16 Dec
2015
16 Dec
'15
11:29 a.m.
On Wednesday, December 16, 2015 at 03:58:48 AM, Stephen Warren wrote:
On 12/12/2015 09:17 PM, Stefan BrĂ¼ns wrote:
flush_dcache_range may access data after priv->aligned_buffer end if len > DWC2_DATA_BUF_SIZE. memcpy may access data after buffer end if done > 0
Acked-by: Stephen Warren swarren@wwwdotorg.org
Uggh; icky bug:-(
@@ -823,12 +823,13 @@ int chunk_msg(struct dwc2_priv *priv, struct usb_device *dev,
(*pid << DWC2_HCTSIZ_PID_OFFSET), &hc_regs->hctsiz);
if (!in) {memcpy(priv->aligned_buffer, (char *)buffer + done,
len);
if (!in && xfer_len) {Do zero-length memcpy or flush_dcache_range actually cause an issue?
I believe they should not, based on how they are implemented.
Best regards, Marek Vasut