[PATCH][next] net: dsa: sja1105: fix comparisons against uninitialized status fields

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH][next] net: dsa: sja1105: fix comparisons against uninitialized status fields
@ 2019-05-07  8:44 Colin King
  2019-05-07  9:20 ` Dan Carpenter
  0 siblings, 1 reply; 4+ messages in thread
From: Colin King @ 2019-05-07  8:44 UTC (permalink / raw)
  To: Vladimir Oltean, Andrew Lunn, Vivien Didelot, Florian Fainelli,
	David S . Miller, linux-kernel
  Cc: kernel-janitors, netdev

From: Colin Ian King <colin.king@canonical.com>

The call to sja1105_status_get to set various fields in the status
structure can potentially be skipped in a while-loop because of a couple
of prior continuation jump paths. This can potientially lead to checking
be checking against an uninitialized fields in the structure which may
lead to unexpected results.  Fix this by ensuring all the fields in status
are initialized to zero to be safe.

Addresses-Coverity: ("Uninitialized scalar variable")
Fixes: 8aa9ebccae87 ("net: dsa: Introduce driver for NXP SJA1105 5-port L2 switch")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 drivers/net/dsa/sja1105/sja1105_spi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/dsa/sja1105/sja1105_spi.c b/drivers/net/dsa/sja1105/sja1105_spi.c
index 244a94ccfc18..76f6a51e10d9 100644
--- a/drivers/net/dsa/sja1105/sja1105_spi.c
+++ b/drivers/net/dsa/sja1105/sja1105_spi.c
@@ -394,7 +394,7 @@ int sja1105_static_config_upload(struct sja1105_private *priv)
 	struct sja1105_static_config *config = &priv->static_config;
 	const struct sja1105_regs *regs = priv->info->regs;
 	struct device *dev = &priv->spidev->dev;
-	struct sja1105_status status;
+	struct sja1105_status status = {};
 	int rc, retries = RETRIES;
 	u8 *config_buf;
 	int buf_len;
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH][next] net: dsa: sja1105: fix comparisons against uninitialized status fields
  2019-05-07  8:44 [PATCH][next] net: dsa: sja1105: fix comparisons against uninitialized status fields Colin King
@ 2019-05-07  9:20 ` Dan Carpenter
  2019-05-07  9:29   ` Colin Ian King
  0 siblings, 1 reply; 4+ messages in thread
From: Dan Carpenter @ 2019-05-07  9:20 UTC (permalink / raw)
  To: Colin King
  Cc: Vladimir Oltean, Andrew Lunn, Vivien Didelot, Florian Fainelli,
	David S . Miller, linux-kernel, kernel-janitors, netdev

On Tue, May 07, 2019 at 09:44:58AM +0100, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
> 
> The call to sja1105_status_get to set various fields in the status
> structure can potentially be skipped in a while-loop because of a couple
> of prior continuation jump paths. This can potientially lead to checking
> be checking against an uninitialized fields in the structure which may
> lead to unexpected results.  Fix this by ensuring all the fields in status
> are initialized to zero to be safe.
> 
> Addresses-Coverity: ("Uninitialized scalar variable")
> Fixes: 8aa9ebccae87 ("net: dsa: Introduce driver for NXP SJA1105 5-port L2 switch")
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
>  drivers/net/dsa/sja1105/sja1105_spi.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/net/dsa/sja1105/sja1105_spi.c b/drivers/net/dsa/sja1105/sja1105_spi.c
> index 244a94ccfc18..76f6a51e10d9 100644
> --- a/drivers/net/dsa/sja1105/sja1105_spi.c
> +++ b/drivers/net/dsa/sja1105/sja1105_spi.c
> @@ -394,7 +394,7 @@ int sja1105_static_config_upload(struct sja1105_private *priv)
>  	struct sja1105_static_config *config = &priv->static_config;
>  	const struct sja1105_regs *regs = priv->info->regs;
>  	struct device *dev = &priv->spidev->dev;
> -	struct sja1105_status status;
> +	struct sja1105_status status = {};

