[PATCH v3] pxa2xx_spi: fix memory corruption
Vasily Khoruzhick
anarsoul at gmail.com
Mon Jul 18 03:56:51 EDT 2011
On Friday 15 July 2011 05:53:31 Grant Likely wrote:
> On Sun, Jul 10, 2011 at 06:18:19PM +0300, Vasily Khoruzhick wrote:
> > pxa2xx_spi_probe allocates struct driver_data and null_dma_buf
> > at same time via spi_alloc_master(), but then calculates
> > null_dma_buf pointer incorrectly, and it causes memory corruption
> > later if DMA usage is enabled.
> >
> > Signed-off-by: Vasily Khoruzhick <anarsoul at gmail.com>
> > ---
> > v2: - add u8 __null_dma_buf[16] to the end of driver_data structure
> >
> > and use it as null_dma_buf after alignment.
> > - use PTR_ALIGN instead of ALIGN
> >
> > v3: - drop (u8 *) cast, use & operator instead, change array name
> >
> > drivers/spi/pxa2xx_spi.c | 9 +++++----
> > 1 files changed, 5 insertions(+), 4 deletions(-)
> >
> > diff --git a/drivers/spi/pxa2xx_spi.c b/drivers/spi/pxa2xx_spi.c
> > index dc25bee..b25fe27 100644
> > --- a/drivers/spi/pxa2xx_spi.c
> > +++ b/drivers/spi/pxa2xx_spi.c
> > @@ -106,6 +106,7 @@ struct driver_data {
> >
> > int rx_channel;
> > int tx_channel;
> > u32 *null_dma_buf;
> >
> > + u8 null_dma_buf_unaligned[16];
>
> Don't dma buffers need to be cache-line aligned?
No, on PXA2xx they need to be 8-bytes aligned (according to PXA27x developer's
manual)
> How large is the actual transfer?
Looks like 8 bytes, but I'm not sure, I'm not author of driver and did not dig
deeply into its code. Just attempting to fix memory corruption.
> Using the __aligned() or __cacheline_aligned
> attribute is the correct way to make sure you've got a data buffer
> that can be used for DMA mixed with other stuff. Then you don't need
> to fool around with PTR_ALIGN or anything.
Errr, it can't be applied to struct field, right? But driver needs per-device
null_dma_buf (there's 3 SPI controllers on PXA2xx)
> g.
Regards
Vasily
More information about the linux-arm-kernel
mailing list