From: Jacek Anaszewski <j.anaszewski@samsung.com>
To: Simon Guinot <simon.guinot@sequanux.org>
Cc: Dan Carpenter <dan.carpenter@oracle.com>,
Bryan Wu <cooloney@gmail.com>, Richard Purdie <rpurdie@rpsys.net>,
linux-leds@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [patch 2/2 v2] leds: netxbig: silence a static checker warning
Date: Mon, 13 Apr 2015 12:54:46 +0200 [thread overview]
Message-ID: <552BA076.4050205@samsung.com> (raw)
In-Reply-To: <20150413101619.GL1509@kw.sim.vm.gnt>
On 04/13/2015 12:16 PM, Simon Guinot wrote:
> On Mon, Apr 13, 2015 at 09:35:19AM +0200, Jacek Anaszewski wrote:
>> On 04/10/2015 09:52 PM, Simon Guinot wrote:
>>> On Fri, Apr 10, 2015 at 06:50:34PM +0300, Dan Carpenter wrote:
>>>> I've looked at this some more. Most of the places which call
>>>> of_property_read_u32_index() check the return code. The ones that don't
>>>> mostly initialize their values going in. The remainder introduce static
>>>> checker warnings like:
>>>>
>>>> drivers/clk/ti/divider.c:472 ti_clk_get_div_table()
>>>> error: potentially using uninitialized 'val'.
>>>>
>>>> These warnings cause me pain. It calls of_get_property() earlier so
>>>> it won't return -EINVAL. I don't know if it can return -ENODATA or
>>>> -EOVERFLOW?
>>>>
>>>> I guess not.
>>>
>>> I think it can't. Above, we are calling of_property_count_u32_elems() to
>>> count the number of u32 elements in the "timers" property. After we are
>>> ensuring that there is three u32 elements available per timer. That's
>>> why the return codes for the three of_property_read_u32_index() calls
>>> are not checked.
>>
>> After looking at Documentation/devicetree/bindings/leds/leds-netxbig.txt
>> I noticed inconsistency: timers property is defined as required, but
>> the comment over the call to of_property_count_u32_elems says that it
>> is optional.
>>
>> I think that DT documentation should be changed to make the property
>> optional. How do you think?
>
> Thanks for spotting this. At first, I wrote the binding document. And
> since there is always "blink timers" defined with this LED mechanism,
> I made the property mandatory. But after, in the code, I made it
> optional because there is no point in discarding a LED if timers are
> missing.
>
> I'll update the documentation accordingly.
>
>>
>> Besides, I am wondering if we shouldn't check if the values read are
>> sane? In such a case initializing delay_on and delay_off to 0 would be
>> useful. We could check if both delays don't equal 0, which could happen
>> if the of_property_read_u32_index returned negative value because of
>> providing values out of bounds or not numerical values.
>
> Well, here I didn't checked too much intentionally. IMO, calling
> of_property_count_u32_elems() is enough to make sure that the following
> u32 read will succeed. After that, there is not real way to check if a
> delay value is sane, or not. To make work an hardware timer, correct
> values have to be defined in the DT. If not, then this hardware timer
> will be either broken or not reachable. It is not really harmful.
OK, that makes sense.
> Now, I can see, that I have also missed a check on the timer "mode"
> value. And since mode is used as an array index, I think it is a little
> bit more serious...
Yeah, the mode needs to be validated.
> Dan, given that the patches adding DT support for the leds-netxbig
> driver have not been merged with Linux v4.1, I propose you drop your
> patch. Instead, I'll send a v2, trying to take into account all the
> comments here.
>
> Thanks for the review and the comments.
>
> Simon
>
--
Best Regards,
Jacek Anaszewski
WARNING: multiple messages have this Message-ID (diff)
From: Jacek Anaszewski <j.anaszewski@samsung.com>
To: Simon Guinot <simon.guinot@sequanux.org>
Cc: Dan Carpenter <dan.carpenter@oracle.com>,
Bryan Wu <cooloney@gmail.com>, Richard Purdie <rpurdie@rpsys.net>,
linux-leds@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [patch 2/2 v2] leds: netxbig: silence a static checker warning
Date: Mon, 13 Apr 2015 10:54:46 +0000 [thread overview]
Message-ID: <552BA076.4050205@samsung.com> (raw)
In-Reply-To: <20150413101619.GL1509@kw.sim.vm.gnt>
On 04/13/2015 12:16 PM, Simon Guinot wrote:
> On Mon, Apr 13, 2015 at 09:35:19AM +0200, Jacek Anaszewski wrote:
>> On 04/10/2015 09:52 PM, Simon Guinot wrote:
>>> On Fri, Apr 10, 2015 at 06:50:34PM +0300, Dan Carpenter wrote:
>>>> I've looked at this some more. Most of the places which call
>>>> of_property_read_u32_index() check the return code. The ones that don't
>>>> mostly initialize their values going in. The remainder introduce static
>>>> checker warnings like:
>>>>
>>>> drivers/clk/ti/divider.c:472 ti_clk_get_div_table()
>>>> error: potentially using uninitialized 'val'.
>>>>
>>>> These warnings cause me pain. It calls of_get_property() earlier so
>>>> it won't return -EINVAL. I don't know if it can return -ENODATA or
>>>> -EOVERFLOW?
>>>>
>>>> I guess not.
>>>
>>> I think it can't. Above, we are calling of_property_count_u32_elems() to
>>> count the number of u32 elements in the "timers" property. After we are
>>> ensuring that there is three u32 elements available per timer. That's
>>> why the return codes for the three of_property_read_u32_index() calls
>>> are not checked.
>>
>> After looking at Documentation/devicetree/bindings/leds/leds-netxbig.txt
>> I noticed inconsistency: timers property is defined as required, but
>> the comment over the call to of_property_count_u32_elems says that it
>> is optional.
>>
>> I think that DT documentation should be changed to make the property
>> optional. How do you think?
>
> Thanks for spotting this. At first, I wrote the binding document. And
> since there is always "blink timers" defined with this LED mechanism,
> I made the property mandatory. But after, in the code, I made it
> optional because there is no point in discarding a LED if timers are
> missing.
>
> I'll update the documentation accordingly.
>
>>
>> Besides, I am wondering if we shouldn't check if the values read are
>> sane? In such a case initializing delay_on and delay_off to 0 would be
>> useful. We could check if both delays don't equal 0, which could happen
>> if the of_property_read_u32_index returned negative value because of
>> providing values out of bounds or not numerical values.
>
> Well, here I didn't checked too much intentionally. IMO, calling
> of_property_count_u32_elems() is enough to make sure that the following
> u32 read will succeed. After that, there is not real way to check if a
> delay value is sane, or not. To make work an hardware timer, correct
> values have to be defined in the DT. If not, then this hardware timer
> will be either broken or not reachable. It is not really harmful.
OK, that makes sense.
> Now, I can see, that I have also missed a check on the timer "mode"
> value. And since mode is used as an array index, I think it is a little
> bit more serious...
Yeah, the mode needs to be validated.
> Dan, given that the patches adding DT support for the leds-netxbig
> driver have not been merged with Linux v4.1, I propose you drop your
> patch. Instead, I'll send a v2, trying to take into account all the
> comments here.
>
> Thanks for the review and the comments.
>
> Simon
>
--
Best Regards,
Jacek Anaszewski
next prev parent reply other threads:[~2015-04-13 10:54 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-09 9:07 [patch 2/2] leds: netxbig: clean up a data type issue Dan Carpenter
2015-04-09 9:07 ` Dan Carpenter
2015-04-09 19:25 ` Simon Guinot
2015-04-09 19:25 ` Simon Guinot
2015-04-09 19:25 ` Simon Guinot
2015-04-09 19:54 ` Dan Carpenter
2015-04-09 19:54 ` Dan Carpenter
2015-04-09 19:54 ` Dan Carpenter
2015-04-10 0:25 ` Simon Guinot
2015-04-10 0:25 ` Simon Guinot
2015-04-10 0:25 ` Simon Guinot
2015-04-10 8:30 ` [patch 2/2 v2] leds: netxbig: silence a static checker warning Dan Carpenter
2015-04-10 8:30 ` Dan Carpenter
2015-04-10 14:18 ` Jacek Anaszewski
2015-04-10 14:18 ` Jacek Anaszewski
2015-04-10 14:30 ` Dan Carpenter
2015-04-10 14:30 ` Dan Carpenter
2015-04-10 14:41 ` Simon Guinot
2015-04-10 14:41 ` Simon Guinot
2015-04-10 15:50 ` Dan Carpenter
2015-04-10 15:50 ` Dan Carpenter
2015-04-10 19:52 ` Simon Guinot
2015-04-10 19:52 ` Simon Guinot
2015-04-13 7:35 ` Jacek Anaszewski
2015-04-13 7:35 ` Jacek Anaszewski
2015-04-13 10:16 ` Simon Guinot
2015-04-13 10:16 ` Simon Guinot
2015-04-13 10:54 ` Jacek Anaszewski [this message]
2015-04-13 10:54 ` Jacek Anaszewski
2015-04-13 10:16 ` Dan Carpenter
2015-04-13 10:16 ` Dan Carpenter
2015-04-10 14:30 ` Simon Guinot
2015-04-10 14:30 ` Simon Guinot
2015-04-13 8:25 ` Gregory CLEMENT
2015-04-13 8:25 ` Gregory CLEMENT
2015-04-13 9:20 ` Simon Guinot
2015-04-13 9:20 ` Simon Guinot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=552BA076.4050205@samsung.com \
--to=j.anaszewski@samsung.com \
--cc=cooloney@gmail.com \
--cc=dan.carpenter@oracle.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-leds@vger.kernel.org \
--cc=rpurdie@rpsys.net \
--cc=simon.guinot@sequanux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.