lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 20 Apr 2012 23:47:10 -0700
From:	Dmitry Torokhov <dmitry.torokhov@...il.com>
To:	Jean-François Dagenais 
	<jeff.dagenais@...il.com>
Cc:	grant.likely@...retlab.ca, linus.walleij@...ricsson.com,
	linux-kernel@...r.kernel.org, linux-input@...r.kernel.org,
	michael.hennerich@...log.com
Subject: Re: [PATCH 1/2] input: adp5588-keys - get value from data out when
 dir out

Hi Jean-François,

On Fri, Apr 20, 2012 at 11:32:00AM -0400, Jean-François Dagenais wrote:
> As discussed here: http://ez.analog.com/message/35852,
> the 5587 revC and 5588 revB spec sheets contain a mistake
> in the GPIO_DAT_STATx register description.
> 
> According to R.Shnell at ADI, as well as my own
> observations, it should read:
> "GPIO data status (shows GPIO state when read for inputs)".
> 
> This commit changes the get value function accordingly.
> 
> A similar patch for gpio-adp5588 follows.
> 
> Signed-off-by: Jean-François Dagenais <jeff.dagenais@...il.com>
> Acked-by: Michael Hennerich <michael.hennerich@...log.com>
> ---
>  drivers/input/keyboard/adp5588-keys.c |    7 +++++++
>  1 files changed, 7 insertions(+), 0 deletions(-)
> 
> diff --git a/drivers/input/keyboard/adp5588-keys.c b/drivers/input/keyboard/adp5588-keys.c
> index 6412ced..b7a0f1a 100644
> --- a/drivers/input/keyboard/adp5588-keys.c
> +++ b/drivers/input/keyboard/adp5588-keys.c
> @@ -78,6 +78,13 @@ static int adp5588_gpio_get_value(struct gpio_chip *chip, unsigned off)
>  	unsigned int bank = ADP5588_BANK(kpad->gpiomap[off]);
>  	unsigned int bit = ADP5588_BIT(kpad->gpiomap[off]);
>  
> +	mutex_lock(&kpad->gpio_lock);
> +	if (kpad->dir[bank] & bit) {
> +		int result = !!(kpad->dat_out[bank] & bit);
> +		mutex_unlock(&kpad->gpio_lock);
> +		return result;
> +	}
> +	mutex_unlock(&kpad->gpio_lock);
>  	return !!(adp5588_read(kpad->client, GPIO_DAT_STAT1 + bank) & bit);

This locking looks wrong as it is possible for adp5588_gpio_get_value()
to get scheduled out after checking kpad->dir[bank] and releasing
kpad->gpio_lock while another thread executes
adp5588_gpio_direction_output() and modifies kpad->dir[bank].

You should keep mutex for the entire duration; something like this:

	mutex_lock(&kpad->gpio_lock);
	if (kpad->dir[bank] & bit)
		val = kpad->dat_out[bank];
	else
		val = adp5588_read(kpad->client, GPIO_DAT_STAT1 + bank);
	mutex_unlock(&kpad->gpio_lock);

	return !!(val & bit);

Thanks.

-- 
Dmitry
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