* [net-dsa-mv88e6xxx] question about potential use of uninitialized variable
@ 2017-05-11 21:35 Gustavo A. R. Silva
2017-05-12 2:33 ` Andrew Lunn
0 siblings, 1 reply; 5+ messages in thread
From: Gustavo A. R. Silva @ 2017-05-11 21:35 UTC (permalink / raw)
To: Andrew Lunn, Vivien Didelot, Florian Fainelli; +Cc: netdev, linux-kernel
Hello everybody,
While looking into Coverity ID 1398130 I ran into the following piece
of code at drivers/net/dsa/mv88e6xxx/chip.c:849:
849static uint64_t _mv88e6xxx_get_ethtool_stat(struct mv88e6xxx_chip *chip,
850 struct mv88e6xxx_hw_stat *s,
851 int port, u16 bank1_select,
852 u16 histogram)
853{
854 u32 low;
855 u32 high = 0;
856 u16 reg = 0;
857 int err;
858 u64 value;
859
860 switch (s->type) {
861 case STATS_TYPE_PORT:
862 err = mv88e6xxx_port_read(chip, port, s->reg, ®);
863 if (err)
864 return UINT64_MAX;
865
866 low = reg;
867 if (s->sizeof_stat == 4) {
868 err = mv88e6xxx_port_read(chip, port,
s->reg + 1, ®);
869 if (err)
870 return UINT64_MAX;
871 high = reg;
872 }
873 break;
874 case STATS_TYPE_BANK1:
875 reg = bank1_select;
876 /* fall through */
877 case STATS_TYPE_BANK0:
878 reg |= s->reg | histogram;
879 mv88e6xxx_g1_stats_read(chip, reg, &low);
880 if (s->sizeof_stat == 8)
881 mv88e6xxx_g1_stats_read(chip, reg + 1, &high);
882 }
883 value = (((u64)high) << 16) | low;
884 return value;
885}
My question here is if there is any chance for the execution path to
directly jump from line 860 to line 883, hence ending up using the
uninitialized variable _low_?
I'm trying to figure out if this is a false positive or something that
needs to be fixed.
I'd really appreciate any comment on this.
Thank you!
--
Gustavo A. R. Silva
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [net-dsa-mv88e6xxx] question about potential use of uninitialized variable
2017-05-11 21:35 [net-dsa-mv88e6xxx] question about potential use of uninitialized variable Gustavo A. R. Silva
@ 2017-05-12 2:33 ` Andrew Lunn
2017-05-12 2:48 ` Gustavo A. R. Silva
0 siblings, 1 reply; 5+ messages in thread
From: Andrew Lunn @ 2017-05-12 2:33 UTC (permalink / raw)
To: Gustavo A. R. Silva
Cc: Vivien Didelot, Florian Fainelli, netdev, linux-kernel
On Thu, May 11, 2017 at 04:35:37PM -0500, Gustavo A. R. Silva wrote:
>
> Hello everybody,
>
> While looking into Coverity ID 1398130 I ran into the following
> piece of code at drivers/net/dsa/mv88e6xxx/chip.c:849:
>
> 849static uint64_t _mv88e6xxx_get_ethtool_stat(struct mv88e6xxx_chip *chip,
> 850 struct mv88e6xxx_hw_stat *s,
> 851 int port, u16 bank1_select,
> 852 u16 histogram)
> 853{
> 854 u32 low;
> 855 u32 high = 0;
> 856 u16 reg = 0;
> 857 int err;
> 858 u64 value;
> 859
> 860 switch (s->type) {
> 861 case STATS_TYPE_PORT:
> 862 err = mv88e6xxx_port_read(chip, port, s->reg, ®);
> 863 if (err)
> 864 return UINT64_MAX;
> 865
> 866 low = reg;
> 867 if (s->sizeof_stat == 4) {
> 868 err = mv88e6xxx_port_read(chip, port,
> s->reg + 1, ®);
> 869 if (err)
> 870 return UINT64_MAX;
> 871 high = reg;
> 872 }
> 873 break;
> 874 case STATS_TYPE_BANK1:
> 875 reg = bank1_select;
> 876 /* fall through */
> 877 case STATS_TYPE_BANK0:
> 878 reg |= s->reg | histogram;
> 879 mv88e6xxx_g1_stats_read(chip, reg, &low);
> 880 if (s->sizeof_stat == 8)
> 881 mv88e6xxx_g1_stats_read(chip, reg + 1, &high);
> 882 }
> 883 value = (((u64)high) << 16) | low;
> 884 return value;
> 885}
>
> My question here is if there is any chance for the execution path to
> directly jump from line 860 to line 883, hence ending up using the
> uninitialized variable _low_?
Hi Gustavo
It would require that s->type not have one of the listed case values.
Currently all members of mv88e6xxx_hw_stats due use expected values.
However, it would not hurt to add a
default:
return UINT64_MAX;
Do you want to submit a patch?
Thanks
Andrew
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [net-dsa-mv88e6xxx] question about potential use of uninitialized variable
2017-05-12 2:33 ` Andrew Lunn
@ 2017-05-12 2:48 ` Gustavo A. R. Silva
2017-05-12 3:11 ` [PATCH] net: dsa: mv88e6xxx: add default case to switch Gustavo A. R. Silva
0 siblings, 1 reply; 5+ messages in thread
From: Gustavo A. R. Silva @ 2017-05-12 2:48 UTC (permalink / raw)
To: Andrew Lunn; +Cc: Vivien Didelot, Florian Fainelli, netdev, linux-kernel
Hi Andrew,
Quoting Andrew Lunn <andrew@lunn.ch>:
> On Thu, May 11, 2017 at 04:35:37PM -0500, Gustavo A. R. Silva wrote:
>>
>> Hello everybody,
>>
>> While looking into Coverity ID 1398130 I ran into the following
>> piece of code at drivers/net/dsa/mv88e6xxx/chip.c:849:
>>
>> 849static uint64_t _mv88e6xxx_get_ethtool_stat(struct mv88e6xxx_chip *chip,
>> 850 struct mv88e6xxx_hw_stat *s,
>> 851 int port, u16 bank1_select,
>> 852 u16 histogram)
>> 853{
>> 854 u32 low;
>> 855 u32 high = 0;
>> 856 u16 reg = 0;
>> 857 int err;
>> 858 u64 value;
>> 859
>> 860 switch (s->type) {
>> 861 case STATS_TYPE_PORT:
>> 862 err = mv88e6xxx_port_read(chip, port, s->reg, ®);
>> 863 if (err)
>> 864 return UINT64_MAX;
>> 865
>> 866 low = reg;
>> 867 if (s->sizeof_stat == 4) {
>> 868 err = mv88e6xxx_port_read(chip, port,
>> s->reg + 1, ®);
>> 869 if (err)
>> 870 return UINT64_MAX;
>> 871 high = reg;
>> 872 }
>> 873 break;
>> 874 case STATS_TYPE_BANK1:
>> 875 reg = bank1_select;
>> 876 /* fall through */
>> 877 case STATS_TYPE_BANK0:
>> 878 reg |= s->reg | histogram;
>> 879 mv88e6xxx_g1_stats_read(chip, reg, &low);
>> 880 if (s->sizeof_stat == 8)
>> 881 mv88e6xxx_g1_stats_read(chip, reg + 1, &high);
>> 882 }
>> 883 value = (((u64)high) << 16) | low;
>> 884 return value;
>> 885}
>>
>> My question here is if there is any chance for the execution path to
>> directly jump from line 860 to line 883, hence ending up using the
>> uninitialized variable _low_?
>
> Hi Gustavo
>
> It would require that s->type not have one of the listed case values.
> Currently all members of mv88e6xxx_hw_stats due use expected values.
> However, it would not hurt to add a
>
> default:
> return UINT64_MAX;
>
> Do you want to submit a patch?
>
Sure, I'll send it shortly.
Thanks for clarifying!
--
Gustavo A. R. Silva
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH] net: dsa: mv88e6xxx: add default case to switch
2017-05-12 2:48 ` Gustavo A. R. Silva
@ 2017-05-12 3:11 ` Gustavo A. R. Silva
2017-05-12 16:15 ` David Miller
0 siblings, 1 reply; 5+ messages in thread
From: Gustavo A. R. Silva @ 2017-05-12 3:11 UTC (permalink / raw)
To: Andrew Lunn, Vivien Didelot, Florian Fainelli
Cc: netdev, linux-kernel, Gustavo A. R. Silva
Add default case to switch in order to avoid any chance of using an
uninitialized variable _low_, in case s->type does not match any of
the listed case values.
Addresses-Coverity-ID: 1398130
Suggested-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
---
drivers/net/dsa/mv88e6xxx/chip.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c
index 03dc886..d39e210 100644
--- a/drivers/net/dsa/mv88e6xxx/chip.c
+++ b/drivers/net/dsa/mv88e6xxx/chip.c
@@ -879,6 +879,9 @@ static uint64_t _mv88e6xxx_get_ethtool_stat(struct mv88e6xxx_chip *chip,
mv88e6xxx_g1_stats_read(chip, reg, &low);
if (s->sizeof_stat == 8)
mv88e6xxx_g1_stats_read(chip, reg + 1, &high);
+ break;
+ default:
+ return UINT64_MAX;
}
value = (((u64)high) << 16) | low;
return value;
--
2.5.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] net: dsa: mv88e6xxx: add default case to switch
2017-05-12 3:11 ` [PATCH] net: dsa: mv88e6xxx: add default case to switch Gustavo A. R. Silva
@ 2017-05-12 16:15 ` David Miller
0 siblings, 0 replies; 5+ messages in thread
From: David Miller @ 2017-05-12 16:15 UTC (permalink / raw)
To: garsilva; +Cc: andrew, vivien.didelot, f.fainelli, netdev, linux-kernel
From: "Gustavo A. R. Silva" <garsilva@embeddedor.com>
Date: Thu, 11 May 2017 22:11:29 -0500
> Add default case to switch in order to avoid any chance of using an
> uninitialized variable _low_, in case s->type does not match any of
> the listed case values.
>
> Addresses-Coverity-ID: 1398130
> Suggested-by: Andrew Lunn <andrew@lunn.ch>
> Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
Applied, thanks.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-05-12 16:15 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-11 21:35 [net-dsa-mv88e6xxx] question about potential use of uninitialized variable Gustavo A. R. Silva
2017-05-12 2:33 ` Andrew Lunn
2017-05-12 2:48 ` Gustavo A. R. Silva
2017-05-12 3:11 ` [PATCH] net: dsa: mv88e6xxx: add default case to switch Gustavo A. R. Silva
2017-05-12 16:15 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).