| Message ID | 20170731204936.1511542-1-arnd@arndb.de |
|---|---|
| State | Accepted |
| Commit | d634baea628af60d20a82db911b9dc99a5f16244 |
| Headers | show |
On 07/31/2017 03:49 PM, Arnd Bergmann wrote: > The added support for version 5 CCPs introduced a false-positive > warning in the RSA implementation: > > drivers/crypto/ccp/ccp-ops.c: In function 'ccp_run_rsa_cmd': > drivers/crypto/ccp/ccp-ops.c:1856:3: error: 'sb_count' may be used uninitialized in this function [-Werror=maybe-uninitialized] > > This changes the code in a way that should make it easier for > the compiler to track the state of the sb_count variable, and > avoid the warning. > > Fixes: 6ba46c7d4d7e ("crypto: ccp - Fix base RSA function for version 5 CCPs") > Signed-off-by: Arnd Bergmann <arnd@arndb.de> > --- > drivers/crypto/ccp/ccp-ops.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c > index 40c062ad8726..a8bc207b099a 100644 > --- a/drivers/crypto/ccp/ccp-ops.c > +++ b/drivers/crypto/ccp/ccp-ops.c > @@ -1758,6 +1758,7 @@ static int ccp_run_rsa_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) > o_len = 32 * ((rsa->key_size + 255) / 256); > i_len = o_len * 2; > > + sb_count = 0; > if (cmd_q->ccp->vdata->version < CCP_VERSION(5, 0)) { > /* sb_count is the number of storage block slots required > * for the modulus. > @@ -1852,7 +1853,7 @@ static int ccp_run_rsa_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) > ccp_dm_free(&exp); > > e_sb: > - if (cmd_q->ccp->vdata->version < CCP_VERSION(5, 0)) > + if (sb_count) > cmd_q->ccp->vdata->perform->sbfree(cmd_q, op.sb_key, sb_count); > > return ret; > This is a fine solution. However, having lived with this annoyance for a while, and even hoping that a a later compiler fixes it, I would have preferred to either: 1) Initialize the local variable at declaration time, or 2) Use this patch, which the compiler could optimize as it sees fit, and maintains a clear distinction for the code path for older devices: /* Check against the maximum allowable size, in bits */ @@ -1762,7 +1762,7 @@ static int ccp_run_rsa_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) /* sb_count is the number of storage block slots required * for the modulus. */ - sb_count = o_len / CCP_SB_BYTES; + unsigned int sb_count = o_len / CCP_SB_BYTES; op.sb_key = cmd_q->ccp->vdata->perform->sballoc(cmd_q, sb_count); if (!op.sb_key) @@ -1853,7 +1853,10 @@ static int ccp_run_rsa_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) e_sb: if (cmd_q->ccp->vdata->version < CCP_VERSION(5, 0)) + { + unsigned int sb_count = o_len / CCP_SB_BYTES; cmd_q->ccp->vdata->perform->sbfree(cmd_q, op.sb_key, sb_count); + } return ret; } Discuss?diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c index 40c062a..a3a884a 100644 --- a/drivers/crypto/ccp/ccp-ops.c +++ b/drivers/crypto/ccp/ccp-ops.c @@ -1733,7 +1733,7 @@ static int ccp_run_rsa_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) struct ccp_rsa_engine *rsa = &cmd->u.rsa; struct ccp_dm_workarea exp, src, dst; struct ccp_op op; - unsigned int sb_count, i_len, o_len; + unsigned int i_len, o_len; int ret;
On Tue, Aug 1, 2017 at 4:52 PM, Gary R Hook <gary.hook@amd.com> wrote: > On 07/31/2017 03:49 PM, Arnd Bergmann wrote: >> >> The added support for version 5 CCPs introduced a false-positive >> warning in the RSA implementation: >> >> drivers/crypto/ccp/ccp-ops.c: In function 'ccp_run_rsa_cmd': >> drivers/crypto/ccp/ccp-ops.c:1856:3: error: 'sb_count' may be used >> uninitialized in this function [-Werror=maybe-uninitialized] >> >> This changes the code in a way that should make it easier for >> the compiler to track the state of the sb_count variable, and >> avoid the warning. >> >> Fixes: 6ba46c7d4d7e ("crypto: ccp - Fix base RSA function for version 5 >> CCPs") >> Signed-off-by: Arnd Bergmann <arnd@arndb.de> >> --- >> drivers/crypto/ccp/ccp-ops.c | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c >> index 40c062ad8726..a8bc207b099a 100644 >> --- a/drivers/crypto/ccp/ccp-ops.c >> +++ b/drivers/crypto/ccp/ccp-ops.c >> @@ -1758,6 +1758,7 @@ static int ccp_run_rsa_cmd(struct ccp_cmd_queue >> *cmd_q, struct ccp_cmd *cmd) >> o_len = 32 * ((rsa->key_size + 255) / 256); >> i_len = o_len * 2; >> >> + sb_count = 0; >> if (cmd_q->ccp->vdata->version < CCP_VERSION(5, 0)) { >> /* sb_count is the number of storage block slots required >> * for the modulus. >> @@ -1852,7 +1853,7 @@ static int ccp_run_rsa_cmd(struct ccp_cmd_queue >> *cmd_q, struct ccp_cmd *cmd) >> ccp_dm_free(&exp); >> >> e_sb: >> - if (cmd_q->ccp->vdata->version < CCP_VERSION(5, 0)) >> + if (sb_count) >> cmd_q->ccp->vdata->perform->sbfree(cmd_q, op.sb_key, >> sb_count); >> >> return ret; >> > > This is a fine solution. However, having lived with this annoyance for a > while, and even hoping that a > a later compiler fixes it, I would have preferred to either: > > 1) Initialize the local variable at declaration time, or I try to never do that in general, see https://rusty.ozlabs.org/?p=232 > 2) Use this patch, which the compiler could optimize as it sees fit, and > maintains a clear distinction > for the code path for older devices: This seems fine. > @@ -1853,7 +1853,10 @@ static int ccp_run_rsa_cmd(struct ccp_cmd_queue > *cmd_q, struct ccp_cmd *cmd) > > e_sb: > if (cmd_q->ccp->vdata->version < CCP_VERSION(5, 0)) > + { > + unsigned int sb_count = o_len / CCP_SB_BYTES; > cmd_q->ccp->vdata->perform->sbfree(cmd_q, op.sb_key, > sb_count); > + } I would probably skip the local variable as well then, and just open-code the length, unless that adds ugly line-wraps. Arnd
On 08/01/2017 03:35 PM, Arnd Bergmann wrote: > On Tue, Aug 1, 2017 at 4:52 PM, Gary R Hook <gary.hook@amd.com> wrote: >> On 07/31/2017 03:49 PM, Arnd Bergmann wrote: >>> >>> The added support for version 5 CCPs introduced a false-positive >>> warning in the RSA implementation: >>> >>> drivers/crypto/ccp/ccp-ops.c: In function 'ccp_run_rsa_cmd': >>> drivers/crypto/ccp/ccp-ops.c:1856:3: error: 'sb_count' may be used >>> uninitialized in this function [-Werror=maybe-uninitialized] >>> >>> This changes the code in a way that should make it easier for >>> the compiler to track the state of the sb_count variable, and >>> avoid the warning. >>> >>> Fixes: 6ba46c7d4d7e ("crypto: ccp - Fix base RSA function for version 5 >>> CCPs") >>> Signed-off-by: Arnd Bergmann <arnd@arndb.de> >>> --- >>> drivers/crypto/ccp/ccp-ops.c | 3 ++- >>> 1 file changed, 2 insertions(+), 1 deletion(-) >>> >>> diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c >>> index 40c062ad8726..a8bc207b099a 100644 >>> --- a/drivers/crypto/ccp/ccp-ops.c >>> +++ b/drivers/crypto/ccp/ccp-ops.c >>> @@ -1758,6 +1758,7 @@ static int ccp_run_rsa_cmd(struct ccp_cmd_queue >>> *cmd_q, struct ccp_cmd *cmd) >>> o_len = 32 * ((rsa->key_size + 255) / 256); >>> i_len = o_len * 2; >>> >>> + sb_count = 0; >>> if (cmd_q->ccp->vdata->version < CCP_VERSION(5, 0)) { >>> /* sb_count is the number of storage block slots required >>> * for the modulus. >>> @@ -1852,7 +1853,7 @@ static int ccp_run_rsa_cmd(struct ccp_cmd_queue >>> *cmd_q, struct ccp_cmd *cmd) >>> ccp_dm_free(&exp); >>> >>> e_sb: >>> - if (cmd_q->ccp->vdata->version < CCP_VERSION(5, 0)) >>> + if (sb_count) >>> cmd_q->ccp->vdata->perform->sbfree(cmd_q, op.sb_key, >>> sb_count); >>> >>> return ret; >>> >> >> This is a fine solution. However, having lived with this annoyance for a >> while, and even hoping that a >> a later compiler fixes it, I would have preferred to either: >> >> 1) Initialize the local variable at declaration time, or > > I try to never do that in general, see https://rusty.ozlabs.org/?p=232 I know. I just globally disagree with a global decision of this sort. Now I make errors that are more complex, partially because I've shot myself in the foot repeatedly, and learned from it. Nonetheless... I will ack your suggested patch. Thank you for addressing this. I've learned something.
