On Tue, Jun 15, 2021 at 1:03 AM Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote: > > On Mon, Jun 14, 2021 at 11:27:03PM +0800, Jhih Ming Huang wrote: > > > Thanks for your explanation. > > > > To clarify, even though it might be false positives in some senses, > > following "hold the variable native-endian and check the conversion > > done correctly" > > is much easier than the other way. And it's exactly the current implementation. > > > > So it's better to keep the current implementation and ignore the > > warnings, right? > > Umm... If that's the case, the warnings should go away if you use > cpu_to_le32() for conversions from native to l-e and le32_to_cpu() > for conversions from l-e to native. > > IOW, the choice between those should annotate what's going on. > > In your case doing > *((u32 *)crc) = le32_to_cpu((__force __le32)~crc32_le(~0, payload, length - 4)); > is wrong - you have > crc32_le(...) native-endian > ~crc32_le(...) - ditto > le32_to_cpu(~crc32_le(...)) - byteswapped native-endian on b-e, unchanged on > l-e. So result will be little-endian representation of ~crc32(...) in all > cases. IOW, it's cpu_to_le32(~crc32_le(...)), misannotated as native-endian > instead of little-endian it actually is. > > Then you store that value (actually __le32) into *(u32 *)crc. Seeing that > crc is u8[4] there, that *(u32 *) is misleading - you are actually storing > __le32 there (and, AFAICS, doing noting with the result). The same story > in rtw_tkip_decrypt(), only there you do use the result later. > > So just make it __le32 crc and > crc = cpu_to_le32(~crc32_le(~0, payload, length - 4)); > with > if (crc[3] != payload[length - 1] || crc[2] != payload[length - 2] || > crc[1] != payload[length - 3] || crc[0] != payload[length - 4]) > turned into > if (memcmp(&crc, payload + length - 4, 4) != 0) > (or (crc != get_unaligned((__le32 *)(payload + length - 4))), > for that matter, to document what's going on and let the damn thing > pick the optimal implementation for given architecture). > > Incidentally, your secmicgetuint32() is simply get_unaligned_le32() > and secmicputuint32() - put_unaligned_le32(). No need to reinvent > that wheel... > Thanks for your comprehensive explanation. I just sent the v3 PATCH, but I replied to this thread. Should I create the other thread? For the secmicgetuint32(), I am not the author of this function, but you are right we should not reinvent the wheel. Let's focus on sparse warning fixing in this commit. thanks. --jmhuang
