| Message ID | 20210513232841.147989-1-jose.souza@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | drm/i915: Fix a possible use of uninitialized variable in remap_io_sg() | expand |
On Thu, May 13, 2021 at 04:28:41PM -0700, José Roberto de Souza wrote: > If the do while loop breaks in 'if (!sg_dma_len(sgl))' in the first > iteration, err is uninitialized causing a wrong call to zap_vma_ptes(). But scatterlist must have at least one valid segment. So while the patch looks ok, please clearly mark that this is a false positive from the static checker in the commit log.
On Fri, 2021-05-14 at 07:49 +0200, Christoph Hellwig wrote: > On Thu, May 13, 2021 at 04:28:41PM -0700, José Roberto de Souza wrote: > > If the do while loop breaks in 'if (!sg_dma_len(sgl))' in the first > > iteration, err is uninitialized causing a wrong call to zap_vma_ptes(). > > But scatterlist must have at least one valid segment. So while the > patch looks ok, please clearly mark that this is a false positive from > the static checker in the commit log. No static checker mentioned but yes it was caught by one. Anyways better have this change and avoid possible reports from other static analyzers. Can I add your Reviewed-by? thanks
On Sat, May 15, 2021 at 12:23:04AM +0000, Souza, Jose wrote: > On Fri, 2021-05-14 at 07:49 +0200, Christoph Hellwig wrote: > > On Thu, May 13, 2021 at 04:28:41PM -0700, José Roberto de Souza wrote: > > > If the do while loop breaks in 'if (!sg_dma_len(sgl))' in the first > > > iteration, err is uninitialized causing a wrong call to zap_vma_ptes(). > > > > But scatterlist must have at least one valid segment. So while the > > patch looks ok, please clearly mark that this is a false positive from > > the static checker in the commit log. > > No static checker mentioned but yes it was caught by one. > Anyways better have this change and avoid possible reports from other static analyzers. Please also add the information I provided above to put this into context. > > Can I add your Reviewed-by? With that: Reviewed-by: Christoph Hellwig <hch@lst.de>
diff --git a/drivers/gpu/drm/i915/i915_mm.c b/drivers/gpu/drm/i915/i915_mm.c index 4c8cd08c672d..25576fa73ff0 100644 --- a/drivers/gpu/drm/i915/i915_mm.c +++ b/drivers/gpu/drm/i915/i915_mm.c @@ -47,7 +47,7 @@ int remap_io_sg(struct vm_area_struct *vma, struct scatterlist *sgl, resource_size_t iobase) { unsigned long pfn, len, remapped = 0; - int err; + int err = 0; /* We rely on prevalidation of the io-mapping to skip track_pfn(). */ GEM_BUG_ON((vma->vm_flags & EXPECTED_FLAGS) != EXPECTED_FLAGS);
If the do while loop breaks in 'if (!sg_dma_len(sgl))' in the first iteration, err is uninitialized causing a wrong call to zap_vma_ptes(). Fixes: b12d691ea5e0 ("i915: fix remap_io_sg to verify the pgprot") Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: James Ausmus <james.ausmus@intel.com> Signed-off-by: José Roberto de Souza <jose.souza@intel.com> --- drivers/gpu/drm/i915/i915_mm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)