Menu
▾
▴
Re: [Xbox-linux] Mad Catz Beat Pad not recognized in xpad ver 0.1.7
|
From: Roderick B. G. <rod...@gm...> - 2008-03-07 19:06:25
|
I've done some additional digging and where it fails below
usb_fill_int_urb(xpad->irq_in, udev,
usb_rcvintpipe(udev, ep_irq_in->bEndpointAddress),
xpad->idata, XPAD_PKT_LEN, xpad_irq_in,
xpad, ep_irq_in->bInterval);
I've added in some test code (diff below) just before it. The code bails if
ep_irq_in is NULL (undefined):
@@ -554,6 +556,13 @@
/* init input URB for USB INT transfer from device */
ep_irq_in = &intf->cur_altsetting->endpoint[0].desc;
+
+ // Testing for valid input
+ if (!ep_irq_in) {
+ info("ep_irq_in undefined");
+ goto fail2;
+ }
+
usb_fill_int_urb(xpad->irq_in, udev,
usb_rcvintpipe(udev, ep_irq_in->bEndpointAddress),
xpad->idata, XPAD_PKT_LEN, xpad_irq_in,
As you can see in the dmesg output below:
[ 104.270277] input: Mad Catz Beat Pad
as /devices/pci0000:00/0000:00:1d.0/usb1/1-1/1-1:1.0/input/input10
[ 104.285890] input: Mad Catz Beat Pad
as /devices/pci0000:00/0000:00:1d.0/usb1/1-1/1-1:1.1/input/input11
[ 104.298252] input: Mad Catz Beat Pad
as /devices/pci0000:00/0000:00:1d.0/usb1/1-1/1-1:1.2/input/input12
[ 104.304010] /home/rgreening/xpad/xpad.c: ep_irq_in undefined
[ 104.304558] xpad: probe of 1-1:1.3 failed with error -12
It appears that the call to "ep_irq_in =
&intf->cur_altsetting->endpoint[0].desc;" is returning NULL is not caught by
the code. Therefore it crashes.
I guess there's some additional checking and logic that needs to occur there,
though I am at a loss as to exactly what needs to be done.
Suggestions?
On Friday 07 March 2008 2:41:34 pm Roderick B. Greening wrote:
> I have an unrecognized controller. It's a Mad Catz Beat Pad.
>
> I have modified the xpad.c (from version 0.1.7 in CVS) to attempt to
> support this controller. No luck. I can get it to start and perform the
> xpad_probe, at which point it picks up the inputs (3 of them) and then
> promptly causes the kernel to OOPS with a NULL reference.
>
> Here's the diff of my change:
>
> --- xpad.c.orig 2008-03-06 17:09:03.000000000 -0330
> +++ xpad.c 2008-03-07 10:59:29.000000000 -0330
> @@ -104,6 +104,7 @@
> { 0x0738, 0x4540, "Mad Catz Beat Pad", GAMEPAD_XBOX_MAT },
> { 0x0738, 0x4556, "Mad Catz Lynx Wireless Controller", GAMEPAD_XBOX
> }, { 0x0738, 0x4716, "Mad Catz Xbox 360 Controller", GAMEPAD_XBOX360 }, +
> { 0x0738, 0x4740, "Mad Catz Beat Pad", GAMEPAD_XBOX_MAT }, { 0x0738,
> 0x6040, "Mad Catz Beat Pad Pro", GAMEPAD_XBOX_MAT }, { 0x0c12, 0x8802,
> "Zeroplus Xbox Controller", GAMEPAD_XBOX }, { 0x0c12, 0x8810, "Zeroplus
> Xbox Controller", GAMEPAD_XBOX }, @@ -161,6 +162,7 @@
> { USB_DEVICE(0x045e, 0x028e) }, /* Xbox 360 Controller */
> { USB_DEVICE(0x045e, 0x0291) }, /* Xbox 360 Wireless Controller */
> { USB_DEVICE(0x045e, 0x0719) }, /* Xbox 360 Wireless PC Receiver */
> + { USB_DEVICE(0x0738, 0x4740) }, /* Mad Catz Beat Pad */
> { USB_DEVICE(0x1430, 0x4748) }, /* RedOctane Guitar Hero X-plorer
> */ { }
> };
>
>
> Here's the output of lsusb -vv -d 0x0738:0x4740
>
> Bus 001 Device 002: ID 0738:4740 Mad Catz, Inc.
> Device Descriptor:
> bLength 18
> bDescriptorType 1
> bcdUSB 2.00
> bDeviceClass 255 Vendor Specific Class
> bDeviceSubClass 255 Vendor Specific Subclass
> bDeviceProtocol 255 Vendor Specific Protocol
> bMaxPacketSize0 8
> idVendor 0x0738 Mad Catz, Inc.
> idProduct 0x4740
> bcdDevice 31.20
> iManufacturer 1 Mad Catz, Inc.
> iProduct 2 Beat Pad
> iSerial 3 4C7CD68
> bNumConfigurations 1
> Configuration Descriptor:
> bLength 9
> bDescriptorType 2
> wTotalLength 153
> bNumInterfaces 4
> bConfigurationValue 1
> iConfiguration 0
> bmAttributes 0xa0
> (Bus Powered)
> Remote Wakeup
> MaxPower 500mA
> Interface Descriptor:
> bLength 9
> bDescriptorType 4
> bInterfaceNumber 0
> bAlternateSetting 0
> bNumEndpoints 2
> bInterfaceClass 255 Vendor Specific Class
> bInterfaceSubClass 93
> bInterfaceProtocol 1
> iInterface 0
> ** UNRECOGNIZED: 11 21 10 01 05 25 81 14 03 03 03 04 13 02 08 03 03
> Endpoint Descriptor:
> bLength 7
> bDescriptorType 5
> bEndpointAddress 0x81 EP 1 IN
> bmAttributes 3
> Transfer Type Interrupt
> Synch Type None
> Usage Type Data
> wMaxPacketSize 0x0020 1x 32 bytes
> bInterval 4
> Endpoint Descriptor:
> bLength 7
> bDescriptorType 5
> bEndpointAddress 0x02 EP 2 OUT
> bmAttributes 3
> Transfer Type Interrupt
> Synch Type None
> Usage Type Data
> wMaxPacketSize 0x0020 1x 32 bytes
> bInterval 8
> Interface Descriptor:
> bLength 9
> bDescriptorType 4
> bInterfaceNumber 1
> bAlternateSetting 0
> bNumEndpoints 4
> bInterfaceClass 255 Vendor Specific Class
> bInterfaceSubClass 93
> bInterfaceProtocol 3
> iInterface 0
> ** UNRECOGNIZED: 1b 21 00 01 01 01 83 40 01 04 20 16 85 00 00 00 00
> 00 00 16 05 00 00 00 00 00 00
> Endpoint Descriptor:
> bLength 7
> bDescriptorType 5
> bEndpointAddress 0x83 EP 3 IN
> bmAttributes 3
> Transfer Type Interrupt
> Synch Type None
> Usage Type Data
> wMaxPacketSize 0x0020 1x 32 bytes
> bInterval 2
> Endpoint Descriptor:
> bLength 7
> bDescriptorType 5
> bEndpointAddress 0x04 EP 4 OUT
> bmAttributes 3
> Transfer Type Interrupt
> Synch Type None
> Usage Type Data
> wMaxPacketSize 0x0020 1x 32 bytes
> bInterval 4
> Endpoint Descriptor:
> bLength 7
> bDescriptorType 5
> bEndpointAddress 0x85 EP 5 IN
> bmAttributes 3
> Transfer Type Interrupt
> Synch Type None
> Usage Type Data
> wMaxPacketSize 0x0020 1x 32 bytes
> bInterval 64
> Endpoint Descriptor:
> bLength 7
> bDescriptorType 5
> bEndpointAddress 0x05 EP 5 OUT
> bmAttributes 3
> Transfer Type Interrupt
> Synch Type None
> Usage Type Data
> wMaxPacketSize 0x0020 1x 32 bytes
> bInterval 16
> Interface Descriptor:
> bLength 9
> bDescriptorType 4
> bInterfaceNumber 2
> bAlternateSetting 0
> bNumEndpoints 1
> bInterfaceClass 255 Vendor Specific Class
> bInterfaceSubClass 93
> bInterfaceProtocol 2
> iInterface 0
> ** UNRECOGNIZED: 09 21 00 01 01 22 86 07 00
> Endpoint Descriptor:
> bLength 7
> bDescriptorType 5
> bEndpointAddress 0x86 EP 6 IN
> bmAttributes 3
> Transfer Type Interrupt
> Synch Type None
> Usage Type Data
> wMaxPacketSize 0x0020 1x 32 bytes
> bInterval 16
> Interface Descriptor:
> bLength 9
> bDescriptorType 4
> bInterfaceNumber 3
> bAlternateSetting 0
> bNumEndpoints 0
> bInterfaceClass 255 Vendor Specific Class
> bInterfaceSubClass 253
> bInterfaceProtocol 19
> iInterface 4
> ** UNRECOGNIZED: 06 41 00 01 01 03
> Device Status: 0x0002
> (Bus Powered)
> Remote Wakeup Enabled
>
> If I modprobe the driver with the added info, it segfaults.
