On Fri, Feb 15, 2019 at 10:24:22AM +0100, Nicholas Mc Guire wrote: > The kzalloc() in halmac_parse_psd_data_88xx() can fail and return NULL > so check the psd_set->data after allocation and if allocation failed > return HALMAC_CMD_PROCESS_ERROR. > > Signed-off-by: Nicholas Mc Guire <hof...@osadl.org> > Fixes: 938a0447f094 ("staging: r8822be: Add code for halmac sub-drive") > --- > > Problem was located with an experimental coccinelle script > > Patch was compile tested with: x86_64_defconfig + STAGING=y, > R8822BE=m > (with a smatch error that looks like a false-positive > > CHECK drivers/staging/rtlwifi/halmac/halmac_88xx/halmac_func_88xx.c > drivers/staging/rtlwifi/halmac/halmac_88xx/halmac_func_88xx.c:624 > halmac_func_write_logical_efuse_88xx() error: uninitialized symbol > 'pg_efuse_header2'. > CC [M] drivers/staging/rtlwifi/halmac/halmac_88xx/halmac_func_88xx.o > > as the initialization of pg_efuse_header2 is under the same if condition > (line 592) as the > use at line 624 it is initialized) >
Hm... That's tricky code for Smatch to parse. drivers/staging/rtlwifi/halmac/halmac_88xx/halmac_func_88xx.c 592 if (offset > 0x7f) { 593 pg_efuse_header = 594 (((pg_block & 0x07) << 5) & 0xE0) | 0x0F; 595 pg_efuse_header2 = ^^^^^^^^^^^^^^^^^^ pg_efuse_header2 is only intialized on this path. 596 (u8)(((pg_block & 0x78) << 1) + 597 ((0x1 << pg_block_index) ^ 0x0F)); 598 } else { 599 pg_efuse_header = 600 (u8)((pg_block << 4) + 601 ((0x01 << pg_block_index) ^ 0x0F)); 602 } 603 604 if ((offset & 1) == 0) { ^^^^^^^^^^^^^^^^^ But this condition confuses Smatch. Smatch marks it as saying that offset is non-zero on this size. 605 pg_efuse_byte1 = value; 606 pg_efuse_byte2 = *(eeprom_map + offset + 1); 607 } else { And this side offset = 0-0x7e. 608 pg_efuse_byte1 = *(eeprom_map + offset - 1); 609 pg_efuse_byte2 = value; 610 } 611 612 if (offset > 0x7f) { ^^^^^^^^^^^^^ So it doesn't parse this condition correctly. 613 pg_efuse_num = 4; 614 if (halmac_adapter->hw_config_info.efuse_size <= 615 (pg_efuse_num + HALMAC_PROTECTED_EFUSE_SIZE_88XX + 616 halmac_adapter->efuse_end)) { 617 kfree(eeprom_map); 618 return HALMAC_RET_EFUSE_NOT_ENOUGH; 619 } 620 halmac_func_write_efuse_88xx(halmac_adapter, efuse_end, 621 pg_efuse_header); 622 halmac_func_write_efuse_88xx(halmac_adapter, 623 efuse_end + 1, 624 pg_efuse_header2); ^^^^^^^^^^^^^^^^ And it warns here. 625 halmac_func_write_efuse_88xx( 626 halmac_adapter, efuse_end + 2, pg_efuse_byte1); 627 status = halmac_func_write_efuse_88xx( 628 halmac_adapter, efuse_end + 3, pg_efuse_byte2); It should be possible to fix this false positive... It's just a matter of doing the work. regards, dan carpenter _______________________________________________ devel mailing list de...@linuxdriverproject.org http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel