If the call to vmap() fails the "page_nr" is one element beyond the end
of the mips_data->pt_dma_addr[] and mips_data->pt_pages[] arrays.
The way that this is traditionally written is that we clean up the
partial loop iteration before the goto and then we can say
while (--i >= 0). At that point we know that all the elements thus
far are initialized so we don't need to have NULL checks.
Fixes: 927f3e0253c1 ("drm/imagination: Implement MIPS firmware processor and MMU support")
Signed-off-by: Dan Carpenter <[email protected]>
---
drivers/gpu/drm/imagination/pvr_vm_mips.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/imagination/pvr_vm_mips.c b/drivers/gpu/drm/imagination/pvr_vm_mips.c
index 7268cf6e630b..2bc7181a4c3e 100644
--- a/drivers/gpu/drm/imagination/pvr_vm_mips.c
+++ b/drivers/gpu/drm/imagination/pvr_vm_mips.c
@@ -57,6 +57,7 @@ pvr_vm_mips_init(struct pvr_device *pvr_dev)
PAGE_SIZE, DMA_TO_DEVICE);
if (dma_mapping_error(dev, mips_data->pt_dma_addr[page_nr])) {
err = -ENOMEM;
+ __free_page(mips_data->pt_pages[page_nr]);
goto err_free_pages;
}
}
@@ -79,13 +80,11 @@ pvr_vm_mips_init(struct pvr_device *pvr_dev)
return 0;
err_free_pages:
- for (; page_nr >= 0; page_nr--) {
- if (mips_data->pt_dma_addr[page_nr])
- dma_unmap_page(from_pvr_device(pvr_dev)->dev,
- mips_data->pt_dma_addr[page_nr], PAGE_SIZE, DMA_TO_DEVICE);
+ while (--page_nr >= 0) {
+ dma_unmap_page(from_pvr_device(pvr_dev)->dev,
+ mips_data->pt_dma_addr[page_nr], PAGE_SIZE, DMA_TO_DEVICE);
- if (mips_data->pt_pages[page_nr])
- __free_page(mips_data->pt_pages[page_nr]);
+ __free_page(mips_data->pt_pages[page_nr]);
}
return err;
--
2.42.0
On Thu, 2023-11-30 at 10:27 +0300, Dan Carpenter wrote:
> If the call to vmap() fails the "page_nr" is one element beyond the end
> of the mips_data->pt_dma_addr[] and mips_data->pt_pages[] arrays.
>
> The way that this is traditionally written is that we clean up the
> partial loop iteration before the goto and then we can say
> while (--i >= 0). At that point we know that all the elements thus
> far are initialized so we don't need to have NULL checks.
>
> Fixes: 927f3e0253c1 ("drm/imagination: Implement MIPS firmware processor and MMU support")
> Signed-off-by: Dan Carpenter <[email protected]>
Reviewed-by: Frank Binns <[email protected]>
> ---
> drivers/gpu/drm/imagination/pvr_vm_mips.c | 11 +++++------
> 1 file changed, 5 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/gpu/drm/imagination/pvr_vm_mips.c b/drivers/gpu/drm/imagination/pvr_vm_mips.c
> index 7268cf6e630b..2bc7181a4c3e 100644
> --- a/drivers/gpu/drm/imagination/pvr_vm_mips.c
> +++ b/drivers/gpu/drm/imagination/pvr_vm_mips.c
> @@ -57,6 +57,7 @@ pvr_vm_mips_init(struct pvr_device *pvr_dev)
> PAGE_SIZE, DMA_TO_DEVICE);
> if (dma_mapping_error(dev, mips_data->pt_dma_addr[page_nr])) {
> err = -ENOMEM;
> + __free_page(mips_data->pt_pages[page_nr]);
> goto err_free_pages;
> }
> }
> @@ -79,13 +80,11 @@ pvr_vm_mips_init(struct pvr_device *pvr_dev)
> return 0;
>
> err_free_pages:
> - for (; page_nr >= 0; page_nr--) {
> - if (mips_data->pt_dma_addr[page_nr])
> - dma_unmap_page(from_pvr_device(pvr_dev)->dev,
> - mips_data->pt_dma_addr[page_nr], PAGE_SIZE, DMA_TO_DEVICE);
> + while (--page_nr >= 0) {
> + dma_unmap_page(from_pvr_device(pvr_dev)->dev,
> + mips_data->pt_dma_addr[page_nr], PAGE_SIZE, DMA_TO_DEVICE);
>
> - if (mips_data->pt_pages[page_nr])
> - __free_page(mips_data->pt_pages[page_nr]);
> + __free_page(mips_data->pt_pages[page_nr]);
> }
>
> return err;
On Thu, 30 Nov 2023 10:27:15 +0300, Dan Carpenter wrote:
> If the call to vmap() fails the "page_nr" is one element beyond the end
> of the mips_data->pt_dma_addr[] and mips_data->pt_pages[] arrays.
>
> The way that this is traditionally written is that we clean up the
> partial loop iteration before the goto and then we can say
> while (--i >= 0). At that point we know that all the elements thus
> far are initialized so we don't need to have NULL checks.
>
> [...]
Applied to drm/drm-misc (drm-misc-next).
Thanks!
Maxime