Unhandeld exception when communicating with HC05

[teeheee]

Hello,

I tried this code a year ago and it worked good. Now I wanted to use it again with the same setup but it always breaks when Blueflash communicates with the Module. I tried it on two different PCs with wine-1.6.2, windows7 and windows10 and tried the prebuild version and build it myself. It is always the same behaviour. I also tried different usb Ports.

TLDR: OS: Xubuntu with wine-1.6.2 or windows7 or windows10 Bluesuite: 2.4 usbspi.dll: prebuild-0.5.1, prebuild-0.5.2 and ownbuild-0.5.2 (for all OSs) FTDI-CHIP: probably real FT232RL Problem: Bluesuite crashes when using the usbspi.dll.

Here is the stacktrace I got from wine when using the prebuild version of the dll.

Unhandled exception: page fault on read access to 0x45455246 in 32-bit code (0x7e089124). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:7e089124 ESP:0033d4fc EBP:0033d544 EFLAGS:00010202( R- -- I - - - ) EAX:45455246 EBX:7e098000 ECX:798ef768 EDX:00000000 ESI:0041a5c0 EDI:00000001 Stack dump: 0x0033d4fc: 7e0938f6 7e092f89 0000016d 00000004 0x0033d50c: 7e0930c3 00000001 00000010 45455246 0x0033d51c: 0000d6c0 00000000 5a7d53b4 00010b9d 0x0033d52c: 00000000 00000000 00000000 00000000 0x0033d53c: 7e098000 7e098000 0033d594 7e087897 0x0033d54c: 00000001 00000010 45455246 0000d6c0 Backtrace: =>0 0x7e089124 spi_xfer+0xfe() in usbspi (0x0033d544) 1 0x7e087897 in usbspi (+0x7896) (0x0033d594) 2 0x7e087fcc spifns_stream_sequence+0xe2() in usbspi (0x0033d5d4) 0x7e089124 spi_xfer+0xfe in usbspi: movzwl 0x0(%eax),%eax Modules: Module Address Debug info Name (65 modules) PE 340000- 35f000 Export pttransport PE 400000- 412000 Deferred blueflash PE 10000000-10023000 Deferred flash PE 5d360000-5d370000 Deferred mfc80deu PE 78130000-781cb000 Deferred msvcr80 PE 781d0000-782e0000 Deferred mfc80 ELF 7b800000-7ba54000 Deferred kernel32 -PE 7b810000-7ba54000 \ kernel32 ELF 7bc00000-7bcda000 Deferred ntdll -PE 7bc10000-7bcda000 \ ntdll ELF 7bf00000-7bf04000 Deferred PE 7c420000-7c4a7000 Deferred msvcp80 ELF 7e071000-7e09d000 Dwarf usbspi -PE 7e080000-7e09d000 \ usbspi ELF 7e09d000-7e192000 Deferred comctl32 -PE 7e0a0000-7e192000 \ comctl32 ELF 7e1ec000-7e22d000 Deferred usp10 -PE 7e1f0000-7e22d000 \ usp10 ELF 7e278000-7e2ad000 Deferred uxtheme -PE 7e280000-7e2ad000 \ uxtheme ELF 7e2ad000-7e2b4000 Deferred libxfixes.so.3 ELF 7e2b4000-7e2c0000 Deferred libxcursor.so.1 ELF 7e2c0000-7e2d3000 Deferred libxi.so.6 ELF 7e2d3000-7e2d7000 Deferred libxcomposite.so.1 ELF 7e2d7000-7e2e4000 Deferred libxrandr.so.2 ELF 7e2e4000-7e2f0000 Deferred libxrender.so.1 ELF 7e2f0000-7e2f7000 Deferred libxxf86vm.so.1 ELF 7e2f7000-7e2fb000 Deferred libxinerama.so.1 ELF 7e2fb000-7e302000 Deferred libxdmcp.so.6 ELF 7e302000-7e306000 Deferred libxau.so.6 ELF 7e306000-7e32c000 Deferred libxcb.so.1 ELF 7e32c000-7e477000 Deferred libx11.so.6 ELF 7e477000-7e48c000 Deferred libxext.so.6 ELF 7e48e000-7e4b2000 Deferred imm32 -PE 7e490000-7e4b2000 \ imm32 ELF 7e4b4000-7e541000 Deferred winex11 -PE 7e4c0000-7e541000 \ winex11 ELF 7e669000-7e693000 Deferred libexpat.so.1 ELF 7e693000-7e6dc000 Deferred libfontconfig.so.1 ELF 7e6dc000-7e707000 Deferred libpng12.so.0 ELF 7e707000-7e722000 Deferred libz.so.1 ELF 7e722000-7e7d2000 Deferred libfreetype.so.6 ELF 7e7fa000-7e870000 Deferred shlwapi -PE 7e810000-7e870000 \ shlwapi ELF 7e870000-7e91f000 Deferred msvcrt -PE 7e880000-7e91f000 \ msvcrt ELF 7e945000-7ea5c000 Deferred gdi32 -PE 7e950000-7ea5c000 \ gdi32 ELF 7ea5c000-7ebaa000 Deferred user32 -PE 7ea70000-7ebaa000 \ user32 ELF 7ebaa000-7ec16000 Deferred advapi32 -PE 7ebc0000-7ec16000 \ advapi32 ELF 7ec16000-7ec29000 Deferred libnss_files.so.2 ELF 7ec29000-7ec36000 Deferred libnss_nis.so.2 ELF 7ec36000-7ec51000 Deferred libnsl.so.1 ELF 7ef83000-7efd8000 Deferred libm.so.6 ELF 7efe7000-7f000000 Deferred version -PE 7eff0000-7f000000 \ version ELF f7355000-f735f000 Deferred libnss_compat.so.2 ELF f7361000-f7366000 Deferred libdl.so.2 ELF f7366000-f751c000 Deferred libc.so.6 ELF f751c000-f7539000 Deferred libpthread.so.0 ELF f7561000-f7716000 Dwarf libwine.so.1 ELF f7717000-f773c000 Deferred ld-linux.so.2 ELF f773f000-f7740000 Deferred [vdso].so Threads: process tid prio (all id:s are in hex) 0000000e services.exe 0000001e 0 0000001d 0 00000014 0 00000010 0 0000000f 0 00000012 winedevice.exe 0000001c 0 00000019 0 00000017 0 00000013 0 0000001a plugplay.exe 00000020 0 0000001f 0 0000001b 0 0000002b explorer.exe 0000002d 0 0000002c 0 0000002e (D) C:\Program Files (x86)\CSR\BlueSuite 2.4\BlueFlash.exe 0000002f 0 <== System information: Wine build: wine-1.6.2 Platform: i386 (WOW64) Host system: Linux Host version: 4.4.0-112-generic

