lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190926131811.GG29696@kadam>
Date:   Thu, 26 Sep 2019 16:18:11 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     "Alvaro G. M" <alvaro.gamez@...ent.com>
Cc:     Radhey Shyam Pandey <radhey.shyam.pandey@...inx.com>,
        "David S. Miller" <davem@...emloft.net>,
        Michal Simek <michal.simek@...inx.com>,
        Russell King <linux@...linux.org.uk>, netdev@...r.kernel.org,
        kernel-janitors@...r.kernel.org, Andrew Lunn <andrew@...n.ch>
Subject: Re: [PATCH net] net: axienet: fix a signedness bug in probe

On Wed, Sep 25, 2019 at 01:05:43PM +0200, Alvaro G. M wrote:
> Hi, Dan
> 
> On Wed, Sep 25, 2019 at 01:59:11PM +0300, Dan Carpenter wrote:
> > The "lp->phy_mode" is an enum but in this context GCC treats it as an
> > unsigned int so the error handling is never triggered.
> > 
> >  		lp->phy_mode = of_get_phy_mode(pdev->dev.of_node);
> > -		if (lp->phy_mode < 0) {
> > +		if ((int)lp->phy_mode < 0) {
> 
> This (almost) exact code appears in a lot of different drivers too,
> so maybe it'd be nice to review them all and apply the same cast if needed?
> 

This is a new warning in Smatch.  I did send patches for the whole
kernel.  We won't get these bugs in the future because people run Smatch
on the kernel and will find the bugs.  All the bugs were from 2017 or
later which suggests that someone cleared these out two years ago but
soon the 0-day bot will warn about issues so they will get fixed
quicker.

I'm sort of out of it today...

The get_phy_mode() function seem like they lend themselves to creating
these bugs.  The ->phy_mode variables tend to be declared in the driver
so it would require quite a few patches to make them all int and I'm not
sure that's more beautiful.  Andrew Lunn's idea to update the API would
probably be a good idea.

I'm going back to bed for now and I'll think about this some more.

regards,
dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