| Message ID | 20151022091013.GC9202@mwanda |
|---|---|
| State | Changes Requested |
| Headers | show |
Am 22.10.2015 11:10, schrieb Dan Carpenter: > The "new_mtu" is between 0 and INT_MAX but when we add ETH_HLEN and > ETH_FCS_LEN to it then it could overflow so "max_frame" is negative. We > cap the upper bound of "max_frame" but we don't check for negative > values. This leads to a static checker warning. > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > > diff --git a/drivers/net/ethernet/intel/igbvf/netdev.c b/drivers/net/ethernet/intel/igbvf/netdev.c > index 297af80..fa338e0 100644 > --- a/drivers/net/ethernet/intel/igbvf/netdev.c > +++ b/drivers/net/ethernet/intel/igbvf/netdev.c > @@ -2350,7 +2350,7 @@ static struct net_device_stats *igbvf_get_stats(struct net_device *netdev) > static int igbvf_change_mtu(struct net_device *netdev, int new_mtu) > { > struct igbvf_adapter *adapter = netdev_priv(netdev); > - int max_frame = new_mtu + ETH_HLEN + ETH_FCS_LEN; > + unsigned int max_frame = new_mtu + ETH_HLEN + ETH_FCS_LEN; > > if (new_mtu < 68 || new_mtu > INT_MAX - ETH_HLEN - ETH_FCS_LEN || > max_frame > MAX_JUMBO_FRAME_SIZE) Perhaps it is better to use MAX_JUMBO_FRAME_SIZE. max_frame = new_mtu + ETH_HLEN + ETH_FCS_LEN = MAX_JUMBO_FRAME_SIZE // max valid new_mtu=MAX_JUMBO_FRAME_SIZE-ETH_HLEN-ETH_FCS_LEN so you can avoid adding a "new" variable INT_MAX into this context. Note: perhaps it would be better for the flow the check new_mtu before calculating max_frame. btw: can someone add a comment about the magic 68 ? is there something like a min_frame_size ? (it is a real question i have no idea) re, wh > -- > To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html >
Yeah, there is an integer overflow before we check but so far as I can see it is harmless. The kernel is full of harmless integer overflows. I sort of feel like this is the simplest way to write it and the other ways feel over engineered and unweildy. Care to propose a patch, though? regards, dan carpenter
Oh... Hm. I was a bit confused by what Walter was saying. But there already is an integer overflow check here so it can't actually be negative... I added it a couple years ago. Forget about this patch. Sorry. regards, dan carpenter
diff --git a/drivers/net/ethernet/intel/igbvf/netdev.c b/drivers/net/ethernet/intel/igbvf/netdev.c index 297af80..fa338e0 100644 --- a/drivers/net/ethernet/intel/igbvf/netdev.c +++ b/drivers/net/ethernet/intel/igbvf/netdev.c @@ -2350,7 +2350,7 @@ static struct net_device_stats *igbvf_get_stats(struct net_device *netdev) static int igbvf_change_mtu(struct net_device *netdev, int new_mtu) { struct igbvf_adapter *adapter = netdev_priv(netdev); - int max_frame = new_mtu + ETH_HLEN + ETH_FCS_LEN; + unsigned int max_frame = new_mtu + ETH_HLEN + ETH_FCS_LEN; if (new_mtu < 68 || new_mtu > INT_MAX - ETH_HLEN - ETH_FCS_LEN || max_frame > MAX_JUMBO_FRAME_SIZE)
The "new_mtu" is between 0 and INT_MAX but when we add ETH_HLEN and ETH_FCS_LEN to it then it could overflow so "max_frame" is negative. We cap the upper bound of "max_frame" but we don't check for negative values. This leads to a static checker warning. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>