lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 17 Jun 2019 21:29:20 -0700
From:   Bitan Biswas <bbiswas@...dia.com>
To:     Dmitry Osipenko <digetx@...il.com>,
        Laxman Dewangan <ldewangan@...dia.com>,
        Thierry Reding <treding@...dia.com>,
        Jonathan Hunter <jonathanh@...dia.com>,
        <linux-i2c@...r.kernel.org>, <linux-tegra@...r.kernel.org>,
        <linux-kernel@...r.kernel.org>, Peter Rosin <peda@...ntia.se>,
        Wolfram Sang <wsa@...-dreams.de>
CC:     Shardar Mohammed <smohammed@...dia.com>,
        Sowjanya Komatineni <skomatineni@...dia.com>,
        Mantravadi Karthik <mkarthik@...dia.com>
Subject: Re: [PATCH V7] i2c: tegra: remove BUG, BUG_ON



On 6/17/19 12:28 PM, Dmitry Osipenko wrote:
> 17.06.2019 21:41, Bitan Biswas пишет:
>>
>>
>> On 6/17/19 5:13 AM, Dmitry Osipenko wrote:
>>> 17.06.2019 8:09, Bitan Biswas пишет:
>>>> Remove BUG, BUG_ON as it makes system usable:
>>>>    - Remove redundant BUG_ON calls or replace with WARN_ON_ONCE
>>>>      as needed.
>>>>    - Remove BUG() and mask Rx interrupt similar as Tx
>>>>      for message fully sent case.
>>>>    - Add caller error handling and WARN_ON_ONCE check for non-zero
>>>>      rx_fifo_avail in tegra_i2c_empty_rx_fifo() after all processing.
>>>
>>> The commit message should describe motivation of the change and not the change itself,
>>> unless it's some additional information which is required for better understanding of
>>> the code.
>>>
>>> In yours case it could be something like that:
>>>
>>>       The usage of BUG() macro is generally discouraged in kernel, unless
>>>       it's a problem that results in a physical damage or loss of data.
>>>       This patch removes unnecessary BUG() macros and replaces the rest
>>>       with a warnings.
>> I shall update as per above comments.
>>
>>>
>>>> Signed-off-by: Bitan Biswas <bbiswas@...dia.com>
>>>> ---
>>>>    drivers/i2c/busses/i2c-tegra.c | 45 ++++++++++++++++++++++++++++++++++--------
>>>>    1 file changed, 37 insertions(+), 8 deletions(-)
>>>>
>>>> diff --git a/drivers/i2c/busses/i2c-tegra.c b/drivers/i2c/busses/i2c-tegra.c
>>>> index 4dfb4c1..b155b61 100644
>>>> --- a/drivers/i2c/busses/i2c-tegra.c
>>>> +++ b/drivers/i2c/busses/i2c-tegra.c
>>>> @@ -73,6 +73,7 @@
>>>>    #define I2C_ERR_NO_ACK                BIT(0)
>>>>    #define I2C_ERR_ARBITRATION_LOST        BIT(1)
>>>>    #define I2C_ERR_UNKNOWN_INTERRUPT        BIT(2)
>>>> +#define I2C_ERR_RX_BUFFER_OVERFLOW        BIT(3)
>>>>      #define PACKET_HEADER0_HEADER_SIZE_SHIFT    28
>>>>    #define PACKET_HEADER0_PACKET_ID_SHIFT        16
>>>> @@ -515,7 +516,11 @@ static int tegra_i2c_empty_rx_fifo(struct tegra_i2c_dev *i2c_dev)
>>>>         * prevent overwriting past the end of buf
>>>>         */
>>>>        if (rx_fifo_avail > 0 && buf_remaining > 0) {
>>>> -        BUG_ON(buf_remaining > 3);
>>>> +        /*
>>>> +         * buf_remaining > 3 check not needed as rx_fifo_avail == 0
>>>> +         * when (words_to_transfer was > rx_fifo_avail) earlier
>>>> +         * in this function.
>>>> +         */
>>>>            val = i2c_readl(i2c_dev, I2C_RX_FIFO);
>>>>            val = cpu_to_le32(val);
>>>>            memcpy(buf, &val, buf_remaining);
>>>> @@ -523,7 +528,15 @@ static int tegra_i2c_empty_rx_fifo(struct tegra_i2c_dev *i2c_dev)
>>>>            rx_fifo_avail--;
>>>>        }
>>>>    -    BUG_ON(rx_fifo_avail > 0 && buf_remaining > 0);
>>>> +    if ((!(i2c_dev->msg_buf_remaining)) &&
>>>
>>> The RX FIFO shall be drained completely no matter what.
>>>
>>> Hence why the "i2c_dev->msg_buf_remaining" checking is needed here?
>> I moved the part of below condition in Patch V6 to function tegra_i2c_empty_rx_fifo:
>>
>>>> +            err_val = tegra_i2c_empty_rx_fifo(i2c_dev);
>>>> +            if ((!(i2c_dev->msg_buf_remaining)) &&
>>
>>> Let's move this check into tegra_i2c_empty_rx_fifo() and return -EINVAL for that case.
>>> This will make code to look cleaner.
>>
>> Is above condition not needed?
> 
> Let's put it at the very beginning. This may give a bit more information about the
> problem by knowing if the offending overflow happens after or during of the buffer's
> fill up.
> 
> static int tegra_i2c_empty_rx_fifo(struct tegra_i2c_dev *i2c_dev)
> {
> 	u32 val;
> 	int rx_fifo_avail;
> 	u8 *buf = i2c_dev->msg_buf;
> 	size_t buf_remaining = i2c_dev->msg_buf_remaining;
> 	int words_to_transfer;
> 
> 	if (WARN_ON(!i2c_dev->msg_buf_remaining))
> 		return -EINVAL;
> ...
> 
OK

> In general, the original logic should be preserved during of refactoring. In this case
> we are keeping the original check and then also making it a bit more informative.
> 
I feel the msg_buf_remaining check was not there in original code. The 
corresponding line was probably the following checking for error when 
(buf_remaining > 0) after all work in the function tegra_i2c_empty_rx_fifo()

https://elixir.bootlin.com/linux/v5.2-rc5/source/drivers/i2c/busses/i2c-tegra.c#L536



>>
>>>
>>> Secondly, in the future please don't add parens where they are not needed. In this
>>> case parens around !i2c_dev->msg_buf_remaining are not needed at all.
>>>
>> I shall look out for similar unnecessary parentheses and update the patch.
> 
> Yes, please clean up all the occurrences in the code if there are any. And please do
> it in a separate patch.
> 
I reviewed the source for unnecessary parentheses and do not find any. 
Hence not planning to push any patch. Let me know if I missed a case.

-Thanks,
  Bitan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