| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aCOU6V2mece-gjWz@aschofie-mobl2.lan>
Date: Tue, 13 May 2025 11:52:25 -0700
From: Alison Schofield <alison.schofield@...el.com>
To: Dan Williams <dan.j.williams@...el.com>
CC: Purva Yeshi <purvayeshi550@...il.com>, <dave@...olabs.net>,
<jonathan.cameron@...wei.com>, <dave.jiang@...el.com>,
<vishal.l.verma@...el.com>, <ira.weiny@...el.com>, <ming.li@...omail.com>,
<huang.ying.caritas@...il.com>, <linux-cxl@...r.kernel.org>,
<linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] cxl: core: Initialize eiw and eig to fix potential
uninitialized use
On Mon, Apr 21, 2025 at 10:39:38AM -0700, Dan Williams wrote:
> Purva Yeshi wrote:
> > Fix Smatch-detected issue:
> >
> > drivers/cxl/core/region.c:1292 check_interleave_cap()
> > error: uninitialized symbol 'eiw'.
> > drivers/cxl/core/region.c:1297 check_interleave_cap()
> > error: uninitialized symbol 'eig'.
> > drivers/cxl/core/region.c:1299 check_interleave_cap()
> > error: uninitialized symbol 'eig'.
> >
> > Smatch reports possible uninitialized usage of these variables if
> > the helper functions ways_to_eiw() or granularity_to_eig() fail to
> > assign values under certain conditions.
> >
> > Initialize the eiw and eig variables to zero when they are declared
> > in check_interleave_cap() to prevent potential use of uninitialized
> > values.
> >
Hi Purva,
We'd like to see this patch revised and resubmitted. It is a
good cleanup!
Go ahead and send a v2 with Dan's suggestion as the solution.
There's a couple of options for the tags. Here I think it is
good to add this tag:
Suggested-by: Dan Williams <dan.j.williams@...el.com>
followed by your Signed-off-by tag.
> > Signed-off-by: Purva Yeshi <purvayeshi550@...il.com>
> > ---
You'll add a changelog in v2 here, below the ---, something like:
Changes in v2:
- init eiw and eig in their helper functions (Dan)
Thanks,
Alison
> > drivers/cxl/core/region.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/cxl/core/region.c b/drivers/cxl/core/region.c
> > index c3f4dc244df7..edf8636f190a 100644
> > --- a/drivers/cxl/core/region.c
> > +++ b/drivers/cxl/core/region.c
> > @@ -1266,8 +1266,8 @@ static int check_interleave_cap(struct cxl_decoder *cxld, int iw, int ig)
> > struct cxl_port *port = to_cxl_port(cxld->dev.parent);
> > struct cxl_hdm *cxlhdm = dev_get_drvdata(&port->dev);
> > unsigned int interleave_mask;
> > - u8 eiw;
> > - u16 eig;
> > + u8 eiw = 0;
> > + u16 eig = 0;
>
> I appreciate that this quiets the warning, but it is leaving a trip
> hazard for future code refactoring. I would prefer to make this scenario
> harder to repeat in the future with something like:
>
> diff --git a/drivers/cxl/cxl.h b/drivers/cxl/cxl.h
> index be8a7dc77719..5f20919207ae 100644
> --- a/drivers/cxl/cxl.h
> +++ b/drivers/cxl/cxl.h
> @@ -107,6 +107,7 @@ static inline int eiw_to_ways(u8 eiw, unsigned int *ways)
>
> static inline int granularity_to_eig(int granularity, u16 *eig)
> {
> + *eig = 0;
> if (granularity > SZ_16K || granularity < CXL_DECODER_MIN_GRANULARITY ||
> !is_power_of_2(granularity))
> return -EINVAL;
> @@ -116,6 +117,7 @@ static inline int granularity_to_eig(int granularity, u16 *eig)
>
> static inline int ways_to_eiw(unsigned int ways, u8 *eiw)
> {
> + *eiw = 0;
> if (ways > 16)
> return -EINVAL;
> if (is_power_of_2(ways)) {
Powered by blists - more mailing lists