1// SPDX-License-Identifier: GPL-2.0 2/* 3 * Released under the GPLv2 only. 4 */ 5 6#include <linux/usb.h> 7#include <linux/usb/ch9.h> 8#include <linux/usb/hcd.h> 9#include <linux/usb/quirks.h> 10#include <linux/module.h> 11#include <linux/slab.h> 12#include <linux/device.h> 13#include <asm/byteorder.h> 14#include "usb.h" 15 16 17#define USB_MAXALTSETTING 128 /* Hard limit */ 18 19#define USB_MAXCONFIG 8 /* Arbitrary limit */ 20 21 22static inline const char *plural(int n) 23{ 24 return (n == 1 ? "" : "s"); 25} 26 27static int find_next_descriptor(unsigned char *buffer, int size, 28 int dt1, int dt2, int *num_skipped) 29{ 30 struct usb_descriptor_header *h; 31 int n = 0; 32 unsigned char *buffer0 = buffer; 33 34 /* Find the next descriptor of type dt1 or dt2 */ 35 while (size > 0) { 36 h = (struct usb_descriptor_header *) buffer; 37 if (h->bDescriptorType == dt1 || h->bDescriptorType == dt2) 38 break; 39 buffer += h->bLength; 40 size -= h->bLength; 41 ++n; 42 } 43 44 /* Store the number of descriptors skipped and return the 45 * number of bytes skipped */ 46 if (num_skipped) 47 *num_skipped = n; 48 return buffer - buffer0; 49} 50 51static void usb_parse_ssp_isoc_endpoint_companion(struct device *ddev, 52 int cfgno, int inum, int asnum, struct usb_host_endpoint *ep, 53 unsigned char *buffer, int size) 54{ 55 struct usb_ssp_isoc_ep_comp_descriptor *desc; 56 57 /* 58 * The SuperSpeedPlus Isoc endpoint companion descriptor immediately 59 * follows the SuperSpeed Endpoint Companion descriptor 60 */ 61 desc = (struct usb_ssp_isoc_ep_comp_descriptor *) buffer; 62 if (desc->bDescriptorType != USB_DT_SSP_ISOC_ENDPOINT_COMP || 63 size < USB_DT_SSP_ISOC_EP_COMP_SIZE) { 64 dev_notice(ddev, "Invalid SuperSpeedPlus isoc endpoint companion" 65 "for config %d interface %d altsetting %d ep %d.\n", 66 cfgno, inum, asnum, ep->desc.bEndpointAddress); 67 return; 68 } 69 memcpy(&ep->ssp_isoc_ep_comp, desc, USB_DT_SSP_ISOC_EP_COMP_SIZE); 70} 71 72static void usb_parse_ss_endpoint_companion(struct device *ddev, int cfgno, 73 int inum, int asnum, struct usb_host_endpoint *ep, 74 unsigned char *buffer, int size) 75{ 76 struct usb_ss_ep_comp_descriptor *desc; 77 int max_tx; 78 79 /* The SuperSpeed endpoint companion descriptor is supposed to 80 * be the first thing immediately following the endpoint descriptor. 81 */ 82 desc = (struct usb_ss_ep_comp_descriptor *) buffer; 83 84 if (desc->bDescriptorType != USB_DT_SS_ENDPOINT_COMP || 85 size < USB_DT_SS_EP_COMP_SIZE) { 86 dev_notice(ddev, "No SuperSpeed endpoint companion for config %d " 87 " interface %d altsetting %d ep %d: " 88 "using minimum values\n", 89 cfgno, inum, asnum, ep->desc.bEndpointAddress); 90 91 /* Fill in some default values. 92 * Leave bmAttributes as zero, which will mean no streams for 93 * bulk, and isoc won't support multiple bursts of packets. 94 * With bursts of only one packet, and a Mult of 1, the max 95 * amount of data moved per endpoint service interval is one 96 * packet. 97 */ 98 ep->ss_ep_comp.bLength = USB_DT_SS_EP_COMP_SIZE; 99 ep->ss_ep_comp.bDescriptorType = USB_DT_SS_ENDPOINT_COMP; 100 if (usb_endpoint_xfer_isoc(&ep->desc) || 101 usb_endpoint_xfer_int(&ep->desc)) 102 ep->ss_ep_comp.wBytesPerInterval = 103 ep->desc.wMaxPacketSize; 104 return; 105 } 106 buffer += desc->bLength; 107 size -= desc->bLength; 108 memcpy(&ep->ss_ep_comp, desc, USB_DT_SS_EP_COMP_SIZE); 109 110 /* Check the various values */ 111 if (usb_endpoint_xfer_control(&ep->desc) && desc->bMaxBurst != 0) { 112 dev_notice(ddev, "Control endpoint with bMaxBurst = %d in " 113 "config %d interface %d altsetting %d ep %d: " 114 "setting to zero\n", desc->bMaxBurst, 115 cfgno, inum, asnum, ep->desc.bEndpointAddress); 116 ep->ss_ep_comp.bMaxBurst = 0; 117 } else if (desc->bMaxBurst > 15) { 118 dev_notice(ddev, "Endpoint with bMaxBurst = %d in " 119 "config %d interface %d altsetting %d ep %d: " 120 "setting to 15\n", desc->bMaxBurst, 121 cfgno, inum, asnum, ep->desc.bEndpointAddress); 122 ep->ss_ep_comp.bMaxBurst = 15; 123 } 124 125 if ((usb_endpoint_xfer_control(&ep->desc) || 126 usb_endpoint_xfer_int(&ep->desc)) && 127 desc->bmAttributes != 0) { 128 dev_notice(ddev, "%s endpoint with bmAttributes = %d in " 129 "config %d interface %d altsetting %d ep %d: " 130 "setting to zero\n", 131 usb_endpoint_xfer_control(&ep->desc) ? "Control" : "Bulk", 