Potential Bug in ADIN1110 Non Operating System Driver

I don't think the proposed fix from above fix my memory corruption issue. I misunderstood what `oaSpiIntHandle` is supposed to do. State  DATA_START is probably right. But I still think there a bug in this area.

Some additional information on how to reproduce this issue:

* My MCU is connected to ADIN1110 via SPI using the Open Alliance protocol

* The ADIN1110 as master is connected via 10Base T1L to a slave 10Base T1L chip (In my case the Dev board for the RGMII ADIN1100)

* Continuously transmit data from Master to Slave

* Trigger an interrupt on the slave side (e.g. resetting the Slave 10Base T1L chip)

* The master side will try to investigate the issue on `oaStateMachine` goes to state: ADI_MAC_STATE_DATA_READ_STATUS

* This state will execute `oaSpiIntHandle` in the `else` clause

* After this was done some of the memory in adi_mac.c cfg->devMem is corrupted. I am not able to track done where and why this happens

Some ideas what could be the problems. I will use the code in this GitHub Repo as an example because it makes it easier to reference the lines: https://github.com/sparkfun/SparkFun_ADIN1110_Arduino_Library/blob/main/src/adi_spi_oa.c

* oaCtrlSetup in Line 900 is called with &hDevice->cnt https://github.com/sparkfun/SparkFun_ADIN1110_Arduino_Library/blob/main/src/adi_spi_oa.c#L900

  * This might be wrong because usually a temporary variable is used. e.g. https://github.com/sparkfun/SparkFun_ADIN1110_Arduino_Library/blob/main/src/adi_spi_oa.c#L126

  * This results in cnt being too large (24) instead of 1

* There might be a problem with the TxCurBufIdx when oaSpiIntHandle is executed

  * This can result in queueByteCount being too large because the following loop is executed too often: https://github.com/sparkfun/SparkFun_ADIN1110_Arduino_Library/blob/main/src/adi_spi_oa.c#L957

  * This loop is executed to often when oaTxCurBufIdx == hDevice->txQueue.head . This seems to be the case when oaSpiIntHandle was executed

But I am still kind of fishing in the dark. I appreciate all help.

Best Regards,

Kai

Dear Kai,

"hDevice->cnt" is passing just like local variable to frame packet buffer, it is equalent to local variable.

May I know if you tried with having local variable for "hDevice->cnt" and it is working.

As per the test scenario driver is handling incoming interrupt due to 'exst' bit enabled on behalf of PHYINT event for link state change.
In the above scenario are you hitting below log message in your code ?
//DEBUG_MESSAGE("oaStateMachine ADI_MAC_STATE_IRQ_START");

Thanks, 

Jayapal

Hi Jayapal,

Thanks for your message! The problem was inside my HAL-Port/SPI driver and I was able to resolve it.

So ADIN1110 driver worked as intended and there was no problem there. Sorry for the work this might have caused on your side.

Best Regards,

Kai