[PATCH] rtc: fix error checking in wdt_disable()

[PATCH] rtc: fix error checking in wdt_disable()

[Alexandr Sapozhnkiov]

From: Alexandr Sapozhnikov <alsp705@gmail.com>

The i2c_transfer() function may return an error.
Ignoring errors returned by functions is bad practice.
Especially when these functions perform core functionality.
What's the point of continuing to call the same function 
after an error is returned?
If the second function call succeeds, data corruption will occur.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Alexandr Sapozhnikov <alsp705@gmail.com>
---
 drivers/rtc/rtc-m41t80.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/drivers/rtc/rtc-m41t80.c b/drivers/rtc/rtc-m41t80.c
index 0013bff0447d..b24d09c57816 100644
--- a/drivers/rtc/rtc-m41t80.c
+++ b/drivers/rtc/rtc-m41t80.c
@@ -677,11 +677,11 @@ static void wdt_disable(void)
 	};
 
 	i2c_data[0] = 0x09;
-	i2c_transfer(save_client->adapter, msgs0, 2);
-
-	i2c_data[0] = 0x09;
-	i2c_data[1] = 0x00;
-	i2c_transfer(save_client->adapter, msgs1, 1);
+	if (!i2c_transfer(save_client->adapter, msgs0, 2)) {
+		i2c_data[0] = 0x09;
+		i2c_data[1] = 0x00;
+		i2c_transfer(save_client->adapter, msgs1, 1);
+	}
 }
 
 /**
-- 
2.43.0

Re: [PATCH] rtc: fix error checking in wdt_disable()

[Markus Elfring]

> The i2c_transfer() function may return an error.
> Ignoring errors returned by functions is bad practice.

See also:
https://cwe.mitre.org/data/definitions/252.html


…
> If the second function call succeeds, data corruption will occur.

Should the function return values be checked for both passed messages?


* Would a corresponding imperative wording become helpful for an improved change description?
  https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v6.17#n94

* How do you think about to add any tags (like “Fixes” and “Cc”) accordingly?


Regards,
Markus