Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

usbus/dfu: fix underflow condition while updating firmware #17128

Merged
merged 1 commit into from
Nov 4, 2021
Merged

usbus/dfu: fix underflow condition while updating firmware #17128

merged 1 commit into from
Nov 4, 2021

Conversation

dylad
Copy link
Member

@dylad dylad commented Nov 3, 2021
edited by kaspar030
Loading

Contribution description

This PR fixes an underflow condition which can occurs if host sends less than 4 bytes of data during a DFU download operation.

While loading a new firmware through a DFU_DNLOAD request, DFU skips the RIOTBOOT_FLASHWRITE_SKIPLEN bytes as we don't need them in flash. This skip wasn't guarded so if theDFU_DNLOAD request contains less than RIOTBOOT_FLASHWRITE_SKIPLEN bytes, an underflow integer occurs with unexpected behaviour. Thus, add a proper check to prevent this situation from happening by stalling the request if it has less than RIOTBOOT_FLASHWRITE_SKIPLEN bytes of data.

edit:
The internal DFU state machine was also updated and will now returns dfuERROR in case of failure (underflow or flash write failure) to the host (through GET_STATUS request).
A new request handling was added to clear this error and return to dfuIDLE (CLRSTATUS request).
This way dfu-util safely abort the dfu upgrade procedure and indicate that something was wrong. A new dfu update can be made right after without restarting the device.

Testing procedure

Issues/PRs references

Reported-by @szymonh through the forum, many thanks for his report !

@github-actions github-actions bot added Area: sys Area: System Area: USB Area: Universal Serial Bus labels Nov 3, 2021
@dylad dylad added the Type: bug The issue reports a bug / The PR fixes a bug (including spelling errors) label Nov 3, 2021
@dylad dylad added this to the Release 2022.01 milestone Nov 3, 2021
bergzand
bergzand reviewed Nov 3, 2021
View reviewed changes
sys/usb/usbus/dfu/dfu.c Outdated Show resolved Hide resolved
@bergzand
Copy link
Member

bergzand commented Nov 3, 2021

Please squash!

@dylad
usbus/dfu: fix underflow condition while updating firmware
64a82c9 
Reports dfuERROR if underflow is detected or if flash write failed
Implement DFU control CLRSTATUS while at it to clear dfuERROR by the host
@dylad dylad force-pushed the pr/usbus/dfu/fix_underflow_condition branch from d545639 to 64a82c9 Compare November 3, 2021 16:07
@bergzand bergzand added the CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR label Nov 3, 2021
bergzand
bergzand approved these changes Nov 4, 2021
View reviewed changes
Copy link
Member

@bergzand bergzand left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested this on an nrf52840dk with the bootloaders/riotboot_dfu example. Sending a 2 byte payload now properly returns an error to the host:

dfu-utils 
koen@morgen ~/dev/RIOT-review/bootloaders/riotboot_dfu $ dfu-util -D payload.bin  -a 1
dfu-util 0.9

Copyright 2005-2009 Weston Schmidt, Harald Welte and OpenMoko Inc.
Copyright 2010-2016 Tormod Volden and Stefan Schmidt
This program is Free Software and has ABSOLUTELY NO WARRANTY
Please report bugs to http://sourceforge.net/p/dfu-util/tickets/

dfu-util: File too short for DFU suffix
dfu-util: A valid DFU suffix will be required in a future dfu-util release!!!
Opening DFU capable USB device...
ID 1209:7d02
Run-time device DFU version 0110
Claiming USB DFU Interface...
Setting Alternate Setting #1 ...
Determining device status: state = dfuIDLE, status = 0
dfuIDLE, continuing
DFU mode device DFU version 0110
Device returned transfer size 64
Copying data from PC to DFU device
Download        [                         ]   0%            0 bytesdfu-util: Error during download
koen@morgen ~/dev/RIOT-review/bootloaders/riotboot_dfu $ dfu-util -D payload.bin  -a 1
dfu-util 0.9

Copyright 2005-2009 Weston Schmidt, Harald Welte and OpenMoko Inc.
Copyright 2010-2016 Tormod Volden and Stefan Schmidt
This program is Free Software and has ABSOLUTELY NO WARRANTY
Please report bugs to http://sourceforge.net/p/dfu-util/tickets/

dfu-util: File too short for DFU suffix
dfu-util: A valid DFU suffix will be required in a future dfu-util release!!!
Opening DFU capable USB device...
ID 1209:7d02
Run-time device DFU version 0110
Claiming USB DFU Interface...
Setting Alternate Setting #1 ...
Determining device status: state = dfuERROR, status = 0
dfuERROR, clearing status
Determining device status: state = dfuIDLE, status = 0
dfuIDLE, continuing
DFU mode device DFU version 0110
Device returned transfer size 64
Copying data from PC to DFU device
Download        [                         ]   0%            0 bytesdfu-util: Error during download

@bergzand bergzand merged commit b0d5e9a into RIOT-OS:master Nov 4, 2021
@bergzand
Copy link
Member

bergzand commented Nov 4, 2021

Thanks for the quick fix @dylad

@dylad dylad deleted the pr/usbus/dfu/fix_underflow_condition branch November 4, 2021 08:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bergzand bergzand bergzand approved these changes

@aabadie aabadie Awaiting requested review from aabadie aabadie is a code owner

Assignees

@bergzand bergzand

Labels
Area: sys Area: System Area: USB Area: Universal Serial Bus CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR Type: bug The issue reports a bug / The PR fixes a bug (including spelling errors)
Projects
None yet
Milestone
Release 2022.01
Development

Successfully merging this pull request may close these issues.
2 participants
@dylad @bergzand