current-users: Re: access to ugen0.00 crashes current kernel

Subject: Re: access to ugen0.00 crashes current kernel
To: NetBSD-current <current-users@NetBSD.org>
From: thilo <jeremias@optushome.com.au>
List: current-users
Date: 03/19/2006 20:55:09
Hi everyone,

I'm still trying to understand the USB code in netbsd. So I have some 
questions
(apologize if they are too simple)

If every usb device has an control endpoint 0, and the bNumendpoints in 
the device descriptor returns (n-endp - p0),
does this mean that the sources which always itterate from 0 ... 
bNumendpoints-1  cannot access the control endpoint?
(like this : -- from ugen.c:297)
                err = usbd_endpoint_count(iface, &nendpt);
 
                if (err)
                        return (err);
                for (endptno = 0; endptno < nendpt; endptno++) {
                        ed = 
usbd_interface2endpoint_descriptor(iface,endptno);



How is the control endpoint used/accessed?

I guess fixing the kernel - coredump could be either disallow the switch 
in ugenpoll or
(I guess better) not start polling the device if it does not have any 
endpoints.
But (I'm to dumb to see where)  and who is registering the poll for the 
ugen device?

Would that be the correct aproach?

Are there any other devices that do not have extra endpoints, that I 
could use to compare the aproach with?

Is the ugen code netbsd or would be a differnt bsd group be the better 
place to discuss this?

cheers thilo

-- and sorry If you didn't see the original mail. I used a different 
thread to reply, so some mail headers would have been wrong --

thilo wrote:

> Hello there,
>
> I found that current (yesterday till at least 4 month back) crashes
> if I insert an E-gate usb token and try to start the openct-tools.
>
> What happens essentially is, that the device returns no endpoints, but
> ugen poll is started and tries  to access edesc->bnAtt..... this 
> results in a vm-fault......
>  see dev/usb/ugen.c:1362 (switch....)
>
> I'm not sure why the descriptor is not set, but the code in ugen.c:290
> will only allocate the edesc if  the number of endpoints is >0.
>
> Is this correct? ( asside that the kernel should not crash)
>
> Isn't enpoint number 0 always available? So shouldn't the structure
> be initialized?
>
> Any help is apreciated.
> I assume every ugen device with only enpoint 0 should crash the kernel.
>
> below is the usb device descriptor.
> thilo
>
>
> Dumping all descriptors
> DEVICE descriptor:
> bLength=18 bDescriptorType=1 bcdUSB=1.10 bDeviceClass=255 
> bDeviceSubClass=0
> bDeviceProtocol=0 bMaxPacketSize=8
> idVendor=0x0973 idProduct=0x0001 bcdDevice=100
> iManufacturer=1 iProduct=2 iSerialNumber=0 bNumConfigurations=1
>
> Current configuration is number 1
>
> CONFIGURATION descriptor index 0:
> bLength=9 bDescriptorType=2 wTotalLength=18 bNumInterface=1
> bConfigurationValue=1 iConfiguration=0 bmAttributes=80 bMaxPower=30 mA
>
>  INTERFACE descriptor index 0, alt index 0:
>  bLength=9 bDescriptorType=4 bInterfaceNumber=0 bAlternateSetting=0
>  bNumEndpoints=0 bInterfaceClass=0 bInterfaceSubClass=0
>  bInterfaceProtocol=0 iInterface=0
>
> Product: SchlumbergerSema Cyberflex e-gate
> Vendor:  SchlumbergerSema
> address 2
>
> ~
>
>
>