arm_adi_v5: Fix packed and unaligned memory writes 46/1646/2
authorAndreas Fritiofson <andreas.fritiofson@gmail.com>
Sun, 22 Sep 2013 16:50:25 +0000 (18:50 +0200)
committerSpencer Oliver <spen@spen-soft.co.uk>
Wed, 2 Oct 2013 21:53:52 +0000 (21:53 +0000)
For packed and/or unaligned accesses, the write functions reordered the
source buffer in place. Causing in the best case a segfault, in the worst
case silent data corruption.

Rewrite the data fetching to directly match the byte lane mapping
according to IHI0031C, without destroying the buffer.

Also slightly clean up variable usage and harmonize all the write
functions.

Change-Id: I9a01cfc5578653f9ec02043ff6b61a7a20f90d67
Signed-off-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Reviewed-on: http://openocd.zylin.com/1646
Tested-by: jenkins
Reviewed-by: Spencer Oliver <spen@spen-soft.co.uk>
src/target/arm_adi_v5.c

index 5e9091f..309296a 100644 (file)
@@ -261,41 +261,16 @@ int mem_ap_write_atomic_u32(struct adiv5_dap *dap, uint32_t address,
        return dap_run(dap);
 }
 
-/*****************************************************************************
-*                                                                            *
-* mem_ap_write_buf(struct adiv5_dap *dap, uint8_t *buffer, int count, uint32_t address, bool addr_incr) *
-*                                                                            *
-* Write a buffer in target order (little endian)                             *
-*                                                                            *
-*****************************************************************************/
 int mem_ap_write_buf_u32(struct adiv5_dap *dap, const uint8_t *buffer, int count, uint32_t address, bool addr_incr)
 {
        int wcount, blocksize, writecount, errorcount = 0, retval = ERROR_OK;
        uint32_t adr = address;
-       const uint8_t *pBuffer = buffer;
-       uint32_t incr_flag = CSW_ADDRINC_OFF;
-
-       count >>= 2;
-       wcount = count;
-
-       /* if we have an unaligned access - reorder data */
-       if (adr & 0x3u) {
-               for (writecount = 0; writecount < count; writecount++) {
-                       int i;
-                       uint32_t outvalue;
-                       memcpy(&outvalue, pBuffer, sizeof(uint32_t));
+       uint32_t incr_flag = addr_incr ? CSW_ADDRINC_SINGLE : CSW_ADDRINC_OFF;
 
-                       for (i = 0; i < 4; i++) {
-                               *((uint8_t *)pBuffer + (adr & 0x3)) = outvalue;
-                               outvalue >>= 8;
-                               adr++;
-                       }
-                       pBuffer += sizeof(uint32_t);
-               }
-       }
+       wcount = count >> 2;
 
        while (wcount > 0) {
-               /* Adjust to write blocks within boundaries aligned to the TAR autoincremnent size*/
+               /* Adjust to write blocks within boundaries aligned to the TAR auto-increment size */
                blocksize = max_tar_block_size(dap->tar_autoincr_block, address);
                if (wcount < blocksize)
                        blocksize = wcount;
@@ -304,27 +279,27 @@ int mem_ap_write_buf_u32(struct adiv5_dap *dap, const uint8_t *buffer, int count
                if (blocksize == 0)
                        blocksize = 1;
 
-               if (addr_incr)
-                       incr_flag = CSW_ADDRINC_SINGLE;
-
                retval = dap_setup_accessport(dap, CSW_32BIT | incr_flag, address);
                if (retval != ERROR_OK)
                        return retval;
 
                for (writecount = 0; writecount < blocksize; writecount++) {
-                       uint32_t tmp;
-                       tmp = buf_get_u32(buffer + 4 * writecount, 0, 32);
-                       retval = dap_queue_ap_write(dap, AP_REG_DRW, tmp);
+                       uint32_t outvalue = 0;
+                       outvalue |= (uint32_t)*buffer++ << 8 * (adr++ & 3);
+                       outvalue |= (uint32_t)*buffer++ << 8 * (adr++ & 3);
+                       outvalue |= (uint32_t)*buffer++ << 8 * (adr++ & 3);
+                       outvalue |= (uint32_t)*buffer++ << 8 * (adr++ & 3);
+
+                       retval = dap_queue_ap_write(dap, AP_REG_DRW, outvalue);
                        if (retval != ERROR_OK)
                                break;
                }
 
                retval = dap_run(dap);
                if (retval == ERROR_OK) {
-                       wcount = wcount - blocksize;
+                       wcount -= blocksize;
                        if (addr_incr)
-                               address = address + 4 * blocksize;
-                       buffer = buffer + 4 * blocksize;
+                               address += 4 * blocksize;
                } else
                        errorcount++;
 
@@ -341,14 +316,14 @@ static int mem_ap_write_buf_packed_u16(struct adiv5_dap *dap,
                const uint8_t *buffer, int count, uint32_t address)
 {
        int retval = ERROR_OK;
-       int wcount, blocksize, writecount, i;
+       int wcount, blocksize, writecount;
 
        wcount = count >> 1;
 
        while (wcount > 0) {
                int nbytes;
 
-               /* Adjust to write blocks within boundaries aligned to the TAR autoincremnent size*/
+               /* Adjust to write blocks within boundaries aligned to the TAR auto-increment size */
                blocksize = max_tar_block_size(dap->tar_autoincr_block, address);
 
                if (wcount < blocksize)
@@ -376,18 +351,17 @@ static int mem_ap_write_buf_packed_u16(struct adiv5_dap *dap,
                                        return retval;
                                }
 
