On Tue, 18 Aug 2020 15:46:03 +0000
Mikolaj Kucharski <[email protected]> wrote:
> On Tue, Aug 18, 2020 at 06:41:13AM +0200, Marcus Glocker wrote:
> > Could you please also send an lsusb -v of the device?
>
> Sure, no problem.
Thanks.
So 55 bytes for your configuration descriptor seems to be the correct
length. Question is now whether/where/why we did only malloc() 32 bytes
before for the configuration descriptor ...
Can you please run it again with the following diff applied and send me
the output? The panic shouldn't happen anymore if we catch the right
free().
> > pkg_add usbutils
> > lsusb
> > lsusb -d <vendor_id>:<product_id> -v
>
> # lsusb -v -d 04e8:3469
> Bus 000 Device 002: ID 04e8:3469 Samsung Electronics Co., Ltd
> Device Descriptor:
> bLength 18
> bDescriptorType 1
> bcdUSB 2.00
> bDeviceClass 0 (Defined at Interface level)
> bDeviceSubClass 0
> bDeviceProtocol 0
> bMaxPacketSize0 64
> idVendor 0x04e8 Samsung Electronics Co., Ltd
> idProduct 0x3469
> bcdDevice 1.00
> iManufacturer 1 Samsung Electronics Co., Ltd.
> iProduct 2 M2070 Series
> iSerial 3 ZF46B8KM2D02Z1A
> bNumConfigurations 1
> Configuration Descriptor:
> bLength 9
> bDescriptorType 2
> wTotalLength 55
> bNumInterfaces 2
> bConfigurationValue 1
> iConfiguration 0
> bmAttributes 0xc0
> Self Powered
> MaxPower 2mA
> Interface Descriptor:
> bLength 9
> bDescriptorType 4
> bInterfaceNumber 0
> bAlternateSetting 0
> bNumEndpoints 2
> bInterfaceClass 255 Vendor Specific Class
> bInterfaceSubClass 255 Vendor Specific Subclass
> bInterfaceProtocol 255 Vendor Specific Protocol
> iInterface 0
> Endpoint Descriptor:
> bLength 7
> bDescriptorType 5
> bEndpointAddress 0x04 EP 4 OUT
> bmAttributes 2
> Transfer Type Bulk
> Synch Type None
> Usage Type Data
> wMaxPacketSize 0x0200 1x 512 bytes
> bInterval 10
> Endpoint Descriptor:
> bLength 7
> bDescriptorType 5
> bEndpointAddress 0x83 EP 3 IN
> bmAttributes 2
> Transfer Type Bulk
> Synch Type None
> Usage Type Data
> wMaxPacketSize 0x0200 1x 512 bytes
> bInterval 10
> Interface Descriptor:
> bLength 9
> bDescriptorType 4
> bInterfaceNumber 1
> bAlternateSetting 0
> bNumEndpoints 2
> bInterfaceClass 7 Printer
> bInterfaceSubClass 1 Printer
> bInterfaceProtocol 2 Bidirectional
> iInterface 0
> Endpoint Descriptor:
> bLength 7
> bDescriptorType 5
> bEndpointAddress 0x02 EP 2 OUT
> bmAttributes 2
> Transfer Type Bulk
> Synch Type None
> Usage Type Data
> wMaxPacketSize 0x0200 1x 512 bytes
> bInterval 10
> Endpoint Descriptor:
> bLength 7
> bDescriptorType 5
> bEndpointAddress 0x81 EP 1 IN
> bmAttributes 2
> Transfer Type Bulk
> Synch Type None
> Usage Type Data
> wMaxPacketSize 0x0200 1x 512 bytes
> bInterval 10
> Device Qualifier (for other device speed):
> bLength 10
> bDescriptorType 6
> bcdUSB 2.00
> bDeviceClass 0 (Defined at Interface level)
> bDeviceSubClass 0
> bDeviceProtocol 0
> bMaxPacketSize0 64
> bNumConfigurations 1
> Device Status: 0x0001
> Self Powered
>
Index: sys/dev/usb/usb.c
===================================================================
RCS file: /cvs/src/sys/dev/usb/usb.c,v
retrieving revision 1.124
diff -u -p -u -p -r1.124 usb.c
--- sys/dev/usb/usb.c 6 Oct 2019 17:11:51 -0000 1.124
+++ sys/dev/usb/usb.c 21 Aug 2020 10:53:12 -0000
@@ -772,7 +772,8 @@ usbioctl(dev_t devt, u_long cmd, caddr_t
uio.uio_rw = UIO_READ;
uio.uio_procp = p;
error = uiomove((void *)cdesc, len, &uio);
- free(cdesc, M_TEMP, UGETW(cdesc->wTotalLength));
+ printf("wTotalLength free = %d\n", UGETW(cdesc->wTotalLength));
+ free(cdesc, M_TEMP, 0);
return (error);
}
Index: sys/dev/usb/usb_subr.c
===================================================================
RCS file: /cvs/src/sys/dev/usb/usb_subr.c,v
retrieving revision 1.151
diff -u -p -u -p -r1.151 usb_subr.c
--- sys/dev/usb/usb_subr.c 31 Jul 2020 10:49:33 -0000 1.151
+++ sys/dev/usb/usb_subr.c 21 Aug 2020 10:53:12 -0000
@@ -1376,14 +1376,14 @@ usbd_get_cdesc(struct usbd_device *dev,
*lenp = len;
cdesc = malloc(len, M_TEMP, M_WAITOK);
memcpy(cdesc, tdesc, len);
- DPRINTFN(5,("%s: current, len=%u\n", __func__, len));
+ printf("%s: current, len=%u\n", __func__, len);
} else {
err = usbd_get_desc(dev, UDESC_CONFIG, index,
USB_CONFIG_DESCRIPTOR_SIZE, &cdescr);
if (err || cdescr.bDescriptorType != UDESC_CONFIG)
return (0);
len = UGETW(cdescr.wTotalLength);
- DPRINTFN(5,("%s: index=%d, len=%u\n", __func__, index, len));
+ printf("%s: index=%d, len=%u\n", __func__, index, len);
if (lenp)
*lenp = len;
cdesc = malloc(len, M_TEMP, M_WAITOK);
