[PATCH v3 0/2] Fix dma_addr_t for R5 SPL

Wed, 03 Sep 2025 04:54:32 -0700 

Hi all,

On various TI's K3 platforms boot failure was observed on SPI NOR since the
commit 5609f200d062 ("arm: Kconfig: enable LTO for ARCH_K3"). This issue was
root caused to stack corruption by the 'udma_transfer' function. Where the local
variable 'paddr' of type 'dma_addr_t' was being written to as a 64-bit value
which overwrote the stack frame of the caller (dma_memcpy) as only 32-bits had
been reserved for paddr on the stack, specifically the r4 register in the frame
of dma_memcpy was being overwritten with a 0.

drivers/dma/ti/k3-udma.c:2192:

        int udma_transfer(...)
        {
                ...
                dma_addr_t paddr = 0;

                ...
                /* paddr was written to as 64-bit value here */
                udma_poll_completion(uc, &paddr);
        }

drivers/dma/dma-uclass.c:234:

        int dma_memcpy(...)
        {
                dma_addr_t destination;
                dma_addr_t source;
                int ret;

                ...

                /* This call resolves to udma_transfer */
                ret = ops->transfer(...);

                ...

                dma_unmap_single(destination, ...);
                dma_unmap_single(...);
                return ret;
        }

Enabling LTO changed how gcc mapped local variables of dma_memcpy to CPU
registers, where earlier the bug was hidden since the overwritten register
'r4' was allotted to 'ret' but was allotted to 'destination' once LTO was
enabled. And since the overwritten value was 0, the bug remained undetected
as it just meant ret was 0, but having 'destination' set to 0 caused
dma_unmap_single to fail silently leading to boot failures.

The fix entails enabling DMA_ADDR_T_64BIT which changes dma_addr_t from u32 to
u64 for the R5 SPL thus reserving enough space for 'paddr' to prevent the
overflow.

This patch is meant for the master branch,
Regards,
Anshul
---
Changes for v3:
 - Clearer commit description
v2: https://lore.kernel.org/u-boot/20250902094037.2121393-1-ansh...@ti.com/
Changes for v2:
 - Add missing typecasts for usb driver
 - Reword commit description
v1: https://lore.kernel.org/u-boot/20250825133233.2475300-1-ansh...@ti.com/
---
Anshul Dalal (2):
  dma: ti: k3-udma: fix dma_addr_t typecasts
  config: arch: k3: enable DMA_ADDR_T_64BIT

 arch/arm/Kconfig         | 1 +
 drivers/dma/ti/k3-udma.c | 6 +++---
 drivers/usb/dwc3/ep0.c   | 4 ++--
 3 files changed, 6 insertions(+), 5 deletions(-)

-- 
2.50.1

Reply via email to