lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 14 Dec 2009 05:36:39 +0100
From:	Stefani Seibold <stefani@...bold.net>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	linux-kernel <linux-kernel@...r.kernel.org>,
	Arnd Bergmann <arnd@...db.de>,
	Andi Kleen <andi@...stfloor.org>,
	Amerigo Wang <xiyou.wangcong@...il.com>,
	Joe Perches <joe@...ches.com>,
	Roger Quadros <quadros.roger@...il.com>,
	Greg Kroah-Hartman <gregkh@...e.de>,
	Mauro Carvalho Chehab <mchehab@...hat.com>
Subject: Re: [PATCH] kfifo: fix warn_unused_result

Am Sonntag, den 13.12.2009, 14:29 -0800 schrieb Andrew Morton:
> On Fri, 11 Dec 2009 10:18:28 +0100 Stefani Seibold <stefani@...bold.net> wrote:
> 
> > As requested by Andrew Morton:
> > 
> > This patch fix the "ignoring return value of '...', declared with
> > attribute warn_unused_result" compiler warning in several users of the
> > new kfifo API.
> > 
> > The patch-set is against current mm tree from 11-Dec-2009
> > 
> > ...
> >
> > --- mmotm/drivers/char/nozomi.c	2009-12-11 08:31:46.670736197 +0100
> > +++ linux-2.6.32/drivers/char/nozomi.c	2009-12-11 09:25:46.941436203 +0100
> > @@ -685,8 +685,9 @@ static int nozomi_read_config_table(stru
> >  		dump_table(dc);
> >  
> >  		for (i = PORT_MDM; i < MAX_PORT; i++) {
> > -			kfifo_alloc(&dc->port[i].fifo_ul,
> > -				FIFO_BUFFER_SIZE_UL, GFP_ATOMIC);
> > +			if (kfifo_alloc(&dc->port[i].fifo_ul,
> > +				FIFO_BUFFER_SIZE_UL, GFP_ATOMIC))
> > +					BUG();
> 
> No, we can't do this.  GFP_ATOMIC allocations are unreliable and can
> fail.  The calling code *has* to detect the failure and then take some
> recovery action.
> 
> It would be better to leave the warning in place, rather than to add
> this runtime landmine.
> 

The problem is that the old code did not provide an error check. So i
don't think it is a land mine, because this drivers tries to allocate a
some kfifo inside an interrupt. But i think i am able to understand the
code and fix it.

> >  		input_sync(kp.dev);
> > -		kfifo_in_locked(&sonypi_device.input_fifo,
> > +		if (kfifo_in_locked(&sonypi_device.input_fifo,
> >  			(unsigned char *)&kp, sizeof(kp),
> > -			&sonypi_device.input_fifo_lock);
> > +			&sonypi_device.input_fifo_lock) != sizeof(kp))
> > +				BUG();
> 
> The rest of the patch seems to be adding BUG()s if kfifo_in() fails. 
> All over the place.
> 
> If that's the appropriate way to handle failure for these callsites
> then it would be neater to do this in the callee.  ie, add a new
> 
> unsigned int kfifo_in_nonpartial(struct kfifo *fifo,
>                         const unsigned char *from, unsigned int len)
> {
> 	unsigned int ret = kfifo_in(fifo, from, len);
> 
> 	BUG_ON(ret != len);
> 	return ret;
> }
> 

No, i don't like to idea to introduce a new API call, because i must
also introduce a 

kfifo_out_nonpartial()
kfifo_in_nonpartial_locked()
and
kfifo_out_nonpartial_locked()

I don't like this _locked functions, it is a design break and only
introduced for compatibility reasons.

This will also go way if i get the okay for the new kqueue API.

If it is okay, i will remove the __must_check from kfifo_in and
kfifo_in_locked. But the kfifo_out and kfifo_out_locked check must be
performed and if it fails, it is a real BUG.


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