search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
USB: don't try to kzalloc 0 bytes
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / drivers / usb / core / config.c
blob2d4fd530e5e448d42fa7f2b40641ccbe39bdd934
1 #include <linux/usb.h>
2 #include <linux/module.h>
3 #include <linux/init.h>
4 #include <linux/slab.h>
5 #include <linux/device.h>
6 #include <asm/byteorder.h>
7 #include "usb.h"
8 #include "hcd.h"
9
10 #define USB_MAXALTSETTING 128 /* Hard limit */
11 #define USB_MAXENDPOINTS 30 /* Hard limit */
12
13 #define USB_MAXCONFIG 8 /* Arbitrary limit */
14
15
16 static inline const char *plural(int n)
17 {
18 return (n == 1 ? "" : "s");
19 }
20
21 static int find_next_descriptor(unsigned char *buffer, int size,
22 int dt1, int dt2, int *num_skipped)
23 {
24 struct usb_descriptor_header *h;
25 int n = 0;
26 unsigned char *buffer0 = buffer;
27
28 /* Find the next descriptor of type dt1 or dt2 */
29 while (size > 0) {
30 h = (struct usb_descriptor_header *) buffer;
31 if (h->bDescriptorType == dt1 || h->bDescriptorType == dt2)
32 break;
33 buffer += h->bLength;
34 size -= h->bLength;
35 ++n;
36 }
37
38 /* Store the number of descriptors skipped and return the
39 * number of bytes skipped */
40 if (num_skipped)
41 *num_skipped = n;
42 return buffer - buffer0;
43 }
44
45 static int usb_parse_endpoint(struct device *ddev, int cfgno, int inum,
46 int asnum, struct usb_host_interface *ifp, int num_ep,
47 unsigned char *buffer, int size)
48 {
49 unsigned char *buffer0 = buffer;
50 struct usb_endpoint_descriptor *d;
51 struct usb_host_endpoint *endpoint;
52 int n, i;
53
54 d = (struct usb_endpoint_descriptor *) buffer;
55 buffer += d->bLength;
56 size -= d->bLength;
57
58 if (d->bLength >= USB_DT_ENDPOINT_AUDIO_SIZE)
59 n = USB_DT_ENDPOINT_AUDIO_SIZE;
60 else if (d->bLength >= USB_DT_ENDPOINT_SIZE)
61 n = USB_DT_ENDPOINT_SIZE;
62 else {
63 dev_warn(ddev, "config %d interface %d altsetting %d has an "
64 "invalid endpoint descriptor of length %d, skipping\n",
65 cfgno, inum, asnum, d->bLength);
66 goto skip_to_next_endpoint_or_interface_descriptor;
67 }
68
69 i = d->bEndpointAddress & ~USB_ENDPOINT_DIR_MASK;
70 if (i >= 16 || i == 0) {
71 dev_warn(ddev, "config %d interface %d altsetting %d has an "
72 "invalid endpoint with address 0x%X, skipping\n",
73 cfgno, inum, asnum, d->bEndpointAddress);
74 goto skip_to_next_endpoint_or_interface_descriptor;
75 }
76
77 /* Only store as many endpoints as we have room for */
78 if (ifp->desc.bNumEndpoints >= num_ep)
79 goto skip_to_next_endpoint_or_interface_descriptor;
80
81 endpoint = &ifp->endpoint[ifp->desc.bNumEndpoints];
82 ++ifp->desc.bNumEndpoints;
83
84 memcpy(&endpoint->desc, d, n);
85 INIT_LIST_HEAD(&endpoint->urb_list);
86
87 /* Skip over any Class Specific or Vendor Specific descriptors;
88 * find the next endpoint or interface descriptor */
89 endpoint->extra = buffer;
90 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
91 USB_DT_INTERFACE, &n);
92 endpoint->extralen = i;
93 if (n > 0)
94 dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
95 n, plural(n), "endpoint");
96 return buffer - buffer0 + i;
97
98 skip_to_next_endpoint_or_interface_descriptor:
