Commit d0716dde authored by Sien Wu's avatar Sien Wu Committed by Mark Brown

spi: Prevent unexpected SPI time out due to arithmetic overflow

When reading SPI flash as MTD device, the transfer length is
directly passed to the spi driver. If the requested data size
exceeds 512KB, it will cause the time out calculation to
overflow since transfer length is 32-bit unsigned integer.
This issue is resolved by using 64-bit unsigned integer
to perform the arithmetic.
Signed-off-by: default avatarSien Wu <sien.wu@ni.com>
Acked-by: default avatarBrad Keryan <brad.keryan@ni.com>
Acked-by: default avatarGratian Crisan <gratian.crisan@ni.com>
Acked-by: default avatarBrad Mouring <brad.mouring@ni.com>

Natinst-ReviewBoard-ID 150232
Signed-off-by: default avatarMark Brown <broonie@kernel.org>
parent 29b4817d
...@@ -960,7 +960,7 @@ static int spi_transfer_one_message(struct spi_master *master, ...@@ -960,7 +960,7 @@ static int spi_transfer_one_message(struct spi_master *master,
struct spi_transfer *xfer; struct spi_transfer *xfer;
bool keep_cs = false; bool keep_cs = false;
int ret = 0; int ret = 0;
unsigned long ms = 1; unsigned long long ms = 1;
struct spi_statistics *statm = &master->statistics; struct spi_statistics *statm = &master->statistics;
struct spi_statistics *stats = &msg->spi->statistics; struct spi_statistics *stats = &msg->spi->statistics;
...@@ -991,9 +991,13 @@ static int spi_transfer_one_message(struct spi_master *master, ...@@ -991,9 +991,13 @@ static int spi_transfer_one_message(struct spi_master *master,
if (ret > 0) { if (ret > 0) {
ret = 0; ret = 0;
ms = xfer->len * 8 * 1000 / xfer->speed_hz; ms = 8LL * 1000LL * xfer->len;
do_div(ms, xfer->speed_hz);
ms += ms + 100; /* some tolerance */ ms += ms + 100; /* some tolerance */
if (ms > UINT_MAX)
ms = UINT_MAX;
ms = wait_for_completion_timeout(&master->xfer_completion, ms = wait_for_completion_timeout(&master->xfer_completion,
msecs_to_jiffies(ms)); msecs_to_jiffies(ms));
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment