[PATCH] fix memory scribble in arch/i386/pci/fixup.c
[linux-2.6/verdex.git] / drivers / usb / core / config.c
blob99595e07b65389f697624204c6d54105780c6e82
1 #include <linux/config.h>
3 #ifdef CONFIG_USB_DEBUG
4 #define DEBUG
5 #endif
7 #include <linux/usb.h>
8 #include <linux/module.h>
9 #include <linux/init.h>
10 #include <linux/slab.h>
11 #include <linux/device.h>
12 #include <asm/byteorder.h>
13 #include "usb.h"
14 #include "hcd.h"
16 #define USB_MAXALTSETTING 128 /* Hard limit */
17 #define USB_MAXENDPOINTS 30 /* Hard limit */
19 #define USB_MAXCONFIG 8 /* Arbitrary limit */
22 static inline const char *plural(int n)
24 return (n == 1 ? "" : "s");
27 static int find_next_descriptor(unsigned char *buffer, int size,
28 int dt1, int dt2, int *num_skipped)
30 struct usb_descriptor_header *h;
31 int n = 0;
32 unsigned char *buffer0 = buffer;
34 /* Find the next descriptor of type dt1 or dt2 */
35 while (size > 0) {
36 h = (struct usb_descriptor_header *) buffer;
37 if (h->bDescriptorType == dt1 || h->bDescriptorType == dt2)
38 break;
39 buffer += h->bLength;
40 size -= h->bLength;
41 ++n;
44 /* Store the number of descriptors skipped and return the
45 * number of bytes skipped */
46 if (num_skipped)
47 *num_skipped = n;
48 return buffer - buffer0;
51 static int usb_parse_endpoint(struct device *ddev, int cfgno, int inum,
52 int asnum, struct usb_host_interface *ifp, int num_ep,
53 unsigned char *buffer, int size)
55 unsigned char *buffer0 = buffer;
56 struct usb_endpoint_descriptor *d;
57 struct usb_host_endpoint *endpoint;
58 int n, i;
60 d = (struct usb_endpoint_descriptor *) buffer;
61 buffer += d->bLength;
62 size -= d->bLength;
64 if (d->bLength >= USB_DT_ENDPOINT_AUDIO_SIZE)
65 n = USB_DT_ENDPOINT_AUDIO_SIZE;
66 else if (d->bLength >= USB_DT_ENDPOINT_SIZE)
67 n = USB_DT_ENDPOINT_SIZE;
68 else {
69 dev_warn(ddev, "config %d interface %d altsetting %d has an "
70 "invalid endpoint descriptor of length %d, skipping\n",
71 cfgno, inum, asnum, d->bLength);
72 goto skip_to_next_endpoint_or_interface_descriptor;
75 i = d->bEndpointAddress & ~USB_ENDPOINT_DIR_MASK;
76 if (i >= 16 || i == 0) {
77 dev_warn(ddev, "config %d interface %d altsetting %d has an "
78 "invalid endpoint with address 0x%X, skipping\n",
79 cfgno, inum, asnum, d->bEndpointAddress);
80 goto skip_to_next_endpoint_or_interface_descriptor;
83 /* Only store as many endpoints as we have room for */
84 if (ifp->desc.bNumEndpoints >= num_ep)
85 goto skip_to_next_endpoint_or_interface_descriptor;
87 endpoint = &ifp->endpoint[ifp->desc.bNumEndpoints];
88 ++ifp->desc.bNumEndpoints;
90 memcpy(&endpoint->desc, d, n);
91 INIT_LIST_HEAD(&endpoint->urb_list);
93 /* Skip over any Class Specific or Vendor Specific descriptors;
94 * find the next endpoint or interface descriptor */
95 endpoint->extra = buffer;
96 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
97 USB_DT_INTERFACE, &n);
98 endpoint->extralen = i;
99 if (n > 0)
100 dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
101 n, plural(n), "endpoint");
102 return buffer - buffer0 + i;
104 skip_to_next_endpoint_or_interface_descriptor:
105 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
106 USB_DT_INTERFACE, NULL);
107 return buffer - buffer0 + i;
110 void usb_release_interface_cache(struct kref *ref)
112 struct usb_interface_cache *intfc = ref_to_usb_interface_cache(ref);
113 int j;
115 for (j = 0; j < intfc->num_altsetting; j++)
116 kfree(intfc->altsetting[j].endpoint);
117 kfree(intfc);
120 static int usb_parse_interface(struct device *ddev, int cfgno,
121 struct usb_host_config *config, unsigned char *buffer, int size,
122 u8 inums[], u8 nalts[])
124 unsigned char *buffer0 = buffer;
125 struct usb_interface_descriptor *d;
126 int inum, asnum;
127 struct usb_interface_cache *intfc;
128 struct usb_host_interface *alt;
129 int i, n;
130 int len, retval;
131 int num_ep, num_ep_orig;
133 d = (struct usb_interface_descriptor *) buffer;
134 buffer += d->bLength;
135 size -= d->bLength;
137 if (d->bLength < USB_DT_INTERFACE_SIZE)
138 goto skip_to_next_interface_descriptor;
140 /* Which interface entry is this? */
141 intfc = NULL;
142 inum = d->bInterfaceNumber;
143 for (i = 0; i < config->desc.bNumInterfaces; ++i) {
144 if (inums[i] == inum) {
145 intfc = config->intf_cache[i];
146 break;
149 if (!intfc || intfc->num_altsetting >= nalts[i])
150 goto skip_to_next_interface_descriptor;
152 /* Check for duplicate altsetting entries */
153 asnum = d->bAlternateSetting;
154 for ((i = 0, alt = &intfc->altsetting[0]);
155 i < intfc->num_altsetting;
156 (++i, ++alt)) {
157 if (alt->desc.bAlternateSetting == asnum) {
158 dev_warn(ddev, "Duplicate descriptor for config %d "
159 "interface %d altsetting %d, skipping\n",
160 cfgno, inum, asnum);
161 goto skip_to_next_interface_descriptor;
165 ++intfc->num_altsetting;
166 memcpy(&alt->desc, d, USB_DT_INTERFACE_SIZE);
168 /* Skip over any Class Specific or Vendor Specific descriptors;
169 * find the first endpoint or interface descriptor */
170 alt->extra = buffer;
171 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
172 USB_DT_INTERFACE, &n);
173 alt->extralen = i;
174 if (n > 0)
175 dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
176 n, plural(n), "interface");
177 buffer += i;
178 size -= i;
180 /* Allocate space for the right(?) number of endpoints */
181 num_ep = num_ep_orig = alt->desc.bNumEndpoints;
182 alt->desc.bNumEndpoints = 0; // Use as a counter
183 if (num_ep > USB_MAXENDPOINTS) {
184 dev_warn(ddev, "too many endpoints for config %d interface %d "
185 "altsetting %d: %d, using maximum allowed: %d\n",
186 cfgno, inum, asnum, num_ep, USB_MAXENDPOINTS);
187 num_ep = USB_MAXENDPOINTS;
190 len = sizeof(struct usb_host_endpoint) * num_ep;
191 alt->endpoint = kmalloc(len, GFP_KERNEL);
192 if (!alt->endpoint)
193 return -ENOMEM;
194 memset(alt->endpoint, 0, len);
196 /* Parse all the endpoint descriptors */
197 n = 0;
198 while (size > 0) {
199 if (((struct usb_descriptor_header *) buffer)->bDescriptorType
200 == USB_DT_INTERFACE)
201 break;
202 retval = usb_parse_endpoint(ddev, cfgno, inum, asnum, alt,
203 num_ep, buffer, size);
204 if (retval < 0)
205 return retval;
206 ++n;
208 buffer += retval;
209 size -= retval;
212 if (n != num_ep_orig)
213 dev_warn(ddev, "config %d interface %d altsetting %d has %d "
214 "endpoint descriptor%s, different from the interface "
215 "descriptor's value: %d\n",
216 cfgno, inum, asnum, n, plural(n), num_ep_orig);
217 return buffer - buffer0;
219 skip_to_next_interface_descriptor:
220 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE,
221 USB_DT_INTERFACE, NULL);
222 return buffer - buffer0 + i;
225 static int usb_parse_configuration(struct device *ddev, int cfgidx,
226 struct usb_host_config *config, unsigned char *buffer, int size)
228 unsigned char *buffer0 = buffer;
229 int cfgno;
230 int nintf, nintf_orig;
231 int i, j, n;
232 struct usb_interface_cache *intfc;
233 unsigned char *buffer2;
234 int size2;
235 struct usb_descriptor_header *header;
236 int len, retval;
237 u8 inums[USB_MAXINTERFACES], nalts[USB_MAXINTERFACES];
239 memcpy(&config->desc, buffer, USB_DT_CONFIG_SIZE);
240 if (config->desc.bDescriptorType != USB_DT_CONFIG ||
241 config->desc.bLength < USB_DT_CONFIG_SIZE) {
242 dev_err(ddev, "invalid descriptor for config index %d: "
243 "type = 0x%X, length = %d\n", cfgidx,
244 config->desc.bDescriptorType, config->desc.bLength);
245 return -EINVAL;
247 cfgno = config->desc.bConfigurationValue;
249 buffer += config->desc.bLength;
250 size -= config->desc.bLength;
252 nintf = nintf_orig = config->desc.bNumInterfaces;
253 if (nintf > USB_MAXINTERFACES) {
254 dev_warn(ddev, "config %d has too many interfaces: %d, "
255 "using maximum allowed: %d\n",
256 cfgno, nintf, USB_MAXINTERFACES);
257 nintf = USB_MAXINTERFACES;
260 /* Go through the descriptors, checking their length and counting the
261 * number of altsettings for each interface */
262 n = 0;
263 for ((buffer2 = buffer, size2 = size);
264 size2 > 0;
265 (buffer2 += header->bLength, size2 -= header->bLength)) {
267 if (size2 < sizeof(struct usb_descriptor_header)) {
268 dev_warn(ddev, "config %d descriptor has %d excess "
269 "byte%s, ignoring\n",
270 cfgno, size2, plural(size2));
271 break;
274 header = (struct usb_descriptor_header *) buffer2;
275 if ((header->bLength > size2) || (header->bLength < 2)) {
276 dev_warn(ddev, "config %d has an invalid descriptor "
277 "of length %d, skipping remainder of the config\n",
278 cfgno, header->bLength);
279 break;
282 if (header->bDescriptorType == USB_DT_INTERFACE) {
283 struct usb_interface_descriptor *d;
284 int inum;
286 d = (struct usb_interface_descriptor *) header;
287 if (d->bLength < USB_DT_INTERFACE_SIZE) {
288 dev_warn(ddev, "config %d has an invalid "
289 "interface descriptor of length %d, "
290 "skipping\n", cfgno, d->bLength);
291 continue;
294 inum = d->bInterfaceNumber;
295 if (inum >= nintf_orig)
296 dev_warn(ddev, "config %d has an invalid "
297 "interface number: %d but max is %d\n",
298 cfgno, inum, nintf_orig - 1);
300 /* Have we already encountered this interface?
301 * Count its altsettings */
302 for (i = 0; i < n; ++i) {
303 if (inums[i] == inum)
304 break;
306 if (i < n) {
307 if (nalts[i] < 255)
308 ++nalts[i];
309 } else if (n < USB_MAXINTERFACES) {
310 inums[n] = inum;
311 nalts[n] = 1;
312 ++n;
315 } else if (header->bDescriptorType == USB_DT_DEVICE ||
316 header->bDescriptorType == USB_DT_CONFIG)
317 dev_warn(ddev, "config %d contains an unexpected "
318 "descriptor of type 0x%X, skipping\n",
319 cfgno, header->bDescriptorType);
321 } /* for ((buffer2 = buffer, size2 = size); ...) */
322 size = buffer2 - buffer;
323 config->desc.wTotalLength = cpu_to_le16(buffer2 - buffer0);
325 if (n != nintf)
326 dev_warn(ddev, "config %d has %d interface%s, different from "
327 "the descriptor's value: %d\n",
328 cfgno, n, plural(n), nintf_orig);
329 else if (n == 0)
330 dev_warn(ddev, "config %d has no interfaces?\n", cfgno);
331 config->desc.bNumInterfaces = nintf = n;
333 /* Check for missing interface numbers */
334 for (i = 0; i < nintf; ++i) {
335 for (j = 0; j < nintf; ++j) {
336 if (inums[j] == i)
337 break;
339 if (j >= nintf)
340 dev_warn(ddev, "config %d has no interface number "
341 "%d\n", cfgno, i);
344 /* Allocate the usb_interface_caches and altsetting arrays */
345 for (i = 0; i < nintf; ++i) {
346 j = nalts[i];
347 if (j > USB_MAXALTSETTING) {
348 dev_warn(ddev, "too many alternate settings for "
349 "config %d interface %d: %d, "
350 "using maximum allowed: %d\n",
351 cfgno, inums[i], j, USB_MAXALTSETTING);
352 nalts[i] = j = USB_MAXALTSETTING;
355 len = sizeof(*intfc) + sizeof(struct usb_host_interface) * j;
356 config->intf_cache[i] = intfc = kmalloc(len, GFP_KERNEL);
357 if (!intfc)
358 return -ENOMEM;
359 memset(intfc, 0, len);
360 kref_init(&intfc->ref);
363 /* Skip over any Class Specific or Vendor Specific descriptors;
364 * find the first interface descriptor */
365 config->extra = buffer;
366 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE,
367 USB_DT_INTERFACE, &n);
368 config->extralen = i;
369 if (n > 0)
370 dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
371 n, plural(n), "configuration");
372 buffer += i;
373 size -= i;
375 /* Parse all the interface/altsetting descriptors */
376 while (size > 0) {
377 retval = usb_parse_interface(ddev, cfgno, config,
378 buffer, size, inums, nalts);
379 if (retval < 0)
380 return retval;
382 buffer += retval;
383 size -= retval;
386 /* Check for missing altsettings */
387 for (i = 0; i < nintf; ++i) {
388 intfc = config->intf_cache[i];
389 for (j = 0; j < intfc->num_altsetting; ++j) {
390 for (n = 0; n < intfc->num_altsetting; ++n) {
391 if (intfc->altsetting[n].desc.
392 bAlternateSetting == j)
393 break;
395 if (n >= intfc->num_altsetting)
396 dev_warn(ddev, "config %d interface %d has no "
397 "altsetting %d\n", cfgno, inums[i], j);
401 return 0;
404 // hub-only!! ... and only exported for reset/reinit path.
405 // otherwise used internally on disconnect/destroy path
406 void usb_destroy_configuration(struct usb_device *dev)
408 int c, i;
410 if (!dev->config)
411 return;
413 if (dev->rawdescriptors) {
414 for (i = 0; i < dev->descriptor.bNumConfigurations; i++)
415 kfree(dev->rawdescriptors[i]);
417 kfree(dev->rawdescriptors);
418 dev->rawdescriptors = NULL;
421 for (c = 0; c < dev->descriptor.bNumConfigurations; c++) {
422 struct usb_host_config *cf = &dev->config[c];
424 kfree(cf->string);
425 cf->string = NULL;
427 for (i = 0; i < cf->desc.bNumInterfaces; i++) {
428 if (cf->intf_cache[i])
429 kref_put(&cf->intf_cache[i]->ref,
430 usb_release_interface_cache);
433 kfree(dev->config);
434 dev->config = NULL;
438 // hub-only!! ... and only in reset path, or usb_new_device()
439 // (used by real hubs and virtual root hubs)
440 int usb_get_configuration(struct usb_device *dev)
442 struct device *ddev = &dev->dev;
443 int ncfg = dev->descriptor.bNumConfigurations;
444 int result = -ENOMEM;
445 unsigned int cfgno, length;
446 unsigned char *buffer;
447 unsigned char *bigbuffer;
448 struct usb_config_descriptor *desc;
450 if (ncfg > USB_MAXCONFIG) {
451 dev_warn(ddev, "too many configurations: %d, "
452 "using maximum allowed: %d\n", ncfg, USB_MAXCONFIG);
453 dev->descriptor.bNumConfigurations = ncfg = USB_MAXCONFIG;
456 if (ncfg < 1) {
457 dev_err(ddev, "no configurations\n");
458 return -EINVAL;
461 length = ncfg * sizeof(struct usb_host_config);
462 dev->config = kmalloc(length, GFP_KERNEL);
463 if (!dev->config)
464 goto err2;
465 memset(dev->config, 0, length);
467 length = ncfg * sizeof(char *);
468 dev->rawdescriptors = kmalloc(length, GFP_KERNEL);
469 if (!dev->rawdescriptors)
470 goto err2;
471 memset(dev->rawdescriptors, 0, length);
473 buffer = kmalloc(USB_DT_CONFIG_SIZE, GFP_KERNEL);
474 if (!buffer)
475 goto err2;
476 desc = (struct usb_config_descriptor *)buffer;
478 for (cfgno = 0; cfgno < ncfg; cfgno++) {
479 /* We grab just the first descriptor so we know how long
480 * the whole configuration is */
481 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno,
482 buffer, USB_DT_CONFIG_SIZE);
483 if (result < 0) {
484 dev_err(ddev, "unable to read config index %d "
485 "descriptor/%s\n", cfgno, "start");
486 goto err;
487 } else if (result < 4) {
488 dev_err(ddev, "config index %d descriptor too short "
489 "(expected %i, got %i)\n", cfgno,
490 USB_DT_CONFIG_SIZE, result);
491 result = -EINVAL;
492 goto err;
494 length = max((int) le16_to_cpu(desc->wTotalLength),
495 USB_DT_CONFIG_SIZE);
497 /* Now that we know the length, get the whole thing */
498 bigbuffer = kmalloc(length, GFP_KERNEL);
499 if (!bigbuffer) {
500 result = -ENOMEM;
501 goto err;
503 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno,
504 bigbuffer, length);
505 if (result < 0) {
506 dev_err(ddev, "unable to read config index %d "
507 "descriptor/%s\n", cfgno, "all");
508 kfree(bigbuffer);
509 goto err;
511 if (result < length) {
512 dev_warn(ddev, "config index %d descriptor too short "
513 "(expected %i, got %i)\n", cfgno, length, result);
514 length = result;
517 dev->rawdescriptors[cfgno] = bigbuffer;
519 result = usb_parse_configuration(&dev->dev, cfgno,
520 &dev->config[cfgno], bigbuffer, length);
521 if (result < 0) {
522 ++cfgno;
523 goto err;
526 result = 0;
528 err:
529 kfree(buffer);
530 dev->descriptor.bNumConfigurations = cfgno;
531 err2:
532 if (result == -ENOMEM)
533 dev_err(ddev, "out of memory\n");
534 return result;