From 3c6d45fa99b49dc7969f5dd037756ff5d76d6b81 Mon Sep 17 00:00:00 2001 From: Carlos Sanchez Date: Mon, 9 Jan 2023 07:32:17 +0100 Subject: [PATCH] s32k1xx: avoid buffer overflow when CAN time is used for non-FD CAN. s32k1xx: fix initialization of MAXMB field in MCR. --- arch/arm/src/s32k1xx/s32k1xx_flexcan.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/arch/arm/src/s32k1xx/s32k1xx_flexcan.c b/arch/arm/src/s32k1xx/s32k1xx_flexcan.c index f3ecf6477e..7e5bceae8d 100644 --- a/arch/arm/src/s32k1xx/s32k1xx_flexcan.c +++ b/arch/arm/src/s32k1xx/s32k1xx_flexcan.c @@ -341,8 +341,8 @@ static struct s32k1xx_driver_s g_flexcan2; static uint8_t g_tx_pool[(sizeof(struct canfd_frame)+MSG_DATA)*POOL_SIZE]; static uint8_t g_rx_pool[(sizeof(struct canfd_frame)+MSG_DATA)*POOL_SIZE]; #else -static uint8_t g_tx_pool[sizeof(struct can_frame)*POOL_SIZE]; -static uint8_t g_rx_pool[sizeof(struct can_frame)*POOL_SIZE]; +static uint8_t g_tx_pool[(sizeof(struct can_frame)+MSG_DATA)*POOL_SIZE]; +static uint8_t g_rx_pool[(sizeof(struct can_frame)+MSG_DATA)*POOL_SIZE]; #endif /**************************************************************************** @@ -1629,12 +1629,17 @@ static int s32k1xx_initialize(struct s32k1xx_driver_s *priv) putreg32(regval, priv->base + S32K1XX_CAN_CTRL2_OFFSET); #endif + /* Counting from TXMBCOUNT into priv->rx[] makes no sense, and MBs were + * zeroed by s32k1xx_reset() above anyways. + */ +#if 0 for (i = TXMBCOUNT; i < TOTALMBCOUNT; i++) { priv->rx[i].id.w = 0x0; /* FIXME sometimes we get a hard fault here */ } +#endif putreg32(0x0, priv->base + S32K1XX_CAN_RXFGMASK_OFFSET); @@ -1718,6 +1723,9 @@ static void s32k1xx_reset(struct s32k1xx_driver_s *priv) } regval = getreg32(priv->base + S32K1XX_CAN_MCR_OFFSET); + regval &= ~CAN_MCR_MAXMB_MASK; /* Zero MAXMB to ensure "bitwise or" + * below sets the correct value. + */ regval |= CAN_MCR_SLFWAK | CAN_MCR_WRNEN | CAN_MCR_SRXDIS | CAN_MCR_IRMQ | CAN_MCR_AEN | (((TOTALMBCOUNT - 1) << CAN_MCR_MAXMB_SHIFT) &