* [PATCH] mtd: spi-nor: fsl-quadspi: Don't let -EINVAL on the bus
@ 2018-09-21 9:32 Ahmad Fatoum
2018-10-03 7:12 ` Boris Brezillon
0 siblings, 1 reply; 2+ messages in thread
From: Ahmad Fatoum @ 2018-09-21 9:32 UTC (permalink / raw)
To: Han Xu, Marek Vasut
Cc: David Woodhouse, Brian Norris, Boris Brezillon,
Richard Weinberger, linux-mtd, kernel, Ahmad Fatoum, stable
fsl_qspi_get_seqid() may return -EINVAL, but fsl_qspi_init_ahb_read()
doesn't check for error codes with the result that -EINVAL could find
itself signalled over the bus.
In conjunction with the LS1046A SoC's A-009283 errata
("Illegal accesses to SPI flash memory can result in a system hang")
this illegal access to SPI flash memory results in a system hang
if userspace attempts reading later on.
Avoid this by always checking fsl_qspi_get_seqid()'s return value
and bail out otherwise.
Cc: stable@vger.kernel.org
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
drivers/mtd/spi-nor/fsl-quadspi.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/drivers/mtd/spi-nor/fsl-quadspi.c b/drivers/mtd/spi-nor/fsl-quadspi.c
index 7d9620c7ff6c..1bb42e40c38b 100644
--- a/drivers/mtd/spi-nor/fsl-quadspi.c
+++ b/drivers/mtd/spi-nor/fsl-quadspi.c
@@ -543,6 +543,9 @@ fsl_qspi_runcmd(struct fsl_qspi *q, u8 cmd, unsigned int addr, int len)
/* trigger the LUT now */
seqid = fsl_qspi_get_seqid(q, cmd);
+ if (seqid < 0)
+ return seqid;
+
qspi_writel(q, (seqid << QUADSPI_IPCR_SEQID_SHIFT) | len,
base + QUADSPI_IPCR);
@@ -671,7 +674,7 @@ static void fsl_qspi_set_map_addr(struct fsl_qspi *q)
* causes the controller to clear the buffer, and use the sequence pointed
* by the QUADSPI_BFGENCR[SEQID] to initiate a read from the flash.
*/
-static void fsl_qspi_init_ahb_read(struct fsl_qspi *q)
+static int fsl_qspi_init_ahb_read(struct fsl_qspi *q)
{
void __iomem *base = q->iobase;
int seqid;
@@ -696,8 +699,12 @@ static void fsl_qspi_init_ahb_read(struct fsl_qspi *q)
/* Set the default lut sequence for AHB Read. */
seqid = fsl_qspi_get_seqid(q, q->nor[0].read_opcode);
+ if (seqid < 0)
+ return seqid;
+
qspi_writel(q, seqid << QUADSPI_BFGENCR_SEQID_SHIFT,
q->iobase + QUADSPI_BFGENCR);
+ return 0;
}
/* This function was used to prepare and enable QSPI clock */
@@ -805,9 +812,7 @@ static int fsl_qspi_nor_setup_last(struct fsl_qspi *q)
fsl_qspi_init_lut(q);
/* Init for AHB read */
- fsl_qspi_init_ahb_read(q);
-
- return 0;
+ return fsl_qspi_init_ahb_read(q);
}
static const struct of_device_id fsl_qspi_dt_ids[] = {
--
2.19.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] mtd: spi-nor: fsl-quadspi: Don't let -EINVAL on the bus
2018-09-21 9:32 [PATCH] mtd: spi-nor: fsl-quadspi: Don't let -EINVAL on the bus Ahmad Fatoum
@ 2018-10-03 7:12 ` Boris Brezillon
0 siblings, 0 replies; 2+ messages in thread
From: Boris Brezillon @ 2018-10-03 7:12 UTC (permalink / raw)
To: Ahmad Fatoum
Cc: Han Xu, Marek Vasut, David Woodhouse, Brian Norris,
Richard Weinberger, linux-mtd, kernel, stable
On Fri, 21 Sep 2018 11:32:53 +0200
Ahmad Fatoum <a.fatoum@pengutronix.de> wrote:
> fsl_qspi_get_seqid() may return -EINVAL, but fsl_qspi_init_ahb_read()
> doesn't check for error codes with the result that -EINVAL could find
> itself signalled over the bus.
>
> In conjunction with the LS1046A SoC's A-009283 errata
> ("Illegal accesses to SPI flash memory can result in a system hang")
> this illegal access to SPI flash memory results in a system hang
> if userspace attempts reading later on.
>
> Avoid this by always checking fsl_qspi_get_seqid()'s return value
> and bail out otherwise.
>
> Cc: stable@vger.kernel.org
> Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Added
Fixes: e46ecda764dc ("mtd: spi-nor: Add Freescale QuadSPI driver")
and queued it to spi-nor/next.
Thanks,
Boris
> ---
> drivers/mtd/spi-nor/fsl-quadspi.c | 13 +++++++++----
> 1 file changed, 9 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/mtd/spi-nor/fsl-quadspi.c b/drivers/mtd/spi-nor/fsl-quadspi.c
> index 7d9620c7ff6c..1bb42e40c38b 100644
> --- a/drivers/mtd/spi-nor/fsl-quadspi.c
> +++ b/drivers/mtd/spi-nor/fsl-quadspi.c
> @@ -543,6 +543,9 @@ fsl_qspi_runcmd(struct fsl_qspi *q, u8 cmd, unsigned int addr, int len)
>
> /* trigger the LUT now */
> seqid = fsl_qspi_get_seqid(q, cmd);
> + if (seqid < 0)
> + return seqid;
> +
> qspi_writel(q, (seqid << QUADSPI_IPCR_SEQID_SHIFT) | len,
> base + QUADSPI_IPCR);
>
> @@ -671,7 +674,7 @@ static void fsl_qspi_set_map_addr(struct fsl_qspi *q)
> * causes the controller to clear the buffer, and use the sequence pointed
> * by the QUADSPI_BFGENCR[SEQID] to initiate a read from the flash.
> */
> -static void fsl_qspi_init_ahb_read(struct fsl_qspi *q)
> +static int fsl_qspi_init_ahb_read(struct fsl_qspi *q)
> {
> void __iomem *base = q->iobase;
> int seqid;
> @@ -696,8 +699,12 @@ static void fsl_qspi_init_ahb_read(struct fsl_qspi *q)
>
> /* Set the default lut sequence for AHB Read. */
> seqid = fsl_qspi_get_seqid(q, q->nor[0].read_opcode);
> + if (seqid < 0)
> + return seqid;
> +
> qspi_writel(q, seqid << QUADSPI_BFGENCR_SEQID_SHIFT,
> q->iobase + QUADSPI_BFGENCR);
> + return 0;
> }
>
> /* This function was used to prepare and enable QSPI clock */
> @@ -805,9 +812,7 @@ static int fsl_qspi_nor_setup_last(struct fsl_qspi *q)
> fsl_qspi_init_lut(q);
>
> /* Init for AHB read */
> - fsl_qspi_init_ahb_read(q);
> -
> - return 0;
> + return fsl_qspi_init_ahb_read(q);
> }
>
> static const struct of_device_id fsl_qspi_dt_ids[] = {
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-10-03 13:59 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-09-21 9:32 [PATCH] mtd: spi-nor: fsl-quadspi: Don't let -EINVAL on the bus Ahmad Fatoum
2018-10-03 7:12 ` Boris Brezillon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).