| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250610215233.35ikv4sslkyukgwr@skbuf>
Date: Wed, 11 Jun 2025 00:52:33 +0300
From: Vladimir Oltean <vladimir.oltean@....com>
To: James Clark <james.clark@...aro.org>
Cc: Vladimir Oltean <olteanv@...il.com>, Mark Brown <broonie@...nel.org>,
linux-spi@...r.kernel.org, imx@...ts.linux.dev,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 4/4] spi: spi-fsl-dspi: Report FIFO overflows as errors
On Mon, Jun 09, 2025 at 04:32:41PM +0100, James Clark wrote:
> In target mode, the host sending more data than can be consumed would be
> a common problem for any message exceeding the FIFO or DMA buffer size.
> Cancel the whole message as soon as this condition is hit as the message
> will be corrupted.
>
> Only do this for target mode in a DMA transfer because we need to add a
> register read. In IRQ and polling modes always do it because SPI_SR was
> already read and it might catch some host mode programming/buffer
> management errors too.
>
> Signed-off-by: James Clark <james.clark@...aro.org>
> ---
> drivers/spi/spi-fsl-dspi.c | 31 ++++++++++++++++++++++++++++---
> 1 file changed, 28 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/spi/spi-fsl-dspi.c b/drivers/spi/spi-fsl-dspi.c
> index e211e44e977f..75767d756496 100644
> --- a/drivers/spi/spi-fsl-dspi.c
> +++ b/drivers/spi/spi-fsl-dspi.c
> @@ -228,6 +228,7 @@ struct fsl_dspi {
> const struct fsl_dspi_devtype_data *devtype_data;
>
> struct completion xfer_done;
> + int xfer_status;
This is certainly simple, and simple is not bad.
But based on the fact that you care about the xfer_status only when
there's an associated dspi->cur_msg, have you considered to update
dspi->cur_msg->status directly?
You'd need to reset dspi->cur_msg to NULL at the end of
dspi_transfer_one_message(), and then check for NULL when you update
the transfer status.
>
> struct fsl_dspi_dma *dma;
>
> @@ -504,12 +505,22 @@ static int dspi_next_xfer_dma_submit(struct fsl_dspi *dspi)
>
> static void dspi_setup_accel(struct fsl_dspi *dspi);
>
> +static bool dspi_is_fifo_overflow(struct fsl_dspi *dspi, u32 spi_sr)
Can you name this some way else, like dspi_fifo_error()? It's strange
for a reader for this to return true on an underflow.
> +{
> + if (spi_sr & (SPI_SR_TFUF | SPI_SR_RFOF)) {
> + dev_err(&dspi->pdev->dev, "FIFO under/overflow");
Missing \n.
And you should use dev_err_ratelimited(), as you don't want an external
entity, when in target mode, to DoS you.
Also, could there be individual error messages for TFUF and for RFOF?
If you are concerned about the penalty for the error-free case, make the
check two-level. First for all errors, then for individual errors.
> + return true;
> + }
> + return false;
> +}
> +
> static int dspi_dma_xfer(struct fsl_dspi *dspi)
> {
> struct spi_message *message = dspi->cur_msg;
> int max_words = dspi_dma_max_datawords(dspi);
> struct device *dev = &dspi->pdev->dev;
> int ret = 0;
> + u32 spi_sr;
>
> /*
> * dspi->len gets decremented by dspi_pop_tx_pushr in
> @@ -531,6 +542,12 @@ static int dspi_dma_xfer(struct fsl_dspi *dspi)
> dev_err(dev, "DMA transfer failed\n");
> break;
> }
> +
> + if (spi_controller_is_target(dspi->ctlr)) {
> + regmap_read(dspi->regmap, SPI_SR, &spi_sr);
> + if (dspi_is_fifo_overflow(dspi, spi_sr))
> + return -EIO;
> + }
> }
Can this go within this block from dspi_next_xfer_dma_submit() instead?
if (spi_controller_is_target(dspi->ctlr)) {
wait_for_completion_interruptible(&dspi->dma->cmd_rx_complete);
// here
return 0;
}
>
> return ret;
> @@ -918,6 +935,8 @@ static int dspi_poll(struct fsl_dspi *dspi)
> regmap_read(dspi->regmap, SPI_SR, &spi_sr);
> regmap_write(dspi->regmap, SPI_SR, spi_sr);
>
> + if (dspi_is_fifo_overflow(dspi, spi_sr))
> + return -EIO;
> if (spi_sr & SPI_SR_CMDTCF)
> break;
> } while (--tries);
> @@ -939,8 +958,12 @@ static irqreturn_t dspi_interrupt(int irq, void *dev_id)
> if (!(spi_sr & SPI_SR_CMDTCF))
> return IRQ_NONE;
>
> - if (dspi_rxtx(dspi) == 0)
> + if (dspi_is_fifo_overflow(dspi, spi_sr)) {
> + WRITE_ONCE(dspi->xfer_status, -EIO);
> + complete(&dspi->xfer_done);
> + } else if (dspi_rxtx(dspi) == 0) {
> complete(&dspi->xfer_done);
> + }
>
> return IRQ_HANDLED;
> }
> @@ -1032,13 +1055,15 @@ static int dspi_transfer_one_message(struct spi_controller *ctlr,
> if (dspi->devtype_data->trans_mode == DSPI_DMA_MODE) {
> status = dspi_dma_xfer(dspi);
> } else {
> - if (dspi->irq)
> + if (dspi->irq) {
> + WRITE_ONCE(dspi->xfer_status, 0);
> reinit_completion(&dspi->xfer_done);
> -
Nitpick: The blank line was doing fine here.
> + }
> dspi_fifo_write(dspi);
>
> if (dspi->irq) {
> wait_for_completion(&dspi->xfer_done);
> + status = READ_ONCE(dspi->xfer_status);
> } else {
> do {
> status = dspi_poll(dspi);
>
> --
> 2.34.1
>
Powered by blists - more mailing lists