[Bug 223519] __BUS_ACCESSOR doesn't check return value of BUS_READ_IVAR

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223519

            Bug ID: 223519
           Summary: __BUS_ACCESSOR doesn't check return value of
                    BUS_READ_IVAR
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: christian.mauderer at embedded-brains.de

The functions generated by the __BUS_ACCESSOR macro in sys/sys/bus.h (see [1])
don't check the return value of the called BUS_READ_IVAR. That can lead to
hidden bugs where some drivers use random values.

For example the mmc_acquire function calls mmcbr_get_timing (see [2]) and uses
it's return value to set a correct VCC. In case of the at91_mci, the
corresponding at91_mci_read_ivar is missing the case for MMCBR_IVAR_TIMING and
returns an EINVAL without setting the result (see [3]). In that case, a random
value will be used to determine the correct VCC (which is potentially bad for
the SD card).

Of course in that case it's a bug in the implementation of the at91_mci which
should return a correct timing. But that bug is quite hard to find due to the
missing check for a correct return value in the __BUS_ACCESSOR.

[1] https://github.com/freebsd/freebsd/blob/33b01cd51/sys/sys/bus.h#L778
[2] https://github.com/freebsd/freebsd/blob/33b01cd51/sys/dev/mmc/mmc.c#L349
[3]
https://github.com/freebsd/freebsd/blob/33b01cd51/sys/arm/at91/at91_mci.c#L1260

-- 
You are receiving this mail because:
You are the assignee for the bug.