* [PATCH] pinctrl: stm32: prevent the use of the secure protected pins
@ 2022-05-02 15:31 ` Fabien Dessenne
0 siblings, 0 replies; 5+ messages in thread
From: Fabien Dessenne @ 2022-05-02 15:31 UTC (permalink / raw)
To: Linus Walleij, Maxime Coquelin, Alexandre Torgue, linux-gpio,
linux-stm32, linux-arm-kernel, linux-kernel
Cc: Fabien Dessenne
The hardware denies any access from the Linux non-secure world to the
secure-protected pins. Hence, prevent any driver to request such a pin.
Mark the secure-protected GPIO lines as invalid (.init_valid_mask) and
prevent the pinmux request / pinconf setting operations.
Identify the secure pins with "NO ACCESS" in the pinconf sysfs.
Signed-off-by: Fabien Dessenne <fabien.dessenne@foss.st.com>
---
drivers/pinctrl/stm32/pinctrl-stm32.c | 64 ++++++++++++++++++++++
drivers/pinctrl/stm32/pinctrl-stm32.h | 1 +
drivers/pinctrl/stm32/pinctrl-stm32mp135.c | 1 +
3 files changed, 66 insertions(+)
diff --git a/drivers/pinctrl/stm32/pinctrl-stm32.c b/drivers/pinctrl/stm32/pinctrl-stm32.c
index b308e7bb7487..e81772255e43 100644
--- a/drivers/pinctrl/stm32/pinctrl-stm32.c
+++ b/drivers/pinctrl/stm32/pinctrl-stm32.c
@@ -43,6 +43,7 @@
#define STM32_GPIO_LCKR 0x1c
#define STM32_GPIO_AFRL 0x20
#define STM32_GPIO_AFRH 0x24
+#define STM32_GPIO_SECCFGR 0x30
/* custom bitfield to backup pin status */
#define STM32_GPIO_BKP_MODE_SHIFT 0
@@ -94,6 +95,7 @@ struct stm32_gpio_bank {
u32 bank_ioport_nr;
u32 pin_backup[STM32_GPIO_PINS_PER_BANK];
u8 irq_type[STM32_GPIO_PINS_PER_BANK];
+ bool secure_control;
};
struct stm32_pinctrl {
@@ -283,6 +285,33 @@ static int stm32_gpio_get_direction(struct gpio_chip *chip, unsigned int offset)
return ret;
}
+static int stm32_gpio_init_valid_mask(struct gpio_chip *chip,
+ unsigned long *valid_mask,
+ unsigned int ngpios)
+{
+ struct stm32_gpio_bank *bank = gpiochip_get_data(chip);
+ struct stm32_pinctrl *pctl = dev_get_drvdata(bank->gpio_chip.parent);
+ unsigned int i;
+ u32 sec;
+
+ /* All gpio are valid per default */
+ bitmap_fill(valid_mask, ngpios);
+
+ if (bank->secure_control) {
+ /* Tag secured pins as invalid */
+ sec = readl_relaxed(bank->base + STM32_GPIO_SECCFGR);
+
+ for (i = 0; i < ngpios; i++) {
+ if (sec & BIT(i)) {
+ clear_bit(i, valid_mask);
+ dev_dbg(pctl->dev, "No access to gpio %d - %d\n", bank->bank_nr, i);
+ }
+ }
+ }
+
+ return 0;
+}
+
static const struct gpio_chip stm32_gpio_template = {
.request = stm32_gpio_request,
.free = stm32_gpio_free,
@@ -293,6 +322,7 @@ static const struct gpio_chip stm32_gpio_template = {
.to_irq = stm32_gpio_to_irq,
.get_direction = stm32_gpio_get_direction,
.set_config = gpiochip_generic_config,
+ .init_valid_mask = stm32_gpio_init_valid_mask,
};
static void stm32_gpio_irq_trigger(struct irq_data *d)
@@ -837,12 +867,32 @@ static int stm32_pmx_gpio_set_direction(struct pinctrl_dev *pctldev,
return stm32_pmx_set_mode(bank, pin, !input, 0);
}
+static int stm32_pmx_request(struct pinctrl_dev *pctldev, unsigned int gpio)
+{
+ struct stm32_pinctrl *pctl = pinctrl_dev_get_drvdata(pctldev);
+ struct pinctrl_gpio_range *range;
+
+ range = pinctrl_find_gpio_range_from_pin_nolock(pctldev, gpio);
+ if (!range) {
+ dev_err(pctl->dev, "No gpio range defined.\n");
+ return -EINVAL;
+ }
+
+ if (!gpiochip_line_is_valid(range->gc, stm32_gpio_pin(gpio))) {
+ dev_warn(pctl->dev, "Can't access gpio %d\n", gpio);
+ return -EACCES;
+ }
+
+ return 0;
+}
+
static const struct pinmux_ops stm32_pmx_ops = {
.get_functions_count = stm32_pmx_get_funcs_cnt,
.get_function_name = stm32_pmx_get_func_name,
.get_function_groups = stm32_pmx_get_func_groups,
.set_mux = stm32_pmx_set_mux,
.gpio_set_direction = stm32_pmx_gpio_set_direction,
+ .request = stm32_pmx_request,
.strict = true,
};
@@ -1039,6 +1089,11 @@ static int stm32_pconf_parse_conf(struct pinctrl_dev *pctldev,
bank = gpiochip_get_data(range->gc);
offset = stm32_gpio_pin(pin);
+ if (!gpiochip_line_is_valid(range->gc, offset)) {
+ dev_warn(pctl->dev, "Can't access gpio %d\n", pin);
+ return -EACCES;
+ }
+
switch (param) {
case PIN_CONFIG_DRIVE_PUSH_PULL:
ret = stm32_pconf_set_driving(bank, offset, 0);
@@ -1141,6 +1196,11 @@ static void stm32_pconf_dbg_show(struct pinctrl_dev *pctldev,
bank = gpiochip_get_data(range->gc);
offset = stm32_gpio_pin(pin);
+ if (!gpiochip_line_is_valid(range->gc, offset)) {
+ seq_puts(s, "NO ACCESS");
+ return;
+ }
+
stm32_pmx_get_mode(bank, offset, &mode, &alt);
bias = stm32_pconf_get_bias(bank, offset);
@@ -1253,6 +1313,7 @@ static int stm32_gpiolib_register_bank(struct stm32_pinctrl *pctl,
bank->gpio_chip.parent = dev;
bank->bank_nr = bank_nr;
bank->bank_ioport_nr = bank_ioport_nr;
+ bank->secure_control = pctl->match_data->secure_control;
spin_lock_init(&bank->lock);
/* create irq hierarchical domain */
@@ -1567,6 +1628,9 @@ static int __maybe_unused stm32_pinctrl_restore_gpio_regs(
if (!range)
return 0;
+ if (!gpiochip_line_is_valid(range->gc, offset))
+ return 0;
+
pin_is_irq = gpiochip_line_is_irq(range->gc, offset);
if (!desc || (!pin_is_irq && !desc->gpio_owner))
diff --git a/drivers/pinctrl/stm32/pinctrl-stm32.h b/drivers/pinctrl/stm32/pinctrl-stm32.h
index b9584039cdf5..d078c3ac5815 100644
--- a/drivers/pinctrl/stm32/pinctrl-stm32.h
+++ b/drivers/pinctrl/stm32/pinctrl-stm32.h
@@ -58,6 +58,7 @@ struct stm32_desc_pin {
struct stm32_pinctrl_match_data {
const struct stm32_desc_pin *pins;
const unsigned int npins;
+ bool secure_control;
};
struct stm32_gpio_bank;
diff --git a/drivers/pinctrl/stm32/pinctrl-stm32mp135.c b/drivers/pinctrl/stm32/pinctrl-stm32mp135.c
index f98717fe23ed..fde1df191c24 100644
--- a/drivers/pinctrl/stm32/pinctrl-stm32mp135.c
+++ b/drivers/pinctrl/stm32/pinctrl-stm32mp135.c
@@ -1649,6 +1649,7 @@ static const struct stm32_desc_pin stm32mp135_pins[] = {
static struct stm32_pinctrl_match_data stm32mp135_match_data = {
.pins = stm32mp135_pins,
.npins = ARRAY_SIZE(stm32mp135_pins),
+ .secure_control = true,
};
static const struct of_device_id stm32mp135_pctrl_match[] = {
--
2.25.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH] pinctrl: stm32: prevent the use of the secure protected pins
@ 2022-05-02 15:31 ` Fabien Dessenne
0 siblings, 0 replies; 5+ messages in thread
From: Fabien Dessenne @ 2022-05-02 15:31 UTC (permalink / raw)
To: Linus Walleij, Maxime Coquelin, Alexandre Torgue, linux-gpio,
linux-stm32, linux-arm-kernel, linux-kernel
Cc: Fabien Dessenne
The hardware denies any access from the Linux non-secure world to the
secure-protected pins. Hence, prevent any driver to request such a pin.
Mark the secure-protected GPIO lines as invalid (.init_valid_mask) and
prevent the pinmux request / pinconf setting operations.
Identify the secure pins with "NO ACCESS" in the pinconf sysfs.
Signed-off-by: Fabien Dessenne <fabien.dessenne@foss.st.com>
---
drivers/pinctrl/stm32/pinctrl-stm32.c | 64 ++++++++++++++++++++++
drivers/pinctrl/stm32/pinctrl-stm32.h | 1 +
drivers/pinctrl/stm32/pinctrl-stm32mp135.c | 1 +
3 files changed, 66 insertions(+)
diff --git a/drivers/pinctrl/stm32/pinctrl-stm32.c b/drivers/pinctrl/stm32/pinctrl-stm32.c
index b308e7bb7487..e81772255e43 100644
--- a/drivers/pinctrl/stm32/pinctrl-stm32.c
+++ b/drivers/pinctrl/stm32/pinctrl-stm32.c
@@ -43,6 +43,7 @@
#define STM32_GPIO_LCKR 0x1c
#define STM32_GPIO_AFRL 0x20
#define STM32_GPIO_AFRH 0x24
+#define STM32_GPIO_SECCFGR 0x30
/* custom bitfield to backup pin status */
#define STM32_GPIO_BKP_MODE_SHIFT 0
@@ -94,6 +95,7 @@ struct stm32_gpio_bank {
u32 bank_ioport_nr;
u32 pin_backup[STM32_GPIO_PINS_PER_BANK];
u8 irq_type[STM32_GPIO_PINS_PER_BANK];
+ bool secure_control;
};
struct stm32_pinctrl {
@@ -283,6 +285,33 @@ static int stm32_gpio_get_direction(struct gpio_chip *chip, unsigned int offset)
return ret;
}
+static int stm32_gpio_init_valid_mask(struct gpio_chip *chip,
+ unsigned long *valid_mask,
+ unsigned int ngpios)
+{
+ struct stm32_gpio_bank *bank = gpiochip_get_data(chip);
+ struct stm32_pinctrl *pctl = dev_get_drvdata(bank->gpio_chip.parent);
+ unsigned int i;
+ u32 sec;
+
+ /* All gpio are valid per default */
+ bitmap_fill(valid_mask, ngpios);
+
+ if (bank->secure_control) {
+ /* Tag secured pins as invalid */
+ sec = readl_relaxed(bank->base + STM32_GPIO_SECCFGR);
+
+ for (i = 0; i < ngpios; i++) {
+ if (sec & BIT(i)) {
+ clear_bit(i, valid_mask);
+ dev_dbg(pctl->dev, "No access to gpio %d - %d\n", bank->bank_nr, i);
+ }
+ }
+ }
+
+ return 0;
+}
+
static const struct gpio_chip stm32_gpio_template = {
.request = stm32_gpio_request,
.free = stm32_gpio_free,
@@ -293,6 +322,7 @@ static const struct gpio_chip stm32_gpio_template = {
.to_irq = stm32_gpio_to_irq,
.get_direction = stm32_gpio_get_direction,
.set_config = gpiochip_generic_config,
+ .init_valid_mask = stm32_gpio_init_valid_mask,
};
static void stm32_gpio_irq_trigger(struct irq_data *d)
@@ -837,12 +867,32 @@ static int stm32_pmx_gpio_set_direction(struct pinctrl_dev *pctldev,
return stm32_pmx_set_mode(bank, pin, !input, 0);
}
+static int stm32_pmx_request(struct pinctrl_dev *pctldev, unsigned int gpio)
+{
+ struct stm32_pinctrl *pctl = pinctrl_dev_get_drvdata(pctldev);
+ struct pinctrl_gpio_range *range;
+
+ range = pinctrl_find_gpio_range_from_pin_nolock(pctldev, gpio);
+ if (!range) {
+ dev_err(pctl->dev, "No gpio range defined.\n");
+ return -EINVAL;
+ }
+
+ if (!gpiochip_line_is_valid(range->gc, stm32_gpio_pin(gpio))) {
+ dev_warn(pctl->dev, "Can't access gpio %d\n", gpio);
+ return -EACCES;
+ }
+
+ return 0;
+}
+
static const struct pinmux_ops stm32_pmx_ops = {
.get_functions_count = stm32_pmx_get_funcs_cnt,
.get_function_name = stm32_pmx_get_func_name,
.get_function_groups = stm32_pmx_get_func_groups,
.set_mux = stm32_pmx_set_mux,
.gpio_set_direction = stm32_pmx_gpio_set_direction,
+ .request = stm32_pmx_request,
.strict = true,
};
@@ -1039,6 +1089,11 @@ static int stm32_pconf_parse_conf(struct pinctrl_dev *pctldev,
bank = gpiochip_get_data(range->gc);
offset = stm32_gpio_pin(pin);
+ if (!gpiochip_line_is_valid(range->gc, offset)) {
+ dev_warn(pctl->dev, "Can't access gpio %d\n", pin);
+ return -EACCES;
+ }
+
switch (param) {
case PIN_CONFIG_DRIVE_PUSH_PULL:
ret = stm32_pconf_set_driving(bank, offset, 0);
@@ -1141,6 +1196,11 @@ static void stm32_pconf_dbg_show(struct pinctrl_dev *pctldev,
bank = gpiochip_get_data(range->gc);
offset = stm32_gpio_pin(pin);
+ if (!gpiochip_line_is_valid(range->gc, offset)) {
+ seq_puts(s, "NO ACCESS");
+ return;
+ }
+
stm32_pmx_get_mode(bank, offset, &mode, &alt);
bias = stm32_pconf_get_bias(bank, offset);
@@ -1253,6 +1313,7 @@ static int stm32_gpiolib_register_bank(struct stm32_pinctrl *pctl,
bank->gpio_chip.parent = dev;
bank->bank_nr = bank_nr;
bank->bank_ioport_nr = bank_ioport_nr;
+ bank->secure_control = pctl->match_data->secure_control;
spin_lock_init(&bank->lock);
/* create irq hierarchical domain */
@@ -1567,6 +1628,9 @@ static int __maybe_unused stm32_pinctrl_restore_gpio_regs(
if (!range)
return 0;
+ if (!gpiochip_line_is_valid(range->gc, offset))
+ return 0;
+
pin_is_irq = gpiochip_line_is_irq(range->gc, offset);
if (!desc || (!pin_is_irq && !desc->gpio_owner))
diff --git a/drivers/pinctrl/stm32/pinctrl-stm32.h b/drivers/pinctrl/stm32/pinctrl-stm32.h
index b9584039cdf5..d078c3ac5815 100644
--- a/drivers/pinctrl/stm32/pinctrl-stm32.h
+++ b/drivers/pinctrl/stm32/pinctrl-stm32.h
@@ -58,6 +58,7 @@ struct stm32_desc_pin {
struct stm32_pinctrl_match_data {
const struct stm32_desc_pin *pins;
const unsigned int npins;
+ bool secure_control;
};
struct stm32_gpio_bank;
diff --git a/drivers/pinctrl/stm32/pinctrl-stm32mp135.c b/drivers/pinctrl/stm32/pinctrl-stm32mp135.c
index f98717fe23ed..fde1df191c24 100644
--- a/drivers/pinctrl/stm32/pinctrl-stm32mp135.c
+++ b/drivers/pinctrl/stm32/pinctrl-stm32mp135.c
@@ -1649,6 +1649,7 @@ static const struct stm32_desc_pin stm32mp135_pins[] = {
static struct stm32_pinctrl_match_data stm32mp135_match_data = {
.pins = stm32mp135_pins,
.npins = ARRAY_SIZE(stm32mp135_pins),
+ .secure_control = true,
};
static const struct of_device_id stm32mp135_pctrl_match[] = {
--
2.25.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] pinctrl: stm32: prevent the use of the secure protected pins
2022-05-02 15:31 ` Fabien Dessenne
@ 2022-05-04 22:04 ` Linus Walleij
-1 siblings, 0 replies; 5+ messages in thread
From: Linus Walleij @ 2022-05-04 22:04 UTC (permalink / raw)
To: Fabien Dessenne
Cc: Maxime Coquelin, Alexandre Torgue, linux-gpio, linux-stm32,
linux-arm-kernel, linux-kernel
On Mon, May 2, 2022 at 5:31 PM Fabien Dessenne
<fabien.dessenne@foss.st.com> wrote:
> The hardware denies any access from the Linux non-secure world to the
> secure-protected pins. Hence, prevent any driver to request such a pin.
