diff mbox

ALSA: ac97c: Fix an error handling path in 'atmel_ac97c_probe()'

Message ID 20170831044042.23306-1-christophe.jaillet@wanadoo.fr (mailing list archive)
State Accepted
Commit 0515760fa1159ffa863c7b2b73466aaff7d11a80
Headers show

Commit Message

Christophe JAILLET Aug. 31, 2017, 4:40 a.m. UTC 
If 'clk_prepare_enable()' fails, we must release some resources before
returning. Add a new label in the existing error handling path and 'goto'
there.

Fixes: 260ea95cc027 ("ASoC: atmel: ac97c: Handle return value of clk_prepare_enable.")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
---
 sound/atmel/ac97c.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Alexandre Belloni Aug. 31, 2017, 8:10 a.m. UTC | #1 
On 31/08/2017 at 06:40:42 +0200, Christophe JAILLET wrote:
> If 'clk_prepare_enable()' fails, we must release some resources before
> returning. Add a new label in the existing error handling path and 'goto'
> there.
> 
> Fixes: 260ea95cc027 ("ASoC: atmel: ac97c: Handle return value of clk_prepare_enable.")
> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>

And here is the fallout of the stupid, brainless "fixing" of issues
reported by static analysis tools.

This clk_prepare_enable will never fail. If it was going to fail, the
platform would never boot to a point were it is able to execute that
code. It is really annoying to have so much churn for absolutely 0
benefit.

Anyway,
Acked-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>

> ---
>  sound/atmel/ac97c.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/sound/atmel/ac97c.c b/sound/atmel/ac97c.c
> index 30c64ab210d9..5ffefac2fa8f 100644
> --- a/sound/atmel/ac97c.c
> +++ b/sound/atmel/ac97c.c
> @@ -785,7 +785,7 @@ static int atmel_ac97c_probe(struct platform_device *pdev)
>  	}
>  	retval = clk_prepare_enable(pclk);
>  	if (retval)
> -		return retval;
> +		goto err_prepare_enable;
>  
>  	retval = snd_card_new(&pdev->dev, SNDRV_DEFAULT_IDX1,
>  			      SNDRV_DEFAULT_STR1, THIS_MODULE,
> @@ -881,6 +881,7 @@ static int atmel_ac97c_probe(struct platform_device *pdev)
>  	snd_card_free(card);
>  err_snd_card_new:
>  	clk_disable_unprepare(pclk);
> +err_prepare_enable:
>  	clk_put(pclk);
>  	return retval;
>  }
> -- 
> 2.11.0
> 
> _______________________________________________
> Alsa-devel mailing list
> Alsa-devel@alsa-project.org
> http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
Julia Lawall Aug. 31, 2017, 8:23 a.m. UTC | #2 
On Thu, 31 Aug 2017, Alexandre Belloni wrote:

> On 31/08/2017 at 06:40:42 +0200, Christophe JAILLET wrote:
> > If 'clk_prepare_enable()' fails, we must release some resources before
> > returning. Add a new label in the existing error handling path and 'goto'
> > there.
> >
> > Fixes: 260ea95cc027 ("ASoC: atmel: ac97c: Handle return value of clk_prepare_enable.")
> > Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
>
> And here is the fallout of the stupid, brainless "fixing" of issues
> reported by static analysis tools.
>
> This clk_prepare_enable will never fail. If it was going to fail, the
> platform would never boot to a point were it is able to execute that
> code. It is really annoying to have so much churn for absolutely 0
> benefit.

Would it be more productive to put the code back like it was before, ie no
return value and no check, and add a comment to the definition of
clk_prepare_enable indicating that there are many case where the call
cannot fail?  Grepping through the code suggests that it is about 50-50 on
checking the return value or not doing so, which might suggest that
checking the value is often not required.

julia

>
> Anyway,
> Acked-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
>
> > ---
> >  sound/atmel/ac97c.c | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/sound/atmel/ac97c.c b/sound/atmel/ac97c.c
> > index 30c64ab210d9..5ffefac2fa8f 100644
> > --- a/sound/atmel/ac97c.c
> > +++ b/sound/atmel/ac97c.c
> > @@ -785,7 +785,7 @@ static int atmel_ac97c_probe(struct platform_device *pdev)
> >  	}
> >  	retval = clk_prepare_enable(pclk);
> >  	if (retval)
> > -		return retval;
> > +		goto err_prepare_enable;
> >
> >  	retval = snd_card_new(&pdev->dev, SNDRV_DEFAULT_IDX1,
> >  			      SNDRV_DEFAULT_STR1, THIS_MODULE,
> > @@ -881,6 +881,7 @@ static int atmel_ac97c_probe(struct platform_device *pdev)
> >  	snd_card_free(card);
> >  err_snd_card_new:
> >  	clk_disable_unprepare(pclk);
> > +err_prepare_enable:
> >  	clk_put(pclk);
> >  	return retval;
> >  }
> > --
> > 2.11.0
> >
> > _______________________________________________
> > Alsa-devel mailing list
> > Alsa-devel@alsa-project.org
> > http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
>
> --
> Alexandre Belloni, Free Electrons
> Embedded Linux and Kernel engineering
> http://free-electrons.com
> --
> To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
Andy Shevchenko Aug. 31, 2017, 9:04 a.m. UTC | #3 
On Thu, 2017-08-31 at 10:23 +0200, Julia Lawall wrote:
> 
> On Thu, 31 Aug 2017, Alexandre Belloni wrote:
> 
> > On 31/08/2017 at 06:40:42 +0200, Christophe JAILLET wrote:
> > > If 'clk_prepare_enable()' fails, we must release some resources
> > > before
> > > returning. Add a new label in the existing error handling path and
> > > 'goto'
> > > there.
> > > 
> > > Fixes: 260ea95cc027 ("ASoC: atmel: ac97c: Handle return value of
> > > clk_prepare_enable.")
> > > Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> > 
> > And here is the fallout of the stupid, brainless "fixing" of issues
> > reported by static analysis tools.
> > 
> > This clk_prepare_enable will never fail. If it was going to fail,
> > the
> > platform would never boot to a point were it is able to execute that
> > code. It is really annoying to have so much churn for absolutely 0
> > benefit.
> 
> Would it be more productive to put the code back like it was before,
> ie no
> return value and no check, and add a comment to the definition of
> clk_prepare_enable indicating that there are many case where the call
> cannot fail?  Grepping through the code suggests that it is about 50-
> 50 on
> checking the return value or not doing so, which might suggest that
> checking the value is often not required.

I didn't look into the code, though speculating it might be the case
when CLK framework is not enabled, though many drivers are dependent to
it, so, it would never fail in such cases. Nevertheless there might be
other cases for CLK API to fail.
Alexandre Belloni Aug. 31, 2017, 9:35 a.m. UTC | #4 
On 31/08/2017 at 12:04:03 +0300, Andy Shevchenko wrote:
> On Thu, 2017-08-31 at 10:23 +0200, Julia Lawall wrote:
> > 
> > On Thu, 31 Aug 2017, Alexandre Belloni wrote:
> > 
> > > On 31/08/2017 at 06:40:42 +0200, Christophe JAILLET wrote:
> > > > If 'clk_prepare_enable()' fails, we must release some resources
> > > > before
> > > > returning. Add a new label in the existing error handling path and
> > > > 'goto'
> > > > there.
> > > > 
> > > > Fixes: 260ea95cc027 ("ASoC: atmel: ac97c: Handle return value of
> > > > clk_prepare_enable.")
> > > > Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> > > 
> > > And here is the fallout of the stupid, brainless "fixing" of issues
> > > reported by static analysis tools.
> > > 
> > > This clk_prepare_enable will never fail. If it was going to fail,
> > > the
> > > platform would never boot to a point were it is able to execute that
> > > code. It is really annoying to have so much churn for absolutely 0
> > > benefit.
> > 
> > Would it be more productive to put the code back like it was before,
> > ie no
> > return value and no check, and add a comment to the definition of
> > clk_prepare_enable indicating that there are many case where the call
> > cannot fail?  Grepping through the code suggests that it is about 50-
> > 50 on
> > checking the return value or not doing so, which might suggest that
> > checking the value is often not required.
> 
> I didn't look into the code, though speculating it might be the case
> when CLK framework is not enabled, though many drivers are dependent to
> it, so, it would never fail in such cases.

It is not the case, it would return 0. Anyway, this will not happen
because that driver depends on ARCH_AT91 which selects COMMON_CLK_AT91
which selects COMMON_CLK.

> Nevertheless there might be
> other cases for CLK API to fail.
> 

The only case would be for a clock to be enabled without being prepared
and this will never happen because clk_prepare_enable is used.

This call will just never fail.
Andy Shevchenko Aug. 31, 2017, 9:38 a.m. UTC | #5 
On Thu, 2017-08-31 at 11:35 +0200, Alexandre Belloni wrote:
> On 31/08/2017 at 12:04:03 +0300, Andy Shevchenko wrote:
> > On Thu, 2017-08-31 at 10:23 +0200, Julia Lawall wrote:
> > > 
> > > On Thu, 31 Aug 2017, Alexandre Belloni wrote:
> > > 
> > > > On 31/08/2017 at 06:40:42 +0200, Christophe JAILLET wrote:
> > > > > 

> > I didn't look into the code, though speculating it might be the case
> > when CLK framework is not enabled, though many drivers are dependent
> > to
> > it, so, it would never fail in such cases.
> 
> It is not the case, it would return 0. Anyway, this will not happen
> because that driver depends on ARCH_AT91 which selects COMMON_CLK_AT91
> which selects COMMON_CLK.
> 
> > Nevertheless there might be
> > other cases for CLK API to fail.
> > 
> 
> The only case would be for a clock to be enabled without being
> prepared
> and this will never happen because clk_prepare_enable is used.
> 
> This call will just never fail.

So, then this is a bug of CLK API per se to have a prototype to return
int, right?
Alexandre Belloni Aug. 31, 2017, 9:56 a.m. UTC | #6 
On 31/08/2017 at 10:23:19 +0200, Julia Lawall wrote:
> 
> 
> On Thu, 31 Aug 2017, Alexandre Belloni wrote:
> 
> > On 31/08/2017 at 06:40:42 +0200, Christophe JAILLET wrote:
> > > If 'clk_prepare_enable()' fails, we must release some resources before
> > > returning. Add a new label in the existing error handling path and 'goto'
> > > there.
> > >
> > > Fixes: 260ea95cc027 ("ASoC: atmel: ac97c: Handle return value of clk_prepare_enable.")
> > > Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> >
> > And here is the fallout of the stupid, brainless "fixing" of issues
> > reported by static analysis tools.
> >
> > This clk_prepare_enable will never fail. If it was going to fail, the
> > platform would never boot to a point were it is able to execute that
> > code. It is really annoying to have so much churn for absolutely 0
> > benefit.
> 
> Would it be more productive to put the code back like it was before, ie no
> return value and no check, and add a comment to the definition of
> clk_prepare_enable indicating that there are many case where the call
> cannot fail?  Grepping through the code suggests that it is about 50-50 on
> checking the return value or not doing so, which might suggest that
> checking the value is often not required.
> 

I'd say that it is often useless to test the value. I don't have any
problem with the test as it doesn't add much (at least it doesn't print
an error message). So it may stays here. What I'm really unhappy about
is people sending hundreds of similar, autogenerated patches to
maintainers without actually putting any thought into them. That put all
the burden on the maintainers to weed out the incorrect patches.
Alexandre Belloni Aug. 31, 2017, 9:57 a.m. UTC | #7 
On 31/08/2017 at 12:38:17 +0300, Andy Shevchenko wrote:
> On Thu, 2017-08-31 at 11:35 +0200, Alexandre Belloni wrote:
> > On 31/08/2017 at 12:04:03 +0300, Andy Shevchenko wrote:
> > > On Thu, 2017-08-31 at 10:23 +0200, Julia Lawall wrote:
> > > > 
> > > > On Thu, 31 Aug 2017, Alexandre Belloni wrote:
> > > > 
> > > > > On 31/08/2017 at 06:40:42 +0200, Christophe JAILLET wrote:
> > > > > > 
> 
> > > I didn't look into the code, though speculating it might be the case
> > > when CLK framework is not enabled, though many drivers are dependent
> > > to
> > > it, so, it would never fail in such cases.
> > 
> > It is not the case, it would return 0. Anyway, this will not happen
> > because that driver depends on ARCH_AT91 which selects COMMON_CLK_AT91
> > which selects COMMON_CLK.
> > 
> > > Nevertheless there might be
> > > other cases for CLK API to fail.
> > > 
> > 
> > The only case would be for a clock to be enabled without being
> > prepared
> > and this will never happen because clk_prepare_enable is used.
> > 
> > This call will just never fail.
> 
> So, then this is a bug of CLK API per se to have a prototype to return
> int, right?
> 

No because it may fail on other platforms.
Takashi Iwai Aug. 31, 2017, 10:13 a.m. UTC | #8 
On Thu, 31 Aug 2017 11:56:16 +0200,
Alexandre Belloni wrote:
> 
> On 31/08/2017 at 10:23:19 +0200, Julia Lawall wrote:
> > 
> > 
> > On Thu, 31 Aug 2017, Alexandre Belloni wrote:
> > 
> > > On 31/08/2017 at 06:40:42 +0200, Christophe JAILLET wrote:
> > > > If 'clk_prepare_enable()' fails, we must release some resources before
> > > > returning. Add a new label in the existing error handling path and 'goto'
> > > > there.
> > > >
> > > > Fixes: 260ea95cc027 ("ASoC: atmel: ac97c: Handle return value of clk_prepare_enable.")
> > > > Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> > >
> > > And here is the fallout of the stupid, brainless "fixing" of issues
> > > reported by static analysis tools.
> > >
> > > This clk_prepare_enable will never fail. If it was going to fail, the
> > > platform would never boot to a point were it is able to execute that
> > > code. It is really annoying to have so much churn for absolutely 0
> > > benefit.
> > 
> > Would it be more productive to put the code back like it was before, ie no
> > return value and no check, and add a comment to the definition of
> > clk_prepare_enable indicating that there are many case where the call
> > cannot fail?  Grepping through the code suggests that it is about 50-50 on
> > checking the return value or not doing so, which might suggest that
> > checking the value is often not required.
> > 
> 
> I'd say that it is often useless to test the value. I don't have any
> problem with the test as it doesn't add much (at least it doesn't print
> an error message). So it may stays here. What I'm really unhappy about
> is people sending hundreds of similar, autogenerated patches to
> maintainers without actually putting any thought into them. That put all
> the burden on the maintainers to weed out the incorrect patches.

I share your concerns, e.g. the burden of maintenance is a problem.

But in this case, the original code looks really buggy.  If the test
doesn't make sense, don't test it but give a proper comment from the
beginning.  Instead, the current code does check the return value yet
with the incorrect error path.

The proposed "fix" won't change any actual behavior in practice, which
is useless, yes.  (And this is good -- at least it's safe to apply :)
OTOH, the semantics is a different question, and the patch corrects
it, which isn't so stupid, IMO.


thanks,

Takashi
Mark Brown Aug. 31, 2017, 10:19 a.m. UTC | #9 
On Thu, Aug 31, 2017 at 10:10:21AM +0200, Alexandre Belloni wrote:

> And here is the fallout of the stupid, brainless "fixing" of issues
> reported by static analysis tools.

> This clk_prepare_enable will never fail. If it was going to fail, the
> platform would never boot to a point were it is able to execute that
> code. It is really annoying to have so much churn for absolutely 0
> benefit.

