1 #include <linux/config.h> 2 3 #ifdef CONFIG_USB_DEBUG 4 #define DEBUG 5 #endif 6 7 #include <linux/usb.h> 8 #include <linux/module.h> 9 #include <linux/init.h> 10 #include <linux/slab.h> 11 #include <linux/device.h> 12 #include <asm/byteorder.h> 13 #include "usb.h" 14 #include "hcd.h" 15 16 #define USB_MAXALTSETTING 128 /* Hard limit */ 17 #define USB_MAXENDPOINTS 30 /* Hard limit */ 18 19 #define USB_MAXCONFIG 8 /* Arbitrary limit */ 20 21 22 static inline const char *plural(int n) 23 { 24 return (n == 1 ? "" : "s"); 25 } 26 27 static int find_next_descriptor(unsigned char *buffer, int size, 28 int dt1, int dt2, int *num_skipped) 29 { 30 struct usb_descriptor_header *h; 31 int n = 0; 32 unsigned char *buffer0 = buffer; 33 34 /* Find the next descriptor of type dt1 or dt2 */ 35 while (size > 0) { 36 h = (struct usb_descriptor_header *) buffer; 37 if (h->bDescriptorType == dt1 || h->bDescriptorType == dt2) 38 break; 39 buffer += h->bLength; 40 size -= h->bLength; 41 ++n; 42 } 43 44 /* Store the number of descriptors skipped and return the 45 * number of bytes skipped */ 46 if (num_skipped) 47 *num_skipped = n; 48 return buffer - buffer0; 49 } 50 51 static int usb_parse_endpoint(struct device *ddev, int cfgno, int inum, 52 int asnum, struct usb_host_interface *ifp, int num_ep, 53 unsigned char *buffer, int size) 54 { 55 unsigned char *buffer0 = buffer; 56 struct usb_endpoint_descriptor *d; 57 struct usb_host_endpoint *endpoint; 58 int n, i; 59 60 d = (struct usb_endpoint_descriptor *) buffer; 61 buffer += d->bLength; 62 size -= d->bLength; 63 64 if (d->bLength >= USB_DT_ENDPOINT_AUDIO_SIZE) 65 n = USB_DT_ENDPOINT_AUDIO_SIZE; 66 else if (d->bLength >= USB_DT_ENDPOINT_SIZE) 67 n = USB_DT_ENDPOINT_SIZE; 68 else { 69 dev_warn(ddev, "config %d interface %d altsetting %d has an " 70 "invalid endpoint descriptor of length %d, skipping\n", 71 cfgno, inum, asnum, d->bLength); 72 goto skip_to_next_endpoint_or_interface_descriptor; 73 } 74 75 i = d->bEndpointAddress & ~USB_ENDPOINT_DIR_MASK; 76 if (i >= 16 || i == 0) { 77 dev_warn(ddev, "config %d interface %d altsetting %d has an " 78 "invalid endpoint with address 0x%X, skipping\n", 79 cfgno, inum, asnum, d->bEndpointAddress); 80 goto skip_to_next_endpoint_or_interface_descriptor; 81 } 82 83 /* Only store as many endpoints as we have room for */ 84 if (ifp->desc.bNumEndpoints >= num_ep) 85 goto skip_to_next_endpoint_or_interface_descriptor; 86 87 endpoint = &ifp->endpoint[ifp->desc.bNumEndpoints]; 88 ++ifp->desc.bNumEndpoints; 89 90 memcpy(&endpoint->desc, d, n); 91 INIT_LIST_HEAD(&endpoint->urb_list); 92 93 /* Skip over any Class Specific or Vendor Specific descriptors; 94 * find the next endpoint or interface descriptor */ 95 endpoint->extra = buffer; 96 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 97 USB_DT_INTERFACE, &n); 98 endpoint->extralen = i; 99 if (n > 0) 100 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 101 n, plural(n), "endpoint"); 102 return buffer - buffer0 + i; 103 104 skip_to_next_endpoint_or_interface_descriptor: 105 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 106 USB_DT_INTERFACE, NULL); 107 return buffer - buffer0 + i; 108 } 109 110 void usb_release_interface_cache(struct kref *ref) 111 { 112 struct usb_interface_cache *intfc = ref_to_usb_interface_cache(ref); 113 int j; 114 115 for (j = 0; j < intfc->num_altsetting; j++) 116 kfree(intfc->altsetting[j].endpoint); 117 kfree(intfc); 118 } 119 120 static int usb_parse_interface(struct device *ddev, int cfgno, 121 struct usb_host_config *config, unsigned char *buffer, int size, 122 u8 inums[], u8 nalts[]) 123 { 124 unsigned char *buffer0 = buffer; 125 struct usb_interface_descriptor *d; 126 int inum, asnum; 127 struct usb_interface_cache *intfc; 128 struct usb_host_interface *alt; 129 int i, n; 130 int len, retval; 131 int num_ep, num_ep_orig; 132 133 d = (struct usb_interface_descriptor *) buffer; 134 buffer += d->bLength; 135 size -= d->bLength; 136 137 if (d->bLength < USB_DT_INTERFACE_SIZE) 138 goto skip_to_next_interface_descriptor; 139 140 /* Which interface entry is this? */ 141 intfc = NULL; 142 inum = d->bInterfaceNumber; 143 for (i = 0; i < config->desc.bNumInterfaces; ++i) { 144 if (inums[i] == inum) { 145 intfc = config->intf_cache[i]; 146 break; 147 } 148 } 149 if (!intfc || intfc->num_altsetting >= nalts[i]) 150 goto skip_to_next_interface_descriptor; 151 152 /* Check for duplicate altsetting entries */ 153 asnum = d->bAlternateSetting; 154 for ((i = 0, alt = &intfc->altsetting[0]); 155 i < intfc->num_altsetting; 156 (++i, ++alt)) { 157 if (alt->desc.bAlternateSetting == asnum) { 158 dev_warn(ddev, "Duplicate descriptor for config %d " 159 "interface %d altsetting %d, skipping\n", 160 cfgno, inum, asnum); 161 goto skip_to_next_interface_descriptor; 162 } 163 } 164 165 ++intfc->num_altsetting; 166 memcpy(&alt->desc, d, USB_DT_INTERFACE_SIZE); 167 168 /* Skip over any Class Specific or Vendor Specific descriptors; 169 * find the first endpoint or interface descriptor */ 170 alt->extra = buffer; 171 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 172 USB_DT_INTERFACE, &n); 173 alt->extralen = i; 174 if (n > 0) 175 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 176 n, plural(n), "interface"); 177 buffer += i; 178 size -= i; 179 180 /* Allocate space for the right(?) number of endpoints */ 181 num_ep = num_ep_orig = alt->desc.bNumEndpoints; 182 alt->desc.bNumEndpoints = 0; // Use as a counter 183 if (num_ep > USB_MAXENDPOINTS) { 184 dev_warn(ddev, "too many endpoints for config %d interface %d " 185 "altsetting %d: %d, using maximum allowed: %d\n", 186 cfgno, inum, asnum, num_ep, USB_MAXENDPOINTS); 187 num_ep = USB_MAXENDPOINTS; 188 } 189 190 len = sizeof(struct usb_host_endpoint) * num_ep; 191 alt->endpoint = kmalloc(len, GFP_KERNEL); 192 if (!alt->endpoint) 193 return -ENOMEM; 194 memset(alt->endpoint, 0, len); 195 196 /* Parse all the endpoint descriptors */ 197 n = 0; 198 while (size > 0) { 199 if (((struct usb_descriptor_header *) buffer)->bDescriptorType 200 == USB_DT_INTERFACE) 201 break; 202 retval = usb_parse_endpoint(ddev, cfgno, inum, asnum, alt, 203 num_ep, buffer, size); 204 if (retval < 0) 205 return retval; 206 ++n; 207 208 buffer += retval; 209 size -= retval; 210 } 211 212 if (n != num_ep_orig) 213 dev_warn(ddev, "config %d interface %d altsetting %d