From: Darren Hart <dvhart@infradead.org>
To: Paul Bolle <pebolle@tiscali.nl>
Cc: Frans Klaver <fransklaver@gmail.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Corentin Chary <corentin.chary@gmail.com>,
Matthew Garrett <matthew.garrett@nebula.com>,
acpi4asus-user@lists.sourceforge.net,
platform-driver-x86@vger.kernel.org,
linux-kernel@vger.kernel.org,
Rafael Wysocki <rafael.j.wysocki@intel.com>
Subject: Re: [PATCH] eeepc-laptop: remove possible use of uninitialized value
Date: Fri, 5 Sep 2014 19:17:57 -0700 [thread overview]
Message-ID: <20140906021757.GA9197@vmdeb7> (raw)
In-Reply-To: <1409814488.5546.63.camel@x220>
On Thu, Sep 04, 2014 at 09:08:08AM +0200, Paul Bolle wrote:
> On Thu, 2014-09-04 at 00:53 +0200, Frans Klaver wrote:
> > In store_sys_acpi, if count equals zero, or parse_arg()s sscanf call
> > fails, 'value' remains possibly uninitialized. In that case 'value'
> > shouldn't be used to produce the store_sys_acpi()s return value.
> >
> > Only test the return value of set_acpi() if we can actually call it.
> > Return rv otherwise.
> >
> > Signed-off-by: Frans Klaver <fransklaver@gmail.com>
> > ---
> > drivers/platform/x86/eeepc-laptop.c | 8 ++++----
> > 1 file changed, 4 insertions(+), 4 deletions(-)
> >
> > diff --git a/drivers/platform/x86/eeepc-laptop.c b/drivers/platform/x86/eeepc-laptop.c
> > index bd533c2..41f12ba 100644
> > --- a/drivers/platform/x86/eeepc-laptop.c
> > +++ b/drivers/platform/x86/eeepc-laptop.c
> > @@ -279,10 +279,10 @@ static ssize_t store_sys_acpi(struct device *dev, int cm,
> > int rv, value;
> >
> > rv = parse_arg(buf, count, &value);
> > - if (rv > 0)
> > - value = set_acpi(eeepc, cm, value);
> > - if (value < 0)
> > - return -EIO;
> > + if (rv > 0) {
> > + if (set_acpi(eeepc, cm, value) < 0)
> > + return -EIO;
> > + }
> > return rv;
> > }
> >
>
> The warning that this code (currently) generated triggered me to submit
> https://lkml.org/lkml/2014/7/1/150 , which uses a different approach to
> get rid of it. I received no reactions so far. Here's that patch again:
Thanks for resending.
>
> ------------>8------------
> From: Paul Bolle <pebolle@tiscali.nl>
> Subject: [PATCH] eeepc-laptop: simplify parse_arg()
>
> parse_arg() has three possible return values:
> -EINVAL if sscanf(), in short, fails;
> zero if "count" is zero; and
> "count" in all other cases
>
> But "count" will never be zero. See, parse_arg() is called by the
> various store functions. And the callchain of these functions starts
> with sysfs_kf_write(). And that function checks for a zero "count". So
> we can stop checking for a zero "count", drop the "count" argument
> entirely, and transform parse_arg() into a function that returns zero on
> success or a negative error. That, in turn, allows to make those store
> functions just return "count" on success. The net effect is that the
> code becomes a bit easier to understand.
>
Seems reasonable.
> A nice side effect is that this GCC warning is silenced too:
> drivers/platform/x86/eeepc-laptop.c: In function ‘store_sys_acpi’:
> drivers/platform/x86/eeepc-laptop.c:279:10: warning: ‘value’ may be used uninitialized in this function [-Wmaybe-uninitialized]
> int rv, value;
>
> Which is, of course, the reason to have a look at parse_arg().
>
> Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
> ---
> drivers/platform/x86/eeepc-laptop.c | 34 +++++++++++++++++-----------------
> 1 file changed, 17 insertions(+), 17 deletions(-)
>
> diff --git a/drivers/platform/x86/eeepc-laptop.c b/drivers/platform/x86/eeepc-laptop.c
> index bd533c22be57..78515b850165 100644
> --- a/drivers/platform/x86/eeepc-laptop.c
> +++ b/drivers/platform/x86/eeepc-laptop.c
> @@ -263,13 +263,11 @@ static int acpi_setter_handle(struct eeepc_laptop *eeepc, int cm,
> /*
> * Sys helpers
> */
> -static int parse_arg(const char *buf, unsigned long count, int *val)
> +static int parse_arg(const char *buf, int *val)
> {
> - if (!count)
> - return 0;
> if (sscanf(buf, "%i", val) != 1)
> return -EINVAL;
> - return count;
> + return 0;
> }
>
> static ssize_t store_sys_acpi(struct device *dev, int cm,
> @@ -278,12 +276,13 @@ static ssize_t store_sys_acpi(struct device *dev, int cm,
> struct eeepc_laptop *eeepc = dev_get_drvdata(dev);
> int rv, value;
>
> - rv = parse_arg(buf, count, &value);
> - if (rv > 0)
> - value = set_acpi(eeepc, cm, value);
> + rv = parse_arg(buf, &value);
> + if (rv < 0)
> + return rv;
> + value = set_acpi(eeepc, cm, value);
> if (value < 0)
I suppose it's harmless, but it would be more explicit to reuse rv here instead
of value.
> return -EIO;
And as with Frans' version, I suggest propogating the error. We're talking about
a missing/invalid ACPI control method name here, ENODEV seems approprirate.
Rafael, do you have a strong preference about what to return in such an event?
--
Darren Hart
Intel Open Source Technology Center
next prev parent reply other threads:[~2014-09-06 2:18 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-03 22:53 [PATCH] eeepc-laptop: remove possible use of uninitialized value Frans Klaver
2014-09-04 0:49 ` Darren Hart
2014-09-04 1:14 ` Greg Kroah-Hartman
2014-09-04 6:46 ` Frans Klaver
2014-09-04 14:10 ` Greg Kroah-Hartman
2014-09-04 14:40 ` Frans Klaver
2014-09-04 19:37 ` Paul Bolle
2014-09-04 7:08 ` Paul Bolle
2014-09-04 7:57 ` Frans Klaver
2014-09-06 2:17 ` Darren Hart [this message]
2014-09-06 21:17 ` Rafael J. Wysocki
2014-09-08 21:12 ` [PATCH] eeepc-laptop: remove disp attribute show function Frans Klaver
2014-09-08 21:16 ` Greg Kroah-Hartman
[not found] ` <20140908212306.GA22145@gmail.com>
[not found] ` <20140908214438.GB22145@gmail.com>
2014-09-08 21:57 ` Greg Kroah-Hartman
2014-09-08 23:32 ` Darren Hart
2014-09-09 8:50 ` [PATCH] eeepc-laptop: remove possible use of uninitialized value Paul Bolle
2014-09-10 3:33 ` Darren Hart
2014-09-10 14:42 ` Frans Klaver
2014-09-10 16:49 ` Darren Hart
2014-09-10 20:05 ` [PATCH v2] eeepc-laptop: simplify parse_arg() Paul Bolle
2014-09-11 22:37 ` Darren Hart
2014-09-16 23:45 ` Darren Hart
2014-09-17 19:02 ` [PATCH v3] " Paul Bolle
2014-09-17 20:14 ` Darren Hart
2014-09-17 20:35 ` Darren Hart
2014-09-17 20:36 ` Frans Klaver
2014-09-17 21:39 ` Frans Klaver
2014-09-09 0:06 ` [PATCH] eeepc-laptop: remove possible use of uninitialized value Darren Hart
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140906021757.GA9197@vmdeb7 \
--to=dvhart@infradead.org \
--cc=acpi4asus-user@lists.sourceforge.net \
--cc=corentin.chary@gmail.com \
--cc=fransklaver@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=matthew.garrett@nebula.com \
--cc=pebolle@tiscali.nl \
--cc=platform-driver-x86@vger.kernel.org \
--cc=rafael.j.wysocki@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.