powerpc/ipic: Fix a bounds check in ipic_set_priority()

The ipic_info[] array only has 95 elements so I have made the bounds
check smaller to prevent a read overflow.  It was Smatch that found
this issue:

    arch/powerpc/sysdev/ipic.c:784 ipic_set_priority()
    error: buffer overflow 'ipic_info' 95 <= 127

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
I wasn't able to find any callers of this code.  Maybe we removed the
last one in commit b9f0f1bb2bca ("[POWERPC] Adapt ipic driver to new
host_ops interface, add set_irq_type to set IRQ sense").  So perhaps we
should just remove it.  I'm not really comfortable doing that myself,
because I don't know the code well enough and can't build test
it properly.

 arch/powerpc/sysdev/ipic.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Hi Dan,

Thanks for the patch.

Dan Carpenter <dan.carpenter@oracle.com> writes:
> The ipic_info[] array only has 95 elements so I have made the bounds
> check smaller to prevent a read overflow.  It was Smatch that found
> this issue:
>
>     arch/powerpc/sysdev/ipic.c:784 ipic_set_priority()
>     error: buffer overflow 'ipic_info' 95 <= 127
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> I wasn't able to find any callers of this code.  Maybe we removed the
> last one in commit b9f0f1bb2bca ("[POWERPC] Adapt ipic driver to new
> host_ops interface, add set_irq_type to set IRQ sense").  So perhaps we
> should just remove it.  I'm not really comfortable doing that myself,
> because I don't know the code well enough and can't build test
> it properly.

Hah wow, last usage removed in 2006!

I don't see any mention of it since then, so I'll remove it. If it
breaks something we can put it back.

Can smatch help us find things like this that are defined non-static but
never used?

cheers

On Wed, 5 Dec 2018, Michael Ellerman wrote:

> Hi Dan,
>
> Thanks for the patch.
>
> Dan Carpenter <dan.carpenter@oracle.com> writes:
> > The ipic_info[] array only has 95 elements so I have made the bounds
> > check smaller to prevent a read overflow.  It was Smatch that found
> > this issue:
> >
> >     arch/powerpc/sysdev/ipic.c:784 ipic_set_priority()
> >     error: buffer overflow 'ipic_info' 95 <= 127
> >
> > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> > ---
> > I wasn't able to find any callers of this code.  Maybe we removed the
> > last one in commit b9f0f1bb2bca ("[POWERPC] Adapt ipic driver to new
> > host_ops interface, add set_irq_type to set IRQ sense").  So perhaps we
> > should just remove it.  I'm not really comfortable doing that myself,
> > because I don't know the code well enough and can't build test
> > it properly.
>
> Hah wow, last usage removed in 2006!
>
> I don't see any mention of it since then, so I'll remove it. If it
> breaks something we can put it back.
>
> Can smatch help us find things like this that are defined non-static but
> never used?

I wrote a Coccinelle script for this, that just uses grep.  Of course the
results need checking because uses can be constructed within macros using
#.

Are things that are defined static but are never used useful to keep
around?

julia

Julia Lawall <julia.lawall@lip6.fr> writes:
> On Wed, 5 Dec 2018, Michael Ellerman wrote:
>
>> Hi Dan,
>>
>> Thanks for the patch.
>>
>> Dan Carpenter <dan.carpenter@oracle.com> writes:
>> > The ipic_info[] array only has 95 elements so I have made the bounds
>> > check smaller to prevent a read overflow.  It was Smatch that found
>> > this issue:
>> >
>> >     arch/powerpc/sysdev/ipic.c:784 ipic_set_priority()
>> >     error: buffer overflow 'ipic_info' 95 <= 127
>> >
>> > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>> > ---
>> > I wasn't able to find any callers of this code.  Maybe we removed the
>> > last one in commit b9f0f1bb2bca ("[POWERPC] Adapt ipic driver to new
>> > host_ops interface, add set_irq_type to set IRQ sense").  So perhaps we
>> > should just remove it.  I'm not really comfortable doing that myself,
>> > because I don't know the code well enough and can't build test
>> > it properly.
>>
>> Hah wow, last usage removed in 2006!
>>
>> I don't see any mention of it since then, so I'll remove it. If it
>> breaks something we can put it back.
>>
>> Can smatch help us find things like this that are defined non-static but
>> never used?
>
> I wrote a Coccinelle script for this, that just uses grep.  Of course the
> results need checking because uses can be constructed within macros using
> #.