has %d " 214 "endpoint descriptor%s, different from the interface " 215 "descriptor's value: %d\n", 216 cfgno, inum, asnum, n, plural(n), num_ep_orig); 217 return buffer - buffer0; 218 219 skip_to_next_interface_descriptor: 220 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE, 221 USB_DT_INTERFACE, NULL); 222 return buffer - buffer0 + i; 223 } 224 225 static int usb_parse_configuration(struct device *ddev, int cfgidx, 226 struct usb_host_config *config, unsigned char *buffer, int size) 227 { 228 unsigned char *buffer0 = buffer; 229 int cfgno; 230 int nintf, nintf_orig; 231 int i, j, n; 232 struct usb_interface_cache *intfc; 233 unsigned char *buffer2; 234 int size2; 235 struct usb_descriptor_header *header; 236 int len, retval; 237 u8 inums[USB_MAXINTERFACES], nalts[USB_MAXINTERFACES]; 238 239 memcpy(&config->desc, buffer, USB_DT_CONFIG_SIZE); 240 if (config->desc.bDescriptorType != USB_DT_CONFIG || 241 config->desc.bLength < USB_DT_CONFIG_SIZE) { 242 dev_err(ddev, "invalid descriptor for config index %d: " 243 "type = 0x%X, length = %d\n", cfgidx, 244 config->desc.bDescriptorType, config->desc.bLength); 245 return -EINVAL; 246 } 247 cfgno = config->desc.bConfigurationValue; 248 249 buffer += config->desc.bLength; 250 size -= config->desc.bLength; 251 252 nintf = nintf_orig = config->desc.bNumInterfaces; 253 if (nintf > USB_MAXINTERFACES) { 254 dev_warn(ddev, "config %d has too many interfaces: %d, " 255 "using maximum allowed: %d\n", 256 cfgno, nintf, USB_MAXINTERFACES); 257 nintf = USB_MAXINTERFACES; 258 } 259 260 /* Go through the descriptors, checking their length and counting the 261 * number of altsettings for each interface */ 262 n = 0; 263 for ((buffer2 = buffer, size2 = size); 264 size2 > 0; 265 (buffer2 += header->bLength, size2 -= header->bLength)) { 266 267 if (size2 < sizeof(struct usb_descriptor_header)) { 268 dev_warn(ddev, "config %d descriptor has %d excess " 269 "byte%s, ignoring\n", 270 cfgno, size2, plural(size2)); 271 break; 272 } 273 274 header = (struct usb_descriptor_header *) buffer2; 275 if ((header->bLength > size2) || (header->bLength < 2)) { 276 dev_warn(ddev, "config %d has an invalid descriptor " 277 "of length %d, skipping remainder of the config\n", 278 cfgno, header->bLength); 279 break; 280 } 281 282 if (header->bDescriptorType == USB_DT_INTERFACE) { 283 struct usb_interface_descriptor *d; 284 int inum; 285 286 d = (struct usb_interface_descriptor *) header; 287 if (d->bLength < USB_DT_INTERFACE_SIZE) { 288 dev_warn(ddev, "config %d has an invalid " 289 "interface descriptor of length %d, " 290 "skipping\n", cfgno, d->bLength); 291 continue; 292 } 293 294 inum = d->bInterfaceNumber; 295 if (inum >= nintf_orig) 296 dev_warn(ddev, "config %d has an invalid " 297 "interface number: %d but max is %d\n", 298 cfgno, inum, nintf_orig - 1); 299 300 /* Have we already encountered this interface? 