• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 #include <linux/usb.h>
2 #include <linux/usb/ch9.h>
3 #include <linux/usb/hcd.h>
4 #include <linux/usb/quirks.h>
5 #include <linux/module.h>
6 #include <linux/init.h>
7 #include <linux/slab.h>
8 #include <linux/device.h>
9 #include <asm/byteorder.h>
10 #include "usb.h"
11 
12 
13 #define USB_MAXALTSETTING		128	/* Hard limit */
14 #define USB_MAXENDPOINTS		30	/* Hard limit */
15 
16 #define USB_MAXCONFIG			8	/* Arbitrary limit */
17 
18 
plural(int n)19 static inline const char *plural(int n)
20 {
21 	return (n == 1 ? "" : "s");
22 }
23 
find_next_descriptor(unsigned char * buffer,int size,int dt1,int dt2,int * num_skipped)24 static int find_next_descriptor(unsigned char *buffer, int size,
25     int dt1, int dt2, int *num_skipped)
26 {
27 	struct usb_descriptor_header *h;
28 	int n = 0;
29 	unsigned char *buffer0 = buffer;
30 
31 	/* Find the next descriptor of type dt1 or dt2 */
32 	while (size > 0) {
33 		h = (struct usb_descriptor_header *) buffer;
34 		if (h->bDescriptorType == dt1 || h->bDescriptorType == dt2)
35 			break;
36 		buffer += h->bLength;
37 		size -= h->bLength;
38 		++n;
39 	}
40 
41 	/* Store the number of descriptors skipped and return the
42 	 * number of bytes skipped */
43 	if (num_skipped)
44 		*num_skipped = n;
45 	return buffer - buffer0;
46 }
47 
usb_parse_ss_endpoint_companion(struct device * ddev,int cfgno,int inum,int asnum,struct usb_host_endpoint * ep,unsigned char * buffer,int size)48 static void usb_parse_ss_endpoint_companion(struct device *ddev, int cfgno,
49 		int inum, int asnum, struct usb_host_endpoint *ep,
50 		unsigned char *buffer, int size)
51 {
52 	struct usb_ss_ep_comp_descriptor *desc;
53 	int max_tx;
54 
55 	/* The SuperSpeed endpoint companion descriptor is supposed to
56 	 * be the first thing immediately following the endpoint descriptor.
57 	 */
58 	desc = (struct usb_ss_ep_comp_descriptor *) buffer;
59 	if (desc->bDescriptorType != USB_DT_SS_ENDPOINT_COMP ||
60 			size < USB_DT_SS_EP_COMP_SIZE) {
61 		dev_warn(ddev, "No SuperSpeed endpoint companion for config %d "
62 				" interface %d altsetting %d ep %d: "
63 				"using minimum values\n",
64 				cfgno, inum, asnum, ep->desc.bEndpointAddress);
65 
66 		/* Fill in some default values.
67 		 * Leave bmAttributes as zero, which will mean no streams for
68 		 * bulk, and isoc won't support multiple bursts of packets.
69 		 * With bursts of only one packet, and a Mult of 1, the max
70 		 * amount of data moved per endpoint service interval is one
71 		 * packet.
72 		 */
73 		ep->ss_ep_comp.bLength = USB_DT_SS_EP_COMP_SIZE;
74 		ep->ss_ep_comp.bDescriptorType = USB_DT_SS_ENDPOINT_COMP;
75 		if (usb_endpoint_xfer_isoc(&ep->desc) ||
76 				usb_endpoint_xfer_int(&ep->desc))
77 			ep->ss_ep_comp.wBytesPerInterval =
78 					ep->desc.wMaxPacketSize;
79 		return;
80 	}
81 
82 	memcpy(&ep->ss_ep_comp, desc, USB_DT_SS_EP_COMP_SIZE);
83 
84 	/* Check the various values */
85 	if (usb_endpoint_xfer_control(&ep->desc) && desc->bMaxBurst != 0) {
86 		dev_warn(ddev, "Control endpoint with bMaxBurst = %d in "
87 				"config %d interface %d altsetting %d ep %d: "
88 				"setting to zero\n", desc->bMaxBurst,
89 				cfgno, inum, asnum, ep->desc.bEndpointAddress);
90 		ep->ss_ep_comp.bMaxBurst = 0;
91 	} else if (desc->bMaxBurst > 15) {
92 		dev_warn(ddev, "Endpoint with bMaxBurst = %d in "
93 				"config %d interface %d altsetting %d ep %d: "
94 				"setting to 15\n", desc->bMaxBurst,
95 				cfgno, inum, asnum, ep->desc.bEndpointAddress);
96 		ep->ss_ep_comp.bMaxBurst = 15;
97 	}
98 
99 	if ((usb_endpoint_xfer_control(&ep->desc) ||
100 			usb_endpoint_xfer_int(&ep->desc)) &&
101 				desc->bmAttributes != 0) {
102 		dev_warn(ddev, "%s endpoint with bmAttributes = %d in "
103 				"config %d interface %d altsetting %d ep %d: "
104 				"setting to zero\n",
105 				usb_endpoint_xfer_control(&ep->desc) ? "Control" : "Bulk",
106 				desc->bmAttributes,
107 				cfgno, inum, asnum, ep->desc.bEndpointAddress);
108 		ep->ss_ep_comp.bmAttributes = 0;
109 	} else if (usb_endpoint_xfer_bulk(&ep->desc) &&
110 			desc->bmAttributes > 16) {
111 		dev_warn(ddev, "Bulk endpoint with more than 65536 streams in "
112 				"config %d interface %d altsetting %d ep %d: "
113 				"setting to max\n",
114 				cfgno, inum, asnum, ep->desc.bEndpointAddress);
115 		ep->ss_ep_comp.bmAttributes = 16;
116 	} else if (usb_endpoint_xfer_isoc(&ep->desc) &&
117 			desc->bmAttributes > 2) {
118 		dev_warn(ddev, "Isoc endpoint has Mult of %d in "
119 				"config %d interface %d altsetting %d ep %d: "
120 				"setting to 3\n", desc->bmAttributes + 1,
121 				cfgno, inum, asnum, ep->desc.bEndpointAddress);
122 		ep->ss_ep_comp.bmAttributes = 2;
123 	}
124 
125 	if (usb_endpoint_xfer_isoc(&ep->desc))
126 		max_tx = (desc->bMaxBurst + 1) * (desc->bmAttributes + 1) *
127 			usb_endpoint_maxp(&ep->desc);
128 	else if (usb_endpoint_xfer_int(&ep->desc))
129 		max_tx = usb_endpoint_maxp(&ep->desc) *
130 			(desc->bMaxBurst + 1);
131 	else
132 		max_tx = 999999;
133 	if (le16_to_cpu(desc->wBytesPerInterval) > max_tx) {
134 		dev_warn(ddev, "%s endpoint with wBytesPerInterval of %d in "
135 				"config %d interface %d altsetting %d ep %d: "
136 				"setting to %d\n",
137 				usb_endpoint_xfer_isoc(&ep->desc) ? "Isoc" : "Int",
138 				le16_to_cpu(desc->wBytesPerInterval),
139 				cfgno, inum, asnum, ep->desc.bEndpointAddress,
140 				max_tx);
141 		ep->ss_ep_comp.wBytesPerInterval = cpu_to_le16(max_tx);
142 	}
143 }
144 
usb_parse_endpoint(struct device * ddev,int cfgno,int inum,int asnum,struct usb_host_interface * ifp,int num_ep,unsigned char * buffer,int size)145 static int usb_parse_endpoint(struct device *ddev, int cfgno, int inum,
146     int asnum, struct usb_host_interface *ifp, int num_ep,
147     unsigned char *buffer, int size)
148 {
149 	unsigned char *buffer0 = buffer;
150 	struct usb_endpoint_descriptor *d;
151 	struct usb_host_endpoint *endpoint;
152 	int n, i, j, retval;
153 
154 	d = (struct usb_endpoint_descriptor *) buffer;
155 	buffer += d->bLength;
156 	size -= d->bLength;
157 
158 	if (d->bLength >= USB_DT_ENDPOINT_AUDIO_SIZE)
159 		n = USB_DT_ENDPOINT_AUDIO_SIZE;
160 	else if (d->bLength >= USB_DT_ENDPOINT_SIZE)
161 		n = USB_DT_ENDPOINT_SIZE;
162 	else {
163 		dev_warn(ddev, "config %d interface %d altsetting %d has an "
164 		    "invalid endpoint descriptor of length %d, skipping\n",
165 		    cfgno, inum, asnum, d->bLength);
166 		goto skip_to_next_endpoint_or_interface_descriptor;
167 	}
168 
169 	i = d->bEndpointAddress & ~USB_ENDPOINT_DIR_MASK;
170 	if (i >= 16 || i == 0) {
171 		dev_warn(ddev, "config %d interface %d altsetting %d has an "
172 		    "invalid endpoint with address 0x%X, skipping\n",
173 		    cfgno, inum, asnum, d->bEndpointAddress);
174 		goto skip_to_next_endpoint_or_interface_descriptor;
175 	}
176 
177 	/* Only store as many endpoints as we have room for */
178 	if (ifp->desc.bNumEndpoints >= num_ep)
179 		goto skip_to_next_endpoint_or_interface_descriptor;
180 
181 	endpoint = &ifp->endpoint[ifp->desc.bNumEndpoints];
182 	++ifp->desc.bNumEndpoints;
183 
184 	memcpy(&endpoint->desc, d, n);
185 	INIT_LIST_HEAD(&endpoint->urb_list);
186 
187 	/* Fix up bInterval values outside the legal range. Use 32 ms if no
188 	 * proper value can be guessed. */
189 	i = 0;		/* i = min, j = max, n = default */
190 	j = 255;
191 	if (usb_endpoint_xfer_int(d)) {
192 		i = 1;
193 		switch (to_usb_device(ddev)->speed) {
194 		case USB_SPEED_SUPER:
195 		case USB_SPEED_HIGH:
196 			/* Many device manufacturers are using full-speed
197 			 * bInterval values in high-speed interrupt endpoint
198 			 * descriptors. Try to fix those and fall back to a
199 			 * 32 ms default value otherwise. */
200 			n = fls(d->bInterval*8);
201 			if (n == 0)
202 				n = 9;	/* 32 ms = 2^(9-1) uframes */
203 			j = 16;
204 			break;
205 		default:		/* USB_SPEED_FULL or _LOW */
206 			/* For low-speed, 10 ms is the official minimum.
