lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAMRc=MevVsYZFDQif+8Zyv41sSkbS8XqWbKGdCvHooneXz88hg@mail.gmail.com>
Date:   Wed, 27 May 2020 10:46:08 +0200
From:   Bartosz Golaszewski <brgl@...ev.pl>
To:     Nathan Chancellor <natechancellor@...il.com>
Cc:     Rob Herring <robh+dt@...nel.org>,
        "David S . Miller" <davem@...emloft.net>,
        Matthias Brugger <matthias.bgg@...il.com>,
        John Crispin <john@...ozen.org>,
        Sean Wang <sean.wang@...iatek.com>,
        Mark Lee <Mark-MC.Lee@...iatek.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Arnd Bergmann <arnd@...db.de>,
        Fabien Parent <fparent@...libre.com>,
        Heiner Kallweit <hkallweit1@...il.com>,
        Edwin Peer <edwin.peer@...adcom.com>,
        devicetree <devicetree@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        netdev <netdev@...r.kernel.org>,
        Linux ARM <linux-arm-kernel@...ts.infradead.org>,
        "moderated list:ARM/Mediatek SoC..." 
        <linux-mediatek@...ts.infradead.org>,
        Stephane Le Provost <stephane.leprovost@...iatek.com>,
        Pedro Tsai <pedro.tsai@...iatek.com>,
        Andrew Perepech <andrew.perepech@...iatek.com>,
        Bartosz Golaszewski <bgolaszewski@...libre.com>,
        clang-built-linux@...glegroups.com
Subject: Re: [PATCH v5 06/11] net: ethernet: mtk-star-emac: new driver

