1 #include <linux/usb.h>
2 #include <linux/usb/ch9.h>
3 #include <linux/usb/hcd.h>
4 #include <linux/usb/quirks.h>
5 #include <linux/module.h>
6 #include <linux/slab.h>
7 #include <linux/device.h>
8 #include <asm/byteorder.h>
9 #include "usb.h"
10
11
12 #define USB_MAXALTSETTING 128 /* Hard limit */
13
14 #define USB_MAXCONFIG 8 /* Arbitrary limit */
15
16
plural(int n)17 static inline const char *plural(int n)
18 {
19 return (n == 1 ? "" : "s");
20 }
21
find_next_descriptor(unsigned char * buffer,int size,int dt1,int dt2,int * num_skipped)22 static int find_next_descriptor(unsigned char *buffer, int size,
23 int dt1, int dt2, int *num_skipped)
24 {
25 struct usb_descriptor_header *h;
26 int n = 0;
27 unsigned char *buffer0 = buffer;
28
29 /* Find the next descriptor of type dt1 or dt2 */
30 while (size > 0) {
31 h = (struct usb_descriptor_header *) buffer;
32 if (h->bDescriptorType == dt1 || h->bDescriptorType == dt2)
33 break;
34 buffer += h->bLength;
35 size -= h->bLength;
36 ++n;
37 }
38
39 /* Store the number of descriptors skipped and return the
40 * number of bytes skipped */
41 if (num_skipped)
42 *num_skipped = n;
43 return buffer - buffer0;
44 }
45
usb_parse_ss_endpoint_companion(struct device * ddev,int cfgno,int inum,int asnum,struct usb_host_endpoint * ep,unsigned char * buffer,int size)46 static void usb_parse_ss_endpoint_companion(struct device *ddev, int cfgno,
47 int inum, int asnum, struct usb_host_endpoint *ep,
48 unsigned char *buffer, int size)
49 {
50 struct usb_ss_ep_comp_descriptor *desc;
51 int max_tx;
52
53 /* The SuperSpeed endpoint companion descriptor is supposed to
54 * be the first thing immediately following the endpoint descriptor.
55 */
56 desc = (struct usb_ss_ep_comp_descriptor *) buffer;
57 if (desc->bDescriptorType != USB_DT_SS_ENDPOINT_COMP ||
58 size < USB_DT_SS_EP_COMP_SIZE) {
59 dev_warn(ddev, "No SuperSpeed endpoint companion for config %d "
60 " interface %d altsetting %d ep %d: "
61 "using minimum values\n",
62 cfgno, inum, asnum, ep->desc.bEndpointAddress);
63
64 /* Fill in some default values.
65 * Leave bmAttributes as zero, which will mean no streams for
66 * bulk, and isoc won't support multiple bursts of packets.
67 * With bursts of only one packet, and a Mult of 1, the max
68 * amount of data moved per endpoint service interval is one
69 * packet.
70 */
71 ep->ss_ep_comp.bLength = USB_DT_SS_EP_COMP_SIZE;
72 ep->ss_ep_comp.bDescriptorType = USB_DT_SS_ENDPOINT_COMP;
73 if (usb_endpoint_xfer_isoc(&ep->desc) ||
74 usb_endpoint_xfer_int(&ep->desc))
75 ep->ss_ep_comp.wBytesPerInterval =
76 ep->desc.wMaxPacketSize;
77 return;
78 }
79
80 memcpy(&ep->ss_ep_comp, desc, USB_DT_SS_EP_COMP_SIZE);
81
82 /* Check the various values */
83 if (usb_endpoint_xfer_control(&ep->desc) && desc->bMaxBurst != 0) {
84 dev_warn(ddev, "Control endpoint with bMaxBurst = %d in "
85 "config %d interface %d altsetting %d ep %d: "
86 "setting to zero\n", desc->bMaxBurst,
87 cfgno, inum, asnum, ep->desc.bEndpointAddress);
88 ep->ss_ep_comp.bMaxBurst = 0;
89 } else if (desc->bMaxBurst > 15) {
90 dev_warn(ddev, "Endpoint with bMaxBurst = %d in "
91 "config %d interface %d altsetting %d ep %d: "
92 "setting to 15\n", desc->bMaxBurst,
93 cfgno, inum, asnum, ep->desc.bEndpointAddress);
94 ep->ss_ep_comp.bMaxBurst = 15;
95 }
96
97 if ((usb_endpoint_xfer_control(&ep->desc) ||
98 usb_endpoint_xfer_int(&ep->desc)) &&
99 desc->bmAttributes != 0) {
100 dev_warn(ddev, "%s endpoint with bmAttributes = %d in "
101 "config %d interface %d altsetting %d ep %d: "
102 "setting to zero\n",
103 usb_endpoint_xfer_control(&ep->desc) ? "Control" : "Bulk",
104 desc->bmAttributes,
105 cfgno, inum, asnum, ep->desc.bEndpointAddress);
106 ep->ss_ep_comp.bmAttributes = 0;
107 } else if (usb_endpoint_xfer_bulk(&ep->desc) &&
108 desc->bmAttributes > 16) {
109 dev_warn(ddev, "Bulk endpoint with more than 65536 streams in "
110 "config %d interface %d altsetting %d ep %d: "
111 "setting to max\n",
112 cfgno, inum, asnum, ep->desc.bEndpointAddress);
113 ep->ss_ep_comp.bmAttributes = 16;
114 } else if (usb_endpoint_xfer_isoc(&ep->desc) &&
