1 #include <linux/config.h> 2 #include <linux/usb.h> 3 #include <linux/module.h> 4 #include <linux/init.h> 5 #include <linux/slab.h> 6 #include <linux/device.h> 7 #include <asm/byteorder.h> 8 #include "usb.h" 9 #include "hcd.h" 10 11 #define USB_MAXALTSETTING 128 /* Hard limit */ 12 #define USB_MAXENDPOINTS 30 /* Hard limit */ 13 14 #define USB_MAXCONFIG 8 /* Arbitrary limit */ 15 16 17 static inline const char *plural(int n) 18 { 19 return (n == 1 ? "" : "s"); 20 } 21 22 static int find_next_descriptor(unsigned char *buffer, int size, 23 int dt1, int dt2, int *num_skipped) 24 { 25 struct usb_descriptor_header *h; 26 int n = 0; 27 unsigned char *buffer0 = buffer; 28 29 /* Find the next descriptor of type dt1 or dt2 */ 30 while (size > 0) { 31 h = (struct usb_descriptor_header *) buffer; 32 if (h->bDescriptorType == dt1 || h->bDescriptorType == dt2) 33 break; 34 buffer += h->bLength; 35 size -= h->bLength; 36 ++n; 37 } 38 39 /* Store the number of descriptors skipped and return the 40 * number of bytes skipped */ 41 if (num_skipped) 42 *num_skipped = n; 43 return buffer - buffer0; 44 } 45 46 static int usb_parse_endpoint(struct device *ddev, int cfgno, int inum, 47 int asnum, struct usb_host_interface *ifp, int num_ep, 48 unsigned char *buffer, int size) 49 { 50 unsigned char *buffer0 = buffer; 51 struct usb_endpoint_descriptor *d; 52 struct usb_host_endpoint *endpoint; 53 int n, i; 54 55 d = (struct usb_endpoint_descriptor *) buffer; 56 buffer += d->bLength; 57 size -= d->bLength; 58 59 if (d->bLength >= USB_DT_ENDPOINT_AUDIO_SIZE) 60 n = USB_DT_ENDPOINT_AUDIO_SIZE; 61 else if (d->bLength >= USB_DT_ENDPOINT_SIZE) 62 n = USB_DT_ENDPOINT_SIZE; 63 else { 64 dev_warn(ddev, "config %d interface %d altsetting %d has an " 65 "invalid endpoint descriptor of length %d, skipping\n", 66 cfgno, inum, asnum, d->bLength); 67 goto skip_to_next_endpoint_or_interface_descriptor; 68 } 69 70 i = d->bEndpointAddress & ~USB_ENDPOINT_DIR_MASK; 71 if (i >= 16 || i == 0) { 72 dev_warn(ddev, "config %d interface %d altsetting %d has an " 73 "invalid endpoint with address 0x%X, skipping\n", 74 cfgno, inum, asnum, d->bEndpointAddress); 75 goto skip_to_next_endpoint_or_interface_descriptor; 76 } 77 78 /* Only store as many endpoints as we have room for */ 79 if (ifp->desc.bNumEndpoints >= num_ep) 80 goto skip_to_next_endpoint_or_interface_descriptor; 81 82 endpoint = &ifp->endpoint[ifp->desc.bNumEndpoints]; 83 ++ifp->desc.bNumEndpoints; 84 85 memcpy(&endpoint->desc, d, n); 86 INIT_LIST_HEAD(&endpoint->urb_list); 87 88 /* Skip over any Class Specific or Vendor Specific descriptors; 89 * find the next endpoint or interface descriptor */ 90 endpoint->extra = buffer; 91 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 92 USB_DT_INTERFACE, &n); 93 endpoint->extralen = i; 94 if (n > 0) 95 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 96 n, plural(n), "endpoint"); 97 return buffer - buffer0 + i; 98 99 skip_to_next_endpoint_or_interface_descriptor: 100 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 101 USB_DT_INTERFACE, NULL); 102 return buffer - buffer0 + i; 103 } 104 105 void usb_release_interface_cache(struct