usb/core/config.c

0001 // SPDX-License-Identifier: GPL-2.0
0002 /*
0003  * Released under the GPLv2 only.
0004  */
0005
0006 #include <linux/usb.h>
0007 #include <linux/usb/ch9.h>
0008 #include <linux/usb/hcd.h>
0009 #include <linux/usb/quirks.h>
0010 #include <linux/module.h>
0011 #include <linux/slab.h>
0012 #include <linux/device.h>
0013 #include <asm/byteorder.h>
0014 #include "usb.h"
0015
0016
0017 #define USB_MAXALTSETTING       128 /* Hard limit */
0018
0019 #define USB_MAXCONFIG           8   /* Arbitrary limit */
0020
0021
0022 static inline const char *plural(int n)
0023 {
0024     return (n == 1 ? "" : "s");
0025 }
0026
0027 static int find_next_descriptor(unsigned char *buffer, int size,
0028     int dt1, int dt2, int *num_skipped)
0029 {
0030     struct usb_descriptor_header *h;
0031     int n = 0;
0032     unsigned char *buffer0 = buffer;
0033
0034     /* Find the next descriptor of type dt1 or dt2 */
0035     while (size > 0) {
0036         h = (struct usb_descriptor_header *) buffer;
0037         if (h->bDescriptorType == dt1 || h->bDescriptorType == dt2)
0038             break;
0039         buffer += h->bLength;
0040         size -= h->bLength;
0041         ++n;
0042     }
0043
0044     /* Store the number of descriptors skipped and return the
0045      * number of bytes skipped */
0046     if (num_skipped)
0047         *num_skipped = n;
0048     return buffer - buffer0;
0049 }
0050
0051 static void usb_parse_ssp_isoc_endpoint_companion(struct device *ddev,
0052         int cfgno, int inum, int asnum, struct usb_host_endpoint *ep,
0053         unsigned char *buffer, int size)
0054 {
0055     struct usb_ssp_isoc_ep_comp_descriptor *desc;
0056
0057     /*
0058      * The SuperSpeedPlus Isoc endpoint companion descriptor immediately
0059      * follows the SuperSpeed Endpoint Companion descriptor
0060      */
0061     desc = (struct usb_ssp_isoc_ep_comp_descriptor *) buffer;
0062     if (desc->bDescriptorType != USB_DT_SSP_ISOC_ENDPOINT_COMP ||
0063         size < USB_DT_SSP_ISOC_EP_COMP_SIZE) {
0064         dev_warn(ddev, "Invalid SuperSpeedPlus isoc endpoint companion"
0065              "for config %d interface %d altsetting %d ep %d.\n",
0066              cfgno, inum, asnum, ep->desc.bEndpointAddress);
0067         return;
0068     }
0069     memcpy(&ep->ssp_isoc_ep_comp, desc, USB_DT_SSP_ISOC_EP_COMP_SIZE);
0070 }
0071
0072 static void usb_parse_ss_endpoint_companion(struct device *ddev, int cfgno,
0073         int inum, int asnum, struct usb_host_endpoint *ep,
0074         unsigned char *buffer, int size)
0075 {
0076     struct usb_ss_ep_comp_descriptor *desc;
0077     int max_tx;
0078
0079     /* The SuperSpeed endpoint companion descriptor is supposed to
0080      * be the first thing immediately following the endpoint descriptor.
0081      */
0082     desc = (struct usb_ss_ep_comp_descriptor *) buffer;
0083
0084     if (desc->bDescriptorType != USB_DT_SS_ENDPOINT_COMP ||
0085             size < USB_DT_SS_EP_COMP_SIZE) {
0086         dev_warn(ddev, "No SuperSpeed endpoint companion for config %d "
0087                 " interface %d altsetting %d ep %d: "
0088                 "using minimum values\n",
0089                 cfgno, inum, asnum, ep->desc.bEndpointAddress);
0090
0091         /* Fill in some default values.
0092          * Leave bmAttributes as zero, which will mean no streams for
0093          * bulk, and isoc won't support multiple bursts of packets.
0094          * With bursts of only one packet, and a Mult of 1, the max
0095          * amount of data moved per endpoint service interval is one
0096          * packet.
0097          */
0098         ep->ss_ep_comp.bLength = USB_DT_SS_EP_COMP_SIZE;
0099         ep->ss_ep_comp.bDescriptorType = USB_DT_SS_ENDPOINT_COMP;
0100         if (usb_endpoint_xfer_isoc(&ep->desc) ||
0101                 usb_endpoint_xfer_int(&ep->desc))
0102             ep->ss_ep_comp.wBytesPerInterval =
0103                     ep->desc.wMaxPacketSize;
0104         return;
0105     }
0106     buffer += desc->bLength;
0107     size -= desc->bLength;
0108     memcpy(&ep->ss_ep_comp, desc, USB_DT_SS_EP_COMP_SIZE);
0109
0110     /* Check the various values */
0111     if (usb_endpoint_xfer_control(&ep->desc) && desc->bMaxBurst != 0) {
0112         dev_warn(ddev, "Control endpoint with bMaxBurst = %d in "
0113                 "config %d interface %d altsetting %d ep %d: "
0114                 "setting to zero\n", desc->bMaxBurst,
0115                 cfgno, inum, asnum, ep->desc.bEndpointAddress);
0116         ep->ss_ep_comp.bMaxBurst = 0;
0117     } else if (desc->bMaxBurst > 15) {
0118         dev_warn(ddev, "Endpoint with bMaxBurst = %d in "
0119                 "config %d interface %d altsetting %d ep %d: "
0120                 "setting to 15\n", desc->bMaxBurst,
0121                 cfgno, inum, asnum, ep->desc.bEndpointAddress);
0122         ep->ss_ep_comp.bMaxBurst = 15;
0123     }
0124
0125     if ((usb_endpoint_xfer_control(&ep->desc) ||
0126             usb_endpoint_xfer_int(&ep->desc)) &&
0127                 desc->bmAttributes != 0) {
0128         dev_warn(ddev, "%s endpoint with bmAttributes = %d in "
0129                 "config %d interface %d altsetting %d ep %d: "
0130                 "setting to zero\n",
0131                 usb_endpoint_xfer_control(&ep->desc) ? "Control" : "Bulk",
0132                 desc->bmAttributes,
0133                 cfgno, inum, asnum, ep->desc.bEndpointAddress);
0134         ep->ss_ep_comp.bmAttributes = 0;
0135     } else if (usb_endpoint_xfer_bulk(&ep->desc) &&
0136             desc->bmAttributes > 16) {
0137         dev_warn(ddev, "Bulk endpoint with more than 65536 streams in "
0138                 "config %d interface %d altsetting %d ep %d: "
0139                 "setting to max\n",
0140                 cfgno, inum, asnum, ep->desc.bEndpointAddress);
0141         ep->ss_ep_comp.bmAttributes = 16;
0142     } else if (usb_endpoint_xfer_isoc(&ep->desc) &&
0143            !USB_SS_SSP_ISOC_COMP(desc->bmAttributes) &&
0144            USB_SS_MULT(desc->bmAttributes) > 3) {
0145         dev_warn(ddev, "Isoc endpoint has Mult of %d in "
0146                 "config %d interface %d altsetting %d ep %d: "
0147                 "setting to 3\n",
0148                 USB_SS_MULT(desc->bmAttributes),
0149                 cfgno, inum, asnum, ep->desc.bEndpointAddress);
0150         ep->ss_ep_comp.bmAttributes = 2;
0151     }
0152
0153     if (usb_endpoint_xfer_isoc(&ep->desc))
0154         max_tx = (desc->bMaxBurst + 1) *
0155             (USB_SS_MULT(desc->bmAttributes)) *
0156             usb_endpoint_maxp(&ep->desc);
0157     else if (usb_endpoint_xfer_int(&ep->desc))
0158         max_tx = usb_endpoint_maxp(&ep->desc) *
0159             (desc->bMaxBurst + 1);
0160     else
0161         max_tx = 999999;
0162     if (le16_to_cpu(desc->wBytesPerInterval) > max_tx) {
0163         dev_warn(ddev, "%s endpoint with wBytesPerInterval of %d in "
0164                 "config %d interface %d altsetting %d ep %d: "
0165                 "setting to %d\n",
0166                 usb_endpoint_xfer_isoc(&ep->desc) ? "Isoc" : "Int",
0167                 le16_to_cpu(desc->wBytesPerInterval),
0168                 cfgno, inum, asnum, ep->desc.bEndpointAddress,
0169                 max_tx);
0170         ep->ss_ep_comp.wBytesPerInterval = cpu_to_le16(max_tx);
0171     }
0172     /* Parse a possible SuperSpeedPlus isoc ep companion descriptor */
0173     if (usb_endpoint_xfer_isoc(&ep->desc) &&
0174         USB_SS_SSP_ISOC_COMP(desc->bmAttributes))
0175         usb_parse_ssp_isoc_endpoint_companion(ddev, cfgno, inum, asnum,
0176                             ep, buffer, size);
0177 }
0178
0179 static const unsigned short low_speed_maxpacket_maxes[4] = {
0180     [USB_ENDPOINT_XFER_CONTROL] = 8,
0181     [USB_ENDPOINT_XFER_ISOC] = 0,
0182     [USB_ENDPOINT_XFER_BULK] = 0,
0183     [USB_ENDPOINT_XFER_INT] = 8,
0184 };
0185 static const unsigned short full_speed_maxpacket_maxes[4] = {
0186     [USB_ENDPOINT_XFER_CONTROL] = 64,
0187     [USB_ENDPOINT_XFER_ISOC] = 1023,
0188     [USB_ENDPOINT_XFER_BULK] = 64,
0189     [USB_ENDPOINT_XFER_INT] = 64,
0190 };
0191 static const unsigned short high_speed_maxpacket_maxes[4] = {
0192     [USB_ENDPOINT_XFER_CONTROL] = 64,
0193     [USB_ENDPOINT_XFER_ISOC] = 1024,
0194
0195     /* Bulk should be 512, but some devices use 1024: we will warn below */
0196     [USB_ENDPOINT_XFER_BULK] = 1024,
0197     [USB_ENDPOINT_XFER_INT] = 1024,
0198 };
0199 static const unsigned short super_speed_maxpacket_maxes[4] = {
0200     [USB_ENDPOINT_XFER_CONTROL] = 512,
0201     [USB_ENDPOINT_XFER_ISOC] = 1024,
0202     [USB_ENDPOINT_XFER_BULK] = 1024,
0203     [USB_ENDPOINT_XFER_INT] = 1024,
0204 };
0205
0206 static bool endpoint_is_duplicate(struct usb_endpoint_descriptor *e1,
0207         struct usb_endpoint_descriptor *e2)
0208 {
0209     if (e1->bEndpointAddress == e2->bEndpointAddress)
0210         return true;
0211
0212     if (usb_endpoint_xfer_control(e1) || usb_endpoint_xfer_control(e2)) {
0213         if (usb_endpoint_num(e1) == usb_endpoint_num(e2))
0214             return true;
0215     }
0216
0217     return false;
0218 }
0219
0220 /*
0221  * Check for duplicate endpoint addresses in other interfaces and in the
0222  * altsetting currently being parsed.
0223  */
0224 static bool config_endpoint_is_duplicate(struct usb_host_config *config,
0225         int inum, int asnum, struct usb_endpoint_descriptor *d)
0226 {
0227     struct usb_endpoint_descriptor *epd;
0228     struct usb_interface_cache *intfc;
0229     struct usb_host_interface *alt;
0230     int i, j, k;
0231
0232     for (i = 0; i < config->desc.bNumInterfaces; ++i) {
0233         intfc = config->intf_cache[i];
0234
0235         for (j = 0; j < intfc->num_altsetting; ++j) {
0236             alt = &intfc->altsetting[j];
0237
0238             if (alt->desc.bInterfaceNumber == inum &&
0239                     alt->desc.bAlternateSetting != asnum)
0240                 continue;
0241
0242             for (k = 0; k < alt->desc.bNumEndpoints; ++k) {
0243                 epd = &alt->endpoint[k].desc;
0244
0245                 if (endpoint_is_duplicate(epd, d))
0246                     return true;
0247             }
0248         }
0249     }
0250
0251     return false;
0252 }
0253
0254 static int usb_parse_endpoint(struct device *ddev, int cfgno,
0255         struct usb_host_config *config, int inum, int asnum,
0256         struct usb_host_interface *ifp, int num_ep,
0257         unsigned char *buffer, int size)
0258 {
0259     struct usb_device *udev = to_usb_device(ddev);
0260     unsigned char *buffer0 = buffer;
0261     struct usb_endpoint_descriptor *d;
0262     struct usb_host_endpoint *endpoint;
0263     int n, i, j, retval;
0264     unsigned int maxp;
0265     const unsigned short *maxpacket_maxes;
0266
0267     d = (struct usb_endpoint_descriptor *) buffer;
0268     buffer += d->bLength;
0269     size -= d->bLength;
0270
0271     if (d->bLength >= USB_DT_ENDPOINT_AUDIO_SIZE)
0272         n = USB_DT_ENDPOINT_AUDIO_SIZE;
0273     else if (d->bLength >= USB_DT_ENDPOINT_SIZE)
0274         n = USB_DT_ENDPOINT_SIZE;
0275     else {
0276         dev_warn(ddev, "config %d interface %d altsetting %d has an "
0277             "invalid endpoint descriptor of length %d, skipping\n",
0278             cfgno, inum, asnum, d->bLength);
0279         goto skip_to_next_endpoint_or_interface_descriptor;
0280     }
0281
0282     i = d->bEndpointAddress & ~USB_ENDPOINT_DIR_MASK;
0283     if (i >= 16 || i == 0) {
0284         dev_warn(ddev, "config %d interface %d altsetting %d has an "
0285             "invalid endpoint with address 0x%X, skipping\n",
0286             cfgno, inum, asnum, d->bEndpointAddress);
0287         goto skip_to_next_endpoint_or_interface_descriptor;
0288     }
0289
0290     /* Only store as many endpoints as we have room for */
0291     if (ifp->desc.bNumEndpoints >= num_ep)
0292         goto skip_to_next_endpoint_or_interface_descriptor;
0293
0294     /* Check for duplicate endpoint addresses */
0295     if (config_endpoint_is_duplicate(config, inum, asnum, d)) {
0296         dev_warn(ddev, "config %d interface %d altsetting %d has a duplicate endpoint with address 0x%X, skipping\n",
0297                 cfgno, inum, asnum, d->bEndpointAddress);
0298         goto skip_to_next_endpoint_or_interface_descriptor;
0299     }
0300
0301     /* Ignore some endpoints */
0302     if (udev->quirks & USB_QUIRK_ENDPOINT_IGNORE) {
0303         if (usb_endpoint_is_ignored(udev, ifp, d)) {
0304             dev_warn(ddev, "config %d interface %d altsetting %d has an ignored endpoint with address 0x%X, skipping\n",
0305                     cfgno, inum, asnum,
0306                     d->bEndpointAddress);
0307             goto skip_to_next_endpoint_or_interface_descriptor;
0308         }
0309     }
0310
0311     endpoint = &ifp->endpoint[ifp->desc.bNumEndpoints];
0312     ++ifp->desc.bNumEndpoints;
0313
0314     memcpy(&endpoint->desc, d, n);
0315     INIT_LIST_HEAD(&endpoint->urb_list);
0316
0317     /*
0318      * Fix up bInterval values outside the legal range.
0319      * Use 10 or 8 ms if no proper value can be guessed.
0320      */
0321     i = 0;      /* i = min, j = max, n = default */
0322     j = 255;
0323     if (usb_endpoint_xfer_int(d)) {
0324         i = 1;
0325         switch (udev->speed) {
0326         case USB_SPEED_SUPER_PLUS:
0327         case USB_SPEED_SUPER:
0328         case USB_SPEED_HIGH:
0329             /*
0330              * Many device manufacturers are using full-speed
0331              * bInterval values in high-speed interrupt endpoint
0332              * descriptors. Try to fix those and fall back to an
0333              * 8-ms default value otherwise.
0334              */
0335             n = fls(d->bInterval*8);
0336             if (n == 0)
0337                 n = 7;  /* 8 ms = 2^(7-1) uframes */
0338             j = 16;
0339
0340             /*
0341              * Adjust bInterval for quirked devices.
0342              */
0343             /*
0344              * This quirk fixes bIntervals reported in ms.
0345              */
0346             if (udev->quirks & USB_QUIRK_LINEAR_FRAME_INTR_BINTERVAL) {
0347                 n = clamp(fls(d->bInterval) + 3, i, j);
0348                 i = j = n;
0349             }
0350             /*
0351              * This quirk fixes bIntervals reported in
0352              * linear microframes.
0353              */
0354             if (udev->quirks & USB_QUIRK_LINEAR_UFRAME_INTR_BINTERVAL) {
0355                 n = clamp(fls(d->bInterval), i, j);
0356                 i = j = n;
0357             }
0358             break;
0359         default:        /* USB_SPEED_FULL or _LOW */
0360             /*
0361              * For low-speed, 10 ms is the official minimum.
0362              * But some "overclocked" devices might want faster
0363              * polling so we'll allow it.
0364              */
0365             n = 10;
0366             break;
0367         }
0368     } else if (usb_endpoint_xfer_isoc(d)) {
0369         i = 1;
0370         j = 16;
0371         switch (udev->speed) {
0372         case USB_SPEED_HIGH:
0373             n = 7;      /* 8 ms = 2^(7-1) uframes */
0374             break;
0375         default:        /* USB_SPEED_FULL */
0376             n = 4;      /* 8 ms = 2^(4-1) frames */
0377             break;
0378         }
0379     }
0380     if (d->bInterval < i || d->bInterval > j) {
0381         dev_warn(ddev, "config %d interface %d altsetting %d "
0382             "endpoint 0x%X has an invalid bInterval %d, "
0383             "changing to %d\n",
0384             cfgno, inum, asnum,
0385             d->bEndpointAddress, d->bInterval, n);
0386         endpoint->desc.bInterval = n;
0387     }
0388
0389     /* Some buggy low-speed devices have Bulk endpoints, which is
0390      * explicitly forbidden by the USB spec.  In an attempt to make
0391      * them usable, we will try treating them as Interrupt endpoints.
0392      */
0393     if (udev->speed == USB_SPEED_LOW && usb_endpoint_xfer_bulk(d)) {
0394         dev_warn(ddev, "config %d interface %d altsetting %d "
0395             "endpoint 0x%X is Bulk; changing to Interrupt\n",
0396             cfgno, inum, asnum, d->bEndpointAddress);
0397         endpoint->desc.bmAttributes = USB_ENDPOINT_XFER_INT;
0398         endpoint->desc.bInterval = 1;
0399         if (usb_endpoint_maxp(&endpoint->desc) > 8)
0400             endpoint->desc.wMaxPacketSize = cpu_to_le16(8);
0401     }
0402
0403     /*
0404      * Validate the wMaxPacketSize field.
0405      * Some devices have isochronous endpoints in altsetting 0;
0406      * the USB-2 spec requires such endpoints to have wMaxPacketSize = 0
0407      * (see the end of section 5.6.3), so don't warn about them.
0408      */
0409     maxp = le16_to_cpu(endpoint->desc.wMaxPacketSize);
0410     if (maxp == 0 && !(usb_endpoint_xfer_isoc(d) && asnum == 0)) {
0411         dev_warn(ddev, "config %d interface %d altsetting %d endpoint 0x%X has invalid wMaxPacketSize 0\n",
0412             cfgno, inum, asnum, d->bEndpointAddress);
0413     }
0414
0415     /* Find the highest legal maxpacket size for this endpoint */
0416     i = 0;      /* additional transactions per microframe */
0417     switch (udev->speed) {
0418     case USB_SPEED_LOW:
0419         maxpacket_maxes = low_speed_maxpacket_maxes;
0420         break;
0421     case USB_SPEED_FULL:
0422         maxpacket_maxes = full_speed_maxpacket_maxes;
0423         break;
0424     case USB_SPEED_HIGH:
0425         /* Multiple-transactions bits are allowed only for HS periodic endpoints */
0426         if (usb_endpoint_xfer_int(d) || usb_endpoint_xfer_isoc(d)) {
0427             i = maxp & USB_EP_MAXP_MULT_MASK;
0428             maxp &= ~i;
0429         }
0430         fallthrough;
0431     default:
0432         maxpacket_maxes = high_speed_maxpacket_maxes;
0433         break;
0434     case USB_SPEED_SUPER:
0435     case USB_SPEED_SUPER_PLUS:
0436         maxpacket_maxes = super_speed_maxpacket_maxes;
0437         break;
0438     }
0439     j = maxpacket_maxes[usb_endpoint_type(&endpoint->desc)];
0440
0441     if (maxp > j) {
0442         dev_warn(ddev, "config %d interface %d altsetting %d endpoint 0x%X has invalid maxpacket %d, setting to %d\n",
0443             cfgno, inum, asnum, d->bEndpointAddress, maxp, j);
0444         maxp = j;
0445         endpoint->desc.wMaxPacketSize = cpu_to_le16(i | maxp);
0446     }
0447
0448     /*
0449      * Some buggy high speed devices have bulk endpoints using
0450      * maxpacket sizes other than 512.  High speed HCDs may not
0451      * be able to handle that particular bug, so let's warn...
0452      */
0453     if (udev->speed == USB_SPEED_HIGH && usb_endpoint_xfer_bulk(d)) {
0454         if (maxp != 512)
0455             dev_warn(ddev, "config %d interface %d altsetting %d "
0456                 "bulk endpoint 0x%X has invalid maxpacket %d\n",
0457                 cfgno, inum, asnum, d->bEndpointAddress,
0458                 maxp);
0459     }
0460
0461     /* Parse a possible SuperSpeed endpoint companion descriptor */
0462     if (udev->speed >= USB_SPEED_SUPER)
0463         usb_parse_ss_endpoint_companion(ddev, cfgno,
0464                 inum, asnum, endpoint, buffer, size);
0465
0466     /* Skip over any Class Specific or Vendor Specific descriptors;
0467      * find the next endpoint or interface descriptor */
0468     endpoint->extra = buffer;
0469     i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
0470             USB_DT_INTERFACE, &n);
0471     endpoint->extralen = i;
0472     retval = buffer - buffer0 + i;
0473     if (n > 0)
0474         dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
0475             n, plural(n), "endpoint");
0476     return retval;
0477
0478 skip_to_next_endpoint_or_interface_descriptor:
0479     i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
0480         USB_DT_INTERFACE, NULL);
0481     return buffer - buffer0 + i;
0482 }
0483
0484 void usb_release_interface_cache(struct kref *ref)
0485 {
0486     struct usb_interface_cache *intfc = ref_to_usb_interface_cache(ref);
0487     int j;
0488
0489     for (j = 0; j < intfc->num_altsetting; j++) {
0490         struct usb_host_interface *alt = &intfc->altsetting[j];
0491
0492         kfree(alt->endpoint);
0493         kfree(alt->string);
0494     }
0495     kfree(intfc);
0496 }
0497
0498 static int usb_parse_interface(struct device *ddev, int cfgno,
0499     struct usb_host_config *config, unsigned char *buffer, int size,
0500     u8 inums[], u8 nalts[])
0501 {
0502     unsigned char *buffer0 = buffer;
0503     struct usb_interface_descriptor *d;
0504     int inum, asnum;
0505     struct usb_interface_cache *intfc;
0506     struct usb_host_interface *alt;
0507     int i, n;
0508     int len, retval;
0509     int num_ep, num_ep_orig;
