lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Wed, 29 Mar 2017 11:38:10 -0700
From:   Doug Anderson <dianders@...omium.org>
To:     Olliver Schinagl <o.schinagl@...imaker.com>
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Jiri Slaby <jslaby@...e.com>,
        Kefeng Wang <wangkefeng.wang@...wei.com>,
        Andy Shevchenko <andy.shevchenko@...il.com>,
        Heikki Krogerus <heikki.krogerus@...ux.intel.com>,
        Jason Uy <jason.uy@...adcom.com>,
        Heiko Stuebner <heiko@...ech.de>,
        Ed Blake <ed.blake@...tec.com>, linux-serial@...r.kernel.org,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        dev@...ux-sunxi.org
Subject: Re: [PATCH] serial: 8250_dw: Minor code cleanup

Hi,

On Wed, Mar 29, 2017 at 10:10 AM, Olliver Schinagl
<o.schinagl@...imaker.com> wrote:
> Hey Doug,
>
> On 29-03-17 17:50, Doug Anderson wrote:
>>
>> Hi,
>>
>> On Wed, Mar 29, 2017 at 3:04 AM, Olliver Schinagl <oliver@...inagl.nl>
>> wrote:
>>>
>>> Commit 424d79183af0 ("serial: 8250_dw: Avoid "too much work" from bogus
>>> rx timeout interrupt")
>>> added a bit check with quite a wide mask. To be concise with the other
>>> similar calls in this driver, change it to mask against the flag we want
>>> to
>>> check only. This thus removes a magic value/mask.
>>
>>
>> How certain are you that your patch is correct?  You are now basically
>> checking to see if the bits "0xc" are set in the IIR.  Previously the
>> patch ensured that the bits 0x33 were clear.
>
>
> You raise a good point. And after writing two replies that made perfect
> sense, I just realized looking at the table you wisely posted below, I
> should have spotted that the interrupts are not bits! So very good catch and
> my bad indeed.
>
>>
>> Have you tried looking through the kernel for other places where
>> UART_IIR_RX_TIMEOUT is referenced?  In 8250_omap.c and 8250_port.c I
>> believe you'll find it masking against 0x3f.  In omap-serial.c you'll
>> see a mask against 0x3e.
>>
>> Looking at the TRM for rk3399, I see that bits 4 and 5 (bitmask 0x30)
>> as "reserved".  I see the following definitions for bits 3:0:
>>
>> 0000 = modem status
>> 0001 = no interrupt pending
>> 0010 = THR empty
>> 0100 = received data available
>> 0110 = receiver line status
>> 0111 = busy detect
>> 1100 = character timeout
>>
>> ...so while your patch will probably function OK, it would also
>> function equally well to simply test bit 3 (0x80) and ignore
>> everything else.  ...but IMHO it is more correct to at least mask the
>> IIR with 0x0F and confirm that bits 2 and 3 are set and bits 0 and 1
>> are zero.  ...and since the main 8250 code uses 0x3f, that seems even
>> better to me (despite the fact that it seems to be relying on the fact
>> that the "reserved" bits come back as 0).
>
>
> I strongly agree with you here, I did it wrong, but 0x3f really is wrong too
> imo. The bits to look at are 3:0, bits 4:5 are reserved and we should never
> look at those, as as you rightfully put it are being relied on to be 0
> (which may always be the case) but imo is still wrong and thus the mask
> should be 0x0f.

Personally I can't predict which would be better: 0xf or 0x3f.
Certainly someone wrote handle_rx_dma() purposely masking against 0x3f
rather than 0xf, probably because they were trying to handle:

#define UART_IIR_XOFF           0x10 /* OMAP XOFF/Special Character */
#define UART_IIR_CTS_RTS_DSR    0x20 /* OMAP CTS/RTS/DSR Change */

...so in our case we don't have those special OMAP IIR bits, so we
likely don't need 0x3f and 0x0f would work fine.

...but one could also argue this:

1. If anyone enables DMA on a dw_8250 then they'll run the code in
handle_rx_dma() which masks against 0x3f.  ...so that implies that if
those reserved bits are even non-zero we're already broken (assuming
we use DMA).

2. It might be better to be consistent than to have two different values here.


Perhaps the absolute "cleanest" way would be to store a "interrupt ID
mask" somewhere and have it default to 0xf.  ...then OMAP can override
it to 0x3f or 0x3e or whatever.


Anyway, this is the type of discussion that takes a lot of time to
talk about but it probably won't actually affect correctness much one
way or the other.  If you want to change this to 0xf then I'm not
opposed to it, though I personally wouldn't bother until it becomes a
problem.


> Going to the horse's mouth [0] which is the documentation of the IP block
> used in all these designs, they also say the same thing. 4 bits and while I
> don't have any of the other datasheets of other 8250 cores, I bet they are
> the same?

Everyone has extended 8250 in their own special ways, so I'm not
convinced they'll all be the same.

>
> And then, the following is actually wrong on the same grounds, from the
> 8250_dw.c
>
>
> if ((iir & UART_IIR_BUSY) == UART_IIR_BUSY) {
>
> This just happens to work as it is the only way this can match, but clearly
> it is wrong then, right?
>
> I'll check against the same mask of 0x0f here as well.

On the 8250 datasheet I have it is clearly wrong.  There are lots and
lots of 8250 devices out there and they all have their own "special"
IP, so presumably you'll want lots of testing if you touch this.

Powered by blists - more mailing lists