lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZqcQ3rjY6Wu4lU6t@google.com>
Date: Mon, 29 Jul 2024 03:47:42 +0000
From: Tzung-Bi Shih <tzungbi@...nel.org>
To: Patryk Duda <patrykd@...gle.com>
Cc: Guenter Roeck <groeck@...omium.org>, Benson Leung <bleung@...omium.org>,
	chrome-platform@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] platform/chrome: cros_ec_proto: Lock device when
 updating MKBP version

On Thu, Jul 25, 2024 at 05:57:13PM +0000, Patryk Duda wrote:
> The cros_ec_get_host_command_version_mask() function requires that the
> caller must have ec_dev->lock mutex before calling it. This requirement
> was not met and as a result it was possible that two commands were sent
> to the device at the same time.

To clarify:
- What would happen if multiple cros_ec_get_host_command_version_mask() calls
  at the same time?
- What are the callees?  I'm trying to understand the source of parallelism.

Also, the patch also needs an unlock at [1].

[1]: https://elixir.bootlin.com/linux/v6.10/source/drivers/platform/chrome/cros_ec_proto.c#L819

> The problem was observed while using UART backend which doesn't use any
> additional locks, unlike SPI backend which locks the controller until
> response is received.

Is it a general issue if multiple commands send to EC at a time?  If yes, it
should serialize that in the UART transportation.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