Embedded/tinyusb
1
0
Fork 0
mirror of https://github.com/hathach/tinyusb.git synced 2025-01-17 05:32:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

dcd_nrf5x: ISO OUT handling

Browse Source 
For incoming ISO OUT packets it was possible to start
DMA from endpoint to RAM before transfer was started
resulting in unrelated memory corruption.
This is scenario that causes memory corruption:
- ISO OUT packet is received
- Packet is transferred by DMA to transfer buffer
- xfer->started is cleared and xfer->buffer is updated as
  it is in every case
- Application takes to long to handle it (it happens when debugger
  is connected breakpoint is hit slowing down software).
- Next ISO OUT packet arrives
At this point there was no check if transfer was started and packet
was copied by DMA to location beyond previous data, possibly overwriting
unrelated memory.

This solves the issue by checking that transfer was
started and there is buffer ready for incoming packet.
This commit is contained in:
Jerzy Kasenberg 2023-03-09 14:00:37 +01:00
parent 990fb6ae5c
commit f0ddf8d10f
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/portable/nordic/nrf5x/dcd_nrf5x.c
View File

@ -187,11 +187,16 @@ static void xact_out_dma(uint8_t epnum)
}
else
{
// Trigger DMA move data from Endpoint -> SRAM
NRF_USBD->ISOOUT.PTR = (uint32_t) xfer->buffer;
NRF_USBD->ISOOUT.MAXCNT = xact_len;
if (xfer->started)
{
// Trigger DMA move data from Endpoint -> SRAM
NRF_USBD->ISOOUT.PTR = (uint32_t) xfer->buffer;
NRF_USBD->ISOOUT.MAXCNT = xact_len;
start_dma(&NRF_USBD->TASKS_STARTISOOUT);
start_dma(&NRF_USBD->TASKS_STARTISOOUT);
} else {
atomic_flag_clear(&_dcd.dma_running);
}
}
}
else