mtd: spi-nor: stm32-quadspi: avoid unintialized return code

Message ID	20170914110709.3591691-1-arnd@arndb.de
State	Superseded
Delegated to:	Cyrille Pitchen
Headers	show Return-Path: <linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> From: Arnd Bergmann <arnd@arndb.de> To: Cyrille Pitchen <cyrille.pitchen@wedev4u.fr>, Marek Vasut <marek.vasut@gmail.com> Subject: [PATCH] mtd: spi-nor: stm32-quadspi: avoid unintialized return code Date: Thu, 14 Sep 2017 13:06:59 +0200 Message-Id: <20170914110709.3591691-1-arnd@arndb.de> MIME-Version: 1.0 summary: Content analysis details: (-4.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.5 RCVD_IN_SORBS_SPAM RBL: SORBS: sender is a spam source [217.72.192.74 listed in dnsbl.sorbs.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [217.72.192.74 listed in list.dnswl.org] -2.8 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [217.72.192.74 listed in wl.mailspike.net] -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] Precedence: list Cc: Boris Brezillon <boris.brezillon@free-electrons.com>, Alexandre Torgue <alexandre.torgue@st.com>, Arnd Bergmann <arnd@arndb.de>, Richard Weinberger <richard@nod.at>, linux-kernel@vger.kernel.org, linux-mtd@lists.infradead.org, linux-arm-kernel@lists.infradead.org, Maxime Coquelin <mcoquelin.stm32@gmail.com>, Brian Norris <computersforpeace@gmail.com>, David Woodhouse <dwmw2@infradead.org>, Ludovic Barre <ludovic.barre@st.com> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "linux-mtd" <linux-mtd-bounces@lists.infradead.org> Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
Series	mtd: spi-nor: stm32-quadspi: avoid unintialized return code \| expand mtd: spi-nor: stm32-quadspi: avoid unintialized return code

Arnd Bergmann Sept. 14, 2017, 11:06 a.m. UTC

If we send zero-length data to stm32_qspi_tx_poll() on older
compiler versions such as gcc-4.6, we get warned that the
return code is uninitialized:

drivers/mtd/spi-nor/stm32-quadspi.c:248:2: error: ‘ret’ may be used uninitialized in this function [-Werror=uninitialized]

On newer compiler versions, the return code is always zero
in this case, as the local variable gets optimized away and
is assumed to be zero after the loop completes without error.

This changes the function to instead return -EINVAL if it
ever gets called with a zero length buffer.

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82203
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
 drivers/mtd/spi-nor/stm32-quadspi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Ludovic Barre Sept. 14, 2017, 12:38 p.m. UTC | #1

hi Arnd

thx Arnd for compilation warning (gcc <= 4.6)

Acked-by: Ludovic Barre <ludovic.barre@st.com>

PS: at runtime stm32_qspi_tx_poll can't be call,
because stm32_qspi_tx check if there is tx data available
	if (!cmd->tx_data)
		return 0;

BR
Ludo

On 09/14/2017 01:06 PM, Arnd Bergmann wrote:
> If we send zero-length data to stm32_qspi_tx_poll() on older
> compiler versions such as gcc-4.6, we get warned that the
> return code is uninitialized:
> 
> drivers/mtd/spi-nor/stm32-quadspi.c:248:2: error: ‘ret’ may be used uninitialized in this function [-Werror=uninitialized]
> 
> On newer compiler versions, the return code is always zero
> in this case, as the local variable gets optimized away and
> is assumed to be zero after the loop completes without error.
> 
> This changes the function to instead return -EINVAL if it
> ever gets called with a zero length buffer.
> 
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82203
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> ---
>   drivers/mtd/spi-nor/stm32-quadspi.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/mtd/spi-nor/stm32-quadspi.c b/drivers/mtd/spi-nor/stm32-quadspi.c
> index 86c0931543c5..711cfe7aa4bf 100644
> --- a/drivers/mtd/spi-nor/stm32-quadspi.c
> +++ b/drivers/mtd/spi-nor/stm32-quadspi.c
> @@ -227,7 +227,7 @@ static int stm32_qspi_tx_poll(struct stm32_qspi *qspi,
>   	void (*tx_fifo)(u8 *, void __iomem *);
>   	u32 len = cmd->len, sr;
>   	u8 *buf = cmd->buf;
> -	int ret;
> +	int ret = -EINVAL;
>   
>   	if (cmd->qspimode == CCR_FMODE_INDW)
>   		tx_fifo = stm32_qspi_write_fifo;
>

