1 #include <linux/usb.h> 2 #include <linux/module.h> 3 #include <linux/init.h> 4 #include <linux/slab.h> 5 #include <linux/device.h> 6 #include <asm/byteorder.h> 7 #include "usb.h" 8 #include "hcd.h" 9 10 #define USB_MAXALTSETTING 128 /* Hard limit */ 11 #define USB_MAXENDPOINTS 30 /* Hard limit */ 12 13 #define USB_MAXCONFIG 8 /* Arbitrary limit */ 14 15 16 static inline const char *plural(int n) 17 { 18 return (n == 1 ? "" : "s"); 19 } 20 21 static int find_next_descriptor(unsigned char *buffer, int size, 22 int dt1, int dt2, int *num_skipped) 23 { 24 struct usb_descriptor_header *h; 25 int n = 0; 26 unsigned char *buffer0 = buffer; 27 28 /* Find the next descriptor of type dt1 or dt2 */ 29 while (size > 0) { 30 h = (struct usb_descriptor_header *) buffer; 31 if (h->bDescriptorType == dt1 || h->bDescriptorType == dt2) 32 break; 33 buffer += h->bLength; 34 size -= h->bLength; 35 ++n; 36 } 37 38 /* Store the number of descriptors skipped and return the 39 * number of bytes skipped */ 40 if (num_skipped) 41 *num_skipped = n; 42 return buffer - buffer0; 43 } 44 45 static int usb_parse_endpoint(struct device *ddev, int cfgno, int inum, 46 int asnum, struct usb_host_interface *ifp, int num_ep, 47 unsigned char *buffer, int size) 48 { 49 unsigned char *buffer0 = buffer; 50 struct usb_endpoint_descriptor *d; 51 struct usb_host_endpoint *endpoint; 52 int n, i; 53 54 d = (struct usb_endpoint_descriptor *) buffer; 55 buffer += d->bLength; 56 size -= d->bLength; 57 58 if (d->bLength >= USB_DT_ENDPOINT_AUDIO_SIZE) 59 n = USB_DT_ENDPOINT_AUDIO_SIZE; 60 else if (d->bLength >= USB_DT_ENDPOINT_SIZE) 61 n = USB_DT_ENDPOINT_SIZE; 62 else { 63 dev_warn(ddev, "config %d interface %d altsetting %d has an " 64 "invalid endpoint descriptor of length %d, skipping\n", 65 cfgno, inum, asnum, d->bLength); 66 goto skip_to_next_endpoint_or_interface_descriptor; 67 } 68 69 i = d->bEndpointAddress & ~USB_ENDPOINT_DIR_MASK; 70 if (i >= 16 || i == 0) { 71 dev_warn(ddev, "config %d interface %d altsetting %d has an " 72 "invalid endpoint with address 0x%X, skipping\n", 73 cfgno, inum, asnum, d->bEndpointAddress); 74 goto skip_to_next_endpoint_or_interface_descriptor; 75 } 76 77 /* Only store as many endpoints as we have room for */ 78 if (ifp->desc.bNumEndpoints >= num_ep) 79 goto skip_to_next_endpoint_or_interface_descriptor; 80 81 endpoint = &ifp->endpoint[ifp->desc.bNumEndpoints]; 82 ++ifp->desc.bNumEndpoints; 83 84 memcpy(&endpoint->desc, d, n); 85 INIT_LIST_HEAD(&endpoint->urb_list); 86 87 /* Skip over any Class Specific or Vendor Specific descriptors; 88 * find the next endpoint or interface descriptor */ 89 endpoint->extra = buffer; 90 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 91 USB_DT_INTERFACE, &n); 92 endpoint->extralen = i; 93 if (n > 0) 94 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 95 n, plural(n), "endpoint"); 96 return buffer - buffer0 + i; 97 98 skip_to_next_endpoint_or_interface_descriptor: 99 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 100 USB_DT_INTERFACE, NULL); 101 return buffer - buffer0 + i; 102 } 103 104 void usb_release_interface_cache(struct kref *ref) 105 { 106 struct usb_interface_cache *intfc = ref_to_usb_interface_cache(ref); 107 int j; 108 109 for (j = 0; j < intfc->num_altsetting; j++) { 110 struct usb_host_interface *alt = &intfc->altsetting[j]; 111 112 kfree(alt->endpoint); 113 kfree(alt->string); 114 } 115 kfree(intfc); 116 } 117 118 static int usb_parse_interface(struct device *ddev, int cfgno, 119 struct usb_host_config *config, unsigned char *buffer, int size, 120 u8 inums[], u8 nalts[]) 121 { 122 unsigned char *buffer0 = buffer; 123 struct usb_interface_descriptor *d; 124 int inum, asnum; 125 struct usb_interface_cache *intfc; 126 struct usb_host_interface *alt; 127 int i, n; 128 int len, retval; 129 int num_ep, num_ep_orig; 130 131 d = (struct usb_interface_descriptor *) buffer; 132 buffer += d->bLength; 133 size -= d->bLength; 134 135 if (d->bLength < USB_DT_INTERFACE_SIZE) 136 goto skip_to_next_interface_descriptor; 137 138 /* Which interface entry is this? */ 139 intfc = NULL; 140 inum = d->bInterfaceNumber; 141 for (i = 0; i < config->desc.bNumInterfaces; ++i) { 142 if (inums[i] == inum) { 143 intfc = config->intf_cache[i]; 144 break; 145 } 146 } 147 if (!intfc || intfc->num_altsetting >= nalts[i]) 148 goto skip_to_next_interface_descriptor; 149 150 /* Check for duplicate altsetting entries */ 151 asnum = d->bAlternateSetting; 152 for ((i = 0, alt = &intfc->altsetting[0]); 153 i < intfc->num_altsetting; 154 (++i, ++alt)) { 155 if (alt->desc.bAlternateSetting == asnum) { 156 dev_warn(ddev, "Duplicate descriptor for config %d " 157 "interface %d altsetting %d, skipping\n", 158 cfgno, inum, asnum); 159 goto skip_to_next_interface_descriptor; 160 } 161 } 162 163 ++intfc->num_altsetting; 164 memcpy(&alt->desc, d, USB_DT_INTERFACE_SIZE); 165 166 /* Skip over any Class Specific or Vendor Specific descriptors; 167 * find the first endpoint or interface descriptor */ 168 alt->extra = buffer; 169 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 170 USB_DT_INTERFACE, &n); 171 alt->extralen = i; 172 if (n > 0) 173 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 174 n, plural(n), "interface"); 175 buffer += i; 176 size -= i; 177 178 /* Allocate space for the right(?) number of endpoints */ 179 num_ep = num_ep_orig = alt->desc.bNumEndpoints; 180 alt->desc.bNumEndpoints = 0; // Use as a counter 181 if (num_ep > USB_MAXENDPOINTS) { 182 dev_warn(ddev, "too many endpoints for config %d interface %d " 183 "altsetting %d: %d, using maximum allowed: %d\n", 184 cfgno, inum, asnum, num_ep, USB_MAXENDPOINTS); 185 num_ep = USB_MAXENDPOINTS; 186 } 187 188 len = sizeof(struct usb_host_endpoint) * num_ep; 189 alt->endpoint = kzalloc(len, GFP_KERNEL); 190 if (!alt->endpoint) 191 return -ENOMEM; 192 193 /* Parse all the endpoint descriptors */ 194 n = 0; 195 while (size > 0) { 196 if (((struct usb_descriptor_header *) buffer)->bDescriptorType 197 == USB_DT_INTERFACE) 198 break; 199 retval = usb_parse_endpoint(ddev, cfgno, inum, asnum, alt, 200 num_ep, buffer, size); 201 if (retval < 0) 202 return retval; 203 ++n; 204 205 buffer += retval; 206 size -= retval; 207 } 208 209 if (n != num_ep_orig) 210 dev_warn(ddev, "config %d