I have written a function to free usb buffers when my program terminates.
Please take a look at this and tell me if it was done correctly. Please pay
attention to the order and what it is freeing. Thank you in advance.
int USBDevice::deviceFree (DeviceConnection *device)
{
int status = 0;
// Exit if nothing to do.
if (!device)
return status;
#ifdef DEBUG
cout << “deviceFree” << endl;
#endif
if (device->urb)
{
#ifdef DEBUG
cout << “free urb” << endl;
#endif
usbd_free_urb (device->urb);
device->urb = 0;
}
if (device->ep_cntl)
{
#ifdef DEBUG
cout << “free ep_cntl” << endl;
#endif
usbd_abort_pipe (device->ep_cntl);
device->ep_cntl = 0;
}
if (device->int_urb)
{
#ifdef DEBUG
cout << “free int_urb” << endl;
#endif
usbd_free_urb (device->int_urb);
device->int_urb = 0;
}
if (device->ep_intr)
{
#ifdef DEBUG
cout << “free ep_intr” << endl;
#endif
usbd_abort_pipe (device->ep_intr);
device->ep_intr = 0;
}
if (device->buffer)
{
#ifdef DEBUG
cout << “free ctrl buffer” << endl;
#endif
usbd_free (device->buffer);
device->buffer = 0;
}
if (device->int_buf)
{
#ifdef DEBUG
cout << “free intr buffer” << endl;
#endif
usbd_free (device->int_buf);
device->int_buf = 0;
}
if ((status = usbd_detach (device->device)))
{
#ifdef DEBUG
cout << “deviceFree: usbd_detach " << status << endl;
#endif
}
cout << " Done deviceFree ()” << endl;
return (status);
}
“Rex Lam” <Rex.Lam@igt.com> wrote in message
news:9gttkg$pjp$1@inn.qnx.com…
I have written a function to free usb buffers when my program terminates.
Please take a look at this and tell me if it was done correctly. Please
pay
attention to the order and what it is freeing. Thank you in advance.
int USBDevice::deviceFree (DeviceConnection *device)
{
int status = 0;
// Exit if nothing to do.
if (!device)
return status;
#ifdef DEBUG
cout << “deviceFree” << endl;
#endif
if (device->urb)
{
#ifdef DEBUG
cout << “free urb” << endl;
#endif
usbd_free_urb (device->urb);
device->urb = 0;
}
if (device->ep_cntl)
{
#ifdef DEBUG
cout << “free ep_cntl” << endl;
#endif
usbd_abort_pipe (device->ep_cntl);
device->ep_cntl = 0;
}
if (device->int_urb)
{
#ifdef DEBUG
cout << “free int_urb” << endl;
#endif
usbd_free_urb (device->int_urb);
device->int_urb = 0;
}
if (device->ep_intr)
{
#ifdef DEBUG
cout << “free ep_intr” << endl;
#endif
usbd_abort_pipe (device->ep_intr);
device->ep_intr = 0;
}
if (device->buffer)
{
#ifdef DEBUG
cout << “free ctrl buffer” << endl;
#endif
usbd_free (device->buffer);
device->buffer = 0;
}
if (device->int_buf)
{
#ifdef DEBUG
cout << “free intr buffer” << endl;
#endif
usbd_free (device->int_buf);
device->int_buf = 0;
}
if ((status = usbd_detach (device->device)))
{
#ifdef DEBUG
cout << “deviceFree: usbd_detach " << status << endl;
#endif
}
cout << " Done deviceFree ()” << endl;
return (status);
}
\
I have a usb device that has a control pipe and an interrupt pipe. One of
the threads of my process is constantly reply-blocked to devu-ohci. I have
noticed that my process will SIGSEGV whenever it is terminated by another
process. The above code is called by my process’ destructor. I found out
that when I abort the interrupt pipe (device->ep_intr in this example),
devu-ohci replies with MsgReply_r with invalid data but reports a non-zero
length (event.length). There is another length (event.iodone.length) which
is zero when this happens. My program sees the reply and tries to parse the
message which results in a SIGSEGV. The code that parses the reply lies in
libusbdi.a. I have the source for this library so I looked at it. This
problem occurs in thread.c in eventloop (). When devu-ohci responds,
evt->type is USBDI_EVT_URB_IODONE. The thread then starts to use the evt
without checking for validity, hence causing a SIGSEGV.
To fix this problem, I added a check for evt->event.iodone.length. If this
value is zero, then the program doesn’t do anything. After making this
change, my process exits properly. I do not know if this is an appropriate
fix. However, I believe that devu-ohci should not have replied with any
data since there is no data to reply with. It doesn’t happen when the
control pipe is aborted. It only happens when the interrupt pipe is
aborted. Can anyone provide some help on this matter?
Another note: this problem doesn’t occur if my process receives a SIGINT
signal (which results in all threads of the process terminating). It only
happens when the master process that spawned my process sent a “kill”
command.
Rex