linux-kernel - re: spi: bcm2835: fix gpio cs level inversion

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [day] [month] [year] [list]

Date:   Fri, 30 Oct 2020 14:12:10 +0000
From:   Colin Ian King <colin.king@...onical.com>
To:     Martin Hundebøll <martin@...nix.com>
Cc:     Mark Brown <broonie@...nel.org>,
        Florian Fainelli <f.fainelli@...il.com>,
        Ray Jui <rjui@...adcom.com>,
        Scott Branden <sbranden@...adcom.com>,
        bcm-kernel-feedback-list@...adcom.com,
        Nicolas Saenz Julienne <nsaenzjulienne@...e.de>,
        Gregory CLEMENT <gregory.clement@...tlin.com>,
        linux-spi@...r.kernel.org,
        "moderated list:BROADCOM BCM2711/BCM2835 ARM ARCHITECTURE" 
        <linux-rpi-kernel@...ts.infradead.org>,
        "linux-arm-kernel@...ts.infradead.org" 
        <linux-arm-kernel@...ts.infradead.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: re: spi: bcm2835: fix gpio cs level inversion

Hi,

Static analysis with coverity on today's linux-next has detected a
potential issue in  bcm2835_spi_setup() in the following commit:

commit 5e31ba0c0543a04483b53151eb5b7413efece94c
Author: Martin Hundebøll <martin@...nix.com>
Date:   Wed Oct 14 11:02:30 2020 +0200

    spi: bcm2835: fix gpio cs level inversion

The analysis is as follows:

1191 static int bcm2835_spi_setup(struct spi_device *spi)
1192 {
1193        struct spi_controller *ctlr = spi->controller;
1194        struct bcm2835_spi *bs = spi_controller_get_devdata(ctlr);
1195        struct gpio_chip *chip;

1. var_decl: Declaring variable lflags without initializer.

... and later on ...

Uninitialized scalar variable (UNINIT)

9. uninit_use_in_call: Using uninitialized value lflags when calling
gpiochip_request_own_desc. [show details]

1262        spi->cs_gpiod = gpiochip_request_own_desc(chip, 8 -
spi->chip_select,
1263                                                  DRV_NAME,
1264                                                  lflags,
1265                                                  GPIOD_OUT_LOW);


The call to gpiochip_request_own_desc passes the uninitalized lflags
down to  gpiod_configure_flags:

int gpiod_configure_flags(struct gpio_desc *desc, const char *con_id,
3698                unsigned long lflags, enum gpiod_flags dflags)
3699{
3700        int ret;
3701
3702        if (lflags & GPIO_ACTIVE_LOW)
3703                set_bit(FLAG_ACTIVE_LOW, &desc->flags);
3704
3705        if (lflags & GPIO_OPEN_DRAIN)
3706                set_bit(FLAG_OPEN_DRAIN, &desc->flags);

so this looks like lflags needs to be initialized with something
legitimate, probably zero?

Colin