In function regmap_read(), there're two places which could make the read fail.
First, if "reg" and "map->reg_stride" are not aligned, then remap_read() will
return -EINVAL without initialize variable "val".
Second, _regmap_read() could also fail and return error code if "val" is not
initialized. The caller remap_read() returns the same error code, but
at91rm9200_timer_interrupt() does not use this information.
On Mon, Sep 2, 2019 at 3:37 PM Alexandre Belloni
<alexandre.bell...@bootlin.com> wrote:
>
> On 02/09/2019 15:29:46-0700, Yizhuo wrote:
> > Inside function at91rm9200_timer_interrupt(), variable sr could
> > be uninitialized if regmap_read() fails. However, sr is used
>
> Could you elaborate on how this could fail?
>
> > to decide the control flow later in the if statement, which is
> > potentially unsafe. We could check the return value of
> > regmap_read() and print an error here.
> >
> > Signed-off-by: Yizhuo <yzhai...@ucr.edu>
> > ---
> > drivers/clocksource/timer-atmel-st.c | 8 +++++++-
> > 1 file changed, 7 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/clocksource/timer-atmel-st.c
> > b/drivers/clocksource/timer-atmel-st.c
> > index ab0aabfae5f0..061a3f27847e 100644
> > --- a/drivers/clocksource/timer-atmel-st.c
> > +++ b/drivers/clocksource/timer-atmel-st.c
> > @@ -48,8 +48,14 @@ static inline unsigned long read_CRTR(void)
> > static irqreturn_t at91rm9200_timer_interrupt(int irq, void *dev_id)
> > {
> > u32 sr;
> > + int ret;
> > +
> > + ret = regmap_read(regmap_st, AT91_ST_SR, &sr);
> > + if (ret) {
> > + pr_err("Fail to read AT91_ST_SR.\n");
> > + return ret;
> > + }
> >
> > - regmap_read(regmap_st, AT91_ST_SR, &sr);
> > sr &= irqmask;
> >
> > /*
> > --
> > 2.17.1
> >
>
> --
> Alexandre Belloni, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com
--
Kind Regards,
Yizhuo Zhai
Computer Science, Graduate Student
University of California, Riverside
