X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=target_firmware%2Fmagpie_fw_dev%2Ftarget%2Fhif%2Fk2_fw_usb_api.c;h=fe66c93a147175016b7546bbdc3edeb39c0380e6;hb=624c6655697f72177f5d5240a6e805aedc8c850b;hp=b549108c145d496be4808beff89b7031fd5a9012;hpb=4fcff38e30f342187b26ad29bc30c74f2b4810ed;p=open-ath9k-htc-firmware.git diff --git a/target_firmware/magpie_fw_dev/target/hif/k2_fw_usb_api.c b/target_firmware/magpie_fw_dev/target/hif/k2_fw_usb_api.c index b549108..fe66c93 100755 --- a/target_firmware/magpie_fw_dev/target/hif/k2_fw_usb_api.c +++ b/target_firmware/magpie_fw_dev/target/hif/k2_fw_usb_api.c @@ -402,6 +402,17 @@ void _fw_usb_reset_fifo(void) A_UART_HWINIT((22*1000*1000), 19200); } +void cold_reboot(void) +{ + A_PRINTF("Cold reboot initiated."); +#if defined(PROJECT_MAGPIE) + HAL_WORD_REG_WRITE(WATCH_DOG_MAGIC_PATTERN_ADDR, 0); +#elif defined(PROJECT_K2) + HAL_WORD_REG_WRITE(MAGPIE_REG_RST_STATUS_ADDR, 0); +#endif /* #if defined(PROJECT_MAGPIE) */ + A_USB_JUMP_BOOT(); +} + /* * -- support more than 64 bytes command on ep4 -- */ @@ -418,6 +429,10 @@ void vUsb_Reg_Out_patch(void) // get the size of this transcation usbfifolen = USB_BYTE_REG_READ(ZM_EP4_BYTE_COUNT_LOW_OFFSET); + if (usbfifolen > 0x40) { + A_PRINTF("EP4 FIFO Bug? Buffer is too big: %x\n", usbfifolen); + cold_reboot(); + } // check is command is new if( cmd_is_new ){ @@ -448,6 +463,11 @@ void vUsb_Reg_Out_patch(void) // accumulate the size cmdLen += usbfifolen; + if (cmdLen > buf->desc_list->buf_size) { + A_PRINTF("Data length on EP4 FIFO is bigger as allocated buffer data!" + " Drop it!\n"); + goto ERR; + } // round it to alignment if(usbfifolen % 4) @@ -695,13 +715,18 @@ ERR_DONE: ; } +extern uint16_t *u8UsbDeviceDescriptor; extern uint16_t *u8ConfigDescriptorEX; extern uint16_t *pu8DescriptorEX; extern uint16_t u16TxRxCounter; extern BOOLEAN bGet_descriptor(void); +uint16_t DeviceDescriptorPatch[9]; uint16_t ConfigDescriptorPatch[30]; + +#define BCD_DEVICE 6 +#define BCD_DEVICE_FW_SIGNATURE 0xffff #define EP3_TRANSFER_TYPE_OFFSET 17 #define EP3_INT_INTERVAL 19 #define EP4_TRANSFER_TYPE_OFFSET 21 @@ -709,13 +734,21 @@ uint16_t ConfigDescriptorPatch[30]; BOOLEAN bGet_descriptor_patch(void) { - if (mDEV_REQ_VALUE_HIGH() == 2) { - uint8_t *p = (uint8_t *)u8ConfigDescriptorEX; + int i; + switch (mDEV_REQ_VALUE_HIGH()) { + case 1: + ath_hal_memcpy(DeviceDescriptorPatch, + u8UsbDeviceDescriptor, sizeof(DeviceDescriptorPatch)); - /* Copy ConfigDescriptor */ - ath_hal_memcpy(ConfigDescriptorPatch, p, sizeof(ConfigDescriptorPatch)); + DeviceDescriptorPatch[BCD_DEVICE] = BCD_DEVICE_FW_SIGNATURE; - p = (uint8_t *)ConfigDescriptorPatch; + pu8DescriptorEX = DeviceDescriptorPatch; + u16TxRxCounter = mTABLE_LEN(DeviceDescriptorPatch[0]); + break; + case 2: + /* Copy ConfigDescriptor */ + ath_hal_memcpy(ConfigDescriptorPatch, + u8ConfigDescriptorEX, sizeof(ConfigDescriptorPatch)); /* Patch the transfer type of EP3 and EP4 */ ConfigDescriptorPatch[EP3_TRANSFER_TYPE_OFFSET] = 0x0283; @@ -733,16 +766,16 @@ BOOLEAN bGet_descriptor_patch(void) default: return FALSE; } - - if (u16TxRxCounter > mDEV_REQ_LENGTH()) - u16TxRxCounter = mDEV_REQ_LENGTH(); - - A_USB_EP0_TX_DATA(); - return TRUE; - } - else { + break; + default: return bGet_descriptor(); } + + if (u16TxRxCounter > mDEV_REQ_LENGTH()) + u16TxRxCounter = mDEV_REQ_LENGTH(); + + A_USB_EP0_TX_DATA(); + return TRUE; } extern BOOLEAN bStandardCommand(void);