Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751397AbcDNTvf (ORCPT <rfc822;w@1wt.eu>);
	Thu, 14 Apr 2016 15:51:35 -0400
Received: from SMTP.ANDREW.CMU.EDU ([128.2.157.39]:42848 "EHLO
	smtp.andrew.cmu.edu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750906AbcDNTve (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 14 Apr 2016 15:51:34 -0400
Date: Thu, 14 Apr 2016 15:51:26 -0400
From: "Gabriel L. Somlo" <somlo@cmu.edu>
To: Dan Carpenter <dan.carpenter@oracle.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>, qemu-devel@nongnu.org,
        linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [patch] firmware: qemu_fw_cfg.c: potential unintialized variable
Message-ID: <20160414195126.GF7821@HEDWIG.INI.CMU.EDU>
References: <20160414093337.GD16549@mwanda>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20160414093337.GD16549@mwanda>
X-Clacks-Overhead: GNU Terry Pratchett
User-Agent: Mutt/1.5.24 (2015-08-30)
X-PMX-Version: 6.3.0.2556906, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2016.4.14.194218
X-SMTP-Spam-Clean: 8% (
 MULTIPLE_RCPTS 0.1, HTML_00_01 0.05, HTML_00_10 0.05, BODYTEXTP_SIZE_3000_LESS 0, BODY_SIZE_1500_1599 0, BODY_SIZE_2000_LESS 0, BODY_SIZE_5000_LESS 0, BODY_SIZE_7000_LESS 0, DATE_TZ_NA 0, FROM_EDU_TLD 0, NO_URI_HTTPS 0, REFERENCES 0, __ANY_URI 0, __BOUNCE_CHALLENGE_SUBJ 0, __BOUNCE_NDR_SUBJ_EXEMPT 0, __CD 0, __CT 0, __CT_TEXT_PLAIN 0, __FORWARDED_MSG 0, __HAS_FROM 0, __HAS_MSGID 0, __IN_REP_TO 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __MULTIPLE_RCPTS_CC_X2 0, __PHISH_SPEAR_STRUCTURE_1 0, __REFERENCES 0, __SANE_MSGID 0, __SUBJ_ALPHA_END 0, __SUBJ_ALPHA_NEGATE 0, __TO_MALFORMED_2 0, __URI_NO_WWW 0, __URI_NS , __USER_AGENT 0)
X-SMTP-Spam-Score: 8%
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1494
Lines: 38

On Thu, Apr 14, 2016 at 12:33:37PM +0300, Dan Carpenter wrote:
> It acpi_acquire_global_lock() return AE_NOT_CONFIGURED then "glk" isn't
> initialized, which, if you got very unlucky, could cause a bug.
> 
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> 
> diff --git a/drivers/firmware/qemu_fw_cfg.c b/drivers/firmware/qemu_fw_cfg.c
> index d999fe3..0e20116 100644
> --- a/drivers/firmware/qemu_fw_cfg.c
> +++ b/drivers/firmware/qemu_fw_cfg.c
> @@ -77,7 +77,7 @@ static inline u16 fw_cfg_sel_endianness(u16 key)
>  static inline void fw_cfg_read_blob(u16 key,
>  				    void *buf, loff_t pos, size_t count)
>  {
> -	u32 glk;
> +	u32 glk = -1U;

After digging through the acpi_[acquire|release]_global_lock() code in
drivers/acpi/acpica/evxface.c, the -1 value actually makes sense, as
glk is set to the value of acpi_gbl_global_lock_handle, which
internally is a 16-bit value which can wrap around, but will never be
equal to 32-bit "-1". As such, the unlock function would fail with
AE_NOT_ACQUIRED if its "for-real" version ever ended up being called.

So, with the typos in the commit blurb fixed (s/It/If/ and
s/return/returns/), and on general "belt-and-suspenders" principle,

Reviewed-by: Gabriel Somlo <somlo@cmu.edu>

I just wanted to make sure my understanding of "this can't happen with
the way the ACPI macros are currently defined" is still correct :)

Thanks,
--Gabe

>  	acpi_status status;
>  
>  	/* If we have ACPI, ensure mutual exclusion against any potential