[U-Boot] [PATCH v2] usb_storage: fix ehci driver max transfer size

Marek Vasut marex at denx.de
Tue Jul 10 04:12:23 CEST 2012 

Dear Stefan Herbrechtsmeier,

> The commit 5dd95cf93dfffa1d19a1928990852aac9f55b9d9 'usb_storage:
> Fix EHCI "out of buffer pointers" with CD-ROM' introduce a bug in
> usb_storage as it wrongly assumes that every transfer can use
> 4096 bytes per qt_buffer. This is wrong if the start address of
> the data is not page aligned to 4096 bytes and leads to 'EHCI
> timed out on TD' messages because of 'out of buffer pointers'
> in ehci_td_buffer function.

Yes, this can be simply confirmed even with USB stick by loading to unaligned 
address. It'll make the buffers overflow too.

> The bug appears during load of a fragmented file and
> read from or write to an unaligned memory address.
> 
> Cc: Marek Vasut <marex at denx.de>
> Signed-off-by: Stefan Herbrechtsmeier <stefan at herbrechtsmeier.net>
> 
> ---
> Changes for v2:
>  - Replace fixed worst case calculation with dynamic
>    computation based on start address of transfer
> 
>  common/usb_storage.c |   37 ++++++++++++++++++++-----------------
>  1 file changed, 20 insertions(+), 17 deletions(-)
> 
> diff --git a/common/usb_storage.c b/common/usb_storage.c
> index faad237..bdc306f 100644
> --- a/common/usb_storage.c
> +++ b/common/usb_storage.c
> @@ -150,12 +150,17 @@ struct us_data {
>  	unsigned int	irqpipe;	 	/* pipe for release_irq */
>  	unsigned char	irqmaxp;		/* max packed for irq Pipe */
>  	unsigned char	irqinterval;		/* Intervall for IRQ Pipe */
> -	unsigned long	max_xfer_blk;		/* Max blocks per xfer */
>  	ccb		*srb;			/* current srb */
>  	trans_reset	transport_reset;	/* reset routine */
>  	trans_cmnd	transport;		/* transport routine */
>  };
> 
> +/*
> + * The U-Boot EHCI driver cannot handle more than 5 page aligned buffers
> + * of 4096 bytes in a transfer without running itself out of qt_buffers
> + */
> +#define USB_MAX_XFER_BLK(start, blksz)	(((4096 * 5) - (start % 4096)) /
> blksz) +

Can't something in include/common.h around line 900 can't be used?

btw put braces around (start) in the macro and around (blksz) .

[...]

The rest is good, thanks! :-)

Best regards,
Marek Vasut

More information about the U-Boot mailing list