| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 18 Feb 2024 23:20:35 +0100
From: "Christian A. Ehrhardt" <lk@...e.de>
To: linux-usb@...r.kernel.org,
linux-kernel@...r.kernel.org
Cc: "Christian A. Ehrhardt" <lk@...e.de>,
Heikki Krogerus <heikki.krogerus@...ux.intel.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Maxime Coquelin <mcoquelin.stm32@...il.com>,
Alexandre Torgue <alexandre.torgue@...s.st.com>,
Uwe Kleine-König <u.kleine-koenig@...gutronix.de>,
Samuel Čavoj <samuel@...oj.net>,
Hans de Goede <hdegoede@...hat.com>,
Neil Armstrong <neil.armstrong@...aro.org>,
Prashanth K <quic_prashk@...cinc.com>,
Dmitry Baryshkov <dmitry.baryshkov@...aro.org>,
Saranya Gopal <saranya.gopal@...el.com>,
Haotien Hsu <haotienh@...dia.com>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Utkarsh Patel <utkarsh.h.patel@...el.com>,
Bjorn Andersson <andersson@...nel.org>,
Luca Weiss <luca.weiss@...rphone.com>,
Min-Hua Chen <minhuadotchen@...il.com>,
Rob Herring <robh@...nel.org>,
Rajaram Regupathy <rajaram.regupathy@...el.com>,
linux-stm32@...md-mailman.stormreply.com,
linux-arm-kernel@...ts.infradead.org,
Abhishek Pandit-Subedi <abhishekpandit@...omium.org>
Subject: [RFC PATCH 2/6] ucsi_ccg: Cleanup endianness confusion
When storing the cci value in the op_region struct it is
converted from host to little endian. However, the value is
read from hardware that is little endian according to the spec
and it is never converted to host byte order. However, the
value is used as if it where in host byte order.
Additionally, the message_in buffer is a byte array.
Any endian interpretation depends on the current command and
must be done in the ocntext of that command.
While all the UCSI world seems to be little endian and there
are many other endian issues if this is not true, this
particular value is treated with endian awareness, so it should
at least be done correctly.
Add the missing conversion from little endian to host byte order
when reading the CCI value from hardware. Additionally, make the
message_in buffer an u8 array and adjust the size macro accordingly.
Signed-off-by: Christian A. Ehrhardt <lk@...e.de>
---
drivers/usb/typec/ucsi/ucsi_ccg.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/usb/typec/ucsi/ucsi_ccg.c b/drivers/usb/typec/ucsi/ucsi_ccg.c
index dda7c7c94e08..709295948c65 100644
--- a/drivers/usb/typec/ucsi/ucsi_ccg.c
+++ b/drivers/usb/typec/ucsi/ucsi_ccg.c
@@ -192,10 +192,10 @@ struct ucsi_ccg_altmode {
bool checked;
} __packed;
-#define CCGX_MESSAGE_IN_MAX 4
+#define CCGX_MESSAGE_IN_MAX 16
struct op_region {
__le32 cci;
- __le32 message_in[CCGX_MESSAGE_IN_MAX];
+ u8 message_in[CCGX_MESSAGE_IN_MAX];
};
struct ucsi_ccg {
@@ -678,6 +678,7 @@ static irqreturn_t ccg_irq_handler(int irq, void *data)
u16 reg = CCGX_RAB_UCSI_DATA_BLOCK(UCSI_CCI);
struct ucsi_ccg *uc = data;
u8 intr_reg;
+ __le32 __cci;
u32 cci = 0;
int ret = 0;
@@ -690,9 +691,10 @@ static irqreturn_t ccg_irq_handler(int irq, void *data)
else if (!(intr_reg & UCSI_READ_INT))
goto err_clear_irq;
- ret = ccg_read(uc, reg, (void *)&cci, sizeof(cci));
+ ret = ccg_read(uc, reg, (void *)&__cci, sizeof(__cci));
if (ret)
goto err_clear_irq;
+ cci = le32_to_cpu(__cci);
if (UCSI_CCI_CONNECTOR(cci))
ucsi_connector_change(uc->ucsi, UCSI_CCI_CONNECTOR(cci));
--
2.40.1
Powered by blists - more mailing lists