lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20190802020349.GA17198@roeck-us.net>
Date:   Thu, 1 Aug 2019 19:03:49 -0700
From:   Guenter Roeck <linux@...ck-us.net>
To:     Mark Balantzyan <mbalant3@...il.com>
Cc:     wim@...ux-watchdog.org, linux-kernel@...r.kernel.org,
        linux-watchdog@...r.kernel.org
Subject: Re: [PATCH v2] watchdog: alim1535: Rewriting of alim1535 to use
 watchdog subsystem

On Thu, Aug 01, 2019 at 01:58:34PM -0700, Mark Balantzyan wrote:
> This patch rewrites the alim1535_wdt driver to use the watchdog subsystem. By virtue of this, it also fixes a potential race condition between ali_timeout_bits and ali_settimer().
> 
There is no such race condition, as I explained (or tried
to explain) before. Your tool does not take into account
that the device can only be opened exactly once.

Your description exceeds 75 columns.

> Signed-off-by: Mark Balantzyan <mbalant3@...il.com>
> ---
>  drivers/watchdog/Kconfig        |   1 +
>  drivers/watchdog/alim1535_wdt.c | 275 +++++---------------------------
>  2 files changed, 37 insertions(+), 239 deletions(-)
> 
> diff --git a/drivers/watchdog/Kconfig b/drivers/watchdog/Kconfig
> index 9af07fd9..980b0c90 100644
> --- a/drivers/watchdog/Kconfig
> +++ b/drivers/watchdog/Kconfig
> @@ -853,6 +853,7 @@ config ADVANTECH_WDT
>  
>  config ALIM1535_WDT
>  	tristate "ALi M1535 PMU Watchdog Timer"
> +	select WATCHDOG_CORE
>  	depends on X86 && PCI
>  	---help---
>  	  This is the driver for the hardware watchdog on the ALi M1535 PMU.
> diff --git a/drivers/watchdog/alim1535_wdt.c b/drivers/watchdog/alim1535_wdt.c
> index 60f0c2eb..55648ba8 100644
> --- a/drivers/watchdog/alim1535_wdt.c
> +++ b/drivers/watchdog/alim1535_wdt.c
> @@ -12,26 +12,18 @@
>  #include <linux/module.h>
>  #include <linux/moduleparam.h>
>  #include <linux/types.h>
> -#include <linux/miscdevice.h>
>  #include <linux/watchdog.h>
>  #include <linux/ioport.h>

Not needed.

> -#include <linux/notifier.h>
> -#include <linux/reboot.h>
> -#include <linux/init.h>
> -#include <linux/fs.h>
> -#include <linux/pci.h>
>  #include <linux/uaccess.h>

No longer needed.

>  #include <linux/io.h>

Not needed.

> +#include <linux/pci.h>

Why did you move this include file ?

>  
>  #define WATCHDOG_NAME "ALi_M1535"
>  #define WATCHDOG_TIMEOUT 60	/* 60 sec default timeout */
>  
>  /* internal variables */
> -static unsigned long ali_is_open;
> -static char ali_expect_release;
>  static struct pci_dev *ali_pci;
>  static u32 ali_timeout_bits;		/* stores the computed timeout */
> -static DEFINE_SPINLOCK(ali_lock);	/* Guards the hardware */
>  
>  /* module parameters */
>  static int timeout = WATCHDOG_TIMEOUT;

Should be set to 0.

> @@ -53,18 +45,15 @@ MODULE_PARM_DESC(nowayout,
>   *	configuration set.
>   */
>  
> -static void ali_start(void)
> +static int ali_start(struct watchdog_device *wdd)
>  {
>  	u32 val;
>  
> -	spin_lock(&ali_lock);
> -

Side note: Presumably this lock was supposed to guard
accesses to the PCI configuration register by other
drivers, but it never did that. The lock was useless
from the beginning.