132 desc->bmAttributes, 133 cfgno, inum, asnum, ep->desc.bEndpointAddress); 134 ep->ss_ep_comp.bmAttributes = 0; 135 } else if (usb_endpoint_xfer_bulk(&ep->desc) && 136 desc->bmAttributes > 16) { 137 dev_notice(ddev, "Bulk endpoint with more than 65536 streams in " 138 "config %d interface %d altsetting %d ep %d: " 139 "setting to max\n", 140 cfgno, inum, asnum, ep->desc.bEndpointAddress); 141 ep->ss_ep_comp.bmAttributes = 16; 142 } else if (usb_endpoint_xfer_isoc(&ep->desc) && 143 !USB_SS_SSP_ISOC_COMP(desc->bmAttributes) && 144 USB_SS_MULT(desc->bmAttributes) > 3) { 145 dev_notice(ddev, "Isoc endpoint has Mult of %d in " 146 "config %d interface %d altsetting %d ep %d: " 147 "setting to 3\n", 148 USB_SS_MULT(desc->bmAttributes), 149 cfgno, inum, asnum, ep->desc.bEndpointAddress); 150 ep->ss_ep_comp.bmAttributes = 2; 151 } 152 153 if (usb_endpoint_xfer_isoc(&ep->desc)) 154 max_tx = (desc->bMaxBurst + 1) * 155 (USB_SS_MULT(desc->bmAttributes)) * 156 usb_endpoint_maxp(&ep->desc); 157 else if (usb_endpoint_xfer_int(&ep->desc)) 158 max_tx = usb_endpoint_maxp(&ep->desc) * 159 (desc->bMaxBurst + 1); 160 else 161 max_tx = 999999; 162 if (le16_to_cpu(desc->wBytesPerInterval) > max_tx) { 163 dev_notice(ddev, "%s endpoint with wBytesPerInterval of %d in " 164 "config %d interface %d altsetting %d ep %d: " 165 "setting to %d\n", 166 usb_endpoint_xfer_isoc(&ep->desc) ? "Isoc" : "Int", 167 le16_to_cpu(desc->wBytesPerInterval), 168 cfgno, inum, asnum, ep->desc.bEndpointAddress, 169 max_tx); 170 ep->ss_ep_comp.wBytesPerInterval = cpu_to_le16(max_tx); 171 } 172 /* Parse a possible SuperSpeedPlus isoc ep companion descriptor */ 173 if (usb_endpoint_xfer_isoc(&ep->desc) && 174 USB_SS_SSP_ISOC_COMP(desc->bmAttributes)) 175 usb_parse_ssp_isoc_endpoint_companion(ddev, cfgno, inum, asnum, 176 ep, buffer, size); 177} 178 179static const unsigned short low_speed_maxpacket_maxes[4] = { 180 [USB_ENDPOINT_XFER_CONTROL] = 8, 181 [USB_ENDPOINT_XFER_ISOC] = 0, 182 [USB_ENDPOINT_XFER_BULK] = 0, 183 [USB_ENDPOINT_XFER_INT] = 8, 184}; 185static const unsigned short full_speed_maxpacket_maxes[4] = { 186 [USB_ENDPOINT_XFER_CONTROL] = 64, 187 [USB_ENDPOINT_XFER_ISOC] = 1023, 188 [USB_ENDPOINT_XFER_BULK] = 64, 189 [USB_ENDPOINT_XFER_INT] = 64, 190}; 191static const unsigned short high_speed_maxpacket_maxes[4] = { 192 [USB_ENDPOINT_XFER_CONTROL] = 64, 193 [USB_ENDPOINT_XFER_ISOC] = 1024, 194 195 /* Bulk should be 512, but some devices use 1024: we will warn below */ 196 [USB_ENDPOINT_XFER_BULK] = 1024, 197 [USB_ENDPOINT_XFER_INT] = 1024, 198}; 199static const unsigned short super_speed_maxpacket_maxes[4] = { 200 [USB_ENDPOINT_XFER_CONTROL] = 512, 201 [USB_ENDPOINT_XFER_ISOC] = 1024, 202 [USB_ENDPOINT_XFER_BULK] = 1024, 203 [USB_ENDPOINT_XFER_INT] = 1024, 204}; 205 206static bool endpoint_is_duplicate(struct usb_endpoint_descriptor *e1, 207 struct usb_endpoint_descriptor *e2) 208{ 209 if (e1->bEndpointAddress == e2->bEndpointAddress) 210 return true; 211 212 if (usb_endpoint_xfer_control(e1) || usb_endpoint_xfer_control(e2)) { 213 if (usb_endpoint_num(e1) == usb_endpoint_num(e2)) 214 return true; 215 } 216 217 return false; 218} 219 220/* 221 * Check for duplicate endpoint addresses in other interfaces and in the 222 * altsetting currently being parsed. 223 */ 224static bool config_endpoint_is_duplicate(struct usb_host_config *config, 225 int inum, int asnum, struct usb_endpoint_descriptor *d) 226{ 227 struct usb_endpoint_descriptor *epd; 228 struct usb_interface_cache *intfc; 229 struct usb_host_interface *alt; 230 int i, j, k; 231 232 for (i = 0; i < config->desc.bNumInterfaces; ++i) { 233 intfc = config->intf_cache[i]; 234 235 for (j = 0; j < intfc->num_altsetting; ++j) { 236 alt = &intfc->altsetting[j]; 237 238 if (alt->desc.bInterfaceNumber == inum && 239 alt->desc.bAlternateSetting != asnum) 240 continue; 241 242 for (k = 0; k < alt->desc.bNumEndpoints; ++k) { 243 epd = &alt->endpoint[k].desc; 244 245 if (endpoint_is_duplicate(epd, d)) 246 return true; 247 } 248 } 249 } 250 251 return false; 252} 253 254static int usb_parse_endpoint(struct device *ddev, int cfgno, 255 struct usb_host_config *config, int inum, int asnum, 256 struct usb_host_interface *ifp, int num_ep, 257 unsigned char *buffer, int size) 258{ 259 struct usb_device *udev = to_usb_device(ddev); 260 unsigned char *buffer0 = buffer; 261 struct usb_endpoint_descriptor *d; 262 struct usb_host_endpoint *endpoint; 263 int n, i, j, retval; 264 unsigned int maxp; 265 const unsigned short *maxpacket_maxes; 266 267 d = (struct usb_endpoint_descriptor *) buffer; 268 buffer += d->bLength; 269 size -= d->bLength; 270 271 if (d->bLength >= USB_DT_ENDPOINT_AUDIO_SIZE) 272 n = USB_DT_ENDPOINT_AUDIO_SIZE; 273 else if (d->bLength >= USB_DT_ENDPOINT_SIZE) 274 n = USB_DT_ENDPOINT_SIZE; 275 else { 276 dev_notice(ddev, "config %d interface %d altsetting %d has an " 277 "invalid endpoint descriptor of length %d, skipping\n", 278 cfgno, inum, asnum, d->bLength); 279 goto skip_to_next_endpoint_or_interface_descriptor; 280 } 281 282 i = d->bEndpointAddress & ~USB_ENDPOINT_DIR_MASK; 283 if (i >= 16 || i == 0) { 284 dev_notice(ddev, "config %d interface %d altsetting %d has an " 285 "invalid endpoint with address 0x%X, skipping\n", 286 cfgno, inum, asnum, d->bEndpointAddress); 287 goto skip_to_next_endpoint_or_interface_descriptor; 288 } 289 290 /* Only store as many endpoints as we have room for */ 291 if (ifp->desc.bNumEndpoints >= num_ep) 292 goto skip_to_next_endpoint_or_interface_descriptor; 293 294 /* Save a copy of the descriptor and use it instead of the original */ 295 endpoint = &ifp->endpoint[ifp->desc.bNumEndpoints]; 296 memcpy(&endpoint->desc, d, n); 297 d = &endpoint->desc; 298 299 /* Clear the reserved bits in bEndpointAddress */ 300 i = d->bEndpointAddress & 301 (USB_ENDPOINT_DIR_MASK | USB_ENDPOINT_NUMBER_MASK); 302 if (i != d->bEndpointAddress) { 303 dev_notice(ddev, "config %d interface %d altsetting %d has an endpoint descriptor with address 0x%X, changing to 0x%X\n", 304 cfgno, inum, asnum, d->bEndpointAddress, i); 305 endpoint->desc.bEndpointAddress = i; 306 } 307 308 /* Check for duplicate endpoint addresses */ 309 if (config_endpoint_is_duplicate(config, inum, asnum, d)) { 310 dev_notice(ddev, "config %d interface %d altsetting %d has a duplicate endpoint with address 0x%X, skipping\n", 311 cfgno, inum, asnum, d->bEndpointAddress); 312 goto skip_to_next_endpoint_or_interface_descriptor; 313 } 314 315 /* Ignore some endpoints */ 316 if (udev->quirks & USB_QUIRK_ENDPOINT_IGNORE) { 317 if (usb_endpoint_is_ignored(udev, ifp, d)) { 318 dev_notice(ddev, "config %d interface %d altsetting %d has an ignored endpoint with address 0x%X, skipping\n", 319 cfgno, inum, asnum, 320 d->bEndpointAddress); 321 goto skip_to_next_endpoint_or_interface_descriptor; 322 } 323 } 324 325 /* Accept this endpoint */ 326 ++ifp->desc.bNumEndpoints; 327 INIT_LIST_HEAD(&endpoint->urb_list); 328 329 /* 330 * Fix up bInterval values outside the legal range. 331 * Use 10 or 8 ms if no proper value can be guessed. 332 */ 333 i = 0; /* i = min, j = max, n = default */ 334 j = 255; 335 if (usb_endpoint_xfer_int(d)) { 336 i = 1; 337 switch (udev->speed) { 338 case USB_SPEED_SUPER_PLUS: 339 case USB_SPEED_SUPER: 340 case USB_SPEED_HIGH: 341 /* 342 * Many device manufacturers are using full-speed 343 * bInterval values in high-speed interrupt endpoint 344 * descriptors. Try to fix those and fall back to an 345 * 8-ms default value otherwise. 346 */ 347 n = fls(d->bInterval*8); 348 if (n == 0) 349 n = 7; /* 8 ms = 2^(7-1) uframes */ 350 j = 16; 351 352 /* 353 * Adjust bInterval for quirked devices. 354 */ 355 /* 356 * This quirk fixes bIntervals reported in ms. 357 */ 358 if (udev->quirks & USB_QUIRK_LINEAR_FRAME_INTR_BINTERVAL) { 359 n = clamp(fls(d->bInterval) + 3, i, j); 360 i = j = n; 361 } 362 /* 363 * This quirk fixes bIntervals reported in 364 * linear microframes. 365 */ 366 if (udev->quirks & USB_QUIRK_LINEAR_UFRAME_INTR_BINTERVAL) { 367 n = clamp(fls(d->bInterval), i, j); 368 i = j = n; 369 } 370 break; 371 default: /* USB_SPEED_FULL or _LOW */ 372 /* 373 * For low-speed, 10 ms is the official minimum. 374 * But some "overclocked" devices might want faster 375 * polling so we'll allow it. 376 */ 377 n = 10; 378 break; 379 } 380 } else if (usb_endpoint_xfer_isoc(d)) { 381 i = 1; 382 j = 16; 383 switch (udev->speed) { 384 case USB_SPEED_HIGH: 385 n = 7; /* 8 ms = 2^(7-1) uframes */ 386 break; 387 default: /* USB_SPEED_FULL */ 388 n = 4; /* 8 ms = 2^(4-1) frames */ 389 break; 390 } 391 } 392 if (d->bInterval < i || d->bInterval > j) { 393 dev_notice(ddev, "config %d interface %d altsetting %d " 394 "endpoint 0x%X has an invalid bInterval %d, " 395 "changing to %d\n", 396 cfgno, inum, asnum, 397 d->bEndpointAddress, d->bInterval, n); 398 endpoint->desc.bInterval = n; 399 } 400 401 /* Some buggy low-speed devices have Bulk endpoints, which is 402 * explicitly forbidden by the USB spec. In an attempt to make 403 * them usable, we will try treating them as Interrupt endpoints. 