Commit 6d5ff8e6 authored by Karen Dombroski's avatar Karen Dombroski Committed by Mark Brown

spi: spi-zynq-qspi: Fix stack violation bug

When the number of bytes for the op is greater than one, the read could
run off the end of the function stack and cause a crash.

This patch restores the behaviour of safely reading out of the original
opcode location.
Signed-off-by: default avatarKaren Dombroski <karen.dombroski@marsbioimaging.com>
Signed-off-by: default avatarAmit Kumar Mahapatra <amit.kumar-mahapatra@xilinx.com>
Link: https://lore.kernel.org/r/20210429053802.17650-3-amit.kumar-mahapatra@xilinx.comSigned-off-by: default avatarMark Brown <broonie@kernel.org>
parent 121271f0
......@@ -528,18 +528,17 @@ static int zynq_qspi_exec_mem_op(struct spi_mem *mem,
struct zynq_qspi *xqspi = spi_controller_get_devdata(mem->spi->master);
int err = 0, i;
u8 *tmpbuf;
u8 opcode = op->cmd.opcode;
dev_dbg(xqspi->dev, "cmd:%#x mode:%d.%d.%d.%d\n",
opcode, op->cmd.buswidth, op->addr.buswidth,
op->cmd.opcode, op->cmd.buswidth, op->addr.buswidth,
op->dummy.buswidth, op->data.buswidth);
zynq_qspi_chipselect(mem->spi, true);
zynq_qspi_config_op(xqspi, mem->spi);
if (op->cmd.nbytes) {
if (op->cmd.opcode) {
reinit_completion(&xqspi->data_completion);
xqspi->txbuf = &opcode;
xqspi->txbuf = (u8 *)&op->cmd.opcode;
xqspi->rxbuf = NULL;
xqspi->tx_bytes = op->cmd.nbytes;
xqspi->rx_bytes = op->cmd.nbytes;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment