| Message ID | 20240415095324.28469-1-cmax@mailbox.org |
|---|---|
| State | Accepted |
| Delegated to: | Jaehoon Chung |
| Headers | show |
| Series | [v2] mmc: arm_pl180: Limit data transfer to U16_MAX | expand |
> -----Original Message----- > From: cmax@mailbox.org <cmax@mailbox.org> > Sent: Monday, April 15, 2024 6:53 PM > To: u-boot@lists.denx.de > Cc: Maximilian Brune <maximilian.brune@9elements.com>; Peng Fan <peng.fan@nxp.com>; Jaehoon Chung > <jh80.chung@samsung.com> > Subject: [PATCH v2] mmc: arm_pl180: Limit data transfer to U16_MAX > > From: Maximilian Brune <maximilian.brune@9elements.com> > > Currently fetching files bigger that cause a data transfer greater than > U16_MAX fails. > > The reason is that the specification defines the datalength register > as a 16 bit wide register, but in u-boot it is used as if it is an > 32 bit register. Therefore values greater than U16_MAX cause an > infinite loop inside u-boot. U-boot expects to get more data from > interface/hardware then it will ever get and therefore inifintely waits > for more data that will never come. > > Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com> Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com> Best Regards, Jaehoon Chung > Cc: Peng Fan <peng.fan@nxp.com> > Cc: Jaehoon Chung <jh80.chung@samsung.com> > --- > drivers/mmc/arm_pl180_mmci.c | 10 ++++++++++ > 1 file changed, 10 insertions(+) > > diff --git a/drivers/mmc/arm_pl180_mmci.c b/drivers/mmc/arm_pl180_mmci.c > index 2666b65362..cecc7ad783 100644 > --- a/drivers/mmc/arm_pl180_mmci.c > +++ b/drivers/mmc/arm_pl180_mmci.c > @@ -229,6 +229,7 @@ static int do_data_transfer(struct mmc *dev, > u32 blksz = 0; > u32 data_ctrl = 0; > u32 data_len = (u32) (data->blocks * data->blocksize); > + assert(data_len < U16_MAX); /* should be ensured by arm_pl180_get_b_max */ > > if (!host->version2) { > blksz = (ffs(data->blocksize) - 1); > @@ -356,6 +357,14 @@ static int host_set_ios(struct mmc *dev) > return 0; > } > > +static int arm_pl180_get_b_max(struct udevice *dev, void *dst, lbaint_t blkcnt) > +{ > + struct mmc_uclass_priv *upriv = dev_get_uclass_priv(dev); > + struct mmc *mmc = upriv->mmc; > + > + return U16_MAX / mmc->read_bl_len; > +} > + > static void arm_pl180_mmc_init(struct pl180_mmc_host *host) > { > u32 sdi_u32; > @@ -470,6 +479,7 @@ static const struct dm_mmc_ops arm_pl180_dm_mmc_ops = { > .send_cmd = dm_host_request, > .set_ios = dm_host_set_ios, > .get_cd = dm_mmc_getcd, > + .get_b_max = arm_pl180_get_b_max, > }; > > static int arm_pl180_mmc_of_to_plat(struct udevice *dev) > -- > 2.44.0
diff --git a/drivers/mmc/arm_pl180_mmci.c b/drivers/mmc/arm_pl180_mmci.c index 2666b65362..cecc7ad783 100644 --- a/drivers/mmc/arm_pl180_mmci.c +++ b/drivers/mmc/arm_pl180_mmci.c @@ -229,6 +229,7 @@ static int do_data_transfer(struct mmc *dev, u32 blksz = 0; u32 data_ctrl = 0; u32 data_len = (u32) (data->blocks * data->blocksize); + assert(data_len < U16_MAX); /* should be ensured by arm_pl180_get_b_max */ if (!host->version2) { blksz = (ffs(data->blocksize) - 1); @@ -356,6 +357,14 @@ static int host_set_ios(struct mmc *dev) return 0; } +static int arm_pl180_get_b_max(struct udevice *dev, void *dst, lbaint_t blkcnt) +{ + struct mmc_uclass_priv *upriv = dev_get_uclass_priv(dev); + struct mmc *mmc = upriv->mmc; + + return U16_MAX / mmc->read_bl_len; +} + static void arm_pl180_mmc_init(struct pl180_mmc_host *host) { u32 sdi_u32; @@ -470,6 +479,7 @@ static const struct dm_mmc_ops arm_pl180_dm_mmc_ops = { .send_cmd = dm_host_request, .set_ios = dm_host_set_ios, .get_cd = dm_mmc_getcd, + .get_b_max = arm_pl180_get_b_max, }; static int arm_pl180_mmc_of_to_plat(struct udevice *dev)