[PATCH] mtd: cqspi: Fix division by zero
Marek Vasut
marex at denx.de
Tue Sep 14 20:21:06 CEST 2021
On 9/14/21 7:46 PM, Pratyush Yadav wrote:
> On 14/09/21 05:21AM, Marek Vasut wrote:
>> Both dummy.nbytes and dummy.buswidth may be zero. By not checking
>> the later, it is possible to trigger division by zero and a crash.
>> This does happen with tiny SPI NOR framework in SPL. Fix this by
>> adding the check and returning zero dummy bytes in such a case.
>>
>> Fixes: 38b0852b0ea ("spi: cadence-qspi: Add support for octal DTR flashes")
>> Signed-off-by: Marek Vasut <marex at denx.de>
>> Cc: Jagan Teki <jagan at amarulasolutions.com>
>> Cc: Vignesh R <vigneshr at ti.com>
>> Cc: Pratyush Yadav <p.yadav at ti.com>
>> ---
>> drivers/spi/cadence_qspi_apb.c | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/drivers/spi/cadence_qspi_apb.c b/drivers/spi/cadence_qspi_apb.c
>> index c36a652211a..429ee335db6 100644
>> --- a/drivers/spi/cadence_qspi_apb.c
>> +++ b/drivers/spi/cadence_qspi_apb.c
>> @@ -219,6 +219,9 @@ static unsigned int cadence_qspi_calc_dummy(const struct spi_mem_op *op,
>> {
>> unsigned int dummy_clk;
>>
>> + if (!op->dummy.nbytes || !op->dummy.buswidth)
>> + return 0;
>
> Thanks. A similar fix was sent for Linux as well [0]. I don't think you
> should check for dummy buswidth here since nbytes == 0 should be enough
> of an indicator that the dummy phase does not exist. Any op with
> dummy.nbytes > 1 and dummy.buswidth == 0 is a malformed op that should
> ideally never happen, or if it does, then it should be dealt by the SPI
> MEM core.
>
> With this fixed,
>
> Reviewed-by: Pratyush Yadav <p.yadav at ti.com>
>
> [0] https://patchwork.kernel.org/project/spi-devel-general/patch/92eea403-9b21-2488-9cc1-664bee760c5e@nskint.co.jp/
>
>> +
>> dummy_clk = op->dummy.nbytes * (8 / op->dummy.buswidth);
Yes, indeed, the division by zero happens if op->dummy.buswidth == 0, so
we must check it. Checking for op->dummy.nbytes == 0 is a minor
optimization.
More information about the U-Boot
mailing list