Patchwork sata_sil: fix uninitialized variable use when sil_scr_read() fails

login
register
mail settings
Submitter Yoichi Yuasa
Date Oct. 20, 2009, 6:34 a.m.
Message ID <20091020153456.9104e044.yuasa@linux-mips.org>
Download mbox | patch
Permalink /patch/36436/
State Not Applicable
Delegated to: David Miller
Headers show

Comments

Yoichi Yuasa - Oct. 20, 2009, 6:34 a.m.
Signed-off-by: Yoichi Yuasa <yuasa@linux-mips.org>

---
 drivers/ata/sata_sil.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
Tejun Heo - Oct. 21, 2009, 5 a.m.
Yoichi Yuasa wrote:
> Signed-off-by: Yoichi Yuasa <yuasa@linux-mips.org>
> 
> ---
>  drivers/ata/sata_sil.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/drivers/ata/sata_sil.c b/drivers/ata/sata_sil.c
> index 3cb69d5..d7fff6b 100644
> --- a/drivers/ata/sata_sil.c
> +++ b/drivers/ata/sata_sil.c
> @@ -439,7 +439,7 @@ static void sil_host_intr(struct ata_port *ap, u32 bmdma2)
>  	u8 status;
>  
>  	if (unlikely(bmdma2 & SIL_DMA_SATA_IRQ)) {
> -		u32 serror;
> +		u32 serror = 0;

The first usage of that is

  sil_scr_read(&ap->link, SCR_ERROR, &serror);

which sets the value.  So, I don't think the patch is necessary.  If
it triggers a compile warning, putting uninitialized_var() macro will
be more appropriate.

Thanks.
Yoichi Yuasa - Oct. 22, 2009, 12:17 a.m.
Hi Tejun,

2009/10/21 Tejun Heo <tj@kernel.org>:
> Yoichi Yuasa wrote:
>> Signed-off-by: Yoichi Yuasa <yuasa@linux-mips.org>
>>
>> ---
>>  drivers/ata/sata_sil.c |    2 +-
>>  1 files changed, 1 insertions(+), 1 deletions(-)
>>
>> diff --git a/drivers/ata/sata_sil.c b/drivers/ata/sata_sil.c
>> index 3cb69d5..d7fff6b 100644
>> --- a/drivers/ata/sata_sil.c
>> +++ b/drivers/ata/sata_sil.c
>> @@ -439,7 +439,7 @@ static void sil_host_intr(struct ata_port *ap, u32 bmdma2)
>>       u8 status;
>>
>>       if (unlikely(bmdma2 & SIL_DMA_SATA_IRQ)) {
>> -             u32 serror;
>> +             u32 serror = 0;
>
> The first usage of that is
>
>  sil_scr_read(&ap->link, SCR_ERROR, &serror);
>
> which sets the value.  So, I don't think the patch is necessary.  If
> it triggers a compile warning, putting uninitialized_var() macro will
> be more appropriate.

If sil_scr_read() is error, 'serror' is not initialized.
After that, the wrong bits add to 'ap->link.eh_info.serror' when
'serror & SERR_PHYRDT_CHG' is true.

Yoichi
--
To unsubscribe from this list: send the line "unsubscribe linux-ide" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Tejun Heo - Oct. 26, 2009, 3:12 p.m.
Yuasa Yoichi wrote:
>> The first usage of that is
>>
>>  sil_scr_read(&ap->link, SCR_ERROR, &serror);
>>
>> which sets the value.  So, I don't think the patch is necessary.  If
>> it triggers a compile warning, putting uninitialized_var() macro will
>> be more appropriate.
> 
> If sil_scr_read() is error, 'serror' is not initialized.
> After that, the wrong bits add to 'ap->link.eh_info.serror' when
> 'serror & SERR_PHYRDT_CHG' is true.

On the controller, sil_scr_read(SCR_ERROR) can never fail.  If it ever
fails, the whole thing will break anyway.

Thanks.
Yoichi Yuasa - Oct. 27, 2009, 1:37 a.m.
On Mon, 26 Oct 2009 16:12:43 +0100
Tejun Heo <tj@kernel.org> wrote:

> Yuasa Yoichi wrote:
> >> The first usage of that is
> >>
> >>  sil_scr_read(&ap->link, SCR_ERROR, &serror);
> >>
> >> which sets the value.  So, I don't think the patch is necessary.  If
> >> it triggers a compile warning, putting uninitialized_var() macro will
> >> be more appropriate.
> > 
> > If sil_scr_read() is error, 'serror' is not initialized.
> > After that, the wrong bits add to 'ap->link.eh_info.serror' when
> > 'serror & SERR_PHYRDT_CHG' is true.
> 
> On the controller, sil_scr_read(SCR_ERROR) can never fail.  If it ever
> fails, the whole thing will break anyway.

OK, I got it.

Thanks,

Yoichi
--
To unsubscribe from this list: send the line "unsubscribe linux-ide" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/drivers/ata/sata_sil.c b/drivers/ata/sata_sil.c
index 3cb69d5..d7fff6b 100644
--- a/drivers/ata/sata_sil.c
+++ b/drivers/ata/sata_sil.c
@@ -439,7 +439,7 @@  static void sil_host_intr(struct ata_port *ap, u32 bmdma2)
 	u8 status;
 
 	if (unlikely(bmdma2 & SIL_DMA_SATA_IRQ)) {
-		u32 serror;
+		u32 serror = 0;
 
 		/* SIEN doesn't mask SATA IRQs on some 3112s.  Those
 		 * controllers continue to assert IRQ as long as