Re: [PATCH v8 15/19] staging: r8188eu: change the type of a variable in rtw_read16()
From: Fabio M. De Francesco
Date: Mon Sep 20 2021 - 12:19:50 EST
On Monday, September 20, 2021 3:10:36 PM CEST Dan Carpenter wrote:
> On Mon, Sep 20, 2021 at 03:03:44PM +0200, Fabio M. De Francesco wrote:
> > On Monday, September 20, 2021 1:56:47 PM CEST Dan Carpenter wrote:
> > > On Mon, Sep 20, 2021 at 01:53:52AM +0200, Fabio M. De Francesco wrote:
> > > > Change the type of "data" from __le32 to __le16.
> > > >
> > >
> > > You should note in the commit message that:
> > >
> > > The last two bytes of "data" are not initialized so the
le32_to_cpu(data)
> > > technically reads uninitialized data. This can likely be detected by
> > > the KASan checker as reading uninitialized data. But because the bytes
> > > are discarded in the end so this will not affect runtime.
> > >
> > > regards,
> > > dan carpenter
> > >
> >
> > Dear Dan,
> >
> > Thanks for your suggestion about this specific topic.
> >
> > We thought that, since "data" is in bitwise AND with 0xffff before being
> > passed to the callee, it was enough to have reviewers know why we're
doing
> > that change of type with no further explanations. Actually it seems to be
not
> > enough to motivate that change.
> >
> > We will surely use the note you provided.
> >
> > However, since I'm not used to blindly follow suggestions (even if I
trust
> > your words with no doubts at all) without complete understanding of what
I'm
> > doing, I will need to understand what KASan is before copy-paste your
note.
>
> Google is your friend!
Yes, it is :)
I think you were referring to the KernelMemorySanitizer (KMSan), a detector
of uses of uninitialized memory (but it seems to not be upstream):
https://github.com/google/kmsan
Instead you wrote about the The Kernel Address Sanitizer (KASan) that seems
to be a dynamic memory error detector designed to find out-of-bound and use-
after-free bugs (this is upstream):
https://www.kernel.org/doc/html/v5.0/dev-tools/kasan.html
Can you please confirm?
Back to the code... uninitialised data is not a problem in the old code, it's
just bad design. The new code cannot affect runtime, it's just better design.
There's no change in runtime behaviour because of different protection nets:
Aside from the bitwise AND that truncate that variable two the size of two
bytes and set the higher bytes to 0, memcpy() inside usbctrl_vendorreq(), the
new usb_read() and usb_write uses memcpy() with count = size (and size is
checked also in rtw_writeN()).
I can't see any bugs. Just bad design, that we fix and possible sanitizer's
warning, that disappear with our fixes. Am I right?
Thanks,
Fabio
>
> Either way reading uninitialized data is generally bad. The trickier
> thing is showing that your changes don't affect runtime. For both of
> these le32 to le16 changes.
>
> regards,
> dan carpenter
>
>