| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 May 2017 11:53:09 +0200
From: Nicholas Mc Guire <der.herr@...r.at>
To: Cyrille Pitchen <cyrille.pitchen@...ev4u.fr>
Cc: Ludovic Barre <ludovic.barre@...com>,
Marek Vasut <marek.vasut@...il.com>,
David Woodhouse <dwmw2@...radead.org>,
Brian Norris <computersforpeace@...il.com>,
Boris Brezillon <boris.brezillon@...e-electrons.com>,
Richard Weinberger <richard@....at>,
Maxime Coquelin <mcoquelin.stm32@...il.com>,
Alexandre Torgue <alexandre.torgue@...com>,
linux-mtd@...ts.infradead.org,
linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
Nicholas Mc Guire <der.herr@...r.at>
Subject: [RFC PATCH] mtd: spi-nor: handle signal case as failure
The problem is that stm32_qspi_wait_cmd() will indicate success in case of
being interrupted. The if condition is incomplete here as
wait_for_copletion_interruptible_timeout can return -ERESTARTSYS but this
is not handled by if(!wait_for_completion_interruptible_timeout()).
While somewhat unlikely it probably would be hard to figure out what went
wrong if the signal case does occur.
Fixes: commit 0d43d7ab277a ("mtd: spi-nor: add driver for STM32 quad spi flash controller")
Signed-off-by: Nicholas Mc Guire <der.herr@...r.at>
---
Problem found by experimental coccinelle script
Its not clear if its sufficient to simply treat this case as failure or
if it might need some debug output to allow differentiation of signal
and timeout case.
Patch was compile tested with: stm32_defconfig +CONFIG_MTD=y, CONFIG_MTD_SPI_NOR=y,
CONFIG_SPI_STM32_QUADSPI=m
Patch is against v4.11-rc8 (localversion-next is next-20170503)
drivers/mtd/spi-nor/stm32-quadspi.c | 10 ++++++++--
1 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/mtd/spi-nor/stm32-quadspi.c b/drivers/mtd/spi-nor/stm32-quadspi.c
index 1056e74..27147ad 100644
--- a/drivers/mtd/spi-nor/stm32-quadspi.c
+++ b/drivers/mtd/spi-nor/stm32-quadspi.c
@@ -159,6 +159,7 @@ static int stm32_qspi_wait_cmd(struct stm32_qspi *qspi)
{
u32 cr;
int err = 0;
+ long timeout = 0;
if (readl_relaxed(qspi->io_base + QUADSPI_SR) & SR_TCF)
return 0;
@@ -167,8 +168,13 @@ static int stm32_qspi_wait_cmd(struct stm32_qspi *qspi)
cr = readl_relaxed(qspi->io_base + QUADSPI_CR);
writel_relaxed(cr | CR_TCIE, qspi->io_base + QUADSPI_CR);
- if (!wait_for_completion_interruptible_timeout(&qspi->cmd_completion,
- msecs_to_jiffies(1000)))
+ timeout = wait_for_completion_interruptible_timeout(
+ &qspi->cmd_completion, msecs_to_jiffies(1000));
+
+ /* since the calling side only cares about success of failure
+ * returning -ETIMEDOUT even when interrupted should be ok here
+ */
+ if (timeout == 0 || timeout == -ERESTARTSYS)
err = -ETIMEDOUT;
writel_relaxed(cr, qspi->io_base + QUADSPI_CR);
--
2.1.4
Powered by blists - more mailing lists