diff mbox

crypto: ccp - avoid uninitialized variable warning

Message ID 20170731204936.1511542-1-arnd@arndb.de
State Accepted
Commit d634baea628af60d20a82db911b9dc99a5f16244
Headers show

Commit Message

Arnd Bergmann July 31, 2017, 8:49 p.m. UTC
The added support for version 5 CCPs introduced a false-positive
warning in the RSA implementation:

drivers/crypto/ccp/ccp-ops.c: In function 'ccp_run_rsa_cmd':
drivers/crypto/ccp/ccp-ops.c:1856:3: error: 'sb_count' may be used uninitialized in this function [-Werror=maybe-uninitialized]

This changes the code in a way that should make it easier for
the compiler to track the state of the sb_count variable, and
avoid the warning.

Fixes: 6ba46c7d4d7e ("crypto: ccp - Fix base RSA function for version 5 CCPs")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>

---
 drivers/crypto/ccp/ccp-ops.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

-- 
2.9.0

Comments

Hook, Gary Aug. 1, 2017, 2:52 p.m. UTC | #1
On 07/31/2017 03:49 PM, Arnd Bergmann wrote:
> The added support for version 5 CCPs introduced a false-positive

> warning in the RSA implementation:

>

> drivers/crypto/ccp/ccp-ops.c: In function 'ccp_run_rsa_cmd':

> drivers/crypto/ccp/ccp-ops.c:1856:3: error: 'sb_count' may be used uninitialized in this function [-Werror=maybe-uninitialized]

>

> This changes the code in a way that should make it easier for

> the compiler to track the state of the sb_count variable, and

> avoid the warning.

>

> Fixes: 6ba46c7d4d7e ("crypto: ccp - Fix base RSA function for version 5 CCPs")

> Signed-off-by: Arnd Bergmann <arnd@arndb.de>

> ---

>  drivers/crypto/ccp/ccp-ops.c | 3 ++-

>  1 file changed, 2 insertions(+), 1 deletion(-)

>

> diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c

> index 40c062ad8726..a8bc207b099a 100644

> --- a/drivers/crypto/ccp/ccp-ops.c

> +++ b/drivers/crypto/ccp/ccp-ops.c

> @@ -1758,6 +1758,7 @@ static int ccp_run_rsa_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd)

>  	o_len = 32 * ((rsa->key_size + 255) / 256);

>  	i_len = o_len * 2;

>

> +	sb_count = 0;

>  	if (cmd_q->ccp->vdata->version < CCP_VERSION(5, 0)) {

>  		/* sb_count is the number of storage block slots required

>  		 * for the modulus.

> @@ -1852,7 +1853,7 @@ static int ccp_run_rsa_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd)

>  	ccp_dm_free(&exp);

>

>  e_sb:

> -	if (cmd_q->ccp->vdata->version < CCP_VERSION(5, 0))

> +	if (sb_count)

>  		cmd_q->ccp->vdata->perform->sbfree(cmd_q, op.sb_key, sb_count);

>

>  	return ret;

>


This is a fine solution. However, having lived with this annoyance for a 
while, and even hoping that a
a later compiler fixes it, I would have preferred to either:

1) Initialize the local variable at declaration time, or

2) Use this patch, which the compiler could optimize as it sees fit, and 
maintains a clear distinction
for the code path for older devices:

         /* Check against the maximum allowable size, in bits */
@@ -1762,7 +1762,7 @@ static int ccp_run_rsa_cmd(struct ccp_cmd_queue 
*cmd_q, struct ccp_cmd *cmd)
                 /* sb_count is the number of storage block slots required
                  * for the modulus.
                  */
-               sb_count = o_len / CCP_SB_BYTES;
+               unsigned int sb_count = o_len / CCP_SB_BYTES;
                 op.sb_key = cmd_q->ccp->vdata->perform->sballoc(cmd_q,
                                                                 sb_count);
                 if (!op.sb_key)
@@ -1853,7 +1853,10 @@ static int ccp_run_rsa_cmd(struct ccp_cmd_queue 
*cmd_q, struct ccp_cmd *cmd)

