On Monday, September 20, 2021 3:10:36 PM CEST Dan Carpenter wrote: > On Mon, Sep 20, 2021 at 03:03:44PM +0200, Fabio M. De Francesco wrote: > > On Monday, September 20, 2021 1:56:47 PM CEST Dan Carpenter wrote: > > > On Mon, Sep 20, 2021 at 01:53:52AM +0200, Fabio M. De Francesco wrote: > > > > Change the type of "data" from __le32 to __le16. > > > > > > > > > > You should note in the commit message that: > > > > > > The last two bytes of "data" are not initialized so the le32_to_cpu(data) > > > technically reads uninitialized data. This can likely be detected by > > > the KASan checker as reading uninitialized data. But because the bytes > > > are discarded in the end so this will not affect runtime. > > > > > > regards, > > > dan carpenter > > > > > > > Dear Dan, > > > > Thanks for your suggestion about this specific topic. > > > > We thought that, since "data" is in bitwise AND with 0xffff before being > > passed to the callee, it was enough to have reviewers know why we're doing > > that change of type with no further explanations. Actually it seems to be not > > enough to motivate that change. > > > > We will surely use the note you provided. > > > > However, since I'm not used to blindly follow suggestions (even if I trust > > your words with no doubts at all) without complete understanding of what I'm > > doing, I will need to understand what KASan is before copy-paste your note. > > Google is your friend! Yes, it is :) I think you were referring to the KernelMemorySanitizer (KMSan), a detector of uses of uninitialized memory (but it seems to not be upstream): https://github.com/google/kmsan Instead you wrote about the The Kernel Address Sanitizer (KASan) that seems to be a dynamic memory error detector designed to find out-of-bound and use- after-free bugs (this is upstream): https://www.kernel.org/doc/html/v5.0/dev-tools/kasan.html Can you please confirm? Back to the code... uninitialised data is not a problem in the old code, it's just bad design. The new code cannot affect runtime, it's just better design. There's no change in runtime behaviour because of different protection nets: Aside from the bitwise AND that truncate that variable two the size of two bytes and set the higher bytes to 0, memcpy() inside usbctrl_vendorreq(), the new usb_read() and usb_write uses memcpy() with count = size (and size is checked also in rtw_writeN()). I can't see any bugs. Just bad design, that we fix and possible sanitizer's warning, that disappear with our fixes. Am I right? Thanks, Fabio > > Either way reading uninitialized data is generally bad. The trickier > thing is showing that your changes don't affect runtime. For both of > these le32 to le16 changes. > > regards, > dan carpenter > >
