1
2
3
4
5
6#include <linux/usb.h>
7#include <linux/usb/ch9.h>
8#include <linux/usb/hcd.h>
9#include <linux/usb/quirks.h>
10#include <linux/module.h>
11#include <linux/slab.h>
12#include <linux/device.h>
13#include <asm/byteorder.h>
14#include "usb.h"
15
16
17#define USB_MAXALTSETTING 128
18
19#define USB_MAXCONFIG 8
20
21
22static inline const char *plural(int n)
23{
24 return (n == 1 ? "" : "s");
25}
26
27static int find_next_descriptor(unsigned char *buffer, int size,
28 int dt1, int dt2, int *num_skipped)
29{
30 struct usb_descriptor_header *h;
31 int n = 0;
32 unsigned char *buffer0 = buffer;
33
34
35 while (size > 0) {
36 h = (struct usb_descriptor_header *) buffer;
37 if (h->bDescriptorType == dt1 || h->bDescriptorType == dt2)
38 break;
39 buffer += h->bLength;
40 size -= h->bLength;
41 ++n;
42 }
43
44
45
46 if (num_skipped)
47 *num_skipped = n;
48 return buffer - buffer0;
49}
50
51static void usb_parse_ssp_isoc_endpoint_companion(struct device *ddev,
52 int cfgno, int inum, int asnum, struct usb_host_endpoint *ep,
53 unsigned char *buffer, int size)
54{
55 struct usb_ssp_isoc_ep_comp_descriptor *desc;
56
57
58
59
60
61 desc = (struct usb_ssp_isoc_ep_comp_descriptor *) buffer;
62 if (desc->bDescriptorType != USB_DT_SSP_ISOC_ENDPOINT_COMP ||
63 size < USB_DT_SSP_ISOC_EP_COMP_SIZE) {
64 dev_warn(ddev, "Invalid SuperSpeedPlus isoc endpoint companion"
65 "for config %d interface %d altsetting %d ep %d.\n",
66 cfgno, inum, asnum, ep->desc.bEndpointAddress);
67 return;
68 }
69 memcpy(&ep->ssp_isoc_ep_comp, desc, USB_DT_SSP_ISOC_EP_COMP_SIZE);
70}
71
72static void usb_parse_ss_endpoint_companion(struct device *ddev, int cfgno,
73 int inum, int asnum, struct usb_host_endpoint *ep,
74 unsigned char *buffer, int size)
75{
76 struct usb_ss_ep_comp_descriptor *desc;
77 int max_tx;
78
79
80
81
82 desc = (struct usb_ss_ep_comp_descriptor *) buffer;
83
84 if (desc->bDescriptorType != USB_DT_SS_ENDPOINT_COMP ||
85 size < USB_DT_SS_EP_COMP_SIZE) {
86 dev_warn(ddev, "No SuperSpeed endpoint companion for config %d "
87 " interface %d altsetting %d ep %d: "
88 "using minimum values\n",
89 cfgno, inum, asnum, ep->desc.bEndpointAddress);
90
91
92
93
94
95
96
97
98 ep->ss_ep_comp.bLength = USB_DT_SS_EP_COMP_SIZE;
99 ep->ss_ep_comp.bDescriptorType = USB_DT_SS_ENDPOINT_COMP;
100 if (usb_endpoint_xfer_isoc(&ep->desc) ||
101 usb_endpoint_xfer_int(&ep->desc))
102 ep->ss_ep_comp.wBytesPerInterval =
103 ep->desc.wMaxPacketSize;
104 return;
105 }
106 buffer += desc->bLength;
107 size -= desc->bLength;
108 memcpy(&ep->ss_ep_comp, desc, USB_DT_SS_EP_COMP_SIZE);
109
110
111 if (usb_endpoint_xfer_control(&ep->desc) && desc->bMaxBurst != 0) {
112 dev_warn(ddev, "Control endpoint with bMaxBurst = %d in "
113 "config %d interface %d altsetting %d ep %d: "
114 "setting to zero\n", desc->bMaxBurst,
115 cfgno, inum, asnum, ep->desc.bEndpointAddress);
116 ep->ss_ep_comp.bMaxBurst = 0;
117 } else if (desc->bMaxBurst > 15) {
118 dev_warn(ddev, "Endpoint with bMaxBurst = %d in "
119 "config %d interface %d altsetting %d ep %d: "
120 "setting to 15\n", desc->bMaxBurst,
121 cfgno, inum, asnum, ep->desc.bEndpointAddress);
122 ep->ss_ep_comp.bMaxBurst = 15;
123 }
124
125 if ((usb_endpoint_xfer_control(&ep->desc) ||
126 usb_endpoint_xfer_int(&ep->desc)) &&
127 desc->bmAttributes != 0) {
128 dev_warn(ddev, "%s endpoint with bmAttributes = %d in "
129 "config %d interface %d altsetting %d ep %d: "
130 "setting to zero\n",
131 usb_endpoint_xfer_control(&ep->desc) ? "Control" : "Bulk",
132 desc->bmAttributes,
133 cfgno, inum, asnum, ep->desc.bEndpointAddress);
134 ep->ss_ep_comp.bmAttributes = 0;
135 } else if (usb_endpoint_xfer_bulk(&ep->desc) &&
136 desc->bmAttributes > 16) {
137 dev_warn(ddev, "Bulk endpoint with more than 65536 streams in "
138 "config %d interface %d altsetting %d ep %d: "
139 "setting to max\n",
140 cfgno, inum, asnum, ep->desc.bEndpointAddress);
141 ep->ss_ep_comp.bmAttributes = 16;
142 } else if (usb_endpoint_xfer_isoc(&ep->desc) &&
143 !USB_SS_SSP_ISOC_COMP(desc->bmAttributes) &&
144 USB_SS_MULT(desc->bmAttributes) > 3) {
145 dev_warn(ddev, "Isoc endpoint has Mult of %d in "
146 "config %d interface %d altsetting %d ep %d: "
147 "setting to 3\n",
148 USB_SS_MULT(desc->bmAttributes),
149 cfgno, inum, asnum, ep->desc.bEndpointAddress);
150 ep->ss_ep_comp.bmAttributes = 2;
151 }
152
153 if (usb_endpoint_xfer_isoc(&ep->desc))
154 max_tx = (desc->bMaxBurst + 1) *
155 (USB_SS_MULT(desc->bmAttributes)) *
156 usb_endpoint_maxp(&ep->desc);
157 else if (usb_endpoint_xfer_int(&ep->desc))
158 max_tx = usb_endpoint_maxp(&ep->desc) *
159 (desc->bMaxBurst + 1);
160 else
161 max_tx = 999999;
162 if (le16_to_cpu(desc->wBytesPerInterval) > max_tx) {
163 dev_warn(ddev, "%s endpoint with wBytesPerInterval of %d in "
164 "config %d interface %d altsetting %d ep %d: "
165 "setting to %d\n",
166 usb_endpoint_xfer_isoc(&ep->desc) ? "Isoc" : "Int",
167 le16_to_cpu(desc->wBytesPerInterval),
168 cfgno, inum, asnum, ep->desc.bEndpointAddress,
169 max_tx);
170 ep->ss_ep_comp.wBytesPerInterval = cpu_to_le16(max_tx);
171 }
172
173 if (usb_endpoint_xfer_isoc(&ep->desc) &&
174 USB_SS_SSP_ISOC_COMP(desc->bmAttributes))
175 usb_parse_ssp_isoc_endpoint_companion(ddev, cfgno, inum, asnum,
176 ep, buffer, size);
177}
178
179static const unsigned short low_speed_maxpacket_maxes[4] = {
180 [USB_ENDPOINT_XFER_CONTROL] = 8,
181 [USB_ENDPOINT_XFER_ISOC] = 0,
182 [USB_ENDPOINT_XFER_BULK] = 0,
183 [USB_ENDPOINT_XFER_INT] = 8,
184};
185static const unsigned short full_speed_maxpacket_maxes[4] = {
186 [USB_ENDPOINT_XFER_CONTROL] = 64,
187 [USB_ENDPOINT_XFER_ISOC] = 1023,
188 [USB_ENDPOINT_XFER_BULK] = 64,
189 [USB_ENDPOINT_XFER_INT] = 64,
190};
191static const unsigned short high_speed_maxpacket_maxes[4] = {
192 [USB_ENDPOINT_XFER_CONTROL] = 64,
193 [USB_ENDPOINT_XFER_ISOC] = 1024,
194
195
196 [USB_ENDPOINT_XFER_BULK] = 1024,
197 [USB_ENDPOINT_XFER_INT] = 1024,
198};
199static const unsigned short super_speed_maxpacket_maxes[4] = {
200 [USB_ENDPOINT_XFER_CONTROL] = 512,
201 [USB_ENDPOINT_XFER_ISOC] = 1024,
202 [USB_ENDPOINT_XFER_BULK] = 1024,
203 [USB_ENDPOINT_XFER_INT] = 1024,
204};
205
206static int usb_parse_endpoint(struct device *ddev, int cfgno, int inum,
207 int asnum, struct usb_host_interface *ifp, int num_ep,
208 unsigned char *buffer, int size)
209{
210 unsigned char *buffer0 = buffer;
211 struct usb_endpoint_descriptor *d;
212 struct usb_host_endpoint *endpoint;
213 int n, i, j, retval;
214 unsigned int maxp;
215 const unsigned short *maxpacket_maxes;
216
217 d = (struct usb_endpoint_descriptor *) buffer;
218 buffer += d->bLength;
219 size -= d->bLength;
220
221 if (d->bLength >= USB_DT_ENDPOINT_AUDIO_SIZE)
222 n = USB_DT_ENDPOINT_AUDIO_SIZE;
223 else if (d->bLength >= USB_DT_ENDPOINT_SIZE)
224 n = USB_DT_ENDPOINT_SIZE;
225 else {
226 dev_warn(ddev, "config %d interface %d altsetting %d has an "
227 "invalid endpoint descriptor of length %d, skipping\n",
228 cfgno, inum, asnum, d->bLength);
229 goto skip_to_next_endpoint_or_interface_descriptor;
230 }
231
232 i = d->bEndpointAddress & ~USB_ENDPOINT_DIR_MASK;
233 if (i >= 16 || i == 0) {
234 dev_warn(ddev, "config %d interface %d altsetting %d has an "
235 "invalid endpoint with address 0x%X, skipping\n",
236 cfgno, inum, asnum, d->bEndpointAddress);
237 goto skip_to_next_endpoint_or_interface_descriptor;
238 }
239
240
241 if (ifp->desc.bNumEndpoints >= num_ep)
242 goto skip_to_next_endpoint_or_interface_descriptor;
243
244
245 for (i = 0; i < ifp->desc.bNumEndpoints; ++i) {
246 if (ifp->endpoint[i].desc.bEndpointAddress ==
247 d->bEndpointAddress) {
248 dev_warn(ddev, "config %d interface %d altsetting %d has a duplicate endpoint with address 0x%X, skipping\n",
249 cfgno, inum, asnum, d->bEndpointAddress);
250 goto skip_to_next_endpoint_or_interface_descriptor;
251 }
252 }
253
254 endpoint = &ifp->endpoint[ifp->desc.bNumEndpoints];
255 ++ifp->desc.bNumEndpoints;
256
257 memcpy(&endpoint->desc, d, n);
258 INIT_LIST_HEAD(&endpoint->urb_list);
259
260
261
262
263
264 i = 0;
265 j = 255;
266 if (usb_endpoint_xfer_int(d)) {
267 i = 1;
268 switch (to_usb_device(ddev)->speed) {
269 case USB_SPEED_SUPER_PLUS:
270 case USB_SPEED_SUPER:
271 case USB_SPEED_HIGH:
272
273
274
275
276
277
278 n = fls(d->bInterval*8);
279 if (n == 0)
280 n = 7;
281 j = 16;
282
283
284
285
286
287
288
289 if (to_usb_device(ddev)->quirks &
290 USB_QUIRK_LINEAR_FRAME_INTR_BINTERVAL) {
291 n = clamp(fls(d->bInterval) + 3, i, j);
292 i = j = n;
293 }
294
295
296
297
298 if (to_usb_device(ddev)->quirks &
299 USB_QUIRK_LINEAR_UFRAME_INTR_BINTERVAL) {
300 n = clamp(fls(d->bInterval), i, j);
301 i = j = n;
302 }
303 break;
304 default:
305
306
307
308
309
310 n = 10;
311 break;
312 }
313 } else if (usb_endpoint_xfer_isoc(d)) {
314 i = 1;
315 j = 16;
316 switch (to_usb_device(ddev)->speed) {
317 case USB_SPEED_HIGH:
318 n = 7;
319 break;
320 default:
321 n = 4;
322 break;
323 }
324 }
325 if (d->bInterval < i || d->bInterval > j) {
326 dev_warn(ddev, "config %d interface %d altsetting %d "
327 "endpoint 0x%X has an invalid bInterval %d, "
328 "changing to %d\n",
329 cfgno, inum, asnum,
330 d->bEndpointAddress, d->bInterval, n);
331 endpoint->desc.bInterval = n;
332 }
333
334
335
336
337
338 if (to_usb_device(ddev)->speed == USB_SPEED_LOW &&
339 usb_endpoint_xfer_bulk(d)) {
340 dev_warn(ddev, "config %d interface %d altsetting %d "
341 "endpoint 0x%X is Bulk; changing to Interrupt\n",
342 cfgno, inum, asnum, d->bEndpointAddress);
343 endpoint->desc.bmAttributes = USB_ENDPOINT_XFER_INT;
344 endpoint->desc.bInterval = 1;
345 if (usb_endpoint_maxp(&endpoint->desc) > 8)
346 endpoint->desc.wMaxPacketSize = cpu_to_le16(8);
347 }
348
349
350 maxp = usb_endpoint_maxp(&endpoint->desc);
351
352
353 i = 0;
354 switch (to_usb_device(ddev)->speed) {
355 case USB_SPEED_LOW:
356 maxpacket_maxes = low_speed_maxpacket_maxes;
357 break;
358 case USB_SPEED_FULL:
359 maxpacket_maxes = full_speed_maxpacket_maxes;
360 break;
361 case USB_SPEED_HIGH:
362
363 if (usb_endpoint_xfer_int(d) || usb_endpoint_xfer_isoc(d)) {
364 i = maxp & (BIT(12) | BIT(11));
365 maxp &= ~i;
366 }
367
368 default:
369 maxpacket_maxes = high_speed_maxpacket_maxes;
370 break;
371 case USB_SPEED_SUPER:
372 case USB_SPEED_SUPER_PLUS:
373 maxpacket_maxes = super_speed_maxpacket_maxes;
374 break;
375 }