207 			 * But some "overclocked" devices might want faster
208 			 * polling so we'll allow it. */
209 			n = 32;
210 			break;
211 		}
212 	} else if (usb_endpoint_xfer_isoc(d)) {
213 		i = 1;
214 		j = 16;
215 		switch (to_usb_device(ddev)->speed) {
216 		case USB_SPEED_HIGH:
217 			n = 9;		/* 32 ms = 2^(9-1) uframes */
218 			break;
219 		default:		/* USB_SPEED_FULL */
220 			n = 6;		/* 32 ms = 2^(6-1) frames */
221 			break;
222 		}
223 	}
224 	if (d->bInterval < i || d->bInterval > j) {
225 		dev_warn(ddev, "config %d interface %d altsetting %d "
226 		    "endpoint 0x%X has an invalid bInterval %d, "
227 		    "changing to %d\n",
228 		    cfgno, inum, asnum,
229 		    d->bEndpointAddress, d->bInterval, n);
230 		endpoint->desc.bInterval = n;
231 	}
232 
233 	/* Some buggy low-speed devices have Bulk endpoints, which is
234 	 * explicitly forbidden by the USB spec.  In an attempt to make
235 	 * them usable, we will try treating them as Interrupt endpoints.
236 	 */
237 	if (to_usb_device(ddev)->speed == USB_SPEED_LOW &&
238 			usb_endpoint_xfer_bulk(d)) {
239 		dev_warn(ddev, "config %d interface %d altsetting %d "
240 		    "endpoint 0x%X is Bulk; changing to Interrupt\n",
241 		    cfgno, inum, asnum, d->bEndpointAddress);
242 		endpoint->desc.bmAttributes = USB_ENDPOINT_XFER_INT;
243 		endpoint->desc.bInterval = 1;
244 		if (usb_endpoint_maxp(&endpoint->desc) > 8)
245 			endpoint->desc.wMaxPacketSize = cpu_to_le16(8);
246 	}
247 
248 	/*
249 	 * Some buggy high speed devices have bulk endpoints using
250 	 * maxpacket sizes other than 512.  High speed HCDs may not
251 	 * be able to handle that particular bug, so let's warn...