0510
0511     d = (struct usb_interface_descriptor *) buffer;
0512     buffer += d->bLength;
0513     size -= d->bLength;
0514
0515     if (d->bLength < USB_DT_INTERFACE_SIZE)
0516         goto skip_to_next_interface_descriptor;
0517
0518     /* Which interface entry is this? */
0519     intfc = NULL;
0520     inum = d->bInterfaceNumber;
0521     for (i = 0; i < config->desc.bNumInterfaces; ++i) {
0522         if (inums[i] == inum) {
0523             intfc = config->intf_cache[i];
0524             break;
0525         }
0526     }
0527     if (!intfc || intfc->num_altsetting >= nalts[i])
0528         goto skip_to_next_interface_descriptor;
0529
0530     /* Check for duplicate altsetting entries */
0531     asnum = d->bAlternateSetting;
0532     for ((i = 0, alt = &intfc->altsetting[0]);
0533           i < intfc->num_altsetting;
0534          (++i, ++alt)) {
0535         if (alt->desc.bAlternateSetting == asnum) {
0536             dev_warn(ddev, "Duplicate descriptor for config %d "
0537                 "interface %d altsetting %d, skipping\n",
0538                 cfgno, inum, asnum);
0539             goto skip_to_next_interface_descriptor;
0540         }
0541     }
0542
0543     ++intfc->num_altsetting;
0544     memcpy(&alt->desc, d, USB_DT_INTERFACE_SIZE);
0545
0546     /* Skip over any Class Specific or Vendor Specific descriptors;
0547      * find the first endpoint or interface descriptor */
0548     alt->extra = buffer;
0549     i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
0550         USB_DT_INTERFACE, &n);
0551     alt->extralen = i;
0552     if (n > 0)
0553         dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
0554             n, plural(n), "interface");
0555     buffer += i;
0556     size -= i;
0557
0558     /* Allocate space for the right(?) number of endpoints */
0559     num_ep = num_ep_orig = alt->desc.bNumEndpoints;
0560     alt->desc.bNumEndpoints = 0;        /* Use as a counter */
0561     if (num_ep > USB_MAXENDPOINTS) {
0562         dev_warn(ddev, "too many endpoints for config %d interface %d "
0563             "altsetting %d: %d, using maximum allowed: %d\n",
0564             cfgno, inum, asnum, num_ep, USB_MAXENDPOINTS);
0565         num_ep = USB_MAXENDPOINTS;
0566     }
0567
0568     if (num_ep > 0) {
0569         /* Can't allocate 0 bytes */
0570         len = sizeof(struct usb_host_endpoint) * num_ep;
0571         alt->endpoint = kzalloc(len, GFP_KERNEL);
0572         if (!alt->endpoint)
0573             return -ENOMEM;
0574     }
0575
0576     /* Parse all the endpoint descriptors */
0577     n = 0;
0578     while (size > 0) {
0579         if (((struct usb_descriptor_header *) buffer)->bDescriptorType
0580              == USB_DT_INTERFACE)
0581             break;
0582         retval = usb_parse_endpoint(ddev, cfgno, config, inum, asnum,
0583                 alt, num_ep, buffer, size);
0584         if (retval < 0)
0585             return retval;
0586         ++n;
0587
0588         buffer += retval;
0589         size -= retval;
0590     }
0591
0592     if (n != num_ep_orig)
0593         dev_warn(ddev, "config %d interface %d altsetting %d has %d "
0594             "endpoint descriptor%s, different from the interface "
0595             "descriptor's value: %d\n",
0596             cfgno, inum, asnum, n, plural(n), num_ep_orig);
0597     return buffer - buffer0;
0598
0599 skip_to_next_interface_descriptor:
0600     i = find_next_descriptor(buffer, size, USB_DT_INTERFACE,
0601         USB_DT_INTERFACE, NULL);
0602     return buffer - buffer0 + i;
0603 }
0604
0605 static int usb_parse_configuration(struct usb_device *dev, int cfgidx,
0606     struct usb_host_config *config, unsigned char *buffer, int size)
0607 {
0608     struct device *ddev = &dev->dev;
0609     unsigned char *buffer0 = buffer;
0610     int cfgno;
0611     int nintf, nintf_orig;
0612     int i, j, n;
0613     struct usb_interface_cache *intfc;
0614     unsigned char *buffer2;
0615     int size2;
0616     struct usb_descriptor_header *header;
0617     int retval;
0618     u8 inums[USB_MAXINTERFACES], nalts[USB_MAXINTERFACES];
0619     unsigned iad_num = 0;
0620
0621     memcpy(&config->desc, buffer, USB_DT_CONFIG_SIZE);
0622     nintf = nintf_orig = config->desc.bNumInterfaces;
0623     config->desc.bNumInterfaces = 0;    // Adjusted later
0624
0625     if (config->desc.bDescriptorType != USB_DT_CONFIG ||
0626         config->desc.bLength < USB_DT_CONFIG_SIZE ||
0627         config->desc.bLength > size) {
0628         dev_err(ddev, "invalid descriptor for config index %d: "
0629             "type = 0x%X, length = %d\n", cfgidx,
0630             config->desc.bDescriptorType, config->desc.bLength);
0631         return -EINVAL;
0632     }
0633     cfgno = config->desc.bConfigurationValue;
0634
0635     buffer += config->desc.bLength;
0636     size -= config->desc.bLength;
0637
0638     if (nintf > USB_MAXINTERFACES) {
0639         dev_warn(ddev, "config %d has too many interfaces: %d, "
0640             "using maximum allowed: %d\n",
0641             cfgno, nintf, USB_MAXINTERFACES);
0642         nintf = USB_MAXINTERFACES;
0643     }
0644
0645     /* Go through the descriptors, checking their length and counting the
0646      * number of altsettings for each interface */
0647     n = 0;
0648     for ((buffer2 = buffer, size2 = size);
0649           size2 > 0;
0650          (buffer2 += header->bLength, size2 -= header->bLength)) {
0651
0652         if (size2 < sizeof(struct usb_descriptor_header)) {
0653             dev_warn(ddev, "config %d descriptor has %d excess "
0654                 "byte%s, ignoring\n",
0655                 cfgno, size2, plural(size2));
0656             break;
0657         }
0658
0659         header = (struct usb_descriptor_header *) buffer2;
0660         if ((header->bLength > size2) || (header->bLength < 2)) {
0661             dev_warn(ddev, "config %d has an invalid descriptor "
0662                 "of length %d, skipping remainder of the config\n",
0663                 cfgno, header->bLength);
0664             break;
0665         }
0666
0667         if (header->bDescriptorType == USB_DT_INTERFACE) {
0668             struct usb_interface_descriptor *d;
0669             int inum;
0670
0671             d = (struct usb_interface_descriptor *) header;
0672             if (d->bLength < USB_DT_INTERFACE_SIZE) {
0673                 dev_warn(ddev, "config %d has an invalid "
0674                     "interface descriptor of length %d, "
0675                     "skipping\n", cfgno, d->bLength);
0676                 continue;
0677             }
0678
0679             inum = d->bInterfaceNumber;
0680
0681             if ((dev->quirks & USB_QUIRK_HONOR_BNUMINTERFACES) &&
0682                 n >= nintf_orig) {
0683                 dev_warn(ddev, "config %d has more interface "
0684                     "descriptors, than it declares in "
0685                     "bNumInterfaces, ignoring interface "
0686                     "number: %d\n", cfgno, inum);
0687                 continue;
0688             }
0689
0690             if (inum >= nintf_orig)
0691                 dev_warn(ddev, "config %d has an invalid "
0692                     "interface number: %d but max is %d\n",
0693                     cfgno, inum, nintf_orig - 1);
0694
0695             /* Have we already encountered this interface?
0696              * Count its altsettings */
0697             for (i = 0; i < n; ++i) {
0698                 if (inums[i] == inum)
0699                     break;
0700             }
0701             if (i < n) {
0702                 if (nalts[i] < 255)
0703                     ++nalts[i];
0704             } else if (n < USB_MAXINTERFACES) {
0705                 inums[n] = inum;
0706                 nalts[n] = 1;
0707                 ++n;
0708             }
0709
0710         } else if (header->bDescriptorType ==
0711                 USB_DT_INTERFACE_ASSOCIATION) {
0712             struct usb_interface_assoc_descriptor *d;
0713
0714             d = (struct usb_interface_assoc_descriptor *)header;
0715             if (d->bLength < USB_DT_INTERFACE_ASSOCIATION_SIZE) {
0716                 dev_warn(ddev,
0717                      "config %d has an invalid interface association descriptor of length %d, skipping\n",
0718                      cfgno, d->bLength);
0719                 continue;
0720             }
0721
0722             if (iad_num == USB_MAXIADS) {
0723                 dev_warn(ddev, "found more Interface "
0724                            "Association Descriptors "
0725                            "than allocated for in "
0726                            "configuration %d\n", cfgno);
0727             } else {
0728                 config->intf_assoc[iad_num] = d;
0729                 iad_num++;
0730             }
0731
0732         } else if (header->bDescriptorType == USB_DT_DEVICE ||
0733                 header->bDescriptorType == USB_DT_CONFIG)
0734             dev_warn(ddev, "config %d contains an unexpected "
0735                 "descriptor of type 0x%X, skipping\n",
0736                 cfgno, header->bDescriptorType);
0737
0738     }   /* for ((buffer2 = buffer, size2 = size); ...) */
0739     size = buffer2 - buffer;
0740     config->desc.wTotalLength = cpu_to_le16(buffer2 - buffer0);
0741
0742     if (n != nintf)
0743         dev_warn(ddev, "config %d has %d interface%s, different from "
0744             "the descriptor's value: %d\n",
0745             cfgno, n, plural(n), nintf_orig);
0746     else if (n == 0)
0747         dev_warn(ddev, "config %d has no interfaces?\n", cfgno);
0748     config->desc.bNumInterfaces = nintf = n;
0749
0750     /* Check for missing interface numbers */
0751     for (i = 0; i < nintf; ++i) {
0752         for (j = 0; j < nintf; ++j) {
0753             if (inums[j] == i)
0754                 break;
0755         }
0756         if (j >= nintf)
0757             dev_warn(ddev, "config %d has no interface number "
0758                 "%d\n", cfgno, i);
0759     }
0760
0761     /* Allocate the usb_interface_caches and altsetting arrays */
0762     for (i = 0; i < nintf; ++i) {
0763         j = nalts[i];
0764         if (j > USB_MAXALTSETTING) {
0765             dev_warn(ddev, "too many alternate settings for "
0766                 "config %d interface %d: %d, "
0767                 "using maximum allowed: %d\n",
0768                 cfgno, inums[i], j, USB_MAXALTSETTING);
0769             nalts[i] = j = USB_MAXALTSETTING;
0770         }
0771
0772         intfc = kzalloc(struct_size(intfc, altsetting, j), GFP_KERNEL);
0773         config->intf_cache[i] = intfc;
0774         if (!intfc)
0775             return -ENOMEM;
0776         kref_init(&intfc->ref);
0777     }
0778
0779     /* FIXME: parse the BOS descriptor */
0780
0781     /* Skip over any Class Specific or Vendor Specific descriptors;
0782      * find the first interface descriptor */
0783     config->extra = buffer;
0784     i = find_next_descriptor(buffer, size, USB_DT_INTERFACE,
0785         USB_DT_INTERFACE, &n);
0786     config->extralen = i;
0787     if (n > 0)
0788         dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
0789             n, plural(n), "configuration");
0790     buffer += i;
0791     size -= i;
0792
0793     /* Parse all the interface/altsetting descriptors */
0794     while (size > 0) {
0795         retval = usb_parse_interface(ddev, cfgno, config,
0796             buffer, size, inums, nalts);
0797         if (retval < 0)
0798             return retval;
0799
0800         buffer += retval;
0801         size -= retval;
0802     }
0803
0804     /* Check for missing altsettings */
0805     for (i = 0; i < nintf; ++i) {
0806         intfc = config->intf_cache[i];
0807         for (j = 0; j < intfc->num_altsetting; ++j) {
0808             for (n = 0; n < intfc->num_altsetting; ++n) {
0809                 if (intfc->altsetting[n].desc.
0810                     bAlternateSetting == j)
0811                     break;
0812             }
0813             if (n >= intfc->num_altsetting)
0814                 dev_warn(ddev, "config %d interface %d has no "
0815                     "altsetting %d\n", cfgno, inums[i], j);
0816         }
0817     }
0818
0819     return 0;
0820 }
0821
0822 /* hub-only!! ... and only exported for reset/reinit path.
0823  * otherwise used internally on disconnect/destroy path
0824  */
0825 void usb_destroy_configuration(struct usb_device *dev)
0826 {
0827     int c, i;
0828
0829     if (!dev->config)
0830         return;
0831
0832     if (dev->rawdescriptors) {
0833         for (i = 0; i < dev->descriptor.bNumConfigurations; i++)
0834             kfree(dev->rawdescriptors[i]);
0835
0836         kfree(dev->rawdescriptors);
0837         dev->rawdescriptors = NULL;
0838     }
0839
0840     for (c = 0; c < dev->descriptor.bNumConfigurations; c++) {
0841         struct usb_host_config *cf = &dev->config[c];
0842
0843         kfree(cf->string);
0844         for (i = 0; i < cf->desc.bNumInterfaces; i++) {
0845             if (cf->intf_cache[i])
0846                 kref_put(&cf->intf_cache[i]->ref,
0847                       usb_release_interface_cache);
0848         }
0849     }
0850     kfree(dev->config);
0851     dev->config = NULL;
0852 }
0853
0854
0855 /*
0856  * Get the USB config descriptors, cache and parse'em
0857  *
0858  * hub-only!! ... and only in reset path, or usb_new_device()
0859  * (used by real hubs and virtual root hubs)
0860  */
0861 int usb_get_configuration(struct usb_device *dev)
0862 {
0863     struct device *ddev = &dev->dev;
0864     int ncfg = dev->descriptor.bNumConfigurations;
0865     unsigned int cfgno, length;
0866     unsigned char *bigbuffer;
0867     struct usb_config_descriptor *desc;
0868     int result;
0869
0870     if (ncfg > USB_MAXCONFIG) {
0871         dev_warn(ddev, "too many configurations: %d, "
0872             "using maximum allowed: %d\n", ncfg, USB_MAXCONFIG);
0873         dev->descriptor.bNumConfigurations = ncfg = USB_MAXCONFIG;
0874     }
0875
0876     if (ncfg < 1) {
0877         dev_err(ddev, "no configurations\n");
0878         return -EINVAL;
0879     }
0880
0881     length = ncfg * sizeof(struct usb_host_config);
0882     dev->config = kzalloc(length, GFP_KERNEL);
0883     if (!dev->config)
0884         return -ENOMEM;
0885
0886     length = ncfg * sizeof(char *);
0887     dev->rawdescriptors = kzalloc(length, GFP_KERNEL);
0888     if (!dev->rawdescriptors)
0889         return -ENOMEM;
0890
0891     desc = kmalloc(USB_DT_CONFIG_SIZE, GFP_KERNEL);
0892     if (!desc)
0893         return -ENOMEM;
0894
0895     for (cfgno = 0; cfgno < ncfg; cfgno++) {
0896         /* We grab just the first descriptor so we know how long
0897          * the whole configuration is */
0898         result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno,
0899             desc, USB_DT_CONFIG_SIZE);
0900         if (result < 0) {
0901             dev_err(ddev, "unable to read config index %d "
0902                 "descriptor/%s: %d\n", cfgno, "start", result);
0903             if (result != -EPIPE)
0904                 goto err;
0905             dev_err(ddev, "chopping to %d config(s)\n", cfgno);
0906             dev->descriptor.bNumConfigurations = cfgno;
0907             break;
0908         } else if (result < 4) {
0909             dev_err(ddev, "config index %d descriptor too short "
0910                 "(expected %i, got %i)\n", cfgno,
0911                 USB_DT_CONFIG_SIZE, result);
0912             result = -EINVAL;
0913             goto err;
0914         }
0915         length = max((int) le16_to_cpu(desc->wTotalLength),
0916             USB_DT_CONFIG_SIZE);
0917
0918         /* Now that we know the length, get the whole thing */
0919         bigbuffer = kmalloc(length, GFP_KERNEL);
0920         if (!bigbuffer) {
0921             result = -ENOMEM;
0922             goto err;
0923         }
0924
0925         if (dev->quirks & USB_QUIRK_DELAY_INIT)
0926             msleep(200);
0927
0928         result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno,
0929             bigbuffer, length);
0930         if (result < 0) {
0931             dev_err(ddev, "unable to read config index %d "
0932                 "descriptor/%s\n", cfgno, "all");
0933             kfree(bigbuffer);
0934             goto err;
0935         }
0936         if (result < length) {
0937             dev_warn(ddev, "config index %d descriptor too short "
0938                 "(expected %i, got %i)\n", cfgno, length, result);
0939             length = result;
0940         }
0941
0942         dev->rawdescriptors[cfgno] = bigbuffer;
0943
0944         result = usb_parse_configuration(dev, cfgno,
0945             &dev->config[cfgno], bigbuffer, length);
0946         if (result < 0) {
0947             ++cfgno;
0948             goto err;
0949         }
0950     }
0951
0952 err:
0953     kfree(desc);
0954     dev->descriptor.bNumConfigurations = cfgno;
0955
0956     return result;
0957 }
0958
0959 void usb_release_bos_descriptor(struct usb_device *dev)
0960 {
0961     if (dev->bos) {
0962         kfree(dev->bos->desc);
0963         kfree(dev->bos);
0964         dev->bos = NULL;
0965     }
0966 }
0967
0968 static const __u8 bos_desc_len[256] = {
0969     [USB_CAP_TYPE_WIRELESS_USB] = USB_DT_USB_WIRELESS_CAP_SIZE,
0970     [USB_CAP_TYPE_EXT]          = USB_DT_USB_EXT_CAP_SIZE,
0971     [USB_SS_CAP_TYPE]           = USB_DT_USB_SS_CAP_SIZE,
0972     [USB_SSP_CAP_TYPE]          = USB_DT_USB_SSP_CAP_SIZE(1),
0973     [CONTAINER_ID_TYPE]         = USB_DT_USB_SS_CONTN_ID_SIZE,
0974     [USB_PTM_CAP_TYPE]          = USB_DT_USB_PTM_ID_SIZE,
0975 };
0976
0977 /* Get BOS descriptor set */
0978 int usb_get_bos_descriptor(struct usb_device *dev)
0979 {
0980     struct device *ddev = &dev->dev;
0981     struct usb_bos_descriptor *bos;
0982     struct usb_dev_cap_header *cap;
0983     struct usb_ssp_cap_descriptor *ssp_cap;
0984     unsigned char *buffer, *buffer0;
0985     int length, total_len, num, i, ssac;
0986     __u8 cap_type;
0987     int ret;
0988
0989     bos = kzalloc(sizeof(*bos), GFP_KERNEL);
0990     if (!bos)
0991         return -ENOMEM;
0992
0993     /* Get BOS descriptor */
0994     ret = usb_get_descriptor(dev, USB_DT_BOS, 0, bos, USB_DT_BOS_SIZE);
0995     if (ret < USB_DT_BOS_SIZE || bos->bLength < USB_DT_BOS_SIZE) {
0996         dev_err(ddev, "unable to get BOS descriptor or descriptor too short\n");
0997         if (ret >= 0)
0998             ret = -ENOMSG;
0999         kfree(bos);
1000         return ret;
1001     }
1002
1003     length = bos->bLength;
1004     total_len = le16_to_cpu(bos->wTotalLength);
1005     num = bos->bNumDeviceCaps;
1006     kfree(bos);
1007     if (total_len < length)
1008         return -EINVAL;
1009
1010     dev->bos = kzalloc(sizeof(*dev->bos), GFP_KERNEL);
1011     if (!dev->bos)
1012         return -ENOMEM;
1013
1014     /* Now let's get the whole BOS descriptor set */
1015     buffer = kzalloc(total_len, GFP_KERNEL);
1016     if (!buffer) {
1017         ret = -ENOMEM;
1018         goto err;
1019     }
1020     dev->bos->desc = (struct usb_bos_descriptor *)buffer;
1021
1022     ret = usb_get_descriptor(dev, USB_DT_BOS, 0, buffer, total_len);
1023     if (ret < total_len) {
1024         dev_err(ddev, "unable to get BOS descriptor set\n");
1025         if (ret >= 0)
1026             ret = -ENOMSG;
1027         goto err;
1028     }
1029
1030     buffer0 = buffer;
1031     total_len -= length;
1032     buffer += length;
1033
1034     for (i = 0; i < num; i++) {
1035         cap = (struct usb_dev_cap_header *)buffer;
1036
1037         if (total_len < sizeof(*cap) || total_len < cap->bLength) {
1038             dev->bos->desc->bNumDeviceCaps = i;
1039             break;
1040         }
1041         cap_type = cap->bDevCapabilityType;
1042         length = cap->bLength;
1043         if (bos_desc_len[cap_type] && length < bos_desc_len[cap_type]) {
1044             dev->bos->desc->bNumDeviceCaps = i;
1045             break;
1046         }
1047
1048         if (cap->bDescriptorType != USB_DT_DEVICE_CAPABILITY) {
1049             dev_warn(ddev, "descriptor type invalid, skip\n");
1050             continue;
1051         }
1052
1053         switch (cap_type) {
1054         case USB_CAP_TYPE_WIRELESS_USB:
1055             /* Wireless USB cap descriptor is handled by wusb */
1056             break;
1057         case USB_CAP_TYPE_EXT:
1058             dev->bos->ext_cap =
1059                 (struct usb_ext_cap_descriptor *)buffer;
1060             break;
1061         case USB_SS_CAP_TYPE:
1062             dev->bos->ss_cap =
1063                 (struct usb_ss_cap_descriptor *)buffer;
1064             break;
1065         case USB_SSP_CAP_TYPE:
1066             ssp_cap = (struct usb_ssp_cap_descriptor *)buffer;
1067             ssac = (le32_to_cpu(ssp_cap->bmAttributes) &
1068                 USB_SSP_SUBLINK_SPEED_ATTRIBS);
1069             if (length >= USB_DT_USB_SSP_CAP_SIZE(ssac))
1070                 dev->bos->ssp_cap = ssp_cap;
1071             break;
1072         case CONTAINER_ID_TYPE:
1073             dev->bos->ss_id =
1074                 (struct usb_ss_container_id_descriptor *)buffer;
1075             break;
1076         case USB_PTM_CAP_TYPE:
1077             dev->bos->ptm_cap =
1078                 (struct usb_ptm_cap_descriptor *)buffer;
1079             break;
1080         default:
1081             break;
1082         }
1083
1084         total_len -= length;
1085         buffer += length;
1086     }
1087     dev->bos->desc->wTotalLength = cpu_to_le16(buffer - buffer0);
1088
1089     return 0;
1090
1091 err:
1092     usb_release_bos_descriptor(dev);
1093     return ret;
1094 }