376 j = maxpacket_maxes[usb_endpoint_type(&endpoint->desc)];
377
378 if (maxp > j) {
379 dev_warn(ddev, "config %d interface %d altsetting %d endpoint 0x%X has invalid maxpacket %d, setting to %d\n",
380 cfgno, inum, asnum, d->bEndpointAddress, maxp, j);
381 maxp = j;
382 endpoint->desc.wMaxPacketSize = cpu_to_le16(i | maxp);
383 }
384
385
386
387
388
389
390 if (to_usb_device(ddev)->speed == USB_SPEED_HIGH
391 && usb_endpoint_xfer_bulk(d)) {
392 if (maxp != 512)
393 dev_warn(ddev, "config %d interface %d altsetting %d "
394 "bulk endpoint 0x%X has invalid maxpacket %d\n",
395 cfgno, inum, asnum, d->bEndpointAddress,
396 maxp);
397 }
398
399
400 if (to_usb_device(ddev)->speed >= USB_SPEED_SUPER)
401 usb_parse_ss_endpoint_companion(ddev, cfgno,
402 inum, asnum, endpoint, buffer, size);
403
404
405
406 endpoint->extra = buffer;
407 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
408 USB_DT_INTERFACE, &n);
409 endpoint->extralen = i;
410 retval = buffer - buffer0 + i;
411 if (n > 0)
412 dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
413 n, plural(n), "endpoint");
414 return retval;
415
416skip_to_next_endpoint_or_interface_descriptor:
417 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
418 USB_DT_INTERFACE, NULL);
419 return buffer - buffer0 + i;
420}
421
422void usb_release_interface_cache(struct kref *ref)
423{
424 struct usb_interface_cache *intfc = ref_to_usb_interface_cache(ref);
425 int j;
426
427 for (j = 0; j < intfc->num_altsetting; j++) {
428 struct usb_host_interface *alt = &intfc->altsetting[j];
429
430 kfree(alt->endpoint);
431 kfree(alt->string);
432 }
433 kfree(intfc);
434}
435
436static int usb_parse_interface(struct device *ddev, int cfgno,
437 struct usb_host_config *config, unsigned char *buffer, int size,
438 u8 inums[], u8 nalts[])
439{
440 unsigned char *buffer0 = buffer;
441 struct usb_interface_descriptor *d;
442 int inum, asnum;
443 struct usb_interface_cache *intfc;
444 struct usb_host_interface *alt;
445 int i, n;
446 int len, retval;
447 int num_ep, num_ep_orig;
448
449 d = (struct usb_interface_descriptor *) buffer;
450 buffer += d->bLength;
451 size -= d->bLength;
452
453 if (d->bLength < USB_DT_INTERFACE_SIZE)
454 goto skip_to_next_interface_descriptor;
455
456
457 intfc = NULL;
458 inum = d->bInterfaceNumber;
459 for (i = 0; i < config->desc.bNumInterfaces; ++i) {
460 if (inums[i] == inum) {
461 intfc = config->intf_cache[i];
462 break;
463 }
464 }
465 if (!intfc || intfc->num_altsetting >= nalts[i])
466 goto skip_to_next_interface_descriptor;
467
468
469 asnum = d->bAlternateSetting;
470 for ((i = 0, alt = &intfc->altsetting[0]);
471 i < intfc->num_altsetting;
472 (++i, ++alt)) {
473 if (alt->desc.bAlternateSetting == asnum) {
474 dev_warn(ddev, "Duplicate descriptor for config %d "
475 "interface %d altsetting %d, skipping\n",
476 cfgno, inum, asnum);
477 goto skip_to_next_interface_descriptor;
478 }
479 }
480
481 ++intfc->num_altsetting;
482 memcpy(&alt->desc, d, USB_DT_INTERFACE_SIZE);
483
484
485
486 alt->extra = buffer;
487 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
488 USB_DT_INTERFACE, &n);
489 alt->extralen = i;
490 if (n > 0)
491 dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
492 n, plural(n), "interface");
493 buffer += i;
494 size -= i;
495
496
497 num_ep = num_ep_orig = alt->desc.bNumEndpoints;
498 alt->desc.bNumEndpoints = 0;
499 if (num_ep > USB_MAXENDPOINTS) {
500 dev_warn(ddev, "too many endpoints for config %d interface %d "
