From patchwork Thu Feb 11 18:08:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Saenz Julienne X-Patchwork-Id: 12083837 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-21.7 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5EFB1C433E0 for ; Thu, 11 Feb 2021 18:22:13 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 29B3264E13 for ; Thu, 11 Feb 2021 18:22:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231936AbhBKSLM (ORCPT ); Thu, 11 Feb 2021 13:11:12 -0500 Received: from mx2.suse.de ([195.135.220.15]:51450 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232662AbhBKSJJ (ORCPT ); Thu, 11 Feb 2021 13:09:09 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 60092AE87; Thu, 11 Feb 2021 18:08:27 +0000 (UTC) From: Nicolas Saenz Julienne To: Mark Brown , Robin Murphy Cc: Nicolas Saenz Julienne , Phil Elwell , linux-spi@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] spi: Skip zero-length transfers in spi_transfer_one_message() Date: Thu, 11 Feb 2021 19:08:20 +0100 Message-Id: <20210211180820.25757-1-nsaenzjulienne@suse.de> X-Mailer: git-send-email 2.30.0 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-spi@vger.kernel.org With the introduction of 26751de25d25 ("spi: bcm2835: Micro-optimise FIFO loops") it has become apparent that some users might initiate zero-length SPI transfers. A fact the micro-optimization omitted, and which turned out to cause crashes[1]. Instead of changing the micro-optimization itself, use a bigger hammer and skip zero-length transfers altogether for drivers using the default transfer_one_message() implementation. Reported-by: Phil Elwell Fixes: 26751de25d25 ("spi: bcm2835: Micro-optimise FIFO loops") Signed-off-by: Nicolas Saenz Julienne [1] https://github.com/raspberrypi/linux/issues/4100 --- NOTE: I've reviewed a bunch of drivers and couldn't find a compelling reason why zero-length transfers should be passed into them. But I might be missing something. drivers/spi/spi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c index 7745eec994fd..b08efe88ccd6 100644 --- a/drivers/spi/spi.c +++ b/drivers/spi/spi.c @@ -1269,7 +1269,7 @@ static int spi_transfer_one_message(struct spi_controller *ctlr, ptp_read_system_prets(xfer->ptp_sts); } - if (xfer->tx_buf || xfer->rx_buf) { + if ((xfer->tx_buf || xfer->rx_buf) && xfer->len) { reinit_completion(&ctlr->xfer_completion); fallback_pio: