| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aFrLMCq6hRJj5FjI@lizhi-Precision-Tower-5810>
Date: Tue, 24 Jun 2025 11:58:40 -0400
From: Frank Li <Frank.li@....com>
To: James Clark <james.clark@...aro.org>
Cc: Vladimir Oltean <olteanv@...il.com>, Mark Brown <broonie@...nel.org>,
Vladimir Oltean <vladimir.oltean@....com>,
Arnd Bergmann <arnd@...db.de>,
Larisa Grigore <larisa.grigore@....com>,
Christoph Hellwig <hch@....de>, linux-spi@...r.kernel.org,
imx@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 1/6] spi: spi-fsl-dspi: Clear completion counter
before initiating transfer
On Tue, Jun 24, 2025 at 11:35:31AM +0100, James Clark wrote:
> In target mode, extra interrupts can be received between the end of a
> transfer and halting the module if the host continues sending more data.
> If the interrupt from this occurs after the reinit_completion() then the
> completion counter is left at a non-zero value. The next unrelated
> transfer initiated by userspace will then complete immediately without
> waiting for the interrupt or writing to the RX buffer.
>
> Fix it by resetting the counter before the transfer so that lingering
> values are cleared. This is done after clearing the FIFOs and the
> status register but before the transfer is initiated, so no interrupts
> should be received at this point resulting in other race conditions.
>
> Fixes: 4f5ee75ea171 ("spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion")
> Signed-off-by: James Clark <james.clark@...aro.org>
> ---
> drivers/spi/spi-fsl-dspi.c | 10 +++++++++-
> 1 file changed, 9 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/spi/spi-fsl-dspi.c b/drivers/spi/spi-fsl-dspi.c
> index 04c88d090c4d..744dfc561db2 100644
> --- a/drivers/spi/spi-fsl-dspi.c
> +++ b/drivers/spi/spi-fsl-dspi.c
> @@ -1122,11 +1122,19 @@ static int dspi_transfer_one_message(struct spi_controller *ctlr,
> if (dspi->devtype_data->trans_mode == DSPI_DMA_MODE) {
> status = dspi_dma_xfer(dspi);
> } else {
> + /*
> + * Reset completion counter to clear any extra
> + * complete()s from spurious interrupts that may have
> + * happened after the last message's completion but
> + * before the module was fully in stop mode.
> + */
I think you change is correct. reinit_completion() should be called before
dspi_fifo_write().
comments is quite confused. how about below comments?
/*
* Reinitialize the completion before transferring data to avoid the case where
* it might remain in the done state due to a spurious interrupt from a previous
* transfer. This could falsely signal that the current transfer has completed.
*/
Frank
> + if (dspi->irq)
> + reinit_completion(&dspi->xfer_done);
> +
> dspi_fifo_write(dspi);
>
> if (dspi->irq) {
> wait_for_completion(&dspi->xfer_done);
> - reinit_completion(&dspi->xfer_done);
> } else {
> do {
> status = dspi_poll(dspi);
>
> --
> 2.34.1
>
Powered by blists - more mailing lists