On 14/01/2020 11:38, Borislav Petkov wrote: > On Tue, Jan 14, 2020 at 11:15:05AM +0000, Colin King wrote: >> From: Colin Ian King <colin.king@xxxxxxxxxxxxx> >> >> In the case where cp is not assigned to the return from >> the call to find_microcode_in_initrd > > Where does this happen? I don't see it. Starting at load_ucode_amd_bsp(), this initializes a local cp to zero, then passes &cp when it calls __load_ucode_amd() as parameter *ret. In __load_ucode_amd a new local cp is created on the stack and *only* is assigned here: if (!get_builtin_microcode(&cp, x86_family(cpuid_1_eax))) cp = find_microcode_in_initrd(path, use_pa); otherwise cp is not initialized and contains garbage. Finally, *ret is assigned to cp: *ret = cp; ..and so load_ucode_amd_bsp() gets a copy of the uninitalized cp via *ret. >> cp is uninitialized when >> it is assigned to *ret. Functions that call __load_ucode_amd >> such as load_ucode_amd_bsp can therefore end up checking bogus >> values cp.data and cp.size. Fix this by ensuring cp is >> initialized as all zero and remove the redundant initialization >> of cp in load_ucode_amd_bsp. >> >> Addresses-Coverity: ("Uninitialized scalar variable") > > I already asked about those: either document what those tags mean or > remove them. > I can send a V2 w/o these if it so pleases you. I've had nobody else complain about these and we have literally hundreds of Coverity tagged issues now accepted in the kernel so that we can trace how fixes are found. Colin