99 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
100 USB_DT_INTERFACE, NULL);
101 return buffer - buffer0 + i;
102 }
103
104 void usb_release_interface_cache(struct kref *ref)
105 {
106 struct usb_interface_cache *intfc = ref_to_usb_interface_cache(ref);
107 int j;
108
109 for (j = 0; j < intfc->num_altsetting; j++) {
110 struct usb_host_interface *alt = &intfc->altsetting[j];
111
112 kfree(alt->endpoint);
113 kfree(alt->string);
114 }
115 kfree(intfc);
116 }
117
118 static int usb_parse_interface(struct device *ddev, int cfgno,
119 struct usb_host_config *config, unsigned char *buffer, int size,
120 u8 inums[], u8 nalts[])
121 {
122 unsigned char *buffer0 = buffer;
123 struct usb_interface_descriptor *d;
124 int inum, asnum;
125 struct usb_interface_cache *intfc;
126 struct usb_host_interface *alt;
127 int i, n;
128 int len, retval;
129 int num_ep, num_ep_orig;
130
131 d = (struct usb_interface_descriptor *) buffer;
132 buffer += d->bLength;
133 size -= d->bLength;
134
135 if (d->bLength < USB_DT_INTERFACE_SIZE)
136 goto skip_to_next_interface_descriptor;
137
138 /* Which interface entry is this? */
139 intfc = NULL;
140 inum = d->bInterfaceNumber;
141 for (i = 0; i < config->desc.bNumInterfaces; ++i) {
142 if (inums[i] == inum) {
143 intfc = config->intf_cache[i];
144 break;
145 }
146 }
147 if (!intfc || intfc->num_altsetting >= nalts[i])
148 goto skip_to_next_interface_descriptor;
149
150 /* Check for duplicate altsetting entries */
151 asnum = d->bAlternateSetting;
152 for ((i = 0, alt = &intfc->altsetting[0]);
153 i < intfc->num_altsetting;
154 (++i, ++alt)) {
155 if (alt->desc.bAlternateSetting == asnum) {
156 dev_warn(ddev, "Duplicate descriptor for config %d "
157 "interface %d altsetting %d, skipping\n",
158 cfgno, inum, asnum);
159 goto skip_to_next_interface_descriptor;
160 }
161 }
162
163 ++intfc->num_altsetting;
164 memcpy(&alt->desc, d, USB_DT_INTERFACE_SIZE);
165
166 /* Skip over any Class Specific or Vendor Specific descriptors;
167 * find the first endpoint or interface descriptor */
168 alt->extra = buffer;
169 i = find_next_descriptor(buffer, size, USB_DT_ENDPOINT,
170 USB_DT_INTERFACE, &n);
171 alt->extralen = i;
172 if (n > 0)
173 dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
174 n, plural(n), "interface");
175 buffer += i;
176 size -= i;
177
178 /* Allocate space for the right(?) number of endpoints */
179 num_ep = num_ep_orig = alt->desc.bNumEndpoints;
180 alt->desc.bNumEndpoints = 0; // Use as a counter
181 if (num_ep > USB_MAXENDPOINTS) {
182 dev_warn(ddev, "too many endpoints for config %d interface %d "
183 "altsetting %d: %d, using maximum allowed: %d\n",
184 cfgno, inum, asnum, num_ep, USB_MAXENDPOINTS);
185 num_ep = USB_MAXENDPOINTS;
186 }
187
188 if (num_ep > 0) { /* Can't allocate 0 bytes */
189 len = sizeof(struct usb_host_endpoint) * num_ep;
190 alt->endpoint = kzalloc(len, GFP_KERNEL);
191 if (!alt->endpoint)
192 return -ENOMEM;
193 }
194
195 /* Parse all the endpoint descriptors */
196 n = 0;
197 while (size > 0) {
198 if (((struct usb_descriptor_header *) buffer)->bDescriptorType
199 == USB_DT_INTERFACE)
200 break;
201 retval = usb_parse_endpoint(ddev, cfgno, inum, asnum, alt,
202 num_ep, buffer, size);
203 if (retval < 0)
204 return retval;
205 ++n;
206
207 buffer += retval;
208 size -= retval;
209 }
210
211 if (n != num_ep_orig)
212 dev_warn(ddev, "config %d interface %d altsetting %d has %d "
213 "endpoint descriptor%s, different from the interface "
214 "descriptor's value: %d\n",
215 cfgno, inum, asnum, n, plural(n), num_ep_orig);
216 return buffer - buffer0;
217
218 skip_to_next_interface_descriptor:
219 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE,
220 USB_DT_INTERFACE, NULL);
221 return buffer - buffer0 + i;
222 }
223
224 static int usb_parse_configuration(struct device *ddev, int cfgidx,
225 struct usb_host_config *config, unsigned char *buffer, int size)
226 {
227 unsigned char *buffer0 = buffer;
228 int cfgno;
229 int nintf, nintf_orig;
230 int i, j, n;
231 struct usb_interface_cache *intfc;
232 unsigned char *buffer2;
233 int size2;
234 struct usb_descriptor_header *header;
235 int len, retval;
236 u8 inums[USB_MAXINTERFACES], nalts[USB_MAXINTERFACES];
237
238 memcpy(&config->desc, buffer, USB_DT_CONFIG_SIZE);
239 if (config->desc.bDescriptorType != USB_DT_CONFIG ||
240 config->desc.bLength < USB_DT_CONFIG_SIZE) {
241 dev_err(ddev, "invalid descriptor for config index %d: "
242 "type = 0x%X, length = %d\n", cfgidx,
243 config->desc.bDescriptorType, config->desc.bLength);
244 return -EINVAL;
245 }
246 cfgno = config->desc.bConfigurationValue;
247
248 buffer += config->desc.bLength;
249 size -= config->desc.bLength;
250
251 nintf = nintf_orig = config->desc.bNumInterfaces;
252 if (nintf > USB_MAXINTERFACES) {
253 dev_warn(ddev, "config %d has too many interfaces: %d, "
254 "using maximum allowed: %d\n",
255 cfgno, nintf, USB_MAXINTERFACES);
256 nintf = USB_MAXINTERFACES;
257 }
258
259 /* Go through the descriptors, checking their length and counting the
260 * number of altsettings for each interface */
261 n = 0;
262 for ((buffer2 = buffer, size2 = size);
263 size2 > 0;
264 (buffer2 += header->bLength, size2 -= header->bLength)) {
265
266 if (size2 < sizeof(struct usb_descriptor_header)) {
267 dev_warn(ddev, "config %d descriptor has %d excess "
268 "byte%s, ignoring\n",
269 cfgno, size2, plural(size2));
270 break;
271 }
272
273 header = (struct usb_descriptor_header *) buffer2;
274 if ((header->bLength > size2) || (header->bLength < 2)) {
275 dev_warn(ddev, "config %d has an invalid descriptor "
276 "of length %d, skipping remainder of the config\n",
277 cfgno, header->bLength);
278 break;
279 }
280
281 if (header->bDescriptorType == USB_DT_INTERFACE) {
282 struct usb_interface_descriptor *d;
283 int inum;
284
285 d = (struct usb_interface_descriptor *) header;
286 if (d->bLength < USB_DT_INTERFACE_SIZE) {
287 dev_warn(ddev, "config %d has an invalid "
288 "interface descriptor of length %d, "
289 "skipping\n", cfgno, d->bLength);
290 continue;
291 }
292
293 inum = d->bInterfaceNumber;
294 if (inum >= nintf_orig)
295 dev_warn(ddev, "config %d has an invalid "
296 "interface number: %d but max is %d\n",
297 cfgno, inum, nintf_orig - 1);
298
299 /* Have we already encountered this interface?
