[-next,v2] mv643xx_eth: potential null dereference

Message ID	20100723110504.GG26313@bicker
State	Accepted, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; b=N57CYM7VdeV+CiCpVod3eiyMZT1SOoKlYA/lSbORnZCC7h/BdwsVCtFOZkYja/cOlf gQIWLaSDRWf35hK6LkkncYjRvxj+vWQHSf0Sh2aCyfX+RMbHz4V7/x94kARBe/L6WXRz bAunqSzj0gXC7WC3dg6FYRo9VvexfW72pwFnc= Date: Fri, 23 Jul 2010 13:05:05 +0200 From: Dan Carpenter <error27@gmail.com> To: Joe Perches <joe@perches.com> Cc: Lennert Buytenhek <buytenh@wantstofly.org>, "David S. Miller" <davem@davemloft.net>, Jiri Pirko <jpirko@redhat.com>, Denis Kirjanov <kirjanov@gmail.com>, Saeed Bishara <saeed@marvell.com>, netdev@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: [patch -next v2] mv643xx_eth: potential null dereference Message-ID: <20100723110504.GG26313@bicker> References: <20100723101528.GF26313@bicker> <1279881177.24768.1623.camel@Joe-Laptop.home> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1279881177.24768.1623.camel@Joe-Laptop.home> User-Agent: Mutt/1.5.18 (2008-05-17) Sender: netdev-owner@vger.kernel.org Precedence: bulk

Dan Carpenter July 23, 2010, 11:05 a.m. UTC

We assume that "pd" can be null on the previous line, and throughout the
function so we should check it here as well.  This was introduced by
9b2c2ff7a1c0 "mv643xx_eth: use sw csum for big packets"

Signed-off-by: Dan Carpenter <error27@gmail.com>
---
v2: style change

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Lennert Buytenhek July 23, 2010, 11:18 a.m. UTC | #1

On Fri, Jul 23, 2010 at 01:05:05PM +0200, Dan Carpenter wrote:

> We assume that "pd" can be null on the previous line, and throughout the
> function so we should check it here as well.  This was introduced by
> 9b2c2ff7a1c0 "mv643xx_eth: use sw csum for big packets"
> 
> Signed-off-by: Dan Carpenter <error27@gmail.com>

Acked-by: Lennert Buytenhek <buytenh@wantstofly.org>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Walter Harms July 23, 2010, 4:30 p.m. UTC | #2

Dan Carpenter schrieb:
> We assume that "pd" can be null on the previous line, and throughout the
> function so we should check it here as well.  This was introduced by
> 9b2c2ff7a1c0 "mv643xx_eth: use sw csum for big packets"
> 
> Signed-off-by: Dan Carpenter <error27@gmail.com>
> ---
> v2: style change
> 
> diff --git a/drivers/net/mv643xx_eth.c b/drivers/net/mv643xx_eth.c
> index 73bb8ea..f5e72fe 100644
> --- a/drivers/net/mv643xx_eth.c
> +++ b/drivers/net/mv643xx_eth.c
> @@ -2670,7 +2670,8 @@ static int mv643xx_eth_shared_probe(struct platform_device *pdev)
>  	 * Detect hardware parameters.
>  	 */
>  	msp->t_clk = (pd != NULL && pd->t_clk != 0) ? pd->t_clk : 133000000;
> -	msp->tx_csum_limit = pd->tx_csum_limit ? pd->tx_csum_limit : 9 * 1024;
> +	msp->tx_csum_limit = (pd != NULL && pd->tx_csum_limit) ?
> +					pd->tx_csum_limit : 9 * 1024;
>  	infer_hw_params(msp);
>  
>  	platform_set_drvdata(pdev, msp);

this is a bit complicated, IMHO ppl have a bigger chance to discover what is going on
with this version:

    if (!pd ) {
       msp->t_clk = 133000000;
       msp->tx_csum_limit = 9 * 1024;
     }
     else
      {
	msp->t_clk = pd->t_clk ? pd->t_clk : 133000000 ;
        msp->tx_csum_limit = pd->tx_csum_limit ? pd->tx_csum_limit : 9 * 1024;
       }


re,
 wh







--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

David Miller July 23, 2010, 8:05 p.m. UTC | #3

From: Lennert Buytenhek <buytenh@wantstofly.org>
Date: Fri, 23 Jul 2010 13:18:18 +0200

> On Fri, Jul 23, 2010 at 01:05:05PM +0200, Dan Carpenter wrote:
> 
>> We assume that "pd" can be null on the previous line, and throughout the
>> function so we should check it here as well.  This was introduced by
>> 9b2c2ff7a1c0 "mv643xx_eth: use sw csum for big packets"
>> 
>> Signed-off-by: Dan Carpenter <error27@gmail.com>
> 
> Acked-by: Lennert Buytenhek <buytenh@wantstofly.org>

Applied.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Dan Carpenter July 23, 2010, 10:15 p.m. UTC | #4

On Fri, Jul 23, 2010 at 06:30:22PM +0200, walter harms wrote:
> this is a bit complicated, IMHO ppl have a bigger chance to discover what is going on
> with this version:
> 
>     if (!pd ) {
>        msp->t_clk = 133000000;
>        msp->tx_csum_limit = 9 * 1024;
>      }
>      else
>       {
> 	msp->t_clk = pd->t_clk ? pd->t_clk : 133000000 ;
>         msp->tx_csum_limit = pd->tx_csum_limit ? pd->tx_csum_limit : 9 * 1024;
>        }
> 

But then instead of 2 magic numbers we would have 4. :/

regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Walter Harms July 24, 2010, 8:59 a.m. UTC | #5

Dan Carpenter schrieb:
> On Fri, Jul 23, 2010 at 06:30:22PM +0200, walter harms wrote:
>> this is a bit complicated, IMHO ppl have a bigger chance to discover what is going on
>> with this version:
>>
>>     if (!pd ) {
>>        msp->t_clk = 133000000;
>>        msp->tx_csum_limit = 9 * 1024;
>>      }
>>      else
>>       {
>> 	msp->t_clk = pd->t_clk ? pd->t_clk : 133000000 ;
>>         msp->tx_csum_limit = pd->tx_csum_limit ? pd->tx_csum_limit : 9 * 1024;
>>        }
>>
> 
> But then instead of 2 magic numbers we would have 4. :/
> 

Yes it can be shorten,

msp->t_clk = 133000000;
msp->tx_csum_limit = 9 * 1024;
if (pd) {
	if (pd->t_clk) msp->t_clk = pd->t_clk ;
	if (pd->tx_csum_limit) sp->tx_csum_limit = pd->tx_csum_limit;
}
pd->t_clk
i was thinking about that in my first posting but i have the feeling that ppl
tend to overlook the "if (pd)" but in this case it is important since the
behavier is different.

IMHO it would be better to make sure that pd->t_clk,pd->tx_csum_limit have usefull
values than adding a check but this is up to the maintainer.

re,
 wh

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Lennert Buytenhek July 24, 2010, 7 p.m. UTC | #6

On Sat, Jul 24, 2010 at 10:59:07AM +0200, walter harms wrote:

> IMHO it would be better to make sure that pd->t_clk,pd->tx_csum_limit
> have usefull values than adding a check but this is up to the maintainer.

I don't see the point of that at all.  We check against zero to see
whether the caller bothered to fill in the field at all, but if the
caller wants to pass in bogus values, that's up to the caller.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Walter Harms July 25, 2010, 2:47 p.m. UTC | #7

Lennert Buytenhek schrieb:
> On Sat, Jul 24, 2010 at 10:59:07AM +0200, walter harms wrote:
> 
>> IMHO it would be better to make sure that pd->t_clk,pd->tx_csum_limit
>> have usefull values than adding a check but this is up to the maintainer.
> 
> I don't see the point of that at all.  We check against zero to see
> whether the caller bothered to fill in the field at all, but if the
> caller wants to pass in bogus values, that's up to the caller.
> 
at first i have to admit i looked only at the patch.
for me the situation looks this way:

You check the values for 0 (and uses default) or take what ever in pd is.
The current code is setup like:

  1. check if pd is set
  2. check if pd->value is non zero and use it

the whole "check X" can be avoided if you could create a pd with all values
set to default and just take what comes from the user.

my objection agains this kind of code is that it is not obvious
what some one is trying to archive
(pd != NULL && pd->t_clk != 0) ? pd->t_clk : 133000000;

the pd check means: do i have a configuration  ?
the pd->t_clk != 0 means: should i use then or default ?

This is mixing two very different questions. therefore my idea in the last
posting to have a default init if (!pd) and then use the else to make clear
that additional checks for pd->value are expected.

this this is the init code readability and simplicity should be king.

hope that helps,
re,
 wh

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Lennert Buytenhek July 25, 2010, 3:54 p.m. UTC | #8

On Sun, Jul 25, 2010 at 04:47:17PM +0200, walter harms wrote:

> >> IMHO it would be better to make sure that pd->t_clk,pd->tx_csum_limit
> >> have usefull values than adding a check but this is up to the maintainer.
> > 
> > I don't see the point of that at all.  We check against zero to see
> > whether the caller bothered to fill in the field at all, but if the
> > caller wants to pass in bogus values, that's up to the caller.
> 
> at first i have to admit i looked only at the patch.
> for me the situation looks this way:
> 
> You check the values for 0 (and uses default) or take what ever in pd is.
> The current code is setup like:
> 
>   1. check if pd is set
>   2. check if pd->value is non zero and use it
> 
> the whole "check X" can be avoided if you could create a pd with all values
> set to default and just take what comes from the user.

Why would you want to avoid "check X"?


> my objection agains this kind of code is that it is not obvious
> what some one is trying to archive
> (pd != NULL && pd->t_clk != 0) ? pd->t_clk : 133000000;
> 
> the pd check means: do i have a configuration  ?

Yep.


> the pd->t_clk != 0 means: should i use then or default ?

Yep.


> This is mixing two very different questions.

And?

You're arguing against the use of 'if (a && b)' in general?


> therefore my idea in the last posting to have a default init if (!pd)
> and then use the else to make clear that additional checks for
> pd->value are expected.

Again, I don't see the point of this, and I think we're just splitting
hairs here and wasting everyone's time.


> this this is the init code readability and simplicity should be king.

'if (foo != NULL && foo->value <op> <value>)' is a fairly common C
construct, in my opinion, and I don't see how expanding it into a
multi-line nested if construct will make it either more readable or
simpler.


> hope that helps,

Not really.


thanks,
Lennert
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[-next,v2] mv643xx_eth: potential null dereference

Commit Message

Comments

Patch