| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d5b7f0c5-68d4-364f-b2ff-6cd003c70cb4@gmail.com>
Date: Tue, 9 Mar 2021 19:22:47 +0100
From: Jimmy Assarsson <jimmyassarsson@...il.com>
To: Vincent MAILHOL <mailhol.vincent@...adoo.fr>
Cc: Arunachalam Santhanam <arunachalam.santhanam@...bosch.com>,
open list <linux-kernel@...r.kernel.org>,
Marc Kleine-Budde <mkl@...gutronix.de>,
linux-can <linux-can@...r.kernel.org>
Subject: Re: [RESEND v12] can: usb: etas_es58X: add support for ETAS ES58X CAN
USB interfaces
On 2021-03-09 19:18, Vincent MAILHOL wrote:
> On Wed. 10 Mar 2021 at 03:11, Vincent MAILHOL
> <mailhol.vincent@...adoo.fr> wrote:
>>
>> On Wed. 10 Mar 2021 at 02:27, Jimmy Assarsson <jimmyassarsson@...il.com> wrote:
>>>
>>> Hi Vincent,
>>>
>>> On 2021-03-09 13:09, Vincent Mailhol wrote:
>>>> This driver supports the ES581.4, ES582.1 and ES584.1 interfaces from
>>>> ETAS GmbH (https://www.etas.com/en/products/es58x.php).
>>> ...
>>>> diff --git a/drivers/net/can/usb/etas_es58x/es58x_core.c b/drivers/net/can/usb/etas_es58x/es58x_core.c
>>>> new file mode 100644
>>>> index 000000000000..31f907a7b75f
>>>> --- /dev/null
>>>> +++ b/drivers/net/can/usb/etas_es58x/es58x_core.c
>>> ...
>>>> +/**
>>>> + * es58x_add_skb_idx() - Increment an index of the loopback FIFO.
>>>> + * @priv: ES58X private parameters related to the network device.
>>>> + * @idx: address of the index to be incremented.
>>>> + * @a: the increment. Must be positive and less or equal to
>>>> + * @priv->can.echo_skb_max.
>>>> + *
>>>> + * Do a modulus addition: set *@idx to (*@idx + @a) %
>>>> + * @priv->can.echo_skb_max.
>>>> + *
>>>> + * Rationale: the modulus operator % takes a decent amount of CPU
>>>> + * cycles (c.f. other division functions such as
>>>> + * include/linux/math64.h:iter_div_u64_rem()).
>>>> + */
>>>> +static __always_inline void es58x_add_skb_idx(struct es58x_priv *priv,
>>>> + u16 *idx, u16 a)
>>>
>>> Never used?
>>
>> Indeed, this is a leftover. Should have been removed in v11 when I
>> made the device FIFO size a power of two.
>> I was not warned by the compiler, probably because this is an inline function.
>>
>>> ...
>>>> +/**
>>>> + * es58x_get_product_info() - Get the product information and print them.
>>>> + * @es58x_dev: ES58X device.
>>>> + *
>>>> + * Do a synchronous call to get the product information.
>>>> + *
>>>> + * Return: zero on success, errno when any error occurs.
>>>> + */
>>>> +static int es58x_get_product_info(struct es58x_device *es58x_dev)
>>>> +{
>>>> + struct usb_device *udev = es58x_dev->udev;
>>>> + const int es58x_prod_info_idx = 6;
>>>> + /* Empirical tests show a prod_info length of maximum 83,
>>>> + * below should be more than enough.
>>>> + */
>>>> + const size_t prod_info_len = 127;
>>>> + char *prod_info;
>>>> + int ret;
>>>> +
>>>> + prod_info = kmalloc(prod_info_len, GFP_KERNEL);
>>>> + if (!prod_info)
>>>> + return -ENOMEM;
>>>> +
>>>> + ret = usb_string(udev, es58x_prod_info_idx, prod_info, prod_info_len);
>>>> + if (ret < 0) {
>>>> + dev_err(es58x_dev->dev,
>>>> + "%s: Could not read the product info: %pe\n",
>>>> + __func__, ERR_PTR(ret));
>>>
>>> Missing free
>>
>> Absolutely!
>>
>>>> + return ret;
>>>> + } else if (ret >= prod_info_len - 1) {
>>>> + dev_warn(es58x_dev->dev,
>>>> + "%s: Buffer is too small, result might be truncated\n",
>>>> + __func__);
>>>> + }
>>>> + dev_info(es58x_dev->dev, "Product info: %s\n", prod_info);
>>>> + kfree(prod_info);
>>>> +
>>>> + return 0;
>>>> +}
>>
>> Thanks for the two findings, both will be fixed in v13.
>
> Out of curiosity, did you find the two issues throughout a code
> review or did you use any kind of static analysis tool?
Code review.
Powered by blists - more mailing lists