From patchwork Mon Jan 18 15:40:15 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Arnd Bergmann <arnd@arndb.de>
X-Patchwork-Id: 101157
Delivered-To: patch@linaro.org
Received: by 10.112.130.2 with SMTP id oa2csp2065565lbb;
 Mon, 18 Jan 2016 07:40:44 -0800 (PST)
X-Received: by 10.98.14.68 with SMTP id w65mr37929854pfi.146.1453131644216; 
 Mon, 18 Jan 2016 07:40:44 -0800 (PST)
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 os9si1743121pab.169.2016.01.18.07.40.43; 
 Mon, 18 Jan 2016 07:40:44 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1755630AbcARPkm (ORCPT <rfc822;mathieu.poirier@linaro.org>
 + 29 others); Mon, 18 Jan 2016 10:40:42 -0500
Received: from mout.kundenserver.de ([212.227.17.10]:59807 "EHLO
 mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1755533AbcARPkh (ORCPT
 <rfc822;linux-kernel@vger.kernel.org>);
 Mon, 18 Jan 2016 10:40:37 -0500
Received: from wuerfel.localnet ([134.3.118.24]) by mrelayeu.kundenserver.de
 (mreue102) with ESMTPSA (Nemesis) id 0Lu5Kw-1aC4mU0CRi-011UOa;
 Mon, 18 Jan 2016 16:40:24 +0100
From: Arnd Bergmann <arnd@arndb.de>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
 davem@davemloft.net, Krzysztof =?utf-8?q?Ha=C5=82asa?= <khalasa@piap.pl>
Subject: [PATCH] crypto: ixp4xx: avoid uninitialized variable use
Date: Mon, 18 Jan 2016 16:40:15 +0100
Message-ID: <4569235.PkyVAB6DSj@wuerfel>
User-Agent: KMail/4.11.5 (Linux/3.16.0-10-generic; KDE/4.11.5; x86_64; ; )
MIME-Version: 1.0
X-Provags-ID: V03:K0:9SmnMz8ewlFXEhLLb339OzfCSTLOpq9TKPuZyVT4yvcVIxDUykC
 gT/9u5eUuiFXDdkxMs6vvDUUTkeQOD5bK6J98c6yR7pi69Tce/JvA4a+xdK31i6hwBwcobA
 MRmVYp1OrmqebE4uHD6HwNnEvMHbTu9S6gXRdTbaxIP8YxUK8HEzRg/ha/mfYFr4BzD6RJC
 0YpQCd7goABbK/tqFWgUg==
X-UI-Out-Filterresults: notjunk:1; V01:K0:uhHJ8AgR6K8=:MPcwjA7RWPPbJ/O/s8u167
 7iYOT9d1TFhUXlikCJ8IL0GAMY47o406NK8PFGqgVsXUTCtZ9P9DC5Yk+TLIQaDQvIVODOF1t
 2gTEL83CLeAs/TYgttgVIokBwzwE4G7x543ctFh5poIp8KT/fMFMAguVa7UM1ESVZkatCqmNK
 /+ofulPJRTaI7IbXr0bTqQ5DXbDrqn5RsvOO6s1djyoEVSU/S2HVZiNq2Il6XtJ3fhUJtFV/0
 rnS+bFIJy86tnLcJ5ncVm1kxtzly5jUDtj16K+NTJ0eLFty+1n/GJJEylPxmAk0zXlEculmFW
 mueSgMkc9jiqM+kVXmPr+faTp3UXJ1Y8QNx7nuMmullvg6Y1fRXjjYajSTbrxnTbqohvizUW1
 0BlcyscJQlZDEBhTVTzRET6FGnN9v04xorNPZVFiT4LTPEZW2z4K3chS6rr9eiGQnXnw/pMZk
 pMe4zQ87XE9LU6jeQW/geFeLMdLyi6v4qfPKLvuTiRbzh0acuIAZHoHILqHP86nA0l+U93DQB
 AN+GGcduCkhR8SVnk0BUDwiX/0lGNU/cAPinwf1DDF4a4MbhdsbuzKR3toGr+xBN8XamrO3Zc
 Fvle0zss9FJqzyIEbXp/aIo2nVIAzlqNlPCo8ws54OSYzpnIFdxb2NfYbhkSLAZ6cndD94DRC
 8AiC2FRZNZQh3AarRvMM7XxJ9tZ6v9WycSZdzepgZJjMyINhqDsgAXY/b1gIFh7jjZ270zDZD
 5kF3zaz8oh8lhzHK
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

The move to the new AEAD interface introduced a path through the
aead_perform() function in the ixp4xx_crypto driver that leaves
lastlen uninitialized, as gcc warns:

crypto/ixp4xx_crypto.c:1072:5: error: 'lastlen' may be used uninitialized in this function [-Werror=maybe-uninitialized]
crypto/ixp4xx_crypto.c: In function 'aead_perform':
  if (unlikely(lastlen < authsize)) {

I don't really understand what the code does, but the warning
appears to be correct, and this is my best guess at how it
should behave instead: I'm introducing a temporary variable
that indicates whether we need to allocate an extra buffer
or not, and defaults that variable to 'false', so we only
allocate the buffer if one of the cases happen where we know
that "lastlen < authsize".

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: d7295a8dc965 ("crypto: ixp4xx - Convert to new AEAD interface")
---

Hi Herbert,

It was one of your patches that introduced the warning, so you may
be able to come up with a better fix than I did. Please see this as
a bug report. I have applied it in my ARM randconfig test tree to shut
up the warning for now.

diff --git a/drivers/crypto/ixp4xx_crypto.c b/drivers/crypto/ixp4xx_crypto.c
index e52496a172d0..00c39a5aa4c7 100644
--- a/drivers/crypto/ixp4xx_crypto.c
+++ b/drivers/crypto/ixp4xx_crypto.c
@@ -999,6 +999,7 @@ static int aead_perform(struct aead_request *req, int encrypt,
 				GFP_KERNEL : GFP_ATOMIC;
 	enum dma_data_direction src_direction = DMA_BIDIRECTIONAL;
 	unsigned int lastlen;
+	bool shortbuf = false;
 
 	if (qmgr_stat_full(SEND_QID))
 		return -EAGAIN;
@@ -1052,6 +1053,8 @@ static int aead_perform(struct aead_request *req, int encrypt,
 			if (lastlen >= authsize)
 				crypt->icv_rev_aes = buf->phys_addr +
 						     buf->buf_len - authsize;
+			else
+				shortbuf = true;
 		}
 	}
 
@@ -1067,9 +1070,11 @@ static int aead_perform(struct aead_request *req, int encrypt,
 		if (lastlen >= authsize)
 			crypt->icv_rev_aes = buf->phys_addr +
 					     buf->buf_len - authsize;
+		else
+			shortbuf = true;
 	}
 
-	if (unlikely(lastlen < authsize)) {
+	if (unlikely(shortbuf)) {
 		/* The 12 hmac bytes are scattered,
 		 * we need to copy them into a safe buffer */
 		req_ctx->hmac_virt = dma_pool_alloc(buffer_pool, flags,