16 Dec
2015
16 Dec
'15
3:58 a.m.
On 12/12/2015 09:17 PM, Stefan BrĂ¼ns wrote:
flush_dcache_range may access data after priv->aligned_buffer end if len > DWC2_DATA_BUF_SIZE. memcpy may access data after buffer end if done > 0
Acked-by: Stephen Warren swarren@wwwdotorg.org
Uggh; icky bug:-(
@@ -823,12 +823,13 @@ int chunk_msg(struct dwc2_priv *priv, struct usb_device *dev, (*pid << DWC2_HCTSIZ_PID_OFFSET), &hc_regs->hctsiz);
if (!in) {memcpy(priv->aligned_buffer, (char *)buffer + done, len);
if (!in && xfer_len) {
Do zero-length memcpy or flush_dcache_range actually cause an issue?