404 */ 405 if (udev->speed == USB_SPEED_LOW && usb_endpoint_xfer_bulk(d)) { 406 dev_notice(ddev, "config %d interface %d altsetting %d " 407 "endpoint 0x%X is Bulk; changing to Interrupt\n", 408 cfgno, inum, asnum, d->bEndpointAddress); 409 endpoint->desc.bmAttributes = USB_ENDPOINT_XFER_INT; 410 endpoint->desc.bInterval = 1; 411 if (usb_endpoint_maxp(&endpoint->desc) > 8) 412 endpoint->desc.wMaxPacketSize = cpu_to_le16(8); 413 } 414 415 /* 416 * Validate the wMaxPacketSize field. 417 * Some devices have isochronous endpoints in altsetting 0; 418 * the USB-2 spec requires such endpoints to have wMaxPacketSize = 0 419 * (see the end of section 5.6.3), so don't warn about them. 420 */ 421 maxp = le16_to_cpu(endpoint->desc.wMaxPacketSize); 422 if (maxp == 0 && !(usb_endpoint_xfer_isoc(d) && asnum == 0)) { 423 dev_notice(ddev, "config %d interface %d altsetting %d endpoint 0x%X has invalid wMaxPacketSize 0\n", 424 cfgno, inum, asnum, d->bEndpointAddress); 425 } 426 427 /* Find the highest legal maxpacket size for this endpoint */ 428 i = 0; /* additional transactions per microframe */ 429 switch (udev->speed) { 430 case USB_SPEED_LOW: 431 maxpacket_maxes = low_speed_maxpacket_maxes; 432 break; 433 case USB_SPEED_FULL: 434 maxpacket_maxes = full_speed_maxpacket_maxes; 435 break; 436 case USB_SPEED_HIGH: 437 /* Multiple-transactions bits are allowed only for HS periodic endpoints */ 438 if (usb_endpoint_xfer_int(d) || usb_endpoint_xfer_isoc(d)) { 439 i = maxp & USB_EP_MAXP_MULT_MASK; 440 maxp &= ~i; 441 } 442 fallthrough; 443 default: 444 maxpacket_maxes = high_speed_maxpacket_maxes; 445 break; 446 case USB_SPEED_SUPER: 447 case USB_SPEED_SUPER_PLUS: 448 maxpacket_maxes = super_speed_maxpacket_maxes; 449 break; 450 } 451 j = maxpacket_maxes[usb_endpoint_type(&endpoint->desc)]; 452 453 if (maxp > j) { 454 dev_notice(ddev, "config %d interface %d altsetting %d endpoint 0x%X has invalid maxpacket %d, setting to %d\n", 455 cfgno, inum, asnum, d->bEndpointAddress, maxp, j); 456 maxp = j; 457 endpoint->desc.wMaxPacketSize = cpu_to_le16(i | maxp); 458 } 459 460 /* 461 * Some buggy high speed devices have bulk endpoints using 462 * maxpacket sizes other than 512. High speed HCDs may not 463 * be able to handle that particular bug, so let's warn... 464 */ 465 if (udev->speed == USB_SPEED_HIGH && usb_endpoint_xfer_bulk(d)) { 466 if (maxp != 512) 467 dev_notice(ddev, "config %d interface %d altsetting %d " 468 "bulk endpoint 0x%X has invalid maxpacket %d\n", 469 cfgno, inum, asnum, d->bEndpointAddress, 470 maxp); 471 } 472 473 /* Parse a possible SuperSpeed endpoint companion descriptor */ 474 if (udev->speed >= USB_SPEED_SUPER) 475 usb_parse_ss_endpoint_companion(ddev, cfgno, 476 inum, asnum, endpoint, buffer, size); 477 478 /* Skip over any Class Specific or Vendor Specific descriptors; 479 * find the next endpoint or interface descriptor */ 480 endpoint->extra = buffer; 481 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 482 USB_DT_INTERFACE, &n); 483 endpoint->extralen = i; 484 retval = buffer - buffer0 + i; 485 if (n > 0) 486 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 487 n, plural(n), "endpoint"); 488 return retval; 489 490skip_to_next_endpoint_or_interface_descriptor: 491 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 492 USB_DT_INTERFACE, NULL); 493 return buffer - buffer0 + i; 494} 495 496void usb_release_interface_cache(struct kref *ref) 497{ 498 struct usb_interface_cache *intfc = ref_to_usb_interface_cache(ref); 499 int j; 500 501 for (j = 0; j < intfc->num_altsetting; j++) { 502 struct usb_host_interface *alt = &intfc->altsetting[j]; 503 504 kfree(alt->endpoint); 505 kfree(alt->string); 506 } 507 kfree(intfc); 508} 509 510static int usb_parse_interface(struct device *ddev, int cfgno, 511 struct usb_host_config *config, unsigned char *buffer, int size, 512 u8 inums[], u8 nalts[]) 513{ 514 unsigned char *buffer0 = buffer; 515 struct usb_interface_descriptor *d; 516 int inum, asnum; 517 struct usb_interface_cache *intfc; 518 struct usb_host_interface *alt; 519 int i, n; 520 int len, retval; 521 int num_ep, num_ep_orig; 522 523 d = (struct usb_interface_descriptor *) buffer; 524 buffer += d->bLength; 525 size -= d->bLength; 526 527 if (d->bLength < USB_DT_INTERFACE_SIZE) 528 goto skip_to_next_interface_descriptor; 529 530 /* Which interface entry is this? */ 531 intfc = NULL; 532 inum = d->bInterfaceNumber; 533 for (i = 0; i < config->desc.bNumInterfaces; ++i) { 534 if (inums[i] == inum) { 535 intfc = config->intf_cache[i]; 536 break; 537 } 538 } 539 if (!intfc || intfc->num_altsetting >= nalts[i]) 540 goto skip_to_next_interface_descriptor; 541 542 /* Check for duplicate altsetting entries */ 543 asnum = d->bAlternateSetting; 544 for ((i = 0, alt = &intfc->altsetting[0]); 545 i < intfc->num_altsetting; 546 (++i, ++alt)) { 547 if (alt->desc.bAlternateSetting == asnum) { 548 dev_notice(ddev, "Duplicate descriptor for config %d " 549 "interface %d altsetting %d, skipping\n", 550 cfgno, inum, asnum); 551 goto skip_to_next_interface_descriptor; 552 } 553 } 554 555 ++intfc->num_altsetting; 556 memcpy(&alt->desc, d, USB_DT_INTERFACE_SIZE); 557 558 /* Skip over any Class Specific or Vendor Specific descriptors; 559 * find the first endpoint or interface descriptor */ 560 alt->extra = buffer; 561 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT, 562 USB_DT_INTERFACE, &n); 563 alt->extralen = i; 564 if (n > 0) 565 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 566 n, plural(n), "interface"); 567 buffer += i; 568 size -= i; 569 570 /* Allocate space for the right(?) number of endpoints */ 571 num_ep = num_ep_orig = alt->desc.bNumEndpoints; 572 alt->desc.bNumEndpoints = 0; /* Use as a counter */ 573 if (num_ep > USB_MAXENDPOINTS) { 574 dev_notice(ddev, "too many endpoints for config %d interface %d " 575 "altsetting %d: %d, using maximum allowed: %d\n", 576 cfgno, inum, asnum, num_ep, USB_MAXENDPOINTS); 577 num_ep = USB_MAXENDPOINTS; 578 } 579 580 if (num_ep > 0) { 581 /* Can't allocate 0 bytes */ 582 len = sizeof(struct usb_host_endpoint) * num_ep; 583 alt->endpoint = kzalloc(len, GFP_KERNEL); 584 if (!alt->endpoint) 585 return -ENOMEM; 586 } 587 588 /* Parse all the endpoint descriptors */ 589 n = 0; 590 while (size > 0) { 591 if (((struct usb_descriptor_header *) buffer)->bDescriptorType 592 == USB_DT_INTERFACE) 593 break; 594 retval = usb_parse_endpoint(ddev, cfgno, config, inum, asnum, 595 alt, num_ep, buffer, size); 596 if (retval < 0) 597 return retval; 598 ++n; 599 600 buffer += retval; 601 size -= retval; 602 } 603 604 if (n != num_ep_orig) 605 dev_notice(ddev, "config %d interface %d altsetting %d has %d " 606 "endpoint descriptor%s, different from the interface " 607 "descriptor's value: %d\n", 608 cfgno, inum, asnum, n, plural(n), num_ep_orig); 609 return buffer - buffer0; 610 611skip_to_next_interface_descriptor: 612 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE, 613 USB_DT_INTERFACE, NULL); 614 return buffer - buffer0 + i; 615} 616 617static int usb_parse_configuration(struct usb_device *dev, int cfgidx, 618 struct usb_host_config *config, unsigned char *buffer, int size) 619{ 620 struct device *ddev = &dev->dev; 621 unsigned char *buffer0 = buffer; 622 int cfgno; 623 int nintf, nintf_orig; 624 int i, j, n; 625 struct usb_interface_cache *intfc; 626 unsigned char *buffer2; 627 int size2; 628 struct usb_descriptor_header *header; 629 int retval; 630 u8 inums[USB_MAXINTERFACES], nalts[USB_MAXINTERFACES]; 631 unsigned iad_num = 0; 632 633 memcpy(&config->desc, buffer, USB_DT_CONFIG_SIZE); 634 nintf = nintf_orig = config->desc.bNumInterfaces; 635 config->desc.bNumInterfaces = 0; // Adjusted later 636 637 if (config->desc.bDescriptorType != USB_DT_CONFIG || 638 config->desc.bLength < USB_DT_CONFIG_SIZE || 639 config->desc.bLength > size) { 640 dev_notice(ddev, "invalid descriptor for config index %d: " 641 "type = 0x%X, length = %d\n", cfgidx, 642 config->desc.bDescriptorType, config->desc.bLength); 643 return -EINVAL; 644 } 645 cfgno = config->desc.bConfigurationValue; 646 647 buffer += config->desc.bLength; 648 size -= config->desc.bLength; 649 650 if (nintf > USB_MAXINTERFACES) { 651 dev_notice(ddev, "config %d has too many interfaces: %d, " 652 "using maximum allowed: %d\n", 653 cfgno, nintf, USB_MAXINTERFACES); 654 nintf = USB_MAXINTERFACES; 655 } 656 657 /* Go through the descriptors, checking their length and counting the 658 * number of altsettings for each interface */ 659 n = 0; 660 for ((buffer2 = buffer, size2 = size); 661 size2 > 0; 662 (buffer2 += header->bLength, size2 -= header->bLength)) { 663 664 if (size2 < sizeof(struct usb_descriptor_header)) { 665 dev_notice(ddev, "config %d descriptor has %d excess " 666 "byte%s, ignoring\n", 667 cfgno, size2, plural(size2)); 668 break; 669 } 670 671 header = (struct usb_descriptor_header *) buffer2; 672 if ((header->bLength > size2) || (header->bLength < 2)) { 673 dev_notice(ddev, "config %d has an invalid descriptor " 674 "of length %d, skipping remainder of the config\n", 675 cfgno, header->bLength); 676 break; 677 } 678 679 if (header->bDescriptorType == USB_DT_INTERFACE) { 680 struct usb_interface_descriptor *d; 681 int inum; 682 683 d = (struct usb_interface_descriptor *) header; 684 if (d->bLength < USB_DT_INTERFACE_SIZE) { 685 dev_notice(ddev, "config %d has an invalid " 686 "interface descriptor of length %d, " 687 "skipping\n", cfgno, d->bLength); 688 continue; 689 } 690 691 inum = d->bInterfaceNumber; 692 693 if ((dev->quirks & USB_QUIRK_HONOR_BNUMINTERFACES) && 694 n >= nintf_orig) { 695 dev_notice(ddev, "config %d has more interface " 696 "descriptors, than it declares in " 697 "bNumInterfaces, ignoring interface " 698 "number: %d\n", cfgno, inum); 699 continue; 700 } 701 702 if (inum >= nintf_orig) 703 dev_notice(ddev, "config %d has an invalid " 704 "interface number: %d but max is %d\n", 705 cfgno, inum, nintf_orig - 1); 706 707 /* Have we already encountered this interface? 708 * Count its altsettings */ 709 for (i = 0; i < n; ++i) { 710 if (inums[i] == inum) 711 break; 712 } 713 if (i < n) { 714 if (nalts[i] < 255) 715 ++nalts[i]; 716 } else if (n < USB_MAXINTERFACES) { 717 inums[n] = inum; 718 nalts[n] = 1; 719 ++n; 720 } 721 722 } else if (header->bDescriptorType == 723 USB_DT_INTERFACE_ASSOCIATION) { 724 struct usb_interface_assoc_descriptor *d; 725 726 d = (struct usb_interface_assoc_descriptor *)header; 727 if (d->bLength < USB_DT_INTERFACE_ASSOCIATION_SIZE) { 728 dev_notice(ddev, 729 "config %d has an invalid interface association descriptor of length %d, skipping\n", 730 cfgno, d->bLength); 731 continue; 732 } 733 734 if (iad_num == USB_MAXIADS) { 735 dev_notice(ddev, "found more Interface " 736 "Association Descriptors " 737 "than allocated for in " 738 "configuration %d\n", cfgno); 739 } else { 740 config->intf_assoc[iad_num] = d; 741 iad_num++; 742 } 743 744 } else if (header->bDescriptorType == USB_DT_DEVICE || 745 header->bDescriptorType == USB_DT_CONFIG) 746 dev_notice(ddev, "config %d contains an unexpected " 747 "descriptor of type 0x%X, skipping\n", 748 cfgno, header->bDescriptorType); 749 750 } /* for ((buffer2 = buffer, size2 = size); ...) */ 751 size = buffer2 - buffer; 752 config->desc.wTotalLength = cpu_to_le16(buffer2 - buffer0); 753 754 if (n != nintf) 755 dev_notice(ddev, "config %d has %d interface%s, different from " 756 "the descriptor's value: %d\n", 757 cfgno, n, plural(n), nintf_orig); 758 else if (n == 0) 759 dev_notice(ddev, "config %d has no interfaces?\n", cfgno); 760 config->desc.bNumInterfaces = nintf = n; 761 762 /* Check for missing interface numbers */ 763 for (i = 0; i < nintf; ++i) { 764 for (j = 0; j < nintf; ++j) { 765 if (inums[j] == i) 766 break; 767 } 768 if (j >= nintf) 769 dev_notice(ddev, "config %d has no interface number " 770 "%d\n", cfgno, i); 771 } 772 773 /* Allocate the usb_interface_caches and altsetting arrays */ 774 for (i = 0; i < nintf; ++i) { 775 j = nalts[i]; 776 if (j > USB_MAXALTSETTING) { 777 dev_notice(ddev, "too many alternate settings for " 778 "config %d interface %d: %d, " 779 "using maximum allowed: %d\n", 780 cfgno, inums[i], j, USB_MAXALTSETTING); 781 nalts[i] = j = USB_MAXALTSETTING; 782 } 783 784 intfc = kzalloc(struct_size(intfc, altsetting, j), GFP_KERNEL); 785 config->intf_cache[i] = intfc; 786 if (!intfc) 787 return -ENOMEM; 788 kref_init(&intfc->ref); 789 } 790 791 /* FIXME: parse the BOS descriptor */ 792 793 /* Skip over any Class Specific or Vendor Specific descriptors; 794 * find the