AXI SPI Engine driver modifies SPI xfer length.
dlech opened this issue · comments
30707b0 introduced a function spi_engine_update_xfer_len()
that modifies the len
field of each xfer in an SPI message. However, modifying the struct spi_transfer
is problematic.
Since spi_engine_compile_message()
actually gets called twice per message (once is a "dry" run to calculate the size, then again to actually write the commands to memory), spi_engine_update_xfer_len()
is getting called twice and therefore modifies the length twice. This probably has gone unnoticed since the first call usually sets the length to 1
and the second call can't make it any smaller.
Modifying the members of struct spi_transfer
in the SPI controller doesn't seem like a good idea in general since it doesn't own that memory. For example, a client driver may be reusing the struct spi_transfer
and not write the length again before each transaction.
(The commit in question is not in the mainline kernel, but it fixes a potential issue that may still exist in the mainline kernel.)
Fixing this is likely going to break things that depend on this buggy behavoir. For example, in the ad_pulsar
driver.
linux/drivers/iio/adc/ad_pulsar.c
Lines 359 to 382 in b8d0e51
For a single conversion (reading the _raw
sysfs attribute), the xfer len is always 4 even when the ADC is 16 bits or less. Due to the double evaluation of spi_engine_update_xfer_len()
, the len
gets modified to 1 word which is correct for those ADCs. After fixing, this will instruct it to read two word instead when it only needs to read one.