| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f196ffc9-1341-438b-abe4-0761b5901716@kernel.org>
Date: Tue, 5 Mar 2024 08:05:21 +0100
From: Jiri Slaby <jirislaby@...nel.org>
To: Douglas Anderson <dianders@...omium.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Stephen Boyd <swboyd@...omium.org>, Bjorn Andersson
<andersson@...nel.org>, Konrad Dybcio <konrad.dybcio@...aro.org>,
linux-arm-msm@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-serial@...r.kernel.org
Subject: Re: [PATCH] Revert "tty: serial: simplify
qcom_geni_serial_send_chunk_fifo()"
On 05. 03. 24, 2:49, Douglas Anderson wrote:
> This reverts commit 5c7e105cd156fc9adf5294a83623d7a40c15f9b9.
>
> As identified by KASAN, the simplification done by the cleanup patch
> was not legal.
Ugh, indeed. uart_xmit_advance() is nice but completely hid the detail
you describe below.
My bad, so for now definitely:
Acked-by: Jiri Slaby <jirislaby@...nel.org>
> From tracing through the code, it can be seen that we're transmitting
> from a 4096-byte circular buffer. We copy anywhere from 1-4 bytes from
> it each time. The simplification runs into trouble when we get near
> the end of the circular buffer. For instance, we might start out with
> xmit->tail = 4094 and we want to transfer 4 bytes. With the code
> before simplification this was no problem. We'd read buf[4094],
> buf[4095], buf[0], and buf[1]. With the new code we'll do a
> memcpy(&buf[4094], 4) which reads 2 bytes past the end of the buffer
> and then skips transmitting what's at buf[0] and buf[1].
>
> KASAN isn't 100% consistent at reporting this for me, but to be extra
> confident in the analysis, I added traces of the tail and tx_bytes and
> then wrote a test program:
>
> while true; do
> echo -n "abcdefghijklmnopqrstuvwxyz0" > /dev/ttyMSM0
> sleep .1
> done
>
> I watched the traces over SSH and saw:
> qcom_geni_serial_send_chunk_fifo: 4093 4
> qcom_geni_serial_send_chunk_fifo: 1 3
>
> Which indicated that one byte should be missing. Sure enough the
> output that should have been:
>
> abcdefghijklmnopqrstuvwxyz0
>
> In one case was actually missing a byte:
>
> abcdefghijklmnopqrstuvwyz0
>
> Running "ls -al" on large directories also made the missing bytes
> obvious since columns didn't line up.
>
> While the original code may not be the most elegant, we only talking
> about copying up to 4 bytes here. Let's just go back to the code that
> worked.
>
> Fixes: 5c7e105cd156 ("tty: serial: simplify qcom_geni_serial_send_chunk_fifo()")
> Signed-off-by: Douglas Anderson <dianders@...omium.org>
> ---
> If folks really want me to, I can adjust the patch to try to detect if
> the circular buffer is going to wrap and still use the memcpy(). Let
> me know.
I will remove the for loop anyway (this was sort of preparation), once I
switch serial to kfifo (soon). No need to think about this more. Just
revert and be done with it for now. kfifo takes care of all this
internally (and correctly).
thanks,
--
js
suse labs
Powered by blists - more mailing lists