 0; cfgno < ncfg; cfgno++) {
946 /* We grab just the first descriptor so we know how long
947 * the whole configuration is */
948 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno,
949 desc, USB_DT_CONFIG_SIZE);
950 if (result < 0) {
951 dev_err(ddev, "unable to read config index %d "
952 "descriptor/%s: %d\n", cfgno, "start", result);
953 if (result != -EPIPE)
954 goto err;
955 dev_notice(ddev, "chopping to %d config(s)\n", cfgno);
956 dev->descriptor.bNumConfigurations = cfgno;
957 break;
958 } else if (result < 4) {
959 dev_err(ddev, "config index %d descriptor too short "
960 "(expected %i, got %i)\n", cfgno,
961 USB_DT_CONFIG_SIZE, result);
962 result = -EINVAL;
963 goto err;
964 }
965 length = max_t(int, le16_to_cpu(desc->wTotalLength),
966 USB_DT_CONFIG_SIZE);
967
968 /* Now that we know the length, get the whole thing */
969 bigbuffer = kmalloc(length, GFP_KERNEL);
970 if (!bigbuffer) {
971 result = -ENOMEM;
972 goto err;
973 }
974
975 if (dev->quirks & USB_QUIRK_DELAY_INIT)
976 msleep(200);
977
978 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno,
979 bigbuffer, length);
980 if (result < 0) {
981 dev_err(ddev, "unable to read config index %d "
982 "descriptor/%s\n", cfgno, "all");
983 kfree(bigbuffer);
984 goto err;
985 }
986 if (result < length) {
987 dev_notice(ddev, "config index %d descriptor too short "
988 "(expected %i, got %i)\n", cfgno, length, result);
989 length = result;
990 }
991
992 dev->rawdescriptors[cfgno] = bigbuffer;
993
994 result = usb_parse_configuration(dev, cfgno,
995 &dev->config[cfgno], bigbuffer, length);
996 if (result < 0) {
997 ++cfgno;
998 goto err;
999 }
1000 }
1001
1002 err:
1003 kfree(desc);
1004 dev->descriptor.bNumConfigurations = cfgno;
1005
1006 return result;
1007 }
1008
usb_release_bos_descriptor(struct usb_device * dev)1009 void usb_release_bos_descriptor(struct usb_device *dev)
1010 {
1011 if (dev->bos) {
1012 kfree(dev->bos->desc);
1013 kfree(dev->bos);
1014 dev->bos = NULL;
1015 }
1016 }
1017
1018 static const __u8 bos_desc_len[256] = {
1019 [USB_CAP_TYPE_WIRELESS_USB] = USB_DT_USB_WIRELESS_CAP_SIZE,
1020 [USB_CAP_TYPE_EXT] = USB_DT_USB_EXT_CAP_SIZE,
1021 [USB_SS_CAP_TYPE] = USB_DT_USB_SS_CAP_SIZE,
1022 [USB_SSP_CAP_TYPE] = USB_DT_USB_SSP_CAP_SIZE(1),
1023 [CONTAINER_ID_TYPE] = USB_DT_USB_SS_CONTN_ID_SIZE,
1024 [USB_PTM_CAP_TYPE] = USB_DT_USB_PTM_ID_SIZE,
1025 };
1026
1027 /* Get BOS descriptor set */
usb_get_bos_descriptor(struct usb_device * dev)1028 int usb_get_bos_descriptor(struct usb_device *dev)
1029 {
1030 struct device *ddev = &dev->dev;
1031 struct usb_bos_descriptor *bos;
1032 struct usb_dev_cap_header *cap;
1033 struct usb_ssp_cap_descriptor *ssp_cap;
1034 unsigned char *buffer, *buffer0;
1035 int length, total_len, num, i, ssac;
1036 __u8 cap_type;
1037 int ret;
1038
1039 if (dev->quirks & USB_QUIRK_NO_BOS) {
1040 dev_dbg(ddev, "skipping BOS descriptor\n");
