Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751397AbcDNTvf (ORCPT ); Thu, 14 Apr 2016 15:51:35 -0400 Received: from SMTP.ANDREW.CMU.EDU ([128.2.157.39]:42848 "EHLO smtp.andrew.cmu.edu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750906AbcDNTve (ORCPT ); Thu, 14 Apr 2016 15:51:34 -0400 Date: Thu, 14 Apr 2016 15:51:26 -0400 From: "Gabriel L. Somlo" To: Dan Carpenter Cc: "Michael S. Tsirkin" , qemu-devel@nongnu.org, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: Re: [patch] firmware: qemu_fw_cfg.c: potential unintialized variable Message-ID: <20160414195126.GF7821@HEDWIG.INI.CMU.EDU> References: <20160414093337.GD16549@mwanda> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20160414093337.GD16549@mwanda> X-Clacks-Overhead: GNU Terry Pratchett User-Agent: Mutt/1.5.24 (2015-08-30) X-PMX-Version: 6.3.0.2556906, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2016.4.14.194218 X-SMTP-Spam-Clean: 8% ( MULTIPLE_RCPTS 0.1, HTML_00_01 0.05, HTML_00_10 0.05, BODYTEXTP_SIZE_3000_LESS 0, BODY_SIZE_1500_1599 0, BODY_SIZE_2000_LESS 0, BODY_SIZE_5000_LESS 0, BODY_SIZE_7000_LESS 0, DATE_TZ_NA 0, FROM_EDU_TLD 0, NO_URI_HTTPS 0, REFERENCES 0, __ANY_URI 0, __BOUNCE_CHALLENGE_SUBJ 0, __BOUNCE_NDR_SUBJ_EXEMPT 0, __CD 0, __CT 0, __CT_TEXT_PLAIN 0, __FORWARDED_MSG 0, __HAS_FROM 0, __HAS_MSGID 0, __IN_REP_TO 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __MULTIPLE_RCPTS_CC_X2 0, __PHISH_SPEAR_STRUCTURE_1 0, __REFERENCES 0, __SANE_MSGID 0, __SUBJ_ALPHA_END 0, __SUBJ_ALPHA_NEGATE 0, __TO_MALFORMED_2 0, __URI_NO_WWW 0, __URI_NS , __USER_AGENT 0) X-SMTP-Spam-Score: 8% Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1494 Lines: 38 On Thu, Apr 14, 2016 at 12:33:37PM +0300, Dan Carpenter wrote: > It acpi_acquire_global_lock() return AE_NOT_CONFIGURED then "glk" isn't > initialized, which, if you got very unlucky, could cause a bug. > > Signed-off-by: Dan Carpenter > > diff --git a/drivers/firmware/qemu_fw_cfg.c b/drivers/firmware/qemu_fw_cfg.c > index d999fe3..0e20116 100644 > --- a/drivers/firmware/qemu_fw_cfg.c > +++ b/drivers/firmware/qemu_fw_cfg.c > @@ -77,7 +77,7 @@ static inline u16 fw_cfg_sel_endianness(u16 key) > static inline void fw_cfg_read_blob(u16 key, > void *buf, loff_t pos, size_t count) > { > - u32 glk; > + u32 glk = -1U; After digging through the acpi_[acquire|release]_global_lock() code in drivers/acpi/acpica/evxface.c, the -1 value actually makes sense, as glk is set to the value of acpi_gbl_global_lock_handle, which internally is a 16-bit value which can wrap around, but will never be equal to 32-bit "-1". As such, the unlock function would fail with AE_NOT_ACQUIRED if its "for-real" version ever ended up being called. So, with the typos in the commit blurb fixed (s/It/If/ and s/return/returns/), and on general "belt-and-suspenders" principle, Reviewed-by: Gabriel Somlo I just wanted to make sure my understanding of "this can't happen with the way the ACPI macros are currently defined" is still correct :) Thanks, --Gabe > acpi_status status; > > /* If we have ACPI, ensure mutual exclusion against any potential