Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp2096139rdg; Sun, 15 Oct 2023 10:50:31 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHWK7QUNNRK7kz3+BdC+PcQW8uq6bMPj3iqRu85fJYaKlHRvZ/MU9DL/D2cX1TgcrMoEn2G X-Received: by 2002:a17:902:fac7:b0:1c9:dece:4c4c with SMTP id ld7-20020a170902fac700b001c9dece4c4cmr7195531plb.15.1697392231253; Sun, 15 Oct 2023 10:50:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697392231; cv=none; d=google.com; s=arc-20160816; b=H7xltN507aDEu1YGE7mj563t+/0wmIqmr+hJr0Ynakr5bYQp6zyFnCGqOW8vu45oaM F451ARiivX1qgd0TjqJUAs8KvD+Uqt4D46wqs0AAi7jm7LaqMo6RL7YdzXltkLXWy1q4 0lqkBl0UEGBUv/y26eyALSZSYCsMlVVtJq8qhdmp2nJrdqwnuxVlQ9SL4VnATDKn2Z2d kPqKaIBtcdYFneNZu78S0Fuc35qj3sk+EE25VMc7e8GqVlP5f3yL9YY/bIFcGDZaru1n nHyjOFJ8huEbqD1nqwKeai8LcvmR23ANG/wKXJE3CjLq3bJN7Xl9zrbKvBlbJq3Gh2sX TLFQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=YhI6/CEtA7dPuJC2WbvamIAcAZbCRPrEicy0biCB5oM=; fh=LqULad7mf5GZYgjozQB6FjNT/jw3U5VKAmS76j0rKIo=; b=ULS+jTyEzwrR+BlAO7gPR4vZZO/xWCoeK9tR/+MKpCBpoxkoU0c0s1UmOVS6KNedN3 GwZA3GCHsZS3axf/zEVm9aOTYIxS1cFUmYM7mH2Ja9gf7kwd674w14QQENuwR8ptBXfl /m8qF2koAw/zS72inCeAOe9r54avM+5FcCLkKH/tupdBDhUVDQXXBHiUM60NkDpq/jLp To5T1f+V64yoaQ+xJ1r3uWVeAoDvQb7Ei5DlpVk8R++4MIw0uuwMxtdPOoFu5ZJgDH3d CmlE2JF6qG6aLJdFc5h72wLZ38J2LNPmWTXy938EetkKBB/0w2hOsqDfvAWYSa+AmYJ/ onpg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=yF2QnBJb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id k16-20020a170902761000b001c736266dedsi8364621pll.189.2023.10.15.10.50.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 15 Oct 2023 10:50:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=yF2QnBJb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 576808058B6B; Sun, 15 Oct 2023 10:50:28 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230083AbjJORuD (ORCPT + 99 others); Sun, 15 Oct 2023 13:50:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40800 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229522AbjJORuC (ORCPT ); Sun, 15 Oct 2023 13:50:02 -0400 Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 22523AB for ; Sun, 15 Oct 2023 10:50:01 -0700 (PDT) Received: by mail-ed1-x52d.google.com with SMTP id 4fb4d7f45d1cf-534694a9f26so5465a12.1 for ; Sun, 15 Oct 2023 10:50:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1697392199; x=1697996999; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=YhI6/CEtA7dPuJC2WbvamIAcAZbCRPrEicy0biCB5oM=; b=yF2QnBJbFrpP1iRq/qALEwYezT77hXdRXPpmHRaAfADC17pW0W7k/k9lh3wZoIosLi eCUp6YmLgyBitR3u0uiEoDY54n3Rfgv+90FoKq+EpEgYazD+Xdh5Bntz3CTXDjxvjpLQ UQrB8FnTgu74TEbS0JVr60Cg3V79CUBo+pz2s6zCKpvzLd/qLYPu3J0JbvqHlQZGYwQU m1YWqILXCuRMavlSAMipjDDBiNh3PD/jt1Ok7b+nER5ZA8grow7iD1S3azq4O9hhliLm NALeekhhD10S4XbLv0xmMH1feQZkqUr0t3mCVxuU09jvThe+J1AbQPVys/xbN0wM4Kg5 iZlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697392199; x=1697996999; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YhI6/CEtA7dPuJC2WbvamIAcAZbCRPrEicy0biCB5oM=; b=ZkCnRCwJcNu/zR2bYaNKq7rMX2EKTVLCdh4GL/sVQgFQaBMVlTtdNx8k5Zpt2EmYR+ Bv+rPs9J7V9V+98QWLyfKihz3RSXmfNKkmOmGA6hDgHS2KaKPi8LrwMxIgtdHJRKlmNz 9+wVl8pzKH3URzFXDCZVjgvAgY1itJOXlViG1qunmJvtqZhPD0t+c+T1zYouMP5i0+yq IFxUNH3m41xdEdXSGsfyJYxxW1LLl5jr8cXFbOsvCaJRMm7/F3dzT+sZAJ+Bbs/Uw95a EzQFw4pWpoywS6lqTM89rzlvNZJDaLBmK9pLNQEfd9Y0OOHUca2sS/NDz4sO5yG/IkqA 6lBg== X-Gm-Message-State: AOJu0YxFGLDMnDwTm94JgYKIPwysw0cv0EawXu6FlyTcerVAhkUm6diP sqkzHA56TxfrUdyH5KKdZWJeVmppgu1if9GugkdvKA== X-Received: by 2002:a50:8a95:0:b0:538:5f9e:f0fc with SMTP id j21-20020a508a95000000b005385f9ef0fcmr147551edj.0.1697392199329; Sun, 15 Oct 2023 10:49:59 -0700 (PDT) MIME-Version: 1.0 References: <20231014181333.2579530-1-vamshigajjela@google.com> <20231014191355.7f44aac3537a8d260225fa0c@hugovil.com> In-Reply-To: <20231014191355.7f44aac3537a8d260225fa0c@hugovil.com> From: VAMSHI GAJJELA Date: Sun, 15 Oct 2023 23:19:47 +0530 Message-ID: Subject: Re: [PATCH v2 1/3] serial: core: Potential overflow of frame_time To: Hugo Villeneuve Cc: Greg Kroah-Hartman , Jiri Slaby , ilpo.jarvinen@linux.intel.com, linux-serial@vger.kernel.org, linux-kernel@vger.kernel.org, manugautam@google.com, Subhash