śr., 27 maj 2020 o 09:31 Nathan Chancellor <natechancellor@...il.com>
napisał(a):
>
> On Fri, May 22, 2020 at 02:06:55PM +0200, Bartosz Golaszewski wrote:
>
> <snip>
>
> > diff --git a/drivers/net/ethernet/mediatek/mtk_star_emac.c b/drivers/net/ethernet/mediatek/mtk_star_emac.c
> > new file mode 100644
> > index 000000000000..789c77af501f
> > --- /dev/null
> > +++ b/drivers/net/ethernet/mediatek/mtk_star_emac.c
> > @@ -0,0 +1,1678 @@
>
> <snip>
>
> I've searched netdev and I cannot find any reports from others but this
> function introduces a clang warning:
>
> drivers/net/ethernet/mediatek/mtk_star_emac.c:1296:6: warning: variable 'new_dma_addr' is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized]
>         if (!new_skb) {
>             ^~~~~~~~
> drivers/net/ethernet/mediatek/mtk_star_emac.c:1321:23: note: uninitialized use occurs here
>         desc_data.dma_addr = new_dma_addr;
>                              ^~~~~~~~~~~~
> drivers/net/ethernet/mediatek/mtk_star_emac.c:1296:2: note: remove the 'if' if its condition is always false
>         if (!new_skb) {
>         ^~~~~~~~~~~~~~~
> drivers/net/ethernet/mediatek/mtk_star_emac.c:1285:6: warning: variable 'new_dma_addr' is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized]
>         if ((desc_data.flags & MTK_STAR_DESC_BIT_RX_CRCE) ||
>             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> drivers/net/ethernet/mediatek/mtk_star_emac.c:1321:23: note: uninitialized use occurs here
>         desc_data.dma_addr = new_dma_addr;
>                              ^~~~~~~~~~~~
> drivers/net/ethernet/mediatek/mtk_star_emac.c:1285:2: note: remove the 'if' if its condition is always false
>         if ((desc_data.flags & MTK_STAR_DESC_BIT_RX_CRCE) ||
>         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> drivers/net/ethernet/mediatek/mtk_star_emac.c:1285:6: warning: variable 'new_dma_addr' is used uninitialized whenever '||' condition is true [-Wsometimes-uninitialized]
>         if ((desc_data.flags & MTK_STAR_DESC_BIT_RX_CRCE) ||
>             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> drivers/net/ethernet/mediatek/mtk_star_emac.c:1321:23: note: uninitialized use occurs here
>         desc_data.dma_addr = new_dma_addr;
>                              ^~~~~~~~~~~~
> drivers/net/ethernet/mediatek/mtk_star_emac.c:1285:6: note: remove the '||' if its condition is always false
>         if ((desc_data.flags & MTK_STAR_DESC_BIT_RX_CRCE) ||
>             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> drivers/net/ethernet/mediatek/mtk_star_emac.c:1274:25: note: initialize the variable 'new_dma_addr' to silence this warning
>         dma_addr_t new_dma_addr;
>                                ^
>                                 = 0
> 3 warnings generated.
>
> > +static int mtk_star_receive_packet(struct mtk_star_priv *priv)
> > +{
> > +     struct mtk_star_ring *ring = &priv->rx_ring;
> > +     struct device *dev = mtk_star_get_dev(priv);
> > +     struct mtk_star_ring_desc_data desc_data;
> > +     struct net_device *ndev = priv->ndev;
> > +     struct sk_buff *curr_skb, *new_skb;
> > +     dma_addr_t new_dma_addr;
>
> Uninitialized here
>
> > +     int ret;
> > +
> > +     spin_lock(&priv->lock);
> > +     ret = mtk_star_ring_pop_tail(ring, &desc_data);
> > +     spin_unlock(&priv->lock);
> > +     if (ret)
> > +             return -1;
> > +
> > +     curr_skb = desc_data.skb;
> > +
> > +     if ((desc_data.flags & MTK_STAR_DESC_BIT_RX_CRCE) ||
> > +         (desc_data.flags & MTK_STAR_DESC_BIT_RX_OSIZE)) {
> > +             /* Error packet -> drop and reuse skb. */
> > +             new_skb = curr_skb;
> > +             goto push_new_skb;
>
> this goto
>
> > +     }
> > +
> > +     /* Prepare new skb before receiving the current one. Reuse the current
> > +      * skb if we fail at any point.
> > +      */
> > +     new_skb = mtk_star_alloc_skb(ndev);
> > +     if (!new_skb) {
> > +             ndev->stats.rx_dropped++;
> > +             new_skb = curr_skb;
> > +             goto push_new_skb;
>
> and this goto
>
> > +     }
> > +
> > +     new_dma_addr = mtk_star_dma_map_rx(priv, new_skb);
> > +     if (dma_mapping_error(dev, new_dma_addr)) {
> > +             ndev->stats.rx_dropped++;
> > +             dev_kfree_skb(new_skb);
> > +             new_skb = curr_skb;
> > +             netdev_err(ndev, "DMA mapping error of RX descriptor\n");
> > +             goto push_new_skb;
> > +     }
> > +
> > +     /* We can't fail anymore at this point: it's safe to unmap the skb. */
> > +     mtk_star_dma_unmap_rx(priv, &desc_data);
> > +
> > +     skb_put(desc_data.skb, desc_data.len);
> > +     desc_data.skb->ip_summed = CHECKSUM_NONE;
> > +     desc_data.skb->protocol = eth_type_trans(desc_data.skb, ndev);
> > +     desc_data.skb->dev = ndev;
> > +     netif_receive_skb(desc_data.skb);
> > +
> > +push_new_skb:
> > +     desc_data.dma_addr = new_dma_addr;
>
> assign it uninitialized here.
>
> > +     desc_data.len = skb_tailroom(new_skb);
> > +     desc_data.skb = new_skb;
> > +
> > +     spin_lock(&priv->lock);
> > +     mtk_star_ring_push_head_rx(ring, &desc_data);
> > +     spin_unlock(&priv->lock);
> > +
> > +     return 0;
> > +}
>
> I don't know if there should be a new label that excludes that
> assignment for those particular gotos or if new_dma_addr should
> be initialized to something at the top. Please take a look at
> addressing this when you get a chance.
>
> Cheers,
> Nathan

Hi Nathan,

Thanks for reporting this! I have a fix ready and will send it shortly.

Bartosz

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