lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <aF7z37Cpyv1zexQu@lizhi-Precision-Tower-5810>
Date: Fri, 27 Jun 2025 15:41:19 -0400
From: Frank Li <Frank.li@....com>
To: James Clark <james.clark@...aro.org>
Cc: Vladimir Oltean <olteanv@...il.com>, Mark Brown <broonie@...nel.org>,
	Vladimir Oltean <vladimir.oltean@....com>,
	Arnd Bergmann <arnd@...db.de>,
	Larisa Grigore <larisa.grigore@....com>,
	Christoph Hellwig <hch@....de>, linux-spi@...r.kernel.org,
	imx@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4 1/6] spi: spi-fsl-dspi: Clear completion counter
 before initiating transfer

On Fri, Jun 27, 2025 at 11:21:37AM +0100, James Clark wrote:
> In target mode, extra interrupts can be received between the end of a
> transfer and halting the module if the host continues sending more data.
> If the interrupt from this occurs after the reinit_completion() then the
> completion counter is left at a non-zero value. The next unrelated
> transfer initiated by userspace will then complete immediately without
> waiting for the interrupt or writing to the RX buffer.
>
> Fix it by resetting the counter before the transfer so that lingering
> values are cleared. This is done after clearing the FIFOs and the
> status register but before the transfer is initiated, so no interrupts
> should be received at this point resulting in other race conditions.
>
> Fixes: 4f5ee75ea171 ("spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion")
> Signed-off-by: James Clark <james.clark@...aro.org>

Reviewed-by: Frank Li <Frank.Li@....com>
> ---
>  drivers/spi/spi-fsl-dspi.c | 11 ++++++++++-
>  1 file changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/spi/spi-fsl-dspi.c b/drivers/spi/spi-fsl-dspi.c
> index 04c88d090c4d..4bd4377551b5 100644
> --- a/drivers/spi/spi-fsl-dspi.c
> +++ b/drivers/spi/spi-fsl-dspi.c
> @@ -1122,11 +1122,20 @@ static int dspi_transfer_one_message(struct spi_controller *ctlr,
>  		if (dspi->devtype_data->trans_mode == DSPI_DMA_MODE) {
>  			status = dspi_dma_xfer(dspi);
>  		} else {
> +			/*
> +			 * Reinitialize the completion before transferring data
> +			 * to avoid the case where it might remain in the done
> +			 * state due to a spurious interrupt from a previous
> +			 * transfer. This could falsely signal that the current
> +			 * transfer has completed.
> +			 */
> +			if (dspi->irq)
> +				reinit_completion(&dspi->xfer_done);
> +
>  			dspi_fifo_write(dspi);
>
>  			if (dspi->irq) {
>  				wait_for_completion(&dspi->xfer_done);
> -				reinit_completion(&dspi->xfer_done);
>  			} else {
>  				do {
>  					status = dspi_poll(dspi);
>
> --
> 2.34.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