Received: by 2002:a05:6a10:a841:0:0:0:0 with SMTP id d1csp1454217pxy; Thu, 29 Apr 2021 07:27:27 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxID4VFeCdll7e/rB6Vup/Hk3OEko2sEVPDfft8y40vz0gvCqcaT3lJOUZ2Ahil+sbvIhrP X-Received: by 2002:a05:6402:34cd:: with SMTP id w13mr18555884edc.73.1619706447652; Thu, 29 Apr 2021 07:27:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619706447; cv=none; d=google.com; s=arc-20160816; b=kR7E17s5FbOeSKJFjKpIc9N3uHiDQVjZLGc5sQUBePlsgybSe8E7+nz4H2plp4OPZJ 6iyPDNkiDQW4A0cX1DEYDZ57KaFWROHaMfEIPikxjFarRt3fi1QXeanF+ZZ0MwpRjOG+ zg8T/dQIyg/G1LzaYRBqOs19530LszFOtyLXMxul3hVqZxHfOWOarYstPWalQZa7ew6Q 7E9ECGyEFxHsOegxdCFYVslrr0IGhHYKOac8dTVkK839vNdipPyN7ebH+fyJl3DtCYOb YpGulecX+0kXCTge9vl8o4EVy0f4M5IwSsETxVWOrIzzxNexttpQ1LscTKVE7SdJuqXh 5wgg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=3XzBlar26kyhwkAClGa5GLDRmNTlG655m4POmtWpqJA=; b=R4i8JtS/tVfvODPDx04fUUAKMOhsgZmvFWaTtS+VI/pSRTVzqXWmrb46faIE8xQ+DN ysrdsSFoQI3FHS3ucMsSJa1shmAWs3gQum6E+K8G1jj8RU6WHGYxtPl2QTNyYvv14j+9 mHXuFSFOActY+u2n/jw2T5RahdnhUUszTAdZYgbp2oBSVdxQ4NTJNZGcjOa1M99jKAKA DM2NI3RI7s6/p2lGaxmIUtYb7ROOPRcySlFaWpjGRzhgf5oMlIRDqnByG8HErC9s1HCB tKFl5tsunl0hFzsUE4joo2inorRlOaclWLUjXnDojd3c2/MAS0uHFvOPPNyWa7ktJ91X kZOQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=riIlnfVs; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id eb8si3137744edb.103.2021.04.29.07.27.02; Thu, 29 Apr 2021 07:27:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=riIlnfVs; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236096AbhD2O0a (ORCPT + 99 others); Thu, 29 Apr 2021 10:26:30 -0400 Received: from mail.kernel.org ([198.145.29.99]:51392 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233862AbhD2O0a (ORCPT ); Thu, 29 Apr 2021 10:26:30 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 3CCBB613E8; Thu, 29 Apr 2021 14:25:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1619706343; bh=4cbWoy8ggBX8z8BI11Tq/aWLqP6zEfvA4Ch/IOro90w=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=riIlnfVs0856IDwhP6yCwMh9Xo6+v2eK6qwLqfj4rp0X4KrZdFgXZSv7C5EJzRkCp bE0JZxBer+55N7mw6J0ZzT6RJL07DllKTE8x8lluUxGk4+D7Ix3gN20thJDQLvG6q7 ZeaUIaBVwkGIJjnB7UX7GJYKwcCkNQkYj0hBGWMA= Date: Thu, 29 Apr 2021 16:25:41 +0200 From: Greg Kroah-Hartman To: Laurent Pinchart Cc: Ulf Hansson , Linux Kernel Mailing List , Kangjie Lu Subject: Re: [PATCH 088/190] Revert "mmc_spi: add a status check for spi_sync_locked" Message-ID: References: <20210421130105.1226686-1-gregkh@linuxfoundation.org> <20210421130105.1226686-89-gregkh@linuxfoundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 28, 2021 at 11:41:25AM +0300, Laurent Pinchart wrote: > Hi Greg, > > On Wed, Apr 28, 2021 at 09:18:03AM +0200, Greg Kroah-Hartman wrote: > > On Thu, Apr 22, 2021 at 10:08:45AM +0200, Ulf Hansson wrote: > > > On Wed, 21 Apr 2021 at 15:19, Laurent Pinchart wrote: > > > > On Wed, Apr 21, 2021 at 02:59:23PM +0200, Greg Kroah-Hartman wrote: > > > > > This reverts commit 611025983b7976df0183390a63a2166411d177f1. > > > > > > > > > > Commits from @umn.edu addresses have been found to be submitted in "bad > > > > > faith" to try to test the kernel community's ability to review "known > > > > > malicious" changes. The result of these submissions can be found in a > > > > > paper published at the 42nd IEEE Symposium on Security and Privacy > > > > > entitled, "Open Source Insecurity: Stealthily Introducing > > > > > Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University > > > > > of Minnesota) and Kangjie Lu (University of Minnesota). > > > > > > > > > > Because of this, all submissions from this group must be reverted from > > > > > the kernel tree and will need to be re-reviewed again to determine if > > > > > they actually are a valid fix. Until that work is complete, remove this > > > > > change to ensure that no problems are being introduced into the > > > > > codebase. > > > > > > > > > > Cc: Kangjie Lu > > > > > Cc: Laurent Pinchart > > > > > Cc: Ulf Hansson > > > > > Signed-off-by: Greg Kroah-Hartman > > > > > > > > Acked-by: Laurent Pinchart > > > > > > > > I don't spot an obvious issue with the original patch though. > > > > > > > > > --- > > > > > drivers/mmc/host/mmc_spi.c | 4 ---- > > > > > 1 file changed, 4 deletions(-) > > > > > > > > > > diff --git a/drivers/mmc/host/mmc_spi.c b/drivers/mmc/host/mmc_spi.c > > > > > index 02f4fd26e76a..cc40b050e302 100644 > > > > > --- a/drivers/mmc/host/mmc_spi.c > > > > > +++ b/drivers/mmc/host/mmc_spi.c > > > > > @@ -800,10 +800,6 @@ mmc_spi_readblock(struct mmc_spi_host *host, struct spi_transfer *t, > > > > > } > > > > > > > > > > status = spi_sync_locked(spi, &host->m); > > > > > - if (status < 0) { > > > > > - dev_dbg(&spi->dev, "read error %d\n", status); > > > > > - return status; > > > > > - } > > > > > > Returning here means we never give back the ownership of the buffer to > > > the CPU. Can that be considered as vulnerability? > > > > It's a "resource leak", which is a bug. If you want to declare that as > > a "vulnerability" or not, I do not know. Personally I do not think it > > is... > > How is that a resource leak ? The dma_sync_single_for_device() calls > above this block don't take the buffer ownership away from the CPU in a > way that leaks it. Ick, this is really twisty. The calls to dma_sync_single_for_device() call down to dma_direct_sync_single_for_device() for when you can directly talk to the hardware, or to the platform sync_single_for_device() callback for arches that can not. Those are messy, but the worst they all seem to do is invalidate or flush some caches, no type of resource allocation that I could determine here. So I'll trust you, and drop the revert and mark this one as "good patch" :) Thanks again for the review, much appreciated. greg k-h