From: Kees Cook <keescook@chromium.org>
To: Nick Desaulniers <ndesaulniers@google.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>,
Alexander Potapenko <glider@google.com>,
Joe Perches <joe@perches.com>, Andy Whitcroft <apw@canonical.com>,
"maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)"
<x86@kernel.org>,
drbd-dev@lists.linbit.com, linux-block@vger.kernel.org,
b43-dev@lists.infradead.org,
Network Development <netdev@vger.kernel.org>,
linux-wireless <linux-wireless@vger.kernel.org>,
linux-ide@vger.kernel.org, linux-clk@vger.kernel.org,
linux-spi@vger.kernel.org,
Linux Memory Management List <linux-mm@kvack.org>,
clang-built-linux <clang-built-linux@googlegroups.com>
Subject: Re: [PATCH 03/10] b43: Remove uninitialized_var() usage
Date: Thu, 4 Jun 2020 13:18:31 -0700 [thread overview]
Message-ID: <202006041316.A15D952@keescook> (raw)
In-Reply-To: <CAKwvOdnNuFySqAMk7s_cXqFM=dPX4JfvqNVLCuj90Gn4tzciAw@mail.gmail.com>
On Thu, Jun 04, 2020 at 01:08:44PM -0700, Nick Desaulniers wrote:
> On Wed, Jun 3, 2020 at 4:32 PM Kees Cook <keescook@chromium.org> wrote:
> >
> > Using uninitialized_var() is dangerous as it papers over real bugs[1]
> > (or can in the future), and suppresses unrelated compiler warnings (e.g.
> > "unused variable"). If the compiler thinks it is uninitialized, either
> > simply initialize the variable or make compiler changes. As a precursor
> > to removing[2] this[3] macro[4], just initialize this variable to NULL,
> > and make the (unreachable!) code do a conditional test.
> >
> > [1] https://lore.kernel.org/lkml/20200603174714.192027-1-glider@google.com/
> > [2] https://lore.kernel.org/lkml/CA+55aFw+Vbj0i=1TGqCR5vQkCzWJ0QxK6CernOU6eedsudAixw@mail.gmail.com/
> > [3] https://lore.kernel.org/lkml/CA+55aFwgbgqhbp1fkxvRKEpzyR5J8n1vKT1VZdz9knmPuXhOeg@mail.gmail.com/
> > [4] https://lore.kernel.org/lkml/CA+55aFz2500WfbKXAx8s67wrm9=yVJu65TpLgN_ybYNv0VEOKA@mail.gmail.com/
> >
> > Signed-off-by: Kees Cook <keescook@chromium.org>
> > ---
> > drivers/net/wireless/broadcom/b43/phy_n.c | 10 +++++++---
> > 1 file changed, 7 insertions(+), 3 deletions(-)
> >
> > diff --git a/drivers/net/wireless/broadcom/b43/phy_n.c b/drivers/net/wireless/broadcom/b43/phy_n.c
> > index d3c001fa8eb4..88cdcea10d61 100644
> > --- a/drivers/net/wireless/broadcom/b43/phy_n.c
> > +++ b/drivers/net/wireless/broadcom/b43/phy_n.c
> > @@ -4222,7 +4222,7 @@ static void b43_nphy_tx_gain_table_upload(struct b43_wldev *dev)
>
> The TODOs and `#if 0` in this function are concerning. It looks like
> `rf_pwr_offset_table` is only used when `phy->rev` is >=7 && < 19.
>
> Further, the loop has a case for `phy->rev >= 19` but we would have
> returned earlier if that was the case.
Yeah, that's why I put the "(unreachable!)" note in the commit log. ;)
>
> > u32 rfpwr_offset;
> > u8 pga_gain, pad_gain;
> > int i;
> > - const s16 *uninitialized_var(rf_pwr_offset_table);
> > + const s16 *rf_pwr_offset_table = NULL;
> >
> > table = b43_nphy_get_tx_gain_table(dev);
> > if (!table)
> > @@ -4256,9 +4256,13 @@ static void b43_nphy_tx_gain_table_upload(struct b43_wldev *dev)
> > pga_gain = (table[i] >> 24) & 0xf;
> > pad_gain = (table[i] >> 19) & 0x1f;
> > if (b43_current_band(dev->wl) == NL80211_BAND_2GHZ)
> > - rfpwr_offset = rf_pwr_offset_table[pad_gain];
> > + rfpwr_offset = rf_pwr_offset_table
> > + ? rf_pwr_offset_table[pad_gain]
> > + : 0;
> > else
> > - rfpwr_offset = rf_pwr_offset_table[pga_gain];
> > + rfpwr_offset = rf_pwr_offset_table
> > + ? rf_pwr_offset_table[pga_gain]
> > + : 0;
>
>
> The code is trying to check `phy->rev >= 7 && phy->rev < 19` once
> before the loop, then set `rf_pwr_offset_table`, so having another
> conditional on `rf_pwr_offset_table` in the loop is unnecessary. I'm
> ok with initializing it to `NULL`, but I'm not sure the conditional
> check is necessary. Do you get a compiler warning otherwise?
I mean, sort of the best thing to do is just remove nearly everything
here since it's actually unreachable. But it is commented as "when
supported ..." etc, so I figured I'd leave it. As part of that I didn't
want to leave any chance of a NULL deref, so I added the explicit tests
just for robustness.
*shrug*
-Kees
--
Kees Cook
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: Nick Desaulniers <ndesaulniers@google.com>
Cc: Andy Whitcroft <apw@canonical.com>,
clang-built-linux <clang-built-linux@googlegroups.com>,
linux-ide@vger.kernel.org,
Network Development <netdev@vger.kernel.org>,
"maintainer:X86 ARCHITECTURE \(32-BIT AND 64-BIT\)"
<x86@kernel.org>, linux-wireless <linux-wireless@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
linux-spi@vger.kernel.org, linux-block@vger.kernel.org,
Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>,
Linux Memory Management List <linux-mm@kvack.org>,
Alexander Potapenko <glider@google.com>,
b43-dev@lists.infradead.org, Joe Perches <joe@perches.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-clk@vger.kernel.org, drbd-dev@lists.linbit.com
Subject: Re: [Drbd-dev] [PATCH 03/10] b43: Remove uninitialized_var() usage
Date: Thu, 4 Jun 2020 13:18:31 -0700 [thread overview]
Message-ID: <202006041316.A15D952@keescook> (raw)
In-Reply-To: <CAKwvOdnNuFySqAMk7s_cXqFM=dPX4JfvqNVLCuj90Gn4tzciAw@mail.gmail.com>
On Thu, Jun 04, 2020 at 01:08:44PM -0700, Nick Desaulniers wrote:
> On Wed, Jun 3, 2020 at 4:32 PM Kees Cook <keescook@chromium.org> wrote:
> >
> > Using uninitialized_var() is dangerous as it papers over real bugs[1]
> > (or can in the future), and suppresses unrelated compiler warnings (e.g.
> > "unused variable"). If the compiler thinks it is uninitialized, either
> > simply initialize the variable or make compiler changes. As a precursor
> > to removing[2] this[3] macro[4], just initialize this variable to NULL,
> > and make the (unreachable!) code do a conditional test.
> >
> > [1] https://lore.kernel.org/lkml/20200603174714.192027-1-glider@google.com/
> > [2] https://lore.kernel.org/lkml/CA+55aFw+Vbj0i=1TGqCR5vQkCzWJ0QxK6CernOU6eedsudAixw@mail.gmail.com/
> > [3] https://lore.kernel.org/lkml/CA+55aFwgbgqhbp1fkxvRKEpzyR5J8n1vKT1VZdz9knmPuXhOeg@mail.gmail.com/
> > [4] https://lore.kernel.org/lkml/CA+55aFz2500WfbKXAx8s67wrm9=yVJu65TpLgN_ybYNv0VEOKA@mail.gmail.com/
> >
> > Signed-off-by: Kees Cook <keescook@chromium.org>
> > ---
> > drivers/net/wireless/broadcom/b43/phy_n.c | 10 +++++++---
> > 1 file changed, 7 insertions(+), 3 deletions(-)
> >
> > diff --git a/drivers/net/wireless/broadcom/b43/phy_n.c b/drivers/net/wireless/broadcom/b43/phy_n.c
> > index d3c001fa8eb4..88cdcea10d61 100644
> > --- a/drivers/net/wireless/broadcom/b43/phy_n.c
> > +++ b/drivers/net/wireless/broadcom/b43/phy_n.c
> > @@ -4222,7 +4222,7 @@ static void b43_nphy_tx_gain_table_upload(struct b43_wldev *dev)
>
> The TODOs and `#if 0` in this function are concerning. It looks like
> `rf_pwr_offset_table` is only used when `phy->rev` is >=7 && < 19.
>
> Further, the loop has a case for `phy->rev >= 19` but we would have
> returned earlier if that was the case.