The exit condition isn't right.  It should continue if ret is negative
or the CRC stuff is invalid but right now it's ignoring ret.  It would
be better could just add a break statement at the very end and remove
the status checks.  Like so:

diff --git a/drivers/net/dsa/sja1105/sja1105_spi.c b/drivers/net/dsa/sja1105/sja1105_spi.c
index 244a94ccfc18..3af3b0f3cc44 100644
--- a/drivers/net/dsa/sja1105/sja1105_spi.c
+++ b/drivers/net/dsa/sja1105/sja1105_spi.c
@@ -466,8 +466,9 @@ int sja1105_static_config_upload(struct sja1105_private *priv)
 				"invalid, retrying...\n");
 			continue;
 		}
-	} while (--retries && (status.crcchkl == 1 || status.crcchkg == 1 ||
-		 status.configs == 0 || status.ids == 1));
+		/* Success! */
+		break;
+	} while (--retries);
 
 	if (!retries) {
 		rc = -EIO;

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH][next] net: dsa: sja1105: fix comparisons against uninitialized status fields
  2019-05-07  9:20 ` Dan Carpenter
@ 2019-05-07  9:29   ` Colin Ian King
  2019-05-07 10:23     ` walter harms
  0 siblings, 1 reply; 4+ messages in thread
From: Colin Ian King @ 2019-05-07  9:29 UTC (permalink / raw)
  To: Dan Carpenter
  Cc: Vladimir Oltean, Andrew Lunn, Vivien Didelot, Florian Fainelli,
	David S . Miller, linux-kernel, kernel-janitors, netdev

On 07/05/2019 10:20, Dan Carpenter wrote:
> On Tue, May 07, 2019 at 09:44:58AM +0100, Colin King wrote:
>> From: Colin Ian King <colin.king@canonical.com>
>>
>> The call to sja1105_status_get to set various fields in the status
>> structure can potentially be skipped in a while-loop because of a couple
>> of prior continuation jump paths. This can potientially lead to checking
>> be checking against an uninitialized fields in the structure which may
>> lead to unexpected results.  Fix this by ensuring all the fields in status
>> are initialized to zero to be safe.
>>
>> Addresses-Coverity: ("Uninitialized scalar variable")
>> Fixes: 8aa9ebccae87 ("net: dsa: Introduce driver for NXP SJA1105 5-port L2 switch")
>> Signed-off-by: Colin Ian King <colin.king@canonical.com>
>> ---
>>  drivers/net/dsa/sja1105/sja1105_spi.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/net/dsa/sja1105/sja1105_spi.c b/drivers/net/dsa/sja1105/sja1105_spi.c
>> index 244a94ccfc18..76f6a51e10d9 100644
>> --- a/drivers/net/dsa/sja1105/sja1105_spi.c
>> +++ b/drivers/net/dsa/sja1105/sja1105_spi.c
>> @@ -394,7 +394,7 @@ int sja1105_static_config_upload(struct sja1105_private *priv)
>>  	struct sja1105_static_config *config = &priv->static_config;
>>  	const struct sja1105_regs *regs = priv->info->regs;
>>  	struct device *dev = &priv->spidev->dev;
>> -	struct sja1105_status status;
>> +	struct sja1105_status status = {};
> 
> The exit condition isn't right.  It should continue if ret is negative
> or the CRC stuff is invalid but right now it's ignoring ret.  It would
> be better could just add a break statement at the very end and remove
> the status checks.  Like so:
> 
> diff --git a/drivers/net/dsa/sja1105/sja1105_spi.c b/drivers/net/dsa/sja1105/sja1105_spi.c
> index 244a94ccfc18..3af3b0f3cc44 100644
> --- a/drivers/net/dsa/sja1105/sja1105_spi.c
> +++ b/drivers/net/dsa/sja1105/sja1105_spi.c
> @@ -466,8 +466,9 @@ int sja1105_static_config_upload(struct sja1105_private *priv)
>  				"invalid, retrying...\n");
>  			continue;
>  		}
> -	} while (--retries && (status.crcchkl == 1 || status.crcchkg == 1 ||
> -		 status.configs == 0 || status.ids == 1));
> +		/* Success! */
> +		break;
> +	} while (--retries);

Good point, I'll send a V2 for that. Thanks Dan for your keen eyes.

