From: Mark Brown <broonie@kernel.org>
To: Lukas Wunner <lukas@wunner.de>
Cc: Joe Burmeister <joe.burmeister@devtank.co.uk>,
Florian Fainelli <f.fainelli@gmail.com>,
Ray Jui <rjui@broadcom.com>,
Scott Branden <sbranden@broadcom.com>,
bcm-kernel-feedback-list@broadcom.com, linux-spi@vger.kernel.org,
linux-rpi-kernel@lists.infradead.org,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, nsaenz@kernel.org,
phil@raspberrypi.com
Subject: Re: [PATCH] spi: bcm2835: Fix buffer overflow with CS able to go beyond limit.
Date: Tue, 4 May 2021 12:51:30 +0100 [thread overview]
Message-ID: <20210504115130.GA7094@sirena.org.uk> (raw)
In-Reply-To: <20210501195135.GA18501@wunner.de>
[-- Attachment #1: Type: text/plain, Size: 1693 bytes --]
On Sat, May 01, 2021 at 09:51:35PM +0200, Lukas Wunner wrote:
> On Fri, Apr 23, 2021 at 05:20:55PM +0100, Mark Brown wrote:
> > Part of the issue here is that there has been some variation in how
> > num_chipselect is interpreted with regard to GPIO based chip selects
> > over time. It *should* be redundant, I'm not clear why it's in the
> > generic bindings at all but that's lost to history AFAICT.
> It seems num_chipselect is meant to be set to the maximum number of
> *native* chipselects supported by the controller. Which is overwritten
> if GPIO chipselects are used.
This gets fun with the controllers that have for various reasons open
coded some or all of the GPIO chip select handling.
> I failed to appreciate that when I changed num_chipselects for
> spi-bcm2835.c with commit 571e31fa60b3. That single line change
> in the commit ought to be reverted.
> And the kernel-doc ought to be amended because the crucial detail
> that num_chipselect needs to be set to the maximum *native* chipselects
> isn't mentioned anywhere.
Can you send patches for these please?
> > The best thing would be to have it not have a single array of chip
> > select specific data and instead store everything in the controller_data
> > that's there per-device.
> Unfortunately that's non-trivial. The slave-specific data is DMA-mapped.
> It could be DMA-mapped in ->setup but there's no ->unsetup to DMA-unmap
> the memory once the slave is removed. Note that the slave could be removed
> dynamically with a DT overlay, not just when the controller is unbound.
> So we'd need a new ->unsetup hook at the very least to make this work.
There's the cleanup() callback which seems to fit?
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: Mark Brown <broonie@kernel.org>
To: Lukas Wunner <lukas@wunner.de>
Cc: Joe Burmeister <joe.burmeister@devtank.co.uk>,
Florian Fainelli <f.fainelli@gmail.com>,
Ray Jui <rjui@broadcom.com>,
Scott Branden <sbranden@broadcom.com>,
bcm-kernel-feedback-list@broadcom.com, linux-spi@vger.kernel.org,
linux-rpi-kernel@lists.infradead.org,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, nsaenz@kernel.org,
phil@raspberrypi.com
Subject: Re: [PATCH] spi: bcm2835: Fix buffer overflow with CS able to go beyond limit.
Date: Tue, 4 May 2021 12:51:30 +0100 [thread overview]
Message-ID: <20210504115130.GA7094@sirena.org.uk> (raw)
In-Reply-To: <20210501195135.GA18501@wunner.de>
[-- Attachment #1.1: Type: text/plain, Size: 1693 bytes --]
On Sat, May 01, 2021 at 09:51:35PM +0200, Lukas Wunner wrote:
> On Fri, Apr 23, 2021 at 05:20:55PM +0100, Mark Brown wrote:
> > Part of the issue here is that there has been some variation in how
> > num_chipselect is interpreted with regard to GPIO based chip selects
> > over time. It *should* be redundant, I'm not clear why it's in the
> > generic bindings at all but that's lost to history AFAICT.
> It seems num_chipselect is meant to be set to the maximum number of
> *native* chipselects supported by the controller. Which is overwritten
> if GPIO chipselects are used.
This gets fun with the controllers that have for various reasons open
coded some or all of the GPIO chip select handling.
> I failed to appreciate that when I changed num_chipselects for
> spi-bcm2835.c with commit 571e31fa60b3. That single line change
> in the commit ought to be reverted.
> And the kernel-doc ought to be amended because the crucial detail
> that num_chipselect needs to be set to the maximum *native* chipselects
> isn't mentioned anywhere.
Can you send patches for these please?
> > The best thing would be to have it not have a single array of chip
> > select specific data and instead store everything in the controller_data
> > that's there per-device.
> Unfortunately that's non-trivial. The slave-specific data is DMA-mapped.
> It could be DMA-mapped in ->setup but there's no ->unsetup to DMA-unmap
> the memory once the slave is removed. Note that the slave could be removed
> dynamically with a DT overlay, not just when the controller is unbound.
> So we'd need a new ->unsetup hook at the very least to make this work.
There's the cleanup() callback which seems to fit?
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
[-- Attachment #2: Type: text/plain, Size: 176 bytes --]
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-05-04 11:52 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-20 8:34 [PATCH] spi: bcm2835: Fix buffer overflow with CS able to go beyond limit Joe Burmeister
2021-04-20 8:34 ` Joe Burmeister
2021-04-22 16:42 ` Mark Brown
2021-04-22 16:42 ` Mark Brown
2021-04-22 16:50 ` Florian Fainelli
2021-04-22 16:50 ` Florian Fainelli
2021-04-22 20:10 ` Joe Burmeister
2021-04-22 20:10 ` Joe Burmeister
2021-04-22 23:49 ` Florian Fainelli
2021-04-22 23:49 ` Florian Fainelli
2021-04-23 10:03 ` Joe Burmeister
2021-04-23 10:03 ` Joe Burmeister
2021-04-23 11:57 ` Mark Brown
2021-04-23 11:57 ` Mark Brown
2021-04-23 14:12 ` Joe Burmeister
2021-04-23 14:12 ` Joe Burmeister
2021-04-23 16:20 ` Mark Brown
2021-04-23 16:20 ` Mark Brown
2021-04-23 17:34 ` Nicolas Saenz Julienne
2021-04-23 17:34 ` Nicolas Saenz Julienne
2021-05-01 19:51 ` Lukas Wunner
2021-05-04 11:51 ` Mark Brown [this message]
2021-05-04 11:51 ` Mark Brown
2021-05-04 13:53 ` Lukas Wunner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210504115130.GA7094@sirena.org.uk \
--to=broonie@kernel.org \
--cc=bcm-kernel-feedback-list@broadcom.com \
--cc=f.fainelli@gmail.com \
--cc=joe.burmeister@devtank.co.uk \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rpi-kernel@lists.infradead.org \
--cc=linux-spi@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=nsaenz@kernel.org \
--cc=phil@raspberrypi.com \
--cc=rjui@broadcom.com \
--cc=sbranden@broadcom.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.