>
> Mark the secure-protected GPIO lines as invalid (.init_valid_mask) and
> prevent the pinmux request / pinconf setting operations.
> Identify the secure pins with "NO ACCESS" in the pinconf sysfs.
>
> Signed-off-by: Fabien Dessenne <fabien.dessenne@foss.st.com>
Patch applied!
Yours,
Linus Walleij
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] pinctrl: stm32: prevent the use of the secure protected pins
@ 2022-05-04 22:04 ` Linus Walleij
0 siblings, 0 replies; 5+ messages in thread
From: Linus Walleij @ 2022-05-04 22:04 UTC (permalink / raw)
To: Fabien Dessenne
Cc: Maxime Coquelin, Alexandre Torgue, linux-gpio, linux-stm32,
linux-arm-kernel, linux-kernel
On Mon, May 2, 2022 at 5:31 PM Fabien Dessenne
<fabien.dessenne@foss.st.com> wrote:
> The hardware denies any access from the Linux non-secure world to the
> secure-protected pins. Hence, prevent any driver to request such a pin.
>
> Mark the secure-protected GPIO lines as invalid (.init_valid_mask) and
> prevent the pinmux request / pinconf setting operations.
> Identify the secure pins with "NO ACCESS" in the pinconf sysfs.
>
> Signed-off-by: Fabien Dessenne <fabien.dessenne@foss.st.com>
Patch applied!
Yours,
Linus Walleij
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] pinctrl: stm32: prevent the use of the secure protected pins
@ 2022-05-03 19:27 kernel test robot
0 siblings, 0 replies; 5+ messages in thread
From: kernel test robot @ 2022-05-03 19:27 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 18112 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
In-Reply-To: <20220502153114.283618-1-fabien.dessenne@foss.st.com>
References: <20220502153114.283618-1-fabien.dessenne@foss.st.com>
TO: Fabien Dessenne <fabien.dessenne@foss.st.com>
TO: Linus Walleij <linus.walleij@linaro.org>
TO: Maxime Coquelin <mcoquelin.stm32@gmail.com>
TO: Alexandre Torgue <alexandre.torgue@foss.st.com>
TO: linux-gpio(a)vger.kernel.org
TO: linux-stm32(a)st-md-mailman.stormreply.com
TO: linux-arm-kernel(a)lists.infradead.org
TO: linux-kernel(a)vger.kernel.org
CC: Fabien Dessenne <fabien.dessenne@foss.st.com>
Hi Fabien,
I love your patch! Perhaps something to improve:
[auto build test WARNING on atorgue-stm32/stm32-next]
[also build test WARNING on linusw-pinctrl/devel v5.18-rc5 next-20220503]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/intel-lab-lkp/linux/commits/Fabien-Dessenne/pinctrl-stm32-prevent-the-use-of-the-secure-protected-pins/20220502-233443
base: https://git.kernel.org/pub/scm/linux/kernel/git/atorgue/stm32.git stm32-next
:::::: branch date: 28 hours ago
:::::: commit date: 28 hours ago
config: riscv-randconfig-c006-20220501 (https://download.01.org/0day-ci/archive/20220504/202205040335.lyMPmxR4-lkp(a)intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 363b3a645a1e30011cc8da624f13dac5fd915628)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install riscv cross compiling tool for clang build
# apt-get install binutils-riscv64-linux-gnu
# https://github.com/intel-lab-lkp/linux/commit/39534741c9e791ea613038c0cc5a8fbe475430bc
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Fabien-Dessenne/pinctrl-stm32-prevent-the-use-of-the-secure-protected-pins/20220502-233443
git checkout 39534741c9e791ea613038c0cc5a8fbe475430bc
# save the config file
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=riscv clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
fs/udf/misc.c:73:4: note: Call to function 'memmove' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memmove_s' in case of C11
memmove(&ad[size], ad, iinfo->i_lenAlloc);
^
include/linux/fortify-string.h:373:27: note: expanded from macro 'memmove'
#define memmove(p, q, s) __fortify_memcpy_chk(p, q, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk'
__underlying_##op(p, q, __fortify_size); \
^~~~~~~~~~~~~~~~~
note: expanded from here
include/linux/fortify-string.h:46:30: note: expanded from macro '__underlying_memmove'
#define __underlying_memmove __builtin_memmove
