lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAEO-vhGuJUdbBhchbga33TNWvZXTXHWbd4=M8xeWkHAi1rnw2g@mail.gmail.com>
Date: Wed, 16 Oct 2024 06:54:00 -0600
From: "Everest K.C." <everestkc@...restkc.com.np>
To: Greg KH <gregkh@...uxfoundation.org>
Cc: dpenkler@...il.com, skhan@...uxfoundation.org, 
	linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: [PATCH V2] staging: gpib: Remove a dead condition in if statement

On Wed, Oct 16, 2024 at 2:04 AM Greg KH <gregkh@...uxfoundation.org> wrote:
>
> On Wed, Oct 16, 2024 at 01:53:18AM -0600, Everest K.C. wrote:
> > The variable `residue` is an unsigned int, also the function
> > `fluke_get_dma_residue` returns an unsigned int. The value of
> > an unsigned int can only be 0 at minimum.
> > The less-than-zero comparison can never be true.
> > Fix it by removing the dead condition in the if statement.
> >
> > This issue was reported by Coverity Scan.
> > Report:
> > CID 1600782: (#1 of 1): Macro compares unsigned to 0 (NO_EFFECT)
> > unsigned_compare: This less-than-zero comparison of an unsigned value
> > is never true. residue < 0U.
> >
> > Signed-off-by: Everest K.C. <everestkc@...restkc.com.np>
> > ---
> > V1 -> V2: - Fixed typo of comparison in changelog
> >           - Removed Fixes tag
> >
> >  drivers/staging/gpib/eastwood/fluke_gpib.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/staging/gpib/eastwood/fluke_gpib.c b/drivers/staging/gpib/eastwood/fluke_gpib.c
> > index f9f149db222d..51b4f9891a34 100644
> > --- a/drivers/staging/gpib/eastwood/fluke_gpib.c
> > +++ b/drivers/staging/gpib/eastwood/fluke_gpib.c
> > @@ -644,7 +644,7 @@ static int fluke_dma_read(gpib_board_t *board, uint8_t *buffer,
> >        */
> >       usleep_range(10, 15);
> >       residue = fluke_get_dma_residue(e_priv->dma_channel, dma_cookie);
> > -     if (WARN_ON_ONCE(residue > length || residue < 0))
> > +     if (WARN_ON_ONCE(residue > length))
>
> No, this is incorrect, now we never notice is the call to
> fluke_get_dma_residue() has failed.  Please fix that bug instead (hint,
> Covertity is giving you a pointer to where something might be wrong, but
> this change is NOT how to fix it.)
I need a little guidance here.
My best guess to fix the bug would be to make fluke_get_dma_residue()
return an int instead of unsigned int or size_t. But theoretically the
maximum value of residue can be UINT_MAX, and casting it to int will
result in a negative number, which in turn will cause  the error check
condition to evaluate to true.
The best solution I see would be to make fluke_get_dma_residue() return
an int (-1 for error and 0 for success). Then pass the address of residue
reference to fluke_get_dma_residue() to be updated.
Am I on the right track ?

Also,I searched for the functions with names that match get_dma_residue
in the kernel source code and found that they return unsigned int. I also
noticed that no error checks have been made to check if get_dma_residue
was successful.
> thanks,
>
> greg k-h
Thanks,
Everest K.C.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