1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Released under the GPLv2 only.
4 */
5
6 #include <linux/usb.h>
7 #include <linux/usb/ch9.h>
8 #include <linux/usb/hcd.h>
9 #include <linux/usb/quirks.h>
10 #include <linux/module.h>
11 #include <linux/slab.h>
12 #include <linux/string_choices.h>
13 #include <linux/device.h>
14 #include <asm/byteorder.h>
15 #include "usb.h"
16
17
18 #define USB_MAXALTSETTING 128 /* Hard limit */
19
20 #define USB_MAXCONFIG 8 /* Arbitrary limit */
21
find_next_descriptor(unsigned char * buffer,int size,int dt1,int dt2,int * num_skipped)22 static int find_next_descriptor(unsigned char *buffer, int size,
23 int dt1, int dt2, int *num_skipped)
24 {
25 struct usb_descriptor_header *h;
26 int n = 0;
27 unsigned char *buffer0 = buffer;
28
29 /* Find the next descriptor of type dt1 or dt2 */
30 while (size > 0) {
31 h = (struct usb_descriptor_header *) buffer;
32 if (h->bDescriptorType == dt1 || h->bDescriptorType == dt2)
33 break;
34 buffer += h->bLength;
35 size -= h->bLength;
36 ++n;
37 }
38
39 /* Store the number of descriptors skipped and return the
40 * number of bytes skipped */
41 if (num_skipped)
42 *num_skipped = n;
43 return buffer - buffer0;
44 }
45
usb_parse_ssp_isoc_endpoint_companion(struct device * ddev,int cfgno,int inum,int asnum,struct usb_host_endpoint * ep,unsigned char * buffer,int size)46 static void usb_parse_ssp_isoc_endpoint_companion(struct device *ddev,
47 int cfgno, int inum, int asnum, struct usb_host_endpoint *ep,
48 unsigned char *buffer, int size)
49 {
50 struct usb_ssp_isoc_ep_comp_descriptor *desc;
51
52 /*
53 * The SuperSpeedPlus Isoc endpoint companion descriptor immediately
54 * follows the SuperSpeed Endpoint Companion descriptor
55 */
56 desc = (struct usb_ssp_isoc_ep_comp_descriptor *) buffer;
57 if (desc->bDescriptorType != USB_DT_SSP_ISOC_ENDPOINT_COMP ||
58 size < USB_DT_SSP_ISOC_EP_COMP_SIZE) {
59 dev_notice(ddev, "Invalid SuperSpeedPlus isoc endpoint companion"
60 "for config %d interface %d altsetting %d ep %d.\n",
61 cfgno, inum, asnum, ep->desc.bEndpointAddress);
62 return;
63 }
64 memcpy(&ep->ssp_isoc_ep_comp, desc, USB_DT_SSP_ISOC_EP_COMP_SIZE);
65 }
66
usb_parse_eusb2_isoc_endpoint_companion(struct device * ddev,int cfgno,int inum,int asnum,struct usb_host_endpoint * ep,unsigned char * buffer,int size)67 static void usb_parse_eusb2_isoc_endpoint_companion(struct device *ddev,
68 int cfgno, int inum, int asnum, struct usb_host_endpoint *ep,
69 unsigned char *buffer, int size)
70 {
71 struct usb_eusb2_isoc_ep_comp_descriptor *desc;
72 struct usb_descriptor_header *h;
73
74 /*
75 * eUSB2 isochronous endpoint companion descriptor for this endpoint
76 * shall be declared before the next endpoint or interface descriptor
77 */
78 while (size >= USB_DT_EUSB2_ISOC_EP_COMP_SIZE) {
79 h = (struct usb_descriptor_header *)buffer;
80
81 if (h->bDescriptorType == USB_DT_EUSB2_ISOC_ENDPOINT_COMP) {
82 desc = (struct usb_eusb2_isoc_ep_comp_descriptor *)buffer;
83 ep->eusb2_isoc_ep_comp = *desc;
84 return;
85 }
86 if (h->bDescriptorType == USB_DT_ENDPOINT ||
87 h->bDescriptorType == USB_DT_INTERFACE)
88 break;
89
90 buffer += h->bLength;
91 size -= h->bLength;
92 }
93
94 dev_notice(ddev, "No eUSB2 isoc ep %d companion for config %d interface %d altsetting %d\n",
95 ep->desc.bEndpointAddress, cfgno, inum, asnum);
96 }
97
usb_parse_ss_endpoint_companion(struct device * ddev,int cfgno,int inum,int asnum,struct usb_host_endpoint * ep,unsigned char * buffer,int size)98 static void usb_parse_ss_endpoint_companion(struct device *ddev, int cfgno,
99 int inum, int asnum, struct usb_host_endpoint *ep,
100 unsigned char *buffer, int size)
101 {
102 struct usb_ss_ep_comp_descriptor *desc;
103 int max_tx;
104
105 /* The SuperSpeed endpoint companion descriptor is supposed to
106 * be the first thing immediately following the endpoint descriptor.
107 */
108 desc = (struct usb_ss_ep_comp_descriptor *) buffer;
109
110 if (desc->bDescriptorType != USB_DT_SS_ENDPOINT_COMP ||
111 size < USB_DT_SS_EP_COMP_SIZE) {
112 dev_notice(ddev, "No SuperSpeed endpoint companion for config %d "
113 " interface %d altsetting %d ep %d: "
114 "using minimum values\n",
115 cfgno, inum, asnum, ep->desc.bEndpointAddress);
116
117 /* Fill in some default values.
118 * Leave bmAttributes as zero, which will mean no streams for
119 * bulk, and isoc won't support multiple bursts of packets.
120 * With bursts of only one packet, and a Mult of 1, the max
121 * amount of data moved per endpoint service interval is one
122 * packet.
123 */
124 ep->ss_ep_comp.bLength = USB_DT_SS_EP_COMP_SIZE;
125 ep->ss_ep_comp.bDescriptorType = USB_DT_SS_ENDPOINT_COMP;
126 if (usb_endpoint_xfer_isoc(&ep->desc) ||
127 usb_endpoint_xfer_int(&ep->desc))
128 ep->ss_ep_comp.wBytesPerInterval =
129 ep->desc.wMaxPacketSize;
130 return;
131 }
132 buffer += desc->bLength;
133 size -= desc->bLength;
134 memcpy(&ep->ss_ep_comp, desc, USB_DT_SS_EP_COMP_SIZE);
135
136 /* Check the various values */
137 if (usb_endpoint_xfer_control(&ep->desc) && desc->bMaxBurst != 0) {
138 dev_notice(ddev, "Control endpoint with bMaxBurst = %d in "
139 "config %d interface %d altsetting %d ep %d: "
140 "setting to zero\n", desc->bMaxBurst,
141 cfgno, inum, asnum, ep->desc.bEndpointAddress);
142 ep->ss_ep_comp.bMaxBurst = 0;
143 } else if (desc->bMaxBurst > 15) {
144 dev_notice(ddev, "Endpoint with bMaxBurst = %d in "
145 "config %d interface %d altsetting %d ep %d: "
146 "setting to 15\n", desc->bMaxBurst,
147 cfgno, inum, asnum, ep->desc.bEndpointAddress);
148 ep->ss_ep_comp.bMaxBurst = 15;
149 }
150
151 if ((usb_endpoint_xfer_control(&ep->desc) ||
152 usb_endpoint_xfer_int(&ep->desc)) &&
153 desc->bmAttributes != 0) {
154 dev_notice(ddev, "%s endpoint with bmAttributes = %d in "
155 "config %d interface %d altsetting %d ep %d: "
156 "setting to zero\n",
157 usb_endpoint_xfer_control(&ep->desc) ? "Control" : "Bulk",
158 desc->bmAttributes,
159 cfgno, inum, asnum, ep->desc.bEndpointAddress);
160 ep->ss_ep_comp.bmAttributes = 0;
161 } else if (usb_endpoint_xfer_bulk(&ep->desc) &&
162 desc->bmAttributes > 16) {
163 dev_notice(ddev, "Bulk endpoint with more than 65536 streams in "
164 "config %d interface %d altsetting %d ep %d: "
165 "setting to max\n",
166 cfgno, inum, asnum, ep->desc.bEndpointAddress);
167 ep->ss_ep_comp.bmAttributes = 16;
168 } else if (usb_endpoint_xfer_isoc(&ep->desc) &&
169 !USB_SS_SSP_ISOC_COMP(desc->bmAttributes) &&
170 USB_SS_MULT(desc->bmAttributes) > 3) {
171 dev_notice(ddev, "Isoc endpoint has Mult of %d in "
172 "config %d interface %d altsetting %d ep %d: "
173 "setting to 3\n",
174 USB_SS_MULT(desc->bmAttributes),
175 cfgno, inum, asnum, ep->desc.bEndpointAddress);
176 ep->ss_ep_comp.bmAttributes = 2;
177 }
178
179 if (usb_endpoint_xfer_isoc(&ep->desc))
180 max_tx = (desc->bMaxBurst + 1) *
181 (USB_SS_MULT(desc->bmAttributes)) *
182 usb_endpoint_maxp(&ep->desc);
183 else if (usb_endpoint_xfer_int(&ep->desc))
184 max_tx = usb_endpoint_maxp(&ep->desc) *
185 (desc->bMaxBurst + 1);
186 else
187 max_tx = 999999;
188 if (le16_to_cpu(desc->wBytesPerInterval) > max_tx) {
189 dev_notice(ddev, "%s endpoint with wBytesPerInterval of %d in "
190 "config %d interface %d altsetting %d ep %d: "
191 "setting to %d\n",
192 usb_endpoint_xfer_isoc(&ep->desc) ? "Isoc" : "Int",
193 le16_to_cpu(desc->wBytesPerInterval),
194 cfgno, inum, asnum, ep->desc.bEndpointAddress,
195 max_tx);
196 ep->ss_ep_comp.wBytesPerInterval = cpu_to_le16(max_tx);
197 }
198 /* Parse a possible SuperSpeedPlus isoc ep companion descriptor */
199 if (usb_endpoint_xfer_isoc(&ep->desc) &&
200 USB_SS_SSP_ISOC_COMP(desc->bmAttributes))
201 usb_parse_ssp_isoc_endpoint_companion(ddev, cfgno, inum, asnum,
202 ep, buffer, size);
203 }
204
205 static const unsigned short low_speed_maxpacket_maxes[4] = {
206 [USB_ENDPOINT_XFER_CONTROL] = 8,
207 [USB_ENDPOINT_XFER_ISOC] = 0,
208 [USB_ENDPOINT_XFER_BULK] = 0,
209 [USB_ENDPOINT_XFER_INT] = 8,
210 };
211 static const unsigned short full_speed_maxpacket_maxes[4] = {
212 [USB_ENDPOINT_XFER_CONTROL] = 64,
213 [USB_ENDPOINT_XFER_ISOC] = 1023,
214 [USB_ENDPOINT_XFER_BULK] = 64,
215 [USB_ENDPOINT_XFER_INT] = 64,
216 };
217 static const unsigned short high_speed_maxpacket_maxes[4] = {
218 [USB_ENDPOINT_XFER_CONTROL] = 64,
219 [USB_ENDPOINT_XFER_ISOC] = 1024,
220
221 /* Bulk should be 512, but some devices use 1024: we will warn below */
222 [USB_ENDPOINT_XFER_BULK] = 1024,
223 [USB_ENDPOINT_XFER_INT] = 1024,
224 };
225 static const unsigned short super_speed_maxpacket_maxes[4] = {
226 [USB_ENDPOINT_XFER_CONTROL] = 512,
227 [USB_ENDPOINT_XFER_ISOC] = 1024,
228 [USB_ENDPOINT_XFER_BULK] = 1024,
229 [USB_ENDPOINT_XFER_INT] = 1024,
230 };
231
endpoint_is_duplicate(struct usb_endpoint_descriptor * e1,struct usb_endpoint_descriptor * e2)232 static bool endpoint_is_duplicate(struct usb_endpoint_descriptor *e1,
233 struct usb_endpoint_descriptor *e2)
234 {
235 if (e1->bEndpointAddress == e2->bEndpointAddress)
236 return true;
237
238 if (usb_endpoint_xfer_control(e1) || usb_endpoint_xfer_control(e2)) {
239 if (usb_endpoint_num(e1) == usb_endpoint_num(e2))
240 return true;
241 }
242
243 return false;
244 }
245
246 /*
247 * Check for duplicate endpoint addresses in other interfaces and in the
248 * altsetting currently being parsed.
