- 07 Dec, 2020 16 commits
-
-
Lukas Wunner authored
If the call to devm_spi_register_master() fails on probe of the NPCM FIU SPI driver, the clock "fiu->clk" is erroneously not unprepared and disabled. Fix it. Fixes: ace55c41 ("spi: npcm-fiu: add NPCM FIU controller driver") Signed-off-by:
Lukas Wunner <lukas@wunner.de> Cc: <stable@vger.kernel.org> # v5.4+ Cc: Tomer Maimon <tmaimon77@gmail.com> Link: https://lore.kernel.org/r/9ae62f4e1cfe542bec57ac2743e6fca9f9548f55.1607286887.git.lukas@wunner.deSigned-off-by:
Mark Brown <broonie@kernel.org>
-
Lukas Wunner authored
If the call to devm_spi_register_controller() fails on probe of the Qualcomm Atheros AR934x/QCA95xx SPI driver, the spi_controller struct is erroneously not freed. Fix by switching over to the new devm_spi_alloc_master() helper. Moreover, the controller's clock is enabled on probe but not disabled if any of the subsequent probe steps fail. Finally, there's an ordering issue in ar934x_spi_remove() wherein the clock is disabled even though the controller is not yet unregistered. It is unregistered after ar934x_spi_remove() by the devres framework. As long as it is not unregistered, SPI transfers may still be ongoing and disabling the clock may break them. It is not possible to use devm_spi_register_controller() in this case, so move to the non-devm variant. All of these bugs have existed since the driver was first introduced, so it seems fair to fix them together in a single commit. Fixes: 047980c5 ("spi: add driver for ar934x spi controller") Signed-off-by:
-
Lukas Wunner authored
If the calls to device_reset() or devm_spi_register_controller() fail on probe of the MediaTek MT7621 SPI driver, the spi_controller struct is erroneously not freed. Fix by switching over to the new devm_spi_alloc_master() helper. Additionally, there's an ordering issue in mt7621_spi_remove() wherein the spi_controller is unregistered after disabling the SYS clock. The correct order is to call spi_unregister_controller() *before* this teardown step because bus accesses may still be ongoing until that function returns. All of these bugs have existed since the driver was first introduced, so it seems fair to fix them together in a single commit. Fixes: 1ab7f2a4 ("staging: mt7621-spi: add mt7621 support") Signed-off-by:
Stefan Roese <sr@denx.de> Cc: <stable@vger.kernel.org> # v4.17+: 5e844cc3: spi: Introduce device-managed SPI controller allocation Cc: <stable@vger.kernel.org> # v4.17+ Link: https://lore.kernel.org/r/72b680796149f5fcda0b3f530ffb7ee73b04f224.1607286887.git.lukas@wunner.deSigned-off-by:
-
Lukas Wunner authored
Commit 702b15cb ("spi: mt7621: fix missing clk_disable_unprepare() on error in mt7621_spi_probe") sought to disable the SYS clock on probe errors, but only did so for 2 of 3 potentially failing calls: The clock needs to be disabled on failure of devm_spi_register_controller() as well. Moreover, the commit purports to fix a bug in commit cbd66c62 ("spi: mt7621: Move SPI driver out of staging") but in reality the bug has existed since the driver was first introduced. Fixes: 1ab7f2a4 ("staging: mt7621-spi: add mt7621 support") Signed-off-by:
-
Lukas Wunner authored
If the call to spi_register_master() fails on probe of the NetUP Universal DVB driver, the spi_master struct is erroneously not freed. Likewise, if spi_new_device() fails, the spi_controller struct is not unregistered. Plug the leaks. While at it, fix an ordering issue in netup_spi_release() wherein spi_unregister_master() is called after fiddling with the IRQ control register. The correct order is to call spi_unregister_master() *before* this teardown step because bus accesses may still be ongoing until that function returns. Fixes: 52b1eaf4 ("[media] netup_unidvb: NetUP Universal DVB-S/S2/T/T2/C PCI-E card driver") Signed-off-by:
