Date: Wed, 08 Nov 2017 10:22:46 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 223519] __BUS_ACCESSOR doesn't check return value of BUS_READ_IVAR Message-ID: <bug-223519-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D223519 Bug ID: 223519 Summary: __BUS_ACCESSOR doesn't check return value of BUS_READ_IVAR Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: christian.mauderer@embedded-brains.de The functions generated by the __BUS_ACCESSOR macro in sys/sys/bus.h (see [= 1]) don't check the return value of the called BUS_READ_IVAR. That can lead to hidden bugs where some drivers use random values. For example the mmc_acquire function calls mmcbr_get_timing (see [2]) and u= ses it's return value to set a correct VCC. In case of the at91_mci, the corresponding at91_mci_read_ivar is missing the case for MMCBR_IVAR_TIMING = and returns an EINVAL without setting the result (see [3]). In that case, a ran= dom value will be used to determine the correct VCC (which is potentially bad f= or the SD card). Of course in that case it's a bug in the implementation of the at91_mci whi= ch should return a correct timing. But that bug is quite hard to find due to t= he missing check for a correct return value in the __BUS_ACCESSOR. [1] https://github.com/freebsd/freebsd/blob/33b01cd51/sys/sys/bus.h#L778 [2] https://github.com/freebsd/freebsd/blob/33b01cd51/sys/dev/mmc/mmc.c#L349 [3] https://github.com/freebsd/freebsd/blob/33b01cd51/sys/arm/at91/at91_mci.c#L= 1260 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-223519-8>