249 */
config_endpoint_is_duplicate(struct usb_host_config * config,int inum,int asnum,struct usb_endpoint_descriptor * d)250 static bool config_endpoint_is_duplicate(struct usb_host_config *config,
251 int inum, int asnum, struct usb_endpoint_descriptor *d)
252 {
253 struct usb_endpoint_descriptor *epd;
254 struct usb_interface_cache *intfc;
255 struct usb_host_interface *alt;
256 int i, j, k;
257
258 for (i = 0; i < config->desc.bNumInterfaces; ++i) {
259 intfc = config->intf_cache[i];
260
261 for (j = 0; j < intfc->num_altsetting; ++j) {
262 alt = &intfc->altsetting[j];
263
264 if (alt->desc.bInterfaceNumber == inum &&
265 alt->desc.bAlternateSetting != asnum)
266 continue;
267
268 for (k = 0; k < alt->desc.bNumEndpoints; ++k) {
269 epd = &alt->endpoint[k].desc;
270
271 if (endpoint_is_duplicate(epd, d))
272 return true;
273 }
274 }
275 }
276
277 return false;
278 }
279
usb_parse_endpoint(struct device * ddev,int cfgno,struct usb_host_config * config,int inum,int asnum,struct usb_host_interface * ifp,int num_ep,unsigned char * buffer,int size)280 static int usb_parse_endpoint(struct device *ddev, int cfgno,
281 struct usb_host_config *config, int inum, int asnum,
282 struct usb_host_interface *ifp, int num_ep,
283 unsigned char *buffer, int size)
284 {
285 struct usb_device *udev = to_usb_device(ddev);
286 unsigned char *buffer0 = buffer;
287 struct usb_endpoint_descriptor *d;
288 struct usb_host_endpoint *endpoint;
289 int n, i, j, retval;
290 unsigned int maxp;
291 const unsigned short *maxpacket_maxes;
292 u16 bcdUSB;
293
294 d = (struct usb_endpoint_descriptor *) buffer;
295 bcdUSB = le16_to_cpu(udev->descriptor.bcdUSB);
296 buffer += d->bLength;
297 size -= d->bLength;
298
299 if (d->bLength >= USB_DT_ENDPOINT_AUDIO_SIZE)
300 n = USB_DT_ENDPOINT_AUDIO_SIZE;
301 else if (d->bLength >= USB_DT_ENDPOINT_SIZE)
302 n = USB_DT_ENDPOINT_SIZE;
303 else {
304 dev_notice(ddev, "config %d interface %d altsetting %d has an "
305 "invalid endpoint descriptor of length %d, skipping\n",
306 cfgno, inum, asnum, d->bLength);
307 goto skip_to_next_endpoint_or_interface_descriptor;
308 }
309
310 i = usb_endpoint_num(d);
311 if (i == 0) {
312 dev_notice(ddev, "config %d interface %d altsetting %d has an "
313 "invalid descriptor for endpoint zero, skipping\n",
314 cfgno, inum, asnum);
315 goto skip_to_next_endpoint_or_interface_descriptor;
316 }
317
318 /* Only store as many endpoints as we have room for */
319 if (ifp->desc.bNumEndpoints >= num_ep)
320 goto skip_to_next_endpoint_or_interface_descriptor;
321
322 /* Save a copy of the descriptor and use it instead of the original */
323 endpoint = &ifp->endpoint[ifp->desc.bNumEndpoints];
324 memcpy(&endpoint->desc, d, n);
325 d = &endpoint->desc;
326
327 /* Clear the reserved bits in bEndpointAddress */
328 i = d->bEndpointAddress &
329 (USB_ENDPOINT_DIR_MASK | USB_ENDPOINT_NUMBER_MASK);
330 if (i != d->bEndpointAddress) {
331 dev_notice(ddev, "config %d interface %d altsetting %d has an endpoint descriptor with address 0x%X, changing to 0x%X\n",
332 cfgno, inum, asnum, d->bEndpointAddress, i);
333 endpoint->desc.bEndpointAddress = i;
334 }
335
336 /* Check for duplicate endpoint addresses */
337 if (config_endpoint_is_duplicate(config, inum, asnum, d)) {
338 dev_notice(ddev, "config %d interface %d altsetting %d has a duplicate endpoint with address 0x%X, skipping\n",
339 cfgno, inum, asnum, d->bEndpointAddress);
340 goto skip_to_next_endpoint_or_interface_descriptor;
341 }
342
343 /* Ignore some endpoints */
344 if (udev->quirks & USB_QUIRK_ENDPOINT_IGNORE) {
345 if (usb_endpoint_is_ignored(udev, ifp, d)) {
346 dev_notice(ddev, "config %d interface %d altsetting %d has an ignored endpoint with address 0x%X, skipping\n",
347 cfgno, inum, asnum,
348 d->bEndpointAddress);
349 goto skip_to_next_endpoint_or_interface_descriptor;
350 }
351 }
352
353 /* Accept this endpoint */
354 ++ifp->desc.bNumEndpoints;
355 INIT_LIST_HEAD(&endpoint->urb_list);
356
357 /*
358 * Fix up bInterval values outside the legal range.
359 * Use 10 or 8 ms if no proper value can be guessed.
360 */
361 i = 0; /* i = min, j = max, n = default */
362 j = 255;
363 if (usb_endpoint_xfer_int(d)) {
364 i = 1;
365 switch (udev->speed) {
366 case USB_SPEED_SUPER_PLUS:
367 case USB_SPEED_SUPER:
368 case USB_SPEED_HIGH:
369 /*
370 * Many device manufacturers are using full-speed
371 * bInterval values in high-speed interrupt endpoint
372 * descriptors. Try to fix those and fall back to an
373 * 8-ms default value otherwise.
374 */
375 n = fls(d->bInterval*8);
376 if (n == 0)
377 n = 7; /* 8 ms = 2^(7-1) uframes */
378 j = 16;
379
380 /*
381 * Adjust bInterval for quirked devices.
382 */
383 /*
384 * This quirk fixes bIntervals reported in ms.
385 */
386 if (udev->quirks & USB_QUIRK_LINEAR_FRAME_INTR_BINTERVAL) {
387 n = clamp(fls(d->bInterval) + 3, i, j);
388 i = j = n;
389 }
390 /*
391 * This quirk fixes bIntervals reported in
392 * linear microframes.
393 */
394 if (udev->quirks & USB_QUIRK_LINEAR_UFRAME_INTR_BINTERVAL) {
395 n = clamp(fls(d->bInterval), i, j);
396 i = j = n;
397 }
398 break;
399 default: /* USB_SPEED_FULL or _LOW */
400 /*
401 * For low-speed, 10 ms is the official minimum.
402 * But some "overclocked" devices might want faster
403 * polling so we'll allow it.
404 */
405 n = 10;
406 break;
407 }
408 } else if (usb_endpoint_xfer_isoc(d)) {
409 i = 1;
410 j = 16;
411 switch (udev->speed) {
412 case USB_SPEED_HIGH:
413 n = 7; /* 8 ms = 2^(7-1) uframes */
414 break;
415 default: /* USB_SPEED_FULL */
416 n = 4; /* 8 ms = 2^(4-1) frames */
417 break;
418 }
419 }
420 if (d->bInterval < i || d->bInterval > j) {
421 dev_notice(ddev, "config %d interface %d altsetting %d "
422 "endpoint 0x%X has an invalid bInterval %d, "
423 "changing to %d\n",
424 cfgno, inum, asnum,
425 d->bEndpointAddress, d->bInterval, n);
426 endpoint->desc.bInterval = n;
427 }
428
429 /* Some buggy low-speed devices have Bulk endpoints, which is
430 * explicitly forbidden by the USB spec. In an attempt to make
431 * them usable, we will try treating them as Interrupt endpoints.
432 */
433 if (udev->speed == USB_SPEED_LOW && usb_endpoint_xfer_bulk(d)) {
434 dev_notice(ddev, "config %d interface %d altsetting %d "
435 "endpoint 0x%X is Bulk; changing to Interrupt\n",
436 cfgno, inum, asnum, d->bEndpointAddress);
437 endpoint->desc.bmAttributes = USB_ENDPOINT_XFER_INT;
438 endpoint->desc.bInterval = 1;
439 if (usb_endpoint_maxp(&endpoint->desc) > 8)
440 endpoint->desc.wMaxPacketSize = cpu_to_le16(8);
441 }
442
443 /*
444 * Validate the wMaxPacketSize field.
445 * eUSB2 devices (see USB 2.0 Double Isochronous IN ECN 9.6.6 Endpoint)
446 * and devices with isochronous endpoints in altsetting 0 (see USB 2.0
447 * end of section 5.6.3) have wMaxPacketSize = 0.
448 * So don't warn about those.
449 */
450 maxp = le16_to_cpu(endpoint->desc.wMaxPacketSize);
451
452 if (maxp == 0 && bcdUSB != 0x0220 &&
453 !(usb_endpoint_xfer_isoc(d) && asnum == 0))
454 dev_notice(ddev, "config %d interface %d altsetting %d endpoint 0x%X has invalid wMaxPacketSize 0\n",
455 cfgno, inum, asnum, d->bEndpointAddress);
456
457 /* Find the highest legal maxpacket size for this endpoint */
458 i = 0; /* additional transactions per microframe */
459 switch (udev->speed) {
460 case USB_SPEED_LOW:
461 maxpacket_maxes = low_speed_maxpacket_maxes;
462 break;
463 case USB_SPEED_FULL:
464 maxpacket_maxes = full_speed_maxpacket_maxes;
465 break;
466 case USB_SPEED_HIGH:
467 /* Multiple-transactions bits are allowed only for HS periodic endpoints */
468 if (usb_endpoint_xfer_int(d) || usb_endpoint_xfer_isoc(d)) {
469 i = maxp & USB_EP_MAXP_MULT_MASK;
470 maxp &= ~i;
471 }
472 fallthrough;
473 default:
474 maxpacket_maxes = high_speed_maxpacket_maxes;
475 break;
476 case USB_SPEED_SUPER:
477 case USB_SPEED_SUPER_PLUS:
478 maxpacket_maxes = super_speed_maxpacket_maxes;
479 break;
480 }
481 j = maxpacket_maxes[usb_endpoint_type(&endpoint->desc)];
482
483 if (maxp > j) {
484 dev_notice(ddev, "config %d interface %d altsetting %d endpoint 0x%X has invalid maxpacket %d, setting to %d\n",
485 cfgno, inum, asnum, d->bEndpointAddress, maxp, j);
486 maxp = j;
487 endpoint->desc.wMaxPacketSize = cpu_to_le16(i | maxp);
488 }
489
490 /*
491 * Some buggy high speed devices have bulk endpoints using
492 * maxpacket sizes other than 512. High speed HCDs may not
493 * be able to handle that particular bug, so let's warn...
