Received: by 2002:a05:6a10:a841:0:0:0:0 with SMTP id d1csp171798pxy;
        Wed, 28 Apr 2021 01:44:58 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwVTrgUX90qsYYRhU41MZDvCdSX9DntMvnaPWHWjQEFA0v4USpKmcaFOJHFTjw1i13Fvje5
X-Received: by 2002:a17:906:1957:: with SMTP id b23mr16871937eje.209.1619599498765;
        Wed, 28 Apr 2021 01:44:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1619599498; cv=none;
        d=google.com; s=arc-20160816;
        b=EKflRaC9/KDB+aIqhXGXipUBFRGRDZ1iKUvRsfST8O4OPrxfMmn+v+dDt+G8npoKFw
         /Y5cXKQOriAEzUqa3HWTkCE/YHfM2RgngCyq0UtEUMBZxLdyjZqXzLFoH6aR1avO/W9j
         aMbL2mC2Wy0o5xQ+BFpD6QXcnbA0RynqN8j7Mi5TTIVp4iiksUDv8K23phsRi6bnAfiT
         D/xELvy+CW3JEYx6k8kPOLsypd5z2Z6NGUbKCzB97ZUB7KlsfZl/XfoS7GU5bIF7Ycf4
         Pho8N4u97EKOgWTQyLgwZfEWruBwu1ARLeRHiMG/IIjlYoGS5/Nns4evHiD39b9fJ61o
         Qs9w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=TTYK/BF94Jcc6cusqe2OP8KC0aI9TswCDyEAION8ou0=;
        b=azsXhqlukKfwyDD5f8QSw6gLRPzib1b3afITjfQc5pZxqROM15KUKx642WnGzYBT+o
         cLRRj5daAWB+YBnTkejBy+sR36URe7fPxtBes8hfOtgw2BQPLNIQIMjnyN+Q423bPwH+
         vEFtdAsj2Knm0OtaJpJ+CE7CzAfxJR095N0qobJFP09EJI1dVyXwCub1NW2L0QUhY2ba
         aZK33VXrHOq3WvHHPPK1r6Hw72zZfZU6YTYoP27DqTS7+z8BFsBzk0+hyzomNKpfjC5C
         qNe99BG2f6wafXKQIdW7IFLCVcBJ4CIXHXnTMvjvnBkbQoX2kua5ECRXoGpFv8SmlcEa
         uUmQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass (test mode) header.i=@ideasonboard.com header.s=mail header.b=Avw5MMBC;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id l18si2402268ejc.143.2021.04.28.01.44.35;
        Wed, 28 Apr 2021 01:44:58 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass (test mode) header.i=@ideasonboard.com header.s=mail header.b=Avw5MMBC;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S237600AbhD1ImR (ORCPT <rfc822;liu.song.a23@gmail.com>
        + 99 others); Wed, 28 Apr 2021 04:42:17 -0400
Received: from perceval.ideasonboard.com ([213.167.242.64]:53486 "EHLO
        perceval.ideasonboard.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S237187AbhD1ImQ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 28 Apr 2021 04:42:16 -0400
Received: from pendragon.ideasonboard.com (62-78-145-57.bb.dnainternet.fi [62.78.145.57])
        by perceval.ideasonboard.com (Postfix) with ESMTPSA id 9BB682C1;
        Wed, 28 Apr 2021 10:41:30 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;
        s=mail; t=1619599290;
        bh=nMQ401X3D58dyBPo3Cj1kaOnKsrP0lK+nvAlcXEq6gI=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=Avw5MMBCpUwMQPkpf1k7xVC3F8tvCOe3IpUPfaITy9Gk7wuIOJ23AofozGYN29JK1
         rgDqNZ8Iz9pS6R7O5TXKvsh2fC6ou8SR++i/JsfzxV9W/SDnTYWWp/c4oB/WVtEse+
         NJ/iF/vMNShpsUp2tpo3pvFm+702RgZYw7+VC4O4=
Date:   Wed, 28 Apr 2021 11:41:25 +0300
From:   Laurent Pinchart <laurent.pinchart@ideasonboard.com>
To:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc:     Ulf Hansson <ulf.hansson@linaro.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Kangjie Lu <kjlu@umn.edu>
Subject: Re: [PATCH 088/190] Revert "mmc_spi: add a status check for
 spi_sync_locked"
Message-ID: <YIkftQ5YKGVudYk+@pendragon.ideasonboard.com>
References: <20210421130105.1226686-1-gregkh@linuxfoundation.org>
 <20210421130105.1226686-89-gregkh@linuxfoundation.org>
 <YIAmS4jc5W21epzh@pendragon.ideasonboard.com>
 <CAPDyKFr9EgTJAujJnQd4USuLZyYbedjZBwLZRh1Cxz+87CharA@mail.gmail.com>
 <YIkMK5XkUcyhauWH@kroah.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <YIkMK5XkUcyhauWH@kroah.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Greg,

