Received: by 2002:a05:6a10:c604:0:0:0:0 with SMTP id y4csp3760754pxt; Tue, 10 Aug 2021 10:41:28 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyTSAyCte07DPAWDE0U3nTjVooEwkNbVcKMzbJn1hquvcmQpLapqhhCD08ydj/XtFYsOMH2 X-Received: by 2002:a17:906:19ce:: with SMTP id h14mr9269272ejd.164.1628617288300; Tue, 10 Aug 2021 10:41:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1628617288; cv=none; d=google.com; s=arc-20160816; b=Hx0oC24EE1HNjzcnfRfV6u9db7+StfOgGBDV+CGWuH/5yQRqU9/oAMm9C1VsKTYPu3 VFGxzJVw880f9np8n6nQduaHPoRn+h17+XsMn3TSRniovnoDKVPxMQMwJUuJifQZ8/3u koWWQwJbIYrEF++iLZsD5YjtpmYjDgH4mmz52FNJYCh1mCqCklLjMbDKRhXggLLdnBkF YWbxRN5DX++XsybeZr3Mv1jfe+NzGEx4i11h9zNVleBHzfrRWbcW3VXKyFCnBQPoVyk7 IRguhQvtWAdKi740hIOV8qbZ7fGbvbSngTmKiqmZ4GII2w42WWkC03aytAZ6gEmty1du Ti4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=oeYH1paa7I8LKbEnewDPprnP6OygjggxmVLfjahnr4Q=; b=MwZqJrTRUZMP2bCBj/UBKzFMzKe69ee0KBeogLdWQVFS3xc23yeOsRHVObSyOcVTOB azuWrKd6GMwLx+zzgIMZrB7Z8IUNZITQFF64CAWzNtf1dSsxuyoZz5OhqU3FQ5FWkCS9 53hOjyeHMkga6UF6L5nmkZQygOCpAYF2KkyM9+4kuJcxTOQFcgKxPUkDX7gowdVefGae klPRO86jY/84/Bh/7cfFos/JDDffLcNDjse8bT2pCGmNhbBsDm5UfNU9axlLMc6KpPQM jM8+Lg6LVF81vir62RaT6ntuCjsdDJ+ocR4kBOApMhFa6o8e2B4UwkdVkBdhmd3pYf5s slxg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=S9QZp01X; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ht14si3356581ejc.296.2021.08.10.10.41.04; Tue, 10 Aug 2021 10:41:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=S9QZp01X; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229872AbhHJRjN (ORCPT + 99 others); Tue, 10 Aug 2021 13:39:13 -0400 Received: from mail.kernel.org ([198.145.29.99]:44922 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231668AbhHJRgn (ORCPT ); Tue, 10 Aug 2021 13:36:43 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id EE53361076; Tue, 10 Aug 2021 17:35:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1628616946; bh=prdVo5C5xpgmIhCsw4z1hyytXnidIp/QgExpNrYuAus=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=S9QZp01XUhU04T81I1yljBIvP8/I9953oJVE/6XhOV6rQqFGhCqDcIGzZ1Ggz4s4n llLW7C8fjtYo/l6qtsNGiKHbvwm786EXWWAK8zwKnpmr8mRXMKcsFvu+Z3tfAZx8HB UVQsewfxqRX1YSqQLn3XEsW05oJVL+OiLwYfEv8E= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , "Maciej W. Rozycki" Subject: [PATCH 5.4 63/85] serial: 8250: Mask out floating 16/32-bit bus bits Date: Tue, 10 Aug 2021 19:30:36 +0200 Message-Id: <20210810172950.375889231@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210810172948.192298392@linuxfoundation.org> References: <20210810172948.192298392@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Maciej W. Rozycki commit e5227c51090e165db4b48dcaa300605bfced7014 upstream. Make sure only actual 8 bits of the IIR register are used in determining the port type in `autoconfig'. The `serial_in' port accessor returns the `unsigned int' type, meaning that with UPIO_AU, UPIO_MEM16, UPIO_MEM32, and UPIO_MEM32BE access types more than 8 bits of data are returned, of which the high order bits will often come from bus lines that are left floating in the data phase. For example with the MIPS Malta board's CBUS UART, where the registers are aligned on 8-byte boundaries and which uses 32-bit accesses, data as follows is returned: YAMON> dump -32 0xbf000900 0x40 BF000900: 1F000942 1F000942 1F000900 1F000900 ...B...B........ BF000910: 1F000901 1F000901 1F000900 1F000900 ................ BF000920: 1F000900 1F000900 1F000960 1F000960 ...........`...` BF000930: 1F000900 1F000900 1F0009FF 1F0009FF ................ YAMON> Evidently high-order 24 bits return values previously driven in the address phase (the 3 highest order address bits used with the command above are masked out in the simple virtual address mapping used here and come out at zeros on the external bus), a common scenario with bus lines left floating, due to bus capacitance. Consequently when the value of IIR, mapped at 0x1f000910, is retrieved in `autoconfig', it comes out at 0x1f0009c1 and when it is right-shifted by 6 and then assigned to 8-bit `scratch' variable, the value calculated is 0x27, not one of 0, 1, 2, 3 expected in port type determination. Fix the issue then, by assigning the value returned from `serial_in' to `scratch' first, which masks out 24 high-order bits retrieved, and only then right-shift the resulting 8-bit data quantity, producing the value of 3 in this case, as expected. Fix the same issue in `serial_dl_read'. The problem first appeared with Linux 2.6.9-rc3 which predates our repo history, but the origin could be identified with the old MIPS/Linux repo also at: as commit e0d2356c0777 ("Merge with Linux 2.6.9-rc3."), where code in `serial_in' was updated with this case: + case UPIO_MEM32: + return readl(up->port.membase + offset); + which made it produce results outside the unsigned 8-bit range for the first time, though obviously it is system dependent what actual values appear in the high order bits retrieved and it may well have been zeros in the relevant positions with the system the change originally was intended for. It is at that point that code in `autoconf' should have been updated accordingly, but clearly it was overlooked. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org # v2.6.12+ Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Maciej W. Rozycki Link: https://lore.kernel.org/r/alpine.DEB.2.21.2106260516220.37803@angie.orcam.me.uk Signed-off-by: Greg Kroah-Hartman --- drivers/tty/serial/8250/8250_port.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) --- a/drivers/tty/serial/8250/8250_port.c +++ b/drivers/tty/serial/8250/8250_port.c @@ -314,7 +314,11 @@ static const struct serial8250_config ua /* Uart divisor latch read */ static int default_serial_dl_read(struct uart_8250_port *up) { - return serial_in(up, UART_DLL) | serial_in(up, UART_DLM) << 8; + /* Assign these in pieces to truncate any bits above 7. */ + unsigned char dll = serial_in(up, UART_DLL); + unsigned char dlm = serial_in(up, UART_DLM); + + return dll | dlm << 8; } /* Uart divisor latch write */ @@ -1258,9 +1262,11 @@ static void autoconfig(struct uart_8250_ serial_out(up, UART_LCR, 0); serial_out(up, UART_FCR, UART_FCR_ENABLE_FIFO); - scratch = serial_in(up, UART_IIR) >> 6; - switch (scratch) { + /* Assign this as it is to truncate any bits above 7. */ + scratch = serial_in(up, UART_IIR); + + switch (scratch >> 6) { case 0: autoconfig_8250(up); break;