501 "altsetting %d: %d, using maximum allowed: %d\n",
502 cfgno, inum, asnum, num_ep, USB_MAXENDPOINTS);
503 num_ep = USB_MAXENDPOINTS;
504 }
505
506 if (num_ep > 0) {
507
508 len = sizeof(struct usb_host_endpoint) * num_ep;
509 alt->endpoint = kzalloc(len, GFP_KERNEL);
510 if (!alt->endpoint)
511 return -ENOMEM;
512 }
513
514
515 n = 0;
516 while (size > 0) {
517 if (((struct usb_descriptor_header *) buffer)->bDescriptorType
518 == USB_DT_INTERFACE)
519 break;
520 retval = usb_parse_endpoint(ddev, cfgno, inum, asnum, alt,
521 num_ep, buffer, size);
522 if (retval < 0)
523 return retval;
524 ++n;
525
526 buffer += retval;
527 size -= retval;
528 }
529
530 if (n != num_ep_orig)
531 dev_warn(ddev, "config %d interface %d altsetting %d has %d "
532 "endpoint descriptor%s, different from the interface "
533 "descriptor's value: %d\n",
534 cfgno, inum, asnum, n, plural(n), num_ep_orig);
535 return buffer - buffer0;
536
537skip_to_next_interface_descriptor:
538 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE,
539 USB_DT_INTERFACE, NULL);
540 return buffer - buffer0 + i;
541}
542
543static int usb_parse_configuration(struct usb_device *dev, int cfgidx,
544 struct usb_host_config *config, unsigned char *buffer, int size)
545{
546 struct device *ddev = &dev->dev;
547 unsigned char *buffer0 = buffer;
548 int cfgno;
549 int nintf, nintf_orig;
550 int i, j, n;
551 struct usb_interface_cache *intfc;
552 unsigned char *buffer2;
553 int size2;
554 struct usb_descriptor_header *header;
555 int len, retval;
556 u8 inums[USB_MAXINTERFACES], nalts[USB_MAXINTERFACES];
557 unsigned iad_num = 0;
558
559 memcpy(&config->desc, buffer, USB_DT_CONFIG_SIZE);
560 nintf = nintf_orig = config->desc.bNumInterfaces;
561 config->desc.bNumInterfaces = 0;
562
563 if (config->desc.bDescriptorType != USB_DT_CONFIG ||
564 config->desc.bLength < USB_DT_CONFIG_SIZE ||
565 config->desc.bLength > size) {
566 dev_err(ddev, "invalid descriptor for config index %d: "
567 "type = 0x%X, length = %d\n", cfgidx,
568 config->desc.bDescriptorType, config->desc.bLength);
569 return -EINVAL;
570 }
571 cfgno = config->desc.bConfigurationValue;
572
573 buffer += config->desc.bLength;
574 size -= config->desc.bLength;
575
576 if (nintf > USB_MAXINTERFACES) {
577 dev_warn(ddev, "config %d has too many interfaces: %d, "
578 "using maximum allowed: %d\n",
579 cfgno, nintf, USB_MAXINTERFACES);
580 nintf = USB_MAXINTERFACES;
581 }
582
583
584
585 n = 0;
586 for ((buffer2 = buffer, size2 = size);
587 size2 > 0;
588 (buffer2 += header->bLength, size2 -= header->bLength)) {
589
590 if (size2 < sizeof(struct usb_descriptor_header)) {
591 dev_warn(ddev, "config %d descriptor has %d excess "
592 "byte%s, ignoring\n",
593 cfgno, size2, plural(size2));
594 break;
595 }
596
597 header = (struct usb_descriptor_header *) buffer2;
598 if ((header->bLength > size2) || (header->bLength < 2)) {
599 dev_warn(ddev, "config %d has an invalid descriptor "
600 "of length %d, skipping remainder of the config\n",
601 cfgno, header->bLength);
602 break;
603 }
604
605 if (header->bDescriptorType == USB_DT_INTERFACE) {
606 struct usb_interface_descriptor *d;
607 int inum;
608
609 d = (struct usb_interface_descriptor *) header;
610 if (d->bLength < USB_DT_INTERFACE_SIZE) {
611 dev_warn(ddev, "config %d has an invalid "
612 "interface descriptor of length %d, "
613 "skipping\n", cfgno, d->bLength);
614 continue;
615 }
616
