Pull up following revision(s) (requested by riastradh in ticket #58):

	sys/dev/usb/xhci.c: revision 1.191
	sys/dev/usb/usb_subr.c: revision 1.280
	sys/dev/usb/usb_subr.c: revision 1.281
	sys/dev/usb/usbdivar.h: revision 1.140

usb(9): Record config index, not just number, in struct usbd_device.

The index is a zero-based index in [0, bNumConfigurations), or -1 for
unconfigured.

The number is an arbitrary value of a config descriptor's
bConfigurationValue field, or 0 for unconfigured -- with the tricky
caveat that bConfigurationValue might also be 0.

Preparation for fixing:
PR kern/59185: panic over KASSERTMSG(dev->ud_ifaces == NULL) on Dell
Latitude 7490
PR kern/59624: Booting NetBSD-11 from USB on my Dell machine panics
and hangs
PR kern/57447: HEAD fails to probe USB devices and fails to boot up


usb(9): Use ud_configidx, not ud_config, to see if unconfigured.
ud_config is a device-provided quantity in the config descriptor's
bConfigurationValue, and a faulty (or malicious) device can provide 0
for that value, which coincides with our software sentinel value
USBD_UNCONFIG_NO of 0.

Instead of testing ud_config, test ud_configidx, which is an index in
[0, bNumConfigurations) or -1, for which the device cannot confuse us
by a value that coincides with the sentinel -1.

PR kern/59185: panic over KASSERTMSG(dev->ud_ifaces == NULL) on Dell
Latitude 7490
PR kern/59624: Booting NetBSD-11 from USB on my Dell machine panics
and hangs
PR kern/57447: HEAD fails to probe USB devices and fails to boot up

Author: MartinHusemann

sys/dev/usb/usb_subr.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: usb_subr.c,v 1.279 2024/05/04 12:45:13 mlelstv Exp $	*/
+/*	$NetBSD: usb_subr.c,v 1.279.4.1 2025/10/19 10:08:32 martin Exp $	*/
 /*	$FreeBSD: src/sys/dev/usb/usb_subr.c,v 1.18 1999/11/17 22:33:47 n_hibma Exp $	*/
 
 /*
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: usb_subr.c,v 1.279 2024/05/04 12:45:13 mlelstv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: usb_subr.c,v 1.279.4.1 2025/10/19 10:08:32 martin Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_compat_netbsd.h"
@@ -154,7 +154,6 @@ usbd_get_device_strings(struct usbd_device *ud)
 	usbd_get_device_string(ud, udd->iSerialNumber, &ud->ud_serial);
 }
 
-
 void
 usbd_devinfo_vp(struct usbd_device *dev, char *v, size_t vl, char *p,
     size_t pl, int usedev, int useencoded)
@@ -691,16 +690,15 @@ usbd_set_config_index(struct usbd_device *dev, int index, int msg)
 	usbd_status err;
 	int i, ifcidx, nifc, len, selfpowered, power;
 
-
-	if (index >= dev->ud_ddesc.bNumConfigurations &&
+	if ((unsigned)index >= dev->ud_ddesc.bNumConfigurations &&
 	    index != USB_UNCONFIG_INDEX) {
 		/* panic? */
 		printf("usbd_set_config_index: illegal index\n");
 		return USBD_INVAL;
 	}
 
 	/* XXX check that all interfaces are idle */
-	if (dev->ud_config != USB_UNCONFIG_NO) {
+	if (dev->ud_configidx != USB_UNCONFIG_INDEX) {
 		DPRINTF("free old config", 0, 0, 0, 0);
 		/* Free all configuration data structures. */
 		nifc = dev->ud_cdesc->bNumInterface;
@@ -719,7 +717,12 @@ usbd_set_config_index(struct usbd_device *dev, int index, int msg)
 		dev->ud_cdesc = NULL;
 		dev->ud_bdesc = NULL;
 		dev->ud_config = USB_UNCONFIG_NO;
+		dev->ud_configidx = USB_UNCONFIG_INDEX;
 	}
+	KASSERTMSG(dev->ud_config == USB_UNCONFIG_NO, "ud_config=%u",
+	    dev->ud_config);
+	KASSERTMSG(dev->ud_configidx == USB_UNCONFIG_INDEX, "ud_configidx=%d",
+	    dev->ud_configidx);
 