252 	 */
253 	if (to_usb_device(ddev)->speed == USB_SPEED_HIGH
254 			&& usb_endpoint_xfer_bulk(d)) {
255 		unsigned maxp;
256 
257 		maxp = usb_endpoint_maxp(&endpoint->desc) & 0x07ff;
258 		if (maxp != 512)
259 			dev_warn(ddev, "config %d interface %d altsetting %d "
260 				"bulk endpoint 0x%X has invalid maxpacket %d\n",
261 				cfgno, inum, asnum, d->bEndpointAddress,
262 				maxp);
263 	}
264 
265 	/* Parse a possible SuperSpeed endpoint companion descriptor */
266 	if (to_usb_device(ddev)->speed == USB_SPEED_SUPER)
267 		usb_parse_ss_endpoint_companion(ddev, cfgno,
268 				inum, asnum, endpoint, buffer, size);
269 
270 	/* Skip over any Class Specific or Vendor Specific descriptors;
271 	 * find the next endpoint or interface descriptor */
272 	endpoint->extra = buffer;
273 	i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
274 			USB_DT_INTERFACE, &n);
275 	endpoint->extralen = i;
276 	retval = buffer - buffer0 + i;
277 	if (n > 0)
278 		dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
279 		    n, plural(n), "endpoint");
280 	return retval;
281 
282 skip_to_next_endpoint_or_interface_descriptor:
283 	i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
284 	    USB_DT_INTERFACE, NULL);
285 	return buffer - buffer0 + i;
286 }
287 
usb_release_interface_cache(struct kref * ref)288 void usb_release_interface_cache(struct kref *ref)
289 {
290 	struct usb_interface_cache *intfc = ref_to_usb_interface_cache(ref);
291 	int j;
292 
293 	for (j = 0; j < intfc->num_altsetting; j++) {
294 		struct usb_host_interface *alt = &intfc->altsetting[j];
295 
296 		kfree(alt->endpoint);
297 		kfree(alt->string);
298 	}
299 	kfree(intfc);
300 }
301 
usb_parse_interface(struct device * ddev,int cfgno,struct usb_host_config * config,unsigned char * buffer,int size,u8 inums[],u8 nalts[])302 static int usb_parse_interface(struct device *ddev, int cfgno,
303     struct usb_host_config *config, unsigned char *buffer, int size,
304     u8 inums[], u8 nalts[])
305 {
306 	unsigned char *buffer0 = buffer;
307 	struct usb_interface_descriptor	*d;
308 	int inum, asnum;
309 	struct usb_interface_cache *intfc;
310 	struct usb_host_interface *alt;
311 	int i, n;
312 	int len, retval;
313 	int num_ep, num_ep_orig;
314 
315 	d = (struct usb_interface_descriptor *) buffer;
316 	buffer += d->bLength;
317 	size -= d->bLength;
318 
319 	if (d->bLength < USB_DT_INTERFACE_SIZE)
320 		goto skip_to_next_interface_descriptor;
321 
322 	/* Which interface entry is this? */
323 	intfc = NULL;
324 	inum = d->bInterfaceNumber;
325 	for (i = 0; i < config->desc.bNumInterfaces; ++i) {
326 		if (inums[i] == inum) {
327 			intfc = config->intf_cache[i];
328 			break;
329 		}
330 	}
331 	if (!intfc || intfc->num_altsetting >= nalts[i])
332 		goto skip_to_next_interface_descriptor;
333 
334 	/* Check for duplicate altsetting entries */
335 	asnum = d->bAlternateSetting;
336 	for ((i = 0, alt = &intfc->altsetting[0]);
337 	      i < intfc->num_altsetting;
338 	     (++i, ++alt)) {
339 		if (alt->desc.bAlternateSetting == asnum) {
340 			dev_warn(ddev, "Duplicate descriptor for config %d "
341 			    "interface %d altsetting %d, skipping\n",
342 			    cfgno, inum, asnum);
343 			goto skip_to_next_interface_descriptor;
344 		}
345 	}
346 
347 	++intfc->num_altsetting;
348 	memcpy(&alt->desc, d, USB_DT_INTERFACE_SIZE);
349 
350 	/* Skip over any Class Specific or Vendor Specific descriptors;
351 	 * find the first endpoint or interface descriptor */
352 	alt->extra = buffer;
353 	i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
354 	    USB_DT_INTERFACE, &n);
355 	alt->extralen = i;
356 	if (n > 0)
357 		dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
358 		    n, plural(n), "interface");
359 	buffer += i;
360 	size -= i;
361 
362 	/* Allocate space for the right(?) number of endpoints */
363 	num_ep = num_ep_orig = alt->desc.bNumEndpoints;
364 	alt->desc.bNumEndpoints = 0;		/* Use as a counter */
365 	if (num_ep > USB_MAXENDPOINTS) {
366 		dev_warn(ddev, "too many endpoints for config %d interface %d "
367 		    "altsetting %d: %d, using maximum allowed: %d\n",
368 		    cfgno, inum, asnum, num_ep, USB_MAXENDPOINTS);
369 		num_ep = USB_MAXENDPOINTS;
370 	}
371 
372 	if (num_ep > 0) {
373 		/* Can't allocate 0 bytes */
374 		len = sizeof(struct usb_host_endpoint) * num_ep;
375 		alt->endpoint = kzalloc(len, GFP_KERNEL);
376 		if (!alt->endpoint)
377 			return -ENOMEM;
378 	}
379 
380 	/* Parse all the endpoint descriptors */
381 	n = 0;
382 	while (size > 0) {
383 		if (((struct usb_descriptor_header *) buffer)->bDescriptorType
384 		     == USB_DT_INTERFACE)
385 			break;
386 		retval = usb_parse_endpoint(ddev, cfgno, inum, asnum, alt,
387 		    num_ep, buffer, size);
388 		if (retval < 0)
389 			return retval;
390 		++n;
391 
392 		buffer += retval;
393 		size -= retval;
394 	}
395 
396 	if (n != num_ep_orig)
397 		dev_warn(ddev, "config %d interface %d altsetting %d has %d "
398 		    "endpoint descriptor%s, different from the interface "
399 		    "descriptor's value: %d\n",
400 		    cfgno, inum, asnum, n, plural(n), num_ep_orig);
401 	return buffer - buffer0;
402 
403 skip_to_next_interface_descriptor:
404 	i = find_next_descriptor(buffer, size, USB_DT_INTERFACE,
405 	    USB_DT_INTERFACE, NULL);
406 	return buffer - buffer0 + i;
407 }
408 
usb_parse_configuration(struct usb_device * dev,int cfgidx,struct usb_host_config * config,unsigned char * buffer,int size)409 static int usb_parse_configuration(struct usb_device *dev, int cfgidx,
410     struct usb_host_config *config, unsigned char *buffer, int size)
411 {
412 	struct device *ddev = &dev->dev;
413 	unsigned char *buffer0 = buffer;
414 	int cfgno;
415 	int nintf, nintf_orig;
416 	int i, j, n;
417 	struct usb_interface_cache *intfc;
418 	unsigned char *buffer2;
419 	int size2;
420 	struct usb_descriptor_header *header;
421 	int len, retval;
422 	u8 inums[USB_MAXINTERFACES], nalts[USB_MAXINTERFACES];
423 	unsigned iad_num = 0;
424 
425 	memcpy(&config->desc, buffer, USB_DT_CONFIG_SIZE);
426 	if (config->desc.bDescriptorType != USB_DT_CONFIG ||
427 	    config->desc.bLength < USB_DT_CONFIG_SIZE ||
428 	    config->desc.bLength > size) {
429 		dev_err(ddev, "invalid descriptor for config index %d: "
430 		    "type = 0x%X, length = %d\n", cfgidx,
431 		    config->desc.bDescriptorType, config->desc.bLength);
432 		return -EINVAL;
433 	}
434 	cfgno = config->desc.bConfigurationValue;
435 
436 	buffer += config->desc.bLength;
437 	size -= config->desc.bLength;
438 
439 	nintf = nintf_orig = config->desc.bNumInterfaces;
440 	if (nintf > USB_MAXINTERFACES) {
441 		dev_warn(ddev, "config %d has too many interfaces: %d, "
442 		    "using maximum allowed: %d\n",
443 		    cfgno, nintf, USB_MAXINTERFACES);
444 		nintf = USB_MAXINTERFACES;
445 	}
446 
447 	/* Go through the descriptors, checking their length and counting the
448 	 * number of altsettings for each interface */
449 	n = 0;
450 	for ((buffer2 = buffer, size2 = size);
451 	      size2 > 0;
452 	     (buffer2 += header->bLength, size2 -= header->bLength)) {
453 
454 		if (size2 < sizeof(struct usb_descriptor_header)) {
455 			dev_warn(ddev, "config %d descriptor has %d excess "
456 			    "byte%s, ignoring\n",
457 			    cfgno, size2, plural(size2));
458 			break;
459 		}
460 
461 		header = (struct usb_descriptor_header *) buffer2;
462 		if ((header->bLength > size2) || (header->bLength < 2)) {
463 			dev_warn(ddev, "config %d has an invalid descriptor "
464 			    "of length %d, skipping remainder of the config\n",
465 			    cfgno, header->bLength);
466 			break;
467 		}
468 
469 		if (header->bDescriptorType == USB_DT_INTERFACE) {
470 			struct usb_interface_descriptor *d;
471 			int inum;
472 
473 			d = (struct usb_interface_descriptor *) header;
474 			if (d->bLength < USB_DT_INTERFACE_SIZE) {
475 				dev_warn(ddev, "config %d has an invalid "
476 				    "interface descriptor of length %d, "
477 				    "skipping\n", cfgno, d->bLength);
478 				continue;
479 			}
480 
481 			inum = d->bInterfaceNumber;
482 
483 			if ((dev->quirks & USB_QUIRK_HONOR_BNUMINTERFACES) &&
484 			    n >= nintf_orig) {
485 				dev_warn(ddev, "config %d has more interface "
486 				    "descriptors, than it declares in "
487 				    "bNumInterfaces, ignoring interface "
488 				    "number: %d\n", cfgno, inum);
489 				continue;
490 			}
491 
492 			if (inum >= nintf_orig)
493 				dev_warn(ddev, "config %d has an invalid "
494 				    "interface number: %d but max is %d\n",
495 				    cfgno, inum, nintf_orig - 1);
496 
497 			/* Have we already encountered this interface?
