Since allocation is infrequent in Rockbox enabling the extra
checks to catch memory corruption is probably worth the time
and code size cost.
Change-Id: If0d701421054328c57b69e4d0af30759d799d158
Using a length 1 char array to point to the name buffer triggers
a -Warray-bounds warning from GCC when fortified strcpy is used.
This type of construct isn't safe in general -- if the compiler
makes assumptions based on the array bound it can create subtle
bugs when accessing the array out of bounds.
Instead, add a function get_block_name() which returns a pointer
to the name field by casting. This suppresses the warning and it
should be a bit more portable.
Change-Id: I25d4f46f799022ad0ec23bef0218f7595cc741ea
These don't have any users and there is already another way to
print blocks (which is actually used by the debug menu).
Change-Id: Ic6a4f874c6499c42bc046e8af3e4aaddc9e68276
If we don't check or generate CRCs then the CRC field can be left
out of the header, which reduces buflib overhead slightly.
Change-Id: I08b4cf77a701d8f6da453e019a0373d858a79ae4
Move CRC checking and updating behind a paranoia bit, like the
other checks, so it can be enabled and disabled.
Change-Id: Icff66c842cbd5af2d99aa91e6c40447a64e6d4b2
Handle checks ensure that the data in the handle table points
within buflib memory and checks handle entry pointers in block
headers before dereferencing them.
Change-Id: Ic16f1b81c1a0ea63c0e7f48d87938293b75c2419
Tighten up checking by adding length checks to loops which
ensure the iteration stays within bounds. Check is disabled
by default and can be enabled using a BUFLIB_PARANOIA bit.
Change-Id: I35e911e0878797d5ebf732be548ca659f6910fe0
Buflib is written with a lot of hardcoded offsets to header fields,
arbitrary pointer arithmetic, and similar but not quite duplicated
code, making maintenance a nightmare.
Most of the pointer arithmetic involving header fields is replaced
by indexing from two well-defined pointers, the block start and end
pointers. The start pointer points to the first header field, and
he end pointer is one past the end of the header.
Hardcoded field indices are replaced by two enums. Forward indices
(fidx_XXX) are used to access fields from a block start pointer and
negated backward indices (-bidx_XXX) are used to index from a block
end pointer. There is no overlap between the indices because of the
variable length name field in the middle of the header. The length
of the fixed fields in the block header is now a #define'd constant
rather than being open coded.
There is now a function to acquire the block end pointer from the
user data pointer (ie. the pointer stored in the handle table). The
old code was not consistent in this; some functions would handle a
non-aligned user pointer, which may occur as a result of shrinking,
while other uses just assumed the user pointer was aligned.
Block CRC calculations have also been factored out to a function
that accepts block start and end pointers.
Change-Id: I6a7e8a8c58aec6c6eaf0e5021400032d8e5f841e
The block header has a variable length due to the embedded name.
The name length is stored at the back of the header after the
name, in order to allow finding the start of the header if only
the user data pointer is known (eg. from the handle table).
The name length is actually not interesting in itself; storing
the total length of the block header instead is marginally more
efficient, saving one addition in handle_to_block().
Instead the extra arithmetic must be done by buflib_get_name(),
which is a much less common operation than handle_to_block().
Change-Id: Ia339a1d2f556a11a49deae0871203e70548bd234
The way it iterated over the handle table is unsafe if *every*
handle is free, leading to an out of bounds access.
This is a contrived example, but the bug can be triggered by
making several allocations, freeing them out of order so that
the handle table remains uncompacted, and then triggering a
compaction using buflib_alloc_maximum().
Change-Id: I879e2f0b223e6ca596769610ac46f4edf1107f5c
It isn't obvious why the "handle->val = -1" at the end of handle_alloc
is needed so add an explanatory comment. But "handle->val = 1" prior to
calling handle_free is simply a dead store.
Change-Id: I9ab4e96e87e940cfd1a2ed56f089287821669c73
Since we're scanning the handle table for the first free slot,
we know none of the scanned slots are free. Use that knowledge
to update first_free_handle and avoid rescanning filled slots
again when the next handle is allocated.
Change-Id: I457372f66c231168cfffa7e905d1e9fb80002f5f
Use the standard IS_ALIGNED macro and check alignment against
sizeof(buflib_data), as it can be greater than 4 bytes if we're
on a 64-bit platform (eg. simulator).
Change-Id: I15110937d1f2978e733d169050de9531fe218214
Exiting the loop implies next_block == block, so remove that check.
The check ret < block is false only if block is the first block, which
can be checked before the loop, saving a few cycles in that case.
Change-Id: Id493b5259a23a35a70b09dfe4bc4eacaf420760c
This is another chip used in newer Surfans F20 units. Like the
Winbond chip, it's a 1-gigabit chip with on-die ECC. Notably it
has an expanded 128-byte OOB area that is only accessible when
on-die ECC is disabled.
Change-Id: I2203918a15c914097f5a6bbe4afa2d3a60dc67f7
This chip is apparently used in some Surfans F20 units, and has
the same geometry as the ATO25D1GA. It has an on-die ECC engine.
Change-Id: I4d37a2455620ce43cec0a9bcbb32c776d1a8eba1
Decouple chip IDs from chips, and allow the chip ID table to list
which read ID method should be used. Use a safe controller setup
during identification instead of using the first chip's parameters.
Change-Id: Ia725959c31b2838f4a3a30e5bb7fa6652ef377ed
There is actually no need to parameterize most commands with row
or column cycles, usually the opcode and row/column address width
are linked. When this is not the case we can use raw SFC commands
or define new macros.
Change-Id: I22459d732dc01012e6a8ae026c4fb85495d372b4
Using predefined commands is too inflexible so allow the chip data
to specify I/O commands directly.
Change-Id: Ie8f943914da4b8299678a59b1063c4c6d226e83e
The iPod classic/6G comes with 64MB of RAM. This
brings it in line with the plugin buffer size of some
other targets that have the same amount of RAM,
such as the Fiio M3K, and enables the use of
PictureFlow for users with very large databases.
Change-Id: I1ccae1cacda7a243139f4887f54bd35cc8e501cf
Use per-function sections to avoid linking in x1000_boot_linux()
on normal builds, which prevents link errors due to referencing
a non-existent usb_close().
Change-Id: Ied7b233603c49fc856db8445e368675b181e2f1f
Many SPI NAND flash chips have on-die ECC engines that report
ECC status via the status feature register. This code handles
the common case where ECC status is reported with 2 bits: one
bit to indicate if flips were detected & corrected, and another
bit to indicate an uncorrectable error.
Change-Id: I5d587cd960ca9d090d2629e890724a6bc411e70c
Using 'typedef struct' is not in line with the project coding style
and somewhat problematic, so get rid of it here.
Change-Id: Icfe79de72ed82cb7526e9f4e8296ec12084c01ac
Some components have additional ID bytes. Add support for an
optional 2nd device ID byte during the identification routine.
Change-Id: I5bbad73fb57004067c6f13f223f7bf4d43ff7849
If the USB controller is active when we hand over to Linux it'll
often trigger "irq nobody cared" warnings. Disabling the controller
before boot prevents that.
Also move the USB PHY bit workaround from the dualboot cleanup hook
to the main Linux boot function. Mainline kernels don't clear these
bits either.
Change-Id: Ieaf896c3b8c3e58a8c47de5afeb384ae2511a5fa
Define common functions for loading 16/32/64-bit unsigned integers
with big, little, or host endianness, and distinguishing unaligned
and aligned cases.
Unaligned loads are supported generically by default, but this can
be overridden with a more efficient implementation on architectures
which support unaligned loads natively.
Change-Id: I3d826ec1a7646777876366eeece2cbccab60c1fb
USB ask mode is basically a footgun: it can't work on native targets
and doesn't work reliably on hosted ones, and it continually produces
a slow trickle of problems. FS#13317 gives a rundown of the issues.
Removing the setting seems like the best solution for now, since a fix
would be pretty involved.
This partially reverts 60f581e8f5. The USB Mode setting is left in
place so the option can be added back later in a non-buggy way.
Change-Id: Ie01b28dd2ed95a31b509a7834d85bac8eb866098
The flash probe mimics the boot ROM's flash read routines and
dumps the manufacturer & device IDs and 16-byte parameter data
to a file on the SD card.
Change-Id: I3d413bd0cc05a9d7f2285b85454420c3e90274e9
Should make debugging crashes on native MIPS targets far easier.
This is by no means a 100% complete or robust implementation but
it seems to handle the vast majority of functions.
Change-Id: Id5f430270e02b5092b79026b6876675c784aa649
These don't seem usable and it looks like the files were added by
accident by d66346789c "buflib: Check the validity of of handles
passed to buflib_get_data() in DEBUG builds."
Change-Id: I4d4601f1fef7901c08ae86448853d008f48d5f43
Left shifts are not defined in C if they would cause signed overflow,
so these expressions get instrumented, which makes them unusable as
switch values and triggers compile errors when compiling with UBSan.
Change-Id: I0588d4be1e00ba1cfde0eac119ead368b20d10c9
flags were getting un-initialized memory
it really didn't matter with the flags getting initialized
anyway
But once I added a new flag that didn't explicitly
set or clear the flag at init well here we are
set flags to VP_DEFAULT_FLAGS in viewport_set_defaults()
add the flags variable to the default vp's set to 0
(it was already initialized to 0 by bss, make it explicit)
Change-Id: I3a9a062455b4cf66d2b8c70fdf05402a5c0c091c
Allow a clean shutdown to end in either power off or reboot. Add a
new event SYS_REBOOT to signal it and sys_reboot() to trigger the
event. SYS_REBOOT signals a reboot request and should be listened
for alongside SYS_POWEROFF events.
Change-Id: I99ba7fb5feed2bb5a0a40a274e8466ad74fe3a43
when drwing multiple areas of the screen with other gui elements
you might want to combine updates into a single screen redraw
Change-Id: Ie4130366fa13e25d3d14e937257d11547dd61134
MEM_ALIGN_ATTR should take advantage of cache line alignment on
all native CPUs which define it, not just ARM CPUs. (This could
arguably be done for hosted targets too, but we don't necessarily
know the size of a cache line there.)
Change-Id: Ife9302105ea57388afd55ce31da848b00b5b1b25
Hold "Play" to boot the OF, or boot it from the recovery menu
by holding "Vol. Up". If you had the hosted port installed on your
player before installing the native port, you'll still have to go
through the hosted bootloader.
A couple notes:
- When booting from the menu, the recovery menu disappears, then
reappears before going into the OF.
- You need to hold the play button for like a half second after the
blue light comes on in order to get into the OF.
The recovery appears to be there, but it doesn't seem to be intended
for end users - it just says "Updater V1.1 - Insert TF Pls". I haven't
tested it beyond seeing that it boots, so I'm going to comment it out
for now.
Change-Id: Ie271ee479bb628cc74141b7fe07273b3f193f358
This gets the volume that the path eventually refers to by parsing
the last volume specifier and returning the part of the path after
it (which does not contain any volume specifiers). The initial part
of the path therefore contains everything up to and including the
last volume specifier.
Change-Id: I9a935543256f8f22e0b8b1e3c88d4e47bd9dae8a
Enables multiboot for the FiiO M3K, Shanling Q1, and Eros Q native port.
Note this requires an up-to-date Rockbox _and_ bootloader.
Usage instructions will (eventually) be found on the wiki:
https://www.rockbox.org/wiki/MultibootBootloader
Change-Id: Ia2da1ad6ef611e499d2fbafa93838387bc1023ba
Searching in volume 0 is necessary for multiboot targets with only
one drive, like the M3K/Q1/ErosQ. Without this the search code will
never look at the redirect file on these targets.
The search bound is configured with a setting MULTIBOOT_MIN_VOLUME,
which defaults to 0, but is defined to 1 for Sansa players so they
keep their old behavior.
Change-Id: I6dc5cf98db4258731de2c68c3ab1182b4a4a655b
There should be no need for any compatibility hacks since this
value was mostly used internally between the SPL and bootloader.
clk_init() was the only user in the main Rockbox binary which
accessed it, but when loaded by the Rockbox bootloader that code
will not be reached since BOOT_FLAG_CLK_INIT is already set.
Change-Id: Idd68b9834172e652b47432bfb1e00c923ea35407
Removes the SPL's dual boot support code, and removes the dual
boot selection code on the M3K and Q1 since they can now do it
from the main bootloader.
Change-Id: Ie1b27e98c6ed4b3e37db86cfb485d6f3a6c5b25e
Screenshots of the recovery menu will be useful for documentation.
This can be disabled by turning off HAVE_BOOTLOADER_SCREENDUMP in
the target config file if the bootloader should ever run up against
max size limits.
Change-Id: I62ec1e465df2ca7a8a0e78625d88b31f6c4ef078
Basically, there's longstanding bug in Linux with self-extracting
kernels on MIPS which just happened to manifest now on the M3K as
a hang on boot. The fix is applied to the M3K and Q1 since they
both use this type of kernel image.
Change-Id: I17d2bad6eebd677cd6d2e0bf146450c71fcf1229
- Remove unused redefinitions of screen_dump() from bootloaders
- Use empty do-while when screendump is compiled out
Change-Id: I3ccdb0390ddaa28d8f561ff744d0db6aaef17f5d
Calling multiple levels of indirection in a loop slows things down
Really these need to be rewritten to take a start and end address
like most of the rest of the codebase
But this is safer without having test hardware in hand
Change-Id: Idae7b92ee779d020ed7fcc9334e2d5a9c710e64d
Replace inline section copy/fill loops with subroutines, which
reduces code size a bit and and handle zero size copies properly.
Remove the cache initialization loop as well. There's no actual
reason for this because the SPL initializes the caches and just
dropping the cache can even be harmful (in this case it wasn't,
because the SPL flushes the whole cache right before calling in).
Change-Id: I7cddc9ed6d060b1f1bdd75544297883d014cad2d
This is intended for debugging OF kernel boot problems and has
to be enabled manually at compile time to make it usable.
Change-Id: Ie5ce9f0a7639be0acf5e3879cfc3a7b8b89caa5c
Two helpers (_init_clocktree and _init_uart2) already existed in
the SPL and are copied verbatim from there. The SPL versions are
still present and will be removed when dual boot works from the
main bootloader.
The other two helpers (_cleanup and _load_pdma_fw) are new.
Change-Id: I4661667966e26f52e6c5142f1947d2a34b7008ef
On the bootloader there's no point reserving memory for these,
the only users of codecbuf/pluginbuf are in the apps/ tree.
Change-Id: Ib57b4d59aff8f4dcc753d7993956ed15e61cdc52
Using the audio buffer directly is a bad idea because this will
render core_alloc non-functional if load_firmware() writes into
the buffer but then fails, for example on a checksum mismatch.
Change-Id: Ib2d17bcea53bdea1c4c5496cec0c4eee5dd66069
Document what the symbols are supposed to mean, fixup SPL's
usage of DRAM_END which should really be SDRAM_END instead.
No functional changes.
Change-Id: Ie85b0ee35fea8b7858891e5b9d6634eaae42c9f8
The implementation of write_bootdata() and get_redirect_dir() was
copied verbatim in two different places, obviously a bad thing for
maintainability. This moves them to a new file multiboot.c as they
are only used for multiboot.
