lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 25 Apr 2019 11:14:11 -0700
From:   Nathan Chancellor <natechancellor@...il.com>
To:     Arnd Bergmann <arnd@...db.de>
Cc:     Nick Desaulniers <ndesaulniers@...gle.com>,
        Michael Chan <michael.chan@...adcom.com>,
        "David S. Miller" <davem@...emloft.net>,
        Networking <netdev@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        clang-built-linux@...glegroups.com,
        Eddie Wai <eddie.wai@...adcom.com>, huangjw@...adcom.com,
        prashant@...adcom.com, mchan@...adcom.com,
        vasundhara-v.volam@...adcom.com
Subject: Re: -Wsometimes-uninitialized Clang warning in
 drivers/net/ethernet/broadcom/bnxt/bnxt.c

Hi Arnd,

On Fri, Mar 22, 2019 at 03:32:50PM +0100, Arnd Bergmann wrote:
> On Wed, Mar 20, 2019 at 9:41 PM 'Nick Desaulniers' via Clang Built
> Linux <clang-built-linux@...glegroups.com> wrote:
> >
> > + Broadcom folks from commit c0c050c58d84 ("bnxt_en: New Broadcom
> > ethernet driver.").  Looks like Michael wrote and is still maintaining
> > the driver.
> >
> > On Wed, Mar 20, 2019 at 12:08 PM Nathan Chancellor
> > <natechancellor@...il.com> wrote:
> > >
> > > On Thu, Mar 07, 2019 at 05:57:35PM -0700, Nathan Chancellor wrote:
> > > > Hi all,
> > > >
> > > > We are trying to get Clang's -Wsometimes-uninitialized turned on for the
> > > > kernel as it can catch some bugs that GCC can't. This warning came up:
> > > >
> > > > drivers/net/ethernet/broadcom/bnxt/bnxt.c:1612:6: warning: variable 'len' is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized]
> > > >         if (rxcmp1->rx_cmp_cfa_code_errors_v2 & RX_CMP_L2_ERRORS) {
> > > >             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > > drivers/net/ethernet/broadcom/bnxt/bnxt.c:1703:19: note: uninitialized use occurs here
> > > >         cpr->rx_bytes += len;
> > > >                          ^~~
> > > > drivers/net/ethernet/broadcom/bnxt/bnxt.c:1612:2: note: remove the 'if' if its condition is always false
> > > >         if (rxcmp1->rx_cmp_cfa_code_errors_v2 & RX_CMP_L2_ERRORS) {
> > > >         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > > drivers/net/ethernet/broadcom/bnxt/bnxt.c:1540:18: note: initialize the variable 'len' to silence this warning
> > > >         unsigned int len;
> > > >                         ^
> > > >                          = 0
> > > > 1 warning generated.
> > > >
> > > > It seems like the logical change to make is this; however, I am not sure
> > > > if this has any other unintended consequences since this is a rather
> > > > dense function. I would much appreciate your input, especially if there
> > > > is a better way to fix it.
> >
> > I agree that `goto next_rx_no_prod_no_len` appears to be most correct;
> > though I don't understand why this function is a mix of early return
> > codes, vs setting rc then updating *raw_cons.  The alternative is
> > probably zero initializing len, but I'm not sure whether *raw_cons
> > should be updated in that case or not.  Thanks for bringing this up
> > and the patch.  Sorry for the delay in review.  Can folks at Broadcom
> > please clarify?
> 
> I also came up with a workaround for this, but did it the other way round:
> 
> diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
> b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
> index 0bb9d7b3a2b6..48bdb87574c3 100644
> --- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
> +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
> @@ -1608,6 +1608,7 @@ static int bnxt_rx_pkt(struct bnxt *bp, struct
> bnxt_cp_ring_info *cpr,
>         }
>         *event |= BNXT_RX_EVENT;
> 
> +       len = le32_to_cpu(rxcmp->rx_cmp_len_flags_type) >> RX_CMP_LEN_SHIFT;
>         rx_buf->data = NULL;
>         if (rxcmp1->rx_cmp_cfa_code_errors_v2 & RX_CMP_L2_ERRORS) {
>                 bnxt_reuse_rx_data(rxr, cons, data);
> @@ -1618,7 +1619,6 @@ static int bnxt_rx_pkt(struct bnxt *bp, struct
> bnxt_cp_ring_info *cpr,
>                 goto next_rx;
>         }
> 
> -       len = le32_to_cpu(rxcmp->rx_cmp_len_flags_type) >> RX_CMP_LEN_SHIFT;
>         dma_addr = rx_buf->mapping;
> 
>         if (bnxt_rx_xdp(bp, rxr, cons, data, &data_ptr, &len, event)) {
> 
> Presumably one of the two is correct here, but I don't know which one ;-)
> 
>        Arnd

Did you want to submit this a formal patch? Since no one from Broadcom
has chipped in yet, it'd probably be better to submit this for review
and get comments that way. I cannot imagine that this is any worse than
what is currently happening (adding uninitialized stack memory to
rx_bytes when jumping to next_rx) and I like it better than modifying
the goto statement.

This is the only other warning I run into in arm, arm64 and x86_64
all{yes,mod}config so I'd like to get it resolved soon so we can turn on
this warning for the whole kernel.

Cheers,
Nathan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