^~~~~~~~~~~~~~~~~
fs/udf/misc.c:107:5: warning: Call to function 'memmove' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memmove_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memmove(&ea[offset - aal + size],
^
include/linux/fortify-string.h:373:27: note: expanded from macro 'memmove'
#define memmove(p, q, s) __fortify_memcpy_chk(p, q, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk'
__underlying_##op(p, q, __fortify_size); \
^~~~~~~~~~~~~~~~~
note: expanded from here
include/linux/fortify-string.h:46:30: note: expanded from macro '__underlying_memmove'
#define __underlying_memmove __builtin_memmove
^~~~~~~~~~~~~~~~~
fs/udf/misc.c:107:5: note: Call to function 'memmove' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memmove_s' in case of C11
memmove(&ea[offset - aal + size],
^
include/linux/fortify-string.h:373:27: note: expanded from macro 'memmove'
#define memmove(p, q, s) __fortify_memcpy_chk(p, q, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk'
__underlying_##op(p, q, __fortify_size); \
^~~~~~~~~~~~~~~~~
note: expanded from here
include/linux/fortify-string.h:46:30: note: expanded from macro '__underlying_memmove'
#define __underlying_memmove __builtin_memmove
^~~~~~~~~~~~~~~~~
fs/udf/misc.c:117:5: warning: Call to function 'memmove' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memmove_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memmove(&ea[offset - ial + size],
^
include/linux/fortify-string.h:373:27: note: expanded from macro 'memmove'
#define memmove(p, q, s) __fortify_memcpy_chk(p, q, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk'
__underlying_##op(p, q, __fortify_size); \
^~~~~~~~~~~~~~~~~
note: expanded from here
include/linux/fortify-string.h:46:30: note: expanded from macro '__underlying_memmove'
#define __underlying_memmove __builtin_memmove
^~~~~~~~~~~~~~~~~
fs/udf/misc.c:117:5: note: Call to function 'memmove' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memmove_s' in case of C11
memmove(&ea[offset - ial + size],
^
include/linux/fortify-string.h:373:27: note: expanded from macro 'memmove'
#define memmove(p, q, s) __fortify_memcpy_chk(p, q, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk'
__underlying_##op(p, q, __fortify_size); \
^~~~~~~~~~~~~~~~~
note: expanded from here
include/linux/fortify-string.h:46:30: note: expanded from macro '__underlying_memmove'
#define __underlying_memmove __builtin_memmove
^~~~~~~~~~~~~~~~~
fs/udf/misc.c:128:5: warning: Call to function 'memmove' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memmove_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memmove(&ea[offset - aal + size],
^
include/linux/fortify-string.h:373:27: note: expanded from macro 'memmove'
#define memmove(p, q, s) __fortify_memcpy_chk(p, q, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk'
__underlying_##op(p, q, __fortify_size); \
^~~~~~~~~~~~~~~~~
note: expanded from here
include/linux/fortify-string.h:46:30: note: expanded from macro '__underlying_memmove'
#define __underlying_memmove __builtin_memmove
^~~~~~~~~~~~~~~~~
fs/udf/misc.c:128:5: note: Call to function 'memmove' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memmove_s' in case of C11
memmove(&ea[offset - aal + size],
^
include/linux/fortify-string.h:373:27: note: expanded from macro 'memmove'
#define memmove(p, q, s) __fortify_memcpy_chk(p, q, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk'
__underlying_##op(p, q, __fortify_size); \
^~~~~~~~~~~~~~~~~
note: expanded from here
include/linux/fortify-string.h:46:30: note: expanded from macro '__underlying_memmove'
#define __underlying_memmove __builtin_memmove
^~~~~~~~~~~~~~~~~
Suppressed 50 warnings (50 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
38 warnings generated.
Suppressed 38 warnings (38 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
39 warnings generated.
Suppressed 39 warnings (38 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
40 warnings generated.
