[v1] (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer

[PATCH] (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer

Posted by Thomas Fourier 6 months, 2 weeks ago

If the device configuration fails (if `dma_dev->device_config()`),
`sg_dma_address(&sg)` is not initialized and the jump to `err_dma_prep`
leads to calling `dma_unmap_single()` on `sg_dma_address(&sg)`.

Signed-off-by: Thomas Fourier <fourier.thomas@gmail.com>
---
 arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/arch/powerpc/platforms/512x/mpc512x_lpbfifo.c b/arch/powerpc/platforms/512x/mpc512x_lpbfifo.c
index 9668b052cd4b..ef3be438f914 100644
--- a/arch/powerpc/platforms/512x/mpc512x_lpbfifo.c
+++ b/arch/powerpc/platforms/512x/mpc512x_lpbfifo.c
@@ -241,8 +241,7 @@ static int mpc512x_lpbfifo_kick(void)
 
 	/* Make DMA channel work with LPB FIFO data register */
 	if (dma_dev->device_config(lpbfifo.chan, &dma_conf)) {
-		ret = -EINVAL;
-		goto err_dma_prep;
+		return -EINVAL;
 	}
 
 	sg_init_table(&sg, 1);
-- 
2.43.0

Re: [PATCH] (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer

Posted by Christophe Leroy 6 months, 1 week ago


Le 05/06/2025 à 18:37, Thomas Fourier a écrit :
> [Vous ne recevez pas souvent de courriers de fourier.thomas@gmail.com. Découvrez pourquoi ceci est important à https://aka.ms/LearnAboutSenderIdentification ]
> 
> If the device configuration fails (if `dma_dev->device_config()`),
> `sg_dma_address(&sg)` is not initialized and the jump to `err_dma_prep`
> leads to calling `dma_unmap_single()` on `sg_dma_address(&sg)`.
> 
> Signed-off-by: Thomas Fourier <fourier.thomas@gmail.com>
> ---
>   arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 3 +--
>   1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/arch/powerpc/platforms/512x/mpc512x_lpbfifo.c b/arch/powerpc/platforms/512x/mpc512x_lpbfifo.c
> index 9668b052cd4b..ef3be438f914 100644
> --- a/arch/powerpc/platforms/512x/mpc512x_lpbfifo.c
> +++ b/arch/powerpc/platforms/512x/mpc512x_lpbfifo.c
> @@ -241,8 +241,7 @@ static int mpc512x_lpbfifo_kick(void)
> 
>          /* Make DMA channel work with LPB FIFO data register */
>          if (dma_dev->device_config(lpbfifo.chan, &dma_conf)) {
> -               ret = -EINVAL;
> -               goto err_dma_prep;
> +               return -EINVAL;
>          }

You should remove the { } as it is now a single line.

> 
>          sg_init_table(&sg, 1);
> --
> 2.43.0
>

Re: [PATCH] (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer

Posted by Michael Ellerman 6 months, 1 week ago

Thomas Fourier <fourier.thomas@gmail.com> writes:
> If the device configuration fails (if `dma_dev->device_config()`),
> `sg_dma_address(&sg)` is not initialized and the jump to `err_dma_prep`
> leads to calling `dma_unmap_single()` on `sg_dma_address(&sg)`.
>
> Signed-off-by: Thomas Fourier <fourier.thomas@gmail.com>
> ---
>  arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/arch/powerpc/platforms/512x/mpc512x_lpbfifo.c b/arch/powerpc/platforms/512x/mpc512x_lpbfifo.c
> index 9668b052cd4b..ef3be438f914 100644
> --- a/arch/powerpc/platforms/512x/mpc512x_lpbfifo.c
> +++ b/arch/powerpc/platforms/512x/mpc512x_lpbfifo.c
> @@ -241,8 +241,7 @@ static int mpc512x_lpbfifo_kick(void)
>  
>  	/* Make DMA channel work with LPB FIFO data register */
>  	if (dma_dev->device_config(lpbfifo.chan, &dma_conf)) {
> -		ret = -EINVAL;
> -		goto err_dma_prep;
> +		return -EINVAL;
>  	}
>  
>  	sg_init_table(&sg, 1);

Yep looks good. That's the first use of goto for error handling, and
it's clearly too early. All the previous error cases do a direct return.

Reviewed-by: Michael Ellerman <mpe@ellerman.id.au>

cheers