lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20170420124143.606ae032@endymion>
Date:   Thu, 20 Apr 2017 12:41:43 +0200
From:   Jean Delvare <jdelvare@...e.de>
To:     Dmitry Torokhov <dmitry.torokhov@...il.com>
Cc:     Wolfram Sang <wsa@...-dreams.de>, linux-i2c@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] i2c: make sure i2c_master_send/recv return negative
 error codes

Hi Dmirty,

On Sat, 1 Apr 2017 10:54:35 -0700, Dmitry Torokhov wrote:
> There is theoretical possibility that i2c_master_send() and
> i2c_master_recv() may return non-negative result on error: we pass
> return values from i2c_xfer() unmodified to the caller, unless we
> transferred exactly 1 message. Let's ensure we always return negative on
> error.
> 
> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@...il.com>
> ---
>  drivers/i2c/i2c-core.c | 10 ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/i2c/i2c-core.c b/drivers/i2c/i2c-core.c
> index 6efeba42d10b..34b0482333f4 100644
> --- a/drivers/i2c/i2c-core.c
> +++ b/drivers/i2c/i2c-core.c
> @@ -2835,7 +2835,10 @@ int i2c_master_send(const struct i2c_client *client, const void *buf, int count)
>  	 * If everything went ok (i.e. 1 msg transmitted), return #bytes
>  	 * transmitted, else error code.
>  	 */
> -	return (ret == 1) ? count : ret;
> +	if (likely(ret == 1))
> +		return count;
> +
> +	return ret < 0 ? ret : -EIO;
>  }
>  EXPORT_SYMBOL(i2c_master_send);
>  
> @@ -2865,7 +2868,10 @@ int i2c_master_recv(const struct i2c_client *client, void *buf, int count)
>  	 * If everything went ok (i.e. 1 msg received), return #bytes received,
>  	 * else error code.
>  	 */
> -	return (ret == 1) ? count : ret;
> +	if (likely(ret == 1))
> +		return count;
> +
> +	return ret < 0 ? ret : -EIO;
>  }
>  EXPORT_SYMBOL(i2c_master_recv);
>  

I'm not convinced.

Firstly, that would be a device driver bug, and I can't see how
silently working around it here helps. If a driver is broken, it should be
fixed. So I would expect a log message.

Secondly, I believe i2c_master_send() and i2c_master_recv() should be
able to trust the return value of i2c_transfer(), which in turn should
be able to trust the return value of __i2c_transfer(). If you really
want to check the value returned by i2c_algo->master_xfer() for
validity, this should be done in __i2c_transfer(). But then again, I
find it hard to justify the run-time overhead for working drivers, so
maybe it should only be done if CONFIG_I2C_DEBUG_BUS is enabled.

-- 
Jean Delvare
SUSE L3 Support

-- 
Jean Delvare
SUSE L3 Support

-- 
Jean Delvare
SUSE L3 Support

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