lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 12 Sep 2020 21:25:30 -0500
From:   Bjorn Andersson <bjorn.andersson@...aro.org>
To:     Alex Elder <elder@...aro.org>
Cc:     davem@...emloft.net, kuba@...nel.org, evgreen@...omium.org,
        subashab@...eaurora.org, cpratapa@...eaurora.org,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH net-next v2 3/7] net: ipa: verify reference flag values

On Fri 11 Sep 19:45 CDT 2020, Alex Elder wrote:

> We take a single IPA clock reference to keep the clock running until
> we get a system suspend operation, and maintain a flag indicating
> whether that reference has been taken.  When a suspend request
> arrives, we drop that reference and clear the flag.
> 
> In most places we simply set or clear the extra-reference flag.
> Instead--primarily to catch coding errors--test the previous value
> of the flag and report an error in the event the previous value is
> unexpected.  And if the clock reference is already taken, don't take
> another.
> 
> In a couple of cases it's pretty clear atomic access is not
> necessary and an error should never be reported.  Report these
> anyway, conveying our surprise with an added exclamation point.
> 
> Signed-off-by: Alex Elder <elder@...aro.org>
> ---
> v2: Updated to operate on a bitmap bit rather than an atomic_t.
> 
>  drivers/net/ipa/ipa_main.c | 23 ++++++++++++++++-------
>  1 file changed, 16 insertions(+), 7 deletions(-)
> 
> diff --git a/drivers/net/ipa/ipa_main.c b/drivers/net/ipa/ipa_main.c
> index 409375b96eb8f..cfdf60ded86ca 100644
> --- a/drivers/net/ipa/ipa_main.c
> +++ b/drivers/net/ipa/ipa_main.c
> @@ -83,6 +83,7 @@ static void ipa_suspend_handler(struct ipa *ipa, enum ipa_irq_id irq_id)
>  	/* Take a a single clock reference to prevent suspend.  All
>  	 * endpoints will be resumed as a result.  This reference will
>  	 * be dropped when we get a power management suspend request.
> +	 * The first call activates the clock; ignore any others.
>  	 */
>  	if (!test_and_set_bit(IPA_FLAG_CLOCK_HELD, ipa->flags))
>  		ipa_clock_get(ipa);
> @@ -502,14 +503,17 @@ static void ipa_resource_deconfig(struct ipa *ipa)
>   */
>  static int ipa_config(struct ipa *ipa, const struct ipa_data *data)
>  {
> +	struct device *dev = &ipa->pdev->dev;
>  	int ret;
>  
>  	/* Get a clock reference to allow initialization.  This reference
>  	 * is held after initialization completes, and won't get dropped
>  	 * unless/until a system suspend request arrives.
>  	 */
> -	__set_bit(IPA_FLAG_CLOCK_HELD, ipa->flags);
> -	ipa_clock_get(ipa);
> +	if (!__test_and_set_bit(IPA_FLAG_CLOCK_HELD, ipa->flags))
> +		ipa_clock_get(ipa);
> +	else
> +		dev_err(dev, "suspend clock reference already taken!\n");
>  
>  	ipa_hardware_config(ipa);
>  
> @@ -544,7 +548,8 @@ static int ipa_config(struct ipa *ipa, const struct ipa_data *data)
>  err_hardware_deconfig:
>  	ipa_hardware_deconfig(ipa);
>  	ipa_clock_put(ipa);
> -	__clear_bit(IPA_FLAG_CLOCK_HELD, ipa->flags);
> +	if (!__test_and_clear_bit(IPA_FLAG_CLOCK_HELD, ipa->flags))
> +		dev_err(dev, "suspend clock reference already dropped!\n");
>  
>  	return ret;
>  }
> @@ -562,7 +567,8 @@ static void ipa_deconfig(struct ipa *ipa)
>  	ipa_endpoint_deconfig(ipa);
>  	ipa_hardware_deconfig(ipa);
>  	ipa_clock_put(ipa);
> -	__clear_bit(IPA_FLAG_CLOCK_HELD, ipa->flags);
> +	if (!test_and_clear_bit(IPA_FLAG_CLOCK_HELD, ipa->flags))

Doesn't this imply that we ran with the clocks disabled, which
presumably would have nasty side effects?

This seems like something that is worthy of more than just a simple
printout - which no one will actually read.  If you instead use a
WARN_ON() to highlight this at least some of the test environments out
there will pick it up and report it...

Regards,
Bjorn

> +		dev_err(&ipa->pdev->dev, "no suspend clock reference\n");
>  }
>  
>  static int ipa_firmware_load(struct device *dev)
> @@ -913,7 +919,8 @@ static int ipa_suspend(struct device *dev)
>  	struct ipa *ipa = dev_get_drvdata(dev);
>  
>  	ipa_clock_put(ipa);
> -	__clear_bit(IPA_FLAG_CLOCK_HELD, ipa->flags);
> +	if (!test_and_clear_bit(IPA_FLAG_CLOCK_HELD, ipa->flags))
> +		dev_err(dev, "suspend: missing suspend clock reference\n");
>  
>  	return 0;
>  }
> @@ -933,8 +940,10 @@ static int ipa_resume(struct device *dev)
>  	/* This clock reference will keep the IPA out of suspend
>  	 * until we get a power management suspend request.
>  	 */
> -	__set_bit(IPA_FLAG_CLOCK_HELD, ipa->flags);
> -	ipa_clock_get(ipa);
> +	if (!test_and_set_bit(IPA_FLAG_CLOCK_HELD, ipa->flags))
> +		ipa_clock_get(ipa);
> +	else
> +		dev_err(dev, "resume: duplicate suspend clock reference\n");
>  
>  	return 0;
>  }
> -- 
> 2.20.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