From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932809AbcDNSVJ (ORCPT <rfc822;w@1wt.eu>);
	Thu, 14 Apr 2016 14:21:09 -0400
Received: from userp1040.oracle.com ([156.151.31.81]:51828 "EHLO
	userp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S932675AbcDNSVF (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 14 Apr 2016 14:21:05 -0400
Date: Thu, 14 Apr 2016 21:20:49 +0300
From: Dan Carpenter <dan.carpenter@oracle.com>
To: Bart Van Assche <bart.vanassche@sandisk.com>
Cc: "James E.J. Bottomley" <jejb@linux.vnet.ibm.com>,
        "Martin K. Petersen" <martin.petersen@oracle.com>,
        Hannes Reinecke <hare@suse.de>,
        Johannes Thumshirn <jthumshirn@suse.de>,
        Ewan Milne <emilne@redhat.com>, linux-scsi@vger.kernel.org,
        linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [patch] scsi_dh_alua: uninitialized variable in alua_rtpg()
Message-ID: <20160414182049.GG4247@mwanda>
References: <20160414093917.GA16891@mwanda>
 <570FBB0E.9030902@sandisk.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <570FBB0E.9030902@sandisk.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Source-IP: userv0021.oracle.com [156.151.31.71]
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Apr 14, 2016 at 08:45:18AM -0700, Bart Van Assche wrote:
> On 04/14/2016 02:39 AM, Dan Carpenter wrote:
> >It's possible to use "err" without initializing it.  If it happens to be
> >a 2 which is SCSI_DH_RETRY then that could cause a bug.
> >
> >Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> >
> >diff --git a/drivers/scsi/device_handler/scsi_dh_alua.c b/drivers/scsi/device_handler/scsi_dh_alua.c
> >index 8eaed05..f3c994f 100644
> >--- a/drivers/scsi/device_handler/scsi_dh_alua.c
> >+++ b/drivers/scsi/device_handler/scsi_dh_alua.c
> >@@ -513,7 +513,8 @@ static int alua_rtpg(struct scsi_device *sdev, struct alua_port_group *pg)
> >  	struct alua_port_group *tmp_pg;
> >  	int len, k, off, valid_states = 0, bufflen = ALUA_RTPG_SIZE;
> >  	unsigned char *desc, *buff;
> >-	unsigned err, retval;
> >+	unsigned int err = 0;
> >+	unsigned int retval;
> >  	unsigned int tpg_desc_tbl_off;
> >  	unsigned char orig_transition_tmo;
> >  	unsigned long flags;
> 
> Hello Dan,
> 
> The code that uses the 'err' variable occurs in a loop. I think the
> initialization of 'err' should occur after the "retry:" label.

It looks like you're right.  I'll resend.  I don't know this code very
well, obviously and it's a static checker fix not something I have
tested.

regards,
dan carpenter