mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-01 06:33:07 +00:00
Code Issues Releases Wiki Activity

spi: spi-zynqmp-gqspi: Resolved slab-out-of-bounds bug

Browse source 
During a transfer the driver filled the fifo with 4bytes,
even if the data that needs to be transfer is less that 4bytes.
This resulted in slab-out-of-bounds bug in KernelAddressSanitizer.

This patch resolves slab-out-of-bounds bug by filling the fifo
with the number of bytes that needs to transferred.

Signed-off-by: Amit Kumar Mahapatra <amit.kumar-mahapatra@xilinx.com>
Link: https://lore.kernel.org/r/20210416004652.2975446-4-quanyang.wang@windriver.com
Signed-off-by: Mark Brown <broonie@kernel.org>
This commit is contained in:
Amit Kumar Mahapatra 2021-04-16 08:46:50 +08:00 committed by Mark Brown
parent 799f923f0a
commit 2530b3df43
No known key found for this signature in database
GPG key ID: 24D68B725D5487D0
1 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
drivers/spi/spi-zynqmp-gqspi.c
View file

@ -509,17 +509,19 @@ static void zynqmp_qspi_filltxfifo(struct zynqmp_qspi *xqspi, int size)
u32 count = 0, intermediate;
while ((xqspi->bytes_to_transfer > 0) && (count < size) && (xqspi->txbuf)) {
memcpy(&intermediate, xqspi->txbuf, 4);
zynqmp_gqspi_write(xqspi, GQSPI_TXD_OFST, intermediate);
if (xqspi->bytes_to_transfer >= 4) {
memcpy(&intermediate, xqspi->txbuf, 4);
xqspi->txbuf += 4;
xqspi->bytes_to_transfer -= 4;
count += 4;
} else {
memcpy(&intermediate, xqspi->txbuf,
xqspi->bytes_to_transfer);
xqspi->txbuf += xqspi->bytes_to_transfer;
xqspi->bytes_to_transfer = 0;
count += xqspi->bytes_to_transfer;
}
count++;
zynqmp_gqspi_write(xqspi, GQSPI_TXD_OFST, intermediate);
}
}