* Coverity CID 146454: pcie_bus_configure_settings() use of uninitialized variable
@ 2014-04-03 16:09 Bjorn Helgaas
2014-04-04 1:48 ` Yijing Wang
0 siblings, 1 reply; 3+ messages in thread
From: Bjorn Helgaas @ 2014-04-03 16:09 UTC (permalink / raw)
To: Jon Mason, Yijing Wang; +Cc: linux-pci
Coverity complains that "smpss" is used uninitialized in
drivers/pci/probe.c in pcie_bus_configure_settings() when calling
pcie_bus_configure_set():
1642 pcie_bus_configure_set(bus->self, &smpss);
1643 pci_walk_bus(bus, pcie_bus_configure_set, &smpss);
"smpss" may be uninitialized, and pcie_bus_configure_set()
dereferences the pointer it receives.
This is CID 146454.
Bjorn
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Coverity CID 146454: pcie_bus_configure_settings() use of uninitialized variable
2014-04-03 16:09 Coverity CID 146454: pcie_bus_configure_settings() use of uninitialized variable Bjorn Helgaas
@ 2014-04-04 1:48 ` Yijing Wang
2014-04-29 23:06 ` Bjorn Helgaas
0 siblings, 1 reply; 3+ messages in thread
From: Yijing Wang @ 2014-04-04 1:48 UTC (permalink / raw)
To: Bjorn Helgaas, Jon Mason; +Cc: linux-pci
Hi Bjorn,
Jon seems to send a patch to fix this long ago. Link: http://patchwork.ozlabs.org/patch/191054/
But this patch cannot be applied now. I think we can just set smpss = 0 in this function as the default value.
Thanks!
Yijing.
On 2014/4/4 0:09, Bjorn Helgaas wrote:
> Coverity complains that "smpss" is used uninitialized in
> drivers/pci/probe.c in pcie_bus_configure_settings() when calling
> pcie_bus_configure_set():
>
> 1642 pcie_bus_configure_set(bus->self, &smpss);
> 1643 pci_walk_bus(bus, pcie_bus_configure_set, &smpss);
>
> "smpss" may be uninitialized, and pcie_bus_configure_set()
> dereferences the pointer it receives.
>
> This is CID 146454.
>
> Bjorn
>
>
--
Thanks!
Yijing
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Coverity CID 146454: pcie_bus_configure_settings() use of uninitialized variable
2014-04-04 1:48 ` Yijing Wang
@ 2014-04-29 23:06 ` Bjorn Helgaas
0 siblings, 0 replies; 3+ messages in thread
From: Bjorn Helgaas @ 2014-04-29 23:06 UTC (permalink / raw)
To: Yijing Wang; +Cc: Jon Mason, linux-pci
On Fri, Apr 04, 2014 at 09:48:52AM +0800, Yijing Wang wrote:
> Hi Bjorn,
> Jon seems to send a patch to fix this long ago. Link: http://patchwork.ozlabs.org/patch/191054/
> But this patch cannot be applied now. I think we can just set smpss = 0 in this function as the default value.
Yep. It's ugly, but I don't have time to try to make it prettier. I'll
apply the patch below.
> On 2014/4/4 0:09, Bjorn Helgaas wrote:
> > Coverity complains that "smpss" is used uninitialized in
> > drivers/pci/probe.c in pcie_bus_configure_settings() when calling
> > pcie_bus_configure_set():
> >
> > 1642 pcie_bus_configure_set(bus->self, &smpss);
> > 1643 pci_walk_bus(bus, pcie_bus_configure_set, &smpss);
> >
> > "smpss" may be uninitialized, and pcie_bus_configure_set()
> > dereferences the pointer it receives.
> >
> > This is CID 146454.
> >
> > Bjorn
PCI: Fix use of uninitialized MPS value
From: Bjorn Helgaas <bhelgaas@google.com>
If "pcie_bus_config == PCIE_BUS_PERFORMANCE", we don't initialize "smpss",
so we pass a pointer to garbage into pcie_bus_configure_set(), where we
compute "mps" based on the garbage. We then pass the garbage "mps" to
pcie_write_mps(), which ignores it in the PCIE_BUS_PERFORMANCE case.
Coverity isn't smart enough to deduce that we ignore the garbage (it's a
lot to expect from a human, too), so initialize "smpss" to a safe value in
all cases.
Found by Coverity (CID 146454).
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
---
drivers/pci/probe.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
index fe89a982a3da..490031fd2108 100644
--- a/drivers/pci/probe.c
+++ b/drivers/pci/probe.c
@@ -1617,7 +1617,7 @@ static int pcie_bus_configure_set(struct pci_dev *dev, void *data)
*/
void pcie_bus_configure_settings(struct pci_bus *bus)
{
- u8 smpss;
+ u8 smpss = 0;
if (!bus->self)
return;
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-04-29 23:06 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-04-03 16:09 Coverity CID 146454: pcie_bus_configure_settings() use of uninitialized variable Bjorn Helgaas
2014-04-04 1:48 ` Yijing Wang
2014-04-29 23:06 ` Bjorn Helgaas
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.