lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <50522abe-57d0-47df-9917-e0cd6848650f@gmail.com>
Date: Fri, 26 Apr 2024 12:43:15 -0700
From: Doug Berger <opendmb@...il.com>
To: Florian Fainelli <florian.fainelli@...adcom.com>,
 "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>,
 Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>
Cc: bcm-kernel-feedback-list@...adcom.com, netdev@...r.kernel.org,
 linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH net v2 3/3] net: bcmgenet: synchronize UMAC_CMD access

On 4/26/2024 11:19 AM, Florian Fainelli wrote:
> On 4/25/24 15:27, Doug Berger wrote:
>> The UMAC_CMD register is written from different execution
>> contexts and has insufficient synchronization protections to
>> prevent possible corruption. Of particular concern are the
>> acceses from the phy_device delayed work context used by the
>> adjust_link call and the BH context that may be used by the
>> ndo_set_rx_mode call.
>>
>> A spinlock is added to the driver to protect contended register
>> accesses (i.e. reg_lock) and it is used to synchronize accesses
>> to UMAC_CMD.
>>
>> Fixes: 1c1008c793fa ("net: bcmgenet: add main driver file")
>> Cc: stable@...r.kernel.org
>> Signed-off-by: Doug Berger <opendmb@...il.com>
> 
> Acked-by: Florian Fainelli <florian.fainelli@...adcom.com>
> 
> As a bug fix this is totally fine. I believe there could be an 
> improvement made in 'net-next' whereby we introduce an 
> unimac_rmw_locked() or something that essentially does:
> 
> void unimac_rmw_locked(struct bcmgenet_priv *priv, u32 offset, u32 
> mask_clear, u32 mask_set)
> {
>      u32 reg;
>      spin_lock_bh(&priv->reg_lock);
>      reg = bcmgenet_umac_readl(priv, offset);
>      reg &= ~mask_clear;
>      reg |= mask_set;
>      bcmgenet_umac_writel(priv, reg, offset);
>      spin_unlock_bh(&priv->reg_lock);
> }
> 
> At least a couple of callers could benefit from it. Thanks!
The only issue I see is enforcing the 2us delay in reset_umac(). A 
scenario where a different context might attempt to modify UMAC_CMD 
during that window is admittedly contrived, but the approach of this 
commit provides better protection.

-Doug

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