>  	pci_read_config_dword(ali_pci, 0xCC, &val);
>  	val &= ~0x3F;	/* Mask count */
>  	val |= (1 << 25) | ali_timeout_bits;
>  	pci_write_config_dword(ali_pci, 0xCC, val);
> -
> -	spin_unlock(&ali_lock);
> +	return 0;
>  }
>  
>  /*
> @@ -73,18 +62,15 @@ static void ali_start(void)
>   *	Stop the ALi watchdog countdown
>   */
>  
> -static void ali_stop(void)
> +static int ali_stop(struct watchdog_device *wdd)
>  {
>  	u32 val;
>  
> -	spin_lock(&ali_lock);
> -
>  	pci_read_config_dword(ali_pci, 0xCC, &val);
>  	val &= ~0x3F;		/* Mask count to zero (disabled) */
>  	val &= ~(1 << 25);	/* and for safety mask the reset enable */
>  	pci_write_config_dword(ali_pci, 0xCC, val);
> -
> -	spin_unlock(&ali_lock);
> +	return 0;
>  }
>  
>  /*
> @@ -93,32 +79,24 @@ static void ali_stop(void)
>   *	Send a keepalive to the timer (actually we restart the timer).
>   */
>  
> -static void ali_keepalive(void)
> +static int ali_keepalive(struct watchdog_device *wdd)
>  {
> -	ali_start();
> +	ali_start(wdd);
> +	return 0;
>  }

If the keepalive function does nothing but call the start function,
it can be omitted.

>  
>  /*
> - *	ali_settimer	-	compute the timer reload value
> + *	ali_set_timeout	-	compute the timer reload value
>   *	@t: time in seconds
>   *
>   *	Computes the timeout values needed
>   */
>  
> -static int ali_settimer(int t)
> +static int ali_set_timeout(struct watchdog_device *wdd, unsigned int t)
>  {
> -	if (t < 0)
> -		return -EINVAL;
> -	else if (t < 60)
> -		ali_timeout_bits = t|(1 << 6);
> -	else if (t < 3600)
> -		ali_timeout_bits = (t / 60)|(1 << 7);
> -	else if (t < 18000)
> -		ali_timeout_bits = (t / 300)|(1 << 6)|(1 << 7);
> -	else
> -		return -EINVAL;
> -
> -	timeout = t;
> +	wdd->max_timeout = 60;
> +	wdd->min_timeout = 1;

This is wrong. max_timeout and min_timeout must be set in the
static declaration of struct watchdog_device. Similar,
wdd.timeout should be initialized there with WATCHDOG_TIMEOUT.

Also, a maximum of 60 seconds does not make sense. The (old)
code above clearly accepts timeouts up to 17999 seconds.

Where is ali_timeout_bits now initialized ?

> +	wdd->timeout = t;

wdd->timeout needs to be set to the actual timeout. Per
the above (old) code, this is either a multiple of seconds,
minutes, or five minutes, depending on the requested timeout
value. For example, if t=310 is requested, the actual timeout
is set to 300 seconds. wdd->timeout must then be set to 300.

>  	return 0;
>  }
>  
> @@ -126,172 +104,6 @@ static int ali_settimer(int t)
>   *	/dev/watchdog handling
>   */
>  
> -/*
> - *	ali_write	-	writes to ALi watchdog
> - *	@file: file from VFS
> - *	@data: user address of data
> - *	@len: length of data
> - *	@ppos: pointer to the file offset
> - *
> - *	Handle a write to the ALi watchdog. Writing to the file pings
> - *	the watchdog and resets it. Writing the magic 'V' sequence allows
> - *	the next close to turn off the watchdog.
> - */
> -
> -static ssize_t ali_write(struct file *file, const char __user *data,
> -						size_t len, loff_t *ppos)
> -{
> -	/* See if we got the magic character 'V' and reload the timer */
> -	if (len) {
> -		if (!nowayout) {
> -			size_t i;
> -
> -			/* note: just in case someone wrote the
> -			   magic character five months ago... */
> -			ali_expect_release = 0;
> -
> -			/* scan to see whether or not we got
> -			   the magic character */
> -			for (i = 0; i != len; i++) {
> -				char c;
> -				if (get_user(c, data + i))
> -					return -EFAULT;
> -				if (c == 'V')
> -					ali_expect_release = 42;
> -			}
> -		}
> -
> -		/* someone wrote to us, we should reload the timer */
> -		ali_start();
> -	}
> -	return len;
> -}
> -
> -/*
> - *	ali_ioctl	-	handle watchdog ioctls
> - *	@file: VFS file pointer
> - *	@cmd: ioctl number
> - *	@arg: arguments to the ioctl
> - *
> - *	Handle the watchdog ioctls supported by the ALi driver. Really
> - *	we want an extension to enable irq ack monitoring and the like
> - */
> -
> -static long ali_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
> -{
> -	void __user *argp = (void __user *)arg;
> -	int __user *p = argp;
> -	static const struct watchdog_info ident = {
> -		.options =		WDIOF_KEEPALIVEPING |
> -					WDIOF_SETTIMEOUT |
> -					WDIOF_MAGICCLOSE,
> -		.firmware_version =	0,
> -		.identity =		"ALi M1535 WatchDog Timer",
> -	};
> -
> -	switch (cmd) {
> -	case WDIOC_GETSUPPORT:
> -		return copy_to_user(argp, &ident, sizeof(ident)) ? -EFAULT : 0;
> -
> -	case WDIOC_GETSTATUS:
> -	case WDIOC_GETBOOTSTATUS:
> -		return put_user(0, p);
> -	case WDIOC_SETOPTIONS:
> -	{
> -		int new_options, retval = -EINVAL;
> -
> -		if (get_user(new_options, p))
> -			return -EFAULT;
> -		if (new_options & WDIOS_DISABLECARD) {
> -			ali_stop();
> -			retval = 0;
> -		}
> -		if (new_options & WDIOS_ENABLECARD) {
> -			ali_start();
> -			retval = 0;
> -		}
> -		return retval;
> -	}
> -	case WDIOC_KEEPALIVE:
> -		ali_keepalive();
> -		return 0;
> -	case WDIOC_SETTIMEOUT:
> -	{
> -		int new_timeout;
> -		if (get_user(new_timeout, p))
> -			return -EFAULT;
> -		if (ali_settimer(new_timeout))
> -			return -EINVAL;
> -		ali_keepalive();
> -	}
> -		/* fall through */
> -	case WDIOC_GETTIMEOUT:
> -		return put_user(timeout, p);
> -	default:
> -		return -ENOTTY;
> -	}
> -}
> -
> -/*
> - *	ali_open	-	handle open of ali watchdog
> - *	@inode: inode from VFS
> - *	@file: file from VFS
> - *
> - *	Open the ALi watchdog device. Ensure only one person opens it
> - *	at a time. Also start the watchdog running.
> - */
> -
> -static int ali_open(struct inode *inode, struct file *file)
> -{
> -	/* /dev/watchdog can only be opened once */
> -	if (test_and_set_bit(0, &ali_is_open))
> -		return -EBUSY;
> -
> -	/* Activate */
> -	ali_start();
> -	return nonseekable_open(inode, file);
> -}
> -
> -/*
> - *	ali_release	-	close an ALi watchdog
> - *	@inode: inode from VFS
> - *	@file: file from VFS
> - *
> - *	Close the ALi watchdog device. Actual shutdown of the timer
> - *	only occurs if the magic sequence has been set.
> - */
> -
> -static int ali_release(struct inode *inode, struct file *file)
> -{
> -	/*
> -	 *      Shut off the timer.
> -	 */
> -	if (ali_expect_release == 42)
> -		ali_stop();
> -	else {
> -		pr_crit("Unexpected close, not stopping watchdog!\n");
> -		ali_keepalive();
> -	}
> -	clear_bit(0, &ali_is_open);
> -	ali_expect_release = 0;
> -	return 0;
> -}
> -
> -/*
> - *	ali_notify_sys	-	System down notifier
> - *
> - *	Notifier for system down
> - */
> -
> -
> -static int ali_notify_sys(struct notifier_block *this,
> -					unsigned long code, void *unused)
> -{
> -	if (code == SYS_DOWN || code == SYS_HALT)
> -		ali_stop();		/* Turn the WDT off */
> -	return NOTIFY_DONE;
> -}
> -
>  /*
>   *	Data for PCI driver interface
>   *
> @@ -361,23 +173,17 @@ static int __init ali_find_watchdog(void)
>   *	Kernel Interfaces
>   */
>  
> -static const struct file_operations ali_fops = {
> -	.owner		=	THIS_MODULE,
> -	.llseek		=	no_llseek,
> -	.write		=	ali_write,
> -	.unlocked_ioctl =	ali_ioctl,
> -	.open		=	ali_open,
> -	.release	=	ali_release,
> +static struct watchdog_ops alim1535wdt_ops = {
> +	.owner = THIS_MODULE,
> +	.start = ali_start,
> +	.stop = ali_stop,
> +	.ping = ali_keepalive,
> +	.set_timeout = ali_set_timeout,
>  };
>  
> -static struct miscdevice ali_miscdev = {
> -	.minor =	WATCHDOG_MINOR,
> -	.name =		"watchdog",
> -	.fops =		&ali_fops,
> -};
> -
> -static struct notifier_block ali_notifier = {
> -	.notifier_call =	ali_notify_sys,
> +static struct watchdog_device alim1535wdt_wdd = {

