| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a20bfbb6-65d4-2aef-1b78-15af329d77b4@redhat.com>
Date: Mon, 14 Sep 2020 10:39:39 +0200
From: Hans de Goede <hdegoede@...hat.com>
To: trix@...hat.com, ibm-acpi@....eng.br, dvhart@...radead.org,
andy@...radead.org, natechancellor@...il.com,
ndesaulniers@...gle.com, len.brown@...el.com
Cc: ibm-acpi-devel@...ts.sourceforge.net,
platform-driver-x86@...r.kernel.org, linux-kernel@...r.kernel.org,
clang-built-linux@...glegroups.com
Subject: Re: [PATCH] platform/x86: thinkpad_acpi: initialize tp_nvram_state
variable
Hi,
On 9/13/20 9:02 PM, trix@...hat.com wrote:
> From: Tom Rix <trix@...hat.com>
>
> clang static analysis flags this represenative problem
> thinkpad_acpi.c:2523:7: warning: Branch condition evaluates
> to a garbage value
> if (!oldn->mute ||
> ^~~~~~~~~~~
>
> In hotkey_kthread() mute is conditionally set by hotkey_read_nvram()
> but unconditionally checked by hotkey_compare_and_issue_event().
> So the tp_nvram_state variable s[2] needs to be initialized.
>
> Fixes: 01e88f25985d ("ACPI: thinkpad-acpi: add CMOS NVRAM polling for hot keys (v9)")
Looking at the code I do not think this can actually happen,
this can only happen if the poll_mask == 0 the first time
through the loop so s[1] does never gets initialized and then
the second time to the loop poll_mask != 0, but if poll_mask
changes then we hit:
mutex_lock(&hotkey_thread_data_mutex);
if (was_frozen || hotkey_config_change != change_detector) {
/* forget old state on thaw or config change */
si = so;
t = 0;
change_detector = hotkey_config_change;
}
Where we set si = so so then this can also not happen.
I can understand the static-analyzer warning about this, and fixing
that warning is good. But I doubt that this warrants a fixes tag.
So with the Fixes tag dropped this is:
Reviewed-by: Hans de Goede <hdegoede@...hat.com>
> Signed-off-by: Tom Rix <trix@...hat.com>
> ---
> drivers/platform/x86/thinkpad_acpi.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c
> index 47925c319d7b..24da8b6872f2 100644
> --- a/drivers/platform/x86/thinkpad_acpi.c
> +++ b/drivers/platform/x86/thinkpad_acpi.c
> @@ -2573,7 +2573,7 @@ static void hotkey_compare_and_issue_event(struct tp_nvram_state *oldn,
> */
> static int hotkey_kthread(void *data)
> {
> - struct tp_nvram_state s[2];
> + struct tp_nvram_state s[2] = { 0 };
> u32 poll_mask, event_mask;
> unsigned int si, so;
> unsigned long t;
>
Powered by blists - more mailing lists