-                               address += nbytes >> 1;
+                               address += nbytes;
+                               buffer += nbytes;
                        } else {
-                               uint32_t outvalue;
-                               memcpy(&outvalue, buffer, sizeof(uint32_t));
+                               assert(nbytes == 4);
 
-                               for (i = 0; i < nbytes; i++) {
-                                       *((uint8_t *)buffer + (address & 0x3)) = outvalue;
-                                       outvalue >>= 8;
-                                       address++;
-                               }
+                               uint32_t outvalue = 0;
+                               outvalue |= (uint32_t)*buffer++ << 8 * (address++ & 3);
+                               outvalue |= (uint32_t)*buffer++ << 8 * (address++ & 3);
+                               outvalue |= (uint32_t)*buffer++ << 8 * (address++ & 3);
+                               outvalue |= (uint32_t)*buffer++ << 8 * (address++ & 3);
 
-                               memcpy(&outvalue, buffer, sizeof(uint32_t));
                                retval = dap_queue_ap_write(dap,
                                                AP_REG_DRW, outvalue);
                                if (retval != ERROR_OK)
@@ -402,7 +376,6 @@ static int mem_ap_write_buf_packed_u16(struct adiv5_dap *dap,
                                }
                        }
 
-                       buffer += nbytes >> 1;
                        writecount -= nbytes >> 1;
 
                } while (writecount);
@@ -423,9 +396,11 @@ int mem_ap_write_buf_u16(struct adiv5_dap *dap, const uint8_t *buffer, int count
                retval = dap_setup_accessport(dap, CSW_16BIT | CSW_ADDRINC_SINGLE, address);
                if (retval != ERROR_OK)
                        return retval;
-               uint16_t svalue;
-               memcpy(&svalue, buffer, sizeof(uint16_t));
-               uint32_t outvalue = (uint32_t)svalue << 8 * (address & 0x3);
+
+               uint32_t outvalue = 0;
+               outvalue |= (uint32_t)*buffer++ << 8 * (address++ & 3);
+               outvalue |= (uint32_t)*buffer++ << 8 * (address++ & 3);
+
                retval = dap_queue_ap_write(dap, AP_REG_DRW, outvalue);
                if (retval != ERROR_OK)
                        break;
@@ -435,8 +410,6 @@ int mem_ap_write_buf_u16(struct adiv5_dap *dap, const uint8_t *buffer, int count
                        break;
 
                count -= 2;
-               address += 2;
-               buffer += 2;
        }
 
        return retval;
@@ -446,14 +419,14 @@ static int mem_ap_write_buf_packed_u8(struct adiv5_dap *dap,
                const uint8_t *buffer, int count, uint32_t address)
 {
        int retval = ERROR_OK;
-       int wcount, blocksize, writecount, i;
+       int wcount, blocksize, writecount;
 
        wcount = count;
 
        while (wcount > 0) {
                int nbytes;
 
-               /* Adjust to write blocks within boundaries aligned to the TAR autoincremnent size*/
+               /* Adjust to write blocks within boundaries aligned to the TAR auto-increment size */
                blocksize = max_tar_block_size(dap->tar_autoincr_block, address);
 
                if (wcount < blocksize)
@@ -477,17 +450,16 @@ static int mem_ap_write_buf_packed_u8(struct adiv5_dap *dap,
                                }
 
                                address += nbytes;
+                               buffer += nbytes;
                        } else {
-                               uint32_t outvalue;
-                               memcpy(&outvalue, buffer, sizeof(uint32_t));
+                               assert(nbytes == 4);
 
-                               for (i = 0; i < nbytes; i++) {
-                                       *((uint8_t *)buffer + (address & 0x3)) = outvalue;
-                                       outvalue >>= 8;
-                                       address++;
-                               }
+                               uint32_t outvalue = 0;
+                               outvalue |= (uint32_t)*buffer++ << 8 * (address++ & 3);
+                               outvalue |= (uint32_t)*buffer++ << 8 * (address++ & 3);
+                               outvalue |= (uint32_t)*buffer++ << 8 * (address++ & 3);
+                               outvalue |= (uint32_t)*buffer++ << 8 * (address++ & 3);
 
-                               memcpy(&outvalue, buffer, sizeof(uint32_t));
                                retval = dap_queue_ap_write(dap,
                                                AP_REG_DRW, outvalue);
                                if (retval != ERROR_OK)
@@ -502,7 +474,6 @@ static int mem_ap_write_buf_packed_u8(struct adiv5_dap *dap,
                                }
                        }
 
-                       buffer += nbytes;
                        writecount -= nbytes;
 
                } while (writecount);
@@ -523,7 +494,7 @@ int mem_ap_write_buf_u8(struct adiv5_dap *dap, const uint8_t *buffer, int count,
                retval = dap_setup_accessport(dap, CSW_8BIT | CSW_ADDRINC_SINGLE, address);
                if (retval != ERROR_OK)
                        return retval;
-               uint32_t outvalue = (uint32_t)*buffer << 8 * (address & 0x3);
+               uint32_t outvalue = (uint32_t)*buffer++ << 8 * (address++ & 0x3);
                retval = dap_queue_ap_write(dap, AP_REG_DRW, outvalue);
                if (retval != ERROR_OK)
                        break;
@@ -533,8 +504,6 @@ int mem_ap_write_buf_u8(struct adiv5_dap *dap, const uint8_t *buffer, int count,
                        break;
 
                count--;
-               address++;
-               buffer++;
        }
 
        return retval;