From db2ce7f3c7b01a6a3611fb8e0bfa453dec168a47 Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Mon, 11 Sep 2017 02:41:54 -0700 Subject: [PATCH] spi-nor: intel-spi: Check transfer length in the HW/SW cycle Intel SPI controller only has a 64 bytes FIFO. This adds a sanity check before triggering any HW/SW sequencer work. Additionally for the SW sequencer, if given data length is zero, we should not mark the 'Data Cycle' bit. Signed-off-by: Bin Meng Acked-by: Mika Westerberg Signed-off-by: Cyrille Pitchen --- drivers/mtd/spi-nor/intel-spi.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/drivers/mtd/spi-nor/intel-spi.c b/drivers/mtd/spi-nor/intel-spi.c index 263c6ab5849a..c4a9de6b8045 100644 --- a/drivers/mtd/spi-nor/intel-spi.c +++ b/drivers/mtd/spi-nor/intel-spi.c @@ -399,6 +399,9 @@ static int intel_spi_hw_cycle(struct intel_spi *ispi, u8 opcode, int len) return -EINVAL; } + if (len > INTEL_SPI_FIFO_SZ) + return -EINVAL; + val |= (len - 1) << HSFSTS_CTL_FDBC_SHIFT; val |= HSFSTS_CTL_FCERR | HSFSTS_CTL_FDONE; val |= HSFSTS_CTL_FGO; @@ -419,14 +422,19 @@ static int intel_spi_hw_cycle(struct intel_spi *ispi, u8 opcode, int len) static int intel_spi_sw_cycle(struct intel_spi *ispi, u8 opcode, int len) { - u32 val, status; + u32 val = 0, status; int ret; ret = intel_spi_opcode_index(ispi, opcode); if (ret < 0) return ret; - val = ((len - 1) << SSFSTS_CTL_DBC_SHIFT) | SSFSTS_CTL_DS; + if (len > INTEL_SPI_FIFO_SZ) + return -EINVAL; + + /* Only mark 'Data Cycle' bit when there is data to be transferred */ + if (len > 0) + val = ((len - 1) << SSFSTS_CTL_DBC_SHIFT) | SSFSTS_CTL_DS; val |= ret << SSFSTS_CTL_COP_SHIFT; val |= SSFSTS_CTL_FCERR | SSFSTS_CTL_FDONE; val |= SSFSTS_CTL_SCGO; -- 2.45.2