lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <e4e4c4f0-782b-9f89-d7a2-859c7759ca66@kernel.org>
Date:   Mon, 7 Nov 2022 10:56:30 +0200
From:   Roger Quadros <rogerq@...nel.org>
To:     coverity-bot <keescook@...omium.org>,
        Benedikt Niedermayr <benedikt.niedermayr@...mens.com>
Cc:     Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>,
        linux-kernel@...r.kernel.org, Tony Lindgren <tony@...mide.com>,
        linux-omap@...r.kernel.org,
        "Gustavo A. R. Silva" <gustavo@...eddedor.com>,
        linux-next@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: Coverity: gpmc_is_valid_waitpin(): Control flow issues



On 07/11/2022 10:53, Roger Quadros wrote:
> Hi Benedikt,
> 
> On 04/11/2022 21:33, coverity-bot wrote:
>> Hello!
>>
>> This is an experimental semi-automated report about issues detected by
>> Coverity from a scan of next-20221104 as part of the linux-next scan project:
>> https://scan.coverity.com/projects/linux-next-weekly-scan
>>
>> You're getting this email because you were associated with the identified
>> lines of code (noted below) that were touched by commits:
>>
>>   Wed Nov 2 10:02:39 2022 -0400
>>     89aed3cd5cb9 ("memory: omap-gpmc: wait pin additions")
>>
>> Coverity reported the following:
>>
>> *** CID 1527139:  Control flow issues  (NO_EFFECT)
>> drivers/memory/omap-gpmc.c:1048 in gpmc_is_valid_waitpin()
>> 1042     	spin_unlock(&gpmc_mem_lock);
>> 1043     }
>> 1044     EXPORT_SYMBOL(gpmc_cs_free);
>> 1045
>> 1046     static bool gpmc_is_valid_waitpin(u32 waitpin)
> 
> We will need to change this waitpin argument to int.
> In addition we will also need to change
> struct gpmc_waitpin->pin and struct gpmc_setting->wait_pin
> to int as in the code we are relying on GPMC_WAITPIN_INVALID logic which is -1.

Another alternative with less churn is to leave them as u32
but make GPMC_WAITPIN_INVALID set to a large positive number.

> 
>> 1047     {
>> vvv     CID 1527139:  Control flow issues  (NO_EFFECT)
>> vvv     This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "waitpin >= 0U".
>> 1048     	return waitpin >= 0 && waitpin < gpmc_nr_waitpins;
>> 1049     }
>> 1050
>> 1051     static int gpmc_alloc_waitpin(struct gpmc_device *gpmc,
>> 1052     			      struct gpmc_settings *p)
>> 1053     {
>>
>> If this is a false positive, please let us know so we can mark it as
>> such, or teach the Coverity rules to be smarter. If not, please make
>> sure fixes get into linux-next. :) For patches fixing this, please
>> include these lines (but double-check the "Fixes" first):
>>
>> Reported-by: coverity-bot <keescook+coverity-bot@...omium.org>
>> Addresses-Coverity-ID: 1527139 ("Control flow issues")
>> Fixes: 89aed3cd5cb9 ("memory: omap-gpmc: wait pin additions")
>>
>> Thanks for your attention!
>>
> 

cheers,
-roger

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