lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <000501d4b3e4$83dd2290$8b9767b0$@211mainstreet.net>
Date:   Thu, 24 Jan 2019 07:58:32 -0500
From:   "Edwin Zimmerman" <edwin@...mainstreet.net>
To:     "'Kees Cook'" <keescook@...omium.org>,
        <linux-kernel@...r.kernel.org>
Cc:     "'Ard Biesheuvel'" <ard.biesheuvel@...aro.org>,
        "'Laura Abbott'" <labbott@...hat.com>,
        "'Alexander Popov'" <alex.popov@...ux.com>,
        <xen-devel@...ts.xenproject.org>,
        <dri-devel@...ts.freedesktop.org>,
        <intel-gfx@...ts.freedesktop.org>,
        <intel-wired-lan@...ts.osuosl.org>, <netdev@...r.kernel.org>,
        <linux-usb@...r.kernel.org>, <linux-fsdevel@...r.kernel.org>,
        <linux-mm@...ck.org>, <dev@...nvswitch.org>,
        <linux-kbuild@...r.kernel.org>,
        <linux-security-module@...r.kernel.org>,
        <kernel-hardening@...ts.openwall.com>
Subject: RE: [PATCH 1/3] treewide: Lift switch variables out of switches

On Wednesday, January 23, 2019 6:04 AM, Kees Cook wrote
> 
> Variables declared in a switch statement before any case statements
> cannot be initialized, so move all instances out of the switches.
> After this, future always-initialized stack variables will work
> and not throw warnings like this:
> 
> fs/fcntl.c: In function ‘send_sigio_to_task’:
> fs/fcntl.c:738:13: warning: statement will never be executed [-Wswitch-unreachable]
>    siginfo_t si;
>              ^~
> 
> Signed-off-by: Kees Cook <keescook@...omium.org>

Reviewed by: Edwin Zimmerman <edwin@...mainstreet.net>

> ---
>  arch/x86/xen/enlighten_pv.c                   |  7 ++++---
>  drivers/char/pcmcia/cm4000_cs.c               |  2 +-
>  drivers/char/ppdev.c                          | 20 ++++++++-----------
>  drivers/gpu/drm/drm_edid.c                    |  4 ++--
>  drivers/gpu/drm/i915/intel_display.c          |  2 +-
>  drivers/gpu/drm/i915/intel_pm.c               |  4 ++--
>  drivers/net/ethernet/intel/e1000/e1000_main.c |  3 ++-
>  drivers/tty/n_tty.c                           |  3 +--
>  drivers/usb/gadget/udc/net2280.c              |  5 ++---
>  fs/fcntl.c                                    |  3 ++-
>  mm/shmem.c                                    |  5 +++--
>  net/core/skbuff.c                             |  4 ++--
>  net/ipv6/ip6_gre.c                            |  4 ++--
>  net/ipv6/ip6_tunnel.c                         |  4 ++--
>  net/openvswitch/flow_netlink.c                |  7 +++----
>  security/tomoyo/common.c                      |  3 ++-
>  security/tomoyo/condition.c                   |  7 ++++---
>  security/tomoyo/util.c                        |  4 ++--
>  18 files changed, 45 insertions(+), 46 deletions(-)
> 
> diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c
> index c54a493e139a..a79d4b548a08 100644
> --- a/arch/x86/xen/enlighten_pv.c
> +++ b/arch/x86/xen/enlighten_pv.c
> @@ -907,14 +907,15 @@ static u64 xen_read_msr_safe(unsigned int msr, int *err)
>  static int xen_write_msr_safe(unsigned int msr, unsigned low, unsigned high)
>  {
>  	int ret;
> +#ifdef CONFIG_X86_64
> +	unsigned which;
> +	u64 base;
> +#endif
> 
>  	ret = 0;
> 
>  	switch (msr) {
>  #ifdef CONFIG_X86_64
> -		unsigned which;
> -		u64 base;
> -
>  	case MSR_FS_BASE:		which = SEGBASE_FS; goto set;
>  	case MSR_KERNEL_GS_BASE:	which = SEGBASE_GS_USER; goto set;
>  	case MSR_GS_BASE:		which = SEGBASE_GS_KERNEL; goto set;
> diff --git a/drivers/char/pcmcia/cm4000_cs.c b/drivers/char/pcmcia/cm4000_cs.c
> index 7a4eb86aedac..7211dc0e6f4f 100644
> --- a/drivers/char/pcmcia/cm4000_cs.c
> +++ b/drivers/char/pcmcia/cm4000_cs.c
> @@ -663,6 +663,7 @@ static void monitor_card(struct timer_list *t)
>  {
>  	struct cm4000_dev *dev = from_timer(dev, t, timer);
>  	unsigned int iobase = dev->p_dev->resource[0]->start;
> +	unsigned char flags0;
>  	unsigned short s;
>  	struct ptsreq ptsreq;
>  	int i, atrc;
> @@ -731,7 +732,6 @@ static void monitor_card(struct timer_list *t)
>  	}
> 
>  	switch (dev->mstate) {
> -		unsigned char flags0;
>  	case M_CARDOFF:
>  		DEBUGP(4, dev, "M_CARDOFF\n");
>  		flags0 = inb(REG_FLAGS0(iobase));
> diff --git a/drivers/char/ppdev.c b/drivers/char/ppdev.c
> index 1ae77b41050a..d77c97e4f996 100644
> --- a/drivers/char/ppdev.c
> +++ b/drivers/char/ppdev.c
> @@ -359,14 +359,19 @@ static int pp_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
>  	struct pp_struct *pp = file->private_data;
>  	struct parport *port;
>  	void __user *argp = (void __user *)arg;
> +	struct ieee1284_info *info;
> +	unsigned char reg;
> +	unsigned char mask;
> +	int mode;
> +	s32 time32[2];
> +	s64 time64[2];
> +	struct timespec64 ts;
> +	int ret;
> 
>  	/* First handle the cases that don't take arguments. */
>  	switch (cmd) {
>  	case PPCLAIM:
>  	    {
> -		struct ieee1284_info *info;
> -		int ret;
> -
>  		if (pp->flags & PP_CLAIMED) {
>  			dev_dbg(&pp->pdev->dev, "you've already got it!\n");
>  			return -EINVAL;
> @@ -517,15 +522,6 @@ static int pp_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
> 
>  	port = pp->pdev->port;
>  	switch (cmd) {
> -		struct ieee1284_info *info;
> -		unsigned char reg;
> -		unsigned char mask;
> -		int mode;
> -		s32 time32[2];
> -		s64 time64[2];
> -		struct timespec64 ts;
> -		int ret;
> -
>  	case PPRSTATUS:
>  		reg = parport_read_status(port);
>  		if (copy_to_user(argp, &reg, sizeof(reg)))
> diff --git a/drivers/gpu/drm/drm_edid.c b/drivers/gpu/drm/drm_edid.c
> index b506e3622b08..8f93956c1628 100644
> --- a/drivers/gpu/drm/drm_edid.c
> +++ b/drivers/gpu/drm/drm_edid.c
> @@ -3942,12 +3942,12 @@ static void drm_edid_to_eld(struct drm_connector *connector, struct edid *edid)
>  		}
> 
>  		for_each_cea_db(cea, i, start, end) {
> +			int sad_count;
> +
>  			db = &cea[i];
>  			dbl = cea_db_payload_len(db);
> 
>  			switch (cea_db_tag(db)) {
> -				int sad_count;
> -
>  			case AUDIO_BLOCK:
>  				/* Audio Data Block, contains SADs */
>  				sad_count = min(dbl / 3, 15 - total_sad_count);
> diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
> index 3da9c0f9e948..aa1c2ebea456 100644
> --- a/drivers/gpu/drm/i915/intel_display.c
> +++ b/drivers/gpu/drm/i915/intel_display.c
> @@ -11341,6 +11341,7 @@ static bool check_digital_port_conflicts(struct drm_atomic_state *state)
>  	drm_for_each_connector_iter(connector, &conn_iter) {
>  		struct drm_connector_state *connector_state;
>  		struct intel_encoder *encoder;
> +		unsigned int port_mask;
> 
>  		connector_state = drm_atomic_get_new_connector_state(state, connector);
>  		if (!connector_state)
> @@ -11354,7 +11355,6 @@ static bool check_digital_port_conflicts(struct drm_atomic_state *state)
>  		WARN_ON(!connector_state->crtc);
> 
>  		switch (encoder->type) {
> -			unsigned int port_mask;
>  		case INTEL_OUTPUT_DDI:
>  			if (WARN_ON(!HAS_DDI(to_i915(dev))))
>  				break;
> diff --git a/drivers/gpu/drm/i915/intel_pm.c b/drivers/gpu/drm/i915/intel_pm.c
> index a26b4eddda25..c135fdec96b3 100644
> --- a/drivers/gpu/drm/i915/intel_pm.c
> +++ b/drivers/gpu/drm/i915/intel_pm.c
> @@ -478,9 +478,9 @@ static void vlv_get_fifo_size(struct intel_crtc_state *crtc_state)