kref *ref) 106 { 107 struct usb_interface_cache *intfc = ref_to_usb_interface_cache(ref); 108 int j; 109 110 for (j = 0; j < intfc->num_altsetting; j++) { 111 struct usb_host_interface *alt = &intfc->altsetting[j]; 112 113 kfree(alt->endpoint); 114 kfree(alt->string); 115 } 116 kfree(intfc); 117 } 118 119 static int usb_parse_interface(struct device *ddev, int cfgno, 120 struct usb_host_config *config, unsigned char *buffer, int size, 121 u8 inums[], u8 nalts[]) 122 { 123 unsigned char *buffer0 = buffer; 124 struct usb_interface_descriptor *d; 125 int inum, asnum; 126 struct usb_interface_cache *intfc; 127 struct usb_host_interface *alt; 128 int i, n; 129 int len, retval; 130 int num_ep, num_ep_orig; 131 132 d = (struct usb_interface_descriptor *) buffer; 133 buffer += d->bLength; 134 size -= d->bLength; 135 136 if (d->bLength < USB_DT_INTERFACE_SIZE) 137 goto skip_to_next_interface_descriptor; 138 139 /* Which interface entry is this? */ 140 intfc = NULL; 141 inum = d->bInterfaceNumber; 142 for (i = 0; i < config->desc.bNumInterfaces; ++i) { 143 if (inums[i] == inum) { 144 intfc = config->intf_cache[i]; 145 break; 146 } 147 } 148 if (!intfc || intfc->num_altsetting >= nalts[i]) 149 goto skip_to_next_interface_descriptor; 150 151 /* Check for duplicate altsetting entries */ 152 asnum = d->bAlternateSetting; 153 for ((i = 0, alt = &intfc->altsetting[0]); 154 i < intfc->num_altsetting; 155 (++i, ++alt)) { 156 if (alt->desc.bAlternateSetting == asnum) { 157 dev_warn(ddev, "Duplicate descriptor for config %d " 158 "interface %d altsetting %d, skipping\n", 159 cfgno, inum, asnum); 160 goto skip_to_next_interface_descriptor; 161 } 162 } 163 164 ++intfc->num_altsetting; 165 memcpy(&alt->desc, d, USB_DT_INTERFACE_SIZE); 166 167 /* Skip over any Class Specific or Vendor Specific descriptors; 168 * find the first endpoint or interface descriptor */ 169 alt->extra = buffer; 170 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 171 USB_DT_INTERFACE, &n); 172 alt->extralen = i; 173 if (n > 0) 174 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 175 n, plural(n), "interface"); 176 buffer += i; 177 size -= i; 178 179 /* Allocate space for the right(?) number of endpoints */ 180 num_ep = num_ep_orig = alt->desc.bNumEndpoints; 181 alt->desc.bNumEndpoints = 0; // Use as a counter 182 if (num_ep > USB_MAXENDPOINTS) { 183 dev_warn(ddev, "too many endpoints for config %d interface %d " 184 "altsetting %d: %d, using maximum allowed: %d\n", 185 cfgno, inum, asnum, num_ep, USB_MAXENDPOINTS); 186 num_ep = USB_MAXENDPOINTS; 187 } 188 189 len = sizeof(struct usb_host_endpoint) * num_ep; 190 alt->endpoint = kzalloc(len, GFP_KERNEL); 191 if (!alt->endpoint) 192 return -ENOMEM; 193 194 /* Parse all the endpoint descriptors */ 195 n = 0; 196 while (size > 0) { 197 if (((struct usb_descriptor_header *) buffer)->bDescriptorType 198 == USB_DT_INTERFACE) 199 break; 200 retval = usb_parse_endpoint(ddev, cfgno, inum, asnum, alt, 201 num_ep, buffer, size); 202 if (retval < 0) 203 return retval; 204 ++n; 205 206 buffer += retval; 207 size -= retval; 208 } 209 210 if (n != num_ep_orig) 211 