>
> Here is the output from /proc/bus/input/devices after I modprobe the
> driver:
>
> I: Bus=0003 Vendor=0738 Product=4740 Version=3120
> N: Name="Mad Catz Beat Pad"
> P: Phys=usb-0000:00:1d.0-1/input0
> S: Sysfs=/devices/pci0000:00/0000:00:1d.0/usb1/1-1/1-1:1.0/input/input10
> U: Uniq=
> H: Handlers=event10
> B: EV=3
> B: KEY=81b0000 40000f 0 0 0 0 0 0 0 0
>
> I: Bus=0003 Vendor=0738 Product=4740 Version=3120
> N: Name="Mad Catz Beat Pad"
> P: Phys=usb-0000:00:1d.0-1/input0
> S: Sysfs=/devices/pci0000:00/0000:00:1d.0/usb1/1-1/1-1:1.1/input/input11
> U: Uniq=
> H: Handlers=event11
> B: EV=3
> B: KEY=81b0000 40000f 0 0 0 0 0 0 0 0
>
> I: Bus=0003 Vendor=0738 Product=4740 Version=3120
> N: Name="Mad Catz Beat Pad"
> P: Phys=usb-0000:00:1d.0-1/input0
> S: Sysfs=/devices/pci0000:00/0000:00:1d.0/usb1/1-1/1-1:1.2/input/input12
> U: Uniq=
> H: Handlers=event12
> B: EV=3
> B: KEY=81b0000 40000f 0 0 0 0 0 0 0 0
>
> Here is the OOPS info from the fault:
>
> [ 1821.884921] input: Mad Catz Beat Pad
> as /devices/pci0000:00/0000:00:1d.0/usb1/1-1/1-1:1.0/input/input10
> [ 1821.912849] input: Mad Catz Beat Pad
> as /devices/pci0000:00/0000:00:1d.0/usb1/1-1/1-1:1.1/input/input11
> [ 1821.928805] input: Mad Catz Beat Pad
> as /devices/pci0000:00/0000:00:1d.0/usb1/1-1/1-1:1.2/input/input12
> [ 1821.944820] BUG: unable to handle kernel NULL pointer dereference at
> virtual address 00000006
> [ 1821.944827] printing eip: f8f60a5c *pde = 00000000
> [ 1821.944832] Oops: 0000 [#1] SMP
> [ 1821.944836] Modules linked in: xpad snd_rtctimer binfmt_misc af_packet
> pktcdvd i915 drm ppdev ipv6 acpi_cpufreq cpufreq_stats cpufreq_conservative
> cpufreq_powersave cpufreq_userspace cpufreq_ondemand
> freq_table container dock sbs sbshc iptable_filter ip_tables x_tables
> aes_i586 dm_crypt dm_mod berry_charge parport_pc lp parport acerhk usbhid
> hid arc4 ecb blkcipher joydev pcmcia snd_hda_intel snd_pc
> m_oss snd_mixer_oss snd_pcm snd_page_alloc snd_hwdep battery snd_seq_dummy
> iwl3945 ac iwlwifi_mac80211 cfg80211 snd_seq_oss sdhci video output
> tifm_7xx1 snd_seq_midi snd_rawmidi mmc_core tifm_core yenta
> _socket rsrc_nonstatic pcmcia_core snd_seq_midi_event snd_seq snd_timer
> snd_seq_device button snd iTCO_wdt iTCO_vendor_support psmouse soundcore
> serio_raw intel_agp agpgart acer_acpi led_class evdev pcs
> pkr shpchp pci_hotplug wmi_acer ext3 jbd mbcache sg sr_mod cdrom sd_mod
> pata_acpi ata_piix ata_generic libata scsi_mod ehci_hcd r8169 uhci_hcd
> usbcore thermal processor fan fuse
> [ 1821.944908]
> [ 1821.944911] Pid: 23723, comm: modprobe Not tainted (2.6.24-11-generic
> #1) [ 1821.944914] EIP: 0060:[<f8f60a5c>] EFLAGS: 00010286 CPU: 1
> [ 1821.944921] EIP is at xpad_probe+0x23c/0x4b0 [xpad]
> [ 1821.944923] EAX: 00000000 EBX: ef67d214 ECX: f74f0080 EDX: 00000002
> [ 1821.944926] ESI: 00000016 EDI: f71ef000 EBP: f066d400 ESP: ea8adda8
> [ 1821.944928] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
> [ 1821.944932] Process modprobe (pid: 23723, ti=ea8ac000 task=eff49680
> task.ti=ea8ac000)
> [ 1821.944934] Stack: ef67d214 00000041 f8f60fe3 f7d1ace4 f066d404 ef81761c
> ef817600 01f625a4
> [ 1821.944941] ef67d200 f8f625a4 ef817600 f8f625a4 ef817600 f8f62480
> f066d400 f88a15a9
> [ 1821.944948] 00000000 ef81761c ef817694 00000000 ef81761c 00000000
> f8f624b4 f88ba500
> [ 1821.944954] Call Trace:
> [ 1821.944970] [<f88a15a9>] usb_probe_interface+0xb9/0x140 [usbcore]
> [ 1821.945007] [<c027ea28>] driver_probe_device+0x88/0x190
> [ 1821.945022] [<c027ec9e>] __driver_attach+0x9e/0xa0
> [ 1821.945032] [<c027de5b>] bus_for_each_dev+0x3b/0x60
> [ 1821.945044] [<c027e8a6>] driver_attach+0x16/0x20
> [ 1821.945048] [<c027ec00>] __driver_attach+0x0/0xa0
> [ 1821.945052] [<c027e1da>] bus_add_driver+0x8a/0x1e0
> [ 1821.945064] [<f88a10ee>] usb_register_driver+0x8e/0x110 [usbcore]
> [ 1821.945096] [<f8a49018>] usb_xpad_init+0x18/0x39 [xpad]
> [ 1821.945100] [<c0146547>] blocking_notifier_call_chain+0x17/0x20
> [ 1821.945110] [<c01516c6>] sys_init_module+0x126/0x19c0
> [ 1821.945151] [<c01053c2>] sysenter_past_esp+0x6b/0xa9
> [ 1821.945169] =======================
> [ 1821.945170] Code: 00 98 f0 0f ab 47 1c 83 c2 01 0f b7 84 12 ec 0e f6 f8
> 66 85 c0 79 ea 8b 54 24 18 8b 42 04 8b 54 24 20 8b 40 0c 8b 4a 0c 8b 55 00
> <0f> b6 70 06 0f b6 40 02 c1 e2 08 c1 e0 0f 09 c2 8b 44 24 20 81
> [ 1821.945204] EIP: [<f8f60a5c>] xpad_probe+0x23c/0x4b0 [xpad] SS:ESP
> 0068:ea8adda8
> [ 1821.945211] ---[ end trace 4b99b6c629b69949 ]---
>
> I have tried this on two different systems with two different kernels. This
> system is Hardy Heron (latest development release from Ubuntu) running
> kernel 2.6.24. I also tried it on my wifes system, which is Gutsy Gibbon
> (7.10 Ubuntu) running kernel 2.6.22. Both exhibit the same problem.
>
> If I do not apply the patch, the controller is not picked up. Is there some
> default thing I can test here?
>
> If only apply "{ 0x0738, 0x4740, "Mad Catz Beat Pad", GAMEPAD_XBOX_MAT },",
> then it is still not picked up.
>
> Anything you can do to assist would be greatly appreciated.
>
> Also, it appears as though this driver is not updated into later kernels.
> The default in 2.6.24 is version 0.0.6 where it should be 0.1.7 (seeing as
> it's been 9 months since that version was released). Do you pass this along
> to upstream kernel?
>
> I've attmpted to isolate exactly where in the code it fails. After some
> further debugging, i'vediscovered that it succesfully gets input 10, 11 and
> 12 (3 successive calls to xpad_probe), it then attmpts to get the next
> input and fails (this is the fourth call to xpad_probe).
>
> It crashes here in the code:
>
> usb_fill_int_urb(xpad->irq_in, udev,
> usb_rcvintpipe(udev, ep_irq_in->bEndpointAddress),
> xpad->idata, XPAD_PKT_LEN, xpad_irq_in,
> xpad, ep_irq_in->bInterval);
>
> I'm not sure I can offer any additional assistance, as I am not familiar
> with the code nor the intent, only that for some reason this causes a NULL
> reference and crashes the kernel, but only on the fourth iteration. Perhaps
> one of the parameters to the call to usb_fill_int_urb is being passed a
> NULL or some other invalid value causing usb_int_fill_urb to fail.
>
> I am willing to assist further in debugging, just let me know what to test.
>
> Cheers,
>
> Rod.
|
