1 #include <linux/usb.h>
2 #include <linux/usb/ch9.h>
3 #include <linux/usb/hcd.h>
4 #include <linux/usb/quirks.h>
5 #include <linux/module.h>
6 #include <linux/init.h>
7 #include <linux/slab.h>
8 #include <linux/device.h>
9 #include <asm/byteorder.h>
10 #include "usb.h"
11 
12 
13 #define USB_MAXALTSETTING		128	/* Hard limit */
14 #define USB_MAXENDPOINTS		30	/* Hard limit */
15 
16 #define USB_MAXCONFIG			8	/* Arbitrary limit */
17 
18 
plural(int n)19 static inline const char *plural(int n)
20 {
21 	return (n == 1 ? "" : "s");
22 }
23 
find_next_descriptor(unsigned char * buffer,int size,int dt1,int dt2,int * num_skipped)24 static int find_next_descriptor(unsigned char *buffer, int size,
25     int dt1, int dt2, int *num_skipped)
26 {
27 	struct usb_descriptor_header *h;
28 	int n = 0;
29 	unsigned char *buffer0 = buffer;
30 
31 	/* Find the next descriptor of type dt1 or dt2 */
32 	while (size > 0) {
33 		h = (struct usb_descriptor_header *) buffer;
34 		if (h->bDescriptorType == dt1 || h->bDescriptorType == dt2)
35 			break;
36 		buffer += h->bLength;
37 		size -= h->bLength;
38 		++n;
39 	}
40 
41 	/* Store the number of descriptors skipped and return the
42 	 * number of bytes skipped */
43 	if (num_skipped)
44 		*num_skipped = n;
45 	return buffer - buffer0;
46 }
47 
usb_parse_ss_endpoint_companion(struct device * ddev,int cfgno,int inum,int asnum,struct usb_host_endpoint * ep,unsigned char * buffer,int size)48 static void usb_parse_ss_endpoint_companion(struct device *ddev, int cfgno,
49 		int inum, int asnum, struct usb_host_endpoint *ep,
50 		unsigned char *buffer, int size)
51 {
52 	struct usb_ss_ep_comp_descriptor *desc;
53 	int max_tx;
54 
55 	/* The SuperSpeed endpoint companion descriptor is supposed to
56 	 * be the first thing immediately following the endpoint descriptor.
57 	 */
58 	desc = (struct usb_ss_ep_comp_descriptor *) buffer;
59 	if (desc->bDescriptorType != USB_DT_SS_ENDPOINT_COMP ||
60 			size < USB_DT_SS_EP_COMP_SIZE) {
61 		dev_warn(ddev, "No SuperSpeed endpoint companion for config %d "
62 				" interface %d altsetting %d ep %d: "
63 				"using minimum values\n",
64 				cfgno, inum, asnum, ep->desc.bEndpointAddress);
65 
66 		/* Fill in some default values.
67 		 * Leave bmAttributes as zero, which will mean no streams for
68 		 * bulk, and isoc won't support multiple bursts of packets.
69 		 * With bursts of only one packet, and a Mult of 1, the max
70 		 * amount of data moved per endpoint service interval is one
71 		 * packet.
72 		 */
73 		ep->ss_ep_comp.bLength = USB_DT_SS_EP_COMP_SIZE;
74 		ep->ss_ep_comp.bDescriptorType = USB_DT_SS_ENDPOINT_COMP;
75 		if (usb_endpoint_xfer_isoc(&ep->desc) ||
76 				usb_endpoint_xfer_int(&ep->desc))
77 			ep->ss_ep_comp.wBytesPerInterval =
78 					ep->desc.wMaxPacketSize;
79 		return;
80 	}
81 
82 	memcpy(&ep->ss_ep_comp, desc, USB_DT_SS_EP_COMP_SIZE);
83 
84 	/* Check the various values */
85 	if (usb_endpoint_xfer_control(&ep->desc) && desc->bMaxBurst != 0) {
86 		dev_warn(ddev, "Control endpoint with bMaxBurst = %d in "
87 				"config %d interface %d altsetting %d ep %d: "
88 				"setting to zero\n", desc->bMaxBurst,
89 				cfgno, inum, asnum, ep->desc.bEndpointAddress);
90 		ep->ss_ep_comp.bMaxBurst = 0;
91 	} else if (desc->bMaxBurst > 15) {
92 		dev_warn(ddev, "Endpoint with bMaxBurst = %d in "
93 				"config %d interface %d altsetting %d ep %d: "
94 				"setting to 15\n", desc->bMaxBurst,
95 				cfgno, inum, asnum, ep->desc.bEndpointAddress);
96 		ep->ss_ep_comp.bMaxBurst = 15;
97 	}
98 
99 	if ((usb_endpoint_xfer_control(&ep->desc) ||
100 			usb_endpoint_xfer_int(&ep->desc)) &&
101 				desc->bmAttributes != 0) {
102 		dev_warn(ddev, "%s endpoint with bmAttributes = %d in "
103 				"config %d interface %d altsetting %d ep %d: "
104 				"setting to zero\n",
105 				usb_endpoint_xfer_control(&ep->desc) ? "Control" : "Bulk",
106 				desc->bmAttributes,
107 				cfgno, inum, asnum, ep->desc.bEndpointAddress);
108 		ep->ss_ep_comp.bmAttributes = 0;
109 	} else if (usb_endpoint_xfer_bulk(&ep->desc) &&
110 			desc->bmAttributes > 16) {
111 		dev_warn(ddev, "Bulk endpoint with more than 65536 streams in "
112 				"config %d interface %d altsetting %d ep %d: "
113 				"setting to max\n",
114 				cfgno, inum, asnum, ep->desc.bEndpointAddress);
115 		ep->ss_ep_comp.bmAttributes = 16;
116 	} else if (usb_endpoint_xfer_isoc(&ep->desc) &&
117 			desc->bmAttributes > 2) {
118 		dev_warn(ddev, "Isoc endpoint has Mult of %d in "
119 				"config %d interface %d altsetting %d ep %d: "
120 				"setting to 3\n", desc->bmAttributes + 1,
121 				cfgno, inum, asnum, ep->desc.bEndpointAddress);
122 		ep->ss_ep_comp.bmAttributes = 2;
123 	}
124 
125 	if (usb_endpoint_xfer_isoc(&ep->desc))
126 		max_tx = ep->desc.wMaxPacketSize * (desc->bMaxBurst + 1) *
127 			(desc->bmAttributes + 1);
128 	else if (usb_endpoint_xfer_int(&ep->desc))
129 		max_tx = ep->desc.wMaxPacketSize * (desc->bMaxBurst + 1);
130 	else
131 		max_tx = 999999;
132 	if (desc->wBytesPerInterval > max_tx) {
133 		dev_warn(ddev, "%s endpoint with wBytesPerInterval of %d in "
134 				"config %d interface %d altsetting %d ep %d: "
135 				"setting to %d\n",
136 				usb_endpoint_xfer_isoc(&ep->desc) ? "Isoc" : "Int",
137 				desc->wBytesPerInterval,
138 				cfgno, inum, asnum, ep->desc.bEndpointAddress,
139 				max_tx);
140 		ep->ss_ep_comp.wBytesPerInterval = max_tx;
141 	}
142 }
143 
usb_parse_endpoint(struct device * ddev,int cfgno,int inum,int asnum,struct usb_host_interface * ifp,int num_ep,unsigned char * buffer,int size)144 static int usb_parse_endpoint(struct device *ddev, int cfgno, int inum,
145     int asnum, struct usb_host_interface *ifp, int num_ep,
146     unsigned char *buffer, int size)
147 {
148 	unsigned char *buffer0 = buffer;
149 	struct usb_endpoint_descriptor *d;
150 	struct usb_host_endpoint *endpoint;
151 	int n, i, j, retval;
152 
153 	d = (struct usb_endpoint_descriptor *) buffer;
154 	buffer += d->bLength;
155 	size -= d->bLength;
156 
157 	if (d->bLength >= USB_DT_ENDPOINT_AUDIO_SIZE)
