lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 05 Oct 2023 10:06:22 +0200
From: Paolo Abeni <pabeni@...hat.com>
To: Vladimir Oltean <olteanv@...il.com>, Oleksij Rempel
	 <o.rempel@...gutronix.de>
Cc: Dan Carpenter <dan.carpenter@...aro.org>, Oleksij Rempel
 <linux@...pel-privat.de>, Woojung Huh <woojung.huh@...rochip.com>, 
 UNGLinuxDriver@...rochip.com, Andrew Lunn <andrew@...n.ch>, Florian
 Fainelli <f.fainelli@...il.com>, "David S. Miller" <davem@...emloft.net>,
 Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
 netdev@...r.kernel.org,  kernel-janitors@...r.kernel.org
Subject: Re: [PATCH net-next] net: dsa: microchip: Uninitialized variable in
 ksz9477_acl_move_entries()

On Mon, 2023-10-02 at 18:28 +0300, Vladimir Oltean wrote:
> Hi Oleksij,
> 
> On Wed, Sep 27, 2023 at 04:46:24PM +0200, Oleksij Rempel wrote:
> > On Wed, Sep 27, 2023 at 03:53:37PM +0300, Dan Carpenter wrote:
> > > Smatch complains that if "src_idx" equals "dst_idx" then
> > > ksz9477_validate_and_get_src_count() doesn't initialized "src_count".
> > > Set it to zero for this situation.
> > > 
> > > Fixes: 002841be134e ("net: dsa: microchip: Add partial ACL support for ksz9477 switches")
> > > Signed-off-by: Dan Carpenter <dan.carpenter@...aro.org>
> > 
> > Reviewed-by: Oleksij Rempel <o.rempel@...gutronix.de>
> > 
> > Thank you!
> > 
> > > ---
> > >  drivers/net/dsa/microchip/ksz9477_acl.c | 3 ++-
> > >  1 file changed, 2 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/drivers/net/dsa/microchip/ksz9477_acl.c b/drivers/net/dsa/microchip/ksz9477_acl.c
> > > index 06d74c19eb94..e554cd4a024b 100644
> > > --- a/drivers/net/dsa/microchip/ksz9477_acl.c
> > > +++ b/drivers/net/dsa/microchip/ksz9477_acl.c
> > > @@ -554,7 +554,8 @@ static int ksz9477_acl_move_entries(struct ksz_device *dev, int port,
> > >  	struct ksz9477_acl_entry buffer[KSZ9477_ACL_MAX_ENTRIES];
> > >  	struct ksz9477_acl_priv *acl = dev->ports[port].acl_priv;
> > >  	struct ksz9477_acl_entries *acles = &acl->acles;
> > > -	int src_count, ret, dst_count;
> > > +	int ret, dst_count;
> > > +	int src_count = 0;
> > >  
> > >  	ret = ksz9477_validate_and_get_src_count(dev, port, src_idx, dst_idx,
> > >  						 &src_count, &dst_count);
> > > -- 
> > > 2.39.2
> > > 
> > > 
> > > 
> > 
> > -- 
> > Pengutronix e.K.                           |                             |
> > Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
> > 31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
> > Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |
> 
> For the case where src_idx == dst_idx that Dan points out, is this patch
> sufficient to ensure that ksz9477_acl_move_entries() will not execute
> unwanted code paths? For example, it will still call ksz9477_move_entries_upwards(),
> which from what I can tell, will do something given the way in which it's written.
> 
> Perhaps it would be better to move this line:
> 
> 	/* Nothing to do */
> 	if (src_idx == dst_idx)
> 		return 0;
> 
> outside of ksz9477_validate_and_get_src_count() and into its single caller,
> ksz9477_acl_move_entries()?

Additionally, it looks like that when (src_idx == dst_idx) even
dst_count is not initialized but is still later used.

Cheers,

Paolo


Powered by blists - more mailing lists