| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 Oct 2018 13:01:06 +0200
From: Enric Balletbo i Serra <enric.balletbo@...labora.com>
To: Emil Karlson <jekarlson@...il.com>,
Emil Renner Berthing <kernel@...il.dk>,
Neil Armstrong <narmstrong@...libre.com>,
Stefan Adolfsson <sadolfsson@...omium.org>,
lee.jones@...aro.org, bleung@...omium.org, olof@...om.net,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] mfd: cros-ec: copy the whole event in get_next_event_xfer
Hi Emil,
Many thanks to catch this and fix. Some comments below.
You missed to add the v2, please send the next patch with v3 prefix.
On 28/9/18 19:08, Emil Karlson wrote:
> Commit 57e94c8b974db2d83c60e1139c89a70806abbea0 caused cros-ec keyboard events
> be truncated on many chromebooks so that Left and Right keys on Column 12 were
> always 0. Use ret as memcpy len to fix this.
>
That's fine
> drivers/platform/chrome/cros_ec_proto.c:509
> get_next_event_xfer uses ret from cros_ec_cmd_xfer for memcpy for msg->data len
> drivers/platform/chrome/cros_ec_proto.c:445
> cros_ec_cmd_xfer gets ret from send_command
> drivers/platform/chrome/cros_ec_proto.c:93
> send_command gets ret from bus specific xfer_fn
> drivers/mfd/cros_ec_spi.c:598
> cros_ec_cmd_xfer_spi copies len amount to ec_msg->data and returns len as ret
> drivers/mfd/cros_ec_i2c.c:267
> cros_ec_cmd_xfer_i2c copies len amount to ec_msg->data and returns len as ret
>
> so msg->data length is always the same as ret.
>
Instead of describe the different calls involved and the returns. I'd explain
why using ret fixes the issue.
> Fixes: 57e94c8b974d ("mfd: cros-ec: Increase maximum mkbp event size")
> Signed-off-by: Emil Karlson <jekarlson@...il.com>
> ---
> drivers/platform/chrome/cros_ec_proto.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/platform/chrome/cros_ec_proto.c b/drivers/platform/chrome/cros_ec_proto.c
> index 398393ab5df8..b6fd4838f60f 100644
> --- a/drivers/platform/chrome/cros_ec_proto.c
> +++ b/drivers/platform/chrome/cros_ec_proto.c
> @@ -520,7 +520,7 @@ static int get_next_event_xfer(struct cros_ec_device *ec_dev,
> ret = cros_ec_cmd_xfer(ec_dev, msg);
> if (ret > 0) {
> ec_dev->event_size = ret - 1;
> - memcpy(&ec_dev->event_data, msg->data, ec_dev->event_size);
> + memcpy(&ec_dev->event_data, msg->data, ret);
> }
>
> return ret;
>
After thinking a bit more on this I think that how you fixed this is really
clear. I was wondering if the downstream solution would be better but as is
really late and will be good have this as urgent fix for the coming release I am
happy with it. We can always send follow up patches to sync with the downstream
version if is preferred.
Neil, can you give us your Tested-by to have the make sure this doesn't break
with protocol v1, I don't have such hardware.
Benson, will be really good have this merged in this rc. Are you fine with this
solution?
BTW, you can add my in next version.
Acked-by: Enric Balletbo i Serra <enric.balletbo@...labora.com>
Powered by blists - more mailing lists