Re: [PATCH] clk: uniphier: Fix potential infinite loop

From: Dan Carpenter <dan.carpenter@oracle.com>
To: Masahiro Yamada <masahiroy@kernel.org>
Cc: Colin King <colin.king@canonical.com>,
	Michael Turquette <mturquette@baylibre.com>,
	Stephen Boyd <sboyd@kernel.org>,
	linux-clk <linux-clk@vger.kernel.org>,
	linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
	kernel-janitors@vger.kernel.org,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] clk: uniphier: Fix potential infinite loop
Date: Thu, 15 Apr 2021 21:18:50 +0300	[thread overview]
Message-ID: <20210415181850.GD6021@kadam> (raw)
In-Reply-To: <CAK7LNAT+JTg5QYYbYqCm+m11X7CF_ZWyYRA4eAtqeTEuHRqoyw@mail.gmail.com>

On Fri, Apr 09, 2021 at 03:46:47PM +0900, Masahiro Yamada wrote:
> On Thu, Apr 8, 2021 at 12:25 AM Colin King <colin.king@canonical.com> wrote:
> >
> > From: Colin Ian King <colin.king@canonical.com>
> >
> > The for-loop iterates with a u8 loop counter i and compares this
> > with the loop upper limit of num_parents that is an int type.
> > There is a potential infinite loop if num_parents is larger than
> > the u8 loop counter. Fix this by making the loop counter the same
> > type as num_parents.
> >
> > Addresses-Coverity: ("Infinite loop")
> > Fixes: 734d82f4a678 ("clk: uniphier: add core support code for UniPhier clock driver")
> > Signed-off-by: Colin Ian King <colin.king@canonical.com>
> > ---
> >  drivers/clk/uniphier/clk-uniphier-mux.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/clk/uniphier/clk-uniphier-mux.c b/drivers/clk/uniphier/clk-uniphier-mux.c
> > index 462c84321b2d..ce219e0d2a85 100644
> > --- a/drivers/clk/uniphier/clk-uniphier-mux.c
> > +++ b/drivers/clk/uniphier/clk-uniphier-mux.c
> > @@ -34,7 +34,7 @@ static u8 uniphier_clk_mux_get_parent(struct clk_hw *hw)
> >         int num_parents = clk_hw_get_num_parents(hw);
> >         int ret;
> >         unsigned int val;
> > -       u8 i;
> > +       int i;
> >
> >         ret = regmap_read(mux->regmap, mux->reg, &val);
> >         if (ret)
> > --
> > 2.30.2
> >
> 
> clk_hw_get_num_parents() returns 'unsigned int', so
> I think 'num_parents' should also have been 'unsigned int'.
> 
> Maybe, the loop counter 'i' also should be 'unsigned int' then?

The clk_hw_get_num_parents() function returns 0-255 so the original code
works fine.

It should basically always be "int i;"  That's the safest assumption.
There are other case where it has to be size_t but in those cases I
think people should call the list iterator something else instead of "i"
like "size_t pg_idx;".

Making everthing u32 causes more bugs than it prevents.  Signedness bugs
with comparing to zero, type promotion bugs, or subtraction bugs where
subtracting wraps to a high value.  It's rare to loop more than INT_MAX
times in the kernel.  When we do need to count about 2 million then
we're probably not going to stop counting at 4 million, we're going to
go to 10 million or higher so size_t is more appropriate than u32.

Btw, if you have a loop that does:

	for (i = 0; i < UINT_MAX; i++) {

that loop works exactly the same if "i" is an int or if it's a u32
because of type promotion.  So you have to look really hard to find a
place where changing a loop iterator from int to u32 fixes bug in real
life.

regards,
dan carpenter