| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200220174319.k2icqoxlubu5o2fu@core.my.home>
Date: Thu, 20 Feb 2020 18:43:19 +0100
From: Ondřej Jirman <megous@...ous.com>
To: Maxime Ripard <maxime@...no.tech>
Cc: linux-sunxi@...glegroups.com, Chen-Yu Tsai <wens@...e.org>,
Samuel Holland <samuel@...lland.org>,
Stephen Boyd <swboyd@...omium.org>,
"moderated list:ARM/Allwinner sunXi SoC support"
<linux-arm-kernel@...ts.infradead.org>,
open list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] bus: sunxi-rsb: Return correct data when mixing 16-bit
and 8-bit reads
Hi,
On Thu, Feb 20, 2020 at 06:32:13PM +0100, Maxime Ripard wrote:
> On Wed, Feb 19, 2020 at 02:09:50AM +0100, Ondrej Jirman wrote:
> > When doing a 16-bit read that returns data in the MSB byte, the
> > RSB_DATA register will keep the MSB byte unchanged when doing
> > the following 8-bit read. sunxi_rsb_read() will then return
> > a result that contains high byte from 16-bit read mixed with
> > the 8-bit result.
> >
> > The consequence is that after this happens the PMIC's regmap will
> > look like this: (0x33 is the high byte from the 16-bit read)
> >
> > % cat /sys/kernel/debug/regmap/sunxi-rsb-3a3/registers
> > 00: 33
> > 01: 33
> > 02: 33
> > 03: 33
> > 04: 33
> > 05: 33
> > 06: 33
> > 07: 33
> > 08: 33
> > 09: 33
> > 0a: 33
> > 0b: 33
> > 0c: 33
> > 0d: 33
> > 0e: 33
> > [snip]
> >
> > Fix this by masking the result of the read with the correct mask
> > based on the size of the read. There are no 16-bit users in the
> > mainline kernel, so this doesn't need to get into the stable tree.
> >
> > Signed-off-by: Ondrej Jirman <megous@...ous.com>
> > ---
> > drivers/bus/sunxi-rsb.c | 6 +++++-
> > 1 file changed, 5 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/bus/sunxi-rsb.c b/drivers/bus/sunxi-rsb.c
> > index b8043b58568ac..8ab6a3865f569 100644
> > --- a/drivers/bus/sunxi-rsb.c
> > +++ b/drivers/bus/sunxi-rsb.c
> > @@ -316,6 +316,7 @@ static int sunxi_rsb_read(struct sunxi_rsb *rsb, u8 rtaddr, u8 addr,
> > {
> > u32 cmd;
> > int ret;
> > + u32 mask;
> >
> > if (!buf)
> > return -EINVAL;
> > @@ -323,12 +324,15 @@ static int sunxi_rsb_read(struct sunxi_rsb *rsb, u8 rtaddr, u8 addr,
> > switch (len) {
> > case 1:
> > cmd = RSB_CMD_RD8;
> > + mask = 0xffu;
> > break;
> > case 2:
> > cmd = RSB_CMD_RD16;
> > + mask = 0xffffu;
> > break;
> > case 4:
> > cmd = RSB_CMD_RD32;
> > + mask = 0xffffffffu;
> > break;
> > default:
> > dev_err(rsb->dev, "Invalid access width: %zd\n", len);
> > @@ -345,7 +349,7 @@ static int sunxi_rsb_read(struct sunxi_rsb *rsb, u8 rtaddr, u8 addr,
> > if (ret)
> > goto unlock;
> >
> > - *buf = readl(rsb->regs + RSB_DATA);
> > + *buf = readl(rsb->regs + RSB_DATA) & mask;
>
> Thanks for debugging this and the extensive commit log.
>
> I guess it would be cleaner to just use GENMASK(len * 8, 0) here?
GENMASK most probably fails with value (32,0) I think.
#define GENMASK(h, l) \
(((~UL(0)) - (UL(1) << (l)) + 1) & \
(~UL(0) >> (BITS_PER_LONG - 1 - (h))))
would give ~0 >> -1
regards,
o.
> Maxime
Powered by blists - more mailing lists