From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marek Vasut Date: Tue, 10 Jul 2012 04:12:23 +0200 Subject: [U-Boot] [PATCH v2] usb_storage: fix ehci driver max transfer size In-Reply-To: References: <1340043748-9261-1-git-send-email-stefan@herbrechtsmeier.net> Message-ID: <201207100412.23870.marex@denx.de> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de Dear Stefan Herbrechtsmeier, > The commit 5dd95cf93dfffa1d19a1928990852aac9f55b9d9 'usb_storage: > Fix EHCI "out of buffer pointers" with CD-ROM' introduce a bug in > usb_storage as it wrongly assumes that every transfer can use > 4096 bytes per qt_buffer. This is wrong if the start address of > the data is not page aligned to 4096 bytes and leads to 'EHCI > timed out on TD' messages because of 'out of buffer pointers' > in ehci_td_buffer function. Yes, this can be simply confirmed even with USB stick by loading to unaligned address. It'll make the buffers overflow too. > The bug appears during load of a fragmented file and > read from or write to an unaligned memory address. > > Cc: Marek Vasut > Signed-off-by: Stefan Herbrechtsmeier > > --- > Changes for v2: > - Replace fixed worst case calculation with dynamic > computation based on start address of transfer > > common/usb_storage.c | 37 ++++++++++++++++++++----------------- > 1 file changed, 20 insertions(+), 17 deletions(-) > > diff --git a/common/usb_storage.c b/common/usb_storage.c > index faad237..bdc306f 100644 > --- a/common/usb_storage.c > +++ b/common/usb_storage.c > @@ -150,12 +150,17 @@ struct us_data { > unsigned int irqpipe; /* pipe for release_irq */ > unsigned char irqmaxp; /* max packed for irq Pipe */ > unsigned char irqinterval; /* Intervall for IRQ Pipe */ > - unsigned long max_xfer_blk; /* Max blocks per xfer */ > ccb *srb; /* current srb */ > trans_reset transport_reset; /* reset routine */ > trans_cmnd transport; /* transport routine */ > }; > > +/* > + * The U-Boot EHCI driver cannot handle more than 5 page aligned buffers > + * of 4096 bytes in a transfer without running itself out of qt_buffers > + */ > +#define USB_MAX_XFER_BLK(start, blksz) (((4096 * 5) - (start % 4096)) / > blksz) + Can't something in include/common.h around line 900 can't be used? btw put braces around (start) in the macro and around (blksz) . [...] The rest is good, thanks! :-) Best regards, Marek Vasut