lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <3a941f1e-2842-f43e-59ea-479038b75ab5@canonical.com>
Date:   Mon, 6 Jul 2020 16:32:08 +0100
From:   Colin Ian King <colin.king@...onical.com>
To:     Matteo Croce <mcroce@...ux.microsoft.com>,
        Sven Auhagen <sven.auhagen@...eatech.de>
Cc:     "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: mvpp2: XDP TX support

On 06/07/2020 16:28, Matteo Croce wrote:
> On Mon, 6 Jul 2020 14:59:22 +0100
> Colin Ian King <colin.king@...onical.com> wrote:
> 
>> Hi,
>>
>> Static analysis with Coverity has found a potential issue in the
>> following commit:
>>
>> commit c2d6fe6163de80d7f7cf400ee351f56d6cdb7a5a
>> Author: Matteo Croce <mcroce@...rosoft.com>
>> Date:   Thu Jul 2 16:12:43 2020 +0200
>>
>>     mvpp2: XDP TX support
>>
>>
>> In source drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c in function
>> mvpp2_check_pagepool_dma, analysis is as follows:
>>
>>
>> 4486        if (!priv->percpu_pools)
>> 4487                return err;
>> 4488
>> CID (#1 of 1): Array compared against 0 (NO_EFFECT)
>> array_null: Comparing an array to null is not useful: priv->page_pool,
>> since the test will always evaluate as true.
>>
>>     Was priv->page_pool formerly declared as a pointer?
>>
>> 4489        if (!priv->page_pool)
>> 4490                return -ENOMEM;
>> 4491
>>
>>
>> page_pool is declared as:
>>
>> 	struct page_pool *page_pool[MVPP2_PORT_MAX_RXQ];
>>
>> ..it is an array and hence cannot be null, so the null check is
>> redundant.  Later on there is a reference of priv->page_pool[0], so
>> was the check meant to be:
>>
>> 	if (!priv->page_pool[0])
>>
>> Colin
> 
> Hi,
> 
> yes, the check was meant to be 'if (!priv->page_pool[0])'.
> Maybe it's a copy/paste error from other points where 'page_pool' is a
> local variable.
> 
> While at it, I've found that in case a page_pool allocation fails, I
> don't cleanup the previously allocated pools, and upon deallocation the
> pointer isn't set back to NULL.
> 
> I should add something like:
> 
> @@ -548,8 +548,10 @@ static int mvpp2_bm_pool_destroy(struct device
> *dev, struct mvpp2 *priv, val |= MVPP2_BM_STOP_MASK;
>  	mvpp2_write(priv, MVPP2_BM_POOL_CTRL_REG(bm_pool->id), val);
>  
> -	if (priv->percpu_pools)
> +	if (priv->percpu_pools) {
>  		page_pool_destroy(priv->page_pool[bm_pool->id]);
> +		priv->page_pool[bm_pool->id] = NULL;
> +	}
>  
>  	dma_free_coherent(dev, bm_pool->size_bytes,
>  			  bm_pool->virt_addr,
> @@ -609,8 +611,15 @@ static int mvpp2_bm_init(struct device *dev,
> struct mvpp2 *priv) mvpp2_pools[pn].buf_num,
>  						       mvpp2_pools[pn].pkt_size,
>  						       dma_dir);
> -			if (IS_ERR(priv->page_pool[i]))
> -				return PTR_ERR(priv->page_pool[i]);
> +			if (IS_ERR(priv->page_pool[i])) {
> +				err = PTR_ERR(priv->page_pool[i]);
> +
> +				for (i--; i >=0; i--) {
> +
> page_pool_destroy(priv->page_pool[i]);
> +					priv->page_pool[i] = NULL;
> +				}
> +				return err;
> +			}
>  		}
>  	}
>  
> Looks sane to you?
> 
> Regards,
> 
Oh, good catch on the cleanups. Yes, that looks sane.

Colin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