From a1269dd116319335db6d73013a31c038486c813e Mon Sep 17 00:00:00 2001 From: Christophe Ricard Date: Sun, 25 Oct 2015 22:54:19 +0100 Subject: [PATCH] NFC: st-nci: Fix incorrect spi buffer size When sending data over SPI, the maximum expected length is the maximum nci packet payload + data header size + the frame head room (1 for the ndlc header) + the frame trail room (0). Cc: stable@vger.kernel.org Signed-off-by: Christophe Ricard Signed-off-by: Samuel Ortiz --- drivers/nfc/st-nci/spi.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/nfc/st-nci/spi.c b/drivers/nfc/st-nci/spi.c index 9a398713897f..b43f448b8d78 100644 --- a/drivers/nfc/st-nci/spi.c +++ b/drivers/nfc/st-nci/spi.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include "st-nci.h" @@ -94,7 +95,8 @@ static int st_nci_spi_write(void *phy_id, struct sk_buff *skb) struct st_nci_spi_phy *phy = phy_id; struct spi_device *dev = phy->spi_dev; struct sk_buff *skb_rx; - u8 buf[ST_NCI_SPI_MAX_SIZE]; + u8 buf[ST_NCI_SPI_MAX_SIZE + NCI_DATA_HDR_SIZE + + ST_NCI_FRAME_HEADROOM + ST_NCI_FRAME_TAILROOM]; struct spi_transfer spi_xfer = { .tx_buf = skb->data, .rx_buf = buf, -- 2.20.1