Colin

>  
>  	if (!retries) {
>  		rc = -EIO;
> 


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH][next] net: dsa: sja1105: fix comparisons against uninitialized status fields
  2019-05-07  9:29   ` Colin Ian King
@ 2019-05-07 10:23     ` walter harms
  0 siblings, 0 replies; 4+ messages in thread
From: walter harms @ 2019-05-07 10:23 UTC (permalink / raw)
  To: Colin Ian King
  Cc: Dan Carpenter, Vladimir Oltean, Andrew Lunn, Vivien Didelot,
	Florian Fainelli, David S . Miller, linux-kernel,
	kernel-janitors, netdev



Am 07.05.2019 11:29, schrieb Colin Ian King:
> On 07/05/2019 10:20, Dan Carpenter wrote:
>> On Tue, May 07, 2019 at 09:44:58AM +0100, Colin King wrote:
>>> From: Colin Ian King <colin.king@canonical.com>
>>>
>>> The call to sja1105_status_get to set various fields in the status
>>> structure can potentially be skipped in a while-loop because of a couple
>>> of prior continuation jump paths. This can potientially lead to checking
>>> be checking against an uninitialized fields in the structure which may
>>> lead to unexpected results.  Fix this by ensuring all the fields in status
>>> are initialized to zero to be safe.
>>>
>>> Addresses-Coverity: ("Uninitialized scalar variable")
>>> Fixes: 8aa9ebccae87 ("net: dsa: Introduce driver for NXP SJA1105 5-port L2 switch")
>>> Signed-off-by: Colin Ian King <colin.king@canonical.com>
>>> ---
>>>  drivers/net/dsa/sja1105/sja1105_spi.c | 2 +-
>>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/net/dsa/sja1105/sja1105_spi.c b/drivers/net/dsa/sja1105/sja1105_spi.c
>>> index 244a94ccfc18..76f6a51e10d9 100644
>>> --- a/drivers/net/dsa/sja1105/sja1105_spi.c
>>> +++ b/drivers/net/dsa/sja1105/sja1105_spi.c
>>> @@ -394,7 +394,7 @@ int sja1105_static_config_upload(struct sja1105_private *priv)
>>>  	struct sja1105_static_config *config = &priv->static_config;
>>>  	const struct sja1105_regs *regs = priv->info->regs;
>>>  	struct device *dev = &priv->spidev->dev;
>>> -	struct sja1105_status status;
>>> +	struct sja1105_status status = {};
>>
>> The exit condition isn't right.  It should continue if ret is negative
>> or the CRC stuff is invalid but right now it's ignoring ret.  It would
>> be better could just add a break statement at the very end and remove
>> the status checks.  Like so:
>>
>> diff --git a/drivers/net/dsa/sja1105/sja1105_spi.c b/drivers/net/dsa/sja1105/sja1105_spi.c
>> index 244a94ccfc18..3af3b0f3cc44 100644
>> --- a/drivers/net/dsa/sja1105/sja1105_spi.c
>> +++ b/drivers/net/dsa/sja1105/sja1105_spi.c
>> @@ -466,8 +466,9 @@ int sja1105_static_config_upload(struct sja1105_private *priv)
>>  				"invalid, retrying...\n");
>>  			continue;
>>  		}
>> -	} while (--retries && (status.crcchkl == 1 || status.crcchkg == 1 ||
>> -		 status.configs == 0 || status.ids == 1));
>> +		/* Success! */
>> +		break;
>> +	} while (--retries);
> 
> Good point, I'll send a V2 for that. Thanks Dan for your keen eyes.
> 

please do not put everything into the while condition.
It make that hard to read, just add if () break to detangle that.

re,
 wh

> Colin
> 
>>  
>>  	if (!retries) {
>>  		rc = -EIO;
>>
> 
> 

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2019-05-07 10:31 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-07  8:44 [PATCH][next] net: dsa: sja1105: fix comparisons against uninitialized status fields Colin King
2019-05-07  9:20 ` Dan Carpenter
2019-05-07  9:29   ` Colin Ian King
2019-05-07 10:23     ` walter harms

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).