Jadavani , Channa Kadabi Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-8.4 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Sun, 15 Oct 2023 10:50:28 -0700 (PDT) On Sun, Oct 15, 2023 at 4:44=E2=80=AFAM Hugo Villeneuve = wrote: > > On Sat, 14 Oct 2023 23:43:33 +0530 > Vamshi Gajjela wrote: > > > From: VAMSHI GAJJELA > > Hi, > your commit title doesn't really explain what this patch is doing. > > Please see: https://cbea.ms/git-commit/#imperative Thanks Hugo for the review, I will provide details in the following respons= e. > > > > uart_update_timeout() sets a u64 value to an unsigned int frame_time. > > While it can be cast to u32 before assignment, there's a specific case > > where frame_time is cast to u64. Since frame_time consistently > > participates in u64 arithmetic, its data type is converted to u64 to > > eliminate the need for explicit casting. > > Again, refering to your title commit message, I would expect that you > would describe precisely how a potential overflow can happen here, and > I am not seeing it. > > And based on your log message, it seems that your commit is simply some > kind of optimization, not a fix? In the function uart_update_timeout() within serial_core.c, a u64 value is assigned to an "unsigned int" variable frame_time. This raises concerns abo= ut potential overflow. While the code in the patch doesn't explicitly manifest the issue in the following line of uart_update_timeout() "port->frame_time =3D DIV64_U64_ROUND_UP(frame_time, baud);" lacks a u32 typecast for frame_time. In the function "uart_fifo_timeout" has the following line of code u64 fifo_timeout =3D (u64)READ_ONCE(port->frame_time) * port->fifosize; In the above line frame_time is typecast to u64 also, timeout values in the serial core associated with frame_time are used in the u64 arithmetic. To maintain consistency and readability, I've update= d the size of frame_time from "unsigned int" to "unsigned long". This ensures uniformity with typecasts elsewhere in the code, addressing potential issue= s and enhancing clarity. I hope this provides clarity. Would you find it helpful if I were to provid= e further details in the commit message? > > Hugo. > > > > > Signed-off-by: VAMSHI GAJJELA > > --- > > v2: > > - use DIV64_U64_ROUND_UP with frame_time > > > > drivers/tty/serial/8250/8250_port.c | 2 +- > > include/linux/serial_core.h | 4 ++-- > > 2 files changed, 3 insertions(+), 3 deletions(-) > > > > diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8= 250/8250_port.c > > index 141627370aab..d1bf794498c4 100644 > > --- a/drivers/tty/serial/8250/8250_port.c > > +++ b/drivers/tty/serial/8250/8250_port.c > > @@ -1510,7 +1510,7 @@ static inline void __stop_tx(struct uart_8250_por= t *p) > > * rather than after it is fully sent. > > * Roughly estimate 1 extra bit here with / 7. > > */ > > - stop_delay =3D p->port.frame_time + DIV_ROUND_UP(= p->port.frame_time, 7); > > + stop_delay =3D p->port.frame_time + DIV64_U64_ROU= ND_UP(p->port.frame_time, 7); > > } > > > > __stop_tx_rs485(p, stop_delay); > > diff --git a/include/linux/serial_core.h b/include/linux/serial_core.h > > index bb6f073bc159..b128513b009a 100644 > > --- a/include/linux/serial_core.h > > +++ b/include/linux/serial_core.h > > @@ -558,7 +558,7 @@ struct uart_port { > > > > bool hw_stopped; /* sw-assisted CT= S flow state */ > > unsigned int mctrl; /* current modem = ctrl settings */ > > - unsigned int frame_time; /* frame timing i= n ns */ > > + unsigned long frame_time; /* frame timing i= n ns */ > > unsigned int type; /* port type */ > > const struct uart_ops *ops; > > unsigned int custom_divisor; > > @@ -764,7 +764,7 @@ unsigned int uart_get_divisor(struct uart_port *por= t, unsigned int baud); > > */ > > static inline unsigned long uart_fifo_timeout(struct uart_port *port) > > { > > - u64 fifo_timeout =3D (u64)READ_ONCE(port->frame_time) * port->fif= osize; > > + u64 fifo_timeout =3D READ_ONCE(port->frame_time) * port->fifosize= ; > > > > /* Add .02 seconds of slop */ > > fifo_timeout +=3D 20 * NSEC_PER_MSEC; > > -- > > 2.42.0.655.g421f12c284-goog > >