Geert Uytterhoeven Sept. 14, 2017, 1:38 p.m. UTC | #2

Hi Arnd,

On Thu, Sep 14, 2017 at 1:06 PM, Arnd Bergmann <arnd@arndb.de> wrote:
> If we send zero-length data to stm32_qspi_tx_poll() on older
> compiler versions such as gcc-4.6, we get warned that the
> return code is uninitialized:
>
> drivers/mtd/spi-nor/stm32-quadspi.c:248:2: error: ‘ret’ may be used uninitialized in this function [-Werror=uninitialized]
>
> On newer compiler versions, the return code is always zero
> in this case, as the local variable gets optimized away and
> is assumed to be zero after the loop completes without error.
>
> This changes the function to instead return -EINVAL if it
> ever gets called with a zero length buffer.
>
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82203
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> ---
>  drivers/mtd/spi-nor/stm32-quadspi.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/mtd/spi-nor/stm32-quadspi.c b/drivers/mtd/spi-nor/stm32-quadspi.c
> index 86c0931543c5..711cfe7aa4bf 100644
> --- a/drivers/mtd/spi-nor/stm32-quadspi.c
> +++ b/drivers/mtd/spi-nor/stm32-quadspi.c
> @@ -227,7 +227,7 @@ static int stm32_qspi_tx_poll(struct stm32_qspi *qspi,
>         void (*tx_fifo)(u8 *, void __iomem *);
>         u32 len = cmd->len, sr;
>         u8 *buf = cmd->buf;
> -       int ret;
> +       int ret = -EINVAL;
>
>         if (cmd->qspimode == CCR_FMODE_INDW)
>                 tx_fifo = stm32_qspi_write_fifo;

See also "[PATCH] mtd: spi-nor: stm32-quadspi: Fix uninitialized error
return code"
(https://patchwork.kernel.org/patch/9842173/)

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Ludovic Barre Sept. 14, 2017, 3:13 p.m. UTC | #3

hi Arnd, Geert



On 09/14/2017 03:38 PM, Geert Uytterhoeven wrote:
> Hi Arnd,
> 
> On Thu, Sep 14, 2017 at 1:06 PM, Arnd Bergmann <arnd@arndb.de> wrote:
>> If we send zero-length data to stm32_qspi_tx_poll() on older
>> compiler versions such as gcc-4.6, we get warned that the
>> return code is uninitialized:
>>
>> drivers/mtd/spi-nor/stm32-quadspi.c:248:2: error: ‘ret’ may be used uninitialized in this function [-Werror=uninitialized]
>>
>> On newer compiler versions, the return code is always zero
>> in this case, as the local variable gets optimized away and
>> is assumed to be zero after the loop completes without error.
>>
>> This changes the function to instead return -EINVAL if it
>> ever gets called with a zero length buffer.
>>
>> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82203
>> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
>> ---
>>   drivers/mtd/spi-nor/stm32-quadspi.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/mtd/spi-nor/stm32-quadspi.c b/drivers/mtd/spi-nor/stm32-quadspi.c
>> index 86c0931543c5..711cfe7aa4bf 100644
>> --- a/drivers/mtd/spi-nor/stm32-quadspi.c
>> +++ b/drivers/mtd/spi-nor/stm32-quadspi.c
>> @@ -227,7 +227,7 @@ static int stm32_qspi_tx_poll(struct stm32_qspi *qspi,
>>          void (*tx_fifo)(u8 *, void __iomem *);
>>          u32 len = cmd->len, sr;
>>          u8 *buf = cmd->buf;
>> -       int ret;
>> +       int ret = -EINVAL;
>>
>>          if (cmd->qspimode == CCR_FMODE_INDW)
>>                  tx_fifo = stm32_qspi_write_fifo;
> 
> See also "[PATCH] mtd: spi-nor: stm32-quadspi: Fix uninitialized error
> return code"
> (https://patchwork.kernel.org/patch/9842173/)
hi Arnd, Geert

sorry, I was forgot this thread while my holidays

Geert: what do you mean like "similar bugs in the future" in "If you 
initialized ret at the beginning, you lose the ability to catch newly
introduced similar bugs in the future."

> 
> Gr{oetje,eeting}s,
> 
>                          Geert
> 
> --
> Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
> 
> In personal conversations with technical people, I call myself a hacker. But
> when I'm talking to journalists I just say "programmer" or something like that.
>                                  -- Linus Torvalds
>

