lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Oct 2021 10:18:33 +0200 From: Olivier MOYSAN <olivier.moysan@...s.st.com> To: Jonathan Cameron <jic23@...nel.org>, Yizhuo <yzhai003@....edu>, "Mugilraj Dhavachelvan" <dmugil2000@...il.com>, Olivier Moysan <olivier.moysan@...com>, Krzysztof Kozlowski <krzk@...nel.org>, Arnaud Pouliquen <arnaud.pouliquen@...com>, <linux-stm32@...md-mailman.stormreply.com> CC: Lars-Peter Clausen <lars@...afoo.de>, Maxime Coquelin <mcoquelin.stm32@...il.com>, Alexandre Torgue <alexandre.torgue@...s.st.com>, Andy Shevchenko <andy.shevchenko@...il.com>, Mark Brown <broonie@...nel.org>, <linux-iio@...r.kernel.org>, <linux-arm-kernel@...ts.infradead.org>, <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] iio: adc: stm32-dfsdm: Fix the uninitialized use if regmap_read() fails Hi, On 10/3/21 5:47 PM, Jonathan Cameron wrote: > On Sun, 8 Aug 2021 18:32:43 +0100 > Jonathan Cameron <jic23@...nel.org> wrote: > >> On Sat, 24 Jul 2021 16:48:40 +0100 >> Jonathan Cameron <jic23@...nel.org> wrote: >> >>> On Mon, 19 Jul 2021 19:53:11 +0000 >>> Yizhuo <yzhai003@....edu> wrote: >>> >>>> Inside function stm32_dfsdm_irq(), the variable "status", "int_en" >>>> could be uninitialized if the regmap_read() fails and returns an error >>>> code. However, they are directly used in the later context to decide >>>> the control flow, which is potentially unsafe. >>>> >>>> Fixes: e2e6771c64625 ("IIO: ADC: add STM32 DFSDM sigma delta ADC support") >>>> >>>> Signed-off-by: Yizhuo <yzhai003@....edu> >>> >>> Hi Yizhou >>> >>> I want to get some review of this from people familiar with the >>> hardware as there is a small possibility your reordering might have >>> introduced a problem. >> >> To stm32 people, can someone take a look at this? > > This one is still outstanding. If anyone from stm32 side of things could take a look > that would be great, > > Jonathan > I cannot see side effects with reordering itself. However, if we get an error with the read access, just leaving with irq_handled status is probably not enough. In such case we are facing a serious issue and it would make sense to return irq_none instead, as the interrupt will probably never be acknowledged. BRs >> >> Thanks, >> >> Jonathan >> >>> >>>> --- >>>> drivers/iio/adc/stm32-dfsdm-adc.c | 9 +++++++-- >>>> 1 file changed, 7 insertions(+), 2 deletions(-) >>>> >>>> diff --git a/drivers/iio/adc/stm32-dfsdm-adc.c b/drivers/iio/adc/stm32-dfsdm-adc.c >>>> index 1cfefb3b5e56..d8b78aead942 100644 >>>> --- a/drivers/iio/adc/stm32-dfsdm-adc.c >>>> +++ b/drivers/iio/adc/stm32-dfsdm-adc.c >>>> @@ -1292,9 +1292,11 @@ static irqreturn_t stm32_dfsdm_irq(int irq, void *arg) >>>> struct stm32_dfsdm_adc *adc = iio_priv(indio_dev); >>>> struct regmap *regmap = adc->dfsdm->regmap; >>>> unsigned int status, int_en; >>>> + int ret; >>>> >>>> - regmap_read(regmap, DFSDM_ISR(adc->fl_id), &status); >>>> - regmap_read(regmap, DFSDM_CR2(adc->fl_id), &int_en); >>> >>> Moving this later is only valid if there aren't any side effects. >>> The current ordering is strange enough it makes me wonder if there might be! >>> >>> Jonathan >>> >>>> + ret = regmap_read(regmap, DFSDM_ISR(adc->fl_id), &status); >>>> + if (ret) >>>> + return IRQ_HANDLED; >>>> >>>> if (status & DFSDM_ISR_REOCF_MASK) { >>>> /* Read the data register clean the IRQ status */ >>>> @@ -1303,6 +1305,9 @@ static irqreturn_t stm32_dfsdm_irq(int irq, void *arg) >>>> } >>>> >>>> if (status & DFSDM_ISR_ROVRF_MASK) { >>>> + ret = regmap_read(regmap, DFSDM_CR2(adc->fl_id), &int_en); >>>> + if (ret) >>>> + return IRQ_HANDLED; >>>> if (int_en & DFSDM_CR2_ROVRIE_MASK) >>>> dev_warn(&indio_dev->dev, "Overrun detected\n"); >>>> regmap_update_bits(regmap, DFSDM_ICR(adc->fl_id), >>> >> >
Powered by blists - more mailing lists