 	if (index == USB_UNCONFIG_INDEX) {
 		/* We are unconfiguring the device, so leave unallocated. */
@@ -882,6 +885,7 @@ usbd_set_config_index(struct usbd_device *dev, int index, int msg)
 	    0, 0);
 	dev->ud_cdesc = cdp;
 	dev->ud_config = cdp->bConfigurationValue;
+	dev->ud_configidx = index;
 	for (ifcidx = 0; ifcidx < nifc; ifcidx++) {
 		usbd_iface_init(dev, ifcidx);
 		usbd_iface_exlock(&dev->ud_ifaces[ifcidx]);
@@ -905,8 +909,8 @@ usbd_set_config_index(struct usbd_device *dev, int index, int msg)
 
 bad:
 	/* XXX Use usbd_set_config() to reset the config? */
-	/* XXX Should we forbid USB_UNCONFIG_NO from bConfigurationValue? */
 	dev->ud_config = USB_UNCONFIG_NO;
+	dev->ud_configidx = USB_UNCONFIG_INDEX;
 	KASSERT(dev->ud_ifaces == NULL);
 	kmem_free(cdp, len);
 	dev->ud_cdesc = NULL;
@@ -1194,7 +1198,6 @@ usbd_attachinterfaces(device_t parent, struct usbd_device *dev,
 		DPRINTF("interface %jd %#jx", i, (uintptr_t)ifaces[i], 0, 0);
 	}
 
-
 	uiaa.uiaa_device = dev;
 	uiaa.uiaa_port = port;
 	uiaa.uiaa_vendor = UGETW(dd->idVendor);
@@ -1446,6 +1449,8 @@ usbd_new_device(device_t parent, struct usbd_bus *bus, int depth, int speed,
 	dev->ud_quirks = &usbd_no_quirk;
 	dev->ud_addr = USB_START_ADDR;
 	dev->ud_ddesc.bMaxPacketSize = 0;
+	dev->ud_config = USB_UNCONFIG_NO;
+	dev->ud_configidx = USB_UNCONFIG_INDEX;
 	dev->ud_depth = depth;
 	dev->ud_powersrc = up;
 	dev->ud_myhub = up->up_parent;

sys/dev/usb/usbdivar.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: usbdivar.h,v 1.139 2025/03/31 14:45:14 riastradh Exp $	*/
+/*	$NetBSD: usbdivar.h,v 1.139.2.1 2025/10/19 10:08:32 martin Exp $	*/
 
 /*
  * Copyright (c) 1998, 2012 The NetBSD Foundation, Inc.
@@ -230,6 +230,24 @@ struct usbd_device {
 	char		       *ud_serial;	/* serial number, can be NULL */
 	char		       *ud_vendor;	/* vendor string, can be NULL */
 	char		       *ud_product;	/* product string can be NULL */
+
+	/*
+	 * ud_config above holds a value of bConfigurationValue from
+	 * the config descriptor, or USB_UNCONFIG_NO=0 -- which may
+	 * _also_ be a value of bConfigurationValue.
+	 *
+	 * ud_configidx below holds an index in [0, bNumConfigurations)
+	 * into the list of configuration descriptors, or
+	 * USB_UNCONFIG_INDEX=-1 to denote that the interface is
+	 * unconfigured.  Note that ud_config may be USB_UNCONFIG_NO
+	 * even if ud_configidx is not USB_UNCONFIG_INDEX, if a screwy
+	 * device has a config descriptor with bConfigurationValue=0.
+	 *
+	 * This goes at the end, rather than next to ud_config where it
+	 * might properly belong, so the change preserves ABI for
+	 * pullup to release branches.
+	 */
+	int16_t			ud_configidx;
 };
 
 struct usbd_interface {

sys/dev/usb/xhci.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: xhci.c,v 1.188.2.2 2025/10/11 10:43:25 martin Exp $	*/
+/*	$NetBSD: xhci.c,v 1.188.2.3 2025/10/19 10:08:32 martin Exp $	*/
 
 /*
  * Copyright (c) 2013 Jonathan A. Kollasch
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xhci.c,v 1.188.2.2 2025/10/11 10:43:25 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xhci.c,v 1.188.2.3 2025/10/19 10:08:32 martin Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_usb.h"
@@ -2860,6 +2860,8 @@ xhci_new_device(device_t parent, struct usbd_bus *bus, int depth,
 	dev->ud_quirks = &usbd_no_quirk;
 	dev->ud_addr = 0;
 	dev->ud_ddesc.bMaxPacketSize = 0;
+	dev->ud_config = USB_UNCONFIG_NO;
+	dev->ud_configidx = USB_UNCONFIG_INDEX;
 	dev->ud_depth = depth;
 	dev->ud_powersrc = up;
 	dev->ud_myhub = up->up_parent;