spi/fsl-espi: fix rx_buf in fsl_espi_cmd_trans()/fsl_espi_rw_trans()
authorValentin Longchamp <valentin.longchamp@keymile.com>
Fri, 16 May 2014 14:46:21 +0000 (16:46 +0200)
committerMark Brown <broonie@linaro.org>
Mon, 26 May 2014 15:56:45 +0000 (16:56 +0100)
commita2cb1be18254fd1479d87f7860af7a8413508e16
treecf039f87924391bb1f5b3b665e428d5d9e06d64c
parentd0fb47a5237d8b9576113568bacfd27892308b62
spi/fsl-espi: fix rx_buf in fsl_espi_cmd_trans()/fsl_espi_rw_trans()

By default for every espi transfer, the rx_buf is placed right after the
tx_buf. This can lead to a buffer overflow when the size of both the TX
and RX data cumulated is higher than the allocated 64K buffer for the
transfer (this is the case when sending for instance a read command and
reading 64K back, please see:
http://article.gmane.org/gmane.linux.drivers.mtd/53411 )

This gets fixed by always setting the RX buffer pointer at the begining
of the transfer buffer.

[The driver shouldn't be doing the copy in the first place and instead
sending directly from the supplied buffer but this is at least not worse
than what's there -- broonie]

Signed-off-by: Valentin Longchamp <valentin.longchamp@keymile.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
drivers/spi/spi-fsl-espi.c