lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 29 Apr 2019 15:34:55 +0000
From:   David Laight <David.Laight@...LAB.COM>
To:     "'Gustavo A. R. Silva'" <gustavo@...eddedor.com>,
        Valentina Manea <valentina.manea.m@...il.com>,
        Shuah Khan <shuah@...nel.org>,
        "Greg Kroah-Hartman" <gregkh@...uxfoundation.org>
CC:     "linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Kees Cook <keescook@...omium.org>
Subject: RE: [PATCH] usbip: vhci_hcd: Mark expected switch fall-through

From: Gustavo A. R. Silva
> Sent: 29 April 2019 16:06
> On 4/29/19 9:44 AM, David Laight wrote:
> > From: Gustavo A. R. Silva
> >> Sent: 29 April 2019 15:40
> >> In preparation to enabling -Wimplicit-fallthrough, mark switch
> >> cases where we are expecting to fall through.
> > ...
> >> diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c
> >> index 667d9c0ec905..000ab7225717 100644
> >> --- a/drivers/usb/usbip/vhci_hcd.c
> >> +++ b/drivers/usb/usbip/vhci_hcd.c
> >> @@ -508,6 +508,7 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue,
> >>  		case USB_PORT_FEAT_U1_TIMEOUT:
> >>  			usbip_dbg_vhci_rh(
> >>  				" SetPortFeature: USB_PORT_FEAT_U1_TIMEOUT\n");
> >> +			/* Fall through */
> >>  		case USB_PORT_FEAT_U2_TIMEOUT:
> >>  			usbip_dbg_vhci_rh(
> >>  				" SetPortFeature: USB_PORT_FEAT_U2_TIMEOUT\n");
> >
> > That doesn't look right, both debug messages seem to get printed.
> >
> 
> At first sight, I thought the same way, then I took a look into
> commit:
> 
> 1c9de5bf428612458427943b724bea51abde520a
> 
> and noticed that the original developer properly added fall-through
> comments in other places in the same switch() code, that gave me the
> impression he knew what he was doing; then I noticed the following
> error message in case USB_PORT_FEAT_U2_TIMEOUT:
> 
> 	if (hcd->speed != HCD_USB3) {
> 		pr_err("USB_PORT_FEAT_U1/2_TIMEOUT req not "
> 		       "supported for USB 2.0 roothub\n");
> 		goto error;
> 	}
> 
> this error message is what makes me think the fall-through is
> intentional; otherwise I think it would look like this instead:
> 
> 	if (hcd->speed != HCD_USB3) {
> 		pr_err("USB_PORT_FEAT_U2_TIMEOUT req not "
> 		       "supported for USB 2.0 roothub\n");
> 		goto error;
> 	}

God, that code is truly ugly :-(

It starts off bad with all those 'u16' parameters - they'll require a
mask operation somewhere.

Then we have the classic:
	wIndex = ((__u8)(wIndex & 0xff));
Some compilers have been known to and with 0xff twice for code like that.
Since the target is u16 there could be a 3rd mask with 0xffff on non-x86.

I like to put a blank line before 'case' lines - the only ones in that
function are in the middle of nested case blocks!

If you have to rely on the usbip_dbg_vhci_rh() debug lines you'll
wish they contained more context!
vhci_hub_control() has one early on; the rest could be killed -
they contain no more information.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Powered by blists - more mailing lists