lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 17 Aug 2016 15:12:42 -0700
From:	Christopher Freeman <cfreeman@...dia.com>
To:	Robert Foss <robert.foss@...labora.com>
CC:	Adrian Hunter <adrian.hunter@...el.com>, <ulf.hansson@...aro.org>,
	<linux-mmc@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
	Andrew Bresticker <abrestic@...omium.org>,
	Kevin Cernekee <cernekee@...omium.org>,
	Benson Leung <bleung@...omium.org>
Subject: Re: [PACTH v3] mmc: sdhci: Do not allow tuning procedure to be
 interrupted

On 08-17 01:31 PM, Robert Foss wrote:
> 
> 
> On 2016-08-17 06:47 AM, Adrian Hunter wrote:
> >On 17/08/16 00:25, robert.foss@...labora.com wrote:
> >>From: Christopher Freeman <cfreeman@...dia.com>
> >>
> >>wait_event_interruptible_timeout() will return early if the blocked
> >>process receives a signal, causing the driver to abort the tuning
> >>procedure and possibly leaving the controller in a bad state.  Since the
> >>tuning command is expected to complete quickly (<50ms) and we've set a
> >>timeout, use wait_event_timeout() instead.
> >>
> >>Signed-off-by: Christopher Freeman <cfreeman@...dia.com>
> >>Tested-by: Robert Foss <robert.foss@...labora.com>
> >>Signed-off-by: Robert Foss <robert.foss@...labora.com>
> >>Reviewed-by: Benson Leung <bleung@...omium.org>
> >
> >The mmc block queues are kernel threads which I would expect ignore signals,
> >so I am curious how you hit this?
> 
> The issue was discovered on (tegra2?) hardware that is sensitive to
> being interrupted during tuning and having the controller left in a
> sensitive state.
> 
> @Christopher Freeman: Maybe you can provide us with some additional details?
> 

It was found with Tegra 210.  The signalling was an issue because tuning was
kicked off from an ioctl to the wifi device on the controller.

FWIW, this issue was particular to the wifi driver (bcmdhd) and the android
tree.   It in part depends on the way the wifi driver is able to reset the
sdio device via a routine that's not present in mainline: sdio_reset_comm.
I believe the wifi driver would power on the wifi chip and trigger tuning in
the aforementioned ioctl.  Process that sent the ioctl was some network or wifi
manager service on Android.

Let me know if you would like any more details.

> >
> >In any case:
> >
> >Acked-by: Adrian Hunter <adrian.hunter@...el.com>
> >

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