  e_sb:
         if (cmd_q->ccp->vdata->version < CCP_VERSION(5, 0))
+       {
+               unsigned int sb_count = o_len / CCP_SB_BYTES;
                 cmd_q->ccp->vdata->perform->sbfree(cmd_q, op.sb_key, 
sb_count);
+       }

         return ret;
  }


Discuss?diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c
index 40c062a..a3a884a 100644
--- a/drivers/crypto/ccp/ccp-ops.c
+++ b/drivers/crypto/ccp/ccp-ops.c
@@ -1733,7 +1733,7 @@ static int ccp_run_rsa_cmd(struct ccp_cmd_queue 
*cmd_q, struct ccp_cmd *cmd)
         struct ccp_rsa_engine *rsa = &cmd->u.rsa;
         struct ccp_dm_workarea exp, src, dst;
         struct ccp_op op;
-       unsigned int sb_count, i_len, o_len;
+       unsigned int i_len, o_len;
         int ret;


Arnd Bergmann Aug. 1, 2017, 8:35 p.m. UTC | #2
On Tue, Aug 1, 2017 at 4:52 PM, Gary R Hook <gary.hook@amd.com> wrote:
> On 07/31/2017 03:49 PM, Arnd Bergmann wrote:

>>

>> The added support for version 5 CCPs introduced a false-positive

>> warning in the RSA implementation:

>>

>> drivers/crypto/ccp/ccp-ops.c: In function 'ccp_run_rsa_cmd':

>> drivers/crypto/ccp/ccp-ops.c:1856:3: error: 'sb_count' may be used

>> uninitialized in this function [-Werror=maybe-uninitialized]

>>

>> This changes the code in a way that should make it easier for

>> the compiler to track the state of the sb_count variable, and

>> avoid the warning.

>>

>> Fixes: 6ba46c7d4d7e ("crypto: ccp - Fix base RSA function for version 5

>> CCPs")

>> Signed-off-by: Arnd Bergmann <arnd@arndb.de>

>> ---

>>  drivers/crypto/ccp/ccp-ops.c | 3 ++-

>>  1 file changed, 2 insertions(+), 1 deletion(-)

>>

>> diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c

>> index 40c062ad8726..a8bc207b099a 100644

>> --- a/drivers/crypto/ccp/ccp-ops.c

>> +++ b/drivers/crypto/ccp/ccp-ops.c

>> @@ -1758,6 +1758,7 @@ static int ccp_run_rsa_cmd(struct ccp_cmd_queue

>> *cmd_q, struct ccp_cmd *cmd)

>>         o_len = 32 * ((rsa->key_size + 255) / 256);

>>         i_len = o_len * 2;

>>

>> +       sb_count = 0;

>>         if (cmd_q->ccp->vdata->version < CCP_VERSION(5, 0)) {

>>                 /* sb_count is the number of storage block slots required

>>                  * for the modulus.

>> @@ -1852,7 +1853,7 @@ static int ccp_run_rsa_cmd(struct ccp_cmd_queue

>> *cmd_q, struct ccp_cmd *cmd)

>>         ccp_dm_free(&exp);

>>

>>  e_sb:

>> -       if (cmd_q->ccp->vdata->version < CCP_VERSION(5, 0))

>> +       if (sb_count)

>>                 cmd_q->ccp->vdata->perform->sbfree(cmd_q, op.sb_key,

>> sb_count);

>>

>>         return ret;

>>

>

> This is a fine solution. However, having lived with this annoyance for a

> while, and even hoping that a

> a later compiler fixes it, I would have preferred to either:

>

> 1) Initialize the local variable at declaration time, or


I try to never do that in general, see https://rusty.ozlabs.org/?p=232

> 2) Use this patch, which the compiler could optimize as it sees fit, and

> maintains a clear distinction

> for the code path for older devices:


This seems fine.

