USB Hard Fault Exception

paulsmitton9 · ‎2008-02-21

Posted on February 22, 2008 at 05:07

paulsmitton9 · ‎2011-05-17

Posted on May 17, 2011 at 12:24

I am using the USB Joystick HID example compiled

in GCC, running on the Keil MCBSTM32. D+ is pulled

high constantly (i.e. no software disconnect).

When I rebuild with a new PID and plug in, Windows

XP finds the device and registers as a HID, but the

processor interrupts with a Hard Fault Exception.

I then have to unplug, and plug back in, after which

it functions normally with no problems.

Do you know what may be causing the Hard Fault

Exception or how I can trace the source? This

happens consistently every first plug-in.

paulsmitton9 · ‎2011-05-17

Posted on May 17, 2011 at 12:24

I have traced the cause of the exception to a read of non-existant memory in usb_core.c

Please let me know if anyone has an idea why the address returned by CopyData is wrong.

usb_core.c:

void DataStageIn(void)

{

.....

DataBuffer = (*pEPinfo->CopyData)(Length); <- Bad Address

UserToPMABufferCopy(DataBuffer, GetEPTxAddr(ENDP0), Length);

.....

16-32micros · ‎2011-05-17

Posted on May 17, 2011 at 12:24

Dear paul,

Could you please share me your modifications vs the USB Kit on ST web site ? , I will try to do the same and investigate on the issue. is it running on a specific board ? Thx.

STOne-32

paulsmitton9 · ‎2011-05-17

Posted on May 17, 2011 at 12:24

Why has nobody else noticed this problem?

Windows requests a string descriptor with index 0xEE.

This is out-of-bounds for the string descriptor array in the example.

Surely this problem should occur for everyone (first time the device is connected) ?

See:

Why does Windows XP issue a string descriptor request to index 0xEE?

http://www.microsoft.com/whdc/system/bus/USB/USBFAQ_intermed.mspx

16-32micros · ‎2011-05-17

Posted on May 17, 2011 at 12:24

Dear paul,

Thx for the useful details and this Mirosoft FAQ. As you said this should happen for evryone once on a new windows OS since in our USB Kit we do not respond with a stall for this strange get descriptor Request with 0xEE index , so Windows XP will issue a single-ended zero reset to the device to recover the device from an unknown state. However I assure you that the USB Kit has been sucessufully certified with the current firmware on USB.org organization. I will escalate this issue to our techs for improvement. Thx ,

Cheers, STOne-32.

paulsmitton9 · ‎2011-05-17

Posted on May 17, 2011 at 12:24

Hi STOne,

I am using the Keil MCBSTM32, and am not using any port (i.e. pd9/pd2) to software disconnect the usb.

I have tried compiling with the exact same code as the usb example from the website (except different startup.c - i'm using anglia idealist), yet the same thing happens.

I have traced it to a bad value of pInformation->USBwValue0 (0xEE), which causes a read of a non-existant array value, which creates the hard exception fault. I'll let you know if I figure out why.

The offending function (and hack-around) are from usb_prop.c:

u8 *Joystick_GetStringDescriptor(u16 Length)

{

u8 wValue0 = pInformation->USBwValue0; // can be bad value (0xEE)

if (wValue0 > 3) wValue0 = 3; // hack-around

return Standard_GetDescriptorData(Length, &String_Descriptor[wValue0]);

}

lanchon · ‎2011-05-17

Posted on May 17, 2011 at 12:24

hi paul,

let me see if I get this straight, when an unexpected descriptor is read the core faults cause usb kit doesn't range-check the (untrusted) argument?

paulsmitton9 · ‎2011-05-17

Posted on May 17, 2011 at 12:24

Naturally, the windows issued 'single-ended zero reset' will not take the device out of the Hard Fault Exception interrupt handler (while(1);)!

This seems to be a Microsoft only thing, so it probably isn't part of the USB.org conformity test.

paulsmitton9 · ‎2011-05-17

Posted on May 17, 2011 at 12:24

Lanchon:

Correct, see Joystick_GetStringDescriptor above.

This will happen the first time a device is plugged into a windows XP computer (and potentialy on other occasions/systems).

Apparently the correct behaviour is to stall, although I've read (http://www.sourcequest.com/modsContent.htm) that you can get away with returning a 'minimal descriptor'.

[ This message was edited by: paul.smitton on 25-02-2008 10:05 ]