From: "Russell King (Oracle)" <linux@armlinux.org.uk>
To: Andrew Lunn <andrew@lunn.ch>
Cc: Jakub Kicinski <kuba@kernel.org>,
Dan Carpenter <dan.carpenter@linaro.org>,
Oleksij Rempel <linux@rempel-privat.de>,
Heiner Kallweit <hkallweit1@gmail.com>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>,
netdev@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [PATCH net] net: phy: fix a signedness bug in genphy_loopback()
Date: Tue, 30 May 2023 22:09:24 +0100 [thread overview]
Message-ID: <ZHZmBBDSVMf1WQWI@shell.armlinux.org.uk> (raw)
In-Reply-To: <0851bc91-6a7c-4333-ad8a-3a18083411e3@lunn.ch>
On Tue, May 30, 2023 at 10:04:52PM +0200, Andrew Lunn wrote:
> > > This is what I meant FWIW:
> > >
> > > diff --git a/include/linux/phy.h b/include/linux/phy.h
> > > index 7addde5d14c0..829bd57b8794 100644
> > > --- a/include/linux/phy.h
> > > +++ b/include/linux/phy.h
> > > @@ -1206,10 +1206,13 @@ static inline int phy_read(struct phy_device *phydev, u32 regnum)
> > > #define phy_read_poll_timeout(phydev, regnum, val, cond, sleep_us, \
> > > timeout_us, sleep_before_read) \
> > > ({ \
> > > - int __ret = read_poll_timeout(phy_read, val, val < 0 || (cond), \
> > > + int __ret, __val; \
> > > + \
> > > + __ret = read_poll_timeout(phy_read, __val, __val < 0 || (cond), \
> > > sleep_us, timeout_us, sleep_before_read, phydev, regnum); \
> > > - if (val < 0) \
> > > - __ret = val; \
> > > + val = __val;
>
> This results in the sign being discarded if val is unsigned. Yes, the
> test is remove, which i assume will stop Smatch complaining, but it is
> still broken.
I was going to ask you to explain that, but having thought about
this more, there's much bigger problems with the proposal.
First, if I'm understanding you correctly, your point doesn't seem
relevant, because if val is unsigned, we have an implicit cast from a
signed int to an unsigned int _at_ _some_ _point_. With the existing
code, that implicit cast is buried inside read_poll_timeout(), here
to be exact:
(val) = op(args);
because "op" will be one of the phy_read*() functions that returns an
"int", but "val" is unsigned - which means there's an implicit cast
here. Jakub's patch moves that cast after read_poll_timeout().
The elephant in the room has nothing to do with this, but everything
to do with "cond". "cond" is an expression to be evaluated inside the
loop, which must have access to the value read from the phy_read*()
function, and that value is referenced via whatever variable was
provided via "val". So changing "val" immediately breaks "cond".
Having thought about this, the best I can come up with is this, which
I think gives us everything we want without needing BUILD_BUG_ONs:
#define phy_read_poll_timeout(phydev, regnum, val, cond, sleep_us, \
timeout_us, sleep_before_read) \
({ \
int __ret, __val;
__ret = read_poll_timeout(__val = phy_read, val, __val < 0 || (cond), \
sleep_us, timeout_us, sleep_before_read, phydev, regnum); \
if (__val < 0) \
__ret = __val; \
if (__ret) \
phydev_err(phydev, "%s failed: %d\n", __func__, __ret); \
__ret; \
})
This looks rather horrid, but what it essentially does is:
(val) = op(args); \
if (cond) \
break; \
expands to:
(val) = __val = phy_read(args);
if (__val < 0 || (cond))
break;
As phy_read() returns an int, there is no cast or loss assigning it
to __val, since that is also an int. The conversion from int to
something else happens at the same point it always has.
Hmm?
--
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 80Mbps down 10Mbps up. Decent connectivity at last!
next prev parent reply other threads:[~2023-05-30 21:09 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-26 11:45 [PATCH net] net: phy: fix a signedness bug in genphy_loopback() Dan Carpenter
2023-05-26 11:50 ` Russell King (Oracle)
2023-05-30 4:58 ` Jakub Kicinski
2023-05-30 9:01 ` Russell King (Oracle)
2023-05-30 9:06 ` Paolo Abeni
2023-05-30 9:23 ` Dan Carpenter
2023-05-30 9:40 ` Paolo Abeni
2023-05-30 9:49 ` Russell King (Oracle)
2023-05-30 10:06 ` Russell King (Oracle)
2023-05-30 12:39 ` Andrew Lunn
2023-05-30 14:40 ` Dan Carpenter
2023-05-30 17:06 ` Andrew Lunn
2023-05-30 19:19 ` Jakub Kicinski
2023-05-30 19:39 ` Russell King (Oracle)
2023-05-30 20:04 ` Andrew Lunn
2023-05-30 21:09 ` Russell King (Oracle) [this message]
2023-05-30 21:28 ` Russell King (Oracle)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZHZmBBDSVMf1WQWI@shell.armlinux.org.uk \
--to=linux@armlinux.org.uk \
--cc=andrew@lunn.ch \
--cc=dan.carpenter@linaro.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=hkallweit1@gmail.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=kuba@kernel.org \
--cc=linux@rempel-privat.de \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).