[PATCH 0/2] spi: rk_spi: Fix transfer size overflow
These two patches are fixing flash read with > 64K size and spi flash read during SPI boot.
Any inputs? Jagan.
Jagan Teki (2): Revert "rockchip: spi: fix off-by-one in chunk size computation" spi: rk_spi: Fix overflow max chunk size
drivers/spi/rk_spi.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
The maximum transfer length (in a single transaction) for the Rockchip SPI controller is 64Kframes (i.e. 0x10000 frames) of 8bit or 16bit frames and is encoded as (num_frames - 1) in CTRLR1.
So the 0x10000 is offset value for 64K but the actual size value would be 'minus 1' from 0x10000.
With the existing code of 0x10000 transfer length leads to read failure when we try to read the flash with > 0x10000 size like,
1. sf read failure when with > 0x10000
2. Boot from SPI flash failed during spi_flash_read call in common/spl/spl_spi.c
Observed and Tested in - Rockpro64 with Gigadevice flash - ROC-RK3399-PC with Winbond flash
This reverts commit e647decdd93c7408741329432f26758fbec04c7a.
Signed-off-by: Jagan Teki jagan@amarulasolutions.com --- drivers/spi/rk_spi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/spi/rk_spi.c b/drivers/spi/rk_spi.c index c04535ac44..d9a310ce80 100644 --- a/drivers/spi/rk_spi.c +++ b/drivers/spi/rk_spi.c @@ -451,7 +451,7 @@ static int rockchip_spi_xfer(struct udevice *dev, unsigned int bitlen,
/* This is the original 8bit reader/writer code */ while (len > 0) { - int todo = min(len, 0x10000); + int todo = min(len, 0xffff);
rkspi_enable_chip(regs, false); writel(todo - 1, ®s->ctrlr1);
On 11.12.2019, at 14:26, Jagan Teki jagan@amarulasolutions.com wrote:
The maximum transfer length (in a single transaction) for the Rockchip SPI controller is 64Kframes (i.e. 0x10000 frames) of 8bit or 16bit frames and is encoded as (num_frames - 1) in CTRLR1.
So the 0x10000 is offset value for 64K but the actual size value would be 'minus 1' from 0x10000.
NAK. Please see 2 code lines below your change to see that the “minus 1” is applied there… so a todo of 0x10000 will write 0xffff to regs->ctrlr1.
The problem must be somewhere else and this patch will only mask the underlying issue.
With the existing code of 0x10000 transfer length leads to read failure when we try to read the flash with > 0x10000 size like,
sf read failure when with > 0x10000
Boot from SPI flash failed during spi_flash_read call in
common/spl/spl_spi.c
Observed and Tested in
- Rockpro64 with Gigadevice flash
- ROC-RK3399-PC with Winbond flash
This reverts commit e647decdd93c7408741329432f26758fbec04c7a.
Signed-off-by: Jagan Teki jagan@amarulasolutions.com
drivers/spi/rk_spi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/spi/rk_spi.c b/drivers/spi/rk_spi.c index c04535ac44..d9a310ce80 100644 --- a/drivers/spi/rk_spi.c +++ b/drivers/spi/rk_spi.c @@ -451,7 +451,7 @@ static int rockchip_spi_xfer(struct udevice *dev, unsigned int bitlen,
/* This is the original 8bit reader/writer code */ while (len > 0) {
int todo = min(len, 0x10000);
int todo = min(len, 0xffff);rkspi_enable_chip(regs, false); writel(todo - 1, ®s->ctrlr1);
-- 2.18.0.321.gffc6fa0e3
On Wed, 11 Dec, 2019, 7:10 PM Philipp Tomsich, < philipp.tomsich@theobroma-systems.com> wrote:
On 11.12.2019, at 14:26, Jagan Teki jagan@amarulasolutions.com wrote:
The maximum transfer length (in a single transaction) for the Rockchip SPI controller is 64Kframes (i.e. 0x10000 frames) of 8bit or 16bit frames and is encoded as (num_frames - 1) in CTRLR1.
So the 0x10000 is offset value for 64K but the actual size value would be 'minus 1' from 0x10000.
NAK. Please see 2 code lines below your change to see that the “minus 1” is applied there… so a todo of 0x10000 will write 0xffff to regs->ctrlr1.
The problem must be somewhere else and this patch will only mask the underlying issue.
With the existing code of 0x10000 transfer length leads to read failure when we try to read the flash with > 0x10000 size like,
sf read failure when with > 0x10000
Boot from SPI flash failed during spi_flash_read call in
common/spl/spl_spi.c
Observed and Tested in
- Rockpro64 with Gigadevice flash
- ROC-RK3399-PC with Winbond flash
This reverts commit e647decdd93c7408741329432f26758fbec04c7a.