interface %d altsetting %d has %d " 211 "endpoint descriptor%s, different from the interface " 212 "descriptor's value: %d\n", 213 cfgno, inum, asnum, n, plural(n), num_ep_orig); 214 return buffer - buffer0; 215 216 skip_to_next_interface_descriptor: 217 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE, 218 USB_DT_INTERFACE, NULL); 219 return buffer - buffer0 + i; 220 } 221 222 static int usb_parse_configuration(struct device *ddev, int cfgidx, 223 struct usb_host_config *config, unsigned char *buffer, int size) 224 { 225 unsigned char *buffer0 = buffer; 226 int cfgno; 227 int nintf, nintf_orig; 228 int i, j, n; 229 struct usb_interface_cache *intfc; 230 unsigned char *buffer2; 231 int size2; 232 struct usb_descriptor_header *header; 233 int len, retval; 234 u8 inums[USB_MAXINTERFACES], nalts[USB_MAXINTERFACES]; 235 236 memcpy(&config->desc, buffer, USB_DT_CONFIG_SIZE); 237 if (config->desc.bDescriptorType != USB_DT_CONFIG || 238 config->desc.bLength < USB_DT_CONFIG_SIZE) { 239 dev_err(ddev, "invalid descriptor for config index %d: " 240 "type = 0x%X, length = %d\n", cfgidx, 241 config->desc.bDescriptorType, config->desc.bLength); 242 return -EINVAL; 243 } 244 cfgno = config->desc.bConfigurationValue; 245 246 buffer += config->desc.bLength; 247 size -= config->desc.bLength; 248 249 nintf = nintf_orig = config->desc.bNumInterfaces; 250 if (nintf > USB_MAXINTERFACES) { 251 dev_warn(ddev, "config %d has too many interfaces: %d, " 252 "using maximum allowed: %d\n", 253 cfgno, nintf, USB_MAXINTERFACES); 254 nintf = USB_MAXINTERFACES; 255 } 256 257 /* Go through the descriptors, checking their length and counting the 258 * number of altsettings for each interface */ 259 n = 0; 260 for ((buffer2 = buffer, size2 = size); 261 size2 > 0; 262 (buffer2 += header->bLength, size2 -= header->bLength)) { 263 264 if (size2 < sizeof(struct usb_descriptor_header)) { 265 dev_warn(ddev, "config %d descriptor has %d excess " 266 "byte%s, ignoring\n", 267 cfgno, size2, plural(size2)); 268 break; 269 } 270 271 header = (struct usb_descriptor_header *) buffer2; 272 if ((header->bLength > size2) || (header->bLength < 2)) { 273 dev_warn(ddev, "config %d has an invalid descriptor " 274 "of length %d, skipping remainder of the config\n", 275 cfgno, header->bLength); 276 break; 277 } 278 279 if (header->bDescriptorType == USB_DT_INTERFACE) { 280 struct usb_interface_descriptor *d; 281 int inum; 282 283 d = (struct usb_interface_descriptor *) header; 284 if (d->bLength < USB_DT_INTERFACE_SIZE) { 285 dev_warn(ddev, "config %d has an invalid " 286 "interface descriptor of length %d, " 287 "skipping\n", cfgno, d->bLength); 288 continue; 289 } 290 291 inum = d->bInterfaceNumber; 292 if (inum >= nintf_orig) 293 dev_warn(ddev, "config %d has an invalid " 294 "interface number: %d but max is %d\n", 295 cfgno, inum, nintf_orig - 1); 296 297 /* Have we already encountered this interface? 