FreeCalypso > hg > fc-magnetite
annotate doc/FCDEV3B-hardware-bug @ 516:1ed9de6c90bd
src/g23m-gsm/sms/sms_for.c: bogus malloc removed
The new error handling code that was not present in TCS211 blob version
contains a malloc call that is bogus for 3 reasons:
1) The memory allocation in question is not needed in the first place;
2) libc malloc is used instead of one of the firmware's proper ways;
3) The memory allocation is made inside a function and then never freed,
i.e., a memory leak.
This bug was caught in gcc-built FreeCalypso fw projects (Citrine
and Selenite) because our gcc environment does not allow any use of
libc malloc (any reference to malloc produces a link failure),
but this code from TCS3.2 is wrong even for Magnetite: if this code
path is executed repeatedly over a long time, the many small allocations
made by this malloc call without a subsequent free will eventually
exhaust the malloc heap provided by the TMS470 environment, malloc will
start returning NULL, and the bogus code will treat it as an error.
Because the memory allocation in question is not needed at all,
the fix entails simply removing it.
| author | Mychaela Falconia <falcon@freecalypso.org> |
|---|---|
| date | Sun, 22 Jul 2018 06:04:49 +0000 |
| parents | 15c61c8f3166 |
| children |
| rev | line source |
|---|---|
|
474
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
1 Our current FCDEV3B boards exhibit a hardware bug: the reset input to the flash |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
2 chip is connected to Calypso's FDP output per both TI's Leonardo reference |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
3 schematics and Openmoko's working design, but this arrangement turns out to be |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
4 unsuitable for the high-capacity Spansion S71PL129NC0HFW4B flash+pSRAM chip we |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
5 are using, copied from Pirelli DP-L10. This hardware bug has manifested itself |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
6 in two different ways so far: |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
7 |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
8 * Out of the 20 boards we've built so far, on just one board there was an issue |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
9 where our standard Magnetite fw would have trouble booting from flash, but |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
10 RAM-loaded fw booted fine. Interrupting the boot process serially and having |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
11 the serially loaded code jump to the image in flash also worked fine. |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
12 Eventually it was found that the flash boot problem on that one board occurs |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
13 only when flash boot mode 1 is used, whereas flash boot mode 0 works fine. I |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
14 (Mychaela) suspect that the problem has something to do with the watchdog |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
15 reset that happens as part of flash boot mode 1, the FDP output behaviour |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
16 during that watchdog reset, and the flash chip's reaction to the latter. |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
17 |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
18 * On all of the boards there is a problem with sleep modes: when the firmware |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
19 is running from flash as opposed to RAM, certain sleep-wake sequences cause |
|
483
15c61c8f3166
doc/FCDEV3B-hardware-bug: update on the investigation and the proposed fix
Mychaela Falconia <falcon@freecalypso.org>
parents:
474
diff
changeset
|
20 an erratic self-reboot or a hang. Oscilloscope probing on a decased Pirelli |
|
15c61c8f3166
doc/FCDEV3B-hardware-bug: update on the investigation and the proposed fix
Mychaela Falconia <falcon@freecalypso.org>
parents:
474
diff
changeset
|
21 DP-L10 motherboard on which Calypso's FDP output is accessible seems to |
|
15c61c8f3166
doc/FCDEV3B-hardware-bug: update on the investigation and the proposed fix
Mychaela Falconia <falcon@freecalypso.org>
parents:
474
diff
changeset
|
22 confirm my (Mychaela's) suspicion that this FDP signal goes low during all |
|
15c61c8f3166
doc/FCDEV3B-hardware-bug: update on the investigation and the proposed fix
Mychaela Falconia <falcon@freecalypso.org>
parents:
474
diff
changeset
|
23 sleep modes, and the current working hypothesis is that our Spansion flash |
|
15c61c8f3166
doc/FCDEV3B-hardware-bug: update on the investigation and the proposed fix
Mychaela Falconia <falcon@freecalypso.org>
parents:
474
diff
changeset
|
24 chip gets unhappy with the reset timing it gets subjected to, and some flash |
|
15c61c8f3166
doc/FCDEV3B-hardware-bug: update on the investigation and the proposed fix
Mychaela Falconia <falcon@freecalypso.org>
parents:
474
diff
changeset
|
25 reads (instruction fetches) don't work after wakeup. So far the only workable |
|
474
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
26 solution has been to disable all sleep modes in all FCDEV3B fw builds; |
|
483
15c61c8f3166
doc/FCDEV3B-hardware-bug: update on the investigation and the proposed fix
Mychaela Falconia <falcon@freecalypso.org>
parents:
474
diff
changeset
|
27 nothing else has been successful. However, re-enabling all of these sleep |
