From: Amit Kumar Mahapatra <amit.kumar-mahapa...@xilinx.com>
During a transfer the driver filled the fifo with 4bytes,
even if the data that needs to be transfer is less that 4bytes.
This resulted in slab-out-of-bounds bug in KernelAddressSanitizer.
This patch resolves slab-out-of-bounds bug by filling the fifo
with the number of bytes that needs to transferred.
Signed-off-by: Amit Kumar Mahapatra <amit.kumar-mahapa...@xilinx.com>
---
drivers/spi/spi-zynqmp-gqspi.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/spi/spi-zynqmp-gqspi.c b/drivers/spi/spi-zynqmp-gqspi.c
index 1146359528b9..2e2607b5dee9 100644
--- a/drivers/spi/spi-zynqmp-gqspi.c
+++ b/drivers/spi/spi-zynqmp-gqspi.c
@@ -509,17 +509,19 @@ static void zynqmp_qspi_filltxfifo(struct zynqmp_qspi
*xqspi, int size)
u32 count = 0, intermediate;
while ((xqspi->bytes_to_transfer > 0) && (count < size) &&
(xqspi->txbuf)) {
- memcpy(&intermediate, xqspi->txbuf, 4);
- zynqmp_gqspi_write(xqspi, GQSPI_TXD_OFST, intermediate);
-
if (xqspi->bytes_to_transfer >= 4) {
+ memcpy(&intermediate, xqspi->txbuf, 4);
xqspi->txbuf += 4;
xqspi->bytes_to_transfer -= 4;
+ count += 4;
} else {
+ memcpy(&intermediate, xqspi->txbuf,
+ xqspi->bytes_to_transfer);
xqspi->txbuf += xqspi->bytes_to_transfer;
xqspi->bytes_to_transfer = 0;
+ count += xqspi->bytes_to_transfer;
}
- count++;
+ zynqmp_gqspi_write(xqspi, GQSPI_TXD_OFST, intermediate);
}
}
--
2.25.1
