xref: /linux/drivers/usb/core/config.c (revision f3d9478b2ce468c3115b02ecae7e975990697f15)
1 #include <linux/config.h>
2 #include <linux/usb.h>
3 #include <linux/module.h>
4 #include <linux/init.h>
5 #include <linux/slab.h>
6 #include <linux/device.h>
7 #include <asm/byteorder.h>
8 #include "usb.h"
9 #include "hcd.h"
10 
11 #define USB_MAXALTSETTING		128	/* Hard limit */
12 #define USB_MAXENDPOINTS		30	/* Hard limit */
13 
14 #define USB_MAXCONFIG			8	/* Arbitrary limit */
15 
16 
17 static inline const char *plural(int n)
18 {
19 	return (n == 1 ? "" : "s");
20 }
21 
22 static int find_next_descriptor(unsigned char *buffer, int size,
23     int dt1, int dt2, int *num_skipped)
24 {
25 	struct usb_descriptor_header *h;
26 	int n = 0;
27 	unsigned char *buffer0 = buffer;
28 
29 	/* Find the next descriptor of type dt1 or dt2 */
30 	while (size > 0) {
31 		h = (struct usb_descriptor_header *) buffer;
32 		if (h->bDescriptorType == dt1 || h->bDescriptorType == dt2)
33 			break;
34 		buffer += h->bLength;
35 		size -= h->bLength;
36 		++n;
37 	}
38 
39 	/* Store the number of descriptors skipped and return the
40 	 * number of bytes skipped */
41 	if (num_skipped)
42 		*num_skipped = n;
43 	return buffer - buffer0;
44 }
45 
46 static int usb_parse_endpoint(struct device *ddev, int cfgno, int inum,
47     int asnum, struct usb_host_interface *ifp, int num_ep,
48     unsigned char *buffer, int size)
49 {
50 	unsigned char *buffer0 = buffer;
51 	struct usb_endpoint_descriptor *d;
52 	struct usb_host_endpoint *endpoint;
53 	int n, i;
54 
55 	d = (struct usb_endpoint_descriptor *) buffer;
56 	buffer += d->bLength;
57 	size -= d->bLength;
58 
59 	if (d->bLength >= USB_DT_ENDPOINT_AUDIO_SIZE)
60 		n = USB_DT_ENDPOINT_AUDIO_SIZE;
61 	else if (d->bLength >= USB_DT_ENDPOINT_SIZE)
62 		n = USB_DT_ENDPOINT_SIZE;
63 	else {
64 		dev_warn(ddev, "config %d interface %d altsetting %d has an "
65 		    "invalid endpoint descriptor of length %d, skipping\n",
66 		    cfgno, inum, asnum, d->bLength);
67 		goto skip_to_next_endpoint_or_interface_descriptor;
68 	}
69 
70 	i = d->bEndpointAddress & ~USB_ENDPOINT_DIR_MASK;
71 	if (i >= 16 || i == 0) {
72 		dev_warn(ddev, "config %d interface %d altsetting %d has an "
73 		    "invalid endpoint with address 0x%X, skipping\n",
74 		    cfgno, inum, asnum, d->bEndpointAddress);
75 		goto skip_to_next_endpoint_or_interface_descriptor;
76 	}
77 
78 	/* Only store as many endpoints as we have room for */
79 	if (ifp->desc.bNumEndpoints >= num_ep)
80 		goto skip_to_next_endpoint_or_interface_descriptor;
81 
82 	endpoint = &ifp->endpoint[ifp->desc.bNumEndpoints];
83 	++ifp->desc.bNumEndpoints;
84 
85 	memcpy(&endpoint->desc, d, n);
86 	INIT_LIST_HEAD(&endpoint->urb_list);
87 
88 	/* Skip over any Class Specific or Vendor Specific descriptors;
89 	 * find the next endpoint or interface descriptor */
90 	endpoint->extra = buffer;
91 	i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
92 	    USB_DT_INTERFACE, &n);
93 	endpoint->extralen = i;
94 	if (n > 0)
95 		dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
96 		    n, plural(n), "endpoint");
97 	return buffer - buffer0 + i;
98 
99 skip_to_next_endpoint_or_interface_descriptor:
100 	i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
101 	    USB_DT_INTERFACE, NULL);
