| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aF7z37Cpyv1zexQu@lizhi-Precision-Tower-5810>
Date: Fri, 27 Jun 2025 15:41:19 -0400
From: Frank Li <Frank.li@....com>
To: James Clark <james.clark@...aro.org>
Cc: Vladimir Oltean <olteanv@...il.com>, Mark Brown <broonie@...nel.org>,
Vladimir Oltean <vladimir.oltean@....com>,
Arnd Bergmann <arnd@...db.de>,
Larisa Grigore <larisa.grigore@....com>,
Christoph Hellwig <hch@....de>, linux-spi@...r.kernel.org,
imx@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4 1/6] spi: spi-fsl-dspi: Clear completion counter
before initiating transfer
On Fri, Jun 27, 2025 at 11:21:37AM +0100, James Clark wrote:
> In target mode, extra interrupts can be received between the end of a
> transfer and halting the module if the host continues sending more data.
> If the interrupt from this occurs after the reinit_completion() then the
> completion counter is left at a non-zero value. The next unrelated
> transfer initiated by userspace will then complete immediately without
> waiting for the interrupt or writing to the RX buffer.
>
> Fix it by resetting the counter before the transfer so that lingering
> values are cleared. This is done after clearing the FIFOs and the
> status register but before the transfer is initiated, so no interrupts
> should be received at this point resulting in other race conditions.
>
> Fixes: 4f5ee75ea171 ("spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion")
> Signed-off-by: James Clark <james.clark@...aro.org>
Reviewed-by: Frank Li <Frank.Li@....com>
> ---
> drivers/spi/spi-fsl-dspi.c | 11 ++++++++++-
> 1 file changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/spi/spi-fsl-dspi.c b/drivers/spi/spi-fsl-dspi.c
> index 04c88d090c4d..4bd4377551b5 100644
> --- a/drivers/spi/spi-fsl-dspi.c
> +++ b/drivers/spi/spi-fsl-dspi.c
> @@ -1122,11 +1122,20 @@ static int dspi_transfer_one_message(struct spi_controller *ctlr,
> if (dspi->devtype_data->trans_mode == DSPI_DMA_MODE) {
> status = dspi_dma_xfer(dspi);
> } else {
> + /*
> + * Reinitialize the completion before transferring data
> + * to avoid the case where it might remain in the done
> + * state due to a spurious interrupt from a previous
> + * transfer. This could falsely signal that the current
> + * transfer has completed.
> + */
> + if (dspi->irq)
> + reinit_completion(&dspi->xfer_done);
> +
> dspi_fifo_write(dspi);
>
> if (dspi->irq) {
> wait_for_completion(&dspi->xfer_done);
> - reinit_completion(&dspi->xfer_done);
> } else {
> do {
> status = dspi_poll(dspi);
>
> --
> 2.34.1
>
Powered by blists - more mailing lists