It may currently be the case that the SoCs you're looking at happen to
make this clock essential but that doesn't mean that it's not going to
be different in some future SoC, nor that we can't have a software bug
that this will detect.  Being consistent with our error checking also
means that we can spot places where it might practically be a problem
more easily, it's even easier if the error checking is there first time
but it's still worth it to go back later.
Alexandre Belloni Aug. 31, 2017, 10:19 a.m. UTC | #10 
On 31/08/2017 at 12:13:00 +0200, Takashi Iwai wrote:
> On Thu, 31 Aug 2017 11:56:16 +0200,
> Alexandre Belloni wrote:
> > 
> > On 31/08/2017 at 10:23:19 +0200, Julia Lawall wrote:
> > > 
> > > 
> > > On Thu, 31 Aug 2017, Alexandre Belloni wrote:
> > > 
> > > > On 31/08/2017 at 06:40:42 +0200, Christophe JAILLET wrote:
> > > > > If 'clk_prepare_enable()' fails, we must release some resources before
> > > > > returning. Add a new label in the existing error handling path and 'goto'
> > > > > there.
> > > > >
> > > > > Fixes: 260ea95cc027 ("ASoC: atmel: ac97c: Handle return value of clk_prepare_enable.")
> > > > > Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> > > >
> > > > And here is the fallout of the stupid, brainless "fixing" of issues
> > > > reported by static analysis tools.
> > > >
> > > > This clk_prepare_enable will never fail. If it was going to fail, the
> > > > platform would never boot to a point were it is able to execute that
> > > > code. It is really annoying to have so much churn for absolutely 0
> > > > benefit.
> > > 
> > > Would it be more productive to put the code back like it was before, ie no
> > > return value and no check, and add a comment to the definition of
> > > clk_prepare_enable indicating that there are many case where the call
> > > cannot fail?  Grepping through the code suggests that it is about 50-50 on
> > > checking the return value or not doing so, which might suggest that
> > > checking the value is often not required.
> > > 
> > 
> > I'd say that it is often useless to test the value. I don't have any
> > problem with the test as it doesn't add much (at least it doesn't print
> > an error message). So it may stays here. What I'm really unhappy about
> > is people sending hundreds of similar, autogenerated patches to
> > maintainers without actually putting any thought into them. That put all
> > the burden on the maintainers to weed out the incorrect patches.
> 
> I share your concerns, e.g. the burden of maintenance is a problem.
> 
> But in this case, the original code looks really buggy.  If the test
> doesn't make sense, don't test it but give a proper comment from the
> beginning.  Instead, the current code does check the return value yet
> with the incorrect error path.
> 
> The proposed "fix" won't change any actual behavior in practice, which
> is useless, yes.  (And this is good -- at least it's safe to apply :)
> OTOH, the semantics is a different question, and the patch corrects
> it, which isn't so stupid, IMO.
> 

Agreed, I'm complaining about the original patch adding the test, not
the current patch that fixes it.
Takashi Iwai Aug. 31, 2017, 10:23 a.m. UTC | #11 
On Thu, 31 Aug 2017 12:13:00 +0200,
Takashi Iwai wrote:
> 
> On Thu, 31 Aug 2017 11:56:16 +0200,
> Alexandre Belloni wrote:
> > 
> > On 31/08/2017 at 10:23:19 +0200, Julia Lawall wrote:
> > > 
> > > 
> > > On Thu, 31 Aug 2017, Alexandre Belloni wrote:
> > > 
> > > > On 31/08/2017 at 06:40:42 +0200, Christophe JAILLET wrote:
> > > > > If 'clk_prepare_enable()' fails, we must release some resources before
> > > > > returning. Add a new label in the existing error handling path and 'goto'
> > > > > there.
> > > > >
> > > > > Fixes: 260ea95cc027 ("ASoC: atmel: ac97c: Handle return value of clk_prepare_enable.")
> > > > > Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> > > >
> > > > And here is the fallout of the stupid, brainless "fixing" of issues
> > > > reported by static analysis tools.
> > > >
> > > > This clk_prepare_enable will never fail. If it was going to fail, the
> > > > platform would never boot to a point were it is able to execute that
> > > > code. It is really annoying to have so much churn for absolutely 0
> > > > benefit.
> > > 
> > > Would it be more productive to put the code back like it was before, ie no
> > > return value and no check, and add a comment to the definition of
> > > clk_prepare_enable indicating that there are many case where the call
> > > cannot fail?  Grepping through the code suggests that it is about 50-50 on
> > > checking the return value or not doing so, which might suggest that
> > > checking the value is often not required.
> > > 
> > 
> > I'd say that it is often useless to test the value. I don't have any
> > problem with the test as it doesn't add much (at least it doesn't print
> > an error message). So it may stays here. What I'm really unhappy about
> > is people sending hundreds of similar, autogenerated patches to
> > maintainers without actually putting any thought into them. That put all
> > the burden on the maintainers to weed out the incorrect patches.
> 
> I share your concerns, e.g. the burden of maintenance is a problem.
> 
> But in this case, the original code looks really buggy.  If the test
> doesn't make sense, don't test it but give a proper comment from the
> beginning.  Instead, the current code does check the return value yet
> with the incorrect error path.
> 
> The proposed "fix" won't change any actual behavior in practice, which
> is useless, yes.  (And this is good -- at least it's safe to apply :)
> OTOH, the semantics is a different question, and the patch corrects
> it, which isn't so stupid, IMO.

Ah, wait, now I see your point.  It was introduced by the very recent
patch through Mark's asoc tree (since it was wrongly labeled as "ASoC"
while it isn't).  That patch looks indeed fishy.  The change in
atmel_ac97c_resume() is also bad.

So, I'd prefer reverting the wrong commit instead, and leave some
comment about the uselessness of clk_prepare_enable() return value
check.


thanks,

Takashi
Takashi Iwai Aug. 31, 2017, 10:31 a.m. UTC | #12 
On Thu, 31 Aug 2017 12:19:03 +0200,
Mark Brown wrote:
> 
> On Thu, Aug 31, 2017 at 10:10:21AM +0200, Alexandre Belloni wrote:
> 
> > And here is the fallout of the stupid, brainless "fixing" of issues
> > reported by static analysis tools.
> 
> > This clk_prepare_enable will never fail. If it was going to fail, the
> > platform would never boot to a point were it is able to execute that
> > code. It is really annoying to have so much churn for absolutely 0
> > benefit.
> 
> It may currently be the case that the SoCs you're looking at happen to
> make this clock essential but that doesn't mean that it's not going to
> be different in some future SoC, nor that we can't have a software bug
> that this will detect.  Being consistent with our error checking also
> means that we can spot places where it might practically be a problem
> more easily, it's even easier if the error checking is there first time
> but it's still worth it to go back later.

