| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Mar 2021 03:18:53 +0900
From: Vincent MAILHOL <mailhol.vincent@...adoo.fr>
To: Jimmy Assarsson <jimmyassarsson@...il.com>
Cc: Arunachalam Santhanam <arunachalam.santhanam@...bosch.com>,
open list <linux-kernel@...r.kernel.org>,
Marc Kleine-Budde <mkl@...gutronix.de>,
linux-can <linux-can@...r.kernel.org>
Subject: Re: [RESEND v12] can: usb: etas_es58X: add support for ETAS ES58X CAN
USB interfaces
On Wed. 10 Mar 2021 at 03:11, Vincent MAILHOL
<mailhol.vincent@...adoo.fr> wrote:
>
> On Wed. 10 Mar 2021 at 02:27, Jimmy Assarsson <jimmyassarsson@...il.com> wrote:
> >
> > Hi Vincent,
> >
> > On 2021-03-09 13:09, Vincent Mailhol wrote:
> > > This driver supports the ES581.4, ES582.1 and ES584.1 interfaces from
> > > ETAS GmbH (https://www.etas.com/en/products/es58x.php).
> > ...
> > > diff --git a/drivers/net/can/usb/etas_es58x/es58x_core.c b/drivers/net/can/usb/etas_es58x/es58x_core.c
> > > new file mode 100644
> > > index 000000000000..31f907a7b75f
> > > --- /dev/null
> > > +++ b/drivers/net/can/usb/etas_es58x/es58x_core.c
> > ...
> > > +/**
> > > + * es58x_add_skb_idx() - Increment an index of the loopback FIFO.
> > > + * @priv: ES58X private parameters related to the network device.
> > > + * @idx: address of the index to be incremented.
> > > + * @a: the increment. Must be positive and less or equal to
> > > + * @priv->can.echo_skb_max.
> > > + *
> > > + * Do a modulus addition: set *@idx to (*@idx + @a) %
> > > + * @priv->can.echo_skb_max.
> > > + *
> > > + * Rationale: the modulus operator % takes a decent amount of CPU
> > > + * cycles (c.f. other division functions such as
> > > + * include/linux/math64.h:iter_div_u64_rem()).
> > > + */
> > > +static __always_inline void es58x_add_skb_idx(struct es58x_priv *priv,
> > > + u16 *idx, u16 a)
> >
> > Never used?
>
> Indeed, this is a leftover. Should have been removed in v11 when I
> made the device FIFO size a power of two.
> I was not warned by the compiler, probably because this is an inline function.
>
> > ...
> > > +/**
> > > + * es58x_get_product_info() - Get the product information and print them.
> > > + * @es58x_dev: ES58X device.
> > > + *
> > > + * Do a synchronous call to get the product information.
> > > + *
> > > + * Return: zero on success, errno when any error occurs.
> > > + */
> > > +static int es58x_get_product_info(struct es58x_device *es58x_dev)
> > > +{
> > > + struct usb_device *udev = es58x_dev->udev;
> > > + const int es58x_prod_info_idx = 6;
> > > + /* Empirical tests show a prod_info length of maximum 83,
> > > + * below should be more than enough.
> > > + */
> > > + const size_t prod_info_len = 127;
> > > + char *prod_info;
> > > + int ret;
> > > +
> > > + prod_info = kmalloc(prod_info_len, GFP_KERNEL);
> > > + if (!prod_info)
> > > + return -ENOMEM;
> > > +
> > > + ret = usb_string(udev, es58x_prod_info_idx, prod_info, prod_info_len);
> > > + if (ret < 0) {
> > > + dev_err(es58x_dev->dev,
> > > + "%s: Could not read the product info: %pe\n",
> > > + __func__, ERR_PTR(ret));
> >
> > Missing free
>
> Absolutely!
>
> > > + return ret;
> > > + } else if (ret >= prod_info_len - 1) {
> > > + dev_warn(es58x_dev->dev,
> > > + "%s: Buffer is too small, result might be truncated\n",
> > > + __func__);
> > > + }
> > > + dev_info(es58x_dev->dev, "Product info: %s\n", prod_info);
> > > + kfree(prod_info);
> > > +
> > > + return 0;
> > > +}
>
> Thanks for the two findings, both will be fixed in v13.
Out of curiosity, did you find the two issues throughout a code
review or did you use any kind of static analysis tool?
Powered by blists - more mailing lists