1041 return -ENOMSG;
1042 }
1043
1044 bos = kzalloc_obj(*bos);
1045 if (!bos)
1046 return -ENOMEM;
1047
1048 /* Get BOS descriptor */
1049 ret = usb_get_descriptor(dev, USB_DT_BOS, 0, bos, USB_DT_BOS_SIZE);
1050 if (ret < USB_DT_BOS_SIZE || bos->bLength < USB_DT_BOS_SIZE) {
1051 dev_notice(ddev, "unable to get BOS descriptor or descriptor too short\n");
1052 if (ret >= 0)
1053 ret = -ENOMSG;
1054 kfree(bos);
1055 return ret;
1056 }
1057
1058 length = bos->bLength;
1059 total_len = le16_to_cpu(bos->wTotalLength);
1060 num = bos->bNumDeviceCaps;
1061 kfree(bos);
1062 if (total_len < length)
1063 return -EINVAL;
1064
1065 dev->bos = kzalloc_obj(*dev->bos);
1066 if (!dev->bos)
1067 return -ENOMEM;
1068
1069 /* Now let's get the whole BOS descriptor set */
1070 buffer = kzalloc(total_len, GFP_KERNEL);
1071 if (!buffer) {
1072 ret = -ENOMEM;
1073 goto err;
1074 }
1075 dev->bos->desc = (struct usb_bos_descriptor *)buffer;
1076
1077 ret = usb_get_descriptor(dev, USB_DT_BOS, 0, buffer, total_len);
1078 if (ret < total_len) {
1079 dev_notice(ddev, "unable to get BOS descriptor set\n");
1080 if (ret >= 0)
1081 ret = -ENOMSG;
1082 goto err;
1083 }
1084
1085 buffer0 = buffer;
1086 total_len -= length;
1087 buffer += length;
1088
1089 for (i = 0; i < num; i++) {
1090 cap = (struct usb_dev_cap_header *)buffer;
1091
1092 if (total_len < sizeof(*cap) || total_len < cap->bLength) {
1093 dev->bos->desc->bNumDeviceCaps = i;
1094 break;
1095 }
1096 cap_type = cap->bDevCapabilityType;
1097 length = cap->bLength;
1098 if (bos_desc_len[cap_type] && length < bos_desc_len[cap_type]) {
1099 dev->bos->desc->bNumDeviceCaps = i;
1100 break;
1101 }
1102
1103 if (cap->bDescriptorType != USB_DT_DEVICE_CAPABILITY) {
1104 dev_notice(ddev, "descriptor type invalid, skip\n");
1105 goto skip_to_next_descriptor;
1106 }
1107
1108 switch (cap_type) {
1109 case USB_CAP_TYPE_EXT:
1110 dev->bos->ext_cap =
1111 (struct usb_ext_cap_descriptor *)buffer;
1112 break;
1113 case USB_SS_CAP_TYPE:
1114 dev->bos->ss_cap =
1115 (struct usb_ss_cap_descriptor *)buffer;
1116 break;
1117 case USB_SSP_CAP_TYPE:
1118 ssp_cap = (struct usb_ssp_cap_descriptor *)buffer;
1119 ssac = (le32_to_cpu(ssp_cap->bmAttributes) &
1120 USB_SSP_SUBLINK_SPEED_ATTRIBS);
1121 if (length >= USB_DT_USB_SSP_CAP_SIZE(ssac))
1122 dev->bos->ssp_cap = ssp_cap;
1123 break;
1124 case CONTAINER_ID_TYPE:
1125 dev->bos->ss_id =
1126 (struct usb_ss_container_id_descriptor *)buffer;
1127 break;
1128 case USB_PTM_CAP_TYPE:
1129 dev->bos->ptm_cap =
1130 (struct usb_ptm_cap_descriptor *)buffer;
1131 break;
1132 default:
1133 break;
1134 }
1135
1136 skip_to_next_descriptor:
1137 total_len -= length;
1138 buffer += length;
1139 }
1140 dev->bos->desc->wTotalLength = cpu_to_le16(buffer - buffer0);
1141
1142 return 0;
1143
1144 err:
1145 usb_release_bos_descriptor(dev);
1146 return ret;
1147 }
1148