617 inum = d->bInterfaceNumber;
618
619 if ((dev->quirks & USB_QUIRK_HONOR_BNUMINTERFACES) &&
620 n >= nintf_orig) {
621 dev_warn(ddev, "config %d has more interface "
622 "descriptors, than it declares in "
623 "bNumInterfaces, ignoring interface "
624 "number: %d\n", cfgno, inum);
625 continue;
626 }
627
628 if (inum >= nintf_orig)
629 dev_warn(ddev, "config %d has an invalid "
630 "interface number: %d but max is %d\n",
631 cfgno, inum, nintf_orig - 1);
632
633
634
635 for (i = 0; i < n; ++i) {
636 if (inums[i] == inum)
637 break;
638 }
639 if (i < n) {
640 if (nalts[i] < 255)
641 ++nalts[i];
642 } else if (n < USB_MAXINTERFACES) {
643 inums[n] = inum;
644 nalts[n] = 1;
645 ++n;
646 }
647
648 } else if (header->bDescriptorType ==
649 USB_DT_INTERFACE_ASSOCIATION) {
650 struct usb_interface_assoc_descriptor *d;
651
652 d = (struct usb_interface_assoc_descriptor *)header;
653 if (d->bLength < USB_DT_INTERFACE_ASSOCIATION_SIZE) {
654 dev_warn(ddev,
655 "config %d has an invalid interface association descriptor of length %d, skipping\n",
656 cfgno, d->bLength);
657 continue;
658 }
659
660 if (iad_num == USB_MAXIADS) {
661 dev_warn(ddev, "found more Interface "
662 "Association Descriptors "
663 "than allocated for in "
664 "configuration %d\n", cfgno);
665 } else {
666 config->intf_assoc[iad_num] = d;
667 iad_num++;
668 }
669
670 } else if (header->bDescriptorType == USB_DT_DEVICE ||
671 header->bDescriptorType == USB_DT_CONFIG)
672 dev_warn(ddev, "config %d contains an unexpected "
673 "descriptor of type 0x%X, skipping\n",
674 cfgno, header->bDescriptorType);
675
676 }
677 size = buffer2 - buffer;
678 config->desc.wTotalLength = cpu_to_le16(buffer2 - buffer0);
679
680 if (n != nintf)
681 dev_warn(ddev, "config %d has %d interface%s, different from "
682 "the descriptor's value: %d\n",
683 cfgno, n, plural(n), nintf_orig);
684 else if (n == 0)
685 dev_warn(ddev, "config %d has no interfaces?\n", cfgno);
686 config->desc.bNumInterfaces = nintf = n;
687
688
689 for (i = 0; i < nintf; ++i) {
690 for (j = 0; j < nintf; ++j) {
691 if (inums[j] == i)
692 break;
693 }
694 if (j >= nintf)
695 dev_warn(ddev, "config %d has no interface number "
696 "%d\n", cfgno, i);
697 }
698
699
700 for (i = 0; i < nintf; ++i) {
701 j = nalts[i];
702 if (j > USB_MAXALTSETTING) {
703 dev_warn(ddev, "too many alternate settings for "
704 "config %d interface %d: %d, "
705 "using maximum allowed: %d\n",
706 cfgno, inums[i], j, USB_MAXALTSETTING);
707 nalts[i] = j = USB_MAXALTSETTING;
708 }
709
710 len = sizeof(*intfc) + sizeof(struct usb_host_interface) * j;
711 config->intf_cache[i] = intfc = kzalloc(len, GFP_KERNEL);
712 if (!intfc)
713 return -ENOMEM;
714 kref_init(&intfc->ref);
715 }
716
717
718
719
720
721 config->extra = buffer;
722 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE,
723 USB_DT_INTERFACE, &n);
724 config->extralen = i;
725 if (n > 0)
726 dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
727 n, plural(n), "configuration");
728 buffer += i;
729 size -= i;
730
731
732 while (size > 0) {
733 retval = usb_parse_interface(ddev, cfgno, config,
734 buffer, size, inums, nalts);
735 if (retval < 0)
736 return retval;
737
738 buffer += retval;
739 size -= retval;
740 }
741
742
743 for (i = 0; i < nintf; ++i) {
744 intfc = config->intf_cache[i];
745 for (j = 0; j < intfc->num_altsetting; ++j) {
746 for (n = 0; n < intfc->num_altsetting; ++n) {
747 if (intfc->altsetting[n].desc.