498 			 * Count its altsettings */
499 			for (i = 0; i < n; ++i) {
500 				if (inums[i] == inum)
501 					break;
502 			}
503 			if (i < n) {
504 				if (nalts[i] < 255)
505 					++nalts[i];
506 			} else if (n < USB_MAXINTERFACES) {
507 				inums[n] = inum;
508 				nalts[n] = 1;
509 				++n;
510 			}
511 
512 		} else if (header->bDescriptorType ==
513 				USB_DT_INTERFACE_ASSOCIATION) {
514 			if (iad_num == USB_MAXIADS) {
515 				dev_warn(ddev, "found more Interface "
516 					       "Association Descriptors "
517 					       "than allocated for in "
518 					       "configuration %d\n", cfgno);
519 			} else {
520 				config->intf_assoc[iad_num] =
521 					(struct usb_interface_assoc_descriptor
522 					*)header;
523 				iad_num++;
524 			}
525 
526 		} else if (header->bDescriptorType == USB_DT_DEVICE ||
527 			    header->bDescriptorType == USB_DT_CONFIG)
528 			dev_warn(ddev, "config %d contains an unexpected "
529 			    "descriptor of type 0x%X, skipping\n",
530 			    cfgno, header->bDescriptorType);
531 
532 	}	/* for ((buffer2 = buffer, size2 = size); ...) */
533 	size = buffer2 - buffer;
534 	config->desc.wTotalLength = cpu_to_le16(buffer2 - buffer0);
535 
536 	if (n != nintf)
537 		dev_warn(ddev, "config %d has %d interface%s, different from "
538 		    "the descriptor's value: %d\n",
539 		    cfgno, n, plural(n), nintf_orig);
540 	else if (n == 0)
541 		dev_warn(ddev, "config %d has no interfaces?\n", cfgno);
542 	config->desc.bNumInterfaces = nintf = n;
543 
544 	/* Check for missing interface numbers */
545 	for (i = 0; i < nintf; ++i) {
546 		for (j = 0; j < nintf; ++j) {
547 			if (inums[j] == i)
548 				break;
549 		}
550 		if (j >= nintf)
551 			dev_warn(ddev, "config %d has no interface number "
552 			    "%d\n", cfgno, i);
553 	}
554 
555 	/* Allocate the usb_interface_caches and altsetting arrays */
556 	for (i = 0; i < nintf; ++i) {
557 		j = nalts[i];
558 		if (j > USB_MAXALTSETTING) {
559 			dev_warn(ddev, "too many alternate settings for "
560 			    "config %d interface %d: %d, "
561 			    "using maximum allowed: %d\n",
562 			    cfgno, inums[i], j, USB_MAXALTSETTING);
563 			nalts[i] = j = USB_MAXALTSETTING;
564 		}
565 
566 		len = sizeof(*intfc) + sizeof(struct usb_host_interface) * j;
567 		config->intf_cache[i] = intfc = kzalloc(len, GFP_KERNEL);
568 		if (!intfc)
569 			return -ENOMEM;
570 		kref_init(&intfc->ref);
571 	}
572 
573 	/* FIXME: parse the BOS descriptor */
574 
575 	/* Skip over any Class Specific or Vendor Specific descriptors;
576 	 * find the first interface descriptor */
577 	config->extra = buffer;
578 	i = find_next_descriptor(buffer, size, USB_DT_INTERFACE,
579 	    USB_DT_INTERFACE, &n);
580 	config->extralen = i;
581 	if (n > 0)
582 		dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
583 		    n, plural(n), "configuration");
584 	buffer += i;
585 	size -= i;
586 
587 	/* Parse all the interface/altsetting descriptors */
588 	while (size > 0) {
589 		retval = usb_parse_interface(ddev, cfgno, config,
590 		    buffer, size, inums, nalts);
591 		if (retval < 0)
592 			return retval;
593 
594 		buffer += retval;
595 		size -= retval;
596 	}
597 
598 	/* Check for missing altsettings */
599 	for (i = 0; i < nintf; ++i) {
600 		intfc = config->intf_cache[i];
601 		for (j = 0; j < intfc->num_altsetting; ++j) {
602 			for (n = 0; n < intfc->num_altsetting; ++n) {
603 				if (intfc->altsetting[n].desc.
604 				    bAlternateSetting == j)
605 					break;
606 			}
607 			if (n >= intfc->num_altsetting)
608 				dev_warn(ddev, "config %d interface %d has no "
609 				    "altsetting %d\n", cfgno, inums[i], j);
610 		}
611 	}
612 
613 	return 0;
614 }
615 
616 /* hub-only!! ... and only exported for reset/reinit path.
