diff --git a/src/class/cdc/cdc_host.c b/src/class/cdc/cdc_host.c index ff1a8338d..0655ea1a7 100644 --- a/src/class/cdc/cdc_host.c +++ b/src/class/cdc/cdc_host.c @@ -29,6 +29,8 @@ #include "tusb_option.h" +#include + #if (CFG_TUH_ENABLED && CFG_TUH_CDC) #include "host/usbh.h" @@ -1190,7 +1192,8 @@ static uint16_t ftdi_open(uint8_t daddr, const tusb_desc_interface_t *itf_desc, TU_VERIFY(itf_desc->bInterfaceSubClass == 0xff && itf_desc->bInterfaceProtocol == 0xff && itf_desc->bNumEndpoints == 2, 0); - const uint16_t drv_len = sizeof(tusb_desc_interface_t) + itf_desc->bNumEndpoints * sizeof(tusb_desc_endpoint_t); + const uint16_t drv_len = + (uint16_t)(sizeof(tusb_desc_interface_t) + itf_desc->bNumEndpoints * sizeof(tusb_desc_endpoint_t)); TU_VERIFY(drv_len <= max_len, 0); cdch_interface_t *p_cdc = make_new_itf(daddr, itf_desc); @@ -1581,7 +1584,8 @@ enum { static uint16_t cp210x_open(uint8_t daddr, const tusb_desc_interface_t *itf_desc, uint16_t max_len) { // CP210x Interface includes 1 vendor interface + 2 bulk endpoints TU_VERIFY(itf_desc->bInterfaceSubClass == 0 && itf_desc->bInterfaceProtocol == 0 && itf_desc->bNumEndpoints == 2, 0); - const uint16_t drv_len = sizeof(tusb_desc_interface_t) + itf_desc->bNumEndpoints * sizeof(tusb_desc_endpoint_t); + const uint16_t drv_len = + (uint16_t)(sizeof(tusb_desc_interface_t) + itf_desc->bNumEndpoints * sizeof(tusb_desc_endpoint_t)); TU_VERIFY(drv_len <= max_len, 0); cdch_interface_t *p_cdc = make_new_itf(daddr, itf_desc); @@ -1756,7 +1760,8 @@ enum { static uint16_t ch34x_open(uint8_t daddr, const tusb_desc_interface_t *itf_desc, uint16_t max_len) { // CH34x Interface includes 1 vendor interface + 2 bulk + 1 interrupt endpoints TU_VERIFY(itf_desc->bNumEndpoints == 3, 0); - const uint16_t drv_len = sizeof(tusb_desc_interface_t) + itf_desc->bNumEndpoints * sizeof(tusb_desc_endpoint_t); + const uint16_t drv_len = + (uint16_t)(sizeof(tusb_desc_interface_t) + itf_desc->bNumEndpoints * sizeof(tusb_desc_endpoint_t)); TU_VERIFY(drv_len <= max_len, 0); cdch_interface_t * p_cdc = make_new_itf(daddr, itf_desc); @@ -2092,7 +2097,8 @@ enum { static uint16_t pl2303_open(uint8_t daddr, const tusb_desc_interface_t *itf_desc, uint16_t max_len) { // PL2303 Interface includes 1 vendor interface + 1 interrupt endpoints + 2 bulk TU_VERIFY(itf_desc->bNumEndpoints == 3, 0); - const uint16_t drv_len = sizeof(tusb_desc_interface_t) + itf_desc->bNumEndpoints * sizeof(tusb_desc_endpoint_t); + const uint16_t drv_len = + (uint16_t)(sizeof(tusb_desc_interface_t) + itf_desc->bNumEndpoints * sizeof(tusb_desc_endpoint_t)); TU_VERIFY(drv_len <= max_len, 0); cdch_interface_t *p_cdc = make_new_itf(daddr, itf_desc); diff --git a/src/common/tusb_private.h b/src/common/tusb_private.h index 586250163..10e12c2af 100644 --- a/src/common/tusb_private.h +++ b/src/common/tusb_private.h @@ -84,13 +84,11 @@ typedef struct { // Check if endpoint descriptor is valid per USB specs if debug is enabled #if CFG_TUSB_DEBUG -bool tu_edpt_validate(tusb_desc_endpoint_t const * desc_ep, tusb_speed_t