| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7102fb731c18f7b10f19f6bdc05d8a7f74e43feb.camel@redhat.com>
Date: Thu, 05 Oct 2023 10:06:22 +0200
From: Paolo Abeni <pabeni@...hat.com>
To: Vladimir Oltean <olteanv@...il.com>, Oleksij Rempel
<o.rempel@...gutronix.de>
Cc: Dan Carpenter <dan.carpenter@...aro.org>, Oleksij Rempel
<linux@...pel-privat.de>, Woojung Huh <woojung.huh@...rochip.com>,
UNGLinuxDriver@...rochip.com, Andrew Lunn <andrew@...n.ch>, Florian
Fainelli <f.fainelli@...il.com>, "David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
netdev@...r.kernel.org, kernel-janitors@...r.kernel.org
Subject: Re: [PATCH net-next] net: dsa: microchip: Uninitialized variable in
ksz9477_acl_move_entries()
On Mon, 2023-10-02 at 18:28 +0300, Vladimir Oltean wrote:
> Hi Oleksij,
>
> On Wed, Sep 27, 2023 at 04:46:24PM +0200, Oleksij Rempel wrote:
> > On Wed, Sep 27, 2023 at 03:53:37PM +0300, Dan Carpenter wrote:
> > > Smatch complains that if "src_idx" equals "dst_idx" then
> > > ksz9477_validate_and_get_src_count() doesn't initialized "src_count".
> > > Set it to zero for this situation.
> > >
> > > Fixes: 002841be134e ("net: dsa: microchip: Add partial ACL support for ksz9477 switches")
> > > Signed-off-by: Dan Carpenter <dan.carpenter@...aro.org>
> >
> > Reviewed-by: Oleksij Rempel <o.rempel@...gutronix.de>
> >
> > Thank you!
> >
> > > ---
> > > drivers/net/dsa/microchip/ksz9477_acl.c | 3 ++-
> > > 1 file changed, 2 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/drivers/net/dsa/microchip/ksz9477_acl.c b/drivers/net/dsa/microchip/ksz9477_acl.c
> > > index 06d74c19eb94..e554cd4a024b 100644
> > > --- a/drivers/net/dsa/microchip/ksz9477_acl.c
> > > +++ b/drivers/net/dsa/microchip/ksz9477_acl.c
> > > @@ -554,7 +554,8 @@ static int ksz9477_acl_move_entries(struct ksz_device *dev, int port,
> > > struct ksz9477_acl_entry buffer[KSZ9477_ACL_MAX_ENTRIES];
> > > struct ksz9477_acl_priv *acl = dev->ports[port].acl_priv;
> > > struct ksz9477_acl_entries *acles = &acl->acles;
> > > - int src_count, ret, dst_count;
> > > + int ret, dst_count;
> > > + int src_count = 0;
> > >
> > > ret = ksz9477_validate_and_get_src_count(dev, port, src_idx, dst_idx,
> > > &src_count, &dst_count);
> > > --
> > > 2.39.2
> > >
> > >
> > >
> >
> > --
> > Pengutronix e.K. | |
> > Steuerwalder Str. 21 | http://www.pengutronix.de/ |
> > 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
> > Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
>
> For the case where src_idx == dst_idx that Dan points out, is this patch
> sufficient to ensure that ksz9477_acl_move_entries() will not execute
> unwanted code paths? For example, it will still call ksz9477_move_entries_upwards(),
> which from what I can tell, will do something given the way in which it's written.
>
> Perhaps it would be better to move this line:
>
> /* Nothing to do */
> if (src_idx == dst_idx)
> return 0;
>
> outside of ksz9477_validate_and_get_src_count() and into its single caller,
> ksz9477_acl_move_entries()?
Additionally, it looks like that when (src_idx == dst_idx) even
dst_count is not initialized but is still later used.
Cheers,
Paolo
Powered by blists - more mailing lists