| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 6 Nov 2020 09:42:13 -0800
From: Jakub Kicinski <kuba@...nel.org>
To: David Laight <David.Laight@...LAB.COM>
Cc: Andrew Lunn <andrew@...n.ch>, netdev <netdev@...r.kernel.org>,
Nicolas Pitre <nico@...xnic.net>,
"Lee Jones" <lee.jones@...aro.org>
Subject: Re: [PATCH net-next v2 1/7] drivers: net: smc91x: Fix set but
unused W=1 warning
On Fri, 6 Nov 2020 08:48:47 +0000 David Laight wrote:
> > > +#define SMC_GET_PKT_HDR_STATUS(lp, status) \
> > > + do { \
> > > + if (SMC_32BIT(lp)) { \
> > > + unsigned int __val = SMC_inl(ioaddr, DATA_REG(lp)); \
> > > + (status) = __val & 0xffff; \
> > > + } else { \
> > > + (status) = SMC_inw(ioaddr, DATA_REG(lp)); \
> > > + } \
> > > + } while (0)
> >
> > This is the original/full macro:
> >
> > #define SMC_GET_PKT_HDR(lp, status, length) \
> > do { \
> > if (SMC_32BIT(lp)) { \
> > unsigned int __val = SMC_inl(ioaddr, DATA_REG(lp)); \
> > (status) = __val & 0xffff; \
> > (length) = __val >> 16; \
> > } else { \
> > (status) = SMC_inw(ioaddr, DATA_REG(lp)); \
> > (length) = SMC_inw(ioaddr, DATA_REG(lp)); \
> > } \
> > } while (0)
> >
> > Note that it reads the same address twice in the else branch.
> >
> > I'm 90% sure we can't remove the read here either so best treat it
> > like the ones in patch 3, right?
>
> One of the two SMC_inw() needs to use 'ioaddr + 2'.
> Probably the one for (length).
>
> The code may also be buggy on BE systems.
More proof that this code is fragile.
Changing IO accesses is not acceptable in a "warning cleanup" patch,
unless it can be tested on real HW.
We can follow up on the issues you see separately, please.
Powered by blists - more mailing lists