Re: [PATCH] spi: spi-geni-qcom: Fix NULL pointer access in geni_spi_isr

Hi, On Fri, Dec 11, 2020 at 5:32 PM Stephen Boyd wrote: > > Quoting Doug Anderson (2020-12-10 17:51:53) > > Hi, > > > > On Thu, Dec 10, 2020 at 5:39 PM Stephen Boyd wrote: > > > > > > Quoting Doug Anderson (2020-12-10 17:30:17) > > > > On Thu, Dec 10, 2020 at 5:21 PM Stephen Boyd > > > > wrote

Re: [PATCH] spi: spi-geni-qcom: Fix NULL pointer access in geni_spi_isr

Quoting Doug Anderson (2020-12-10 17:51:53) > Hi, > > On Thu, Dec 10, 2020 at 5:39 PM Stephen Boyd wrote: > > > > Quoting Doug Anderson (2020-12-10 17:30:17) > > > On Thu, Dec 10, 2020 at 5:21 PM Stephen Boyd wrote: > > > > > > > > Yeah and so if it comes way later because it timed out then what

Re: [PATCH] spi: spi-geni-qcom: Fix NULL pointer access in geni_spi_isr

Hi, On Thu, Dec 10, 2020 at 5:39 PM Stephen Boyd wrote: > > Quoting Doug Anderson (2020-12-10 17:30:17) > > On Thu, Dec 10, 2020 at 5:21 PM Stephen Boyd wrote: > > > > > > Yeah and so if it comes way later because it timed out then what's the > > > point of calling synchronize_irq() again? To ma

Re: [PATCH] spi: spi-geni-qcom: Fix NULL pointer access in geni_spi_isr

Quoting Doug Anderson (2020-12-10 17:30:17) > On Thu, Dec 10, 2020 at 5:21 PM Stephen Boyd wrote: > > > > Yeah and so if it comes way later because it timed out then what's the > > point of calling synchronize_irq() again? To make the completion > > variable set when it won't be tested again until

Re: [PATCH] spi: spi-geni-qcom: Fix NULL pointer access in geni_spi_isr

Hi, On Thu, Dec 10, 2020 at 5:21 PM Stephen Boyd wrote: > > > > I guess I'm not convinced that the hardware is so bad that it cancels > > > and aborts the sequencer, raises an irq for that, and then raises an irq > > > for the earlier rx/tx that the sequencer canceled out. Is that > > > happening

Re: [PATCH] spi: spi-geni-qcom: Fix NULL pointer access in geni_spi_isr

Quoting Doug Anderson (2020-12-10 17:04:06) > On Thu, Dec 10, 2020 at 4:51 PM Stephen Boyd wrote: > > > > I'm worried about the buffer disappearing if spi core calls handle_err() > > but the geni_spi_isr() handler runs both an rx and a cancel/abort > > routine. That doesn't seem to be the case tho

Re: [PATCH] spi: spi-geni-qcom: Fix NULL pointer access in geni_spi_isr

Hi, On Thu, Dec 10, 2020 at 4:51 PM Stephen Boyd wrote: > > Quoting Doug Anderson (2020-12-10 15:50:04) > > Hi, > > > > On Thu, Dec 10, 2020 at 3:32 PM Stephen Boyd wrote: > > > > > > Quoting Doug Anderson (2020-12-10 15:07:39) > > > > Hi, > > > > > > > > On Thu, Dec 10, 2020 at 2:58 PM Stephen

Re: [PATCH] spi: spi-geni-qcom: Fix NULL pointer access in geni_spi_isr

Quoting Doug Anderson (2020-12-10 15:50:04) > Hi, > > On Thu, Dec 10, 2020 at 3:32 PM Stephen Boyd wrote: > > > > Quoting Doug Anderson (2020-12-10 15:07:39) > > > Hi, > > > > > > On Thu, Dec 10, 2020 at 2:58 PM Stephen Boyd wrote: > > > > right? It will only ensure that other irq handlers have

Re: [PATCH] spi: spi-geni-qcom: Fix NULL pointer access in geni_spi_isr

Hi, On Thu, Dec 10, 2020 at 3:32 PM Stephen Boyd wrote: > > Quoting Doug Anderson (2020-12-10 15:07:39) > > Hi, > > > > On Thu, Dec 10, 2020 at 2:58 PM Stephen Boyd wrote: > > > right? It will only ensure that other irq handlers have completed, which > > > may be a problem, but not the only one.

Re: [PATCH] spi: spi-geni-qcom: Fix NULL pointer access in geni_spi_isr

Quoting Doug Anderson (2020-12-10 15:07:39) > Hi, > > On Thu, Dec 10, 2020 at 2:58 PM Stephen Boyd wrote: > > right? It will only ensure that other irq handlers have completed, which > > may be a problem, but not the only one. > > > > TL;DR: Peek at the irq status register in the timeout logic an

Re: [PATCH] spi: spi-geni-qcom: Fix NULL pointer access in geni_spi_isr

Hi, On Thu, Dec 10, 2020 at 2:58 PM Stephen Boyd wrote: > > Quoting Doug Anderson (2020-12-10 09:14:15) > > > > This is my untested belief of what's happening > > > > CPU0CPU1 > > > > s

Re: [PATCH] spi: spi-geni-qcom: Fix NULL pointer access in geni_spi_isr

Quoting Doug Anderson (2020-12-10 09:14:15) > > This is my untested belief of what's happening > > CPU0CPU1 > > setup_fifo_xfer() > ... >

Re: [PATCH] spi: spi-geni-qcom: Fix NULL pointer access in geni_spi_isr

Hi, On Wed, Dec 9, 2020 at 7:17 PM Stephen Boyd wrote: > > Quoting Doug Anderson (2020-12-03 08:40:46) > > > I would guess that if "mas->cur_xfer" is NULL then > > geni_spi_handle_rx() should read all data in the FIFO and throw it > > away and geni_spi_handle_tx() should set SE_GENI_TX_WATERMARK_

Re: [PATCH] spi: spi-geni-qcom: Fix NULL pointer access in geni_spi_isr

Quoting Doug Anderson (2020-12-03 08:40:46) > I would guess that if "mas->cur_xfer" is NULL then > geni_spi_handle_rx() should read all data in the FIFO and throw it > away and geni_spi_handle_tx() should set SE_GENI_TX_WATERMARK_REG to > 0. NOTE: I _think_ that with the synchronize_irq() I'm sug

Re: [PATCH] spi: spi-geni-qcom: Fix NULL pointer access in geni_spi_isr

Hi, On Wed, Dec 2, 2020 at 11:45 PM Roja Rani Yarubandi wrote: > > Here, there is a chance of race condition occurrence which leads to > NULL pointer dereference with struct spi_geni_master member 'cur_xfer' > between setup_fifo_xfer() and handle_fifo_timeout() functions. > > Fix this race condit

[PATCH] spi: spi-geni-qcom: Fix NULL pointer access in geni_spi_isr

Here, there is a chance of race condition occurrence which leads to NULL pointer dereference with struct spi_geni_master member 'cur_xfer' between setup_fifo_xfer() and handle_fifo_timeout() functions. Fix this race condition with guarding the 'cur_xfer' where it gets updated, with spin_lock_irq/s