| Message ID | 20230306191824.4115839-1-harshit.m.mogalapalli@oracle.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp2027909wrd;
Mon, 6 Mar 2023 11:20:58 -0800 (PST)
X-Google-Smtp-Source:
AK7set/8gCHSFciUqZShmdnXRjM6DCWikzq3S2cKQUIgh0kyNWcapGKKgqmdm8VM9ghVtXHyZ+dB
X-Received: by 2002:a17:906:2201:b0:8b1:347c:85c8 with SMTP id
s1-20020a170906220100b008b1347c85c8mr12247931ejs.17.1678130458013;
Mon, 06 Mar 2023 11:20:58 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1678130457; cv=none;
d=google.com; s=arc-20160816;
b=XeNrzaPI0U/c+ccO4I85Y8flqyRTTXDCjVi1KFaTYAyty7v8KMZV1slA6baU0WaDxx
frJ3Y4oCbz4teQV5xQcfeX58M5nzZ/4mynwO5L5yxeDPFAY0PC8X/7NbIIvKb2A/TKy/
owzFGkSAaQNjB5Txw5/WGF57gn6yhac2hDwrcvx714xG/iT/GxmGNyeS8c3J7ao5vur/
CaSej2oWTy7jwJzYyPv/x+CeuTYB4i54WNyTiAiTngXkiHX+l+SqO16Eazu9cLtKNTYk
s8QISEFfdTHVB22+WKIMi1UPiS5zMmgDGNQSmYac2UwkBAmhxP8UERObvM+CtarDvl9t
hqHg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:to:content-transfer-encoding:mime-version
:message-id:date:subject:cc:from:dkim-signature;
bh=R0FC7S7XViyQ2hmVARJlnKVtSo6GEEVdDFw0OUgx8vA=;
b=Jkq0Z5+V+CYaYM48a5nHZJlSRgOLvBjeTCk9DB4O9UyzM3neum76Z9P8YeycQl1zCK
EQdm7wnr20NNiH5gSr13s1UtnP2KQYvP0QP2zYy50b6gFxFt7NtNq+H/metTvOwgVsX7
f24Ro/NcsYstfEODNoaDgVZFnRMdphguusQlU0ozQYl/GqinYjCtDhR2XCO0B772FrYN
wpVCUJGvExFdm/z8HxM5uxSsmAobOzXCxuokkxwGzHtl+XFTE9DfVY5/cWjLlsy1+1LV
aI0pOfxCW/q3MA6h1r+A4YM1HfO/t6XvQqAPtQyOfP0y2jmcmsn9NyCYOmljY8+oX+lD
3vIA==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=fail header.i=@oracle.com header.s=corp-2022-7-12
header.b=SRs9kPFj;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
rh14-20020a17090720ee00b009079470b7b1si9389957ejb.391.2023.03.06.11.20.34;
Mon, 06 Mar 2023 11:20:57 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=fail header.i=@oracle.com header.s=corp-2022-7-12
header.b=SRs9kPFj;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S229699AbjCFTTZ (ORCPT <rfc822;toshivichauhan@gmail.com>
+ 99 others); Mon, 6 Mar 2023 14:19:25 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42012 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S230132AbjCFTTM (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Mon, 6 Mar 2023 14:19:12 -0500
Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com
[205.220.177.32])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3A3E46C6B4;
Mon, 6 Mar 2023 11:18:54 -0800 (PST)
Received: from pps.filterd (m0246632.ppops.net [127.0.0.1])
by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id
326HSxkL019565;
Mon, 6 Mar 2023 19:18:30 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com;
h=from : to : cc :
subject : date : message-id : mime-version : content-transfer-encoding;
s=corp-2022-7-12; bh=R0FC7S7XViyQ2hmVARJlnKVtSo6GEEVdDFw0OUgx8vA=;
b=SRs9kPFj5N2Y1l2fMtjO6ly44K0h2ioVxXo3JzzvXwbOmiU9Cpn0app2twBwtL3zJ/Rt
EAhHuh0Ny5iVYux6v3xS/xm+944jpEZpRFpZeY7PqEsFIlto5nEdP/kLK0JtDpi4Fpth
WJq6G3dWegbfezAxbYcXddkIbJM6ZIkNFUs+wqfs6G0gAjwBlPB1HKTR42Dfe5yfOiR0
xQepaZlIcsWmM6M8/zInMWYh927MnJwniBofEQVQTwbQEC0YkxGSp9cLHx24VxepeBcU
MJBv7HRTFAMLHL+uqEhNF5bM5IW0UCn0r8FS6nA2ea3zr38+2w0nEhqdmAKFbtmA7yaB oA==
Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com
(iadpaimrmta02.appoci.oracle.com [147.154.18.20])
by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3p417cbrcy-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=OK);
Mon, 06 Mar 2023 19:18:30 +0000
Received: from pps.filterd
(iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1])
by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com
(8.17.1.5/8.17.1.5) with ESMTP id 326HX0Ok029280;
Mon, 6 Mar 2023 19:18:29 GMT
Received: from pps.reinject (localhost [127.0.0.1])
by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with
ESMTPS id 3p4u1dxcba-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=OK);
Mon, 06 Mar 2023 19:18:29 +0000
Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com
(iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1])
by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 326JFwKZ000582;
Mon, 6 Mar 2023 19:18:28 GMT
Received: from ca-dev112.us.oracle.com (ca-dev112.us.oracle.com
[10.129.136.47])
by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with
ESMTP id 3p4u1dxca8-1;
Mon, 06 Mar 2023 19:18:28 +0000
From: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Cc: error27@gmail.com,
Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>,
Alexander Aring <alex.aring@gmail.com>,
Stefan Schmidt <stefan@datenfreihafen.org>,
Miquel Raynal <miquel.raynal@bootlin.com>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>,
Paolo Abeni <pabeni@redhat.com>,
Marcel Holtmann <marcel@holtmann.org>,
Harry Morris <harrymorris12@gmail.com>,
linux-wpan@vger.kernel.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH next] ca8210: Fix unsigned mac_len comparison with zero in
ca8210_skb_tx()
Date: Mon, 6 Mar 2023 11:18:24 -0800
Message-Id: <20230306191824.4115839-1-harshit.m.mogalapalli@oracle.com>
X-Mailer: git-send-email 2.39.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Proofpoint-Virus-Version: vendor=baseguard
engine=ICAP:2.0.219,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22
definitions=2023-03-06_12,2023-03-06_01,2023-02-09_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0
phishscore=0 bulkscore=0
adultscore=0 suspectscore=0 spamscore=0 mlxlogscore=999 malwarescore=0
classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000
definitions=main-2303060170
X-Proofpoint-GUID: lqGlXhDw3PAOtAL1SHOcRMeTZe_LygDw
X-Proofpoint-ORIG-GUID: lqGlXhDw3PAOtAL1SHOcRMeTZe_LygDw
X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,
RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
To: unlisted-recipients:; (no To-header on input)
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1759647323167911976?=
X-GMAIL-MSGID: =?utf-8?q?1759647323167911976?=
|
| Series |
[next] ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx()
|
|
Commit Message
Harshit Mogalapalli
March 6, 2023, 7:18 p.m. UTC
mac_len is of type unsigned, which can never be less than zero.
mac_len = ieee802154_hdr_peek_addrs(skb, &header);
if (mac_len < 0)
return mac_len;
Change this to type int as ieee802154_hdr_peek_addrs() can return negative
integers, this is found by static analysis with smatch.
Fixes: ded845a781a5 ("ieee802154: Add CA8210 IEEE 802.15.4 device driver")
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
---
Only compile tested.
---
drivers/net/ieee802154/ca8210.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
Comments
Hi, On Mon, Mar 6, 2023 at 2:20 PM Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com> wrote: > > mac_len is of type unsigned, which can never be less than zero. > > mac_len = ieee802154_hdr_peek_addrs(skb, &header); > if (mac_len < 0) > return mac_len; > > Change this to type int as ieee802154_hdr_peek_addrs() can return negative > integers, this is found by static analysis with smatch. > > Fixes: ded845a781a5 ("ieee802154: Add CA8210 IEEE 802.15.4 device driver") > Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com> Acked-by: Alexander Aring <aahringo@redhat.com> sorry, I didn't see that... Thanks for sending this patch. - Alex
On Mon, Mar 06, 2023 at 11:18:24AM -0800, Harshit Mogalapalli wrote: > mac_len is of type unsigned, which can never be less than zero. > > mac_len = ieee802154_hdr_peek_addrs(skb, &header); > if (mac_len < 0) > return mac_len; > > Change this to type int as ieee802154_hdr_peek_addrs() can return negative > integers, this is found by static analysis with smatch. > > Fixes: ded845a781a5 ("ieee802154: Add CA8210 IEEE 802.15.4 device driver") > Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com> I discussed this briefly with Harshit offline. The commit referenced above tag does add the call to ieee802154_hdr_peek_addrs(), an there is a sign miss match between the return value and the variable. The code to check the mac_len was added more recently, by the following commit. However the fixes tag is probably fine as-is, because it's fixing error handling of a call made in that commit. 6c993779ea1d ("ca8210: fix mac_len negative array access") Reviewed-by: Simon Horman <simon.horman@corigine.com>
Hi, On Tue, Mar 7, 2023 at 3:44 AM Simon Horman <simon.horman@corigine.com> wrote: > > On Mon, Mar 06, 2023 at 11:18:24AM -0800, Harshit Mogalapalli wrote: > > mac_len is of type unsigned, which can never be less than zero. > > > > mac_len = ieee802154_hdr_peek_addrs(skb, &header); > > if (mac_len < 0) > > return mac_len; > > > > Change this to type int as ieee802154_hdr_peek_addrs() can return negative > > integers, this is found by static analysis with smatch. > > > > Fixes: ded845a781a5 ("ieee802154: Add CA8210 IEEE 802.15.4 device driver") > > Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com> > > I discussed this briefly with Harshit offline. > > The commit referenced above tag does add the call to > ieee802154_hdr_peek_addrs(), an there is a sign miss match between > the return value and the variable. > > The code to check the mac_len was added more recently, by the following > commit. However the fixes tag is probably fine as-is, because it's fixing > error handling of a call made in that commit. > > 6c993779ea1d ("ca8210: fix mac_len negative array access") > > Reviewed-by: Simon Horman <simon.horman@corigine.com> > sure, thanks for catching this. - Alex
Hello Harshit. On 06.03.23 20:18, Harshit Mogalapalli wrote: > mac_len is of type unsigned, which can never be less than zero. > > mac_len = ieee802154_hdr_peek_addrs(skb, &header); > if (mac_len < 0) > return mac_len; > > Change this to type int as ieee802154_hdr_peek_addrs() can return negative > integers, this is found by static analysis with smatch. > > Fixes: ded845a781a5 ("ieee802154: Add CA8210 IEEE 802.15.4 device driver") > Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com> > --- > Only compile tested. > --- > drivers/net/ieee802154/ca8210.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/drivers/net/ieee802154/ca8210.c b/drivers/net/ieee802154/ca8210.c > index 0b0c6c0764fe..d0b5129439ed 100644 > --- a/drivers/net/ieee802154/ca8210.c > +++ b/drivers/net/ieee802154/ca8210.c > @@ -1902,10 +1902,9 @@ static int ca8210_skb_tx( > struct ca8210_priv *priv > ) > { > - int status; > struct ieee802154_hdr header = { }; > struct secspec secspec; > - unsigned int mac_len; > + int mac_len, status; > > dev_dbg(&priv->spi->dev, "%s called\n", __func__); > This patch has been applied to the wpan tree and will be part of the next pull request to net. Thanks! I took the liberty and changed the fixes tag to the change that introduced the resaon for the mismatch recently. As suggested by Simon. regards Stefan Schmidt
Hello Simon. On 07.03.23 09:42, Simon Horman wrote: > On Mon, Mar 06, 2023 at 11:18:24AM -0800, Harshit Mogalapalli wrote: >> mac_len is of type unsigned, which can never be less than zero. >> >> mac_len = ieee802154_hdr_peek_addrs(skb, &header); >> if (mac_len < 0) >> return mac_len; >> >> Change this to type int as ieee802154_hdr_peek_addrs() can return negative >> integers, this is found by static analysis with smatch. >> >> Fixes: ded845a781a5 ("ieee802154: Add CA8210 IEEE 802.15.4 device driver") >> Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com> > > I discussed this briefly with Harshit offline. > > The commit referenced above tag does add the call to > ieee802154_hdr_peek_addrs(), an there is a sign miss match between > the return value and the variable. > > The code to check the mac_len was added more recently, by the following > commit. However the fixes tag is probably fine as-is, because it's fixing > error handling of a call made in that commit. > > 6c993779ea1d ("ca8210: fix mac_len negative array access") > > Reviewed-by: Simon Horman <simon.horman@corigine.com> I agree that the commit above is the better Fixes tag as it makes clear it only comes after this change. I amended the commit message accordingly when applying this to wpan. regards Stefan Schmidt
Hi Stefan, On 16/03/23 10:01 pm, Stefan Schmidt wrote: > Hello Harshit. > > On 06.03.23 20:18, Harshit Mogalapalli wrote: >> mac_len is of type unsigned, which can never be less than zero. >> >> mac_len = ieee802154_hdr_peek_addrs(skb, &header); >> if (mac_len < 0) >> return mac_len; >> >> Change this to type int as ieee802154_hdr_peek_addrs() can return >> negative >> integers, this is found by static analysis with smatch. >> >> Fixes: ded845a781a5 ("ieee802154: Add CA8210 IEEE 802.15.4 device >> driver") >> Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com> >> --- >> Only compile tested. >> --- >> drivers/net/ieee802154/ca8210.c | 3 +-- >> 1 file changed, 1 insertion(+), 2 deletions(-) >> >> diff --git a/drivers/net/ieee802154/ca8210.c >> b/drivers/net/ieee802154/ca8210.c >> index 0b0c6c0764fe..d0b5129439ed 100644 >> --- a/drivers/net/ieee802154/ca8210.c >> +++ b/drivers/net/ieee802154/ca8210.c >> @@ -1902,10 +1902,9 @@ static int ca8210_skb_tx( >> struct ca8210_priv *priv >> ) >> { >> - int status; >> struct ieee802154_hdr header = { }; >> struct secspec secspec; >> - unsigned int mac_len; >> + int mac_len, status; >> dev_dbg(&priv->spi->dev, "%s called\n", __func__); > > This patch has been applied to the wpan tree and will be > part of the next pull request to net. Thanks! > > I took the liberty and changed the fixes tag to the change that > introduced the resaon for the mismatch recently. As suggested by Simon. > Thanks for doing this, I wasn't very clear whether to change the Fixes tag and send a v2. Regards, Harshit > regards > Stefan Schmidt
diff --git a/drivers/net/ieee802154/ca8210.c b/drivers/net/ieee802154/ca8210.c index 0b0c6c0764fe..d0b5129439ed 100644 --- a/drivers/net/ieee802154/ca8210.c +++ b/drivers/net/ieee802154/ca8210.c @@ -1902,10 +1902,9 @@ static int ca8210_skb_tx( struct ca8210_priv *priv ) { - int status; struct ieee802154_hdr header = { }; struct secspec secspec; - unsigned int mac_len; + int mac_len, status; dev_dbg(&priv->spi->dev, "%s called\n", __func__);