lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 01 Oct 2021 12:52:20 +0300
From:   Kalle Valo <kvalo@...eaurora.org>
To:     Jerome Pouiller <Jerome.Pouiller@...abs.com>
Cc:     linux-wireless@...r.kernel.org, netdev@...r.kernel.org,
        devel@...verdev.osuosl.org, linux-kernel@...r.kernel.org,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        "David S . Miller" <davem@...emloft.net>,
        devicetree@...r.kernel.org, Rob Herring <robh+dt@...nel.org>,
        linux-mmc@...r.kernel.org,
        Pali Rohár <pali@...nel.org>,
        Ulf Hansson <ulf.hansson@...aro.org>
Subject: Re: [PATCH v7 09/24] wfx: add hwio.c/hwio.h

Jerome Pouiller <Jerome.Pouiller@...abs.com> writes:

> From: Jérôme Pouiller <jerome.pouiller@...abs.com>
>
> Signed-off-by: Jérôme Pouiller <jerome.pouiller@...abs.com>
> ---
>  drivers/net/wireless/silabs/wfx/hwio.c | 340 +++++++++++++++++++++++++
>  drivers/net/wireless/silabs/wfx/hwio.h |  79 ++++++

[...]

> +static int indirect_read(struct wfx_dev *wdev, int reg, u32 addr,
> +			 void *buf, size_t len)
> +{
> +	int ret;
> +	int i;
> +	u32 cfg;
> +	u32 prefetch;
> +
> +	WARN_ON(len >= 0x2000);

A define for the magic value, please. I see this 0x2000 limit multiple
times.

> +	WARN_ON(reg != WFX_REG_AHB_DPORT && reg != WFX_REG_SRAM_DPORT);

I see quite a lot of WARN() and WARN_ON() in the driver. Do note that
WARN() and WARN_ON() are a bit dangerous to use in the data path as an
attacker, or even just a bug, might easily spam the kernel log which
might result to host reboots due to watchdog triggering or other
resource starvation. I recommend using some ratelimited versions of
printk() macros, for example dev_*() if they have ratelimits. Not a
blocker, but wanted to point out anyway.

> +int wfx_data_read(struct wfx_dev *wdev, void *buf, size_t len)
> +{
> +	int ret;
> +
> +	WARN((long)buf & 3, "%s: unaligned buffer", __func__);

IS_ALIGNED()?

> +	wdev->hwbus_ops->lock(wdev->hwbus_priv);
> +	ret = wdev->hwbus_ops->copy_from_io(wdev->hwbus_priv,
> +					    WFX_REG_IN_OUT_QUEUE, buf, len);
> +	_trace_io_read(WFX_REG_IN_OUT_QUEUE, buf, len);
> +	wdev->hwbus_ops->unlock(wdev->hwbus_priv);
> +	if (ret)
> +		dev_err(wdev->dev, "%s: bus communication error: %d\n",
> +			__func__, ret);
> +	return ret;
> +}
> +
> +int wfx_data_write(struct wfx_dev *wdev, const void *buf, size_t len)
> +{
> +	int ret;
> +
> +	WARN((long)buf & 3, "%s: unaligned buffer", __func__);

IS_ALIGNED()?

> --- /dev/null
> +++ b/drivers/net/wireless/silabs/wfx/hwio.h
> @@ -0,0 +1,79 @@
> +/* SPDX-License-Identifier: GPL-2.0-only */
> +/*
> + * Low-level I/O functions.
> + *
> + * Copyright (c) 2017-2020, Silicon Laboratories, Inc.
> + * Copyright (c) 2010, ST-Ericsson
> + */
> +#ifndef WFX_HWIO_H
> +#define WFX_HWIO_H
> +
> +#include <linux/types.h>
> +
> +struct wfx_dev;
> +
> +/* Caution: in the functions below, 'buf' will used with a DMA. So, it must be
> + * kmalloc'd (do not use stack allocated buffers). In doubt, enable
> + * CONFIG_DEBUG_SG to detect badly located buffer.
> + */
> +int wfx_data_read(struct wfx_dev *wdev, void *buf, size_t buf_len);
> +int wfx_data_write(struct wfx_dev *wdev, const void *buf, size_t buf_len);
> +
> +int sram_buf_read(struct wfx_dev *wdev, u32 addr, void *buf, size_t len);
> +int sram_buf_write(struct wfx_dev *wdev, u32 addr, const void *buf, size_t len);
> +
> +int ahb_buf_read(struct wfx_dev *wdev, u32 addr, void *buf, size_t len);
> +int ahb_buf_write(struct wfx_dev *wdev, u32 addr, const void *buf, size_t len);
> +
> +int sram_reg_read(struct wfx_dev *wdev, u32 addr, u32 *val);
> +int sram_reg_write(struct wfx_dev *wdev, u32 addr, u32 val);
> +
> +int ahb_reg_read(struct wfx_dev *wdev, u32 addr, u32 *val);
> +int ahb_reg_write(struct wfx_dev *wdev, u32 addr, u32 val);

"wfx_" prefix missing from these functions.

> +int config_reg_read(struct wfx_dev *wdev, u32 *val);
> +int config_reg_write(struct wfx_dev *wdev, u32 val);
> +int config_reg_write_bits(struct wfx_dev *wdev, u32 mask, u32 val);
> +
> +#define CTRL_NEXT_LEN_MASK   0x00000FFF
> +#define CTRL_WLAN_WAKEUP     0x00001000
> +#define CTRL_WLAN_READY      0x00002000
> +int control_reg_read(struct wfx_dev *wdev, u32 *val);
> +int control_reg_write(struct wfx_dev *wdev, u32 val);
> +int control_reg_write_bits(struct wfx_dev *wdev, u32 mask, u32 val);
> +
> +#define IGPR_RW          0x80000000
> +#define IGPR_INDEX       0x7F000000
> +#define IGPR_VALUE       0x00FFFFFF
> +int igpr_reg_read(struct wfx_dev *wdev, int index, u32 *val);
> +int igpr_reg_write(struct wfx_dev *wdev, int index, u32 val);

And these too.

-- 
https://patchwork.kernel.org/project/linux-wireless/list/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