diff mbox series

dmaengine: Fix access to uninitialized dma_slave_caps

Message ID ca92998ccc054b4f2bfd60ef3adbab2913171eac.1575546234.git.lukas@wunner.de (mailing list archive)
State Accepted
Headers show
Series dmaengine: Fix access to uninitialized dma_slave_caps | expand

Commit Message

Lukas Wunner Dec. 5, 2019, 11:54 a.m. UTC 
dmaengine_desc_set_reuse() allocates a struct dma_slave_caps on the
stack, populates it using dma_get_slave_caps() and then accesses one
of its members.

However dma_get_slave_caps() may fail and this isn't accounted for,
leading to a legitimate warning of gcc-4.9 (but not newer versions):

   In file included from drivers/spi/spi-bcm2835.c:19:0:
   drivers/spi/spi-bcm2835.c: In function 'dmaengine_desc_set_reuse':
>> include/linux/dmaengine.h:1370:10: warning: 'caps.descriptor_reuse' is used uninitialized in this function [-Wuninitialized]
     if (caps.descriptor_reuse) {

Fix it, thereby also silencing the gcc-4.9 warning.

The issue has been present for 4 years but surfaces only now that
the first caller of dmaengine_desc_set_reuse() has been added in
spi-bcm2835.c. Another user of reusable DMA descriptors has existed
for a while in pxa_camera.c, but it sets the DMA_CTRL_REUSE flag
directly instead of calling dmaengine_desc_set_reuse(). Nevertheless,
tag this commit for stable in case there are out-of-tree users.

Fixes: 272420214d26 ("dmaengine: Add DMA_CTRL_REUSE")
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Cc: stable@vger.kernel.org # v4.3+
---
 include/linux/dmaengine.h | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

Comments

Vinod Koul Dec. 11, 2019, 10:33 a.m. UTC | #1 
On 05-12-19, 12:54, Lukas Wunner wrote:
> dmaengine_desc_set_reuse() allocates a struct dma_slave_caps on the
> stack, populates it using dma_get_slave_caps() and then accesses one
> of its members.
> 
> However dma_get_slave_caps() may fail and this isn't accounted for,
> leading to a legitimate warning of gcc-4.9 (but not newer versions):
> 
>    In file included from drivers/spi/spi-bcm2835.c:19:0:
>    drivers/spi/spi-bcm2835.c: In function 'dmaengine_desc_set_reuse':
> >> include/linux/dmaengine.h:1370:10: warning: 'caps.descriptor_reuse' is used uninitialized in this function [-Wuninitialized]
>      if (caps.descriptor_reuse) {
> 
> Fix it, thereby also silencing the gcc-4.9 warning.
> 
> The issue has been present for 4 years but surfaces only now that
> the first caller of dmaengine_desc_set_reuse() has been added in
> spi-bcm2835.c. Another user of reusable DMA descriptors has existed
> for a while in pxa_camera.c, but it sets the DMA_CTRL_REUSE flag
> directly instead of calling dmaengine_desc_set_reuse(). Nevertheless,
> tag this commit for stable in case there are out-of-tree users.

Applied, thanks
diff mbox series

Patch

diff --git a/include/linux/dmaengine.h b/include/linux/dmaengine.h
index 8fcdee1c0cf9..dad4a68fa009 100644
--- a/include/linux/dmaengine.h
+++ b/include/linux/dmaengine.h
@@ -1364,8 +1364,11 @@  static inline int dma_get_slave_caps(struct dma_chan *chan,
 static inline int dmaengine_desc_set_reuse(struct dma_async_tx_descriptor *tx)
 {
 	struct dma_slave_caps caps;
+	int ret;
 
-	dma_get_slave_caps(tx->chan, &caps);
+	ret = dma_get_slave_caps(tx->chan, &caps);
+	if (ret)
+		return ret;
 
 	if (caps.descriptor_reuse) {
 		tx->flags |= DMA_CTRL_REUSE;