Re: [Qemu-devel] Guest OS hangs on usb_add

[Gianni Tedesco]

On Fri, 2010-06-25 at 18:23 +0100, TJ wrote:
> On 06/25/10 12:32, Gianni Tedesco wrote:
> > A device MAY provide extended descriptors in 2 ways mentioned in the
> > spec, but ISTR finding at least one device in the wild with standard
> > descriptors extended which were not so much used by the "host" but by
> > application software. So not sure about your patch, a quirks blacklist
> > based on idDevice/idProduct might be the better fix here.
> 
> Makes sense. I should add vend/prod id check.
> 
> > However the more serious problem is spinning on zero length descriptor
> > when truncated descriptors are not valid and zero length (in fact < 2)
> > is totally unacceptable. Following patch checks for truncation.
> 
> Gianni, Please check my later patch submitted last night. I basically did the
> same thing you did, but with few differences:
> 
> - if descriptor size is < 2, goto fail
> - if the descriptor is USB_DT_CONFIG, we can skip through all the sub
> descriptors using wTotalLength field.
> - otherwise, simply skip it

Good point, just seen you patch and it looks good.

> One thing to also watch out for is the string descriptors. I might be wrong, 
> but
> it appears (from reading the doc) that string descriptors (at least for the
> device descriptor) can be interspersed with the config descriptors, in which
> case (config_descr_len < USB_DT_CONFIG_SIZE) without checking descriptor type
> might unwittingly lead to failure.

Yeah definitely, descriptors can be in pretty much any old order so the
code should not rely on any of that.

FWIW, I am signing off on your approach :)

Gianni Tedesco