lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20220921074440.GA2950045@gauss3.secunet.de>
Date:   Wed, 21 Sep 2022 09:44:40 +0200
From:   Steffen Klassert <steffen.klassert@...unet.com>
To:     Li Zhong <floridsleeves@...il.com>
CC:     <linux-kernel@...r.kernel.org>, <netdev@...r.kernel.org>,
        <f.fainelli@...il.com>, <pabeni@...hat.com>, <kuba@...nel.org>,
        <edumazet@...gle.com>, <davem@...emloft.net>, <klassert@...nel.org>
Subject: Re: [PATCH v1] drivers/net/ethernet/3com: check the return value of
 vortex_up()

On Tue, Sep 20, 2022 at 09:15:35AM -0700, Li Zhong wrote:
> On Tue, Sep 20, 2022 at 3:02 AM Steffen Klassert
> <steffen.klassert@...unet.com> wrote:
> >
> > On Mon, Sep 19, 2022 at 12:36:31AM -0700, Li Zhong wrote:
> > > Check the return value of vortex_up(), which could be error code when
> > > the rx ring is not full.
> > >
> > > Signed-off-by: Li Zhong <floridsleeves@...il.com>
> > > ---
> > >  drivers/net/ethernet/3com/3c59x.c | 5 ++++-
> > >  1 file changed, 4 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/drivers/net/ethernet/3com/3c59x.c b/drivers/net/ethernet/3com/3c59x.c
> > > index ccf07667aa5e..7806c5f60ac8 100644
> > > --- a/drivers/net/ethernet/3com/3c59x.c
> > > +++ b/drivers/net/ethernet/3com/3c59x.c
> > > @@ -1942,6 +1942,7 @@ vortex_error(struct net_device *dev, int status)
> > >       void __iomem *ioaddr = vp->ioaddr;
> > >       int do_tx_reset = 0, reset_mask = 0;
> > >       unsigned char tx_status = 0;
> > > +     int err;
> > >
> > >       if (vortex_debug > 2) {
> > >               pr_err("%s: vortex_error(), status=0x%x\n", dev->name, status);
> > > @@ -2016,7 +2017,9 @@ vortex_error(struct net_device *dev, int status)
> > >                       /* Must not enter D3 or we can't legally issue the reset! */
> > >                       vortex_down(dev, 0);
> > >                       issue_and_wait(dev, TotalReset | 0xff);
> > > -                     vortex_up(dev);         /* AKPM: bug.  vortex_up() assumes that the rx ring is full. It may not be. */
> > > +                     err = vortex_up(dev);
> > > +                     if (err)
> > > +                             return;
> >
> > Why does that fix the bug mentioned in the above comment?
> >
> 
> Since the bug is an unchecked error

No, it is not. It is completely pointless to check the error value here.

> we detect it with static analysis and
> validate it's a bug by the comment we see above the code.

This code is from the nineties, so it is unfixed for more
then 20 years. Do you really think Andrew Morton would have
added this comment if the fix is that easy?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