lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ded74048-2d3f-115d-bc47-3be019859e33@huawei.com>
Date:   Thu, 24 Aug 2017 12:38:05 +0300
From:   Aviad Krawczyk <aviad.krawczyk@...wei.com>
To:     Dan Carpenter <dan.carpenter@...cle.com>,
        Colin Ian King <colin.king@...onical.com>
CC:     <netdev@...r.kernel.org>, <kernel-janitors@...r.kernel.org>,
        <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH][next] net: hinic: fix comparison of a uint16_t type with
 -1

On 8/24/2017 12:29 PM, Dan Carpenter wrote:
> On Thu, Aug 24, 2017 at 09:54:03AM +0100, Colin Ian King wrote:
>> On 24/08/17 09:48, Aviad Krawczyk wrote:
>>> On 8/23/2017 6:39 PM, Colin King wrote:
>>>> From: Colin Ian King <colin.king@...onical.com>
>>>>
>>>> The comparison of hw_ioctxt.rx_buf_sz_idx == -1 is always false because
>>>> rx_buf_sz_idx is a uint16_t. Fix this by explicitly casting -1 to uint16_t.
>>>>
>>>> Detected by CoverityScan, CID#1454559 ("Operands don't affect result")
>>>>
>>>> Signed-off-by: Colin Ian King <colin.king@...onical.com>
>>>> ---
>>>>  drivers/net/ethernet/huawei/hinic/hinic_hw_dev.c | 2 +-
>>>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>>>
>>>> diff --git a/drivers/net/ethernet/huawei/hinic/hinic_hw_dev.c b/drivers/net/ethernet/huawei/hinic/hinic_hw_dev.c
>>>> index 09dec6de8dd5..71e26070fb7f 100644
>>>> --- a/drivers/net/ethernet/huawei/hinic/hinic_hw_dev.c
>>>> +++ b/drivers/net/ethernet/huawei/hinic/hinic_hw_dev.c
>>>> @@ -352,7 +352,7 @@ static int set_hw_ioctxt(struct hinic_hwdev *hwdev, unsigned int rq_depth,
>>>>  		}
>>>>  	}
>>>>  
>>>> -	if (hw_ioctxt.rx_buf_sz_idx == -1)
>>>> +	if (hw_ioctxt.rx_buf_sz_idx == (uint16_t)-1)
>>>>  		return -EINVAL;
>>>>  
>>>>  	hw_ioctxt.sq_depth  = ilog2(sq_depth);
>>>>
>>>
>>> Many thanks, Colin.
>>> I prefer to avoid casting when possible, what do you think about replacing the condition by:
>>>
>>> if (rx_buf_sz_table[i].sz != HINIC_RX_BUF_SZ)
>>> 	return -EINVAL;
>>>
>>
>> Does that work as expected when rx_buf_sz_table[i].sz == -1?
> 
> No it doesn't.  Please, don't ask rhetorical questions.  I have a
> toddler and I constantly ask him toddler level questions and it drives
> me nuts that all the adults in the room will answer me...  "Yes, I
> already know that's a cow.  I was quizing my son.  But thank you!"
> Meanwhile I can't resist answering questions myself...
> 
> The code looks like this:
> 
> drivers/net/ethernet/huawei/hinic/hinic_hw_dev.c
>    345          hw_ioctxt.rq_depth  = ilog2(rq_depth);
>    346  
>    347          for (i = 0; ; i++) {
>    348                  if ((rx_buf_sz_table[i].sz == HINIC_RX_BUF_SZ) ||
>    349                      (rx_buf_sz_table[i].sz == -1)) {
>    350                          hw_ioctxt.rx_buf_sz_idx = rx_buf_sz_table[i].idx;
>    351                          break;
>    352                  }
>    353          }
>    354  
>    355          if (hw_ioctxt.rx_buf_sz_idx == -1)
>    356                  return -EINVAL;
>    357  
> 
> The loop doesn't make sense.  We are looping through rx_buf_sz_table[]
> until we hit 2048 or -1.  But 2048 comes first so we always get there
> and break.
> 
> We may as well replace all that code with:
> 
> 		hw_ioctxt.rx_buf_sz_idx = 11;
> 
> Something is very wrong.
> 
> regards,
> dan carpenter
> 
> 
> .
> 

Hi Dan,

What if HINIC_RX_BUF_SZ is changed to another value?
The test checks if the HINIC_RX_BUF_SZ is in the table, if not return -EINVAL.
Therefore I think the check of rx_buf_sz_table[i].sz != HINIC_RX_BUF_SZ is better.

Aviad

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