lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <84a0aba3-0793-1659-c70c-d5ece650f832@collabora.com>
Date:   Wed, 3 Oct 2018 13:01:06 +0200
From:   Enric Balletbo i Serra <enric.balletbo@...labora.com>
To:     Emil Karlson <jekarlson@...il.com>,
        Emil Renner Berthing <kernel@...il.dk>,
        Neil Armstrong <narmstrong@...libre.com>,
        Stefan Adolfsson <sadolfsson@...omium.org>,
        lee.jones@...aro.org, bleung@...omium.org, olof@...om.net,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] mfd: cros-ec: copy the whole event in get_next_event_xfer

Hi Emil,

Many thanks to catch this and fix. Some comments below.

You missed to add the v2, please send the next patch with v3 prefix.

On 28/9/18 19:08, Emil Karlson wrote:
> Commit 57e94c8b974db2d83c60e1139c89a70806abbea0 caused cros-ec keyboard events
> be truncated on many chromebooks so that Left and Right keys on Column 12 were
> always 0. Use ret as memcpy len to fix this.
>

That's fine

> drivers/platform/chrome/cros_ec_proto.c:509
> get_next_event_xfer uses ret from cros_ec_cmd_xfer for memcpy for msg->data len
> drivers/platform/chrome/cros_ec_proto.c:445
> cros_ec_cmd_xfer gets ret from send_command
> drivers/platform/chrome/cros_ec_proto.c:93
> send_command gets ret from bus specific xfer_fn
> drivers/mfd/cros_ec_spi.c:598
> cros_ec_cmd_xfer_spi copies len amount to ec_msg->data and returns len as ret
> drivers/mfd/cros_ec_i2c.c:267
> cros_ec_cmd_xfer_i2c copies len amount to ec_msg->data and returns len as ret
> 
> so msg->data length is always the same as ret.
> 

Instead of describe the different calls involved and the returns. I'd explain
why using ret fixes the issue.

> Fixes: 57e94c8b974d ("mfd: cros-ec: Increase maximum mkbp event size")
> Signed-off-by: Emil Karlson <jekarlson@...il.com>
> ---
>  drivers/platform/chrome/cros_ec_proto.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/platform/chrome/cros_ec_proto.c b/drivers/platform/chrome/cros_ec_proto.c
> index 398393ab5df8..b6fd4838f60f 100644
> --- a/drivers/platform/chrome/cros_ec_proto.c
> +++ b/drivers/platform/chrome/cros_ec_proto.c
> @@ -520,7 +520,7 @@ static int get_next_event_xfer(struct cros_ec_device *ec_dev,
>  	ret = cros_ec_cmd_xfer(ec_dev, msg);
>  	if (ret > 0) {
>  		ec_dev->event_size = ret - 1;
> -		memcpy(&ec_dev->event_data, msg->data, ec_dev->event_size);
> +		memcpy(&ec_dev->event_data, msg->data, ret);
>  	}
>  
>  	return ret;
> 

After thinking a bit more on this I think that how you fixed this is really
clear. I was wondering if the downstream solution would be better but as is
really late and will be good have this as urgent fix for the coming release I am
happy with it. We can always send follow up patches to sync with the downstream
version if is preferred.

Neil, can you give us your Tested-by to have the make sure this doesn't break
with protocol v1, I don't have such hardware.

Benson, will be really good have this merged in this rc. Are you fine with this
solution?

BTW, you can add my in next version.

Acked-by: Enric Balletbo i Serra <enric.balletbo@...labora.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