From: Bjorn Helgaas <bhelgaas@google.com>
To: Yijing Wang <wangyijing@huawei.com>
Cc: Jon Mason <jdmason@kudzu.us>,
"linux-pci@vger.kernel.org" <linux-pci@vger.kernel.org>
Subject: Re: Coverity CID 146454: pcie_bus_configure_settings() use of uninitialized variable
Date: Tue, 29 Apr 2014 17:06:12 -0600 [thread overview]
Message-ID: <20140429230612.GA9795@google.com> (raw)
In-Reply-To: <533E0F84.1050302@huawei.com>
On Fri, Apr 04, 2014 at 09:48:52AM +0800, Yijing Wang wrote:
> Hi Bjorn,
> Jon seems to send a patch to fix this long ago. Link: http://patchwork.ozlabs.org/patch/191054/
> But this patch cannot be applied now. I think we can just set smpss = 0 in this function as the default value.
Yep. It's ugly, but I don't have time to try to make it prettier. I'll
apply the patch below.
> On 2014/4/4 0:09, Bjorn Helgaas wrote:
> > Coverity complains that "smpss" is used uninitialized in
> > drivers/pci/probe.c in pcie_bus_configure_settings() when calling
> > pcie_bus_configure_set():
> >
> > 1642 pcie_bus_configure_set(bus->self, &smpss);
> > 1643 pci_walk_bus(bus, pcie_bus_configure_set, &smpss);
> >
> > "smpss" may be uninitialized, and pcie_bus_configure_set()
> > dereferences the pointer it receives.
> >
> > This is CID 146454.
> >
> > Bjorn
PCI: Fix use of uninitialized MPS value
From: Bjorn Helgaas <bhelgaas@google.com>
If "pcie_bus_config == PCIE_BUS_PERFORMANCE", we don't initialize "smpss",
so we pass a pointer to garbage into pcie_bus_configure_set(), where we
compute "mps" based on the garbage. We then pass the garbage "mps" to
pcie_write_mps(), which ignores it in the PCIE_BUS_PERFORMANCE case.
Coverity isn't smart enough to deduce that we ignore the garbage (it's a
lot to expect from a human, too), so initialize "smpss" to a safe value in
all cases.
Found by Coverity (CID 146454).
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
---
drivers/pci/probe.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
index fe89a982a3da..490031fd2108 100644
--- a/drivers/pci/probe.c
+++ b/drivers/pci/probe.c
@@ -1617,7 +1617,7 @@ static int pcie_bus_configure_set(struct pci_dev *dev, void *data)
*/
void pcie_bus_configure_settings(struct pci_bus *bus)
{
- u8 smpss;
+ u8 smpss = 0;
if (!bus->self)
return;
prev parent reply other threads:[~2014-04-29 23:06 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-03 16:09 Coverity CID 146454: pcie_bus_configure_settings() use of uninitialized variable Bjorn Helgaas
2014-04-04 1:48 ` Yijing Wang
2014-04-29 23:06 ` Bjorn Helgaas [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140429230612.GA9795@google.com \
--to=bhelgaas@google.com \
--cc=jdmason@kudzu.us \
--cc=linux-pci@vger.kernel.org \
--cc=wangyijing@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.