On 07/31/2017 03:49 PM, Arnd Bergmann wrote: > The added support for version 5 CCPs introduced a false-positive > warning in the RSA implementation: > > drivers/crypto/ccp/ccp-ops.c: In function 'ccp_run_rsa_cmd': > drivers/crypto/ccp/ccp-ops.c:1856:3: error: 'sb_count' may be used uninitialized in this function [-Werror=maybe-uninitialized] > > This changes the code in a way that should make it easier for > the compiler to track the state of the sb_count variable, and > avoid the warning. > > Fixes: 6ba46c7d4d7e ("crypto: ccp - Fix base RSA function for version 5 CCPs") > Signed-off-by: Arnd Bergmann <arnd@arndb.de> > --- > drivers/crypto/ccp/ccp-ops.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c > index 40c062ad8726..a8bc207b099a 100644 > --- a/drivers/crypto/ccp/ccp-ops.c > +++ b/drivers/crypto/ccp/ccp-ops.c > @@ -1758,6 +1758,7 @@ static int ccp_run_rsa_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) > o_len = 32 * ((rsa->key_size + 255) / 256); > i_len = o_len * 2; > > + sb_count = 0; > if (cmd_q->ccp->vdata->version < CCP_VERSION(5, 0)) { > /* sb_count is the number of storage block slots required > * for the modulus. > @@ -1852,7 +1853,7 @@ static int ccp_run_rsa_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) > ccp_dm_free(&exp); > > e_sb: > - if (cmd_q->ccp->vdata->version < CCP_VERSION(5, 0)) > + if (sb_count) > cmd_q->ccp->vdata->perform->sbfree(cmd_q, op.sb_key, sb_count); > > return ret; > Reviewed-by: Gary R Hook <gary.hook@amd.com>
On Mon, Jul 31, 2017 at 10:49:21PM +0200, Arnd Bergmann wrote: > The added support for version 5 CCPs introduced a false-positive > warning in the RSA implementation: > > drivers/crypto/ccp/ccp-ops.c: In function 'ccp_run_rsa_cmd': > drivers/crypto/ccp/ccp-ops.c:1856:3: error: 'sb_count' may be used uninitialized in this function [-Werror=maybe-uninitialized] > > This changes the code in a way that should make it easier for > the compiler to track the state of the sb_count variable, and > avoid the warning. > > Fixes: 6ba46c7d4d7e ("crypto: ccp - Fix base RSA function for version 5 CCPs") > Signed-off-by: Arnd Bergmann <arnd@arndb.de> Patch applied. Thanks. -- Email: Herbert Xu <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c index 40c062ad8726..a8bc207b099a 100644 --- a/drivers/crypto/ccp/ccp-ops.c +++ b/drivers/crypto/ccp/ccp-ops.c @@ -1758,6 +1758,7 @@ static int ccp_run_rsa_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) o_len = 32 * ((rsa->key_size + 255) / 256); i_len = o_len * 2; + sb_count = 0; if (cmd_q->ccp->vdata->version < CCP_VERSION(5, 0)) { /* sb_count is the number of storage block slots required * for the modulus. @@ -1852,7 +1853,7 @@ static int ccp_run_rsa_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) ccp_dm_free(&exp); e_sb: - if (cmd_q->ccp->vdata->version < CCP_VERSION(5, 0)) + if (sb_count) cmd_q->ccp->vdata->perform->sbfree(cmd_q, op.sb_key, sb_count); return ret;
The added support for version 5 CCPs introduced a false-positive warning in the RSA implementation: drivers/crypto/ccp/ccp-ops.c: In function 'ccp_run_rsa_cmd': drivers/crypto/ccp/ccp-ops.c:1856:3: error: 'sb_count' may be used uninitialized in this function [-Werror=maybe-uninitialized] This changes the code in a way that should make it easier for the compiler to track the state of the sb_count variable, and avoid the warning. Fixes: 6ba46c7d4d7e ("crypto: ccp - Fix base RSA function for version 5 CCPs") Signed-off-by: Arnd Bergmann <arnd@arndb.de> --- drivers/crypto/ccp/ccp-ops.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -- 2.9.0