Also set:
	.info
	.timeout
	.min_timeout
	.max_timeout

> +	.ops = &alim1535wdt_ops,
> +	.status = WATCHDOG_NOWAYOUT_INIT_STATUS,
>  };
>  
>  /*
> @@ -403,30 +209,25 @@ static int __init watchdog_init(void)
>  			timeout);
>  	}
>  
> -	/* Calculate the watchdog's timeout */
> -	ali_settimer(timeout);
> +	watchdog_stop_on_reboot(&alim1535wdt_wdd);
> +
> +	watchdog_init_timeout(&alim1535wdt_wdd, timeout, NULL);
> +
> +	watchdog_set_nowayout(&alim1535wdt_wdd, nowayout);
>  
> -	ret = register_reboot_notifier(&ali_notifier);
> -	if (ret != 0) {
> -		pr_err("cannot register reboot notifier (err=%d)\n", ret);
> -		goto out;
> -	}
> +	ret = watchdog_register_device(&alim1535wdt_wdd);
>  
> -	ret = misc_register(&ali_miscdev);
>  	if (ret != 0) {
> -		pr_err("cannot register miscdev on minor=%d (err=%d)\n",
> -		       WATCHDOG_MINOR, ret);
> -		goto unreg_reboot;
> +		goto reboot_unreg;

A goto to a return statement does not add value.

>  	}
>  
> -	pr_info("initialized. timeout=%d sec (nowayout=%d)\n",
> -		timeout, nowayout);
> +	/* Calculate the watchdog's timeout */
> +	ali_set_timeout(&alim1535wdt_wdd, timeout);
> +
This is unnecessary. The values can and should be initialized in
static struct watchdog_device alim1535wdt_wdd.

> +	return 0;
>  
> -out:
> +reboot_unreg:
>  	return ret;
> -unreg_reboot:
> -	unregister_reboot_notifier(&ali_notifier);
> -	goto out;
>  }
>  
>  /*
> @@ -437,12 +238,8 @@ unreg_reboot:
>  
>  static void __exit watchdog_exit(void)
>  {
> -	/* Stop the timer before we leave */
> -	ali_stop();
> -
>  	/* Deregister */
> -	misc_deregister(&ali_miscdev);
> -	unregister_reboot_notifier(&ali_notifier);
> +	watchdog_unregister_device(&alim1535wdt_wdd);
>  	pci_dev_put(ali_pci);
>  }
>  
> @@ -451,4 +248,4 @@ module_exit(watchdog_exit);
>  
>  MODULE_AUTHOR("Alan Cox");
>  MODULE_DESCRIPTION("ALi M1535 PMU Watchdog Timer driver");
> -MODULE_LICENSE("GPL");
> +MODULE_LICENSE("GPL");

I am at loss what is different here.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