-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
usb: device_next: usbd_hid: Fix size in HID report get #79001
usb: device_next: usbd_hid: Fix size in HID report get #79001
Conversation
Since UDC buffers are allocated with `UDC_BUF_GRANULARITY` granularity, the `net_buf_tailroom` may no longer be equal to the HID report size. Use `setup->wLength` instead to ensure that proper HID report size is passed to the application's callback. Signed-off-by: Marek Pieta <[email protected]>
@@ -235,7 +235,7 @@ static int handle_get_report(const struct device *dev, | |||
const uint8_t id = HID_GET_REPORT_ID(setup->wValue); | |||
struct hid_device_data *const ddata = dev->data; | |||
const struct hid_device_ops *ops = ddata->ops; | |||
const size_t size = net_buf_tailroom(buf); | |||
const size_t size = setup->wLength; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure if using setup->wLength
directly is appropriate, a potential alternative would be MIN(setup->wLength, net_buf_tailroom(buf))
. Host can submit any wLength value up to 65535 regardless the actual buffer size. Currently the stack will fail if it cannot allocate such large request even if the actual payloads are much smaller.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can use MIN(setup->wLength, net_buf_tailroom(buf)
here. Still, I wonder if the condition should not be validated somewhere in lower layers (so that USB class implementation could already assume that setup->wLength
is proper.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is more of a wondering how this issue should be solved in general. This sort of mechanism currently results in USB2CV MSC failure with default build settings because the testcase is requesting string descriptors length with 4096 wLength whereas the strings are significantly shorter than that. While the strings would definitely fit inside the much smaller buffer, they are not even given a chance because default UDC buf pool is failing to allocate 4096 bytes long buffer.
Since UDC buffers are allocated with
UDC_BUF_GRANULARITY
granularity, thenet_buf_tailroom
may no longer be equal to the HID report size. Usesetup->wLength
instead to ensure that proper HID report size is passed to the application's callback.