Re: [PATCH stable 5.10] serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO
From: Greg Kroah-Hartman
Date: Fri Mar 29 2024 - 05:39:39 EST
On Mon, Mar 18, 2024 at 11:14:13AM +0800, Gong Ruiqi wrote:
> Oops. + Cc stable@xxxxxxxxxxxxxxx
>
> On 2024/03/18 10:52, GONG, Ruiqi wrote:
> > From: Hugo Villeneuve <hvilleneuve@xxxxxxxxxxxx>
> >
> > commit dbf4ab821804df071c8b566d9813083125e6d97b upstream.
> >
> > The SC16IS7XX IC supports a burst mode to access the FIFOs where the
> > initial register address is sent ($00), followed by all the FIFO data
> > without having to resend the register address each time. In this mode, the
> > IC doesn't increment the register address for each R/W byte.
> >
> > The regmap_raw_read() and regmap_raw_write() are functions which can
> > perform IO over multiple registers. They are currently used to read/write
> > from/to the FIFO, and although they operate correctly in this burst mode on
> > the SPI bus, they would corrupt the regmap cache if it was not disabled
> > manually. The reason is that when the R/W size is more than 1 byte, these
> > functions assume that the register address is incremented and handle the
> > cache accordingly.
> >
> > Convert FIFO R/W functions to use the regmap _noinc_ versions in order to
> > remove the manual cache control which was a workaround when using the
> > _raw_ versions. FIFO registers are properly declared as volatile so
> > cache will not be used/updated for FIFO accesses.
> >
> > Fixes: dfeae619d781 ("serial: sc16is7xx")
> > Cc: <stable@xxxxxxxxxxxxxxx>
> > Signed-off-by: Hugo Villeneuve <hvilleneuve@xxxxxxxxxxxx>
> > Link: https://lore.kernel.org/r/20231211171353.2901416-6-hugo@xxxxxxxxxxx
> > Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
> > Cc: Hugo Villeneuve <hvilleneuve@xxxxxxxxxxxx>
> > Signed-off-by: GONG, Ruiqi <gongruiqi1@xxxxxxxxxx>
> > ---
> >
> > The mainline commit dbf4ab821804 ("serial: sc16is7xx: convert from _raw_
> > to _noinc_ regmap functions for FIFO") by Hugo has been assigned to be
> > CVE-2023-52488, but for stable branches lower than 6.1 there's no
> > official backport.
> >
> > I made up this backport patch for 5.10, and its correctness has been
> > confirmed in previous communication with Hugo. Let's publicize it and
> > merge it into upstream.
I can not take this only in 5.10, it needs to also go into 5.15.y first,
right?
Please resend a 5.15.y and this 5.10.y version when you have both of
them (the 5.10.y version wasn't sent to stable@k.o so it's hard to track
down), and we will be glad to take them both.
thanks,
greg k-h