Mauro Carvalho Chehab <mchehab+huawei@kernel.org> Cc: <stable@vger.kernel.org> # v4.3+: 5e844cc3: spi: Introduce device-managed SPI controller allocation Cc: <stable@vger.kernel.org> # v4.3+ Cc: Kozlov Sergey <serjk@netup.ru> Link: https://lore.kernel.org/r/c4c24f333fc7840f4a3db24789e6e10dd660bede.1607286887.git.lukas@wunner.deSigned-off-by:
-
Lukas Wunner authored
If the call to devm_gpiod_get_optional() fails on probe of the NXP SC18IS602/603 SPI driver, the spi_master struct is erroneously not freed. Fix by switching over to the new devm_spi_alloc_master() helper. Fixes: f9900801 ("spi: sc18is602: Add reset control via gpio pin.") Signed-off-by:
-
Lukas Wunner authored
If the calls to devm_clk_get(), devm_spi_register_master() or clk_prepare_enable() fail on probe of the Mikrotik RB4xx SPI driver, the spi_master struct is erroneously not freed. Fix by switching over to the new devm_spi_alloc_master() helper. Fixes: 05aec357 ("spi: Add SPI driver for Mikrotik RB4xx series boards") Signed-off-by:
-
Lukas Wunner authored
If the call to devm_spi_register_master() fails on probe of the GPIO SPI driver, the spi_master struct is erroneously not freed: After allocating the spi_master, its reference count is 1. The driver unconditionally decrements the reference count on unbind using a devm action. Before calling devm_spi_register_master(), the driver unconditionally increments the reference count because on success, that function will decrement the reference count on unbind. However on failure, devm_spi_register_master() does *not* decrement the reference count, so the spi_master is leaked. The issue was introduced by commits 8b797490 ("spi: gpio: Make sure spi_master_put() is called in every error path") and 79567c1a ("spi: gpio: Use devm_spi_register_master()"), which sought to plug leaks introduced by 9b00bc7b ("spi: spi-gpio: Rewrite to use GPIO descriptors") but missed this remaining leak. The situation was later aggravated by commit d3b0ffa1 ("spi: gpio: prevent memory leak in spi_gpio_probe"), which introduced a use-after-free because it releases a reference on the spi_master if devm_add_action_or_reset() fails even though the function already does that. Fix by switching over to the new devm_spi_alloc_master() helper. Fixes: 9b00bc7b ("spi: spi-gpio: Rewrite to use GPIO descriptors") Signed-off-by:
Linus Walleij <linus.walleij@linaro.org> Cc: <stable@vger.kernel.org> # v4.17+: 5e844cc3: spi: Introduce device-managed SPI controller allocation Cc: <stable@vger.kernel.org> # v5.1-: 8b797490: spi: gpio: Make sure spi_master_put() is called in every error path Cc: <stable@vger.kernel.org> # v5.1-: 45beec35: spi: bitbang: Introduce spi_bitbang_init() Cc: <stable@vger.kernel.org> # v5.1-: 79567c1a: spi: gpio: Use devm_spi_register_master() Cc: <stable@vger.kernel.org> # v5.4-: d3b0ffa1: spi: gpio: prevent memory leak in spi_gpio_probe Cc: <stable@vger.kernel.org> # v4.17+ Cc: Navid Emamdoost <navid.emamdoost@gmail.com> Cc: Andrey Smirnov <andrew.smirnov@gmail.com> Link: https://lore.kernel.org/r/86eaed27431c3d709e3748eb76ceecbfc790dd37.1607286887.git.lukas@wunner.deSigned-off-by:
-
Lukas Wunner authored
If the call to devm_spi_register_controller() fails on probe of the MediaTek SPI NOR driver, the spi_controller struct is erroneously not freed. Since commit a1daaa99 ("spi: spi-mtk-nor: use dma_alloc_coherent() for bounce buffer"), the same happens if the call to dmam_alloc_coherent() fails. Since commit 3bfd9103 ("spi: spi-mtk-nor: Add power management support"), the same happens if the call to mtk_nor_enable_clk() fails. Fix by switching over to the new devm_spi_alloc_master() helper. Fixes: 881d1ee9 ("spi: add support for mediatek spi-nor controller") Signed-off-by:
Ikjoon Jang <ikjn@chromium.org> Cc: <stable@vger.kernel.org> # v5.7+: 5e844cc3: spi: Introduce device-managed SPI controller allocation Cc: <stable@vger.kernel.org> # v5.7+ Cc: Chuanhong Guo <gch981213@gmail.com> Link: https://lore.kernel.org/r/d5b9f0289465394e73dedb8ec51e180a8f1dffc9.1607286887.git.lukas@wunner.deSigned-off-by:
-
Lukas Wunner authored
If the calls to devm_clk_get() or devm_ioremap_resource() fail on probe of the Macronix SPI driver, the spi_master struct is erroneously not freed. Fix by switching over to the new devm_spi_alloc_master() helper. Fixes: b942d80b ("spi: Add MXIC controller driver") Signed-off-by:
-
Lukas Wunner authored
rpcif_spi_remove() accesses the driver's private data after calling spi_unregister_controller() even though that function releases the last reference on the spi_controller and thereby frees the private data. Fix by switching over to the new devm_spi_alloc_master() helper which keeps the private data accessible until the driver has unbound. Fixes: eb8d6d46 ("spi: add Renesas RPC-IF driver") Signed-off-by:
-
Lukas Wunner authored
pxa2xx_spi_remove() accesses the driver's private data after calling spi_unregister_controller() even though that function releases the last reference on the spi_controller and thereby frees the private data. Fix by switching over to the new devm_spi_alloc_master/slave() helper which keeps the private data accessible until the driver has unbound. Fixes: 32e5b572 ("spi: pxa2xx: Fix controller unregister order") Signed-off-by:
-
Lukas Wunner authored
spi_sh_remove() accesses the driver's private data after calling spi_unregister_master() even though that function releases the last reference on the spi_master and thereby frees the private data. Fix by switching over to the new devm_spi_alloc_master() helper which keeps the private data accessible until the driver has unbound. Fixes: 680c1305 ("spi/spi_sh: use spi_unregister_master instead of spi_master_put in remove path") Signed-off-by:
-
Lukas Wunner authored
qcom_qspi_remove() accesses the driver's private data after calling spi_unregister_master() even though that function releases the last reference on the spi_master and thereby frees the private data. Fix by switching over to the new devm_spi_alloc_master() helper which keeps the private data accessible until the driver has unbound. Fixes: f79a158d ("spi: spi-qcom-qspi: Use OPP API to set clk/perf state") Signed-off-by:
-
Lukas Wunner authored
spi_geni_remove() accesses the driver's private data after calling spi_unregister_master() even though that function releases the last reference on the spi_master and thereby frees the private data. Moreover, since commit 1a9e489e ("spi: spi-geni-qcom: Use OPP API to set clk/perf state"), spi_geni_probe() leaks the spi_master allocation if the calls to dev_pm_opp_set_clkname() or dev_pm_opp_of_add_table() fail. Fix by switching over to the new devm_spi_alloc_master() helper which keeps the private data accessible until the driver has unbound and also avoids the spi_master leak on probe. Fixes: 561de45f ("spi: spi-geni-qcom: Add SPI driver support for GENI based QUP") Signed-off-by:
-
Lukas Wunner authored
davinci_spi_remove() accesses the driver's private data after it's been freed with spi_master_put(). Fix by moving the spi_master_put() to the end of the function. Fixes: fe5fd254 ("spi: davinci: Use dma_request_chan() for requesting DMA channel") Signed-off-by:
Peter Ujfalusi <peter.ujfalusi@ti.com> Cc: <stable@vger.kernel.org> # v4.7+ Link: https://lore.kernel.org/r/412f7eb1cf8990e0a3a2153f4c577298deab623e.1607286887.git.lukas@wunner.deSigned-off-by:
-
- 04 Dec, 2020 1 commit
