mirror of
git://projects.qi-hardware.com/xburst-tools.git
synced 2024-11-29 10:50:39 +02:00
Fix bulk transfer bufferoverflows.
Make the bulk buffer large enough to hold at least one page of the nanonotes nand chip.
This commit is contained in:
Lars-Peter Clausen
parent
d778e943db
commit
20477f631c
@ -22,8 +22,7 @@
|
|||||||
#ifndef __USB_BOOT_H__
|
#ifndef __USB_BOOT_H__
|
||||||
#define __USB_BOOT_H__
|
#define __USB_BOOT_H__
|
||||||
|
|
||||||
#define BULK_OUT_BUF_SIZE 0x21000
|
#define BULK_BUF_SIZE (2048 * 128)
|
||||||
#define BULK_IN_BUF_SIZE 0x21000
|
|
||||||
|
|
||||||
enum UDC_STATE
|
enum UDC_STATE
|
||||||
{
|
{
|
||||||
|
|||||||
@ -42,8 +42,7 @@ void (*nand_enable) (unsigned int csn);
|
|||||||
void (*nand_disable) (unsigned int csn);
|
void (*nand_disable) (unsigned int csn);
|
||||||
|
|
||||||
struct hand Hand,*Hand_p;
|
struct hand Hand,*Hand_p;
|
||||||
extern u32 Bulk_out_buf[BULK_OUT_BUF_SIZE];
|
extern u32 Bulk_buf[BULK_BUF_SIZE];
|
||||||
extern u32 Bulk_in_buf[BULK_IN_BUF_SIZE];
|
|
||||||
extern u16 handshake_PKT[4];
|
extern u16 handshake_PKT[4];
|
||||||
extern udc_state;
|
extern udc_state;
|
||||||
extern void *memset(void *s, int c, size_t count);
|
extern void *memset(void *s, int c, size_t count);
|
||||||
@ -68,8 +67,8 @@ void dump_data(unsigned int *p, int size)
|
|||||||
void config_hand()
|
void config_hand()
|
||||||
{
|
{
|
||||||
struct hand *hand_p;
|
struct hand *hand_p;
|
||||||
hand_p=(struct hand *)Bulk_out_buf;
|
hand_p=(struct hand *)Bulk_buf;
|
||||||
memcpy(&Hand, (unsigned char *)Bulk_out_buf, sizeof(struct hand));
|
memcpy(&Hand, (unsigned char *)Bulk_buf, sizeof(struct hand));
|
||||||
|
|
||||||
#if 0
|
#if 0
|
||||||
Hand.nand_bw=hand_p->nand_bw;
|
Hand.nand_bw=hand_p->nand_bw;
|
||||||
@ -165,8 +164,8 @@ int NAND_OPS_Handle(u8 *buf)
|
|||||||
{
|
{
|
||||||
case NAND_QUERY:
|
case NAND_QUERY:
|
||||||
dprintf("\n Request : NAND_QUERY!");
|
dprintf("\n Request : NAND_QUERY!");
|
||||||
nand_query((u8 *)Bulk_in_buf);
|
nand_query((u8 *)Bulk_buf);
|
||||||
HW_SendPKT(1, Bulk_in_buf, 8);
|
HW_SendPKT(1, Bulk_buf, 8);
|
||||||
handshake_PKT[3]=(u16)ERR_OK;
|
handshake_PKT[3]=(u16)ERR_OK;
|
||||||
udc_state = BULK_IN;
|
udc_state = BULK_IN;
|
||||||
break;
|
break;
|
||||||
@ -185,11 +184,11 @@ int NAND_OPS_Handle(u8 *buf)
|
|||||||
break;
|
break;
|
||||||
case NAND_READ_OOB:
|
case NAND_READ_OOB:
|
||||||
dprintf("\n Request : NAND_READ_OOB!");
|
dprintf("\n Request : NAND_READ_OOB!");
|
||||||
memset(Bulk_in_buf,0,ops_length*Hand.nand_ps);
|
memset(Bulk_buf,0,ops_length*Hand.nand_ps);
|
||||||
ret_dat = nand_read_oob(Bulk_in_buf,start_addr,ops_length);
|
ret_dat = nand_read_oob(Bulk_buf,start_addr,ops_length);
|
||||||
handshake_PKT[0] = (u16) ret_dat;
|
handshake_PKT[0] = (u16) ret_dat;
|
||||||
handshake_PKT[1] = (u16) (ret_dat>>16);
|
handshake_PKT[1] = (u16) (ret_dat>>16);
|
||||||
HW_SendPKT(1,(u8 *)Bulk_in_buf,ops_length*Hand.nand_ps);
|
HW_SendPKT(1,(u8 *)Bulk_buf,ops_length*Hand.nand_ps);
|
||||||
udc_state = BULK_IN;
|
udc_state = BULK_IN;
|
||||||
break;
|
break;
|
||||||
case NAND_READ_RAW:
|
case NAND_READ_RAW:
|
||||||
@ -197,15 +196,15 @@ int NAND_OPS_Handle(u8 *buf)