300 * Count its altsettings */
301 for (i = 0; i < n; ++i) {
302 if (inums[i] == inum)
303 break;
304 }
305 if (i < n) {
306 if (nalts[i] < 255)
307 ++nalts[i];
308 } else if (n < USB_MAXINTERFACES) {
309 inums[n] = inum;
310 nalts[n] = 1;
311 ++n;
312 }
313
314 } else if (header->bDescriptorType == USB_DT_DEVICE ||
315 header->bDescriptorType == USB_DT_CONFIG)
316 dev_warn(ddev, "config %d contains an unexpected "
317 "descriptor of type 0x%X, skipping\n",
318 cfgno, header->bDescriptorType);
319
320 } /* for ((buffer2 = buffer, size2 = size); ...) */
321 size = buffer2 - buffer;
322 config->desc.wTotalLength = cpu_to_le16(buffer2 - buffer0);
323
324 if (n != nintf)
325 dev_warn(ddev, "config %d has %d interface%s, different from "
326 "the descriptor's value: %d\n",
327 cfgno, n, plural(n), nintf_orig);
328 else if (n == 0)
329 dev_warn(ddev, "config %d has no interfaces?\n", cfgno);
330 config->desc.bNumInterfaces = nintf = n;
331
332 /* Check for missing interface numbers */
333 for (i = 0; i < nintf; ++i) {
334 for (j = 0; j < nintf; ++j) {
335 if (inums[j] == i)
336 break;
337 }
338 if (j >= nintf)
339 dev_warn(ddev, "config %d has no interface number "
340 "%d\n", cfgno, i);
341 }
342
343 /* Allocate the usb_interface_caches and altsetting arrays */
344 for (i = 0; i < nintf; ++i) {
345 j = nalts[i];
346 if (j > USB_MAXALTSETTING) {
347 dev_warn(ddev, "too many alternate settings for "
348 "config %d interface %d: %d, "
349 "using maximum allowed: %d\n",
350 cfgno, inums[i], j, USB_MAXALTSETTING);
351 nalts[i] = j = USB_MAXALTSETTING;
352 }
353
354 len = sizeof(*intfc) + sizeof(struct usb_host_interface) * j;
355 config->intf_cache[i] = intfc = kzalloc(len, GFP_KERNEL);
356 if (!intfc)
357 return -ENOMEM;
358 kref_init(&intfc->ref);
359 }
360
361 /* Skip over any Class Specific or Vendor Specific descriptors;
362 * find the first interface descriptor */
363 config->extra = buffer;
364 i = find_next_descriptor(buffer, size, USB_DT_INTERFACE,
365 USB_DT_INTERFACE, &n);
366 config->extralen = i;
367 if (n > 0)
368 dev_dbg(ddev, "skipped %d descriptor%s after %s\n",
369 n, plural(n), "configuration");
370 buffer += i;
371 size -= i;
372
373 /* Parse all the interface/altsetting descriptors */
374 while (size > 0) {
375 retval = usb_parse_interface(ddev, cfgno, config,
376 buffer, size, inums, nalts);
377 if (retval < 0)
378 return retval;
379
380 buffer += retval;
381 size -= retval;
382 }
383
384 /* Check for missing altsettings */
385 for (i = 0; i < nintf; ++i) {
386 intfc = config->intf_cache[i];
387 for (j = 0; j < intfc->num_altsetting; ++j) {
388 for (n = 0; n < intfc->num_altsetting; ++n) {
389 if (intfc->altsetting[n].desc.
390 bAlternateSetting == j)
391 break;
392 }
393 if (n >= intfc->num_altsetting)
394 dev_warn(ddev, "config %d interface %d has no "
395 "altsetting %d\n", cfgno, inums[i], j);
396 }
397 }
398
399 return 0;
400 }
401
402 // hub-only!! ... and only exported for reset/reinit path.
