[PATCH] ASoC: cs35l32: avoid uninitialized variable access

[PATCH] ASoC: cs35l32: avoid uninitialized variable access

[Arnd Bergmann]

gcc warns about the possibilty of accessing a property read from
devicetree in cs35l32_i2c_probe() when it has not been initialized
because CONFIG_OF is disabled:

sound/soc/codecs/cs35l32.c: In function 'cs35l32_i2c_probe':
sound/soc/codecs/cs35l32.c:278:2: warning: 'val' may be used uninitialized in this function [-Wmaybe-uninitialized]

The code is actually correct because it checks the dev->of_node
variable first and we know this is NULL here, but by adding a
check for IS_ENABLED(CONFIG_OF), we can let the compiler know
as well, and also generate smaller object code.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>

diff --git a/sound/soc/codecs/cs35l32.c b/sound/soc/codecs/cs35l32.c
index 44c30fe3e315..52ffaa8eb02b 100644
--- a/sound/soc/codecs/cs35l32.c
+++ b/sound/soc/codecs/cs35l32.c
@@ -372,7 +372,7 @@ static int cs35l32_i2c_probe(struct i2c_client *i2c_client,
 			dev_err(&i2c_client->dev, "could not allocate pdata\n");
 			return -ENOMEM;
 		}
-		if (i2c_client->dev.of_node) {
+		if (IS_ENABLED(CONFIG_OF) && i2c_client->dev.of_node) {
 			ret = cs35l32_handle_of_data(i2c_client,
 						     &cs35l32->pdata);
 			if (ret != 0)

Re: [PATCH] ASoC: cs35l32: avoid uninitialized variable access

[Mark Brown]

[-- Attachment #1: Type: text/plain, Size: 352 bytes --]

On Sat, Jan 02, 2016 at 12:19:52AM +0100, Arnd Bergmann wrote:

> -		if (i2c_client->dev.of_node) {
> +		if (IS_ENABLED(CONFIG_OF) && i2c_client->dev.of_node) {

This would be a lot nicer if there was an __always_null annotation we
could put on of_node for !OF configurations, that'd Just Work and this
can't be the only case where we have this idiom.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

Re: [PATCH] ASoC: cs35l32: avoid uninitialized variable access

[Arnd Bergmann]

On Saturday 02 January 2016 14:17:46 Mark Brown wrote:
> On Sat, Jan 02, 2016 at 12:19:52AM +0100, Arnd Bergmann wrote:
> 
> > -             if (i2c_client->dev.of_node) {
> > +             if (IS_ENABLED(CONFIG_OF) && i2c_client->dev.of_node) {
> 
> This would be a lot nicer if there was an __always_null annotation we
> could put on of_node for !OF configurations, that'd Just Work and this
> can't be the only case where we have this idiom.
> 

How about an inline helper like

static inline struct device_node *dev_of_node(struct device *dev)
{
	if (IS_ENABLED(CONFIG_OF))
		return dev->of_node;	
}

	Arnd

Re: [PATCH] ASoC: cs35l32: avoid uninitialized variable access

[Russell King - ARM Linux]

On Mon, Jan 04, 2016 at 04:17:47PM +0100, Arnd Bergmann wrote:
> On Saturday 02 January 2016 14:17:46 Mark Brown wrote:
> > On Sat, Jan 02, 2016 at 12:19:52AM +0100, Arnd Bergmann wrote:
> > 
> > > -             if (i2c_client->dev.of_node) {
> > > +             if (IS_ENABLED(CONFIG_OF) && i2c_client->dev.of_node) {
> > 
> > This would be a lot nicer if there was an __always_null annotation we
> > could put on of_node for !OF configurations, that'd Just Work and this
> > can't be the only case where we have this idiom.
> > 
> 
> How about an inline helper like
> 
> static inline struct device_node *dev_of_node(struct device *dev)
> {
> 	if (IS_ENABLED(CONFIG_OF))
> 		return dev->of_node;	

ITYM:

	return IS_ENABLED(CONFIG_OF) ? dev->of_node : NULL;

or

	if (IS_ENABLED(CONFIG_OF))
		return dev->of_node;
	else
		return NULL;

> }
> 
> 	Arnd
> 
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

-- 
RMK's Patch system: http://www.arm.linux.org.uk/developer/patches/
FTTC broadband for 0.8mile line: currently at 9.6Mbps down 400kbps up
according to speedtest.net.

Re: [PATCH] ASoC: cs35l32: avoid uninitialized variable access

[Mark Brown]

[-- Attachment #1: Type: text/plain, Size: 707 bytes --]

On Mon, Jan 04, 2016 at 04:17:47PM +0100, Arnd Bergmann wrote:
> On Saturday 02 January 2016 14:17:46 Mark Brown wrote:

> > This would be a lot nicer if there was an __always_null annotation we
> > could put on of_node for !OF configurations, that'd Just Work and this
> > can't be the only case where we have this idiom.

> How about an inline helper like

> static inline struct device_node *dev_of_node(struct device *dev)
> {
> 	if (IS_ENABLED(CONFIG_OF))
> 		return dev->of_node;	
> }

Yeah, that'd work as well (with the correction Russell mentioned) - it's
a bit more typing but we already do similar things for the ID tables and
it looks nicer than the IS_ENABLED() in code does.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

Re: [PATCH] ASoC: cs35l32: avoid uninitialized variable access

[Arnd Bergmann]

On Monday 04 January 2016 15:20:58 Russell King - ARM Linux wrote:
> On Mon, Jan 04, 2016 at 04:17:47PM +0100, Arnd Bergmann wrote:
> > On Saturday 02 January 2016 14:17:46 Mark Brown wrote:
> > > On Sat, Jan 02, 2016 at 12:19:52AM +0100, Arnd Bergmann wrote:
> > > 
> > > > -             if (i2c_client->dev.of_node) {
> > > > +             if (IS_ENABLED(CONFIG_OF) && i2c_client->dev.of_node) {
> > > 
> > > This would be a lot nicer if there was an __always_null annotation we
> > > could put on of_node for !OF configurations, that'd Just Work and this
> > > can't be the only case where we have this idiom.
> > > 
> > 
> > How about an inline helper like
> > 
> > static inline struct device_node *dev_of_node(struct device *dev)
> > {
> >       if (IS_ENABLED(CONFIG_OF))
> >               return dev->of_node;    
> 
> ITYM:
> 
>         return IS_ENABLED(CONFIG_OF) ? dev->of_node : NULL;
> 
> or
> 
>         if (IS_ENABLED(CONFIG_OF))
>                 return dev->of_node;
>         else
>                 return NULL;
> 

Right, yes.

That reminds of a different problem that has been bugging me for a
while: We frequently have a pattern like

#ifdef CONFIG_FOO
static int function(void)
{
	...
}
#endif

struct operations = {
	...
#ifdef CONFIG_FOO
	.function = function;
#endif
	...
};

Except that people constantly get it wrong, e.g. by using the
wrong ifdef, forgetting one of the two ifdefs, or by leaving
unused static functions that only get called indirectly from the
other one that is built conditionally.

We could add a macro like

#define COND_PTR(config, ptr) (IS_ENABLED(config) ? (ptr) : NULL)

and then let the compiler figure out that "function" is unused even
without an explicit __maybe_unused annotation.  The function above
can be simplied to

static inline struct device_node *dev_of_node(struct device *dev)
{
	return COND_PTR(CONFIG_OF, dev->of_node);
}

with that, which is another benefit.

	Arnd

Re: [PATCH] ASoC: cs35l32: avoid uninitialized variable access

[Russell King - ARM Linux]

On Mon, Jan 04, 2016 at 05:41:05PM +0100, Arnd Bergmann wrote:
> That reminds of a different problem that has been bugging me for a
> while: We frequently have a pattern like
> 
> #ifdef CONFIG_FOO
> static int function(void)
> {
> 	...
> }
> #endif
> 
> struct operations = {
> 	...
> #ifdef CONFIG_FOO
> 	.function = function;
> #endif
> 	...
> };
> 
> Except that people constantly get it wrong, e.g. by using the
> wrong ifdef, forgetting one of the two ifdefs, or by leaving
> unused static functions that only get called indirectly from the
> other one that is built conditionally.

We already have a solution to that.  __maybe_unused against the
function, and use the correct #ifdef in the structure initialiser.
We just need reviewers to be better at picking that up.

> We could add a macro like
> 
> #define COND_PTR(config, ptr) (IS_ENABLED(config) ? (ptr) : NULL)
> 
> and then let the compiler figure out that "function" is unused even
> without an explicit __maybe_unused annotation.  The function above
> can be simplied to
> 
> static inline struct device_node *dev_of_node(struct device *dev)
> {
> 	return COND_PTR(CONFIG_OF, dev->of_node);
> }
> 
> with that, which is another benefit.

You're just inventing another way for people to get it wrong though.
Instead of having mismatched #ifdefs, we can now have a mismatched
#ifdef around the function and the COND_PTR config - and people will
add #ifdef's because they won't realise they don't need them.

You're reliant on reviewers to spotting the pattern, and suggesting
using COND_PTR() without #ifdefs around the function.  It's the same
problem with spotting the existing pattern and suggesting dropping
the #ifdef around the function and annotating the function with
__maybe_unused.

So, I don't see the benefit.

-- 
RMK's Patch system: http://www.arm.linux.org.uk/developer/patches/
FTTC broadband for 0.8mile line: currently at 9.6Mbps down 400kbps up
according to speedtest.net.

Re: [PATCH] ASoC: cs35l32: avoid uninitialized variable access

[Austin, Brian]

> On Mar 6, 2016, at 10:19 PM, Arnd Bergmann <arnd@arndb.de> wrote:
> 
> gcc warns about the possibilty of accessing a property read from
> devicetree in cs35l32_i2c_probe() when it has not been initialized
> because CONFIG_OF is disabled:
> 
> sound/soc/codecs/cs35l32.c: In function 'cs35l32_i2c_probe':
> sound/soc/codecs/cs35l32.c:278:2: warning: 'val' may be used uninitialized in this function [-Wmaybe-uninitialized]
> 
> The code is actually correct because it checks the dev->of_node
> variable first and we know this is NULL here when CONFIG_OF
> is disabled, but Russell King noticed that it's broken when
> we probe the device using DT, and the properties are absent.
> 
> The code already has some checking for incorrect values, and
> I keep that checking unchanged here, but add an additional
> check for an error returned by the property accessor functions
> that now gets handled the same way as incorrect data in the
> properties.
> 
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> ---
> sound/soc/codecs/cs35l32.c | 17 ++++++++++++-----
> 1 file changed, 12 insertions(+), 5 deletions(-)
> 
> diff --git a/sound/soc/codecs/cs35l32.c b/sound/soc/codecs/cs35l32.c
> index 44c30fe3e315..c490dc74121b 100644
> --- a/sound/soc/codecs/cs35l32.c
> +++ b/sound/soc/codecs/cs35l32.c
> @@ -274,21 +274,24 @@ static int cs35l32_handle_of_data(struct i2c_client *i2c_client,
> 	if (of_property_read_u32(np, "cirrus,sdout-share", &val) >= 0)
> 		pdata->sdout_share = val;
> 
> -	of_property_read_u32(np, "cirrus,boost-manager", &val);
> +	if (of_property_read_u32(np, "cirrus,boost-manager", &val))
> +		val = -1u;
> +
> 	switch (val) {
> 	case CS35L32_BOOST_MGR_AUTO:
> 	case CS35L32_BOOST_MGR_AUTO_AUDIO:
> 	case CS35L32_BOOST_MGR_BYPASS:
> 	case CS35L32_BOOST_MGR_FIXED:
> -		pdata->boost_mng = val;
With this one line removed won’t that keep from assigning the value for later?
The other ones don’t seem to do this but just check for bad value.
> 		break;
> +	case -1u:
> 	default:
> 		dev_err(&i2c_client->dev,
> 			"Wrong cirrus,boost-manager DT value %d\n", val);
> 		pdata->boost_mng = CS35L32_BOOST_MGR_BYPASS;
> 	}
> 
Regards,
Brian

