From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C39A6C433B4 for ; Wed, 28 Apr 2021 08:41:34 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 827666115B for ; Wed, 28 Apr 2021 08:41:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237657AbhD1ImR (ORCPT ); Wed, 28 Apr 2021 04:42:17 -0400 Received: from perceval.ideasonboard.com ([213.167.242.64]:53486 "EHLO perceval.ideasonboard.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237187AbhD1ImQ (ORCPT ); Wed, 28 Apr 2021 04:42:16 -0400 Received: from pendragon.ideasonboard.com (62-78-145-57.bb.dnainternet.fi [62.78.145.57]) by perceval.ideasonboard.com (Postfix) with ESMTPSA id 9BB682C1; Wed, 28 Apr 2021 10:41:30 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com; s=mail; t=1619599290; bh=nMQ401X3D58dyBPo3Cj1kaOnKsrP0lK+nvAlcXEq6gI=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Avw5MMBCpUwMQPkpf1k7xVC3F8tvCOe3IpUPfaITy9Gk7wuIOJ23AofozGYN29JK1 rgDqNZ8Iz9pS6R7O5TXKvsh2fC6ou8SR++i/JsfzxV9W/SDnTYWWp/c4oB/WVtEse+ NJ/iF/vMNShpsUp2tpo3pvFm+702RgZYw7+VC4O4= Date: Wed, 28 Apr 2021 11:41:25 +0300 From: Laurent Pinchart To: Greg Kroah-Hartman Cc: Ulf Hansson , Linux Kernel Mailing List , Kangjie Lu Subject: Re: [PATCH 088/190] Revert "mmc_spi: add a status check for spi_sync_locked" Message-ID: References: <20210421130105.1226686-1-gregkh@linuxfoundation.org> <20210421130105.1226686-89-gregkh@linuxfoundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Greg, On Wed, Apr 28, 2021 at 09:18:03AM +0200, Greg Kroah-Hartman wrote: > On Thu, Apr 22, 2021 at 10:08:45AM +0200, Ulf Hansson wrote: > > On Wed, 21 Apr 2021 at 15:19, Laurent Pinchart wrote: > > > On Wed, Apr 21, 2021 at 02:59:23PM +0200, Greg Kroah-Hartman wrote: > > > > This reverts commit 611025983b7976df0183390a63a2166411d177f1. > > > > > > > > Commits from @umn.edu addresses have been found to be submitted in "bad > > > > faith" to try to test the kernel community's ability to review "known > > > > malicious" changes. The result of these submissions can be found in a > > > > paper published at the 42nd IEEE Symposium on Security and Privacy > > > > entitled, "Open Source Insecurity: Stealthily Introducing > > > > Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University > > > > of Minnesota) and Kangjie Lu (University of Minnesota). > > > > > > > > Because of this, all submissions from this group must be reverted from > > > > the kernel tree and will need to be re-reviewed again to determine if > > > > they actually are a valid fix. Until that work is complete, remove this > > > > change to ensure that no problems are being introduced into the > > > > codebase. > > > > > > > > Cc: Kangjie Lu > > > > Cc: Laurent Pinchart > > > > Cc: Ulf Hansson > > > > Signed-off-by: Greg Kroah-Hartman > > > > > > Acked-by: Laurent Pinchart > > > > > > I don't spot an obvious issue with the original patch though. > > > > > > > --- > > > > drivers/mmc/host/mmc_spi.c | 4 ---- > > > > 1 file changed, 4 deletions(-) > > > > > > > > diff --git a/drivers/mmc/host/mmc_spi.c b/drivers/mmc/host/mmc_spi.c > > > > index 02f4fd26e76a..cc40b050e302 100644 > > > > --- a/drivers/mmc/host/mmc_spi.c > > > > +++ b/drivers/mmc/host/mmc_spi.c > > > > @@ -800,10 +800,6 @@ mmc_spi_readblock(struct mmc_spi_host *host, struct spi_transfer *t, > > > > } > > > > > > > > status = spi_sync_locked(spi, &host->m); > > > > - if (status < 0) { > > > > - dev_dbg(&spi->dev, "read error %d\n", status); > > > > - return status; > > > > - } > > > > Returning here means we never give back the ownership of the buffer to > > the CPU. Can that be considered as vulnerability? > > It's a "resource leak", which is a bug. If you want to declare that as > a "vulnerability" or not, I do not know. Personally I do not think it > is... How is that a resource leak ? The dma_sync_single_for_device() calls above this block don't take the buffer ownership away from the CPU in a way that leaks it. > > If that is that a problem, I can point out that there is already one > > more case in this file, where this pattern is repeated. See > > mmc_spi_writeblock(). This code has been there since 2007. > > Yeah, these error paths are impossible to hit anyway. > > I'll go drop this patch as it is not correct and will create a "correct" > patch for this as well. -- Regards, Laurent Pinchart