[PATCH] myri10ge: avoid uninitialized variable use

[PATCH] myri10ge: avoid uninitialized variable use

[Arnd Bergmann]

From: Arnd Bergmann <arnd@arndb.de>

While compile testing on less common architectures, I noticed that gcc-10 on
s390 finds a bug that all other configurations seem to miss:

drivers/net/ethernet/myricom/myri10ge/myri10ge.c: In function 'myri10ge_set_multicast_list':
drivers/net/ethernet/myricom/myri10ge/myri10ge.c:391:25: error: 'cmd.data0' is used uninitialized in this function [-Werror=uninitialized]
  391 |  buf->data0 = htonl(data->data0);
      |                         ^~
drivers/net/ethernet/myricom/myri10ge/myri10ge.c:392:25: error: '*((void *)&cmd+4)' is used uninitialized in this function [-Werror=uninitialized]
  392 |  buf->data1 = htonl(data->data1);
      |                         ^~
drivers/net/ethernet/myricom/myri10ge/myri10ge.c: In function 'myri10ge_allocate_rings':
drivers/net/ethernet/myricom/myri10ge/myri10ge.c:392:13: error: 'cmd.data1' is used uninitialized in this function [-Werror=uninitialized]
  392 |  buf->data1 = htonl(data->data1);
drivers/net/ethernet/myricom/myri10ge/myri10ge.c:1939:22: note: 'cmd.data1' was declared here
 1939 |  struct myri10ge_cmd cmd;
      |                      ^~~
drivers/net/ethernet/myricom/myri10ge/myri10ge.c:393:13: error: 'cmd.data2' is used uninitialized in this function [-Werror=uninitialized]
  393 |  buf->data2 = htonl(data->data2);
drivers/net/ethernet/myricom/myri10ge/myri10ge.c:1939:22: note: 'cmd.data2' was declared here
 1939 |  struct myri10ge_cmd cmd;

It would be nice to understand how to make other compilers catch this as
well, but for the moment I'll just shut up the warning by fixing the
undefined behavior in this driver.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
 drivers/net/ethernet/myricom/myri10ge/myri10ge.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/drivers/net/ethernet/myricom/myri10ge/myri10ge.c b/drivers/net/ethernet/myricom/myri10ge/myri10ge.c
index e611ff7fa3fa..f9d6ba381361 100644
--- a/drivers/net/ethernet/myricom/myri10ge/myri10ge.c
+++ b/drivers/net/ethernet/myricom/myri10ge/myri10ge.c
@@ -688,6 +688,9 @@ static int myri10ge_get_firmware_capabilities(struct myri10ge_priv *mgp)
 
 	/* probe for IPv6 TSO support */
 	mgp->features = NETIF_F_SG | NETIF_F_HW_CSUM | NETIF_F_TSO;
+	cmd.data0 = 0,
+	cmd.data1 = 0,
+	cmd.data2 = 0,
 	status = myri10ge_send_cmd(mgp, MXGEFW_CMD_GET_MAX_TSO6_HDR_SIZE,
 				   &cmd, 0);
 	if (status == 0) {
@@ -834,6 +837,9 @@ myri10ge_change_promisc(struct myri10ge_priv *mgp, int promisc, int atomic)
 	int status, ctl;
 
 	ctl = promisc ? MXGEFW_ENABLE_PROMISC : MXGEFW_DISABLE_PROMISC;
+	cmd.data0 = 0;
+	cmd.data1 = 0;
+	cmd.data2 = 0;
 	status = myri10ge_send_cmd(mgp, ctl, &cmd, atomic);
 	if (status)
 		netdev_err(mgp->dev, "Failed to set promisc mode\n");
@@ -1946,6 +1952,8 @@ static int myri10ge_allocate_rings(struct myri10ge_slice_state *ss)
 	/* get ring sizes */
 	slice = ss - mgp->ss;
 	cmd.data0 = slice;
+	cmd.data1 = 0;
+	cmd.data2 = 0;
 	status = myri10ge_send_cmd(mgp, MXGEFW_CMD_GET_SEND_RING_SIZE, &cmd, 0);
 	tx_ring_size = cmd.data0;
 	cmd.data0 = slice;
@@ -2238,6 +2246,8 @@ static int myri10ge_get_txrx(struct myri10ge_priv *mgp, int slice)
 	status = 0;
 	if (slice == 0 || (mgp->dev->real_num_tx_queues > 1)) {
 		cmd.data0 = slice;
+		cmd.data1 = 0;
+		cmd.data2 = 0;
 		status = myri10ge_send_cmd(mgp, MXGEFW_CMD_GET_SEND_OFFSET,
 					   &cmd, 0);
 		ss->tx.lanai = (struct mcp_kreq_ether_send __iomem *)
@@ -2312,6 +2322,7 @@ static int myri10ge_open(struct net_device *dev)
 	if (mgp->num_slices > 1) {
 		cmd.data0 = mgp->num_slices;
 		cmd.data1 = MXGEFW_SLICE_INTR_MODE_ONE_PER_SLICE;
+		cmd.data2 = 0;
 		if (mgp->dev->real_num_tx_queues > 1)
 			cmd.data1 |= MXGEFW_SLICE_ENABLE_MULTIPLE_TX_QUEUES;
 		status = myri10ge_send_cmd(mgp, MXGEFW_CMD_ENABLE_RSS_QUEUES,
@@ -2414,6 +2425,8 @@ static int myri10ge_open(struct net_device *dev)
 
 	/* now give firmware buffers sizes, and MTU */
 	cmd.data0 = dev->mtu + ETH_HLEN + VLAN_HLEN;
+	cmd.data1 = 0;
+	cmd.data2 = 0;
 	status = myri10ge_send_cmd(mgp, MXGEFW_CMD_SET_MTU, &cmd, 0);
 	cmd.data0 = mgp->small_bytes;
 	status |=
@@ -2956,6 +2969,9 @@ static void myri10ge_set_multicast_list(struct net_device *dev)
 
 	/* Disable multicast filtering */
 
+	cmd.data0 = 0;
+	cmd.data1 = 0;
+	cmd.data2 = 0;
 	err = myri10ge_send_cmd(mgp, MXGEFW_ENABLE_ALLMULTI, &cmd, 1);
 	if (err != 0) {
 		netdev_err(dev, "Failed MXGEFW_ENABLE_ALLMULTI, error status: %d\n",
-- 
2.39.5

Re: [PATCH] myri10ge: avoid uninitialized variable use

[Simon Horman]

On Fri, Jun 20, 2025 at 01:26:28PM +0200, Arnd Bergmann wrote:
> From: Arnd Bergmann <arnd@arndb.de>
> 
> While compile testing on less common architectures, I noticed that gcc-10 on
> s390 finds a bug that all other configurations seem to miss:
> 
> drivers/net/ethernet/myricom/myri10ge/myri10ge.c: In function 'myri10ge_set_multicast_list':
> drivers/net/ethernet/myricom/myri10ge/myri10ge.c:391:25: error: 'cmd.data0' is used uninitialized in this function [-Werror=uninitialized]
>   391 |  buf->data0 = htonl(data->data0);
>       |                         ^~
> drivers/net/ethernet/myricom/myri10ge/myri10ge.c:392:25: error: '*((void *)&cmd+4)' is used uninitialized in this function [-Werror=uninitialized]
>   392 |  buf->data1 = htonl(data->data1);
>       |                         ^~
> drivers/net/ethernet/myricom/myri10ge/myri10ge.c: In function 'myri10ge_allocate_rings':
> drivers/net/ethernet/myricom/myri10ge/myri10ge.c:392:13: error: 'cmd.data1' is used uninitialized in this function [-Werror=uninitialized]
>   392 |  buf->data1 = htonl(data->data1);
> drivers/net/ethernet/myricom/myri10ge/myri10ge.c:1939:22: note: 'cmd.data1' was declared here
>  1939 |  struct myri10ge_cmd cmd;
>       |                      ^~~
> drivers/net/ethernet/myricom/myri10ge/myri10ge.c:393:13: error: 'cmd.data2' is used uninitialized in this function [-Werror=uninitialized]
>   393 |  buf->data2 = htonl(data->data2);
> drivers/net/ethernet/myricom/myri10ge/myri10ge.c:1939:22: note: 'cmd.data2' was declared here
>  1939 |  struct myri10ge_cmd cmd;
> 
> It would be nice to understand how to make other compilers catch this as
> well, but for the moment I'll just shut up the warning by fixing the
> undefined behavior in this driver.
> 
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>

Hi Arnd,

That is a lovely mess.

Curiously I was not able to reproduce this on s390 with gcc 10.5.0.
Perhaps I needed to try harder. Or perhaps the detection is specific to a
very narrow set of GCC versions.