-
-
Jarkko Nikula authored
Add support for LPSS SPI on Intel Alder Lake. It has four LPSS SPI controllers each having two chip selects. Signed-off-by:
Jarkko Nikula <jarkko.nikula@linux.intel.com> Link: https://lore.kernel.org/r/20201204082409.183700-1-jarkko.nikula@linux.intel.comSigned-off-by:
-
- 27 Nov, 2020 2 commits
-
-
Mark Brown authored
Merge branch 'for-5.10' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi into spi-5.11
-
Serge Semin authored
I mistakenly added the select attributes to the SPI_DW_BT1_DIRMAP config instead of having them defined in SPI_DW_BT1. If the kernel doesn't have the MULTIPLEXER and MUX_MMIO configs manually enabled and the SPI_DW_BT1_DIRMAP config hasn't been selected, Baikal-T1 SPI device will always fail to be probed by the driver. Fix that and the error reported by the test robot: >> ld.lld: error: undefined symbol: devm_mux_control_get >>> referenced by spi-dw-bt1.c >>> spi/spi-dw-bt1.o:(dw_spi_bt1_sys_init) in archive drivers/built-in.a by moving the MULTIPLEXER/MUX_MMIO configs selection to the SPI_DW_BT1 config. Link: https://lore.kernel.org/lkml/202011161745.uYRlekse-lkp@intel.com/ Link: https://lore.kernel.org/linux-spi/20201116040721.8001-1-rdunlap@infradead.org/ Fixes: abf00907 ("spi: dw: Add Baikal-T1 SPI Controller glue driver") Reported-by:
kernel test robot <lkp@intel.com> Signed-off-by:
Serge Semin <Sergey.Semin@baikalelectronics.ru> Cc: Randy Dunlap <rdunlap@infradead.org> Cc: Ramil Zaripov <Ramil.Zaripov@baikalelectronics.ru> Link: https://lore.kernel.org/r/20201127144612.4204-1-Sergey.Semin@baikalelectronics.ruSigned-off-by:
-
- 25 Nov, 2020 2 commits
-
-
Tian Tao authored
fixed the coccicheck: drivers/spi/spi-dw-bt1.c:220:27-30: ERROR: Missing resource_size with mem. Signed-off-by:
Tian Tao <tiantao6@hisilicon.com> Acked-by:
Serge Semin <fancer.lancer@gmail.com> Link: https://lore.kernel.org/r/1606114975-31362-1-git-send-email-tiantao6@hisilicon.comSigned-off-by:
-
Lars Povlsen authored
When SPI DW memory ops support was introduced, there was a check for excluding controllers which supplied their own CS function. Even so, the mem_ops pointer is *always* presented to the SPI core. This causes the SPI core sanity check in spi_controller_check_ops() to refuse registration, since a mem_ops pointer is being supplied without an exec_op member function. The end result is failure of the SPI DW driver on sparx5 and similar platforms. The fix in the core SPI DW driver is to avoid presenting the mem_ops pointer if the exec_op function is not set. Fixes: 6423207e (spi: dw: Add memory operations support) Signed-off-by:
Lars Povlsen <lars.povlsen@microchip.com> Acked-by:
-
- 24 Nov, 2020 2 commits
-
-
Marek Szyprowski authored
Shutdown bus function might be called on the unbound device, so add a check if there is a driver before calling its shutdown function. This fixes following kernel panic obserbed during system reboot: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018 ... Call trace: spi_shutdown+0x10/0x38 kernel_restart_prepare+0x34/0x40 kernel_restart+0x14/0x88 __do_sys_reboot+0x148/0x248 __arm64_sys_reboot+0x1c/0x28 el0_svc_common.constprop.3+0x74/0x198 do_el0_svc+0x20/0x98 el0_sync_handler+0x140/0x1a8 el0_sync+0x140/0x180 Code: f9403402 d1008041 f100005f 9a9f1021 (f9400c21) ---[ end trace 266c07205a2d632e ]--- Fixes: 9db34ee6 (spi: Use bus_type functions for probe, remove and shutdown) Signed-off-by:
Marek Szyprowski <m.szyprowski@samsung.com> Link: https://lore.kernel.org/r/20201124131523.32287-1-m.szyprowski@samsung.comSigned-off-by:
-
Clark Wang authored
If set active without increase the usage count of pm, the dont use autosuspend function will call the suspend callback to close the two clocks of spi because the usage count is reduced to -1. This will cause the warning dump below when the defer-probe occurs. [ 129.379701] ecspi2_root_clk already disabled [ 129.384005] WARNING: CPU: 1 PID: 33 at drivers/clk/clk.c:952 clk_core_disable+0xa4/0xb0 So add the get noresume function before set active. Fixes: 43b6bf40 spi: imx: fix runtime pm support for !CONFIG_PM Signed-off-by:
Clark Wang <xiaoning.wang@nxp.com> Link: https://lore.kernel.org/r/20201124085247.18025-1-xiaoning.wang@nxp.comSigned-off-by:
-
- 23 Nov, 2020 2 commits
-
-
Qing Zhang authored
Simplify this function implementation by using a known wrapper function. Signed-off-by:
Qing Zhang <zhangqing@loongson.cn> Link: https://lore.kernel.org/r/1605930231-19448-1-git-send-email-zhangqing@loongson.cnSigned-off-by:
-
Ran Wang authored
Given the case that bootloader(such as UEFI)'s FSPI driver might not handle all interrupts before loading kernel, those legacy interrupts would assert immidiately once kernel's FSPI driver enable them. Further, if it was FSPI_INTR_IPCMDDONE, the irq handler nxp_fspi_irq_handler() would call complete(&f->c) to notify others. However, f->c might not be initialized yet at that time, then cause kernel panic. Of cause, we should fix this issue within bootloader. But it would be better to have this pacth to make dirver more robust (by clearing all interrupt status bits before enabling interrupts). Suggested-by:
Han Xu <han.xu@nxp.com> Signed-off-by:
Ran Wang <ran.wang_1@nxp.com> Link: https://lore.kernel.org/r/20201123025715.14635-1-ran.wang_1@nxp.comSigned-off-by:
-
- 20 Nov, 2020 4 commits
-
-
Serge Semin authored
I've discovered that due to the recent commit 49d7d695 ("spi: dw: Explicitly de-assert CS on SPI transfer completion") a concurrent usage of the spidev devices with different chip-selects causes the "SPI transfer timed out" error. The root cause of the problem has turned to be in a race condition of the SPI-transfer execution procedure and the spi_setup() method being called at the same time. In particular in calling the spi_set_cs(false) while there is an SPI-transfer being executed. In my case due to the commit cited above all CSs get to be switched off by calling the spi_setup() for /dev/spidev0.1 while there is an concurrent SPI-transfer execution performed on /dev/spidev0.0. Of course a situation of the spi_setup() being called while there is an SPI-transfer being executed for two different SPI peripheral devices of the same controller may happen not only for the spidev driver, but for instance for MMC SPI + some another device, or spi_setup() being called from an SPI-peripheral probe method while some other device has already been probed and is being used by a corresponding driver... Of course I could have provided a fix affecting the DW APB SSI driver only, for instance, by creating a mutual exclusive access to the set_cs callback and setting/clearing only the bit responsible for the corresponding chip-select. But after a short research I've discovered that the problem most likely affects a lot of the other drivers: - drivers/spi/spi-sun4i.c - RMW the chip-select register; - drivers/spi/spi-rockchip.c - RMW the chip-select register; - drivers/spi/spi-qup.c - RMW a generic force-CS flag in a CSR. - drivers/spi/spi-sifive.c - set a generic CS-mode flag in a CSR. - drivers/spi/spi-bcm63xx-hsspi.c - uses an internal mutex to serialize the bus config changes, but still isn't protected from the race condition described above; - drivers/spi/spi-geni-qcom.c - RMW a chip-select internal flag and set the CS state in HW; - drivers/spi/spi-orion.c - RMW a chip-select register; - drivers/spi/spi-cadence.c - RMW a chip-select register; - drivers/spi/spi-armada-3700.c - RMW a chip-select register; - drivers/spi/spi-lantiq-ssc.c - overwrites the chip-select register; - drivers/spi/spi-sun6i.c - RMW a chip-select register; - drivers/spi/spi-synquacer.c - RMW a chip-select register; - drivers/spi/spi-altera.c - directly sets the chip-select state; - drivers/spi/spi-omap2-mcspi.c - RMW an internally cached CS state and writes it to HW; - drivers/spi/spi-mt65xx.c - RMW some CSR; - drivers/spi/spi-jcore.c - directly sets the chip-selects state; - drivers/spi/spi-mt7621.c - RMW a chip-select register; I could have missed some drivers, but a scale of the problem is obvious. As you can see most of the drivers perform an unprotected Read-modify-write chip-select register modification in the set_cs callback. Seeing the spi_setup() function is calling the spi_set_cs() and it can be executed concurrently with SPI-transfers exec procedure, which also calls spi_set_cs() in the SPI core spi_transfer_one_message() method, the race condition of the register modification turns to be obvious. To sum up the problem denoted above affects each driver for a controller having more than one chip-select lane and which: 1) performs the RMW to some CS-related register with no serialization; 2) directly disables any CS on spi_set_cs(dev, false). * the later is the case of the DW APB SSI driver. The controllers which equipped with a single CS theoretically can also experience the problem, but in practice will not since normally the spi_setup() isn't called concurrently with the SPI-transfers executed on the same SPI peripheral device. In order to generically fix the denoted bug I'd suggest to serialize an access to the controller IO by taking the IO mutex in the spi_setup() callback. The mutex is held while there is an SPI communication going on on the SPI-bus of the corresponding SPI-controller. So calling the spi_setup() method and disabling/updating the CS state within it would be safe while there is no any SPI-transfers being executed. Also note I suppose it would be safer to protect the spi_controller->setup() callback invocation too, seeing some of the SPI-controller drivers update a HW state in there. Fixes: 49d7d695 ("spi: dw: Explicitly de-assert CS on SPI transfer completion") Signed-off-by:
-
Uwe Kleine-König authored
The driver core ignores the return value of struct device_driver::remove (because in general there is nothing that can be done about that). So add a warning when an spi driver returns an error. This simplifies the quest to make struct device_driver::remove return void. A consequent change would be to make struct spi_driver::remove return void, but I'm keeping this quest for later (or someone else). Signed-off-by:
Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Link: https://lore.kernel.org/r/20201119161604.2633521-3-u.kleine-koenig@pengutronix.deSigned-off-by:
-
Uwe Kleine-König authored
The eventual goal is to get rid of the callbacks in struct device_driver. Other than not using driver callbacks there should be no side effect of this patch. Signed-off-by:
-
Uwe Kleine-König authored
Consider an spi driver with a .probe but without a .remove callback (e.g. rtc-ds1347). The function spi_drv_probe() is called to bind a device and so dev_pm_domain_attach() is called. As there is no remove callback spi_drv_remove() isn't called at unbind time however and so calling dev_pm_domain_detach() is missed and the pm domain keeps active. To fix this always use both spi_drv_probe() and spi_drv_remove() and make them handle the respective callback not being set. This has the side effect that for a (hypothetical) driver that has neither .probe nor remove the clk and pm domain setup is done. Fixes: 33cf00e5 ("spi: attach/detach SPI device to the ACPI power domain") Signed-off-by:
-
- 18 Nov, 2020 1 commit
-
-
Zhang Qilong authored
pm_runtime_get_sync will increment pm usage counter even it failed. Forgetting to pm_runtime_put_noidle will result in reference leak in mxs_spi_probe, so we should fix it. Fixes: b7969caf ("spi: mxs: implement runtime pm") Signed-off-by:
Zhang Qilong <zhangqilong3@huawei.com> Link: https://lore.kernel.org/r/20201106012421.95420-1-zhangqilong3@huawei.comSigned-off-by:
-
- 17 Nov, 2020 3 commits
-
-
Fabio Estevam authored
Since 5.10-rc1 i.MX is a devicetree-only platform and the existing .id_table support in this driver was only useful for old non-devicetree platforms. Signed-off-by:
Fabio Estevam <festevam@gmail.com> Link: https://lore.kernel.org/r/20201116202606.29888-1-festevam@gmail.comSigned-off-by:
-
Lukas Wunner authored
If the calls to of_match_device(), of_alias_get_id(), devm_ioremap_resource(), devm_regmap_init_mmio() or devm_clk_get() fail on probe of the NPCM FIU SPI driver, the spi_controller struct is erroneously not freed. Fix by switching over to the new devm_spi_alloc_master() helper. Fixes: ace55c41 ("spi: npcm-fiu: add NPCM FIU controller driver") Signed-off-by:
-
Serge Semin authored
It turns out the IRQs most like can be unmasked before the controller is enabled with no problematic consequences. The manual doesn't explicitly state that, but the examples perform the controller initialization procedure in that order. So the commit da8f5890 ("spi: dw: Unmask IRQs after enabling the chip") hasn't been that required as I thought. But anyway setting the IRQs up after the chip enabling still worth adding since it has simplified the code a bit. The problem is that it has introduced a potential bug. The transfer handler pointer is now initialized after the IRQs are enabled. That may and eventually will cause an invalid or uninitialized callback invocation. Fix that just by performing the callback initialization before the IRQ unmask procedure. Fixes: da8f5890 ("spi: dw: Unmask IRQs after enabling the chip") Signed-off-by:
-
- 16 Nov, 2020 4 commits
-
-
Mark Brown authored
bayi cheng (1): spi: spi-mtk-nor: add axi clock control for MT8192 spi-nor drivers/spi/spi-mtk-nor.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) -- 1.9.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
-
Randy Dunlap authored
Fix build error for spi-dw-bt1.o by selecting MULTIPLEXER. hppa-linux-ld: drivers/spi/spi-dw-bt1.o: in function `dw_spi_bt1_sys_init': (.text+0x1ac): undefined reference to `devm_mux_control_get' Fixes: abf00907 ("spi: dw: Add Baikal-T1 SPI Controller glue driver") Reported-by:
Randy Dunlap <rdunlap@infradead.org> Cc: Serge Semin <Sergey.Semin@baikalelectronics.ru> Cc: Ramil Zaripov <Ramil.Zaripov@baikalelectronics.ru> Cc: Mark Brown <broonie@kernel.org> Cc: linux-spi@vger.kernel.org Acked-by:
-
bayi cheng authored
MT8192 spi-nor is an independent sub system, we need extra control axi bus clock for it. Add support for the additional axi clock to allow it to be configured appropriately. Signed-off-by:
bayi cheng <bayi.cheng@mediatek.com> Tested-by:
-
Zhihao Cheng authored
Fix to return the error code from devm_reset_control_get_optional_exclusive() instaed of 0 in cqspi_probe(). Fixes: 31fb632b ("spi: Move cadence-quadspi driver to drivers/spi/") Reported-by:
Hulk Robot <hulkci@huawei.com> Signed-off-by:
Zhihao Cheng <chengzhihao1@huawei.com> Reviewed-by:
Philipp Zabel <p.zabel@pengutronix.de> Link: https://lore.kernel.org/r/20201116141836.2970579-1-chengzhihao1@huawei.comSigned-off-by:
-
- 13 Nov, 2020 1 commit
-
-
Nathan Chancellor authored
Clang warns: drivers/spi/spi-bcm2835aux.c:532:50: warning: variable 'err' is uninitialized when used here [-Wuninitialized] dev_err(&pdev->dev, "could not get clk: %d\n", err); ^~~ ./include/linux/dev_printk.h:112:32: note: expanded from macro 'dev_err' _dev_err(dev, dev_fmt(fmt), ##__VA_ARGS__) ^~~~~~~~~~~ drivers/spi/spi-bcm2835aux.c:495:9: note: initialize the variable 'err' to silence this warning int err; ^ = 0 1 warning generated. Restore the assignment so that the error value can be used in the dev_err statement and there is no uninitialized memory being leaked. Fixes: e13ee6cc ("spi: bcm2835aux: Fix use-after-free on unbind") Link: https://github.com/ClangBuiltLinux/linux/issues/1199Signed-off-by:Nathan Chancellor <natechancellor@gmail.com> Link: https://lore.kernel.org/r/20201113180701.455541-1-natechancellor@gmail.comSigned-off-by:
-
- 12 Nov, 2020 2 commits
-
-
Mark Brown authored
Here's my proposal to fix the use-after-free bugs reported by Sascha Hauer and Florian Fainelli: I scrutinized all SPI drivers in the v5.10 tree: * There are 9 drivers with a use-after-free in the ->remove() hook caused by accessing driver private data after spi_unregister_controller(). * There are 8 drivers which leak the spi_controller in the ->probe() error path because of a missing spi_controller_put(). I'm introducing devm_spi_alloc_master/slave() which automatically calls spi_controller_put() on ->remove(). This fixes both classes of bugs while at the same time reducing code amount and complexity in the ->probe() hook. I propose that spi_controller_unregister() should no longer release a reference on the spi_controller. Instead, drivers need to either do it themselves or use one of the devm functions introduced herein. The vast majority of drivers can be converted to the devm functions. See the commit message of patch [1/4] for the rationale and details. Enclosed are patches for 3 Broadcom drivers. Patches for the other drivers are on this branch: https://github.com/l1k/linux/commits/spi_fixes @Florian Fainelli: Could you verify that there are no KASAN splats or leaks with these patches? Unfortunately I do not have any SPI-capable hardware at my disposal right now, so can only compile-test. You may want to augment spi_controller_release() with a printk() to log when the spi_controller is freed. @Mark Brown: Patches [2/4] to [4/4] reference the SHA-1 of patch [1/4] in their stable tags. Because the hash is unknown to me until you apply the patch, I've used "123456789abc" as a placeholder. You'll have to replace the hash if/when applying. Alternatively, only apply patch [1/4] and I'll repost the other patches with the hash fixed up. Thanks! Lukas Wunner (4): spi: Introduce device-managed SPI controller allocation spi: bcm2835: Fix use-after-free on unbind spi: bcm2835aux: Fix use-after-free on unbind spi: bcm-qspi: Fix use-after-free on unbind drivers/spi/spi-bcm-qspi.c | 34 ++++++++------------- drivers/spi/spi-bcm2835.c | 24 +++++---------- drivers/spi/spi-bcm2835aux.c | 21 +++++-------- drivers/spi/spi.c | 58 +++++++++++++++++++++++++++++++++++- include/linux/spi/spi.h | 19 ++++++++++++ 5 files changed, 103 insertions(+), 53 deletions(-) -- 2.28.0
-
Lukas Wunner authored
Normally the last reference on an spi_controller is released by spi_unregister_controller(). In the case of the i.MX lpspi driver, the spi_controller is registered with devm_spi_register_controller(), so spi_unregister_controller() is invoked automatically after the driver has unbound. However the driver already releases the last reference in fsl_lpspi_remove() through a gratuitous call to spi_master_put(), causing a use-after-free when spi_unregister_controller() is subsequently invoked by the devres framework. Fix by dropping the superfluous spi_master_put(). Fixes: 944c01a8 ("spi: lpspi: enable runtime pm for lpspi") Signed-off-by:
-
