Skip to content

Commit

Permalink
HID: intel_ish-hid: fix potential uninitialized data usage
Browse files Browse the repository at this point in the history
gcc points out an uninialized pointer dereference that could happen
if we ever get to recv_ishtp_cl_msg_dma() or recv_ishtp_cl_msg()
with an empty &dev->read_list:

drivers/hid/intel-ish-hid/ishtp/client.c: In function 'recv_ishtp_cl_msg_dma':
drivers/hid/intel-ish-hid/ishtp/client.c:1049:3: error: 'cl' may be used uninitialized in this function [-Werror=maybe-uninitialized]

The warning only appeared in very few randconfig builds, as the
spinlocks tend to prevent gcc from tracing the variables. I only
saw it in configurations that had neither SMP nor LOCKDEP enabled.

As we can see, we only enter the case if 'complete_rb' is non-NULL,
and then 'cl' is known to point to complete_rb->cl. Adding another
initialization to the same pointer is harmless here and makes it
clear to the compiler that the behavior is well-defined.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
  • Loading branch information
Arnd Bergmann authored and Jiri Kosina committed May 30, 2017
1 parent 7af4c72 commit 1260662
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions drivers/hid/intel-ish-hid/ishtp/client.c
Original file line number Diff line number Diff line change
@@ -925,6 +925,7 @@ void recv_ishtp_cl_msg(struct ishtp_device *dev,
}

if (complete_rb) {
cl = complete_rb->cl;
getnstimeofday(&cl->ts_rx);
++cl->recv_msg_cnt_ipc;
ishtp_cl_read_complete(complete_rb);
@@ -1045,6 +1046,7 @@ void recv_ishtp_cl_msg_dma(struct ishtp_device *dev, void *msg,
}

if (complete_rb) {
cl = complete_rb->cl;
getnstimeofday(&cl->ts_rx);
++cl->recv_msg_cnt_dma;
ishtp_cl_read_complete(complete_rb);

0 comments on commit 1260662

Please sign in to comment.