115 USB_SS_MULT(desc->bmAttributes) > 3) {
116 dev_warn(ddev, "Isoc endpoint has Mult of %d in "
117 "config %d interface %d altsetting %d ep %d: "
118 "setting to 3\n",
119 USB_SS_MULT(desc->bmAttributes),
120 cfgno, inum, asnum, ep->desc.bEndpointAddress);
121 ep->ss_ep_comp.bmAttributes = 2;
122 }
123
124 if (usb_endpoint_xfer_isoc(&ep->desc))
125 max_tx = (desc->bMaxBurst + 1) *
126 (USB_SS_MULT(desc->bmAttributes)) *
127 usb_endpoint_maxp(&ep->desc);
128 else if (usb_endpoint_xfer_int(&ep->desc))
129 max_tx = usb_endpoint_maxp(&ep->desc) *
130 (desc->bMaxBurst + 1);
131 else
132 max_tx = 999999;
133 if (le16_to_cpu(desc->wBytesPerInterval) > max_tx) {
134 dev_warn(ddev, "%s endpoint with wBytesPerInterval of %d in "
135 "config %d interface %d altsetting %d ep %d: "
136 "setting to %d\n",
137 usb_endpoint_xfer_isoc(&ep->desc) ? "Isoc" : "Int",
138 le16_to_cpu(desc->wBytesPerInterval),
139 cfgno, inum, asnum, ep->desc.bEndpointAddress,
140 max_tx);
141 ep->ss_ep_comp.wBytesPerInterval = cpu_to_le16(max_tx);
142 }
143 }
144
145 static const unsigned short low_speed_maxpacket_maxes[4] = {
146 [USB_ENDPOINT_XFER_CONTROL] = 8,
147 [USB_ENDPOINT_XFER_ISOC] = 0,
148 [USB_ENDPOINT_XFER_BULK] = 0,
149 [USB_ENDPOINT_XFER_INT] = 8,
150 };
151 static const unsigned short full_speed_maxpacket_maxes[4] = {
152 [USB_ENDPOINT_XFER_CONTROL] = 64,
153 [USB_ENDPOINT_XFER_ISOC] = 1023,
154 [USB_ENDPOINT_XFER_BULK] = 64,
155 [USB_ENDPOINT_XFER_INT] = 64,
156 };
157 static const unsigned short high_speed_maxpacket_maxes[4] = {
158 [USB_ENDPOINT_XFER_CONTROL] = 64,
159 [USB_ENDPOINT_XFER_ISOC] = 1024,
160
161 /* Bulk should be 512, but some devices use 1024: we will warn below */
162 [USB_ENDPOINT_XFER_BULK] = 1024,
163 [USB_ENDPOINT_XFER_INT] = 1024,
164 };
165 static const unsigned short super_speed_maxpacket_maxes[4] = {
166 [USB_ENDPOINT_XFER_CONTROL] = 512,
167 [USB_ENDPOINT_XFER_ISOC] = 1024,
168 [USB_ENDPOINT_XFER_BULK] = 1024,
169 [USB_ENDPOINT_XFER_INT] = 1024,
170 };
171
endpoint_is_duplicate(struct usb_endpoint_descriptor * e1,struct usb_endpoint_descriptor * e2)172 static bool endpoint_is_duplicate(struct usb_endpoint_descriptor *e1,
173 struct usb_endpoint_descriptor *e2)
174 {
175 if (e1->bEndpointAddress == e2->bEndpointAddress)
176 return true;
177
178 if (usb_endpoint_xfer_control(e1) || usb_endpoint_xfer_control(e2)) {
179 if (usb_endpoint_num(e1) == usb_endpoint_num(e2))
180 return true;
181 }
182
183 return false;
184 }
185
186 /*
187 * Check for duplicate endpoint addresses in other interfaces and in the
188 * altsetting currently being parsed.
189 */
config_endpoint_is_duplicate(struct usb_host_config * config,int inum,int asnum,struct usb_endpoint_descriptor * d)190 static bool config_endpoint_is_duplicate(struct usb_host_config *config,
191 int inum, int asnum, struct usb_endpoint_descriptor *d)
192 {
193 struct usb_endpoint_descriptor *epd;
194 struct usb_interface_cache *intfc;
195 struct usb_host_interface *alt;
196 int i, j, k;
197
198 for (i = 0; i < config->desc.bNumInterfaces; ++i) {
199 intfc = config->intf_cache[i];
200
201 for (j = 0; j < intfc->num_altsetting; ++j) {
202 alt = &intfc->altsetting[j];
203
204 if (alt->desc.bInterfaceNumber == inum &&
205 alt->desc.bAlternateSetting != asnum)
206 continue;
207
208 for (k = 0; k < alt->desc.bNumEndpoints; ++k) {
209 epd = &alt->endpoint[k].desc;
210
211 if (endpoint_is_duplicate(epd, d))
212 return true;
213 }
214 }
215 }
216
217 return false;
218 }
219
usb_parse_endpoint(struct device * ddev,int cfgno,struct usb_host_config * config,int inum,int asnum,struct usb_host_interface * ifp,int num_ep,unsigned char * buffer,int size)220 static int usb_parse_endpoint(struct device *ddev, int cfgno,
221 struct usb_host_config *config, int inum, int asnum,
222 struct usb_host_interface *ifp, int num_ep,
223 unsigned char *buffer, int size)
224 {
225 struct usb_device *udev = to_usb_device(ddev);
226 unsigned char *buffer0 = buffer;
227 struct usb_endpoint_descriptor *d;
228 struct usb_host_endpoint *endpoint;
229 int n, i, j, retval;
230 unsigned int maxp;
231 const unsigned short *maxpacket_maxes;
232
233 d = (struct usb_endpoint_descriptor *) buffer;
234 buffer += d->bLength;
235 size -= d->bLength;
236
237 if (d->bLength >= USB_DT_ENDPOINT_AUDIO_SIZE)
238 n = USB_DT_ENDPOINT_AUDIO_SIZE;
239 else if (d->bLength >= USB_DT_ENDPOINT_SIZE)
240 n = USB_DT_ENDPOINT_SIZE;
241 else {
242 dev_warn(ddev, "config %d interface %d altsetting %d has an "
243 "invalid endpoint descriptor of length %d, skipping\n",
244 cfgno, inum, asnum, d->bLength);
245 goto skip_to_next_endpoint_or_interface_descriptor;
246 }
247
248 i = d->bEndpointAddress & ~USB_ENDPOINT_DIR_MASK;
249 if (i >= 16 || i == 0) {
250 dev_warn(ddev, "config %d interface %d altsetting %d has an "
251 "invalid endpoint with address 0x%X, skipping\n",
252 cfgno, inum, asnum, d->bEndpointAddress);
253 goto skip_to_next_endpoint_or_interface_descriptor;
254 }
255
256 /* Only store as many endpoints as we have room for */
257 if (ifp->desc.bNumEndpoints >= num_ep)
258 goto skip_to_next_endpoint_or_interface_descriptor;
259
260 /* Check for duplicate endpoint addresses */
261 if (config_endpoint_is_duplicate(config, inum, asnum, d)) {
262 dev_warn(ddev, "config %d interface %d altsetting %d has a duplicate endpoint with address 0x%X, skipping\n",
263 cfgno, inum, asnum, d->bEndpointAddress);
264 goto skip_to_next_endpoint_or_interface_descriptor;
265 }
266
267 /* Ignore blacklisted endpoints */
268 if (udev->quirks & USB_QUIRK_ENDPOINT_BLACKLIST) {
269 if (usb_endpoint_is_blacklisted(udev, ifp, d)) {
270 dev_warn(ddev, "config %d interface %d altsetting %d has a blacklisted endpoint with address 0x%X, skipping\n",
271 cfgno, inum, asnum,
272 d->bEndpointAddress);
273 goto skip_to_next_endpoint_or_interface_descriptor;
274 }
275 }
276
277 endpoint = &ifp->endpoint[ifp->desc.bNumEndpoints];
278 ++ifp->desc.bNumEndpoints;
279
280 memcpy(&endpoint->desc, d, n);
281 INIT_LIST_HEAD(&endpoint->urb_list);
282
283 /*
284 * Fix up bInterval values outside the legal range.
285 * Use 10 or 8 ms if no proper value can be guessed.
286 */
287 i = 0; /* i = min, j = max, n = default */
288 j = 255;
289 if (usb_endpoint_xfer_int(d)) {
290 i = 1;
291 switch (to_usb_device(ddev)->speed) {
292 case USB_SPEED_SUPER_PLUS:
293 case USB_SPEED_SUPER:
294 case USB_SPEED_HIGH:
295 /*
296 * Many device manufacturers are using full-speed
297 * bInterval values in high-speed interrupt endpoint
298 * descriptors. Try to fix those and fall back to an
299 * 8-ms default value otherwise.
300 */
301 n = fls(d->bInterval*8);
302 if (n == 0)
303 n = 7; /* 8 ms = 2^(7-1) uframes */
304 j = 16;
305
306 /*
307 * Adjust bInterval for quirked devices.
308 */
309 /*
310 * This quirk fixes bIntervals reported in ms.
311 */
312 if (to_usb_device(ddev)->quirks &
313 USB_QUIRK_LINEAR_FRAME_INTR_BINTERVAL) {
314 n = clamp(fls(d->bInterval) + 3, i, j);
315 i = j = n;
316 }
317 /*
318 * This quirk fixes bIntervals reported in
319 * linear microframes.
320 */
321 if (to_usb_device(ddev)->quirks &
322 USB_QUIRK_LINEAR_UFRAME_INTR_BINTERVAL) {
323 n = clamp(fls(d->bInterval), i, j);
324 i = j = n;
325 }
326 break;
327 default: /* USB_SPEED_FULL or _LOW */
328 /*
329 * For low-speed, 10 ms is the official minimum.
330 * But some "overclocked" devices might want faster
331 * polling so we'll allow it.
332 */
333 n = 10;
334 break;
335 }
336 } else if (usb_endpoint_xfer_isoc(d)) {
337 i = 1;
338 j = 16;
339 switch (to_usb_device(ddev)->speed) {
340 case USB_SPEED_HIGH:
341 n = 7; /* 8 ms = 2^(7-1) uframes */
342 break;
343 default: /* USB_SPEED_FULL */
344 n = 4; /* 8 ms = 2^(4-1) frames */
345 break;
346 }
347 }
348 if (d->bInterval < i || d->bInterval > j) {
349 dev_warn(ddev, "config %d interface %d altsetting %d "
350 "endpoint 0x%X has an invalid bInterval %d, "
351 "changing to %d\n",
352 cfgno, inum, asnum,
353 d->bEndpointAddress, d->bInterval, n);
354 endpoint->desc.bInterval = n;
355 }
356
357 /* Some buggy low-speed devices have Bulk endpoints, which is
358 * explicitly forbidden by the USB spec. In an attempt to make
359 * them usable, we will try treating them as Interrupt endpoints.
360 */
361 if (to_usb_device(ddev)->speed == USB_SPEED_LOW &&
362 usb_endpoint_xfer_bulk(d)) {
363 dev_warn(ddev, "config %d interface %d altsetting %d "
364 "endpoint 0x%X is Bulk; changing to Interrupt\n",
365 cfgno, inum, asnum, d->bEndpointAddress);
366 endpoint->desc.bmAttributes = USB_ENDPOINT_XFER_INT;
367 endpoint->desc.bInterval = 1;
368 if (usb_endpoint_maxp(&endpoint->desc) > 8)
369 endpoint->desc.wMaxPacketSize = cpu_to_le16(8);
370 }
371
372 /*
373 * Validate the wMaxPacketSize field.
374 * Some devices have isochronous endpoints in altsetting 0;
375 * the USB-2 spec requires such endpoints to have wMaxPacketSize = 0
376 * (see the end of section 5.6.3), so don't warn about them.
377 */
378 maxp = le16_to_cpu(endpoint->desc.wMaxPacketSize);
379 if (maxp == 0 && !(usb_endpoint_xfer_isoc(d) && asnum == 0)) {
380 dev_warn(ddev, "config %d interface %d altsetting %d endpoint 0x%X has invalid wMaxPacketSize 0\n",
381 cfgno, inum, asnum, d->bEndpointAddress);
382 }
383
384 /* Find the highest legal maxpacket size for this endpoint */
385 i = 0; /* additional transactions per microframe */
386 switch (to_usb_device(ddev)->speed) {
387 case USB_SPEED_LOW:
388 maxpacket_maxes = low_speed_maxpacket_maxes;
389 break;
390 case USB_SPEED_FULL:
391 maxpacket_maxes = full_speed_maxpacket_maxes;
392 break;
393 case USB_SPEED_HIGH:
394 /* Bits 12..11 are allowed only for HS periodic endpoints */
395 if (usb_endpoint_xfer_int(d) || usb_endpoint_xfer_isoc(d)) {
396 i = maxp & (BIT(12) | BIT(11));
397 maxp &= ~i;
398 }
399 /* fallthrough */
400 default:
401 maxpacket_maxes = high_speed_maxpacket_maxes;
402 break;
403 case USB_SPEED_SUPER:
404 case USB_SPEED_SUPER_PLUS:
405 maxpacket_maxes = super_speed_maxpacket_maxes;
406 break;
407 }
408 j = maxpacket_maxes[usb_endpoint_type(&endpoint->desc)];
409
410 if (maxp > j) {
411 dev_warn(ddev, "config %d interface %d altsetting %d endpoint 0x%X has invalid maxpacket %d, setting to %d\n",
412 cfgno, inum, asnum, d->bEndpointAddress, maxp, j);
413 maxp = j;
414 endpoint->desc.wMaxPacketSize = cpu_to_le16(i | maxp);
415 }
416
417 /*
418 * Some buggy high speed devices have bulk endpoints using
419 * maxpacket sizes other than 512. High speed HCDs may not
420 * be able to handle that particular bug, so let's warn...
421 */
422 if (to_usb_device(ddev)->speed == USB_SPEED_HIGH
423 && usb_endpoint_xfer_bulk(d)) {
424 if (maxp != 512)
425 dev_warn(ddev, "config %d interface %d altsetting %d "
426 "bulk endpoint 0x%X has invalid maxpacket %d\n",
427 cfgno, inum, asnum, d->bEndpointAddress,
428 maxp);
429 }
430
431 /* Parse a possible SuperSpeed endpoint companion descriptor */
432 if (to_usb_device(ddev)->speed >= USB_SPEED_SUPER)
433 usb_parse_ss_endpoint_companion(ddev, cfgno,
434 inum, asnum, endpoint, buffer, size);
435
436 /* Skip over any Class Specific or Vendor Specific descriptors;
437 * find the next endpoint or interface descriptor */
438 endpoint->extra = buffer;
439 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
440 USB_DT_INTERFACE, &n);
441 endpoint->extralen = i;
442 retval = buffer - buffer0 + i;
443 if (n > 0)
444 dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
445 n, plural(n), "endpoint");
446 return retval;
447
448 skip_to_next_endpoint_or_interface_descriptor:
449 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
450 USB_DT_INTERFACE, NULL);
451 return buffer - buffer0 + i;
452 }
453
usb_release_interface_cache(struct kref * ref)454 void usb_release_interface_cache(struct kref *ref)
455 {
456 struct usb_interface_cache *intfc = ref_to_usb_interface_cache(ref);
457 int j;
458
459 for (j = 0; j < intfc->num_altsetting; j++) {
460 struct usb_host_interface *alt = &intfc->altsetting[j];
461
462 kfree(alt->endpoint);
463 kfree(alt->string);
464 }
465 kfree(intfc);
466 }
467
usb_parse_interface(struct device * ddev,int cfgno,struct usb_host_config * config,unsigned char * buffer,int size,u8 inums[],u8 nalts[])468 static int usb_parse_interface(struct device *ddev, int cfgno,
469 struct usb_host_config *config, unsigned char *buffer, int size,
470 u8 inums[], u8 nalts[])
471 {
472 unsigned char *buffer0 = buffer;
473 struct usb_interface_descriptor *d;
474 int inum, asnum;
475 struct usb_interface_cache *intfc;
476 struct usb_host_interface *alt;
477 int i, n;
478 int len, retval;
479 int num_ep, num_ep_orig;
480
481 d = (struct usb_interface_descriptor *) buffer;
482 buffer += d->bLength;
483 size -= d->bLength;
484
485 if (d->bLength < USB_DT_INTERFACE_SIZE)
486 goto skip_to_next_interface_descriptor;
487
488 /* Which interface entry is this? */
489 intfc = NULL;
490 inum = d->bInterfaceNumber;
491 for (i = 0; i < config->desc.bNumInterfaces; ++i) {
492 if (inums[i] == inum) {
493 intfc = config->intf_cache[i];
494 break;
495 }
496 }
497 if (!intfc || intfc->num_altsetting >= nalts[i])
498 goto skip_to_next_interface_descriptor;
499
500 /* Check for duplicate altsetting entries */
501 asnum = d->bAlternateSetting;
502 for ((i = 0, alt = &intfc->altsetting[0]);
503 i < intfc->num_altsetting;
504 (++i, ++alt)) {
505 if (alt->desc.bAlternateSetting == asnum) {
506 dev_warn(ddev, "Duplicate descriptor for config %d "
507 "interface %d altsetting %d, skipping\n",
508 cfgno, inum, asnum);
509 goto skip_to_next_interface_descriptor;
510 }
511 }
512
513 ++intfc->num_altsetting;
514 memcpy(&alt->desc, d, USB_DT_INTERFACE_SIZE);
515
516 /* Skip over any Class Specific or Vendor Specific descriptors;
517 * find the first endpoint or interface descriptor */
518 alt->extra = buffer;
519 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
520 USB_DT_INTERFACE, &n);
521 alt->extralen = i;
522 if (n > 0)
523 dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
524 n, plural(n), "interface");
525 buffer += i;
526 size -= i;
527
528 /* Allocate space for the right(?) number of endpoints */
529 num_ep = num_ep_orig = alt->desc.bNumEndpoints;
530 alt->desc.bNumEndpoints = 0; /* Use as a counter */
531 if (num_ep > USB_MAXENDPOINTS) {
532 dev_warn(ddev, "too many endpoints for config %d interface %d "
533 "altsetting %d: %d, using maximum allowed: %d\n",
534 cfgno, inum, asnum, num_ep, USB_MAXENDPOINTS);
535 num_ep = USB_MAXENDPOINTS;
536 }
537
538 if (num_ep > 0) {
539 /* Can't allocate 0 bytes */
540 len = sizeof(struct usb_host_endpoint) * num_ep;
541 alt->endpoint = kzalloc(len, GFP_KERNEL);
542 if (!alt->endpoint)
543 return -ENOMEM;
544 }
545
546 /* Parse all the endpoint descriptors */
547 n = 0;
548 while (size > 0) {
549 if (((struct usb_descriptor_header *) buffer)->bDescriptorType
550 == USB_DT_INTERFACE)
551 break;
552 retval = usb_parse_endpoint(ddev, cfgno, config, inum, asnum,
553 alt, num_ep, buffer, size);
554 if (retval < 0)
555 return retval;
556 ++n;
557
558 buffer += retval;
559 size -= retval;
560 }
561
562 if (n != num_ep_orig)
563 dev_warn(ddev, "config %d interface %d altsetting %d has %d "
564 "endpoint descriptor%s, different from the interface "
565 "descriptor's value: %d\n",
566 cfgno, inum, asnum, n, plural(n), num_ep_orig);
567 return buffer - buffer0;
568
569 skip_to_next_interface_descriptor:
570 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE,
571 USB_DT_INTERFACE, NULL);
572 return buffer - buffer0 + i;
573 }
574
usb_parse_configuration(struct usb_device * dev,int cfgidx,struct usb_host_config * config,unsigned char * buffer,int size)575 static int usb_parse_configuration(struct usb_device *dev, int cfgidx,
576 struct usb_host_config *config, unsigned char *buffer, int size)
577 {
578 struct device *ddev = &dev->dev;
579 unsigned char *buffer0 = buffer;
580 int cfgno;
581 int nintf, nintf_orig;
582 int i, j, n;
583 struct usb_interface_cache *intfc;
584 unsigned char *buffer2;
585 int size2;
586 struct usb_descriptor_header *header;
587 int len, retval;
588 u8 inums[USB_MAXINTERFACES], nalts[USB_MAXINTERFACES];
589 unsigned iad_num = 0;
590
591 memcpy(&config->desc, buffer, USB_DT_CONFIG_SIZE);
592 nintf = nintf_orig = config->desc.bNumInterfaces;
593 config->desc.bNumInterfaces = 0; // Adjusted later
594
595 if (config->desc.bDescriptorType != USB_DT_CONFIG ||
596 config->desc.bLength < USB_DT_CONFIG_SIZE ||
597 config->desc.bLength > size) {
598 dev_err(ddev, "invalid descriptor for config index %d: "
599 "type = 0x%X, length = %d\n", cfgidx,
600 config->desc.bDescriptorType, config->desc.bLength);
601 return -EINVAL;
602 }
603 cfgno = config->desc.bConfigurationValue;
604
605 buffer += config->desc.bLength;
606 size -= config->desc.bLength;
607
608 if (nintf > USB_MAXINTERFACES) {
609 dev_warn(ddev, "config %d has too many interfaces: %d, "
610 "using maximum allowed: %d\n",
611 cfgno, nintf, USB_MAXINTERFACES);
612 nintf = USB_MAXINTERFACES;
613 }
614
615 /* Go through the descriptors, checking their length and counting the
616 * number of altsettings for each interface */
617 n = 0;
618 for ((buffer2 = buffer, size2 = size);
619 size2 > 0;
620 (buffer2 += header->bLength, size2 -= header->bLength)) {
621
622 if (size2 < sizeof(struct usb_descriptor_header)) {
623 dev_warn(ddev, "config %d descriptor has %d excess "
624 "byte%s, ignoring\n",
625 cfgno, size2, plural(size2));
626 break;
627 }
628
629 header = (struct usb_descriptor_header *) buffer2;
630 if ((header->bLength > size2) || (header->bLength < 2)) {
631 dev_warn(ddev, "config %d has an invalid descriptor "
632 "of length %d, skipping remainder of the config\n",
633 cfgno, header->bLength);
634 break;
635 }
636
637 if (header->bDescriptorType == USB_DT_INTERFACE) {
638 struct usb_interface_descriptor *d;
639 int inum;
640
641 d = (struct usb_interface_descriptor *) header;
642 if (d->bLength < USB_DT_INTERFACE_SIZE) {
643 dev_warn(ddev, "config %d has an invalid "
644 "interface descriptor of length %d, "
645 "skipping\n", cfgno, d->bLength);
646 continue;
647 }
648
649 inum = d->bInterfaceNumber;
650
651 if ((dev->quirks & USB_QUIRK_HONOR_BNUMINTERFACES) &&
652 n >= nintf_orig) {
653 dev_warn(ddev, "config %d has more interface "
654 "descriptors, than it declares in "
655 "bNumInterfaces, ignoring interface "
656 "number: %d\n", cfgno, inum);
657 continue;
658 }
659
660 if (inum >= nintf_orig)
661 dev_warn(ddev, "config %d has an invalid "
662 "interface number: %d but max is %d\n",
663 cfgno, inum, nintf_orig - 1);
664
665 /* Have we already encountered this interface?
666 * Count its altsettings */
667 for (i = 0; i < n; ++i) {
668 if (inums[i] == inum)
669 break;
670 }
671 if (i < n) {
672 if (nalts[i] < 255)
673 ++nalts[i];
674 } else if (n < USB_MAXINTERFACES) {
675 inums[n] = inum;
676 nalts[n] = 1;
677 ++n;
678 }
679
680 } else if (header->bDescriptorType ==
681 USB_DT_INTERFACE_ASSOCIATION) {
682 struct usb_interface_assoc_descriptor *d;
683
684 d = (struct usb_interface_assoc_descriptor *)header;
685 if (d->bLength < USB_DT_INTERFACE_ASSOCIATION_SIZE) {
686 dev_warn(ddev,
687 "config %d has an invalid interface association descriptor of length %d, skipping\n",
688 cfgno, d->bLength);
689 continue;
690 }
691
692 if (iad_num == USB_MAXIADS) {
693 dev_warn(ddev, "found more Interface "
694 "Association Descriptors "
695 "than allocated for in "
696 "configuration %d\n", cfgno);
697 } else {
698 config->intf_assoc[iad_num] = d;
699 iad_num++;
700 }
701
702 } else if (header->bDescriptorType == USB_DT_DEVICE ||
703 header->bDescriptorType == USB_DT_CONFIG)
704 dev_warn(ddev, "config %d contains an unexpected "
705 "descriptor of type 0x%X, skipping\n",
706 cfgno, header->bDescriptorType);
707
708 } /* for ((buffer2 = buffer, size2 = size); ...) */
709 size = buffer2 - buffer;
710 config->desc.wTotalLength = cpu_to_le16(buffer2 - buffer0);
711
712 if (n != nintf)
713 dev_warn(ddev, "config %d has %d interface%s, different from "
714 "the descriptor's value: %d\n",
715 cfgno, n, plural(n), nintf_orig);
716 else if (n == 0)
717 dev_warn(ddev, "config %d has no interfaces?\n", cfgno);
718 config->desc.bNumInterfaces = nintf = n;
719
720 /* Check for missing interface numbers */
721 for (i = 0; i < nintf; ++i) {
722 for (j = 0; j < nintf; ++j) {
723 if (inums[j] == i)
724 break;
725 }
726 if (j >= nintf)
727 dev_warn(ddev, "config %d has no interface number "
728 "%d\n", cfgno, i);
729 }
730
731 /* Allocate the usb_interface_caches and altsetting arrays */
732 for (i = 0; i < nintf; ++i) {
733 j = nalts[i];
734 if (j > USB_MAXALTSETTING) {
735 dev_warn(ddev, "too many alternate settings for "
736 "config %d interface %d: %d, "
737 "using maximum allowed: %d\n",
738 cfgno, inums[i], j, USB_MAXALTSETTING);
739 nalts[i] = j = USB_MAXALTSETTING;
740 }
741
742 len = sizeof(*intfc) + sizeof(struct usb_host_interface) * j;
743 config->intf_cache[i] = intfc = kzalloc(len, GFP_KERNEL);
744 if (!intfc)
745 return -ENOMEM;
746 kref_init(&intfc->ref);
747 }
748
749 /* FIXME: parse the BOS descriptor */
750
751 /* Skip over any Class Specific or Vendor Specific descriptors;
752 * find the first interface descriptor */
753 config->extra = buffer;
754 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE,
755 USB_DT_INTERFACE, &n);
756 config->extralen = i;
757 if (n > 0)
758 dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
759 n, plural(n), "configuration");
760 buffer += i;
761 size -= i;
762
763 /* Parse all the interface/altsetting descriptors */
764 while (size > 0) {
765 retval = usb_parse_interface(ddev, cfgno, config,
766 buffer, size, inums, nalts);
767 if (retval < 0)
768 return retval;
769
770 buffer += retval;
771 size -= retval;
772 }
773
774 /* Check for missing altsettings */
775 for (i = 0; i < nintf; ++i) {
776 intfc = config->intf_cache[i];
777 for (j = 0; j < intfc->num_altsetting; ++j) {
778 for (n = 0; n < intfc->num_altsetting; ++n) {
779 if (intfc->altsetting[n].desc.