>> drivers/pinctrl/stm32/pinctrl-stm32.c:304:24: warning: Value stored to 'pctl' during its initialization is never read [clang-analyzer-deadcode.DeadStores]
struct stm32_pinctrl *pctl = dev_get_drvdata(bank->gpio_chip.parent);
^~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/pinctrl/stm32/pinctrl-stm32.c:304:24: note: Value stored to 'pctl' during its initialization is never read
struct stm32_pinctrl *pctl = dev_get_drvdata(bank->gpio_chip.parent);
^~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/pinctrl/stm32/pinctrl-stm32.c:1419:21: warning: Passed-by-value struct argument contains uninitialized data (e.g., field: 'id_size') [clang-analyzer-core.CallAndMessage]
pctl->irqmux[i] = devm_regmap_field_alloc(dev, rm, mux);
^
drivers/pinctrl/stm32/pinctrl-stm32.c:1489:6: note: Assuming 'np' is non-null
if (!np)
^~~
drivers/pinctrl/stm32/pinctrl-stm32.c:1489:2: note: Taking false branch
if (!np)
^
drivers/pinctrl/stm32/pinctrl-stm32.c:1493:6: note: Assuming 'match' is non-null
if (!match || !match->data)
^~~~~~
drivers/pinctrl/stm32/pinctrl-stm32.c:1493:6: note: Left side of '||' is false
drivers/pinctrl/stm32/pinctrl-stm32.c:1493:16: note: Assuming field 'data' is non-null
if (!match || !match->data)
^~~~~~~~~~~~
drivers/pinctrl/stm32/pinctrl-stm32.c:1493:2: note: Taking false branch
if (!match || !match->data)
^
drivers/pinctrl/stm32/pinctrl-stm32.c:1496:6: note: Assuming the condition is false
if (!of_find_property(np, "pins-are-numbered", NULL)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/pinctrl/stm32/pinctrl-stm32.c:1496:2: note: Taking false branch
if (!of_find_property(np, "pins-are-numbered", NULL)) {
^
drivers/pinctrl/stm32/pinctrl-stm32.c:1502:6: note: Assuming 'pctl' is non-null
if (!pctl)
^~~~~
drivers/pinctrl/stm32/pinctrl-stm32.c:1502:2: note: Taking false branch
if (!pctl)
^
drivers/pinctrl/stm32/pinctrl-stm32.c:1509:2: note: Taking false branch
if (IS_ERR(pctl->domain))
^
drivers/pinctrl/stm32/pinctrl-stm32.c:1514:6: note: 'hwlock_id' is >= 0
if (hwlock_id < 0) {
^~~~~~~~~
drivers/pinctrl/stm32/pinctrl-stm32.c:1514:2: note: Taking false branch
if (hwlock_id < 0) {
^
drivers/pinctrl/stm32/pinctrl-stm32.c:1521:2: note: Loop condition is false. Exiting loop
spin_lock_init(&pctl->irqmux_lock);
^
include/linux/spinlock.h:329:35: note: expanded from macro 'spin_lock_init'
# define spin_lock_init(lock) \
^
drivers/pinctrl/stm32/pinctrl-stm32.c:1527:2: note: Taking false branch
if (!of_property_read_u32(np, "st,package", &pctl->pkg))
^
drivers/pinctrl/stm32/pinctrl-stm32.c:1532:6: note: Assuming field 'pins' is non-null
if (!pctl->pins)
^~~~~~~~~~~
drivers/pinctrl/stm32/pinctrl-stm32.c:1532:2: note: Taking false branch
if (!pctl->pins)
^
drivers/pinctrl/stm32/pinctrl-stm32.c:1536:6: note: 'ret' is 0
if (ret)
^~~
drivers/pinctrl/stm32/pinctrl-stm32.c:1536:2: note: Taking false branch
if (ret)
^
drivers/pinctrl/stm32/pinctrl-stm32.c:1540:6: note: Assuming 'ret' is 0
if (ret) {
^~~
drivers/pinctrl/stm32/pinctrl-stm32.c:1540:2: note: Taking false branch
if (ret) {
^
drivers/pinctrl/stm32/pinctrl-stm32.c:1545:6: note: Assuming field 'domain' is non-null
if (pctl->domain) {
^~~~~~~~~~~~
drivers/pinctrl/stm32/pinctrl-stm32.c:1545:2: note: Taking true branch