>  	struct vlv_fifo_state *fifo_state = &crtc_state->wm.vlv.fifo_state;
>  	enum pipe pipe = crtc->pipe;
>  	int sprite0_start, sprite1_start;
> +	uint32_t dsparb, dsparb2, dsparb3;
> 
>  	switch (pipe) {
> -		uint32_t dsparb, dsparb2, dsparb3;
>  	case PIPE_A:
>  		dsparb = I915_READ(DSPARB);
>  		dsparb2 = I915_READ(DSPARB2);
> @@ -1944,6 +1944,7 @@ static void vlv_atomic_update_fifo(struct intel_atomic_state *state,
>  	const struct vlv_fifo_state *fifo_state =
>  		&crtc_state->wm.vlv.fifo_state;
>  	int sprite0_start, sprite1_start, fifo_size;
> +	uint32_t dsparb, dsparb2, dsparb3;
> 
>  	if (!crtc_state->fifo_changed)
>  		return;
> @@ -1969,7 +1970,6 @@ static void vlv_atomic_update_fifo(struct intel_atomic_state *state,
>  	spin_lock(&dev_priv->uncore.lock);
> 
>  	switch (crtc->pipe) {
> -		uint32_t dsparb, dsparb2, dsparb3;
>  	case PIPE_A:
>  		dsparb = I915_READ_FW(DSPARB);
>  		dsparb2 = I915_READ_FW(DSPARB2);
> diff --git a/drivers/net/ethernet/intel/e1000/e1000_main.c b/drivers/net/ethernet/intel/e1000/e1000_main.c
> index 8fe9af0e2ab7..041062736845 100644
> --- a/drivers/net/ethernet/intel/e1000/e1000_main.c
> +++ b/drivers/net/ethernet/intel/e1000/e1000_main.c
> @@ -3140,8 +3140,9 @@ static netdev_tx_t e1000_xmit_frame(struct sk_buff *skb,
> 
>  		hdr_len = skb_transport_offset(skb) + tcp_hdrlen(skb);
>  		if (skb->data_len && hdr_len == len) {
> +			unsigned int pull_size;
> +
>  			switch (hw->mac_type) {
> -				unsigned int pull_size;
>  			case e1000_82544:
>  				/* Make sure we have room to chop off 4 bytes,
>  				 * and that the end alignment will work out to
> diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
> index 5dc9686697cf..eafb39157281 100644
> --- a/drivers/tty/n_tty.c
> +++ b/drivers/tty/n_tty.c
> @@ -634,6 +634,7 @@ static size_t __process_echoes(struct tty_struct *tty)
>  	while (MASK(ldata->echo_commit) != MASK(tail)) {
>  		c = echo_buf(ldata, tail);
>  		if (c == ECHO_OP_START) {
> +			unsigned int num_chars, num_bs;
>  			unsigned char op;
>  			int no_space_left = 0;
> 
> @@ -652,8 +653,6 @@ static size_t __process_echoes(struct tty_struct *tty)
>  			op = echo_buf(ldata, tail + 1);
> 
>  			switch (op) {
> -				unsigned int num_chars, num_bs;
> -
>  			case ECHO_OP_ERASE_TAB:
>  				if (MASK(ldata->echo_commit) == MASK(tail + 2))
>  					goto not_yet_stored;
> diff --git a/drivers/usb/gadget/udc/net2280.c b/drivers/usb/gadget/udc/net2280.c
> index e7dae5379e04..2b275a574e94 100644
> --- a/drivers/usb/gadget/udc/net2280.c
> +++ b/drivers/usb/gadget/udc/net2280.c
> @@ -2854,16 +2854,15 @@ static void ep_clear_seqnum(struct net2280_ep *ep)
>  static void handle_stat0_irqs_superspeed(struct net2280 *dev,
>  		struct net2280_ep *ep, struct usb_ctrlrequest r)
>  {
> +	struct net2280_ep *e;
>  	int tmp = 0;
> +	u16 status;
> 
>  #define	w_value		le16_to_cpu(r.wValue)
>  #define	w_index		le16_to_cpu(r.wIndex)
>  #define	w_length	le16_to_cpu(r.wLength)
> 
>  	switch (r.bRequest) {
> -		struct net2280_ep *e;
> -		u16 status;
> -
>  	case USB_REQ_SET_CONFIGURATION:
>  		dev->addressed_state = !w_value;
>  		goto usb3_delegate;
> diff --git a/fs/fcntl.c b/fs/fcntl.c
> index 083185174c6d..0640b64ecdc2 100644
> --- a/fs/fcntl.c
> +++ b/fs/fcntl.c
> @@ -725,6 +725,8 @@ static void send_sigio_to_task(struct task_struct *p,
>  			       struct fown_struct *fown,
>  			       int fd, int reason, enum pid_type type)
>  {
> +	kernel_siginfo_t si;
> +
>  	/*
>  	 * F_SETSIG can change ->signum lockless in parallel, make
>  	 * sure we read it once and use the same value throughout.
> @@ -735,7 +737,6 @@ static void send_sigio_to_task(struct task_struct *p,
>  		return;
> 
>  	switch (signum) {
> -		kernel_siginfo_t si;
>  		default:
>  			/* Queue a rt signal with the appropriate fd as its
>  			   value.  We use SI_SIGIO as the source, not
> diff --git a/mm/shmem.c b/mm/shmem.c
> index 6ece1e2fe76e..0b02624dd8b2 100644
> --- a/mm/shmem.c
> +++ b/mm/shmem.c
> @@ -1721,6 +1721,9 @@ static int shmem_getpage_gfp(struct inode *inode, pgoff_t index,
>  		swap_free(swap);
> 
>  	} else {
> +		loff_t i_size;
> +		pgoff_t off;
> +
>  		if (vma && userfaultfd_missing(vma)) {
>  			*fault_type = handle_userfault(vmf, VM_UFFD_MISSING);
>  			return 0;
> @@ -1734,8 +1737,6 @@ static int shmem_getpage_gfp(struct inode *inode, pgoff_t index,
>  		if (shmem_huge == SHMEM_HUGE_FORCE)
>  			goto alloc_huge;
>  		switch (sbinfo->huge) {
> -			loff_t i_size;
> -			pgoff_t off;
>  		case SHMEM_HUGE_NEVER:
>  			goto alloc_nohuge;
>  		case SHMEM_HUGE_WITHIN_SIZE:
> diff --git a/net/core/skbuff.c b/net/core/skbuff.c
> index 26d848484912..7597b3fc9d21 100644
> --- a/net/core/skbuff.c
> +++ b/net/core/skbuff.c
> @@ -4506,9 +4506,9 @@ static __sum16 *skb_checksum_setup_ip(struct sk_buff *skb,
>  				      typeof(IPPROTO_IP) proto,
>  				      unsigned int off)
>  {
> -	switch (proto) {
> -		int err;
> +	int err;
> 
> +	switch (proto) {
>  	case IPPROTO_TCP:
>  		err = skb_maybe_pull_tail(skb, off + sizeof(struct tcphdr),
>  					  off + MAX_TCP_HDR_LEN);
> diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
> index b1be67ca6768..9aee1add46c0 100644
> --- a/net/ipv6/ip6_gre.c
> +++ b/net/ipv6/ip6_gre.c
> @@ -427,9 +427,11 @@ static int ip6gre_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
>  		       u8 type, u8 code, int offset, __be32 info)
>  {
>  	struct net *net = dev_net(skb->dev);
> +	struct ipv6_tlv_tnl_enc_lim *tel;
>  	const struct ipv6hdr *ipv6h;
>  	struct tnl_ptk_info tpi;
>  	struct ip6_tnl *t;
> +	__u32 teli;
> 
>  	if (gre_parse_header(skb, &tpi, NULL, htons(ETH_P_IPV6),
>  			     offset) < 0)
> @@ -442,8 +444,6 @@ static int ip6gre_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
>  		return -ENOENT;
> 
>  	switch (type) {
> -		struct ipv6_tlv_tnl_enc_lim *tel;
> -		__u32 teli;
>  	case ICMPV6_DEST_UNREACH:
>  		net_dbg_ratelimited("%s: Path to destination invalid or inactive!\n",
>  				    t->parms.name);
> diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
> index 0c6403cf8b52..94ccc7a9037b 100644
> --- a/net/ipv6/ip6_tunnel.c
> +++ b/net/ipv6/ip6_tunnel.c
> @@ -478,10 +478,12 @@ ip6_tnl_err(struct sk_buff *skb, __u8 ipproto, struct inet6_skb_parm *opt,
>  	struct net *net = dev_net(skb->dev);
>  	u8 rel_type = ICMPV6_DEST_UNREACH;
>  	u8 rel_code = ICMPV6_ADDR_UNREACH;
> +	struct ipv6_tlv_tnl_enc_lim *tel;
>  	__u32 rel_info = 0;
>  	struct ip6_tnl *t;
>  	int err = -ENOENT;
>  	int rel_msg = 0;
> +	__u32 mtu, teli;
>  	u8 tproto;
>  	__u16 len;
> 
> @@ -501,8 +503,6 @@ ip6_tnl_err(struct sk_buff *skb, __u8 ipproto, struct inet6_skb_parm *opt,
>  	err = 0;
> 
>  	switch (*type) {
> -		struct ipv6_tlv_tnl_enc_lim *tel;
> -		__u32 mtu, teli;
>  	case ICMPV6_DEST_UNREACH:
>  		net_dbg_ratelimited("%s: Path to destination invalid or inactive!\n",
>  				    t->parms.name);
> diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c
> index 691da853bef5..dee2f9516ae8 100644
> --- a/net/openvswitch/flow_netlink.c
> +++ b/net/openvswitch/flow_netlink.c
> @@ -2652,8 +2652,11 @@ static int validate_set(const struct nlattr *a,
>  			u8 mac_proto, __be16 eth_type, bool masked, bool log)
>  {
>  	const struct nlattr *ovs_key = nla_data(a);
> +	const struct ovs_key_ipv4 *ipv4_key;
> +	const struct ovs_key_ipv6 *ipv6_key;
>  	int key_type = nla_type(ovs_key);
>  	size_t key_len;
> +	int err;
> 
>  	/* There can be only one key in a action */
>  	if (nla_total_size(nla_len(ovs_key)) != nla_len(a))
> @@ -2671,10 +2674,6 @@ static int validate_set(const struct nlattr *a,
>  		return -EINVAL;
> 
>  	switch (key_type) {
> -	const struct ovs_key_ipv4 *ipv4_key;
> -	const struct ovs_key_ipv6 *ipv6_key;
> -	int err;
> -
>  	case OVS_KEY_ATTR_PRIORITY:
>  	case OVS_KEY_ATTR_SKB_MARK:
>  	case OVS_KEY_ATTR_CT_MARK:
> diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
> index c598aa00d5e3..bedbd0518153 100644
> --- a/security/tomoyo/common.c
> +++ b/security/tomoyo/common.c
> @@ -1583,8 +1583,9 @@ static void tomoyo_read_domain(struct tomoyo_io_buffer *head)
>  	list_for_each_cookie(head->r.domain, &tomoyo_domain_list) {
>  		struct tomoyo_domain_info *domain =
>  			list_entry(head->r.domain, typeof(*domain), list);
> +		u8 i;
> +
>  		switch (head->r.step) {
> -			u8 i;
>  		case 0:
>  			if (domain->is_deleted &&
>  			    !head->r.print_this_domain_only)
> diff --git a/security/tomoyo/condition.c b/security/tomoyo/condition.c
> index 8d0e1b9c9c57..c10d903febe5 100644
> --- a/security/tomoyo/condition.c
> +++ b/security/tomoyo/condition.c
> @@ -787,10 +787,11 @@ bool tomoyo_condition(struct tomoyo_request_info *r,
>  		/* Check string expressions. */
>  		if (right == TOMOYO_NAME_UNION) {
>  			const struct tomoyo_name_union *ptr = names_p++;
> +			struct tomoyo_path_info *symlink;
> +			struct tomoyo_execve *ee;
> +			struct file *file;
> +
>  			switch (left) {
> -				struct tomoyo_path_info *symlink;
> -				struct tomoyo_execve *ee;
> -				struct file *file;
>  			case TOMOYO_SYMLINK_TARGET:
>  				symlink = obj ? obj->symlink_target : NULL;
>  				if (!symlink ||
> diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c
> index badffc8271c8..8e2bb36df37b 100644
> --- a/security/tomoyo/util.c
> +++ b/security/tomoyo/util.c
> @@ -668,6 +668,8 @@ static bool tomoyo_file_matches_pattern2(const char *filename,
>  {
>  	while (filename < filename_end && pattern < pattern_end) {
>  		char c;
> +		int i, j;
> +
>  		if (*pattern != '\\') {
>  			if (*filename++ != *pattern++)
>  				return false;
> @@ -676,8 +678,6 @@ static bool tomoyo_file_matches_pattern2(const char *filename,
>  		c = *filename;
>  		pattern++;
>  		switch (*pattern) {
> -			int i;
> -			int j;
>  		case '?':
>  			if (c == '/') {
>  				return false;
> --
> 2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