lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <63effdad.5d0a0220.28f2a.4738@mx.google.com>
Date:   Fri, 17 Feb 2023 06:09:36 +0100
From:   Christian Marangi <ansuelsmth@...il.com>
To:     Stephen Boyd <sboyd@...nel.org>
Cc:     Michael Turquette <mturquette@...libre.com>,
        linux-clk@...r.kernel.org, linux-kernel@...r.kernel.org,
        Miquel Raynal <miquel.raynal@...tlin.com>,
        Jerome Brunet <jbrunet@...libre.com>,
        Russell King <linux@...linux.org.uk>,
        Jeffrey Hugo <jhugo@...eaurora.org>,
        Chen-Yu Tsai <wens@...e.org>
Subject: Re: [PATCH] clk: Fix wrong clock returned in parent_data with .name
 and no .index

On Fri, Feb 17, 2023 at 02:11:20PM -0800, Stephen Boyd wrote:
> Quoting Christian Marangi (2023-02-15 15:27:12)
> > Commit 601b6e93304a ("clk: Allow parents to be specified via clkspec index")
> > introduced a regression due to a "fragile" implementation present in some very
> > corner case.
> > 
> > Such commit introduced the support for parents to be specified using
> > clkspec index. The index is an int and should be -1 if the feature
> > should not be used. This is the case with parent_hws or legacy
> > parent_names used and the index value is set to -1 by default.
> > With parent_data the situation is different, since it's a struct that
> > can have multiple value (.index, .name, .fw_name), it's init to all 0 by
> > default. This cause the index value to be set to 0 everytime even if not
> 
> It's only initialized to all 0 because that's what you've decided to do.
> It could be on the stack and have random stack junk values.
>

Yes and that itself is problematic on his own. The index value may be
set to an unintended value and we really can't update each parent_data
to -1. And as you can see in the example index is used as an alternative
source to search the parent.

Hope it's clear what is the problem here.

> > intended to be defined and used.
> > 
> > This simple "fragile" implementation cause side-effect and unintended
> > behaviour.
> > 
> > Assuming the following scenario (to repro the corner case and doesn't
> > reflect real code):
> > 
> > In dt we have a node like this:
> >                 acc1: clock-controller@...8000 {
> >                         compatible = "qcom,kpss-acc-v1";
> >                         reg = <0x02098000 0x1000>, <0x02008000 0x1000>;
> >                         clock-output-names = "acpu1_aux";
> >                         clocks = <&pxo_board>;
> >                         clock-names = "pxo";
> >                         #clock-cells = <0>;
> >                 };
> > 
> > And on the relevant driver we have the parent data defined as such:
> >                 static const struct clk_parent_data aux_parents[] = {
> >                         { .name = "pll8_vote" },
> >                         { .fw_name = "pxo", .name = "pxo_board" },
> >                 };
> > 
> > Someone would expect the first parent to be globally searched and set to
> > point to the clock named "pll8_vote".
> > But this is not the case and instead under the hood, the parent point to
> > the pxo clock. This happen without any warning and was discovered on
> > another platform while the gcc driver was converted to parent_data and
> > only .name was defined.
> 
> You didn't set .index explicitly to zero, but it is zero because of the
> use of static struct initializers here. If the struct was on the stack
> nobody knows what the value would be. Set -1 if you don't want to use
> the index lookup path.

There is at least one driver that use .name for global searching and
it's clear that he didn't intend to use index lookup.

Are you totally against this or you are suggesting I should use a
different word for this?

To me this looks very sensible and something we should take care since
sounds a bit fragile to me. (I know 99% of the time it would be a dev
error but we could have case where things works by luck and for example
someone starts adding an additional parent in later changes and regression
happens.)

-- 
	Ansuel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