| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 20 Apr 2017 12:41:43 +0200
From: Jean Delvare <jdelvare@...e.de>
To: Dmitry Torokhov <dmitry.torokhov@...il.com>
Cc: Wolfram Sang <wsa@...-dreams.de>, linux-i2c@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] i2c: make sure i2c_master_send/recv return negative
error codes
Hi Dmirty,
On Sat, 1 Apr 2017 10:54:35 -0700, Dmitry Torokhov wrote:
> There is theoretical possibility that i2c_master_send() and
> i2c_master_recv() may return non-negative result on error: we pass
> return values from i2c_xfer() unmodified to the caller, unless we
> transferred exactly 1 message. Let's ensure we always return negative on
> error.
>
> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@...il.com>
> ---
> drivers/i2c/i2c-core.c | 10 ++++++++--
> 1 file changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/i2c/i2c-core.c b/drivers/i2c/i2c-core.c
> index 6efeba42d10b..34b0482333f4 100644
> --- a/drivers/i2c/i2c-core.c
> +++ b/drivers/i2c/i2c-core.c
> @@ -2835,7 +2835,10 @@ int i2c_master_send(const struct i2c_client *client, const void *buf, int count)
> * If everything went ok (i.e. 1 msg transmitted), return #bytes
> * transmitted, else error code.
> */
> - return (ret == 1) ? count : ret;
> + if (likely(ret == 1))
> + return count;
> +
> + return ret < 0 ? ret : -EIO;
> }
> EXPORT_SYMBOL(i2c_master_send);
>
> @@ -2865,7 +2868,10 @@ int i2c_master_recv(const struct i2c_client *client, void *buf, int count)
> * If everything went ok (i.e. 1 msg received), return #bytes received,
> * else error code.
> */
> - return (ret == 1) ? count : ret;
> + if (likely(ret == 1))
> + return count;
> +
> + return ret < 0 ? ret : -EIO;
> }
> EXPORT_SYMBOL(i2c_master_recv);
>
I'm not convinced.
Firstly, that would be a device driver bug, and I can't see how
silently working around it here helps. If a driver is broken, it should be
fixed. So I would expect a log message.
Secondly, I believe i2c_master_send() and i2c_master_recv() should be
able to trust the return value of i2c_transfer(), which in turn should
be able to trust the return value of __i2c_transfer(). If you really
want to check the value returned by i2c_algo->master_xfer() for
validity, this should be done in __i2c_transfer(). But then again, I
find it hard to justify the run-time overhead for working drivers, so
maybe it should only be done if CONFIG_I2C_DEBUG_BUS is enabled.
--
Jean Delvare
SUSE L3 Support
--
Jean Delvare
SUSE L3 Support
--
Jean Delvare
SUSE L3 Support
Powered by blists - more mailing lists