From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755768AbdERUWw (ORCPT ); Thu, 18 May 2017 16:22:52 -0400 Received: from mout.kundenserver.de ([212.227.126.133]:60358 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755384AbdERUWr (ORCPT ); Thu, 18 May 2017 16:22:47 -0400 From: Arnd Bergmann To: Srinivas Pandruvada , Jiri Kosina Cc: linux-input@vger.kernel.org, linux-kernel@vger.kernel.org, arnd@arndb.de Subject: [PATCH v2 1/5] HID: intel_ish-hid: fix potential uninitialized data usage Date: Thu, 18 May 2017 22:21:40 +0200 Message-Id: <20170518202144.3482304-2-arnd@arndb.de> X-Mailer: git-send-email 2.9.0 In-Reply-To: <20170518202144.3482304-1-arnd@arndb.de> References: <20170518202144.3482304-1-arnd@arndb.de> X-Provags-ID: V03:K0:JJk82XbVBVDrpf6it6urzSyvm1tT6Y94aVEB155MXiW5GSptAHu c6cAsx6D90ILl1ixTkAHUebWz8b/lHKY4D2iKrR31NPQxHAxhm5R8I7p6Kz/EjgjemNEcjY QlXt7i7c+E1l9on2H+pnlRzv2/x88qPhQ++7PrD9vWUaeCtRJA2fyHFVWmmbdsplTPUCWR7 xNxN9KsJWPp8ssS6S1zRQ== X-UI-Out-Filterresults: notjunk:1;V01:K0:gjT/O9ww4Eg=:BocJOxim9pDXrj4Y7bG/wX CrY9/kFNUiR+vqcCKrLLNNjDi5iAQvB02Gy4J3Js6jnvrw1asHFeHvAApp58/tRbt+7Bu+iK1 56Ga3WwrSWsJJY4vguxxKpZuDZ5RVG5bOkCJhIUZpGu8w0W9TEkJAQRNQ9Wzi2MxeAlAsIzvU nEHkD1lswLwicm3aGSq5ZOTKkbRz9JOHGhJbtmISinavRN3dNBtbkjn+27YnfZnqeLpPYmpKQ fI/GUoIgI/BeszAObfO67lFQ8QDoxPkI/F7z5xGNTLWNCLYJckv7O7XJopbfXVJbbs8N0n290 0z9pl610PRAXZsqB0QUg+UczSuGZPlIFjDrNu0JoNveCeOM+nx2PmWNPPUlby2zt+WSgA0+7a zrSYg3zpoMvm1vnOQT3cof768tt/rKEkznqZDLt0Aa8PXtINarj1rlANW7v/xMXjDlOJhGQRn s2NuBhLdbwfRLnP6HhKMwbbMVnWy3rq2bBmvVLv3c18jEXw6DdpMeSQyyl2KupSXmWsDggDuw HrDiQcW7uA+rC8XNSAGnP7OV5UjgYE+sgqAKwqSUAmTlohimIeOai8BZYhNuOw4oPIMysv70C A+XK+NUTFVM23nGkZ6+1GFvAQQXHHXGjMxGMhdC+MwBbJS8a3XwMkD88kOo7JvpzAEOWPjuFA Dsc3JyfiQxMIdFHKO79DnBttQarpUMK16goJEcTo2Zg7LLgmOEiIPQ8kdvDV/9uu0zL8= Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org gcc points out an uninialized pointer dereference that could happen if we ever get to recv_ishtp_cl_msg_dma() or recv_ishtp_cl_msg() with an empty &dev->read_list: drivers/hid/intel-ish-hid/ishtp/client.c: In function 'recv_ishtp_cl_msg_dma': drivers/hid/intel-ish-hid/ishtp/client.c:1049:3: error: 'cl' may be used uninitialized in this function [-Werror=maybe-uninitialized] The warning only appeared in very few randconfig builds, as the spinlocks tend to prevent gcc from tracing the variables. I only saw it in configurations that had neither SMP nor LOCKDEP enabled. As we can see, we only enter the case if 'complete_rb' is non-NULL, and then 'cl' is known to point to complete_rb->cl. Adding another initialization to the same pointer is harmless here and makes it clear to the compiler that the behavior is well-defined. Signed-off-by: Arnd Bergmann --- drivers/hid/intel-ish-hid/ishtp/client.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/hid/intel-ish-hid/ishtp/client.c b/drivers/hid/intel-ish-hid/ishtp/client.c index aad61328f282..78d393e616a4 100644 --- a/drivers/hid/intel-ish-hid/ishtp/client.c +++ b/drivers/hid/intel-ish-hid/ishtp/client.c @@ -925,6 +925,7 @@ void recv_ishtp_cl_msg(struct ishtp_device *dev, } if (complete_rb) { + cl = complete_rb->cl; getnstimeofday(&cl->ts_rx); ++cl->recv_msg_cnt_ipc; ishtp_cl_read_complete(complete_rb); @@ -1045,6 +1046,7 @@ void recv_ishtp_cl_msg_dma(struct ishtp_device *dev, void *msg, } if (complete_rb) { + cl = complete_rb->cl; getnstimeofday(&cl->ts_rx); ++cl->recv_msg_cnt_dma; ishtp_cl_read_complete(complete_rb); -- 2.9.0