lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <d36485a2-7cce-44be-b70f-54b00d671861@denx.de>
Date: Tue, 2 Jul 2024 06:02:41 +0200
From: Marek Vasut <marex@...x.de>
To: Fabio Estevam <festevam@...il.com>,
 Rasmus Villemoes <linux@...musvillemoes.dk>,
 Christoph Niedermaier <cniedermaier@...electronics.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
 Jiri Slaby <jirislaby@...nel.org>, Shawn Guo <shawnguo@...nel.org>,
 Sascha Hauer <s.hauer@...gutronix.de>,
 Pengutronix Kernel Team <kernel@...gutronix.de>,
 Uwe Kleine-König <u.kleine-koenig@...gutronix.de>,
 linux-kernel@...r.kernel.org, linux-serial@...r.kernel.org,
 imx@...ts.linux.dev, linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH v2] serial: imx: ensure RTS signal is not left active
 after shutdown

On 6/25/24 10:39 PM, Fabio Estevam wrote:
> [Adding Christoph and Marek]
> 
> On Tue, Jun 25, 2024 at 3:42 PM Rasmus Villemoes
> <linux@...musvillemoes.dk> wrote:
>>
>> If a process is killed while writing to a /dev/ttymxc* device in RS485
>> mode, we observe that the RTS signal is left high, thus making it
>> impossible for other devices to transmit anything.
>>
>> Moreover, the ->tx_state variable is left in state SEND, which means
>> that when one next opens the device and configures baud rate etc., the
>> initialization code in imx_uart_set_termios dutifully ensures the RTS
>> pin is pulled down, but since ->tx_state is already SEND, the logic in
>> imx_uart_start_tx() does not in fact pull the pin high before
>> transmitting, so nothing actually gets on the wire on the other side
>> of the transceiver. Only when that transmission is allowed to complete
>> is the state machine then back in a consistent state.
>>
>> This is completely reproducible by doing something as simple as
>>
>>    seq 10000 > /dev/ttymxc0
>>
>> and hitting ctrl-C, and watching with a logic analyzer.
>>
>> Signed-off-by: Rasmus Villemoes <linux@...musvillemoes.dk>
>> ---
>> v2: Use dev_warn() instead of dev_WARN_ONCE().
>>
>> v1: https://lore.kernel.org/lkml/20240524121246.1896651-1-linux@rasmusvillemoes.dk/
>>
>> A screen dump from a logic analyzer can be seen at:
>>
>>    https://ibb.co/xCcP7Jy
>>
>> This is on an imx8mp board, with /dev/ttymxc0 and /dev/ttymxc2 both
>> configured for rs485 and connected to each other. I'm writing to
>> /dev/ttymxc2. This demonstrates both bugs; that RTS is left high when
>> a write is interrupted, and that a subsequent write actually fails to
>> have RTS high while TX'ing.
>>
>> I'm not sure what commit to name as a Fixes:. This certainly happens
>> on 6.6 and onwards, but I assume the problem exists since the tx_state
>> machine was introduced in cb1a60923609 (serial: imx: implement rts
>> delaying for rs485), and possibly even before that.

Wow, thank you for the detailed analysis of the issue.

Reviewed-by: Marek Vasut <marex@...x.de>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