[teeheee]

This is what the spi communication looks like when HC05 is connected. And when the HC05 is not connected and the bug not happening.

[lorf]

Looks like a bug in driver. Unfortunately I have no HW to test at the moment. If You can assist in debugging, can You please rerun in wine with wine debugging turned on like this:

env WINEDEBUG=+relay blueflashcmd.exe chipver 2>&1 | grep usbspi

and post the result.

[teeheee]

I ran the setup with the following command:

env WINEDBG=+relay wine BlueFlashCmd.exe chipver 2>&1 | grep usbspi

and it gave this output:

=>0 0x7e2a6124 spi_xfer+0xfe() in usbspi (0x0033f704) 1 0x7e2a4897 in usbspi (+0x4896) (0x0033f754) 2 0x7e2a4fcc spifns_stream_sequence+0xe2() in usbspi (0x0033f794) 0x7e2a6124 spi_xfer+0xfe in usbspi: movzwl 0x0(%eax),%eax ELF 7e28e000-7e2ba000 Dwarf usbspi -PE 7e2a0000-7e2ba000 \ usbspi

[teeheee]

I found a solution to fix my error. There was some padding problem in SPISEQ_1_4. I tried to pack the struct but it didn't work so I wrote some ugly code to get it to program. Here is the method I changed:

DLLEXPORT int spifns_stream_sequence(spifns_stream_t stream, SPISEQ_1_4 *_pSequence, int nCount)
{
    LOG(DEBUG, "(%d, %p, %d)", stream, _pSequence, nCount);

    int nRetval=0;

    unsigned short* pshort = (unsigned short*)_pSequence; //save the address in convinient datatype
    while (nCount--) {
    SPISEQ_1_4 *pSequence = (SPISEQ_1_4 *)pshort;
    SPISEQ_1_4 Sequence; 
    Sequence.nType = pSequence->nType; //first element has no padding
    Sequence.rw.nAddress = pshort[2]; //enum is 32 bit so offset is 4 byte
    Sequence.rw.nLength = pshort[3];  
    unsigned short** ppshort = (unsigned short**)pshort;
    Sequence.rw.pnData = (unsigned short*)ppshort[2]; // 32 bit address

    if(_pSequence->nType==0 || _pSequence->nType==1) //one type is diffrent?
        pSequence = &Sequence;

        LOG(DEBUG, "command %d", pSequence->nType);
        switch (pSequence->nType) {
        case SPISEQ_1_4::TYPE_READ:
            if (spifns_sequence_read(pSequence->rw.nAddress,pSequence->rw.nLength,pSequence->rw.pnData)==1)
                nRetval=1;
            break;
        case SPISEQ_1_4::TYPE_WRITE:
            if (spifns_sequence_write(pSequence->rw.nAddress,pSequence->rw.nLength,pSequence->rw.pnData)==1)
                nRetval=1;
            break;
        case SPISEQ_1_4::TYPE_SETVAR:
            if (spifns_sequence_setvar(pSequence->setvar.szName,pSequence->setvar.szValue)==1)
                nRetval=1;
            break;
        default:
            LOG(WARN, "Sequence command not implemented: %d", pSequence->nType);
            g_nError = SPIFNS_ERROR_INVALID_PARAMETER;
            snprintf(g_szErrorString, sizeof(g_szErrorString),
                    "sequence command %d not implemented", pSequence->nType);
            nRetval = 1;
        }
        pshort+=6; // increment by 6 shorts is 12 byte is one package
    }
    return nRetval;
}

I do not suggest using this code, but maybe someone who knows the project better can fix the padding problem.

[lorf]

Thanks for your analysis and code! It looks like BlueSuite 2.4 uses SPI API 1.3, but calls spifns_stream_sequence(), which should support that case.

I added appropriate changes to issue-28 branch. If You still have time and HW, can You please test this branch or the precompiled binaries here: https://github.com/lorf/csr-spi-ftdi/releases/tag/0.5.3-a2 ?