Regardless I agree with your analysis, but I wonder if the following is
also needed so that .data0, 1 and 2 are always initialised when used.

diff --git a/drivers/net/ethernet/myricom/myri10ge/myri10ge.c b/drivers/net/ethernet/myricom/myri10ge/myri10ge.c
index f9d6ba381361..4743064bc6d4 100644
--- a/drivers/net/ethernet/myricom/myri10ge/myri10ge.c
+++ b/drivers/net/ethernet/myricom/myri10ge/myri10ge.c
@@ -809,6 +809,7 @@ static int myri10ge_update_mac_address(struct myri10ge_priv *mgp,
 		     | (addr[2] << 8) | addr[3]);
 
 	cmd.data1 = ((addr[4] << 8) | (addr[5]));
+	cmd.data2 = 0;
 
 	status = myri10ge_send_cmd(mgp, MXGEFW_SET_MAC_ADDRESS, &cmd, 0);
 	return status;
@@ -820,6 +821,9 @@ static int myri10ge_change_pause(struct myri10ge_priv *mgp, int pause)
 	int status, ctl;
 
 	ctl = pause ? MXGEFW_ENABLE_FLOW_CONTROL : MXGEFW_DISABLE_FLOW_CONTROL;
+	cmd.data0 = 0,
+	cmd.data1 = 0,
+	cmd.data2 = 0,
 	status = myri10ge_send_cmd(mgp, ctl, &cmd, 0);
 
 	if (status) {

...

Re: [PATCH] myri10ge: avoid uninitialized variable use

[Arnd Bergmann]

On Sat, Jun 21, 2025, at 09:49, Simon Horman wrote:
> On Fri, Jun 20, 2025 at 01:26:28PM +0200, Arnd Bergmann wrote:
>> 
>> It would be nice to understand how to make other compilers catch this as
>> well, but for the moment I'll just shut up the warning by fixing the
>> undefined behavior in this driver.
>> 
>> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
>
> Hi Arnd,
>
> That is a lovely mess.
>
> Curiously I was not able to reproduce this on s390 with gcc 10.5.0.
> Perhaps I needed to try harder. Or perhaps the detection is specific to a
> very narrow set of GCC versions.

I was using my gcc binaries from
https://mirrors.edge.kernel.org/pub/tools/crosstool/files/bin/arm64/10.5.0/
but more likely this is kernel configuration specific than the exact
toolchain version.

The warning clearly depends on the myri10ge_send_cmd() function getting
inlined into the caller, and inlining is highly configuration specific.

See https://pastebin.com/T23wHkCx for the .config I used to produce
this.

> Regardless I agree with your analysis, but I wonder if the following is
> also needed so that .data0, 1 and 2 are always initialised when used.

Right, I stopped adding initializations when all the warnings were
gone, so I missed the ones you found. ;-)

I've integrated your changes now, let me know if I should resend it
right away, or you want to play around with that .config some more
first and reproduce the warning.

      Arnd

Re: [PATCH] myri10ge: avoid uninitialized variable use

[Simon Horman]

On Sat, Jun 21, 2025 at 11:21:09AM +0200, Arnd Bergmann wrote:
> On Sat, Jun 21, 2025, at 09:49, Simon Horman wrote:
> > On Fri, Jun 20, 2025 at 01:26:28PM +0200, Arnd Bergmann wrote:
> >> 
> >> It would be nice to understand how to make other compilers catch this as
> >> well, but for the moment I'll just shut up the warning by fixing the
> >> undefined behavior in this driver.
> >> 
> >> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> >
> > Hi Arnd,
> >
> > That is a lovely mess.
> >
> > Curiously I was not able to reproduce this on s390 with gcc 10.5.0.
> > Perhaps I needed to try harder. Or perhaps the detection is specific to a
> > very narrow set of GCC versions.
> 
> I was using my gcc binaries from
> https://mirrors.edge.kernel.org/pub/tools/crosstool/files/bin/arm64/10.5.0/
> but more likely this is kernel configuration specific than the exact
> toolchain version.
> 
> The warning clearly depends on the myri10ge_send_cmd() function getting
> inlined into the caller, and inlining is highly configuration specific.
> 
> See https://pastebin.com/T23wHkCx for the .config I used to produce
> this.

Thanks Arnd.

FWIIW, I was also using the above mentioned toolchain. But with allmodconfig.
Now I'm using the config at the link above I see the warnings too.

In any case, it seems pretty clear to me from looking at the code that your
analysis is correct. The mystery to me is why it isn't more widely
detected by tooling.

> 
> > Regardless I agree with your analysis, but I wonder if the following is
> > also needed so that .data0, 1 and 2 are always initialised when used.
> 
> Right, I stopped adding initializations when all the warnings were
> gone, so I missed the ones you found. ;-)

I thought that might have happened :)

> I've integrated your changes now, let me know if I should resend it
> right away, or you want to play around with that .config some more
> first and reproduce the warning.

Feel free to post whenever you are ready.