On Wed, Apr 28, 2021 at 09:18:03AM +0200, Greg Kroah-Hartman wrote:
> On Thu, Apr 22, 2021 at 10:08:45AM +0200, Ulf Hansson wrote:
> > On Wed, 21 Apr 2021 at 15:19, Laurent Pinchart wrote:
> > > On Wed, Apr 21, 2021 at 02:59:23PM +0200, Greg Kroah-Hartman wrote:
> > > > This reverts commit 611025983b7976df0183390a63a2166411d177f1.
> > > >
> > > > Commits from @umn.edu addresses have been found to be submitted in "bad
> > > > faith" to try to test the kernel community's ability to review "known
> > > > malicious" changes.  The result of these submissions can be found in a
> > > > paper published at the 42nd IEEE Symposium on Security and Privacy
> > > > entitled, "Open Source Insecurity: Stealthily Introducing
> > > > Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> > > > of Minnesota) and Kangjie Lu (University of Minnesota).
> > > >
> > > > Because of this, all submissions from this group must be reverted from
> > > > the kernel tree and will need to be re-reviewed again to determine if
> > > > they actually are a valid fix.  Until that work is complete, remove this
> > > > change to ensure that no problems are being introduced into the
> > > > codebase.
> > > >
> > > > Cc: Kangjie Lu <kjlu@umn.edu>
> > > > Cc: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
> > > > Cc: Ulf Hansson <ulf.hansson@linaro.org>
> > > > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > >
> > > Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
> > >
> > > I don't spot an obvious issue with the original patch though.
> > >
> > > > ---
> > > >  drivers/mmc/host/mmc_spi.c | 4 ----
> > > >  1 file changed, 4 deletions(-)
> > > >
> > > > diff --git a/drivers/mmc/host/mmc_spi.c b/drivers/mmc/host/mmc_spi.c
> > > > index 02f4fd26e76a..cc40b050e302 100644
> > > > --- a/drivers/mmc/host/mmc_spi.c
> > > > +++ b/drivers/mmc/host/mmc_spi.c
> > > > @@ -800,10 +800,6 @@ mmc_spi_readblock(struct mmc_spi_host *host, struct spi_transfer *t,
> > > >       }
> > > >
> > > >       status = spi_sync_locked(spi, &host->m);
> > > > -     if (status < 0) {
> > > > -             dev_dbg(&spi->dev, "read error %d\n", status);
> > > > -             return status;
> > > > -     }
> > 
> > Returning here means we never give back the ownership of the buffer to
> > the CPU. Can that be considered as vulnerability?
> 
> It's a "resource leak", which is a bug.  If you want to declare that as
> a "vulnerability" or not, I do not know.  Personally I do not think it
> is...

How is that a resource leak ? The dma_sync_single_for_device() calls
above this block don't take the buffer ownership away from the CPU in a
way that leaks it.

> > If that is that a problem, I can point out that there is already one
> > more case in this file, where this pattern is repeated. See
> > mmc_spi_writeblock(). This code has been there since 2007.
> 
> Yeah, these error paths are impossible to hit anyway.
> 
> I'll go drop this patch as it is not correct and will create a "correct"
> patch for this as well.

-- 
Regards,

Laurent Pinchart