| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 Dec 2023 12:13:37 -0500 From: Hugo Villeneuve <hugo@...ovil.com> To: Andy Shevchenko <andriy.shevchenko@...el.com> Cc: gregkh@...uxfoundation.org, jirislaby@...nel.org, jringle@...dpoint.com, kubakici@...pl, phil@...pberrypi.org, linux-kernel@...r.kernel.org, linux-serial@...r.kernel.org, Hugo Villeneuve <hvilleneuve@...onoff.com>, stable@...r.kernel.org, Yury Norov <yury.norov@...il.com> Subject: Re: [PATCH 02/18] serial: sc16is7xx: fix invalid sc16is7xx_lines bitfield in case of probe error On Thu, 21 Dec 2023 18:16:40 +0200 Andy Shevchenko <andriy.shevchenko@...el.com> wrote: > On Thu, Dec 21, 2023 at 11:13:37AM -0500, Hugo Villeneuve wrote: > > On Thu, 21 Dec 2023 10:56:39 -0500 > > Hugo Villeneuve <hugo@...ovil.com> wrote: > > > On Wed, 20 Dec 2023 17:40:42 +0200 > > > Andy Shevchenko <andriy.shevchenko@...el.com> wrote: > > ... > > > > this will indeed fix the problem described in patch 1. > > > > > > However, if I remove patch 1, and I simulate the same probe error as > > > described in patch 1, now we get stuck forever when trying to > > > remove the driver. This is something that I observed before and > > > that patch 1 also corrected. > > > > > > The problem is caused in sc16is7xx_remove() when calling this function > > > > > > kthread_flush_worker(&s->kworker); > > > > > > I am not sure how best to handle that without patch 1. > > > > Also, if we manage to get past kthread_flush_worker() and > > kthread_stop() (commented out for testing purposes), we get another bug: > > > > # rmmod sc16is7xx > > ... > > crystal-duart-24m already disabled > > WARNING: CPU: 2 PID: 340 at drivers/clk/clk.c:1090 > > clk_core_disable+0x1b0/0x1e0 > > ... > > Call trace: > > clk_core_disable+0x1b0/0x1e0 > > clk_disable+0x38/0x60 > > sc16is7xx_remove+0x1e4/0x240 [sc16is7xx] > > > > This one is caused by calling clk_disable_unprepare(). But > > clk_disable_unprepare() has already been called in probe error handling > > code. Patch 1 also fixed this... > > Word "fixed" is incorrect. "Papered over" is what it did. Hi, I just found the problem, and it was in my bug simulation, not the driver itself. When I simulated the bug, I forgot to set "ret" to an error code, and thus I returned 0 at the end of sc16is7xx_probe(). This is why sc16is7xx_remove() was called when unloading driver, but shouldn't have. If I simulate my probe error and return "-EINVAL" at the end of sc16is7xx_probe(), sc16is7xx_remove() is not called when unloading the driver. Sorry for the noise, so I will drop patch 1 and leave patch "fix invalid sc16is7xx_lines bitfield in case of probe error" as it is, and simply remove comments about Yury's patch. Hugo.
Powered by blists - more mailing lists