780 bAlternateSetting == j)
781 break;
782 }
783 if (n >= intfc->num_altsetting)
784 dev_warn(ddev, "config %d interface %d has no "
785 "altsetting %d\n", cfgno, inums[i], j);
786 }
787 }
788
789 return 0;
790 }
791
792 /* hub-only!! ... and only exported for reset/reinit path.
793 * otherwise used internally on disconnect/destroy path
794 */
usb_destroy_configuration(struct usb_device * dev)795 void usb_destroy_configuration(struct usb_device *dev)
796 {
797 int c, i;
798
799 if (!dev->config)
800 return;
801
802 if (dev->rawdescriptors) {
803 for (i = 0; i < dev->descriptor.bNumConfigurations; i++)
804 kfree(dev->rawdescriptors[i]);
805
806 kfree(dev->rawdescriptors);
807 dev->rawdescriptors = NULL;
808 }
809
810 for (c = 0; c < dev->descriptor.bNumConfigurations; c++) {
811 struct usb_host_config *cf = &dev->config[c];
812
813 kfree(cf->string);
814 for (i = 0; i < cf->desc.bNumInterfaces; i++) {
815 if (cf->intf_cache[i])
816 kref_put(&cf->intf_cache[i]->ref,
817 usb_release_interface_cache);
818 }
819 }
820 kfree(dev->config);
821 dev->config = NULL;
822 }
823
824
825 /*
826 * Get the USB config descriptors, cache and parse'em
827 *
828 * hub-only!! ... and only in reset path, or usb_new_device()
829 * (used by real hubs and virtual root hubs)
830 */
usb_get_configuration(struct usb_device * dev)831 int usb_get_configuration(struct usb_device *dev)
832 {
833 struct device *ddev = &dev->dev;
834 int ncfg = dev->descriptor.bNumConfigurations;
835 int result = 0;
836 unsigned int cfgno, length;
837 unsigned char *bigbuffer;
838 struct usb_config_descriptor *desc;
839
840 cfgno = 0;
841 result = -ENOMEM;
842 if (ncfg > USB_MAXCONFIG) {
843 dev_warn(ddev, "too many configurations: %d, "
844 "using maximum allowed: %d\n", ncfg, USB_MAXCONFIG);
845 dev->descriptor.bNumConfigurations = ncfg = USB_MAXCONFIG;
846 }
847
848 if (ncfg < 1) {
849 dev_err(ddev, "no configurations\n");
850 return -EINVAL;
851 }
852
853 length = ncfg * sizeof(struct usb_host_config);
854 dev->config = kzalloc(length, GFP_KERNEL);
855 if (!dev->config)
856 goto err2;
857
858 length = ncfg * sizeof(char *);
859 dev->rawdescriptors = kzalloc(length, GFP_KERNEL);
860 if (!dev->rawdescriptors)
861 goto err2;
862
863 desc = kmalloc(USB_DT_CONFIG_SIZE, GFP_KERNEL);
864 if (!desc)
865 goto err2;
866
867 result = 0;
868 for (; cfgno < ncfg; cfgno++) {
869 /* We grab just the first descriptor so we know how long
870 * the whole configuration is */
871 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno,
872 desc, USB_DT_CONFIG_SIZE);
873 if (result < 0) {
874 dev_err(ddev, "unable to read config index %d "
875 "descriptor/%s: %d\n", cfgno, "start", result);
876 if (result != -EPIPE)
877 goto err;
878 dev_err(ddev, "chopping to %d config(s)\n", cfgno);
879 dev->descriptor.bNumConfigurations = cfgno;
880 break;
881 } else if (result < 4) {
882 dev_err(ddev, "config index %d descriptor too short "
883 "(expected %i, got %i)\n", cfgno,
884 USB_DT_CONFIG_SIZE, result);
885 result = -EINVAL;
886 goto err;
887 }
888 length = max((int) le16_to_cpu(desc->wTotalLength),
889 USB_DT_CONFIG_SIZE);
890
891 /* Now that we know the length, get the whole thing */
892 bigbuffer = kmalloc(length, GFP_KERNEL);
893 if (!bigbuffer) {
894 result = -ENOMEM;
895 goto err;
896 }
897
898 if (dev->quirks & USB_QUIRK_DELAY_INIT)
899 msleep(200);
900
901 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno,
902 bigbuffer, length);
903 if (result < 0) {
904 dev_err(ddev, "unable to read config index %d "
905 "descriptor/%s\n", cfgno, "all");
906 kfree(bigbuffer);
907 goto err;
908 }
909 if (result < length) {
910 dev_warn(ddev, "config index %d descriptor too short "
911 "(expected %i, got %i)\n", cfgno, length, result);
912 length = result;
913 }
914
915 dev->rawdescriptors[cfgno] = bigbuffer;
916
917 result = usb_parse_configuration(dev, cfgno,
918 &dev->config[cfgno], bigbuffer, length);
919 if (result < 0) {
920 ++cfgno;
921 goto err;
922 }
923 }
924 result = 0;
925
926 err:
927 kfree(desc);