158 		n = USB_DT_ENDPOINT_AUDIO_SIZE;
159 	else if (d->bLength >= USB_DT_ENDPOINT_SIZE)
160 		n = USB_DT_ENDPOINT_SIZE;
161 	else {
162 		dev_warn(ddev, "config %d interface %d altsetting %d has an "
163 		    "invalid endpoint descriptor of length %d, skipping\n",
164 		    cfgno, inum, asnum, d->bLength);
165 		goto skip_to_next_endpoint_or_interface_descriptor;
166 	}
167 
168 	i = d->bEndpointAddress & ~USB_ENDPOINT_DIR_MASK;
169 	if (i >= 16 || i == 0) {
170 		dev_warn(ddev, "config %d interface %d altsetting %d has an "
171 		    "invalid endpoint with address 0x%X, skipping\n",
172 		    cfgno, inum, asnum, d->bEndpointAddress);
173 		goto skip_to_next_endpoint_or_interface_descriptor;
174 	}
175 
176 	/* Only store as many endpoints as we have room for */
177 	if (ifp->desc.bNumEndpoints >= num_ep)
178 		goto skip_to_next_endpoint_or_interface_descriptor;
179 
180 	endpoint = &ifp->endpoint[ifp->desc.bNumEndpoints];
181 	++ifp->desc.bNumEndpoints;
182 
183 	memcpy(&endpoint->desc, d, n);
184 	INIT_LIST_HEAD(&endpoint->urb_list);
185 
186 	/* Fix up bInterval values outside the legal range. Use 32 ms if no
187 	 * proper value can be guessed. */
188 	i = 0;		/* i = min, j = max, n = default */
189 	j = 255;
190 	if (usb_endpoint_xfer_int(d)) {
191 		i = 1;
192 		switch (to_usb_device(ddev)->speed) {
193 		case USB_SPEED_SUPER:
194 		case USB_SPEED_HIGH:
195 			/* Many device manufacturers are using full-speed
196 			 * bInterval values in high-speed interrupt endpoint
197 			 * descriptors. Try to fix those and fall back to a
198 			 * 32 ms default value otherwise. */
199 			n = fls(d->bInterval*8);
200 			if (n == 0)
201 				n = 9;	/* 32 ms = 2^(9-1) uframes */
202 			j = 16;
203 			break;
204 		default:		/* USB_SPEED_FULL or _LOW */
205 			/* For low-speed, 10 ms is the official minimum.
206 			 * But some "overclocked" devices might want faster
207 			 * polling so we'll allow it. */
208 			n = 32;
209 			break;
210 		}
211 	} else if (usb_endpoint_xfer_isoc(d)) {
212 		i = 1;
213 		j = 16;
214 		switch (to_usb_device(ddev)->speed) {
215 		case USB_SPEED_HIGH:
216 			n = 9;		/* 32 ms = 2^(9-1) uframes */
217 			break;
218 		default:		/* USB_SPEED_FULL */
219 			n = 6;		/* 32 ms = 2^(6-1) frames */
220 			break;
221 		}
222 	}
223 	if (d->bInterval < i || d->bInterval > j) {
224 		dev_warn(ddev, "config %d interface %d altsetting %d "
225 		    "endpoint 0x%X has an invalid bInterval %d, "
226 		    "changing to %d\n",
227 		    cfgno, inum, asnum,
228 		    d->bEndpointAddress, d->bInterval, n);
229 		endpoint->desc.bInterval = n;
230 	}
231 
232 	/* Some buggy low-speed devices have Bulk endpoints, which is
233 	 * explicitly forbidden by the USB spec.  In an attempt to make
234 	 * them usable, we will try treating them as Interrupt endpoints.
235 	 */
236 	if (to_usb_device(ddev)->speed == USB_SPEED_LOW &&
237 			usb_endpoint_xfer_bulk(d)) {
238 		dev_warn(ddev, "config %d interface %d altsetting %d "
239 		    "endpoint 0x%X is Bulk; changing to Interrupt\n",
240 		    cfgno, inum, asnum, d->bEndpointAddress);
241 		endpoint->desc.bmAttributes = USB_ENDPOINT_XFER_INT;
242 		endpoint->desc.bInterval = 1;
243 		if (le16_to_cpu(endpoint->desc.wMaxPacketSize) > 8)
244 			endpoint->desc.wMaxPacketSize = cpu_to_le16(8);
245 	}
246 
247 	/*
248 	 * Some buggy high speed devices have bulk endpoints using
249 	 * maxpacket sizes other than 512.  High speed HCDs may not
250 	 * be able to handle that particular bug, so let's warn...
