1
0
mirror of git://projects.qi-hardware.com/xburst-tools.git synced 2024-11-25 20:04:03 +02:00

Fix bulk transfer bufferoverflows.

Make the bulk buffer large enough to hold at least one page of the nanonotes
nand chip.
This commit is contained in:
Lars-Peter Clausen 2009-12-16 15:12:38 +01:00
parent d778e943db
commit 20477f631c
3 changed files with 25 additions and 28 deletions

View File

@ -22,8 +22,7 @@
#ifndef __USB_BOOT_H__ #ifndef __USB_BOOT_H__
#define __USB_BOOT_H__ #define __USB_BOOT_H__
#define BULK_OUT_BUF_SIZE 0x21000 #define BULK_BUF_SIZE (2048 * 128)
#define BULK_IN_BUF_SIZE 0x21000
enum UDC_STATE enum UDC_STATE
{ {

View File

@ -42,8 +42,7 @@ void (*nand_enable) (unsigned int csn);
void (*nand_disable) (unsigned int csn); void (*nand_disable) (unsigned int csn);
struct hand Hand,*Hand_p; struct hand Hand,*Hand_p;
extern u32 Bulk_out_buf[BULK_OUT_BUF_SIZE]; extern u32 Bulk_buf[BULK_BUF_SIZE];
extern u32 Bulk_in_buf[BULK_IN_BUF_SIZE];
extern u16 handshake_PKT[4]; extern u16 handshake_PKT[4];
extern udc_state; extern udc_state;
extern void *memset(void *s, int c, size_t count); extern void *memset(void *s, int c, size_t count);
@ -68,8 +67,8 @@ void dump_data(unsigned int *p, int size)
void config_hand() void config_hand()
{ {
struct hand *hand_p; struct hand *hand_p;
hand_p=(struct hand *)Bulk_out_buf; hand_p=(struct hand *)Bulk_buf;
memcpy(&Hand, (unsigned char *)Bulk_out_buf, sizeof(struct hand)); memcpy(&Hand, (unsigned char *)Bulk_buf, sizeof(struct hand));
#if 0 #if 0
Hand.nand_bw=hand_p->nand_bw; Hand.nand_bw=hand_p->nand_bw;
@ -165,8 +164,8 @@ int NAND_OPS_Handle(u8 *buf)
{ {
case NAND_QUERY: case NAND_QUERY:
dprintf("\n Request : NAND_QUERY!"); dprintf("\n Request : NAND_QUERY!");
nand_query((u8 *)Bulk_in_buf); nand_query((u8 *)Bulk_buf);
HW_SendPKT(1, Bulk_in_buf, 8); HW_SendPKT(1, Bulk_buf, 8);
handshake_PKT[3]=(u16)ERR_OK; handshake_PKT[3]=(u16)ERR_OK;
udc_state = BULK_IN; udc_state = BULK_IN;
break; break;
@ -185,11 +184,11 @@ int NAND_OPS_Handle(u8 *buf)
break; break;
case NAND_READ_OOB: case NAND_READ_OOB:
dprintf("\n Request : NAND_READ_OOB!"); dprintf("\n Request : NAND_READ_OOB!");
memset(Bulk_in_buf,0,ops_length*Hand.nand_ps); memset(Bulk_buf,0,ops_length*Hand.nand_ps);
ret_dat = nand_read_oob(Bulk_in_buf,start_addr,ops_length); ret_dat = nand_read_oob(Bulk_buf,start_addr,ops_length);
handshake_PKT[0] = (u16) ret_dat; handshake_PKT[0] = (u16) ret_dat;
handshake_PKT[1] = (u16) (ret_dat>>16); handshake_PKT[1] = (u16) (ret_dat>>16);
HW_SendPKT(1,(u8 *)Bulk_in_buf,ops_length*Hand.nand_ps); HW_SendPKT(1,(u8 *)Bulk_buf,ops_length*Hand.nand_ps);
udc_state = BULK_IN; udc_state = BULK_IN;
break; break;
case NAND_READ_RAW: case NAND_READ_RAW:
@ -197,15 +196,15 @@ int NAND_OPS_Handle(u8 *buf)
switch (option) switch (option)
{ {
case OOB_ECC: case OOB_ECC:
nand_read_raw(Bulk_in_buf,start_addr,ops_length,option); nand_read_raw(Bulk_buf,start_addr,ops_length,option);
HW_SendPKT(1,(u8 *)Bulk_in_buf,ops_length*(Hand.nand_ps + Hand.nand_os)); HW_SendPKT(1,(u8 *)Bulk_buf,ops_length*(Hand.nand_ps + Hand.nand_os));
handshake_PKT[0] = (u16) ret_dat; handshake_PKT[0] = (u16) ret_dat;
handshake_PKT[1] = (u16) (ret_dat>>16); handshake_PKT[1] = (u16) (ret_dat>>16);
udc_state = BULK_IN; udc_state = BULK_IN;
break; break;
default: default:
nand_read_raw(Bulk_in_buf,start_addr,ops_length,option); nand_read_raw(Bulk_buf,start_addr,ops_length,option);
HW_SendPKT(1,(u8 *)Bulk_in_buf,ops_length*Hand.nand_ps); HW_SendPKT(1,(u8 *)Bulk_buf,ops_length*Hand.nand_ps);
handshake_PKT[0] = (u16) ret_dat; handshake_PKT[0] = (u16) ret_dat;
handshake_PKT[1] = (u16) (ret_dat>>16); handshake_PKT[1] = (u16) (ret_dat>>16);
udc_state = BULK_IN; udc_state = BULK_IN;
@ -226,24 +225,24 @@ int NAND_OPS_Handle(u8 *buf)
dprintf("\n Request : NAND_READ!"); dprintf("\n Request : NAND_READ!");
switch (option) { switch (option) {
case OOB_ECC: case OOB_ECC:
ret_dat = nand_read(Bulk_in_buf,start_addr,ops_length,OOB_ECC); ret_dat = nand_read(Bulk_buf,start_addr,ops_length,OOB_ECC);
handshake_PKT[0] = (u16) ret_dat; handshake_PKT[0] = (u16) ret_dat;
handshake_PKT[1] = (u16) (ret_dat>>16); handshake_PKT[1] = (u16) (ret_dat>>16);
HW_SendPKT(1,(u8 *)Bulk_in_buf,ops_length*(Hand.nand_ps + Hand.nand_os )); HW_SendPKT(1,(u8 *)Bulk_buf,ops_length*(Hand.nand_ps + Hand.nand_os ));
udc_state = BULK_IN; udc_state = BULK_IN;
break; break;
case OOB_NO_ECC: case OOB_NO_ECC:
ret_dat = nand_read(Bulk_in_buf,start_addr,ops_length,OOB_NO_ECC); ret_dat = nand_read(Bulk_buf,start_addr,ops_length,OOB_NO_ECC);
handshake_PKT[0] = (u16) ret_dat; handshake_PKT[0] = (u16) ret_dat;
handshake_PKT[1] = (u16) (ret_dat>>16); handshake_PKT[1] = (u16) (ret_dat>>16);
HW_SendPKT(1,(u8 *)Bulk_in_buf,ops_length*(Hand.nand_ps + Hand.nand_os)); HW_SendPKT(1,(u8 *)Bulk_buf,ops_length*(Hand.nand_ps + Hand.nand_os));
udc_state = BULK_IN; udc_state = BULK_IN;
break; break;
case NO_OOB: case NO_OOB:
ret_dat = nand_read(Bulk_in_buf,start_addr,ops_length,NO_OOB); ret_dat = nand_read(Bulk_buf,start_addr,ops_length,NO_OOB);
handshake_PKT[0] = (u16) ret_dat; handshake_PKT[0] = (u16) ret_dat;
handshake_PKT[1] = (u16) (ret_dat>>16); handshake_PKT[1] = (u16) (ret_dat>>16);
HW_SendPKT(1,(u8 *)Bulk_in_buf,ops_length*Hand.nand_ps); HW_SendPKT(1,(u8 *)Bulk_buf,ops_length*Hand.nand_ps);
udc_state = BULK_IN; udc_state = BULK_IN;
break; break;
} }
@ -251,7 +250,7 @@ int NAND_OPS_Handle(u8 *buf)
break; break;
case NAND_PROGRAM: case NAND_PROGRAM:
dprintf("\n Request : NAND_PROGRAM!"); dprintf("\n Request : NAND_PROGRAM!");
ret_dat = nand_program((void *)Bulk_out_buf, ret_dat = nand_program((void *)Bulk_buf,
start_addr,ops_length,option); start_addr,ops_length,option);
handshake_PKT[0] = (u16) ret_dat; handshake_PKT[0] = (u16) ret_dat;
handshake_PKT[1] = (u16) (ret_dat>>16); handshake_PKT[1] = (u16) (ret_dat>>16);
@ -285,7 +284,7 @@ int SDRAM_OPS_Handle(u8 *buf)
{ {
case SDRAM_LOAD: case SDRAM_LOAD:
//dprintf("\n Request : SDRAM_LOAD!"); //dprintf("\n Request : SDRAM_LOAD!");
ret_dat = (u32)memcpy((u8 *)start_addr,Bulk_out_buf,ops_length); ret_dat = (u32)memcpy((u8 *)start_addr,Bulk_buf,ops_length);
handshake_PKT[0] = (u16) ret_dat; handshake_PKT[0] = (u16) ret_dat;
handshake_PKT[1] = (u16) (ret_dat>>16); handshake_PKT[1] = (u16) (ret_dat>>16);
HW_SendPKT(1,handshake_PKT,sizeof(handshake_PKT)); HW_SendPKT(1,handshake_PKT,sizeof(handshake_PKT));

View File

@ -24,8 +24,7 @@
#define dprintf(x...) #define dprintf(x...)
#define TXFIFOEP0 USB_FIFO_EP0 #define TXFIFOEP0 USB_FIFO_EP0
u32 Bulk_in_buf[BULK_IN_BUF_SIZE]; u32 Bulk_buf[BULK_BUF_SIZE];
u32 Bulk_out_buf[BULK_OUT_BUF_SIZE];
u32 Bulk_in_size, Bulk_in_finish, Bulk_out_size; u32 Bulk_in_size, Bulk_in_finish, Bulk_out_size;
u16 handshake_PKT[4] = {0, 0, 0, 0}; u16 handshake_PKT[4] = {0, 0, 0, 0};
u8 udc_state; u8 udc_state;
@ -513,12 +512,12 @@ void EPIN_Handler(u8 EP)
} }
if (Bulk_in_size - Bulk_in_finish <= fifosize[EP]) { if (Bulk_in_size - Bulk_in_finish <= fifosize[EP]) {
udcWriteFifo((u8 *)((u32)Bulk_in_buf+Bulk_in_finish), udcWriteFifo((u8 *)((u32)Bulk_buf+Bulk_in_finish),
Bulk_in_size - Bulk_in_finish); Bulk_in_size - Bulk_in_finish);
usb_setw(USB_REG_INCSR, USB_INCSR_INPKTRDY); usb_setw(USB_REG_INCSR, USB_INCSR_INPKTRDY);
Bulk_in_finish = Bulk_in_size; Bulk_in_finish = Bulk_in_size;
} else { } else {
udcWriteFifo((u8 *)((u32)Bulk_in_buf+Bulk_in_finish), udcWriteFifo((u8 *)((u32)Bulk_buf+Bulk_in_finish),
fifosize[EP]); fifosize[EP]);
usb_setw(USB_REG_INCSR, USB_INCSR_INPKTRDY); usb_setw(USB_REG_INCSR, USB_INCSR_INPKTRDY);
Bulk_in_finish += fifosize[EP]; Bulk_in_finish += fifosize[EP];
@ -531,7 +530,7 @@ void EPOUT_Handler(u8 EP)
jz_writeb(USB_REG_INDEX, EP); jz_writeb(USB_REG_INDEX, EP);
size = jz_readw(USB_REG_OUTCOUNT); size = jz_readw(USB_REG_OUTCOUNT);
fifo = fifoaddr[EP]; fifo = fifoaddr[EP];
udcReadFifo((u8 *)((u32)Bulk_out_buf+Bulk_out_size), size); udcReadFifo((u8 *)((u32)Bulk_buf+Bulk_out_size), size);
usb_clearb(USB_REG_OUTCSR,USB_OUTCSR_OUTPKTRDY); usb_clearb(USB_REG_OUTCSR,USB_OUTCSR_OUTPKTRDY);
Bulk_out_size += size; Bulk_out_size += size;
dprintf("\nEPOUT_handle return!"); dprintf("\nEPOUT_handle return!");