[v2] ASoC: cros_ec_codec: fix uninitialized memory read

Commit Message

Arnd Bergmann Dec. 4, 2020, 8:36 a.m. UTC

From: Arnd Bergmann <arnd@arndb.de>

gcc points out a memory area that is copied to a device
but not initialized:

sound/soc/codecs/cros_ec_codec.c: In function 'i2s_rx_event':
arch/x86/include/asm/string_32.h:83:20: error: '*((void *)&p+4)' may be used uninitialized in this function [-Werror=maybe-uninitialized]
   83 |   *((int *)to + 1) = *((int *)from + 1);

Change the length of the command to only pass down the
part of the structure that has been initialized, as
Tzung-Bi Shih explains that only that member is meant to
be used.

Cc: Tzung-Bi Shih <tzungbi@google.com>
Fixes: 727f1c71c780 ("ASoC: cros_ec_codec: refactor I2S RX")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
 sound/soc/codecs/cros_ec_codec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Tzung-Bi Shih Dec. 4, 2020, 8:57 a.m. UTC | #1

On Fri, Dec 4, 2020 at 4:36 PM Arnd Bergmann <arnd@kernel.org> wrote:
> diff --git a/sound/soc/codecs/cros_ec_codec.c b/sound/soc/codecs/cros_ec_codec.c
> index 58894bf47514..6ec673573c70 100644
> --- a/sound/soc/codecs/cros_ec_codec.c
> +++ b/sound/soc/codecs/cros_ec_codec.c
> @@ -348,7 +348,7 @@ static int i2s_rx_event(struct snd_soc_dapm_widget *w,
>         }
>
>         return send_ec_host_command(priv->ec_device, EC_CMD_EC_CODEC_I2S_RX,
> -                                   (uint8_t *)&p, sizeof(p), NULL, 0);
> +                                   &p.cmd, sizeof(p.cmd), NULL, 0);
>  }

I would prefer your v1.

Reasons:
1. The change is not just kernel related.
There is a EC (embedded controller) firmware to collaborate with the
code.  The firmware doesn't know the kernel only copies the first byte
of the packet (at least for now).  See
https://chromium.googlesource.com/chromiumos/platform/ec/+/refs/heads/master/common/audio_codec_i2s_rx.c#120.

2. We don't copy partial packets in a EC host command.
IMHO, it is also not a big deal if copying a few unused bytes in the packet.

Arnd Bergmann Dec. 4, 2020, 9:11 a.m. UTC | #2

On Fri, Dec 4, 2020 at 9:57 AM Tzung-Bi Shih <tzungbi@google.com> wrote:
>
> On Fri, Dec 4, 2020 at 4:36 PM Arnd Bergmann <arnd@kernel.org> wrote:
> > diff --git a/sound/soc/codecs/cros_ec_codec.c b/sound/soc/codecs/cros_ec_codec.c
> > index 58894bf47514..6ec673573c70 100644
> > --- a/sound/soc/codecs/cros_ec_codec.c
> > +++ b/sound/soc/codecs/cros_ec_codec.c
> > @@ -348,7 +348,7 @@ static int i2s_rx_event(struct snd_soc_dapm_widget *w,
> >         }
> >
> >         return send_ec_host_command(priv->ec_device, EC_CMD_EC_CODEC_I2S_RX,
> > -                                   (uint8_t *)&p, sizeof(p), NULL, 0);
> > +                                   &p.cmd, sizeof(p.cmd), NULL, 0);
> >  }
>
> I would prefer your v1.
>
> Reasons:
> 1. The change is not just kernel related.
> There is a EC (embedded controller) firmware to collaborate with the
> code.  The firmware doesn't know the kernel only copies the first byte
> of the packet (at least for now).  See
> https://chromium.googlesource.com/chromiumos/platform/ec/+/refs/heads/master/common/audio_codec_i2s_rx.c#120.
>
> 2. We don't copy partial packets in a EC host command.
> IMHO, it is also not a big deal if copying a few unused bytes in the packet.

Ok, so if the EC does access the uninitialized data, then it is indeed
better to initialize it to zero as I first thought.

      Arnd

Patch

diff --git a/sound/soc/codecs/cros_ec_codec.c b/sound/soc/codecs/cros_ec_codec.c
index 58894bf47514..6ec673573c70 100644
--- a/sound/soc/codecs/cros_ec_codec.c
+++ b/sound/soc/codecs/cros_ec_codec.c
@@ -348,7 +348,7 @@  static int i2s_rx_event(struct snd_soc_dapm_widget *w,
 	}
 
 	return send_ec_host_command(priv->ec_device, EC_CMD_EC_CODEC_I2S_RX,
-				    (uint8_t *)&p, sizeof(p), NULL, 0);
+				    &p.cmd, sizeof(p.cmd), NULL, 0);
 }
 
 static struct snd_soc_dapm_widget i2s_rx_dapm_widgets[] = {