403 // otherwise used internally on disconnect/destroy path
404 void usb_destroy_configuration(struct usb_device *dev)
405 {
406 int c, i;
407
408 if (!dev->config)
409 return;
410
411 if (dev->rawdescriptors) {
412 for (i = 0; i < dev->descriptor.bNumConfigurations; i++)
413 kfree(dev->rawdescriptors[i]);
414
415 kfree(dev->rawdescriptors);
416 dev->rawdescriptors = NULL;
417 }
418
419 for (c = 0; c < dev->descriptor.bNumConfigurations; c++) {
420 struct usb_host_config *cf = &dev->config[c];
421
422 kfree(cf->string);
423 for (i = 0; i < cf->desc.bNumInterfaces; i++) {
424 if (cf->intf_cache[i])
425 kref_put(&cf->intf_cache[i]->ref,
426 usb_release_interface_cache);
427 }
428 }
429 kfree(dev->config);
430 dev->config = NULL;
431 }
432
433
434 // hub-only!! ... and only in reset path, or usb_new_device()
435 // (used by real hubs and virtual root hubs)
436 int usb_get_configuration(struct usb_device *dev)
437 {
438 struct device *ddev = &dev->dev;
439 int ncfg = dev->descriptor.bNumConfigurations;
440 int result = -ENOMEM;
441 unsigned int cfgno, length;
442 unsigned char *buffer;
443 unsigned char *bigbuffer;
444 struct usb_config_descriptor *desc;
445
446 if (ncfg > USB_MAXCONFIG) {
447 dev_warn(ddev, "too many configurations: %d, "
448 "using maximum allowed: %d\n", ncfg, USB_MAXCONFIG);
449 dev->descriptor.bNumConfigurations = ncfg = USB_MAXCONFIG;
450 }
451
452 if (ncfg < 1) {
453 dev_err(ddev, "no configurations\n");
454 return -EINVAL;
455 }
456
457 length = ncfg * sizeof(struct usb_host_config);
458 dev->config = kzalloc(length, GFP_KERNEL);
459 if (!dev->config)
460 goto err2;
461
462 length = ncfg * sizeof(char *);
463 dev->rawdescriptors = kzalloc(length, GFP_KERNEL);
464 if (!dev->rawdescriptors)
465 goto err2;
466
467 buffer = kmalloc(USB_DT_CONFIG_SIZE, GFP_KERNEL);
468 if (!buffer)
469 goto err2;
470 desc = (struct usb_config_descriptor *)buffer;
471
472 for (cfgno = 0; cfgno < ncfg; cfgno++) {
473 /* We grab just the first descriptor so we know how long
474 * the whole configuration is */
475 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno,
476 buffer, USB_DT_CONFIG_SIZE);
477 if (result < 0) {
478 dev_err(ddev, "unable to read config index %d "
479 "descriptor/%s\n", cfgno, "start");
480 dev_err(ddev, "chopping to %d config(s)\n", cfgno);
481 dev->descriptor.bNumConfigurations = cfgno;
482 break;
483 } else if (result < 4) {
484 dev_err(ddev, "config index %d descriptor too short "
485 "(expected %i, got %i)\n", cfgno,
486 USB_DT_CONFIG_SIZE, result);
487 result = -EINVAL;
488 goto err;
489 }
490 length = max((int) le16_to_cpu(desc->wTotalLength),
491 USB_DT_CONFIG_SIZE);
492
493 /* Now that we know the length, get the whole thing */
494 bigbuffer = kmalloc(length, GFP_KERNEL);
495 if (!bigbuffer) {
496 result = -ENOMEM;
497 goto err;
498 }
499 result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno,
500 bigbuffer, length);
501 if (result < 0) {
502 dev_err(ddev, "unable to read config index %d "
503 "descriptor/%s\n", cfgno, "all");
504 kfree(bigbuffer);
505 goto err;
506 }
507 if (result < length) {
508 dev_warn(ddev, "config index %d descriptor too short "
509 "(expected %i, got %i)\n", cfgno, length, result);
510 length = result;
511 }
512
513 dev->rawdescriptors[cfgno] = bigbuffer;
514
515 result = usb_parse_configuration(&dev->dev, cfgno,
516 &dev->config[cfgno], bigbuffer, length);
517 if (result < 0) {
518 ++cfgno;
519 goto err;
520 }
521 }
522 result = 0;
523
524 err:
525 kfree(buffer);
526 dev->descriptor.bNumConfigurations = cfgno;
527 err2:
528 if (result == -ENOMEM)
529 dev_err(ddev, "out of memory\n");
530 return result;
531 }
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree