On 2/12/2025 5:37 AM, Dan Carpenter wrote:
Hello Matthew Leung,
Commit f88f1d0998ea ("bus: mhi: host: Add a policy to enable image
transfer via BHIe in PBL") from Jan 17, 2025 (linux-next), leads to
the following Smatch static checker warning:
drivers/bus/mhi/host/boot.c:611 mhi_fw_load_handler()
error: uninitialized symbol 'fw_load_type'.
drivers/bus/mhi/host/boot.c
491 void mhi_fw_load_handler(struct mhi_controller *mhi_cntrl)
492 {
493 const struct firmware *firmware = NULL;
494 struct device *dev = &mhi_cntrl->mhi_dev->dev;
495 enum mhi_fw_load_type fw_load_type;
496 enum mhi_pm_state new_state;
497 const char *fw_name;
498 const u8 *fw_data;
499 size_t size, fw_sz;
500 int ret;
501
502 if (MHI_PM_IN_ERROR_STATE(mhi_cntrl->pm_state)) {
503 dev_err(dev, "Device MHI is not in valid state\n");
504 return;
505 }
506
507 /* save hardware info from BHI */
508 ret = mhi_read_reg(mhi_cntrl, mhi_cntrl->bhi, BHI_SERIALNU,
509 &mhi_cntrl->serial_number);
510 if (ret)
511 dev_err(dev, "Could not capture serial number via BHI\n");
512
513 /* wait for ready on pass through or any other execution environment */
514 if (!MHI_FW_LOAD_CAPABLE(mhi_cntrl->ee))
515 goto fw_load_ready_state;
Assume we hit this goto.
516
517 fw_name = (mhi_cntrl->ee == MHI_EE_EDL) ?
518 mhi_cntrl->edl_image : mhi_cntrl->fw_image;
519
520 /* check if the driver has already provided the firmware data */
521 if (!fw_name && mhi_cntrl->fbc_download &&
522 mhi_cntrl->fw_data && mhi_cntrl->fw_sz) {
523 if (!mhi_cntrl->sbl_size) {
524 dev_err(dev, "fw_data provided but no sbl_size\n");
525 goto error_fw_load;
526 }
527
528 size = mhi_cntrl->sbl_size;
529 fw_data = mhi_cntrl->fw_data;
530 fw_sz = mhi_cntrl->fw_sz;
531 goto skip_req_fw;
532 }
533
534 if (!fw_name || (mhi_cntrl->fbc_download && (!mhi_cntrl->sbl_size ||
535 !mhi_cntrl->seg_len))) {
536 dev_err(dev,
537 "No firmware image defined or !sbl_size || !seg_len\n");
538 goto error_fw_load;
539 }
540
541 ret = request_firmware(&firmware, fw_name, dev);
542 if (ret) {
543 dev_err(dev, "Error loading firmware: %d\n", ret);
544 goto error_fw_load;
545 }
546
547 size = (mhi_cntrl->fbc_download) ? mhi_cntrl->sbl_size : firmware->size;
548
549 /* SBL size provided is maximum size, not necessarily the image size */
550 if (size > firmware->size)
551 size = firmware->size;
552
553 fw_data = firmware->data;
554 fw_sz = firmware->size;
555
556 skip_req_fw:
557 fw_load_type = mhi_fw_load_type_get(mhi_cntrl);
558 if (fw_load_type == MHI_FW_LOAD_BHIE)
559 ret = mhi_load_image_bhie(mhi_cntrl, fw_data, size);
560 else
561 ret = mhi_load_image_bhi(mhi_cntrl, fw_data, size);
562
563 /* Error or in EDL mode, we're done */
564 if (ret) {
565 dev_err(dev, "MHI did not load image over BHI%s, ret: %d\n",
566 fw_load_type == MHI_FW_LOAD_BHIE ? "e" : "",
567 ret);
568 release_firmware(firmware);
569 goto error_fw_load;
570 }
571
572 /* Wait for ready since EDL image was loaded */
573 if (fw_name && fw_name == mhi_cntrl->edl_image) {
574 release_firmware(firmware);
575 goto fw_load_ready_state;
576 }
577
578 write_lock_irq(&mhi_cntrl->pm_lock);
579 mhi_cntrl->dev_state = MHI_STATE_RESET;
580 write_unlock_irq(&mhi_cntrl->pm_lock);
581
582 /*
583 * If we're doing fbc, populate vector tables while
584 * device transitioning into MHI READY state
585 */
586 if (fw_load_type == MHI_FW_LOAD_FBC) {
587 ret = mhi_alloc_bhie_table(mhi_cntrl, &mhi_cntrl->fbc_image, fw_sz);
588 if (ret) {
589 release_firmware(firmware);
590 goto error_fw_load;
591 }
592
593 /* Load the firmware into BHIE vec table */
594 mhi_firmware_copy_bhie(mhi_cntrl, fw_data, fw_sz, mhi_cntrl->fbc_image);
595 }
596
597 release_firmware(firmware);
598
599 fw_load_ready_state:
600 /* Transitioning into MHI RESET->READY state */
601 ret = mhi_ready_state_transition(mhi_cntrl);
602 if (ret) {
603 dev_err(dev, "MHI did not enter READY state\n");
604 goto error_ready_state;
And then this goto as well.
605 }
606
607 dev_info(dev, "Wait for device to enter SBL or Mission mode\n");
608 return;
609
610 error_ready_state:
--> 611 if (fw_load_type == MHI_FW_LOAD_FBC) {
^^^^^^^^^^^^
Uninitialized.
612 mhi_free_bhie_table(mhi_cntrl, mhi_cntrl->fbc_image);
613 mhi_cntrl->fbc_image = NULL;
614 }
615
616 error_fw_load:
617 write_lock_irq(&mhi_cntrl->pm_lock);
618 new_state = mhi_tryset_pm_state(mhi_cntrl, MHI_PM_FW_DL_ERR);
619 write_unlock_irq(&mhi_cntrl->pm_lock);
620 if (new_state == MHI_PM_FW_DL_ERR)
621 wake_up_all(&mhi_cntrl->state_event);
622 }
regards,
dan carpenter
Thank you for the excellent bug report. I have posted a possible fix at
https://lore.kernel.org/all/20250214162109.3555300-1-quic_jhugo@xxxxxxxxxxx/
-Jeff