|
|||||||
switch (option)
|
switch (option)
|
||||||
{
|
{
|
||||||
case OOB_ECC:
|
case OOB_ECC:
|
||||||
nand_read_raw(Bulk_in_buf,start_addr,ops_length,option);
|
nand_read_raw(Bulk_buf,start_addr,ops_length,option);
|
||||||
HW_SendPKT(1,(u8 *)Bulk_in_buf,ops_length*(Hand.nand_ps + Hand.nand_os));
|
HW_SendPKT(1,(u8 *)Bulk_buf,ops_length*(Hand.nand_ps + Hand.nand_os));
|
||||||
handshake_PKT[0] = (u16) ret_dat;
|
handshake_PKT[0] = (u16) ret_dat;
|
||||||
handshake_PKT[1] = (u16) (ret_dat>>16);
|
handshake_PKT[1] = (u16) (ret_dat>>16);
|
||||||
udc_state = BULK_IN;
|
udc_state = BULK_IN;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
nand_read_raw(Bulk_in_buf,start_addr,ops_length,option);
|
nand_read_raw(Bulk_buf,start_addr,ops_length,option);
|
||||||
HW_SendPKT(1,(u8 *)Bulk_in_buf,ops_length*Hand.nand_ps);
|
HW_SendPKT(1,(u8 *)Bulk_buf,ops_length*Hand.nand_ps);
|
||||||
handshake_PKT[0] = (u16) ret_dat;
|
handshake_PKT[0] = (u16) ret_dat;
|
||||||
handshake_PKT[1] = (u16) (ret_dat>>16);
|
handshake_PKT[1] = (u16) (ret_dat>>16);
|
||||||
udc_state = BULK_IN;
|
udc_state = BULK_IN;
|
||||||
@ -226,24 +225,24 @@ int NAND_OPS_Handle(u8 *buf)
|
|||||||
dprintf("\n Request : NAND_READ!");
|
dprintf("\n Request : NAND_READ!");
|
||||||
switch (option) {
|
switch (option) {
|
||||||
case OOB_ECC:
|
case OOB_ECC:
|
||||||
ret_dat = nand_read(Bulk_in_buf,start_addr,ops_length,OOB_ECC);
|
ret_dat = nand_read(Bulk_buf,start_addr,ops_length,OOB_ECC);
|
||||||
handshake_PKT[0] = (u16) ret_dat;
|
handshake_PKT[0] = (u16) ret_dat;
|
||||||
handshake_PKT[1] = (u16) (ret_dat>>16);
|
handshake_PKT[1] = (u16) (ret_dat>>16);
|
||||||
HW_SendPKT(1,(u8 *)Bulk_in_buf,ops_length*(Hand.nand_ps + Hand.nand_os ));
|
HW_SendPKT(1,(u8 *)Bulk_buf,ops_length*(Hand.nand_ps + Hand.nand_os ));
|
||||||
udc_state = BULK_IN;
|
udc_state = BULK_IN;
|
||||||
break;
|
break;
|
||||||
case OOB_NO_ECC:
|
case OOB_NO_ECC:
|
||||||
ret_dat = nand_read(Bulk_in_buf,start_addr,ops_length,OOB_NO_ECC);
|
ret_dat = nand_read(Bulk_buf,start_addr,ops_length,OOB_NO_ECC);
|
||||||
handshake_PKT[0] = (u16) ret_dat;
|
handshake_PKT[0] = (u16) ret_dat;
|
||||||
handshake_PKT[1] = (u16) (ret_dat>>16);
|
handshake_PKT[1] = (u16) (ret_dat>>16);
|
||||||
HW_SendPKT(1,(u8 *)Bulk_in_buf,ops_length*(Hand.nand_ps + Hand.nand_os));
|
HW_SendPKT(1,(u8 *)Bulk_buf,ops_length*(Hand.nand_ps + Hand.nand_os));
|
||||||
udc_state = BULK_IN;
|
udc_state = BULK_IN;
|
||||||
break;
|
break;
|
||||||
case NO_OOB:
|
case NO_OOB:
|
||||||
ret_dat = nand_read(Bulk_in_buf,start_addr,ops_length,NO_OOB);
|
ret_dat = nand_read(Bulk_buf,start_addr,ops_length,NO_OOB);
|
||||||
handshake_PKT[0] = (u16) ret_dat;
|
handshake_PKT[0] = (u16) ret_dat;
|
||||||
handshake_PKT[1] = (u16) (ret_dat>>16);
|
handshake_PKT[1] = (u16) (ret_dat>>16);
|
||||||
HW_SendPKT(1,(u8 *)Bulk_in_buf,ops_length*Hand.nand_ps);
|
HW_SendPKT(1,(u8 *)Bulk_buf,ops_length*Hand.nand_ps);
|
||||||
udc_state = BULK_IN;
|
udc_state = BULK_IN;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@ -251,7 +250,7 @@ int NAND_OPS_Handle(u8 *buf)
|
|||||||
break;
|
break;
|
||||||
case NAND_PROGRAM:
|
case NAND_PROGRAM:
|
||||||