speed, bool is_host); +bool tu_edpt_validate(const tusb_desc_endpoint_t *desc_ep, tusb_speed_t speed); #else -TU_ATTR_ALWAYS_INLINE static inline bool tu_edpt_validate(tusb_desc_endpoint_t const *desc_ep, tusb_speed_t speed, - bool is_host) { +TU_ATTR_ALWAYS_INLINE static inline bool tu_edpt_validate(const tusb_desc_endpoint_t *desc_ep, tusb_speed_t speed) { (void)desc_ep; (void)speed; - (void)is_host; return true; } #endif diff --git a/src/device/usbd.c b/src/device/usbd.c index 6fd88bf42..4cbba1240 100644 --- a/src/device/usbd.c +++ b/src/device/usbd.c @@ -1331,7 +1331,7 @@ bool usbd_edpt_open(uint8_t rhport, tusb_desc_endpoint_t const* desc_ep) { rhport = _usbd_rhport; TU_ASSERT(tu_edpt_number(desc_ep->bEndpointAddress) < CFG_TUD_ENDPPOINT_MAX); - TU_ASSERT(tu_edpt_validate(desc_ep, (tusb_speed_t) _usbd_dev.speed, false)); + TU_ASSERT(tu_edpt_validate(desc_ep, (tusb_speed_t)_usbd_dev.speed)); return dcd_edpt_open(rhport, desc_ep); } @@ -1541,7 +1541,7 @@ bool usbd_edpt_iso_activate(uint8_t rhport, tusb_desc_endpoint_t const* desc_ep) uint8_t const dir = tu_edpt_dir(desc_ep->bEndpointAddress); TU_ASSERT(epnum < CFG_TUD_ENDPPOINT_MAX); - TU_ASSERT(tu_edpt_validate(desc_ep, (tusb_speed_t) _usbd_dev.speed, false)); + TU_ASSERT(tu_edpt_validate(desc_ep, (tusb_speed_t)_usbd_dev.speed)); _usbd_dev.ep_status[epnum][dir].stalled = 0; _usbd_dev.ep_status[epnum][dir].busy = 0; diff --git a/src/host/usbh.c b/src/host/usbh.c index 7c4910af1..5b14a15cb 100644 --- a/src/host/usbh.c +++ b/src/host/usbh.c @@ -1066,7 +1066,14 @@ static bool usbh_edpt_control_open(uint8_t dev_addr, uint8_t max_packet_size) { } bool tuh_edpt_open(uint8_t dev_addr, tusb_desc_endpoint_t const* desc_ep) { - TU_ASSERT(tu_edpt_validate(desc_ep, tuh_speed_get(dev_addr), true)); + // HACK: some device incorrectly always report 512 bulk regardless of link speed, overwrite descriptor to force 64 + if (desc_ep->bmAttributes.xfer == TUSB_XFER_BULK && tu_edpt_packet_size(desc_ep) > 64 && + tuh_speed_get(dev_addr) == TUSB_SPEED_FULL) { + TU_LOG1(" WARN: EP max packet size is 512 in fullspeed, force to 64\r\n"); + tusb_desc_endpoint_t *hacked_ep = (tusb_desc_endpoint_t *)(uintptr_t)desc_ep; + hacked_ep->wMaxPacketSize = tu_htole16(64); + } + TU_ASSERT(tu_edpt_validate(desc_ep, tuh_speed_get(dev_addr))); return hcd_edpt_open(usbh_get_rhport(dev_addr), dev_addr, desc_ep); } diff --git a/src/tusb.c b/src/tusb.c index c62052c97..f6ca3fabc 100644 --- a/src/tusb.c +++ b/src/tusb.c @@ -242,13 +242,13 @@ bool tu_edpt_release(tu_edpt_state_t* ep_state, osal_mutex_t mutex) { } #if CFG_TUSB_DEBUG -bool tu_edpt_validate(tusb_desc_endpoint_t const* desc_ep, tusb_speed_t speed, bool is_host) { - uint16_t const max_packet_size = tu_edpt_packet_size(desc_ep); +bool tu_edpt_validate(const tusb_desc_endpoint_t *desc_ep, tusb_speed_t speed) { + const uint16_t max_packet_size = tu_edpt_packet_size(desc_ep); TU_LOG2(" Open EP %02X with Size = %u\r\n", desc_ep->bEndpointAddress, max_packet_size); switch (desc_ep->bmAttributes.xfer) { case TUSB_XFER_ISOCHRONOUS: { - uint16_t const spec_size = (speed == TUSB_SPEED_HIGH ? 1024 : 1023); + const uint16_t spec_size = (speed == TUSB_SPEED_HIGH ? 1024 : 1023); TU_ASSERT(max_packet_size <= spec_size); break; } @@ -259,16 +259,7 @@ bool tu_edpt_validate(tusb_desc_endpoint_t const* desc_ep, tusb_speed_t speed, b TU_ASSERT(max_packet_size == 512); } else { // Bulk fullspeed can only be 8, 16, 32, 64 - if (is_host && max_packet_size == 512) { - // HACK: while in host mode, some device incorrectly always report 512 regardless of link speed - // overwrite descriptor to force 64 - TU_LOG1(" WARN: EP max packet size is 512 in fullspeed, force to 64\r\n"); - tusb_desc_endpoint_t* hacked_ep = (tusb_desc_endpoint_t*) (uintptr_t) desc_ep; - hacked_ep->wMaxPacketSize = tu_htole16(64); - } else { - TU_ASSERT(max_packet_size == 8 || max_packet_size == 16 || - max_packet_size == 32 || max_packet_size == 64); - } + TU_ASSERT(max_packet_size == 8 || max_packet_size == 16 || max_packet_size == 32 || max_packet_size == 64); } break; diff --git a/test/fuzz/device/cdc/src/fuzz.cc b/test/fuzz/device/cdc/src/fuzz.cc index 0560e8621..ea13fce92 100644 --- a/test/fuzz/device/cdc/src/fuzz.cc +++ b/test/fuzz/device/cdc/src/fuzz.cc @@ -52,7 +52,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { provider.ConsumeIntegralInRange(0, Size)); fuzz_init(callback_data.data(), callback_data.size()); // init device stack on configured roothub port - tud_init(BOARD_TUD_RHPORT); + tusb_rhport_init_t dev_init = { + .role = TUSB_ROLE_DEVICE, + .speed = TUSB_SPEED_AUTO + }; + tusb_init(BOARD_TUD_RHPORT, &dev_init); for (int i = 0; i < FUZZ_ITERATIONS; i++) { if (provider.remaining_bytes() == 0) { diff --git a/test/fuzz/device/msc/src/fuzz.cc b/test/fuzz/device/msc/src/fuzz.cc index 371d49882..8981e5570 100644 --- a/test/fuzz/device/msc/src/fuzz.cc +++ b/test/fuzz/device/msc/src/fuzz.cc @@ -46,8 +46,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { std::vector callback_data = provider.ConsumeBytes( provider.ConsumeIntegralInRange(0, Size)); fuzz_init(callback_data.data(), callback_data.size()); - // init device stack on configured roothub port - tud_init(BOARD_TUD_RHPORT); + tusb_rhport_init_t dev_init = { + .role = TUSB_ROLE_DEVICE, + .speed = TUSB_SPEED_AUTO + }; + tusb_init(BOARD_TUD_RHPORT, &dev_init); for (int i = 0; i < FUZZ_ITERATIONS; i++) { if (provider.remaining_bytes() == 0) { diff --git a/test/fuzz/device/net/src/fuzz.cc b/test/fuzz/device/net/src/fuzz.cc index a6935928a..7c8c39acc 100644 --- a/test/fuzz/device/net/src/fuzz.cc +++ b/test/fuzz/device/net/src/fuzz.cc @@ -53,7 +53,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { provider.ConsumeIntegralInRange(0, Size)); fuzz_init(callback_data.data(), callback_data.size()); // init device stack on configured roothub port - tud_init(BOARD_TUD_RHPORT); + tusb_rhport_init_t dev_init = { + .role = TUSB_ROLE_DEVICE, + .speed = TUSB_SPEED_AUTO + }; + tusb_init(BOARD_TUD_RHPORT, &dev_init); for (int i = 0; i < FUZZ_ITERATIONS; i++) { if (provider.remaining_bytes() == 0) {