if (pctl->domain) {
^
drivers/pinctrl/stm32/pinctrl-stm32.c:1546:9: note: Calling 'stm32_pctrl_dt_setup_irq'
ret = stm32_pctrl_dt_setup_irq(pdev, pctl);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/pinctrl/stm32/pinctrl-stm32.c:1394:2: note: Taking false branch
if (IS_ERR(pctl->regmap))
^
drivers/pinctrl/stm32/pinctrl-stm32.c:1400:6: note: Assuming 'ret' is 0
if (ret)
^~~
drivers/pinctrl/stm32/pinctrl-stm32.c:1400:2: note: Taking false branch
if (ret)
^
drivers/pinctrl/stm32/pinctrl-stm32.c:1404:6: note: Assuming 'ret' is 0
if (ret)
^~~
drivers/pinctrl/stm32/pinctrl-stm32.c:1404:2: note: Taking false branch
if (ret)
^
drivers/pinctrl/stm32/pinctrl-stm32.c:1409:2: note: Loop condition is true. Entering loop body
for (i = 0; i < STM32_GPIO_PINS_PER_BANK; i++) {
^
drivers/pinctrl/stm32/pinctrl-stm32.c:1410:3: note: 'mux' initialized here
vim +/pctl +304 drivers/pinctrl/stm32/pinctrl-stm32.c
acaa037970f610 Alexandre TORGUE 2017-05-29 298
39534741c9e791 Fabien Dessenne 2022-05-02 299 static int stm32_gpio_init_valid_mask(struct gpio_chip *chip,
39534741c9e791 Fabien Dessenne 2022-05-02 300 unsigned long *valid_mask,
39534741c9e791 Fabien Dessenne 2022-05-02 301 unsigned int ngpios)
39534741c9e791 Fabien Dessenne 2022-05-02 302 {
39534741c9e791 Fabien Dessenne 2022-05-02 303 struct stm32_gpio_bank *bank = gpiochip_get_data(chip);
39534741c9e791 Fabien Dessenne 2022-05-02 @304 struct stm32_pinctrl *pctl = dev_get_drvdata(bank->gpio_chip.parent);
39534741c9e791 Fabien Dessenne 2022-05-02 305 unsigned int i;
39534741c9e791 Fabien Dessenne 2022-05-02 306 u32 sec;
39534741c9e791 Fabien Dessenne 2022-05-02 307
39534741c9e791 Fabien Dessenne 2022-05-02 308 /* All gpio are valid per default */
39534741c9e791 Fabien Dessenne 2022-05-02 309 bitmap_fill(valid_mask, ngpios);
39534741c9e791 Fabien Dessenne 2022-05-02 310
39534741c9e791 Fabien Dessenne 2022-05-02 311 if (bank->secure_control) {
39534741c9e791 Fabien Dessenne 2022-05-02 312 /* Tag secured pins as invalid */
39534741c9e791 Fabien Dessenne 2022-05-02 313 sec = readl_relaxed(bank->base + STM32_GPIO_SECCFGR);
39534741c9e791 Fabien Dessenne 2022-05-02 314
39534741c9e791 Fabien Dessenne 2022-05-02 315 for (i = 0; i < ngpios; i++) {
39534741c9e791 Fabien Dessenne 2022-05-02 316 if (sec & BIT(i)) {
39534741c9e791 Fabien Dessenne 2022-05-02 317 clear_bit(i, valid_mask);
39534741c9e791 Fabien Dessenne 2022-05-02 318 dev_dbg(pctl->dev, "No access to gpio %d - %d\n", bank->bank_nr, i);
39534741c9e791 Fabien Dessenne 2022-05-02 319 }
39534741c9e791 Fabien Dessenne 2022-05-02 320 }
39534741c9e791 Fabien Dessenne 2022-05-02 321 }
39534741c9e791 Fabien Dessenne 2022-05-02 322
39534741c9e791 Fabien Dessenne 2022-05-02 323 return 0;
39534741c9e791 Fabien Dessenne 2022-05-02 324 }
39534741c9e791 Fabien Dessenne 2022-05-02 325
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-05-04 22:05 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-02 15:31 [PATCH] pinctrl: stm32: prevent the use of the secure protected pins Fabien Dessenne
2022-05-02 15:31 ` Fabien Dessenne
2022-05-04 22:04 ` Linus Walleij
2022-05-04 22:04 ` Linus Walleij
2022-05-03 19:27 kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.