lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+h21hoLq59R2p=+f4jZFmd5OSQ3590FeRB+oHBKLKDHq5knRg@mail.gmail.com>
Date:   Mon, 15 Jun 2020 12:26:37 +0300
From:   Vladimir Oltean <olteanv@...il.com>
To:     Krzysztof Kozlowski <krzk@...nel.org>
Cc:     Mark Brown <broonie@...nel.org>,
        Vladimir Oltean <vladimir.oltean@....com>,
        linux-spi <linux-spi@...r.kernel.org>,
        lkml <linux-kernel@...r.kernel.org>,
        Pengutronix Kernel Team <kernel@...gutronix.de>,
        Marc Kleine-Budde <mkl@...gutronix.de>,
        Wolfram Sang <wsa@...nel.org>, stable@...r.kernel.org
Subject: Re: [PATCH 2/2] spi: spi-fsl-dspi: Initialize completion before
 possible interrupt

On Mon, 15 Jun 2020 at 10:09, Krzysztof Kozlowski <krzk@...nel.org> wrote:
>
> On Sun, Jun 14, 2020 at 06:34:33PM +0300, Vladimir Oltean wrote:
> > On Sun, 14 Jun 2020 at 18:12, Krzysztof Kozlowski <krzk@...nel.org> wrote:
> > >
> > > On Sun, Jun 14, 2020 at 04:43:28PM +0300, Vladimir Oltean wrote:
> > > > On Sun, 14 Jun 2020 at 16:39, Vladimir Oltean <olteanv@...il.com> wrote:
> > > > >
> > > > > On Sun, 14 Jun 2020 at 14:18, Krzysztof Kozlowski <krzk@...nel.org> wrote:
> > > > > >
> > > > > > On Sun, Jun 14, 2020 at 02:14:15PM +0300, Vladimir Oltean wrote:
> > > > > > > On Sun, 14 Jun 2020 at 13:56, Krzysztof Kozlowski <krzk@...nel.org> wrote:
> > > > > > > >
> > > > > > > > If interrupt fires early, the dspi_interrupt() could complete
> > > > > > > > (dspi->xfer_done) before its initialization happens.
> > > > > > > >
> > > > > > > > Fixes: 4f5ee75ea171 ("spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion")
> > > >
> > > > Also please note that this patch merely replaced an
> > > > init_waitqueue_head with init_completion. But the "bug" (if we can
> > > > call it that) originates from even before.
> > >
> > > Yeah, I know, the Fixes is not accurate. Backport to earlier kernels
> > > would be manual so I am not sure if accurate Fixes matter.
> > >
> > > >
> > > > > > > > Cc: <stable@...r.kernel.org>
> > > > > > > > Signed-off-by: Krzysztof Kozlowski <krzk@...nel.org>
> > > > > > > > ---
> > > > > > >
> > > > > > > Why would an interrupt fire before spi_register_controller, therefore
> > > > > > > before dspi_transfer_one_message could get called?
> > > > > > > Is this master or slave mode?
> > > > > >
> > > > > > I guess practically it won't fire.  It's more of a matter of logical
> > > > > > order and:
> > > > > > 1. Someone might fix the CONFIG_DEBUG_SHIRQ_FIXME one day,
> > > > >
> > > > > And what if CONFIG_DEBUG_SHIRQ_FIXME gets fixed? I uncommented it, and
> > > > > still no issues. dspi_interrupt checks the status bit of the hw, sees
> > > > > there's nothing to do, and returns IRQ_NONE.
> > >
> > > Indeed, still the logical way of initializing is to do it before any
> > > possible use.
> > >
> > > > >
> > > > > > 2. The hardware is actually initialized before and someone could attach
> > > > > >    to SPI bus some weird device.
> > > > > >
> > > > >
> > > > > Some weird device that does what?
> > >
> > > You never know what people will connect to a SoM :).
> > >
> > > Wolfram made actually much better point - bootloaders are known to
> > > initialize some things and leaving them in whatever state, assuming that
> > > Linux kernel will redo any initialization properly.
> > >
> > > Best regards,
> > > Krzysztof
> > >
> >
> > I don't buy the argument.
> > So ok, maybe some broken bootloader leaves a SPI_SR interrupt pending
> > (do you have any example of that?). But the driver clears interrupts
> > by writing SPI_SR_CLEAR in dspi_init (called _before_ requesting the
> > IRQ). It clears 10 bits from the status register. There are 2 points
> > to be made here:
> > - The dspi_interrupt only handles data availability interrupt
> > (SPI_SR_EOQF | SPI_SR_CMDTCF). Only then does it matter whether the
> > completion was already initialized or not. But these interrupts _are_
> > cleared. But assume they weren't. What would Linux even do with a SPI
> > transfer initiated by the previously running software environment? Why
> > would it be a smart thing to handle that data in the first place?
> > - The 10 bits from the status register are all the bits that can be
> > cleared. The rest of the register, if you look at it, contains the TX
> > FIFO Counter, the Transmit Next Pointer, the RX FIFO Counter, and the
> > Pop Next Pointer.
> > So, unless there's something I'm missing, I don't actually see how
> > this broken bootloader can do any harm to us.
>
> Let's rephrase it: you think therefore that completion should be
> initialzed *after* requesting shared interrupts? You think that exactly
> that order shall be used in the source code?
>
> Best regards,
> Krzysztof
>
>

I think that completion should be initialized before it is used, just
like any other variable. So far you have not proven any code path
through which it can be used uninitialized, therefore I don't see why
this should be accepted as a bug fix. Cleanup, cosmetic refactoring,
design patterns, whatever, sure.

Thanks,
-Vladimir

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