Re: [PATCH] net: ax88179: add proper error handling of usb read errors

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Dan Carpenter <dan.carpenter@oracle.com>
To: David Kahurani <k.kahurani@gmail.com>
Cc: netdev@vger.kernel.org,
	syzbot <syzbot+d3dbdf31fbe9d8f5f311@syzkaller.appspotmail.com>,
	davem@davemloft.net, jgg@ziepe.ca, kuba@kernel.org,
	linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org,
	Phillip Potter <phil@philpotter.co.uk>,
	syzkaller-bugs@googlegroups.com, arnd@arndb.de,
	Pavel Skripkin <paskripkin@gmail.com>
Subject: Re: [PATCH] net: ax88179: add proper error handling of usb read errors
Date: Wed, 13 Apr 2022 18:32:49 +0300	[thread overview]
Message-ID: <20220413153249.GZ12805@kadam> (raw)
In-Reply-To: <CAAZOf25i_mLO9igOY5wiUaxLOsxMt3jrvytSm1wm95R-bdKysA@mail.gmail.com>

On Wed, Apr 13, 2022 at 03:36:57PM +0300, David Kahurani wrote:
> On Mon, Apr 4, 2022 at 6:32 PM Dan Carpenter <dan.carpenter@oracle.com> wrote:
> 
> Hi Dan
> 
> > >       int ret;
> > >       int (*fn)(struct usbnet *, u8, u8, u16, u16, void *, u16);
> > > @@ -201,9 +202,12 @@ static int __ax88179_read_cmd(struct usbnet *dev, u8 cmd, u16 value, u16 index,
> > >       ret = fn(dev, cmd, USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_DEVICE,
> > >                value, index, data, size);
> > >
> > > -     if (unlikely(ret < 0))
> > > +     if (unlikely(ret < size)) {
> > > +             ret = ret < 0 ? ret : -ENODATA;
> > > +
> > >               netdev_warn(dev->net, "Failed to read reg index 0x%04x: %d\n",
> > >                           index, ret);
> > > +     }
> > >
> > >       return ret;
> >
> > It would be better to make __ax88179_read_cmd() return 0 on success
> > instead of returning size on success.  Non-standard returns lead to bugs.
> >
> 
> I don't suppose this would have much effect on the structure of the
> code and indeed plan to do this but just some minor clarification.
> 
> Isn't it standard for reader functions to return the number of bytes read?
> 

Not really.

There are some functions that do it, but it has historically lead to bug
after bug.  For example, see commit 719b8f2850d3 ("USB: add
usb_control_msg_send() and usb_control_msg_recv()") where USB is moving
away from that to avoid bugs.

If you return zero on success then it's simple:

	if (ret)
		return ret;

If you return the bytes people will try call kinds of things:

	if (ret)
		return ret;

Bug: Now the driver is broken.  (Not everyone can test the hardware).

	if (ret != size)
		return ret;

Bug: returns a positive.

	if (ret != size)
		return -EIO;

Bug: forgot to propagate the error code.

	if (ret < sizeof(foo))
		return -EIO;

Bug: because of type promotion negative error codes are treated as
     success.

	if (ret < 0)
		return ret;

Bug: buffer partially filled.  Information leak.

If you return the bytes then the only correct way to write error
handling is:

	if (ret < 0)
		return ret;
	if (ret != size)
		return -EIO;

regards,
dan carpenter

next prev parent reply	other threads:[~2022-04-13 15:33 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-04 15:10 [PATCH] net: ax88179: add proper error handling of usb read errors David Kahurani
2022-04-04 15:31 ` Dan Carpenter
2022-04-13 12:36   ` David Kahurani
2022-04-13 15:32     ` Dan Carpenter [this message]
2022-04-14  7:31       ` Oliver Neukum
2022-04-14  8:21         ` Dan Carpenter
2022-04-14  9:13           ` Oliver Neukum
2022-04-04 16:50 ` Pavel Skripkin
2022-04-11 15:11   ` Andy Shevchenko
2022-04-05  9:44 ` Paolo Abeni
2022-04-05 20:44 ` kernel test robot
  -- strict thread matches above, loose matches on Subject: below --
2022-04-16  7:48 David Kahurani
2022-04-16 11:05 ` Pavel Skripkin
2022-04-16 11:10 ` Pavel Skripkin
2022-04-16 11:49   ` David Kahurani
2022-04-16 11:53     ` Pavel Skripkin
2022-04-16 11:57       ` Pavel Skripkin
2022-04-19 13:41 ` Paolo Abeni
2022-05-14 13:32 David Kahurani
2022-05-14 16:51 ` Pavel Skripkin
2022-05-14 18:54   ` Dan Carpenter
2022-05-14 18:57     ` Pavel Skripkin
2022-05-16 19:31 ` Jakub Kicinski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220413153249.GZ12805@kadam \
    --to=dan.carpenter@oracle.com \
    --cc=arnd@arndb.de \
    --cc=davem@davemloft.net \
    --cc=jgg@ziepe.ca \
    --cc=k.kahurani@gmail.com \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=paskripkin@gmail.com \
    --cc=phil@philpotter.co.uk \
    --cc=syzbot+d3dbdf31fbe9d8f5f311@syzkaller.appspotmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.