lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAEEQ3wkOQUh03Ggpf=mBWzNt1_Qtcv53gNXm7JH5Nban3tOtvQ@mail.gmail.com>
Date: Thu, 3 Apr 2025 20:49:20 +0800
From: yunhui cui <cuiyunhui@...edance.com>
To: John Ogness <john.ogness@...utronix.de>
Cc: gregkh@...uxfoundation.org, jirislaby@...nel.org, pmladek@...e.com, 
	arnd@...db.de, andriy.shevchenko@...ux.intel.com, namcao@...utronix.de, 
	benjamin.larsson@...exis.eu, schnelle@...ux.ibm.com, 
	linux-kernel@...r.kernel.org, linux-serial@...r.kernel.org
Subject: Re: [External] Re: [PATCH] serial: 8250: fix panic due to PSLVERR

Hi John,

On Thu, Apr 3, 2025 at 7:58 PM John Ogness <john.ogness@...utronix.de> wrote:
>
> On 2025-04-03, Yunhui Cui <cuiyunhui@...edance.com> wrote:
> > When the PSLVERR_RESP_EN parameter is set to 1, the device generates
> > an error response if an attempt is made to read an empty RBR (Receive
> > Buffer Register) while the FIFO is enabled.
> >
> > In serial8250_do_startup, calling serial_port_out(port, UART_LCR,
> > UART_LCR_WLEN8) triggers dw8250_check_lcr(), which invokes
> > dw8250_force_idle() and serial8250_clear_and_reinit_fifos(). The latter
> > function enables the FIFO via serial_out(p, UART_FCR, p->fcr).
> > Execution proceeds to the dont_test_tx_en label:
> > ...
> > serial_port_in(port, UART_RX);
> > This satisfies the PSLVERR trigger condition.
> >
> > Because another CPU(e.g., using printk) is accessing the UART (UART
> > is busy), the current CPU fails the check (value & ~UART_LCR_SPAR) ==
> > (lcr & ~UART_LCR_SPAR), causing it to enter dw8250_force_idle().
>
> Didn't this[0] patch resolve this exact issue?
>
> John Ogness
>
> [0] https://lore.kernel.org/lkml/20220713131722.2316829-1-vamshigajjela@google.com

No, these are two separate issues. This[0] patch is necessary, as
expressed in this comment:

/*
* With PSLVERR_RESP_EN parameter set to 1, the device generates an
* error response when an attempt to read an empty RBR with FIFO
* enabled.
*/

The current patch addresses the following scenario:

cpuA is accessing the UART via printk(), causing the UART to be busy.
cpuB follows the CallTrace path:
-serial8250_do_startup()
--serial_port_out(port, UART_LCR, UART_LCR_WLEN8);
---dw8250_serial_out32
----dw8250_check_lcr
-----dw8250_force_idle (triggered by UART busy)
------serial8250_clear_and_reinit_fifos
-------serial_out(p, UART_FCR, p->fcr); (enables FIFO here)
cpuB proceeds to the dont_test_tx_en label:
   ...
   serial_port_in(port, UART_RX); //FIFO is enabled, and the UART has
no data to read, causing the device to generate a PSLVERR error and
panic.

Our solution:
Relevant serial_port_out operations should be placed in a critical section.
Before reading UART_RX, check if data is available (e.g., by verifying
the UART_LSR DR bit is set).

Thanks,
Yunhui

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