linux/drivers
Christian Krause 13b58ee518 [PATCH] USB: fix bug in handling of highspeed usb HID devices
During the development of an USB device I found a bug in the handling of
Highspeed HID devices in the kernel.

What happened?

Highspeed HID devices are correctly recognized and enumerated by the
kernel. But even if usbhid kernel module is loaded, no HID reports are
received by the kernel.

The output of the hardware USB analyzer told me that the host doesn't
even poll for interrupt IN transfers (even the "interrupt in" USB
transfer are polled by the host).

After some debugging in hid-core.c I've found the reason.

In case of a highspeed device, the endpoint interval is re-calculated in
driver/usb/input/hid-core.c:

line 1669:
             /* handle potential highspeed HID correctly */
             interval = endpoint->bInterval;
             if (dev->speed == USB_SPEED_HIGH)
                   interval = 1 << (interval - 1);

Basically this calculation is correct (refer to USB 2.0 spec, 9.6.6).
This new calculated value of "interval" is used as input for
usb_fill_int_urb:

line 1685:

            usb_fill_int_urb(hid->urbin, dev, pipe, hid->inbuf, 0,
                   hid_irq_in, hid, interval);

Unfortunately the same calculation as above is done a second time in
usb_fill_int_urb in the file include/linux/usb.h:

line 933:
        if (dev->speed == USB_SPEED_HIGH)
                urb->interval = 1 << (interval - 1);
        else
                urb->interval = interval;

This means, that if the endpoint descriptor (of a high speed device)
specifies e.g. bInterval = 7, the urb->interval gets the value:

hid-core.c: interval = 1 << (7-1) = 0x40 = 64
urb->interval = 1 << (interval -1) = 1 << (63) = integer overflow

Because of this the value of urb->interval is sometimes negative and is
rejected in core/urb.c:
line 353:
                /* too small? */
                if (urb->interval <= 0)
                        return -EINVAL;

The conclusion is, that the recalculaton of the interval (which is
necessary for highspeed) should not be made twice, because this is
simply wrong. ;-)

Re-calculation in usb_fill_int_urb makes more sense, because it is the
most general approach. So it would make sense to remove it from
hid-core.c.

Because in hid-core.c the interval variable is only used for calling
usb_fill_int_urb, it is no problem to remove the highspeed
re-calculation in this file.

Signed-off-by: Christian Krause <chkr@plauener.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-10-17 14:45:49 -07:00
..
acorn [ARM] Fix pcf8583 to build 2005-09-20 21:01:13 +01:00
acpi [PATCH] remove ACPI S4bios support 2005-09-10 10:06:35 -07:00
atm [PATCH] gfp flags annotations - part 1 2005-10-08 15:00:57 -07:00
base [PATCH] gfp flags annotations - part 1 2005-10-08 15:00:57 -07:00
block [PATCH] gfp flags annotations - part 1 2005-10-08 15:00:57 -07:00
bluetooth [PATCH] gfp flags annotations - part 1 2005-10-08 15:00:57 -07:00
cdrom [PATCH] drivers/cdrom: fix-up schedule_timeout() usage 2005-09-10 10:06:38 -07:00
char Pull mbcs-init-sn-check into release branch 2005-10-11 15:08:48 -07:00
connector [PATCH] gfp flags annotations - part 1 2005-10-08 15:00:57 -07:00
cpufreq
crypto
dio
eisa
fc4
firmware [PATCH] dell_rbu: changes in packet update mechanism 2005-10-11 09:46:53 -07:00
hwmon [PATCH] hdaps: small update. 2005-09-22 22:17:34 -07:00
i2c [PATCH] ppc64: SMU driver update & i2c support 2005-09-22 22:17:35 -07:00
ide [PATCH] ide: Workaround PM problem 2005-10-10 08:40:47 -07:00
ieee1394 [PATCH] gfp flags annotations - part 1 2005-10-08 15:00:57 -07:00
infiniband [PATCH] gfp flags annotations - part 1 2005-10-08 15:00:57 -07:00
input Merge master.kernel.org:/home/rmk/linux-2.6-arm 2005-10-14 17:16:35 -07:00
isdn [PATCH] proc_mkdir() should be used to create procfs directories 2005-09-29 08:46:26 -07:00
macintosh [PATCH] Fix ppc64 smu driver locking 2005-09-29 15:42:58 -07:00
mca
md [PATCH] gfp flags annotations - part 1 2005-10-08 15:00:57 -07:00
media [PATCH] fix black/white-only svideo input in vpx3220 decoder 2005-10-17 08:59:10 -07:00
message [PATCH] Fix I2O config-osm init to return proper error 2005-09-21 10:11:54 -07:00
mfd [ARM] 2956/1: fix the "Fix gcc4 build errors in ucb1x00-core.c" 2005-10-10 18:22:17 +01:00
misc [PATCH] hdpu_cpustate.c: misc_register() can fail 2005-09-10 10:06:25 -07:00
mmc [MMC] Clean up wbsd detection handling 2005-09-12 20:36:19 +01:00
mtd Merge master.kernel.org:/home/rmk/linux-2.6-arm 2005-09-30 08:39:56 -07:00
net [PATCH] wireless/airo: Build fix 2005-10-14 17:10:12 -07:00
nubus
oprofile
parisc [IPV4]: Replace __in_dev_get with __in_dev_get_rcu/rtnl 2005-10-03 14:35:55 -07:00
parport [PATCH] parport: fix-up schedule_timeout() usage 2005-09-10 10:06:38 -07:00
pci [PATCH] pci: fixup parent subordinate busnr 2005-09-23 08:05:16 -07:00
pcmcia [PATCH] zaurus: fix soc_common.c 2005-10-14 17:10:12 -07:00
pnp Merge linux-2.6 with linux-acpi-2.6 2005-09-08 01:45:47 -04:00
s390 [PATCH] s390: ccw device reconnect oops. 2005-10-11 09:46:53 -07:00
sbus [PATCH] Remove unnecessary check_region references in comments 2005-09-13 08:22:29 -07:00
scsi Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6 2005-10-14 17:17:04 -07:00
serial Merge master.kernel.org:/home/rmk/linux-2.6-serial 2005-10-14 17:16:55 -07:00
sh
sn
tc [PATCH] Remove unnecessary check_region references in comments 2005-09-13 08:22:29 -07:00
telephony [PATCH] telephony: fix-up schedule_timeout() usage 2005-09-10 10:06:39 -07:00
usb [PATCH] USB: fix bug in handling of highspeed usb HID devices 2005-10-17 14:45:49 -07:00
video [PATCH] SVGATextMode fix 2005-10-17 08:59:10 -07:00
w1 [PATCH] Dallas's 1-wire bus compile error 2005-10-14 17:10:13 -07:00
zorro
Kconfig [NET]: Add netlink connector. 2005-09-11 19:15:07 -07:00
Makefile [NET]: Add netlink connector. 2005-09-11 19:15:07 -07:00