Change-Id: Id0279216e4dd019f8bf612a81d3835eff010e506
This looks like it was copy-pasted blindly from elsewhere and it
wouldn't even compile, since hosted RoLo is completely different
from native RoLo.
Change-Id: I4074f5323dcbdae85db8a04f222c858e9a228432
The header format is basic, a variable length list of values
tagged by 4-byte strings. The main application to to allow a
loader to determine the load address of the binary at runtime
instead of using a hardcoded address. But the header contents
aren't fixed and it could be extended for other purposes too.
Change-Id: If51d85b4c2eb53c919a91b54985b157e8e5c20ef
filename buffer was too small to retrieve redirect path
if redirected to sd root remove <SD1> as it is redundant
Change-Id: I1326601f1ba4a18d6bc173798759eb762b55528c
Adds a loader for the legacy uImage format that is commonly used on
embedded Linux systems. It verifies checksums and supports uncompressed
and gzipped images. Supports arbitrary reader functions to allow the
images to be streamed off any storage device, for optimal RAM use.
Change-Id: I93c35f9a6f323999a22a07300e05627fabfcbd2c
This didn't account for partial page reads properly which resulted
in corrupted data. Fortunately, current released bootloaders do not
perform such reads so they don't trigger this bug.
Change-Id: I426a95ef8d0f20f4567498530e216d80e1aceef2
Helper for another semi-typical operation: find out how big of a
buffer should be allocated before decompressing. This can be useful
when the stream container doesn't specify the decompressed size.
Change-Id: I5f1536f809bb6f9bc6023120c024c3de7cea4269
Using an in-memory buffer for the input or output data for 'inflate'
is likely to be extremely common and there's really only one way to
do it, so predefined helpers should be provided.
Change-Id: Ifd22e7b140a08e0e7dc05aec6b340dff5e2d9d0a
Loads external drive into root namespace
Root Redirects can now be put into different folders
For instance placing '/_test' into SD1/rockbox_main.<playername>
will redirect to /<1>/_test/.rockbox
Debug menu>Bootdata now has root directory listed in addition to RAW Bootdata
Redirect root work from Michael Sevakis g#1556, RESTORED -> g#4256
Change-Id: Ia97cf50ff5f5b440877f9c005da6f12c53af931e
Provide definitions for the macros:
* RB_ROOT_VOL_HIDDEN(v) to exclude certain items from the root.
* RB_ROOT_CONTENTS to return a string with the name of the
directory to mount in the root.
Defaults are in export/rbpaths.h
It's a bit much for those that don't need the full functionality.
Some conditional define can cut it back a lot to cut out things only
needed if alternate root mounts are required. I'm just not bothering
yet. The basic concept would be applied to all targets to keep file
code from forking too much.
Change-Id: I3b5a14c530ff4b10d97f67636237d96875eb8969
Author: Michael Sevakis
There are various allocations that can't be moved or shrunk.
Provide a global callback struct for this use case instead of
making each caller declare its own dummy struct.
Also fixed ROLO and x1000 installer code which incorrectly
used movable allocations.
Change-Id: I00088396b9826e02e69a4a33477fe1a7816374f1
Tested with my SansaClip+. I don't think this will need extra battery
but let me know if I am wrong.
Change-Id: I287dae134113e0f8a138af68f5087b8ea45b0f4c
This kind of reverts 7b596416bf ("Gigabeat S: Update RDS processing to
use asynchronous I2C rather than thread."). However, requiring RDS to
run in thread context will a) allow more upcoming features and b) remove
quite some complexity from the codebase (see the diffstat here) because
Gigabeat is the only user. iMX31 should be able to handle one more
thread, as it can even run Linux.
Change-Id: I46130034595ba66392c5417c275d036f4bd26943
