* [PATCH] iommu/dma: Potential uninitialized variable in iommu_dma_unmap_sg
@ 2024-10-02 8:31 Alessandro Zanni
2024-10-02 9:45 ` Robin Murphy
0 siblings, 1 reply; 3+ messages in thread
From: Alessandro Zanni @ 2024-10-02 8:31 UTC (permalink / raw)
To: robin.murphy, joro, will
Cc: Alessandro Zanni, iommu, linux-kernel, skhan, anupnewsmail
This patch fix the possibility to have the variable 'start'
not initialized.
Smatch tool raises the error:
drivers/iommu/dma-iommu.c:1510
iommu_dma_unmap_sg() error: uninitialized symbol 'start'.
Signed-off-by: Alessandro Zanni <alessandro.zanni87@gmail.com>
---
drivers/iommu/dma-iommu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/iommu/dma-iommu.c b/drivers/iommu/dma-iommu.c
index 2a9fa0c8cc00..5b2596f4b24f 100644
--- a/drivers/iommu/dma-iommu.c
+++ b/drivers/iommu/dma-iommu.c
@@ -1496,7 +1496,7 @@ int iommu_dma_map_sg(struct device *dev, struct scatterlist *sg, int nents,
void iommu_dma_unmap_sg(struct device *dev, struct scatterlist *sg, int nents,
enum dma_data_direction dir, unsigned long attrs)
{
- dma_addr_t end = 0, start;
+ dma_addr_t end = 0, start = 0;
struct scatterlist *tmp;
int i;
--
2.43.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] iommu/dma: Potential uninitialized variable in iommu_dma_unmap_sg
2024-10-02 8:31 [PATCH] iommu/dma: Potential uninitialized variable in iommu_dma_unmap_sg Alessandro Zanni
@ 2024-10-02 9:45 ` Robin Murphy
2024-10-02 13:08 ` Alessandro Zanni
0 siblings, 1 reply; 3+ messages in thread
From: Robin Murphy @ 2024-10-02 9:45 UTC (permalink / raw)
To: Alessandro Zanni, joro, will; +Cc: iommu, linux-kernel, skhan, anupnewsmail
On 2024-10-02 9:31 am, Alessandro Zanni wrote:
> This patch fix the possibility to have the variable 'start'
> not initialized.
Why should it need initialising though? For "start" to never be set,
then either sg_dma_is_bus_address() is true for the whole list, or the
list is bogus and has sg_dma_len()==0 on the very first segment. Either
way, the second loop will then do nothing, "if (end)" will remain false,
and thus "start" will not be used. Where's the bug?
Thanks,
Robin.
> Smatch tool raises the error:
> drivers/iommu/dma-iommu.c:1510
> iommu_dma_unmap_sg() error: uninitialized symbol 'start'.
>
> Signed-off-by: Alessandro Zanni <alessandro.zanni87@gmail.com>
> ---
> drivers/iommu/dma-iommu.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/iommu/dma-iommu.c b/drivers/iommu/dma-iommu.c
> index 2a9fa0c8cc00..5b2596f4b24f 100644
> --- a/drivers/iommu/dma-iommu.c
> +++ b/drivers/iommu/dma-iommu.c
> @@ -1496,7 +1496,7 @@ int iommu_dma_map_sg(struct device *dev, struct scatterlist *sg, int nents,
> void iommu_dma_unmap_sg(struct device *dev, struct scatterlist *sg, int nents,
> enum dma_data_direction dir, unsigned long attrs)
> {
> - dma_addr_t end = 0, start;
> + dma_addr_t end = 0, start = 0;
> struct scatterlist *tmp;
> int i;
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] iommu/dma: Potential uninitialized variable in iommu_dma_unmap_sg
2024-10-02 9:45 ` Robin Murphy
@ 2024-10-02 13:08 ` Alessandro Zanni
0 siblings, 0 replies; 3+ messages in thread
From: Alessandro Zanni @ 2024-10-02 13:08 UTC (permalink / raw)
To: Robin Murphy; +Cc: joro, will, iommu, linux-kernel, skhan, anupnewsmail
Hi,
this fix has been raised by a static analysis tool and it's more a similar to
a warning than a error/bug, even if the tool labels it as error.
I checked the code but, honestly, is quite hard to me to find a combination
that might lead to an issue because it's strictly dependent on how the driver
works and the causes may be multiple, as you said: sg_dma_is_bus_address()
true for all; sg_dma_len() false on the first; zero segments for the loop.
I sent this patch because maybe can be useful to avoid a possibile, unlikely,
combination that may lead to an error.
Up to you to decide either it's useful or not.
Thanks,
Alessandro
On 24/10/02 10:45, Robin Murphy wrote:
> On 2024-10-02 9:31 am, Alessandro Zanni wrote:
> > This patch fix the possibility to have the variable 'start'
> > not initialized.
>
> Why should it need initialising though? For "start" to never be set, then
> either sg_dma_is_bus_address() is true for the whole list, or the list is
> bogus and has sg_dma_len()==0 on the very first segment. Either way, the
> second loop will then do nothing, "if (end)" will remain false, and thus
> "start" will not be used. Where's the bug?
>
> Thanks,
> Robin.
>
> > Smatch tool raises the error:
> > drivers/iommu/dma-iommu.c:1510
> > iommu_dma_unmap_sg() error: uninitialized symbol 'start'.
> >
> > Signed-off-by: Alessandro Zanni <alessandro.zanni87@gmail.com>
> > ---
> > drivers/iommu/dma-iommu.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/iommu/dma-iommu.c b/drivers/iommu/dma-iommu.c
> > index 2a9fa0c8cc00..5b2596f4b24f 100644
> > --- a/drivers/iommu/dma-iommu.c
> > +++ b/drivers/iommu/dma-iommu.c
> > @@ -1496,7 +1496,7 @@ int iommu_dma_map_sg(struct device *dev, struct scatterlist *sg, int nents,
> > void iommu_dma_unmap_sg(struct device *dev, struct scatterlist *sg, int nents,
> > enum dma_data_direction dir, unsigned long attrs)
> > {
> > - dma_addr_t end = 0, start;
> > + dma_addr_t end = 0, start = 0;
> > struct scatterlist *tmp;
> > int i;
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-10-02 13:08 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-10-02 8:31 [PATCH] iommu/dma: Potential uninitialized variable in iommu_dma_unmap_sg Alessandro Zanni
2024-10-02 9:45 ` Robin Murphy
2024-10-02 13:08 ` Alessandro Zanni
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox