| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 11 Jan 2018 13:47:31 +0100
From: Nuno Gonçalves <nunojpg@...il.com>
To: ed.blake@...drel.com, gregkh@...uxfoundation.org,
linux-kernel@...r.kernel.org
Subject: 8250_dw bug
Dear Ed and Greg,
There is a small bug on de9e33bdfa22e607a88494ff21e9196d00bf4550, at
least on 32bit devices.
Line 274 if (rate >= i * min_rate && rate <= i * max_rate)
This will overflow when min_rate/max_rate is large and can not be
achieved in the hardware.
Eg.
stty -F /dev/ttyS2 raw 3500000 (not achievable on my board).
target_rate=56000000 (for 3500000baud)
min_rate=55125000
max_rate=56875000
rate=24000000 (clk_round_rate for my board)
Since my board can only do 1500000baud, this loop will keep
incrementing i until i=77*56875000 will overflow, and there are
unexpected results.
I suggest this patch:
--- a/drivers/tty/serial/8250/8250_dw.c
+++ b/drivers/tty/serial/8250/8250_dw.c
@@ -267,7 +267,13 @@ static void dw8250_set_termios(struct uart_port
*p, struct ktermios *termios,
for (i = 1; i <= UART_DIV_MAX; i++) {
rate = clk_round_rate(d->clk, i * target_rate);
- if (rate >= i * min_rate && rate <= i * max_rate)
+
+ if (rate < i * min_rate) {
+ i = UART_DIV_MAX;
+ break;
+ }
+
+ if (rate <= i * max_rate)
break;
}
if (i <= UART_DIV_MAX) {
Let me know if you want me to submit the formal patch.
Thanks,
Nuno
Powered by blists - more mailing lists