298 * Count its altsettings */ 299 for (i = 0; i < n; ++i) { 300 if (inums[i] == inum) 301 break; 302 } 303 if (i < n) { 304 if (nalts[i] < 255) 305 ++nalts[i]; 306 } else if (n < USB_MAXINTERFACES) { 307 inums[n] = inum; 308 nalts[n] = 1; 309 ++n; 310 } 311 312 } else if (header->bDescriptorType == USB_DT_DEVICE || 313 header->bDescriptorType == USB_DT_CONFIG) 314 dev_warn(ddev, "config %d contains an unexpected " 315 "descriptor of type 0x%X, skipping\n", 316 cfgno, header->bDescriptorType); 317 318 } /* for ((buffer2 = buffer, size2 = size); ...) */ 319 size = buffer2 - buffer; 320 config->desc.wTotalLength = cpu_to_le16(buffer2 - buffer0); 321 322 if (n != nintf) 323 dev_warn(ddev, "config %d has %d interface%s, different from " 324 "the descriptor's value: %d\n", 325 cfgno, n, plural(n), nintf_orig); 326 else if (n == 0) 327 dev_warn(ddev, "config %d has no interfaces?\n", cfgno); 328 config->desc.bNumInterfaces = nintf = n; 329 330 /* Check for missing interface numbers */ 331 for (i = 0; i < nintf; ++i) { 332 for (j = 0; j < nintf; ++j) { 333 if (inums[j] == i) 334 break; 335 } 336 if (j >= nintf) 337 dev_warn(ddev, "config %d has no interface number " 338 "%d\n", cfgno, i); 339 } 340 341 /* Allocate the usb_interface_caches and altsetting arrays */ 342 for (i = 0; i < nintf; ++i) { 343 j = nalts[i]; 344 if (j > USB_MAXALTSETTING) { 345 dev_warn(ddev, "too many alternate settings for " 346 "config %d interface %d: %d, " 347 "using maximum allowed: %d\n", 348 cfgno, inums[i], j, USB_MAXALTSETTING); 349 nalts[i] = j = USB_MAXALTSETTING; 350 } 351 352 len = sizeof(*intfc) + sizeof(struct usb_host_interface) * j; 353 config->intf_cache[i] = intfc = kzalloc(len, GFP_KERNEL); 354 if (!intfc) 355 return -ENOMEM; 356 kref_init(&intfc->ref); 357 } 358 359 /* Skip over any Class Specific or Vendor Specific descriptors; 360 * find the first interface descriptor */ 361 config->extra = buffer; 362 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE, 363 USB_DT_INTERFACE, &n); 364 config->extralen = i; 365 if (n > 0) 366 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 367 n, plural(n), "configuration"); 368 buffer += i; 369 size -= i; 370 371 /* Parse all the interface/altsetting descriptors */ 372 while (size > 0) { 373 retval = usb_parse_interface(ddev, cfgno, config, 374 buffer, size, inums, nalts); 375 if (retval < 0) 376 return retval; 377 378 buffer += retval; 379 size -= retval; 380 } 381 382 /* Check for missing altsettings */ 383 for (i = 0; i < nintf; ++i) { 384 intfc = config->intf_cache[i]; 385 for (j = 0; j < intfc->num_altsetting; ++j) { 386 for (n = 0; n < intfc->num_altsetting; ++n) { 387 if (intfc->altsetting[n].desc. 388 bAlternateSetting == j) 389 break; 390 } 391 if (n >= intfc->num_altsetting) 392 dev_warn(ddev, "config %d interface %d has no " 393 "altsetting %d\n", cfgno, inums[i], j); 394 } 395 } 396 397 return 0; 398 } 399 400 // hub-only!! ... and only exported for reset/reinit path. 401 // otherwise used internally on disconnect/destroy path 402 void usb_destroy_configuration(struct usb_device *dev) 403 { 404 int c, i; 405 406 if (!dev->config) 407 return; 408 409 if (dev->rawdescriptors) { 410 for (i = 0; i < dev->descriptor.bNumConfigurations; i++) 411 kfree(dev->rawdescriptors[i]); 412 413 kfree(dev->rawdescriptors); 414 dev->rawdescriptors = NULL; 415 } 416 417 for (c = 0; c < dev->descriptor.bNumConfigurations; c++) { 418 struct usb_host_config *cf = &dev->config[c]; 419 420 kfree(cf->string); 421 for (i = 0; i < cf->desc.bNumInterfaces; i++) { 422 if (cf->intf_cache[i]) 423 kref_put(&cf->intf_cache[i]->ref, 424 usb_release_interface_cache); 425 } 426 } 427 kfree(dev->config); 428 dev->config = NULL; 429 } 430 431 432 // hub-only!! ... and only in reset path, or usb_new_device() 433 // (used by real hubs and virtual root hubs) 434 int usb_get_configuration(struct usb_device *dev) 435 { 436 struct device *ddev = &dev->dev; 437 int ncfg = dev->descriptor.bNumConfigurations; 438 int result = -ENOMEM; 439 unsigned int cfgno, length; 440 unsigned char *buffer; 441 unsigned char *bigbuffer; 442 struct usb_config_descriptor *desc; 443 444 if (ncfg > USB_MAXCONFIG) { 445 dev_warn(ddev, "too many configurations: %d, " 446 "using maximum allowed: %d\n", ncfg, USB_MAXCONFIG); 447 dev->descriptor.bNumConfigurations = ncfg = USB_MAXCONFIG; 448 } 449 450 if (ncfg < 1) { 451 dev_err(ddev, "no configurations\n"); 452 return -EINVAL; 453 } 454 455 length = ncfg * sizeof(struct usb_host_config); 456 dev->config = kzalloc(length, GFP_KERNEL); 457 if (!dev->config) 458 goto err2; 459 460 length = ncfg * sizeof(char *); 461 dev->rawdescriptors = kzalloc(length, GFP_KERNEL); 462 if (!dev->rawdescriptors) 463 goto err2; 464 465 buffer = kmalloc(USB_DT_CONFIG_SIZE, GFP_KERNEL); 466 if (!buffer) 467 goto err2; 468 desc = (struct usb_config_descriptor *)buffer; 469 470 for (cfgno = 0; cfgno < ncfg; cfgno++) { 471 /* We grab just the first descriptor so we know how long 472 * the whole configuration is */ 473 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno, 474 buffer, USB_DT_CONFIG_SIZE); 475 if (result < 0) { 476 dev_err(ddev, "unable to read config index %d " 477 "descriptor/%s\n", cfgno, "start"); 478 goto err; 479 } else if (result < 4) { 480 dev_err(ddev, "config index %d descriptor too short " 481 "(expected %i, got %i)\n", cfgno, 482 USB_DT_CONFIG_SIZE, result); 483 result = -EINVAL; 484 goto err; 485 } 486 length = max((int) le16_to_cpu(desc->wTotalLength), 487 USB_DT_CONFIG_SIZE); 488 489 /* Now that we know the length, get the whole thing */ 490 bigbuffer = kmalloc(length, GFP_KERNEL); 491 if (!bigbuffer) { 492 result = -ENOMEM; 493 goto err; 494 } 495 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno, 496 bigbuffer, length); 497 if (result < 0) { 498 dev_err(ddev, "unable to read config index %d " 499 "descriptor/%s\n", cfgno, "all"); 500 kfree(bigbuffer); 501 goto err; 502 } 503 if (result < length) { 504 dev_warn(ddev, "config index %d descriptor too short " 505 "(expected %i, got %i)\n", cfgno, length, result); 506 length = result; 507 } 508 509 dev->rawdescriptors[cfgno] = bigbuffer; 510 511 result = usb_parse_configuration(&dev->dev, cfgno, 512 &dev->config[cfgno], bigbuffer, length); 513 if (result < 0) { 514 ++cfgno; 515 goto err; 516 } 517 } 518 result = 0; 519 520 err: 521 kfree(buffer); 522 dev->descriptor.bNumConfigurations = cfgno; 523 err2: 524 if (result == -ENOMEM) 525 dev_err(ddev, "out of memory\n"); 526 return result; 527 } 528