From: cmax@mailbox.org
To: u-boot@lists.denx.de
Cc: Maximilian Brune <maximilian.brune@9elements.com>,
Peng Fan <peng.fan@nxp.com>,
Jaehoon Chung <jh80.chung@samsung.com>
Subject: [PATCH v2] mmc: arm_pl180: Limit data transfer to U16_MAX
Date: Thu, 4 Apr 2024 08:58:22 +0200 [thread overview]
Message-ID: <20240404065839.9351-1-cmax@mailbox.org> (raw)
In-Reply-To: <20240227201857.25814-1-cmax@mailbox.org>
From: Maximilian Brune <maximilian.brune@9elements.com>
Currently fetching files bigger that cause a data transfer greater than
U16_MAX fails.
The reason is that the specification defines the datalength register
as a 16 bit wide register, but in u-boot it is used as if it is an
32 bit register. Therefore values greater than U16_MAX cause an
infinite loop inside u-boot. U-boot expects to get more data from
interface/hardware then it will ever get and therefore inifintely waits
for more data that will never come.
Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Jaehoon Chung <jh80.chung@samsung.com>
---
drivers/mmc/arm_pl180_mmci.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/drivers/mmc/arm_pl180_mmci.c b/drivers/mmc/arm_pl180_mmci.c
index 5cf5502ed5..cad73ea106 100644
--- a/drivers/mmc/arm_pl180_mmci.c
+++ b/drivers/mmc/arm_pl180_mmci.c
@@ -231,6 +231,7 @@ static int do_data_transfer(struct mmc *dev,
u32 blksz = 0;
u32 data_ctrl = 0;
u32 data_len = (u32) (data->blocks * data->blocksize);
+ assert(data_len < U16_MAX); /* should be ensured by arm_pl180_get_b_max */
if (!host->version2) {
blksz = (ffs(data->blocksize) - 1);
@@ -358,6 +359,14 @@ static int host_set_ios(struct mmc *dev)
return 0;
}
+static int arm_pl180_get_b_max(struct udevice *dev, void *dst, lbaint_t blkcnt)
+{
+ struct mmc_uclass_priv *upriv = dev_get_uclass_priv(dev);
+ struct mmc *mmc = upriv->mmc;
+
+ return U16_MAX / mmc->read_bl_len;
+}
+
#ifndef CONFIG_DM_MMC
/* MMC uses open drain drivers in the enumeration phase */
static int mmc_host_reset(struct mmc *dev)
@@ -373,6 +382,7 @@ static const struct mmc_ops arm_pl180_mmci_ops = {
.send_cmd = host_request,
.set_ios = host_set_ios,
.init = mmc_host_reset,
+ .get_b_max = arm_pl180_get_b_max,
};
/*
@@ -531,6 +541,7 @@ static const struct dm_mmc_ops arm_pl180_dm_mmc_ops = {
.send_cmd = dm_host_request,
.set_ios = dm_host_set_ios,
.get_cd = dm_mmc_getcd,
+ .get_b_max = arm_pl180_get_b_max,
};
static int arm_pl180_mmc_of_to_plat(struct udevice *dev)
--
2.44.0
next prev parent reply other threads:[~2024-04-04 6:59 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20240403012406epcas1p2c14e01c3092a280bd459ea75bd2b6704@epcas1p2.samsung.com>
2024-02-27 20:18 ` [PATCH] mmc: arm_pl180: Limit data transfer to U16_MAX cmax
2024-03-04 15:39 ` Lean Sheng Tan
2024-03-15 18:45 ` Lean Sheng Tan
2024-04-03 1:24 ` Jaehoon Chung
2024-04-04 6:58 ` cmax [this message]
2024-04-15 7:07 ` [PATCH v2] " Jaehoon Chung
2024-04-15 9:53 ` cmax
2024-04-15 11:01 ` Jaehoon Chung
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240404065839.9351-1-cmax@mailbox.org \
--to=cmax@mailbox.org \
--cc=jh80.chung@samsung.com \
--cc=maximilian.brune@9elements.com \
--cc=peng.fan@nxp.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox