mm owner: fix race between swapoff and exit
[linux-2.6/next.git] / drivers / usb / core / config.c
blob568244c99bdc0f5d7b0e03d2177d1153e9d49d49
1 #include <linux/usb.h>
2 #include <linux/usb/ch9.h>
3 #include <linux/module.h>
4 #include <linux/init.h>
5 #include <linux/slab.h>
6 #include <linux/device.h>
7 #include <asm/byteorder.h>
8 #include "usb.h"
9 #include "hcd.h"
11 #define USB_MAXALTSETTING 128 /* Hard limit */
12 #define USB_MAXENDPOINTS 30 /* Hard limit */
14 #define USB_MAXCONFIG 8 /* Arbitrary limit */
17 static inline const char *plural(int n)
19 return (n == 1 ? "" : "s");
22 static int find_next_descriptor(unsigned char *buffer, int size,
23 int dt1, int dt2, int *num_skipped)
25 struct usb_descriptor_header *h;
26 int n = 0;
27 unsigned char *buffer0 = buffer;
29 /* Find the next descriptor of type dt1 or dt2 */
30 while (size > 0) {
31 h = (struct usb_descriptor_header *) buffer;
32 if (h->bDescriptorType == dt1 || h->bDescriptorType == dt2)
33 break;
34 buffer += h->bLength;
35 size -= h->bLength;
36 ++n;
39 /* Store the number of descriptors skipped and return the
40 * number of bytes skipped */
41 if (num_skipped)
42 *num_skipped = n;
43 return buffer - buffer0;
46 static int usb_parse_endpoint(struct device *ddev, int cfgno, int inum,
47 int asnum, struct usb_host_interface *ifp, int num_ep,
48 unsigned char *buffer, int size)
50 unsigned char *buffer0 = buffer;
51 struct usb_endpoint_descriptor *d;
52 struct usb_host_endpoint *endpoint;
53 int n, i, j;
55 d = (struct usb_endpoint_descriptor *) buffer;
56 buffer += d->bLength;
57 size -= d->bLength;
59 if (d->bLength >= USB_DT_ENDPOINT_AUDIO_SIZE)
60 n = USB_DT_ENDPOINT_AUDIO_SIZE;
61 else if (d->bLength >= USB_DT_ENDPOINT_SIZE)
62 n = USB_DT_ENDPOINT_SIZE;
63 else {
64 dev_warn(ddev, "config %d interface %d altsetting %d has an "
65 "invalid endpoint descriptor of length %d, skipping\n",
66 cfgno, inum, asnum, d->bLength);
67 goto skip_to_next_endpoint_or_interface_descriptor;
70 i = d->bEndpointAddress & ~USB_ENDPOINT_DIR_MASK;
71 if (i >= 16 || i == 0) {
72 dev_warn(ddev, "config %d interface %d altsetting %d has an "
73 "invalid endpoint with address 0x%X, skipping\n",
74 cfgno, inum, asnum, d->bEndpointAddress);
75 goto skip_to_next_endpoint_or_interface_descriptor;
78 /* Only store as many endpoints as we have room for */
79 if (ifp->desc.bNumEndpoints >= num_ep)
80 goto skip_to_next_endpoint_or_interface_descriptor;
82 endpoint = &ifp->endpoint[ifp->desc.bNumEndpoints];
83 ++ifp->desc.bNumEndpoints;
85 memcpy(&endpoint->desc, d, n);
86 INIT_LIST_HEAD(&endpoint->urb_list);
88 /* Fix up bInterval values outside the legal range. Use 32 ms if no
89 * proper value can be guessed. */
90 i = 0; /* i = min, j = max, n = default */
91 j = 255;
92 if (usb_endpoint_xfer_int(d)) {
93 i = 1;
94 switch (to_usb_device(ddev)->speed) {
95 case USB_SPEED_HIGH:
96 /* Many device manufacturers are using full-speed
97 * bInterval values in high-speed interrupt endpoint
98 * descriptors. Try to fix those and fall back to a
99 * 32 ms default value otherwise. */
100 n = fls(d->bInterval*8);
101 if (n == 0)
102 n = 9; /* 32 ms = 2^(9-1) uframes */
103 j = 16;
104 break;
105 default: /* USB_SPEED_FULL or _LOW */
106 /* For low-speed, 10 ms is the official minimum.
107 * But some "overclocked" devices might want faster
108 * polling so we'll allow it. */
109 n = 32;
110 break;
112 } else if (usb_endpoint_xfer_isoc(d)) {
113 i = 1;
114 j = 16;
115 switch (to_usb_device(ddev)->speed) {
116 case USB_SPEED_HIGH:
117 n = 9; /* 32 ms = 2^(9-1) uframes */
118 break;
119 default: /* USB_SPEED_FULL */
120 n = 6; /* 32 ms = 2^(6-1) frames */
121 break;
124 if (d->bInterval < i || d->bInterval > j) {
125 dev_warn(ddev, "config %d interface %d altsetting %d "
126 "endpoint 0x%X has an invalid bInterval %d, "
127 "changing to %d\n",
128 cfgno, inum, asnum,
129 d->bEndpointAddress, d->bInterval, n);
130 endpoint->desc.bInterval = n;
133 /* Some buggy low-speed devices have Bulk endpoints, which is
134 * explicitly forbidden by the USB spec. In an attempt to make
135 * them usable, we will try treating them as Interrupt endpoints.
137 if (to_usb_device(ddev)->speed == USB_SPEED_LOW &&
138 usb_endpoint_xfer_bulk(d)) {
139 dev_warn(ddev, "config %d interface %d altsetting %d "
140 "endpoint 0x%X is Bulk; changing to Interrupt\n",
141 cfgno, inum, asnum, d->bEndpointAddress);
142 endpoint->desc.bmAttributes = USB_ENDPOINT_XFER_INT;
143 endpoint->desc.bInterval = 1;
144 if (le16_to_cpu(endpoint->desc.wMaxPacketSize) > 8)
145 endpoint->desc.wMaxPacketSize = cpu_to_le16(8);
149 * Some buggy high speed devices have bulk endpoints using
150 * maxpacket sizes other than 512. High speed HCDs may not
151 * be able to handle that particular bug, so let's warn...
153 if (to_usb_device(ddev)->speed == USB_SPEED_HIGH
154 && usb_endpoint_xfer_bulk(d)) {
155 unsigned maxp;
157 maxp = le16_to_cpu(endpoint->desc.wMaxPacketSize) & 0x07ff;
158 if (maxp != 512)
159 dev_warn(ddev, "config %d interface %d altsetting %d "
160 "bulk endpoint 0x%X has invalid maxpacket %d\n",
161 cfgno, inum, asnum, d->bEndpointAddress,
162 maxp);
165 /* Skip over any Class Specific or Vendor Specific descriptors;
166 * find the next endpoint or interface descriptor */
167 endpoint->extra = buffer;
168 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
169 USB_DT_INTERFACE, &n);
170 endpoint->extralen = i;
171 if (n > 0)
172 dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
173 n, plural(n), "endpoint");
174 return buffer - buffer0 + i;
176 skip_to_next_endpoint_or_interface_descriptor:
177 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
178 USB_DT_INTERFACE, NULL);
179 return buffer - buffer0 + i;
182 void usb_release_interface_cache(struct kref *ref)
184 struct usb_interface_cache *intfc = ref_to_usb_interface_cache(ref);
185 int j;
187 for (j = 0; j < intfc->num_altsetting; j++) {
188 struct usb_host_interface *alt = &intfc->altsetting[j];
190 kfree(alt->endpoint);
191 kfree(alt->string);
193 kfree(intfc);
196 static int usb_parse_interface(struct device *ddev, int cfgno,
197 struct usb_host_config *config, unsigned char *buffer, int size,
198 u8 inums[], u8 nalts[])
200 unsigned char *buffer0 = buffer;
201 struct usb_interface_descriptor *d;
202 int inum, asnum;
203 struct usb_interface_cache *intfc;
204 struct usb_host_interface *alt;
205 int i, n;
206 int len, retval;
207 int num_ep, num_ep_orig;
209 d = (struct usb_interface_descriptor *) buffer;
210 buffer += d->bLength;
211 size -= d->bLength;
213 if (d->bLength < USB_DT_INTERFACE_SIZE)
214 goto skip_to_next_interface_descriptor;
216 /* Which interface entry is this? */
217 intfc = NULL;
218 inum = d->bInterfaceNumber;
219 for (i = 0; i < config->desc.bNumInterfaces; ++i) {
220 if (inums[i] == inum) {
221 intfc = config->intf_cache[i];
222 break;
225 if (!intfc || intfc->num_altsetting >= nalts[i])
226 goto skip_to_next_interface_descriptor;
228 /* Check for duplicate altsetting entries */
229 asnum = d->bAlternateSetting;
230 for ((i = 0, alt = &intfc->altsetting[0]);
231 i < intfc->num_altsetting;
232 (++i, ++alt)) {
233 if (alt->desc.bAlternateSetting == asnum) {
234 dev_warn(ddev, "Duplicate descriptor for config %d "
235 "interface %d altsetting %d, skipping\n",
236 cfgno, inum, asnum);
237 goto skip_to_next_interface_descriptor;
241 ++intfc->num_altsetting;
242 memcpy(&alt->desc, d, USB_DT_INTERFACE_SIZE);
244 /* Skip over any Class Specific or Vendor Specific descriptors;
245 * find the first endpoint or interface descriptor */
246 alt->extra = buffer;
247 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
248 USB_DT_INTERFACE, &n);
249 alt->extralen = i;
250 if (n > 0)
251 dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
252 n, plural(n), "interface");
253 buffer += i;
254 size -= i;
256 /* Allocate space for the right(?) number of endpoints */
257 num_ep = num_ep_orig = alt->desc.bNumEndpoints;
258 alt->desc.bNumEndpoints = 0; /* Use as a counter */
259 if (num_ep > USB_MAXENDPOINTS) {
260 dev_warn(ddev, "too many endpoints for config %d interface %d "
261 "altsetting %d: %d, using maximum allowed: %d\n",
262 cfgno, inum, asnum, num_ep, USB_MAXENDPOINTS);
263 num_ep = USB_MAXENDPOINTS;
266 if (num_ep > 0) {
267 /* Can't allocate 0 bytes */
268 len = sizeof(struct usb_host_endpoint) * num_ep;
269 alt->endpoint = kzalloc(len, GFP_KERNEL);
270 if (!alt->endpoint)
271 return -ENOMEM;
274 /* Parse all the endpoint descriptors */
275 n = 0;
276 while (size > 0) {
277 if (((struct usb_descriptor_header *) buffer)->bDescriptorType
278 == USB_DT_INTERFACE)
279 break;
280 retval = usb_parse_endpoint(ddev, cfgno, inum, asnum, alt,
281 num_ep, buffer, size);
282 if (retval < 0)
283 return retval;
284 ++n;
286 buffer += retval;
287 size -= retval;
290 if (n != num_ep_orig)
291 dev_warn(ddev, "config %d interface %d altsetting %d has %d "
292 "endpoint descriptor%s, different from the interface "
293 "descriptor's value: %d\n",
294 cfgno, inum, asnum, n, plural(n), num_ep_orig);
295 return buffer - buffer0;
297 skip_to_next_interface_descriptor:
298 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE,
299 USB_DT_INTERFACE, NULL);
300 return buffer - buffer0 + i;
303 static int usb_parse_configuration(struct device *ddev, int cfgidx,
304 struct usb_host_config *config, unsigned char *buffer, int size)
306 unsigned char *buffer0 = buffer;
307 int cfgno;
308 int nintf, nintf_orig;
309 int i, j, n;
310 struct usb_interface_cache *intfc;
311 unsigned char *buffer2;
312 int size2;
313 struct usb_descriptor_header *header;
314 int len, retval;
315 u8 inums[USB_MAXINTERFACES], nalts[USB_MAXINTERFACES];
316 unsigned iad_num = 0;
318 memcpy(&config->desc, buffer, USB_DT_CONFIG_SIZE);
319 if (config->desc.bDescriptorType != USB_DT_CONFIG ||
320 config->desc.bLength < USB_DT_CONFIG_SIZE) {
321 dev_err(ddev, "invalid descriptor for config index %d: "
322 "type = 0x%X, length = %d\n", cfgidx,
323 config->desc.bDescriptorType, config->desc.bLength);
324 return -EINVAL;
326 cfgno = config->desc.bConfigurationValue;
328 buffer += config->desc.bLength;
329 size -= config->desc.bLength;
331 nintf = nintf_orig = config->desc.bNumInterfaces;
332 if (nintf > USB_MAXINTERFACES) {
333 dev_warn(ddev, "config %d has too many interfaces: %d, "
334 "using maximum allowed: %d\n",
335 cfgno, nintf, USB_MAXINTERFACES);
336 nintf = USB_MAXINTERFACES;
339 /* Go through the descriptors, checking their length and counting the
340 * number of altsettings for each interface */
341 n = 0;
342 for ((buffer2 = buffer, size2 = size);
343 size2 > 0;
344 (buffer2 += header->bLength, size2 -= header->bLength)) {
346 if (size2 < sizeof(struct usb_descriptor_header)) {
347 dev_warn(ddev, "config %d descriptor has %d excess "
348 "byte%s, ignoring\n",
349 cfgno, size2, plural(size2));
350 break;
353 header = (struct usb_descriptor_header *) buffer2;
354 if ((header->bLength > size2) || (header->bLength < 2)) {
355 dev_warn(ddev, "config %d has an invalid descriptor "
356 "of length %d, skipping remainder of the config\n",
357 cfgno, header->bLength);
358 break;
361 if (header->bDescriptorType == USB_DT_INTERFACE) {
362 struct usb_interface_descriptor *d;
363 int inum;
365 d = (struct usb_interface_descriptor *) header;
366 if (d->bLength < USB_DT_INTERFACE_SIZE) {
367 dev_warn(ddev, "config %d has an invalid "
368 "interface descriptor of length %d, "
369 "skipping\n", cfgno, d->bLength);
370 continue;
373 inum = d->bInterfaceNumber;
374 if (inum >= nintf_orig)
375 dev_warn(ddev, "config %d has an invalid "
376 "interface number: %d but max is %d\n",
377 cfgno, inum, nintf_orig - 1);
379 /* Have we already encountered this interface?
380 * Count its altsettings */
381 for (i = 0; i < n; ++i) {
382 if (inums[i] == inum)
383 break;
385 if (i < n) {
386 if (nalts[i] < 255)
387 ++nalts[i];
388 } else if (n < USB_MAXINTERFACES) {
389 inums[n] = inum;
390 nalts[n] = 1;
391 ++n;
394 } else if (header->bDescriptorType ==
395 USB_DT_INTERFACE_ASSOCIATION) {
396 if (iad_num == USB_MAXIADS) {
397 dev_warn(ddev, "found more Interface "
398 "Association Descriptors "
399 "than allocated for in "
400 "configuration %d\n", cfgno);
401 } else {
402 config->intf_assoc[iad_num] =
403 (struct usb_interface_assoc_descriptor
404 *)header;
405 iad_num++;
408 } else if (header->bDescriptorType == USB_DT_DEVICE ||
409 header->bDescriptorType == USB_DT_CONFIG)
410 dev_warn(ddev, "config %d contains an unexpected "
411 "descriptor of type 0x%X, skipping\n",
412 cfgno, header->bDescriptorType);
414 } /* for ((buffer2 = buffer, size2 = size); ...) */
415 size = buffer2 - buffer;
416 config->desc.wTotalLength = cpu_to_le16(buffer2 - buffer0);
418 if (n != nintf)
419 dev_warn(ddev, "config %d has %d interface%s, different from "
420 "the descriptor's value: %d\n",
421 cfgno, n, plural(n), nintf_orig);
422 else if (n == 0)
423 dev_warn(ddev, "config %d has no interfaces?\n", cfgno);
424 config->desc.bNumInterfaces = nintf = n;
426 /* Check for missing interface numbers */
427 for (i = 0; i < nintf; ++i) {
428 for (j = 0; j < nintf; ++j) {
429 if (inums[j] == i)
430 break;
432 if (j >= nintf)
433 dev_warn(ddev, "config %d has no interface number "
434 "%d\n", cfgno, i);
437 /* Allocate the usb_interface_caches and altsetting arrays */
438 for (i = 0; i < nintf; ++i) {
439 j = nalts[i];
440 if (j > USB_MAXALTSETTING) {
441 dev_warn(ddev, "too many alternate settings for "
442 "config %d interface %d: %d, "
443 "using maximum allowed: %d\n",
444 cfgno, inums[i], j, USB_MAXALTSETTING);
445 nalts[i] = j = USB_MAXALTSETTING;
448 len = sizeof(*intfc) + sizeof(struct usb_host_interface) * j;
449 config->intf_cache[i] = intfc = kzalloc(len, GFP_KERNEL);
450 if (!intfc)
451 return -ENOMEM;
452 kref_init(&intfc->ref);
455 /* Skip over any Class Specific or Vendor Specific descriptors;
456 * find the first interface descriptor */
457 config->extra = buffer;
458 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE,
459 USB_DT_INTERFACE, &n);
460 config->extralen = i;
461 if (n > 0)
462 dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
463 n, plural(n), "configuration");
464 buffer += i;
465 size -= i;
467 /* Parse all the interface/altsetting descriptors */
468 while (size > 0) {
469 retval = usb_parse_interface(ddev, cfgno, config,
470 buffer, size, inums, nalts);
471 if (retval < 0)
472 return retval;
474 buffer += retval;
475 size -= retval;
478 /* Check for missing altsettings */
479 for (i = 0; i < nintf; ++i) {
480 intfc = config->intf_cache[i];
481 for (j = 0; j < intfc->num_altsetting; ++j) {
482 for (n = 0; n < intfc->num_altsetting; ++n) {
483 if (intfc->altsetting[n].desc.
484 bAlternateSetting == j)
485 break;
487 if (n >= intfc->num_altsetting)
488 dev_warn(ddev, "config %d interface %d has no "
489 "altsetting %d\n", cfgno, inums[i], j);
493 return 0;
496 /* hub-only!! ... and only exported for reset/reinit path.
497 * otherwise used internally on disconnect/destroy path
499 void usb_destroy_configuration(struct usb_device *dev)
501 int c, i;
503 if (!dev->config)
504 return;
506 if (dev->rawdescriptors) {
507 for (i = 0; i < dev->descriptor.bNumConfigurations; i++)
508 kfree(dev->rawdescriptors[i]);
510 kfree(dev->rawdescriptors);
511 dev->rawdescriptors = NULL;
514 for (c = 0; c < dev->descriptor.bNumConfigurations; c++) {
515 struct usb_host_config *cf = &dev->config[c];
517 kfree(cf->string);
518 for (i = 0; i < cf->desc.bNumInterfaces; i++) {
519 if (cf->intf_cache[i])
520 kref_put(&cf->intf_cache[i]->ref,
521 usb_release_interface_cache);
524 kfree(dev->config);
525 dev->config = NULL;
530 * Get the USB config descriptors, cache and parse'em
532 * hub-only!! ... and only in reset path, or usb_new_device()
533 * (used by real hubs and virtual root hubs)
535 * NOTE: if this is a WUSB device and is not authorized, we skip the
536 * whole thing. A non-authorized USB device has no
537 * configurations.
539 int usb_get_configuration(struct usb_device *dev)
541 struct device *ddev = &dev->dev;
542 int ncfg = dev->descriptor.bNumConfigurations;
543 int result = 0;
544 unsigned int cfgno, length;
545 unsigned char *buffer;
546 unsigned char *bigbuffer;
547 struct usb_config_descriptor *desc;
549 cfgno = 0;
550 if (dev->authorized == 0) /* Not really an error */
551 goto out_not_authorized;
552 result = -ENOMEM;
553 if (ncfg > USB_MAXCONFIG) {
554 dev_warn(ddev, "too many configurations: %d, "
555 "using maximum allowed: %d\n", ncfg, USB_MAXCONFIG);
556 dev->descriptor.bNumConfigurations = ncfg = USB_MAXCONFIG;
559 if (ncfg < 1) {
560 dev_err(ddev, "no configurations\n");
561 return -EINVAL;
564 length = ncfg * sizeof(struct usb_host_config);
565 dev->config = kzalloc(length, GFP_KERNEL);
566 if (!dev->config)
567 goto err2;
569 length = ncfg * sizeof(char *);
570 dev->rawdescriptors = kzalloc(length, GFP_KERNEL);
571 if (!dev->rawdescriptors)
572 goto err2;
574 buffer = kmalloc(USB_DT_CONFIG_SIZE, GFP_KERNEL);
575 if (!buffer)
576 goto err2;
577 desc = (struct usb_config_descriptor *)buffer;
579 result = 0;
580 for (; cfgno < ncfg; cfgno++) {
581 /* We grab just the first descriptor so we know how long
582 * the whole configuration is */
583 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno,
584 buffer, USB_DT_CONFIG_SIZE);
585 if (result < 0) {
586 dev_err(ddev, "unable to read config index %d "
587 "descriptor/%s: %d\n", cfgno, "start", result);
588 dev_err(ddev, "chopping to %d config(s)\n", cfgno);
589 dev->descriptor.bNumConfigurations = cfgno;
590 break;
591 } else if (result < 4) {
592 dev_err(ddev, "config index %d descriptor too short "
593 "(expected %i, got %i)\n", cfgno,
594 USB_DT_CONFIG_SIZE, result);
595 result = -EINVAL;
596 goto err;
598 length = max((int) le16_to_cpu(desc->wTotalLength),
599 USB_DT_CONFIG_SIZE);
601 /* Now that we know the length, get the whole thing */
602 bigbuffer = kmalloc(length, GFP_KERNEL);
603 if (!bigbuffer) {
604 result = -ENOMEM;
605 goto err;
607 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno,
608 bigbuffer, length);
609 if (result < 0) {
610 dev_err(ddev, "unable to read config index %d "
611 "descriptor/%s\n", cfgno, "all");
612 kfree(bigbuffer);
613 goto err;
615 if (result < length) {
616 dev_warn(ddev, "config index %d descriptor too short "
617 "(expected %i, got %i)\n", cfgno, length, result);
618 length = result;
621 dev->rawdescriptors[cfgno] = bigbuffer;
623 result = usb_parse_configuration(&dev->dev, cfgno,
624 &dev->config[cfgno], bigbuffer, length);
625 if (result < 0) {
626 ++cfgno;
627 goto err;
630 result = 0;
632 err:
633 kfree(buffer);
634 out_not_authorized:
635 dev->descriptor.bNumConfigurations = cfgno;
636 err2:
637 if (result == -ENOMEM)
638 dev_err(ddev, "out of memory\n");
639 return result;