| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 4 Dec 2020 11:08:11 +0100
From: Geert Uytterhoeven <geert@...ux-m68k.org>
To: Finn Thain <fthain@...egraphics.com.au>
Cc: Benjamin Herrenschmidt <benh@...nel.crashing.org>,
Michael Ellerman <mpe@...erman.id.au>,
Joshua Thompson <funaho@...ai.org>,
linuxppc-dev <linuxppc-dev@...ts.ozlabs.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] macintosh/adb-iop: Always wait for reply message from IOP
Hi Finn,
On Fri, Nov 20, 2020 at 5:54 AM Finn Thain <fthain@...egraphics.com.au> wrote:
> A recent patch incorrectly altered the adb-iop state machine behaviour
> and introduced a regression that can appear intermittently as a
> malfunctioning ADB input device. This seems to be caused when reply
> packets from different ADB commands become mixed up, especially during
> the adb bus scan. Fix this by unconditionally entering the awaiting_reply
> state after sending an explicit command, even when the ADB command won't
> generate a reply from the ADB device.
>
> Cc: Joshua Thompson <funaho@...ai.org>
> Fixes: e2954e5f727f ("macintosh/adb-iop: Implement sending -> idle state transition")
> Tested-by: Stan Johnson <userm57@...oo.com>
> Signed-off-by: Finn Thain <fthain@...egraphics.com.au>
Thanks for your patch!
> --- a/drivers/macintosh/adb-iop.c
> +++ b/drivers/macintosh/adb-iop.c
> @@ -84,10 +84,7 @@ static void adb_iop_complete(struct iop_msg *msg)
>
> local_irq_save(flags);
>
> - if (current_req->reply_expected)
> - adb_iop_state = awaiting_reply;
> - else
> - adb_iop_done();
> + adb_iop_state = awaiting_reply;
>
> local_irq_restore(flags);
> }
> @@ -95,8 +92,9 @@ static void adb_iop_complete(struct iop_msg *msg)
> /*
> * Listen for ADB messages from the IOP.
> *
> - * This will be called when unsolicited messages (usually replies to TALK
> - * commands or autopoll packets) are received.
> + * This will be called when unsolicited IOP messages are received.
> + * These IOP messages can carry ADB autopoll responses and also occur
> + * after explicit ADB commands.
> */
>
> static void adb_iop_listen(struct iop_msg *msg)
> @@ -123,8 +121,10 @@ static void adb_iop_listen(struct iop_msg *msg)
> if (adb_iop_state == awaiting_reply) {
> struct adb_request *req = current_req;
>
> - req->reply_len = amsg->count + 1;
> - memcpy(req->reply, &amsg->cmd, req->reply_len);
> + if (req->reply_expected) {
> + req->reply_len = amsg->count + 1;
> + memcpy(req->reply, &amsg->cmd, req->reply_len);
> + }
So if we're not expecting a reply. It's ignored.
Just wondering: what kind of messages are being dropped?
If reply packets from different ADB commands become mixed up,
they are still (expected?) replies to messages we sent before. Why
shouldn't we depend on receiving the replies?
>
> req_done = true;
> }
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
Powered by blists - more mailing lists