-
Notifications
You must be signed in to change notification settings - Fork 5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Raspberry Pi 4 accepts USB DATA packets with CRC error #6320
Comments
@P33M FYI. |
@tmon-nordic Please can you confirm which USB host-controller you are using i.e.VL805, BCM-XHCI or DWC2 host-mode |
I am plugging the device into the leftmost-bottom USB port (leftmost are the standard USB 2.0 ports, center is USB 3.0 and right is RJ45) on Raspberry Pi 4 Model B Rev 1.5. dmesg log includes
lsusb shows the device in question on bus 1. How do I tell which host controller it is?
Therefore I believe it is VL805. |
Describe the bug
USB Device sent DATA0 packet containing 64 bytes ("real data"):
with CRC 0xFEC1
Raspberry Pi apparently decoded the DATA0 packet as ("incorrectly received data"):
User-space applications do not receive CRC information and thus application was unable to tell that the data was corrupted. The driver and/or Raspberry Pi 4 hardware should have rejected the packet.
Steps to reproduce the behaviour
Depending on the rate the USB device introduces glitches on the D+/D- lines the failure can happen within some seconds, minutes, hours or even days. My "best" device is able to reliably induce glitches (and thus CRC errors) in less than a minute.
Device (s)
Raspberry Pi 4 Mod. B
System
raspinfo.txt
Logs
To better describe the issue, following python code can be used to convert the data to bitstuffed binary stream and vice versa. The code is suitable for copy&pasting into python interactive window.
The NRZI bitstream for real data is:
The NRZI bitstream for incorrectly received data is:
The two bitstreams differ at column 352. Saleae capture (zipped because GitHub does not support attaching .sal files directly) saleae-IN-incorrectly-decoded-by-rpi4.sal.zip has marker put on where the Raspberry Pi 4 decoding disagrees with Saleae decoder.
The zoom in on the discrepancy is:
The NRZI bitstream for whole DATA0 packet with CRC is:
If the bitstream is altered to swap the actual data with incorrectly decoded data, the altered bitstream converts back to:
C3
isDATA0
PID, and60 7F
are the CRC bytes (0x7F60
) due to Little-Endian encoding. The altered bitstream converts back to usbmon captured data.The CRC for the altered data would have been
9C 4D
(0x4F9C
), but the received was60 7F
. The receiver (here: Raspberry Pi 4) should have rejected the packet due to incorrect CRC.pcaps-IN-incorrectly-decoded-by-rpi4.zip contains following pcap files:
ov-IN-incorrectly-decoded-by-rpi4.pcap
showing the transaction in question. OpenVizsla did agree on the decoding with Saleae. Both OpenVizsla and Saleae decoded the real data.usbmon-IN-incorrectly-decoded-by-rpi4.pcapng
showing the transfer covering the transaction. The transfers during the capture session were purposely single-packet-only to make it easy to correlate bus-level captures with URB-level captures.reconstructed-packet-with-bad-crc.pcap
shows the reconstructed transaction with the faulty data stream to illustrate that CRC error is expected in this case.Additional context
Raspberry Pi 5 is working correctly with the same USB device, i.e. Raspberry Pi 5 is correctly rejecting (timing out handshake) after receiving glitched DATA packet. Other Raspberry Pi versions were not tested.
The text was updated successfully, but these errors were encountered: