New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
STALL at GET DESCRIPTOR(CONFIGURATION) #4
Comments
Fix for total size of desriptor(size of requested data)This gives https://geekhack.org/index.php?topic=69169.msg2992750#msg2992750
Fix for 'max packet size'Root cause is that correct 'max packet size' of endpoint 0 is not given when This stores correct 'max packet size' and makes it availble to
|
Logitech G213 USB DescriptorTotal length of Configuration descriptor is 59(0x3b) and bMaxPacketSize0 is 64.
NuType F1 USB DescriptorTotal length of Configuration descriptor is 59(0x3b) and bMaxPacketSize0 is 64.
https://pastebin.com/fTWMypTS |
This makes correct bMaxPacketSize0 available before getConfDescr(). Without this InTransfer() can request data beyond the end of data and response with STALL error. #4
Without this fix InTransfer() can read beyond requested length and fails with STALL. This can happen when correct value is not set to maxPktSize. #4
Fix for STALL at GET DESCRIPTOR(CONFIGURATION) tmk/USB_Host_Shield_2.0#4
Logitech G413 have this issue as well. |
Fix for STALL at GET DESCRIPTOR(CONFIGURATION) tmk/USB_Host_Shield_2.0#4
Hello I am very noob to this keyboard and code lingo, I am here from this video https://www.youtube.com/watch?v=GZEoss4XIgc and have no clue how to apply this patch to my G213 as in this video the Hex files are given if the supplied hex files dont work or of there is something that I am missing please let me know. |
I don't know exactly what the video describes honestly. You need to compile firmware yourself probably. Refer this for how to build |
With some keyboards(Logitech G213, NuType F1)
getConfDescr()
fails to get Configuration Descriptor with STALL error(05).USB_Host_Shield_2.0/hidboot.h
Line 413 in 08121e1
USB_Host_Shield_2.0/Usb.cpp
Lines 801 to 803 in 5c303ed
USB_Host_Shield_2.0/Usb.cpp
Lines 807 to 822 in 5c303ed
Configuration Descriptor is read twice in
getConfDescr()
.1. nbytes = 9
USB_Host_Shield_2.0/Usb.cpp
Line 812 in 5c303ed
ctrlReq(addr, ep, bmREQ_GET_DESCR, USB_REQUEST_GET_DESCRIPTOR, conf, USB_DESCRIPTOR_CONFIGURATION, 0x0000, 9, 9, buf, NULL)
can get first 9 bytes of Configuration descriptor successfully.2. total = 59(descriptor length), bufSize = 64
USB_Host_Shield_2.0/Usb.cpp
Line 821 in 5c303ed
ctrlReq(addr, ep, bmREQ_GET_DESCR, USB_REQUEST_GET_DESCRIPTOR, conf, USB_DESCRIPTOR_CONFIGURATION, 0x0000, 59, 64, buf, p)
fails with STALL when it reads whole of Configuration descriptor.Buffer size is 64. Total length of Configuration descriptor is 59 in case of Logitech G213.
Cause
This part is related to this STALL.
In
ctrlReq()
InTransfer()
returns STALL(0x05) when it reads whole of Configuration descriptor from the keyboards.In case of Logitech G213 total length of Configuration descriptor is 59(0x3b) and
bMaxPacketSize0
is 64.STALL may be caused by out of bounds read on the descriptor in
InTransfer()
USB_Host_Shield_2.0/Usb.cpp
Lines 170 to 173 in 5c303ed
Line commented out
read = (left<nbytes) ? left : nbytes
seems to work well, but not sure why this has not been used.ctrlReq(... total, nbytes, ...)
looks doing right.ctrlReq(... 9, 9, ...)
callsIntransfer(, read = 9, )
and it works well.ctrlReq(... 59, 64, ...)
callsInTransfer(, read = 64, )
which is expected to read 59 bytes. This can issue excess IN transaction unnecessarily and reads the descriptor beyond the end in case that it is given incorrect 'max packet size'(8).Root Cause: Correct 'max packet size' of the control endpoint0 is not given when
InTransfer()
is called.Termination conditions of
InTransfer()
are:USB_Host_Shield_2.0/Usb.cpp
Lines 283 to 286 in 5c303ed
The first one is not met because 'max packet size' is incorrect(8 instead of 64). Also the second one also doesn't work because it is given hard-coded 64 instead of real descriptor length 59.
How InTransfer() fails
With Logitech G213 total length of Configuration descriptor is 59(0x3b) and
bMaxPacketSize0
is 64.When
bMaxPacketSize0
is 64 only one IN packet is needed to read whole of the descriptor(59).Terminal condition:
if((pktsize < maxpktsize) || (*nbytesptr >= nbytes))
bMaxPacketSize0
1. maxpktsize is incorrect 8 and nbytes is hard-coded 64
Even after reading whole of the descriptor with IN-1 it doesn't stop because
if (59 < 8 || 59 >= 64)
doessn't match. And it starts unnecessary second IN transaction and ends with STALL error.2. maxpktsize is correct 64
It stops after receiving IN-1 with matching like
if (59 < 64 || 59 >= 64)
.It doesn't issue second IN transfer and returns successfully.
3. nbytes is correct total descriptor size(59)
I stops after receiving IN-1 with matching like
if (59 < 8 || 59 >= 59)
.It doesn't issue second IN transfer and returns successfully.
4. maxpktsize is correct 64 and nbytes is correct total descriptor size(59)
I stops after receiving IN-1 with matching like
if (59 < 64 || 59 >= 59)
.It doesn't issue second IN transfer and returns successfully.
The text was updated successfully, but these errors were encountered: