[PATCH v2 04/10] spi-nor: intel-spi: Check transfer length in the HW/SW cycle
From: Bin Meng
Date: Mon Sep 11 2017 - 05:39:47 EST
Intel SPI controller only has a 64 bytes FIFO. This adds a sanity
check before triggering any HW/SW sequencer work.
Additionally for the SW sequencer, if given data length is zero,
we should not mark the 'Data Cycle' bit.
Signed-off-by: Bin Meng <bmeng.cn@xxxxxxxxx>
Acked-by: Mika Westerberg <mika.westerberg@xxxxxxxxxxxxxxx>
---
Changes in v2: None
drivers/mtd/spi-nor/intel-spi.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/mtd/spi-nor/intel-spi.c b/drivers/mtd/spi-nor/intel-spi.c
index 263c6ab..c4a9de6 100644
--- a/drivers/mtd/spi-nor/intel-spi.c
+++ b/drivers/mtd/spi-nor/intel-spi.c
@@ -399,6 +399,9 @@ static int intel_spi_hw_cycle(struct intel_spi *ispi, u8 opcode, int len)
return -EINVAL;
}
+ if (len > INTEL_SPI_FIFO_SZ)
+ return -EINVAL;
+
val |= (len - 1) << HSFSTS_CTL_FDBC_SHIFT;
val |= HSFSTS_CTL_FCERR | HSFSTS_CTL_FDONE;
val |= HSFSTS_CTL_FGO;
@@ -419,14 +422,19 @@ static int intel_spi_hw_cycle(struct intel_spi *ispi, u8 opcode, int len)
static int intel_spi_sw_cycle(struct intel_spi *ispi, u8 opcode, int len)
{
- u32 val, status;
+ u32 val = 0, status;
int ret;
ret = intel_spi_opcode_index(ispi, opcode);
if (ret < 0)
return ret;
- val = ((len - 1) << SSFSTS_CTL_DBC_SHIFT) | SSFSTS_CTL_DS;
+ if (len > INTEL_SPI_FIFO_SZ)
+ return -EINVAL;
+
+ /* Only mark 'Data Cycle' bit when there is data to be transferred */
+ if (len > 0)
+ val = ((len - 1) << SSFSTS_CTL_DBC_SHIFT) | SSFSTS_CTL_DS;
val |= ret << SSFSTS_CTL_COP_SHIFT;
val |= SSFSTS_CTL_FCERR | SSFSTS_CTL_FDONE;
val |= SSFSTS_CTL_SCGO;
--
2.9.2