|
15c61c8f3166
doc/FCDEV3B-hardware-bug: update on the investigation and the proposed fix
Mychaela Falconia <falcon@freecalypso.org>
parents:
474
diff
changeset
|
28 modes with AT%SLEEP=4 works fine when the firmware image executes out of RAM |
|
15c61c8f3166
doc/FCDEV3B-hardware-bug: update on the investigation and the proposed fix
Mychaela Falconia <falcon@freecalypso.org>
parents:
474
diff
changeset
|
29 instead of flash, further supporting our current working hypothesis as to the |
|
15c61c8f3166
doc/FCDEV3B-hardware-bug: update on the investigation and the proposed fix
Mychaela Falconia <falcon@freecalypso.org>
parents:
474
diff
changeset
|
30 root cause. |
|
474
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
31 |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
32 The fcdev3b-hacks directory contains two hacks that can be applied to FCDEV3B |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
33 firmware images (fwimage.bin builds) as xxd binary patches: |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
34 |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
35 * The first hack dating from 2017-05 patches the fw to use flash boot mode 0 |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
36 instead of TI's original flash boot mode 1, but after boot the FFFF:FB10 |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
37 register is set to put the flash and not the internal ROM at address 0, so |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
38 the interrupt and exception vectors go to the flash like in TI's original fw, |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
39 not through the internal ROM. This hack was put together for the purpose of |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
40 producing flashable fw images that boot without problems on that one board on |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
41 which flash boot mode 1 didn't work, and worked successfully for that purpose. |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
42 |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
43 * The second hack dating from 2018-03 patches the fw to not only use flash boot |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
44 mode 0, but also route the interrupt and exception vectors through Calypso's |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
45 internal ROM. I was hoping that this hack would make the sleep mode problem |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
46 go away by having the Calypso execute some cycles out of its internal ROM and |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
47 RAM before hitting the flash after wakeup, but nope, bringing up the SIM |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
48 interface with AT+CFUN=1 in the l1reconst config when running from flash with |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
49 small sleep enabled still triggers erratic misbehaviour even with this patch. |
|
8fbf3c0ea8b6
doc: Flash-boot-mode-hack article replaced with FCDEV3B-hardware-bug
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
50 |
|
483
15c61c8f3166
doc/FCDEV3B-hardware-bug: update on the investigation and the proposed fix
Mychaela Falconia <falcon@freecalypso.org>
parents:
474
diff
changeset
|
51 The proper fix will require a new PCB spin to change the flash reset wiring: |
|
15c61c8f3166
doc/FCDEV3B-hardware-bug: update on the investigation and the proposed fix
Mychaela Falconia <falcon@freecalypso.org>
parents:
474
diff
changeset
|
52 instead of driving it with Calypso's FDP output, use the ON_nOFF master reset |
|
15c61c8f3166
doc/FCDEV3B-hardware-bug: update on the investigation and the proposed fix
Mychaela Falconia <falcon@freecalypso.org>
parents:
474
diff
changeset
|
53 signal from Iota's VRPC block, fed through a logic voltage level translating |
|
15c61c8f3166
doc/FCDEV3B-hardware-bug: update on the investigation and the proposed fix
Mychaela Falconia <falcon@freecalypso.org>
parents:
474
diff
changeset
|
54 buffer to change it from 1.5 V to 2.8 V logic. The flash chip we are using has |
|
15c61c8f3166
doc/FCDEV3B-hardware-bug: update on the investigation and the proposed fix
Mychaela Falconia <falcon@freecalypso.org>
parents:
474
diff
changeset
|
55 lower power consumption when it is NOT held in reset, hence unlike TI's intent |
|
15c61c8f3166
doc/FCDEV3B-hardware-bug: update on the investigation and the proposed fix
Mychaela Falconia <falcon@freecalypso.org>
parents:
474
diff
changeset
|
56 with FDP, we don't want our flash chip to go into reset during any sleep at all. |
|
15c61c8f3166
doc/FCDEV3B-hardware-bug: update on the investigation and the proposed fix
Mychaela Falconia <falcon@freecalypso.org>
parents:
474
diff
changeset
|
57 |
|
15c61c8f3166
doc/FCDEV3B-hardware-bug: update on the investigation and the proposed fix
Mychaela Falconia <falcon@freecalypso.org>
parents:
474
diff
changeset
|
58 The new PCB revision with this change is now in the process of being finalized, |
|
15c61c8f3166
doc/FCDEV3B-hardware-bug: update on the investigation and the proposed fix
Mychaela Falconia <falcon@freecalypso.org>
parents:
474
diff
changeset
|
59 and we will soon need the funding to produce the new boards. Anyone who is |
|
15c61c8f3166
doc/FCDEV3B-hardware-bug: update on the investigation and the proposed fix
Mychaela Falconia <falcon@freecalypso.org>
parents:
474
diff
changeset
|
60 interested in helping to make FCDEV3B V2 a reality should email Mychaela. |