Several functions in this file are trying to use regmap_read() to
initialize the specific variable, however, if regmap_read() fails,
the variable could be uninitialized but used directly, which is
potentially unsafe. The return value of regmap_read() should be
checked and handled. The same case also happens in function
max17042_thread_handler() but it needs more effort to patch.
Signed-off-by: Yizhuo <[email protected]>
---
drivers/power/supply/max17042_battery.c | 23 +++++++++++++++++++----
1 file changed, 19 insertions(+), 4 deletions(-)
diff --git a/drivers/power/supply/max17042_battery.c b/drivers/power/supply/max17042_battery.c
index e6a2dacaa730..b897776a2749 100644
--- a/drivers/power/supply/max17042_battery.c
+++ b/drivers/power/supply/max17042_battery.c
@@ -675,8 +675,12 @@ static void max17042_reset_vfsoc0_reg(struct max17042_chip *chip)
{
unsigned int vfSoc;
struct regmap *map = chip->regmap;
+ int ret;
+
+ ret = regmap_read(map, MAX17042_VFSOC, &vfSoc);
+ if (ret)
+ return;
- regmap_read(map, MAX17042_VFSOC, &vfSoc);
regmap_write(map, MAX17042_VFSOC0Enable, VFSOC0_UNLOCK);
max17042_write_verify_reg(map, MAX17042_VFSOC0, vfSoc);
regmap_write(map, MAX17042_VFSOC0Enable, VFSOC0_LOCK);
@@ -686,12 +690,18 @@ static void max17042_load_new_capacity_params(struct max17042_chip *chip)
{
u32 full_cap0, rep_cap, dq_acc, vfSoc;
u32 rem_cap;
+ int ret;
struct max17042_config_data *config = chip->pdata->config_data;
struct regmap *map = chip->regmap;
- regmap_read(map, MAX17042_FullCAP0, &full_cap0);
- regmap_read(map, MAX17042_VFSOC, &vfSoc);
+ ret = regmap_read(map, MAX17042_FullCAP0, &full_cap0);
+ if (ret)
+ return;
+
+ ret = regmap_read(map, MAX17042_VFSOC, &vfSoc);
+ if (ret)
+ return;
/* fg_vfSoc needs to shifted by 8 bits to get the
* perc in 1% accuracy, to get the right rem_cap multiply
@@ -1108,7 +1118,12 @@ static int max17042_probe(struct i2c_client *client,
if (!client->irq)
regmap_write(chip->regmap, MAX17042_SALRT_Th, 0xff00);
- regmap_read(chip->regmap, MAX17042_STATUS, &val);
+ ret = regmap_read(chip->regmap, MAX17042_STATUS, &val);
+ if (ret) {
+ dev_err(&client->dev, "Failed to get MAX17042_STATUS.\n");
+ return ret;
+ }
+
if (val & STATUS_POR_BIT) {
INIT_WORK(&chip->work, max17042_init_worker);
ret = devm_add_action(&client->dev, max17042_stop_work, chip);
--
2.17.1
Hi,
On Thu, Oct 03, 2019 at 10:29:48AM -0700, Yizhuo wrote:
> Several functions in this file are trying to use regmap_read() to
> initialize the specific variable, however, if regmap_read() fails,
> the variable could be uninitialized but used directly, which is
> potentially unsafe. The return value of regmap_read() should be
> checked and handled. The same case also happens in function
> max17042_thread_handler() but it needs more effort to patch.
>
> Signed-off-by: Yizhuo <[email protected]>
> ---
This does not improve the situation much. You should change the
functions from 'void' to 'int' return code and propagate the error
code, otherwise the following code assumes everything to be correct.
Also the Signed-off-by name and the patch author's name seems to be
incomplete.
Thanks,
-- Sebastian
> drivers/power/supply/max17042_battery.c | 23 +++++++++++++++++++----
> 1 file changed, 19 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/power/supply/max17042_battery.c b/drivers/power/supply/max17042_battery.c
> index e6a2dacaa730..b897776a2749 100644
> --- a/drivers/power/supply/max17042_battery.c
> +++ b/drivers/power/supply/max17042_battery.c
> @@ -675,8 +675,12 @@ static void max17042_reset_vfsoc0_reg(struct max17042_chip *chip)
> {
> unsigned int vfSoc;
> struct regmap *map = chip->regmap;
> + int ret;
> +
> + ret = regmap_read(map, MAX17042_VFSOC, &vfSoc);
> + if (ret)
> + return;
>
> - regmap_read(map, MAX17042_VFSOC, &vfSoc);
> regmap_write(map, MAX17042_VFSOC0Enable, VFSOC0_UNLOCK);
> max17042_write_verify_reg(map, MAX17042_VFSOC0, vfSoc);
> regmap_write(map, MAX17042_VFSOC0Enable, VFSOC0_LOCK);
> @@ -686,12 +690,18 @@ static void max17042_load_new_capacity_params(struct max17042_chip *chip)
> {
> u32 full_cap0, rep_cap, dq_acc, vfSoc;
> u32 rem_cap;
> + int ret;
>
> struct max17042_config_data *config = chip->pdata->config_data;
> struct regmap *map = chip->regmap;
>
> - regmap_read(map, MAX17042_FullCAP0, &full_cap0);
> - regmap_read(map, MAX17042_VFSOC, &vfSoc);
> + ret = regmap_read(map, MAX17042_FullCAP0, &full_cap0);
> + if (ret)
> + return;
> +
> + ret = regmap_read(map, MAX17042_VFSOC, &vfSoc);
> + if (ret)
> + return;
>
> /* fg_vfSoc needs to shifted by 8 bits to get the
> * perc in 1% accuracy, to get the right rem_cap multiply
> @@ -1108,7 +1118,12 @@ static int max17042_probe(struct i2c_client *client,
> if (!client->irq)
> regmap_write(chip->regmap, MAX17042_SALRT_Th, 0xff00);
>
> - regmap_read(chip->regmap, MAX17042_STATUS, &val);
> + ret = regmap_read(chip->regmap, MAX17042_STATUS, &val);
> + if (ret) {
> + dev_err(&client->dev, "Failed to get MAX17042_STATUS.\n");
> + return ret;
> + }
> +
> if (val & STATUS_POR_BIT) {
> INIT_WORK(&chip->work, max17042_init_worker);
> ret = devm_add_action(&client->dev, max17042_stop_work, chip);
> --
> 2.17.1
>