Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Date:   Fri, 24 Jul 2020 16:57:22 -0700 (PDT)
Message-Id: <20200724.165722.526735468993909990.davem@davemloft.net>
To:     dinghao.liu@zju.edu.cn
Cc:     kjlu@umn.edu, sgoutham@marvell.com, lcherian@marvell.com,
        gakula@marvell.com, jerinj@marvell.com, kuba@kernel.org,
        netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] octeontx2-af: Fix use of uninitialized pointer bmap
From:   David Miller <davem@davemloft.net>
In-Reply-To: <20200724080657.19182-1-dinghao.liu@zju.edu.cn>
References: <20200724080657.19182-1-dinghao.liu@zju.edu.cn>
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk

From: Dinghao Liu <dinghao.liu@zju.edu.cn>
Date: Fri, 24 Jul 2020 16:06:57 +0800

> If req->ctype does not match any of NIX_AQ_CTYPE_CQ,
> NIX_AQ_CTYPE_SQ or NIX_AQ_CTYPE_RQ, pointer bmap will remain
> uninitialized and be accessed in test_bit(), which can lead
> to kernal crash.

This can never happen.

> Fix this by returning an error code if this case is triggered.
> 
> Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>

I strongly dislike changes like this.

Most callers of nix_lf_hwctx_disable() inside of rvu_nix.c set
req->ctype to one of the handled values.

The only other case, rvu_mbox_handler_nix_hwctx_disable(), is a
completely unused function and should be removed.

There is no functional problem in this code at all.

It is not possible show a code path where the stated problem can
actually occur.