Hi,
On Mon, Apr 11, 2022 at 10:01:25AM +0300, Dan Carpenter wrote:
> Hello Takashi Sakamoto,
>
> The patch baa914cd81f5: "firewire: add kernel API to access
> CYCLE_TIME register" from Apr 5, 2022, leads to the following Smatch
> static checker warning:
>
> drivers/firewire/core-cdev.c:1235 ioctl_get_cycle_timer2()
> error: uninitialized symbol 'cycle_time'.
>
> drivers/firewire/core-cdev.c
> 1209 static int ioctl_get_cycle_timer2(struct client *client, union ioctl_arg *arg)
> 1210 {
> 1211 struct fw_cdev_get_cycle_timer2 *a = &arg->get_cycle_timer2;
> 1212 struct fw_card *card = client->device->card;
> 1213 struct timespec64 ts = {0, 0};
> 1214 u32 cycle_time;
> 1215 int ret = 0;
> 1216
> 1217 local_irq_disable();
> 1218
> 1219 ret = fw_card_read_cycle_time(card, &cycle_time);
> 1220 if (ret < 0)
> 1221 goto end;
> ^^^^^^^^
> "cycle_time" not initialized on error path.
>
> 1222
> 1223 switch (a->clk_id) {
> 1224 case CLOCK_REALTIME: ktime_get_real_ts64(&ts); break;
> 1225 case CLOCK_MONOTONIC: ktime_get_ts64(&ts); break;
> 1226 case CLOCK_MONOTONIC_RAW: ktime_get_raw_ts64(&ts); break;
> 1227 default:
> 1228 ret = -EINVAL;
> 1229 }
> 1230 end:
> 1231 local_irq_enable();
> 1232
> 1233 a->tv_sec = ts.tv_sec;
> 1234 a->tv_nsec = ts.tv_nsec;
> --> 1235 a->cycle_timer = cycle_time;
> 1236
> 1237 return ret;
> 1238 }
Thanks for the report. Indeed, it leaks the unidentified value on kernel
stack to userspace. I'll post fix later.
Regards
Takashi Sakamoto
