Hi Andy,
On Thu, 2020-12-03 at 20:10 +0200, Andy Shevchenko wrote:
> On Thu, Dec 3, 2020 at 8:03 PM Colin Ian King <colin.king@xxxxxxxxxxxxx> wrote:
>
> > Static analysis on linux-next with Coverity has detected an issue with
> > the following commit:
>
> If you want to fix it properly, see my comments below...
>
> > 529 static int ov02a10_s_stream(struct v4l2_subdev *sd, int on)
> > 530 {
> > 531 struct ov02a10 *ov02a10 = to_ov02a10(sd);
> > 532 struct i2c_client *client =
> > v4l2_get_subdevdata(&ov02a10->subdev);
> >
> > 1. var_decl: Declaring variable ret without initializer.
> >
> > 533 int ret;
> > 534
> > 535 mutex_lock(&ov02a10->mutex);
> > 536
> >
> > 2. Condition ov02a10->streaming == on, taking true branch.
> >
> > 537 if (ov02a10->streaming == on)
> >
> > 3. Jumping to label unlock_and_return.
> >
> > 538 goto unlock_and_return;
> > 539
> > 540 if (on) {
> > 541 ret = pm_runtime_get_sync(&client->dev);
> > 542 if (ret < 0) {
>
> > 543 pm_runtime_put_noidle(&client->dev);
> > 544 goto unlock_and_return;
>
> Instead of two above:
>From the document, pm_runtime_put_noidle is to decrease the runtime PM
usage counter of a device unless it is 0 already; while pm_runtime_put
would additionally run pm_request_idle to turn off the power if usage
counter is zero.
So here maybe we can really use pm_runtime_put instead of
pm_runtime_put_noidle, although it seems that 'pm_runtime_get_sync' and
'pm_runtime_put_noidle' often appear in pairs.
> goto err_rpm_put;
>
> > 545 }
> > 546
> > 547 ret = __ov02a10_start_stream(ov02a10);
> > 548 if (ret) {
> > 549 __ov02a10_stop_stream(ov02a10);
> > 550 ov02a10->streaming = !on;
> > 551 goto err_rpm_put;
> > 552 }
> > 553 } else {
> > 554 __ov02a10_stop_stream(ov02a10);
> > 555 pm_runtime_put(&client->dev);
> > 556 }
> > 557
> > 558 ov02a10->streaming = on;
>
> (1)
>
> > 559 mutex_unlock(&ov02a10->mutex);
> > 560
> > 561 return 0;
> > 562
> > 563 err_rpm_put:
> > 564 pm_runtime_put(&client->dev);
>
> > 565 unlock_and_return:
>
> Should be moved to (1).
>
> > 566 mutex_unlock(&ov02a10->mutex);
> > 567
> >
> > Uninitialized scalar variable (UNINIT)
> > 4. uninit_use: Using uninitialized value ret.
> >
> > 568 return ret;
> > 569 }
> >
> > Variable ret has not been initialized, so the error return value is a
> > garbage value. It should be initialized with some appropriate negative
> > error code, or ret could be removed and the return should return a
> > literal value of a error code.
> >
> > I was unsure what value is appropriate to fix this, so instead I'm
> > reporting this issue.
>
