From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753427AbcCAMT0 (ORCPT ); Tue, 1 Mar 2016 07:19:26 -0500 Received: from exsmtp01.microchip.com ([198.175.253.37]:25338 "EHLO email.microchip.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750722AbcCAMTY (ORCPT ); Tue, 1 Mar 2016 07:19:24 -0500 Subject: Re: [PATCH] spi: Fix incomplete handling of SPI_MASTER_MUST_RX/_MUST_TX To: Mark Brown References: <1454366363-10564-1-git-send-email-joshua.henderson@microchip.com> <20160201231733.GK4455@sirena.org.uk> <56B42C68.4030909@microchip.com> <20160208161542.GF7265@sirena.org.uk> CC: Joshua Henderson , , From: Purna Chandra Mandal Message-ID: <56D5886D.4060504@microchip.com> Date: Tue, 1 Mar 2016 17:47:49 +0530 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: <20160208161542.GF7265@sirena.org.uk> Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Mark, On 02/08/2016 09:45 PM, Mark Brown wrote: > On Fri, Feb 05, 2016 at 10:30:24AM +0530, Purna Chandra Mandal wrote: > > Please fix your mail client to word wrap within paragraphs at something > substantially less than 80 columns. Doing this makes your messages much > easier to read and reply to. > >> Idea is good, but not sufficient. >> Dummy buffers are _reallocated_ to accommodate larger size of transfer. In this if >> [originally NULL] .rx_buf/.tx_buf is not reset back to NULL after the transfer >> is over spi-core will find those .rx/tx_buf non-NULL in next _transfer() call and >> will pass the stale rx/tx_buf to spi controller driver which will definitely >> corrupt the memory and crash the system. > This needs to be clear to readers; a fairly obvious way of dealing with > this would be to rellocate down to a page rather than freeing. Yea. But current krealloc() implementation allocates new memory if new size is more than the allocated space, (and frees the old). If we allocate PAGE_SIZE of dummy buffer (at first call irrespective of required size), re-use it and don't allow transfer size to grow more than PAGE_SIZE we will be fine provided all SPI clients agree to the size restriction. The moment we'll try to re-allocate new buffer we will reach the same point we wanted to avoid here. >> Above all the whole design depends on trust that core will not play with any data-structure >> which will break object-oriented/layered approach. So better to undo the modification >> (when needed to facilitate some functionality) unless core wants those information to be passed >> back to caller/client for reporting success or error or else. > That's really not the case, we already make a range of other > modifications to complete partially filled transfers in order to > simplify driver code. Purna