lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 10 Jul 2020 23:20:19 +0200
From:   Saheed Olayemi Bolarinwa <refactormyself@...il.com>
To:     helgaas@...nel.org
Cc:     Bolarinwa Olayemi Saheed <refactormyself@...il.com>,
        bjorn@...gaas.com, skhan@...uxfoundation.org,
        linux-pci@...r.kernel.org,
        linux-kernel-mentees@...ts.linuxfoundation.org,
        linux-kernel@...r.kernel.org
Subject: [PATCH 7/14 v3] PCI: pciehp: Check the return value of pcie_capability_read_*()

From: Bolarinwa Olayemi Saheed <refactormyself@...il.com>

If pcie_capability_read_word() fail, slot_ctrl will be 0 and the switch
expression evaluates to 0. So *status = 1 "ON". However, with Patch 14/14
it is possible that slot_ctrl is set to ~0 on failure. This would 
introduce a bug because (x & x) == (~0 & x), so the switch expression
evaluates to PCI_EXP_SLTCTL_PCC. This means that on failure *status = 1
"OFF", since PCI_EXP_SLTCTL_PCC = PCI_EXP_SLTCTL_PWR_OFF.

Use an if-statement and include a check on the return value of
pcie_capability_read_word() to confirm success or failure.

Suggested-by: Bjorn Helgaas <bjorn@...gaas.com>
Signed-off-by: Bolarinwa Olayemi Saheed <refactormyself@...il.com>

---
 drivers/pci/hotplug/pciehp_hpc.c | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/drivers/pci/hotplug/pciehp_hpc.c b/drivers/pci/hotplug/pciehp_hpc.c
index b89c9ee4a3b5..f5ef3fbace69 100644
--- a/drivers/pci/hotplug/pciehp_hpc.c
+++ b/drivers/pci/hotplug/pciehp_hpc.c
@@ -394,20 +394,16 @@ void pciehp_get_power_status(struct controller *ctrl, u8 *status)
 {
 	struct pci_dev *pdev = ctrl_dev(ctrl);
 	u16 slot_ctrl;
+	int ret;
 
-	pcie_capability_read_word(pdev, PCI_EXP_SLTCTL, &slot_ctrl);
+	*status = 1;	/* On */
+	ret = pcie_capability_read_word(pdev, PCI_EXP_SLTCTL, &slot_ctrl);
 	ctrl_dbg(ctrl, "%s: SLOTCTRL %x value read %x\n", __func__,
 		 pci_pcie_cap(ctrl->pcie->port) + PCI_EXP_SLTCTL, slot_ctrl);
 
-	switch (slot_ctrl & PCI_EXP_SLTCTL_PCC) {
-	case PCI_EXP_SLTCTL_PWR_OFF:
+	if (!ret &&
+		((slot_ctrl & PCI_EXP_SLTCTL_PCC) == PCI_EXP_SLTCTL_PWR_OFF))
 		*status = 0;	/* Off */
-		break;
-	case PCI_EXP_SLTCTL_PWR_ON:
-	default:
-		*status = 1;	/* On */
-		break;
-	}
 }
 
 void pciehp_get_latch_status(struct controller *ctrl, u8 *status)
-- 
2.18.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