lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 26 Apr 2019 06:06:40 -0700
From:   Nathan Chancellor <natechancellor@...il.com>
To:     Michael Chan <michael.chan@...adcom.com>
Cc:     davem@...emloft.net, netdev@...r.kernel.org
Subject: Re: [PATCH net 6/6] bnxt_en: Fix uninitialized variable usage in
 bnxt_rx_pkt().

On Thu, Apr 25, 2019 at 10:31:55PM -0400, Michael Chan wrote:
> In bnxt_rx_pkt(), if the driver encounters BD errors, it will recycle
> the buffers and jump to the end where the uninitailized variable "len"
> is referenced.  Fix it by adding a new jump label that will skip
> the length update.  This is the most correct fix since the length
> may not be valid when we get this type of error.
> 
> Fixes: 6a8788f25625 ("bnxt_en: add support for software dynamic interrupt moderation")
> Reported-by: Nathan Chancellor <natechancellor@...il.com>
> Cc: Nathan Chancellor <natechancellor@...il.com>
> Signed-off-by: Michael Chan <michael.chan@...adcom.com>

This indeed fixes the warning, thank you!

Link: https://github.com/ClangBuiltLinux/linux/issues/398
Reviewed-by: Nathan Chancellor <natechancellor@...il.com>
Tested-by: Nathan Chancellor <natechancellor@...il.com>

> ---
>  drivers/net/ethernet/broadcom/bnxt/bnxt.c | 9 +++++----
>  1 file changed, 5 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
> index b6cb7b8..52ade13 100644
> --- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
> +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
> @@ -1625,7 +1625,7 @@ static int bnxt_rx_pkt(struct bnxt *bp, struct bnxt_cp_ring_info *cpr,
>  			netdev_warn(bp->dev, "RX buffer error %x\n", rx_err);
>  			bnxt_sched_reset(bp, rxr);
>  		}
> -		goto next_rx;
> +		goto next_rx_no_len;
>  	}
>  
>  	len = le32_to_cpu(rxcmp->rx_cmp_len_flags_type) >> RX_CMP_LEN_SHIFT;
> @@ -1706,12 +1706,13 @@ static int bnxt_rx_pkt(struct bnxt *bp, struct bnxt_cp_ring_info *cpr,
>  	rc = 1;
>  
>  next_rx:
> -	rxr->rx_prod = NEXT_RX(prod);
> -	rxr->rx_next_cons = NEXT_RX(cons);
> -
>  	cpr->rx_packets += 1;
>  	cpr->rx_bytes += len;
>  
> +next_rx_no_len:
> +	rxr->rx_prod = NEXT_RX(prod);
> +	rxr->rx_next_cons = NEXT_RX(cons);
> +
>  next_rx_no_prod_no_len:
>  	*raw_cons = tmp_raw_cons;
>  
> -- 
> 2.5.1
> 

Powered by blists - more mailing lists