* Coverity CID 146454: pcie_bus_configure_settings() use of uninitialized variable @ 2014-04-03 16:09 Bjorn Helgaas 2014-04-04 1:48 ` Yijing Wang 0 siblings, 1 reply; 3+ messages in thread From: Bjorn Helgaas @ 2014-04-03 16:09 UTC (permalink / raw) To: Jon Mason, Yijing Wang; +Cc: linux-pci@vger.kernel.org Coverity complains that "smpss" is used uninitialized in drivers/pci/probe.c in pcie_bus_configure_settings() when calling pcie_bus_configure_set(): 1642 pcie_bus_configure_set(bus->self, &smpss); 1643 pci_walk_bus(bus, pcie_bus_configure_set, &smpss); "smpss" may be uninitialized, and pcie_bus_configure_set() dereferences the pointer it receives. This is CID 146454. Bjorn ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Coverity CID 146454: pcie_bus_configure_settings() use of uninitialized variable 2014-04-03 16:09 Coverity CID 146454: pcie_bus_configure_settings() use of uninitialized variable Bjorn Helgaas @ 2014-04-04 1:48 ` Yijing Wang 2014-04-29 23:06 ` Bjorn Helgaas 0 siblings, 1 reply; 3+ messages in thread From: Yijing Wang @ 2014-04-04 1:48 UTC (permalink / raw) To: Bjorn Helgaas, Jon Mason; +Cc: linux-pci@vger.kernel.org Hi Bjorn, Jon seems to send a patch to fix this long ago. Link: http://patchwork.ozlabs.org/patch/191054/ But this patch cannot be applied now. I think we can just set smpss = 0 in this function as the default value. Thanks! Yijing. On 2014/4/4 0:09, Bjorn Helgaas wrote: > Coverity complains that "smpss" is used uninitialized in > drivers/pci/probe.c in pcie_bus_configure_settings() when calling > pcie_bus_configure_set(): > > 1642 pcie_bus_configure_set(bus->self, &smpss); > 1643 pci_walk_bus(bus, pcie_bus_configure_set, &smpss); > > "smpss" may be uninitialized, and pcie_bus_configure_set() > dereferences the pointer it receives. > > This is CID 146454. > > Bjorn > > -- Thanks! Yijing ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Coverity CID 146454: pcie_bus_configure_settings() use of uninitialized variable 2014-04-04 1:48 ` Yijing Wang @ 2014-04-29 23:06 ` Bjorn Helgaas 0 siblings, 0 replies; 3+ messages in thread From: Bjorn Helgaas @ 2014-04-29 23:06 UTC (permalink / raw) To: Yijing Wang; +Cc: Jon Mason, linux-pci@vger.kernel.org On Fri, Apr 04, 2014 at 09:48:52AM +0800, Yijing Wang wrote: > Hi Bjorn, > Jon seems to send a patch to fix this long ago. Link: http://patchwork.ozlabs.org/patch/191054/ > But this patch cannot be applied now. I think we can just set smpss = 0 in this function as the default value. Yep. It's ugly, but I don't have time to try to make it prettier. I'll apply the patch below. > On 2014/4/4 0:09, Bjorn Helgaas wrote: > > Coverity complains that "smpss" is used uninitialized in > > drivers/pci/probe.c in pcie_bus_configure_settings() when calling > > pcie_bus_configure_set(): > > > > 1642 pcie_bus_configure_set(bus->self, &smpss); > > 1643 pci_walk_bus(bus, pcie_bus_configure_set, &smpss); > > > > "smpss" may be uninitialized, and pcie_bus_configure_set() > > dereferences the pointer it receives. > > > > This is CID 146454. > > > > Bjorn PCI: Fix use of uninitialized MPS value From: Bjorn Helgaas <bhelgaas@google.com> If "pcie_bus_config == PCIE_BUS_PERFORMANCE", we don't initialize "smpss", so we pass a pointer to garbage into pcie_bus_configure_set(), where we compute "mps" based on the garbage. We then pass the garbage "mps" to pcie_write_mps(), which ignores it in the PCIE_BUS_PERFORMANCE case. Coverity isn't smart enough to deduce that we ignore the garbage (it's a lot to expect from a human, too), so initialize "smpss" to a safe value in all cases. Found by Coverity (CID 146454). Signed-off-by: Bjorn Helgaas <bhelgaas@google.com> --- drivers/pci/probe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c index fe89a982a3da..490031fd2108 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -1617,7 +1617,7 @@ static int pcie_bus_configure_set(struct pci_dev *dev, void *data) */ void pcie_bus_configure_settings(struct pci_bus *bus) { - u8 smpss; + u8 smpss = 0; if (!bus->self) return; ^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-04-29 23:06 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2014-04-03 16:09 Coverity CID 146454: pcie_bus_configure_settings() use of uninitialized variable Bjorn Helgaas 2014-04-04 1:48 ` Yijing Wang 2014-04-29 23:06 ` Bjorn Helgaas
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.