lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAK8P3a2gkvkDidV6t82RYj7sydaaGkUOVvrjfuKfPtdd9vj-eg@mail.gmail.com>
Date:   Fri, 22 Mar 2019 15:32:50 +0100
From:   Arnd Bergmann <arnd@...db.de>
To:     Nick Desaulniers <ndesaulniers@...gle.com>
Cc:     Nathan Chancellor <natechancellor@...il.com>,
        Michael Chan <michael.chan@...adcom.com>,
        "David S. Miller" <davem@...emloft.net>,
        Networking <netdev@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        clang-built-linux@...glegroups.com,
        Eddie Wai <eddie.wai@...adcom.com>, huangjw@...adcom.com,
        prashant@...adcom.com, mchan@...adcom.com,
        vasundhara-v.volam@...adcom.com
Subject: Re: -Wsometimes-uninitialized Clang warning in drivers/net/ethernet/broadcom/bnxt/bnxt.c

On Wed, Mar 20, 2019 at 9:41 PM 'Nick Desaulniers' via Clang Built
Linux <clang-built-linux@...glegroups.com> wrote:
>
> + Broadcom folks from commit c0c050c58d84 ("bnxt_en: New Broadcom
> ethernet driver.").  Looks like Michael wrote and is still maintaining
> the driver.
>
> On Wed, Mar 20, 2019 at 12:08 PM Nathan Chancellor
> <natechancellor@...il.com> wrote:
> >
> > On Thu, Mar 07, 2019 at 05:57:35PM -0700, Nathan Chancellor wrote:
> > > Hi all,
> > >
> > > We are trying to get Clang's -Wsometimes-uninitialized turned on for the
> > > kernel as it can catch some bugs that GCC can't. This warning came up:
> > >
> > > drivers/net/ethernet/broadcom/bnxt/bnxt.c:1612:6: warning: variable 'len' is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized]
> > >         if (rxcmp1->rx_cmp_cfa_code_errors_v2 & RX_CMP_L2_ERRORS) {
> > >             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > drivers/net/ethernet/broadcom/bnxt/bnxt.c:1703:19: note: uninitialized use occurs here
> > >         cpr->rx_bytes += len;
> > >                          ^~~
> > > drivers/net/ethernet/broadcom/bnxt/bnxt.c:1612:2: note: remove the 'if' if its condition is always false
> > >         if (rxcmp1->rx_cmp_cfa_code_errors_v2 & RX_CMP_L2_ERRORS) {
> > >         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > drivers/net/ethernet/broadcom/bnxt/bnxt.c:1540:18: note: initialize the variable 'len' to silence this warning
> > >         unsigned int len;
> > >                         ^
> > >                          = 0
> > > 1 warning generated.
> > >
> > > It seems like the logical change to make is this; however, I am not sure
> > > if this has any other unintended consequences since this is a rather
> > > dense function. I would much appreciate your input, especially if there
> > > is a better way to fix it.
>
> I agree that `goto next_rx_no_prod_no_len` appears to be most correct;
> though I don't understand why this function is a mix of early return
> codes, vs setting rc then updating *raw_cons.  The alternative is
> probably zero initializing len, but I'm not sure whether *raw_cons
> should be updated in that case or not.  Thanks for bringing this up
> and the patch.  Sorry for the delay in review.  Can folks at Broadcom
> please clarify?

I also came up with a workaround for this, but did it the other way round:

diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 0bb9d7b3a2b6..48bdb87574c3 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -1608,6 +1608,7 @@ static int bnxt_rx_pkt(struct bnxt *bp, struct
bnxt_cp_ring_info *cpr,
        }
        *event |= BNXT_RX_EVENT;

+       len = le32_to_cpu(rxcmp->rx_cmp_len_flags_type) >> RX_CMP_LEN_SHIFT;
        rx_buf->data = NULL;
        if (rxcmp1->rx_cmp_cfa_code_errors_v2 & RX_CMP_L2_ERRORS) {
                bnxt_reuse_rx_data(rxr, cons, data);
@@ -1618,7 +1619,6 @@ static int bnxt_rx_pkt(struct bnxt *bp, struct
bnxt_cp_ring_info *cpr,
                goto next_rx;
        }

-       len = le32_to_cpu(rxcmp->rx_cmp_len_flags_type) >> RX_CMP_LEN_SHIFT;
        dma_addr = rx_buf->mapping;

        if (bnxt_rx_xdp(bp, rxr, cons, data, &data_ptr, &len, event)) {

Presumably one of the two is correct here, but I don't know which one ;-)

       Arnd

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