1 #include <linux/usb.h> 2 #include <linux/module.h> 3 #include <linux/init.h> 4 #include <linux/slab.h> 5 #include <linux/device.h> 6 #include <asm/byteorder.h> 7 #include "usb.h" 8 #include "hcd.h" 9 10 #define USB_MAXALTSETTING 128 /* Hard limit */ 11 #define USB_MAXENDPOINTS 30 /* Hard limit */ 12 13 #define USB_MAXCONFIG 8 /* Arbitrary limit */ 14 15 16 static inline const char *plural(int n) 17 { 18 return (n == 1 ? "" : "s"); 19 } 20 21 static int find_next_descriptor(unsigned char *buffer, int size, 22 int dt1, int dt2, int *num_skipped) 23 { 24 struct usb_descriptor_header *h; 25 int n = 0; 26 unsigned char *buffer0 = buffer; 27 28 /* Find the next descriptor of type dt1 or dt2 */ 29 while (size > 0) { 30 h = (struct usb_descriptor_header *) buffer; 31 if (h->bDescriptorType == dt1 || h->bDescriptorType == dt2) 32 break; 33 buffer += h->bLength; 34 size -= h->bLength; 35 ++n; 36 } 37 38 /* Store the number of descriptors skipped and return the 39 * number of bytes skipped */ 40 if (num_skipped) 41 *num_skipped = n; 42 return buffer - buffer0; 43 } 44 45 static int usb_parse_endpoint(struct device *ddev, int cfgno, int inum, 46 int asnum, struct usb_host_interface *ifp, int num_ep, 47 unsigned char *buffer, int size) 48 { 49 unsigned char *buffer0 = buffer; 50 struct usb_endpoint_descriptor *d; 51 struct usb_host_endpoint *endpoint; 52 int n, i; 53 54 d = (struct usb_endpoint_descriptor *) buffer; 55 buffer += d->bLength; 56 size -= d->bLength; 57 58 if (d->bLength >= USB_DT_ENDPOINT_AUDIO_SIZE) 59 n = USB_DT_ENDPOINT_AUDIO_SIZE; 60 else if (d->bLength >= USB_DT_ENDPOINT_SIZE) 61 n = USB_DT_ENDPOINT_SIZE; 62 else { 63 dev_warn(ddev, "config %d interface %d altsetting %d has an " 64 "invalid endpoint descriptor of length %d, skipping\n", 65 cfgno, inum, asnum, d->bLength); 66 goto skip_to_next_endpoint_or_interface_descriptor; 67 } 68 69 i = d->bEndpointAddress & ~USB_ENDPOINT_DIR_MASK; 70 if (i >= 16 || i == 0) { 71 dev_warn(ddev, "config %d interface %d altsetting %d has an " 72 "invalid endpoint with address 0x%X, skipping\n", 73 cfgno, inum, asnum, d->bEndpointAddress); 74 goto skip_to_next_endpoint_or_interface_descriptor; 75 } 76 77 /* Only store as many endpoints as we have room for */ 78 if (ifp->desc.bNumEndpoints >= num_ep) 79 goto skip_to_next_endpoint_or_interface_descriptor; 80 81 endpoint = &ifp->endpoint[ifp->desc.bNumEndpoints]; 82 ++ifp->desc.bNumEndpoints; 83 84 memcpy(&endpoint->desc, d, n); 85 INIT_LIST_HEAD(&endpoint->urb_list); 86 87 /* Skip over any Class Specific or Vendor Specific descriptors; 88 * find the next endpoint or interface descriptor */ 89 endpoint->extra = buffer; 90 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 91 USB_DT_INTERFACE, &n); 92 endpoint->extralen = i; 93 if (n > 0) 94 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 95 n, plural(n), "endpoint"); 96 return buffer - buffer0 + i; 97 98 skip_to_next_endpoint_or_interface_descriptor: 99 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 100 USB_DT_INTERFACE, NULL); 101 return buffer - buffer0 + i; 102 } 103 104 void usb_release_interface_cache(struct kref *ref) 105 { 106 struct usb_interface_cache *intfc = ref_to_usb_interface_cache(ref); 107 int j; 108 109 for (j = 0; j < intfc->num_altsetting; j++) { 110 struct usb_host_interface *alt = &intfc->altsetting[j]; 111 112 kfree(alt->endpoint); 113 kfree(alt->string); 114 } 115 kfree(intfc); 116 } 117 118 static int usb_parse_interface(struct device *ddev, int cfgno, 119 struct usb_host_config *config, unsigned char *buffer, int size, 120 u8 inums[], u8 nalts[]) 121 { 122 unsigned char *buffer0 = buffer; 123 struct usb_interface_descriptor *d; 124 int inum, asnum; 125 struct usb_interface_cache *intfc; 126 struct usb_host_interface *alt; 127 int i, n; 128 int len, retval; 129 int num_ep, num_ep_orig; 130 131 d = (struct usb_interface_descriptor *) buffer; 132 buffer += d->bLength; 133 size -= d->bLength; 134 135 if (d->bLength < USB_DT_INTERFACE_SIZE) 136 goto skip_to_next_interface_descriptor; 137 138 /* Which interface entry is this? */ 139 intfc = NULL; 140 inum = d->bInterfaceNumber; 141 for (i = 0; i < config->desc.bNumInterfaces; ++i) { 142 if (inums[i] == inum) { 143 intfc = config->intf_cache[i]; 144 break; 145 } 146 } 147 if (!intfc || intfc->num_altsetting >= nalts[i]) 148 goto skip_to_next_interface_descriptor; 149 150 /* Check for duplicate altsetting entries */ 151 asnum = d->bAlternateSetting; 152 for ((i = 0, alt = &intfc->altsetting[0]); 153 i < intfc->num_altsetting; 154 (++i, ++alt)) { 155 if (alt->desc.bAlternateSetting == asnum) { 156 dev_warn(ddev, "Duplicate descriptor for config %d " 157 "interface %d altsetting %d, skipping\n", 158 cfgno, inum, asnum); 159 goto skip_to_next_interface_descriptor; 160 } 161 } 162 163 ++intfc->num_altsetting; 164 memcpy(&alt->desc, d, USB_DT_INTERFACE_SIZE); 165 166 /* Skip over any Class Specific or Vendor Specific descriptors; 167 * find the first endpoint or interface descriptor */ 168 alt->extra = buffer; 169 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 170 USB_DT_INTERFACE, &n); 171 alt->extralen = i; 172 if (n > 0) 173 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 174 n, plural(n), "interface"); 175 buffer += i; 176 size -= i; 177 178 /* Allocate space for the right(?) number of endpoints */ 179 num_ep = num_ep_orig = alt->desc.bNumEndpoints; 180 alt->desc.bNumEndpoints = 0; // Use as a counter 181 if (num_ep > USB_MAXENDPOINTS) { 182 dev_warn(ddev, "too many endpoints for config %d interface %d " 183 "altsetting %d: %d, using maximum allowed: %d\n", 184 cfgno, inum, asnum, num_ep, USB_MAXENDPOINTS); 185 num_ep = USB_MAXENDPOINTS; 186 } 187 188 if (num_ep > 0) { /* Can't allocate 0 bytes */ 189 len = sizeof(struct usb_host_endpoint) * num_ep; 190 alt->endpoint = kzalloc(len, GFP_KERNEL); 191 if (!alt->endpoint) 192 return -ENOMEM; 193 } 194 195 /* Parse all the endpoint descriptors */ 196 n = 0; 197 while (size > 0) { 198 if (((struct usb_descriptor_header *) buffer)->bDescriptorType 199 == USB_DT_INTERFACE) 200 break; 201 retval = usb_parse_endpoint(ddev, cfgno, inum, asnum, alt, 202 num_ep, buffer, size); 203 if (retval < 0) 204 return retval; 205 ++n; 206 207 buffer += retval; 208 size -= retval; 209 } 210 211 if (n != num_ep_orig) 212 dev_warn(ddev, "config %d interface %d altsetting %d has %d " 213 "endpoint descriptor%s, different from the interface " 214 "descriptor's value: %d\n", 215 cfgno, inum, asnum, n, plural(n), num_ep_orig); 216 return buffer - buffer0; 217 218 skip_to_next_interface_descriptor: 219 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE, 220 USB_DT_INTERFACE, NULL); 221 return buffer - buffer0 + i; 222 } 223 224 static int usb_parse_configuration(struct device *ddev, int cfgidx, 225 struct usb_host_config *config, unsigned char *buffer, int size) 226 { 227 unsigned char *buffer0 = buffer; 228 int cfgno; 229 int nintf, nintf_orig; 230 int i, j, n; 231 struct usb_interface_cache *intfc; 232 unsigned char *buffer2; 233 int size2; 234 struct usb_descriptor_header *header; 235 int len, retval; 236 u8 inums[USB_MAXINTERFACES], nalts[USB_MAXINTERFACES]; 237 238 memcpy(&config->desc, buffer, USB_DT_CONFIG_SIZE); 239 if (config->desc.bDescriptorType != USB_DT_CONFIG || 240 config->desc.bLength < USB_DT_CONFIG_SIZE) { 241 dev_err(ddev, "invalid descriptor for config index %d: " 242 "type = 0x%X, length = %d\n", cfgidx, 243 config->desc.bDescriptorType, config->desc.bLength); 244 return -EINVAL; 245 } 246 cfgno = config->desc.bConfigurationValue; 247 248 buffer += config->desc.bLength; 249 size -= config->desc.bLength; 250 251 nintf = nintf_orig = config->desc.bNumInterfaces; 252 if (nintf > USB_MAXINTERFACES) { 253 dev_warn(ddev, "config %d has too many interfaces: %d, " 254 "using maximum allowed: %d\n", 255 cfgno, nintf, USB_MAXINTERFACES); 256 nintf = USB_MAXINTERFACES; 257 } 258 259 /* Go through the descriptors, checking their length and counting the 260 * number of altsettings for each interface */ 261 n = 0; 262 for ((buffer2 = buffer, size2 = size); 263 size2 > 0; 264 (buffer2 += header->bLength, size2 -= header->bLength)) { 265 266 if (size2 < sizeof(struct usb_descriptor_header)) { 267 dev_warn(ddev, "config %d descriptor has %d excess " 268 "byte%s, ignoring\n", 269 cfgno, size2, plural(size2)); 270 break; 271 } 272 273 header = (struct usb_descriptor_header *) buffer2; 274 if ((header->bLength > size2) || (header->bLength < 2)) { 275 dev_warn(ddev, "config %d has an invalid descriptor " 276 "of length %d, skipping remainder of the config\n", 277 cfgno, header->bLength); 278 break; 279 } 280 281 if (header->bDescriptorType == USB_DT_INTERFACE) { 282 struct usb_interface_descriptor *d; 283 int inum; 284 285 d = (struct usb_interface_descriptor *) header; 286 if (d->bLength < USB_DT_INTERFACE_SIZE) { 287 dev_warn(ddev, "config %d has an invalid " 288 "interface descriptor of length %d, " 289 "skipping\n", cfgno, d->bLength); 290 continue; 291 } 292 293 inum = d->bInterfaceNumber; 294 if (inum >= nintf_orig) 295 dev_warn(ddev, "config %d has an invalid " 296 "interface number: %d but max is %d\n", 297 cfgno, inum, nintf_orig - 1); 298 299 /* Have we already encountered this interface? 