Geert Uytterhoeven Sept. 14, 2017, 3:24 p.m. UTC | #4

Hi Ludovic,

On Thu, Sep 14, 2017 at 5:13 PM, Ludovic BARRE <ludovic.barre@st.com> wrote:
> On 09/14/2017 03:38 PM, Geert Uytterhoeven wrote:
>> On Thu, Sep 14, 2017 at 1:06 PM, Arnd Bergmann <arnd@arndb.de> wrote:
>>> If we send zero-length data to stm32_qspi_tx_poll() on older
>>> compiler versions such as gcc-4.6, we get warned that the
>>> return code is uninitialized:
>>>
>>> drivers/mtd/spi-nor/stm32-quadspi.c:248:2: error: ‘ret’ may be used
>>> uninitialized in this function [-Werror=uninitialized]
>>>
>>> On newer compiler versions, the return code is always zero
>>> in this case, as the local variable gets optimized away and
>>> is assumed to be zero after the loop completes without error.
>>>
>>> This changes the function to instead return -EINVAL if it
>>> ever gets called with a zero length buffer.
>>>
>>> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82203
>>> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
>>> ---
>>>   drivers/mtd/spi-nor/stm32-quadspi.c | 2 +-
>>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/mtd/spi-nor/stm32-quadspi.c
>>> b/drivers/mtd/spi-nor/stm32-quadspi.c
>>> index 86c0931543c5..711cfe7aa4bf 100644
>>> --- a/drivers/mtd/spi-nor/stm32-quadspi.c
>>> +++ b/drivers/mtd/spi-nor/stm32-quadspi.c
>>> @@ -227,7 +227,7 @@ static int stm32_qspi_tx_poll(struct stm32_qspi
>>> *qspi,
>>>          void (*tx_fifo)(u8 *, void __iomem *);
>>>          u32 len = cmd->len, sr;
>>>          u8 *buf = cmd->buf;
>>> -       int ret;
>>> +       int ret = -EINVAL;
>>>
>>>          if (cmd->qspimode == CCR_FMODE_INDW)
>>>                  tx_fifo = stm32_qspi_write_fifo;
>>
>>
>> See also "[PATCH] mtd: spi-nor: stm32-quadspi: Fix uninitialized error
>> return code"
>> (https://patchwork.kernel.org/patch/9842173/)
>
> hi Arnd, Geert
>
> sorry, I was forgot this thread while my holidays
>
> Geert: what do you mean like "similar bugs in the future" in "If you
> initialized ret at the beginning, you lose the ability to catch newly
> introduced similar bugs in the future."

If you pre-initialize ret at the top, you loose the ability of the compiler
to detect at compile-time if ret is never written to later. It will just return
-EINVAL at runtime.

With my version, if the code is modified later and another "return ret" is
added, the compiler will detect if there's a code path that forgets
to assign a value to ret.

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Ludovic Barre Sept. 14, 2017, 4:55 p.m. UTC | #5

On 09/14/2017 05:24 PM, Geert Uytterhoeven wrote:
> Hi Ludovic,
> 
> On Thu, Sep 14, 2017 at 5:13 PM, Ludovic BARRE <ludovic.barre@st.com> wrote:
>> On 09/14/2017 03:38 PM, Geert Uytterhoeven wrote:
>>> On Thu, Sep 14, 2017 at 1:06 PM, Arnd Bergmann <arnd@arndb.de> wrote:
>>>> If we send zero-length data to stm32_qspi_tx_poll() on older
>>>> compiler versions such as gcc-4.6, we get warned that the
>>>> return code is uninitialized:
>>>>
>>>> drivers/mtd/spi-nor/stm32-quadspi.c:248:2: error: ‘ret’ may be used
>>>> uninitialized in this function [-Werror=uninitialized]
>>>>
>>>> On newer compiler versions, the return code is always zero
>>>> in this case, as the local variable gets optimized away and
>>>> is assumed to be zero after the loop completes without error.
>>>>
>>>> This changes the function to instead return -EINVAL if it
>>>> ever gets called with a zero length buffer.
>>>>
>>>> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82203
>>>> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
>>>> ---
>>>>    drivers/mtd/spi-nor/stm32-quadspi.c | 2 +-
>>>>    1 file changed, 1 insertion(+), 1 deletion(-)
>>>>
>>>> diff --git a/drivers/mtd/spi-nor/stm32-quadspi.c
>>>> b/drivers/mtd/spi-nor/stm32-quadspi.c
>>>> index 86c0931543c5..711cfe7aa4bf 100644
>>>> --- a/drivers/mtd/spi-nor/stm32-quadspi.c
>>>> +++ b/drivers/mtd/spi-nor/stm32-quadspi.c
>>>> @@ -227,7 +227,7 @@ static int stm32_qspi_tx_poll(struct stm32_qspi
>>>> *qspi,
>>>>           void (*tx_fifo)(u8 *, void __iomem *);
>>>>           u32 len = cmd->len, sr;
>>>>           u8 *buf = cmd->buf;
>>>> -       int ret;
>>>> +       int ret = -EINVAL;
>>>>
>>>>           if (cmd->qspimode == CCR_FMODE_INDW)
>>>>                   tx_fifo = stm32_qspi_write_fifo;
>>>
>>>
>>> See also "[PATCH] mtd: spi-nor: stm32-quadspi: Fix uninitialized error
>>> return code"
>>> (https://patchwork.kernel.org/patch/9842173/)
>>
>> hi Arnd, Geert
>>
>> sorry, I was forgot this thread while my holidays
>>
>> Geert: what do you mean like "similar bugs in the future" in "If you
>> initialized ret at the beginning, you lose the ability to catch newly
>> introduced similar bugs in the future."
> 
> If you pre-initialize ret at the top, you loose the ability of the compiler
> to detect at compile-time if ret is never written to later. It will just return
> -EINVAL at runtime.
> 
> With my version, if the code is modified later and another "return ret" is
> added, the compiler will detect if there's a code path that forgets
> to assign a value to ret.
Ok, it's clear for me.
I favor geert's solution.
Arnd what do you think ?