[PATCH] ASoC: cs35l32: avoid uninitialized variable access

[Arnd Bergmann]

gcc warns about the possibilty of accessing a property read from
devicetree in cs35l32_i2c_probe() when it has not been initialized
because CONFIG_OF is disabled:

sound/soc/codecs/cs35l32.c: In function 'cs35l32_i2c_probe':
sound/soc/codecs/cs35l32.c:278:2: warning: 'val' may be used uninitialized in this function [-Wmaybe-uninitialized]

The code is actually correct because it checks the dev->of_node
variable first and we know this is NULL here when CONFIG_OF
is disabled, but Russell King noticed that it's broken when
we probe the device using DT, and the properties are absent.

The code already has some checking for incorrect values, and
I keep that checking unchanged here, but add an additional
check for an error returned by the property accessor functions
that now gets handled the same way as incorrect data in the
properties.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
 sound/soc/codecs/cs35l32.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/sound/soc/codecs/cs35l32.c b/sound/soc/codecs/cs35l32.c
index 44c30fe3e315..c490dc74121b 100644
--- a/sound/soc/codecs/cs35l32.c
+++ b/sound/soc/codecs/cs35l32.c
@@ -274,21 +274,24 @@ static int cs35l32_handle_of_data(struct i2c_client *i2c_client,
 	if (of_property_read_u32(np, "cirrus,sdout-share", &val) >= 0)
 		pdata->sdout_share = val;
 
-	of_property_read_u32(np, "cirrus,boost-manager", &val);
+	if (of_property_read_u32(np, "cirrus,boost-manager", &val))
+		val = -1u;
+
 	switch (val) {
 	case CS35L32_BOOST_MGR_AUTO:
 	case CS35L32_BOOST_MGR_AUTO_AUDIO:
 	case CS35L32_BOOST_MGR_BYPASS:
 	case CS35L32_BOOST_MGR_FIXED:
-		pdata->boost_mng = val;
 		break;
+	case -1u:
 	default:
 		dev_err(&i2c_client->dev,
 			"Wrong cirrus,boost-manager DT value %d\n", val);
 		pdata->boost_mng = CS35L32_BOOST_MGR_BYPASS;
 	}
 
-	of_property_read_u32(np, "cirrus,sdout-datacfg", &val);
+	if (of_property_read_u32(np, "cirrus,sdout-datacfg", &val))
+		val = -1u;
 	switch (val) {
 	case CS35L32_DATA_CFG_LR_VP:
 	case CS35L32_DATA_CFG_LR_STAT:
@@ -296,13 +299,15 @@ static int cs35l32_handle_of_data(struct i2c_client *i2c_client,
 	case CS35L32_DATA_CFG_LR_VPSTAT:
 		pdata->sdout_datacfg = val;
 		break;
+	case -1u:
 	default:
 		dev_err(&i2c_client->dev,
 			"Wrong cirrus,sdout-datacfg DT value %d\n", val);
 		pdata->sdout_datacfg = CS35L32_DATA_CFG_LR;
 	}
 
-	of_property_read_u32(np, "cirrus,battery-threshold", &val);
+	if (of_property_read_u32(np, "cirrus,battery-threshold", &val))
+		val = -1u;
 	switch (val) {
 	case CS35L32_BATT_THRESH_3_1V:
 	case CS35L32_BATT_THRESH_3_2V:
@@ -310,13 +315,15 @@ static int cs35l32_handle_of_data(struct i2c_client *i2c_client,
 	case CS35L32_BATT_THRESH_3_4V:
 		pdata->batt_thresh = val;
 		break;
+	case -1u:
 	default:
 		dev_err(&i2c_client->dev,
 			"Wrong cirrus,battery-threshold DT value %d\n", val);
 		pdata->batt_thresh = CS35L32_BATT_THRESH_3_3V;
 	}
 
-	of_property_read_u32(np, "cirrus,battery-recovery", &val);
+	if (of_property_read_u32(np, "cirrus,battery-recovery", &val))
+		val = -1u;
 	switch (val) {
 	case CS35L32_BATT_RECOV_3_1V:
 	case CS35L32_BATT_RECOV_3_2V:
-- 
2.7.0