Message ID | 20210318102446.25142-3-amit.kumar-mahapatra@xilinx.com (mailing list archive) |
---|---|
State | Superseded |
Headers | show |
Series | spi: spi-zynq-qspi: Fix stack violation bug | expand |
On Thu, Mar 18, 2021 at 04:24:46AM -0600, Amit Kumar Mahapatra wrote: > When the number of bytes for the op is greater than one, the read could > run off the end of the function stack and cause a crash. > This patch restores the behaviour of safely reading out of the original > opcode location. > Kernel panic - not syncing: stack-protector: Kernel stack is corrupted > in: zynq_qspi_exec_mem_op+0x1c0/0x2e0 > CPU1: stopping Please think hard before including complete backtraces in upstream reports, they are very large and contain almost no useful information relative to their size so often obscure the relevant content in your message. If part of the backtrace is usefully illustrative (it often is for search engines if nothing else) then it's usually better to pull out the relevant sections.
diff --git a/drivers/spi/spi-zynq-qspi.c b/drivers/spi/spi-zynq-qspi.c index 1acde9e24973..5a3d81c31d04 100644 --- a/drivers/spi/spi-zynq-qspi.c +++ b/drivers/spi/spi-zynq-qspi.c @@ -528,18 +528,17 @@ static int zynq_qspi_exec_mem_op(struct spi_mem *mem, struct zynq_qspi *xqspi = spi_controller_get_devdata(mem->spi->master); int err = 0, i; u8 *tmpbuf; - u8 opcode = op->cmd.opcode; dev_dbg(xqspi->dev, "cmd:%#x mode:%d.%d.%d.%d\n", - opcode, op->cmd.buswidth, op->addr.buswidth, + op->cmd.opcode, op->cmd.buswidth, op->addr.buswidth, op->dummy.buswidth, op->data.buswidth); zynq_qspi_chipselect(mem->spi, true); zynq_qspi_config_op(xqspi, mem->spi); - if (op->cmd.nbytes) { + if (op->cmd.opcode) { reinit_completion(&xqspi->data_completion); - xqspi->txbuf = &opcode; + xqspi->txbuf = (u8 *)&op->cmd.opcode; xqspi->rxbuf = NULL; xqspi->tx_bytes = op->cmd.nbytes; xqspi->rx_bytes = op->cmd.nbytes;