first interface descriptor */ 795 config->extra = buffer; 796 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE, 797 USB_DT_INTERFACE, &n); 798 config->extralen = i; 799 if (n > 0) 800 dev_dbg(ddev, "skipped %d descriptor%s after %s\n", 801 n, plural(n), "configuration"); 802 buffer += i; 803 size -= i; 804 805 /* Parse all the interface/altsetting descriptors */ 806 while (size > 0) { 807 retval = usb_parse_interface(ddev, cfgno, config, 808 buffer, size, inums, nalts); 809 if (retval < 0) 810 return retval; 811 812 buffer += retval; 813 size -= retval; 814 } 815 816 /* Check for missing altsettings */ 817 for (i = 0; i < nintf; ++i) { 818 intfc = config->intf_cache[i]; 819 for (j = 0; j < intfc->num_altsetting; ++j) { 820 for (n = 0; n < intfc->num_altsetting; ++n) { 821 if (intfc->altsetting[n].desc. 822 bAlternateSetting == j) 823 break; 824 } 825 if (n >= intfc->num_altsetting) 826 dev_notice(ddev, "config %d interface %d has no " 827 "altsetting %d\n", cfgno, inums[i], j); 828 } 829 } 830 831 return 0; 832} 833 834/* hub-only!! ... and only exported for reset/reinit path. 835 * otherwise used internally on disconnect/destroy path 836 */ 837void usb_destroy_configuration(struct usb_device *dev) 838{ 839 int c, i; 840 841 if (!dev->config) 842 return; 843 844 if (dev->rawdescriptors) { 845 for (i = 0; i < dev->descriptor.bNumConfigurations; i++) 846 kfree(dev->rawdescriptors[i]); 847 848 kfree(dev->rawdescriptors); 849 dev->rawdescriptors = NULL; 850 } 851 852 for (c = 0; c < dev->descriptor.bNumConfigurations; c++) { 853 struct usb_host_config *cf = &dev->config[c]; 854 855 kfree(cf->string); 856 for (i = 0; i < cf->desc.bNumInterfaces; i++) { 857 if (cf->intf_cache[i]) 858 kref_put(&cf->intf_cache[i]->ref, 859 usb_release_interface_cache); 860 } 861 } 862 kfree(dev->config); 863 dev->config = NULL; 864} 865 866 867/* 868 * Get the USB config descriptors, cache and parse'em 869 * 870 * hub-only!! ... and only in reset path, or usb_new_device() 871 * (used by real hubs and virtual root hubs) 872 */ 873int usb_get_configuration(struct usb_device *dev) 874{ 875 struct device *ddev = &dev->dev; 876 int ncfg = dev->descriptor.bNumConfigurations; 877 unsigned int cfgno, length; 878 unsigned char *bigbuffer; 879 struct usb_config_descriptor *desc; 880 int result; 881 882 if (ncfg > USB_MAXCONFIG) { 883 dev_notice(ddev, "too many configurations: %d, " 884 "using maximum allowed: %d\n", ncfg, USB_MAXCONFIG); 885 dev->descriptor.bNumConfigurations = ncfg = USB_MAXCONFIG; 886 } 887 888 if (ncfg < 1) { 889 dev_err(ddev, "no configurations\n"); 890 return -EINVAL; 891 } 892 893 length = ncfg * sizeof(struct usb_host_config); 894 dev->config = kzalloc(length, GFP_KERNEL); 895 if (!dev->config) 896 return -ENOMEM; 897 898 length = ncfg * sizeof(char *); 899 dev->rawdescriptors = kzalloc(length, GFP_KERNEL); 900 if (!dev->rawdescriptors) 901 return -ENOMEM; 902 903 desc = kmalloc(USB_DT_CONFIG_SIZE, GFP_KERNEL); 904 if (!desc) 905 return -ENOMEM; 906 907 for (cfgno = 0; cfgno < ncfg; cfgno++) { 908 /* We grab just the first descriptor so we know how long 909 * the whole configuration is */ 910 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno, 911 desc, USB_DT_CONFIG_SIZE); 912 if (result < 0) { 913 dev_err(ddev, "unable to read config index %d " 914 "descriptor/%s: %d\n", cfgno, "start", result); 915 if (result != -EPIPE) 916 goto err; 917 dev_notice(ddev, "chopping to %d config(s)\n", cfgno); 918 dev->descriptor.bNumConfigurations = cfgno; 919 break; 920 } else if (result < 4) { 921 dev_err(ddev, "config index %d descriptor too short " 922 "(expected %i, got %i)\n", cfgno, 923 USB_DT_CONFIG_SIZE, result); 924 result = -EINVAL; 925 goto err; 926 } 927 length = max((int) le16_to_cpu(desc->wTotalLength), 928 USB_DT_CONFIG_SIZE); 929 930 /* Now that we know the length, get the whole thing */ 931 bigbuffer = kmalloc(length, GFP_KERNEL); 932 if (!bigbuffer) { 933 result = -ENOMEM; 934 goto err; 935 } 936 937 if (dev->quirks & USB_QUIRK_DELAY_INIT) 938 msleep(200); 939 940 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno, 941 bigbuffer, length); 942 if (result < 0) { 943 dev_err(ddev, "unable to read config index %d " 944 "descriptor/%s\n", cfgno, "all"); 945 kfree(bigbuffer); 946 goto err; 947 } 948 if (result < length) { 949 