dev_warn(ddev, "config %d interface %d altsetting %d has %d " 212 "endpoint descriptor%s, different from the interface " 213 "descriptor's value: %d\n", 214 cfgno, inum, asnum, n, plural(n), num_ep_orig); 215 return buffer - buffer0; 216 217 skip_to_next_interface_descriptor: 218 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE, 219 USB_DT_INTERFACE, NULL); 220 return buffer - buffer0 + i; 221 } 222 223 static int usb_parse_configuration(struct device *ddev, int cfgidx, 224 struct usb_host_config *config, unsigned char *buffer, int size) 225 { 226 unsigned char *buffer0 = buffer; 227 int cfgno; 228 int nintf, nintf_orig; 229 int i, j, n; 230 struct usb_interface_cache *intfc; 231 unsigned char *buffer2; 232 int size2; 233 struct usb_descriptor_header *header; 234 int len, retval; 235 u8 inums[USB_MAXINTERFACES], nalts[USB_MAXINTERFACES]; 236 237 memcpy(&config->desc, buffer, USB_DT_CONFIG_SIZE); 238 if (config->desc.bDescriptorType != USB_DT_CONFIG || 239 config->desc.bLength < USB_DT_CONFIG_SIZE) { 240 dev_err(ddev, "invalid descriptor for config index %d: " 241 "type = 0x%X, length = %d\n", cfgidx, 242 config->desc.bDescriptorType, config->desc.bLength); 243 return -EINVAL; 244 } 245 cfgno = config->desc.bConfigurationValue; 246 247 buffer += config->desc.bLength; 248 size -= config->desc.bLength; 249 250 nintf = nintf_orig = config->desc.bNumInterfaces; 251 if (nintf > USB_MAXINTERFACES) { 252 dev_warn(ddev, "config %d has too many interfaces: %d, " 253 "using maximum allowed: %d\n", 254 cfgno, nintf, USB_MAXINTERFACES); 255 nintf = USB_MAXINTERFACES; 256 } 257 258 /* Go through the descriptors, checking their length and counting the 259 * number of altsettings for each interface */ 260 n = 0; 261 for ((buffer2 = buffer, size2 = size); 262 size2 > 0; 263 (buffer2 += header->bLength, size2 -= header->bLength)) { 264 265 if (size2 < sizeof(struct usb_descriptor_header)) { 266 dev_warn(ddev, "config %d descriptor has %d excess " 267 "byte%s, ignoring\n", 268 cfgno, size2, plural(size2)); 269 break; 270 } 271 272 header = (struct usb_descriptor_header *) buffer2; 273 if ((header->bLength > size2) || (header->bLength < 2)) { 274 dev_warn(ddev, "config %d has an invalid descriptor " 275 "of length %d, skipping remainder of the config\n", 276 cfgno, header->bLength); 277 break; 278 } 279 280 if (header->bDescriptorType == USB_DT_INTERFACE) { 281 struct usb_interface_descriptor *d; 282 int inum; 283 284 d = (struct usb_interface_descriptor *) header; 285 if (d->bLength < USB_DT_INTERFACE_SIZE) { 286 dev_warn(ddev, "config %d has an invalid " 287 "interface descriptor of length %d, " 288 "skipping\n", cfgno, d->bLength); 289 continue; 290 } 291 292 inum = d->bInterfaceNumber; 293 if (inum >= nintf_orig) 294 dev_warn(ddev, "config %d has an invalid " 295 "interface number: %d but max is %d\n", 296 cfgno, inum, nintf_orig - 1); 297 298 /* Have we already encountered this interface? 