From: Greg Kroah-Hartman Date: Thu, 27 Apr 2023 08:36:32 +0000 (+0200) Subject: 5.4-stable patches X-Git-Tag: v5.15.110~26 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8692662d543ed1030a7ab061845f7212d9e20aab;p=thirdparty%2Fkernel%2Fstable-queue.git 5.4-stable patches added patches: counter-104-quad-8-fix-race-condition-between-flag-and-cntr-reads.patch series --- diff --git a/queue-5.4/counter-104-quad-8-fix-race-condition-between-flag-and-cntr-reads.patch b/queue-5.4/counter-104-quad-8-fix-race-condition-between-flag-and-cntr-reads.patch new file mode 100644 index 00000000000..d96aeb64766 --- /dev/null +++ b/queue-5.4/counter-104-quad-8-fix-race-condition-between-flag-and-cntr-reads.patch @@ -0,0 +1,100 @@ +From 4aa3b75c74603c3374877d5fd18ad9cc3a9a62ed Mon Sep 17 00:00:00 2001 +From: William Breathitt Gray +Date: Sun, 12 Mar 2023 19:15:49 -0400 +Subject: counter: 104-quad-8: Fix race condition between FLAG and CNTR reads + +From: William Breathitt Gray + +commit 4aa3b75c74603c3374877d5fd18ad9cc3a9a62ed upstream. + +The Counter (CNTR) register is 24 bits wide, but we can have an +effective 25-bit count value by setting bit 24 to the XOR of the Borrow +flag and Carry flag. The flags can be read from the FLAG register, but a +race condition exists: the Borrow flag and Carry flag are instantaneous +and could change by the time the count value is read from the CNTR +register. + +Since the race condition could result in an incorrect 25-bit count +value, remove support for 25-bit count values from this driver; +hard-coded maximum count values are replaced by a LS7267_CNTR_MAX define +for consistency and clarity. + +Fixes: 28e5d3bb0325 ("iio: 104-quad-8: Add IIO support for the ACCES 104-QUAD-8") +Cc: # 6.1.x +Cc: # 6.2.x +Link: https://lore.kernel.org/r/20230312231554.134858-1-william.gray@linaro.org/ +Signed-off-by: William Breathitt Gray +Signed-off-by: Greg Kroah-Hartman +--- + drivers/counter/104-quad-8.c | 30 ++++-------------------------- + 1 file changed, 4 insertions(+), 26 deletions(-) + +--- a/drivers/counter/104-quad-8.c ++++ b/drivers/counter/104-quad-8.c +@@ -57,10 +57,6 @@ struct quad8_iio { + + #define QUAD8_REG_CHAN_OP 0x11 + #define QUAD8_REG_INDEX_INPUT_LEVELS 0x16 +-/* Borrow Toggle flip-flop */ +-#define QUAD8_FLAG_BT BIT(0) +-/* Carry Toggle flip-flop */ +-#define QUAD8_FLAG_CT BIT(1) + /* Error flag */ + #define QUAD8_FLAG_E BIT(4) + /* Up/Down flag */ +@@ -97,9 +93,6 @@ static int quad8_read_raw(struct iio_dev + { + struct quad8_iio *const priv = iio_priv(indio_dev); + const int base_offset = priv->base + 2 * chan->channel; +- unsigned int flags; +- unsigned int borrow; +- unsigned int carry; + int i; + + switch (mask) { +@@ -110,12 +103,7 @@ static int quad8_read_raw(struct iio_dev + return IIO_VAL_INT; + } + +- flags = inb(base_offset + 1); +- borrow = flags & QUAD8_FLAG_BT; +- carry = !!(flags & QUAD8_FLAG_CT); +- +- /* Borrow XOR Carry effectively doubles count range */ +- *val = (borrow ^ carry) << 24; ++ *val = 0; + + mutex_lock(&priv->lock); + +@@ -639,19 +627,9 @@ static int quad8_count_read(struct count + { + struct quad8_iio *const priv = counter->priv; + const int base_offset = priv->base + 2 * count->id; +- unsigned int flags; +- unsigned int borrow; +- unsigned int carry; +- unsigned long position; ++ unsigned long position = 0; + int i; + +- flags = inb(base_offset + 1); +- borrow = flags & QUAD8_FLAG_BT; +- carry = !!(flags & QUAD8_FLAG_CT); +- +- /* Borrow XOR Carry effectively doubles count range */ +- position = (unsigned long)(borrow ^ carry) << 24; +- + mutex_lock(&priv->lock); + + /* Reset Byte Pointer; transfer Counter to Output Latch */ +@@ -1204,8 +1182,8 @@ static ssize_t quad8_count_ceiling_read( + + mutex_unlock(&priv->lock); + +- /* By default 0x1FFFFFF (25 bits unsigned) is maximum count */ +- return sprintf(buf, "33554431\n"); ++ /* By default 0xFFFFFF (24 bits unsigned) is maximum count */ ++ return sprintf(buf, "16777215\n"); + } + + static ssize_t quad8_count_ceiling_write(struct counter_device *counter, diff --git a/queue-5.4/series b/queue-5.4/series new file mode 100644 index 00000000000..04bf2b2cc0f --- /dev/null +++ b/queue-5.4/series @@ -0,0 +1 @@ +counter-104-quad-8-fix-race-condition-between-flag-and-cntr-reads.patch