lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20210504115130.GA7094@sirena.org.uk>
Date:   Tue, 4 May 2021 12:51:30 +0100
From:   Mark Brown <broonie@...nel.org>
To:     Lukas Wunner <lukas@...ner.de>
Cc:     Joe Burmeister <joe.burmeister@...tank.co.uk>,
        Florian Fainelli <f.fainelli@...il.com>,
        Ray Jui <rjui@...adcom.com>,
        Scott Branden <sbranden@...adcom.com>,
        bcm-kernel-feedback-list@...adcom.com, linux-spi@...r.kernel.org,
        linux-rpi-kernel@...ts.infradead.org,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
        nsaenz@...nel.org, phil@...pberrypi.com
Subject: Re: [PATCH] spi: bcm2835: Fix buffer overflow with CS able to go
 beyond limit.

On Sat, May 01, 2021 at 09:51:35PM +0200, Lukas Wunner wrote:
> On Fri, Apr 23, 2021 at 05:20:55PM +0100, Mark Brown wrote:
> > Part of the issue here is that there has been some variation in how
> > num_chipselect is interpreted with regard to GPIO based chip selects
> > over time.  It *should* be redundant, I'm not clear why it's in the
> > generic bindings at all but that's lost to history AFAICT.

> It seems num_chipselect is meant to be set to the maximum number of
> *native* chipselects supported by the controller.  Which is overwritten
> if GPIO chipselects are used.

This gets fun with the controllers that have for various reasons open
coded some or all of the GPIO chip select handling.

> I failed to appreciate that when I changed num_chipselects for
> spi-bcm2835.c with commit 571e31fa60b3.  That single line change
> in the commit ought to be reverted.

> And the kernel-doc ought to be amended because the crucial detail
> that num_chipselect needs to be set to the maximum *native* chipselects
> isn't mentioned anywhere.

Can you send patches for these please?

> > The best thing would be to have it not have a single array of chip
> > select specific data and instead store everything in the controller_data
> > that's there per-device.

> Unfortunately that's non-trivial.  The slave-specific data is DMA-mapped.
> It could be DMA-mapped in ->setup but there's no ->unsetup to DMA-unmap
> the memory once the slave is removed.  Note that the slave could be removed
> dynamically with a DT overlay, not just when the controller is unbound.

> So we'd need a new ->unsetup hook at the very least to make this work.

There's the cleanup() callback which seems to fit?

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