[PATCH 3.16 120/132] media: smsusb: better handle optional alignment

[Ben Hutchings]

3.16.74-rc1 review patch.  If anyone has any objections, please let me know.

------------------

From: Mauro Carvalho Chehab <mchehab+sams...@kernel.org>

commit a47686636d84eaec5c9c6e84bd5f96bed34d526d upstream.

Most Siano devices require an alignment for the response.

Changeset f3be52b0056a ("media: usb: siano: Fix general protection fault in 
smsusb")
changed the logic with gets such aligment, but it now produces a
sparce warning:

drivers/media/usb/siano/smsusb.c: In function 'smsusb_init_device':
drivers/media/usb/siano/smsusb.c:447:37: warning: 'in_maxp' may be used 
uninitialized in this function [-Wmaybe-uninitialized]
  447 |   dev->response_alignment = in_maxp - sizeof(struct sms_msg_hdr);
      |                             ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~

The sparse message itself is bogus, but a broken (or fake) USB
eeprom could produce a negative value for response_alignment.

So, change the code in order to check if the result is not
negative.

Fixes: 31e0456de5be ("media: usb: siano: Fix general protection fault in 
smsusb")
Signed-off-by: Mauro Carvalho Chehab <mchehab+sams...@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
---
 drivers/media/usb/siano/smsusb.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

--- a/drivers/media/usb/siano/smsusb.c
+++ b/drivers/media/usb/siano/smsusb.c
@@ -359,7 +359,7 @@ static int smsusb_init_device(struct usb
        struct smsdevice_params_t params;
        struct smsusb_device_t *dev;
        int i, rc;
-       int in_maxp = 0;
+       int align = 0;
 
        /* create device object */
        dev = kzalloc(sizeof(struct smsusb_device_t), GFP_KERNEL);
@@ -379,14 +379,14 @@ static int smsusb_init_device(struct usb
 
                if (desc->bEndpointAddress & USB_DIR_IN) {
                        dev->in_ep = desc->bEndpointAddress;
-                       in_maxp = usb_endpoint_maxp(desc);
+                       align = usb_endpoint_maxp(desc) - sizeof(struct 
sms_msg_hdr);
                } else {
                        dev->out_ep = desc->bEndpointAddress;
                }
        }
 
        pr_debug("in_ep = %02x, out_ep = %02x\n", dev->in_ep, dev->out_ep);
-       if (!dev->in_ep || !dev->out_ep) {      /* Missing endpoints? */
+       if (!dev->in_ep || !dev->out_ep || align < 0) {  /* Missing endpoints? 
*/
                smsusb_term_device(intf);
                return -ENODEV;
        }
@@ -405,7 +405,7 @@ static int smsusb_init_device(struct usb
                /* fall-thru */
        default:
                dev->buffer_size = USB2_BUFFER_SIZE;
-               dev->response_alignment = in_maxp - sizeof(struct sms_msg_hdr);
+               dev->response_alignment = align;
 
                params.flags |= SMS_DEVICE_FAMILY2;
                break;