diff mbox

PCI: mvebu: Fix uninitialized variable in mvebu_get_tgt_attr()

Message ID 20140905174122.GD8080@google.com (mailing list archive)
State New, archived
Headers show

Commit Message

Bjorn Helgaas Sept. 5, 2014, 5:41 p.m. UTC
On Fri, Aug 08, 2014 at 05:34:05PM +0200, Geert Uytterhoeven wrote:
> drivers/pci/host/pci-mvebu.c: In function 'mvebu_get_tgt_attr':
> drivers/pci/host/pci-mvebu.c:887:39: warning: 'rtype' may be used uninitialized in this function [-Wmaybe-uninitialized]
>    if (slot == PCI_SLOT(devfn) && type == rtype) {
>                                        ^
> 
> If there's ever gonna be a configuration space or 64-bit memory space
> entry in DT, rtype will be uninitialized, and the wrong entry may be
> returned.
> 
> Initialize rtype to 0 (which is an unused IORESOURCE_* type) to fix this.
> 
> Introduced in commit 11be65472a427dcf7a11ab6e3e3628f1c6768b5b ("PCI:
> mvebu: Adapt to the new device tree layout").
> 
> Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
> ---
> Alternatively, should the "else if (DT_FLAGS_TO_TYPE(flags) ==
> DT_TYPE_MEM32)" just be changed to "else", assuming there can never be
> other entries than for I/O or 32-bit memory space?
> ---
>  drivers/pci/host/pci-mvebu.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/pci/host/pci-mvebu.c b/drivers/pci/host/pci-mvebu.c
> index ce23e0f076b6..9515f0d13fd4 100644
> --- a/drivers/pci/host/pci-mvebu.c
> +++ b/drivers/pci/host/pci-mvebu.c
> @@ -877,7 +877,7 @@ static int mvebu_get_tgt_attr(struct device_node *np, int devfn,
>  		u32 flags = of_read_number(range, 1);
>  		u32 slot = of_read_number(range + 1, 1);
>  		u64 cpuaddr = of_read_number(range + na, pna);
> -		unsigned long rtype;
> +		unsigned long rtype = 0;
>  
>  		if (DT_FLAGS_TO_TYPE(flags) == DT_TYPE_IO)
>  			rtype = IORESOURCE_IO;
> -- 
> 1.9.1
> 

This fix looks right to me.  I added a stable tag as follows.  Thomas
and/or Jason, and you ack this?


commit f96f4040d0d01b6eeacda212cf7db105d06a55ba
Author: Geert Uytterhoeven <geert+renesas@glider.be>
Date:   Fri Aug 8 17:34:05 2014 +0200

    PCI: mvebu: Fix uninitialized "rtype" in mvebu_get_tgt_attr()
    
    drivers/pci/host/pci-mvebu.c: In function 'mvebu_get_tgt_attr':
    drivers/pci/host/pci-mvebu.c:887:39: warning: 'rtype' may be used uninitialized in this function [-Wmaybe-uninitialized]
       if (slot == PCI_SLOT(devfn) && type == rtype) {
                                           ^
    
    If there's ever a DT entry other than DT_TYPE_IO or DT_TYPE_MEM32,
    e.g., a configuration space or 64-bit memory space entry, rtype will
    be uninitialized, and the wrong entry may be returned.
    
    Initialize rtype to 0 (which is an unused IORESOURCE_* type) to fix this.
    
    Fixes: 11be65472a42 ("PCI: mvebu: Adapt to the new device tree layout")
    Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
    Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
    CC: stable@vger.kernel.org	# v3.12+

Comments

Thomas Petazzoni Sept. 5, 2014, 6:20 p.m. UTC | #1
Dear Bjorn Helgaas,

On Fri, 5 Sep 2014 11:41:22 -0600, Bjorn Helgaas wrote:

> This fix looks right to me.  I added a stable tag as follows.  Thomas
> and/or Jason, and you ack this?

Hum, I think I would actually prefer something like:

                if (DT_FLAGS_TO_TYPE(flags) == DT_TYPE_IO)
                        rtype = IORESOURCE_IO;
                else if (DT_FLAGS_TO_TYPE(flags) == DT_TYPE_MEM32)
                        rtype = IORESOURCE_MEM;
+		else
+			continue;

So that we're explicit with the fact that we only care about I/O and
MEM32 resource types.

Thanks,

Thomas
Arnd Bergmann Sept. 5, 2014, 6:34 p.m. UTC | #2
On Friday 05 September 2014 20:20:44 Thomas Petazzoni wrote:
> Hum, I think I would actually prefer something like:
> 
>                 if (DT_FLAGS_TO_TYPE(flags) == DT_TYPE_IO)
>                         rtype = IORESOURCE_IO;
>                 else if (DT_FLAGS_TO_TYPE(flags) == DT_TYPE_MEM32)
>                         rtype = IORESOURCE_MEM;
> +               else
> +                       continue;
> 
> So that we're explicit with the fact that we only care about I/O and
> MEM32 resource types.

Agreed, that looks better than my patch as well.

	Arnd
Bjorn Helgaas Sept. 5, 2014, 7 p.m. UTC | #3
On Fri, Sep 5, 2014 at 12:34 PM, Arnd Bergmann <arnd@arndb.de> wrote:
> On Friday 05 September 2014 20:20:44 Thomas Petazzoni wrote:
>> Hum, I think I would actually prefer something like:
>>
>>                 if (DT_FLAGS_TO_TYPE(flags) == DT_TYPE_IO)
>>                         rtype = IORESOURCE_IO;
>>                 else if (DT_FLAGS_TO_TYPE(flags) == DT_TYPE_MEM32)
>>                         rtype = IORESOURCE_MEM;
>> +               else
>> +                       continue;
>>
>> So that we're explicit with the fact that we only care about I/O and
>> MEM32 resource types.
>
> Agreed, that looks better than my patch as well.

I like it better, too, but we still need the "range += rangesz" part,
so I don't think it will work.  I suppose that could be moved to the
update expression of the "for" loop.  Or, since we don't use "i" in
the loop at all, maybe we could do something like this:

    for (; range < rend; range += rangesz)
Bjorn Helgaas Sept. 16, 2014, 11:17 p.m. UTC | #4
On Fri, Sep 05, 2014 at 01:00:29PM -0600, Bjorn Helgaas wrote:
> On Fri, Sep 5, 2014 at 12:34 PM, Arnd Bergmann <arnd@arndb.de> wrote:
> > On Friday 05 September 2014 20:20:44 Thomas Petazzoni wrote:
> >> Hum, I think I would actually prefer something like:
> >>
> >>                 if (DT_FLAGS_TO_TYPE(flags) == DT_TYPE_IO)
> >>                         rtype = IORESOURCE_IO;
> >>                 else if (DT_FLAGS_TO_TYPE(flags) == DT_TYPE_MEM32)
> >>                         rtype = IORESOURCE_MEM;
> >> +               else
> >> +                       continue;
> >>
> >> So that we're explicit with the fact that we only care about I/O and
> >> MEM32 resource types.
> >
> > Agreed, that looks better than my patch as well.
> 
> I like it better, too, but we still need the "range += rangesz" part,
> so I don't think it will work.  I suppose that could be moved to the
> update expression of the "for" loop.  Or, since we don't use "i" in
> the loop at all, maybe we could do something like this:
> 
>     for (; range < rend; range += rangesz)

Any more input on this?  I don't think I've seen anything actually acked by
Thomas or Jason.
diff mbox

Patch

diff --git a/drivers/pci/host/pci-mvebu.c b/drivers/pci/host/pci-mvebu.c
index a8c6f1a92e0f..081579c0971e 100644
--- a/drivers/pci/host/pci-mvebu.c
+++ b/drivers/pci/host/pci-mvebu.c
@@ -877,7 +877,7 @@  static int mvebu_get_tgt_attr(struct device_node *np, int devfn,
 		u32 flags = of_read_number(range, 1);
 		u32 slot = of_read_number(range + 1, 1);
 		u64 cpuaddr = of_read_number(range + na, pna);
-		unsigned long rtype;
+		unsigned long rtype = 0;
 
 		if (DT_FLAGS_TO_TYPE(flags) == DT_TYPE_IO)
 			rtype = IORESOURCE_IO;