On Fri, Dec 4, 2020 at 11:47 AM Dongchun Zhu <dongchun.zhu@xxxxxxxxxxxx> wrote:
>
> Hi Andy,
>
> On Thu, 2020-12-03 at 20:10 +0200, Andy Shevchenko wrote:
> > On Thu, Dec 3, 2020 at 8:03 PM Colin Ian King <colin.king@xxxxxxxxxxxxx> wrote:
> >
> > > Static analysis on linux-next with Coverity has detected an issue with
> > > the following commit:
> >
> > If you want to fix it properly, see my comments below...
> >
> > > 529 static int ov02a10_s_stream(struct v4l2_subdev *sd, int on)
> > > 530 {
> > > 531 struct ov02a10 *ov02a10 = to_ov02a10(sd);
> > > 532 struct i2c_client *client =
> > > v4l2_get_subdevdata(&ov02a10->subdev);
> > >
> > > 1. var_decl: Declaring variable ret without initializer.
> > >
> > > 533 int ret;
> > > 534
> > > 535 mutex_lock(&ov02a10->mutex);
> > > 536
> > >
> > > 2. Condition ov02a10->streaming == on, taking true branch.
> > >
> > > 537 if (ov02a10->streaming == on)
> > >
> > > 3. Jumping to label unlock_and_return.
> > >
> > > 538 goto unlock_and_return;
> > > 539
> > > 540 if (on) {
> > > 541 ret = pm_runtime_get_sync(&client->dev);
> > > 542 if (ret < 0) {
> >
> > > 543 pm_runtime_put_noidle(&client->dev);
> > > 544 goto unlock_and_return;
> >
> > Instead of two above:
>
> From the document, pm_runtime_put_noidle is to decrease the runtime PM
> usage counter of a device unless it is 0 already; while pm_runtime_put
> would additionally run pm_request_idle to turn off the power if usage
> counter is zero.
>
> So here maybe we can really use pm_runtime_put instead of
> pm_runtime_put_noidle, although it seems that 'pm_runtime_get_sync' and
> 'pm_runtime_put_noidle' often appear in pairs.
>
In an error state (e.g. if pm_runtime_get_sync() fails),
pm_runtime_put() would decrement the usage counter and call rpm_idle()
which would instantly return an error code. The end result would be
the same, except that pm_runtime_put() would return a non-zero error
code, but we ignore it anyway. However strange it looks, this seems to
be an API guarantee, so Andy's suggestion is correct.
Best regards,
Tomasz
> > goto err_rpm_put;
> >
> > > 545 }
> > > 546
> > > 547 ret = __ov02a10_start_stream(ov02a10);
> > > 548 if (ret) {
> > > 549 __ov02a10_stop_stream(ov02a10);
> > > 550 ov02a10->streaming = !on;
> > > 551 goto err_rpm_put;
> > > 552 }
> > > 553 } else {
> > > 554 __ov02a10_stop_stream(ov02a10);
> > > 555 pm_runtime_put(&client->dev);
> > > 556 }
> > > 557
> > > 558 ov02a10->streaming = on;
> >
> > (1)
> >
> > > 559 mutex_unlock(&ov02a10->mutex);
> > > 560
> > > 561 return 0;
> > > 562
> > > 563 err_rpm_put:
> > > 564 pm_runtime_put(&client->dev);
> >
> > > 565 unlock_and_return:
> >
> > Should be moved to (1).
> >
> > > 566 mutex_unlock(&ov02a10->mutex);
> > > 567
> > >
> > > Uninitialized scalar variable (UNINIT)
> > > 4. uninit_use: Using uninitialized value ret.
> > >
> > > 568 return ret;
> > > 569 }
> > >
> > > Variable ret has not been initialized, so the error return value is a
> > > garbage value. It should be initialized with some appropriate negative
> > > error code, or ret could be removed and the return should return a
> > > literal value of a error code.
> > >
> > > I was unsure what value is appropriate to fix this, so instead I'm
> > > reporting this issue.
> >
>