Yeah, that's why I put the "(unreachable!)" note in the commit log. ;)
>
> > u32 rfpwr_offset;
> > u8 pga_gain, pad_gain;
> > int i;
> > - const s16 *uninitialized_var(rf_pwr_offset_table);
> > + const s16 *rf_pwr_offset_table = NULL;
> >
> > table = b43_nphy_get_tx_gain_table(dev);
> > if (!table)
> > @@ -4256,9 +4256,13 @@ static void b43_nphy_tx_gain_table_upload(struct b43_wldev *dev)
> > pga_gain = (table[i] >> 24) & 0xf;
> > pad_gain = (table[i] >> 19) & 0x1f;
> > if (b43_current_band(dev->wl) == NL80211_BAND_2GHZ)
> > - rfpwr_offset = rf_pwr_offset_table[pad_gain];
> > + rfpwr_offset = rf_pwr_offset_table
> > + ? rf_pwr_offset_table[pad_gain]
> > + : 0;
> > else
> > - rfpwr_offset = rf_pwr_offset_table[pga_gain];
> > + rfpwr_offset = rf_pwr_offset_table
> > + ? rf_pwr_offset_table[pga_gain]
> > + : 0;
>
>
> The code is trying to check `phy->rev >= 7 && phy->rev < 19` once
> before the loop, then set `rf_pwr_offset_table`, so having another
> conditional on `rf_pwr_offset_table` in the loop is unnecessary. I'm
> ok with initializing it to `NULL`, but I'm not sure the conditional
> check is necessary. Do you get a compiler warning otherwise?
I mean, sort of the best thing to do is just remove nearly everything
here since it's actually unreachable. But it is commented as "when
supported ..." etc, so I figured I'd leave it. As part of that I didn't
want to leave any chance of a NULL deref, so I added the explicit tests
just for robustness.
*shrug*
-Kees
--
Kees Cook
next prev parent reply other threads:[~2020-06-04 20:18 UTC|newest]
Thread overview: 108+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-03 23:31 [PATCH 00/10] Remove uninitialized_var() macro Kees Cook
2020-06-03 23:31 ` [Drbd-dev] " Kees Cook
2020-06-03 23:31 ` [PATCH 01/10] x86/mm/numa: Remove uninitialized_var() usage Kees Cook
2020-06-03 23:31 ` [Drbd-dev] " Kees Cook
2020-06-04 7:58 ` Thomas Gleixner
2020-06-04 7:58 ` [Drbd-dev] " Thomas Gleixner
2020-06-04 11:41 ` Miguel Ojeda
2020-06-04 11:41 ` [Drbd-dev] " Miguel Ojeda
2020-06-04 14:56 ` Kees Cook
2020-06-04 14:56 ` [Drbd-dev] " Kees Cook
2020-06-04 15:22 ` Miguel Ojeda
2020-06-04 15:22 ` [Drbd-dev] " Miguel Ojeda
2020-06-04 14:34 ` Kees Cook
2020-06-04 14:34 ` [Drbd-dev] " Kees Cook
2020-06-04 21:39 ` Thomas Gleixner
2020-06-04 21:39 ` [Drbd-dev] " Thomas Gleixner
2020-06-04 22:39 ` Kees Cook
2020-06-04 22:39 ` [Drbd-dev] " Kees Cook
2020-06-03 23:31 ` [PATCH 02/10] drbd: " Kees Cook
2020-06-03 23:31 ` [Drbd-dev] " Kees Cook
2020-06-04 19:56 ` Nick Desaulniers
2020-06-04 19:56 ` [Drbd-dev] " Nick Desaulniers
2020-06-03 23:31 ` [PATCH 03/10] b43: " Kees Cook
2020-06-03 23:31 ` [Drbd-dev] " Kees Cook
2020-06-04 20:08 ` Nick Desaulniers
2020-06-04 20:08 ` [Drbd-dev] " Nick Desaulniers
2020-06-04 20:18 ` Kees Cook [this message]
2020-06-04 20:18 ` Kees Cook
2020-06-04 20:25 ` Nick Desaulniers
2020-06-04 20:25 ` [Drbd-dev] " Nick Desaulniers
2020-06-05 9:20 ` Kalle Valo
2020-06-05 9:20 ` [Drbd-dev] " Kalle Valo
2020-06-03 23:31 ` [PATCH 04/10] rtlwifi: rtl8192cu: " Kees Cook
2020-06-03 23:31 ` [Drbd-dev] " Kees Cook
2020-06-04 20:16 ` Nick Desaulniers
2020-06-04 20:16 ` [Drbd-dev] " Nick Desaulniers
2020-06-05 9:18 ` Kalle Valo
2020-06-05 9:18 ` [Drbd-dev] " Kalle Valo
2020-06-03 23:31 ` [PATCH 05/10] ide: " Kees Cook
2020-06-03 23:31 ` [Drbd-dev] " Kees Cook
2020-06-04 19:29 ` Nick Desaulniers
2020-06-04 19:29 ` [Drbd-dev] " Nick Desaulniers
2020-06-04 20:20 ` Kees Cook
2020-06-04 20:20 ` [Drbd-dev] " Kees Cook
2020-06-04 20:29 ` Nick Desaulniers
2020-06-04 20:29 ` [Drbd-dev] " Nick Desaulniers
2020-06-15 19:32 ` Kees Cook
2020-06-15 19:32 ` [Drbd-dev] " Kees Cook
2020-06-04 20:58 ` Sedat Dilek
2020-06-04 20:58 ` [Drbd-dev] " Sedat Dilek
2020-06-03 23:31 ` [PATCH 06/10] clk: st: " Kees Cook
2020-06-03 23:31 ` [Drbd-dev] " Kees Cook
2020-06-04 4:38 ` Stephen Boyd
2020-06-04 4:38 ` [Drbd-dev] " Stephen Boyd
2020-06-03 23:32 ` [PATCH 07/10] spi: davinci: " Kees Cook
2020-06-03 23:32 ` [Drbd-dev] " Kees Cook
2020-06-04 19:40 ` Nick Desaulniers
2020-06-04 19:40 ` [Drbd-dev] " Nick Desaulniers
2020-06-03 23:32 ` [PATCH 08/10] checkpatch: Remove awareness of uninitialized_var() macro Kees Cook
2020-06-03 23:32 ` [Drbd-dev] " Kees Cook
2020-06-04 0:02 ` Joe Perches
2020-06-04 0:02 ` [Drbd-dev] " Joe Perches
2020-06-04 1:40 ` Kees Cook
2020-06-04 1:40 ` [Drbd-dev] " Kees Cook
2020-06-04 1:47 ` Joe Perches
2020-06-04 1:47 ` [Drbd-dev] " Joe Perches
2020-06-04 2:44 ` Kees Cook
2020-06-04 2:44 ` [Drbd-dev] " Kees Cook
2020-06-04 2:53 ` Sedat Dilek
2020-06-04 2:53 ` [Drbd-dev] " Sedat Dilek
2020-06-04 3:46 ` Kees Cook
2020-06-04 3:46 ` [Drbd-dev] " Kees Cook
2020-06-03 23:32 ` [PATCH 09/10] treewide: Remove uninitialized_var() usage Kees Cook
2020-06-04 3:33 ` Nathan Chancellor
2020-06-04 3:33 ` [Drbd-dev] " Nathan Chancellor
2020-06-04 4:02 ` Kees Cook
2020-06-04 4:02 ` [Drbd-dev] " Kees Cook
2020-06-04 10:45 ` Leon Romanovsky
2020-06-04 10:45 ` [Drbd-dev] " Leon Romanovsky
2020-06-04 11:33 ` kernel test robot
2020-06-04 13:23 ` Jason Gunthorpe
2020-06-04 13:23 ` [Drbd-dev] " Jason Gunthorpe
2020-06-04 14:59 ` Kees Cook
2020-06-04 14:59 ` [Drbd-dev] " Kees Cook
2020-06-04 17:57 ` Jason Gunthorpe
2020-06-04 17:57 ` [Drbd-dev] " Jason Gunthorpe
2020-06-04 19:09 ` Geert Uytterhoeven
2020-06-04 19:09 ` [Drbd-dev] " Geert Uytterhoeven
2020-06-05 9:25 ` Kalle Valo
2020-06-05 9:25 ` [Drbd-dev] " Kalle Valo
2020-06-03 23:32 ` [PATCH 10/10] compiler: Remove uninitialized_var() macro Kees Cook
2020-06-03 23:32 ` [Drbd-dev] " Kees Cook
2020-06-04 0:00 ` Bart Van Assche
2020-06-04 0:00 ` [Drbd-dev] " Bart Van Assche
2020-06-04 0:50 ` Miguel Ojeda
2020-06-04 0:50 ` [Drbd-dev] " Miguel Ojeda
2020-06-04 1:23 ` [PATCH 00/10] " Sedat Dilek
2020-06-04 1:23 ` [Drbd-dev] " Sedat Dilek
2020-06-04 1:44 ` Kees Cook
2020-06-04 1:44 ` [Drbd-dev] " Kees Cook
2020-06-04 1:46 ` Sedat Dilek
2020-06-04 1:46 ` [Drbd-dev] " Sedat Dilek
2020-06-04 3:33 ` Nathan Chancellor
2020-06-04 3:33 ` [Drbd-dev] " Nathan Chancellor
2020-06-04 7:26 ` Sedat Dilek
2020-06-04 7:26 ` [Drbd-dev] " Sedat Dilek
2020-06-04 14:27 ` Kees Cook
2020-06-04 14:27 ` [Drbd-dev] " Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202006041316.A15D952@keescook \
--to=keescook@chromium.org \
--cc=apw@canonical.com \
--cc=b43-dev@lists.infradead.org \
--cc=clang-built-linux@googlegroups.com \
--cc=drbd-dev@lists.linbit.com \
--cc=glider@google.com \
--cc=joe@perches.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-clk@vger.kernel.org \
--cc=linux-ide@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-spi@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=miguel.ojeda.sandonis@gmail.com \
--cc=ndesaulniers@google.com \
--cc=netdev@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.