300 * Count its altsettings */ 301 for (i = 0; i < n; ++i) { 302 if (inums[i] == inum) 303 break; 304 } 305 if (i < n) { 306 if (nalts[i] < 255) 307 ++nalts[i]; 308 } else if (n < USB_MAXINTERFACES) { 309 inums[n] = inum; 310 nalts[n] = 1; 311 ++n; 312 } 313 314 } else if (header->bDescriptorType == USB_DT_DEVICE || 315 header->bDescriptorType == USB_DT_CONFIG) 316 dev_warn(ddev, "config %d contains an unexpected " 317 "descriptor of type 0x%X, skipping\n", 318 cfgno, header->bDescriptorType); 319 320 } /* for ((buffer2 = buffer, size2 = size); ...) */ 321 size = buffer2 - buffer; 322 config->desc.wTotalLength = cpu_to_le16(buffer2 - buffer0); 323 324 if (n != nintf) 325 dev_warn(ddev, "config %d has %d interface%s, different from " 326 "the descriptor's value: %d\n", 327 cfgno, n, plural(n), nintf_orig); 328 else if (n == 0) 329 dev_warn(ddev, "config %d has no interfaces?\n", cfgno); 330 config->desc.bNumInterfaces = nintf = n; 331 332 /* Check for missing interface numbers */ 333 for (i = 0; i < nintf; ++i) { 334 for (j = 0; j < nintf; ++j) { 335 if (inums[j] == i) 336 break; 337 } 338 if (j >= nintf) 339 dev_warn(ddev, "config %d has no interface number " 340 "%d\n", cfgno, i); 341 } 342 343 /* Allocate the usb_interface_caches and altsetting arrays */ 344 for (i = 0; i < nintf; ++i) { 345 j = nalts[i]; 346 if (j > USB_MAXALTSETTING) { 347 dev_warn(ddev, "too many alternate settings for " 348 "config %d interface %d: %d, " 349 "using maximum allowed: %d\n", 350 cfgno, inums[i], j, USB_MAXALTSETTING); 351 nalts[i] = j = USB_MAXALTSETTING; 352 } 353 354 len = sizeof(*intfc) + sizeof(struct usb_host_interface) * j; 355 config->intf_cache[i] = intfc = kzalloc(len, GFP_KERNEL); 356 if (!intfc) 357 return -ENOMEM; 358 kref_init(&intfc->ref); 359 } 360 361 /* Skip over any Class Specific or Vendor Specific descriptors; 362 * find the first interface descriptor */ 363 config->extra = buffer; 364 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE, 365 USB_DT_INTERFACE, &n); 366 config->extralen = i; 367 if (n > 0) 368 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 369 n, plural(n), "configuration"); 370 buffer += i; 371 size -= i; 372 373 /* Parse all the interface/altsetting descriptors */ 374 while (size > 0) { 375 retval = usb_parse_interface(ddev, cfgno, config, 376 buffer, size, inums, nalts); 377 if (retval < 0) 378 return retval; 379 380 buffer += retval; 381 size -= retval; 382 } 383 384 /* Check for missing altsettings */ 385 for (i = 0; i < nintf; ++i) { 386 intfc = config->intf_cache[i]; 387 for (j = 0; j < intfc->num_altsetting; ++j) { 388 for (n = 0; n < intfc->num_altsetting; ++n) { 389 if (intfc->altsetting[n].desc. 390 bAlternateSetting == j) 391 break; 392 } 393 if (n >= intfc->num_altsetting) 394 dev_warn(ddev, "config %d interface %d has no " 395 "altsetting %d\n", cfgno, inums[i], j); 396 } 397 } 398 399 return 0; 400 } 401 402 // hub-only!! ... and only exported for reset/reinit path. 403 // otherwise used internally on disconnect/destroy path 404 void usb_destroy_configuration(struct usb_device *dev) 405 { 406 int c, i; 407 408 if (!dev->config) 409 return; 410 411 if (dev->rawdescriptors) { 412 for (i = 0; i < dev->descriptor.bNumConfigurations; i++) 413 kfree(dev->rawdescriptors[i]); 414 415 kfree(dev->rawdescriptors); 416 dev->rawdescriptors = NULL; 417 } 418 419 for (c = 0; c < dev->descriptor.bNumConfigurations; c++) { 420 struct usb_host_config *cf = &dev->config[c]; 421 422 kfree(cf->string); 423 for (i = 0; i < cf->desc.bNumInterfaces; i++) { 424 if (cf->intf_cache[i]) 425 kref_put(&cf->intf_cache[i]->ref, 426 usb_release_interface_cache); 427 } 428 } 429 kfree(dev->config); 430 dev->config = NULL; 431 } 432 433 434 // hub-only!! ... and only in reset path, or usb_new_device() 435 // (used by real hubs and virtual root hubs) 436 int usb_get_configuration(struct usb_device *dev) 437 { 438 struct device *ddev = &dev->dev; 439 int ncfg = dev->descriptor.bNumConfigurations; 440 int result = -ENOMEM; 441 unsigned int cfgno, length; 442 unsigned char *buffer; 443 unsigned char *bigbuffer; 444 struct usb_config_descriptor *desc; 445 446 if (ncfg > USB_MAXCONFIG) { 447 dev_warn(ddev, "too many configurations: %d, " 448 "using maximum allowed: %d\n", ncfg, USB_MAXCONFIG); 449 dev->descriptor.bNumConfigurations = ncfg = USB_MAXCONFIG; 450 } 451 452 if (ncfg < 1) { 453 dev_err(ddev, "no configurations\n"); 454 return -EINVAL; 455 } 456 457 length = ncfg * sizeof(struct usb_host_config); 458 dev->config = kzalloc(length, GFP_KERNEL); 459 if (!dev->config) 460 goto err2; 461 462 length = ncfg * sizeof(char *); 463 dev->rawdescriptors = kzalloc(length, GFP_KERNEL); 464 if (!dev->rawdescriptors) 465 goto err2; 466 467 buffer = kmalloc(USB_DT_CONFIG_SIZE, GFP_KERNEL); 468 if (!buffer) 469 goto err2; 470 desc = (struct usb_config_descriptor *)buffer; 471 472 for (cfgno = 0; cfgno < ncfg; cfgno++) { 473 /* We grab just the first descriptor so we know how long 474 * the whole configuration is */ 475 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno, 476 buffer, USB_DT_CONFIG_SIZE); 477 if (result < 0) { 478 dev_err(ddev, "unable to read config index %d " 479 "descriptor/%s\n", cfgno, "start"); 480 dev_err(ddev, "chopping to %d config(s)\n", cfgno); 481 dev->descriptor.bNumConfigurations = cfgno; 482 break; 483 } else if (result < 4) { 484 dev_err(ddev, "config index %d descriptor too short " 485 "(expected %i, got %i)\n", cfgno, 486 USB_DT_CONFIG_SIZE, result); 487 result = -EINVAL; 488 goto err; 489 } 490 length = max((int) le16_to_cpu(desc->wTotalLength), 491 USB_DT_CONFIG_SIZE); 492 493 /* Now that we know the length, get the whole thing */ 494 bigbuffer = kmalloc(length, GFP_KERNEL); 495 if (!bigbuffer) { 496 result = -ENOMEM; 497 goto err; 498 } 499 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno, 500 bigbuffer, length); 501 if (result < 0) { 502 dev_err(ddev, "unable to read config index %d " 503 "descriptor/%s\n", cfgno, "all"); 504 kfree(bigbuffer); 505 goto err; 506 } 507 if (result < length) { 508 dev_warn(ddev, "config index %d descriptor too short " 509 "(expected %i, got %i)\n", cfgno, length, result); 510 length = result; 511 } 512 513 dev->rawdescriptors[cfgno] = bigbuffer; 514 515 result = usb_parse_configuration(&dev->dev, cfgno, 516 &dev->config[cfgno], bigbuffer, length); 517 if (result < 0) { 518 ++cfgno; 519 goto err; 520 } 521 } 522 result = 0; 523 524 err: 525 kfree(buffer); 526 dev->descriptor.bNumConfigurations = cfgno; 527 err2: 528 if (result == -ENOMEM) 529 dev_err(ddev, "out of memory\n"); 530 return result; 531 } 532