That would be cool. I can't immediately see it in scripts/coccinelle, is
it somewhere else?

> Are things that are defined static but are never used useful to keep
> around?

No, but the compiler will usually tell us about them via -Wunused-function.

cheers

On Wed, 5 Dec 2018, Michael Ellerman wrote:

> Julia Lawall <julia.lawall@lip6.fr> writes:
> > On Wed, 5 Dec 2018, Michael Ellerman wrote:
> >
> >> Hi Dan,
> >>
> >> Thanks for the patch.
> >>
> >> Dan Carpenter <dan.carpenter@oracle.com> writes:
> >> > The ipic_info[] array only has 95 elements so I have made the bounds
> >> > check smaller to prevent a read overflow.  It was Smatch that found
> >> > this issue:
> >> >
> >> >     arch/powerpc/sysdev/ipic.c:784 ipic_set_priority()
> >> >     error: buffer overflow 'ipic_info' 95 <= 127
> >> >
> >> > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> >> > ---
> >> > I wasn't able to find any callers of this code.  Maybe we removed the
> >> > last one in commit b9f0f1bb2bca ("[POWERPC] Adapt ipic driver to new
> >> > host_ops interface, add set_irq_type to set IRQ sense").  So perhaps we
> >> > should just remove it.  I'm not really comfortable doing that myself,
> >> > because I don't know the code well enough and can't build test
> >> > it properly.
> >>
> >> Hah wow, last usage removed in 2006!
> >>
> >> I don't see any mention of it since then, so I'll remove it. If it
> >> breaks something we can put it back.
> >>
> >> Can smatch help us find things like this that are defined non-static but
> >> never used?
> >
> > I wrote a Coccinelle script for this, that just uses grep.  Of course the
> > results need checking because uses can be constructed within macros using
> > #.
>
> That would be cool. I can't immediately see it in scripts/coccinelle, is
> it somewhere else?

No, it needs improvement...  I'll try to do something with it soon.  I
don't think it  is well suited to scrips/coccinelle, because it needs to
know where the kernel tree is to do the grep.

julia

>
> > Are things that are defined static but are never used useful to keep
> > around?
>
> No, but the compiler will usually tell us about them via -Wunused-function.
>
> cheers
>

Le 05/12/2018 à 04:26, Michael Ellerman a écrit :
> Hi Dan,
> 
> Thanks for the patch.
> 
> Dan Carpenter <dan.carpenter@oracle.com> writes:
>> The ipic_info[] array only has 95 elements so I have made the bounds
>> check smaller to prevent a read overflow.  It was Smatch that found
>> this issue:
>>
>>      arch/powerpc/sysdev/ipic.c:784 ipic_set_priority()
>>      error: buffer overflow 'ipic_info' 95 <= 127
>>
>> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>> ---
>> I wasn't able to find any callers of this code.  Maybe we removed the
>> last one in commit b9f0f1bb2bca ("[POWERPC] Adapt ipic driver to new
>> host_ops interface, add set_irq_type to set IRQ sense").  So perhaps we
>> should just remove it.  I'm not really comfortable doing that myself,
>> because I don't know the code well enough and can't build test
>> it properly.
> 
> Hah wow, last usage removed in 2006!
> 
> I don't see any mention of it since then, so I'll remove it. If it
> breaks something we can put it back.
> 
> Can smatch help us find things like this that are defined non-static but
> never used?
> 

I think we have to do that carrefully. Some of those functions might be 
used by out-of-tree boards.

I'm thinking especially at ipic_get_mcp_status() and 
ipic_set_mcp_status(). They are used in my 832x boards's machine check 
handler to know when a machine check is a timeout from the 832x watchdog.

Christophe

On Thu, 6 Dec 2018, Christophe LEROY wrote:

>
>
> Le 05/12/2018 à 04:26, Michael Ellerman a écrit :
> > Hi Dan,
> >
> > Thanks for the patch.
> >
> > Dan Carpenter <dan.carpenter@oracle.com> writes:
> > > The ipic_info[] array only has 95 elements so I have made the bounds
> > > check smaller to prevent a read overflow.  It was Smatch that found
> > > this issue:
> > >
> > >      arch/powerpc/sysdev/ipic.c:784 ipic_set_priority()
> > >      error: buffer overflow 'ipic_info' 95 <= 127
> > >
> > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> > > ---
> > > I wasn't able to find any callers of this code.  Maybe we removed the
> > > last one in commit b9f0f1bb2bca ("[POWERPC] Adapt ipic driver to new
> > > host_ops interface, add set_irq_type to set IRQ sense").  So perhaps we
> > > should just remove it.  I'm not really comfortable doing that myself,
> > > because I don't know the code well enough and can't build test
> > > it properly.
> >
> > Hah wow, last usage removed in 2006!
> >
> > I don't see any mention of it since then, so I'll remove it. If it
> > breaks something we can put it back.
> >
> > Can smatch help us find things like this that are defined non-static but
> > never used?
> >
>
> I think we have to do that carrefully. Some of those functions might be used
> by out-of-tree boards.
>
> I'm thinking especially at ipic_get_mcp_status() and ipic_set_mcp_status().
> They are used in my 832x boards's machine check handler to know when a machine
> check is a timeout from the 832x watchdog.

The message I have gotten in the past is that the Linux kernel doesn't
support code that is not used in the Linux kernel.  However, if I were to
do this, I would send the code to the individual maintainers, who
presumably would know what is actually needed and what is not.

Perhaps a good sanity check would be if the code has been used in the
past.  If there was a use in the past that has been removed, then perhaps
it is more likely that the function was intended for internal kernel use
rather than the case that you are describing.

julia

On Wed, Dec 05, 2018 at 02:26:47PM +1100, Michael Ellerman wrote:
> Can smatch help us find things like this that are defined non-static but
> never used?
> 

It's too tricky because it depends on the .config as well.

regards,
dan carpenter

Christophe LEROY <christophe.leroy@c-s.fr> writes:
> Le 05/12/2018 à 04:26, Michael Ellerman a écrit :
>> Hi Dan,
>> 
>> Thanks for the patch.
>> 
>> Dan Carpenter <dan.carpenter@oracle.com> writes:
>>> The ipic_info[] array only has 95 elements so I have made the bounds
>>> check smaller to prevent a read overflow.  It was Smatch that found
>>> this issue:
>>>
>>>      arch/powerpc/sysdev/ipic.c:784 ipic_set_priority()
>>>      error: buffer overflow 'ipic_info' 95 <= 127
>>>
>>> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>>> ---
>>> I wasn't able to find any callers of this code.  Maybe we removed the
>>> last one in commit b9f0f1bb2bca ("[POWERPC] Adapt ipic driver to new
>>> host_ops interface, add set_irq_type to set IRQ sense").  So perhaps we
>>> should just remove it.  I'm not really comfortable doing that myself,
>>> because I don't know the code well enough and can't build test
>>> it properly.
>> 
>> Hah wow, last usage removed in 2006!
>> 
>> I don't see any mention of it since then, so I'll remove it. If it
>> breaks something we can put it back.
>> 
>> Can smatch help us find things like this that are defined non-static but
>> never used?
>> 
>
> I think we have to do that carrefully. Some of those functions might be 
> used by out-of-tree boards.

We don't keep unused code around for out-of-tree boards.

Either the out-of-tree code should be merged upstream, or you can
maintain whatever extra functions you need as part of your out-of-tree
code base.

> I'm thinking especially at ipic_get_mcp_status() and 
> ipic_set_mcp_status(). They are used in my 832x boards's machine check 
> handler to know when a machine check is a timeout from the 832x watchdog.

Thanks for pointing them out, I'll send a patch to remove them :)

But seriously, why is your machine check code not in-tree, is there some
reason you can't merge it?

cheers

Le 07/12/2018 à 03:07, Michael Ellerman a écrit :
> Christophe LEROY <christophe.leroy@c-s.fr> writes:
>> Le 05/12/2018 à 04:26, Michael Ellerman a écrit :
>>> Hi Dan,
>>>
>>> Thanks for the patch.
>>>
>>> Dan Carpenter <dan.carpenter@oracle.com> writes:
>>>> The ipic_info[] array only has 95 elements so I have made the bounds
>>>> check smaller to prevent a read overflow.  It was Smatch that found
>>>> this issue:
>>>>
>>>>       arch/powerpc/sysdev/ipic.c:784 ipic_set_priority()
>>>>       error: buffer overflow 'ipic_info' 95 <= 127
>>>>
>>>> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>>>> ---
>>>> I wasn't able to find any callers of this code.  Maybe we removed the
>>>> last one in commit b9f0f1bb2bca ("[POWERPC] Adapt ipic driver to new
>>>> host_ops interface, add set_irq_type to set IRQ sense").  So perhaps we
>>>> should just remove it.  I'm not really comfortable doing that myself,
>>>> because I don't know the code well enough and can't build test
>>>> it properly.
>>>
>>> Hah wow, last usage removed in 2006!
>>>
>>> I don't see any mention of it since then, so I'll remove it. If it
>>> breaks something we can put it back.
>>>
>>> Can smatch help us find things like this that are defined non-static but
>>> never used?
>>>
>>
>> I think we have to do that carrefully. Some of those functions might be
>> used by out-of-tree boards.
> 
> We don't keep unused code around for out-of-tree boards.
> 
> Either the out-of-tree code should be merged upstream, or you can
> maintain whatever extra functions you need as part of your out-of-tree
> code base.
> 
>> I'm thinking especially at ipic_get_mcp_status() and
>> ipic_set_mcp_status(). They are used in my 832x boards's machine check
>> handler to know when a machine check is a timeout from the 832x watchdog.
> 
> Thanks for pointing them out, I'll send a patch to remove them :)

Lol :)

If you are doing the housework, you can remove 
ipic_set_highest_priority() ipic_enable_mcp() and ipic_disable_mcp()


> 
> But seriously, why is your machine check code not in-tree, is there some
> reason you can't merge it?

Maybe because you haven't merged it yet allthough I sent it more than 
three minutes ago. :)

Seriously, that was just left over with other priorities, and also 
because I'm not too happy about it because what I would really like is 
that it kills the userland app if any but don't crash the system when it 
is in interrupt or in idle.

But due to b96672dd840f ("powerpc: Machine check interrupt is a 
non-maskable interrupt"), die_will_crash() doesn't work anymore. So for 
the time being, the patch I sent is not killing anybody, just doing an 
Oops for notification (note that die_will_crash() is used in the Opal 
machine check handler, so it probably doesn't work anymore there either).

Christophe

On Thu, Dec 06, 2018 at 09:12:12AM +0100, Julia Lawall wrote:
> 
> 
> On Thu, 6 Dec 2018, Christophe LEROY wrote:
> 
> >
> >
> > Le 05/12/2018 à 04:26, Michael Ellerman a écrit :
> > > Hi Dan,
> > >
> > > Thanks for the patch.
> > >
> > > Dan Carpenter <dan.carpenter@oracle.com> writes:
> > > > The ipic_info[] array only has 95 elements so I have made the bounds
> > > > check smaller to prevent a read overflow.  It was Smatch that found
> > > > this issue:
> > > >
> > > >      arch/powerpc/sysdev/ipic.c:784 ipic_set_priority()
> > > >      error: buffer overflow 'ipic_info' 95 <= 127
> > > >
> > > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> > > > ---
> > > > I wasn't able to find any callers of this code.  Maybe we removed the
> > > > last one in commit b9f0f1bb2bca ("[POWERPC] Adapt ipic driver to new
> > > > host_ops interface, add set_irq_type to set IRQ sense").  So perhaps we
> > > > should just remove it.  I'm not really comfortable doing that myself,
> > > > because I don't know the code well enough and can't build test
> > > > it properly.
> > >
> > > Hah wow, last usage removed in 2006!
> > >
> > > I don't see any mention of it since then, so I'll remove it. If it
> > > breaks something we can put it back.
> > >
> > > Can smatch help us find things like this that are defined non-static but
> > > never used?
> > >
> >
> > I think we have to do that carrefully. Some of those functions might be used
> > by out-of-tree boards.
> >
> > I'm thinking especially at ipic_get_mcp_status() and ipic_set_mcp_status().
> > They are used in my 832x boards's machine check handler to know when a machine
> > check is a timeout from the 832x watchdog.
> 
> The message I have gotten in the past is that the Linux kernel doesn't
> support code that is not used in the Linux kernel.  However, if I were to
> do this, I would send the code to the individual maintainers, who
> presumably would know what is actually needed and what is not.
> 
> Perhaps a good sanity check would be if the code has been used in the
> past.  If there was a use in the past that has been removed, then perhaps
> it is more likely that the function was intended for internal kernel use
> rather than the case that you are describing.

Yeah.  That's a good idea.  I've been encouraging people who remove
"written to but not used" variables to say in the commit message
"variable foo has not been used since commit 123412341243 ("blah blah")."
It helps me review the patch as well.

regards,
dan carpenter