dev_notice(ddev, "config index %d descriptor too short " 950 "(expected %i, got %i)\n", cfgno, length, result); 951 length = result; 952 } 953 954 dev->rawdescriptors[cfgno] = bigbuffer; 955 956 result = usb_parse_configuration(dev, cfgno, 957 &dev->config[cfgno], bigbuffer, length); 958 if (result < 0) { 959 ++cfgno; 960 goto err; 961 } 962 } 963 964err: 965 kfree(desc); 966 dev->descriptor.bNumConfigurations = cfgno; 967 968 return result; 969} 970 971void usb_release_bos_descriptor(struct usb_device *dev) 972{ 973 if (dev->bos) { 974 kfree(dev->bos->desc); 975 kfree(dev->bos); 976 dev->bos = NULL; 977 } 978} 979 980static const __u8 bos_desc_len[256] = { 981 [USB_CAP_TYPE_WIRELESS_USB] = USB_DT_USB_WIRELESS_CAP_SIZE, 982 [USB_CAP_TYPE_EXT] = USB_DT_USB_EXT_CAP_SIZE, 983 [USB_SS_CAP_TYPE] = USB_DT_USB_SS_CAP_SIZE, 984 [USB_SSP_CAP_TYPE] = USB_DT_USB_SSP_CAP_SIZE(1), 985 [CONTAINER_ID_TYPE] = USB_DT_USB_SS_CONTN_ID_SIZE, 986 [USB_PTM_CAP_TYPE] = USB_DT_USB_PTM_ID_SIZE, 987}; 988 989/* Get BOS descriptor set */ 990int usb_get_bos_descriptor(struct usb_device *dev) 991{ 992 struct device *ddev = &dev->dev; 993 struct usb_bos_descriptor *bos; 994 struct usb_dev_cap_header *cap; 995 struct usb_ssp_cap_descriptor *ssp_cap; 996 unsigned char *buffer, *buffer0; 997 int length, total_len, num, i, ssac; 998 __u8 cap_type; 999 int ret; 1000 1001 bos = kzalloc(sizeof(struct usb_bos_descriptor), GFP_KERNEL); 1002 if (!bos) 1003 return -ENOMEM; 1004 1005 /* Get BOS descriptor */ 1006 ret = usb_get_descriptor(dev, USB_DT_BOS, 0, bos, USB_DT_BOS_SIZE); 1007 if (ret < USB_DT_BOS_SIZE || bos->bLength < USB_DT_BOS_SIZE) { 1008 dev_notice(ddev, "unable to get BOS descriptor or descriptor too short\n"); 1009 if (ret >= 0) 1010 ret = -ENOMSG; 1011 kfree(bos); 1012 return ret; 1013 } 1014 1015 length = bos->bLength; 1016 total_len = le16_to_cpu(bos->wTotalLength); 1017 num = bos->bNumDeviceCaps; 1018 kfree(bos); 1019 if (total_len < length) 1020 return -EINVAL; 1021 1022 dev->bos = kzalloc(sizeof(struct usb_host_bos), GFP_KERNEL); 1023 if (!dev->bos) 1024 return -ENOMEM; 1025 1026 /* Now let's get the whole BOS descriptor set */ 1027 buffer = kzalloc(total_len, GFP_KERNEL); 1028 if (!buffer) { 1029 ret = -ENOMEM; 1030 goto err; 1031 } 1032 dev->bos->desc = (struct usb_bos_descriptor *)buffer; 1033 1034 ret = usb_get_descriptor(dev, USB_DT_BOS, 0, buffer, total_len); 1035 if (ret < total_len) { 1036 dev_notice(ddev, "unable to get BOS descriptor set\n"); 1037 if (ret >= 0) 1038 ret = -ENOMSG; 1039 goto err; 1040 } 1041 1042 buffer0 = buffer; 1043 total_len -= length; 1044 buffer += length; 1045 1046 for (i = 0; i < num; i++) { 1047 cap = (struct usb_dev_cap_header *)buffer; 1048 1049 if (total_len < sizeof(*cap) || total_len < cap->bLength) { 1050 dev->bos->desc->bNumDeviceCaps = i; 1051 break; 1052 } 1053 cap_type = cap->bDevCapabilityType; 1054 length = cap->bLength; 1055 if (bos_desc_len[cap_type] && length < bos_desc_len[cap_type]) { 1056 dev->bos->desc->bNumDeviceCaps = i; 1057 break; 1058 } 1059 1060 if (cap->bDescriptorType != USB_DT_DEVICE_CAPABILITY) { 1061 dev_notice(ddev, "descriptor type invalid, skip\n"); 1062 goto skip_to_next_descriptor; 1063 } 1064 1065 switch (cap_type) { 1066 case USB_CAP_TYPE_WIRELESS_USB: 1067 /* Wireless USB cap descriptor is handled by wusb */ 1068 break; 1069 case USB_CAP_TYPE_EXT: 1070 dev->bos->ext_cap = 1071 (struct usb_ext_cap_descriptor *)buffer; 1072 break; 1073 case USB_SS_CAP_TYPE: 1074 dev->bos->ss_cap = 1075 (struct usb_ss_cap_descriptor *)buffer; 1076 break; 1077 case USB_SSP_CAP_TYPE: 1078 ssp_cap = (struct usb_ssp_cap_descriptor *)buffer; 1079 ssac = (le32_to_cpu(ssp_cap->bmAttributes) & 1080 USB_SSP_SUBLINK_SPEED_ATTRIBS); 1081 if (length >= USB_DT_USB_SSP_CAP_SIZE(ssac)) 1082 dev->bos->ssp_cap = ssp_cap; 1083 break; 1084 case CONTAINER_ID_TYPE: 1085 dev->bos->ss_id = 1086 (struct usb_ss_container_id_descriptor *)buffer; 1087 break; 1088 case USB_PTM_CAP_TYPE: 1089 dev->bos->ptm_cap = 1090 (struct usb_ptm_cap_descriptor *)buffer; 1091 default: 1092 break; 1093 } 1094 1095skip_to_next_descriptor: 1096 total_len -= length; 1097 buffer += length; 1098 } 1099 dev->bos->desc->wTotalLength = cpu_to_le16(buffer - buffer0); 1100 1101 return 0; 1102 1103err: 1104 usb_release_bos_descriptor(dev); 1105 return ret; 1106} 1107