| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251223100518.2383364-3-sashal@kernel.org>
Date: Tue, 23 Dec 2025 05:05:07 -0500
From: Sasha Levin <sashal@...nel.org>
To: patches@...ts.linux.dev,
stable@...r.kernel.org
Cc: Fei Shao <fshao@...omium.org>,
Mark Brown <broonie@...nel.org>,
Sasha Levin <sashal@...nel.org>,
matthias.bgg@...il.com,
angelogioacchino.delregno@...labora.com,
linux-spi@...r.kernel.org,
linux-kernel@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org,
linux-mediatek@...ts.infradead.org
Subject: [PATCH AUTOSEL 6.18-6.12] spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ
From: Fei Shao <fshao@...omium.org>
[ Upstream commit 8c04b77f87e6e321ae6acd28ce1de5553916153f ]
This driver is migrated to use threaded IRQ since commit 5972eb05ca32
("spi: spi-mt65xx: Use threaded interrupt for non-SPIMEM transfer"), and
we almost always want to disable the interrupt line to avoid excess
interrupts while the threaded handler is processing SPI transfer.
Use IRQF_ONESHOT for that purpose.
In practice, we see MediaTek devices show SPI transfer timeout errors
when communicating with ChromeOS EC in certain scenarios, and with
IRQF_ONESHOT, the issue goes away.
Signed-off-by: Fei Shao <fshao@...omium.org>
Link: https://patch.msgid.link/20251217101131.1975131-1-fshao@chromium.org
Signed-off-by: Mark Brown <broonie@...nel.org>
Signed-off-by: Sasha Levin <sashal@...nel.org>
---
LLM Generated explanations, may be completely bogus:
### 4. SCOPE AND RISK ASSESSMENT
- **Lines changed:** 1 line
- **Files touched:** 1 file
- **Complexity:** Trivially low - just a flag change
- **Risk:** Very low
The fix is:
- **Obviously correct**: IRQF_ONESHOT is the documented standard for
threaded interrupts
- **Small and contained**: One flag change
- **Fixes a real bug**: Transfer timeout errors on real hardware
Looking at the interrupt handler code:
- `mtk_spi_interrupt` returns `IRQ_WAKE_THREAD` for non-SPIMEM transfers
- Without IRQF_ONESHOT, the IRQ line stays enabled, allowing repeated
interrupts while the thread processes
- This causes race conditions on `mdata->state` and transfer handling,
leading to timeouts
### 5. USER IMPACT
- **Who is affected:** Users of MediaTek SPI devices, particularly
ChromeOS users with embedded controllers
- **Severity:** Medium-High - SPI transfer timeouts can cause
significant functionality issues
- **Real-world impact:** Confirmed on MediaTek devices communicating
with ChromeOS EC
### 6. DEPENDENCY CHECK
The prerequisite commit `5972eb05ca32` ("spi: spi-mt65xx: Use threaded
interrupt for non-SPIMEM transfer") was first included in **v6.12-rc1**.
This means:
- This fix is only applicable to 6.12.y stable trees and newer
- Older stable trees (6.6.y, 6.1.y, 5.15.y) don't have the threaded IRQ
code, so this fix doesn't apply
### 7. SUMMARY
| Criterion | Assessment |
|-----------|------------|
| Fixes real bug | ✅ Yes - SPI transfer timeouts |
| Obviously correct | ✅ Yes - standard pattern |
| Small and contained | ✅ Yes - 1 line change |
| Tested | ✅ Yes - real hardware testing |
| Risk | ✅ Very low |
| Dependencies | ✅ Clear - requires 5972eb05ca32 (v6.12+) |
### Conclusion
This commit is an excellent candidate for stable backporting:
1. **Fixes a real, user-visible bug**: SPI transfer timeouts on MediaTek
hardware
2. **Minimal change**: Single flag addition, no logic changes
3. **Obviously correct**: IRQF_ONESHOT is the proper pattern for
threaded IRQs with hardirq handlers that return IRQ_WAKE_THREAD
4. **Low risk**: Well-understood kernel mechanism with no side effects
5. **Tested**: Confirmed to resolve the issue on real ChromeOS EC
hardware
The only consideration is that this fix only applies to stable trees
with kernel 6.12 or later (which contain the prerequisite threaded IRQ
commit). For those trees, this is a straightforward, low-risk fix that
resolves real hardware issues.
**YES**
drivers/spi/spi-mt65xx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/spi/spi-mt65xx.c b/drivers/spi/spi-mt65xx.c
index 4b40985af1ea..90e5813cfdc3 100644
--- a/drivers/spi/spi-mt65xx.c
+++ b/drivers/spi/spi-mt65xx.c
@@ -1320,7 +1320,7 @@ static int mtk_spi_probe(struct platform_device *pdev)
ret = devm_request_threaded_irq(dev, irq, mtk_spi_interrupt,
mtk_spi_interrupt_thread,
- IRQF_TRIGGER_NONE, dev_name(dev), host);
+ IRQF_ONESHOT, dev_name(dev), host);
if (ret)
return dev_err_probe(dev, ret, "failed to register irq\n");
--
2.51.0
Powered by blists - more mailing lists