From nobody Thu Sep 19 01:19:27 2024 Received: from mail.hugovil.com (mail.hugovil.com [162.243.120.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4F69E156F4A; Tue, 23 Jul 2024 15:16:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=162.243.120.170 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721747768; cv=none; b=Bnm/NCwn7j9k9KyWDvXiODMw1tYlHl4bCkuZb9gD4j7XPg8E02EW5P+lHptlsLO9KKAhMisxuVPP+8ayxJqre4pd3FHmVFRbAcdy/Ei6aX2eYkyE8qTVKzSiMSnAcNjgAJM7uEFpHTBUR+yeZ2L+btiop5tLq5BRGU3axtaoyd0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721747768; c=relaxed/simple; bh=DglL+yKSA9KN976p/ubtMYhYXlblffIDIMvrc0TstjE=; h=From:To:Cc:Date:Message-Id:In-Reply-To:References:MIME-Version: Subject; b=Bo8vyDq3G0G00XnWyvIaJ8TA031zpqV3QOzYr5Eo289/fh6zAeBfcb/Hgb78JRnXpEjrJIuIWd/8/DYGTGGxTg1qMk8o829ihD956HEMK4JxWDzOEy6BWOf9Q7b5BcAWGxKKqKwUw5u79gW/XYdBVcUHaL+UHvAMQLHOPYp3PFE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hugovil.com; spf=pass smtp.mailfrom=hugovil.com; dkim=pass (1024-bit key) header.d=hugovil.com header.i=@hugovil.com header.b=Jc+59R4l; arc=none smtp.client-ip=162.243.120.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hugovil.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hugovil.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=hugovil.com header.i=@hugovil.com header.b="Jc+59R4l" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=hugovil.com ; s=x; h=Subject:Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Cc:To :From:subject:date:message-id:reply-to; bh=jEzEcA6LO6Ds17TgtrYBZmnbJOnPI9KzB4PLqF0+CEw=; b=Jc+59R4lMNOR/WzDqblbOTQbL6 6WcA7alXMXVDGxB6l59C4PKa8vR3e/fKgidtUSsSEDLV/6oCSh9c5MA9pWiu4/Ldtq1XfBjQ/Yi4v 0miFb2504zdR0//2t0ph5WgUd8sT3yxeDQjU1uqsU1246DZxHSjQcpSqyt5hIwzQ+jRU=; Received: from modemcable061.19-161-184.mc.videotron.ca ([184.161.19.61]:36238 helo=pettiford.lan) by mail.hugovil.com with esmtpa (Exim 4.92) (envelope-from ) id 1sWGwJ-0003Y2-EJ; Tue, 23 Jul 2024 10:56:31 -0400 From: Hugo Villeneuve To: gregkh@linuxfoundation.org, jirislaby@kernel.org, hvilleneuve@dimonoff.com, jringle@gridpoint.com Cc: linux-kernel@vger.kernel.org, linux-serial@vger.kernel.org, hugo@hugovil.com, stable@vger.kernel.org Date: Tue, 23 Jul 2024 08:53:01 -0400 Message-Id: <20240723125302.1305372-3-hugo@hugovil.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240723125302.1305372-1-hugo@hugovil.com> References: <20240723125302.1305372-1-hugo@hugovil.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-SA-Exim-Connect-IP: 184.161.19.61 X-SA-Exim-Mail-From: hugo@hugovil.com X-Spam-Level: X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP Subject: [PATCH 2/2] serial: sc16is7xx: fix invalid FIFO access with special register set X-SA-Exim-Version: 4.2.1 (built Wed, 08 May 2019 21:11:16 +0000) X-SA-Exim-Scanned: Yes (on mail.hugovil.com) Content-Type: text/plain; charset="utf-8" From: Hugo Villeneuve When enabling access to the special register set, Receiver time-out and RHR interrupts can happen. In this case, the IRQ handler will try to read from the FIFO thru the RHR register at address 0x00, but address 0x00 is mapped to DLL register, resulting in erroneous FIFO reading. Call graph example: sc16is7xx_startup(): entry sc16is7xx_ms_proc(): entry sc16is7xx_set_termios(): entry sc16is7xx_set_baud(): DLH/DLL =3D $009C --> access special register set sc16is7xx_port_irq() entry --> IIR is 0x0C sc16is7xx_handle_rx() entry sc16is7xx_fifo_read(): --> unable to access FIFO (RHR) because it is mapped to DLL (LCR=3DLCR_CONF_MODE_A) sc16is7xx_set_baud(): exit --> Restore access to general register set Fix the problem by claiming the efr_lock mutex when accessing the Special register set. Fixes: dfeae619d781 ("serial: sc16is7xx") Cc: Signed-off-by: Hugo Villeneuve --- drivers/tty/serial/sc16is7xx.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index 58696e05492c..b4c1798a1df2 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -592,6 +592,8 @@ static int sc16is7xx_set_baud(struct uart_port *port, i= nt baud) SC16IS7XX_MCR_CLKSEL_BIT, prescaler =3D=3D 1 ? 0 : SC16IS7XX_MCR_CLKSEL_BIT); =20 + mutex_lock(&one->efr_lock); + /* Backup LCR and access special register set (DLL/DLH) */ lcr =3D sc16is7xx_port_read(port, SC16IS7XX_LCR_REG); sc16is7xx_port_write(port, SC16IS7XX_LCR_REG, @@ -606,6 +608,8 @@ static int sc16is7xx_set_baud(struct uart_port *port, i= nt baud) /* Restore LCR and access to general register set */ sc16is7xx_port_write(port, SC16IS7XX_LCR_REG, lcr); =20 + mutex_unlock(&one->efr_lock); + return DIV_ROUND_CLOSEST((clk / prescaler) / 16, div); } =20 --=20 2.39.2