lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YlXyM7e+Bkqa3HCZ@dev-arch.thelio-3990X>
Date:   Tue, 12 Apr 2022 14:42:11 -0700
From:   Nathan Chancellor <nathan@...nel.org>
To:     Tom Rix <trix@...hat.com>
Cc:     heikki.krogerus@...ux.intel.com, gregkh@...uxfoundation.org,
        ndesaulniers@...gle.com, sven@...npeter.dev, alyssa@...enzweig.io,
        marcan@...can.st, martink@...teo.de, saranya.gopal@...el.com,
        linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org,
        llvm@...ts.linux.dev
Subject: Re: [PATCH] usb: typec: tipd: improve handling of failures in
 interrupt handlers

Hi Tom,

Thanks for the patch!

On Sat, Apr 09, 2022 at 09:00:13AM -0400, Tom Rix wrote:
> clang static analysis reports this representative issue
> core.c:516:6: warning: Branch condition evaluates
>   to a garbage value
>   if (event)
>       ^~~~~
> 
> In cd321x_interrupt(), a successful call to
> tps6598x_read64() is the only way event is set,
> and if a failure happens the irq should not be
> reported as handled.
> 
> Instead of initializing event, rework the
> usage of ret by initializing it to IRQ_NONE
> and then setting it when event is known to
> be not zero.  This removes the if-statement
> before the return.
> 
> tps6598x_interrupt() is similar.
> 
> Fixes: 0a4c005bd171 ("usb: typec: driver for TI TPS6598x USB Power Delivery controllers")

I am not sure this fixes tag is accurate. At that point in time,
tps6598x_interrupt() did not have any use of event1 or event2 that was
uninitialized.

I think

Fixes: c7260e29dd20 ("usb: typec: tipd: Add short-circuit for no irqs")
Fixes: 45188f27b3d0 ("usb: typec: tipd: Add support for Apple CD321X")

is a more accurate set, as these changes made it possible for the event
variables to be used uninitialized.

> Signed-off-by: Tom Rix <trix@...hat.com>

I found one issue below. With that addressed, feel free to carry
forward:

Reviewed-by: Nathan Chancellor <nathan@...nel.org>

> ---
>  drivers/usb/typec/tipd/core.c | 24 +++++++++++-------------
>  1 file changed, 11 insertions(+), 13 deletions(-)
> 
> diff --git a/drivers/usb/typec/tipd/core.c b/drivers/usb/typec/tipd/core.c
> index 16b4560216ba..88a20cc15da4 100644
> --- a/drivers/usb/typec/tipd/core.c
> +++ b/drivers/usb/typec/tipd/core.c
> @@ -478,12 +478,11 @@ static irqreturn_t cd321x_interrupt(int irq, void *data)
>  	struct tps6598x *tps = data;
>  	u64 event;
>  	u32 status;
> -	int ret;
> +	int ret = IRQ_NONE;
>  
>  	mutex_lock(&tps->lock);
>  
> -	ret = tps6598x_read64(tps, TPS_REG_INT_EVENT1, &event);
> -	if (ret) {
> +	if (tps6598x_read64(tps, TPS_REG_INT_EVENT1, &event)) {
>  		dev_err(tps->dev, "%s: failed to read events\n", __func__);
>  		goto err_unlock;
>  	}
> @@ -492,6 +491,8 @@ static irqreturn_t cd321x_interrupt(int irq, void *data)
>  	if (!event)
>  		goto err_unlock;
>  
> +	ret = IRQ_HANDLED;
> +
>  	if (!tps6598x_read_status(tps, &status))
>  		goto err_clear_ints;
>  
> @@ -513,9 +514,7 @@ static irqreturn_t cd321x_interrupt(int irq, void *data)
>  err_unlock:
>  	mutex_unlock(&tps->lock);
>  
> -	if (event)
> -		return IRQ_HANDLED;
> -	return IRQ_NONE;
> +	return ret;
>  }
>  
>  static irqreturn_t tps6598x_interrupt(int irq, void *data)
> @@ -524,13 +523,12 @@ static irqreturn_t tps6598x_interrupt(int irq, void *data)
>  	u64 event1;
>  	u64 event2;
>  	u32 status;
> -	int ret;
> +	int ret = IRQ_NONE;
>  
>  	mutex_lock(&tps->lock);
>  
> -	ret = tps6598x_read64(tps, TPS_REG_INT_EVENT1, &event1);
> -	ret |= tps6598x_read64(tps, TPS_REG_INT_EVENT2, &event2);
> -	if (ret) {
> +	if (tps6598x_read64(tps, TPS_REG_INT_EVENT1, &event1) ||
> +	    tps6598x_read64(tps, TPS_REG_INT_EVENT2, &event2)) {

This change is incorrect. If the first tps6598x_read64() call succeeds,
then the second tps6598x_read64() will not be called, which would leave
event2 uninitialized. This should be a bitwise OR so that both calls to
tps6598x_read64() occur.

>  		dev_err(tps->dev, "%s: failed to read events\n", __func__);
>  		goto err_unlock;
>  	}
> @@ -539,6 +537,8 @@ static irqreturn_t tps6598x_interrupt(int irq, void *data)
>  	if (!(event1 | event2))
>  		goto err_unlock;
>  
> +	ret = IRQ_HANDLED;
> +
>  	if (!tps6598x_read_status(tps, &status))
>  		goto err_clear_ints;
>  
> @@ -561,9 +561,7 @@ static irqreturn_t tps6598x_interrupt(int irq, void *data)
>  err_unlock:
>  	mutex_unlock(&tps->lock);
>  
> -	if (event1 | event2)
> -		return IRQ_HANDLED;
> -	return IRQ_NONE;
> +	return ret;
>  }
>  
>  static int tps6598x_check_mode(struct tps6598x *tps)
> -- 
> 2.27.0
> 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