> @@ -1853,7 +1853,10 @@ static int ccp_run_rsa_cmd(struct ccp_cmd_queue

> *cmd_q, struct ccp_cmd *cmd)

>

>  e_sb:

>         if (cmd_q->ccp->vdata->version < CCP_VERSION(5, 0))

> +       {

> +               unsigned int sb_count = o_len / CCP_SB_BYTES;

>                 cmd_q->ccp->vdata->perform->sbfree(cmd_q, op.sb_key,

> sb_count);

> +       }


I would probably skip the local variable as well then, and just open-code the
length, unless that adds ugly line-wraps.

       Arnd
Hook, Gary Aug. 1, 2017, 9:33 p.m. UTC | #3
On 08/01/2017 03:35 PM, Arnd Bergmann wrote:
> On Tue, Aug 1, 2017 at 4:52 PM, Gary R Hook <gary.hook@amd.com> wrote:

>> On 07/31/2017 03:49 PM, Arnd Bergmann wrote:

>>>

>>> The added support for version 5 CCPs introduced a false-positive

>>> warning in the RSA implementation:

>>>

>>> drivers/crypto/ccp/ccp-ops.c: In function 'ccp_run_rsa_cmd':

>>> drivers/crypto/ccp/ccp-ops.c:1856:3: error: 'sb_count' may be used

>>> uninitialized in this function [-Werror=maybe-uninitialized]

>>>

>>> This changes the code in a way that should make it easier for

>>> the compiler to track the state of the sb_count variable, and

>>> avoid the warning.

>>>

>>> Fixes: 6ba46c7d4d7e ("crypto: ccp - Fix base RSA function for version 5

>>> CCPs")

>>> Signed-off-by: Arnd Bergmann <arnd@arndb.de>

>>> ---

>>>  drivers/crypto/ccp/ccp-ops.c | 3 ++-

>>>  1 file changed, 2 insertions(+), 1 deletion(-)

>>>

>>> diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c

>>> index 40c062ad8726..a8bc207b099a 100644

>>> --- a/drivers/crypto/ccp/ccp-ops.c

>>> +++ b/drivers/crypto/ccp/ccp-ops.c

>>> @@ -1758,6 +1758,7 @@ static int ccp_run_rsa_cmd(struct ccp_cmd_queue

>>> *cmd_q, struct ccp_cmd *cmd)

>>>         o_len = 32 * ((rsa->key_size + 255) / 256);

>>>         i_len = o_len * 2;

>>>

>>> +       sb_count = 0;

>>>         if (cmd_q->ccp->vdata->version < CCP_VERSION(5, 0)) {

>>>                 /* sb_count is the number of storage block slots required

>>>                  * for the modulus.

>>> @@ -1852,7 +1853,7 @@ static int ccp_run_rsa_cmd(struct ccp_cmd_queue

>>> *cmd_q, struct ccp_cmd *cmd)

>>>         ccp_dm_free(&exp);

>>>

>>>  e_sb:

>>> -       if (cmd_q->ccp->vdata->version < CCP_VERSION(5, 0))

>>> +       if (sb_count)

>>>                 cmd_q->ccp->vdata->perform->sbfree(cmd_q, op.sb_key,

>>> sb_count);

>>>

>>>         return ret;

>>>

>>

>> This is a fine solution. However, having lived with this annoyance for a

>> while, and even hoping that a

>> a later compiler fixes it, I would have preferred to either:

>>

>> 1) Initialize the local variable at declaration time, or

>

> I try to never do that in general, see https://rusty.ozlabs.org/?p=232


I know. I just globally disagree with a global decision of this sort.
Now I make errors that are more complex, partially because I've shot myself
in the foot repeatedly, and learned from it.

Nonetheless...

