Re: [PATCH] clocksource: atmel-st: Variable sr in at91rm9200_timer_interrupt() could be uninitialized
On 02/09/2019 22:56:48-0700, Yizhuo Zhai wrote: > In function regmap_read(), there're two places which could make the read > fail. > > First, if "reg" and "map->reg_stride" are not aligned, then remap_read() will > return -EINVAL without initialize variable "val". > A quick look at of_syscon_register would show you that this is not possible. > Second, _regmap_read() could also fail and return error code if "val" is not > initialized. The caller remap_read() returns the same error code, but > at91rm9200_timer_interrupt() does not use this information. > How would _regmap_read fail exactly? > On Mon, Sep 2, 2019 at 3:37 PM Alexandre Belloni > wrote: > > > > On 02/09/2019 15:29:46-0700, Yizhuo wrote: > > > Inside function at91rm9200_timer_interrupt(), variable sr could > > > be uninitialized if regmap_read() fails. However, sr is used > > > > Could you elaborate on how this could fail? > > > > > to decide the control flow later in the if statement, which is > > > potentially unsafe. We could check the return value of > > > regmap_read() and print an error here. > > > > > > Signed-off-by: Yizhuo > > > --- > > > drivers/clocksource/timer-atmel-st.c | 8 +++- > > > 1 file changed, 7 insertions(+), 1 deletion(-) > > > > > > diff --git a/drivers/clocksource/timer-atmel-st.c > > > b/drivers/clocksource/timer-atmel-st.c > > > index ab0aabfae5f0..061a3f27847e 100644 > > > --- a/drivers/clocksource/timer-atmel-st.c > > > +++ b/drivers/clocksource/timer-atmel-st.c > > > @@ -48,8 +48,14 @@ static inline unsigned long read_CRTR(void) > > > static irqreturn_t at91rm9200_timer_interrupt(int irq, void *dev_id) > > > { > > > u32 sr; > > > + int ret; > > > + > > > + ret = regmap_read(regmap_st, AT91_ST_SR, &sr); > > > + if (ret) { > > > + pr_err("Fail to read AT91_ST_SR.\n"); > > > + return ret; > > > + } > > > > > > - regmap_read(regmap_st, AT91_ST_SR, &sr); > > > sr &= irqmask; > > > > > > /* > > > -- > > > 2.17.1 > > > > > > > -- > > Alexandre Belloni, Bootlin > > Embedded Linux and Kernel engineering > > https://bootlin.com > > > > -- > Kind Regards, > > Yizhuo Zhai > > Computer Science, Graduate Student > University of California, Riverside -- Alexandre Belloni, Bootlin Embedded Linux and Kernel engineering https://bootlin.com
Re: [PATCH] clocksource: atmel-st: Variable sr in at91rm9200_timer_interrupt() could be uninitialized
In function regmap_read(), there're two places which could make the read fail. First, if "reg" and "map->reg_stride" are not aligned, then remap_read() will return -EINVAL without initialize variable "val". Second, _regmap_read() could also fail and return error code if "val" is not initialized. The caller remap_read() returns the same error code, but at91rm9200_timer_interrupt() does not use this information. On Mon, Sep 2, 2019 at 3:37 PM Alexandre Belloni wrote: > > On 02/09/2019 15:29:46-0700, Yizhuo wrote: > > Inside function at91rm9200_timer_interrupt(), variable sr could > > be uninitialized if regmap_read() fails. However, sr is used > > Could you elaborate on how this could fail? > > > to decide the control flow later in the if statement, which is > > potentially unsafe. We could check the return value of > > regmap_read() and print an error here. > > > > Signed-off-by: Yizhuo > > --- > > drivers/clocksource/timer-atmel-st.c | 8 +++- > > 1 file changed, 7 insertions(+), 1 deletion(-) > > > > diff --git a/drivers/clocksource/timer-atmel-st.c > > b/drivers/clocksource/timer-atmel-st.c > > index ab0aabfae5f0..061a3f27847e 100644 > > --- a/drivers/clocksource/timer-atmel-st.c > > +++ b/drivers/clocksource/timer-atmel-st.c > > @@ -48,8 +48,14 @@ static inline unsigned long read_CRTR(void) > > static irqreturn_t at91rm9200_timer_interrupt(int irq, void *dev_id) > > { > > u32 sr; > > + int ret; > > + > > + ret = regmap_read(regmap_st, AT91_ST_SR, &sr); > > + if (ret) { > > + pr_err("Fail to read AT91_ST_SR.\n"); > > + return ret; > > + } > > > > - regmap_read(regmap_st, AT91_ST_SR, &sr); > > sr &= irqmask; > > > > /* > > -- > > 2.17.1 > > > > -- > Alexandre Belloni, Bootlin > Embedded Linux and Kernel engineering > https://bootlin.com -- Kind Regards, Yizhuo Zhai Computer Science, Graduate Student University of California, Riverside
Re: [PATCH] clocksource: atmel-st: Variable sr in at91rm9200_timer_interrupt() could be uninitialized
On 02/09/2019 15:29:46-0700, Yizhuo wrote: > Inside function at91rm9200_timer_interrupt(), variable sr could > be uninitialized if regmap_read() fails. However, sr is used Could you elaborate on how this could fail? > to decide the control flow later in the if statement, which is > potentially unsafe. We could check the return value of > regmap_read() and print an error here. > > Signed-off-by: Yizhuo > --- > drivers/clocksource/timer-atmel-st.c | 8 +++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/drivers/clocksource/timer-atmel-st.c > b/drivers/clocksource/timer-atmel-st.c > index ab0aabfae5f0..061a3f27847e 100644 > --- a/drivers/clocksource/timer-atmel-st.c > +++ b/drivers/clocksource/timer-atmel-st.c > @@ -48,8 +48,14 @@ static inline unsigned long read_CRTR(void) > static irqreturn_t at91rm9200_timer_interrupt(int irq, void *dev_id) > { > u32 sr; > + int ret; > + > + ret = regmap_read(regmap_st, AT91_ST_SR, &sr); > + if (ret) { > + pr_err("Fail to read AT91_ST_SR.\n"); > + return ret; > + } > > - regmap_read(regmap_st, AT91_ST_SR, &sr); > sr &= irqmask; > > /* > -- > 2.17.1 > -- Alexandre Belloni, Bootlin Embedded Linux and Kernel engineering https://bootlin.com
[PATCH] clocksource: atmel-st: Variable sr in at91rm9200_timer_interrupt() could be uninitialized
Inside function at91rm9200_timer_interrupt(), variable sr could be uninitialized if regmap_read() fails. However, sr is used to decide the control flow later in the if statement, which is potentially unsafe. We could check the return value of regmap_read() and print an error here. Signed-off-by: Yizhuo --- drivers/clocksource/timer-atmel-st.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/clocksource/timer-atmel-st.c b/drivers/clocksource/timer-atmel-st.c index ab0aabfae5f0..061a3f27847e 100644 --- a/drivers/clocksource/timer-atmel-st.c +++ b/drivers/clocksource/timer-atmel-st.c @@ -48,8 +48,14 @@ static inline unsigned long read_CRTR(void) static irqreturn_t at91rm9200_timer_interrupt(int irq, void *dev_id) { u32 sr; + int ret; + + ret = regmap_read(regmap_st, AT91_ST_SR, &sr); + if (ret) { + pr_err("Fail to read AT91_ST_SR.\n"); + return ret; + } - regmap_read(regmap_st, AT91_ST_SR, &sr); sr &= irqmask; /* -- 2.17.1