lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 18 Feb 2024 23:20:35 +0100
From: "Christian A. Ehrhardt" <lk@...e.de>
To: linux-usb@...r.kernel.org,
	linux-kernel@...r.kernel.org
Cc: "Christian A. Ehrhardt" <lk@...e.de>,
	Heikki Krogerus <heikki.krogerus@...ux.intel.com>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Maxime Coquelin <mcoquelin.stm32@...il.com>,
	Alexandre Torgue <alexandre.torgue@...s.st.com>,
	Uwe Kleine-König <u.kleine-koenig@...gutronix.de>,
	Samuel Čavoj <samuel@...oj.net>,
	Hans de Goede <hdegoede@...hat.com>,
	Neil Armstrong <neil.armstrong@...aro.org>,
	Prashanth K <quic_prashk@...cinc.com>,
	Dmitry Baryshkov <dmitry.baryshkov@...aro.org>,
	Saranya Gopal <saranya.gopal@...el.com>,
	Haotien Hsu <haotienh@...dia.com>,
	Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
	Utkarsh Patel <utkarsh.h.patel@...el.com>,
	Bjorn Andersson <andersson@...nel.org>,
	Luca Weiss <luca.weiss@...rphone.com>,
	Min-Hua Chen <minhuadotchen@...il.com>,
	Rob Herring <robh@...nel.org>,
	Rajaram Regupathy <rajaram.regupathy@...el.com>,
	linux-stm32@...md-mailman.stormreply.com,
	linux-arm-kernel@...ts.infradead.org,
	Abhishek Pandit-Subedi <abhishekpandit@...omium.org>
Subject: [RFC PATCH 2/6] ucsi_ccg: Cleanup endianness confusion

When storing the cci value in the op_region struct it is
converted from host to little endian. However, the value is
read from hardware that is little endian according to the spec
and it is never converted to host byte order. However, the
value is used as if it where in host byte order.

Additionally, the message_in buffer is a byte array.
Any endian interpretation depends on the current command and
must be done in the ocntext of that command.

While all the UCSI world seems to be little endian and there
are many other endian issues if this is not true, this
particular value is treated with endian awareness, so it should
at least be done correctly.

Add the missing conversion from little endian to host byte order
when reading the CCI value from hardware. Additionally, make the
message_in buffer an u8 array and adjust the size macro accordingly.

Signed-off-by: Christian A. Ehrhardt <lk@...e.de>
---
 drivers/usb/typec/ucsi/ucsi_ccg.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/drivers/usb/typec/ucsi/ucsi_ccg.c b/drivers/usb/typec/ucsi/ucsi_ccg.c
index dda7c7c94e08..709295948c65 100644
--- a/drivers/usb/typec/ucsi/ucsi_ccg.c
+++ b/drivers/usb/typec/ucsi/ucsi_ccg.c
@@ -192,10 +192,10 @@ struct ucsi_ccg_altmode {
 	bool checked;
 } __packed;
 
-#define CCGX_MESSAGE_IN_MAX 4
+#define CCGX_MESSAGE_IN_MAX 16
 struct op_region {
 	__le32 cci;
-	__le32 message_in[CCGX_MESSAGE_IN_MAX];
+	u8 message_in[CCGX_MESSAGE_IN_MAX];
 };
 
 struct ucsi_ccg {
@@ -678,6 +678,7 @@ static irqreturn_t ccg_irq_handler(int irq, void *data)
 	u16 reg = CCGX_RAB_UCSI_DATA_BLOCK(UCSI_CCI);
 	struct ucsi_ccg *uc = data;
 	u8 intr_reg;
+	__le32 __cci;
 	u32 cci = 0;
 	int ret = 0;
 
@@ -690,9 +691,10 @@ static irqreturn_t ccg_irq_handler(int irq, void *data)
 	else if (!(intr_reg & UCSI_READ_INT))
 		goto err_clear_irq;
 
-	ret = ccg_read(uc, reg, (void *)&cci, sizeof(cci));
+	ret = ccg_read(uc, reg, (void *)&__cci, sizeof(__cci));
 	if (ret)
 		goto err_clear_irq;
+	cci = le32_to_cpu(__cci);
 
 	if (UCSI_CCI_CONNECTOR(cci))
 		ucsi_connector_change(uc->ucsi, UCSI_CCI_CONNECTOR(cci));
-- 
2.40.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