299 * Count its altsettings */ 300 for (i = 0; i < n; ++i) { 301 if (inums[i] == inum) 302 break; 303 } 304 if (i < n) { 305 if (nalts[i] < 255) 306 ++nalts[i]; 307 } else if (n < USB_MAXINTERFACES) { 308 inums[n] = inum; 309 nalts[n] = 1; 310 ++n; 311 } 312 313 } else if (header->bDescriptorType == USB_DT_DEVICE || 314 header->bDescriptorType == USB_DT_CONFIG) 315 dev_warn(ddev, "config %d contains an unexpected " 316 "descriptor of type 0x%X, skipping\n", 317 cfgno, header->bDescriptorType); 318 319 } /* for ((buffer2 = buffer, size2 = size); ...) */ 320 size = buffer2 - buffer; 321 config->desc.wTotalLength = cpu_to_le16(buffer2 - buffer0); 322 323 if (n != nintf) 324 dev_warn(ddev, "config %d has %d interface%s, different from " 325 "the descriptor's value: %d\n", 326 cfgno, n, plural(n), nintf_orig); 327 else if (n == 0) 328 dev_warn(ddev, "config %d has no interfaces?\n", cfgno); 329 config->desc.bNumInterfaces = nintf = n; 330 331 /* Check for missing interface numbers */ 332 for (i = 0; i < nintf; ++i) { 333 for (j = 0; j < nintf; ++j) { 334 if (inums[j] == i) 335 break; 336 } 337 if (j >= nintf) 338 dev_warn(ddev, "config %d has no interface number " 339 "%d\n", cfgno, i); 340 } 341 342 /* Allocate the usb_interface_caches and altsetting arrays */ 343 for (i = 0; i < nintf; ++i) { 344 j = nalts[i]; 345 if (j > USB_MAXALTSETTING) { 346 dev_warn(ddev, "too many alternate settings for " 347 "config %d interface %d: %d, " 348 "using maximum allowed: %d\n", 349 cfgno, inums[i], j, USB_MAXALTSETTING); 350 nalts[i] = j = USB_MAXALTSETTING; 351 } 352 353 len = sizeof(*intfc) + sizeof(struct usb_host_interface) * j; 354 config->intf_cache[i] = intfc = kzalloc(len, GFP_KERNEL); 355 if (!intfc) 356 return -ENOMEM; 357 kref_init(&intfc->ref); 358 } 359 360 /* Skip over any Class Specific or Vendor Specific descriptors; 361 * find the first interface descriptor */ 362 config->extra = buffer; 363 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE, 364 USB_DT_INTERFACE, &n); 365 config->extralen = i; 366 if (n > 0) 367 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 368 n, plural(n), "configuration"); 369 buffer += i; 370 size -= i; 371 372 /* Parse all the interface/altsetting descriptors */ 373 while (size > 0) { 374 retval = usb_parse_interface(ddev, cfgno, config, 375 buffer, size, inums, nalts); 376 if (retval < 0) 377 return retval; 378 379 buffer += retval; 380 size -= retval; 381 } 382 383 /* Check for missing altsettings */ 384 for (i = 0; i < nintf; ++i) { 385 intfc = config->intf_cache[i]; 386 for (j = 0; j < intfc->num_altsetting; ++j) { 387 for (n = 0; n < intfc->num_altsetting; ++n) { 388 if (intfc->altsetting[n].desc. 389 bAlternateSetting == j) 390 break; 391 } 392 if (n >= intfc->num_altsetting) 393 dev_warn(ddev, "config %d interface %d has no " 394 "altsetting %d\n", cfgno, inums[i], j); 395 } 396 } 397 398 return 0; 399 } 400 401 // hub-only!! ... and only exported for reset/reinit path. 402 // otherwise used internally on disconnect/destroy path 403 void usb_destroy_configuration(struct usb_device *dev) 404 { 405 int c, i; 406 407 if (!dev->config) 408 return; 409 410 if (dev->rawdescriptors) { 411 for (i = 0; i < dev->descriptor.bNumConfigurations; i++) 412 kfree(dev->rawdescriptors[i]); 413 414 kfree(dev->rawdescriptors); 415 dev->rawdescriptors = NULL; 416 } 417 418 for (c = 0; c < dev->descriptor.bNumConfigurations; c++) { 419 struct usb_host_config *cf = &dev->config[c]; 420 421 kfree(cf->string); 422 for (i = 0; i < cf->desc.bNumInterfaces; i++) { 423 if (cf->intf_cache[i]) 424 kref_put(&cf->intf_cache[i]->ref, 425 usb_release_interface_cache); 426 } 427 } 428 kfree(dev->config); 429 dev->config = NULL; 430 } 431 432 433 // hub-only!! ... and only in reset path, or usb_new_device() 434 // (used by real hubs and virtual root hubs) 435 int usb_get_configuration(struct usb_device *dev) 436 { 437 struct device *ddev = &dev->dev; 438 int ncfg = dev->descriptor.bNumConfigurations; 439 int result = -ENOMEM; 440 unsigned int cfgno, length; 441 unsigned char *buffer; 442 unsigned char *bigbuffer; 443 struct usb_config_descriptor *desc; 444 445 if (ncfg > USB_MAXCONFIG) { 446 dev_warn(ddev, "too many configurations: %d, " 447 "using maximum allowed: %d\n", ncfg, USB_MAXCONFIG); 448 dev->descriptor.bNumConfigurations = ncfg = USB_MAXCONFIG; 449 } 450 451 if (ncfg < 1) { 452 dev_err(ddev, "no configurations\n"); 453 return -EINVAL; 454 } 455 456 length = ncfg * sizeof(struct usb_host_config); 457 dev->config = kzalloc(length, GFP_KERNEL); 458 if (!dev->config) 459 goto err2; 460 461 length = ncfg * sizeof(char *); 462 dev->rawdescriptors = kzalloc(length, GFP_KERNEL); 463 if (!dev->rawdescriptors) 464 goto err2; 465 466 buffer = kmalloc(USB_DT_CONFIG_SIZE, GFP_KERNEL); 467 if (!buffer) 468 goto err2; 469 desc = (struct usb_config_descriptor *)buffer; 470 471 for (cfgno = 0; cfgno < ncfg; cfgno++) { 472 /* We grab just the first descriptor so we know how long 473 * the whole configuration is */ 474 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno, 475 buffer, USB_DT_CONFIG_SIZE); 476 if (result < 0) { 477 dev_err(ddev, "unable to read config index %d " 478 "descriptor/%s\n", cfgno, "start"); 479 goto err; 480 } else if (result < 4) { 481 dev_err(ddev, "config index %d descriptor too short " 482 "(expected %i, got %i)\n", cfgno, 483 USB_DT_CONFIG_SIZE, result); 484 result = -EINVAL; 485 goto err; 486 } 487 length = max((int) le16_to_cpu(desc->wTotalLength), 488 USB_DT_CONFIG_SIZE); 489 490 /* Now that we know the length, get the whole thing */ 491 bigbuffer = kmalloc(length, GFP_KERNEL); 492 if (!bigbuffer) { 493 result = -ENOMEM; 494 goto err; 495 } 496 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno, 497 bigbuffer, length); 498 if (result < 0) { 499 dev_err(ddev, "unable to read config index %d " 500 "descriptor/%s\n", cfgno, "all"); 501 kfree(bigbuffer); 502 goto err; 503 } 504 if (result < length) { 505 dev_warn(ddev, "config index %d descriptor too short " 506 "(expected %i, got %i)\n", cfgno, length, result); 507 length = result; 508 } 509 510 dev->rawdescriptors[cfgno] = bigbuffer; 511 512 result = usb_parse_configuration(&dev->dev, cfgno, 513 &dev->config[cfgno], bigbuffer, length); 514 if (result < 0) { 515 ++cfgno; 516 goto err; 517 } 518 } 519 result = 0; 520 521 err: 522 kfree(buffer); 523 dev->descriptor.bNumConfigurations = cfgno; 524 err2: 525 if (result == -ENOMEM) 526 dev_err(ddev, "out of memory\n"); 527 return result; 528 } 529