I will ack your suggested patch. Thank you for addressing this. I've learned
something.
Hook, Gary Aug. 1, 2017, 9:37 p.m. UTC | #4
On 07/31/2017 03:49 PM, Arnd Bergmann wrote:
> The added support for version 5 CCPs introduced a false-positive

> warning in the RSA implementation:

>

> drivers/crypto/ccp/ccp-ops.c: In function 'ccp_run_rsa_cmd':

> drivers/crypto/ccp/ccp-ops.c:1856:3: error: 'sb_count' may be used uninitialized in this function [-Werror=maybe-uninitialized]

>

> This changes the code in a way that should make it easier for

> the compiler to track the state of the sb_count variable, and

> avoid the warning.

>

> Fixes: 6ba46c7d4d7e ("crypto: ccp - Fix base RSA function for version 5 CCPs")

> Signed-off-by: Arnd Bergmann <arnd@arndb.de>

> ---

>  drivers/crypto/ccp/ccp-ops.c | 3 ++-

>  1 file changed, 2 insertions(+), 1 deletion(-)

>

> diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c

> index 40c062ad8726..a8bc207b099a 100644

> --- a/drivers/crypto/ccp/ccp-ops.c

> +++ b/drivers/crypto/ccp/ccp-ops.c

> @@ -1758,6 +1758,7 @@ static int ccp_run_rsa_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd)

>  	o_len = 32 * ((rsa->key_size + 255) / 256);

>  	i_len = o_len * 2;

>

> +	sb_count = 0;

>  	if (cmd_q->ccp->vdata->version < CCP_VERSION(5, 0)) {

>  		/* sb_count is the number of storage block slots required

>  		 * for the modulus.

> @@ -1852,7 +1853,7 @@ static int ccp_run_rsa_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd)

>  	ccp_dm_free(&exp);

>

>  e_sb:

> -	if (cmd_q->ccp->vdata->version < CCP_VERSION(5, 0))

> +	if (sb_count)

>  		cmd_q->ccp->vdata->perform->sbfree(cmd_q, op.sb_key, sb_count);

>

>  	return ret;

>


Reviewed-by: Gary R Hook <gary.hook@amd.com>
Herbert Xu Aug. 9, 2017, 1:57 p.m. UTC | #5
On Mon, Jul 31, 2017 at 10:49:21PM +0200, Arnd Bergmann wrote:
> The added support for version 5 CCPs introduced a false-positive

> warning in the RSA implementation:

> 

> drivers/crypto/ccp/ccp-ops.c: In function 'ccp_run_rsa_cmd':

> drivers/crypto/ccp/ccp-ops.c:1856:3: error: 'sb_count' may be used uninitialized in this function [-Werror=maybe-uninitialized]

> 

> This changes the code in a way that should make it easier for

> the compiler to track the state of the sb_count variable, and

> avoid the warning.

> 

> Fixes: 6ba46c7d4d7e ("crypto: ccp - Fix base RSA function for version 5 CCPs")

> Signed-off-by: Arnd Bergmann <arnd@arndb.de>


Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
diff mbox

Patch

diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c
index 40c062ad8726..a8bc207b099a 100644
--- a/drivers/crypto/ccp/ccp-ops.c
+++ b/drivers/crypto/ccp/ccp-ops.c
@@ -1758,6 +1758,7 @@  static int ccp_run_rsa_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd)
 	o_len = 32 * ((rsa->key_size + 255) / 256);
 	i_len = o_len * 2;
 
+	sb_count = 0;
 	if (cmd_q->ccp->vdata->version < CCP_VERSION(5, 0)) {
 		/* sb_count is the number of storage block slots required
 		 * for the modulus.
@@ -1852,7 +1853,7 @@  static int ccp_run_rsa_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd)
 	ccp_dm_free(&exp);
 
 e_sb:
-	if (cmd_q->ccp->vdata->version < CCP_VERSION(5, 0))
+	if (sb_count)
 		cmd_q->ccp->vdata->perform->sbfree(cmd_q, op.sb_key, sb_count);
 
 	return ret;