uwb: fix wrong qmrom len when MISO is kept high

Fixes: * kernel panic on device boot w/ ab/9409902 Bug: 262784131 Change-Id: Ia9f2b2e8459b4dc91619412a71592844f57b6540 Signed-off-by: Jean-Christophe Pince <jean.christophe.pince@qorvo.com>
author: Jean-Christophe Pince <jean.christophe.pince@qorvo.com> 2022-12-16 11:05:26 +0100
committer: Victor Liu <victorliu@google.com> 2022-12-19 15:25:35 +0000
commit: e2c9ecbfbe750046b838a01c3078cfbc6a20e574 (patch)
tree: 95efaaec86663012ec2acec247396ba8d2a7126c
parent: fdfbed2e96cca3c30de8b3172a2f3c639229db86 (diff)
download: uwb-e2c9ecbfbe750046b838a01c3078cfbc6a20e574.tar.gz
5 files changed, 17 insertions, 22 deletions
diff --git a/libqmrom/include/qmrom_spi.h b/libqmrom/include/qmrom_spi.h
index 42bebb6..60e0e28 100644
--- a/libqmrom/include/qmrom_spi.h
+++ b/libqmrom/include/qmrom_spi.h
@@ -34,6 +34,8 @@ struct firmware {
 #define SPI_ERR_READY_LINE_TIMEOUT SPI_ERR_BASE - 7
 #define SPI_ERR_WRITE_INCOMPLETE SPI_ERR_BASE - 8
 #define SPI_ERR_RW_INCOMPLETE SPI_ERR_BASE - 9
+#define SPI_ERR_INVALID_STC_LEN SPI_ERR_BASE - 10
+#define SPI_ERR_WAIT_READY_TIMEOUT SPI_ERR_BASE - 11
 
 /*Make sure that the error ranges don't overlap */
 #define SPI_ERR_LIB_BASE (SPI_ERR_BASE - 500)
diff --git a/libqmrom/src/qmrom_a0.c b/libqmrom/src/qmrom_a0.c
index aa8bca6..c05db05 100644
--- a/libqmrom/src/qmrom_a0.c
+++ b/libqmrom/src/qmrom_a0.c
@@ -70,8 +70,7 @@ int qmrom_a0_wait_ready(struct qmrom_handle *handle)
 	{
 		qmrom_a0_poll_soc(handle);
 	}
-
-	return retries > 0 ? 0 : -1;
+	return handle->sstc->soc_flags.out_waiting ? 0 : SPI_ERR_WAIT_READY_TIMEOUT;
 }
 
 int qmrom_a0_probe_device(struct qmrom_handle *handle)
diff --git a/libqmrom/src/qmrom_b0.c b/libqmrom/src/qmrom_b0.c
index 0dc3921..3ce885f 100644
--- a/libqmrom/src/qmrom_b0.c
+++ b/libqmrom/src/qmrom_b0.c
@@ -90,6 +90,8 @@ static void qmrom_b0_poll_soc(struct qmrom_handle *handle)
 static int qmrom_b0_wait_ready(struct qmrom_handle *handle)
 {
 	int retries = handle->comms_retries;
+	int rc;
+
 	qmrom_b0_poll_soc(handle);
 
 	/* handle->sstc has been updated */
@@ -99,18 +101,17 @@ static int qmrom_b0_wait_ready(struct qmrom_handle *handle)
 		if (handle->sstc->soc_flags.out_waiting) {
 			qmrom_pre_read(handle);
 		} else if (handle->sstc->soc_flags.out_active) {
-			if (handle->sstc->len > 0xff) {
-				/* likely the wrong endianness, A0? */
-				return -1;
-			}
-			qmrom_read(handle);
+			rc = qmrom_read(handle);
+			if (rc)
+				return rc;
 		} else {
 			/* error? */
 			qmrom_b0_poll_soc(handle);
 		}
 	}
 
-	return retries > 0 ? 0 : -1;
+	return handle->sstc->raw_flags == SPI_SH_READY_CMD_BIT_MASK ?
+		0 : SPI_ERR_WAIT_READY_TIMEOUT;
 }
 
 static int qmrom_b0_poll_cmd_resp(struct qmrom_handle *handle)
diff --git a/libqmrom/src/qmrom_c0.c b/libqmrom/src/qmrom_c0.c
index 540c591..c11f549 100644
--- a/libqmrom/src/qmrom_c0.c
+++ b/libqmrom/src/qmrom_c0.c
@@ -139,6 +139,7 @@ static void qmrom_c0_poll_soc(struct qmrom_handle *handle)
 static int qmrom_c0_wait_ready(struct qmrom_handle *handle)
 {
 	int retries = handle->comms_retries;
+
 	qmrom_c0_poll_soc(handle);
 
 	/* handle->sstc has been updated */
@@ -149,17 +150,12 @@ static int qmrom_c0_wait_ready(struct qmrom_handle *handle)
 			qmrom_pre_read_c0(handle);
 			qmrom_read_c0(handle);
 		} else if (handle->sstc->soc_flags.out_active) {
-			if (handle->sstc->len > 0xff) {
-				/* likely the wrong endianness, A0? */
-				return -1;
-			}
-			qmrom_read_c0(handle);
+			return qmrom_read_c0(handle);
 		} else qmrom_c0_poll_soc(handle);
 	}
-	if (retries <= 0)
-		LOG_ERR("%s failed after %d replies\n", __func__, handle->comms_retries);
 
-	return retries > 0 ? 0 : -1;
+	return handle->sstc->raw_flags == SPI_SH_READY_CMD_BIT_MASK_C0 ?
+		0 : SPI_ERR_WAIT_READY_TIMEOUT;
 }
 
 static int qmrom_c0_poll_cmd_resp(struct qmrom_handle *handle)
@@ -170,12 +166,7 @@ static int qmrom_c0_poll_cmd_resp(struct qmrom_handle *handle)
 	do {
 		if (handle->sstc->soc_flags.out_waiting) {
 			qmrom_pre_read_c0(handle);
-			if (handle->sstc->len > 0xff) {
-				/* likely the wrong endianness, A0? */
-				return -1;
-			}
-			qmrom_read_c0(handle);
-			break;
+			return qmrom_read_c0(handle);
 		} else qmrom_c0_poll_soc(handle);
 	}
 	while (retries--);
diff --git a/libqmrom/src/qmrom_common.c b/libqmrom/src/qmrom_common.c
index d5bac77..1271f4e 100644
--- a/libqmrom/src/qmrom_common.c
+++ b/libqmrom/src/qmrom_common.c
@@ -85,6 +85,8 @@ int qmrom_pre_read(struct qmrom_handle *handle)
 int qmrom_read(struct qmrom_handle *handle)
 {
 	size_t rd_size = handle->sstc->len;
+	if (rd_size > MAX_STC_FRAME_LEN)
+		return SPI_ERR_INVALID_STC_LEN;
 	LOG_DBG("%s: reading %zu bytes...\n", __func__, rd_size);
 	memset(handle->hstc, 0, sizeof(struct stc) + rd_size);
 	handle->hstc->host_flags.read = 1;
author	Jean-Christophe Pince <jean.christophe.pince@qorvo.com>	2022-12-16 11:05:26 +0100
committer	Victor Liu <victorliu@google.com>	2022-12-19 15:25:35 +0000
commit	e2c9ecbfbe750046b838a01c3078cfbc6a20e574 (patch)
tree	95efaaec86663012ec2acec247396ba8d2a7126c
parent	fdfbed2e96cca3c30de8b3172a2f3c639229db86 (diff)
download	uwb-e2c9ecbfbe750046b838a01c3078cfbc6a20e574.tar.gz