| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <43a3fae8-dd3e-c7d3-42a7-493210e601e2@nvidia.com>
Date: Mon, 17 Jun 2019 11:41:00 -0700
From: Bitan Biswas <bbiswas@...dia.com>
To: Dmitry Osipenko <digetx@...il.com>,
Laxman Dewangan <ldewangan@...dia.com>,
Thierry Reding <treding@...dia.com>,
Jonathan Hunter <jonathanh@...dia.com>,
<linux-i2c@...r.kernel.org>, <linux-tegra@...r.kernel.org>,
<linux-kernel@...r.kernel.org>, Peter Rosin <peda@...ntia.se>,
Wolfram Sang <wsa@...-dreams.de>
CC: Shardar Mohammed <smohammed@...dia.com>,
Sowjanya Komatineni <skomatineni@...dia.com>,
Mantravadi Karthik <mkarthik@...dia.com>
Subject: Re: [PATCH V7] i2c: tegra: remove BUG, BUG_ON
On 6/17/19 5:13 AM, Dmitry Osipenko wrote:
> 17.06.2019 8:09, Bitan Biswas пишет:
>> Remove BUG, BUG_ON as it makes system usable:
>> - Remove redundant BUG_ON calls or replace with WARN_ON_ONCE
>> as needed.
>> - Remove BUG() and mask Rx interrupt similar as Tx
>> for message fully sent case.
>> - Add caller error handling and WARN_ON_ONCE check for non-zero
>> rx_fifo_avail in tegra_i2c_empty_rx_fifo() after all processing.
>
> The commit message should describe motivation of the change and not the change itself,
> unless it's some additional information which is required for better understanding of
> the code.
>
> In yours case it could be something like that:
>
> The usage of BUG() macro is generally discouraged in kernel, unless
> it's a problem that results in a physical damage or loss of data.
> This patch removes unnecessary BUG() macros and replaces the rest
> with a warnings.
I shall update as per above comments.
>
>> Signed-off-by: Bitan Biswas <bbiswas@...dia.com>
>> ---
>> drivers/i2c/busses/i2c-tegra.c | 45 ++++++++++++++++++++++++++++++++++--------
>> 1 file changed, 37 insertions(+), 8 deletions(-)
>>
>> diff --git a/drivers/i2c/busses/i2c-tegra.c b/drivers/i2c/busses/i2c-tegra.c
>> index 4dfb4c1..b155b61 100644
>> --- a/drivers/i2c/busses/i2c-tegra.c
>> +++ b/drivers/i2c/busses/i2c-tegra.c
>> @@ -73,6 +73,7 @@
>> #define I2C_ERR_NO_ACK BIT(0)
>> #define I2C_ERR_ARBITRATION_LOST BIT(1)
>> #define I2C_ERR_UNKNOWN_INTERRUPT BIT(2)
>> +#define I2C_ERR_RX_BUFFER_OVERFLOW BIT(3)
>>
>> #define PACKET_HEADER0_HEADER_SIZE_SHIFT 28
>> #define PACKET_HEADER0_PACKET_ID_SHIFT 16
>> @@ -515,7 +516,11 @@ static int tegra_i2c_empty_rx_fifo(struct tegra_i2c_dev *i2c_dev)
>> * prevent overwriting past the end of buf
>> */
>> if (rx_fifo_avail > 0 && buf_remaining > 0) {
>> - BUG_ON(buf_remaining > 3);
>> + /*
>> + * buf_remaining > 3 check not needed as rx_fifo_avail == 0
>> + * when (words_to_transfer was > rx_fifo_avail) earlier
>> + * in this function.
>> + */
>> val = i2c_readl(i2c_dev, I2C_RX_FIFO);
>> val = cpu_to_le32(val);
>> memcpy(buf, &val, buf_remaining);
>> @@ -523,7 +528,15 @@ static int tegra_i2c_empty_rx_fifo(struct tegra_i2c_dev *i2c_dev)
>> rx_fifo_avail--;
>> }
>>
>> - BUG_ON(rx_fifo_avail > 0 && buf_remaining > 0);
>> + if ((!(i2c_dev->msg_buf_remaining)) &&
>
> The RX FIFO shall be drained completely no matter what.
>
> Hence why the "i2c_dev->msg_buf_remaining" checking is needed here?
I moved the part of below condition in Patch V6 to function
tegra_i2c_empty_rx_fifo:
>> + err_val = tegra_i2c_empty_rx_fifo(i2c_dev);
>> + if ((!(i2c_dev->msg_buf_remaining)) &&
> Let's move this check into tegra_i2c_empty_rx_fifo() and return
-EINVAL for that case.
> This will make code to look cleaner.
Is above condition not needed?
>
> Secondly, in the future please don't add parens where they are not needed. In this
> case parens around !i2c_dev->msg_buf_remaining are not needed at all.
>
I shall look out for similar unnecessary parentheses and update the patch.
>> + WARN_ON_ONCE(rx_fifo_avail))
>> + return -EINVAL;
>> +
>> + /*
>> + * buf_remaining > 0 at this point can only have rx_fifo_avail == 0
>
> The rx_fifo_avail is always 0 at this point, including the case of buf_remaining == 0.
> It will be better if you'll add a comment for the WARN_ON_ONCE(rx_fifo_avail) above,
> saying that RX FIFO must be fully drained, and then just drop this comment.
>
OK.
>> + * as this corresponds to (words_to_transfer was > rx_fifo_avail)
>> + * case earlier in this function.
>> + */
>> i2c_dev->msg_buf_remaining = buf_remaining;
>> i2c_dev->msg_buf = buf;
>
> [snip]
>
Powered by blists - more mailing lists