Signed-off-by: Jagan Teki jagan@amarulasolutions.com
drivers/spi/rk_spi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/spi/rk_spi.c b/drivers/spi/rk_spi.c index c04535ac44..d9a310ce80 100644 --- a/drivers/spi/rk_spi.c +++ b/drivers/spi/rk_spi.c @@ -451,7 +451,7 @@ static int rockchip_spi_xfer(struct udevice *dev,
unsigned int bitlen,
/* This is the original 8bit reader/writer code */ while (len > 0) {
int todo = min(len, 0x10000);
int todo = min(len, 0xffff); rkspi_enable_chip(regs, false); writel(todo - 1, ®s->ctrlr1);-- 2.18.0.321.gffc6fa0e3
I have looked multiple areas but didn't get it so and i belive offset and size values aren't same.
Would you please send me the log of sf read to more than 64K on your hardware? This would confirm my hardware issue if you succeed.
Hi Philipp,
On Wed, Dec 11, 2019 at 7:10 PM Philipp Tomsich philipp.tomsich@theobroma-systems.com wrote:
On 11.12.2019, at 14:26, Jagan Teki jagan@amarulasolutions.com wrote:
The maximum transfer length (in a single transaction) for the Rockchip SPI controller is 64Kframes (i.e. 0x10000 frames) of 8bit or 16bit frames and is encoded as (num_frames - 1) in CTRLR1.
So the 0x10000 is offset value for 64K but the actual size value would be 'minus 1' from 0x10000.
NAK. Please see 2 code lines below your change to see that the “minus 1” is applied there… so a todo of 0x10000 will write 0xffff to regs->ctrlr1.
The problem must be somewhere else and this patch will only mask the underlying issue.
Please check the below changes. the max transfer size is 64K - 1 which is 0xffff and we need to write -1 of this to cr1.
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/d... https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/d...
On 2019/12/21 下午3:32, Jagan Teki wrote:
Hi Philipp,
On Wed, Dec 11, 2019 at 7:10 PM Philipp Tomsich philipp.tomsich@theobroma-systems.com wrote:
On 11.12.2019, at 14:26, Jagan Teki jagan@amarulasolutions.com wrote:
The maximum transfer length (in a single transaction) for the Rockchip SPI controller is 64Kframes (i.e. 0x10000 frames) of 8bit or 16bit frames and is encoded as (num_frames - 1) in CTRLR1.
So the 0x10000 is offset value for 64K but the actual size value would be 'minus 1' from 0x10000.
NAK. Please see 2 code lines below your change to see that the “minus 1” is applied there… so a todo of 0x10000 will write 0xffff to regs->ctrlr1.
The problem must be somewhere else and this patch will only mask the underlying issue.
Please check the below changes. the max transfer size is 64K - 1 which is 0xffff and we need to write -1 of this to cr1.
Yep, the counter is 16bit, and the actual max size will be 0xffff and the max available value in reg should
be 0xffff-1.
Thanks,
- Kever
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/d... https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/d...
The max chunk size (in a single transaction) for the Rockchip SPI controller is 64Kframes (i.e. 0x10000 frames) of 8bit or 16bit frames and is encoded as (num_frames - 1) in CTRLR1.
So the 0x10000 is offset value for 64K but the actual size value would be 'minus 1' from 0x10000.
With the existing code of 0x10000 max chunk size leads to read failure when we try to read the flash with > 0x10000 size like,
1. sf read failure when with > 0x10000
2. Boot from SPI flash failed during spi_flash_read call in common/spl/spl_spi.c
Observed and Tested in - Rockpro64 with Gigadevice flash - ROC-RK3399-PC with Winbond flash
Signed-off-by: Jagan Teki jagan@amarulasolutions.com --- drivers/spi/rk_spi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/spi/rk_spi.c b/drivers/spi/rk_spi.c index d9a310ce80..6059f2415a 100644 --- a/drivers/spi/rk_spi.c +++ b/drivers/spi/rk_spi.c @@ -367,7 +367,7 @@ static inline int rockchip_spi_16bit_reader(struct udevice *dev, * represented in CTRLR1. */ if (data && data->master_manages_fifo) - max_chunk_size = 0x10000; + max_chunk_size = 0xffff;
// rockchip_spi_configure(dev, mode, size) rkspi_enable_chip(regs, false);
participants (3)
-
Jagan Teki -
Kever Yang -
Philipp Tomsich