[U-Boot] [RFC PATCH] usb: ehci: do not invalidate a NULL buffer
Marek Vasut
marex at denx.de
Tue Nov 21 11:28:26 UTC 2017
On 11/21/2017 07:30 AM, Dirk Behme wrote:
> On 17.11.2017 16:04, Marek Vasut wrote:
>> On 11/17/2017 03:28 PM, Dirk Behme wrote:
>>> Its a valid use case to call ehci_submit_async() with a NULL buffer
>>> with length 0. E.g. from usb_set_configuration().
>>>
>>> As invalidate_dcache_range() isn't able to judge if the address
>>> NULL is valid or not (depending on the SoC hardware configuration it
>>> might be valid) do the check in ehci_submit_async() as here we know
>>> that we don't have to invalidate such a buffer.
>>>
>>> Signed-off-by: Dirk Behme <dirk.behme at de.bosch.com>
>>
>> Looks OK,
>
>
> Ok, thanks, I'll drop the RFC, then.
>
>
>> what about the other cache ops in EHCI, are they also affected?
>
>
> This was found based on a MMU configuration excluding address
> 0x00000000. Fixing this one location made a usb start and reading from
> an USB stick work.
>
> So either only this location is affected, or above use case doesn't
> cover all relevant path. In latter case I don't have enough USB
> knowledge to evaluate all path by review.
Well, I skimmed through the rest of the function and this seems to be
the only spot where it could be problematic if length == 0 , so this is
the correct fix.
Applied, thanks.
> Best regards
>
> Dirk
>
>
>>> ---
>>> Notes:
>>>
>>> This was found on an older vendor specific U-Boot on an ARMv8 SoC
>>> with a MMU configuration where address 0x00000000 is invalid.
>>>
>>> The callstack I've seen is
>>>
>>> usb_set_configuration(), calls
>>> -> usb_control_msg() with *data == NULL and size == 0
>>> -> submit_control_msg()
>>> -> _ehci_submit_control_msg()
>>> -> ehci_submit_async()
>>>
>>> ehci_submit_async() called __asm_invalidate_dcache_range() from
>>> arch/arm/cpu/armv8/cache.S, then. Resulting in an exception trying
>>> to use address 0 in x0 (dc ivac, x0).
>>>
>>> I'm slightly unsure why this hasn't been catched or complained about
>>> previously, already. Maybe I missed anything while working with an older
>>> vendor U-Boot? Sorry in this case.
>>>
>>> Best regards
>>>
>>> Dirk
>>> ---
>>> drivers/usb/host/ehci-hcd.c | 5 +++--
>>> 1 file changed, 3 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/drivers/usb/host/ehci-hcd.c b/drivers/usb/host/ehci-hcd.c
>>> index be3e842dcc..32c661b37e 100644
>>> --- a/drivers/usb/host/ehci-hcd.c
>>> +++ b/drivers/usb/host/ehci-hcd.c
>>> @@ -595,8 +595,9 @@ ehci_submit_async(struct usb_device *dev,
>>> unsigned long pipe, void *buffer,
>>> * dangerous operation, it's responsibility of the calling
>>> * code to make sure enough space is reserved.
>>> */
>>> - invalidate_dcache_range((unsigned long)buffer,
>>> - ALIGN((unsigned long)buffer + length, ARCH_DMA_MINALIGN));
>>> + if (buffer != NULL && length > 0)
>>> + invalidate_dcache_range((unsigned long)buffer,
>>> + ALIGN((unsigned long)buffer + length, ARCH_DMA_MINALIGN));
>>> /* Check that the TD processing happened */
>>> if (QT_TOKEN_GET_STATUS(token) & QT_TOKEN_STATUS_ACTIVE)
>>>
--
Best regards,
Marek Vasut
More information about the U-Boot
mailing list