251 	 */
252 	if (to_usb_device(ddev)->speed == USB_SPEED_HIGH
253 			&& usb_endpoint_xfer_bulk(d)) {
254 		unsigned maxp;
255 
256 		maxp = le16_to_cpu(endpoint->desc.wMaxPacketSize) & 0x07ff;
257 		if (maxp != 512)
258 			dev_warn(ddev, "config %d interface %d altsetting %d "
259 				"bulk endpoint 0x%X has invalid maxpacket %d\n",
260 				cfgno, inum, asnum, d->bEndpointAddress,
261 				maxp);
262 	}
263 
264 	/* Parse a possible SuperSpeed endpoint companion descriptor */
265 	if (to_usb_device(ddev)->speed == USB_SPEED_SUPER)
266 		usb_parse_ss_endpoint_companion(ddev, cfgno,
267 				inum, asnum, endpoint, buffer, size);
268 
269 	/* Skip over any Class Specific or Vendor Specific descriptors;
270 	 * find the next endpoint or interface descriptor */
271 	endpoint->extra = buffer;
272 	i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
273 			USB_DT_INTERFACE, &n);
274 	endpoint->extralen = i;
275 	retval = buffer - buffer0 + i;
276 	if (n > 0)
277 		dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
278 		    n, plural(n), "endpoint");
279 	return retval;
280 
281 skip_to_next_endpoint_or_interface_descriptor:
282 	i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
283 	    USB_DT_INTERFACE, NULL);
284 	return buffer - buffer0 + i;
285 }
286 
usb_release_interface_cache(struct kref * ref)287 void usb_release_interface_cache(struct kref *ref)
288 {
289 	struct usb_interface_cache *intfc = ref_to_usb_interface_cache(ref);
290 	int j;
291 
292 	for (j = 0; j < intfc->num_altsetting; j++) {
293 		struct usb_host_interface *alt = &intfc->altsetting[j];
294 
295 		kfree(alt->endpoint);
296 		kfree(alt->string);
297 	}
298 	kfree(intfc);
299 }
300 
usb_parse_interface(struct device * ddev,int cfgno,struct usb_host_config * config,unsigned char * buffer,int size,u8 inums[],u8 nalts[])301 static int usb_parse_interface(struct device *ddev, int cfgno,
302     struct usb_host_config *config, unsigned char *buffer, int size,
303     u8 inums[], u8 nalts[])
304 {
305 	unsigned char *buffer0 = buffer;
306 	struct usb_interface_descriptor	*d;
307 	int inum, asnum;
308 	struct usb_interface_cache *intfc;
309 	struct usb_host_interface *alt;
310 	int i, n;
311 	int len, retval;
312 	int num_ep, num_ep_orig;
313 
314 	d = (struct usb_interface_descriptor *) buffer;
315 	buffer += d->bLength;
316 	size -= d->bLength;
317 
318 	if (d->bLength < USB_DT_INTERFACE_SIZE)
319 		goto skip_to_next_interface_descriptor;
320 
321 	/* Which interface entry is this? */
322 	intfc = NULL;
323 	inum = d->bInterfaceNumber;
324 	for (i = 0; i < config->desc.bNumInterfaces; ++i) {
325 		if (inums[i] == inum) {
326 			intfc = config->intf_cache[i];
327 			break;
328 		}
329 	}
330 	if (!intfc || intfc->num_altsetting >= nalts[i])
331 		goto skip_to_next_interface_descriptor;
332 
333 	/* Check for duplicate altsetting entries */
334 	asnum = d->bAlternateSetting;
335 	for ((i = 0, alt = &intfc->altsetting[0]);
336 	      i < intfc->num_altsetting;
337 	     (++i, ++alt)) {
338 		if (alt->desc.bAlternateSetting == asnum) {
339 			dev_warn(ddev, "Duplicate descriptor for config %d "
340 			    "interface %d altsetting %d, skipping\n",
341 			    cfgno, inum, asnum);
342 			goto skip_to_next_interface_descriptor;
343 		}
344 	}
345 
346 	++intfc->num_altsetting;
347 	memcpy(&alt->desc, d, USB_DT_INTERFACE_SIZE);
348 
349 	/* Skip over any Class Specific or Vendor Specific descriptors;
350 	 * find the first endpoint or interface descriptor */
351 	alt->extra = buffer;
352 	i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
353 	    USB_DT_INTERFACE, &n);
354 	alt->extralen = i;
355 	if (n > 0)
356 		dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
357 		    n, plural(n), "interface");
358 	buffer += i;
359 	size -= i;
360 
361 	/* Allocate space for the right(?) number of endpoints */
362 	num_ep = num_ep_orig = alt->desc.bNumEndpoints;
363 	alt->desc.bNumEndpoints = 0;		/* Use as a counter */
364 	if (num_ep > USB_MAXENDPOINTS) {
365 		dev_warn(ddev, "too many endpoints for config %d interface %d "
366 		    "altsetting %d: %d, using maximum allowed: %d\n",
367 		    cfgno, inum, asnum, num_ep, USB_MAXENDPOINTS);
368 		num_ep = USB_MAXENDPOINTS;
369 	}
370 
371 	if (num_ep > 0) {
372 		/* Can't allocate 0 bytes */
373 		len = sizeof(struct usb_host_endpoint) * num_ep;
374 		alt->endpoint = kzalloc(len, GFP_KERNEL);
375 		if (!alt->endpoint)
376 			return -ENOMEM;
377 	}
378 
379 	/* Parse all the endpoint descriptors */
380 	n = 0;
381 	while (size > 0) {
382 		if (((struct usb_descriptor_header *) buffer)->bDescriptorType
383 		     == USB_DT_INTERFACE)
384 			break;
385 		retval = usb_parse_endpoint(ddev, cfgno, inum, asnum, alt,
386 		    num_ep, buffer, size);
387 		if (retval < 0)
388 			return retval;
389 		++n;
390 
391 		buffer += retval;
392 		size -= retval;
393 	}
394 
395 	if (n != num_ep_orig)
396 		dev_warn(ddev, "config %d interface %d altsetting %d has %d "
397 		    "endpoint descriptor%s, different from the interface "
398 		    "descriptor's value: %d\n",
399 		    cfgno, inum, asnum, n, plural(n), num_ep_orig);
400 	return buffer - buffer0;
401 
402 skip_to_next_interface_descriptor:
403 	i = find_next_descriptor(buffer, size, USB_DT_INTERFACE,
404 	    USB_DT_INTERFACE, NULL);
405 	return buffer - buffer0 + i;
406 }
407 
usb_parse_configuration(struct usb_device * dev,int cfgidx,struct usb_host_config * config,unsigned char * buffer,int size)408 static int usb_parse_configuration(struct usb_device *dev, int cfgidx,
409     struct usb_host_config *config, unsigned char *buffer, int size)
410 {
411 	struct device *ddev = &dev->dev;
412 	unsigned char *buffer0 = buffer;
413 	int cfgno;
414 	int nintf, nintf_orig;
415 	int i, j, n;
416 	struct usb_interface_cache *intfc;
417 	unsigned char *buffer2;
418 	int size2;
419 	struct usb_descriptor_header *header;
420 	int len, retval;
421 	u8 inums[USB_MAXINTERFACES], nalts[USB_MAXINTERFACES];
422 	unsigned iad_num = 0;
423 
424 	memcpy(&config->desc, buffer, USB_DT_CONFIG_SIZE);
425 	if (config->desc.bDescriptorType != USB_DT_CONFIG ||
426 	    config->desc.bLength < USB_DT_CONFIG_SIZE) {
427 		dev_err(ddev, "invalid descriptor for config index %d: "
428 		    "type = 0x%X, length = %d\n", cfgidx,
429 		    config->desc.bDescriptorType, config->desc.bLength);
430 		return -EINVAL;
431 	}
432 	cfgno = config->desc.bConfigurationValue;
433 
434 	buffer += config->desc.bLength;
435 	size -= config->desc.bLength;
436 
437 	nintf = nintf_orig = config->desc.bNumInterfaces;
438 	if (nintf > USB_MAXINTERFACES) {
439 		dev_warn(ddev, "config %d has too many interfaces: %d, "
440 		    "using maximum allowed: %d\n",
441 		    cfgno, nintf, USB_MAXINTERFACES);
442 		nintf = USB_MAXINTERFACES;
443 	}
444 
445 	/* Go through the descriptors, checking their length and counting the
446 	 * number of altsettings for each interface */
447 	n = 0;
448 	for ((buffer2 = buffer, size2 = size);
449 	      size2 > 0;
450 	     (buffer2 += header->bLength, size2 -= header->bLength)) {
451 
452 		if (size2 < sizeof(struct usb_descriptor_header)) {
453 			dev_warn(ddev, "config %d descriptor has %d excess "
454 			    "byte%s, ignoring\n",
455 			    cfgno, size2, plural(size2));
456 			break;
457 		}
458 
459 		header = (struct usb_descriptor_header *) buffer2;
460 		if ((header->bLength > size2) || (header->bLength < 2)) {
461 			dev_warn(ddev, "config %d has an invalid descriptor "
462 			    "of length %d, skipping remainder of the config\n",
463 			    cfgno, header->bLength);
464 			break;
465 		}
466 
467 		if (header->bDescriptorType == USB_DT_INTERFACE) {
468 			struct usb_interface_descriptor *d;
469 			int inum;
470 
471 			d = (struct usb_interface_descriptor *) header;
472 			if (d->bLength < USB_DT_INTERFACE_SIZE) {
473 				dev_warn(ddev, "config %d has an invalid "
474 				    "interface descriptor of length %d, "
475 				    "skipping\n", cfgno, d->bLength);
476 				continue;
477 			}
478 
479 			inum = d->bInterfaceNumber;
480 
481 			if ((dev->quirks & USB_QUIRK_HONOR_BNUMINTERFACES) &&
482 			    n >= nintf_orig) {
483 				dev_warn(ddev, "config %d has more interface "
484 				    "descriptors, than it declares in "
485 				    "bNumInterfaces, ignoring interface "
486 				    "number: %d\n", cfgno, inum);
487 				continue;
488 			}
489 
490 			if (inum >= nintf_orig)
491 				dev_warn(ddev, "config %d has an invalid "
492 				    "interface number: %d but max is %d\n",
493 				    cfgno, inum, nintf_orig - 1);
494 
495 			/* Have we already encountered this interface?
496 			 * Count its altsettings */
497 			for (i = 0; i < n; ++i) {
498 				if (inums[i] == inum)
499 					break;
500 			}
501 			if (i < n) {
502 				if (nalts[i] < 255)
503 					++nalts[i];
504 			} else if (n < USB_MAXINTERFACES) {
505 				inums[n] = inum;
506 				nalts[n] = 1;
507 				++n;
508 			}
509 
510 		} else if (header->bDescriptorType ==
511 				USB_DT_INTERFACE_ASSOCIATION) {
512 			if (iad_num == USB_MAXIADS) {
513 				dev_warn(ddev, "found more Interface "
514 					       "Association Descriptors "
515 					       "than allocated for in "
516 					       "configuration %d\n", cfgno);
517 			} else {
518 				config->intf_assoc[iad_num] =
519 					(struct usb_interface_assoc_descriptor
520 					*)header;
521 				iad_num++;
522 			}
523 
524 		} else if (header->bDescriptorType == USB_DT_DEVICE ||
525 			    header->bDescriptorType == USB_DT_CONFIG)
526 			dev_warn(ddev, "config %d contains an unexpected "
527 			    "descriptor of type 0x%X, skipping\n",
528 			    cfgno, header->bDescriptorType);
529 
530 	}	/* for ((buffer2 = buffer, size2 = size); ...) */
531 	size = buffer2 - buffer;
532 	config->desc.wTotalLength = cpu_to_le16(buffer2 - buffer0);
533 
534 	if (n != nintf)
535 		dev_warn(ddev, "config %d has %d interface%s, different from "
536 		    "the descriptor's value: %d\n",
537 		    cfgno, n, plural(n), nintf_orig);
538 	else if (n == 0)
539 		dev_warn(ddev, "config %d has no interfaces?\n", cfgno);
540 	config->desc.bNumInterfaces = nintf = n;
541 
542 	/* Check for missing interface numbers */
543 	for (i = 0; i < nintf; ++i) {