928 dev->descriptor.bNumConfigurations = cfgno;
929 err2:
930 if (result == -ENOMEM)
931 dev_err(ddev, "out of memory\n");
932 return result;
933 }
934
usb_release_bos_descriptor(struct usb_device * dev)935 void usb_release_bos_descriptor(struct usb_device *dev)
936 {
937 if (dev->bos) {
938 kfree(dev->bos->desc);
939 kfree(dev->bos);
940 dev->bos = NULL;
941 }
942 }
943
944 static const __u8 bos_desc_len[256] = {
945 [USB_CAP_TYPE_WIRELESS_USB] = USB_DT_USB_WIRELESS_CAP_SIZE,
946 [USB_CAP_TYPE_EXT] = USB_DT_USB_EXT_CAP_SIZE,
947 [USB_SS_CAP_TYPE] = USB_DT_USB_SS_CAP_SIZE,
948 [USB_SSP_CAP_TYPE] = USB_DT_USB_SSP_CAP_SIZE(1),
949 [CONTAINER_ID_TYPE] = USB_DT_USB_SS_CONTN_ID_SIZE,
950 [USB_PTM_CAP_TYPE] = USB_DT_USB_PTM_ID_SIZE,
951 };
952
953 /* Get BOS descriptor set */
usb_get_bos_descriptor(struct usb_device * dev)954 int usb_get_bos_descriptor(struct usb_device *dev)
955 {
956 struct device *ddev = &dev->dev;
957 struct usb_bos_descriptor *bos;
958 struct usb_dev_cap_header *cap;
959 struct usb_ssp_cap_descriptor *ssp_cap;
960 unsigned char *buffer, *buffer0;
961 int length, total_len, num, i, ssac;
962 __u8 cap_type;
963 int ret;
964
965 bos = kzalloc(sizeof(struct usb_bos_descriptor), GFP_KERNEL);
966 if (!bos)
967 return -ENOMEM;
968
969 /* Get BOS descriptor */
970 ret = usb_get_descriptor(dev, USB_DT_BOS, 0, bos, USB_DT_BOS_SIZE);
971 if (ret < USB_DT_BOS_SIZE || bos->bLength < USB_DT_BOS_SIZE) {
972 dev_err(ddev, "unable to get BOS descriptor or descriptor too short\n");
973 if (ret >= 0)
974 ret = -ENOMSG;
975 kfree(bos);
976 return ret;
977 }
978
979 length = bos->bLength;
980 total_len = le16_to_cpu(bos->wTotalLength);
981 num = bos->bNumDeviceCaps;
982 kfree(bos);
983 if (total_len < length)
984 return -EINVAL;
985
986 dev->bos = kzalloc(sizeof(struct usb_host_bos), GFP_KERNEL);
987 if (!dev->bos)
988 return -ENOMEM;
989
990 /* Now let's get the whole BOS descriptor set */
991 buffer = kzalloc(total_len, GFP_KERNEL);
992 if (!buffer) {
993 ret = -ENOMEM;
994 goto err;
995 }
996 dev->bos->desc = (struct usb_bos_descriptor *)buffer;
997
998 ret = usb_get_descriptor(dev, USB_DT_BOS, 0, buffer, total_len);
999 if (ret < total_len) {
1000 dev_err(ddev, "unable to get BOS descriptor set\n");
1001 if (ret >= 0)
1002 ret = -ENOMSG;
1003 goto err;
1004 }
1005
1006 buffer0 = buffer;
1007 total_len -= length;
1008 buffer += length;
1009
1010 for (i = 0; i < num; i++) {
1011 cap = (struct usb_dev_cap_header *)buffer;
1012
1013 if (total_len < sizeof(*cap) || total_len < cap->bLength) {
1014 dev->bos->desc->bNumDeviceCaps = i;
1015 break;
1016 }
1017 cap_type = cap->bDevCapabilityType;
1018 length = cap->bLength;
1019 if (bos_desc_len[cap_type] && length < bos_desc_len[cap_type]) {
1020 dev->bos->desc->bNumDeviceCaps = i;
1021 break;
1022 }
1023
1024 if (cap->bDescriptorType != USB_DT_DEVICE_CAPABILITY) {
1025 dev_warn(ddev, "descriptor type invalid, skip\n");
1026 continue;
1027 }
1028
1029 switch (cap_type) {
1030 case USB_CAP_TYPE_WIRELESS_USB:
1031 /* Wireless USB cap descriptor is handled by wusb */
1032 break;
1033 case USB_CAP_TYPE_EXT:
1034 dev->bos->ext_cap =
1035 (struct usb_ext_cap_descriptor *)buffer;
1036 break;
1037 case USB_SS_CAP_TYPE:
1038 dev->bos->ss_cap =
1039 (struct usb_ss_cap_descriptor *)buffer;
1040 break;
1041 case USB_SSP_CAP_TYPE:
1042 ssp_cap = (struct usb_ssp_cap_descriptor *)buffer;
1043 ssac = (le32_to_cpu(ssp_cap->bmAttributes) &
1044 USB_SSP_SUBLINK_SPEED_ATTRIBS);
1045 if (length >= USB_DT_USB_SSP_CAP_SIZE(ssac))
1046 dev->bos->ssp_cap = ssp_cap;
1047 break;
1048 case CONTAINER_ID_TYPE:
1049 dev->bos->ss_id =
1050 (struct usb_ss_container_id_descriptor *)buffer;
1051 break;
1052 case USB_PTM_CAP_TYPE:
1053 dev->bos->ptm_cap =
1054 (struct usb_ptm_cap_descriptor *)buffer;
1055 default:
1056 break;
1057 }
1058
1059 total_len -= length;
1060 buffer += length;
1061 }
1062 dev->bos->desc->wTotalLength = cpu_to_le16(buffer - buffer0);
1063
1064 return 0;
1065
1066 err:
1067 usb_release_bos_descriptor(dev);
1068 return ret;
1069 }
1070