lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 5 Mar 2024 08:05:21 +0100
From: Jiri Slaby <jirislaby@...nel.org>
To: Douglas Anderson <dianders@...omium.org>,
 Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Stephen Boyd <swboyd@...omium.org>, Bjorn Andersson
 <andersson@...nel.org>, Konrad Dybcio <konrad.dybcio@...aro.org>,
 linux-arm-msm@...r.kernel.org, linux-kernel@...r.kernel.org,
 linux-serial@...r.kernel.org
Subject: Re: [PATCH] Revert "tty: serial: simplify
 qcom_geni_serial_send_chunk_fifo()"

On 05. 03. 24, 2:49, Douglas Anderson wrote:
> This reverts commit 5c7e105cd156fc9adf5294a83623d7a40c15f9b9.
> 
> As identified by KASAN, the simplification done by the cleanup patch
> was not legal.

Ugh, indeed. uart_xmit_advance() is nice but completely hid the detail 
you describe below.

My bad, so for now definitely:
Acked-by: Jiri Slaby <jirislaby@...nel.org>

>  From tracing through the code, it can be seen that we're transmitting
> from a 4096-byte circular buffer. We copy anywhere from 1-4 bytes from
> it each time. The simplification runs into trouble when we get near
> the end of the circular buffer. For instance, we might start out with
> xmit->tail = 4094 and we want to transfer 4 bytes. With the code
> before simplification this was no problem. We'd read buf[4094],
> buf[4095], buf[0], and buf[1]. With the new code we'll do a
> memcpy(&buf[4094], 4) which reads 2 bytes past the end of the buffer
> and then skips transmitting what's at buf[0] and buf[1].
> 
> KASAN isn't 100% consistent at reporting this for me, but to be extra
> confident in the analysis, I added traces of the tail and tx_bytes and
> then wrote a test program:
> 
>    while true; do
>      echo -n "abcdefghijklmnopqrstuvwxyz0" > /dev/ttyMSM0
>      sleep .1
>    done
> 
> I watched the traces over SSH and saw:
>    qcom_geni_serial_send_chunk_fifo: 4093 4
>    qcom_geni_serial_send_chunk_fifo: 1 3
> 
> Which indicated that one byte should be missing. Sure enough the
> output that should have been:
> 
>    abcdefghijklmnopqrstuvwxyz0
> 
> In one case was actually missing a byte:
> 
>    abcdefghijklmnopqrstuvwyz0
> 
> Running "ls -al" on large directories also made the missing bytes
> obvious since columns didn't line up.
> 
> While the original code may not be the most elegant, we only talking
> about copying up to 4 bytes here. Let's just go back to the code that
> worked.
> 
> Fixes: 5c7e105cd156 ("tty: serial: simplify qcom_geni_serial_send_chunk_fifo()")
> Signed-off-by: Douglas Anderson <dianders@...omium.org>
> ---
> If folks really want me to, I can adjust the patch to try to detect if
> the circular buffer is going to wrap and still use the memcpy(). Let
> me know.

I will remove the for loop anyway (this was sort of preparation), once I 
switch serial to kfifo (soon). No need to think about this more. Just 
revert and be done with it for now. kfifo takes care of all this 
internally (and correctly).

thanks,
-- 
js
suse labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