102 	return buffer - buffer0 + i;
103 }
104 
105 void usb_release_interface_cache(struct kref *ref)
106 {
107 	struct usb_interface_cache *intfc = ref_to_usb_interface_cache(ref);
108 	int j;
109 
110 	for (j = 0; j < intfc->num_altsetting; j++) {
111 		struct usb_host_interface *alt = &intfc->altsetting[j];
112 
113 		kfree(alt->endpoint);
114 		kfree(alt->string);
115 	}
116 	kfree(intfc);
117 }
118 
119 static int usb_parse_interface(struct device *ddev, int cfgno,
120     struct usb_host_config *config, unsigned char *buffer, int size,
121     u8 inums[], u8 nalts[])
122 {
123 	unsigned char *buffer0 = buffer;
124 	struct usb_interface_descriptor	*d;
125 	int inum, asnum;
126 	struct usb_interface_cache *intfc;
127 	struct usb_host_interface *alt;
128 	int i, n;
129 	int len, retval;
130 	int num_ep, num_ep_orig;
131 
132 	d = (struct usb_interface_descriptor *) buffer;
133 	buffer += d->bLength;
134 	size -= d->bLength;
135 
136 	if (d->bLength < USB_DT_INTERFACE_SIZE)
137 		goto skip_to_next_interface_descriptor;
138 
139 	/* Which interface entry is this? */
140 	intfc = NULL;
141 	inum = d->bInterfaceNumber;
142 	for (i = 0; i < config->desc.bNumInterfaces; ++i) {
143 		if (inums[i] == inum) {
144 			intfc = config->intf_cache[i];
145 			break;
146 		}
147 	}
148 	if (!intfc || intfc->num_altsetting >= nalts[i])
149 		goto skip_to_next_interface_descriptor;
150 
151 	/* Check for duplicate altsetting entries */
152 	asnum = d->bAlternateSetting;
153 	for ((i = 0, alt = &intfc->altsetting[0]);
154 	      i < intfc->num_altsetting;
155 	     (++i, ++alt)) {
156 		if (alt->desc.bAlternateSetting == asnum) {
157 			dev_warn(ddev, "Duplicate descriptor for config %d "
158 			    "interface %d altsetting %d, skipping\n",
159 			    cfgno, inum, asnum);
160 			goto skip_to_next_interface_descriptor;
161 		}
162 	}
163 
164 	++intfc->num_altsetting;
165 	memcpy(&alt->desc, d, USB_DT_INTERFACE_SIZE);
166 
167 	/* Skip over any Class Specific or Vendor Specific descriptors;
168 	 * find the first endpoint or interface descriptor */
169 	alt->extra = buffer;
170 	i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
171 	    USB_DT_INTERFACE, &n);
172 	alt->extralen = i;
173 	if (n > 0)
174 		dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
175 		    n, plural(n), "interface");
176 	buffer += i;
177 	size -= i;
178 
179 	/* Allocate space for the right(?) number of endpoints */
180 	num_ep = num_ep_orig = alt->desc.bNumEndpoints;
181 	alt->desc.bNumEndpoints = 0;		// Use as a counter
182 	if (num_ep > USB_MAXENDPOINTS) {
183 		dev_warn(ddev, "too many endpoints for config %d interface %d "
184 		    "altsetting %d: %d, using maximum allowed: %d\n",
185 		    cfgno, inum, asnum, num_ep, USB_MAXENDPOINTS);
186 		num_ep = USB_MAXENDPOINTS;
187 	}
188 
189 	len = sizeof(struct usb_host_endpoint) * num_ep;
190 	alt->endpoint = kzalloc(len, GFP_KERNEL);
191 	if (!alt->endpoint)
192 		return -ENOMEM;
193 
194 	/* Parse all the endpoint descriptors */
195 	n = 0;
196 	while (size > 0) {
197 		if (((struct usb_descriptor_header *) buffer)->bDescriptorType
198 		     == USB_DT_INTERFACE)
199 			break;
200 		retval = usb_parse_endpoint(ddev, cfgno, inum, asnum, alt,
201 		    num_ep, buffer, size);
202 		if (retval < 0)