... yes, but only when it's done correctly.

This is again a typical problem by such a trivial fix patch: the code
looks as if it were trivial and correct, buried in a patch series that
easily leads to the oversight by the maintainer's review.


thanks,

Takashi
Mark Brown Aug. 31, 2017, 10:37 a.m. UTC | #13 
On Thu, Aug 31, 2017 at 12:23:14PM +0200, Takashi Iwai wrote:

> Ah, wait, now I see your point.  It was introduced by the very recent
> patch through Mark's asoc tree (since it was wrongly labeled as "ASoC"
> while it isn't).  That patch looks indeed fishy.  The change in
> atmel_ac97c_resume() is also bad.

The resume check looks fine?  The function appears to do nothing other
than the clk_prepare_enable().

> So, I'd prefer reverting the wrong commit instead, and leave some
> comment about the uselessness of clk_prepare_enable() return value
> check.

I'd rather keep the error checking there, it means that people don't
need to open the code and verify it when they go scanning for potential
problems.
Mark Brown Aug. 31, 2017, 10:38 a.m. UTC | #14 
On Thu, Aug 31, 2017 at 12:31:33PM +0200, Takashi Iwai wrote:

> This is again a typical problem by such a trivial fix patch: the code
> looks as if it were trivial and correct, buried in a patch series that
> easily leads to the oversight by the maintainer's review.

Right, plus the amount of context that diff shows you.
Takashi Iwai Aug. 31, 2017, 10:49 a.m. UTC | #15 
On Thu, 31 Aug 2017 12:37:16 +0200,
Mark Brown wrote:
> 
> On Thu, Aug 31, 2017 at 12:23:14PM +0200, Takashi Iwai wrote:
> 
> > Ah, wait, now I see your point.  It was introduced by the very recent
> > patch through Mark's asoc tree (since it was wrongly labeled as "ASoC"
> > while it isn't).  That patch looks indeed fishy.  The change in
> > atmel_ac97c_resume() is also bad.
> 
> The resume check looks fine?  The function appears to do nothing other
> than the clk_prepare_enable().

Well, the patch behaves correctly but the code is ugly:
	
        int ret = clk_prepare_enable(chip->pclk);

        return ret;


> > So, I'd prefer reverting the wrong commit instead, and leave some
> > comment about the uselessness of clk_prepare_enable() return value
> > check.
> 
> I'd rather keep the error checking there, it means that people don't
> need to open the code and verify it when they go scanning for potential
> problems.

OK.


Takashi
Christophe JAILLET Aug. 31, 2017, 7:08 p.m. UTC | #16 
Le 31/08/2017 à 12:38, Mark Brown a écrit :
> On Thu, Aug 31, 2017 at 12:31:33PM +0200, Takashi Iwai wrote:
>
>> This is again a typical problem by such a trivial fix patch: the code
>> looks as if it were trivial and correct, buried in a patch series that
>> easily leads to the oversight by the maintainer's review.
> Right, plus the amount of context that diff shows you.
>
Hi,

My proposed patch was initially triggered using coccinelle, as you must 
have guessed.

In fact, I was surprised by the initial commit.
I don't have any strong opinion if testing the return value of 
'clk_prepare_enable()' is relevant or not, but I was surprised that the 
error handling path had not been updated at the same time.

So, before posting my patch, I have searched a bit in git history and it 
gave:

git shortlog --author="Arvind Yadav" | grep clk_prepare
       ata: sata_rcar: Handle return value of clk_prepare_enable
       hwrng: omap3-rom - Handle return value of clk_prepare_enable
       crypto: img-hash - Handle return value of clk_prepare_enable
       dmaengine: DW DMAC: Handle return value of clk_prepare_enable
       gpio: davinci: Handle return value of clk_prepare_enable
       cpufreq: kirkwood-cpufreq:- Handle return value of 
clk_prepare_enable()
       dmaengine: imx-sdma: Handle return value of clk_prepare_enable
       Input: s3c2410_ts - handle return value of clk_prepare_enable
       iio: adc: xilinx: Handle return value of clk_prepare_enable
       iio:adc:lpc32xx Handle return value of clk_prepare_enable
       memory: ti-aemif: Handle return value of clk_prepare_enable
       spi: davinci: Handle return value of clk_prepare_enable
       [media] tc358743: Handle return value of clk_prepare_enable
       mtd: nand: orion: Handle return value of clk_prepare_enable
       iio: Aspeed ADC - Handle return value of clk_prepare_enable
       PM / devfreq: exynos-nocp: Handle return value of clk_prepare_enable
       PM / devfreq: exynos-ppmu: Handle return value of clk_prepare_enable
       usb: host: ehci-exynos: Handle return value of clk_prepare_enable
       usb: mtu3: Handle return value of clk_prepare_enable
       usb: mtu3: Handle return value of clk_prepare_enable
       video: fbdev: pxafb: Handle return value of clk_prepare_enable
       usb: gadget: mv_udc: Handle return value of clk_prepare_enable.
       usb: dwc3: exynos: Handle return value of clk_prepare_enable
       i2c: at91: Handle return value of clk_prepare_enable
       i2c: emev2: Handle return value of clk_prepare_enable
       usb: host: ohci-pxa27x: Handle return value of clk_prepare_enable
       thermal: imx: Handle return value of clk_prepare_enable
       thermal: hisilicon: Handle return value of clk_prepare_enable
       PCI: rockchip: Check for clk_prepare_enable() errors during resume
       watchdog: meson: Handle return value of clk_prepare_enable
       watchdog: davinci: Handle return value of clk_prepare_enable
       mfd: tc6393xb: Handle return value of clk_prepare_enable
       ASoC: samsung: s3c2412: Handle return value of clk_prepare_enable.
       ASoC: samsung: s3c24xx: Handle return value of clk_prepare_enable.
       ASoC: samsung: pcm: Handle return value of clk_prepare_enable.
       ASoC: samsung: i2s: Handle return value of clk_prepare_enable.
       ASoC: samsung: spdif: Handle return value of clk_prepare_enable.
       ASoC: mxs-saif: Handle return value of 
clk_prepare_enable/clk_prepare.
       ASoC: jz4740: Handle return value of clk_prepare_enable.
       ASoC: sun4i-spdif: Handle return value of clk_prepare_enable.
       ASoC: atmel: ac97c: Handle return value of clk_prepare_enable.
       gpio: mb86s7x: Handle return value of clk_prepare_enable.
       memory: mtk-smi: Handle return value of clk_prepare_enable
       mmc: sdhci-st: Handle return value of clk_prepare_enable
       mmc: wmt-sdmmc: Handle return value of clk_prepare_enable
       mmc: mxcmmc: Handle return value of clk_prepare_enable
       dmaengine: at_xdmac: Handle return value of clk_prepare_enable.
       mtd: nand: denali: Handle return value of clk_prepare_enable.
       mtd: oxnas_nand: Handle clk_prepare_enable/clk_disable_unprepare.
       mtd: nand: lpc32xx_slc: Handle return value of clk_prepare_enable.
       mtd: nand: lpc32xx_mlc: Handle return value of clk_prepare_enable.
       mtd: st_spi_fsm: Handle clk_prepare_enable/clk_disable_unprepare.

Some of these are after a devm_clk_get(), which does not require a 
modification in the error handling path (at least according to the one 
I've looked at)

Some don't have any [devm_]clk_get() in the same function, and were not 
investigated further.

But several also had the same construction as the one reported in this 
thread, and needed, IMHO, an update of the error handling path to call 
through clk_put().


It was "too" surprising to me to have "all" these "obviously" incomplete 
patches merged.
I thought that I had missed something obvious and decided to propose one 
fix to see the reaction (and didn't expected all your replies!)

So now, I think we should go through the commits above to either revert 
the commit and remove the test (and document why it is not needed) or 
fix the error handling path accordingly, even if one could know that it 
cant' happen.