617  * otherwise used internally on disconnect/destroy path
618  */
usb_destroy_configuration(struct usb_device * dev)619 void usb_destroy_configuration(struct usb_device *dev)
620 {
621 	int c, i;
622 
623 	if (!dev->config)
624 		return;
625 
626 	if (dev->rawdescriptors) {
627 		for (i = 0; i < dev->descriptor.bNumConfigurations; i++)
628 			kfree(dev->rawdescriptors[i]);
629 
630 		kfree(dev->rawdescriptors);
631 		dev->rawdescriptors = NULL;
632 	}
633 
634 	for (c = 0; c < dev->descriptor.bNumConfigurations; c++) {
635 		struct usb_host_config *cf = &dev->config[c];
636 
637 		kfree(cf->string);
638 		for (i = 0; i < cf->desc.bNumInterfaces; i++) {
639 			if (cf->intf_cache[i])
640 				kref_put(&cf->intf_cache[i]->ref,
641 					  usb_release_interface_cache);
642 		}
643 	}
644 	kfree(dev->config);
645 	dev->config = NULL;
646 }
647 
648 
649 /*
650  * Get the USB config descriptors, cache and parse'em
651  *
652  * hub-only!! ... and only in reset path, or usb_new_device()
653  * (used by real hubs and virtual root hubs)
654  *
655  * NOTE: if this is a WUSB device and is not authorized, we skip the
656  *       whole thing. A non-authorized USB device has no
657  *       configurations.
658  */
usb_get_configuration(struct usb_device * dev)659 int usb_get_configuration(struct usb_device *dev)
660 {
661 	struct device *ddev = &dev->dev;
662 	int ncfg = dev->descriptor.bNumConfigurations;
663 	int result = 0;
664 	unsigned int cfgno, length;
665 	unsigned char *bigbuffer;
666 	struct usb_config_descriptor *desc;
667 
668 	cfgno = 0;
669 	if (dev->authorized == 0)	/* Not really an error */
670 		goto out_not_authorized;
671 	result = -ENOMEM;
672 	if (ncfg > USB_MAXCONFIG) {
673 		dev_warn(ddev, "too many configurations: %d, "
674 		    "using maximum allowed: %d\n", ncfg, USB_MAXCONFIG);
675 		dev->descriptor.bNumConfigurations = ncfg = USB_MAXCONFIG;
676 	}
677 
678 	if (ncfg < 1) {
679 		dev_err(ddev, "no configurations\n");
680 		return -EINVAL;
681 	}
682 
683 	length = ncfg * sizeof(struct usb_host_config);
684 	dev->config = kzalloc(length, GFP_KERNEL);
685 	if (!dev->config)
686 		goto err2;
687 
688 	length = ncfg * sizeof(char *);
689 	dev->rawdescriptors = kzalloc(length, GFP_KERNEL);
690 	if (!dev->rawdescriptors)
691 		goto err2;
692 
693 	desc = kmalloc(USB_DT_CONFIG_SIZE, GFP_KERNEL);
694 	if (!desc)
695 		goto err2;
696 
697 	result = 0;
698 	for (; cfgno < ncfg; cfgno++) {
699 		/* We grab just the first descriptor so we know how long
700 		 * the whole configuration is */
701 		result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno,
702 		    desc, USB_DT_CONFIG_SIZE);
703 		if (result < 0) {
704 			dev_err(ddev, "unable to read config index %d "
705 			    "descriptor/%s: %d\n", cfgno, "start", result);
706 			dev_err(ddev, "chopping to %d config(s)\n", cfgno);
707 			dev->descriptor.bNumConfigurations = cfgno;
708 			break;
709 		} else if (result < 4) {
710 			dev_err(ddev, "config index %d descriptor too short "
711 			    "(expected %i, got %i)\n", cfgno,
712 			    USB_DT_CONFIG_SIZE, result);
713 			result = -EINVAL;
714 			goto err;
715 		}
716 		length = max((int) le16_to_cpu(desc->wTotalLength),
717 		    USB_DT_CONFIG_SIZE);
718 
719 		/* Now that we know the length, get the whole thing */
720 		bigbuffer = kmalloc(length, GFP_KERNEL);
721 		if (!bigbuffer) {
722 			result = -ENOMEM;
723 			goto err;
724 		}
725 		result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno,
726 		    bigbuffer, length);
727 		if (result < 0) {
728 			dev_err(ddev, "unable to read config index %d "
729 			    "descriptor/%s\n", cfgno, "all");
730 			kfree(bigbuffer);
731 			goto err;
732 		}
733 		if (result < length) {
734 			dev_warn(ddev, "config index %d descriptor too short "
735 			    "(expected %i, got %i)\n", cfgno, length, result);
736 			length = result;
737 		}
738 
739 		dev->rawdescriptors[cfgno] = bigbuffer;
740 
741 		result = usb_parse_configuration(dev, cfgno,
742 		    &dev->config[cfgno], bigbuffer, length);
743 		if (result < 0) {
744 			++cfgno;
745 			goto err;
746 		}
747 	}
748 	result = 0;
749 
750 err:
751 	kfree(desc);
752 out_not_authorized:
753 	dev->descriptor.bNumConfigurations = cfgno;
754 err2:
755 	if (result == -ENOMEM)
756 		dev_err(ddev, "out of memory\n");
757 	return result;
758 }
759 
usb_release_bos_descriptor(struct usb_device * dev)760 void usb_release_bos_descriptor(struct usb_device *dev)
761 {
762 	if (dev->bos) {
763 		kfree(dev->bos->desc);
764 		kfree(dev->bos);
765 		dev->bos = NULL;
766 	}
767 }
768 
769 /* Get BOS descriptor set */
usb_get_bos_descriptor(struct usb_device * dev)770 int usb_get_bos_descriptor(struct usb_device *dev)
771 {
772 	struct device *ddev = &dev->dev;
773 	struct usb_bos_descriptor *bos;
774 	struct usb_dev_cap_header *cap;
775 	unsigned char *buffer;
776 	int length, total_len, num, i;
777 	int ret;
778 
779 	bos = kzalloc(sizeof(struct usb_bos_descriptor), GFP_KERNEL);
780 	if (!bos)
781 		return -ENOMEM;
782 
783 	/* Get BOS descriptor */
784 	ret = usb_get_descriptor(dev, USB_DT_BOS, 0, bos, USB_DT_BOS_SIZE);
785 	if (ret < USB_DT_BOS_SIZE) {
786 		dev_err(ddev, "unable to get BOS descriptor\n");
787 		if (ret >= 0)
788 			ret = -ENOMSG;
789 		kfree(bos);
790 		return ret;
791 	}
792 
793 	length = bos->bLength;
794 	total_len = le16_to_cpu(bos->wTotalLength);
795 	num = bos->bNumDeviceCaps;
796 	kfree(bos);
797 	if (total_len < length)
798 		return -EINVAL;
799 
800 	dev->bos = kzalloc(sizeof(struct usb_host_bos), GFP_KERNEL);
801 	if (!dev->bos)
802 		return -ENOMEM;
803 
804 	/* Now let's get the whole BOS descriptor set */
805 	buffer = kzalloc(total_len, GFP_KERNEL);
806 	if (!buffer) {
807 		ret = -ENOMEM;
808 		goto err;
809 	}
810 	dev->bos->desc = (struct usb_bos_descriptor *)buffer;
811 
812 	ret = usb_get_descriptor(dev, USB_DT_BOS, 0, buffer, total_len);
813 	if (ret < total_len) {
814 		dev_err(ddev, "unable to get BOS descriptor set\n");
815 		if (ret >= 0)
816 			ret = -ENOMSG;
817 		goto err;
818 	}
819 	total_len -= length;
820 
821 	for (i = 0; i < num; i++) {
822 		buffer += length;
823 		cap = (struct usb_dev_cap_header *)buffer;
824 		length = cap->bLength;
825 
826 		if (total_len < length)
827 			break;
828 		total_len -= length;
829 
830 		if (cap->bDescriptorType != USB_DT_DEVICE_CAPABILITY) {
831 			dev_warn(ddev, "descriptor type invalid, skip\n");
832 			continue;
833 		}
834 
835 		switch (cap->bDevCapabilityType) {
836 		case USB_CAP_TYPE_WIRELESS_USB:
837 			/* Wireless USB cap descriptor is handled by wusb */
838 			break;
839 		case USB_CAP_TYPE_EXT:
840 			dev->bos->ext_cap =
841 				(struct usb_ext_cap_descriptor *)buffer;
842 			break;
843 		case USB_SS_CAP_TYPE:
844 			dev->bos->ss_cap =
845 				(struct usb_ss_cap_descriptor *)buffer;
846 			break;
847 		case CONTAINER_ID_TYPE:
848 			dev->bos->ss_id =
849 				(struct usb_ss_container_id_descriptor *)buffer;
850 			break;
851 		default:
852 			break;
853 		}
854 	}
855 
856 	return 0;
857 
858 err:
859 	usb_release_bos_descriptor(dev);
860 	return ret;
861 }
862