From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 24 Apr 2023 06:34:18 +0000 (+0200)
Subject: 4.14-stable patches
X-Git-Tag: v4.14.314~12
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8cea32e0dd3ca1d689440ec42864bb30208caf00;p=thirdparty%2Fkernel%2Fstable-queue.git

4.14-stable patches

added patches:
	counter-104-quad-8-fix-race-condition-between-flag-and-cntr-reads.patch
---

diff --git a/queue-4.14/counter-104-quad-8-fix-race-condition-between-flag-and-cntr-reads.patch b/queue-4.14/counter-104-quad-8-fix-race-condition-between-flag-and-cntr-reads.patch
new file mode 100644
index 00000000000..9e21c8a1e9d
--- /dev/null
+++ b/queue-4.14/counter-104-quad-8-fix-race-condition-between-flag-and-cntr-reads.patch
@@ -0,0 +1,57 @@
+From 4aa3b75c74603c3374877d5fd18ad9cc3a9a62ed Mon Sep 17 00:00:00 2001
+From: William Breathitt Gray <william.gray@linaro.org>
+Date: Sun, 12 Mar 2023 19:15:49 -0400
+Subject: counter: 104-quad-8: Fix race condition between FLAG and CNTR reads
+
+From: William Breathitt Gray <william.gray@linaro.org>
+
+commit 4aa3b75c74603c3374877d5fd18ad9cc3a9a62ed upstream.
+
+The Counter (CNTR) register is 24 bits wide, but we can have an
+effective 25-bit count value by setting bit 24 to the XOR of the Borrow
+flag and Carry flag. The flags can be read from the FLAG register, but a
+race condition exists: the Borrow flag and Carry flag are instantaneous
+and could change by the time the count value is read from the CNTR
+register.
+
+Since the race condition could result in an incorrect 25-bit count
+value, remove support for 25-bit count values from this driver;
+hard-coded maximum count values are replaced by a LS7267_CNTR_MAX define
+for consistency and clarity.
+
+Fixes: 28e5d3bb0325 ("iio: 104-quad-8: Add IIO support for the ACCES 104-QUAD-8")
+Cc: <stable@vger.kernel.org> # 6.1.x
+Cc: <stable@vger.kernel.org> # 6.2.x
+Link: https://lore.kernel.org/r/20230312231554.134858-1-william.gray@linaro.org/
+Signed-off-by: William Breathitt Gray <william.gray@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/iio/counter/104-quad-8.c |   10 +---------
+ 1 file changed, 1 insertion(+), 9 deletions(-)
+
+--- a/drivers/iio/counter/104-quad-8.c
++++ b/drivers/iio/counter/104-quad-8.c
+@@ -64,9 +64,6 @@ static int quad8_read_raw(struct iio_dev
+ {
+ 	struct quad8_iio *const priv = iio_priv(indio_dev);
+ 	const int base_offset = priv->base + 2 * chan->channel;
+-	unsigned int flags;
+-	unsigned int borrow;
+-	unsigned int carry;
+ 	int i;
+ 
+ 	switch (mask) {
+@@ -76,12 +73,7 @@ static int quad8_read_raw(struct iio_dev
+ 			return IIO_VAL_INT;
+ 		}
+ 
+-		flags = inb(base_offset + 1);
+-		borrow = flags & BIT(0);
+-		carry = !!(flags & BIT(1));
+-
+-		/* Borrow XOR Carry effectively doubles count range */
+-		*val = (borrow ^ carry) << 24;
++		*val = 0;
+ 
+ 		/* Reset Byte Pointer; transfer Counter to Output Latch */
+ 		outb(0x11, base_offset + 1);
diff --git a/queue-4.14/series b/queue-4.14/series
index aa2445a43d9..69369264195 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -23,3 +23,4 @@ tcp-udp-call-inet6_destroy_sock-in-ipv6-sk-sk_destruct.patch
 inet6-remove-inet6_destroy_sock-in-sk-sk_prot-destroy.patch
 dccp-call-inet6_destroy_sock-via-sk-sk_destruct.patch
 sctp-call-inet6_destroy_sock-via-sk-sk_destruct.patch
+counter-104-quad-8-fix-race-condition-between-flag-and-cntr-reads.patch