Re: [PATCH] spi: spidev: only use up TX/RX bounce buffer space when needed

From: Mark Brown
Date: Mon Feb 16 2015 - 08:23:56 EST

On Mon, Feb 16, 2015 at 10:18:01AM +0000, Ian Abbott wrote:
> On 16/02/15 04:13, Mark Brown wrote:

> >Right, but it's not clear if you mean that this is something to do with
> >the device drivers for SPI controllers or spidev itself.

> Okay, how about if I used the term "spidev device" to distinguish it from
> the lower-level SPI device?

Or just spidev.

> >>Yes, the patch limits the total user-specified TX data and the total
> >>user-specified RX data to the pre-allocated buffer size individually rather
> >>than limiting the total sum of user RX and TX data.

> >Your commit message needs to say this rather than requiring the user to
> >reverse engineer it from the code - a key part of reviewing a code
> >change is making sure that it does what the commit message says that it
> >does to make sure that it is having the indended effect.

> I thought it said that (somewhat clumsily) in the first paragraph.

Not really, it repeats the what that can be seen from the code but
doesn't explain what the goal of the change is supposed to be. This
means it's not really possible to tell if that goal is being achieved.

> >>The check against INT_MAX is there because a struct spi_ioc_transfer might
> >>have rx_buf==NULL, tx_buf==NULL and len!=0, in which case it would no longer
> >>use up space in either of the pre-allocated buffers so neither rx_total nor
> >>tx_total would increase. Checking the sum of the len fields against INT_MAX
> >>prevents arithmetic overflow in the return value of the function.

> >If that's what the code is supposed to do then someone reading the code
> >needs to be able to tell that without too much effort, I'd not expect
> >that to be possible as things are. Maintainability is very important.

> There was a whole paragraph about that in the commit message, but maybe it
> was too concise.

The commit message is not the code. The code itself needs to be clear,
and even based on what's in the commit message it's not terribly obvious
(and with the above the return value that will be overflowed doesn't
jump out).

Attachment: signature.asc
Description: Digital signature