From: Amit Kumar Mahapatra <amit.kumar-mahapatra@xilinx.com>
To: <broonie@kernel.org>
Cc: <linux-spi@vger.kernel.org>,
<linux-arm-kernel@lists.infradead.org>,
<linux-kernel@vger.kernel.org>, <git@xilinx.com>,
Karen Dombroski <karen.dombroski@marsbioimaging.com>,
Amit Kumar Mahapatra <amit.kumar-mahapatra@xilinx.com>
Subject: [PATCH 2/2] spi: spi-zynq-qspi: Fix stack violation bug
Date: Thu, 18 Mar 2021 04:24:46 -0600 [thread overview]
Message-ID: <20210318102446.25142-3-amit.kumar-mahapatra@xilinx.com> (raw)
In-Reply-To: <20210318102446.25142-1-amit.kumar-mahapatra@xilinx.com>
From: Karen Dombroski <karen.dombroski@marsbioimaging.com>
When the number of bytes for the op is greater than one, the read could
run off the end of the function stack and cause a crash.
This patch restores the behaviour of safely reading out of the original
opcode location.
Kernel panic - not syncing: stack-protector: Kernel stack is corrupted
in: zynq_qspi_exec_mem_op+0x1c0/0x2e0
CPU1: stopping
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.9.11-mars-2020.11 #2
Hardware name: Xilinx Zynq Platform
[<c010c15c>] (unwind_backtrace) from [<c0109034>] (show_stack+0x10/0x14)
[<c0109034>] (show_stack) from [<c0591848>] (dump_stack+0xb8/0xd4)
[<c0591848>] (dump_stack) from [<c010aecc>] (handle_IPI+0xe0/0x1a4)
[<c010aecc>] (handle_IPI) from [<c0343890>] (gic_handle_irq+0x84/0x90)
[<c0343890>] (gic_handle_irq) from [<c0100b0c>] (__irq_svc+0x6c/0xa8)
Exception stack(0xef087f58 to 0xef087fa0)
7f40: 00000780 ef7e26f4
7f60: 00000000 c0114380 00000000 00000000 ef086000 c0903eec 00000002 ef087fb8
7f80: c0903f28 00000000 ffffffe8 ef087fa8 c0106824 c0106814 60000013 ffffffff
[<c0100b0c>] (__irq_svc) from [<c0106814>] (arch_cpu_idle+0x1c/0x38)
[<c0106814>] (arch_cpu_idle) from [<c0598d58>] (default_idle_call+0x20/0x28)
[<c0598d58>] (default_idle_call) from [<c013b744>] (do_idle+0x124/0x22c)
[<c013b744>] (do_idle) from [<c013b9bc>] (cpu_startup_entry+0x18/0x1c)
[<c013b9bc>] (cpu_startup_entry) from [<001014ac>] (0x1014ac)
Signed-off-by: Karen Dombroski <karen.dombroski@marsbioimaging.com>
Signed-off-by: Amit Kumar Mahapatra <amit.kumar-mahapatra@xilinx.com>
---
drivers/spi/spi-zynq-qspi.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/spi/spi-zynq-qspi.c b/drivers/spi/spi-zynq-qspi.c
index 1acde9e24973..5a3d81c31d04 100644
--- a/drivers/spi/spi-zynq-qspi.c
+++ b/drivers/spi/spi-zynq-qspi.c
@@ -528,18 +528,17 @@ static int zynq_qspi_exec_mem_op(struct spi_mem *mem,
struct zynq_qspi *xqspi = spi_controller_get_devdata(mem->spi->master);
int err = 0, i;
u8 *tmpbuf;
- u8 opcode = op->cmd.opcode;
dev_dbg(xqspi->dev, "cmd:%#x mode:%d.%d.%d.%d\n",
- opcode, op->cmd.buswidth, op->addr.buswidth,
+ op->cmd.opcode, op->cmd.buswidth, op->addr.buswidth,
op->dummy.buswidth, op->data.buswidth);
zynq_qspi_chipselect(mem->spi, true);
zynq_qspi_config_op(xqspi, mem->spi);
- if (op->cmd.nbytes) {
+ if (op->cmd.opcode) {
reinit_completion(&xqspi->data_completion);
- xqspi->txbuf = &opcode;
+ xqspi->txbuf = (u8 *)&op->cmd.opcode;
xqspi->rxbuf = NULL;
xqspi->tx_bytes = op->cmd.nbytes;
xqspi->rx_bytes = op->cmd.nbytes;
--
2.17.1
This email and any attachments are intended for the sole use of the named recipient(s) and contain(s) confidential information that may be proprietary, privileged or copyrighted under applicable law. If you are not the intended recipient, do not read, copy, or forward this email message or any attachments. Delete this email message and any attachments immediately.
WARNING: multiple messages have this Message-ID (diff)
From: Amit Kumar Mahapatra <amit.kumar-mahapatra@xilinx.com>
To: <broonie@kernel.org>
Cc: <linux-spi@vger.kernel.org>,
<linux-arm-kernel@lists.infradead.org>,
<linux-kernel@vger.kernel.org>, <git@xilinx.com>,
Karen Dombroski <karen.dombroski@marsbioimaging.com>,
Amit Kumar Mahapatra <amit.kumar-mahapatra@xilinx.com>
Subject: [PATCH 2/2] spi: spi-zynq-qspi: Fix stack violation bug
Date: Thu, 18 Mar 2021 04:24:46 -0600 [thread overview]
Message-ID: <20210318102446.25142-3-amit.kumar-mahapatra@xilinx.com> (raw)
In-Reply-To: <20210318102446.25142-1-amit.kumar-mahapatra@xilinx.com>
From: Karen Dombroski <karen.dombroski@marsbioimaging.com>
When the number of bytes for the op is greater than one, the read could
run off the end of the function stack and cause a crash.
This patch restores the behaviour of safely reading out of the original
opcode location.
Kernel panic - not syncing: stack-protector: Kernel stack is corrupted
in: zynq_qspi_exec_mem_op+0x1c0/0x2e0
CPU1: stopping
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.9.11-mars-2020.11 #2
Hardware name: Xilinx Zynq Platform
[<c010c15c>] (unwind_backtrace) from [<c0109034>] (show_stack+0x10/0x14)
[<c0109034>] (show_stack) from [<c0591848>] (dump_stack+0xb8/0xd4)
[<c0591848>] (dump_stack) from [<c010aecc>] (handle_IPI+0xe0/0x1a4)
[<c010aecc>] (handle_IPI) from [<c0343890>] (gic_handle_irq+0x84/0x90)
[<c0343890>] (gic_handle_irq) from [<c0100b0c>] (__irq_svc+0x6c/0xa8)
Exception stack(0xef087f58 to 0xef087fa0)
7f40: 00000780 ef7e26f4
7f60: 00000000 c0114380 00000000 00000000 ef086000 c0903eec 00000002 ef087fb8
7f80: c0903f28 00000000 ffffffe8 ef087fa8 c0106824 c0106814 60000013 ffffffff
[<c0100b0c>] (__irq_svc) from [<c0106814>] (arch_cpu_idle+0x1c/0x38)
[<c0106814>] (arch_cpu_idle) from [<c0598d58>] (default_idle_call+0x20/0x28)
[<c0598d58>] (default_idle_call) from [<c013b744>] (do_idle+0x124/0x22c)
[<c013b744>] (do_idle) from [<c013b9bc>] (cpu_startup_entry+0x18/0x1c)
[<c013b9bc>] (cpu_startup_entry) from [<001014ac>] (0x1014ac)
Signed-off-by: Karen Dombroski <karen.dombroski@marsbioimaging.com>
Signed-off-by: Amit Kumar Mahapatra <amit.kumar-mahapatra@xilinx.com>
---
drivers/spi/spi-zynq-qspi.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/spi/spi-zynq-qspi.c b/drivers/spi/spi-zynq-qspi.c
index 1acde9e24973..5a3d81c31d04 100644
--- a/drivers/spi/spi-zynq-qspi.c
+++ b/drivers/spi/spi-zynq-qspi.c
@@ -528,18 +528,17 @@ static int zynq_qspi_exec_mem_op(struct spi_mem *mem,
struct zynq_qspi *xqspi = spi_controller_get_devdata(mem->spi->master);
int err = 0, i;
u8 *tmpbuf;
- u8 opcode = op->cmd.opcode;
dev_dbg(xqspi->dev, "cmd:%#x mode:%d.%d.%d.%d\n",
- opcode, op->cmd.buswidth, op->addr.buswidth,
+ op->cmd.opcode, op->cmd.buswidth, op->addr.buswidth,
op->dummy.buswidth, op->data.buswidth);
zynq_qspi_chipselect(mem->spi, true);
zynq_qspi_config_op(xqspi, mem->spi);
- if (op->cmd.nbytes) {
+ if (op->cmd.opcode) {
reinit_completion(&xqspi->data_completion);
- xqspi->txbuf = &opcode;
+ xqspi->txbuf = (u8 *)&op->cmd.opcode;
xqspi->rxbuf = NULL;
xqspi->tx_bytes = op->cmd.nbytes;
xqspi->rx_bytes = op->cmd.nbytes;
--
2.17.1
This email and any attachments are intended for the sole use of the named recipient(s) and contain(s) confidential information that may be proprietary, privileged or copyrighted under applicable law. If you are not the intended recipient, do not read, copy, or forward this email message or any attachments. Delete this email message and any attachments immediately.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-03-18 10:26 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-18 10:24 [PATCH 0/2]spi: spi-zynq-qspi: Fix stack violation bug Amit Kumar Mahapatra
2021-03-18 10:24 ` Amit Kumar Mahapatra
2021-03-18 10:24 ` [PATCH 1/2] spi: spi-zynq-qspi: Fix kernel-doc warning Amit Kumar Mahapatra
2021-03-18 10:24 ` Amit Kumar Mahapatra
2021-03-18 13:58 ` Mark Brown
2021-03-18 13:58 ` Mark Brown
2021-03-18 10:24 ` Amit Kumar Mahapatra [this message]
2021-03-18 10:24 ` [PATCH 2/2] spi: spi-zynq-qspi: Fix stack violation bug Amit Kumar Mahapatra
2021-03-18 13:23 ` Mark Brown
2021-03-18 13:23 ` Mark Brown
2021-04-29 17:15 ` [PATCH 0/2]spi: " Mark Brown
2021-04-29 17:15 ` Mark Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210318102446.25142-3-amit.kumar-mahapatra@xilinx.com \
--to=amit.kumar-mahapatra@xilinx.com \
--cc=broonie@kernel.org \
--cc=git@xilinx.com \
--cc=karen.dombroski@marsbioimaging.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-spi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.