544 		for (j = 0; j < nintf; ++j) {
545 			if (inums[j] == i)
546 				break;
547 		}
548 		if (j >= nintf)
549 			dev_warn(ddev, "config %d has no interface number "
550 			    "%d\n", cfgno, i);
551 	}
552 
553 	/* Allocate the usb_interface_caches and altsetting arrays */
554 	for (i = 0; i < nintf; ++i) {
555 		j = nalts[i];
556 		if (j > USB_MAXALTSETTING) {
557 			dev_warn(ddev, "too many alternate settings for "
558 			    "config %d interface %d: %d, "
559 			    "using maximum allowed: %d\n",
560 			    cfgno, inums[i], j, USB_MAXALTSETTING);
561 			nalts[i] = j = USB_MAXALTSETTING;
562 		}
563 
564 		len = sizeof(*intfc) + sizeof(struct usb_host_interface) * j;
565 		config->intf_cache[i] = intfc = kzalloc(len, GFP_KERNEL);
566 		if (!intfc)
567 			return -ENOMEM;
568 		kref_init(&intfc->ref);
569 	}
570 
571 	/* FIXME: parse the BOS descriptor */
572 
573 	/* Skip over any Class Specific or Vendor Specific descriptors;
574 	 * find the first interface descriptor */
575 	config->extra = buffer;
576 	i = find_next_descriptor(buffer, size, USB_DT_INTERFACE,
577 	    USB_DT_INTERFACE, &n);
578 	config->extralen = i;
579 	if (n > 0)
580 		dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
581 		    n, plural(n), "configuration");
582 	buffer += i;
583 	size -= i;
584 
585 	/* Parse all the interface/altsetting descriptors */
586 	while (size > 0) {
587 		retval = usb_parse_interface(ddev, cfgno, config,
588 		    buffer, size, inums, nalts);
589 		if (retval < 0)
590 			return retval;
591 
592 		buffer += retval;
593 		size -= retval;
594 	}
595 
596 	/* Check for missing altsettings */
597 	for (i = 0; i < nintf; ++i) {
598 		intfc = config->intf_cache[i];
599 		for (j = 0; j < intfc->num_altsetting; ++j) {
600 			for (n = 0; n < intfc->num_altsetting; ++n) {
601 				if (intfc->altsetting[n].desc.
602 				    bAlternateSetting == j)
603 					break;
604 			}
605 			if (n >= intfc->num_altsetting)
606 				dev_warn(ddev, "config %d interface %d has no "
607 				    "altsetting %d\n", cfgno, inums[i], j);
608 		}
609 	}
610 
611 	return 0;
612 }
613 
614 /* hub-only!! ... and only exported for reset/reinit path.
615  * otherwise used internally on disconnect/destroy path
616  */
usb_destroy_configuration(struct usb_device * dev)617 void usb_destroy_configuration(struct usb_device *dev)
618 {
619 	int c, i;
620 
621 	if (!dev->config)
622 		return;
623 
624 	if (dev->rawdescriptors) {
625 		for (i = 0; i < dev->descriptor.bNumConfigurations; i++)
626 			kfree(dev->rawdescriptors[i]);
627 
628 		kfree(dev->rawdescriptors);
629 		dev->rawdescriptors = NULL;
630 	}
631 
632 	for (c = 0; c < dev->descriptor.bNumConfigurations; c++) {
633 		struct usb_host_config *cf = &dev->config[c];
634 
635 		kfree(cf->string);
636 		for (i = 0; i < cf->desc.bNumInterfaces; i++) {
637 			if (cf->intf_cache[i])
638 				kref_put(&cf->intf_cache[i]->ref,
639 					  usb_release_interface_cache);
640 		}
641 	}
642 	kfree(dev->config);
643 	dev->config = NULL;
644 }
645 
646 
647 /*
648  * Get the USB config descriptors, cache and parse'em
649  *
650  * hub-only!! ... and only in reset path, or usb_new_device()
651  * (used by real hubs and virtual root hubs)
652  *
653  * NOTE: if this is a WUSB device and is not authorized, we skip the
654  *       whole thing. A non-authorized USB device has no
655  *       configurations.
656  */
usb_get_configuration(struct usb_device * dev)657 int usb_get_configuration(struct usb_device *dev)
658 {
659 	struct device *ddev = &dev->dev;
660 	int ncfg = dev->descriptor.bNumConfigurations;
661 	int result = 0;
662 	unsigned int cfgno, length;
663 	unsigned char *bigbuffer;
664 	struct usb_config_descriptor *desc;
665 
666 	cfgno = 0;
667 	if (dev->authorized == 0)	/* Not really an error */
668 		goto out_not_authorized;
669 	result = -ENOMEM;
670 	if (ncfg > USB_MAXCONFIG) {
671 		dev_warn(ddev, "too many configurations: %d, "
672 		    "using maximum allowed: %d\n", ncfg, USB_MAXCONFIG);
673 		dev->descriptor.bNumConfigurations = ncfg = USB_MAXCONFIG;
674 	}
675 
676 	if (ncfg < 1) {
677 		dev_err(ddev, "no configurations\n");
678 		return -EINVAL;
679 	}
680 
681 	length = ncfg * sizeof(struct usb_host_config);
682 	dev->config = kzalloc(length, GFP_KERNEL);
683 	if (!dev->config)
684 		goto err2;
685 
686 	length = ncfg * sizeof(char *);
687 	dev->rawdescriptors = kzalloc(length, GFP_KERNEL);
688 	if (!dev->rawdescriptors)
689 		goto err2;
690 
691 	desc = kmalloc(USB_DT_CONFIG_SIZE, GFP_KERNEL);
692 	if (!desc)
693 		goto err2;
694 
695 	result = 0;
696 	for (; cfgno < ncfg; cfgno++) {
697 		/* We grab just the first descriptor so we know how long
698 		 * the whole configuration is */
699 		result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno,
700 		    desc, USB_DT_CONFIG_SIZE);
701 		if (result < 0) {
702 			dev_err(ddev, "unable to read config index %d "
703 			    "descriptor/%s: %d\n", cfgno, "start", result);
704 			dev_err(ddev, "chopping to %d config(s)\n", cfgno);
705 			dev->descriptor.bNumConfigurations = cfgno;
706 			break;
707 		} else if (result < 4) {
708 			dev_err(ddev, "config index %d descriptor too short "
709 			    "(expected %i, got %i)\n", cfgno,
710 			    USB_DT_CONFIG_SIZE, result);
711 			result = -EINVAL;
712 			goto err;
713 		}
714 		length = max((int) le16_to_cpu(desc->wTotalLength),
715 		    USB_DT_CONFIG_SIZE);
716 
717 		/* Now that we know the length, get the whole thing */
718 		bigbuffer = kmalloc(length, GFP_KERNEL);
719 		if (!bigbuffer) {
720 			result = -ENOMEM;
721 			goto err;
722 		}
723 		result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno,
724 		    bigbuffer, length);
725 		if (result < 0) {
726 			dev_err(ddev, "unable to read config index %d "
727 			    "descriptor/%s\n", cfgno, "all");
728 			kfree(bigbuffer);
729 			goto err;
730 		}
731 		if (result < length) {
732 			dev_warn(ddev, "config index %d descriptor too short "
733 			    "(expected %i, got %i)\n", cfgno, length, result);
734 			length = result;
735 		}
736 
737 		dev->rawdescriptors[cfgno] = bigbuffer;
738 
739 		result = usb_parse_configuration(dev, cfgno,
740 		    &dev->config[cfgno], bigbuffer, length);
741 		if (result < 0) {
742 			++cfgno;
743 			goto err;
744 		}
745 	}
746 	result = 0;
747 
748 err:
749 	kfree(desc);
750 out_not_authorized:
751 	dev->descriptor.bNumConfigurations = cfgno;
752 err2:
753 	if (result == -ENOMEM)
754 		dev_err(ddev, "out of memory\n");
755 	return result;
756 }
757