| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200720163121.sihkkncthvwnfqd7@skbuf>
Date: Mon, 20 Jul 2020 19:31:21 +0300
From: Vladimir Oltean <olteanv@...il.com>
To: Colin Ian King <colin.king@...onical.com>
Cc: Vladimir Oltean <vladimir.oltean@....com>,
Andrew Lunn <andrew@...n.ch>,
Florian Fainelli <f.fainelli@...il.com>,
Heiner Kallweit <hkallweit1@...il.com>,
Russell King <linux@...linux.org.uk>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>, netdev@...r.kernel.org,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: net: phy: continue searching for C45 MMDs even if first returned
ffff:ffff
On Mon, Jul 20, 2020 at 05:21:13PM +0100, Colin Ian King wrote:
> Hi,
>
> Static analysis by Coverity has found a potential issue with the
> following commit in /drivers/net/phy/phy_device.c:
>
> commit bba238ed037c60242332dd1e4c5778af9eba4d9b
> Author: Vladimir Oltean <vladimir.oltean@....com>
> Date: Sun Jul 12 19:48:15 2020 +0300
>
> net: phy: continue searching for C45 MMDs even if first returned
> ffff:ffff
>
> The analysis is as follows:
>
> 735 * for 802.3 c45 complied PHYs, so don't probe it at first.
> 736 */
>
> dead_error_condition: The condition (devs_in_pkg & 0x1fffffffU) ==
> 0x1fffffffU cannot be true.
>
> 737 for (i = 1; i < MDIO_MMD_NUM && devs_in_pkg == 0 &&
>
> const: At condition (devs_in_pkg & 0x1fffffffU) == 0x1fffffffU, the
> value of devs_in_pkg must be equal to 0.
>
> 738 (devs_in_pkg & 0x1fffffff) == 0x1fffffff; i++) {
>
> Logically dead code (DEADCODE)dead_error_line: Execution cannot reach
> this statement: if (i == 30 || i == 31) {
>
> To summarize, if devs_in_pkg is zero, then (devs_in_pkg & 0x1fffffffU)
> == 0x1fffffffU can never be true, so the loop is never iterated over.
>
> Colin
You are absolutely correct. The check should have been || and not &&.
I have a patch in my tree where I am fixing that. I was giving it some
more thorough testing to understand why it was working, though, and how
I could've missed it. One hypothesis I can't rule out is that I tested
it using || but submitted it using && somehow (although I don't remember
doing that).
Thanks,
-Vladimir
Powered by blists - more mailing lists