> 
> Gr{oetje,eeting}s,
> 
>                          Geert
> 
> --
> Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
> 
> In personal conversations with technical people, I call myself a hacker. But
> when I'm talking to journalists I just say "programmer" or something like that.
>                                  -- Linus Torvalds
>

Arnd Bergmann Sept. 14, 2017, 9:38 p.m. UTC | #6

On Thu, Sep 14, 2017 at 6:55 PM, Ludovic BARRE <ludovic.barre@st.com> wrote:
>
>
> On 09/14/2017 05:24 PM, Geert Uytterhoeven wrote:
>>
>> Hi Ludovic,
>>
>> On Thu, Sep 14, 2017 at 5:13 PM, Ludovic BARRE <ludovic.barre@st.com>
>> wrote:
>>>
>>> On 09/14/2017 03:38 PM, Geert Uytterhoeven wrote:
>>>
>>> hi Arnd, Geert
>>>
>>> sorry, I was forgot this thread while my holidays
>>>
>>> Geert: what do you mean like "similar bugs in the future" in "If you
>>> initialized ret at the beginning, you lose the ability to catch newly
>>> introduced similar bugs in the future."
>>
>>
>> If you pre-initialize ret at the top, you loose the ability of the
>> compiler
>> to detect at compile-time if ret is never written to later. It will just
>> return
>> -EINVAL at runtime.
>>
>> With my version, if the code is modified later and another "return ret" is
>> added, the compiler will detect if there's a code path that forgets
>> to assign a value to ret.
>
> Ok, it's clear for me.
> I favor geert's solution.
> Arnd what do you think ?

I usually follow the same rule that Geert explained (and quote
https://rusty.ozlabs.org/?p=232 when I do so). In this case, there
did not seem to be much value as the variable is not used
afterwards, and I kept the 'single return statement' guideline.

In the end, either version seems totally fine to me here, so
please use Geert's if you prefer that.

        Arnd

Ludovic Barre Sept. 15, 2017, 7:59 a.m. UTC | #7

On 09/14/2017 11:38 PM, Arnd Bergmann wrote:
> On Thu, Sep 14, 2017 at 6:55 PM, Ludovic BARRE <ludovic.barre@st.com> wrote:
>>
>>
>> On 09/14/2017 05:24 PM, Geert Uytterhoeven wrote:
>>>
>>> Hi Ludovic,
>>>
>>> On Thu, Sep 14, 2017 at 5:13 PM, Ludovic BARRE <ludovic.barre@st.com>
>>> wrote:
>>>>
>>>> On 09/14/2017 03:38 PM, Geert Uytterhoeven wrote:
>>>>
>>>> hi Arnd, Geert
>>>>
>>>> sorry, I was forgot this thread while my holidays
>>>>
>>>> Geert: what do you mean like "similar bugs in the future" in "If you
>>>> initialized ret at the beginning, you lose the ability to catch newly
>>>> introduced similar bugs in the future."
>>>
>>>
>>> If you pre-initialize ret at the top, you loose the ability of the
>>> compiler
>>> to detect at compile-time if ret is never written to later. It will just
>>> return
>>> -EINVAL at runtime.
>>>
>>> With my version, if the code is modified later and another "return ret" is
>>> added, the compiler will detect if there's a code path that forgets
>>> to assign a value to ret.
>>
>> Ok, it's clear for me.
>> I favor geert's solution.
>> Arnd what do you think ?
> 
> I usually follow the same rule that Geert explained (and quote
> https://rusty.ozlabs.org/?p=232 when I do so). In this case, there
> did not seem to be much value as the variable is not used
> afterwards, and I kept the 'single return statement' guideline.
> 
> In the end, either version seems totally fine to me here, so
> please use Geert's if you prefer that.

thank Arnd for your answer, great link :-)
we take geert's patch.

Geert: I will acked your patch.

thanks everybody
> 
>          Arnd
>

mtd: spi-nor: stm32-quadspi: avoid unintialized return code

Commit Message

Comments

Patch