Question about which tools to use, bugs, the best way to implement a function, etc should go here. Don't forget to see if your question is answered in the wiki first! When in doubt post here.
MollenOS wrote:Ahh I see - but as you said the structure members will always be present even if not compiled as 64 bit.
Yes, you are correct. The presence of the extended members in the structures is not controlled by the __BITS config. Thus, an out-of-bounds read is unlikely due to this particular reason.
MollenOS wrote:
I tried extending the delay from 1 second to 3 seconds and run a few times until the crash came after, nothing changes it's stuck on the first qtd with the Active + XActErr bit set. It seems it crashes while processing the first transaction. What could this indicate? I mean it would be obvious that the buffer pointers are wrong, but I've double checked them, and they are valid.
The setup buffer can be rejected as the source of the problem by setting the length (in the setup packet) as 0 instead of 8. Assuming that vbox avoids accessing the buffer address if the length field is 0, we can expect to receive a clean, straightforward error.
Edit: Sorry, above I meant "The setup buffer can be confirmed ..." and not "The setup buffer can be rejected..."
MollenOS wrote:Ahh I see - but as you said the structure members will always be present even if not compiled as 64 bit.
Yes, you are correct. The presence of the extended members in the structures is not controlled by the __BITS config. Thus, an out-of-bounds read is unlikely due to this particular reason.
MollenOS wrote:
I tried extending the delay from 1 second to 3 seconds and run a few times until the crash came after, nothing changes it's stuck on the first qtd with the Active + XActErr bit set. It seems it crashes while processing the first transaction. What could this indicate? I mean it would be obvious that the buffer pointers are wrong, but I've double checked them, and they are valid.
The setup buffer can be rejected as the source of the problem by setting the length (in the setup packet) as 0 instead of 8. Assuming that vbox avoids accessing the buffer address if the length field is 0, we can expect to receive a clean, straightforward error.
Edit: Sorry, above I meant "The setup buffer can be confirmed ..." and not "The setup buffer can be rejected..."
OK, so this became very interesting - I did as you said and changed the length to 0 on the setup td. It now does NOT crash and instead gives me a clean error (XActError)
This could indeed indicate my buffer being invalid and reveals I have a hidden problem somewhere, I setup the SetAddress packet here:
MollenOS wrote:
So it obviously crashes on either the buffer address being invalid or the packet containg bogus data? What other reasons for this?
Instead of using the memory allocator, we can statically allocate a global UsbPacket_t of 8-bytes, fill it at compile time with the data we intend to send during set_address, and use its physical address. Since the packet is now part of the kernel, and we know that vbox has obviously properly mapped it (since the kernel is running), we can expect to avoid any mapping problems within the guest or the hypervisor for the buffer.
Another area of interest is memory barriers to carry out any cache clean/invalidation. But I am not sure how that fits here, especially if ohci/uhci work the same as ehci is expected to.
We can may be print the buffer too at the same time we print the chain, to at least know that guest views the data as consistent.
Edit: I think it behooves me correct "memory barriers to carry out any cache clean/invalidation" into "memory barriers plus cache clean/invalidation".
This macro clears the lower 12 bits since they are reserved, the thing is of course that they are not reserved for the first buffer page, so changing it to