5.11.0-rc1+: "Division by zero in kernel." when writing to spidev
Mark Brown
broonie at kernel.org
Thu Jan 7 10:35:46 EST 2021
On Thu, Jan 07, 2021 at 09:57:01AM +0900, Vincent Pelletier wrote:
> I've started reading spi-bcm2835.c, and while I cannot claim that I understand
> everything I'm reading, it raises some flags:
Copying in a bunch of people for that driver.
> - it does not use "spi_finalize_current_transfer(...)" at all, but rather
> "complete(&...->xfer_completion)". The former only calls the latter,
> so this code seems technically correct, but this looks like an
> abstraction layer bust.
Yes.
> - while it uses "complete(...)" on its IRQ and DMA transfer codepaths,
> I do not see it being called on its polled codepath
> (bcm2835_spi_transfer_one_poll).
I'd not expect this to be required with a polled path, it's only needed
if the transfer function returns a positive value indicating that the
transfer is still in progress which shouldn't be the case when things
are polled.
> - ...polled codepath which checks bs->rx_len to tell when it's done,
> independently of transfer direction. And while tx_len and rx_len are
> initialised
> to the same value, only the field actually corresponding to the
> actual transfer
> direction will be updated within this polling loop.
> So maybe some transfers could timeout in the polled codepath and would
> still end up in the IRQ one which would end up calling "complete", but this
> looks suspicious.
>
> Checking on 5.10.4, I see:
> root at sushi:/sys/kernel/debug/spi-bcm2835-20204000.spi# cat count_transfer_dma
> 2
> root at sushi:/sys/kernel/debug/spi-bcm2835-20204000.spi# cat count_transfer_irq
> 1
> root at sushi:/sys/kernel/debug/spi-bcm2835-20204000.spi# cat
> count_transfer_polling
> 27
> root at sushi:/sys/kernel/debug/spi-bcm2835-20204000.spi# cat
> count_transfer_irq_after_polling
> 0
>
> so I am apparently not triggering the poll-then-IRQ case, but am
> triggering the others
> on this kernel version.
>
> On 5.11, this becomes:
> root at sushi:/sys/kernel/debug/spi-bcm2835-20204000.spi# cat count_transfer_dma
> 2
> root at sushi:/sys/kernel/debug/spi-bcm2835-20204000.spi# cat count_transfer_irq
> 24
> root at sushi:/sys/kernel/debug/spi-bcm2835-20204000.spi# cat
> count_transfer_polling
> 0
> root at sushi:/sys/kernel/debug/spi-bcm2835-20204000.spi# cat
> count_transfer_irq_after_polling
> 0
>
> so somehow this is not triggering polling transfers anymore, so the
> maybe-missing
> completion call would probably not matter.
>
> Also, it sets can_dma with a function pointer, but ends up only
> checking can_dma as
> a boolean and then calls the function by name rather than using the
> value stored in
> can_dma. Again this looks technically correct (and is very much
> unrelated to my issue)
> as can_dma does not take any other value and a valid function address would not
> evaluate as false, but it is surprising to my naive reading.
>
> I'll continue poking around later (especially checking computed timeout values),
> should I submit patches for s/complete/spi_finalize_current_transfer/ ?
Probably send the completion patch, yes.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-rpi-kernel/attachments/20210107/7eed101a/attachment.sig>
More information about the linux-rpi-kernel
mailing list