Re: [PATCH 2/2] spi: spi-zynq-qspi: Fix stack violation bug

2021-03-18 Thread Mark Brown 
On Thu, Mar 18, 2021 at 04:24:46AM -0600, Amit Kumar Mahapatra wrote:

> When the number of bytes for the op is greater than one, the read could
> run off the end of the function stack and cause a crash.

> This patch restores the behaviour of safely reading out of the original
> opcode location.

> Kernel panic - not syncing: stack-protector: Kernel stack is corrupted
>  in: zynq_qspi_exec_mem_op+0x1c0/0x2e0
> CPU1: stopping

Please think hard before including complete backtraces in upstream
reports, they are very large and contain almost no useful information
relative to their size so often obscure the relevant content in your
message. If part of the backtrace is usefully illustrative (it often is
for search engines if nothing else) then it's usually better to pull out
the relevant sections.


signature.asc
Description: PGP signature

[PATCH 2/2] spi: spi-zynq-qspi: Fix stack violation bug

2021-03-18 Thread Amit Kumar Mahapatra 
From: Karen Dombroski 

When the number of bytes for the op is greater than one, the read could
run off the end of the function stack and cause a crash.

This patch restores the behaviour of safely reading out of the original
opcode location.

Kernel panic - not syncing: stack-protector: Kernel stack is corrupted
 in: zynq_qspi_exec_mem_op+0x1c0/0x2e0
CPU1: stopping
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.9.11-mars-2020.11 #2
Hardware name: Xilinx Zynq Platform
[] (unwind_backtrace) from [] (show_stack+0x10/0x14)
[] (show_stack) from [] (dump_stack+0xb8/0xd4)
[] (dump_stack) from [] (handle_IPI+0xe0/0x1a4)
[] (handle_IPI) from [] (gic_handle_irq+0x84/0x90)
[] (gic_handle_irq) from [] (__irq_svc+0x6c/0xa8)
Exception stack(0xef087f58 to 0xef087fa0)
7f40:   0780 ef7e26f4
7f60:  c0114380   ef086000 c0903eec 0002 ef087fb8
7f80: c0903f28  ffe8 ef087fa8 c0106824 c0106814 6013 
[] (__irq_svc) from [] (arch_cpu_idle+0x1c/0x38)
[] (arch_cpu_idle) from [] (default_idle_call+0x20/0x28)
[] (default_idle_call) from [] (do_idle+0x124/0x22c)
[] (do_idle) from [] (cpu_startup_entry+0x18/0x1c)
[] (cpu_startup_entry) from [<001014ac>] (0x1014ac)

Signed-off-by: Karen Dombroski 
Signed-off-by: Amit Kumar Mahapatra 
---
 drivers/spi/spi-zynq-qspi.c | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/drivers/spi/spi-zynq-qspi.c b/drivers/spi/spi-zynq-qspi.c
index 1acde9e24973..5a3d81c31d04 100644
--- a/drivers/spi/spi-zynq-qspi.c
+++ b/drivers/spi/spi-zynq-qspi.c
@@ -528,18 +528,17 @@ static int zynq_qspi_exec_mem_op(struct spi_mem *mem,
struct zynq_qspi *xqspi = spi_controller_get_devdata(mem->spi->master);
int err = 0, i;
u8 *tmpbuf;
-   u8 opcode = op->cmd.opcode;

dev_dbg(xqspi->dev, "cmd:%#x mode:%d.%d.%d.%d\n",
-   opcode, op->cmd.buswidth, op->addr.buswidth,
+   op->cmd.opcode, op->cmd.buswidth, op->addr.buswidth,
op->dummy.buswidth, op->data.buswidth);

zynq_qspi_chipselect(mem->spi, true);
zynq_qspi_config_op(xqspi, mem->spi);

-   if (op->cmd.nbytes) {
+   if (op->cmd.opcode) {
reinit_completion(>data_completion);
-   xqspi->txbuf = 
+   xqspi->txbuf = (u8 *)>cmd.opcode;
xqspi->rxbuf = NULL;
xqspi->tx_bytes = op->cmd.nbytes;
xqspi->rx_bytes = op->cmd.nbytes;
--
2.17.1

This email and any attachments are intended for the sole use of the named 
recipient(s) and contain(s) confidential information that may be proprietary, 
privileged or copyrighted under applicable law. If you are not the intended 
recipient, do not read, copy, or forward this email message or any attachments. 
Delete this email message and any attachments immediately.