494 */
495 if (udev->speed == USB_SPEED_HIGH && usb_endpoint_xfer_bulk(d)) {
496 if (maxp != 512)
497 dev_notice(ddev, "config %d interface %d altsetting %d "
498 "bulk endpoint 0x%X has invalid maxpacket %d\n",
499 cfgno, inum, asnum, d->bEndpointAddress,
500 maxp);
501 }
502
503 /* Parse a possible eUSB2 periodic endpoint companion descriptor */
504 if (bcdUSB == 0x0220 && d->wMaxPacketSize == 0 &&
505 (usb_endpoint_xfer_isoc(d) || usb_endpoint_xfer_int(d)))
506 usb_parse_eusb2_isoc_endpoint_companion(ddev, cfgno, inum, asnum,
507 endpoint, buffer, size);
508
509 /* Parse a possible SuperSpeed endpoint companion descriptor */
510 if (udev->speed >= USB_SPEED_SUPER)
511 usb_parse_ss_endpoint_companion(ddev, cfgno,
512 inum, asnum, endpoint, buffer, size);
513
514 /* Skip over any Class Specific or Vendor Specific descriptors;
515 * find the next endpoint or interface descriptor */
516 endpoint->extra = buffer;
517 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
518 USB_DT_INTERFACE, &n);
519 endpoint->extralen = i;
520 retval = buffer - buffer0 + i;
521 if (n > 0)
522 dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
523 n, str_plural(n), "endpoint");
524 return retval;
525
526 skip_to_next_endpoint_or_interface_descriptor:
527 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
528 USB_DT_INTERFACE, NULL);
529 return buffer - buffer0 + i;
530 }
531
usb_release_interface_cache(struct kref * ref)532 void usb_release_interface_cache(struct kref *ref)
533 {
534 struct usb_interface_cache *intfc = ref_to_usb_interface_cache(ref);
535 int j;
536
537 for (j = 0; j < intfc->num_altsetting; j++) {
538 struct usb_host_interface *alt = &intfc->altsetting[j];
539
540 kfree(alt->endpoint);
541 kfree(alt->string);
542 }
543 kfree(intfc);
544 }
545
usb_parse_interface(struct device * ddev,int cfgno,struct usb_host_config * config,unsigned char * buffer,int size,u8 inums[],u8 nalts[])546 static int usb_parse_interface(struct device *ddev, int cfgno,
547 struct usb_host_config *config, unsigned char *buffer, int size,
548 u8 inums[], u8 nalts[])
549 {
550 unsigned char *buffer0 = buffer;
551 struct usb_interface_descriptor *d;
552 int inum, asnum;
553 struct usb_interface_cache *intfc;
554 struct usb_host_interface *alt;
555 int i, n;
556 int len, retval;
557 int num_ep, num_ep_orig;
558
559 d = (struct usb_interface_descriptor *) buffer;
560 buffer += d->bLength;
561 size -= d->bLength;
562
563 if (d->bLength < USB_DT_INTERFACE_SIZE)
564 goto skip_to_next_interface_descriptor;
565
566 /* Which interface entry is this? */
567 intfc = NULL;
568 inum = d->bInterfaceNumber;
569 for (i = 0; i < config->desc.bNumInterfaces; ++i) {
570 if (inums[i] == inum) {
571 intfc = config->intf_cache[i];
572 break;
573 }
574 }
575 if (!intfc || intfc->num_altsetting >= nalts[i])
576 goto skip_to_next_interface_descriptor;
577
578 /* Check for duplicate altsetting entries */
579 asnum = d->bAlternateSetting;
580 for ((i = 0, alt = &intfc->altsetting[0]);
581 i < intfc->num_altsetting;
582 (++i, ++alt)) {
583 if (alt->desc.bAlternateSetting == asnum) {
584 dev_notice(ddev, "Duplicate descriptor for config %d "
585 "interface %d altsetting %d, skipping\n",
586 cfgno, inum, asnum);
587 goto skip_to_next_interface_descriptor;
588 }
589 }
590
591 ++intfc->num_altsetting;
592 memcpy(&alt->desc, d, USB_DT_INTERFACE_SIZE);
593
594 /* Skip over any Class Specific or Vendor Specific descriptors;
595 * find the first endpoint or interface descriptor */
596 alt->extra = buffer;
597 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
598 USB_DT_INTERFACE, &n);
599 alt->extralen = i;
600 if (n > 0)
601 dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
602 n, str_plural(n), "interface");
603 buffer += i;
604 size -= i;
605
606 /* Allocate space for the right(?) number of endpoints */
607 num_ep = num_ep_orig = alt->desc.bNumEndpoints;
608 alt->desc.bNumEndpoints = 0; /* Use as a counter */
609 if (num_ep > USB_MAXENDPOINTS) {
610 dev_notice(ddev, "too many endpoints for config %d interface %d "
611 "altsetting %d: %d, using maximum allowed: %d\n",
612 cfgno, inum, asnum, num_ep, USB_MAXENDPOINTS);
613 num_ep = USB_MAXENDPOINTS;
614 }
615
616 if (num_ep > 0) {
617 /* Can't allocate 0 bytes */
618 len = sizeof(struct usb_host_endpoint) * num_ep;
619 alt->endpoint = kzalloc(len, GFP_KERNEL);
620 if (!alt->endpoint)
621 return -ENOMEM;
622 }
623
624 /* Parse all the endpoint descriptors */
625 n = 0;
626 while (size > 0) {
627 if (((struct usb_descriptor_header *) buffer)->bDescriptorType
628 == USB_DT_INTERFACE)
629 break;
630 retval = usb_parse_endpoint(ddev, cfgno, config, inum, asnum,
631 alt, num_ep, buffer, size);
632 if (retval < 0)
633 return retval;
634 ++n;
635
636 buffer += retval;
637 size -= retval;
638 }
639
640 if (n != num_ep_orig)
641 dev_notice(ddev, "config %d interface %d altsetting %d has %d "
642 "endpoint descriptor%s, different from the interface "
643 "descriptor's value: %d\n",
644 cfgno, inum, asnum, n, str_plural(n), num_ep_orig);
645 return buffer - buffer0;
646
647 skip_to_next_interface_descriptor:
648 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE,
649 USB_DT_INTERFACE, NULL);
650 return buffer - buffer0 + i;
651 }
652
usb_parse_configuration(struct usb_device * dev,int cfgidx,struct usb_host_config * config,unsigned char * buffer,int size)653 static int usb_parse_configuration(struct usb_device *dev, int cfgidx,
654 struct usb_host_config *config, unsigned char *buffer, int size)
655 {
656 struct device *ddev = &dev->dev;
657 unsigned char *buffer0 = buffer;
658 int cfgno;
659 int nintf, nintf_orig;
660 int i, j, n;
661 struct usb_interface_cache *intfc;
662 unsigned char *buffer2;
663 int size2;
664 struct usb_descriptor_header *header;
665 int retval;
666 u8 inums[USB_MAXINTERFACES], nalts[USB_MAXINTERFACES];
667 unsigned iad_num = 0;
668
669 memcpy(&config->desc, buffer, USB_DT_CONFIG_SIZE);
670 nintf = nintf_orig = config->desc.bNumInterfaces;
671 config->desc.bNumInterfaces = 0; // Adjusted later
672
673 if (config->desc.bDescriptorType != USB_DT_CONFIG ||
674 config->desc.bLength < USB_DT_CONFIG_SIZE ||
675 config->desc.bLength > size) {
676 dev_notice(ddev, "invalid descriptor for config index %d: "
677 "type = 0x%X, length = %d\n", cfgidx,
678 config->desc.bDescriptorType, config->desc.bLength);
679 return -EINVAL;
680 }
681 cfgno = config->desc.bConfigurationValue;
682
683 buffer += config->desc.bLength;
684 size -= config->desc.bLength;
685
686 if (nintf > USB_MAXINTERFACES) {
687 dev_notice(ddev, "config %d has too many interfaces: %d, "
688 "using maximum allowed: %d\n",
689 cfgno, nintf, USB_MAXINTERFACES);
690 nintf = USB_MAXINTERFACES;
691 }
692
693 /* Go through the descriptors, checking their length and counting the
694 * number of altsettings for each interface */
695 n = 0;
696 for ((buffer2 = buffer, size2 = size);
697 size2 > 0;
698 (buffer2 += header->bLength, size2 -= header->bLength)) {
699
700 if (size2 < sizeof(struct usb_descriptor_header)) {
701 dev_notice(ddev, "config %d descriptor has %d excess "
702 "byte%s, ignoring\n",
703 cfgno, size2, str_plural(size2));
704 break;
705 }
706
707 header = (struct usb_descriptor_header *) buffer2;
708 if ((header->bLength > size2) || (header->bLength < 2)) {
709 dev_notice(ddev, "config %d has an invalid descriptor "
710 "of length %d, skipping remainder of the config\n",
711 cfgno, header->bLength);
712 break;
713 }
714
715 if (header->bDescriptorType == USB_DT_INTERFACE) {
716 struct usb_interface_descriptor *d;
717 int inum;
718
719 d = (struct usb_interface_descriptor *) header;
720 if (d->bLength < USB_DT_INTERFACE_SIZE) {
721 dev_notice(ddev, "config %d has an invalid "
722 "interface descriptor of length %d, "
723 "skipping\n", cfgno, d->bLength);
724 continue;
725 }
726
727 inum = d->bInterfaceNumber;
728
729 if ((dev->quirks & USB_QUIRK_HONOR_BNUMINTERFACES) &&
730 n >= nintf_orig) {
731 dev_notice(ddev, "config %d has more interface "
732 "descriptors, than it declares in "
733 "bNumInterfaces, ignoring interface "
734 "number: %d\n", cfgno, inum);
735 continue;
736 }
737
738 if (inum >= nintf_orig)
739 dev_notice(ddev, "config %d has an invalid "
740 "interface number: %d but max is %d\n",
741 cfgno, inum, nintf_orig - 1);
742
743 /* Have we already encountered this interface?
744 * Count its altsettings */
745 for (i = 0; i < n; ++i) {
746 if (inums[i] == inum)
747 break;
748 }
749 if (i < n) {
750 if (nalts[i] < 255)
751 ++nalts[i];
752 } else if (n < USB_MAXINTERFACES) {
753 inums[n] = inum;
754 nalts[n] = 1;
755 ++n;
756 }
757
758 } else if (header->bDescriptorType ==
759 USB_DT_INTERFACE_ASSOCIATION) {
760 struct usb_interface_assoc_descriptor *d;
761
762 d = (struct usb_interface_assoc_descriptor *)header;
763 if (d->bLength < USB_DT_INTERFACE_ASSOCIATION_SIZE) {
764 dev_notice(ddev,
765 "config %d has an invalid interface association descriptor of length %d, skipping\n",
766 cfgno, d->bLength);
767 continue;
768 }
769
770 if (iad_num == USB_MAXIADS) {
771 dev_notice(ddev, "found more Interface "
772 "Association Descriptors "
773 "than allocated for in "
774 "configuration %d\n", cfgno);
775 } else {
776 config->intf_assoc[iad_num] = d;
777 iad_num++;
778 }
779
780 } else if (header->bDescriptorType == USB_DT_DEVICE ||
781 header->bDescriptorType == USB_DT_CONFIG)
782 dev_notice(ddev, "config %d contains an unexpected "
783 "descriptor of type 0x%X, skipping\n",
784 cfgno, header->bDescriptorType);
785
786 } /* for ((buffer2 = buffer, size2 = size); ...) */
787 size = buffer2 - buffer;
788 config->desc.wTotalLength = cpu_to_le16(buffer2 - buffer0);
789
790 if (n != nintf)
791 dev_notice(ddev, "config %d has %d interface%s, different from "
792 "the descriptor's value: %d\n",
793 cfgno, n, str_plural(n), nintf_orig);
794 else if (n == 0)
795 dev_notice(ddev, "config %d has no interfaces?\n", cfgno);
796 config->desc.bNumInterfaces = nintf = n;
797
798 /* Check for missing interface numbers */
799 for (i = 0; i < nintf; ++i) {
800 for (j = 0; j < nintf; ++j) {
801 if (inums[j] == i)
802 break;
803 }
804 if (j >= nintf)
805 dev_notice(ddev, "config %d has no interface number "
806 "%d\n", cfgno, i);
807 }
808
809 /* Allocate the usb_interface_caches and altsetting arrays */
810 for (i = 0; i < nintf; ++i) {
811 j = nalts[i];
812 if (j > USB_MAXALTSETTING) {
813 dev_notice(ddev, "too many alternate settings for "
814 "config %d interface %d: %d, "
815 "using maximum allowed: %d\n",
816 cfgno, inums[i], j, USB_MAXALTSETTING);
817 nalts[i] = j = USB_MAXALTSETTING;
818 }
819
820 intfc = kzalloc(struct_size(intfc, altsetting, j), GFP_KERNEL);
821 config->intf_cache[i] = intfc;
822 if (!intfc)
823 return -ENOMEM;
824 kref_init(&intfc->ref);
825 }
826
827 /* FIXME: parse the BOS descriptor */
828
829 /* Skip over any Class Specific or Vendor Specific descriptors;
830 * find the first interface descriptor */
831 config->extra = buffer;
832 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE,
833 USB_DT_INTERFACE, &n);
834 config->extralen = i;
835 if (n > 0)
836 dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
837 n, str_plural(n), "configuration");
838 buffer += i;
839 size -= i;
840
841 /* Parse all the interface/altsetting descriptors */
842 while (size > 0) {
843 retval = usb_parse_interface(ddev, cfgno, config,
844 buffer, size, inums, nalts);
845 if (retval < 0)
846 return retval;
847
848 buffer += retval;
849 size -= retval;
850 }
851
852 /* Check for missing altsettings */
853 for (i = 0; i < nintf; ++i) {
854 intfc = config->intf_cache[i];
855 for (j = 0; j < intfc->num_altsetting; ++j) {
856 for (n = 0; n < intfc->num_altsetting; ++n) {
857 if (intfc->altsetting[n].desc.
858 bAlternateSetting == j)
859 break;
860 }
861 if (n >= intfc->num_altsetting)
862 dev_notice(ddev, "config %d interface %d has no "
863 "altsetting %d\n", cfgno, inums[i], j);
864 }
865 }
866
867 return 0;
868 }
869
870 /* hub-only!! ... and only exported for reset/reinit path.
871 * otherwise used internally on disconnect/destroy path
872 */
usb_destroy_configuration(struct usb_device * dev)873 void usb_destroy_configuration(struct usb_device *dev)
874 {
875 int c, i;
876
877 if (!dev->config)
878 return;
879
880 if (dev->rawdescriptors) {
881 for (i = 0; i < dev->descriptor.bNumConfigurations; i++)
882 kfree(dev->rawdescriptors[i]);
883
884 kfree(dev->rawdescriptors);
885 dev->rawdescriptors = NULL;
886 }
887
888 for (c = 0; c < dev->descriptor.bNumConfigurations; c++) {
889 struct usb_host_config *cf = &dev->config[c];
890
891 kfree(cf->string);
892 for (i = 0; i < cf->desc.bNumInterfaces; i++) {
893 if (cf->intf_cache[i])
894 kref_put(&cf->intf_cache[i]->ref,
895 usb_release_interface_cache);
896 }
897 }
898 kfree(dev->config);
899 dev->config = NULL;
900 }
901
902
903 /*
904 * Get the USB config descriptors, cache and parse'em
905 *
906 * hub-only!! ... and only in reset path, or usb_new_device()
907 * (used by real hubs and virtual root hubs)
908 */
usb_get_configuration(struct usb_device * dev)909 int usb_get_configuration(struct usb_device *dev)
910 {
911 struct device *ddev = &dev->dev;
912 int ncfg = dev->descriptor.bNumConfigurations;
913 unsigned int cfgno, length;
914 unsigned char *bigbuffer;
915 struct usb_config_descriptor *desc;
916 int result;
917
918 if (ncfg > USB_MAXCONFIG) {
919 dev_notice(ddev, "too many configurations: %d, "
920 "using maximum allowed: %d\n", ncfg, USB_MAXCONFIG);
921 dev->descriptor.bNumConfigurations = ncfg = USB_MAXCONFIG;
922 }
923
924 if (ncfg < 1) {
925 dev_err(ddev, "no configurations\n");
926 return -EINVAL;
927 }
928
929 length = ncfg * sizeof(struct usb_host_config);
930 dev->config = kzalloc(length, GFP_KERNEL);
931 if (!dev->config)
932 return -ENOMEM;
933
934 length = ncfg * sizeof(char *);
935 dev->rawdescriptors = kzalloc(length, GFP_KERNEL);
936 if (!dev->rawdescriptors)
937 return -ENOMEM;
938
939 desc = kmalloc(USB_DT_CONFIG_SIZE, GFP_KERNEL);
940 if (!desc)
941 return -ENOMEM;
942
943 for (cfgno = 0; cfgno < ncfg; cfgno++) {
944 /* We grab just the first descriptor so we know how long
945 * the whole configuration is */
946 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno,
947 desc, USB_DT_CONFIG_SIZE);
948 if (result < 0) {
949 dev_err(ddev, "unable to read config index %d "
950 "descriptor/%s: %d\n", cfgno, "start", result);
951 if (result != -EPIPE)
952 goto err;
953 dev_notice(ddev, "chopping to %d config(s)\n", cfgno);
954 dev->descriptor.bNumConfigurations = cfgno;
955 break;
956 } else if (result < 4) {
957 dev_err(ddev, "config index %d descriptor too short "
958 "(expected %i, got %i)\n", cfgno,
959 USB_DT_CONFIG_SIZE, result);
960 result = -EINVAL;
961 goto err;
962 }
963 length = max_t(int, le16_to_cpu(desc->wTotalLength),
964 USB_DT_CONFIG_SIZE);
965
966 /* Now that we know the length, get the whole thing */
967 bigbuffer = kmalloc(length, GFP_KERNEL);
968 if (!bigbuffer) {
969 result = -ENOMEM;
970 goto err;
971 }
972
973 if (dev->quirks & USB_QUIRK_DELAY_INIT)
974 msleep(200);
975
976 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno,
977 bigbuffer, length);
978 if (result < 0) {
979 dev_err(ddev, "unable to read config index %d "
980 "descriptor/%s\n", cfgno, "all");
981 kfree(bigbuffer);
982 goto err;
983 }
984 if (result < length) {
985 dev_notice(ddev, "config index %d descriptor too short "
986 "(expected %i, got %i)\n", cfgno, length, result);
987 length = result;
988 }
989
990 dev->rawdescriptors[cfgno] = bigbuffer;
991
992 result = usb_parse_configuration(dev, cfgno,
993 &dev->config[cfgno], bigbuffer, length);
994 if (result < 0) {
995 ++cfgno;
996 goto err;
997 }
998 }
999
1000 err:
1001 kfree(desc);
1002 dev->descriptor.bNumConfigurations = cfgno;
1003
1004 return result;
1005 }
1006
usb_release_bos_descriptor(struct usb_device * dev)1007 void usb_release_bos_descriptor(struct usb_device *dev)
1008 {
1009 if (dev->bos) {
1010 kfree(dev->bos->desc);
1011 kfree(dev->bos);
1012 dev->bos = NULL;
1013 }
1014 }
1015
1016 static const __u8 bos_desc_len[256] = {
1017 [USB_CAP_TYPE_WIRELESS_USB] = USB_DT_USB_WIRELESS_CAP_SIZE,
1018 [USB_CAP_TYPE_EXT] = USB_DT_USB_EXT_CAP_SIZE,
1019 [USB_SS_CAP_TYPE] = USB_DT_USB_SS_CAP_SIZE,
1020 [USB_SSP_CAP_TYPE] = USB_DT_USB_SSP_CAP_SIZE(1),
1021 [CONTAINER_ID_TYPE] = USB_DT_USB_SS_CONTN_ID_SIZE,
1022 [USB_PTM_CAP_TYPE] = USB_DT_USB_PTM_ID_SIZE,
1023 };
1024
1025 /* Get BOS descriptor set */
usb_get_bos_descriptor(struct usb_device * dev)1026 int usb_get_bos_descriptor(struct usb_device *dev)
1027 {
1028 struct device *ddev = &dev->dev;
1029 struct usb_bos_descriptor *bos;
1030 struct usb_dev_cap_header *cap;
1031 struct usb_ssp_cap_descriptor *ssp_cap;
1032 unsigned char *buffer, *buffer0;
1033 int length, total_len, num, i, ssac;
1034 __u8 cap_type;
1035 int ret;
1036
1037 bos = kzalloc(sizeof(*bos), GFP_KERNEL);
1038 if (!bos)
1039 return -ENOMEM;
1040
1041 /* Get BOS descriptor */
1042 ret = usb_get_descriptor(dev, USB_DT_BOS, 0, bos, USB_DT_BOS_SIZE);
1043 if (ret < USB_DT_BOS_SIZE || bos->bLength < USB_DT_BOS_SIZE) {
1044 dev_notice(ddev, "unable to get BOS descriptor or descriptor too short\n");
1045 if (ret >= 0)
1046 ret = -ENOMSG;
1047 kfree(bos);
1048 return ret;
1049 }
1050
1051 length = bos->bLength;
1052 total_len = le16_to_cpu(bos->wTotalLength);
1053 num = bos->bNumDeviceCaps;
1054 kfree(bos);
1055 if (total_len < length)
1056 return -EINVAL;
1057
1058 dev->bos = kzalloc(sizeof(*dev->bos), GFP_KERNEL);
1059 if (!dev->bos)
1060 return -ENOMEM;
1061
1062 /* Now let's get the whole BOS descriptor set */
1063 buffer = kzalloc(total_len, GFP_KERNEL);
1064 if (!buffer) {
1065 ret = -ENOMEM;
1066 goto err;
1067 }
1068 dev->bos->desc = (struct usb_bos_descriptor *)buffer;
1069
1070 ret = usb_get_descriptor(dev, USB_DT_BOS, 0, buffer, total_len);
1071 if (ret < total_len) {
1072 dev_notice(ddev, "unable to get BOS descriptor set\n");
1073 if (ret >= 0)
1074 ret = -ENOMSG;
1075 goto err;
1076 }
1077
1078 buffer0 = buffer;
1079 total_len -= length;
1080 buffer += length;
1081
1082 for (i = 0; i < num; i++) {
1083 cap = (struct usb_dev_cap_header *)buffer;
1084
1085 if (total_len < sizeof(*cap) || total_len < cap->bLength) {
1086 dev->bos->desc->bNumDeviceCaps = i;
1087 break;
1088 }
1089 cap_type = cap->bDevCapabilityType;
1090 length = cap->bLength;
1091 if (bos_desc_len[cap_type] && length < bos_desc_len[cap_type]) {
1092 dev->bos->desc->bNumDeviceCaps = i;
1093 break;
1094 }
1095
1096 if (cap->bDescriptorType != USB_DT_DEVICE_CAPABILITY) {
1097 dev_notice(ddev, "descriptor type invalid, skip\n");
1098 goto skip_to_next_descriptor;
1099 }
1100
1101 switch (cap_type) {
1102 case USB_CAP_TYPE_EXT:
1103 dev->bos->ext_cap =
1104 (struct usb_ext_cap_descriptor *)buffer;
1105 break;
1106 case USB_SS_CAP_TYPE:
1107 dev->bos->ss_cap =
1108 (struct usb_ss_cap_descriptor *)buffer;
1109 break;
1110 case USB_SSP_CAP_TYPE:
1111 ssp_cap = (struct usb_ssp_cap_descriptor *)buffer;
1112 ssac = (le32_to_cpu(ssp_cap->bmAttributes) &
1113 USB_SSP_SUBLINK_SPEED_ATTRIBS);
1114 if (length >= USB_DT_USB_SSP_CAP_SIZE(ssac))
1115 dev->bos->ssp_cap = ssp_cap;
1116 break;
1117 case CONTAINER_ID_TYPE:
1118 dev->bos->ss_id =
1119 (struct usb_ss_container_id_descriptor *)buffer;
1120 break;
1121 case USB_PTM_CAP_TYPE:
1122 dev->bos->ptm_cap =
1123 (struct usb_ptm_cap_descriptor *)buffer;
1124 break;
1125 default:
1126 break;
1127 }
1128
1129 skip_to_next_descriptor:
1130 total_len -= length;
1131 buffer += length;
1132 }
1133 dev->bos->desc->wTotalLength = cpu_to_le16(buffer - buffer0);
1134
1135 return 0;
1136
1137 err:
1138 usb_release_bos_descriptor(dev);
1139 return ret;
1140 }
1141