lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <d5b7f0c5-68d4-364f-b2ff-6cd003c70cb4@gmail.com>
Date:   Tue, 9 Mar 2021 19:22:47 +0100
From:   Jimmy Assarsson <jimmyassarsson@...il.com>
To:     Vincent MAILHOL <mailhol.vincent@...adoo.fr>
Cc:     Arunachalam Santhanam <arunachalam.santhanam@...bosch.com>,
        open list <linux-kernel@...r.kernel.org>,
        Marc Kleine-Budde <mkl@...gutronix.de>,
        linux-can <linux-can@...r.kernel.org>
Subject: Re: [RESEND v12] can: usb: etas_es58X: add support for ETAS ES58X CAN
 USB interfaces

On 2021-03-09 19:18, Vincent MAILHOL wrote:
> On Wed. 10 Mar 2021 at 03:11, Vincent MAILHOL
> <mailhol.vincent@...adoo.fr> wrote:
>>
>> On Wed. 10 Mar 2021 at 02:27, Jimmy Assarsson <jimmyassarsson@...il.com> wrote:
>>>
>>> Hi Vincent,
>>>
>>> On 2021-03-09 13:09, Vincent Mailhol wrote:
>>>> This driver supports the ES581.4, ES582.1 and ES584.1 interfaces from
>>>> ETAS GmbH (https://www.etas.com/en/products/es58x.php).
>>> ...
>>>> diff --git a/drivers/net/can/usb/etas_es58x/es58x_core.c b/drivers/net/can/usb/etas_es58x/es58x_core.c
>>>> new file mode 100644
>>>> index 000000000000..31f907a7b75f
>>>> --- /dev/null
>>>> +++ b/drivers/net/can/usb/etas_es58x/es58x_core.c
>>> ...
>>>> +/**
>>>> + * es58x_add_skb_idx() - Increment an index of the loopback FIFO.
>>>> + * @priv: ES58X private parameters related to the network device.
>>>> + * @idx: address of the index to be incremented.
>>>> + * @a: the increment. Must be positive and less or equal to
>>>> + *   @priv->can.echo_skb_max.
>>>> + *
>>>> + * Do a modulus addition: set *@idx to (*@idx + @a) %
>>>> + * @priv->can.echo_skb_max.
>>>> + *
>>>> + * Rationale: the modulus operator % takes a decent amount of CPU
>>>> + * cycles (c.f. other division functions such as
>>>> + * include/linux/math64.h:iter_div_u64_rem()).
>>>> + */
>>>> +static __always_inline void es58x_add_skb_idx(struct es58x_priv *priv,
>>>> +                                           u16 *idx, u16 a)
>>>
>>> Never used?
>>
>> Indeed, this is a leftover. Should have been removed in v11 when I
>> made the device FIFO size a power of two.
>> I was not warned by the compiler, probably because this is an inline function.
>>
>>> ...
>>>> +/**
>>>> + * es58x_get_product_info() - Get the product information and print them.
>>>> + * @es58x_dev: ES58X device.
>>>> + *
>>>> + * Do a synchronous call to get the product information.
>>>> + *
>>>> + * Return: zero on success, errno when any error occurs.
>>>> + */
>>>> +static int es58x_get_product_info(struct es58x_device *es58x_dev)
>>>> +{
>>>> +     struct usb_device *udev = es58x_dev->udev;
>>>> +     const int es58x_prod_info_idx = 6;
>>>> +     /* Empirical tests show a prod_info length of maximum 83,
>>>> +      * below should be more than enough.
>>>> +      */
>>>> +     const size_t prod_info_len = 127;
>>>> +     char *prod_info;
>>>> +     int ret;
>>>> +
>>>> +     prod_info = kmalloc(prod_info_len, GFP_KERNEL);
>>>> +     if (!prod_info)
>>>> +             return -ENOMEM;
>>>> +
>>>> +     ret = usb_string(udev, es58x_prod_info_idx, prod_info, prod_info_len);
>>>> +     if (ret < 0) {
>>>> +             dev_err(es58x_dev->dev,
>>>> +                     "%s: Could not read the product info: %pe\n",
>>>> +                     __func__, ERR_PTR(ret));
>>>
>>> Missing free
>>
>> Absolutely!
>>
>>>> +             return ret;
>>>> +     } else if (ret >= prod_info_len - 1) {
>>>> +             dev_warn(es58x_dev->dev,
>>>> +                      "%s: Buffer is too small, result might be truncated\n",
>>>> +                      __func__);
>>>> +     }
>>>> +     dev_info(es58x_dev->dev, "Product info: %s\n", prod_info);
>>>> +     kfree(prod_info);
>>>> +
>>>> +     return 0;
>>>> +}
>>
>> Thanks for the two findings, both will be fixed in v13.
> 
> Out of curiosity, did you find the two issues throughout a code
> review or did you use any kind of static analysis tool?

Code review.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