1 #include <linux/config.h> 2 3 #ifdef CONFIG_USB_DEBUG 4 #define DEBUG 5 #endif 6 7 #include <linux/usb.h> 8 #include <linux/module.h> 9 #include <linux/init.h> 10 #include <linux/slab.h> 11 #include <linux/device.h> 12 #include <asm/byteorder.h> 13 #include "usb.h" 14 #include "hcd.h" 15 16 #define USB_MAXALTSETTING 128 /* Hard limit */ 17 #define USB_MAXENDPOINTS 30 /* Hard limit */ 18 19 #define USB_MAXCONFIG 8 /* Arbitrary limit */ 20 21 22 static inline const char *plural(int n) 23 { 24 return (n == 1 ? "" : "s"); 25 } 26 27 static int find_next_descriptor(unsigned char *buffer, int size, 28 int dt1, int dt2, int *num_skipped) 29 { 30 struct usb_descriptor_header *h; 31 int n = 0; 32 unsigned char *buffer0 = buffer; 33 34 /* Find the next descriptor of type dt1 or dt2 */ 35 while (size > 0) { 36 h = (struct usb_descriptor_header *) buffer; 37 if (h->bDescriptorType == dt1 || h->bDescriptorType == dt2) 38 break; 39 buffer += h->bLength; 40 size -= h->bLength; 41 ++n; 42 } 43 44 /* Store the number of descriptors skipped and return the 45 * number of bytes skipped */ 46 if (num_skipped) 47 *num_skipped = n; 48 return buffer - buffer0; 49 } 50 51 static int usb_parse_endpoint(struct device *ddev, int cfgno, int inum, 52 int asnum, struct usb_host_interface *ifp, int num_ep, 53 unsigned char *buffer, int size) 54 { 55 unsigned char *buffer0 = buffer; 56 struct usb_endpoint_descriptor *d; 57 struct usb_host_endpoint *endpoint; 58 int n, i; 59 60 d = (struct usb_endpoint_descriptor *) buffer; 61 buffer += d->bLength; 62 size -= d->bLength; 63 64 if (d->bLength >= USB_DT_ENDPOINT_AUDIO_SIZE) 65 n = USB_DT_ENDPOINT_AUDIO_SIZE; 66 else if (d->bLength >= USB_DT_ENDPOINT_SIZE) 67 n = USB_DT_ENDPOINT_SIZE; 68 else { 69 dev_warn(ddev, "config %d interface %d altsetting %d has an " 70 "invalid endpoint descriptor of length %d, skipping\n", 71 cfgno, inum, asnum, d->bLength); 72 goto skip_to_next_endpoint_or_interface_descriptor; 73 } 74 75 i = d->bEndpointAddress & ~USB_ENDPOINT_DIR_MASK; 76 if (i >= 16 || i == 0) { 77 dev_warn(ddev, "config %d interface %d altsetting %d has an " 78 "invalid endpoint with address 0x%X, skipping\n", 79 cfgno, inum, asnum, d->bEndpointAddress); 80 goto skip_to_next_endpoint_or_interface_descriptor; 81 } 82 83 /* Only store as many endpoints as we have room for */ 84 if (ifp->desc.bNumEndpoints >= num_ep) 85 goto skip_to_next_endpoint_or_interface_descriptor; 86 87 endpoint = &ifp->endpoint[ifp->desc.bNumEndpoints]; 88 ++ifp->desc.bNumEndpoints; 89 90 memcpy(&endpoint->desc, d, n); 91 INIT_LIST_HEAD(&endpoint->urb_list); 92 93 /* Skip over any Class Specific or Vendor Specific descriptors; 94 * find the next endpoint or interface descriptor */ 95 endpoint->extra = buffer; 96 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 97 USB_DT_INTERFACE, &n); 98 endpoint->extralen = i; 99 if (n > 0) 100 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 101 n, plural(n), "endpoint"); 102 return buffer - buffer0 + i; 103 104 skip_to_next_endpoint_or_interface_descriptor: 105 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 106 USB_DT_INTERFACE, NULL); 107 return buffer - buffer0 + i; 108 } 109 110 void usb_release_interface_cache(struct kref *ref) 111 { 112 struct usb_interface_cache *intfc = ref_to_usb_interface_cache(ref); 113 int j; 114 115 for (j = 0; j < intfc->num_altsetting; j++) { 116 struct usb_host_interface *alt = &intfc->altsetting[j]; 117 118 kfree(alt->endpoint); 119 kfree(alt->string); 120 } 121 kfree(intfc); 122 } 123 124 static int usb_parse_interface(struct device *ddev, int cfgno, 125 struct usb_host_config *config, unsigned char *buffer, int size, 126 u8 inums[], u8 nalts[]) 127 { 128 unsigned char *buffer0 = buffer; 129 struct usb_interface_descriptor *d; 130 int inum, asnum; 131 struct usb_interface_cache *intfc; 132 struct usb_host_interface *alt; 133 int i, n; 134 int len, retval; 135 int num_ep, num_ep_orig; 136 137 d = (struct usb_interface_descriptor *) buffer; 138 buffer += d->bLength; 139 size -= d->bLength; 140 141 if (d->bLength < USB_DT_INTERFACE_SIZE) 142 goto skip_to_next_interface_descriptor; 143 144 /* Which interface entry is this? */ 145 intfc = NULL; 146 inum = d->bInterfaceNumber; 147 for (i = 0; i < config->desc.bNumInterfaces; ++i) { 148 if (inums[i] == inum) { 149 intfc = config->intf_cache[i]; 150 break; 151 } 152 } 153 if (!intfc || intfc->num_altsetting >= nalts[i]) 154 goto skip_to_next_interface_descriptor; 155 156 /* Check for duplicate altsetting entries */ 157 asnum = d->bAlternateSetting; 158 for ((i = 0, alt = &intfc->altsetting[0]); 159 i < intfc->num_altsetting; 160 (++i, ++alt)) { 161 if (alt->desc.bAlternateSetting == asnum) { 162 dev_warn(ddev, "Duplicate descriptor for config %d " 163 "interface %d altsetting %d, skipping\n", 164 cfgno, inum, asnum); 165 goto skip_to_next_interface_descriptor; 166 } 167 } 168 169 ++intfc->num_altsetting; 170 memcpy(&alt->desc, d, USB_DT_INTERFACE_SIZE); 171 172 /* Skip over any Class Specific or Vendor Specific descriptors; 173 * find the first endpoint or interface descriptor */ 174 alt->extra = buffer; 175 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 176 USB_DT_INTERFACE, &n); 177 alt->extralen = i; 178 if (n > 0) 179 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 180 n, plural(n), "interface"); 181 buffer += i; 182 size -= i; 183 184 /* Allocate space for the right(?) number of endpoints */ 185 num_ep = num_ep_orig = alt->desc.bNumEndpoints; 186 alt->desc.bNumEndpoints = 0; // Use as a counter 187 if (num_ep > USB_MAXENDPOINTS) { 188 dev_warn(ddev, "too many endpoints for config %d interface %d " 189 "altsetting %d: %d, using maximum allowed: %d\n", 190 cfgno, inum, asnum, num_ep, USB_MAXENDPOINTS); 191 num_ep = USB_MAXENDPOINTS; 192 } 193 194 len = sizeof(struct usb_host_endpoint) * num_ep; 195 alt->endpoint = kzalloc(len, GFP_KERNEL); 196 if (!alt->endpoint) 197 return -ENOMEM; 198 199 /* Parse all the endpoint descriptors */ 200 n = 0; 201 while (size > 0) { 202 if (((struct usb_descriptor_header *) buffer)->bDescriptorType 203 == USB_DT_INTERFACE) 204 break; 205 retval = usb_parse_endpoint(ddev, cfgno, inum, asnum, alt, 206 num_ep, buffer, size); 207 if (retval < 0) 208 return retval; 209 ++n; 210 211 buffer += retval; 212 size -= retval; 213 } 214 215 if (n != num_ep_orig) 216 dev_warn(ddev, "config %d interface %d altsetting %d has %d " 217 "endpoint descriptor%s, different from the interface " 218 "descriptor's value: %d\n", 219 cfgno, inum, asnum, n, plural(n), num_ep_orig); 220 return buffer - buffer0; 221 222 skip_to_next_interface_descriptor: 223 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE, 224 USB_DT_INTERFACE, NULL); 225 return buffer - buffer0 + i; 226 } 227 228 static int usb_parse_configuration(struct device *ddev, int cfgidx, 229 struct usb_host_config *config, unsigned char *buffer, int size) 230 { 231 unsigned char *buffer0 = buffer; 232 int cfgno; 233 int nintf, nintf_orig; 234 int i, j, n; 235 struct usb_interface_cache *intfc; 236 unsigned char *buffer2; 237 int size2; 238 struct usb_descriptor_header *header; 239 int len, retval; 240 u8 inums[USB_MAXINTERFACES], nalts[USB_MAXINTERFACES]; 241 242 memcpy(&config->desc, buffer, USB_DT_CONFIG_SIZE); 243 if (config->desc.bDescriptorType != USB_DT_CONFIG || 244 config->desc.bLength < USB_DT_CONFIG_SIZE) { 245 dev_err(ddev, "invalid descriptor for config index %d: " 246 "type = 0x%X, length = %d\n", cfgidx, 247 config->desc.bDescriptorType, config->desc.bLength); 248 return -EINVAL; 249 } 250 cfgno = config->desc.bConfigurationValue; 251 252 buffer += config->desc.bLength; 253 size -= config->desc.bLength; 254 255 nintf = nintf_orig = config->desc.bNumInterfaces; 256 if (nintf > USB_MAXINTERFACES) { 257 dev_warn(ddev, "config %d has too many interfaces: %d, " 258 "using maximum allowed: %d\n", 259 cfgno, nintf, USB_MAXINTERFACES); 260 nintf = USB_MAXINTERFACES; 261 } 262 263 /* Go through the descriptors, checking their length and counting the 264 * number of altsettings for each interface */ 265 n = 0; 266 for ((buffer2 = buffer, size2 = size); 267 size2 > 0; 268 (buffer2 += header->bLength, size2 -= header->bLength)) { 269 270 if (size2 < sizeof(struct usb_descriptor_header)) { 271 dev_warn(ddev, "config %d descriptor has %d excess " 272 "byte%s, ignoring\n", 273 cfgno, size2, plural(size2)); 274 break; 275 } 276 277 header = (struct usb_descriptor_header *) buffer2; 278 if ((header->bLength > size2) || (header->bLength < 2)) { 279 dev_warn(ddev, "config %d has an invalid descriptor " 280 "of length %d, skipping remainder of the config\n", 281 cfgno, header->bLength); 282 break; 283 } 284 285 if (header->bDescriptorType == USB_DT_INTERFACE) { 286 struct usb_interface_descriptor *d; 287 int inum; 288 289 d = (struct usb_interface_descriptor *) header; 290 if (d->bLength < USB_DT_INTERFACE_SIZE) { 291 dev_warn(ddev, "config %d has an invalid " 292 "interface descriptor of length %d, " 293 "skipping\n", cfgno, d->bLength); 294 continue; 295 } 296 297 inum = d->bInterfaceNumber; 298 if (inum >= nintf_orig) 299 dev_warn(ddev, "config %d has an invalid " 300 "interface number: %d but max is %d\n", 301 cfgno, inum, nintf_orig - 1); 302 303 /* Have we already encountered this interface? 304 * Count its altsettings */ 305 for (i = 0; i < n; ++i) { 306 if (inums[i] == inum) 307 break; 308 } 309 if (i < n) { 310 if (nalts[i] < 255) 311 ++nalts[i]; 312 } else if (n < USB_MAXINTERFACES) { 313 inums[n] = inum; 314 nalts[n] = 1; 315 ++n; 316 } 317 318 } else if (header->bDescriptorType == USB_DT_DEVICE || 319 header->bDescriptorType == USB_DT_CONFIG) 320 dev_warn(ddev, "config %d contains an unexpected " 321 "descriptor of type 0x%X, skipping\n", 322 cfgno, header->bDescriptorType); 323 324 } /* for ((buffer2 = buffer, size2 = size); ...) */ 325 size = buffer2 - buffer; 326 config->desc.wTotalLength = cpu_to_le16(buffer2 - buffer0); 327 328 if (n != nintf) 329 dev_warn(ddev, "config %d has %d interface%s, different from " 330 "the descriptor's value: %d\n", 331 cfgno, n, plural(n), nintf_orig); 332 else if (n == 0) 333 dev_warn(ddev, "config %d has no interfaces?\n", cfgno); 334 config->desc.bNumInterfaces = nintf = n; 335 336 /* Check for missing interface numbers */ 337 for (i = 0; i < nintf; ++i) { 338 for (j = 0; j < nintf; ++j) { 339 if (inums[j] == i) 340 break; 341 } 342 if (j >= nintf) 343 dev_warn(ddev, "config %d has no interface number " 344 "%d\n", cfgno, i); 345 } 346 347 /* Allocate the usb_interface_caches and altsetting arrays */ 348 for (i = 0; i < nintf; ++i) { 349 j = nalts[i]; 350 if (j > USB_MAXALTSETTING) { 351 dev_warn(ddev, "too many alternate settings for " 352 "config %d interface %d: %d, " 353 "using maximum allowed: %d\n", 354 cfgno, inums[i], j, USB_MAXALTSETTING); 355 nalts[i] = j = USB_MAXALTSETTING; 356 } 357 358 len = sizeof(*intfc) + sizeof(struct usb_host_interface) * j; 359 config->intf_cache[i] = intfc = kzalloc(len, GFP_KERNEL); 360 if (!intfc) 361 return -ENOMEM; 362 kref_init(&intfc->ref); 363 } 364 365 /* Skip over any Class Specific or Vendor Specific descriptors; 366 * find the first interface descriptor */ 367 config->extra = buffer; 368 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE, 369 USB_DT_INTERFACE, &n); 370 config->extralen = i; 371 if (n > 0) 372 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 373 n, plural(n), "configuration"); 374 buffer += i; 375 size -= i; 376 377 /* Parse all the interface/altsetting descriptors */ 378 while (size > 0) { 379 retval = usb_parse_interface(ddev, cfgno, config, 380 buffer, size, inums, nalts); 381 if (retval < 0) 382 return retval; 383 384 buffer += retval; 385 size -= retval; 386 } 387 388 /* Check for missing altsettings */ 389 for (i = 0; i < nintf; ++i) { 390 intfc = config->intf_cache[i]; 391 for (j = 0; j < intfc->num_altsetting; ++j) { 392 for (n = 0; n < intfc->num_altsetting; ++n) { 393 if (intfc->altsetting[n].desc. 394 bAlternateSetting == j) 395 break; 396 } 397 if (n >= intfc->num_altsetting) 398 dev_warn(ddev, "config %d interface %d has no " 399 "altsetting %d\n", cfgno, inums[i], j); 400 } 401 } 402 403 return 0; 404 } 405 406 // hub-only!! ... and only exported for reset/reinit path. 407 // otherwise used internally on disconnect/destroy path 408 void usb_destroy_configuration(struct usb_device *dev) 409 { 410 int c, i; 411 412 if (!dev->config) 413 return; 414 415 if (dev->rawdescriptors) { 416 for (i = 0; i < dev->descriptor.bNumConfigurations; i++) 417 kfree(dev->rawdescriptors[i]); 418 419 kfree(dev->rawdescriptors); 420 dev->rawdescriptors = NULL; 421 } 422 423 for (c = 0; c < dev->descriptor.bNumConfigurations; c++) { 424 struct usb_host_config *cf = &dev->config[c]; 425 426 kfree(cf->string); 427 for (i = 0; i < cf->desc.bNumInterfaces; i++) { 428 if (cf->intf_cache[i]) 429 kref_put(&cf->intf_cache[i]->ref, 430 usb_release_interface_cache); 431 } 432 } 433 kfree(dev->config); 434 dev->config = NULL; 435 } 436 437 438 // hub-only!! ... and only in reset path, or usb_new_device() 439 // (used by real hubs and virtual root hubs) 440 int usb_get_configuration(struct usb_device *dev) 441 { 442 struct device *ddev = &dev->dev; 443 int ncfg = dev->descriptor.bNumConfigurations; 444 int result = -ENOMEM; 445 unsigned int cfgno, length; 446 unsigned char *buffer; 447 unsigned char *bigbuffer; 448 struct usb_config_descriptor *desc; 449 450 if (ncfg > USB_MAXCONFIG) { 451 dev_warn(ddev, "too many configurations: %d, " 452 "using maximum allowed: %d\n", ncfg, USB_MAXCONFIG); 453 dev->descriptor.bNumConfigurations = ncfg = USB_MAXCONFIG; 454 } 455 456 if (ncfg < 1) { 457 dev_err(ddev, "no configurations\n"); 458 return -EINVAL; 459 } 460 461 length = ncfg * sizeof(struct usb_host_config); 462 dev->config = kzalloc(length, GFP_KERNEL); 463 if (!dev->config) 464 goto err2; 465 466 length = ncfg * sizeof(char *); 467 dev->rawdescriptors = kzalloc(length, GFP_KERNEL); 468 if (!dev->rawdescriptors) 469 goto err2; 470 471 buffer = kmalloc(USB_DT_CONFIG_SIZE, GFP_KERNEL); 472 if (!buffer) 473 goto err2; 474 desc = (struct usb_config_descriptor *)buffer; 475 476 for (cfgno = 0; cfgno < ncfg; cfgno++) { 477 /* We grab just the first descriptor so we know how long 478 * the whole configuration is */ 479 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno, 480 buffer, USB_DT_CONFIG_SIZE); 481 if (result < 0) { 482 dev_err(ddev, "unable to read config index %d " 483 "descriptor/%s\n", cfgno, "start"); 484 goto err; 485 } else if (result < 4) { 486 dev_err(ddev, "config index %d descriptor too short " 487 "(expected %i, got %i)\n", cfgno, 488 USB_DT_CONFIG_SIZE, result); 489 result = -EINVAL; 490 goto err; 491 } 492 length = max((int) le16_to_cpu(desc->wTotalLength), 493 USB_DT_CONFIG_SIZE); 494 495 /* Now that we know the length, get the whole thing */ 496 bigbuffer = kmalloc(length, GFP_KERNEL); 497 if (!bigbuffer) { 498 result = -ENOMEM; 499 goto err; 500 } 501 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno, 502 bigbuffer, length); 503 if (result < 0) { 504 dev_err(ddev, "unable to read config index %d " 505 "descriptor/%s\n", cfgno, "all"); 506 kfree(bigbuffer); 507 goto err; 508 } 509 if (result < length) { 510 dev_warn(ddev, "config index %d descriptor too short " 511 "(expected %i, got %i)\n", cfgno, length, result); 512 length = result; 513 } 514 515 dev->rawdescriptors[cfgno] = bigbuffer; 516 517 result = usb_parse_configuration(&dev->dev, cfgno, 518 &dev->config[cfgno], bigbuffer, length); 519 if (result < 0) { 520 ++cfgno; 521 goto err; 522 } 523 } 524 result = 0; 525 526 err: 527 kfree(buffer); 528 dev->descriptor.bNumConfigurations = cfgno; 529 err2: 530 if (result == -ENOMEM) 531 dev_err(ddev, "out of memory\n"); 532 return result; 533 } 534