Module Name: src
Committed By: martin
Date: Sat Nov 16 16:13:56 UTC 2019
Modified Files:
src/sys/dev/usb [netbsd-7]: usb_subr.c usbdi.c usbdi.h
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1713):
sys/dev/usb/usbdi.h: revision 1.97 (via patch)
sys/dev/usb/usbdi.c: revision 1.186 (via patch)
sys/dev/usb/usb_subr.c: revision 1.239 (via patch)
add new usbd_do_request_len() that can allocate a larger than
request size buffer. reimplement usbd_do_request_flags() in
terms of this. use this for fetching string descriptors.
fixes a very strange problem where an axe(4) attaching (either
has ugen(4) or axe(4)) would ask for 2 bytes, usb_mem.c would
allocate a 2 byte fragment, perform the operation, and sometime
shortly afterwards (usually by the time the next allocation
is made for this fragment), would become corrupted (usually
two bytes were written with 0x0304.)
(initial request of 4 bytes also avoids the problem on this
device. it really seems like a HC problem -- host should not
allow the device to write more than req.wLength! nor should
it allow this write to happen after completion.)
avoid an (almost) always double-log in usbd_transfer().
To generate a diff of this commit:
cvs rdiff -u -r1.196.4.5 -r1.196.4.6 src/sys/dev/usb/usb_subr.c
cvs rdiff -u -r1.161.2.4 -r1.161.2.5 src/sys/dev/usb/usbdi.c
cvs rdiff -u -r1.90.2.2 -r1.90.2.3 src/sys/dev/usb/usbdi.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/usb/usb_subr.c
diff -u src/sys/dev/usb/usb_subr.c:1.196.4.5 src/sys/dev/usb/usb_subr.c:1.196.4.6
--- src/sys/dev/usb/usb_subr.c:1.196.4.5 Wed Aug 8 10:17:11 2018
+++ src/sys/dev/usb/usb_subr.c Sat Nov 16 16:13:56 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: usb_subr.c,v 1.196.4.5 2018/08/08 10:17:11 martin Exp $ */
+/* $NetBSD: usb_subr.c,v 1.196.4.6 2019/11/16 16:13:56 martin Exp $ */
/* $FreeBSD: src/sys/dev/usb/usb_subr.c,v 1.18 1999/11/17 22:33:47 n_hibma Exp $ */
/*
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: usb_subr.c,v 1.196.4.5 2018/08/08 10:17:11 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: usb_subr.c,v 1.196.4.6 2019/11/16 16:13:56 martin Exp $");
#ifdef _KERNEL_OPT
#include "opt_compat_netbsd.h"
@@ -157,13 +157,20 @@ usbd_get_string_desc(struct usbd_device
usbd_status err;
int actlen;
+ /*
+ * Pass a full-sized buffer to usbd_do_request_len(). At least
+ * one device has been seen returning additional data beyond the
+ * provided buffers (2-bytes written shortly after the request
+ * claims to have completed and returned the 2 byte header,
+ * corrupting other memory.)
+ */
req.bmRequestType = UT_READ_DEVICE;
req.bRequest = UR_GET_DESCRIPTOR;
USETW2(req.wValue, UDESC_STRING, sindex);
USETW(req.wIndex, langid);
USETW(req.wLength, 2); /* only size byte first */
- err = usbd_do_request_flags(dev, &req, sdesc, USBD_SHORT_XFER_OK,
- &actlen, USBD_DEFAULT_TIMEOUT);
+ err = usbd_do_request_len(dev, &req, sizeof(*sdesc), sdesc,
+ USBD_SHORT_XFER_OK, &actlen, USBD_DEFAULT_TIMEOUT);
if (err)
return err;
@@ -171,8 +178,8 @@ usbd_get_string_desc(struct usbd_device
return USBD_SHORT_XFER;
USETW(req.wLength, sdesc->bLength); /* the whole string */
- err = usbd_do_request_flags(dev, &req, sdesc, USBD_SHORT_XFER_OK,
- &actlen, USBD_DEFAULT_TIMEOUT);
+ err = usbd_do_request_len(dev, &req, sizeof(*sdesc), sdesc,
+ USBD_SHORT_XFER_OK, &actlen, USBD_DEFAULT_TIMEOUT);
if (err)
return err;
@@ -1192,7 +1199,7 @@ usbd_get_initial_ddesc(struct usbd_devic
req.bRequest = UR_GET_DESCRIPTOR;
USETW2(req.wValue, UDESC_DEVICE, 0);
USETW(req.wIndex, 0);
- USETW(req.wLength, 64);
+ USETW(req.wLength, 8);
res = usbd_do_request_flags(dev, &req, buf, USBD_SHORT_XFER_OK,
&actlen, USBD_DEFAULT_TIMEOUT);
if (res)
Index: src/sys/dev/usb/usbdi.c
diff -u src/sys/dev/usb/usbdi.c:1.161.2.4 src/sys/dev/usb/usbdi.c:1.161.2.5
--- src/sys/dev/usb/usbdi.c:1.161.2.4 Fri Jan 11 15:58:23 2019
+++ src/sys/dev/usb/usbdi.c Sat Nov 16 16:13:56 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: usbdi.c,v 1.161.2.4 2019/01/11 15:58:23 martin Exp $ */
+/* $NetBSD: usbdi.c,v 1.161.2.5 2019/11/16 16:13:56 martin Exp $ */
/*
* Copyright (c) 1998, 2012, 2015 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: usbdi.c,v 1.161.2.4 2019/01/11 15:58:23 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: usbdi.c,v 1.161.2.5 2019/11/16 16:13:56 martin Exp $");
#ifdef _KERNEL_OPT
#include "opt_usb.h"
@@ -331,6 +331,8 @@ usbd_transfer(struct usbd_xfer *xfer)
* accepted by the HCD for some reason. It needs removing
* from the pipe queue.
*/
+ USBHIST_LOG(usbdebug, "xfer failed: %s, reinserting",
+ err, 0, 0, 0);
usbd_lock_pipe(pipe);
SIMPLEQ_REMOVE_HEAD(&pipe->up_queue, ux_next);
if (pipe->up_serialise)
@@ -1072,13 +1074,23 @@ usbd_status
usbd_do_request_flags(struct usbd_device *dev, usb_device_request_t *req,
void *data, uint16_t flags, int *actlen, uint32_t timeout)
{
+ size_t len = UGETW(req->wLength);
+
+ return usbd_do_request_len(dev, req, len, data, flags, actlen, timeout);
+}
+
+usbd_status
+usbd_do_request_len(struct usbd_device *dev, usb_device_request_t *req,
+ size_t len, void *data, uint16_t flags, int *actlen, uint32_t timeout)
+{
USBHIST_FUNC(); USBHIST_CALLED(usbdebug);
struct usbd_xfer *xfer;
usbd_status err;
+ KASSERT(len >= UGETW(req->wLength));
+
ASSERT_SLEEPABLE();
- size_t len = UGETW(req->wLength);
int error = usbd_create_xfer(dev->ud_pipe0, len, 0, 0, &xfer);
if (error)
return error;
Index: src/sys/dev/usb/usbdi.h
diff -u src/sys/dev/usb/usbdi.h:1.90.2.2 src/sys/dev/usb/usbdi.h:1.90.2.3
--- src/sys/dev/usb/usbdi.h:1.90.2.2 Wed Aug 8 10:17:11 2018
+++ src/sys/dev/usb/usbdi.h Sat Nov 16 16:13:56 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: usbdi.h,v 1.90.2.2 2018/08/08 10:17:11 martin Exp $ */
+/* $NetBSD: usbdi.h,v 1.90.2.3 2019/11/16 16:13:56 martin Exp $ */
/* $FreeBSD: src/sys/dev/usb/usbdi.h,v 1.18 1999/11/17 22:33:49 n_hibma Exp $ */
/*
@@ -141,6 +141,9 @@ usbd_status usbd_sync_transfer_sig(struc
usbd_status usbd_do_request(struct usbd_device *, usb_device_request_t *, void *);
usbd_status usbd_do_request_flags(struct usbd_device *, usb_device_request_t *,
void *, uint16_t, int *, uint32_t);
+usbd_status usbd_do_request_len(struct usbd_device *dev,
+ usb_device_request_t *req, size_t len, void *data, uint16_t flags,
+ int *actlen, uint32_t timeout);
usb_interface_descriptor_t *
usbd_get_interface_descriptor(struct usbd_interface *);