748 bAlternateSetting == j)
749 break;
750 }
751 if (n >= intfc->num_altsetting)
752 dev_warn(ddev, "config %d interface %d has no "
753 "altsetting %d\n", cfgno, inums[i], j);
754 }
755 }
756
757 return 0;
758}
759
760
761
762
763void usb_destroy_configuration(struct usb_device *dev)
764{
765 int c, i;
766
767 if (!dev->config)
768 return;
769
770 if (dev->rawdescriptors) {
771 for (i = 0; i < dev->descriptor.bNumConfigurations; i++)
772 kfree(dev->rawdescriptors[i]);
773
774 kfree(dev->rawdescriptors);
775 dev->rawdescriptors = NULL;
776 }
777
778 for (c = 0; c < dev->descriptor.bNumConfigurations; c++) {
779 struct usb_host_config *cf = &dev->config[c];
780
781 kfree(cf->string);
782 for (i = 0; i < cf->desc.bNumInterfaces; i++) {
783 if (cf->intf_cache[i])
784 kref_put(&cf->intf_cache[i]->ref,
785 usb_release_interface_cache);
786 }
787 }
788 kfree(dev->config);
789 dev->config = NULL;
790}
791
792
793
794
795
796
797
798
799int usb_get_configuration(struct usb_device *dev)
800{
801 struct device *ddev = &dev->dev;
802 int ncfg = dev->descriptor.bNumConfigurations;
803 int result = 0;
804 unsigned int cfgno, length;
805 unsigned char *bigbuffer;
806 struct usb_config_descriptor *desc;
807
808 cfgno = 0;
809 result = -ENOMEM;
810 if (ncfg > USB_MAXCONFIG) {
811 dev_warn(ddev, "too many configurations: %d, "
812 "using maximum allowed: %d\n", ncfg, USB_MAXCONFIG);
813 dev->descriptor.bNumConfigurations = ncfg = USB_MAXCONFIG;
814 }
815
816 if (ncfg < 1) {
817 dev_err(ddev, "no configurations\n");
818 return -EINVAL;
819 }
820
821 length = ncfg * sizeof(struct usb_host_config);
822 dev->config = kzalloc(length, GFP_KERNEL);
823 if (!dev->config)
824 goto err2;
825
826 length = ncfg * sizeof(char *);
827 dev->rawdescriptors = kzalloc(length, GFP_KERNEL);
828 if (!dev->rawdescriptors)
829 goto err2;
830
831 desc = kmalloc(USB_DT_CONFIG_SIZE, GFP_KERNEL);
832 if (!desc)
833 goto err2;
834
835 result = 0;
836 for (; cfgno < ncfg; cfgno++) {
837
838
839 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno,
840 desc, USB_DT_CONFIG_SIZE);
841 if (result < 0) {
842 dev_err(ddev, "unable to read config index %d "
843 "descriptor/%s: %d\n", cfgno, "start", result);
844 if (result != -EPIPE)
845 goto err;
846 dev_err(ddev, "chopping to %d config(s)\n", cfgno);
847 dev->descriptor.bNumConfigurations = cfgno;
848 break;
849 } else if (result < 4) {
850 dev_err(ddev, "config index %d descriptor too short "
851 "(expected %i, got %i)\n", cfgno,
852 USB_DT_CONFIG_SIZE, result);
853 result = -EINVAL;
854 goto err;
855 }
856 length = max((int) le16_to_cpu(desc->wTotalLength),
857 USB_DT_CONFIG_SIZE);
858
859
860 bigbuffer = kmalloc(length, GFP_KERNEL);
861 if (!bigbuffer) {
862 result = -ENOMEM;
863 goto err;
864 }
865
866 if (dev->quirks & USB_QUIRK_DELAY_INIT)
867 msleep(200);
868
869 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno,
870 bigbuffer, length);
871 if (result < 0) {
872 dev_err(ddev, "unable to read config index %d "
873 "descriptor/%s\n", cfgno, "all");
874 kfree(bigbuffer);
875 goto err;
876 }
877 if (result < length) {
878 dev_warn(ddev, "config index %d descriptor too short "
879 "(expected %i, got %i)\n", cfgno, length, result);
880 length = result;
881 }
882
883 dev->rawdescriptors[cfgno] = bigbuffer;
884
885 result = usb_parse_configuration(dev, cfgno,
886 &dev->config[cfgno], bigbuffer, length);
887 if (result < 0) {
888 ++cfgno;
889 goto err;
890 }
891 }
892 result = 0;
893
894err:
895 kfree(desc);
896 dev->descriptor.bNumConfigurations = cfgno;
897err2:
898 if (result == -ENOMEM)
899 dev_err(ddev, "out of memory\n");
900 return result;
901}
902
903void usb_release_bos_descriptor(struct usb_device *dev)
904{
905 if (dev->bos) {
906 kfree(dev->bos->desc);
907 kfree(dev->bos);
908 dev->bos = NULL;
909 }
910}
911
912static const __u8 bos_desc_len[256] = {
913 [USB_CAP_TYPE_WIRELESS_USB] = USB_DT_USB_WIRELESS_CAP_SIZE,
914 [USB_CAP_TYPE_EXT] = USB_DT_USB_EXT_CAP_SIZE,
915 [USB_SS_CAP_TYPE] = USB_DT_USB_SS_CAP_SIZE,
916 [USB_SSP_CAP_TYPE] = USB_DT_USB_SSP_CAP_SIZE(1),
917 [CONTAINER_ID_TYPE] = USB_DT_USB_SS_CONTN_ID_SIZE,
918 [USB_PTM_CAP_TYPE] = USB_DT_USB_PTM_ID_SIZE,
919};
920
921
922int usb_get_bos_descriptor(struct usb_device *dev)
923{
924 struct device *ddev = &dev->dev;
925 struct usb_bos_descriptor *bos;
926 struct usb_dev_cap_header *cap;
927 struct usb_ssp_cap_descriptor *ssp_cap;
928 unsigned char *buffer;
929 int length, total_len, num, i, ssac;
930 __u8 cap_type;
931 int ret;
932
933 bos = kzalloc(sizeof(struct usb_bos_descriptor), GFP_KERNEL);
934 if (!bos)
935 return -ENOMEM;
936
937
938 ret = usb_get_descriptor(dev, USB_DT_BOS, 0, bos, USB_DT_BOS_SIZE);
939 if (ret < USB_DT_BOS_SIZE) {
940 dev_err(ddev, "unable to get BOS descriptor\n");
941 if (ret >= 0)
942 ret = -ENOMSG;
943 kfree(bos);
944 return ret;
945 }
946
947 length = bos->bLength;
948 total_len = le16_to_cpu(bos->wTotalLength);
949 num = bos->bNumDeviceCaps;
950 kfree(bos);
951 if (total_len < length)
952 return -EINVAL;
953
954 dev->bos = kzalloc(sizeof(struct usb_host_bos), GFP_KERNEL);
955 if (!dev->bos)
956 return -ENOMEM;
957
958
959 buffer = kzalloc(total_len, GFP_KERNEL);
960 if (!buffer) {
961 ret = -ENOMEM;
962 goto err;
963 }
964 dev->bos->desc = (struct usb_bos_descriptor *)buffer;
965
966 ret = usb_get_descriptor(dev, USB_DT_BOS, 0, buffer, total_len);
967 if (ret < total_len) {
968 dev_err(ddev, "unable to get BOS descriptor set\n");
969 if (ret >= 0)
970 ret = -ENOMSG;
971 goto err;
972 }
973 total_len -= length;
974
975 for (i = 0; i < num; i++) {
976 buffer += length;
977 cap = (struct usb_dev_cap_header *)buffer;
978
979 if (total_len < sizeof(*cap) || total_len < cap->bLength) {
980 dev->bos->desc->bNumDeviceCaps = i;
981 break;
982 }
983 cap_type = cap->bDevCapabilityType;
984 length = cap->bLength;
985 if (bos_desc_len[cap_type] && length < bos_desc_len[cap_type]) {
986 dev->bos->desc->bNumDeviceCaps = i;
987 break;
988 }
989
990 total_len -= length;
991
992 if (cap->bDescriptorType != USB_DT_DEVICE_CAPABILITY) {
993 dev_warn(ddev, "descriptor type invalid, skip\n");
994 continue;
995 }
996
997 switch (cap_type) {
998 case USB_CAP_TYPE_WIRELESS_USB:
999
1000 break;
1001 case USB_CAP_TYPE_EXT:
1002 dev->bos->ext_cap =
1003 (struct usb_ext_cap_descriptor *)buffer;
1004 break;
1005 case USB_SS_CAP_TYPE:
1006 dev->bos->ss_cap =
1007 (struct usb_ss_cap_descriptor *)buffer;
1008 break;
1009 case USB_SSP_CAP_TYPE:
1010 ssp_cap = (struct usb_ssp_cap_descriptor *)buffer;
1011 ssac = (le32_to_cpu(ssp_cap->bmAttributes) &
1012 USB_SSP_SUBLINK_SPEED_ATTRIBS);
1013 if (length >= USB_DT_USB_SSP_CAP_SIZE(ssac))
1014 dev->bos->ssp_cap = ssp_cap;
1015 break;
1016 case CONTAINER_ID_TYPE:
1017 dev->bos->ss_id =
1018 (struct usb_ss_container_id_descriptor *)buffer;
1019 break;
1020 case USB_PTM_CAP_TYPE:
1021 dev->bos->ptm_cap =
1022 (struct usb_ptm_cap_descriptor *)buffer;
1023 default:
1024 break;
1025 }
1026 }
1027
1028 return 0;
1029
1030err:
1031 usb_release_bos_descriptor(dev);
1032 return ret;
1033}
1034