301 * Count its altsettings */ 302 for (i = 0; i < n; ++i) { 303 if (inums[i] == inum) 304 break; 305 } 306 if (i < n) { 307 if (nalts[i] < 255) 308 ++nalts[i]; 309 } else if (n < USB_MAXINTERFACES) { 310 inums[n] = inum; 311 nalts[n] = 1; 312 ++n; 313 } 314 315 } else if (header->bDescriptorType == USB_DT_DEVICE || 316 header->bDescriptorType == USB_DT_CONFIG) 317 dev_warn(ddev, "config %d contains an unexpected " 318 "descriptor of type 0x%X, skipping\n", 319 cfgno, header->bDescriptorType); 320 321 } /* for ((buffer2 = buffer, size2 = size); ...) */ 322 size = buffer2 - buffer; 323 config->desc.wTotalLength = cpu_to_le16(buffer2 - buffer0); 324 325 if (n != nintf) 326 dev_warn(ddev, "config %d has %d interface%s, different from " 327 "the descriptor's value: %d\n", 328 cfgno, n, plural(n), nintf_orig); 329 else if (n == 0) 330 dev_warn(ddev, "config %d has no interfaces?\n", cfgno); 331 config->desc.bNumInterfaces = nintf = n; 332 333 /* Check for missing interface numbers */ 334 for (i = 0; i < nintf; ++i) { 335 for (j = 0; j < nintf; ++j) { 336 if (inums[j] == i) 337 break; 338 } 339 if (j >= nintf) 340 dev_warn(ddev, "config %d has no interface number " 341 "%d\n", cfgno, i); 342 } 343 344 /* Allocate the usb_interface_caches and altsetting arrays */ 345 for (i = 0; i < nintf; ++i) { 346 j = nalts[i]; 347 if (j > USB_MAXALTSETTING) { 348 dev_warn(ddev, "too many alternate settings for " 349 "config %d interface %d: %d, " 350 "using maximum allowed: %d\n", 351 cfgno, inums[i], j, USB_MAXALTSETTING); 352 nalts[i] = j = USB_MAXALTSETTING; 353 } 354 355 len = sizeof(*intfc) + sizeof(struct usb_host_interface) * j; 356 config->intf_cache[i] = intfc = kmalloc(len, GFP_KERNEL); 357 if (!intfc) 358 return -ENOMEM; 359 memset(intfc, 0, len); 360 kref_init(&intfc->ref); 361 } 362 363 /* Skip over any Class Specific or Vendor Specific descriptors; 364 * find the first interface descriptor */ 365 config->extra = buffer; 366 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE, 367 USB_DT_INTERFACE, &n); 368 config->extralen = i; 369 if (n > 0) 370 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 371 n, plural(n), "configuration"); 372 buffer += i; 373 size -= i; 374 375 /* Parse all the interface/altsetting descriptors */ 376 while (size > 0) { 377 retval = usb_parse_interface(ddev, cfgno, config, 378 buffer, size, inums, nalts); 379 if (retval < 0) 380 return retval; 381 382 buffer += retval; 383 size -= retval; 384 } 385 386 /* Check for missing altsettings */ 387 for (i = 0; i < nintf; ++i) { 388 intfc = config->intf_cache[i]; 389 for (j = 0; j < intfc->num_altsetting; ++j) { 390 for (n = 0; n < intfc->num_altsetting; ++n) { 391 if (intfc->altsetting[n].desc. 392 bAlternateSetting == j) 393 break; 394 } 395 if (n >= intfc->num_altsetting) 396 dev_warn(ddev, "config %d interface %d has no " 397 "altsetting %d\n", cfgno, inums[i], j); 398 } 399 } 400 401 return 0; 402 } 403 404 // hub-only!! ... and only exported for reset/reinit path. 405 // otherwise used internally on disconnect/destroy path 406 void usb_destroy_configuration(struct usb_device *dev) 407 { 408 int c, i; 409 410 if (!dev->config) 411 return; 412 413 if (dev->rawdescriptors) { 414 for (i = 0; i < dev->descriptor.bNumConfigurations; i++) 415 kfree(dev->rawdescriptors[i]); 416 417 kfree(dev->rawdescriptors); 418 dev->rawdescriptors = NULL; 419 } 420 421 for (c = 0; c < dev->descriptor.bNumConfigurations; c++) { 422 struct usb_host_config *cf = &dev->config[c]; 423 424 kfree(cf->string); 425 cf->string = NULL; 426 427 for (i = 0; i < cf->desc.bNumInterfaces; i++) { 428 if (cf->intf_cache[i]) 429 kref_put(&cf->intf_cache[i]->ref, 430 usb_release_interface_cache); 431 } 432 } 433 kfree(dev->config); 434 dev->config = NULL; 435 } 436 437 438 // hub-only!! ... and only in reset path, or usb_new_device() 439 // (used by real hubs and virtual root hubs) 440 int usb_get_configuration(struct usb_device *dev) 441 { 442 struct device *ddev = &dev->dev; 443 int ncfg = dev->descriptor.bNumConfigurations; 444 int result = -ENOMEM; 445 unsigned int cfgno, length; 446 unsigned char *buffer; 447 unsigned char *bigbuffer; 448 struct usb_config_descriptor *desc; 449 450 if (ncfg > USB_MAXCONFIG) { 451 dev_warn(ddev, "too many configurations: %d, " 452 "using maximum allowed: %d\n", ncfg, USB_MAXCONFIG); 453 dev->descriptor.bNumConfigurations = ncfg = USB_MAXCONFIG; 454 } 455 456 if (ncfg < 1) { 457 dev_err(ddev, "no configurations\n"); 458 return -EINVAL; 459 } 460 461 length = ncfg * sizeof(struct usb_host_config); 462 dev->config = kmalloc(length, GFP_KERNEL); 463 if (!dev->config) 464 goto err2; 465 memset(dev->config, 0, length); 466 467 length = ncfg * sizeof(char *); 468 dev->rawdescriptors = kmalloc(length, GFP_KERNEL); 469 if (!dev->rawdescriptors) 470 goto err2; 471 memset(dev->rawdescriptors, 0, length); 472 473 buffer = kmalloc(USB_DT_CONFIG_SIZE, GFP_KERNEL); 474 if (!buffer) 475 goto err2; 476 desc = (struct usb_config_descriptor *)buffer; 477 478 for (cfgno = 0; cfgno < ncfg; cfgno++) { 479 /* We grab just the first descriptor so we know how long 480 * the whole configuration is */ 481 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno, 482 buffer, USB_DT_CONFIG_SIZE); 483 if (result < 0) { 484 dev_err(ddev, "unable to read config index %d " 485 "descriptor/%s\n", cfgno, "start"); 486 goto err; 487 } else if (result < 4) { 488 dev_err(ddev, "config index %d descriptor too short " 489 "(expected %i, got %i)\n", cfgno, 490 USB_DT_CONFIG_SIZE, result); 491 result = -EINVAL; 492 goto err; 493 } 494 length = max((int) le16_to_cpu(desc->wTotalLength), 495 USB_DT_CONFIG_SIZE); 496 497 /* Now that we know the length, get the whole thing */ 498 bigbuffer = kmalloc(length, GFP_KERNEL); 499 if (!bigbuffer) { 500 result = -ENOMEM; 501 goto err; 502 } 503 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno, 504 bigbuffer, length); 505 if (result < 0) { 506 dev_err(ddev, "unable to read config index %d " 507 "descriptor/%s\n", cfgno, "all"); 508 kfree(bigbuffer); 509 goto err; 510 } 511 if (result < length) { 512 dev_warn(ddev, "config index %d descriptor too short " 513 "(expected %i, got %i)\n", cfgno, length, result); 514 length = result; 515 } 516 517 dev->rawdescriptors[cfgno] = bigbuffer; 518 519 result = usb_parse_configuration(&dev->dev, cfgno, 520 &dev->config[cfgno], bigbuffer, length); 521 if (result < 0) { 522 ++cfgno; 523 goto err; 524 } 525 } 526 result = 0; 527 528 err: 529 kfree(buffer); 530 dev->descriptor.bNumConfigurations = cfgno; 531 err2: 532 if (result == -ENOMEM) 533 dev_err(ddev, "out of memory\n"); 534 return result; 535 } 536