Re: [U-Boot] [PATCH v2] usb_storage: fix ehci driver max transfer size

Mon, 09 Jul 2012 19:12:45 -0700 

Dear Stefan Herbrechtsmeier,

> The commit 5dd95cf93dfffa1d19a1928990852aac9f55b9d9 'usb_storage:
> Fix EHCI "out of buffer pointers" with CD-ROM' introduce a bug in
> usb_storage as it wrongly assumes that every transfer can use
> 4096 bytes per qt_buffer. This is wrong if the start address of
> the data is not page aligned to 4096 bytes and leads to 'EHCI
> timed out on TD' messages because of 'out of buffer pointers'
> in ehci_td_buffer function.

Yes, this can be simply confirmed even with USB stick by loading to unaligned 
address. It'll make the buffers overflow too.

> The bug appears during load of a fragmented file and
> read from or write to an unaligned memory address.
> 
> Cc: Marek Vasut <ma...@denx.de>
> Signed-off-by: Stefan Herbrechtsmeier <ste...@herbrechtsmeier.net>
> 
> ---
> Changes for v2:
>  - Replace fixed worst case calculation with dynamic
>    computation based on start address of transfer
> 
>  common/usb_storage.c |   37 ++++++++++++++++++++-----------------
>  1 file changed, 20 insertions(+), 17 deletions(-)
> 
> diff --git a/common/usb_storage.c b/common/usb_storage.c
> index faad237..bdc306f 100644
> --- a/common/usb_storage.c
> +++ b/common/usb_storage.c
> @@ -150,12 +150,17 @@ struct us_data {
>       unsigned int    irqpipe;                /* pipe for release_irq */
>       unsigned char   irqmaxp;                /* max packed for irq Pipe */
>       unsigned char   irqinterval;            /* Intervall for IRQ Pipe */
> -     unsigned long   max_xfer_blk;           /* Max blocks per xfer */
>       ccb             *srb;                   /* current srb */
>       trans_reset     transport_reset;        /* reset routine */
>       trans_cmnd      transport;              /* transport routine */
>  };
> 
> +/*
> + * The U-Boot EHCI driver cannot handle more than 5 page aligned buffers
> + * of 4096 bytes in a transfer without running itself out of qt_buffers
> + */
> +#define USB_MAX_XFER_BLK(start, blksz)       (((4096 * 5) - (start % 4096)) /
> blksz) +

Can't something in include/common.h around line 900 can't be used?

btw put braces around (start) in the macro and around (blksz) .

[...]

The rest is good, thanks! :-)

Best regards,
Marek Vasut
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot

Reply via email to