dprintf("\n Request : NAND_PROGRAM!");
|
dprintf("\n Request : NAND_PROGRAM!");
|
||||||
ret_dat = nand_program((void *)Bulk_out_buf,
|
ret_dat = nand_program((void *)Bulk_buf,
|
||||||
start_addr,ops_length,option);
|
start_addr,ops_length,option);
|
||||||
handshake_PKT[0] = (u16) ret_dat;
|
handshake_PKT[0] = (u16) ret_dat;
|
||||||
handshake_PKT[1] = (u16) (ret_dat>>16);
|
handshake_PKT[1] = (u16) (ret_dat>>16);
|
||||||
@ -285,7 +284,7 @@ int SDRAM_OPS_Handle(u8 *buf)
|
|||||||
{
|
{
|
||||||
case SDRAM_LOAD:
|
case SDRAM_LOAD:
|
||||||
//dprintf("\n Request : SDRAM_LOAD!");
|
//dprintf("\n Request : SDRAM_LOAD!");
|
||||||
ret_dat = (u32)memcpy((u8 *)start_addr,Bulk_out_buf,ops_length);
|
ret_dat = (u32)memcpy((u8 *)start_addr,Bulk_buf,ops_length);
|
||||||
handshake_PKT[0] = (u16) ret_dat;
|
handshake_PKT[0] = (u16) ret_dat;
|
||||||
handshake_PKT[1] = (u16) (ret_dat>>16);
|
handshake_PKT[1] = (u16) (ret_dat>>16);
|
||||||
HW_SendPKT(1,handshake_PKT,sizeof(handshake_PKT));
|
HW_SendPKT(1,handshake_PKT,sizeof(handshake_PKT));
|
||||||
|
|||||||
@ -24,8 +24,7 @@
|
|||||||
#define dprintf(x...)
|
#define dprintf(x...)
|
||||||
#define TXFIFOEP0 USB_FIFO_EP0
|
#define TXFIFOEP0 USB_FIFO_EP0
|
||||||
|
|
||||||
u32 Bulk_in_buf[BULK_IN_BUF_SIZE];
|
u32 Bulk_buf[BULK_BUF_SIZE];
|
||||||
u32 Bulk_out_buf[BULK_OUT_BUF_SIZE];
|
|
||||||
u32 Bulk_in_size, Bulk_in_finish, Bulk_out_size;
|
u32 Bulk_in_size, Bulk_in_finish, Bulk_out_size;
|
||||||
u16 handshake_PKT[4] = {0, 0, 0, 0};
|
u16 handshake_PKT[4] = {0, 0, 0, 0};
|
||||||
u8 udc_state;
|
u8 udc_state;
|
||||||
@ -513,12 +512,12 @@ void EPIN_Handler(u8 EP)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (Bulk_in_size - Bulk_in_finish <= fifosize[EP]) {
|
if (Bulk_in_size - Bulk_in_finish <= fifosize[EP]) {
|
||||||
udcWriteFifo((u8 *)((u32)Bulk_in_buf+Bulk_in_finish),
|
udcWriteFifo((u8 *)((u32)Bulk_buf+Bulk_in_finish),
|
||||||
Bulk_in_size - Bulk_in_finish);
|
Bulk_in_size - Bulk_in_finish);
|
||||||
usb_setw(USB_REG_INCSR, USB_INCSR_INPKTRDY);
|
usb_setw(USB_REG_INCSR, USB_INCSR_INPKTRDY);
|
||||||
Bulk_in_finish = Bulk_in_size;
|
Bulk_in_finish = Bulk_in_size;
|
||||||
} else {
|
} else {
|
||||||
udcWriteFifo((u8 *)((u32)Bulk_in_buf+Bulk_in_finish),
|
udcWriteFifo((u8 *)((u32)Bulk_buf+Bulk_in_finish),
|
||||||
fifosize[EP]);
|
fifosize[EP]);
|
||||||
usb_setw(USB_REG_INCSR, USB_INCSR_INPKTRDY);
|
usb_setw(USB_REG_INCSR, USB_INCSR_INPKTRDY);
|
||||||
Bulk_in_finish += fifosize[EP];
|
Bulk_in_finish += fifosize[EP];
|
||||||
@ -531,7 +530,7 @@ void EPOUT_Handler(u8 EP)
|
|||||||
jz_writeb(USB_REG_INDEX, EP);
|
jz_writeb(USB_REG_INDEX, EP);
|
||||||
size = jz_readw(USB_REG_OUTCOUNT);
|
size = jz_readw(USB_REG_OUTCOUNT);
|
||||||
fifo = fifoaddr[EP];
|
fifo = fifoaddr[EP];
|
||||||
udcReadFifo((u8 *)((u32)Bulk_out_buf+Bulk_out_size), size);
|
udcReadFifo((u8 *)((u32)Bulk_buf+Bulk_out_size), size);
|
||||||
usb_clearb(USB_REG_OUTCSR,USB_OUTCSR_OUTPKTRDY);
|
usb_clearb(USB_REG_OUTCSR,USB_OUTCSR_OUTPKTRDY);
|
||||||
Bulk_out_size += size;
|
Bulk_out_size += size;
|
||||||
dprintf("\nEPOUT_handle return!");
|
dprintf("\nEPOUT_handle return!");
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user