lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200830212249.GA528080@rowland.harvard.edu>
Date:   Sun, 30 Aug 2020 17:22:49 -0400
From:   Alan Stern <stern@...land.harvard.edu>
To:     trix@...hat.com
Cc:     balbi@...nel.org, gregkh@...uxfoundation.org,
        natechancellor@...il.com, ndesaulniers@...gle.com,
        christophe.jaillet@...adoo.fr, peter.chen@....com, b-liu@...com,
        chunfeng.yun@...iatek.com, novikov@...ras.ru, yanaijie@...wei.com,
        linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] usb: gadget: net2272: assert for a valid dma request

On Sun, Aug 30, 2020 at 11:36:46AM -0700, trix@...hat.com wrote:
> From: Tom Rix <trix@...hat.com>
> 
> clang static analysis flags this representive problem
> 
> net2272.c:1541:8: warning: Dereference of null pointer
>     if ((req->req.length % ep->ep.maxpacket != 0) ||
>          ^~~~~~~~~~~~~~~
> This is mostly not a problem.
> 
> In net2272_handle_dma(), even though every path through
> the routine dereferences req, it is set to NULL when the
> ep->queue is empty.  If the eq->queue was ever empty this
> would have oops.
> 
> So the else statement should not be needed.  If it is,
> flag it as a BUG.
> 
> Signed-off-by: Tom Rix <trix@...hat.com>

This patch really seems to be overkill.  In particular, Linus Torvalds 
feels very strongly that people should not add BUG or BUG_ON calls 
except in extreme situations -- which this isn't.

> ---
>  drivers/usb/gadget/udc/net2272.c | 5 ++---
>  1 file changed, 2 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/usb/gadget/udc/net2272.c b/drivers/usb/gadget/udc/net2272.c
> index 44d1ea2307bb..8301723a8b1a 100644
> --- a/drivers/usb/gadget/udc/net2272.c
> +++ b/drivers/usb/gadget/udc/net2272.c
> @@ -1506,17 +1506,16 @@ static int net2272_stop(struct usb_gadget *_gadget)
>  static void
>  net2272_handle_dma(struct net2272_ep *ep)
>  {
> -	struct net2272_request *req;
> +	struct net2272_request *req = NULL;
>  	unsigned len;
>  	int status;
>  
>  	if (!list_empty(&ep->queue))
>  		req = list_entry(ep->queue.next,
>  				struct net2272_request, queue);
> -	else
> -		req = NULL;
>  
>  	dev_vdbg(ep->dev->dev, "handle_dma %s req %p\n", ep->ep.name, req);
> +	BUG_ON(!req);

There's no point in adding this.  If the function goes on to dereference 
a NULL pointer, you'll get the same effect in any case -- an oops.

If you want to make the point that req had better not be NULL, just get 
rid of the "if" test entirely.  You could even change the list_entry to 
list_first_entry.

Alan Stern

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