From: Sasha Levin <sashal@kernel.org>
To: patches@lists.linux.dev, stable@vger.kernel.org
Cc: Purva Yeshi <purvayeshi550@gmail.com>,
Dave Jiang <dave.jiang@intel.com>,
Vinicius Costa Gomes <vinicius.gomes@intel.com>,
Vinod Koul <vkoul@kernel.org>, Sasha Levin <sashal@kernel.org>,
dmaengine@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH AUTOSEL 6.14 01/23] dmaengine: idxd: cdev: Fix uninitialized use of sva in idxd_cdev_open
Date: Mon, 19 May 2025 17:21:08 -0400 [thread overview]
Message-ID: <20250519212131.1985647-1-sashal@kernel.org> (raw)
From: Purva Yeshi <purvayeshi550@gmail.com>
[ Upstream commit 97994333de2b8062d2df4e6ce0dc65c2dc0f40dc ]
Fix Smatch-detected issue:
drivers/dma/idxd/cdev.c:321 idxd_cdev_open() error:
uninitialized symbol 'sva'.
'sva' pointer may be used uninitialized in error handling paths.
Specifically, if PASID support is enabled and iommu_sva_bind_device()
returns an error, the code jumps to the cleanup label and attempts to
call iommu_sva_unbind_device(sva) without ensuring that sva was
successfully assigned. This triggers a Smatch warning about an
uninitialized symbol.
Initialize sva to NULL at declaration and add a check using
IS_ERR_OR_NULL() before unbinding the device. This ensures the
function does not use an invalid or uninitialized pointer during
cleanup.
Signed-off-by: Purva Yeshi <purvayeshi550@gmail.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Acked-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
Link: https://lore.kernel.org/r/20250410110216.21592-1-purvayeshi550@gmail.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/idxd/cdev.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/dma/idxd/cdev.c b/drivers/dma/idxd/cdev.c
index ff94ee892339d..7bd031a608943 100644
--- a/drivers/dma/idxd/cdev.c
+++ b/drivers/dma/idxd/cdev.c
@@ -222,7 +222,7 @@ static int idxd_cdev_open(struct inode *inode, struct file *filp)
struct idxd_wq *wq;
struct device *dev, *fdev;
int rc = 0;
- struct iommu_sva *sva;
+ struct iommu_sva *sva = NULL;
unsigned int pasid;
struct idxd_cdev *idxd_cdev;
@@ -317,7 +317,7 @@ static int idxd_cdev_open(struct inode *inode, struct file *filp)
if (device_user_pasid_enabled(idxd))
idxd_xa_pasid_remove(ctx);
failed_get_pasid:
- if (device_user_pasid_enabled(idxd))
+ if (device_user_pasid_enabled(idxd) && !IS_ERR_OR_NULL(sva))
iommu_sva_unbind_device(sva);
failed:
mutex_unlock(&wq->wq_lock);
--
2.39.5
next reply other threads:[~2025-05-19 21:21 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-19 21:21 Sasha Levin [this message]
2025-05-19 21:21 ` [PATCH AUTOSEL 6.14 02/23] HID: amd_sfh: Avoid clearing reports for SRA sensor Sasha Levin
2025-05-19 21:21 ` [PATCH AUTOSEL 6.14 03/23] HID: quirks: Add ADATA XPG alpha wireless mouse support Sasha Levin
2025-05-19 21:21 ` [PATCH AUTOSEL 6.14 04/23] nfs: don't share pNFS DS connections between net namespaces Sasha Levin
2025-05-19 21:21 ` [PATCH AUTOSEL 6.14 05/23] platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS Sasha Levin
2025-05-19 21:21 ` [PATCH AUTOSEL 6.14 06/23] kbuild: Require pahole <v1.28 or >v1.29 with GENDWARFKSYMS on X86 Sasha Levin
2025-05-19 21:21 ` [PATCH AUTOSEL 6.14 07/23] um: let 'make clean' properly clean underlying SUBARCH as well Sasha Levin
2025-05-19 21:21 ` [PATCH AUTOSEL 6.14 08/23] nvmet: pci-epf: cleanup nvmet_pci_epf_raise_irq() Sasha Levin
2025-05-19 21:21 ` [PATCH AUTOSEL 6.14 09/23] gpio: virtuser: fix potential out-of-bound write Sasha Levin
2025-05-19 21:21 ` [PATCH AUTOSEL 6.14 10/23] drm/amd/display: fix link_set_dpms_off multi-display MST corner case Sasha Levin
2025-05-19 21:21 ` [PATCH AUTOSEL 6.14 11/23] drm/amd/display: check stream id dml21 wrapper to get plane_id Sasha Levin
2025-05-19 21:21 ` [PATCH AUTOSEL 6.14 12/23] nvme: multipath: enable BLK_FEAT_ATOMIC_WRITES for multipathing Sasha Levin
2025-05-19 21:21 ` [PATCH AUTOSEL 6.14 13/23] phy: starfive: jh7110-usb: Fix USB 2.0 host occasional detection failure Sasha Levin
2025-05-19 21:21 ` [PATCH AUTOSEL 6.14 14/23] phy: phy-rockchip-samsung-hdptx: Fix PHY PLL output 50.25MHz error Sasha Levin
2025-05-19 21:21 ` Sasha Levin
2025-05-19 21:21 ` [PATCH AUTOSEL 6.14 15/23] spi: spi-sun4i: fix early activation Sasha Levin
2025-05-19 21:21 ` [PATCH AUTOSEL 6.14 16/23] phy: renesas: rcar-gen3-usb2: Move IRQ request in probe Sasha Levin
2025-05-19 21:21 ` [PATCH AUTOSEL 6.14 17/23] nvme: all namespaces in a subsystem must adhere to a common atomic write size Sasha Levin
2025-05-19 21:21 ` [PATCH AUTOSEL 6.14 18/23] nvme-pci: add NVME_QUIRK_NO_DEEPEST_PS quirk for SOLIDIGM P44 Pro Sasha Levin
2025-05-19 21:21 ` [PATCH AUTOSEL 6.14 19/23] drm/xe/xe2hpg: Add Wa_22021007897 Sasha Levin
2025-05-19 21:21 ` [PATCH AUTOSEL 6.14 20/23] drm/xe: Save the gt pointer in lrc and drop the tile Sasha Levin
2025-05-19 21:21 ` [PATCH AUTOSEL 6.14 21/23] char: tpm: tpm-buf: Add sanity check fallback in read helpers Sasha Levin
2025-05-19 21:21 ` [PATCH AUTOSEL 6.14 22/23] tpm: tis: Double the timeout B to 4s Sasha Levin
2025-05-19 21:21 ` [PATCH AUTOSEL 6.14 23/23] NFS: Avoid flushing data while holding directory locks in nfs_rename() Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250519212131.1985647-1-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=dave.jiang@intel.com \
--cc=dmaengine@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=patches@lists.linux.dev \
--cc=purvayeshi550@gmail.com \
--cc=stable@vger.kernel.org \
--cc=vinicius.gomes@intel.com \
--cc=vkoul@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.