lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <8e4c2d5a-9f28-4946-b69d-63f5af3bc3da@roeck-us.net>
Date: Tue, 19 Mar 2024 07:07:04 -0700
From: Guenter Roeck <linux@...ck-us.net>
To: Harini T <harini.t@....com>, michal.simek@....com,
 srinivas.neeli@....com, shubhrajyoti.datta@....com
Cc: srinivas.goud@....com, wim@...ux-watchdog.org,
 linux-watchdog@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
 linux-kernel@...r.kernel.org, git@....com
Subject: Re: [PATCH] watchdog: xilinx_wwdt: Add check for timeout limit and
 set maximum value if exceeded

On 3/19/24 04:12, Harini T wrote:
> Current implementation fails to verify if the user input such as timeout
> or closed window percentage exceeds the maximum value that the hardware
> supports.
> 
> Maximum timeout is derived based on input clock frequency.
> If the user input timeout exceeds the maximum timeout supported, limit
> the timeout to maximum supported value.
> Limit the close and open window percent to hardware supported value.
> 
> Signed-off-by: Harini T <harini.t@....com>
> ---
>   drivers/watchdog/xilinx_wwdt.c | 30 +++++++++++++++++++++++++++++-
>   1 file changed, 29 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/watchdog/xilinx_wwdt.c b/drivers/watchdog/xilinx_wwdt.c
> index d271e2e8d6e2..86e2edc4f3c7 100644
> --- a/drivers/watchdog/xilinx_wwdt.c
> +++ b/drivers/watchdog/xilinx_wwdt.c
> @@ -36,6 +36,12 @@
>   
>   #define XWWDT_CLOSE_WINDOW_PERCENT	50
>   
> +/* Maximum count value of each 32 bit window */
> +#define XWWDT_MAX_COUNT_WINDOW		GENMASK(31, 0)
> +
> +/* Maximum count value of closed and open window combined*/
> +#define XWWDT_MAX_COUNT_WINDOW_COMBINED GENMASK_ULL(32, 1)
> +
>   static int wwdt_timeout;
>   static int closed_window_percent;
>   
> @@ -73,6 +79,24 @@ static int xilinx_wwdt_start(struct watchdog_device *wdd)
>   	/* Calculate timeout count */
>   	time_out = xdev->freq * wdd->timeout;
>   	closed_timeout = div_u64(time_out * xdev->close_percent, 100);
> +
> +	if (time_out > XWWDT_MAX_COUNT_WINDOW) {
> +		u64 min_close_timeout = time_out - XWWDT_MAX_COUNT_WINDOW;
> +		u64 max_close_timeout = XWWDT_MAX_COUNT_WINDOW;
> +
> +		if (closed_timeout > max_close_timeout) {
> +			dev_info(xilinx_wwdt_wdd->parent,
> +				 "Closed window cannot be set to %d%%. Using maximum supported value.\n",
> +				 xdev->close_percent);
> +			closed_timeout = max_close_timeout;
> +		} else if (closed_timeout < min_close_timeout) {
> +			dev_info(xilinx_wwdt_wdd->parent,
> +				 "Closed window cannot be set to %d%%. Using minimum supported value.\n",
> +				 xdev->close_percent);
> +			closed_timeout = min_close_timeout;
> +		}
> +	}
> +
>   	open_timeout = time_out - closed_timeout;
>   	wdd->min_hw_heartbeat_ms = xdev->close_percent * 10 * wdd->timeout;
>   
> @@ -132,6 +156,7 @@ static int xwwdt_probe(struct platform_device *pdev)
>   {
>   	struct watchdog_device *xilinx_wwdt_wdd;
>   	struct device *dev = &pdev->dev;
> +	unsigned int max_hw_heartbeat;
>   	struct xwwdt_device *xdev;
>   	struct clk *clk;
>   	int ret;
> @@ -157,9 +182,11 @@ static int xwwdt_probe(struct platform_device *pdev)
>   	if (!xdev->freq)
>   		return -EINVAL;
>   
> +	max_hw_heartbeat = div64_u64(XWWDT_MAX_COUNT_WINDOW_COMBINED, xdev->freq);
> +
>   	xilinx_wwdt_wdd->min_timeout = XWWDT_MIN_TIMEOUT;
>   	xilinx_wwdt_wdd->timeout = XWWDT_DEFAULT_TIMEOUT;
> -	xilinx_wwdt_wdd->max_hw_heartbeat_ms = 1000 * xilinx_wwdt_wdd->timeout;
> +	xilinx_wwdt_wdd->max_hw_heartbeat_ms = 1000 * max_hw_heartbeat;
>   
>   	if (closed_window_percent == 0 || closed_window_percent >= 100)
>   		xdev->close_percent = XWWDT_CLOSE_WINDOW_PERCENT;
> @@ -167,6 +194,7 @@ static int xwwdt_probe(struct platform_device *pdev)
>   		xdev->close_percent = closed_window_percent;
>   
>   	watchdog_init_timeout(xilinx_wwdt_wdd, wwdt_timeout, &pdev->dev);
> +	xilinx_wwdt_wdd->timeout = min_not_zero(xilinx_wwdt_wdd->timeout, max_hw_heartbeat);

I have not tried to understand the rest of the code, but this is just wrong.
The whole point of having max_hw_heartbeat_ms is to make the actual timeout
independent of the maximum hardware timeout.

As for the rest of the changes, max_hw_heartbeat_ms should be set to the
maximum hardware timeout. Similar, the minimum timeout should be set
to the minimum timeout possible. As such, the checks added above should
not be necessary. Something looks wrong, but I won't spend time trying to
understand this because, again, limiting the actual timeout to
max_hw_heartbeat is just wrong.

Guenter

>   	spin_lock_init(&xdev->spinlock);
>   	watchdog_set_drvdata(xilinx_wwdt_wdd, xdev);
>   	watchdog_set_nowayout(xilinx_wwdt_wdd, 1);


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