alimansfield2016
commented
2 years ago Turns out the USB device has more endpoints than ep2drv had reserved and there is no ASSERT() to check this! Which in turn caused an out of bounds write! Changing CFG_TUH_ENDPOINT_MAX to 16 fixes this, however there should probably be checks against this!
hathach
Operating System
Linux
Board
Raspberry Pi Pico
Firmware
Custom CDC class extension to support notify (similar to HID class reports) and mount/umount callbacks. The hardware is a Telit LE910C1 LTE module that interfaces via "CDC" interfaces over USB, although they aren't quite CDC, they are 99% (class is vendor and no data interface, just two extra endpoints instead. telit_driver.zip )
What happened ?
During the ENUM_SET_CONFIG phase of process_enumeration(), tuh_configuration_set() hangs while waiting for usbh_lock() mutex. This is running using a single core . I have already confirmed that the mutex has been freed and not acquired elsewhere. Having done some digging, it turns out that the _usbh_mutex is being overwritten, currently not sure what by.
How to reproduce ?
I don't really know what to put in here, upload to pico and plug in device? It only seems to happen with this driver, I've checked the HID (in the same program) and it works fine.
Debug Log as txt file
telit_tinyusb_log.txt
Screenshots
No response