DFU upload causes memory corruption (patch)

Werner Almesberger werner at openmoko.org
Tue Mar 13 11:42:01 CET 2007

Harald Welte wrote:
> I haven't looked at the usbtty code into much detail, but I'm not sure
> how often it allocates/free's URB's.  If that happens every character
> (worst case) then we don't want to allocate several kilobytes of memory
> each time.

Well, if we free them soon enough, it doesn't really matter.

> So in any caes, maybe we shoul get rid of that static buffer in 'struct
> urb' alltogether and dynamically allocate, just like "first class
> citizen" usb code does (and the usbdcore code did before somebody hacked
> it for u-boot).

Is the allocator actually re-entrant ? Otherwise, this could cause a
lot of fun :-)

> At least in the DFU case, EP0 would then be allocated with 4096 byte
> data buffer, just to accomodate one 'transfer size' block.

Sounds good, yes.

So, what do we do ? Start the great rewrite now ? Just use my hack for
now to make uploads work, and come back when the other fires have been
put out ? What worries me about this bug is that it breaks the
devirginator. I think we don't want the devirginator broken for long.
(My #212 hack also breaks it, althought a bit less violently. Perhaps
I should reverse the AUX logic after all ...)

- Werner

 / Werner Almesberger, Buenos Aires, Argentina     werner at almesberger.net /

More information about the openmoko-uboot mailing list