203 			return retval;
204 		++n;
205 
206 		buffer += retval;
207 		size -= retval;
208 	}
209 
210 	if (n != num_ep_orig)
211 		dev_warn(ddev, "config %d interface %d altsetting %d has %d "
212 		    "endpoint descriptor%s, different from the interface "
213 		    "descriptor's value: %d\n",
214 		    cfgno, inum, asnum, n, plural(n), num_ep_orig);
215 	return buffer - buffer0;
216 
217 skip_to_next_interface_descriptor:
218 	i = find_next_descriptor(buffer, size, USB_DT_INTERFACE,
219 	    USB_DT_INTERFACE, NULL);
220 	return buffer - buffer0 + i;
221 }
222 
223 static int usb_parse_configuration(struct device *ddev, int cfgidx,
224     struct usb_host_config *config, unsigned char *buffer, int size)
225 {
226 	unsigned char *buffer0 = buffer;
227 	int cfgno;
228 	int nintf, nintf_orig;
229 	int i, j, n;
230 	struct usb_interface_cache *intfc;
231 	unsigned char *buffer2;
232 	int size2;
233 	struct usb_descriptor_header *header;
234 	int len, retval;
235 	u8 inums[USB_MAXINTERFACES], nalts[USB_MAXINTERFACES];
236 
237 	memcpy(&config->desc, buffer, USB_DT_CONFIG_SIZE);
238 	if (config->desc.bDescriptorType != USB_DT_CONFIG ||
239 	    config->desc.bLength < USB_DT_CONFIG_SIZE) {
240 		dev_err(ddev, "invalid descriptor for config index %d: "
241 		    "type = 0x%X, length = %d\n", cfgidx,
242 		    config->desc.bDescriptorType, config->desc.bLength);
243 		return -EINVAL;
244 	}
245 	cfgno = config->desc.bConfigurationValue;
246 
247 	buffer += config->desc.bLength;
248 	size -= config->desc.bLength;
249 
250 	nintf = nintf_orig = config->desc.bNumInterfaces;
251 	if (nintf > USB_MAXINTERFACES) {
252 		dev_warn(ddev, "config %d has too many interfaces: %d, "
253 		    "using maximum allowed: %d\n",
254 		    cfgno, nintf, USB_MAXINTERFACES);
255 		nintf = USB_MAXINTERFACES;
256 	}
257 
258 	/* Go through the descriptors, checking their length and counting the
259 	 * number of altsettings for each interface */
260 	n = 0;
261 	for ((buffer2 = buffer, size2 = size);
262 	      size2 > 0;
263 	     (buffer2 += header->bLength, size2 -= header->bLength)) {
264 
265 		if (size2 < sizeof(struct usb_descriptor_header)) {
266 			dev_warn(ddev, "config %d descriptor has %d excess "
267 			    "byte%s, ignoring\n",
268 			    cfgno, size2, plural(size2));
269 			break;
270 		}
271 
272 		header = (struct usb_descriptor_header *) buffer2;
273 		if ((header->bLength > size2) || (header->bLength < 2)) {
274 			dev_warn(ddev, "config %d has an invalid descriptor "
275 			    "of length %d, skipping remainder of the config\n",
276 			    cfgno, header->bLength);
277 			break;
278 		}
279 
280 		if (header->bDescriptorType == USB_DT_INTERFACE) {
281 			struct usb_interface_descriptor *d;
282 			int inum;
283 
284 			d = (struct usb_interface_descriptor *) header;
285 			if (d->bLength < USB_DT_INTERFACE_SIZE) {
286 				dev_warn(ddev, "config %d has an invalid "
287 				    "interface descriptor of length %d, "
288 				    "skipping\n", cfgno, d->bLength);
289 				continue;
290 			}
291 
292 			inum = d->bInterfaceNumber;
293 			if (inum >= nintf_orig)
294 				dev_warn(ddev, "config %d has an invalid "
295 				    "interface number: %d but max is %d\n",
296 				    cfgno, inum, nintf_orig - 1);
297 
298 			/* Have we already encountered this interface?
299 			 * Count its altsettings */
300 			for (i = 0; i < n; ++i) {
301 				if (inums[i] == inum)
302 					break;
303 			}
304 			if (i < n) {
305 				if (nalts[i] < 255)
306 					++nalts[i];
307 			} else if (n < USB_MAXINTERFACES) {
308 				inums[n] = inum;
309 				nalts[n] = 1;
310 				++n;
311 			}
312 
313 		} else if (header->bDescriptorType == USB_DT_DEVICE ||
314 			    header->bDescriptorType == USB_DT_CONFIG)
315 			dev_warn(ddev, "config %d contains an unexpected "
316 			    "descriptor of type 0x%X, skipping\n",
317 			    cfgno, header->bDescriptorType);
318 
319 	}	/* for ((buffer2 = buffer, size2 = size); ...) */
320 	size = buffer2 - buffer;
321 	config->desc.wTotalLength = cpu_to_le16(buffer2 - buffer0);
322 
323 	if (n != nintf)
324 		dev_warn(ddev, "config %d has %d interface%s, different from "
325 		    "the descriptor's value: %d\n",
326 		    cfgno, n, plural(n), nintf_orig);
327 	else if (n == 0)
328 		dev_warn(ddev, "config %d has no interfaces?\n", cfgno);
329 	config->desc.bNumInterfaces = nintf = n;
330 
331 	/* Check for missing interface numbers */
332 	for (i = 0; i < nintf; ++i) {
333 		for (j = 0; j < nintf; ++j) {
334 			if (inums[j] == i)
335 				break;
336 		}
337 		if (j >= nintf)
338 			dev_warn(ddev, "config %d has no interface number "
339 			    "%d\n", cfgno, i);
340 	}
341 
342 	/* Allocate the usb_interface_caches and altsetting arrays */
343 	for (i = 0; i < nintf; ++i) {
344 		j = nalts[i];
345 		if (j > USB_MAXALTSETTING) {
346 			dev_warn(ddev, "too many alternate settings for "
347 			    "config %d interface %d: %d, "
348 			    "using maximum allowed: %d\n",
349 			    cfgno, inums[i], j, USB_MAXALTSETTING);
350 			nalts[i] = j = USB_MAXALTSETTING;
351 		}
352 
353 		len = sizeof(*intfc) + sizeof(struct usb_host_interface) * j;
354 		config->intf_cache[i] = intfc = kzalloc(len, GFP_KERNEL);
355 		if (!intfc)
356 			return -ENOMEM;
357 		kref_init(&intfc->ref);
358 	}
359 
360 	/* Skip over any Class Specific or Vendor Specific descriptors;
361 	 * find the first interface descriptor */
362 	config->extra = buffer;
363 	i = find_next_descriptor(buffer, size, USB_DT_INTERFACE,
364 	    USB_DT_INTERFACE, &n);
365 	config->extralen = i;
366 	if (n > 0)
367 		dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
368 		    n, plural(n), "configuration");
369 	buffer += i;
370 	size -= i;
371 
372 	/* Parse all the interface/altsetting descriptors */
373 	while (size > 0) {
374 		retval = usb_parse_interface(ddev, cfgno, config,
375 		    buffer, size, inums, nalts);
376 		if (retval < 0)
377 			return retval;
378 
379 		buffer += retval;
380 		size -= retval;
381 	}
382 
383 	/* Check for missing altsettings */
384 	for (i = 0; i < nintf; ++i) {
385 		intfc = config->intf_cache[i];
386 		for (j = 0; j < intfc->num_altsetting; ++j) {
387 			for (n = 0; n < intfc->num_altsetting; ++n) {
388 				if (intfc->altsetting[n].desc.
389 				    bAlternateSetting == j)
390 					break;
391 			}
392 			if (n >= intfc->num_altsetting)
393 				dev_warn(ddev, "config %d interface %d has no "
394 				    "altsetting %d\n", cfgno, inums[i], j);
395 		}
396 	}
397 
398 	return 0;
399 }
400 
401 // hub-only!! ... and only exported for reset/reinit path.
402 // otherwise used internally on disconnect/destroy path
403 void usb_destroy_configuration(struct usb_device *dev)
404 {
405 	int c, i;
406 
407 	if (!dev->config)
408 		return;
409 
410 	if (dev->rawdescriptors) {
411 		for (i = 0; i < dev->descriptor.bNumConfigurations; i++)
412 			kfree(dev->rawdescriptors[i]);
413 
414 		kfree(dev->rawdescriptors);
415 		dev->rawdescriptors = NULL;
416 	}
417 
418 	for (c = 0; c < dev->descriptor.bNumConfigurations; c++) {
419 		struct usb_host_config *cf = &dev->config[c];
420 
421 		kfree(cf->string);
422 		for (i = 0; i < cf->desc.bNumInterfaces; i++) {
423 			if (cf->intf_cache[i])
424 				kref_put(&cf->intf_cache[i]->ref,
425 					  usb_release_interface_cache);
426 		}
427 	}
428 	kfree(dev->config);
429 	dev->config = NULL;
430 }
431 
432 
433 // hub-only!! ... and only in reset path, or usb_new_device()
434 // (used by real hubs and virtual root hubs)
435 int usb_get_configuration(struct usb_device *dev)
436 {
437 	struct device *ddev = &dev->dev;
438 	int ncfg = dev->descriptor.bNumConfigurations;
439 	int result = -ENOMEM;
440 	unsigned int cfgno, length;
441 	unsigned char *buffer;
442 	unsigned char *bigbuffer;
443  	struct usb_config_descriptor *desc;
444 
445 	if (ncfg > USB_MAXCONFIG) {
446 		dev_warn(ddev, "too many configurations: %d, "
447 		    "using maximum allowed: %d\n", ncfg, USB_MAXCONFIG);
448 		dev->descriptor.bNumConfigurations = ncfg = USB_MAXCONFIG;
449 	}
450 
451 	if (ncfg < 1) {
452 		dev_err(ddev, "no configurations\n");
453 		return -EINVAL;
454 	}
455 
456 	length = ncfg * sizeof(struct usb_host_config);
457 	dev->config = kzalloc(length, GFP_KERNEL);
458 	if (!dev->config)
459 		goto err2;
460 
461 	length = ncfg * sizeof(char *);
462 	dev->rawdescriptors = kzalloc(length, GFP_KERNEL);
463 	if (!dev->rawdescriptors)
464 		goto err2;
465 
466 	buffer = kmalloc(USB_DT_CONFIG_SIZE, GFP_KERNEL);
467 	if (!buffer)
468 		goto err2;
469 	desc = (struct usb_config_descriptor *)buffer;
470 
471 	for (cfgno = 0; cfgno < ncfg; cfgno++) {
472 		/* We grab just the first descriptor so we know how long
473 		 * the whole configuration is */
474 		result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno,
475 		    buffer, USB_DT_CONFIG_SIZE);
476 		if (result < 0) {
477 			dev_err(ddev, "unable to read config index %d "
478 			    "descriptor/%s\n", cfgno, "start");
479 			goto err;
480 		} else if (result < 4) {
481 			dev_err(ddev, "config index %d descriptor too short "
482 			    "(expected %i, got %i)\n", cfgno,
483 			    USB_DT_CONFIG_SIZE, result);
484 			result = -EINVAL;
485 			goto err;
486 		}
487 		length = max((int) le16_to_cpu(desc->wTotalLength),
488 		    USB_DT_CONFIG_SIZE);
489 
490 		/* Now that we know the length, get the whole thing */
491 		bigbuffer = kmalloc(length, GFP_KERNEL);
492 		if (!bigbuffer) {
493 			result = -ENOMEM;
494 			goto err;
495 		}
496 		result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno,
497 		    bigbuffer, length);
498 		if (result < 0) {
499 			dev_err(ddev, "unable to read config index %d "
500 			    "descriptor/%s\n", cfgno, "all");
501 			kfree(bigbuffer);
502 			goto err;
503 		}
504 		if (result < length) {
505 			dev_warn(ddev, "config index %d descriptor too short "
506 			    "(expected %i, got %i)\n", cfgno, length, result);
507 			length = result;
508 		}
509 
510 		dev->rawdescriptors[cfgno] = bigbuffer;
511 
512 		result = usb_parse_configuration(&dev->dev, cfgno,
513 		    &dev->config[cfgno], bigbuffer, length);
514 		if (result < 0) {
515 			++cfgno;
516 			goto err;
517 		}
518 	}
519 	result = 0;
520 
521 err:
522 	kfree(buffer);
523 	dev->descriptor.bNumConfigurations = cfgno;
524 err2:
525 	if (result == -ENOMEM)
526 		dev_err(ddev, "out of memory\n");
527 	return result;
528 }
529