lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3643be60-492c-66bd-1e34-adffb85d3754@gentoo.org>
Date:   Thu, 10 Sep 2020 21:16:00 -0400
From:   Joshua Kinard <kumba@...too.org>
To:     Thomas Bogendoerfer <tsbogend@...ha.franken.de>,
        Alessandro Zummo <a.zummo@...ertech.it>,
        Alexandre Belloni <alexandre.belloni@...tlin.com>,
        linux-rtc@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] rtc: ds1685: Fix bank switching to avoid endless loop

On 9/10/2020 04:41, Thomas Bogendoerfer wrote:
> ds1685_rtc_begin_data_access() tried to access an extended register before
> enabling access to it by switching to bank 1. Depending on content in NVRAM
> this could lead to an endless loop. While at it fix also switch back to
> bank 0 in ds1685_rtc_end_data_access().
> 
> Signed-off-by: Thomas Bogendoerfer <tsbogend@...ha.franken.de>
> ---
>  drivers/rtc/rtc-ds1685.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/rtc/rtc-ds1685.c b/drivers/rtc/rtc-ds1685.c
> index 56c670af2e50..dfbd7b88b2b9 100644
> --- a/drivers/rtc/rtc-ds1685.c
> +++ b/drivers/rtc/rtc-ds1685.c
> @@ -193,12 +193,12 @@ ds1685_rtc_begin_data_access(struct ds1685_priv *rtc)
>  	rtc->write(rtc, RTC_CTRL_B,
>  		   (rtc->read(rtc, RTC_CTRL_B) | RTC_CTRL_B_SET));
>  
> +	/* Switch to Bank 1 */
> +	ds1685_rtc_switch_to_bank1(rtc);
> +
>  	/* Read Ext Ctrl 4A and check the INCR bit to avoid a lockout. */
>  	while (rtc->read(rtc, RTC_EXT_CTRL_4A) & RTC_CTRL_4A_INCR)
>  		cpu_relax();
> -
> -	/* Switch to Bank 1 */
> -	ds1685_rtc_switch_to_bank1(rtc);
>  }
>  
>  /**
> @@ -213,7 +213,7 @@ static inline void
>  ds1685_rtc_end_data_access(struct ds1685_priv *rtc)
>  {
>  	/* Switch back to Bank 0 */
> -	ds1685_rtc_switch_to_bank1(rtc);
> +	ds1685_rtc_switch_to_bank0(rtc);
>  
>  	/* Clear the SET bit in Ctrl B */
>  	rtc->write(rtc, RTC_CTRL_B,
> 

This probably needs to be sent to stable as well.

Acked-by: Joshua Kinard <kumba@...too.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