From patchwork Mon Sep 12 19:48:16 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Moritz Fischer X-Patchwork-Id: 668956 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from theia.denx.de (theia.denx.de [85.214.87.163]) by ozlabs.org (Postfix) with ESMTP id 3sXz004M3Lz9sD5 for ; Tue, 13 Sep 2016 05:49:03 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ettus-com.20150623.gappssmtp.com header.i=@ettus-com.20150623.gappssmtp.com header.b=oLz55OZk; dkim-atps=neutral Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 5A874A7558; Mon, 12 Sep 2016 21:48:58 +0200 (CEST) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yoH0SLsXPvMz; Mon, 12 Sep 2016 21:48:57 +0200 (CEST) Received: from theia.denx.de (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 72CF2A7533; Mon, 12 Sep 2016 21:48:57 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 8C10FA7533 for ; Mon, 12 Sep 2016 21:48:53 +0200 (CEST) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id paqW0YOpBwuk for ; Mon, 12 Sep 2016 21:48:53 +0200 (CEST) X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested) Received: from mail-pf0-f179.google.com (mail-pf0-f179.google.com [209.85.192.179]) by theia.denx.de (Postfix) with ESMTPS id 0578CA7527 for ; Mon, 12 Sep 2016 21:48:49 +0200 (CEST) Received: by mail-pf0-f179.google.com with SMTP id z123so1366678pfz.2 for ; Mon, 12 Sep 2016 12:48:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ettus-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id; bh=jH5cl1ZQ7WyiRkVpFolSnbUhY76z33K7F0zmlzGs5gA=; b=oLz55OZkIomoFAa5zsfmIT4tsCWKmBO/1ThWarxA8J562KnWkViaBvnl5ytUGSVyFj UvQT6oSm6kY9B5xEL9itFnIVtWvl328QmF+wzVTW+6/h/MJZ/49BhRd/hDKK/QCw/DW8 tveZdH8jRcJz8NrJ9jGCtc3ACdVafI09GyGZTvCWAcrmw7Xyqfgb88LV+tIDln/Ic6Vs c5uAhFFyoTZL4LnozoDkLnJTVYtX2n9MQv/tKykYcgwzgxzC9KVzsf2glQVZCdJa2BQg AYnljqtXFLOI6ZhUdc+uBGdU2qDjLvzBnwe7bDQDJLqhRpdjBXp6KIY9cY+NB0AEulr8 YheQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=jH5cl1ZQ7WyiRkVpFolSnbUhY76z33K7F0zmlzGs5gA=; b=kQizKEwJVvfRZD19QIfP0GrQibaLcxbMuXKIdLU9oC+qtfQbb7UXrjYwDZS8PSWLBJ +06H8WLYphjKTLa/r126ZRdfTRsdIVy1UrY9vFI+WVfAmDY5uL8TVWFUW9fp7eKx56th BQ/LvSdLEbmCRLOFYHSpBcetfkPYnnKvsEkJ5d7YFMEHGwa7n3ASXdw+pjiclE3uP3ot NIAOESjTabNDCHBVM9FJxSRykP3YdseIA4mbUGQEv+eiElfNSaO4XRmMWpTkzMBN0V5N uYxAcjBNLfZQTUe0EoCEBWdbgdZumJvt2SnS4/QmwRmL98a+mVxep4OPvACCqTDuY/Zh LtPg== X-Gm-Message-State: AE9vXwMNkOTVF/8cWOvYbk2TkUmNZ/zNmUIGHF+s4rqjhAowQF8y2WkADoQryIBk8TYKJ8Qh X-Received: by 10.98.155.154 with SMTP id e26mr2731076pfk.68.1473709728131; Mon, 12 Sep 2016 12:48:48 -0700 (PDT) Received: from tyrael.amer.corp.natinst.com (207-114-172-147.static.twtelecom.net. [207.114.172.147]) by smtp.gmail.com with ESMTPSA id k69sm17536929pfb.85.2016.09.12.12.48.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 12 Sep 2016 12:48:47 -0700 (PDT) From: Moritz Fischer To: sjg@chromium.org Date: Mon, 12 Sep 2016 12:48:16 -0700 Message-Id: <1473709696-29531-1-git-send-email-moritz.fischer@ettus.com> X-Mailer: git-send-email 2.7.4 Cc: moritz.fischer.private@gmail.com, u-boot@lists.denx.de Subject: [U-Boot] [PATCH] cros_ec: Fix issue with cros_ec_flash_write command X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.15 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This commit fixes an issue where data is written to an invalid memory location. The issue has been introduced in commit 88364387 cros: add cros_ec_driver Signed-off-by: Moritz Fischer Cc: u-boot@lists.denx.de --- drivers/misc/cros_ec.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/drivers/misc/cros_ec.c b/drivers/misc/cros_ec.c index 44b4f59..6079e52 100644 --- a/drivers/misc/cros_ec.c +++ b/drivers/misc/cros_ec.c @@ -760,15 +760,26 @@ int cros_ec_flash_erase(struct cros_ec_dev *dev, uint32_t offset, uint32_t size) static int cros_ec_flash_write_block(struct cros_ec_dev *dev, const uint8_t *data, uint32_t offset, uint32_t size) { - struct ec_params_flash_write p; + struct ec_params_flash_write *p; + int ret; - p.offset = offset; - p.size = size; - assert(data && p.size <= EC_FLASH_WRITE_VER0_SIZE); - memcpy(&p + 1, data, p.size); + p = malloc(sizeof(*p) + size); + if (!p) + return -ENOMEM; + + + p->offset = offset; + p->size = size; + assert(data && p->size <= EC_FLASH_WRITE_VER0_SIZE); + memcpy(p + 1, data, p->size); - return ec_command_inptr(dev, EC_CMD_FLASH_WRITE, 0, - &p, sizeof(p), NULL, 0) >= 0 ? 0 : -1; + ret = ec_command_inptr(dev, EC_CMD_FLASH_WRITE, 1, + p, sizeof(*p) + size, NULL, 0) >= 0 ? 0 : -1; + + free(p); + + + return ret; } /**