CJ
Alexandre Belloni Aug. 31, 2017, 8:50 p.m. UTC | #17 
Hi,

On 31/08/2017 at 21:08:10 +0200, Christophe JAILLET wrote:
> Le 31/08/2017 à 12:38, Mark Brown a écrit :
> > On Thu, Aug 31, 2017 at 12:31:33PM +0200, Takashi Iwai wrote:
> > 
> > > This is again a typical problem by such a trivial fix patch: the code
> > > looks as if it were trivial and correct, buried in a patch series that
> > > easily leads to the oversight by the maintainer's review.
> > Right, plus the amount of context that diff shows you.
> > 
> Hi,
> 
> My proposed patch was initially triggered using coccinelle, as you must have
> guessed.
> 
> In fact, I was surprised by the initial commit.
> I don't have any strong opinion if testing the return value of
> 'clk_prepare_enable()' is relevant or not, but I was surprised that the
> error handling path had not been updated at the same time.
> 
> So, before posting my patch, I have searched a bit in git history and it
> gave:
> 
> git shortlog --author="Arvind Yadav" | grep clk_prepare
>       ata: sata_rcar: Handle return value of clk_prepare_enable
>       hwrng: omap3-rom - Handle return value of clk_prepare_enable
>       crypto: img-hash - Handle return value of clk_prepare_enable
>       dmaengine: DW DMAC: Handle return value of clk_prepare_enable
>       gpio: davinci: Handle return value of clk_prepare_enable
>       cpufreq: kirkwood-cpufreq:- Handle return value of
> clk_prepare_enable()
>       dmaengine: imx-sdma: Handle return value of clk_prepare_enable
>       Input: s3c2410_ts - handle return value of clk_prepare_enable
>       iio: adc: xilinx: Handle return value of clk_prepare_enable
>       iio:adc:lpc32xx Handle return value of clk_prepare_enable
>       memory: ti-aemif: Handle return value of clk_prepare_enable
>       spi: davinci: Handle return value of clk_prepare_enable
>       [media] tc358743: Handle return value of clk_prepare_enable
>       mtd: nand: orion: Handle return value of clk_prepare_enable
>       iio: Aspeed ADC - Handle return value of clk_prepare_enable
>       PM / devfreq: exynos-nocp: Handle return value of clk_prepare_enable
>       PM / devfreq: exynos-ppmu: Handle return value of clk_prepare_enable
>       usb: host: ehci-exynos: Handle return value of clk_prepare_enable
>       usb: mtu3: Handle return value of clk_prepare_enable
>       usb: mtu3: Handle return value of clk_prepare_enable
>       video: fbdev: pxafb: Handle return value of clk_prepare_enable
>       usb: gadget: mv_udc: Handle return value of clk_prepare_enable.
>       usb: dwc3: exynos: Handle return value of clk_prepare_enable
>       i2c: at91: Handle return value of clk_prepare_enable
>       i2c: emev2: Handle return value of clk_prepare_enable
>       usb: host: ohci-pxa27x: Handle return value of clk_prepare_enable
>       thermal: imx: Handle return value of clk_prepare_enable
>       thermal: hisilicon: Handle return value of clk_prepare_enable
>       PCI: rockchip: Check for clk_prepare_enable() errors during resume
>       watchdog: meson: Handle return value of clk_prepare_enable
>       watchdog: davinci: Handle return value of clk_prepare_enable
>       mfd: tc6393xb: Handle return value of clk_prepare_enable
>       ASoC: samsung: s3c2412: Handle return value of clk_prepare_enable.
>       ASoC: samsung: s3c24xx: Handle return value of clk_prepare_enable.
>       ASoC: samsung: pcm: Handle return value of clk_prepare_enable.
>       ASoC: samsung: i2s: Handle return value of clk_prepare_enable.
>       ASoC: samsung: spdif: Handle return value of clk_prepare_enable.
>       ASoC: mxs-saif: Handle return value of clk_prepare_enable/clk_prepare.
>       ASoC: jz4740: Handle return value of clk_prepare_enable.
>       ASoC: sun4i-spdif: Handle return value of clk_prepare_enable.
>       ASoC: atmel: ac97c: Handle return value of clk_prepare_enable.
>       gpio: mb86s7x: Handle return value of clk_prepare_enable.
>       memory: mtk-smi: Handle return value of clk_prepare_enable
>       mmc: sdhci-st: Handle return value of clk_prepare_enable
>       mmc: wmt-sdmmc: Handle return value of clk_prepare_enable
>       mmc: mxcmmc: Handle return value of clk_prepare_enable
>       dmaengine: at_xdmac: Handle return value of clk_prepare_enable.
>       mtd: nand: denali: Handle return value of clk_prepare_enable.
>       mtd: oxnas_nand: Handle clk_prepare_enable/clk_disable_unprepare.
>       mtd: nand: lpc32xx_slc: Handle return value of clk_prepare_enable.
>       mtd: nand: lpc32xx_mlc: Handle return value of clk_prepare_enable.
>       mtd: st_spi_fsm: Handle clk_prepare_enable/clk_disable_unprepare.
> 
> Some of these are after a devm_clk_get(), which does not require a
> modification in the error handling path (at least according to the one I've
> looked at)
> 
> Some don't have any [devm_]clk_get() in the same function, and were not
> investigated further.
> 
> But several also had the same construction as the one reported in this
> thread, and needed, IMHO, an update of the error handling path to call
> through clk_put().
> 
> 
> It was "too" surprising to me to have "all" these "obviously" incomplete
> patches merged.
> I thought that I had missed something obvious and decided to propose one fix
> to see the reaction (and didn't expected all your replies!)
> 

You didn't miss anything, that's exactly what I am complaining about
some of the patches were OK, some aren't and all the real work is left
to the maintainer.

> So now, I think we should go through the commits above to either revert the
> commit and remove the test (and document why it is not needed) or fix the
> error handling path accordingly, even if one could know that it cant'
> happen.

I think you should go ahead and fix those now...
Julia Lawall Aug. 31, 2017, 9:07 p.m. UTC | #18 
On Thu, 31 Aug 2017, Alexandre Belloni wrote:

> Hi,
>
> On 31/08/2017 at 21:08:10 +0200, Christophe JAILLET wrote:
> > Le 31/08/2017 à 12:38, Mark Brown a écrit :
> > > On Thu, Aug 31, 2017 at 12:31:33PM +0200, Takashi Iwai wrote:
> > >
> > > > This is again a typical problem by such a trivial fix patch: the code
> > > > looks as if it were trivial and correct, buried in a patch series that
> > > > easily leads to the oversight by the maintainer's review.
> > > Right, plus the amount of context that diff shows you.
> > >
> > Hi,
> >
> > My proposed patch was initially triggered using coccinelle, as you must have
> > guessed.
> >
> > In fact, I was surprised by the initial commit.
> > I don't have any strong opinion if testing the return value of
> > 'clk_prepare_enable()' is relevant or not, but I was surprised that the
> > error handling path had not been updated at the same time.
> >
> > So, before posting my patch, I have searched a bit in git history and it
> > gave:
> >
> > git shortlog --author="Arvind Yadav" | grep clk_prepare
> >       ata: sata_rcar: Handle return value of clk_prepare_enable
> >       hwrng: omap3-rom - Handle return value of clk_prepare_enable
> >       crypto: img-hash - Handle return value of clk_prepare_enable
> >       dmaengine: DW DMAC: Handle return value of clk_prepare_enable
> >       gpio: davinci: Handle return value of clk_prepare_enable
> >       cpufreq: kirkwood-cpufreq:- Handle return value of
> > clk_prepare_enable()
> >       dmaengine: imx-sdma: Handle return value of clk_prepare_enable
> >       Input: s3c2410_ts - handle return value of clk_prepare_enable
> >       iio: adc: xilinx: Handle return value of clk_prepare_enable
> >       iio:adc:lpc32xx Handle return value of clk_prepare_enable
> >       memory: ti-aemif: Handle return value of clk_prepare_enable
> >       spi: davinci: Handle return value of clk_prepare_enable
> >       [media] tc358743: Handle return value of clk_prepare_enable
> >       mtd: nand: orion: Handle return value of clk_prepare_enable
> >       iio: Aspeed ADC - Handle return value of clk_prepare_enable
> >       PM / devfreq: exynos-nocp: Handle return value of clk_prepare_enable
> >       PM / devfreq: exynos-ppmu: Handle return value of clk_prepare_enable
> >       usb: host: ehci-exynos: Handle return value of clk_prepare_enable
> >       usb: mtu3: Handle return value of clk_prepare_enable
> >       usb: mtu3: Handle return value of clk_prepare_enable
> >       video: fbdev: pxafb: Handle return value of clk_prepare_enable
> >       usb: gadget: mv_udc: Handle return value of clk_prepare_enable.
> >       usb: dwc3: exynos: Handle return value of clk_prepare_enable
> >       i2c: at91: Handle return value of clk_prepare_enable
> >       i2c: emev2: Handle return value of clk_prepare_enable
> >       usb: host: ohci-pxa27x: Handle return value of clk_prepare_enable
> >       thermal: imx: Handle return value of clk_prepare_enable
> >       thermal: hisilicon: Handle return value of clk_prepare_enable
> >       PCI: rockchip: Check for clk_prepare_enable() errors during resume
> >       watchdog: meson: Handle return value of clk_prepare_enable
> >       watchdog: davinci: Handle return value of clk_prepare_enable
> >       mfd: tc6393xb: Handle return value of clk_prepare_enable
> >       ASoC: samsung: s3c2412: Handle return value of clk_prepare_enable.
> >       ASoC: samsung: s3c24xx: Handle return value of clk_prepare_enable.
> >       ASoC: samsung: pcm: Handle return value of clk_prepare_enable.
> >       ASoC: samsung: i2s: Handle return value of clk_prepare_enable.
> >       ASoC: samsung: spdif: Handle return value of clk_prepare_enable.
> >       ASoC: mxs-saif: Handle return value of clk_prepare_enable/clk_prepare.
> >       ASoC: jz4740: Handle return value of clk_prepare_enable.
> >       ASoC: sun4i-spdif: Handle return value of clk_prepare_enable.
> >       ASoC: atmel: ac97c: Handle return value of clk_prepare_enable.
> >       gpio: mb86s7x: Handle return value of clk_prepare_enable.
> >       memory: mtk-smi: Handle return value of clk_prepare_enable
> >       mmc: sdhci-st: Handle return value of clk_prepare_enable
> >       mmc: wmt-sdmmc: Handle return value of clk_prepare_enable
> >       mmc: mxcmmc: Handle return value of clk_prepare_enable
> >       dmaengine: at_xdmac: Handle return value of clk_prepare_enable.
> >       mtd: nand: denali: Handle return value of clk_prepare_enable.
> >       mtd: oxnas_nand: Handle clk_prepare_enable/clk_disable_unprepare.
> >       mtd: nand: lpc32xx_slc: Handle return value of clk_prepare_enable.
> >       mtd: nand: lpc32xx_mlc: Handle return value of clk_prepare_enable.
> >       mtd: st_spi_fsm: Handle clk_prepare_enable/clk_disable_unprepare.
> >
> > Some of these are after a devm_clk_get(), which does not require a
> > modification in the error handling path (at least according to the one I've
> > looked at)
> >
> > Some don't have any [devm_]clk_get() in the same function, and were not
> > investigated further.
> >
> > But several also had the same construction as the one reported in this
> > thread, and needed, IMHO, an update of the error handling path to call
> > through clk_put().
> >
> >
> > It was "too" surprising to me to have "all" these "obviously" incomplete
> > patches merged.
> > I thought that I had missed something obvious and decided to propose one fix
> > to see the reaction (and didn't expected all your replies!)
> >
>
> You didn't miss anything, that's exactly what I am complaining about
> some of the patches were OK, some aren't and all the real work is left
> to the maintainer.

The commit message is also a bit strange:

clk_prepare_enable() and clk_prepare() can fail here and
we must check its return value.

When someone in the future is tring to understand whether or nor calls to
clk_prepare_enable can fail, it would be misleading to have "can fail" and
"we must check" in the history of a context where failure is not possible.

julia


>
> > So now, I think we should go through the commits above to either revert the
> > commit and remove the test (and document why it is not needed) or fix the
> > error handling path accordingly, even if one could know that it cant'
> > happen.
>
> I think you should go ahead and fix those now...
>
> --
> Alexandre Belloni, Free Electrons
> Embedded Linux and Kernel engineering
> http://free-electrons.com
> --
> To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
diff mbox

Patch

diff --git a/sound/atmel/ac97c.c b/sound/atmel/ac97c.c
index 30c64ab210d9..5ffefac2fa8f 100644
--- a/sound/atmel/ac97c.c
+++ b/sound/atmel/ac97c.c
@@ -785,7 +785,7 @@  static int atmel_ac97c_probe(struct platform_device *pdev)
 	}
 	retval = clk_prepare_enable(pclk);
 	if (retval)
-		return retval;
+		goto err_prepare_enable;
 
 	retval = snd_card_new(&pdev->dev, SNDRV_DEFAULT_IDX1,
 			      SNDRV_DEFAULT_STR1, THIS_MODULE,
@@ -881,6 +881,7 @@  static int atmel_ac97c_probe(struct platform_device *pdev)
 	snd_card_free(card);
 err_snd_card_new:
 	clk_disable_unprepare(pclk);
+err_prepare_enable:
 	clk_put(pclk);
 	return retval;
 }