From: Christian Marangi <ansuelsmth@gmail.com>
To: Andrew Lunn <andrew@lunn.ch>
Cc: "David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Rob Herring <robh+dt@kernel.org>,
Krzysztof Kozlowski <krzysztof.kozlowski+dt@linaro.org>,
Conor Dooley <conor+dt@kernel.org>,
Heiner Kallweit <hkallweit1@gmail.com>,
Russell King <linux@armlinux.org.uk>,
Robert Marko <robimarko@gmail.com>,
Vladimir Oltean <vladimir.oltean@nxp.com>,
netdev@vger.kernel.org, devicetree@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [net-next RFC PATCH v3 3/4] net: phy: aquantia: add firmware load support
Date: Thu, 2 Nov 2023 18:41:31 +0100 [thread overview]
Message-ID: <6543df4e.050a0220.e42f1.2222@mx.google.com> (raw)
In-Reply-To: <e632a285-9cb2-4dc9-a4a2-f57e454b8ffe@lunn.ch>
On Thu, Nov 02, 2023 at 06:37:40PM +0100, Andrew Lunn wrote:
> > +/* AQR firmware doesn't have fixed offsets for iram and dram section
> > + * but instead provide an header with the offset to use on reading
> > + * and parsing the firmware.
> > + *
> > + * AQR firmware can't be trusted and each offset is validated to be
> > + * not negative and be in the size of the firmware itself.
> > + */
> > +static inline bool aqr_fw_validate_get(size_t size, size_t offset, size_t get_size)
> > +{
> > + return size + offset > 0 && offset + get_size <= size;
> > +}
>
> Please don't user inline in .c files. The compiler is better at
> deciding than we are.
>
OK.
> Also, i wounder about size + offset > 0. size_t is unsigned. So they
> cannot be negative. So does this test make sense?
>
The idea was to check case where it's subtracted too much. (example
where we check the CRC at the end of the fw) but since it's unsigned i
guess it will always be zero. I will drop. (or should i use ssize_t?)
> > +static int aqr_fw_boot(struct phy_device *phydev, const u8 *data, size_t size,
> > + enum aqr_fw_src fw_src)
> > +{
> > + u16 calculated_crc, read_crc, read_primary_offset;
> > + u32 iram_offset = 0, iram_size = 0;
> > + u32 dram_offset = 0, dram_size = 0;
> > + char version[VERSION_STRING_SIZE];
> > + u32 primary_offset = 0;
> > + int ret;
> > +
> > + /* extract saved CRC at the end of the fw
> > + * CRC is saved in big-endian as PHY is BE
> > + */
> > + ret = aqr_fw_get_be16(data, size - sizeof(u16), size, &read_crc);
> > + if (ret) {
> > + phydev_err(phydev, "bad firmware CRC in firmware\n");
> > + return ret;
> > + }
>
> So if size < sizeof(u16), we get a very big positive number. The > 0
> test does nothing for you here, but the other half of the test does
> trap the issue.
>
> So i think you can remove the > 0 test.
>
Yes that single check was done because of this, but didn't notice size_t
is unsigned and it won't ever fall in negative cases.
--
Ansuel
next prev parent reply other threads:[~2023-11-02 17:41 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-02 15:00 [net-next RFC PATCH v3 1/4] net: phy: aquantia: move to separate directory Christian Marangi
2023-11-02 15:00 ` [net-next RFC PATCH v3 2/4] net: phy: aquantia: move MMD_VEND define to header Christian Marangi
2023-11-02 17:19 ` Andrew Lunn
2023-11-02 15:00 ` [net-next RFC PATCH v3 3/4] net: phy: aquantia: add firmware load support Christian Marangi
2023-11-02 17:37 ` Andrew Lunn
2023-11-02 17:41 ` Christian Marangi [this message]
2023-11-02 15:00 ` [net-next RFC PATCH v3 4/4] dt-bindings: Document bindings for Marvell Aquantia PHY Christian Marangi
2023-11-03 13:08 ` Conor Dooley
2023-11-06 16:47 ` Christian Marangi
2023-11-02 15:03 ` [net-next RFC PATCH v3 1/4] net: phy: aquantia: move to separate directory Andrew Lunn
2023-11-02 15:07 ` Christian Marangi
2023-11-02 15:49 ` Andrew Lunn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6543df4e.050a0220.e42f1.2222@mx.google.com \
--to=ansuelsmth@gmail.com \
--cc=andrew@lunn.ch \
--cc=conor+dt@kernel.org \
--cc=davem@davemloft.net \
--cc=devicetree@vger.kernel.org \
--cc=edumazet@google.com \
--cc=hkallweit1@gmail.com \
--cc=krzysztof.kozlowski+dt@linaro.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=robh+dt@kernel.org \
--cc=robimarko@gmail.com \
--cc=vladimir.oltean@nxp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).