| Message ID | 20220227153342.79546-1-trix@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v2] drm/amdgpu: Fix realloc of ptr | expand |
Am 27.02.22 um 16:33 schrieb trix@redhat.com: > From: Tom Rix <trix@redhat.com> > > Clang static analysis reports this error > amdgpu_debugfs.c:1690:9: warning: 1st function call > argument is an uninitialized value > tmp = krealloc_array(tmp, i + 1, > ^~~~~~~~~~~~~~~~~~~~~~~~~~~ > > realloc uses tmp, so tmp can not be garbage. > And the return needs to be checked. > > Fixes: 5ce5a584cb82 ("drm/amdgpu: add debugfs for reset registers list") > Signed-off-by: Tom Rix <trix@redhat.com> Yeah, stuff I missed because of the long review. I was already wondering what semantics krealloc_array is following for freeing up the pointer on error. Reviewed-by: Christian König <christian.koenig@amd.com> Thanks, Christian. > --- > v2: > use 'new' to hold/check the ralloc return > fix commit log mistake on ralloc freeing to using input ptr > > drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c > index 9eb9b440bd438..2f4f8c5618d81 100644 > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c > @@ -1676,7 +1676,7 @@ static ssize_t amdgpu_reset_dump_register_list_write(struct file *f, > { > struct amdgpu_device *adev = (struct amdgpu_device *)file_inode(f)->i_private; > char reg_offset[11]; > - uint32_t *tmp; > + uint32_t *new, *tmp = NULL; > int ret, i = 0, len = 0; > > do { > @@ -1687,7 +1687,12 @@ static ssize_t amdgpu_reset_dump_register_list_write(struct file *f, > goto error_free; > } > > - tmp = krealloc_array(tmp, i + 1, sizeof(uint32_t), GFP_KERNEL); > + new = krealloc_array(tmp, i + 1, sizeof(uint32_t), GFP_KERNEL); > + if (!new) { > + ret = -ENOMEM; > + goto error_free; > + } > + tmp = new; > if (sscanf(reg_offset, "%X %n", &tmp[i], &ret) != 1) { > ret = -EINVAL; > goto error_free;
Applied. Thanks! Alex On Mon, Feb 28, 2022 at 5:55 AM Christian König <christian.koenig@amd.com> wrote: > > Am 27.02.22 um 16:33 schrieb trix@redhat.com: > > From: Tom Rix <trix@redhat.com> > > > > Clang static analysis reports this error > > amdgpu_debugfs.c:1690:9: warning: 1st function call > > argument is an uninitialized value > > tmp = krealloc_array(tmp, i + 1, > > ^~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > realloc uses tmp, so tmp can not be garbage. > > And the return needs to be checked. > > > > Fixes: 5ce5a584cb82 ("drm/amdgpu: add debugfs for reset registers list") > > Signed-off-by: Tom Rix <trix@redhat.com> > > Yeah, stuff I missed because of the long review. I was already wondering > what semantics krealloc_array is following for freeing up the pointer on > error. > > Reviewed-by: Christian König <christian.koenig@amd.com> > > Thanks, > Christian. > > > --- > > v2: > > use 'new' to hold/check the ralloc return > > fix commit log mistake on ralloc freeing to using input ptr > > > > drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 9 +++++++-- > > 1 file changed, 7 insertions(+), 2 deletions(-) > > > > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c > > index 9eb9b440bd438..2f4f8c5618d81 100644 > > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c > > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c > > @@ -1676,7 +1676,7 @@ static ssize_t amdgpu_reset_dump_register_list_write(struct file *f, > > { > > struct amdgpu_device *adev = (struct amdgpu_device *)file_inode(f)->i_private; > > char reg_offset[11]; > > - uint32_t *tmp; > > + uint32_t *new, *tmp = NULL; > > int ret, i = 0, len = 0; > > > > do { > > @@ -1687,7 +1687,12 @@ static ssize_t amdgpu_reset_dump_register_list_write(struct file *f, > > goto error_free; > > } > > > > - tmp = krealloc_array(tmp, i + 1, sizeof(uint32_t), GFP_KERNEL); > > + new = krealloc_array(tmp, i + 1, sizeof(uint32_t), GFP_KERNEL); > > + if (!new) { > > + ret = -ENOMEM; > > + goto error_free; > > + } > > + tmp = new; > > if (sscanf(reg_offset, "%X %n", &tmp[i], &ret) != 1) { > > ret = -EINVAL; > > goto error_free; >
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c index 9eb9b440bd438..2f4f8c5618d81 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c @@ -1676,7 +1676,7 @@ static ssize_t amdgpu_reset_dump_register_list_write(struct file *f, { struct amdgpu_device *adev = (struct amdgpu_device *)file_inode(f)->i_private; char reg_offset[11]; - uint32_t *tmp; + uint32_t *new, *tmp = NULL; int ret, i = 0, len = 0; do { @@ -1687,7 +1687,12 @@ static ssize_t amdgpu_reset_dump_register_list_write(struct file *f, goto error_free; } - tmp = krealloc_array(tmp, i + 1, sizeof(uint32_t), GFP_KERNEL); + new = krealloc_array(tmp, i + 1, sizeof(uint32_t), GFP_KERNEL); + if (!new) { + ret = -ENOMEM; + goto error_free; + } + tmp = new; if (sscanf(reg_offset, "%X %n", &tmp[i], &ret) != 1) { ret = -EINVAL; goto error_free;